| Thursday April 17th 2014

Feedburner

Subscribe by email:

We promise not to spam/sell you.


Search Amazon deals:

‘security’ Archives

CERT: Linux servers under “Phalanx” attack

CERT: Linux servers under “Phalanx” attack

Attacks in the wild are under way against Linux systems with compromised SSH keys, the US Computer Emergency Readiness Team is warning. The attacks appear to use stolen SSH keys to take hold of a targeted machine and then gain root access by exploiting weaknesses in the kernel. The attacks then install a rootkit known as Phalanx2, which scours [...]

Are IT Security Professionals Less Happy?

Are IT Security Professionals Less Happy?

It's said that if you want to be happy, be a gardener. What about IT security professionals? Having worked as an IT security consultant for several years, I now wonder if my job has a negative influence on my happiness, because it constantly teaches me to focus on the negative side of life: I always have to think about risks and identify all sorts [...]

Red Hat hack prompts critical OpenSSH update

Red Hat hack prompts critical OpenSSH update

Red Hat has warned that hackers were able to commandeer its systems and tamper with code - but said that since its content distribution was not hit, it is confident that polluted code has not served up to users. The first hint that something was wrong came last week when Fedora rebuilt its systems, a reconstruction that was accompanied by [...]

GUIDs are Great

GUIDs are Great

Whenever someone says they’re going to use a GUID for something, I make it a point to always respond, “No!  Don’t use a GUID there!  If you use one there, eventually you’ll use them all up and we won’t have any left!” Of course, GUIDs don’t get “used up,” and there are plenty to [...]

DEFCON 16 – The Tools

DEFCON 16 – The Tools

DEFCON, the 9000+ attendee hacker conference in Vegas has become a sort of hydra conference. It has become more like a global fair than what most people think of conferences; even the badge is highly unique. I say this because there are so many things to do at DEFCON, other than going to talks, that you could spend your whole weekend looking at [...]

U.S. at risk of cyberattacks, experts say…

U.S. at risk of cyberattacks, experts say…

The next large-scale military or terrorist attack on the United States, if and when it happens, may not involve airplanes or bombs or even intruders breaching American borders. Instead, such an assault may be carried out in cyberspace by shadowy hackers half a world away. And Internet security experts believe that it could be just as [...]

“They’re lying. Diebold is lying. There is no system electronic in the world that cannot be hacked. I’ve spent my entire life building or hacking electronic systems.”

The whole thing baffles me... What's the benefit of electronic voting machines? It's convenience, and speed of tabulation. We (at least our media) are obsessed with having results the night of the election and having it over with. All so that the news networks can donate an entire day to watching the results come in and announce it that night [...]

Vista’s Security Rendered Completely Useless by New Exploit

Vista’s Security Rendered Completely Useless by New Exploit

This week at the Black Hat Security Conference two security researchers will discuss their findings which could completely bring Windows Vista to its knees. Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. have discovered a technique that can be used to bypass all memory protection safeguards that Microsoft [...]

Black Hat: DNS Flaw Much Worse Than Previously Reported

Black Hat: DNS Flaw Much Worse Than Previously Reported

LAS VEGAS -- Security researcher Dan Kaminsky finally revealed the full details of his reported DNS flaw. It turns out it's a lot worse than previously understood. "Every network is at risk," Kaminsky said at the Black Hat conference here Wednesday. "That's what this flaw has shown." Kaminsky disclosed the security vulnerability in the [...]

E-Passports Can Be Hacked and Cloned in Minutes

E-Passports Can Be Hacked and Cloned in Minutes

Tests conducted for the UK's Times Online have concluded that the new high-tech e-passports being distributed around the world can be hacked and cloned within minutes. A computer researcher proved it by cloning the chips in two British passports and then implanting digital images of Osama bin Laden and a suicide bomber. Both passports passed as [...]

Security 101: Running SSH on an alternate port

Security 101: Running SSH on an alternate port

Changing the port sshd listens on is a simple and necessary security process; it's just a matter of updating your sshd_config file and then reloading the new configuration. Use the procedure below to change the port that sshd is listening on to 6969: Warning: Incorrectly following this procedure may render your server unreachable through [...]

Laptop with data about 33,000 Clear card applicants lost at SFO

Laptop with data about 33,000 Clear card applicants lost at SFO

The TSA says a laptop with the personal information of 33,000 Clear card applicants was lost at San Francisco Airport on July 26. They need to check the sidewalks along Market Street... and bring crack to trade for it. The TSA has suspended new enrollments in the program, known as Clear, which allows passengers to pay to use special "fast lanes" [...]

TSA Proud of Confiscating Non-Dangerous Items

TSA Proud of Confiscating Non-Dangerous Items

This is just sad. The TSA confiscated a battery pack not because it's dangerous, but because other passengers might think its dangerous. And they're proud of the fact. "We must treat every suspicious item the same and utilize the tools we have available to make a final determination," said Federal Security Director David Wynn. "Procedures are [...]

HOWTO: Secure A Linux Web Server

HOWTO: Secure A Linux Web Server

If you self-manage or Co-Lo a Linux server, you absolutely need to know how to secure your box. If you don't know, you need managed hosting. End of story. No questions. Here's a (very) basic outline for you. You'll need to do some research on each step. This post is specific to a Linux server running Apache and PHP, a very common combination. [...]

How Skype and company get around firewalls

How Skype and company get around firewalls

Increasingly, computers are positioned behind firewalls to protect systems from internet threats. Ideally, the firewall function will be performed by a router, which also translates the PC's local network address to the public IP address (Network Address Translation, or NAT). This means an attacker cannot directly adress the PC from the outside - [...]

Details, Exploits of Web-Wide DNS Vulnerability Revealed

Details, Exploits of Web-Wide DNS Vulnerability Revealed

The much-discussed vulnerability in the Internet's Domain Name System is out -- and so are exploits that take advantage of it. The flaw's founder, Dan Kaminsky of IoActive, held a Webcast today in which he gave details on his findings, and revealed that attacks have been developed to exploit it. "Guys, we're in a lot of trouble," Kaminsky [...]

The Government Keeps Losing Laptops With Sensitive Info

The Government Keeps Losing Laptops With Sensitive Info

During wartime, one of America's most solemn duties is to take care of its veterans. So why do careless government workers keep putting our vets at risk? That happened last January at a Department of Veterans Affairs medical center in Birmingham, Alabama, when an employee's portable hard drive containing Social Security numbers of more than [...]

SF Net Hijacker Gives Up Passwords

SF Net Hijacker Gives Up Passwords

Terry Childs, the former IT administrator accused of kidnapping the city of San Francisco's data network, is ready to give up the administrative passwords to the system, his attorney said yesterday. Childs is accused of changing all of the city's network passwords so that only he could access the network, which contains email, payroll, law [...]

Cold Boot Encryption Attack Code Released

Jacob Appelbaum, one of the security researchers who worked on the paper cold boot attack on encryption keys (featured in a previous BBtv episode, above) tells us the code has just been released today at the HOPE hacker con in NYC. It's up, it's signed, and here it is. Memory Research Project Source Code

New worm transcodes MP3s to try to infect PCs

New worm transcodes MP3s to try to infect PCs

The new malware inserts links to dangerous Web pages within ASF (Advanced Systems Format) media files. "The possibility of this has been known for a little while but this is the first time we've seen it done," said David Emm, senior technology consultant for security vendor Kaspersky Lab. Advanced Systems Format is a Microsoft-defined [...]

 Page 10 of 14  « First  ... « 8  9  10  11  12 » ...  Last »