| Monday July 28th 2014

Feedburner

Subscribe by email:

We promise not to spam/sell you.


Search Amazon deals:

‘security’ Archives

The next generation of CAPTCHA

The next generation of CAPTCHA

The following is a design for a CAPTCHA that is likely invulnerable to automated decryption. I originally developed this as part of an anti-spam system that was a very early progenitor of Receiver Initiated Authentication.  This CAPTCHA should be particularly invaluable given the recent reports that bots now have as high as a 35% successful [...]

How a Classic Man-in-the-Middle Attack Saved Colombian Hostages

How a Classic Man-in-the-Middle Attack Saved Colombian Hostages

Last week's dramatic rescue of 15 hostages held by the guerrilla organization FARC was the result of months of intricate deception on the part of the Colombian government. At the center was a classic man-in-the-middle attack. In a man-in-the-middle attack, the attacker inserts himself between two communicating parties. Both believe they're [...]

SSHKeygen.com… Only missing a credit card field. Ugh.

SSHKeygen.com… Only missing a credit card field. Ugh.

Not only generating private keys using an untrusted third-party, but sending them in the clear over http? Nice. I wonder where all these people are who are clever enough to need an SSH key, but too stupid to type ssh-keygen -t dsa? I wouldn't be surprised if this was some minor social engineering attempt; the server owner has access to the IPs [...]

AVG disguises fake traffic as IE6

AVG disguises fake traffic as IE6

AVG has rejiggered the fake traffic it's spewing across the internet, causing new headaches for the world's webmasters. In late February, AVG paired its updated anti-virus engine with a real-time malware scanner that vets search engine results before you click on them. If you search Google, for instance, this LinkScanner automatically visits [...]

CDW Study: IT Security Isn’t as Good as It Thinks

CDW Study: IT Security Isn’t as Good as It Thinks

When it comes to security, maybe the end user isn't always the problem. That's the conclusion of a study published today by technology reseller giant CDW Corp. The study notes some paradoxes between IT professionals' views on their organizations' security and their actual security status. For example, when asked if their security systems [...]

Metasploit Hacking Tool Site Hacked But Not “Owned”

Metasploit Hacking Tool Site Hacked But Not “Owned”

An attack this week targeting the Metasploit Website redirected visitors to a phony page proclaiming the hack -- but the hacking tool site’s servers remained intact. HD Moore, creator of Metasploit and director of security research for BreakingPoint Systems, says the attack didn’t actually touch the Metasploit servers themselves. [...]

Universal XSS In PDF

Universal XSS In PDF

More XSS (Cross-site Scripting) fun! After yesterday's post I realized that not everyone reads hacker blogs so I feel it as my duty to post it here. Stefano Di Paola and Giorgio Fedon have found a universal XSS in PDF. RSnake found also a vulnerability on local PDF file execution. This is bad people; Every server in this universe that host PDF [...]

Prevent XSS and SQL Injection

Prevent XSS and SQL Injection

Today I was toying with Apache and made a .htaccess for all of you; that prevents most used XSS and SQL injection vectors in the request uri. It looks at the request uri and sends the malicious user to a log file which sends an e-mail to the webmaster with all his information and what happened when this user was trying to punk with some scripts. I [...]

New Smart Phone Hack Could Expose Cell Network

New Smart Phone Hack Could Expose Cell Network

Researchers have hacked a built-in maintenance application found on many smart phones that could open the door to hacking the cellular network itself. David Maynor, CTO for Errata Security, this weekend at the Summercon security confab in Atlanta will demonstrate a tool built by Errata that provides a peek into the inner workings of the cell [...]

Vulnerability in Debian OpenSSL could allow attackers to decrypt “secure” Web sessions

Vulnerability in Debian OpenSSL could allow attackers to decrypt “secure” Web sessions

Ten days ago, a Debian Security Advisory (DSA-1571-1) was released that detailed a flaw in the OpenSSL cryptographic libraries that affects both Debian and other Linux distributions derived from Debian. Unlike a buffer overflow or many other vulnerabilities, this flaw wasn’t introduced through insecure programming -- quite the opposite. [...]

Lifelock CEO Todd Davis becomes ID theft victim

Lifelock CEO Todd Davis becomes ID theft victim

SAN JOSE, California (AP) -- Todd Davis has dared criminals for two years to try stealing his identity: Ads for his fraud-prevention company, LifeLock, even offer his Social Security number next to his smiling mug. Now, LifeLock customers in Maryland, New Jersey and West Virginia are suing Davis, claiming his service didn't work as promised and [...]

Cisco Alums Launch Security Startup

Cisco Alums Launch Security Startup

Security startup Rohati Systems emerged out of stealth mode today and unveiled a multigigabit-speed network appliance for controlling user access to applications. Rohati’s Transaction Network System (TNS) appliance, which will ship in July, handles user entitlement management with per-transaction policies across multiple applications. [...]

Serious flaw in OpenSSL on Debian makes predictable ssh, ssl, etc private keys

Serious flaw in OpenSSL on Debian makes predictable ssh, ssl, etc private keys

Why-o-why did they decide to make Debian specific changes to OpenSSL? Seriously, leave cryptography to the people who are cryptographers. Distro-builders should keep the hell away from it. To get cryptography right is already hard enough as it is. We're checking our company keys now. If a few of them are invalid we have to get them signed again [...]

Half A Million Microsoft-Powered Sites Hit With SQL Injection

Half A Million Microsoft-Powered Sites Hit With SQL Injection

A new SQL injection attack aimed at Microsoft IIS web servers has hit some 500,000 websites, including the United Nations, UK Government sites and the U.S. Department of Homeland Security. While the attack is not necessarily Microsoft's fault, it is unique to the company's IIS server. The automated attack takes advantage to the fact that [...]

Adobe Air on Linux: A Security Nightmare

Adobe Air on Linux: A Security Nightmare

"Adobe Air is an application platform/framework which received some buzz recently. One of the most popular Twitter clients was written using Adobe Air. Air seems to make it relatively simple to write nice looking cross platform applications. Two weeks ago, Adobe Air was released for Linux and I gave it a try on my Debian Etch system. The results [...]

2008 Could Be Record Year for Breaches

2008 Could Be Record Year for Breaches

If the first quarter was any indication, 2008 could be a record-setting year for security breaches, according to a new study. In its first-quarter report, the Identity Theft Resource Center said it has already recorded 167 compromises, more than twice as many as the first quarter of 2007. In fact, the 2008 total represents more than a third [...]

How I Would Hack Your Weak Passwords

How I Would Hack Your Weak Passwords

If you invited me to try and crack your password (you know the one that you use over and over for like every web page you visit) how many guesses would it take before I got it? Let’s see… here is my top 10 list. I can obtain most of this information much easier than you think, then I might just be able to get into your e-mail, [...]

“Web tripwires” reveal 1.3% of web pages altered in transit

“Web tripwires” reveal 1.3% of web pages altered in transit

"When you visit a web page, you might expect that the code and images from the page will make their journey through the tubes unmolested and unaltered, but according to security researchers, you would also be wrong 1.3 percent of the time. Researchers from the University of Washington and the International Computer Science Institute wanted to [...]

Gone in 60 seconds: Spambot cracks Live Hotmail CAPTCHA

Gone in 60 seconds: Spambot cracks Live Hotmail CAPTCHA

Internet users are quite familiar with the Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA), a quick method that verifies whether or not the user trying to sign up is a person or a bot. A picture with swirled, mangled, or otherwise distorted characters is displayed and the user then types in the correct letters [...]

Outsourced passports netting government profits, risking national security

Outsourced passports netting government profits, risking national security

Yes this is a long article, but it is well worth the read. Interesting to see an organization not designed to make money, make a lot of money... wait, that's not even the scary thing, how about the security of the new e-passport? Ugh. The United States has outsourced the manufacturing of its electronic passports to overseas companies — [...]

 Page 11 of 14  « First  ... « 9  10  11  12  13 » ...  Last »