| Monday October 20th 2014

Feedburner

Subscribe by email:

We promise not to spam/sell you.


Search Amazon deals:

‘security’ Archives

In-depth look at SpyEye crimeware

In-depth look at SpyEye crimeware

Brian Krebs has an in-depth look at SpyEye, a "crimeware" trojan horse that is used to harvest personal information (especially banking credentials) from infected Windows machines. SpyEye's keylogger is capable of prioritizing the information it grabs by paying special attention to information from browser forms, including Chrome and [...]

Dropbox’s new security policy implies that they lied about privacy from the start

Dropbox’s new security policy implies that they lied about privacy from the start

Miguel de Icaza noticed that Dropbox's new security terms of service allows it to decrypt your stored files for law enforcement; but Dropbox has always claimed that it did not store the keys necessary to do this. This has been used as both a selling point ("we keep your files so safe, we can't access them") and an excuse ("don't ask us for help [...]

Why “this is fun” is 10x more secure a password than “J4S!2″

Why “this is fun” is 10x more secure a password than “J4S!2″

Security companies and IT people constantly tells us that we should use complex and difficult passwords. This is bad advice, because you can actually make usable, easy to remember and highly secure passwords. In fact, usable passwords are often far better than complex ones. So let's dive into the world of passwords, and look at what makes a [...]

Marketplace for hijacked computers

Marketplace for hijacked computers

Brian Krebs went browsing in an underground proxy marketplace, where criminals rent time on hijacked computers to other criminals who want to use the compromised machines as launching-grounds for untraceable networked attacks. Krebs traced down some of the people whose computers were up for rent and let them know that they were being bought [...]

Gucci admin accused of $200,000 IT rampage

Gucci admin accused of $200,000 IT rampage

So maybe you should change admin passwords after you fire someone that knows them? A network engineer fired by fashion house Gucci has been charged with going on an IT rampage against his former employer in which he deleted data, shut down servers and left the company nursing an estimated $200,000 cleanup bill. According to the New York [...]

RSA SecurID Customers Fear Fallout From Targeted Attack On Security Firm

RSA SecurID Customers Fear Fallout From Targeted Attack On Security Firm

RSA SecurID customers are bracing for the worst in the wake of the revelation by RSA late yesterday that information related to its SecurID two-factor authentication products had been stolen a major cyberespionage attack. Word of the attack, which RSA categorized as an advanced persistent threat (APT)-type breach, came via a an open letter [...]

Social Network Users Could Be A Click Away From Infection, Researchers Say

Social Network Users Could Be A Click Away From Infection, Researchers Say

Most social networks will allow the posting of URLs and advertisements that might be infected with malware, according to a report published today. In their new "Q4 Malware Update," researchers at anti-malware firm Dasient outlined the results of experiments conducted on 12 social networks to show their vulnerability to malware [...]

VeriFone vs Square

VeriFone vs Square

VeriFone, a huge provider of credit card processing systems that's been around since time immemorial, has taken a huge swipe at upstart Square today, branding its free, headphone jack-based credit card readers "skimming devices" and demanding their immediate removal from the market. Crazy, right? Let me explain how easy it is to exploit the [...]

Visualization of an attack on a VOIP server

The Australian Honeypot Project is a group of volunteers who set up tantalizing decoy targets for cyber criminals. By carefully monitoring those honeypots, the group can gather data about the tactics and tools criminals use to attack real sites and servers. This video they made turns data in pictures to show what's happening during the early [...]

Fiendish CSS-based technique for obfuscating text

Asa Raskin's developed a fairly ingenious, CSS-based means of obfuscating text; briefly, he inserts random characters in the text and applies a "do not render" CSS style to them. The words render as normal on your screen, but when copied to the clipboard, the junk text is also picked up. It's been years since I did much with CSS, but I have [...]

Car key fob technology hacked

Car key fob technology hacked

The ubiquitous key fob is convenient and now proven to be less than secure. This Technology Review article describes researchers successfully attacking cars from eight different manufacturers. Open doors and trunks give thieves easy access for relative low cost ($50 - $100 - $1000 for the components). A car with keyless or fob enabled starting [...]

PS3 completely hacked. Security on the system is apparently the worst security ever seen.

Basically, the ps3 has a hard outer shell, but once you break through the outer layer there is absolutely nothing stopping you... (more…)

Bunnie explains the technical intricacies and legalities of Xbox hacking

Bunnie explains the technical intricacies and legalities of Xbox hacking

Andrew "bunnie" Huang, who literally wrote the book on hacking Xboxes, was to be a witness in last week's first-of-its-kind trial for Xbox modding. However, the government prosecutor bungled his case so badly that he was forced to withdraw the charge and walk away, leaving the defendant unscathed. However, Bunnie had already prepared an [...]

Evoting security researchers at U Michigan root DC’s voting machines with ease

Evoting security researchers at U Michigan root DC’s voting machines with ease

DC election officials put a test version of their voting system up in a mock primary and invited white hat attacks. U. Michigan broke it completely within 36 hours. DC officials reply, in a nutshell, "Well, that's why we asked people to test it." D.C. voting officials knew there might be openings in the upload procedure, said Paul Stenbjorn, [...]

Botmasters include fake control interface to ensnare security researchers

Botmasters include fake control interface to ensnare security researchers

Security researchers compromised what they believed to be a control server for the Zeus botnet, but after examining it in detail, they concluded that it was a fake, designed to allow botmasters to spy on security researcher tactics and plan countermeasures. What particularly stands out about the EFTPS exploit toolkit is their admin interface. [...]

Senators Don’t Expect Cyber Security Bill to Pass this Year

Senators Don’t Expect Cyber Security Bill to Pass this Year

Much of the critical infrastructures of developed nations like the U.S. depend on computer and network systems to operate and communicate. Hackers from nefarious nations and those who hack for fun can get into some of these critical systems potentially causing a security threat to the country. In an effort to give the president the power to [...]

Secret Button Sequence Bypasses iPhone Security

A security flaw in the iPhone allows strangers to bypass the handset’s lock screen with a few button presses. In the video below, a Brazilian iPhone customer demonstrates the quick method to circumvent an iPhone’s passcode-protected lock screen: tap the “Emergency Call” button, then enter three pound signs, hit the green Call button [...]

Tahoe-LAFS: A private filesystem for the clouds

Tahoe-LAFS: A private filesystem for the clouds

Zooko Wilcox-O'Hearn of the Tahoe-LAFS project (which aims to make "cloud computing" storage more secure and private) writes: Tahoe-LAFS is a secure distributed storage system. All of the files that you store in Tahoe-LAFS are automatically encrypted so that nobody--not even the people who control the computers that store the data--can read or [...]

Evercookie: A tracking browser cookie you can’t delete

Evercookie: A tracking browser cookie you can’t delete

Samy Kamkar, an open source developer whose motto is "think bad, do good" has released an API called "evercookie." Evercookie sets a nigh-undeletable tracking cookie in your browser, storing the information in eight separate ways; if you try to delete it but leave even one copy of the data around, it will repopulate itself using that last [...]

Inside a stolen credit card site

Inside a stolen credit card site

Brian Krebs brings us a fascinating look at the inner workings of a site that sells stolen credit card numbers to fraudsters; the site is structured like a bizarro-world PayPal, with soft come-ons, hidden fees, and lots of upsell pressure. The trouble is, the minute you seek to narrow your search using the built-in tools, the site starts [...]

 Page 2 of 14 « 1  2  3  4  5 » ...  Last »