Bad guys have created a botnet of Linux Web servers. In a way, that’s even more frightening than regular botnets of compromised Windows PCs. Bloggers ask if this is the end for Linux’s claim to be more secure than Windows; or is it just a load of old hokum?
Your humble blogwatcher selected these bloggy morsels [...]

Filed under: exploit, linux, security, ugh, vulnerabilities | No Comments »

Remember the good old days of the 1990s, when you could teardrop attack any Windows user who’d annoyed you and bluescreen them? Microsoft reintroduces this popular feature in Windows 7, courtesy the rewritten TCP/IP and SMB2 stacks.
IV. PROOF OF CONCEPT
#!/usr/bin/python
# When SMB2.0 recieve a “&” char in the “Process Id High” SMB header field [...]

Filed under: exploit, micro$oft, pwned, vulnerabilities | No Comments »

Twitter and Facebook were paralyzed this past week by DDOS (distributed denial of service) attacks. As I understand it, those attacks are still ongoing. In this Wired Epicenter blog post by Eliot Van Buskirk, open source advocates propose that the only real solution to this vulnerability is to engage in another DDOS: “distributed delivery of [...]

Filed under: myspace facebook twitter, vulnerabilities | No Comments »

Instructions showing hackers how to exploit an unpatched, critical security hole in Mozilla’s new Firefox 3.5 Web browser have been posted online. So, until Mozilla can ship an update to quash this bug, LandoftheFreeish.com is posting instructions to help readers protect themselves from this vulnerability.
The security hole has to do with a flaw in the [...]

Filed under: exploit, firefox, malware, security, vulnerabilities | No Comments »

Computer scientists at Carnegie Mellon University have figured out how to predict Social Security numbers from publicly accessible birth data with frightening accuracy. The researchers analyzed a public information source known as the “Death Master File,” which includes birth data and SSNs for people who have died. The scientists found that in many instances, if [...]

Filed under: b3st pract1c3s, exploit, privacy, pwned, ugh, vulnerabilities | No Comments »

After a long legal wrangle, some defendant-side attorneys have audited the source-code of Alcotest, the breathalyzer used in New Jersey DUI stops. Turns out it was programmed by muppets who don’t know how to calculate an average and who throw out error messages by the dozen.
Like voting-machine vendors, breathlyzer vendors go crazy when defendants ask [...]

Filed under: codemonkey, free open source software, offtopic, privacy, pwned, ugh, vulnerabilities | No Comments »

Dan says over the weekend he discovered a card skimmer attached to the ATM at his local WaMu branch. He pulled it off and took photos of it.
This past weekend I went to use the local WaMu ATM to get some cash money. When I walked up to the ATM something struck me as funny…I [...]

Filed under: con, security, vulnerabilities | No Comments »

Two vulnerabilities have been discovered in the web interface plugin for the KDE BitTorrent client, KTorrent. A malicious attacker sending specially crafted parameters to the interface could enable both remote code execution and arbitrary torrent uploads.

Filed under: exploit, free open source software, linux, vulnerabilities | No Comments »

What could keep you up at night in the new year may not be what you expect — a look at some of the lesser-known threats predicted for 2009.

Filed under: exploit, malware, privacy, security, spam, vulnerabilities | No Comments »

Don’t worry if you show up for your domestic UK EasyJet flight without the mandatory photo ID the airline now requires; the helpful check-in clerks will direct you to the nearby train station where they’ll make you up a free photo-card to go with a rail-pass, should you ever decide to buy one. Ah, security.
“They [...]

Filed under: lulz, security, tsa sucks, ugh, vulnerabilities | No Comments »

Here’s a pretty basic “how to” on connecting your PC to Bluetooth devices. When connected, you may send sound files to the Bluetooth device and/or record anything said into a bt headset. Neat for a Linux beginner.

Filed under: howto, linux, privacy, security, vulnerabilities | No Comments »

Think of it this way: Chris Paget just did you a service by hacking your passport and stealing your identity. Using a $250 Motorola RFID reader and antenna connected to his laptop, Chris recently drove around San Francisco reading RFID tags from passports, driver licenses, and other identity documents. In just 20 minutes, he found [...]

Filed under: cool, exploit, privacy, security, vulnerabilities, wifi | No Comments »

A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
Hugo Dias discovered that the ATM subsystem did not correctly manage socket counts. A local attacker could exploit this to cause a system hang, leading to a denial of service. (CVE-2008-5079)

Filed under: free open source software, linux, vulnerabilities | No Comments »

American Express has been wrestling for more than a week with cross-site scripting vulnerabilities that could jeopardize the personal information of its customers, according to security researchers.
Researchers have been reporting vulnerabilities on the Amex site since April, when the first of several cross-site scripting (XSS) flaws was reported. However, researcher Russell McCree caused a stir [...]

Filed under: vulnerabilities | No Comments »

Open source attack code framework gets even more automated to make exploits point and click. Testers, start your browsers.

Filed under: exploit, free open source software, linux, security, vulnerabilities, wifi | 1 Comment »

New microchipped passports designed to be foolproof against identity theft can be cloned and manipulated in minutes and accepted as genuine by the computer software recommended for use at international airports.
Tests for The Times exposed security flaws in the microchips introduced to protect against terrorism and organised crime. The flaws also undermine claims that 3,000 [...]

Filed under: lulz, tsa sucks, ugh, vulnerabilities | No Comments »

Cute article about sanitizing form input…
…found this next snippet in the authentication code for the project he’d been assigned to.
// The following string is an SQL comment, and could
// blank out the check for password in our SQL statement
// if used in the username!
if (username.indexOf(“‘;–”)!=-1) {
throw new AuthorisationException(username
[...]

Filed under: exploit, vulnerabilities | No Comments »

WASHINGTON – A hacker broke into a Homeland Security Department telephone system over the weekend and racked up about $12,000 in calls to the Middle East and Asia.
The hacker made more than 400 calls on a Federal Emergency Management Agency voicemail system in Emmitsburg, Md., on Saturday and Sunday, according to FEMA spokesman Tom Olshanski.
FEMA [...]

Filed under: hax, lulz, vulnerabilities | No Comments »

DEFCON, the 9000+ attendee hacker conference in Vegas has become a sort of hydra conference. It has become more like a global fair than what most people think of conferences; even the badge is highly unique. I say this because there are so many things to do at DEFCON, other than going to talks, that [...]

Filed under: b3st pract1c3s, defcon, encryption, exploit, free open source software, hax, linux, malware, privacy, security, vulnerabilities | No Comments »

Criminals exploit wireless vulnerabilities, social engineering to collect large volumes of customer data.

Filed under: privacy, vulnerabilities, wifi | No Comments »