We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
AT&T has had 19,000 customer records stolen from its online store by hackers. Hackers recently pilfered the personal data of the DSL equipment customers through a known vulnerability. The affected site was shut down within hours of the attack.
Cybercrime is a science that studies and analyses the criminal behaviour when dealing with the Information Technology world. Computer-based crimes evolved significantly since the 80s and one international espionage tale is detailed in Clifford Stoll
A new flaw in how some developers implement RSA cryptography has left OpenSSL and other applications vulnerable to attackers forging digital signatures and spoofing Websites as well as SSL clients.
A recent Slashdot item on Wi-Fi security was a timely reminder of the weaknesses of default Wi-Fi encryption protocols, and the dangers of using unencrypted, public Wi-Fi connections. Fortunately, you can use FOSS utilities to securely tunnel your Wi-Fi connection sessions and protect your Web and email traffic.
Overall, investigators have identified 441,000 computer systems hacked by Christopher Maxwell's robot virus, including 104 country domains, 276 ".net" domains, 128 ".com" domains, and 28 ".edu" domains. The virus was planted between July 2004 and July 2005, federal investigators said.
"It's hard to tell who's losing the money -- the insurance company, the credit card company or the consumer -- but it's coming out of someone's pockets," said Dan Hubbard, vice president of security and research for Websense Inc. Consumers paid as much $7.8 billion over two years to repair or replace computers that got infected with viruses and spyware, a Consumer Reports survey found.
Malicious software that takes computer data hostage and then demands a ransom are increasing dramatically. According to anti-virus company Panda Software, the new technique called 'ransomware', that uses programs that prevent people from accessing their own documents, has increased by 30 per cent the last six months.
In the late 1990s a band of website defacers called Global Hell wreaked headline-making havoc on poorly-protected servers around the net, tagging the White House, the FBI, the U.S. Army, and, well
Kevin Mitnick, the infamous cracker specialized in social engineering techniques whose life made the Hollywood screens is known as a person who is building his professional reputation (not without obstacles though) by offering a variety of services in the IT Security field and holding well-paid conferences and appearances all over the world.
One of the best things that can happen at a show like Black Hat is making new friends, especially if they are not only brilliant, but also compliment you on your Linux T-shirt. That's how I met Terri Gilbert and Becky Bace, two of the most fascinating geek/security pros I've ever run across. I won't hazard a guess at their ages, but if you called them "granny hackers" they would probably not be offended. Terri, a whiz kid from California, has been involved with computers for 50 years. Becky, who hails from Alabama, is a whiz kid in her own right. During her 16-year tenure at the NSA, she was the project manager for the first intrusion detection system, which was being developed there in the '80s.
The disappearance of easy-to-find flaws in the major operating systems has pushed vulnerability researchers to branch out from finding security issues in core system software and instead concentrate on the device drivers and client-side agents present on all PCs, security experts said on Wednesday at the Black Hat Briefings.
Imagine for a moment that our central defense against bank robbers was a technology that recognized criminals based largely upon their physical appearance. Now imagine that the bad guys had figured out a way to rapidly and automatically change not only their facial structure, but their height, weight, clothing and method of attack. The net result those attacks would ultimately be more successful and profitable bank robberies, encouraging the bad guys to step up the frequency and brazenness of their attacks.
In the annals of computer "(in)security," few groups are as well known as the Cult of the Dead Cow (cDc). They are now adding a new chapter to their infamous history with the release of a new malware search engine that enables researchers to analyze over 31,000 "hostile" files. It's all part of an effort the cDc calls "offensive computing." Originally founded in 1984, cDc and its members are well known for a number of their efforts over the past 22 years.
You've probably heard of full disclosure, the security philosophy that calls for making public all details of vulnerabilities. It has been the subject of debates among researchers, vendors, and security firms. But the story that grabbed most of the headlines at the Black Hat Briefings in Las Vegas last week was based on a different type of disclosure. For lack of a better name, I'll call it faux disclosure. Here's why.
More than 6,000 hackers and other attendees gathered in Las Vegas this weekend to party and compete at Defcon, the world's largest hacker convention. Here, teams battle it out in the confab's Capture the Flag game, organized by a group called Kenshoto. In this computer security war game, the goal is to attack rivals' networks while simultaneously defending one's own. To participate, would-be entrants must score well in a prequalifying round by answering questions ranging from hacker trivia to computer forensics to Web server administration.
Your browser's cache may be helping hackers to help themselves to your information. During a Black Hat conference discussion on the topic, Corey Benninger, a senior consultant at McAfee's Foundstone division, described cached browser information as a ticket for instant hacker gratification.
Businesses who switch over to internet telephony systems in a bid to slash telephony costs have been warned to guard against hacking attacks. The latest VoIP security threats and countermeasures were outlined at a presentation at the Black Hat security conference in Las Vegas on Wednesday. The talk, by security experts from SecureLogix and 3Com's Tipping Point security appliance division, was accompanied by the release of 13 new security tools.
Exploiting a lack of security checks in browsers and Web servers, Web worms and viruses are likely to become a major threat to surfers, security researchers speaking at the Black Hat Briefings warned on Thursday.
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
