We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
A flaw has been found in Symantec's latest antivirus software that allows hackers to exploit a PC without the user having to open anything. The problem was first discovered by eEye Digital Security, which reported it as a 'high level' threat.
A former employee with the American Red Cross’ St. Louis chapter – who had access to the Social Security numbers of 1 million people – has been indicted by a federal grand jury.
RFID chips are everywhere - companies and labs use them as access keys, Prius owners use them to start their cars, and retail giants like Wal-Mart have deployed them as inventory tracking devices. Drug manufacturers like Pfizer rely on chips to track pharmaceuticals. The tags are also about to get a lot more personal: Next-gen US passports and credit cards will contain RFIDs, and the medical industry is exploring the use of implantable chips to manage patients. According to the RFID market analysis firm IDTechEx, the push for digital inventory tracking and personal ID systems will expand the current annual market for RFIDs from $2.7 billion to as much as $26 billion by 2016.
Use Microsoft Word in safe mode to protect against targeted zero-day attacks. That's the advice from Microsoft's security response team to counter known attacks against a serious code execution vulnerability in the widely used word processing program.
An 18-year-old student is accused of hacking into the Wayne-Westland school district's computer network -- crashing 5,000 computers in 29 buildings and forcing thousands of dollars in repairs, police said. Wayne-Westland school officials confirmed "dozens" of computer system crashes between March 6 and May 8, but they don't believe the hacker obtained any personal or sensitive information, police Sgt. David Heater said.
An unprecedented string of electronic intrusions has prompted Ohio University to place at least one technician on paid administrative leave and begin a sweeping reorganization of the university's computer services department. Bill Sams, Ohio University's chief information officer, said he initiated the reorganization on Friday. The Athens, Ohio-based university is reacting to recent discoveries that data thieves compromised at least three campus computer servers.
PandaLabs has detected a network of computers infected with the bot Clickbot.A, which is being used to defraud ‘pay per click’ systems, registering clicks automatically and providing lucrative returns for the creators. According to the data collected so far, the scam is exploiting a global network comprising more than 34,000 zombie computers (those infected by the bot).
Yesterday the Turkish cracker going by the handle "Iskorpitx", succesfully hacked 21,549 websites in one shot (plus 17,000 as our last update) and defaced (on a secondary page) all of them with a message showing the Turkish flag (with AtaTurk face on it) and reporting: HACKED BY iSKORPiTX (TURKISH HACKER) ..."
"Black hat hackers" are the enemy of the computer network field, breaking into computer systems of different companies and groups and reeking havoc. Two groups of area high school students -- one each from City High and West High -- are working to become "white hat hackers," preventing such attacks through network security. The two schools will be among 12 high schools from across Iowa who will compete Friday and Saturday in the Iowa High School Cyber Defense Competition at Iowa State University in Ames. In the contest, the teams will spend 15 hours running a computer security network for a fictional dot-com company and ensuring no unauthorized users, from ISU computer science students and a "supercomputer" designed to look for holes in the protection, enter the system, said Dominic Audia, City High's Cisco Network Academy instructor and a West High biology teacher who is overseeing the Iowa City high school teams.
As a white-hat hacker for a big audit firm I spent days and nights in our “lab
If you ask any stranger on the street what they think about hackers, you will probably get a surly look followed by a negative comment. The reason for this is simple — over 80% of computer users have been affected by a "hacking" incident. Whether it is a stolen credit card or virus attacks, the media has labeled the people behind such activity with the term "hacker." I am not going to bore you with the semantics of hacker, cracker, whitehat, and blackhat, because you can look those terms all over the internet. The point is that not all hackers are bad. In fact, most hackers stay on the legitimate side of the law and use their talents to create new technologies that you benefit from. For example, Steve Wozniak and Steve Jobs, the founders of Apple, are often labeled as hackers.
It's cold and gloomy outdoors. I'm feeling pretty faded (errr, jaded) right about now. I'm sure all you corporate hangers-on have seen the Big-whatever companies come in with their pen-testing or audit teams. Some of them call themselves pen-testing, some Tiger, some white-hat hacker, whatever. They should just state that they are inept p0sers. But, that gets me thinking (on just such a day) what it would take to get hired at one of these Big-whatever companies.
"In the early days, it was all about ego. At that time, hackers just wanted to prove they were smart," said Stuart McClure, head of McAfee's Avert Labs. "Today, hacking is absolutely predominantly financial. Everything is driven by financial gain." A note on terminology: Although the word "hacker" is bandied about in press reports, white papers, and security alerts, there are actually two different types of people who break into computer systems.
The last day of Infosec brought nostalgia for the old days of hacking. Robert Schifreen, the ex-hacker and author famous for breaking into Prince Phillips' Prestel account 20 odd years ago, recalled a more innocent age during his stint chairing a hackers panel. "You didn't have flat rate hacking before the internet. It was all dial-up and hacking attacks tending to occur after 6pm when cheap rate began. At that time, admins were back watching Neighbours or the Magic Roundabout."
The number of stealth techniques found in malicious software surged 600 percent in the past three years, according to data published last week by McAfee. And the pace of change is accelerating, driven by developer interest and online forums, say experts. Rootkit.com has more than 42,000 members and active forums that are pushing the evolution of rootkits, according to Jamie Butler, CTO of security firm Komoku, who helped create rootkit.com.
The Transmission Control Protocol/Internet Protocol (TCP/IP) suite is so dominant and important to ethical hacking that it is given wide coverage in this chapter. Many tools, attacks, and techniques that will be seen throughout this book are based on the use and misuse of TCP/IP protocol suite. Understanding its basic functions will advance your security skills. This chapter also spends time reviewing the attacker's process and some of the better known methodologies used by ethical hackers.
The world of malware and rootkits has evolved a lot over the last two years, the most significant developments have been in the sophistication of rootkits. In case the term "rootkit" doesn't mean much, a rootkit is basically a program that subverts the operating system, and allows the attacked to hide certain files and programs from the user. It usually will also provide a hidden backdoor into the system, and will hide network connections made through the backdoor from the user.
Remember those old black and white movies, the stocking masks, the pick axe handles, the sawn off shotguns and the white 2.8 Jaguar as the getaway car? Lots of action and great car chases! A far cry from today’s highly organised and sophisticated bandits, with high performance computers, network sniffers, switched on hackers, infiltrating software and highly motivated planted operatives.
Vulnerability researchers, software makers, and security companies that buy information about software flaws found little in common during a panel discussion on Wednesday debating the merits of vulnerability-purchasing programs. The discussion, wrapping up the first day of the CanSecWest Security Conference, left software makers and the companies that run vulnerability-purchasing programs at loggerheads over whether paying for information about flaws makes sense. Such initiatives help secure the end user, argued Michael Sutton, director of the vulnerability research labs for VeriSign subsidiary iDefense, which pioneered the first permanent bounty program for security vulnerabilities.
We've all, no doubt, heard about phishing attacks, but it's not as likely that most people truly understand what the real danger is. And that lies not so much in the forged emails and websites we've come to associate with phishing attacks, but in the Trojan horse software they're planting on unprotected PCs that are used to wander into these sites or open their emails. Sure, we've been hearing about Trojan horse software for years, but rest assured the stuff that's coming from the phishing crowd takes these attacks to an unprecedented level of technical capability and maliciousness.
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
