We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
"Have you ever been in the situation that you wanted to SSH directly to a machine, but there has been some device in between that prevents it? Say you have a Linux firewall that protects your DMZ, and you have a boatload of machines behind it that you want to manage. There are all sorts of methods that are used to do so, and all have some level of annoyance. . . .
Online banking customers should be wary of a new series of Trojan horses out to filch financial information, said a security firm Monday.The Tolger line of Trojan horses, said U.K.-based Sophos, target online users of a slew of British-based banks, including users Barclays, HSBC, Lloyds, and Nationwide. . . .
Another virus aimed at the cluster of current 64-bit computer users has been detected by antivirus specialists. Written in AMD 64-bit assembly code, the Shruggle virus tries to infect Windows Portable Executable (PE) files on AMD systems. Once on a system it searches for PE files and attaches itself to them. . . .
It's a tale Tom Clancy might have written. From their lair in distant Romania, shadowy cyber extortionists penetrate the computers controlling the life support systems at an Antarctic research station, confronting the 58 scientists and contractors wintering over at the remote post with the sudden prospect of an icy death. . . .
Kismet is simply the best war driving tool out there plus it's free as in GPL. It runs on linux, *BSD, Mac OS X and even on your little linux PDA. The brain and guts driving its development is Mike Kershaw alias Dragorn, works during the day on IBM mainframes and hack kismet code at night. Mike graciously agreed to a HERT interview to tell us a little bit more about himself, his view on WiFi security and the future of Kismet. . . .
Like other common "phishing" schemes, which involve e-mail requests that seem to be from trusted sources such as eBay or Citibank, the Kerry messages asked potential donors to go to an outside Web site to give money. Those Web sites, one registered in India, the other in Texas, were not affiliated with the Kerry campaign. . . .
Two new studies add weight to what information security experts have said all year: Malicious activity is way up and Windows is the prime target. Lynnfield, Mass.-based antivirus firm Sophos said in a recent report that they detected 4,677 new viruses in the first six months of 2004; a 21% increase over the same period last year. . . .
Training information security professionals carries the risk of training ethical and malicious hackers side-by-side. This paper defines ethical hacking, differentiates it from malicious hacking, presents some of the ways that ethical hacking is taught, identifies some of the risks associated with this training, and concludes with suggestions on how to minimize these risks. . . .
An online group claiming to have the source code for two popular computer programs for sale opened its doors for business again on Saturday. An e-mail message that claims to come from "larry hobbles" and the Source Code Club was sent to the Full-Disclosure security discussion list. The message said that the group has moved operations to Usenet, the network of online bulletin boards that makes up part of the Internet, where interested customers can buy the source code for the Dragon intrusion detection system (IDS) software from Enterasys Networks Inc. and peer-to-peer server and client software from Napster LLC, now owned by Roxio Inc. . . .
Hacktivism isn't found in the graffiti on defaced Web pages, in e-mail viruses bearing political screeds or in smug take-downs of government or organizational networks. These sorts of activities are nothing more than reverse censorship and "the same old cheap hacks elevated to political protest," according to Cult of the Dead Cow member Oxblood Ruffin. . . .
A group of self-identified hackers has set up shop online to sell what it claims are files containing confidential software code--and it says it's ready to take orders for more. . . .
What is ANI / Caller ID spoofing?ANI / Caller ID spoofing is setting the ANI / Caller ID on the outgoing call you are making to a 10 digit number of your own choosing. Traditionally it has been a complicated process either requiring the assistance of a cooperative phone company operator or an expensive company PBX system. . . .
SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries without stripping potentially harmful characters first. Despite being remarkably simple to protect against, there is an astonishing number of production systems connected to the Internet that are vulnerable to this type of attack. . . .
The IT security of Australian Web-hosting providers has come under serious question, with more than 30 state and local government Web sites defaced in the last six months - including the homepages of two locally hosted foreign diplomatic missions and the highly sensitive NSW Casino Control Board. . . .
In the biggest hacker attack in South Africa since 1 January 2004, hackers successfully defaced more than 73 local websites over the weekend, Reinhardt Buys of IT law firm Buys said on Monday. Even the website Hack.co.za, famous in the internet underground and security community, crashed under a repeated attack, Buys said. . . .
Additional copies of Cisco code files for the Internetwork Operating System (IOS) may be circulating on the Internet, after the thief compromised a Sun Microsystems server on Cisco's network, then briefly posted a link to the source code files on a file server belonging to the University of Utrecht in the Netherlands, according to Alexander Antipov, a security expert at Positive Technologies, a security consulting company in Moscow, who was interviewed by e-mail and instant messaging service. . . .
WiFi wardriving tools have now advanced to the point where it is less a sign of techno-machismo and more a sign of social maladjustment to actually go out and wardrive in your neighborhood. So what's a young wireless data enthusiast to do? . . .
An America Online customer service rep illicitly surfs the company's customer database, ferrets out private data on celebrity members and then hunts them down online under a false identity, seeking fame and fortune in Hollywood. Sound like a prelude to prison? Not in the case of Heather Robinson. The former AOL employee managed to parlay privacy violations into useful contacts in Hollywood. With the help of those contacts, Robinson, 25, landed a movie deal, and she's using her toehold in the industry to advance another. . . .
The FBI and secretary of state police were trying to determine how a hacker tapped into as many as 200,000 temporary license plate records in an Illinois secretary of state computer database over the weekend, officials said. . . .
Apparently, no actual damage was done to the systems and the hackers' access was brief. But they "could clearly have done severe damage," says TruSecure analyst Russ Cooper. The amount of bandwidth they controlled "far exceeded" several hundred personal computers connected to the Internet via cable modems. . . .
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
