We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Despite the panting about "cyberterrorists," and despite the scare mongering about venomous hackers preying on fragile federal networks, attacks on government computer systems are declining worldwide, according to a recently released report. . . .
tcpdump and libpcap were trojaned on tcpdump.org and all but 1 official mirror. This trojan, similar to the OpenSSH trojan from a few months ago, was caught Gentoo's Portage System. When the configure script is run, it downloads a script from mars.rakeeti.net. This script contains an embedded shell that creates and compiles a C source file not part of the tcpdump/libpcap dsitrobution.. . .
The FT Conferences Web site was defaced overnight by mischievous crackers promoting a Russian DJ. Defacement archive Zone-H reports that hackers broke in using a mistake in the Web site's configuration to post pictures of Vasya Strelnkikov, a famous Russian DJ. The defacement, which carries a note for the site's administrator saying no files were changed plus the name of the supposed attacker. . .
As the Internet develops, so too will the maladies that afflict it. In other words: As more and more people protect themselves against e-mail worms and viruses, those threats will likely become smarter and more sophisticated to circumvent those protections. So how will future worms behave?. . .
In a recent report on terrorism, the CIA stated, "Cyberwarfare attacks against our critical infrastructure systems will become an increasingly viable option for terrorists." . . .
Last week's attacks on the Internet's backbone likely emanated from computers in the United States and South Korea, FBI Director Robert Mueller today said. "The investigation is ongoing," Mueller said at an Internet security conference in Falls Church, Va. He . . .
Cyber-crime laws and cops are now targeting those who write and distribute hacker toolkits. Currently, the case helping to establish a precedent on how authors of virus toolkits will be prosecuted in the UK is the case involving the author of . . .
The al-Qaeda terror network has begun using hackers who break into websites to create secret pages that send messages to its followers, Internet specialists say. An example of this practice came earlier this month when a message purportedly from al-Qaeda chief . . .
In the wake of last week's unprecedented DDoS attack against all 13 of the Internet's root-name servers, the government and ICANN, one of the Internet's main governing bodies, are considering changes to help protect the DNS system against future attacks. . . .
Call them traditionalists, but breaching wireless networks apparently does not hold the same allure for hackers as wreaking havoc on closed systems via the wired Internet -- at least not so far. Despite efforts to ferret out truly insidious hacking on Wi-Fi systems, security experts generally have turned up little evidence of nefarious activity. For instance, one honeypot set up by a government contractor in the Washington, D.C., area earlier this year failed to attract much attention in its first few weeks. . . .
Monday's attack on the 13 computer servers that manage the world's Internet traffic was the first of two assaults, according to officials at the companies that were affected. . .
Kerberos has lost some of its bite, according to the US government, which on Wednesday warned of a critical flaw that could allow hackers to circumvent the secure networking system.. . .
On October 18, https://www.anzen.com/ was compromised and fragrouter was trojaned. "This release of fragrouter 1.7 is COMPLETELY BOGUS. fragrouter has not been actively maintained for 3 years." ... "The trojan itself is very similar to those recently found in irssi, fragroute, BitchX, OpenSSH, and Sendmail. Embedded in the configure script is a C program that will remotely bind a shell.". . .
If you need a working definition of ironic, you could do worse than this. Last summer, Kevin Mitnick, the one-time hacker who was on the FBI's "10 Most Wanted" list of fugitives, was himself the victim of a scam just like he used to work on people. It's a technique Mitnick, 39, calls social engineering: getting access to information, including computer data, by talking to people rather than by accessing computers. "I practised it for 15 years. I would think I would be the most aware of when it was being done," he says. . . .
A hacker is reported to have targeted at least 20 South African Web sites last week, 14 of the attacks occurring in a single day. This is according to Internet law firm Buys Attorneys, which routinely tracks the behaviour of hackers. Reinhardt Buys of Buys Attorneys says last week saw a sharp increase in the number of hacker attacks on local Web sites. "During the past week, a hacker who refers to himself only as `r00t3rs' hacked into more than 20 sites." . . .
Mod-chip makers and Linux programmers have managed to break through a revamped security system in Microsoft's gaming console, allowing it to run their own software. Xbox security is seen as a test bed for future copy-locked PCs A group of independent programmers says it has managed to crack a new security system in Microsoft's Xbox gaming console, less than a month after the reconfigured consoles hit the market.. . .
The Trojan horse discovered in a distribution of the Sendmail open-source e-mail server has striking similarities to a backdoor planted in OpenSSH last summer, according to security experts who've analyzed the code. But missteps in the alerting process may have given . . .
The Trojan horse discovered in a distribution of the Sendmail open-source e-mail server has striking similarities to a backdoor planted in OpenSSH last summer, according to security experts who've analyzed the code. But missteps in the alerting process may have given . . .
Online vandals hacked into the primary download server for Sendmail.org and replaced key software with a Trojan horse, a Sendmail development team member said Wednesday. The apparent attack on Sendmail didn't leave a back door in the popular open-source e-mail software . . .
The CERT/CC has received confirmation that some copies of the source code for the Sendmail package were modified by an intruder to contain a Trojan horse. Sites that employ, redistribute, or mirror the Sendmail package should immediately verify the integrity of their distribution. . .
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
