We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Russian hacker tricked by the FBI into visiting the US has been sentenced to three years in prison after being convicted of 20 counts of computer crimes, fraud and conspiracy. According to news agency Reuters, prosecutors had pushed for the 27-year-old hacker, Vasiliy Gorshkov, to serve at least 16 years. . . .
Unidentified hackers scrawled virtual obscenities on a State Department Web site, forcing the department to close the site down, spokesman Richard Boucher said on Thursday. . .
If history is a guide, any Bush administration plan to remove Saddam Hussein from power in Iraq would likely set off a firestorm of hacker activity targeting U.S. networks and infrastructure. And those attacks could be greater in number and affect a broader cross-section of U.S. businesses than anything seen before, according to intelligence experts.. . .
All PHP-Nuke versions, including the just released 6.0, are vulnerable to a very simple SQL injection that may lead to a basic DoS attack. When the script is stopped, the server will take a few minutes to recover from the load and become acessible again.. . .
Blair pointed us to an article on XSS. "Cross-site scripting is a potentially dangerous security exposure that should be considered when designing a secure Web-based application. Users can unknowingly execute malicious scripts when viewing dynamically generated pages based on content provided by an attacker. An attacker can take over the user session before the user's session cookie expires. An attacker can connect users to a malicious server of the attacker's choice. This article describes the nature of the exposure, how it works, and has an overview of some recommended remediation strategies.". . .
In recent months, hackers of all backgrounds have been forced to rethink their practices while facing a roundhouse combination of the DMCA, heightened law enforcement activity and deeper scrutiny by employers.. . .
ISS X-Force has learned of the existence of a variant of the "Slapper" (also known as Slapper.A) worm that X-Force documented in a X-Force Security Alert on September 14, 2002. The new variant, named Slapper.B, has several subtle differences from the first Slapper worm, but it is for the most part an updated version of its predecessor. . . .
Verizon is urging customers who use voicemail and PBXs to use secure passwords to keep hackers out. The company's warning, including a voice mail message sent from Verizon to its consumer and business voice mail customers, is in response to growing . . .
This article looks at a popular form of attack on an organization's computer network known as war dialing. The term war dialing involves the exploitation of an organization's telephone, dial, and private branch exchange (PBX) systems to penetrate internal network and computing resources. After introducing and exploring the different forms war dialing attacks can take and some tools used to execute such attacks, the article examines measures that can be taken to prevent such an attack.. . .
On any routine business day, Citigroup moves a trillion dollars or more around the world. Little wonder, then, that information technology security executives at the world's biggest financial services giant were stunned one day in 1994 when they learned that a hacker had broken into their systems' innards and was moving around millions of dollars. As Colin Crook, former chief technology officer of Citigroup, recalls, "It was a profoundly traumatic experience.". . .
The well-known Web page defacement archive, alldas.de, appears to have disappeared from the Net altogether. Attempts to access the site over the past week have met with no success. None of the better-known news sites on the Net have carried any report on the apparent demise of one of the Web's most valuable archives. [09/06/02 08:07 EST] The defacement archives are at alldas.org, of course.. . .
In the popular imagination, a computer hacker is on the fringes of society -- either a brilliant but misguided teenager or a solitary, disaffected adult. He's more interested in showing off his skills than benefiting from them. He values havoc over money. . . .
If we do not distinguish good from bad, if we fail to understand the make-up of such a complex group of people, how can we ever hope to limit black-hat hacking? A few years ago, there were a few short . . .
Always question an order you can't remember making. And never, ever give out your credit-card number for an online transaction you didn't initiate. That's the sage advice being given to hundreds of Amazon.com customers who recently received bogus e-mails that referred to phantom orders. . .
No too long ago, skilled hackers were rewarded with fat salaries and fancy titles after being busted for their shenanigans. Now, Max Vision -- a world-famous incarcerated hacker-turned-security-expert once making $250 an hour -- is happy to be getting minimum . . .
The American Heritage Dictionary defines irony to be "Incongruity between what might be expected and what actually occurs." I say that a good example of this is the advocates against the trading of pirated MP3s having pirated MP3s available on their web site.. . .
As two of the most notorious hackers of the past year await trial for their 'patriotic' website defacement spree, other members of the hacker underground have threatened action if the pair go down. Last week vnunet.com was contacted by a hacker known as Splurge, an ex-member of the notorious Sm0ked Crew website defacement group. . . .
Software security widely used for Internet banking and e-commerce can be easily circumvented, and customer accounts at several of Sweden's largest banks remain at risk as a result, a computer expert said Monday. The Swedish hacking expert, who is well known in computer security circles, but asked not to be identified, demonstrated to Reuters how it was possible within minutes to break through security on Web server software from Microsoft. . . .
At a recent Las Vegas hacker confab, Defcon, attendees were invited to try their luck with a wireless 802.11b network. The results were intriguing or scary, depending on your perspective. One of Air Defense's WLAN security appliances detected 807 attacks within . . .
If your organisation suffered a computer crime in the past few years and reported it to AusCERT, it was probably an attack from outside your walls. Nearly 90 per cent of Australian organisations that reported an incident were attacked externally, according to the 2002 Australian Computer Crime and Security Survey. This is the first time the threat of being attacked from outside surpassed the likelihood of an assault from inside.. . .
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
