We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Last January, Adrian Lamo awoke in the abandoned building near Philadelphia's Ben Franklin Bridge where he'd been squatting, went to a public computer with an Internet connection, and found a leak in the Excite@Home's supposedly airtight company network. Just another . . .
Lamo recently broke into the Times computer network, where he co-opted contact-information files as well as sensitive details of the news-gathering and editing process at the Times. His tear through the Gray Lady's closet even gave him the ability to change . . .
It looks like we called it a few days ago in our article Morpheus Still Down when we said something was fishy about the booting of Morpheus from the FastTrack network and that the event may have been the result of a DDoS attack. Yesterday on the company website, Morpheus confirmed our suspicions and announced they were hacked.. . .
it is unlikely that Apple imagined people would walk into computer stores, plug their iPod into display computers and use it to copy software off the hard drives. This is exactly the scenario recently witnessed by Kevin Webb at a Dallas CompUSA store.. . .
The New York Times' corporate Intranet and Web-based applications that handle everything from payroll accounts to the newsroom's source database were penetrated by a freelance security researcher this week using nothing more than a Web browser, Newsbytes has learned. The . . .
Other breaches include buffer-overflow attacks as well as tampering with CGI scripts and unencrypted cookies to gain unauthorized access and steal identities. In the latter, hackers take advantage of Web browsers or cookies that sometimes erroneously reveal customer account information because the applications don't check account-ID parameters.. . .
A decade ago Kevin Mitnick tricked a Novell Inc. employee into giving him access to sensitive corporate data. This week the legendary hacker and his unsuspecting target met for the first time. "This is ironic," Mitnick said as he and . . .
While hiring security specialists with a staff roll of cleared and sanitised white hats is one avenue, companies also hire individuals and less established groups to test their security. As Kenneth de Spiegeleire, manager of security assessment services at ISS, points out: "Unfortunately, not all service providers respect the same code of conduct or rigorous testing methodology.". . .
While this knowledge could easily have led a younger Chappell down the path to what she refers to as the "dark side", or malicious computer hacking (known as cracking), she chose to pursue a different career. Decades later, she has moved on from Novell and established a career as an expert and consultant in protocol analysis, a segment of network security.. . .
Not only can malicious hackers force an ISP out of business, it appears they can get away with it as well. The hackers that brought down UK Internet Service Provider (ISP) Cloud Nine look almost certain to avoid prosecution.. . .
Industry experts are calling for a revamp of the Computer Misuse Act after the government revealed that only seven hackers have been imprisoned in the past two years. At the same time an influential lobby group has warned that improvements . . .
The Alldas.de Web site, which archives copies of Web pages that have been digitally defaced by online hoodlums, announced Monday that the founder of the site would be retiring and the site moving to a new domain. In an interview with . . .
Targeted attacks do not make nearly as much 'noise' as the mass-mailing worms and widespread vulnerabilities of the Internet, but they can be much more dangerous. The number and variety of computer worms, security vulnerabilities and attacks on the Internet . . .
The senior research fellow at Symantec Security Response, Gordon is an expert on the psychology of virus writers and hackers. And she's on a mission to clean up stereotypes about these "bad guys." Contrary to popular myth, Gordon says, cyber-rebels aren't . . .
Carl made a mistake. In his repetitious data entry job he entered employee information every workday. He always was careful to input the correct job requisition number in the user screen's JRN field. "Without a correct JRN entered, the new employee . . .
The 2001 Computer Crime and Security Survey from the Federal Bureau of Investigation and the Computer Security Institute makes it clear that cybercrime is on the rise. But for the first time, according to survey respondents, incidents precipitated by outside hackers outnumbered those originated by internal threats.. . .
Should software companies be more liable for problems caused when software breaks or some malicious outsider breaks it? The National Academy of Sciences, in a security paper released last month, says yes. But I'm not sure our nation's supposedly brightest minds have really thought this out.. . .
According to the defacement archive at Alldas.de, the hacker group known as the 'sm0ked crew' only terrorised websites throughout February of last year. But that was maybe enough for one member of the crew, Splurge, who decided to call it quits and go straight in the security industry.. . .
Fears are growing once more that companies operating on the Internet may not be equipped to ward off electronic sabotage after anonymous "hackers" forced a small British firm out of business. CloudNine Communications, one of Britain's oldest Internet Service Providers (ISPs) . . .
Cyberattack activity increased 79% among 300 companies surveyed between July and December last year by security-services vendor Riptech Inc. The study of companies in more than 25 countries also monitored attacks based on severity, intensity, and geographic sources. The data is . . .
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
