Real-World
“Hooker” approach to break-in!
Interesting post on cost/benefit analysis of hacker and hooker attacks…. behrang
Sarah Palin, a yahoo email account, and something more shocking…
By now everyone knows that John McCain’s running mate Sarah Palin had her yahoo email account hacked. I guess a presidential candidate using yahoo for govt. related email was about as shocking as Sarah Palins nomination as possible future president ((unless of course you have ever heard of other govt. officials using yahoo/gmail/hotmail for serious business)(inside joke for south africans!)). People have been talking about secure password resets for a long…
Enter Google Chrome…
Google have thrown their hat in the browser-ring, which many have predicted. [Chrome] should be coming soon to downloads near u. It’s based on [webkit], which you might [recall] was impressive in many ways.. It has a few other interesting promises, like a brand new javascript engine [which sounds like an excellent target for future hackery] and a simple but sweet isolation concept [tabs are independent processes]. Like anything released from…
rethinking ye old truths
since forever, i’ve been told (and told others) that the greatest threat is from the inside. turns out, not so much. verizon business (usa) apparently conducted a four year study on incidents inside their organisation and found that the vast majority, 73%, originated from outside. however, the majority of breaches occurred as a result of errors in internal behaviour such as misconfigs, missing patches etc. (62% of cases). So attackers…
Mind Control, Big Cats, Feynman && kiosks…
Aka… A good weekend.. The weekend got off to a slow start, when Amazon claimed it would take a little longer than planned to ship us the “Web Application Hackers Handbook”. Fortunately it picked up after that.. The first ray of light was finding a new strange bug on a huge application that smells a lot like full remote code execution.. Then the office had a power-outage and i felt…
Alas.. i could have made squillions (aka – Amazon MTURK)
In early 2002 i suggested that we could solve some computer problems and south africas street-kid problem by setting up a network of street=kids with basic education to handle tasks computers still struggled with. At the time we were concerned with low-false positive, agentless remote detection of defaced web-sites, but also ran into the idea when we first built e-or, our early web application scanner. I suspect i didnt broach…
On vulnerability, root cause, white-listing and compliance
Many years ago, when we first released ‘Setiri’ one of the controls that we preached was website white-listing. As talk-back trojans would connect back to arbitrary web servers on the Internet, we argued that companies should create shortlists of the sites employees are allowed to visit. This, we argued, was much more feasible than trying to identify and block known ‘bad’ sites. Of course, there are a number of other…
More Pentagon data leakage through Office files..
R J Hillhouse (who has a fascinating background) found that when she double clicked a graph on a slide deck belonging to the office of national intelligence (available from the DIA website), the linked spreadsheet popped up.. This effectively revealed “the dollar amounts in tens of millions spent by the US Intelligence Community on contractors”. Aages ago lcamtuf highlighted info leakage through MS Office files, and it seems these days…
Hotel Hacking
Check out http://hongkong.langhamplacehotels.com/accom/technology.htm in Hong Kong. They provide Cisco IP phones in the rooms, but with a difference. According to an article I read in TIME the hotel will collect your most frequently dialled numbers and load them onto the touchscreen phone when you return for your next visit. Not only that, they also program the phone to show stock quotes or news and weather from your home town, AND…
Second Life land grab case moves into U.S federal courts..
Ars Technica is reporting on the law suit filed in 2006 by Martin Bragg who accused Linden labs of wrongfully seizing his virtual land. -snip- Linden Lab filed two motions to dismiss the suit, arguing that Bragg came into possession of his land wrongfully, but the Pennsylvania judge denied those motions. -snip- A few things about this are super interesting.. Linden Labs (creators of Second Life) literally sells online assets…
Prev
Page 2 of 2