Create an Account
username: password:
 
  MemeStreams Logo

It's always easy to manipulate people's feelings. - Laura Bush

search

Decius
Picture of Decius
Decius's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Decius's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
   Sci-Fi/Fantasy Films
  Music
   Electronic Music
Business
  Finance & Accounting
  Tech Industry
  Telecom Industry
  Management
  Markets & Investing
Games
Health and Wellness
Home and Garden
  Parenting
Miscellaneous
  Humor
  MemeStreams
Current Events
  War on Terrorism
Recreation
  Cars and Trucks
  Travel
Local Information
  United States
   SF Bay Area
    SF Bay Area News
Science
  Biology
  History
  Math
  Nano Tech
  Physics
Society
  Economics
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
Sports
Technology
  (Computer Security)
  Macintosh
  Spam
  High Tech Developments

support us

Get MemeStreams Stuff!


 
Current Topic: Computer Security

Wired News: Bug Bounties Exterminate Holes
Topic: Computer Security 2:00 pm EDT, Apr 17, 2006

Brokers that disclose bugs to their selected list of subscribers are necessarily withholding important information from the rest of the public. Brokers may eventually issue public advisories, but in the meantime, only the vendor and subscribers know about the problem.

An interesting discussion of bug brokers.

Wired News: Bug Bounties Exterminate Holes


InformationWeek | Security | The Fear Industry | April 17, 2006
Topic: Computer Security 12:18 pm EDT, Apr 17, 2006

In January, a vulnerability in WMF surfaced that let attackers use the Windows' graphics rendering engine that handles WMF images to launch malicious code on users' computers via these images. A number of security researchers posted information about the vulnerability to their mailing lists. Within a few hours, researcher H.D. Moore posted a working example of a WMF exploit--a piece of code written to take advantage of a software flaw--on his Metasploit Web site. Some defended the action, saying it offered insight into the rules security pros needed to put on intrusion-detection systems to avoid getting hit. Others argued that what Moore did enabled the average hacker to more easily exploit the flaw.

Information Week published a long, sensational, and patently dishonest article on security research today. This text makes it seem as if malware authors used the information H.D. Moore published. The fact is that this vulnerability was being exploited by criminal organizations in the wild before anyone in the security research community knew about it. The article fails to make this fact clear because it doesn't fit into the narrative that the reporter is aiming for and undermines the questions the reporter is raising. Would any major news media organization be interesting in a peice that discusses whether intentially dishonest reporting is good or bad for society?

InformationWeek | Security | The Fear Industry | April 17, 2006


eBay: Enigma 3 Walzen Chiffriermaschine Chiper Weltkrieg 1941
Topic: Computer Security 12:02 am EST, Mar 29, 2006

Fine example of a WW II Enigma cipher machine in a very good condition and a great history; full functional.

Holy fuck!

eBay: Enigma 3 Walzen Chiffriermaschine Chiper Weltkrieg 1941


Peacefire Joins Open Letter Slamming AOL “E-Mail Tax” (Internet)
Topic: Computer Security 9:16 am EST, Mar 23, 2006

AOL claims that mail from non-spammers will continue to be delivered. But that inherently contradicts its other statements, for a simple reason: If mail from non-spammers can get through, then who is going to pay for Goodmail?

AOL, Yahoo, and Hotmail do a real good job of flagging bulk or commercial email as spam, regardless of whether or not its unsolicited and apparently without regard to things like SPF compliance. If you have a financial interest in having that email not get flagged as spam, you'll pay. If you don't have the means to pay, you're fucked.

Peacefire Joins Open Letter Slamming AOL “E-Mail Tax” (Internet)


RFID Viruses: Is your cat infected with a computer virus?
Topic: Computer Security 2:24 pm EST, Mar 15, 2006

The prankster decides to unwittingly enlist his cat in the fun. The cat has a subdermal pet ID tag, which the attacker rewrites with a virus using commercially available equipment. He then goes to a veterinarian (or the ASPCA), claims it is stray cat and asks for a cat scan. Bingo! The database is infected. Since the vet (or ASPCA) uses this database when creating tags for newly-tagged animals, these new tags can also be infected. When they are later scanned for whatever reason, that database is infected, and so on. Unlike a biological virus, which jumps from animal to animal, an RFID virus spread this way jumps from animal to database to animal.

I ignored this article this morning but its actually pretty cool. SQL injection, CSS, and buffer overflows from data stored in RFIDs is a vector that few people have really looked at. I wonder if the new U.S. Passports are vulnerable?

RFID Viruses: Is your cat infected with a computer virus?


Slashdot | Interview With Cryptographer Elonka Dunin
Topic: Computer Security 1:12 pm EST, Mar 14, 2006

"Whitedust is running a very interesting article with the DEF CON speaker and cryptographer Elonka Dunin. The article covers her career and specifically her involvement with the CIA and other US Military agencies."

Slashdot | Interview With Cryptographer Elonka Dunin


Leveraging automated attack response
Topic: Computer Security 12:09 pm EST, Mar  6, 2006

Turns out that if someone types "startkeylogger" or "stopkeylogger" in an IRC channel, anyone on the channel using the affected Norton products will be immediately kicked off without warning.

hehehe.... The problem with a lot of automated tools that try to respond to attacks is that an attack can trigger them intentionally. Dropping in a firewall rule to block anyone who port scans you? Why don't I spoof a port scan from your favorite website? Even worse is the idea of automatically retaliating. Retaliating security software is Texan for distributed denial of service zombie.

Leveraging automated attack response


Wardriving is the new pop.
Topic: Computer Security 11:56 am EST, Mar  6, 2006

Piggybacking, the usually unauthorized tapping into someone else's wireless Internet connection, is no longer the exclusive domain of pilfering computer geeks or shady hackers cruising for unguarded networks. Ordinarily upstanding people are tapping in. As they do, new sets of Internet behaviors are creeping into America's popular culture.

Wardriving is the new pop.


US sponsors Anonymiser – if you live in Iran | The Register
Topic: Computer Security 9:46 am EST, Mar  1, 2006

A pact between the U.S. government and the electronic privacy company Anonymizer, Inc. is making the Internet a safer place for controversial websites and subversive opinions -- if you're Iranian.

This is old news, but I wasn't aware. Apparently the U.S. sponsers anonymizing web services. Thats neat. If they are really concerned about China they ought to do more of this.

US sponsors Anonymiser – if you live in Iran | The Register


CRM Today: Open Source Initiative to Give People More Control Over Their Personal Online Information
Topic: Computer Security 9:44 am EST, Feb 27, 2006

Higgins breaks up a person's identity into pieces -- or "services" -- and lets computer users dictate who can access what parts of their identity information, within applicable privacy guidelines and laws. Organizations using "smart” applications, built with Higgins open source tools, can share specific identity information, such as their telephone number or buying preferences, according to rules set by the individual, or by an authorized third-party service provider acting on their behalf. Like Web services, companies will be able to build support for Higgins into their applications, websites and services, and its open approach will support any technology platform and identity management system.

I've wanted to see something like this for quite some time, and this is probably the right way to do it. Lets hope they don't over engineer the crap out of it. The project is in its early stages.

CRM Today: Open Source Initiative to Give People More Control Over Their Personal Online Information


(Last) Newer << 8 - 9 - 10 - 11 - 12 - 13 - 14 - 15 - 16 - 17 ++ 27 >> Older (First)
 
 
Powered By Industrial Memetics
RSS2.0