47 posts tagged with COmputers and security.
Displaying 1 through 47 of 47. Subscribe:

Everything is broken

Everything is broken Next time you think your grandma is uncool, give her credit for her time helping dangerous Russian criminals extort money from offshore casinos with DDoS attacks.
Quinn Norton [previously] breaks down the reasons why computers are so hackable by exploring the realities of how software is made and used.
posted by dobie on May 21, 2014 - 65 comments

ILOVEYOU & other trips down viral memory lane

Relive techno fears of yore ... malware aficionado Daniel White collects vintage computer viruses, infects his machines and records the results. See more examples at his YouTube channel.
posted by madamjujujive on Jun 30, 2013 - 22 comments

The threat won't be understood until a Cyberdisaster

The Frightening Things You Hear at a Black Hat Conference. (Previously-ish).
posted by MattMangels on Nov 23, 2012 - 49 comments

The Brief - A daily briefing of technology news worth caring about

NASA will send you an email or text alert when the International Space Station is visible from your area. IBM scientists have recently made significant advances in nanotechnology. A mathematician thought a poorly-encrypted headhunting email from Google was testing him, but he had actually discovered a major security hole. All of this found via The Brief: A Daily Briefing of Technology News Worth Caring About from MeFi's own nostrich. [via mefi projects]
posted by davidjmcgee on Nov 9, 2012 - 15 comments

An unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows.

"Flame" is the name of a newly-identified malware program which utilizes a previously unknown MD5 collision attack to successfully spoof Microsoft Terminal Services, and install itself as a trusted program using Windows Update, Microsoft has confirmed. The program appears to have targeted computers in the Middle East, and specifically Iran; analysts have alleged it is likely created by the same entity that designed Stuxnet. Flame has been live and actively spying since 2010, but went undetected until recently, due to sophisticated anti-detection measures. [more inside]
posted by mek on Jun 8, 2012 - 53 comments

Telnet Times Ten Thousand

If you've ever worked with the command prompt on a Unix-based computer, you're likely familiar with SSH (Secure SHell), which is a program and a protocol that allows you (yes, you!) to securely access a remote system. While SSH has certainly earned the "Secure" portion of its namesake over the years, it's functionality as a shell has ironically received very little attention, and has begun to show signs of age and obsolescence: SSH doesn't work very well on mobile connections, and its support for Unicode is buggy and incomplete. A group of MIT researchers think they've found solutions to these problems, and have created Mosh as a potential successor to SSH, which fixes many of the old protocol's annoyances and shortcomings, while retaining all of SSH's security features.
posted by schmod on Apr 12, 2012 - 77 comments

Kuang Grade Mark Eleven

He leaves his cellphone and laptop at home and instead brings "loaner" devices, which he erases before he leaves the US and wipes clean the minute he returns . In China, he disables Bluetooth and Wi-Fi , never lets his phone out of his sight and, in meetings, not only turns off his phone but also removes the battery , for fear his microphone could be turned on remotely. He connects to the Internet only through an encrypted, password-protected channel, and copies and pastes his password from a USB thumb drive. He never types in a password directly, because, he said, "Chinese are very good at installing key-logging software on your laptop." - Travel precautions in the age of digital espionage.
posted by Artw on Feb 13, 2012 - 125 comments

Cracking voyeurism

Using honeypots and logging tools, some server admins have logged actual server break-in attempts by nincompoop crackers. [more inside]
posted by Foci for Analysis on Mar 11, 2011 - 50 comments

Some people learn lessons the hard way.

Aaron Barr, of security company HBGary, claimed in the Financial Times to have infiltrated Anonymous and to be collecting information on members of the group. Predictably, Anonymous responded by hacking HBGary's website and replacing its front page, as well as by stealing Barr's research documents on Anonymous (and social networking accounts) and releasing them to the public, along with thousands of internal HBGary emails.
posted by Pope Guilty on Feb 7, 2011 - 199 comments

Position-based quantum cryptography theoretically proved

Our results open a fascinating new direction for position-based security in cryptography where security of protocols is solely based on the laws of physics and proofs of security do not require any pre-existing infrastructure.
posted by Joe Beese on Aug 8, 2010 - 47 comments

Yarchive - Notes from the hinterland.

Yarchive is one man's collection of UseNET posts on the topics of Air Conditioning; Aircraft; Bicycles; Cars; Chemistry; Computers; Electrical, Electronic; Environment; Explosives, Pyrotechnics; Food; Houses; Guns; Jokes; Medicine; Metalworking; Military; Nuclear; Telephones; Physics; Risks; Security; Space mostly from a select group of authors. It has been updated several times since it first appeared here in 2001 and it never fails to sucker me in for hours every time I stumble upon it from a Google Search. [more inside]
posted by Mitheral on May 19, 2010 - 37 comments

The dry, technical language of Microsoft's October update did not indicate anything particularly untoward.

Its reach is impossible to measure precisely, but more than 3 million vulnerable machines may ultimately have been infected. : The inside story on the Conficker Worm at New Scientist.
posted by The Whelk on Jun 15, 2009 - 84 comments

IOKIYO

Beyond even the outrageously broad "state secrets" privilege invented by the Bush administration and now embraced fully by the Obama administration, the Obama DOJ has now invented a brand new claim of government immunity, one which literally asserts that the U.S. Government is free to intercept all of your communications (calls, emails and the like) and -- even if what they're doing is blatantly illegal and they know it's illegal -- you are barred from suing them unless they "willfully disclose" to the public what they have learned. - Glenn Greenwald. [more inside]
posted by Joe Beese on Apr 7, 2009 - 102 comments

"Leaving no trace [of our daily lives] is nearly impossible."

The Anonymity Experiment. Is it possible to hide in plain sight? Privacy-minded people have long warned of a world in which an individual’s every action leaves a trace, in which corporations and governments can peer at will into your life with a few keystrokes on a computer. Now one of the people in charge of information-gathering for the U.S. government says, essentially, that such a world has arrived.
posted by amyms on Feb 16, 2008 - 44 comments

Geek Squad Steals Porn?

Using a computer set to auto-screencast, The Consumerist catches a Geek Squad technician copying porn from a client's computer to a thumbdrive, and they've got video and logfiles (CSV) to prove it. Also, the Geek Squad CEO responds, and an anonymous Geek Squad tech confesses that this is not an uncommon practice: "stealing customers' nudie pics was an easter egg hunt." Consumerist users suggest that this practice might not be limited to Geek Squad. Via.
posted by charmston on Jul 6, 2007 - 73 comments

Herding Zombies

Interesting "New Yorker" article about online extortion via DDoS attacks. Call me naive and underinformed, but I had little understanding of how this works. "In the most common scenario, the bots surreptitiously connect hundreds, or thousands, of zombies to a channel in a chat room. The process is called “herding,” and a herd of zombies is called a botnet."
posted by dersins on Oct 7, 2005 - 34 comments

Happy PFD!...?

Anyone in the mood for a celebration!? Today is Personal Firewall Day! Who's bringing drinks?
posted by bhayes82 on Jan 15, 2004 - 38 comments

Nasty new IE hole

A new MS Internet Explorer vulnerability is discovered. Most digerati already know about the spammer and lamer trick to publish URLs that look like legitimate hostnames to fool people in to trusting a malicious site. This trick is frequently used by spammers to steal people's PayPal accounts, by tricking them in to "resetting" their password at a site owned by the spammer but disguised as PayPal.com. Today's new IE vulnerability is significantly worse. By including an 0x01 character after the @ symbol in the fake URL, IE can be tricked in to not displaying the rest of the URL at all. Don't expect a patch right way, the guy who found the hole released it to BugTraq on the same day he notified Microsoft. (via Simon Willison)
posted by dejah420 on Dec 9, 2003 - 29 comments

What do you know about CALEA?

Bob Cringely thinks the government's information gathering capability is a disaster waiting to happen. Does our government have too much faith in computers as a solution to our problems? Just as electronic voting is looked at skeptically by the computer-savvy among us, so should the use of computers to gather information.
posted by TedW on Jul 16, 2003 - 13 comments

The US government recently released a draft of the National Strategy to Secure Cyberspace, essentially it advocates ensuring security through consensus, with vendors, government agencies and consumers taking responsibility for the tools they use. That's not enough for Marcus Ranman who in the TISC newsletter advocates passing legislation mandating consumers and ISPs to install firewalls and anti-viral software. At what point does an individuals (corporate or consumer) chosen level of computer security become a concern for the federal government?
posted by cedar on Oct 17, 2002 - 7 comments

Using Internet Explorer, Outlook, or Outlook Express on a PC? There's a new hack in town, ready to exploit cross site scripts like nobody's business. Do yourself a favor and disarm ActiveX on your settings.
posted by mathowie on Jul 12, 2002 - 6 comments

First JPEG virus discovered...

First JPEG virus discovered... "The W32/Perrun virus, as it is now being called, extracts data from JPEG files and then injects picture files with infected digital images. A fair warning to those individuals who are fond of sending multimedia files to friends and families." Is everyone's porn stash threatened now?
posted by darian on Jun 14, 2002 - 28 comments

Competition to "reverse engineer" mystery program.

Competition to "reverse engineer" mystery program.
Another cool thingy from the HoneyNet Project; they're inviting people to convert a binary file into its original source. So, who's participating?
posted by arnab on May 3, 2002 - 2 comments

Hollings privacy bill really a trojan horse for spyware and data miners?

Hollings privacy bill really a trojan horse for spyware and data miners? But Hollings' bill should outrage Internet users just as much as Brilliant Digital's spyware. For while it talks a good game about protecting "sensitive" information, the truth is that it would place a congressional stamp of approval on precisely the kinds of practices that purveyors of spyware are eager to engage in.
posted by skallas on Apr 28, 2002 - 3 comments

Stick with WinAmp, not RealOne or WMP...

Stick with WinAmp, not RealOne or WMP... Security vulnerability with RealOne and Windows Media Player, but not with WinAmp. Files with embedded URLs or JavaScript can be mislabeled as MP3 and RealOne and WMP will play them and the attachments. WinAmp will just complain... A demonstration can be found here...
posted by Samizdata on Mar 25, 2002 - 30 comments

Trillian Users blocked from AIM service?

Trillian Users blocked from AIM service? The bit about this that scares me is the solution to the problem involves disabling the Secure IM functions. Is this a technical glitch or a conspiracy by AOL to reserve the ability to spy on our IM chats? Or build intentional security loopholes?
posted by Jeffy on Jan 29, 2002 - 29 comments

"Err...hello...is that Alex Braganza? Sorry to disturb you ...

"Err...hello...is that Alex Braganza? Sorry to disturb you ... my name is Kenny Patterson. No you don't know me. But I took my computer into PC World for repair and when I got it back they'd replaced my faulty hard disk with a reconditioned one which used to be your old machine. Thing is, they hadn't actually bothered to format the thing so now I've got all your personal details. Yes that right -- that's were I got your phone number." I imagine that's how the conversation would have started ...
posted by feelinglistless on Jan 11, 2002 - 18 comments

Hackers: Computer Outlaws

Hackers: Computer Outlaws A TLC show(that I'm 3/4 through) that seems to actually use reliable sources to discuss not just cracker behavior, but also the creative side of hackers, pointing out the developments attributed to some hackers. Now Markoff and Mitnick. Not a bad little show....
posted by dglynn on Jan 9, 2002 - 7 comments

Antivirus Firms Say They Won't Create FBI Loophole.

Antivirus Firms Say They Won't Create FBI Loophole. A free knuckle sandwich to the first person to say, "looks like magic lantern has been extinguised!"
posted by mcsweetie on Dec 10, 2001 - 11 comments

AirSnort.

AirSnort. The dangerous app with the unlikely name allows users to snatch data being passed over wireless networks, eventually capturing passwords to the network.
posted by o2b on Nov 29, 2001 - 7 comments

In lieu of the Magic Lantern thread, Symantec will be ignoring the FBI trojan. [taken from ./]
posted by hobbes on Nov 28, 2001 - 22 comments

New worm doing the rounds.

New worm doing the rounds. Great.
posted by nico on Sep 18, 2001 - 23 comments

Seeing weird things in your website logs today? This will explain it... Running IIS and haven't patched it in over a month? Go here. 13,000 servers have already been affected.
posted by machaus on Jul 19, 2001 - 37 comments

Win XP's Product Activation as a breeze to hack. Provided that RC1 still ships as is and you keep your RAM locked at a fixed number of sticks, it's simply a matter of keeping a backup of a DBL file. For all the ballyhoo, it's amazing that something this obvious slipped under the cracks. With WPA this sloppy, is this the only half-hearted facet of Windows XP?
posted by ed on Jul 17, 2001 - 36 comments

Those British boys at it again.

Those British boys at it again. It was like this during the war, y'know. I remember my old mate Alan Turing beating the system in much the same way. Saved the world he did. Tally-ho.
posted by feelinglistless on Apr 24, 2001 - 7 comments

One million credit card numbers stolen! News at 11!

One million credit card numbers stolen! News at 11! The FBI has gone public with a rather dry account of a huge organized attack on ecommerce sites, exploiting security flaws in NT which Microsoft fixed and offered patches for nearly two years ago.
posted by Steven Den Beste on Mar 9, 2001 - 5 comments

In the latest Cryptogram newsletter,

In the latest Cryptogram newsletter, security expert Bruce Schneier makes some interesting points about voting, voting machines and computers. The web version of this article won't be up for a few weeks so I have reproduced it here. Read more...
posted by lagado on Dec 16, 2000 - 2 comments

Excellent, in-depth analysis

Excellent, in-depth analysis of "spyware" used by insidious and horrible software entities such as RealPlayer. Written by my hero and yours, Steve Gibson.
posted by Succa on Oct 16, 2000 - 14 comments

New Microsoft Bug Found

New Microsoft Bug Found This one's pretty serious. Because it affects the whole world.
posted by PaperCut on May 20, 2000 - 13 comments

Blame MICRO$OFT

Blame MICRO$OFT for the "I love you" virus, ohh, and it has 40 authors to it
posted by tiaka on May 16, 2000 - 14 comments

Any server can read all your IE cookies.

Any server can read all your IE cookies. From any domain. Anyone. I was just explaing to my folks that the reason cookies are (generally) safe is that this was NOT possible. Well, it's possible now.
posted by ericost on May 11, 2000 - 32 comments

RedHat Linux security problem uncovered.

RedHat Linux security problem uncovered. Today, apparently it was discovered that if you install the Piranha package with RedHat 6.2 (ostensibly part of the default installation, but there's controversy over this), a default password is installed that would give anyone access to the Piranha configuration package; from there, it is apparently trivial to execute any command on the box that you want.
I find it very interesting that the fact that Microsoft had a "backdoor password" in a DLL made huge news (and it turned out to be patently false), yet this has gotten almost no press. I'd like to think otherwise, but I know it's because people hate Microsoft, and thus are eager to deride it... and yet here's proof that even the mighty Linux is susceptible to the same exact problems.
Next time you reach for the keyboard to cry out "nyah nyah!" at the discovery of some problem with Windows, remember this...
posted by delfuego on Apr 24, 2000 - 15 comments

Do security apps like this one actually work? Anyone here with a DSL or ISDN, or other "always on" connections, have any tips on security at home?
posted by milhous on Apr 19, 2000 - 17 comments

They bagged the kid who was responsible

They bagged the kid who was responsible for all those Denial-of-Service attacks a couple of months ago. He's Canadian.

Here's an interesting legal question: could the US extradite him? The crimes were committed in the US, but he was in Canada at the time he did it, since he worked through the Internet. Whose laws apply?

(By the way, I've seen no indication that the US is considering extradition; I was just curious whether they could extradite him.)
posted by Steven Den Beste on Apr 19, 2000 - 18 comments

You know their server isn't particularly secure; well neither is their browser.
posted by ericost on Apr 19, 2000 - 2 comments

Uncle Sam wants YOU

Uncle Sam wants YOU to solve the internet's problems. President Clinton announced yesterday that, due to a complete lack of knowledge about the internet, it will cost $2 billion in 2001 to develop anti-hacker secuity. Plus they intend on subsidizing college costs for computer science majors that agree to work for the government. Hey if he'd give me just one million dollars, I'd be able to pay off my school costs and hunt down hackers personally, like Boba Fett.
posted by Awol on Feb 11, 2000 - 0 comments

Last night Kevin Mitnick was on 60 minutes (the gist of the interview is quoted here), and I have to say he came off as an utterly harmless geek. He was an information junkie that enjoyed the challenge of cracking firewalls. He never profited from his activities and the affected companies made up their monetary losses. It's a shame he was forced to waste away in prison instead of offer his security expertise to the affected companies.
posted by mathowie on Jan 24, 2000 - 1 comment

Page: 1