It’s not often that one has the opportunity to be the target of a cyber and kinetic attack at the same time. But that is exactly what’s happened to me and my Web site over the past 24 hours. On Thursday afternoon, my site was the target of a fairly massive denial of service attack. That attack was punctuated by a visit from a heavily armed local police unit that was tricked into responding to a 911 call spoofed to look like it came from my home.
Well, as one gamer enthusiast who follows me on Twitter remarked, I guess I’ve now “unlocked that level.” ~ KrebsonSecurity
posted by infini
on Mar 16, 2013 -
56 comments
"During his civil lawsuit against the People's Republic of China,
Brian Milburn says he never once saw one of the country's lawyers. He read no court documents from China's attorneys because they filed none. The voluminous case record at the U.S. District courthouse in Santa Ana contains a single communication from China: a curt letter to the U.S. State Department, urging that the suit be dismissed. That
doesn't mean Milburn's adversary had no contact with him." [
China Mafia-Style Hack Attack Drives California Firm to Brink]
posted by vidur
on Nov 28, 2012 -
12 comments
He leaves his cellphone and laptop at home and instead brings "loaner" devices, which he erases before he leaves the US and wipes clean the minute he returns . In China, he disables Bluetooth and Wi-Fi , never lets his phone out of his sight and, in meetings, not only turns off his phone but also removes the battery , for fear his microphone could be turned on remotely. He connects to the Internet only through an encrypted, password-protected channel, and copies and pastes his password from a USB thumb drive. He never types in a password directly, because, he said, "Chinese are very good at installing key-logging software on your laptop." -
Travel precautions in the age of digital espionage.
posted by Artw
on Feb 13, 2012 -
125 comments
Security-in-a-Box.
A complete guide to digital security for advocates and human rights defenders (and for you too!). It includes all the info and tools you'll need for anything related to personal digital security.
Mobiles in-a-box: Tools and tactics for mobile advocacy.
Message in-a-box: Everything you need to make and distribute your own media.
NGO-in-a-box: Set up you NGO using free and open-source software.
[more inside]
posted by lemuring
on Feb 28, 2011 -
14 comments
IPv6, a newer version of the Internet Protocol that most of the net will convert to during the next few years due to "address exhaustion" with the current IPv4, (
previously,
previously) has a variety of advanced security features in it. Once IPv6 is fully rolled out and all the technical people are familiar with it, computers connected to the internet will be much safer from some kinds of hacking - but
until then we may be in for a bumpy ride.
posted by XMLicious
on Feb 1, 2011 -
60 comments
Beyond even the outrageously broad "state secrets" privilege invented by the Bush administration and now embraced fully by the Obama administration, the Obama DOJ has now invented a brand new claim of government immunity, one which literally asserts that the U.S. Government is free to intercept all of your communications (calls, emails and the like) and -- even if what they're doing is blatantly illegal and they know it's illegal -- you are barred from suing them unless they "willfully disclose" to the public what they have learned. -
Glenn Greenwald.
[more inside]
posted by Joe Beese
on Apr 7, 2009 -
102 comments
On May 13, security advisories published by
Debian and
Ubuntu revealed that, for over a year, their OpenSSL libraries have had a major flaw in their
CSPRNG, which is used by
key generation functions in many widely-used applications, which caused the "random" numbers produced to be extremely predictable.
[lolcat summary] [more inside]
posted by finite
on May 16, 2008 -
81 comments
If Bruce Schneier, the
expert voice of
security moderation, is "worried" than so am I. Since the beginning of the year Storm, an advanced, distributed worm network has been growing quietly as its authors tweak its social engineering attack. Now it seems that it is in place and waiting. Schneier's
article. Digital Intelligence and Strategic Operations Group has been
monitoring Storm for a year.
OWL.
posted by shothotbot
on Oct 15, 2007 -
89 comments
Interesting "New Yorker" article about online extortion via DDoS attacks. Call me naive and underinformed, but I had little understanding of how this works.
"In the most common scenario, the bots surreptitiously connect hundreds, or thousands, of zombies to a channel in a chat room. The process is called “herding,” and a herd of zombies is called a botnet."
posted by dersins
on Oct 7, 2005 -
34 comments
A new MS Internet Explorer vulnerability is discovered. Most digerati already know about the spammer and lamer trick to publish URLs that look like legitimate hostnames to fool people in to trusting a malicious site. This trick is frequently used by spammers to steal people's PayPal accounts, by tricking them in to "resetting" their password at a site owned by the spammer but disguised as PayPal.com.
Today's new IE vulnerability is significantly worse. By including an 0x01 character after the @ symbol in the fake URL, IE can be tricked in to not displaying the rest of the URL at all. Don't expect a patch right way, the guy who found the hole
released it to BugTraq on the same day he notified Microsoft.
(via Simon Willison)
posted by dejah420
on Dec 9, 2003 -
29 comments
The US government recently released a draft of the
National Strategy to Secure Cyberspace, essentially it advocates ensuring security through consensus, with vendors, government agencies and consumers taking responsibility for the tools they use. That's not enough for Marcus Ranman who in the
TISC newsletter advocates passing legislation
mandating consumers and ISPs to install firewalls and anti-viral software. At what point does an individuals (corporate or consumer) chosen level of computer security become a concern for the federal government?
posted by cedar
on Oct 17, 2002 -
7 comments
First JPEG virus discovered... "The W32/Perrun virus, as it is now being called, extracts data from JPEG files and then injects picture files with infected digital images. A fair warning to those individuals who are fond of sending multimedia files to friends and families." Is everyone's porn stash threatened now?
posted by darian
on Jun 14, 2002 -
28 comments
Hackers target Cell Phones With the connectivity of cell phones to the internet, hackers have begun to target cell phones, programming prank calls, placing calls to wherever and erasing the software in the phone.
posted by Lanternjmk
on Mar 11, 2002 -
7 comments
How to hack grey matter A big security loophole with grey matter powered sites is out there. It lets anyone have the username and password to these sites. Luckly there is a fix for it which can be found
here.
posted by thebwit
on Feb 23, 2002 -
20 comments
Been to a USGS site today? What about your favorite
national park site? Probably not, since all are part of the
U.S. Department of the Interior, whose external network connections have been severed due to electronic security concerns raised by the court in the case
Cobell v. Norton (formerly Cobell v. Babbitt).
With no external email or access to the Internet could you do your job? How dependent is your workplace on electronic information access?
(Since all their websites are down, I have no direct link to post. A copy of the memo was sent to the members by the admin of a USGS email distribution list.)
posted by carobe
on Dec 7, 2001 -
16 comments
Silicon Valley backs Senate bill that would allow companies to report computer network attacks to the government without having to worry about the public finding out. The reasoning: it would encourage
more companies to report the problems and help the
government track down the culprits. A
similar bill is in the House.
posted by thescoop
on Sep 25, 2001 -
3 comments
NYTimes.com has low security
Even me, the casual passerby, could access secret documents about the mysterious "partners," while trying to avoid downloading a cookie. Heh, "channel", "partners", the number 10. They're all related somehow?
PS: "channel.nytimes.com" doesn't give access to pages without logging in. Any ideas?
posted by rschram
on Oct 13, 2000 -
8 comments
They bagged the kid who was responsible for all those Denial-of-Service attacks a couple of months ago. He's Canadian.
Here's an interesting legal question: could the US extradite him? The crimes were committed in the US, but he was in Canada at the time he did it, since he worked through the Internet. Whose laws apply?
(By the way, I've seen no indication that the US is considering extradition; I was just curious whether they
could extradite him.)
posted by Steven Den Beste
on Apr 19, 2000 -
18 comments
Worth has
a great story on how easy it would be for Goto.com to exploit its paying customers. (There may be some registration issues with this link; if it fails, go to the
Worth home page and click on "The Easy Way to Get Rich Click.")
posted by luke
on Mar 14, 2000 -
1 comment
This page seems to be over a year old, but it's news to me. Did you know that cookies set on international domains (those ending in generic things like co.uk or co.nz)
can be read by other servers within those top level country domains? Scary stuff if you're using even the latest versions of Netscape on international sites.
posted by mathowie
on Jan 17, 2000 -
0 comments
