MetaFilter posts tagged with computers and security

The dry, technical language of Microsoft's October update did not indicate anything particularly untoward.

The Whelk — Mon, 15 Jun 2009 14:40:29 -0800

Its reach is impossible to measure precisely, but more than 3 million vulnerable machines may ultimately have been infected. : The inside story on the Conficker Worm at New Scientist.

IOKIYO

Joe Beese — Tue, 07 Apr 2009 12:18:20 -0800

Beyond even the outrageously broad "state secrets" privilege invented by the Bush administration and now embraced fully by the Obama administration, the Obama DOJ has now invented a brand new claim of government immunity, one which literally asserts that the U.S. Government is free to intercept all of your communications (calls, emails and the like) and -- even if what they're doing is blatantly illegal and they know it's illegal -- you are barred from suing them unless they "willfully disclose" to the public what they have learned. - Glenn Greenwald. In other news... The Cybersecurity Act of 2009 would, for example, give the President unfettered power to shut down Internet traffic in emergencies or disconnect any critical infrastructure system or network on national security grounds. - Center for Democracy and Technology

"Leaving no trace [of our daily lives] is nearly impossible."

amyms — Sat, 16 Feb 2008 00:14:48 -0800

The Anonymity Experiment. Is it possible to hide in plain sight? Privacy-minded people have long warned of a world in which an individual’s every action leaves a trace, in which corporations and governments can peer at will into your life with a few keystrokes on a computer. Now one of the people in charge of information-gathering for the U.S. government says, essentially, that such a world has arrived.

Geek Squad Steals Porn?

charmston — Fri, 06 Jul 2007 18:48:04 -0800

Using a computer set to auto-screencast, The Consumerist catches a Geek Squad technician copying porn from a client's computer to a thumbdrive, and they've got video and logfiles (CSV) to prove it. Also, the Geek Squad CEO responds, and an anonymous Geek Squad tech confesses that this is not an uncommon practice: "stealing customers' nudie pics was an easter egg hunt." Consumerist users suggest that this practice might not be limited to Geek Squad. Via.

Herding Zombies

dersins — Fri, 07 Oct 2005 11:03:09 -0800

Interesting "New Yorker" article about online extortion via DDoS attacks. Call me naive and underinformed, but I had little understanding of how this works. "In the most common scenario, the bots surreptitiously connect hundreds, or thousands, of zombies to a channel in a chat room. The process is called “herding,” and a herd of zombies is called a botnet."

Happy PFD!...?

bhayes82 — Thu, 15 Jan 2004 14:27:57 -0800

Anyone in the mood for a celebration!? Today is Personal Firewall Day! Who's bringing drinks?

Nasty new IE hole

dejah420 — Tue, 09 Dec 2003 14:28:08 -0800

A new MS Internet Explorer vulnerability is discovered. Most digerati already know about the spammer and lamer trick to publish URLs that look like legitimate hostnames to fool people in to trusting a malicious site. This trick is frequently used by spammers to steal people's PayPal accounts, by tricking them in to "resetting" their password at a site owned by the spammer but disguised as PayPal.com. Today's new IE vulnerability is significantly worse. By including an 0x01 character after the @ symbol in the fake URL, IE can be tricked in to not displaying the rest of the URL at all. Don't expect a patch right way, the guy who found the hole released it to BugTraq on the same day he notified Microsoft. (via Simon Willison)

What do you know about CALEA?

TedW — Wed, 16 Jul 2003 10:27:49 -0800

Bob Cringely thinks the government's information gathering capability is a disaster waiting to happen. Does our government have too much faith in computers as a solution to our problems? Just as electronic voting is looked at skeptically by the computer-savvy among us, so should the use of computers to gather information.

cedar — Thu, 17 Oct 2002 06:20:11 -0800

The US government recently released a draft of the National Strategy to Secure Cyberspace, essentially it advocates ensuring security through consensus, with vendors, government agencies and consumers taking responsibility for the tools they use. That's not enough for Marcus Ranman who in the TISC newsletter advocates passing legislation mandating consumers and ISPs to install firewalls and anti-viral software. At what point does an individuals (corporate or consumer) chosen level of computer security become a concern for the federal government?

mathowie — Fri, 12 Jul 2002 01:16:45 -0800

Using Internet Explorer, Outlook, or Outlook Express on a PC? There's a new hack in town, ready to exploit cross site scripts like nobody's business. Do yourself a favor and disarm ActiveX on your settings.

darian — Fri, 14 Jun 2002 10:08:56 -0800

First JPEG virus discovered... "The W32/Perrun virus, as it is now being called, extracts data from JPEG files and then injects picture files with infected digital images. A fair warning to those individuals who are fond of sending multimedia files to friends and families." Is everyone's porn stash threatened now?

arnab — Fri, 03 May 2002 23:01:15 -0800

Competition to "reverse engineer" mystery program.
Another cool thingy from the HoneyNet Project; they're inviting people to convert a binary file into its original source. So, who's participating?

skallas — Sun, 28 Apr 2002 16:21:32 -0800

Hollings privacy bill really a trojan horse for spyware and data miners? But Hollings' bill should outrage Internet users just as much as Brilliant Digital's spyware. For while it talks a good game about protecting "sensitive" information, the truth is that it would place a congressional stamp of approval on precisely the kinds of practices that purveyors of spyware are eager to engage in.

Samizdata — Mon, 25 Mar 2002 21:13:04 -0800

Stick with WinAmp, not RealOne or WMP... Security vulnerability with RealOne and Windows Media Player, but not with WinAmp. Files with embedded URLs or JavaScript can be mislabeled as MP3 and RealOne and WMP will play them and the attachments. WinAmp will just complain... A demonstration can be found here...

Jeffy — Tue, 29 Jan 2002 09:42:14 -0800

Trillian Users blocked from AIM service? The bit about this that scares me is the solution to the problem involves disabling the Secure IM functions. Is this a technical glitch or a conspiracy by AOL to reserve the ability to spy on our IM chats? Or build intentional security loopholes?

feelinglistless — Fri, 11 Jan 2002 12:50:39 -0800

"Err...hello...is that Alex Braganza? Sorry to disturb you ... my name is Kenny Patterson. No you don't know me. But I took my computer into PC World for repair and when I got it back they'd replaced my faulty hard disk with a reconditioned one which used to be your old machine. Thing is, they hadn't actually bothered to format the thing so now I've got all your personal details. Yes that right -- that's were I got your phone number." I imagine that's how the conversation would have started ...

dglynn — Wed, 09 Jan 2002 22:53:51 -0800

Hackers: Computer Outlaws A TLC show(that I'm 3/4 through) that seems to actually use reliable sources to discuss not just cracker behavior, but also the creative side of hackers, pointing out the developments attributed to some hackers. Now Markoff and Mitnick. Not a bad little show....

mcsweetie — Mon, 10 Dec 2001 20:38:06 -0800

Antivirus Firms Say They Won't Create FBI Loophole. A free knuckle sandwich to the first person to say, "looks like magic lantern has been extinguised!"

o2b — Thu, 29 Nov 2001 09:27:24 -0800

AirSnort. The dangerous app with the unlikely name allows users to snatch data being passed over wireless networks, eventually capturing passwords to the network.

hobbes — Wed, 28 Nov 2001 18:35:04 -0800

In lieu of the Magic Lantern thread, Symantec will be ignoring the FBI trojan. [taken from ./]

nico — Tue, 18 Sep 2001 09:01:35 -0800

New worm doing the rounds. Great.

machaus — Thu, 19 Jul 2001 15:57:25 -0800

Seeing weird things in your website logs today? This will explain it... Running IIS and haven't patched it in over a month? Go here. 13,000 servers have already been affected.

ed — Tue, 17 Jul 2001 12:04:28 -0800

Win XP's Product Activation as a breeze to hack. Provided that RC1 still ships as is and you keep your RAM locked at a fixed number of sticks, it's simply a matter of keeping a backup of a DBL file. For all the ballyhoo, it's amazing that something this obvious slipped under the cracks. With WPA this sloppy, is this the only half-hearted facet of Windows XP?

feelinglistless — Tue, 24 Apr 2001 15:19:29 -0800

Those British boys at it again. It was like this during the war, y'know. I remember my old mate Alan Turing beating the system in much the same way. Saved the world he did. Tally-ho.

Steven Den Beste — Fri, 09 Mar 2001 10:20:11 -0800

One million credit card numbers stolen! News at 11! The FBI has gone public with a rather dry account of a huge organized attack on ecommerce sites, exploiting security flaws in NT which Microsoft fixed and offered patches for nearly two years ago.