Skip

15 posts tagged with exploit.
Displaying 1 through 15 of 15. Subscribe:

The Internet has been bitten by POODLE

POODLE (Padding Oracle On Downgraded Legacy Encryption) is the latest exploit found in SSL, a protocol used widely across the Internet for secure connections. Engineers at Google discovered the exploit, and they have written a white paper discussing it. In response, Google is disabling SSL in all Google products. Some are calling this the death of SSL. For web users, disabling SSL in your browser is recommended. Here is a tool to identify if your browser is potentially affected by the POODLE exploit.
posted by deathpanels on Oct 16, 2014 - 97 comments

at least it's not a protocol bug

The Heartbleed Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company's site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL. All of the above is a direct quote and authored by the fine folks at heartbleed.com. It may be worth noting that one of the measures recommended (and indeed a good idea) - certificate revocation. Unfortunately, certificate revocation has some problems. [more inside]
posted by el io on Apr 7, 2014 - 195 comments

"What would work even against an infosec guy? Linkedin invites."

How I Hacked Your Router
posted by the man of twists and turns on Apr 6, 2014 - 63 comments

Security Sunday

Ars Technica reports on malicious extensions on the Chrome web browser, which install advertising-based malware that hijack links and inject ad content. Further speech recognition exploits (source) leave open the opportunity for malicious sites to record sound captured by the user's web browser without permission.
posted by Blazecock Pileon on Jan 26, 2014 - 30 comments

I always feel like somebody's watching me

For years we've been told that our laptop cameras and webcams are "hardwired" to an LED such that the camera can't be turned on without triggering the light. Yeah, you can see where this is going (the original paper). The exploit works on pre-2008 Macs, though other laptops and webcams could be vulnerable to a similar exploit. The researchers have a kernel extension to prevent this on 2007 / 2008 MacBooks. My preferred solution for the rest of us.
posted by dirigibleman on Dec 20, 2013 - 96 comments

Welcome to the Malware-Industrial Complex

“On the one hand the government is freaking out about cyber-security, and on the other the U.S. is participating in a global market in vulnerabilities and pushing up the prices,” says Soghoian, who says he has spoken with people involved in the trade and that prices range from the thousands to the hundreds of thousands. Even civilian law-enforcement agencies pay for zero-days, Soghoian says, in order to sneak spy software onto suspects’ computers or mobile phones.
posted by Chrysostom on Feb 14, 2013 - 15 comments

Backdoor, yeah, yeah, snicker, snicker.

You may already be screwed. And not in the good way you were hoping for. MeFi kink favourite, FetLife has been ignoring a longstanding security and privacy compromise. (nsfw)
posted by rodgerd on Aug 9, 2011 - 63 comments

*sigh* Sometimes I hate computers...

"Millions" Of Home Routers Vulnerable to a Web Hack At the upcoming Black Hat Conference, to be held on July 29th in Las Vegas this year, a security researcher and ethical hacker named Craig Heffner will reveal a software tool to exploit a large-scale vulnerability in most home routers that will give users outside of the network access to the device. [more inside]
posted by codacorolla on Jul 16, 2010 - 40 comments

Oh shit, I just broke the Internet

"There is no saving the internet. There is only postponing the inevitable." Wired Magazine looks at the history of DNS and the Kaminsky attack. [more inside]
posted by Glibpaxman on Dec 1, 2008 - 79 comments

lolcatting all the way to the bank

goatse hijacked my bank account
posted by quonsar on Aug 1, 2008 - 53 comments

And DJB's $500 is safe for another day

A major flaw in the DNS system is promised to be revealed at the next Black Hat conference. Convinced it was too important to wait, security researcher Dan Kaminsky (video, autoplays) convinced several software vendors to issue emergency patches today, before publicizing details of the attack. It can't be that serious though, can it? Oh yes it can.
posted by Skorgu on Jul 9, 2008 - 59 comments

Presidential Re-Election through fear mongering

The Last Stage of Delirium Research Group (LSD-PLaNET) have posted code on the Internet that can allow hackers to exploit a previously disclosed vulnerability in Microsoft's Windows operating system. This kind of thing happens all the time. What never happened before is a widespread government and media panic perpetuating the buffer overrun threat as terroristic in nature, originating from the Department of Homeland Security and upsetting the gerneral public at large.
posted by jdaura on Jul 31, 2003 - 6 comments

Do you have a 'Super Cookie' ??? Another m$ screw-up...

Do you have a 'Super Cookie' ??? Another m$ screw-up... Very interesting since wmp just minutes before tried to access the net through my firewall that is set to block all except a few programs. If you're running mozilla his demo doesn't hit but using msie it sures pulls up the ID# of my wmp... time to tighten things down again!!! Another blasted waste of time to fix what m$ should not have let out in the first place!!! Link via... Inflight Correction
posted by tilt on Jan 17, 2002 - 13 comments

Bring down MeFi in one easy step.

Bring down MeFi in one easy step. Matt, does this affect you?
posted by redleaf on Apr 18, 2001 - 14 comments

More news on the IIS exploit

More news on the IIS exploit After acknowledging the problem last week, Micro$oft is now saying that the backdoor in IIS... is a flaw. M$ Technet seems to have a fix for this problem, delete the offending file! So, if systems are your bag, my advice is to start researching security if you are running M$ internet server products (SQL 7, Exchange, IIS, Index Server, etc.).
posted by Dean_Paxton on Apr 17, 2000 - 2 comments

Page: 1
Posts