“On the one hand the government is freaking out about cyber-security, and on the other the U.S. is participating in a global market in vulnerabilities and pushing up the prices,” says Soghoian, who says he has spoken with people involved in the trade and that prices range from the thousands to the hundreds of thousands. Even civilian law-enforcement agencies pay for zero-days, Soghoian says, in order to sneak spy software onto suspects’ computers or mobile phones.
posted by Chrysostom on Feb 14, 2013 - 15 comments

You may already be screwed. And not in the good way you were hoping for. MeFi kink favourite, FetLife has been ignoring a longstanding security and privacy compromise. (nsfw)
posted by rodgerd on Aug 9, 2011 - 63 comments

"Millions" Of Home Routers Vulnerable to a Web Hack At the upcoming Black Hat Conference, to be held on July 29th in Las Vegas this year, a security researcher and ethical hacker named Craig Heffner will reveal a software tool to exploit a large-scale vulnerability in most home routers that will give users outside of the network access to the device. [more inside]
posted by codacorolla on Jul 16, 2010 - 40 comments

"There is no saving the internet. There is only postponing the inevitable." Wired Magazine looks at the history of DNS and the Kaminsky attack. [more inside]
posted by Glibpaxman on Dec 1, 2008 - 79 comments

goatse hijacked my bank account
posted by quonsar on Aug 1, 2008 - 53 comments

A major flaw in the DNS system is promised to be revealed at the next Black Hat conference. Convinced it was too important to wait, security researcher Dan Kaminsky (video, autoplays) convinced several software vendors to issue emergency patches today, before publicizing details of the attack. It can't be that serious though, can it? Oh yes it can.
posted by Skorgu on Jul 9, 2008 - 59 comments

The Last Stage of Delirium Research Group (LSD-PLaNET) have posted code on the Internet that can allow hackers to exploit a previously disclosed vulnerability in Microsoft's Windows operating system. This kind of thing happens all the time. What never happened before is a widespread government and media panic perpetuating the buffer overrun threat as terroristic in nature, originating from the Department of Homeland Security and upsetting the gerneral public at large.
posted by jdaura on Jul 31, 2003 - 6 comments

Do you have a 'Super Cookie' ??? Another m$ screw-up... Very interesting since wmp just minutes before tried to access the net through my firewall that is set to block all except a few programs. If you're running mozilla his demo doesn't hit but using msie it sures pulls up the ID# of my wmp... time to tighten things down again!!! Another blasted waste of time to fix what m$ should not have let out in the first place!!! Link via... Inflight Correction
posted by tilt on Jan 17, 2002 - 13 comments

Bring down MeFi in one easy step. Matt, does this affect you?
posted by redleaf on Apr 18, 2001 - 14 comments

More news on the IIS exploit After acknowledging the problem last week, Micro$oft is now saying that the backdoor in IIS... is a flaw. M$ Technet seems to have a fix for this problem, delete the offending file! So, if systems are your bag, my advice is to start researching security if you are running M$ internet server products (SQL 7, Exchange, IIS, Index Server, etc.).
posted by Dean_Paxton on Apr 17, 2000 - 2 comments