Everything is broken Next time you think your grandma is uncool, give her credit for her time helping dangerous Russian criminals extort money from offshore casinos with DDoS attacks.
] breaks down the reasons why computers are so hackable by exploring the realities of how software is made and used.
posted by dobie
on May 21, 2014 -
If you've ever worked with the command prompt on a Unix-based computer, you're likely familiar with SSH
(Secure SHell), which is a program and a protocol that allows you (yes, you!) to securely access a remote system. While SSH has certainly earned the "Secure" portion of its namesake over the years, it's functionality as a shell has ironically received very little attention, and has begun to show signs of age and obsolescence: SSH doesn't work very well on mobile connections, and its support for Unicode
is buggy and incomplete. A group of MIT researchers think they've found solutions to these problems, and have created Mosh
as a potential successor to SSH, which fixes many of the old protocol's annoyances and shortcomings, while retaining all of SSH's security features.
posted by schmod
on Apr 12, 2012 -
He leaves his cellphone and laptop at home and instead brings "loaner" devices, which he erases before he leaves the US and wipes clean the minute he returns . In China, he disables Bluetooth and Wi-Fi , never lets his phone out of his sight and, in meetings, not only turns off his phone but also removes the battery , for fear his microphone could be turned on remotely. He connects to the Internet only through an encrypted, password-protected channel, and copies and pastes his password from a USB thumb drive. He never types in a password directly, because, he said, "Chinese are very good at installing key-logging software on your laptop."
- Travel precautions in the age of digital espionage.
posted by Artw
on Feb 13, 2012 -
Beyond even the outrageously broad "state secrets" privilege invented by the Bush administration and now embraced fully by the Obama administration, the Obama DOJ has now invented a brand new claim of government immunity, one which literally asserts that the U.S. Government is free to intercept all of your communications (calls, emails and the like) and -- even if what they're doing is blatantly illegal and they know it's illegal -- you are barred from suing them unless they "willfully disclose" to the public what they have learned.
- Glenn Greenwald
. [more inside]
posted by Joe Beese
on Apr 7, 2009 -
The Anonymity Experiment
. Is it possible to hide in plain sight? Privacy-minded people have long warned of a world in which an individual’s every action leaves a trace, in which corporations and governments can peer at will into your life with a few keystrokes on a computer. Now one of the people in charge of information-gathering for the U.S. government says, essentially, that such a world has arrived.
posted by amyms
on Feb 16, 2008 -
Interesting "New Yorker" article
about online extortion via DDoS attacks. Call me naive and underinformed, but I had little understanding of how this works.
"In the most common scenario, the bots surreptitiously connect hundreds, or thousands, of zombies to a channel in a chat room. The process is called “herding,” and a herd of zombies is called a botnet."
posted by dersins
on Oct 7, 2005 -
A new MS Internet Explorer vulnerability is discovered.
Most digerati already know about the spammer and lamer trick to publish URLs that look like legitimate hostnames to fool people in to trusting a malicious site. This trick is frequently used by spammers to steal people's PayPal accounts, by tricking them in to "resetting" their password at a site owned by the spammer but disguised as PayPal.com.
Today's new IE vulnerability is significantly worse. By including an 0x01 character after the @ symbol in the fake URL, IE can be tricked in to not displaying the rest of the URL at all. Don't expect a patch right way, the guy who found the hole released it to BugTraq on the same day
he notified Microsoft. (via Simon Willison)
posted by dejah420
on Dec 9, 2003 -
The US government recently released a draft of the National Strategy to Secure Cyberspace
, essentially it advocates ensuring security through consensus, with vendors, government agencies and consumers taking responsibility for the tools they use. That's not enough for Marcus Ranman who in the TISC
newsletter advocates passing legislation mandating consumers and ISPs
to install firewalls and anti-viral software. At what point does an individuals (corporate or consumer) chosen level of computer security become a concern for the federal government?
posted by cedar
on Oct 17, 2002 -
Using Internet Explorer, Outlook, or Outlook Express on a PC? There's a new hack in town
, ready to exploit cross site scripts like nobody's business. Do yourself a favor and disarm ActiveX on your settings.
posted by mathowie
on Jul 12, 2002 -
First JPEG virus discovered...
"The W32/Perrun virus, as it is now being called, extracts data from JPEG files and then injects picture files with infected digital images. A fair warning to those individuals who are fond of sending multimedia files to friends and families." Is everyone's porn stash threatened now?
posted by darian
on Jun 14, 2002 -
"Err...hello...is that Alex Braganza? Sorry to disturb you ...
my name is Kenny Patterson. No you don't know me. But I took my computer into PC World for repair and when I got it back they'd replaced my faulty hard disk with a reconditioned one which used to be your old machine. Thing is, they hadn't actually bothered to format the thing so now I've got all your personal details. Yes that right -- that's were I got your phone number." I imagine that's how the conversation would have started ...
posted by feelinglistless
on Jan 11, 2002 -
The dangerous app with the unlikely name allows users to snatch data being passed over wireless networks, eventually capturing passwords to the network.
posted by o2b
on Nov 29, 2001 -
Win XP's Product Activation as a breeze to hack.
Provided that RC1 still ships as is and you keep your RAM locked at a fixed number of sticks, it's simply a matter of keeping a backup of a DBL file. For all the ballyhoo, it's amazing that something this obvious slipped under the cracks. With WPA this sloppy, is this the only half-hearted facet of Windows XP?
posted by ed
on Jul 17, 2001 -
In the latest Cryptogram newsletter,
security expert Bruce Schneier makes some interesting points about voting, voting machines and computers. The web version of this article won't be up for a few weeks so I have reproduced it here. Read more...
posted by lagado
on Dec 16, 2000 -
RedHat Linux security problem uncovered.
Today, apparently it was discovered that if you install the Piranha package with RedHat 6.2 (ostensibly part of the default installation, but there's controversy over this), a default password is installed that would give anyone access to the Piranha configuration package; from there, it is apparently trivial to execute any command on the box that you want.
I find it very interesting that the fact that Microsoft had a "backdoor password" in a DLL made huge
news (and it turned out to be patently false), yet this has gotten almost no
press. I'd like to think otherwise, but I know it's because people hate Microsoft, and thus are eager to deride it... and yet here's proof that even the mighty Linux is susceptible to the same exact problems.
Next time you reach for the keyboard to cry out "nyah nyah!" at the discovery of some problem with Windows, remember this...
posted by delfuego
on Apr 24, 2000 -
Do security apps like this one
actually work? Anyone here with a DSL or ISDN, or other "always on" connections, have any tips on security at home?
posted by milhous
on Apr 19, 2000 -
They bagged the kid who was responsible
for all those Denial-of-Service attacks a couple of months ago. He's Canadian.
Here's an interesting legal question: could the US extradite him? The crimes were committed in the US, but he was in Canada at the time he did it, since he worked through the Internet. Whose laws apply?
(By the way, I've seen no indication that the US is considering extradition; I was just curious whether they could
posted by Steven Den Beste
on Apr 19, 2000 -
Uncle Sam wants YOU
to solve the internet's problems. President Clinton announced yesterday that, due to a complete lack of knowledge about the internet, it will cost $2 billion in 2001 to develop anti-hacker secuity. Plus they intend on subsidizing college costs for computer science majors that agree to work for the government. Hey if he'd give me just one million dollars, I'd be able to pay off my school costs and hunt down hackers personally, like Boba Fett
posted by Awol
on Feb 11, 2000 -
Last night Kevin Mitnick
was on 60 minutes (the gist of the interview is quoted here
), and I have to say he came off as an utterly harmless geek. He was an information junkie that enjoyed the challenge of cracking firewalls. He never profited from his activities and the affected companies made up their monetary losses. It's a shame he was forced to waste away in prison instead of offer his security expertise to the affected companies.
posted by mathowie
on Jan 24, 2000 -