Its reach is impossible to measure precisely, but more than 3 million vulnerable machines may ultimately have been infected. : The inside story on the Conficker Worm at New Scientist.
posted by The Whelk on Jun 15, 2009 - 84 comments

Beyond even the outrageously broad "state secrets" privilege invented by the Bush administration and now embraced fully by the Obama administration, the Obama DOJ has now invented a brand new claim of government immunity, one which literally asserts that the U.S. Government is free to intercept all of your communications (calls, emails and the like) and -- even if what they're doing is blatantly illegal and they know it's illegal -- you are barred from suing them unless they "willfully disclose" to the public what they have learned. - Glenn Greenwald. [more inside]
posted by Joe Beese on Apr 7, 2009 - 102 comments

The Anonymity Experiment. Is it possible to hide in plain sight? Privacy-minded people have long warned of a world in which an individual’s every action leaves a trace, in which corporations and governments can peer at will into your life with a few keystrokes on a computer. Now one of the people in charge of information-gathering for the U.S. government says, essentially, that such a world has arrived.
posted by amyms on Feb 16, 2008 - 44 comments

Using a computer set to auto-screencast, The Consumerist catches a Geek Squad technician copying porn from a client's computer to a thumbdrive, and they've got video and logfiles (CSV) to prove it. Also, the Geek Squad CEO responds, and an anonymous Geek Squad tech confesses that this is not an uncommon practice: "stealing customers' nudie pics was an easter egg hunt." Consumerist users suggest that this practice might not be limited to Geek Squad. Via.
posted by charmston on Jul 6, 2007 - 73 comments

Interesting "New Yorker" article about online extortion via DDoS attacks. Call me naive and underinformed, but I had little understanding of how this works. "In the most common scenario, the bots surreptitiously connect hundreds, or thousands, of zombies to a channel in a chat room. The process is called “herding,” and a herd of zombies is called a botnet."
posted by dersins on Oct 7, 2005 - 34 comments

Anyone in the mood for a celebration!? Today is Personal Firewall Day! Who's bringing drinks?
posted by bhayes82 on Jan 15, 2004 - 38 comments

A new MS Internet Explorer vulnerability is discovered. Most digerati already know about the spammer and lamer trick to publish URLs that look like legitimate hostnames to fool people in to trusting a malicious site. This trick is frequently used by spammers to steal people's PayPal accounts, by tricking them in to "resetting" their password at a site owned by the spammer but disguised as PayPal.com. Today's new IE vulnerability is significantly worse. By including an 0x01 character after the @ symbol in the fake URL, IE can be tricked in to not displaying the rest of the URL at all. Don't expect a patch right way, the guy who found the hole released it to BugTraq on the same day he notified Microsoft. (via Simon Willison)
posted by dejah420 on Dec 9, 2003 - 29 comments

Bob Cringely thinks the government's information gathering capability is a disaster waiting to happen. Does our government have too much faith in computers as a solution to our problems? Just as electronic voting is looked at skeptically by the computer-savvy among us, so should the use of computers to gather information.
posted by TedW on Jul 16, 2003 - 13 comments

The US government recently released a draft of the National Strategy to Secure Cyberspace, essentially it advocates ensuring security through consensus, with vendors, government agencies and consumers taking responsibility for the tools they use. That's not enough for Marcus Ranman who in the TISC newsletter advocates passing legislation mandating consumers and ISPs to install firewalls and anti-viral software. At what point does an individuals (corporate or consumer) chosen level of computer security become a concern for the federal government?
posted by cedar on Oct 17, 2002 - 7 comments

Using Internet Explorer, Outlook, or Outlook Express on a PC? There's a new hack in town, ready to exploit cross site scripts like nobody's business. Do yourself a favor and disarm ActiveX on your settings.
posted by mathowie on Jul 12, 2002 - 6 comments

First JPEG virus discovered... "The W32/Perrun virus, as it is now being called, extracts data from JPEG files and then injects picture files with infected digital images. A fair warning to those individuals who are fond of sending multimedia files to friends and families." Is everyone's porn stash threatened now?
posted by darian on Jun 14, 2002 - 28 comments

Competition to "reverse engineer" mystery program.
Another cool thingy from the HoneyNet Project; they're inviting people to convert a binary file into its original source. So, who's participating?
posted by arnab on May 3, 2002 - 2 comments

Hollings privacy bill really a trojan horse for spyware and data miners? But Hollings' bill should outrage Internet users just as much as Brilliant Digital's spyware. For while it talks a good game about protecting "sensitive" information, the truth is that it would place a congressional stamp of approval on precisely the kinds of practices that purveyors of spyware are eager to engage in.
posted by skallas on Apr 28, 2002 - 3 comments

Stick with WinAmp, not RealOne or WMP... Security vulnerability with RealOne and Windows Media Player, but not with WinAmp. Files with embedded URLs or JavaScript can be mislabeled as MP3 and RealOne and WMP will play them and the attachments. WinAmp will just complain... A demonstration can be found here...
posted by Samizdata on Mar 25, 2002 - 30 comments

Trillian Users blocked from AIM service? The bit about this that scares me is the solution to the problem involves disabling the Secure IM functions. Is this a technical glitch or a conspiracy by AOL to reserve the ability to spy on our IM chats? Or build intentional security loopholes?
posted by Jeffy on Jan 29, 2002 - 29 comments

"Err...hello...is that Alex Braganza? Sorry to disturb you ... my name is Kenny Patterson. No you don't know me. But I took my computer into PC World for repair and when I got it back they'd replaced my faulty hard disk with a reconditioned one which used to be your old machine. Thing is, they hadn't actually bothered to format the thing so now I've got all your personal details. Yes that right -- that's were I got your phone number." I imagine that's how the conversation would have started ...
posted by feelinglistless on Jan 11, 2002 - 18 comments

Hackers: Computer Outlaws A TLC show(that I'm 3/4 through) that seems to actually use reliable sources to discuss not just cracker behavior, but also the creative side of hackers, pointing out the developments attributed to some hackers. Now Markoff and Mitnick. Not a bad little show....
posted by dglynn on Jan 9, 2002 - 7 comments

Antivirus Firms Say They Won't Create FBI Loophole. A free knuckle sandwich to the first person to say, "looks like magic lantern has been extinguised!"
posted by mcsweetie on Dec 10, 2001 - 11 comments

AirSnort. The dangerous app with the unlikely name allows users to snatch data being passed over wireless networks, eventually capturing passwords to the network.
posted by o2b on Nov 29, 2001 - 7 comments

In lieu of the Magic Lantern thread, Symantec will be ignoring the FBI trojan. [taken from ./]
posted by hobbes on Nov 28, 2001 - 22 comments

New worm doing the rounds. Great.
posted by nico on Sep 18, 2001 - 23 comments

Seeing weird things in your website logs today? This will explain it... Running IIS and haven't patched it in over a month? Go here. 13,000 servers have already been affected.
posted by machaus on Jul 19, 2001 - 37 comments

Win XP's Product Activation as a breeze to hack. Provided that RC1 still ships as is and you keep your RAM locked at a fixed number of sticks, it's simply a matter of keeping a backup of a DBL file. For all the ballyhoo, it's amazing that something this obvious slipped under the cracks. With WPA this sloppy, is this the only half-hearted facet of Windows XP?
posted by ed on Jul 17, 2001 - 36 comments

Those British boys at it again. It was like this during the war, y'know. I remember my old mate Alan Turing beating the system in much the same way. Saved the world he did. Tally-ho.
posted by feelinglistless on Apr 24, 2001 - 7 comments

One million credit card numbers stolen! News at 11! The FBI has gone public with a rather dry account of a huge organized attack on ecommerce sites, exploiting security flaws in NT which Microsoft fixed and offered patches for nearly two years ago.
posted by Steven Den Beste on Mar 9, 2001 - 5 comments

In the latest Cryptogram newsletter, security expert Bruce Schneier makes some interesting points about voting, voting machines and computers. The web version of this article won't be up for a few weeks so I have reproduced it here. Read more...
posted by lagado on Dec 16, 2000 - 2 comments

Excellent, in-depth analysis of "spyware" used by insidious and horrible software entities such as RealPlayer. Written by my hero and yours, Steve Gibson.
posted by Succa on Oct 16, 2000 - 14 comments

New Microsoft Bug Found This one's pretty serious. Because it affects the whole world.
posted by PaperCut on May 20, 2000 - 13 comments

Blame MICRO$OFT for the "I love you" virus, ohh, and it has 40 authors to it
posted by tiaka on May 16, 2000 - 14 comments

Any server can read all your IE cookies. From any domain. Anyone. I was just explaing to my folks that the reason cookies are (generally) safe is that this was NOT possible. Well, it's possible now.
posted by ericost on May 11, 2000 - 32 comments

RedHat Linux security problem uncovered. Today, apparently it was discovered that if you install the Piranha package with RedHat 6.2 (ostensibly part of the default installation, but there's controversy over this), a default password is installed that would give anyone access to the Piranha configuration package; from there, it is apparently trivial to execute any command on the box that you want.
I find it very interesting that the fact that Microsoft had a "backdoor password" in a DLL made huge news (and it turned out to be patently false), yet this has gotten almost no press. I'd like to think otherwise, but I know it's because people hate Microsoft, and thus are eager to deride it... and yet here's proof that even the mighty Linux is susceptible to the same exact problems.
Next time you reach for the keyboard to cry out "nyah nyah!" at the discovery of some problem with Windows, remember this...
posted by delfuego on Apr 24, 2000 - 15 comments

Do security apps like this one actually work? Anyone here with a DSL or ISDN, or other "always on" connections, have any tips on security at home?
posted by milhous on Apr 19, 2000 - 17 comments

They bagged the kid who was responsible for all those Denial-of-Service attacks a couple of months ago. He's Canadian.

Here's an interesting legal question: could the US extradite him? The crimes were committed in the US, but he was in Canada at the time he did it, since he worked through the Internet. Whose laws apply?

(By the way, I've seen no indication that the US is considering extradition; I was just curious whether they could extradite him.)
posted by Steven Den Beste on Apr 19, 2000 - 18 comments

You know their server isn't particularly secure; well neither is their browser.
posted by ericost on Apr 19, 2000 - 2 comments

Uncle Sam wants YOU to solve the internet's problems. President Clinton announced yesterday that, due to a complete lack of knowledge about the internet, it will cost $2 billion in 2001 to develop anti-hacker secuity. Plus they intend on subsidizing college costs for computer science majors that agree to work for the government. Hey if he'd give me just one million dollars, I'd be able to pay off my school costs and hunt down hackers personally, like Boba Fett.
posted by Awol on Feb 11, 2000 - 0 comments

Last night Kevin Mitnick was on 60 minutes (the gist of the interview is quoted here), and I have to say he came off as an utterly harmless geek. He was an information junkie that enjoyed the challenge of cracking firewalls. He never profited from his activities and the affected companies made up their monetary losses. It's a shame he was forced to waste away in prison instead of offer his security expertise to the affected companies.
posted by mathowie on Jan 24, 2000 - 1 comment