The Anonymity Experiment. Is it possible to hide in plain sight? Privacy-minded people have long warned of a world in which an individual’s every action leaves a trace, in which corporations and governments can peer at will into your life with a few keystrokes on a computer. Now one of the people in charge of information-gathering for the U.S. government says, essentially, that such a world has arrived.
posted on Feb 16, 2008 - View this thread

Using a computer set to auto-screencast, The Consumerist catches a Geek Squad technician copying porn from a client's computer to a thumbdrive, and they've got video and logfiles (CSV) to prove it. Also, the Geek Squad CEO responds, and an anonymous Geek Squad tech confesses that this is not an uncommon practice: "stealing customers' nudie pics was an easter egg hunt." Consumerist users suggest that this practice might not be limited to Geek Squad. Via.
posted on Jul 6, 2007 - View this thread

Interesting "New Yorker" article about online extortion via DDoS attacks. Call me naive and underinformed, but I had little understanding of how this works. "In the most common scenario, the bots surreptitiously connect hundreds, or thousands, of zombies to a channel in a chat room. The process is called “herding,” and a herd of zombies is called a botnet."
posted on Oct 7, 2005 - View this thread

Anyone in the mood for a celebration!? Today is Personal Firewall Day! Who's bringing drinks?
posted on Jan 15, 2004 - View this thread

A new MS Internet Explorer vulnerability is discovered. Most digerati already know about the spammer and lamer trick to publish URLs that look like legitimate hostnames to fool people in to trusting a malicious site. This trick is frequently used by spammers to steal people's PayPal accounts, by tricking them in to "resetting" their password at a site owned by the spammer but disguised as PayPal.com. Today's new IE vulnerability is significantly worse. By including an 0x01 character after the @ symbol in the fake URL, IE can be tricked in to not displaying the rest of the URL at all. Don't expect a patch right way, the guy who found the hole released it to BugTraq on the same day he notified Microsoft. (via Simon Willison)
posted on Dec 9, 2003 - View this thread

Bob Cringely thinks the government's information gathering capability is a disaster waiting to happen. Does our government have too much faith in computers as a solution to our problems? Just as electronic voting is looked at skeptically by the computer-savvy among us, so should the use of computers to gather information.
posted on Jul 16, 2003 - View this thread

The US government recently released a draft of the National Strategy to Secure Cyberspace, essentially it advocates ensuring security through consensus, with vendors, government agencies and consumers taking responsibility for the tools they use. That's not enough for Marcus Ranman who in the TISC newsletter advocates passing legislation mandating consumers and ISPs to install firewalls and anti-viral software. At what point does an individuals (corporate or consumer) chosen level of computer security become a concern for the federal government?
posted on Oct 17, 2002 - View this thread

Using Internet Explorer, Outlook, or Outlook Express on a PC? There's a new hack in town, ready to exploit cross site scripts like nobody's business. Do yourself a favor and disarm ActiveX on your settings.
posted on Jul 12, 2002 - View this thread

First JPEG virus discovered... "The W32/Perrun virus, as it is now being called, extracts data from JPEG files and then injects picture files with infected digital images. A fair warning to those individuals who are fond of sending multimedia files to friends and families." Is everyone's porn stash threatened now?
posted on Jun 14, 2002 - View this thread

Competition to "reverse engineer" mystery program.
Another cool thingy from the HoneyNet Project; they're inviting people to convert a binary file into its original source. So, who's participating?
posted on May 3, 2002 - View this thread

Hollings privacy bill really a trojan horse for spyware and data miners? But Hollings' bill should outrage Internet users just as much as Brilliant Digital's spyware. For while it talks a good game about protecting "sensitive" information, the truth is that it would place a congressional stamp of approval on precisely the kinds of practices that purveyors of spyware are eager to engage in.
posted on Apr 28, 2002 - View this thread

Stick with WinAmp, not RealOne or WMP... Security vulnerability with RealOne and Windows Media Player, but not with WinAmp. Files with embedded URLs or JavaScript can be mislabeled as MP3 and RealOne and WMP will play them and the attachments. WinAmp will just complain... A demonstration can be found here...
posted on Mar 25, 2002 - View this thread

Trillian Users blocked from AIM service? The bit about this that scares me is the solution to the problem involves disabling the Secure IM functions. Is this a technical glitch or a conspiracy by AOL to reserve the ability to spy on our IM chats? Or build intentional security loopholes?
posted on Jan 29, 2002 - View this thread

"Err...hello...is that Alex Braganza? Sorry to disturb you ... my name is Kenny Patterson. No you don't know me. But I took my computer into PC World for repair and when I got it back they'd replaced my faulty hard disk with a reconditioned one which used to be your old machine. Thing is, they hadn't actually bothered to format the thing so now I've got all your personal details. Yes that right -- that's were I got your phone number." I imagine that's how the conversation would have started ...
posted on Jan 11, 2002 - View this thread

Hackers: Computer Outlaws A TLC show(that I'm 3/4 through) that seems to actually use reliable sources to discuss not just cracker behavior, but also the creative side of hackers, pointing out the developments attributed to some hackers. Now Markoff and Mitnick. Not a bad little show....
posted on Jan 9, 2002 - View this thread

Antivirus Firms Say They Won't Create FBI Loophole. A free knuckle sandwich to the first person to say, "looks like magic lantern has been extinguised!"
posted on Dec 10, 2001 - View this thread

AirSnort. The dangerous app with the unlikely name allows users to snatch data being passed over wireless networks, eventually capturing passwords to the network.
posted on Nov 29, 2001 - View this thread

In lieu of the Magic Lantern thread, Symantec will be ignoring the FBI trojan. [taken from ./]
posted on Nov 28, 2001 - View this thread

New worm doing the rounds. Great.
posted on Sep 18, 2001 - View this thread

Seeing weird things in your website logs today? This will explain it... Running IIS and haven't patched it in over a month? Go here. 13,000 servers have already been affected.
posted on Jul 19, 2001 - View this thread

Win XP's Product Activation as a breeze to hack. Provided that RC1 still ships as is and you keep your RAM locked at a fixed number of sticks, it's simply a matter of keeping a backup of a DBL file. For all the ballyhoo, it's amazing that something this obvious slipped under the cracks. With WPA this sloppy, is this the only half-hearted facet of Windows XP?
posted on Jul 17, 2001 - View this thread

Those British boys at it again. It was like this during the war, y'know. I remember my old mate Alan Turing beating the system in much the same way. Saved the world he did. Tally-ho.
posted on Apr 24, 2001 - View this thread

One million credit card numbers stolen! News at 11! The FBI has gone public with a rather dry account of a huge organized attack on ecommerce sites, exploiting security flaws in NT which Microsoft fixed and offered patches for nearly two years ago.
posted on Mar 9, 2001 - View this thread

In the latest Cryptogram newsletter, security expert Bruce Schneier makes some interesting points about voting, voting machines and computers. The web version of this article won't be up for a few weeks so I have reproduced it here. Read more...
posted on Dec 16, 2000 - View this thread

Excellent, in-depth analysis of "spyware" used by insidious and horrible software entities such as RealPlayer. Written by my hero and yours, Steve Gibson.
posted on Oct 16, 2000 - View this thread

New Microsoft Bug Found This one's pretty serious. Because it affects the whole world.
posted on May 20, 2000 - View this thread

Blame MICRO$OFT for the "I love you" virus, ohh, and it has 40 authors to it
posted on May 16, 2000 - View this thread

Any server can read all your IE cookies. From any domain. Anyone. I was just explaing to my folks that the reason cookies are (generally) safe is that this was NOT possible. Well, it's possible now.
posted on May 11, 2000 - View this thread

RedHat Linux security problem uncovered. Today, apparently it was discovered that if you install the Piranha package with RedHat 6.2 (ostensibly part of the default installation, but there's controversy over this), a default password is installed that would give anyone access to the Piranha configuration package; from there, it is apparently trivial to execute any command on the box that you want.
I find it very interesting that the fact that Microsoft had a "backdoor password" in a DLL made huge news (and it turned out to be patently false), yet this has gotten almost no press. I'd like to think otherwise, but I know it's because people hate Microsoft, and thus are eager to deride it... and yet here's proof that even the mighty Linux is susceptible to the same exact problems.
Next time you reach for the keyboard to cry out "nyah nyah!" at the discovery of some problem with Windows, remember this...
posted on Apr 24, 2000 - View this thread

Do security apps like this one actually work? Anyone here with a DSL or ISDN, or other "always on" connections, have any tips on security at home?
posted on Apr 19, 2000 - View this thread

They bagged the kid who was responsible for all those Denial-of-Service attacks a couple of months ago. He's Canadian.

Here's an interesting legal question: could the US extradite him? The crimes were committed in the US, but he was in Canada at the time he did it, since he worked through the Internet. Whose laws apply?

(By the way, I've seen no indication that the US is considering extradition; I was just curious whether they could extradite him.)
posted on Apr 19, 2000 - View this thread

You know their server isn't particularly secure; well neither is their browser.
posted on Apr 19, 2000 - View this thread

Uncle Sam wants YOU to solve the internet's problems. President Clinton announced yesterday that, due to a complete lack of knowledge about the internet, it will cost $2 billion in 2001 to develop anti-hacker secuity. Plus they intend on subsidizing college costs for computer science majors that agree to work for the government. Hey if he'd give me just one million dollars, I'd be able to pay off my school costs and hunt down hackers personally, like Boba Fett.
posted on Feb 11, 2000 - View this thread

Last night Kevin Mitnick was on 60 minutes (the gist of the interview is quoted here), and I have to say he came off as an utterly harmless geek. He was an information junkie that enjoyed the challenge of cracking firewalls. He never profited from his activities and the affected companies made up their monetary losses. It's a shame he was forced to waste away in prison instead of offer his security expertise to the affected companies.
posted on Jan 24, 2000 - View this thread