Join 3,414 readers in helping fund MetaFilter (Hide)

638 posts tagged with security. (View popular tags)
Displaying 101 through 150 of 638. Subscribe:

Related tags:
+ (70)
+ (63)
+ (61)
+ (47)
+ (44)
+ (44)
+ (43)
+ (36)
+ (36)
+ (32)
+ (27)
+ (26)
+ (25)
+ (21)
+ (20)
+ (19)
+ (18)
+ (18)
+ (18)
+ (18)
+ (17)
+ (17)
+ (16)
+ (16)
+ (16)
+ (14)
+ (14)
+ (14)
+ (14)
+ (13)
+ (13)
+ (13)
+ (13)
+ (12)
+ (12)
+ (12)
+ (12)
+ (12)
+ (12)
+ (12)
+ (11)
+ (11)
+ (10)
+ (10)
+ (10)
+ (10)
+ (10)
+ (10)
+ (10)
+ (10)
+ (9)
+ (9)
+ (9)
+ (9)
+ (9)
+ (9)
+ (9)
+ (8)
+ (8)
+ (8)


Users that often use this tag:
homunculus (20)
mathowie (15)
Postroad (10)
Steven Den Beste (7)
scalefree (7)
zarq (6)
jeffburdges (6)
skallas (5)
tranquileye (5)
digaman (5)
amberglow (5)
Blazecock Pileon (5)
vidur (5)
Artw (4)
unSane (4)
chunking express (4)
fenriq (4)
crunchland (4)
kliuless (4)
Irontom (4)
These Premises Are... (4)
the man of twists ... (4)
baylink (3)
netbros (3)
thescoop (3)
bkdelong (3)
ed (3)
semmi (3)
DBAPaul (3)
rzklkng (3)
dejah420 (3)
allkindsoftime (3)
Unregistered User (3)
Foci for Analysis (3)
Abiezer (3)
paleyellowwithorange (3)
stoneweaver (3)
beisny (3)
Wordshore (3)
Zarkonnen (2)
XMLicious (2)
infini (2)
flabdablet (2)
russilwvong (2)
Malor (2)
madamjujujive (2)
orange swan (2)
Nelson (2)
XQUZYPHYR (2)
omidius (2)
Ignatius J. Reilly (2)
specialk420 (2)
daHIFI (2)
laz-e-boy (2)
y2karl (2)
tommasz (2)
mrgrimm (2)
trioperative (2)
fold_and_mutilate (2)
srboisvert (2)

"Refusing to allow such threats to paralyze the entire university community in its pursuit of learning and teaching,"

Starting on February 13th The University of Pittsburgh has received a steady stream of bomb threats. The Chancellor of the University has stated that the school has no intention of ending its semester early even though the threats show no sign of stopping and the authorities have been unable to find any leads after finding that some of the threats were routed through systems in Austria. The school's Vice Chancellor wrote this letter to students and faculty in response to the ongoing situation.
posted by sendai sleep master on Apr 9, 2012 - 101 comments

Courtyard Marriott in Times Square is spying on and manipulating your Internet

Web developer Justin Watt was staying at the Courtyard Marriott in Times Square, New York and using the hotel wifi to access the Internet. He noticed some strangeness on his website... and on every other website he visited (not to mention YouTube was broken.)
In short, Marriott is injecting JavaScript into the HTML of every webpage its hotel customers view for the purpose of injecting ads (and in the meantime, breaking YouTube). Marriott’s wireless internet service provider is a third-party company called Hotel Internet Services, so it is possible, though unlikely, that Marriott doesn’t know what’s going on. But it’s crazy to me that I’m paying $368 a night for a hotel room, and this is how I get treated.
[more inside]
posted by gen on Apr 5, 2012 - 113 comments

Flashback MacOS botnet

Flashback is the first significant MacOS botnet, reportedly infecting and controlling over half a million Macs. Flashback has been around for since September 2011 but recently got a boost with a Trojan that exploits a security hole in Apple's Java distribution; a vulnerable Mac can be infected simply by visiting a web site, no user password required. Apple released a fix for the Java exploit yesterday, some six weeks after Microsoft, Adobe, and Oracle released their fixes.
posted by Nelson on Apr 4, 2012 - 174 comments

A Burger, an Order of Fries, and Your Credit Card Number

"Why are small businesses such frequent targets? Because they offer hackers the easiest path to your financial information. In fact, security consultants say, there’s an entire underground industry built around extracting customers’ credit card numbers from retailers’ point-of-sale systems." Slate: Why it’s so easy for hackers to steal financial information from restaurants
posted by beisny on Mar 24, 2012 - 20 comments

Security theatre theatre.

In the latest (ongoing) Economist debate (run Oxford-style), security expert Bruce Schneier and architect of the TSA Kip Hawley are facing off to respectively defend and attack the motion "This house believes that changes made to airport security since 9/11 have done more harm than good." Overview. Opening statements. Rebuttals. (Surprisingly cogent) comments from the floor.
posted by unSane on Mar 23, 2012 - 32 comments

Attacking the DC Internet Voting System

Attacking the Washington, D.C. Internet Voting System (PDF). "When we inspected the terminal server’s logs, we noticed that several other attackers [from Iran, New Jersey, India, and China] were attempting to guess the SSH login passwords." J. Alex Halderman, a computer scientist at the University of Michigan, describes how thoroughly he and his team were able to penetrate a pilot Internet voting system run by the District of Columbia, as part of an open public test in 2010. An earlier report on the attack. Via comp.risks. [more inside]
posted by russilwvong on Mar 19, 2012 - 56 comments

ms12-020 mistery: the packet stored in the "chinese" rdpclient.exe PoC is the EXACT ONE I gave to ZDI!!! @thezdi? @microsoft? who leaked?

Included in this month's Patch Tuesday was MS12-020, which is a remote exploit in Microsoft's widely deployed Remote Desktop Protocol (RDP). Microsoft projected an exploit would be out 'within a month', but a Proof-of-Concept (PoC) appeared on a Chinese website within a few days. Professionals are concerned. The discoverer of the vulnerability noted that the PoC included the exact packet he had crafted to help Microsoft understand he issue; this points to a leak in the MAPP early vulnerability sharing program. A full remote exploit isn't out yet, but is expected soon.
posted by These Premises Are Alarmed on Mar 18, 2012 - 36 comments

Blogger: 1, TSA: -1,000,000,000

Body scanners attacked again as US blogger Jon Corbett who blogs for TSA Out of Our Pants! exposes how to beat the body scanners, carrying a metal box in a secret shirt pocket through security at two airports. [more inside]
posted by nickrussell on Mar 7, 2012 - 130 comments

The idea, of course, is to let your attacker have the bag

"A man wearing bowler hat reading a newspaper is seen leaning leisurely against a car. Another person comes from behind and starts hitting the poor man on the head with an iron bar. He does not react at all, still reads his paper. The third man appears looking puzzled. The man takes his hat of and shows it to the other two. They take the hat and examine it." Beat The Bandit, 1961 is a video (01:46) presentation of amazing security/anti-theft inventions that you'll surely feel compelled to buy.
posted by vidur on Mar 5, 2012 - 23 comments

Android apps can secretly copy photos [SLNYT]

Android apps can secretly copy photos [SLNYT] "Android apps do not need permission to get a user's photos, and as long as an app has the right to go to the Internet, it can copy those photos to a remote server without any notice, according to developers and mobile security experts."
posted by paleyellowwithorange on Mar 1, 2012 - 88 comments

"Carried to its logical end, TSA policy would have to require passengers to travel naked or handcuffed."

"The Transportation Security Administration (TSA) ... have made air travel the most difficult means of mass transit in the United States, at the same time failing to make air travel any more secure." Steve Moore has been an FBI Special Agent, head of the Los Angeles Joint Terrorism Task Force's Al Qaeda and extra-territorial squads, a SWAT agent trained to interdict airplane hijackings, and a pilot. His father literally wrote the book on airline security. And he has come to the conclusion that "TSA is one of the worst-run, ineffective and most unnecessarily intrusive agencies in the United States government." [more inside]
posted by Zozo on Feb 29, 2012 - 170 comments

Choosing good passwords

Choosing good passwords - a straightforward real-world guide for the average user, by AusCERT. Also includes links out to a fun and informative piece on The Top 500 Worst Passwords of All Time, and more in-depth material aimed at the tech and security savvy, like this enjoyable conference talk: Security As If Your Life Depended On It (because it might!). So we can avoid becoming xkcd cartoons.
posted by philipy on Feb 26, 2012 - 71 comments

Somebody set up us the [fork] bomb

Stripe, a company that processes credit cards for web apps, decided to play a security wargame called Capture the Flag where you are given a logiin and password for a server and are invited to use your hacking abilities to gain access to accounts with increasing access and authorization. People who beat the server and "capture the flag" at /home/the-flag/.password are invited to contact the company for bragging rights and a T-shirt. Just one problem: the hacking game has been hacked, with something called a fork bomb. [more inside]
posted by Deathalicious on Feb 23, 2012 - 60 comments

Kuang Grade Mark Eleven

He leaves his cellphone and laptop at home and instead brings "loaner" devices, which he erases before he leaves the US and wipes clean the minute he returns . In China, he disables Bluetooth and Wi-Fi , never lets his phone out of his sight and, in meetings, not only turns off his phone but also removes the battery , for fear his microphone could be turned on remotely. He connects to the Internet only through an encrypted, password-protected channel, and copies and pastes his password from a USB thumb drive. He never types in a password directly, because, he said, "Chinese are very good at installing key-logging software on your laptop." - Travel precautions in the age of digital espionage.
posted by Artw on Feb 13, 2012 - 125 comments

"The Enemy", wear thin?

"Muslim-American Terrorism in the Decade Since 9/11" (PDF) is a report by Professor Charles Kurzman of the University of North Carolina, published by the Triangle Center for Terrorism and Homeland Security. The TCFTHS is a collection of experts in the "Research Triangle" of North Carolina, associated with Duke, UNC and NC State and RTI, the independent research institute dedicated to aggregating and marketing the research resources of these three institutions. [more inside]
posted by running order squabble fest on Feb 8, 2012 - 23 comments

DMARD: Domain-based Message Authentication, Reporting & Conformance

For the past 18 months, engineers at PayPal, Google, Facebook, Yahoo, AOL, Microsoft and nine other technology companies have spent their off-hours (and some on-hours) working hand in hand to tackle the problem that plagues them all: e-mail phishing. The result is DMARC, or, "Domain-based Message Authentication, Reporting & Conformance". It's not new, but puts SPF and DKIM to work in a new way.
posted by Blake on Jan 31, 2012 - 45 comments

The long strange trip of a Singaporean assault rifle

The long strange trip of a Singaporean Cold-War-era assault rifle into the hands of Somali pirates in the Gulf of Aden, and what it reveals about the unintended consequences of the global trade in small arms and ammunition. [slnyt]
posted by killdevil on Jan 26, 2012 - 9 comments

Do you want to see something scary?

GQ reports on paraplegic web cam hacker Luis Mijangos [more inside]
posted by Potomac Avenue on Jan 25, 2012 - 20 comments

"Your mother sells whelks by the hull"

"One in three teens has shared a password with a friend or significant other." [more inside]
posted by jeffburdges on Jan 24, 2012 - 62 comments

SEAndroid

The U.S. National Security Agency (NSA) has begun releasing Security-Enhanced Android patches and tools, which port their Security-Enhanced Linux tools to Android devices. SEAndroid and SELinux provide mandatory access control designed to limit the amount of damage that rogue or exploited software can do. [more inside]
posted by jeffburdges on Jan 21, 2012 - 35 comments

So, would your holiness care to change her password?

The holiday season isn't always relaxing for those in the computing security field. 2011's Chaos Communication Congress brought many gifts in the form of vulnerability disclosures, including: malicious documents that infect HP printers, remote control vulnerabilities in prison lock systems, and denial-of-service attacks against Web servers written in just about every scripting language.
posted by spitefulcrow on Jan 1, 2012 - 32 comments

The Year Secrecy Jumped the Shark

The EFF's Year End Review   The ACLU's This Year in Civil Liberties   Amnesty International's Anual Report (video) [more inside]
posted by jeffburdges on Dec 25, 2011 - 11 comments

Beyond the Border

The U.S.-Canada Beyond the Border agreement is wide-ranging in its impact. Indeed, Prime Minister Harper referred to it Wednesday as "the most significant step forward in Canada-U.S. co-operation since (NAFTA)". This deal promises regulatory alignment (including the food and automotive sectors), quicker border crossings for business or travel (with pre-clearance options), and "screened once, accepted twice" cargo. Perhaps the biggest concern for Canadians however are the changes this agreement could have for their privacy. [more inside]
posted by stinkycheese on Dec 8, 2011 - 130 comments

A leaking woodpecker

Security researchers at North Carolina State University led by Xuxian Jiang (who had previously discovered 12 malicious Android applications sold through Google's Android Market) have uncovered holes in how the permissions-based security model is enforced on numerous Android devices. Called "leaks", these vulnerabilities allow new and existing malicious applications to eavesdrop on calls, track the user's location, install applications, send SMS messages, delete data from the device, and more. (via)
posted by Blazecock Pileon on Dec 5, 2011 - 30 comments

We need some angry nerds.

"The PC is dead. Rising numbers of mobile, lightweight, cloud-centric devices [represent] an unprecedented shift of power from end users and software developers on the one hand, to operating system vendors on the other ... This is a little for the better, and much for the worse." - Jonathan Zittrain, Harvard Law Professor (via battellemedia.com) [more inside]
posted by jeffburdges on Dec 4, 2011 - 153 comments

and battery

The assault on Los Alamos National Laboratory: A drama in three acts
posted by fantabulous timewaster on Nov 10, 2011 - 30 comments

James Fallows on what it's like to have your webmail hacked

Hacked! James Fallows writes in the Atlantic Monthly on how his wife's Gmail account was hacked, and years of email were deleted. Summary: if you have Gmail, you should be using its new 2-step verification; use strong passwords; don't re-use passwords. [more inside]
posted by russilwvong on Nov 5, 2011 - 97 comments

Borders. Security. Refugees. Jerusalem.

The Atlantic is in the middle of a four-part special report on the Israel / Palestinian peace process, called "Is Peace Possible?" which features multimedia presentations on and analyses of what they believe are the four core issues of the conflict: Borders, Security, Refugees, and Jerusalem. (The latter two will be released on Monday, November 7 and 14th, respectively) The report was put together in collaboration with the S. Daniel Abraham Center for Middle East Peace. [more inside]
posted by zarq on Nov 1, 2011 - 21 comments

Phone home

Secret iOS business; what you don’t know about your apps
posted by Artw on Oct 19, 2011 - 125 comments

Stuxnet II: Electric Duqu

A year after the infrastructure-attacking Stuxnet worm was discovered in Iran, a new piece of malware using some of the same techniques (but apparently with different goals) has been found infecting systems in Europe. The new malware, dubbed “Duqu” [dü-kyü], appears to have been written by someone with direct access to the Stuxnet source code.
posted by gemmy on Oct 18, 2011 - 49 comments

Who Watches The Robots?

Wired Magazine: Mystery virus hits U.S drone fleet
posted by The Whelk on Oct 8, 2011 - 68 comments

Exploiting Fear

How Two Scammers Built an Empire Hawking Sketchy Software
posted by vidur on Oct 4, 2011 - 23 comments

Logging out of Facebook is not enough

Logging out of Facebook is not enough - Nik Cubrilovic demonstrates how, even after logging out, Facebook tracks every page you visit on sites that integrate Facebook services [via]
posted by Blazecock Pileon on Sep 27, 2011 - 123 comments

Why the world is scared of hacktivists

They’re watching. And they can bring you down: Why the world is scared of hacktivists. [Via]
posted by homunculus on Sep 25, 2011 - 94 comments

Hacker Rattles Security Circles

“My country should have control over Google, Skype, Yahoo, etc.,” he said by e-mail. “I’m breaking all encryption algorithms and giving power to my country to control all of them.” Is an independent Iranian hacker trying to help his government spy on its people?
posted by beisny on Sep 12, 2011 - 24 comments

Guardian editor alleged to have leaked Cablegate password

Wikileaks has alleged that Guardian editor David Leigh negligently leaked the encryption passphrase to the unredacted 'Cablegate' archive in an upcoming book. The Guardian denies the charges, but states that "[a] Twitter user has now published a link to the full, unredacted database of embassy cables", potentially putting informants at risk.
posted by p3on on Aug 31, 2011 - 203 comments

DigiNotar SSL certificate compromise

Two days ago a user asked Google about a strange warning he was getting when trying to access Gmail from Iran. Turns out he was getting a fraudulent SSL certificate that was issued incorrectly for *.google.com by DigiNotar, a Dutch certificate authority. It seems likely this was a deliberate man-in-the-middle attack to snoop email in Iran. This attack is the second SSL certificate compromise in a year (previously), pointing to a fundamental design flaw in Internet security. [more inside]
posted by Nelson on Aug 30, 2011 - 45 comments

Backdoor, yeah, yeah, snicker, snicker.

You may already be screwed. And not in the good way you were hoping for. MeFi kink favourite, FetLife has been ignoring a longstanding security and privacy compromise. (nsfw)
posted by rodgerd on Aug 9, 2011 - 63 comments

"...nor shall be compelled in any criminal case to be a witness against himself..."

Public interests will be harmed absent requiring defendants to make available unencrypted contents in circumstances like these. Failing to compel Ms. Fricosu amounts to a concession to her and potential criminals (be it in child exploitation, national security, terrorism, financial crimes or drug trafficking cases) that encrypting all inculpatory digital evidence will serve to defeat the efforts of law enforcement officers to obtain such evidence through judicially authorized search warrants, and thus make their prosecution impossible.

The "if you were innocent, you'd have nothing to hide" argument rears its head, in a big way. [more inside]
posted by fifthrider on Jul 11, 2011 - 215 comments

Robert Morris, 1932-2011

Robert Morris, a pioneer in the field of computer security, early major contributor to the UNIX operating system, and father of Robert Tappan Morris (author of the Morris Worm), has died at 78. NYT [more inside]
posted by fireoyster on Jun 29, 2011 - 23 comments

The Next Generation

DEFCON Kids! [more inside]
posted by jeffburdges on Jun 27, 2011 - 15 comments

Searching public hacker databases to keep your passwords safe

Should I Change My Password checks a list of e-mails connected to passwords released by hackers to the public (source list here) and tells you if your password has been compromised.
posted by The Devil Tesla on Jun 25, 2011 - 50 comments

not just to reveal their racist and corrupt nature but to purposefully sabotage their efforts to terrorize communities

"Hackers of the world are uniting and taking direct action against our common oppressors - the government, corporations, police, and militaries of the world" says LulzSec (previously) in their latest release, Chinga La Migra. "We are releasing hundreds of private intelligence bulletins, training manuals, personal email correspondence, names, phone numbers, addresses and passwords belonging to Arizona law enforcement. We are targeting AZDPS specifically because we are against SB1070 (previously) and the racial profiling anti-immigrant police state that is Arizona."

#antisec is a new track from nerdcore rapper ytcracker (previously)
posted by finite on Jun 23, 2011 - 47 comments

Yet more censational news

Lulzsec appear to have hacked the UK 2011 Census which, if true, could be quite a significant ramp up of the security wars. Grabbing a few million credit card numbers is one thing, 60 million identities is something else entirely. Not to mention the celebrity data. Here's the Hacker News comment thread, and a list of the actual census questions to show what could be on offer.
posted by Duug on Jun 21, 2011 - 135 comments

I think Lulzsec is a pretty cool guy. eh hacks US Senate and doesn't afraid of anything.

LulzSec (twitter account) have hacked senate.gov. The group has previously hacked Bethesda, Pron.com, FBI affilliates amongst others. Although some argue that LulzSec represent the catalyst to improve IT security, this message to the Senate seems likely to provoke a more direct investigation: [more inside]
posted by jaduncan on Jun 13, 2011 - 141 comments

The only secure password is the one you can’t remember.

People who use Sony don't make very good passwords. "None of this is overly surprising, although it remains alarming. We know passwords are too short, too simple, too predictable and too much like the other ones the individual has created in other locations. The bit which did take me back a bit was the extent to which passwords conformed to very predictable patterns, namely only using alphanumeric character, being 10 characters or less and having a much better than average chance of being the same as other passwords the user has created on totally independent systems." [more inside]
posted by -->NMN.80.418 on Jun 7, 2011 - 142 comments

Tupac the Kiwi

Over the weekend, PBS' website was hacked by a group calling itself "The Lulz Boat", or "LulzSec". The PBS site displayed a story claiming that rapper Tupac Shakur was alive and well in New Zealand. (He's not). The hack was apparently over the Frontline program that aired last week, 'Wikisecrets', which Julian Assange called "hostile". This follows a separate, unrelated breach at Lockheed Martin, also publicized over the weekend. (Previously)
posted by IvoShandor on May 30, 2011 - 62 comments

Can't touch this

Last week the Texas House of Representatives unanimously passed a bill (House Bill 1937) prohibiting public servants from intrusively touching anyone seeking access to a public building or form of transportation. (TIME, Dallas News, Washington Times) The blogosphere touted the legislation as a move to criminalize TSA groping. Today, the bill was withdrawn from consideration by the state senate after a threat from the TSA and Department of Justice to "close down all the airports in Texas". Protesters are currently marching on the state capitol. [more inside]
posted by thescientificmethhead on May 25, 2011 - 93 comments

Of spies, special forces and drone strikes

Warfare: An advancing front - "The US is engaged in increasingly sophisticated warfare, fusing intelligence services and military specialists" [more inside]
posted by kliuless on May 21, 2011 - 19 comments

you may say I'm a dreamer

-Only an 'energy internet' can ward off disaster
-We must electrify the transport sector [more inside]
posted by kliuless on May 19, 2011 - 58 comments

Page: 1 2 3 4 5 6 7 8 ... 13