665 posts tagged with security.
Displaying 201 through 250 of 665. Subscribe:

Bring It On.

An anonymous hacking outfit called "Gnosis" has infiltrated Gawker Media, hijacking the front page and leaking the company's internal chat logs, source code, and content databases along with the usernames, email addresses, and passwords of over 1.3 million users (including Gawker staff). The attack, which was motivated by what the group describes as the "outright arrogance" with which the company's bloggers taunted anonymous imageboard 4chan (semi-previously), affects every site in the Gawker network, including Gizmodo, Kotaku, Lifehacker, Jezebel, Deadspin, Jalopnik, and io9. While most of the leaked passwords are encrypted, more than 200,000 of the simpler ones in the torrent file have been cracked, and the links between account names and email addresses are in plaintext for all to see. Since the integrity of Gawker's encryption methods remains in doubt, it is recommended that anyone who has ever registered an account on any Gawker property change their passwords immediately, especially if the same log-in information is used for other services.
posted by Rhaomi on Dec 12, 2010 - 312 comments

List of commercial airliner bombings.

This list of commercial airliner bombings appears in the Ask a Rocket Scientist section of Aerospaceweb.org. It presents a comprehensive and descriptive catalog of 86 bombings and attempted bombings since 1933, 54 of which resulted in fatalities, and offers some information that might be relevant to the question of airline security.
posted by washburn on Nov 29, 2010 - 44 comments

We'll need to declaw that cat.

Airport-security cartoons from The New Yorker’s archives (1938 - present).
posted by gman on Nov 23, 2010 - 28 comments

Can you imagine 50 people a day, I said 50 people a day? Friends, they may think its a movement.

Nov. 24 is National Opt-out Day from airport back-scatter scanners Time to call BS on TSA's kabuki theater of airport security: "As public anger grows over the TSA's body scanners and intrusive new airport pat-down procedure, a Web site is urging travelers to "opt out" from the body scanners and instead choose to have a pat-down in public view, so that everyone can "see for themselves how the government treats law-abiding citizens." OptOutDay.com declares November 24 to be the day when air travelers should refuse to submit to a full body scan and choose the enhanced pat-down -- an option many travelers have described as little short of a molestation."
posted by TDIpod on Nov 10, 2010 - 395 comments

Man in disguise boards international flight

Man boards plane in elderly disguise (video) Canadian authorities have detained a young Asian man who was wearing a silicone head and neck mask making him appear to be an elderly Caucasian male. [more inside]
posted by KokuRyu on Nov 5, 2010 - 73 comments

Potentially sinister

Security alerts have been declared at Airports in the US, UK and Middle East after the discovery of suspicious packages originating in Yemen. The packages, modified toner cartridges, have been described as "definitely not a complete bomb" but being "potentially sinister".
posted by Artw on Oct 29, 2010 - 291 comments

Firesheep demonstrates how ineffective Web security is

“When it comes to user privacy, SSL is the elephant in the room.” Meet Firesheep: a Firefox plugin that sniffs out unencrypted HTTP sessions on your network segment and lets you impersonate any of the users found. Eric Butler unveiled it today at Toorcon 12, a San Diego conference on computing security, and it demonstrates what amounts to a gaping hole in the Web security model.
posted by spitefulcrow on Oct 24, 2010 - 67 comments

How to Analyze People on Sight, 1921

How to Analyze People on Sight, The Five Human Types, 1921. And other volumes of interest at Project Gutenberg.
posted by wallstreet1929 on Oct 1, 2010 - 29 comments

Typical pre-alpha bugginess, or embarrassing beginner mistakes?

Late yesterday the much-hyped "privacy aware, personally controlled" Diaspora social network platform (discussed previously) published its open-source developer release. "Feel free to try to get it running on your machines and use it," the team urged, "but we give no guarantees. We know there are security holes and bugs, and your data is not yet fully exportable." The Register's initial report is less than rosy: Code for open-source Facebook littered with landmines
posted by The Winsome Parker Lewis on Sep 17, 2010 - 58 comments

Needle program exchange

The Haystack application aims to use steganography to hide samizdat-type data within a larger stream of innocuous network traffic. Thus, civilians in Iran, for example, could more easily evade Iranian censors and provide the world with an unfiltered report on events within the country. Haystack earned its creator Austin Heap a great deal of positive coverage from the media during the 2009 Iranian election protests. The BBC described Heap as "on the front lines" of the protesters' "Twitter revolution", while The Guardian called him an Innovator of the Year. Despite the laudatory coverage, however, the media were never given a copy of the software to examine. Indeed, not much is known about the software or its inner workings. Specialists in network encryption security were not allowed to perform an independent evaluation of Haystack, despite its distribution to and use by a small number of Iranians, possibly at some risk. As interest in the project widens and criticisms of the media coverage and software continue to mount, Heap has currently asked users to cease using Haystack until a security review can be performed.
posted by Blazecock Pileon on Sep 13, 2010 - 31 comments

This Is About Power, Not Security

I Am Detained by the Feds for Not Answering Questions.
posted by bwg on Sep 10, 2010 - 288 comments

Your tires sold you out, man!

Traffic cameras aren't required to track your driving. Researchers from Rutgers and USC have determined that low-pressure sensors in car tires can be passively read, tracking a vehicle's route.
posted by boo_radley on Aug 11, 2010 - 62 comments

Position-based quantum cryptography theoretically proved

Our results open a fascinating new direction for position-based security in cryptography where security of protocols is solely based on the laws of physics and proofs of security do not require any pre-existing infrastructure.
posted by Joe Beese on Aug 8, 2010 - 47 comments

Oh no, not again.

Computer security experts have recently discovered vulnerability/design flaw with Microsoft Windows that has been part of their operating system that effects all versions of Windows since Windows 2000, including XP, Vista, and Windows 7. (1, 2, 3, 4) "The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed. This vulnerability can be exploited locally through a malicious USB drive, or remotely via network shares and WebDAV. An exploit can also be included in specific document types that support embedded shortcuts." -- Microsoft [more inside]
posted by crunchland on Jul 22, 2010 - 84 comments

*sigh* Sometimes I hate computers...

"Millions" Of Home Routers Vulnerable to a Web Hack At the upcoming Black Hat Conference, to be held on July 29th in Las Vegas this year, a security researcher and ethical hacker named Craig Heffner will reveal a software tool to exploit a large-scale vulnerability in most home routers that will give users outside of the network access to the device. [more inside]
posted by codacorolla on Jul 16, 2010 - 40 comments

"Collectively, we lose more than 10,300 hours per year retrieving lost passwords."

LastPass is the last password manager you'll ever need. Available on almost all common platforms, its easy to use, and free. [more inside]
posted by crunchland on Jul 11, 2010 - 73 comments

Clearance is denied

In accordance with Executive Order 10865 of 1960 & DoD Directive 5220.6 of 1992 (original PDF), the Department of Defense has published the reasons for granting or turning down applications for Clearance by 444 Defense contractor personnel in 2010 (so far).
posted by scalefree on Jul 2, 2010 - 34 comments

"Be afraid. Be very afraid."

Starting today, Starbucks is offering free wifi in all of their US and Canadian stores. This has computer security folks a little edgy, since it could allow hackers and computer miscreants new opportunities to steal the data of unsuspecting computer users, and prompted Steve Gibson, computer security guru, to advise people to "just be afraid. Be very afraid." This applies to people who use laptops, wifi enabled cellphones and pdas. But there are ways to protect yourself. [more inside]
posted by crunchland on Jul 1, 2010 - 93 comments

'Some of these guys are just perverts.'

'They blow each other up by mistake. They bungle even simple schemes. They get intimate with cows and donkeys. Our terrorist enemies trade on the perception that they’re well trained and religiously devout, but in fact, many are fools and perverts who are far less organized and sophisticated than we imagine. Can being more realistic about who our foes actually are help us stop the truly dangerous ones?' The Case for Calling Them Nitwits.
posted by shakespeherian on Jun 24, 2010 - 108 comments

Andrew "bunnie" Huang: taking it apart and making it better, then telling others how it's done

Andrew Shane Huang is a 35 year old hardware hacker, known to some as bunnie, and others as that guy who hacked the Xbox and went on to write a book about it. Finding the hidden key to the Xbox was an enjoyable distraction while he worked on getting his PhD in Electrical Engineering from MIT as part of Project Aries. Since then, he has written for (and been written about) in Make Magazine, has giving talks on the strategy of hardware openness and manufacturing practices in China, as experienced with the development of the opensource ambient "internet-based TV" called Chumby. When he's not busy on such excursions, bunnie writes about hacking (and more specifically, Chumby hacking), technology in China, and even biology in exquisite detail on the bunnie studios blog (previously). [more inside]
posted by filthy light thief on Jun 17, 2010 - 36 comments

How to become the world's No. 1 hacker/plagiarist

Cyber security consultant & self-styled “innovator, leader & visionary” Greg Evans has just written & self-published a book titled How To Become The Worlds No. 1 Hacker. Or did he? His company, LIGATT Security International, counts Philips Arena, the NBA Atlanta Hawks and the NHL Atlanta Thrashers among its clients. Or does it?
posted by scalefree on Jun 15, 2010 - 15 comments

"If you had unprecedented access to classified networks 14 hours a day 7 days a week for 8+ months, what would you do?"

Wired reports a US Intelligence Analyst has been arrested in connection with the "Collateral Murder" video released by Wikileaks. According to the article, SPC Bradley Manning was turned in by former hacker Adrian Lamo based on concerns about Manning's threat to leak an additional 260,000 classified embassy cables.
posted by uaudio on Jun 7, 2010 - 80 comments

My Name is Todd Davis. This is my social security number...

Anti-Identity-Theft Firm Lifelock was fined $12 Million in March for deceptive business practices by the FTC. More bad news: their CEO had his identity stolen 13 times after posting his own social security number in company ads as proof they could protect him. [more inside]
posted by zarq on May 19, 2010 - 56 comments

Yarchive - Notes from the hinterland.

Yarchive is one man's collection of UseNET posts on the topics of Air Conditioning; Aircraft; Bicycles; Cars; Chemistry; Computers; Electrical, Electronic; Environment; Explosives, Pyrotechnics; Food; Houses; Guns; Jokes; Medicine; Metalworking; Military; Nuclear; Telephones; Physics; Risks; Security; Space mostly from a select group of authors. It has been updated several times since it first appeared here in 2001 and it never fails to sucker me in for hours every time I stumble upon it from a Google Search. [more inside]
posted by Mitheral on May 19, 2010 - 37 comments

Town & Country & Infinity

Chrysler's recent announcement of a three year technical collaboration with NASA continues the automaker's long involvement with the agency, including production of the historic Redstone, reliable Jupiter, and mighty Saturn launch vehicles, and the design of an unusual Space Shuttle called SERV. [more inside]
posted by Chinese Jet Pilot on May 17, 2010 - 5 comments

Fun with secret questions and answers

"My new bank, Ally Bank, configures a security question and answer for customer service calls. In addition to your SSN, date of birth, and mother's maiden name they also ask you the question you specify and wait for the answer you've provided. A real live human operator always asks the question and waits for a real live answer. This measure has the potential to not just improve my account security but add entertainment value as well."
posted by Ljubljana on May 12, 2010 - 134 comments

I'm not trying to scare you!

Scareware comprises several classes of scam software with malicious payloads, or of limited or no benefit, that are marketed to consumers by scaring them. One frequently seen version is rogue security software that deceives users into paying for the fake or simulated removal of malware. The N. Y. Times site inadvertently displayed a scareware message last September. [more inside]
posted by Obscure Reference on Apr 18, 2010 - 62 comments

It was hot, the night we burned Chrome

Canadian researchers have uncovered a vast “Shadow Network” of online espionage based in China that used seemingly harmless means such as e-mail and Twitter to extract highly sensitive data. Stolen documents recovered in a year-long investigation show the hackers have breached the servers of dozens of countries and organizations, taking everything from top-secret files on missile systems in India to confidential visa applications, including those of Canadians travelling abroad. [more inside]
posted by KokuRyu on Apr 5, 2010 - 35 comments

The password of 1,112 MeFiers is "123456"

How I'd hack your password is a good introduction to how easy it is to compromise a weak password. What's a weak password? Anything among the top 20 passwords revealed among the thirty million users of RockYou is a good start ("123456" is #1). Or you can look at the 500 worst passwords as drawn by Kate Bingaman-Burt based on a list by security expert Mark Burnett. An analysis of password cracking software tells you what to avoid when trying to generate a strong password, but you can follow these techniques, or give up all together.
posted by blahblahblah on Mar 30, 2010 - 130 comments

Planet War

From the bloody civil wars in Africa to the rag-tag insurgencies in Southeast Asia, 33 conflicts are raging around the world today, and it’s often innocent civilians who suffer the most. [more inside]
posted by netbros on Feb 23, 2010 - 14 comments

Anonymous Buzzkill

A worrisome set of posts from Princeton University's 'Freedom to Tinker" Blog:
In many situations, it may be far easier to unmask apparently anonymous online speakers than they, I, or many others in the policy community have appreciated. Today, I'll tell a story that helps explain what I mean. Second post: what BoingBoing knows about John Doe. Third, and most concerning post: The traceability of an online anonymous comment. Related post: a well researched review of the privacy concerns around the roll-out of, and push-back against, Google Buzz.
posted by Rumple on Feb 18, 2010 - 41 comments

Cracking the PS3

George Hotz started a blog chronicling his journey to a software-only PS3 crack. Despite tackling a platform that has held strong for three years, Hotz claimed to have gained read/write access to all system memory after five weeks. Although the PS3 actually ships with Linux support, these cracks circumvent the hypervisor that place strict restrictions on low-level hardware access. You may know Hotz as the geohot who released first hardware iPhone jailbreak, added a software-only jailbreak for all iPhones and iPod Touches, and won multiple awards (pdf) at ISEF 2007 for building a working holographic display system while a senior in high school.
posted by d. z. wang on Jan 25, 2010 - 45 comments

What Israel can teach us about (airport) security

What Israel can teach us about (airport) security. At Ben Gurion Airport in Tel Aviv, it’s all about eye contact. Expert: “[T]hey’re not looking for liquids, they’re not looking at your shoes. They’re not looking for everything they look for in North America. They just look at you... Even today with the heightened security in North America, they will check your items to death. But they will never look at you, at how you behave. They will never look into your eyes... and that’s how you figure out the bad guys from the good guys.” Oh, and get this: “The goal at Ben Gurion is to move fliers from the parking lot to the airport lounge in 25 minutes tops.”
posted by joeclark on Dec 31, 2009 - 184 comments

Bruce Schneier's work isn't peer reviewed. He has no peers.

Is aviation security mostly for show? An essay by Bruce Schneier.
posted by grouse on Dec 30, 2009 - 96 comments

Hello? Can you hear me now?

Karsten Nohl and a team of fellow researchers has cracked the 64-bit encryption used in 80% of the world's GSM phones. Nohl had previously cracked the encryption in the MIFARE smartcard system, demonstrating that the encryption on that device can be cracked in approximately no time whatsoever. These, of course, aren't the first gaping holes in cellphone security to come to light; indeed, lack of security seems to be part of the design spec. Perhaps all new cellphones should be just be distributed with a deck of cards.
posted by kaibutsu on Dec 28, 2009 - 51 comments

Chowned

While many Linux users cite the system's security against malware, the appearance of malware disguised as a screensaver reminded everyone that no system is 100% safe. Ubuntu users were quick to identify the virus, identify the perpetrators, and create a fix, but this isn't the first time this has happened, and will in all likelihood not be the last. The criticism in the community is directed squarely at the user base: "In general the lesson to be learned is if you want a secure system, don't download any software outside the official package sources without at least looking at the source code first."
posted by Marisa Stole the Precious Thing on Dec 21, 2009 - 99 comments

Deep politics

Lobster: The Journal of Parapolitics was started in 1983 by Robin Ramsay and Stephen Dorril, two conspiracy enthusiasts who weren't actually nuts and believed in proper research. The magazine primarily covered the activities of the British security and intelligence services and what they term 'parapolitics'. They've had a brochure website for a while with some sample articles, but starting from the current issue the full journal will be free online (PDF download). The pair had a falling-out some time ago and have gone their separate ways. On his personal site Dorril, now also the author of a well-received study of Mosley and the Blackshirts, offers early back issues of the magazine for free download too.
posted by Abiezer on Dec 12, 2009 - 17 comments

ClimateGate?

The University of East Anglia's Climatic Research Unit suffered a security breach this week. Hackers made off with thousands of email correspondences between some of the world's top climate scientists, and posted them to the Internet1.

Tony Hake has posted an article at The Examiner, highlighting what he feels are the most egregious examples of scientists manipulating and hiding data to support the established theories about Climate Change. Some of the scientists involved counter that the quotes are taken out of context, and that "People are using language used in science and interpreting it in a completely different way".

1 I'm not going to link to them, but the Examiner article mentions where to get them.
posted by Who_Am_I on Nov 20, 2009 - 146 comments

"We are supposed to notify a supervisor. You’re a supervisor, right?"

Do I have the right to refuse this search?
posted by anastasiav on Oct 30, 2009 - 107 comments

This is just getting embarassing!

You know, if I ran the BNP, I think I would think twice about this whole "trusting people with the members list" idea.
posted by Pope Guilty on Oct 20, 2009 - 90 comments

Need Firefox 0.8?

Remember when your computer just worked? Did you click 'OK' to that recommended update on programs like iTunes, Adobe Reader, or Yahoo Messenger, only to realize that the older version ran faster or had better features? Then Version Download may be your solution. Includes back-level versions of browsers, audio and video, security and anti-virus, FTP, file-sharing and communications software.
posted by netbros on Oct 10, 2009 - 59 comments

What Does DHS Know About You?

What Does DHS Know About You? A lot. [more inside]
posted by chunking express on Oct 5, 2009 - 50 comments

The First Ripples of the Silver Tsunami

Nearly 1 in 5 young adults is out of work. Student debt is the highest its ever been. With a 10 year job growth of negative 230,000 jobs, the pool of available jobs is the lowest its ever been as a ratio to available college grads. And even with this dwindling tax base, in order to sustain Medicare and Social Security by 2020, we will need to tax 1.5 workers for every retiree. [more inside]
posted by Acromion on Sep 19, 2009 - 83 comments

Beyond war and crisis

Sustainable Security is a website launched this month by the Oxford Research Group "to be an important platform for promoting a better understanding of the real threats to global security in the 21st century and the policies that should be implemented to address those threats at their root cause." It highlights "four interconnected drivers of global insecurity: climate change; competition over natural resources; global militarism; and poverty and marginalisation. Prof. Paul Rogers makes the case for a rethink of the security paradigm.
posted by Abiezer on Sep 11, 2009 - 10 comments

It's all Greek to Me

In 1984 computer pioneer Ken Thompson wrote one of the seminal works of computer security, Reflections on Trusting Trust [PDF]. In it he postulated putting a trojan horse inside a compiler as a means of infecting software compiled by it. 25 years later somebody has finally done just that. Researchers at anti-virus house Sophos have discovered a virus that places a backdoor into applications compiled with the Delphi language. They've identified at least 3000 separate Delphi applications that have had this backdoor compiled into them so far, including banking programs and programs used for cellphone programming.
posted by scalefree on Aug 20, 2009 - 52 comments

And like that... he's gone

Gone Forever: What Does It Take to Really Disappear?
posted by homunculus on Aug 17, 2009 - 98 comments

Why Can't MS Do This?

An 8 year old critical security bug in the Linux kernel? No problem, we can fix that without even rebooting. You heard me, it is possible to apply a source code patch to a running kernel without reboot.
posted by DU on Aug 17, 2009 - 54 comments

Neurosecurity

Neurosecurity: security and privacy for neural devices. "An increasing number of neural implantable devices will become available in the near future due to advances in neural engineering. This discipline holds the potential to improve many patients' lives dramatically by offering improved—and in some cases entirely new—forms of rehabilitation for conditions ranging from missing limbs to degenerative cognitive diseases. The use of standard engineering practices, medical trials, and neuroethical evaluations during the design process can create systems that are safe and that follow ethical guidelines; unfortunately, none of these disciplines currently ensure that neural devices are robust against adversarial entities trying to exploit these devices to alter, block, or eavesdrop on neural signals. The authors define 'neurosecurity'—a version of computer science security principles and methods applied to neural engineering—and discuss why neurosecurity should be a critical consideration in the design of future neural devices." [Via Mind Hacks]
posted by homunculus on Jul 8, 2009 - 22 comments

CitiApartments

San Francisco's largest residential landlord is refusing to give back security deposits. CitiApartments is possibly going broke and, according to the head of the San Francisco Tenants Union, refusing to refund many tenants security deposits (he says they're getting three to four complaints a week). CitiApartments' buildings are filled with vacancies because their business model is purchasing buildings and then harassing and intimidating tenants into moving out so they can raise the rent. [more inside]
posted by Stephen Elliott on Jul 2, 2009 - 79 comments

You See, In Order to Save the Village America, We Have to ...

Michael Scheuer, the former chief of the CIA's "bin Laden Station", and the initially anonymous author of Imperial Hubris, pulls an O'Reilly on yesterday's Glenn Beck broadcast:
"The only chance we have as a country have right now is for Osama bin Laden to deploy and detonate a major weapon in the United States [...] only Osama can execute an attack which will force Americans to demand that their government protect them [...] with as much violence as necessary."
[more inside]
posted by WCityMike on Jul 1, 2009 - 96 comments

Page: 1 2 3 4 5 6 7 8 ... 14