A major flaw in the DNS system is promised to be revealed at the next Black Hat conference. Convinced it was too important to wait, security researcher Dan Kaminsky (video, autoplays) convinced several software vendors to issue emergency patches today, before publicizing details of the attack. It can't be that serious though, can it? Oh yes it can.
posted by Skorgu on Jul 9, 2008 - 59 comments

Why Real Men Don't Cry [YouTube] [more inside]
posted by hadjiboy on Feb 9, 2008 - 81 comments

Klaatu barada...Jikto? First there was Nikto. Then along came Wikto. Last Saturday at Shmoocon Billy Hoffman introduced the world to Jitko, a client-side vulnerability scanner that exploits your browser & turns your PC into a platform for finding holes in computers across the Internet (or behind your firewall). Reactions were mixed. Does Jikto go too far?
posted by scalefree on Mar 28, 2007 - 11 comments

Technological convenience or target identifier? In the most recent chapter in the RFID + US Passport story, LA-based security analysts Flexilis--those of the world record attempt RFID read at last year's DEFCON--noticed a security vulnerability in the RF shielding being proposed for the October release of the next generation US passport. And they made a hell of a proof of concept video showing a possible exploit of the vulnerability.
posted by quite unimportant on Aug 3, 2006 - 24 comments

Signaling Vulnerabilities in Wiretapping Systems. The technology used for decades by law enforcement agents to wiretap telephones has a security flaw that allows the person being wiretapped to stop the recorder remotely [bugmenot]. It is also possible to falsify the numbers dialed [pdf].
posted by event on Nov 30, 2005 - 5 comments