While the cards are a boon to merchants and are part of a large new RFID industry -- from manufacturers who make the tags and readers to software companies that create data analytics for ROI -- the technology also presents some security concerns as merchants may have the ability to track goods and services more closely than some would like.
You can read more about it here.
Thursday, September 28, 2006
Sunday, September 24, 2006
Worried about the airline losing your luggage? No problem. Just pack a gun.
The airline wouldn't want to be responsible for losing a gun, right? That's one photographer's solution to making sure his expensive camera equipment is watched carefully by the airline when he has to check it as luggage. He packs a starter pistol in his camera bag and declares it as a firearm.
You can read more about it here.
You can read more about it here.
Thursday, September 21, 2006
Two Serious Windows Flaws Uncovered
The first is a zero day exploit that affects Internet Explorer (and Outlook) even on fully patched copies of Windows XP. The second is a file corruption bug in Windows 2000 introduced by a Microsoft patch. Steve Gibson has fixes for both in his Security Now podcast, plus an interview with the fellow who discovered the VWL exploti.
You can read more about it here.
You can read more about it here.
Wednesday, September 20, 2006
Watching a phishing attack live
Yesterday, I watched a phishing attack unfold live. After informing the phished bank and US CERT I was able to see in real time the details people entered on the phishers site. Here's what I saw.
You can read more about it here.
You can read more about it here.
Tuesday, September 19, 2006
AG Gonzales Wants ISPs to Save User Data
Attorney General Alberto Gonzales said Tuesday that Congress should require Internet service providers to preserve customer records. Gonzales acknowledged the concerns of some who say legislation might be overly intrusive and encroach on privacy rights, but argued that prosecutors need them to fight child pornography.
You can read more about it here.
You can read more about it here.
Diebold Vote Hack - CNN Video
CNN explores the possibility of midterm e-vote hacks. You should wonder why elections boards across the US aren't doing anything to address the numerous problems with paperless electronic voting machines. These machines, primarily made by Diebold, leave no paper trail, there is no way to verify votes!
You can read more about it here.
You can read more about it here.
#1 Secutiry Threat: Cross-site scripting
Web administrators beware: cross-site scripting vulnerabilities are now far more attractive targets than more notorious bugs such as buffer overflows. Buffer overflows have long been one of the most common types of bugs attacked by malware, with Intel and AMD even building in hardware support for an anti-buffer overflow technology.
You can read more about it here.
You can read more about it here.
Code cracking is the new pot of gold
If you think the password protection on your MS Word file is keeping it safe from prying eyes, you're wrong. The time it takes to crack password-protected Microsoft Office files has tumbled from a 25-day average to a matter of seconds, thanks to a decades-old code-cracking technique that until recently was not viable.
You can read more about it here.
You can read more about it here.
Monday, September 18, 2006
Homeland Security not ready for Cyber Storm
A well coordinated attack against multiple critical infrastructure points launched via the Internet could overwhelm the federal government's ability to respond, according to a report released by the Department of Homeland Security last week on the Cyber Storm exercise conducted in February.
You can read more about it here.
You can read more about it here.
Pipeline Worm Floods AIM with Botnet Drones
A new worm is crawling through AIM - using a sophisticated network of "chain" installs, the bad guys can start the process of infection with any of the files and still hit you with the rest. Or they can target you with a certain selection of files depending on what they want you to do as part of their Botnet. Its like a 10-hit Tekken combo...
You can read more about it here.
You can read more about it here.
Sunday, September 17, 2006
13 stories in a row submitted by the same user with exactly same # of diggs
Just noticed this on digg spy a few minutes ago and i just had enough time to take a screen shot of it. This user seems to be gaming the system.
You can read more about it here.
You can read more about it here.
Saturday, September 16, 2006
Analyzing 20,000 MySpace Passwords
In a day where browsers are coming out with anti-phising tactics, I can?t believe how many people still fall for phising. It?s all over the news, and most email clients display warnings. So when I got an email from ?Admin@MySpace.com? I kind of chuckled.
You can read more about it here.
You can read more about it here.
The ID Chip You Don't Want in Your Passport
"If you have a passport, now is the time to renew it -- even if it's not set to expire anytime soon. If you don't have a passport and think you might need one, now is the time to get it. In many countries, including the United States, passports will soon be equipped with RFID chips. And you don't want one of these chips in your passport."
You can read more about it here.
You can read more about it here.
Friday, September 15, 2006
Hacker Discovers Adobe PDF Back Doors
David Kierznowski, a penetration testing expert specializing in Web application testing, has released proof-of-concept code and rigged PDF files to demonstrate how the Adobe Reader program could be used to launch attacks without any user action.
You can read more about it here.
You can read more about it here.
Mozilla fixes several Firefox flaws
Mozilla released Firefox 1.5.0.7 to address flaws that could expose systems to man-in-the-middle, spoofing and cross-site scripting attacks.
You can read more about it here.
You can read more about it here.
How a Malformed Installer Package Can Crack Mac OS X
There exists a pretty significant interface problem with the Apple Installer program such that any package requesting admin access via the AdminAuthorization key, when run in an admin user account, is given full root-level access without providing the user with a password prompt during the install.
You can read more about it here.
You can read more about it here.
Piracy: all it takes is a garage
Piracy?it's not just for the high seas anymore. In fact, according to the MPAA, 44 percent of their piracy losses in the US come from college students.
You can read more about it here.
You can read more about it here.
Mozilla's New Security Chief: Dump Old Code
Window Snyder, whose hiring was announced last week, says she wants to get going. Her first initiative is to reduce the overall risk to Firefox by evaluating where there are unused features and by getting rid of the unused code.
You can read more about it here.
You can read more about it here.
Google to launch Gmail Plus service?
Don't trust the URL -- things are not as they seem. A clever exploit in a little known Google service could be used to launch phishing attacks, by imitating Google services -- hosted on Google's own servers! Read the article for more information, or see a proof of concept in action: http://www.google.com/u/gplus.
You can read more about it here.
You can read more about it here.
ATM Reprogrammed to Give Out 4X More Money
Last month, a man reprogrammed an automated teller machine at a gas station on Lynnhaven Parkway to spit out four times as much money as it should.
You can read more about it here.
You can read more about it here.
Tuesday, September 12, 2006
Subscribe to:
Posts (Atom)