• Information Security’s Winners and Losers

    A recording of my most recent webinar is up, follow the link to access the recording. The webinar covers:

    Which projects are IT professionals implementing in the next 12 months? How do 2012 security budgets look? Who will be the winners and losers on the vendor side? Join us as Daniel [...]

  • Anonymous Releases Very Unanonymous Press Release

    Today, December 10th, Anonymous, an Internet gathering, released a press release which you can read below. In it, a description is provided of what Anonymous is about, what Operation Payback is, and where the media is getting it wrong. Also in it, its author forgot to remove his name in the pdf’s Meta information.

  • Paypal Sender Country XSS

    A new XSS vulnerability was identified on Paypal.com earlier today, found by d3v1l and disclosed on both Security-Shell and XSSed. The problem is with the parameter sender_country in a transaction called nvpsm.

  • Turning an ATM into a Slot Machine

    In a talk originally slated for last year before it was muffled by Juniper based on the concerns of “an affected ATM vendor”, Jack demonstrates what he calls jackpotting an ATM.

  • Persistent XSS on Twitter.com

    Twitter user 0wn3d_5ys has demonstrated a persistent cross site scripting (XSS) vulnerability he found on June 21st using his own Twitter account (visit at your own risk) that appears to be due to a lack of input validation of the application name field when accepting new requests for Twitter applications.

The “Aurora” IE Exploit Used Against Google in Action

The “Aurora” IE Exploit Used Against Google in Action

The big news hit earlier this week, the attack vector that allowed bad actors presumably from China into the networks of Google, Juniper, Adobe,

Jan 15, 2010 | 74 comments | View Post
Scareware Purveyors, Spammers, and Crooks Take Advantage of Haiti Earthquake

Scareware Purveyors, Spammers, and Crooks Take Advantage of Haiti Earthquake

Bad actors have taken advantage by engaging in search engine poisoning including taking over existing web sites, using techniques that boost search ranking, and installing

Jan 14, 2010 | 1 comment | View Post
Baidu.com the Latest Victim of Iranian CyberArmy

Baidu.com the Latest Victim of Iranian CyberArmy

A group called the Iranian Cyber Army has, fresh off the heels of their DNS attack on Twitter last month, hijacked the domain of

Jan 11, 2010 | 21 comments | View Post
JUNOS (Juniper) Flaw Exposes Core Routers to Kernel Crash

JUNOS (Juniper) Flaw Exposes Core Routers to Kernel Crash

A report has been received from Juniper at 4:25pm under bulletin PSN-2010-01-623 that a crafted malformed TCP field option in the TCP header of a

Jan 06, 2010 | 20 comments | View Post
  • Incident Response

  • The Anonymous PR Guy and a Greece Connection

    The Anonymous PR Guy and a Greece Connection

    The PDF's raw creation date further points to the Anonymous Press Release from yesterday being created in Greece, which happens to be the homeland of a graphic artist with the same name as the pdf's author field, Alex Tapanaris.

    Dec 11, 2010 | 6 comments | View Post

  • WinPE 3.0 & Forensics

    WinPE 3.0 & Forensics

    It is a common task for an investigator to boot a machine using bootable media in the form of DVD or USB and there are countless options available. This tutorial is not intended to replace your favorite Helix CD or

    Apr 12, 2010 | 18 comments | View Post

  • Reactivating DECAF in Two Minutes

    Reactivating DECAF in Two Minutes

    The misinformation on DECAF being shut down and a hoax is alarming and the quality of reporting on this security topic actually worse than usual. Earlier tonight we noticed this update from @slashdot on Twitter: "DECAF Was Just a

    Dec 18, 2009 | 18 comments | View Post

  • Administration

  • Regular or Decaf? Tool launched to combat COFEE

    Regular or Decaf? Tool launched to combat COFEE

    About a month ago, there was much news about the release of COFEE into the torrent wild. I even gave my two cents about the much hyped forensics toolkit which is provided to law enforcement for the purposes of easily

    Dec 14, 2009 | 8 comments | View Post

  • Six Bulletins in Last Patch Tuesday of 2009

    Six Bulletins in Last Patch Tuesday of 2009

    Today marks the last Microsoft patch Tuesday of 2009, and Microsoft has released patches to six bulletins: MS09-071 – Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318) MS09-074 – Vulnerability in Microsoft Office Project Could Allow Remote Code Execution

    Dec 08, 2009 | 1 comment | View Post

  • OSSEC: Agentless…It’s good, but not good enough

    In working with OSSEC agentless for some time now I have come across some limitations in the implementation that I felt needed to be addressed. As OSSEC agentless is designed to preform syscheck functions on remote hosts, more general

    Nov 05, 2009 | 0 comments | View Post

  • Other Recent Articles

  • Through Breaches and Bad Times, Security Budgets are Up

    Through Breaches and Bad Times, Security Budgets are Up

    Competing forces continue to complicate the information security budget conversation, as high profile breaches (Sony, RSA) continue to eat up newsprint while at the same time difficult economic operating conditions continue to drive all technology managers to try to do more with less.

    Sep 08, 2011 | 2 comments | View Post

  • The banner users were presented after the URL they visited redirected.

    DHS incorrectly associates 84,000 web sites with child pornography

    DHS Security Immigrations and Customs Enforcement incorrectly knocked out some 84,000 web sites attempting to seize domain names associated with child pornography, then glossed over the fact that it happened.

    Feb 17, 2011 | 1 comment | View Post

  • Ligatt Rap

    Ligatt Rap

    Security researcher Chris John Riley has decided to respond to death threats and lawsuits from Georgia security consultancy Ligatt and its proprietor Gregory Evans, but not in kind. Instead he’s written and recorded a rap song:

    Feb 11, 2011 | 1 comment | View Post

  • Colbert Explains Cyberwar

    Colbert Explains Cyberwar

    On the Colbert Report, host Stephen Colbert provided some background on “the First Great Cyberwar” as the hacktivist collective Anonymous has dubbed it, the “Defend Assange” sub-mission of Operation Payback.

    Dec 16, 2010 | 0 comments | View Post