Information Security’s Winners and Losers
Anonymous Releases Very Unanonymous Press Release
Paypal Sender Country XSS
Turning an ATM into a Slot Machine
Persistent XSS on Twitter.com
The big news hit earlier this week, the attack vector that allowed bad actors presumably from China into the networks of Google, Juniper, Adobe,
Bad actors have taken advantage by engaging in search engine poisoning including taking over existing web sites, using techniques that boost search ranking, and installing
A group called the Iranian Cyber Army has, fresh off the heels of their DNS attack on Twitter last month, hijacked the domain of
A report has been received from Juniper at 4:25pm under bulletin PSN-2010-01-623 that a crafted malformed TCP field option in the TCP header of a
Reports are emerging that members of the hacker, or something because they don't want to be called that anymore (from the IRC: To the idiot reporters: we're not hackers), collective Anonymous defaced NASA in support of Wikileaks.
Dec 14, 2010 | 0 comments | View Post
A new XSS vulnerability was identified on Paypal.com earlier today, found by d3v1l and disclosed on both Security-Shell and XSSed. The problem is with the parameter sender_country in a transaction called nvpsm.
Oct 06, 2010 | 2 comments | View Post
In a new section supporting the release of an anti-theft product for mobile phones, the web site of Helsinki based anti-virus company F-Secure is vulnerable to cross site scripting (XSS).
Jun 17, 2010 | 3 comments | View Post
The PDF's raw creation date further points to the Anonymous Press Release from yesterday being created in Greece, which happens to be the homeland of a graphic artist with the same name as the pdf's author field, Alex Tapanaris.
Dec 11, 2010 | 6 comments | View Post
It is a common task for an investigator to boot a machine using bootable media in the form of DVD or USB and there are countless options available. This tutorial is not intended to replace your favorite Helix CD or
Apr 12, 2010 | 18 comments | View Post
The misinformation on DECAF being shut down and a hoax is alarming and the quality of reporting on this security topic actually worse than usual. Earlier tonight we noticed this update from @slashdot on Twitter: "DECAF Was Just a
Dec 18, 2009 | 18 comments | View Post
The stately and much maligned network firewall emerged on the scene some 25 years ago, and since has gone through three distinct generations of development: from being simple packet filters to the more advanced stateful inspection capabilities of today. In
Sep 08, 2011 | 4 comments | View Post
In working with OSSEC agentless for some time now I have come across some limitations in the implementation that I felt needed to be addressed. As OSSEC agentless is designed to preform syscheck functions on remote hosts, more general
Nov 05, 2009 | 0 comments | View Post
In my last OSSEC post "OSSEC: Agentless to save the day" I went over how to setup agentless monitoring using the built in scripts. With this post I am going to get into the details of how to
Nov 03, 2009 | 2 comments | View Post
At least 186 women and 44 girls were caught in a bizarre scheme by 31 year old Santa Ana CA resident Luis Mijangos who attempted to extort pornographic videos from his victims. Mijangos, a paraplegic due to a gang shooting,
Jun 23, 2010 | 3 comments | View Post
Here is the script referenced in the Gawker story from earlier that describes how a number of early iPad 3G subscribers, including names like Harvey Weinstein, Michael Bloomberg, Diane Sawyer, and Rahm Emanuel had their e-mails revealed via a
Jun 09, 2010 | 26 comments | View Post
The agitation in the voice on the phone shook me from sleep early Saturday morning: My Uncle the surgeon had a computer problem and he was concerned enough to call. He explained he had been trying to view pictures of
Mar 16, 2010 | 2 comments | View Post
The 22 year old shooter, Jared Lee Loughner, is no exception. He had a MySpace profile and a Youtube channel, revealing both what he looks like, some biographical details, and a bizarre personal philosophy mentioning grammer, the timeline of man,
Jan 08, 2011 | 19 comments | View Post
The Jester, a hacktivist who is normally known for short term denial of service attacks against Jihadist web forums and who recently claimed responsibility for an outage at Wikileaks in the middle of Cablegate (Wikileaks publication of U.S. diplomatic cables)
Dec 10, 2010 | 40 comments | View Post
The Twitter account of the French Foreign Ministry was compromised, and an anti-Romanian message posted, in the midst of the deportation of some 100 Roma from the country.
Sep 17, 2010 | 2 comments | View Post
Dec 14, 2009 | 8 comments | View Post
In working with OSSEC agentless for some time now I have come across some limitations in the implementation that I felt needed to be addressed. As OSSEC agentless is designed to preform syscheck functions on remote hosts, more general
Nov 05, 2009 | 0 comments | View Post
Competing forces continue to complicate the information security budget conversation, as high profile breaches (Sony, RSA) continue to eat up newsprint while at the same time difficult economic operating conditions continue to drive all technology managers to try to do more with less.
Sep 08, 2011 | 2 comments | View Post
DHS Security Immigrations and Customs Enforcement incorrectly knocked out some 84,000 web sites attempting to seize domain names associated with child pornography, then glossed over the fact that it happened.
Security researcher Chris John Riley has decided to respond to death threats and lawsuits from Georgia security consultancy Ligatt and its proprietor Gregory Evans, but not in kind. Instead he’s written and recorded a rap song:
On the Colbert Report, host Stephen Colbert provided some background on “the First Great Cyberwar” as the hacktivist collective Anonymous has dubbed it, the “Defend Assange” sub-mission of Operation Payback.
Dec 16, 2010 | 0 comments | View Post
