Author Archive for Prefect

Bo Dietl Lost His Guns

Bo Dietl Lost His Guns

Richard “Bo” Dietl lost his guns. The former NYPD Detective and media contributor on Fox News and the Don Imus show, founder of Beau Dietl & Associates, subject of a film where he was played by Stephen Baldwin, and Chairman of the New York State Security Guard Advisory Council was featured on Jon Stewart’s show for being himself burglarized. What’s funny is that his description of what happened, particularly his focus on the security measures he had in place but that weren’t used, follow the well worn pattern of responses one typically hears after an information security breach (but we were PCI compliant, we had IDS in place, it was a sophisticated attacker, everyone gets hacked, and so forth).

Apr 16, 2010 | 7 comments | View Post
Give this Man a Haircut and Support a Worthwhile Cause

Give this Man a Haircut and Support a Worthwhile Cause

Gal Shpantzer, friend of the blog, fellow blogger, and a writer for CSO Online asked us to bring some attention to a worthy cause. As part of his talk at Security B-Sides Boston in Cambridge, MA, he will partake in certain unabashed activities for each monetary contribution threshold reached for Hackers for Charity.

Apr 16, 2010 | 3 comments | View Post
XSS Flaw on PayPal.com

XSS Flaw on PayPal.com

Earlier today Wesley Kerfoot reported on the Full Disclosure mailing list that a page in the Paypal.com domain is susceptible to a non-persistent reflected cross site scripting attack (XSS). While non-persistent XSS bugs are somewhat common, this is quite serious for a site like PayPal, where user accounts are linked directly to bank accounts, debit, or credit cards and payment can be made to third parties without any additional authentication after user access is gained.

Mar 26, 2010 | 7 comments | View Post
Bad Password Management Will Stop You in Your Tracks

Bad Password Management Will Stop You in Your Tracks

Refusing to maintain and follow a good termination checklist that walks through what access rights to decommission when someone leaves your company can put the brakes on your customers’ good will. Texas Auto Center in Austin Texas demonstrated the headaches that ensue when in February they left more than 80 customers who financed cars unable to get to school, work, and stuck with charges for towing and unnecessary repair work.

Originally diagnosed as mechanical failures in the cars, the problems stopped as soon as all the passwords for the WebTeckPlus system used by the firm were reset. A recently terminated employee, twenty year old Omar Ramos-Lopez, had used still active credentials to login to the web administration portal of the Auto Center’s payment incentive vendor and used it to disable vehicle starters or, according to police reports, have horns honk through the night.

Mar 17, 2010 | 2 comments | View Post
The Proliferation Of Scareware Hits Home

The Proliferation Of Scareware Hits Home

The agitation in the voice on the phone shook me from sleep early Saturday morning: My Uncle the surgeon had a computer problem and he was concerned enough to call. He explained he had been trying to view pictures of a newly renovated base in South Korea when all of a sudden McAfee popped up and did a scan, revealing 28 viruses. But for some reason the new module McAfee wanted him to install wasn’t working because the site wouldn’t accept either of his credit card numbers.

Mar 16, 2010 | 2 comments | View Post
A Loss of SecurityFocus

A Loss of SecurityFocus

The announcement came out earlier today that SecurityFocus, a long standing security news portal started in 1999 and home of a number of popular mailing lists including the well known Bugtraq is being shuttered by Symantec. While aspects of the site will continue (the mailing lists will remain and some content will be moved to Symantec Connect), the loss of the news portal and site itself is a significant loss of historical perspective on the information security industry from what was a long standing news and research source.

Mar 11, 2010 | 6 comments | View Post
IEPeers – A New Internet Explorer Zero Day Vulnerability

IEPeers – A New Internet Explorer Zero Day Vulnerability

We posted an aside yesterday referencing Microsoft’s recent blog post for new security advisory 981374 referencing a new zero day vulnerability in Internet Explorer versions 6 and 7. New details have emerged since, and the exploit has moved from being what was described as part of “limited targeted attacks” to being widely accessible and available as a new module for the Metasploit framework.

Mar 10, 2010 | 8 comments | View Post
Microsoft’s Google Attack Patch?

Microsoft’s Google Attack Patch?

Noted journalist and friend of the blog George V. Hulme shared the picture below from CNBC, perhaps the most amusing way seen thus far of describing the patch for the ‘Aurora bug‘ that famously affected Google late last year.

Feb 25, 2010 | 1 comment | View Post
A Brief Reminder, Passwords Have Been Around Forever

A Brief Reminder, Passwords Have Been Around Forever

The much maligned password has existed for thousands of years, for example the Greek historian Polybius described their use in the Roman military before the birth of Christ.

To illustrate the point here is a clip, the password scene, from the 1932 Marx Brothers movie “Horse Feathers”.

Feb 24, 2010 | 0 comments | View Post
Was the Austin Plane Crash Domestic Terrorism?

Was the Austin Plane Crash Domestic Terrorism?

In what could be the first act of domestic terrorism since Timothy McVeigh, a small plane (Piper) that set out from Georgetown Municipal Airport hit a federal office building housing the Internal Revenue Service (IRS) at 11:36 AM in Austin, Texas. A software developer, Joseph Andrew Stack, who had previously set his house on fire, was the pilot who suicidally flew his plane Kamikaze style into the building in an apparent act of revenge against the IRS as detailed in a 3,202 word suicide note on his web site: http://embeddedart.com.

Feb 18, 2010 | 10 comments | View Post
Page 4 of 10« First...2345610...Last »