Sign in or Create an account
friends
rooms
me
everyone
Security

Security

This is a public room. Anyone can join to post and comment.

Administrators

ben lorica

Members

"Czar" DJ Peterman
Arda Çetin
Dimitar Vesselinov
Ian
Jason R. Hunter
Joe Waggoner
Michael Collins
Michael_techie
Pınar Yanardağ
Zod the Shodai Taiyoukage
Security
Computer and General Security Topics
FriendFeed
ben lorica posted a link
UK crime fighters grapple with iPhone wipe threat: Criminals can remotely destroy incriminating evidence by exploiting security features on the Apple iPhone
Wednesday at 6:45 pm - via Reshare - Link
FriendFeed
ben lorica posted a link
CSI Stick grabs data from cell phones: If someone asks to borrow your cell phone, or you leave it unattended, beware!
Wednesday at 10:34 am - via Reshare - Link
"Cellular Seizure Investigation Stick, or CSI Stick: This device connects to the data/charging port and will seamlessly grab e-mails, instant messages, dialed numbers, phone books and anything else that is stored in memory. It will even retrieve deleted files that have not been overwritten. And there is no trace whatsoever that the information has been compromised, nor any risk of corruption." - ben lorica
FriendFeed
Pınar Yanardağ posted a link
"Security policy is like a seatbelt. It will not protect you every time, but it is guaranteed to fail..."
Wednesday at 3:41 am - via Reshare - Link
FriendFeed
ben lorica posted a link
The Google Chrome Browser and Security
September 2 at 5:08 pm - Link
FriendFeed
ben lorica posted a link
Security ROI: Security is not an investment that provides a return, like a new factory or a financial instrument. It's an expense that, hopefully, pays for itself...
September 2 at 9:15 am - Link
FriendFeed
Pınar Yanardağ posted a link
Dan K. (via PaulDotCom Security Weekly - Episode 120)
August 31 at 10:54 pm - via Reshare - Link
FriendFeed
Pınar Yanardağ posted a link
Behind the scenes: MySpace's Tom was a former hacker in 80's.
August 31 at 6:37 pm - via Reshare - Link
FriendFeed
Pınar Yanardağ posted a link
Slashdot | MIT Working On Network Vulnerability Analysis
August 30 at 2:36 am - via Reshare - Link
FriendFeed
ben lorica posted a message
“Security and URL-shortening services (tinyurl, bit.ly): I wonder to what extent spammers and malware distributors are using them? Know of any studies?”
August 29 at 11:32 am - Link
FriendFeed
Pınar Yanardağ posted a link
Kevin Mitnick Tells All in Upcoming Book
August 29 at 10:47 am - via Reshare - Link
FriendFeed
Pınar Yanardağ posted a link
Clarified Networks Kaminsky DNS repair visualisation
Clarified Networks Kaminsky DNS repair visualisation
August 12 at 3:47 pm - via Reshare - Link
I was in the front-row sitting next the Dan's family at Black Hat when I first saw this cool viz. Thnx for posting! - ben lorica
aww, you're so.. lucky! i'll be in next Black Hat, too - maybe we can plan a meeting for all sec-room people? wait and see. but this room needs more interest =) - Pınar Yanardağ
Slashdot on the 1-Character Patch: http://bit.ly/4vAFHD - ben lorica
FriendFeed
Pınar Yanardağ posted a link
"It’s a little known fact that Doug Cutting only sleeps three hours per night, and not because..."
August 11 at 7:41 pm - via Reshare - Link
FriendFeed
ben lorica posted two links
Is a major security incident against a company offering SaaS or cloud computing inevitable? YES!
August 29 at 9:29 am - Link
BGP Exploit Links: (1) http://bit.ly/3G25yo (2) http://bit.ly/2L2iGR (3) http://bit.ly/Jw6gw
August 29 at 9:18 am - Link
Here's how it works. When a user types a website name into his browser or clicks "send" to launch an e-mail, a Domain Name System server produces an IP address for the destination. A router belonging to the user's ISP then consults a BGP table for the best route. That table is built from announcements, or "advertisements," issued by ISPs and other networks -- also known as Autonomous Systems, or ASes -- declaring the range of IP addresses, or IP prefixes, to which they'll deliver traffic. The routing table searches for the destination IP address among those prefixes. If two ASes deliver to the address, the one with the more specific prefix "wins" the traffic. For example, one AS may advertise that it delivers to a group of 90,000 IP addresses, while another delivers to a subset of 24,000 of those addresses. - ben lorica
If the destination IP address falls within both announcements, BGP will send data to the narrower, more specific one. To intercept data, an eavesdropper would advertise a range of IP addresses he wished to target that was narrower than the chunk advertised by other networks. The advertisement would take just minutes to propagate worldwide, before data headed to those addresses would begin arriving to his network. ... Pilosov's innovation is to forward the intercepted data silently to the actual destination, so that no outage occurs. ...Of course it's likely that the kind of traffic that these entities would be most interested in intercepting would be passing through VPNs and thus encrypted. But, as Kapela noted during our interview, even interception that just consists of traffic analysis can yield valuable information for intelligence or law enforcement agents simply trying to determine who is talking to whom. - ben lorica
'Steve Bellovin at Columbia University sent me some additional papers that might interest readers and that indicate that discussions about this problem go back at least as far as the late 80s. He wrote about BGP security issues in a 1989 paper (the .pdf includes commentary that was written about his paper 15 years later). He also mentioned a 1999 National Academies study that he and Steve Kent worked on that warned of routing and the DNS protocols "as the two biggest threats to the Internet" and a bogon routing paper (.pdf) by Nick Feamster and others at MIT. "In other words," Bellovin says, "the good guys have been warning about this for 20 years, and nothing has happened!"' - ben lorica
FriendFeed
Pınar Yanardağ posted a link
NIST IT Security: FBI Reports Online Crime At All Time High
August 28 at 1:43 am - via Reshare - Link
FriendFeed
Pınar Yanardağ posted a link
The Emergence Of A Theme
August 27 at 6:14 pm - via Reshare - Link
FriendFeed
ben lorica posted a link
Facebook Malware Campaigns Rotating Tactics
August 27 at 9:40 am - Link
"Facebook is often advising that users stay away from weird URLs, does this mean ignoring ImageShack and Blogspot altogether? The next malware campaign could be taking advantage of DoubleClick and AdSense redirectors - for starters. " - ben lorica
NYTImes weighs in: http://bits.blogs.nytimes.com/... - ben lorica
Facebook Security Page: http://www.facebook.com/securi... - ben lorica
FriendFeed
ben lorica posted a link
Professional Botnet Features: What are some its key differentiation factors?
August 25 at 10:57 am - Link
FriendFeed
ben lorica posted a link
China’s Cyber Warriors and nationalism: Interesting to watch, but short on convincing evidence.
China’s Cyber Warriors and nationalism: Interesting to watch, but short on convincing evidence.
August 22 at 10:01 am - Link
One thing is clear though, Western Governments in particular do a poor job of integrating civilian (black and white hat) hackers into their cyber defense plans. Governments need to reach out to hackers working in industry and work them into the mix. - ben lorica
FriendFeed
ben lorica posted a link
Mobile Phones and Privacy
August 21 at 11:55 am - via Reshare - Link
"Of the 50 million subscribers ThorpeGlen processed, 48 million effectively belonged to ‘one large group’: they called one another, or their friends called friends of their friends; this set of people was dismissed. A further 400,000 subscriptions could be attributed to a few large ‘nodes’, with numbers belonging to call centres, shops and information services. The remaining groups ranged in size from two to 142 subscribers. Members of these groups only ever called each other – clear evidence of antisocial behaviour – and, in one extreme case, a group was identified in which all the subscribers only ever called a single number at the centre of the web." - ben lorica
FriendFeed
ben lorica posted a link
Overworked IT Workers = Single-point of failure?
August 19 at 10:52 am - Link
Between downsizing, offshoring, and the widening gulf between techies and management, IT workers are stressed out. - ben lorica
FriendFeed
Pınar Yanardağ posted a link
Microsecurity vs. Macrosecurity
August 16 at 10:06 am - via Reshare - Link
FriendFeed
Pınar Yanardağ posted a link
After last month’s post, Linus continues to talk about security (people).
August 15 at 12:48 am - via Reshare - Link
What's wrong if security people focus on security, run after vulnerabilities and fix them asap.. like GUI people's focus on user interface related things. Nobody can be everybody. Why he keep telling to blame people who is only interested in security bugs? I don't understand what he is talking about. Or I get totaly wrong.. - Pınar Yanardağ
Do you have the right link? Here is the original message: http://article.gmane.org/gmane... - ben lorica
I think what he is saying is that security *bugs* get more attention than they deserve, that there are a lot of *other* bugs that are more challenging and crucial. It's tricky: by calling attention to security vulnerabilities, it may well be the case that patches get applied more promptly. OTOH, there are lots of other kernel bugs that need fixing. - ben lorica
I am totaly agree with you: there are (more) critical (but non-security related) bugs need fixing. But what I want to point out is, what's wrong if there are some kernel hackers who are, let's say "mad about security" and some kernel hackers who are fixing "normal" bugs? For example, I am an official developer of Pardus GNU/Linux and a member of Pardus Security Team and whatever critical a bug is, I first focus on security-related bugs while my co-workers focus on other bugs and leave security fixes to me. - Pınar Yanardağ
(continues..) And I know.. as an engineer, I shouldn't think like that. A bug is a bug and need fixing. But that's the faster way to keep your software safe against vulnerabilities. Btw, Larry Osterman has one or two interesting point of view about this: http://blogs.msdn.com/larryost... - Pınar Yanardağ
FriendFeed
Pınar Yanardağ posted a link
[Google Tech Talk] Love and Authentication
[Google Tech Talk] Love and Authentication
August 13 at 4:42 pm - Link
He offers to select some things that you like and some things that you dislike, both from a long list of available topics instead of answering high predictable-questions for the forgotten passwords. (According to me, it's better than the traditional method but still not quite effective for those who are too unstable about likes/dislikes.. meh.) - Pınar Yanardağ
Abstract of the talk: http://www.ravenwhite.com/ifor... - Pınar Yanardağ
Have you heard of Vidoop (http://www.vidoop.com/products)? I wonder if users are cognitively able to "pass" these password-reset challenges? That was my concern with Vidoop when I first saw it two years ago. - ben lorica
Vidoop seems quite complicated but people usually have stronger memory abilities in visual things.. maybe it can work easily after getting familiar with images. (I always prefer T-FA but I don't think I'd like to use such a painful way, though.) - Pınar Yanardağ
Speaking of passwords: http://techbuddha.wordpress.co... - ben lorica
FriendFeed
Pınar Yanardağ posted a link
Prototype This!, coming on Oct 15
August 14 at 11:46 pm - via Reshare - Link
FriendFeed
ben lorica posted a link
Georgia DDoS Attacks - A Quick Summary of Observations
August 13 at 6:36 pm - Link
Who's behind the Georgia Cyber Attacks? http://ddanchev.blogspot.com/2... - ben lorica
How I became a soldier in the Georgia-Russia cyberwar: http://www.slate.com/toolbar.a... - ben lorica
http://www.eweek.com/c/a/Secur... - Pınar Yanardağ
FriendFeed
ben lorica posted a link
PDF of a presentation on Political DDoS aatacks
August 13 at 6:44 pm - Link
FriendFeed
Pınar Yanardağ posted a link
Applied Security Visualization
Applied Security Visualization
August 13 at 4:04 pm - via Reshare - Link
you'll remember his microcast from defcon, talking about the book: http://media.libsyn.com/media/... - Pınar Yanardağ
FriendFeed
ben lorica posted a link
76Service - Cybercrime as a Service Going Mainstream
August 13 at 11:37 am - Link
76service, a cybercrime as a service web interface where customers basically collect the final output out of the banking malware botnet during the specific period of time for which they've purchases access to the service, is going mainstream, with 76Service's Spring Edition apparently leaking out, and cybercriminals enjoying its interoperability potential by introducing different banking trojans in their campaigns. - ben lorica
MaaS - Malware/Crimeware as a Service - ben lorica
Prices start between $1000 to $2000 and go up based on added services. The underground payment methods generally involve hard-to-track virtual currencies, whose central authority is in a jurisdiction where regulation is liberal to non-existent, and feature non-reversible transactions. The individual or group called "76service" was easy to track down on the Web, but not in person. - ben lorica
FriendFeed
Pınar Yanardağ posted a link
Hackers Hacked at Defcon
August 12 at 11:15 pm - Link
http://www.mckeay.net/2008/08/... - Pınar Yanardağ
FriendFeed
Pınar Yanardağ posted a link
Lost, The DefCon 16 Mystery Challenge
August 12 at 6:36 pm - via Reshare - Link
1 2 3 Older »
Tip: Now you can add FriendFeed to your blog with our new customizable FriendFeed widgets!
Other ways to read this feed: Feed