3 days ago
Rod Begbie : Ophcrack - Windows password cracker. Has an interesting open-source business model: The cracker is GPL, and there are free (but limited) Rainbow tables. To get the full tables, you need to pay $99. #
# copy
10 days ago
Linkorama : Knowing what's on your phone--and on those of your employees - First we throw all our data on servers, in clouds, on Amazon's S3, on Google Docs, etc., for the convenience of being able to get at it wherever we go. Then we bring the data back to us again in various caches at very distances from us--proxy servers at t
# copy
10 days ago
deusx : Adeona: A Free, Open Source System for Helping Track and Recover Lost and Stolen Laptops - "Adeona is the first Open Source system for tracking the location of your lost or stolen laptop that does not rely on a proprietary, central service."
mmb : Adeona: A Free, Open Source System for Helping Track and Recover Lost and Stolen Laptops - Adeona: A Free, Open Source System for Helping Track and Recover Lost and Stolen Laptops via deusx’s favorites on del.icio.us [via]
Rod Begbie : Adeona: A Free, Open Source System for Helping Track and Recover Lost and Stolen Laptops - Open-source app which logs your laptop's network location (and optionally a snapshot from the webcam) to a DHT distributed database at irregular intervals. [via] #
# copy
14 days ago
mmb : Dead-listing while on vacation « root labs rdist - Dead-listing while on vacation « root labs rdist via programming: Dead-listing is analyzing the raw disassembly of some target software and figuring it out using only pen and paper. [via]
wearehugh : Dead-listing while on vacation « root labs rdist
# copy
15 days ago
wearehugh : Multiple DNS implementations vulnerable to cache poisoning
# copy
15 days ago
wearehugh : How I Lost a Contest Involving Chihuahuas
# copy
16 days ago
nelson : DomainKeys advances - Big deal today; gmail is refusing email from ebay and paypal without proper DomainKeys certification. Big step towards secure email, but also concentrated email power.
# copy
25 days ago
wearehugh : The Spanner - Javascript protocol fuzz results - firefox 2 executes "jav�ascript:al�ert(1)"
Simon Willison : Javascript protocol fuzz results - Javascript protocol fuzz results. If your HTML sanitizer uses blacklisting rather than whitelisting here are a few more weird ways of injecting javascript: in to a link that you need to worry about—but you should really switch to whitelisting http://
# copy
1 month ago
wearehugh : Red Sweater Blog - WordPress To Disable Remote Access - disabling services is not a security improvement? what world do you live in?
# copy
1 month ago
Linkorama : If the CIA can collaborate with Web 2.0 tools, - Whatever information they have, no matter how sensitive, it’s definitely not as critical or as classified as the CIA. Tell your boss, “If the CIA can collaborate with Web 2.0 tools, so can we.”
# copy1 month ago
deusx : Internet-connected coffee maker has security holes | Tech news blog - CNET News.com - "An Australian man has discovered security vulnerabilities in his Internet-connected coffee maker that could allow a remote attacker to not only take over his Windows XP-based PC but also make his coffee too weak."
# copy
1 month ago
deusx : ASCII by Jason Scott: OH HEY HOW YA DOING - "Since the thing is a security nightmare, it might as well be a complete and total nightmare, like the ones where you wake up and then find out you haven't actually woken up"
# copy2 month ago
wearehugh : Latest 'lost' laptop holds treasure-trove of unencrypted AT&T payroll data | NetworkWorld.com Community
# copy
2 month ago
wearehugh : hackademix.net » Site Security Policy, AKA Content Restrictions
# copy2 month ago
wearehugh : Why advice on choosing strong passwords is useless // plasmasturm.org
# copy
2 month ago
deusx : Meerkat | Code Sorcery Workshop - "Using an innovative Tunnel Setup Assistant, key components of Mac OS X you've grown to love and expect from applications, and community features like Growl and Sparkle, Meerkat is a must-have for the systems administrator or web developer working on
# copy
2 month ago
wearehugh : Farfromr00tin: Google Gears Origin Spoofing
# copy
2 month ago
deusx : bunnyhero dev » Scaring people with fullScreen - "When Flash Player 9 goes into full screen mode, it pops up a little security message that tells the user how to exit full screen mode."
Andy Baio : Scaring people with Flash's fullScreen - distracting from the "hit escape" text is surprisingly effective
Simon Willison : Scaring people with fullScreen - Scaring people with fullScreen. Unsurprisingly, you can work around the “Press Esc to exit full screen mode” message in Flash by distracting the user with lots of similar looking visual noise. This opens up opportunities for cunning phishing attack
# copy
2 month ago
Rod Begbie : DenyHosts - Excellent Unix tool which watches for attacks on ssh and blocks malicious hosts from connecting. I've only just found that it has a "synchronization" mode which shares the knowledge of evil hosts. Installed on all my servers. #
# copy
2 month ago
nelson : Flash exploit - Adobe strikes again; WoW accounts stolen via bug in Flash. So can anything else on your computer, no doubt.
# copy
2 month ago
nelson : Debian/OpenSSL analysis - A very detailed examination of how the bug happened
# copy
2 month ago
wearehugh : Schneier on Security: Our Data, Ourselves
Linkorama : Schneier on Security: Our Data, Ourselves - We need a comprehensive data privacy law...Or we can leave it to the market...But the long-term effects of this on society are toxic; we give up control of ourselves.
# copy
