Exploit code for Kaminsky DNS bug goes wild Still think threat is exaggerated? When Dan Kaminsky disclosed a critical flaw in the net's address lookup system earlier this month, he said it was crucial internet service providers and other organi

15 views read more 2008-07-24 13:10:02

Enough With Default Allow Revision 2 A revised version of the Enough With Default Allow in Web Applications! paper is now available for download. (My previous post on this topic is here.) The major changes in this version include: Decid

16 views read more 2008-07-24 09:11:00

Three ModSecurity Rule Language Annoyances There are three aspects of the ModSecurity Rule Language we are not very happy with. One comes from a wrong design decision (my own), with further two from constraints of working within the framework

23 views read more 2008-07-24 04:20:00

San Francisco sysadmin stays in jail for now Parts of city network still locked out The sysadmin accused of hijacking San Francisco's network may have surrendered the passwords needed to regain control of key parts of the system, but the move ha

12 views read more 2008-07-23 18:05:05

Drive-by download attacks menace UK.gov No one is safe The number of drive-by download attacks has tripled and they are beginning to affect government websites as well as small business operations.…

19 views read more 2008-07-23 07:47:41

Rogue SF sysadmin coughs up passwords City regains access to its own network San Francisco City Council regained access to its own computer network today after Mayor Gavin Newsom convinced network administrator Terry Childs to give them t

20 views read more 2008-07-23 03:49:59

RIM issues patch for serious BlackBerry flaw Business users: apply now Research in Motion has issued a patch for a serious security flaw that puts businesses using the ubiquitous BlackBerry at risk.…

15 views read more 2008-07-22 18:40:14

Researcher's hypothesis may expose uber-secret DNS flaw Responsible disclosure debate rages on Two weeks ago, when security researcher Dan Kaminsky announced a devastating flaw in the internet's address lookup system, he took the unusual step of admonishin

14 views read more 2008-07-21 14:28:36

Researchers release 'cold boot' attack utilities A way around disk encryption The security researcher who demonstrated the 'cold boot' attack has released the source code for the hack. The attack, first demonstrated in February, uses a set of utilit

18 views read more 2008-07-21 11:56:27

US cyberspying fears hang over Beijing Olympics Dithers over threat level US paranoia about Chinese computer hackers has created a diplomatic dilemma about whether or not to warn visitors and business people traveling to next month's Beijing Olympi

16 views read more 2008-07-21 02:02:04