NewsPeeps

security

1
peeps

Peep it

Is Adobe the next (pre-2002) Microsoft? | InSecurity Complex - CNET News

published 1018 days, 5 hours, 34 minutes ago posted by

http://jonnyboats.wordpress.com/ 1019 days, 8 hours, 24 minutes ago

Is Adobe the next (pre-2002) Microsoft? | InSecurity Complex - CNET News

August 6, 2009 4:00 AM PDT by Elinor Mills If you're a criminal and you want to break into a network, a common attack method is to exploit a hole in software that exists on most computers, has its fair share of holes, and isn't automatically updated. In 2002, that would have been Windows. Today, it's likely to be Adobe Reader or Flash Player, whose share of vulnerabilities and exploits are on the rise while Microsoft's is falling. Nearly half of targeted attacks exploit holes in Acrobat Reader... (more)

category: News | clicked: 0 | comment | | source: news.cnet.com

tags: security

1
peeps

Peep it

XML flaw threatens millions of apps with DoS attacks

published 1019 days, 8 hours, 30 minutes ago posted by

http://jonnyboats.wordpress.com/ 1020 days, 1 hour, 40 minutes ago

XML flaw threatens millions of apps with DoS attacks By Ellen Messmer Created 2009-08-05 06:11AM Vulnerabilities discovered in XML libraries from Sun, Apache Software Foundation, Python Software Foundation, and the Gnome Project[1] could result in successful denial-of-service attacks on applications built with them, according to C... (more)

category: News | clicked: 0 | comment | | source: infoworld.com

tags: security

2
peeps

Peep it

Hacker's mother makes plea to Obama | Metro.co.uk

published 1021 days, 7 hours, 21 minutes ago posted by

http://pixycolors.wordpress.com/ 1026 days, 3 hours, 23 minutes ago

Hacker's mother makes plea to Obama | Metro.co.uk

The mother of computer hacker Gary McKinnon has made an impassioned appeal to US president Barack Obama after her son failed in his latest High Court bid to avoid extradition to America. The 43-year-old from north London, who suffers from Asperger's Syndrome (AS), is wanted for trial on charges of hacking into US military networks. (more)

category: News | clicked: 1 | comment | | source: www.metro.co.uk

tags: security

1
peeps

Peep it

Military May Ban Twitter, Facebook as Security ‘Headaches’ | Danger Room | Wired.com

published 1025 days ago posted by

http://jonnyboats.wordpress.com/ 1026 days, 5 hours, 18 minutes ago

Military May Ban Twitter, Facebook as Security ‘Headaches’ | Danger Room | Wired.com

The U.S. military is strongly considering a near-total ban on Twitter, Facebook, and all other social networking sites throughout the Department of Defense, multiple sources within the armed forces tell Danger Room. It’s the latest twist in the Defense Department’s tangled relationship with so-called “Web 2.0″ sites. But while earlier social media blockades have been thrown up over bandwidth and secrecy concerns, this fresh ban stems from fears that Facebook and the like make it far too easy for hacke... (more)

category: News | clicked: 0 | comment | | source: www.wired.com

tags: Facebook, security, social media, Twitter

1
peeps

Peep it

Christopher M. Park - Blog: Thoughts on Piracy and DRM

posted by

http://jonnyboats.wordpress.com/ 1028 days, 2 hours, 1 minute ago

Christopher M. Park - Blog: Thoughts on Piracy and DRM

First, DRM Stinks I try to make it known that AI War doesn't contain any DRM -- there's a license key to transform the demo version into the full version, and that's it. No phoning home, no usage tracking, no limited numbers of installs, no crazy drivers that take over your system. DRM sucks, in so many ways, and I've always hated it. When I buy music, I use Amazon MP3 because it's DRM-free. When I have music, I want to be able to use it on any device I have, or any computer -- I use a laptop as wel... (more)

category: News | clicked: 0 | comment | | source: christophermpark.blogspot.com

| flag as spam

tags: security

1
peeps

Peep it

Windows 7 RTM Cracked With OEM License Key - Tom's Hardware

published 1027 days, 7 hours, 41 minutes ago posted by

http://jonnyboats.wordpress.com/ 1028 days, 2 hours, 25 minutes ago

Windows 7 RTM Cracked With OEM License Key - Tom's Hardware

With every release of Windows is the inevitable race by the pirate community to crack it. Even with activation schemes, which make things considerably more challenging, hackers were able to find a way to activate Windows Vista with a special OEM key. This very same hack has now made its way to activate Windows 7 RTM. Such a key allows OEMs to pre-activate machines – something definitely not meant for the consumer market. The OEM activation system relies on a special BIOS ... (more)

category: News | clicked: 0 | comment | | source: www.tomshardware.com

tags: security, Windows

1
peeps

Peep it

National Journal Online -- Tech Daily Dose -- Peer-To-Peer Networks Face Scrutiny

published 1027 days, 7 hours, 41 minutes ago posted by

http://jonnyboats.wordpress.com/ 1028 days, 5 hours, 33 minutes ago

National Journal Online -- Tech Daily Dose -- Peer-To-Peer Networks Face Scrutiny

Wednesday, July 29, 2009Peer-To-Peer Networks Face Scrutiny House Oversight and Government Reform Chairman Edolphus Towns on Wednesday was expected to blame the Bush administration for having a laissez-faire attitude that has allowed privacy and s... In his opening remarks, Towns pointed to an analysis by security experts at Tiversa and said specific examples of recent LimeWire leaks "range from appalling to shocking." • The Social Security numbers and family information for every master sergea... (more)

category: News | clicked: 0 | comment | | source: techdailydose.nationaljournal.com

tags: government, security

1
peeps

Peep it

The Microsoft Security Response Center (MSRC) : Microsoft Security Advisory 973882, Microsoft Security Bulletins MS09-034 and MS09-035 Released

posted by

http://jonnyboats.wordpress.com/ 1028 days, 23 hours, 32 minutes ago

The Microsoft Security Response Center (MSRC) : Microsoft Security Advisory 973882, Microsoft Security Bulletins MS09-034 and MS09-035 Released

Today, we’re releasing guidance and security updates to help better protect customers from responsibly reported security vulnerabilities discovered in the Microsoft Active Template Library (ATL). Because libraries function as building blocks that can be used to build software, vulnerabilities in software libraries can be complex issues and benefit from what we call community based defense – broad collaboration and action from Microsoft, the security community and industry. Because of this, in addit... (more)

category: News | clicked: 0 | comment | | source: blogs.technet.com

| flag as spam

tags: Microsoft, security

1
peeps

Peep it

New algorithm guesses SSNs using date and place of birth - Ars Technica

posted by

http://jonnyboats.wordpress.com/ 1030 days, 2 hours, 41 minutes ago

New algorithm guesses SSNs using date and place of birth - Ars Technica

For citizens of the US, the social security number (SSN) is the gateway to all things financial. It fills its government purpose of helping us pay our taxes and track our (in many cases, hypothetical) government benefits, and it has also been widely adopted as a means of verifying identity by a huge range of financial institutions. As a result, anytime you disclose an SSN you run a real risk of enabling identity theft. So far, most of the SSN-related ID theft problems have resulted from institutions t... (more)

category: News | clicked: 0 | comment | | source: arstechnica.com

| flag as spam

tags: government, security, SSN

1
peeps

Peep it

Shawn Wildermuth - Securing Web Services (Even with OOB)

published 1029 days, 6 hours, 10 minutes ago posted by

http://jonnyboats.wordpress.com/ 1030 days, 3 hours, 25 minutes ago

Shawn Wildermuth - Securing Web Services (Even with OOB)

Securing Web Services (Even with OOB) I was trading tweets today with @pauliom about whether RIA Services would solve some Auth problems he was having out of the browser. While RIA does do some interesting things with roles/users, I mentioned that typical Forms Auth out of the box should just work. To that end I have created a simple example of how to protected WCF Services with Forms Auth (works with ADO.NET Data Services as well BTW). Because I wanted to support it out of the browser as well, I u... (more)

category: News | clicked: 0 | comment | | source: wildermuth.com

tags: security, WCF

1
peeps

Peep it

National Journal Online -- Tech Daily Dose -- White House Wants Cookie Feedback

published 1030 days, 4 hours, 30 minutes ago posted by

http://jonnyboats.wordpress.com/ 1032 days, 8 minutes ago

National Journal Online -- Tech Daily Dose -- White House Wants Cookie Feedback

Friday, July 24, 2009 White House Wants Cookie Feedback NextGov reports that Bev Godwin, director of online resources and interagency development for the White House new media team, asked the public on Friday to weigh in on the decade-old federal policy that does not allow agencies to use persistent cookies on their Web sites. The reason has to do with privacy, but it makes it harder for agencies to create Web services like those in the private sector. The White House wants the public to tell them wha... (more)

category: News | clicked: 0 | comment | | source: techdailydose.nationaljournal.com

tags: security

1
peeps

Peep it

Hackers scoffing at iPhone 3GS' hardware encryption

posted by

http://jonnyboats.wordpress.com/ 1033 days, 5 hours, 22 minutes ago

Hackers scoffing at iPhone 3GS' hardware encryption by Chris Ziegler, posted Jul 24th 2009 at 12:19AM There were other features taking higher billing in the iPhone 3GS' announcement than its hardware-level encryption -- hell, even the magnetic compass was getting more play -- but it's there, and Apple's actively marketing the bit-scrambling capability to enterprise clients. Problem is, hackers are apparently having a field day with it, rendering it useless in all but name. One iPhone dev (who teaches... (more)

category: News | clicked: 0 | comment | | source: www.engadget.com

| flag as spam

tags: iPhone, security

1
peeps

Peep it

Hacker Claims iPhone 3GS Encryption is Incredibly, Dangerously Easy to Crack - Jonathan zdziarski - Gizmodo

posted by

http://jonnyboats.wordpress.com/ 1033 days, 5 hours, 32 minutes ago

Hacker Claims iPhone 3GS Encryption is Incredibly, Dangerously Easy to Crack - Jonathan zdziarski - Gizmodo

Noted iPhone security destroyer Jonathan Zdziarski has cracked the iPhone 3GS encryption security, which is to be expected, but the ease and speed with which he did it is worrisome. Zdziarski claims the iPhone 3GS is thus "useless" to businesses. The iPhone certainly isn't as ubiquitous for corporate use as BlackBerry or even Windows Mobile, but that's starting to change, and Zdziarski is very concerned that the iPhone 3GS's security puts sensitive data at unnecessary risk. He claims that with easily-... (more)

category: News | clicked: 0 | comment | | source: gizmodo.com

| flag as spam

tags: iPhone, security

1
peeps

Peep it

Cross-Site Request Forgeries (CSRF) explained - Erik Oppedijk - blog community

published 1033 days, 7 hours, 17 minutes ago posted by

http://jonnyboats.wordpress.com/ 1034 days, 6 hours, 22 minutes ago

Cross-Site Request Forgeries (CSRF) explained - Erik Oppedijk - blog community

The Cross-Site Request Forgery is a relatively unknown and misunderstood attack, often mixed up with the Cross-Site Scripting (XSS) attack. The biggest difference is the server where the malicious code is hosted. With a XSS attack, that code is injected in the trustedsite you are visiting (e.g. a Forum site, or any other site you trust and sign on to) and tries to steal information by sending it to another location: With the CSRF the scenario is reversed, a user is tricked to a specially crafted UR... (more)

category: News | clicked: 1 | comment | | source: blogs.infosupport.com

tags: security

1
peeps

Peep it

The Security Development Lifecycle : Working with SAFECode to Help Secure the Software Supply Chain

published 1033 days, 7 hours, 17 minutes ago posted by

http://jonnyboats.wordpress.com/ 1034 days, 7 hours, 7 minutes ago

The Security Development Lifecycle : Working with SAFECode to Help Secure the Software Supply Chain

Working with SAFECode to Help Secure the Software Supply Chain We have a guest blogger this week: Paul Nicholas, Principal Security Strategist Manager for the Critical Infrastructure Protection group at Microsoft and Chair of SAFECode is here to talk about supply chain security. Today’s blog post provides an introduction to another aspect of software assurance. Software assurance is most frequently discussed in the context of processes such as the SDL that make code more secure through the applica... (more)

category: News | clicked: 0 | comment | | source: blogs.msdn.com

tags: security

1
peeps

Peep it

Hackers Use Naked Video of ESPN Star Erin Andrews to Attack Your PC - Crimesider - CBS News

posted by

http://pixycolors.wordpress.com/ 1036 days, 22 minutes ago

Hackers Use Naked Video of ESPN Star Erin Andrews to Attack Your PC - Crimesider - CBS News

NEW YORK (CBS) Hackers are using an illegally-taped peephole video that has naked shots of glamorous ESPN sports reporter Erin Andrews as a lure to get click-happy web surfers to download dangerous malware to their computers, according to a computer security website. ... (more)

category: News | clicked: 0 | comment | | source: www.cbsnews.com

| flag as spam

tags: security

1
peeps

Peep it

GeekTonic: DRM – Dead For Music Downloads – Video DRM Just Getting Started

published 1035 days, 9 hours ago posted by

http://jonnyboats.wordpress.com/ 1036 days, 9 hours, 27 minutes ago

GeekTonic: DRM – Dead For Music Downloads – Video DRM Just Getting Started

DRM – Dead For Music Downloads – Video DRM Just Getting Started In a bold, exciting headline TorrentFreak declares that “DRM is Dead, RIAA Says.” I concur that DRM is definitely dead for music downloads and it is certainly a milestone that representatives of the RIAA are admitting it now. But we still have a very long way to go – just look at video.Music Download DRM is Dead The torrentfreak article explains the context of the quote this way: Jonathan Lamy, chief spokesperson for the RIAA declar... (more)

category: News | clicked: 0 | comment | | source: www.geektonic.com

tags: security

1
peeps

Peep it

ScrewTurn Software Blog » ScrewTurn Wiki and Bots

published 1036 days, 9 hours, 55 minutes ago posted by

http://jonnyboats.wordpress.com/ 1037 days, 7 hours, 31 minutes ago

ScrewTurn Software Blog » ScrewTurn Wiki and Bots

Since early v3 builds, ScrewTurn Wiki has the ability to report errors (exceptions) via email to a designated list of recipients. Well, I constantly get 20 or so notifications a day, all with the same reason: “Validation of ViewState MAC failed”, occurring always for Register.aspx and Login.aspx. These are obviously requests made by bots in the attempt of creating accounts and logging into the wiki. The funny thing is that ASP.NET (WebForms) automatically takes care of this issue: the ViewState informati... (more)

category: News | clicked: 1 | comment | | source: www.screwturn.eu

tags: open source, security

1
peeps

Peep it

Technology Review: Who's Typing Your Password?

published 1039 days, 7 hours, 42 minutes ago posted by

http://jonnyboats.wordpress.com/ 1040 days, 5 hours, 34 minutes ago

Technology Review: Who's Typing Your Password?

Who's Typing Your Password? By watching how passwords are entered, a company hopes to make log-ins more secure. By Erica Naone Thursday, July 16, 2009 Passwords can be one of the weakest links in online security. Users too often choose one that's easily guessed or poorly protected; even strong passwords may need to be combined with additional measures, such as a smart card or a fingerprint scan, for extra protection. Delfigo Security, a startup based in Boston, has a simpler solution to bols... (more)

category: News | clicked: 0 | comment | | source: www.technologyreview.com

tags: security

1
peeps

Peep it

The Security Development Lifecycle : Banned Crypto and the SDL

posted by

http://jonnyboats.wordpress.com/ 1040 days, 22 hours, 35 minutes ago

The Security Development Lifecycle : Banned Crypto and the SDL

Banned Crypto and the SDL Hi, Michael here. The SDL does not focus solely on issues such as buffer overruns, SQL injection and cross-site scripting issues; an important component is making sure developers use the correct cryptographic functionality. The reason for using the correct crypto and using crypto correctly is three-fold; first, cryptography offers many low-level building blocks, such as hash functions, symmetric encryption algorithms and message authentication codes, and it’s important to und... (more)

category: News | clicked: 0 | comment | | source: blogs.msdn.com

| flag as spam

tags: security

Welcome!

security

Is Adobe the next (pre-2002) Microsoft? | InSecurity Complex - CNET News

XML flaw threatens millions of apps with DoS attacks

Hacker's mother makes plea to Obama | Metro.co.uk

Military May Ban Twitter, Facebook as Security ‘Headaches’ | Danger Room | Wired.com

Christopher M. Park - Blog: Thoughts on Piracy and DRM

Windows 7 RTM Cracked With OEM License Key - Tom's Hardware

National Journal Online -- Tech Daily Dose -- Peer-To-Peer Networks Face Scrutiny

The Microsoft Security Response Center (MSRC) : Microsoft Security Advisory 973882, Microsoft Security Bulletins MS09-034 and MS09-035 Released

New algorithm guesses SSNs using date and place of birth - Ars Technica

Shawn Wildermuth - Securing Web Services (Even with OOB)

National Journal Online -- Tech Daily Dose -- White House Wants Cookie Feedback

Hackers scoffing at iPhone 3GS' hardware encryption

Hacker Claims iPhone 3GS Encryption is Incredibly, Dangerously Easy to Crack - Jonathan zdziarski - Gizmodo

Cross-Site Request Forgeries (CSRF) explained - Erik Oppedijk - blog community

The Security Development Lifecycle : Working with SAFECode to Help Secure the Software Supply Chain

Hackers Use Naked Video of ESPN Star Erin Andrews to Attack Your PC - Crimesider - CBS News

GeekTonic: DRM – Dead For Music Downloads – Video DRM Just Getting Started

ScrewTurn Software Blog » ScrewTurn Wiki and Bots

Technology Review: Who's Typing Your Password?

The Security Development Lifecycle : Banned Crypto and the SDL

Open ID Login

Standard Login

Forgot Password?

Sign up