Security and the Net

News and opinions about security, the internet and more

Entries for July, 2008

About this DNS bug thing

  So, like me, you’ve probably been wondering about this DNS bug the whole world has been talking about. What is it? How does it affect the average internet user? And how do you protect yourself from this? First: a quick DNS introduction   To understand this issue, you need to know a little bit […]

Leave a Comment

Update about “NASA hacker” Gary McKinnon

A quick update about the “NASA hacker”: as expected, Gary’s lawyers have filed an appeal with the European Court of Human Rights to try and stop his extradiction. Good luck Gary!

Leave a Comment

Twitter hacked, secured in under 4 hours

A colleague sent me these links earlier. To sum it up twitter-style: OMG twitter hacked XSS LOL Well actually the message was a bit longer, but you get the point. Anyway, once I got to look at it the problem was fixed alreay. Not in 90 seconds, mind you, but 90 minutes is still pretty […]

Leave a Comment

New DNS exploit in active use

I’ve been meaning to write a short summary about the DNS vulnerability that’s been hot news for the past few weeks. While preparing that I stumbled upon this report about a new attack that is being used. It appears that this is subtly different than the attack that was released earlier: Moore said he and others […]

Leave a Comment

UFO enthousiast or dangerous terrorist?

I guess you’ve all read the latest news about the “NASA hacker”: he gets extradited to the US. He is seen as a dangerous criminal: Mark Summers, an official representing U.S. interests in the proceedings against McKinnon, said in British court that McKinnon’s actions were “intentional and calculated to influence and affect the U.S. government by […]

Leave a Comment

Slowing economy bad for spammers

Amongst the news about the slowing economy, I noticed this bit of good news: you might be seeing less spam! Apparently, the crew behind the popular Neosploit toolkit are throwing the towel because their hacking tool doesn’t produce enough revenue.  This might be the beginning of a very good development; as people are struggling to […]

Leave a Comment

Chinese internet censorship

… won’t work.  There were lots of reports today about internet censorship for foreign media during this years Olypmic by reporters that were already annoyed because of the high costs for their filtered connection. Apparently this is only becoming an issue now that reporters are having problems accessing their news sources sources of background information. According […]

Leave a Comment

Gmail security: good and bad stuff from Google

As most of you might have noticed, Google has been beefing up the security features of their Gmail service. They recently added two important options: The first is the “last login” screen, that will show you the last time you logged in, and allows you to check for suspicious activity such as session hijacks. The […]

Leave a Comment

Oracle 0-day and how not to deal with security issues

For the first time in years there is a new “0-day” exploit for Oracle databases (this one). I can’t find where this was originally posted, but it seems that whoever discovered this vulnerability didn’t notify Oracle that this bug existed before the exploit was in the wild. Let me be very clear about this: security researchers […]

Leave a Comment

Hello world!

  By some strange coincidence, WordPress already entered the title for the first post I was going to write…   Which shouldn’t come as a surprise: anybody who has ever been in a programming course knows this sentence by heart. Which is a strange thing when you stop to think about it; any modern programming […]

Leave a Comment