Security and the Net

News and opinions about security, the internet and more

Entries for August, 2008

What happens after your DNS cache is poisoned?

With all the news about DNS cache poisoning, I bet a lot of you are left wondering what an attacker would have to gain by doing this. Some people at Microsoft have analyzed an attack; it’s a bit technical but interesting to read.  In short, once a poisoning attack is succesfull, any requests for which […]

Leave a Comment

Viruses in outer space

The BBC reported yesterday that a computer virus has been found on a laptop in the International Space Station. Normally I wouldn’t think twice about such a headline; computer viruses are found everywhere, so it was only a matter of time before one would show up in space. No vital systems were infected, so it’s […]

Leave a Comment

Command line tools for Ahsay Online Backup Manager

I received some questions today about the ability to use a commandline interface with Ahsay’s OBM (Online Backup Manager). For those that don’t know Ahsay: they are one of the larger suppliers of custom-brandable online backup software. Almost every company that offers an online backup service and doesn’t write their own software uses Ahsay.  One […]

Comments (4)

Is SCO no longer accepting e-mail?

By now everybody should have noticed that SCO is having some problems in the courts (except maybe Maureen O’Gara), but now it seems they have some additional problems. Noam Rathaus has apparently discovered a security vulnerability in one of their products, but is unable to contact them:   All the emails I send there return with this funny […]

Leave a Comment

“Google hacker” exposes Chines athlete

Securityfocus reported yesterday that a “search hacker” had exposed the true age of China’s olympic competitors He Kexin and Jiang Yuyuan. After doubts about their age surfaced, Mike Walker was quickly able to uncover documents describing their real ages. While google hacking is nothing new, the result of his actions are more surprising:  Soon after Walker, who blogs […]

Leave a Comment

Manual for handling leaks of personal information

The Australian government provides us with this very complete manual for dealing with leaks of privacy-sensitive data. Two key points from the summary: In general, if there is a real risk of serious harm as a result of a personal information security breach, the affected individuals should be notified.   Notification can operate as an important mitigation strategy […]

Leave a Comment

A different way of backing up your image library

Ever since I started using Apples Aperture software, I’ve been looking for a good backup strategy that wouldn’t break the bank. Like most people I’ve lost some data in the past; since then, I’m pretty paranoid about keeping backups. The first strategy I ever used for backup up my images was old-fashioned, but worked well […]

Leave a Comment

Rumor confirmed: both Fedora and Redhat servers hacked

Recent rumors were confirmed today by a post to the Fedora Infrastructure mailinglist: some of Fedora’s core servers were hacked.  One of the compromised Fedora servers was a system used for signing Fedora packages. However, based on our efforts, we have high confidence that the intruder was not able to capture the passphrase used to […]

Leave a Comment

Nokia series 40 exploit confirmed, 100 million handsets vulnerable?

Just last month, there was a lively debate about this offer by Security Explorations. Adam Gowdiak offered details about some serious vulnerabilities, including: Details regarding 14 security issues affecting different Nokia Series 40 devices Nokia specific exploitation technique leading to the remote and persistent deployment of a backdoor shell application into the target Nokia Series 40 […]

Leave a Comment

Adobe working on malicious flash banners

Good news for everyone that has been bitten by a flash-based ad that keeps overwriting your clipboard: Adobe has acknowledged this and is apparently investigating the issue. Meanwhile I’m still amazed that there is no news about the people responsible for this. The malicious code is delivered via ads on some of the major websites, […]

Leave a Comment