Security and the Net

News and opinions about security, the internet and more

Entries for April, 2009

Another security breach offers a look at Twitter’s admin interface

A French site posted screenshots that supposedly show Twitter’s admin pages earlier today. While the fact that somebody apparently managed to gain access to one of their admin accounts is not really newsworthy any longer given Twitter’s recent track record, the screenshots themselves are interesting to look at.

Leave a Comment

Remote root exploit for Linux machines running SCTP applications

There appears to be a serious vulnerability in Linux kernel versions < 2.6.28-git8. This was reported as a potential denial-of-service issue in many places; but it now appears to be more serious than that. This site over at blogspot.com posted exploit code that supposedly allows an attacker to gain root privileges on machines running sctp [...]

Leave a Comment

OAuth session fixation attack

Last week, Twitter temporarily stopped using OAuth authentication. The information they posted on their blog was pretty light on details, and the same thing goes for the security advisory that was posted later. Since then, more details and some better explanations of attack scenario’s have surfaced; let’s have a closer look at the security issue [...]

Leave a Comment

Three signs Twitter has become mainstream

Apart from the media attention that it’s been getting for the last year or two, there are some other telltale signs that Twitter is here to stay. The most important one is, of course, that hackers find it an interesting target. The worms that were released so far were merely a test; I have no [...]

Leave a Comment

iPhone 3.0 finally adds iCalendar subscriptions

As announced last month at the preview event, Apple has finally added support for subscribing to iCal (.ics) calendars to the iPhone OS. This is a feature I’ve been missing from the first day I started using the iPhone: up until now the only way to synchronize a calendar was using a desktop app and [...]

Comments (4)

Was 4chan’s creation of Twitter accounts stopped, or did they lose interest?

With the race to reach 1 million followers between Ashton Kutcher and CNN over, let’s look back at the runner-up that was on track to beat both to the finish line: @basementdad.

Comments (1)

Paid content coming to YouTube?

During a conference call with investors about Google’s Q1 earnings, CEO Eric Schmidt made some interesting comments about YouTube. To give you some background about this: last week, David Silversmith published estimates about how much Google is losing on YouTube, which came down to over a million dollars a day:

Comments (6)

Black Hat Europe update: Trust issues?

The “Kaminsky 2.0″ at Black Hat today turned out to be ┬áthe talk from Daniel Mende and Enno Rey, dealing with vulnerabilities in the BGP and MPLS protocols. From what I can tell, there was no real news; most of the information they presented has been available for a while. The fact that BGP has [...]

Leave a Comment

“Kaminsky 2.0″ at Black Hat Europe tomorrow?

I’ve heard several reports, including one from a large Dutch news site, mention that a new security issue will be revealed at Black Hat Europe tomorrow. It is said to have the same impact as the DNS bug found by Dan Kaminsky last year. No further details have been provided, but since the full speaker [...]

Leave a Comment

Amazon: technical glitch, censorship gone wrong, or was it a hacker?

This weekend, lots of writers saw their books disappear from Amazon’s bestseller lists. Somehow, the sales ranking for their books was removed. Since this ranking is an important way for potential buyers to select the contents of their shopping cart, this prompted several angry responses by authors.

Comments (1)