Security and the Net

News and opinions about security, the internet and more

Entries for the ‘Security’ Category

Printing handcuff keys

At this year’s Hacking At Random event/conference (HAR2009), a member of SSDeV (the “Sportenthusiasts of Lockpicking”) managed to pull off a very cool stunt: he copied a key for police handcuffs without owning the original key itself.

Comments (1)

Tele2 Netherlands giving the same password to all users

The Dutch branch of ISP Tele2, an European ISP that is active in 11 countries, has just admitted that they use the same password for all new subscribers. Their procedure goes like this:

Comments (3)

How not to respond to security issues

Wat is the worst response you can give when someone alerts you about a security issue in your software? I can almost hear you thinking: “waiting two years to fix it“, but there is an even worse response. Some companies just simple don’t respond at all. Simply amazing… After verifying the issue we contacted the [...]

Comments (1)

Squirrelmail plugins altered by hackers

Last month, the webserver hosting the popular open source webmail suite SquirrelMail was compromised. At that time, the maintainers thought no source code had been altered: At approximately 1700 GMT, on June 16, it was discovered that the SquirrelMail webserver had been compromised. The project administrators took immediate action to mitigate any futher compromises, locking [...]

Comments (2)

92% of Flash users affected by 0-day hole?

Secunia released some interesting statistics last week; according to their numbers, at least 92% of the people using their PSI scanner that have Flase Player installed are running a version that is affected by the zero-day attack that was recently discovered. The real number might be even higher; they didn’t release combined numbers for users [...]

Comments (2)

50 ways to inject your SQL

No, this is not a list of 50 ways to inject SQL; it’s a link to a “50 ways to leave your lover” parody. The singer won’t win any awards for this performance, but the lyrics are great! Evade the regex, Rex Encode it all in hex Unbalance the quotes, Vinod And change the query [...]

Leave a Comment

Apple admits Mac OS users can get viruses

It’s taken them several years to finally get to this point, but Apple has acknowledged that Mac users are not immune from viruses. During WWDC, their Mac OS security page was updated with the following text:

Comments (1)

What if every major browser had the same bug?

Any security professional will tell you that diversity is a good thing; if you use enough different products, it is highly unlikely that all of them will have the same security issue. While this is mostly correct, Amit Klein at Trusteer just released a report (PDF) about a privacy issue that affects all major browsers [...]

Leave a Comment

Is a physical server more secure than a virtualized one?

The answer to that question should be obvious, but it became a headline earlier today when word got out about a big hack affecting 100.000 sites. All data for these sites was removed when servers at Vaserv.com were brought down by a zero-day exploit in LXLabs’ HyperVM software.

Leave a Comment

Astalavista “hacker community” hacked.

Earlier this week, the self-proclaimed “hacker community” Astalavista (not to be confused with the other Astalavista) has been targeted by hackers itself. While this site isn’t as popular as it was years ago, I’d consider this a rather high-profile target; in this case, the so-called “anti-sec group” thought so as well. They posted this message [...]

Comments (2)