Security and the Net

News and opinions about security, the internet and more

Entries for the ‘Short newslinks’ Category

Printing handcuff keys

At this year’s Hacking At Random event/conference (HAR2009), a member of SSDeV (the “Sportenthusiasts of Lockpicking”) managed to pull off a very cool stunt: he copied a key for police handcuffs without owning the original key itself.

Comments (1)

How not to respond to security issues

Wat is the worst response you can give when someone alerts you about a security issue in your software? I can almost hear you thinking: “waiting two years to fix it“, but there is an even worse response. Some companies just simple don’t respond at all. Simply amazing… After verifying the issue we contacted the [...]

Comments (1)

Squirrelmail plugins altered by hackers

Last month, the webserver hosting the popular open source webmail suite SquirrelMail was compromised. At that time, the maintainers thought no source code had been altered: At approximately 1700 GMT, on June 16, it was discovered that the SquirrelMail webserver had been compromised. The project administrators took immediate action to mitigate any futher compromises, locking [...]

Comments (2)

92% of Flash users affected by 0-day hole?

Secunia released some interesting statistics last week; according to their numbers, at least 92% of the people using their PSI scanner that have Flase Player installed are running a version that is affected by the zero-day attack that was recently discovered. The real number might be even higher; they didn’t release combined numbers for users [...]

Comments (2)

Browser Security Lessons from the Chrome team

ACM Queue has just added a new paper by Charles Reis, Adam Barth and Carlos Pizano. It expands upon the information published earlier about the effectiveness various browsers’ update mechanisms, adding information about the measures taken to keep users from visiting malicious websites and, more importantly, the ways in which they prevent the inevitable bugs [...]

Leave a Comment

Belgian government releases source code for election software

The Belgian government has just released the source code for the software used in the 2008 elections to the public. The news was first reported by the Open Source Observatory & Repository Europe; the files are presented in two zipfiles that contain mostly C and C++ source code.

Leave a Comment

Astalavista “hacker community” hacked.

Earlier this week, the self-proclaimed “hacker community” Astalavista (not to be confused with the other Astalavista) has been targeted by hackers itself. While this site isn’t as popular as it was years ago, I’d consider this a rather high-profile target; in this case, the so-called “anti-sec group” thought so as well. They posted this message [...]

Comments (2)

The downside of automatic updates

Just days after a report co-authored by Google claimed that the automatic update feature of the Chrome browser help improve security by silently installing patches without asking for approval from the user, the managed to demonstrate the downside of this approach.

Leave a Comment

Remote root exploit for Linux machines running SCTP applications

There appears to be a serious vulnerability in Linux kernel versions < 2.6.28-git8. This was reported as a potential denial-of-service issue in many places; but it now appears to be more serious than that. This site over at blogspot.com posted exploit code that supposedly allows an attacker to gain root privileges on machines running sctp [...]

Leave a Comment

Was 4chan’s creation of Twitter accounts stopped, or did they lose interest?

With the race to reach 1 million followers between Ashton Kutcher and CNN over, let’s look back at the runner-up that was on track to beat both to the finish line: @basementdad.

Comments (1)