At this year’s Hacking At Random event/conference (HAR2009), a member of SSDeV (the “Sportenthusiasts of Lockpicking”) managed to pull off a very cool stunt: he copied a key for police handcuffs without owning the original key itself.
Entries for the ‘Short newslinks’ Category
Wat is the worst response you can give when someone alerts you about a security issue in your software? I can almost hear you thinking: “waiting two years to fix it“, but there is an even worse response. Some companies just simple don’t respond at all. Simply amazing… After verifying the issue we contacted the [...]
Last month, the webserver hosting the popular open source webmail suite SquirrelMail was compromised. At that time, the maintainers thought no source code had been altered: At approximately 1700 GMT, on June 16, it was discovered that the SquirrelMail webserver had been compromised. The project administrators took immediate action to mitigate any futher compromises, locking [...]
Secunia released some interesting statistics last week; according to their numbers, at least 92% of the people using their PSI scanner that have Flase Player installed are running a version that is affected by the zero-day attack that was recently discovered. The real number might be even higher; they didn’t release combined numbers for users [...]
ACM Queue has just added a new paper by Charles Reis, Adam Barth and Carlos Pizano. It expands upon the information published earlier about the effectiveness various browsers’ update mechanisms, adding information about the measures taken to keep users from visiting malicious websites and, more importantly, the ways in which they prevent the inevitable bugs [...]
The Belgian government has just released the source code for the software used in the 2008 elections to the public. The news was first reported by the Open Source Observatory & Repository Europe; the files are presented in two zipfiles that contain mostly C and C++ source code.
Earlier this week, the self-proclaimed “hacker community” Astalavista (not to be confused with the other Astalavista) has been targeted by hackers itself. While this site isn’t as popular as it was years ago, I’d consider this a rather high-profile target; in this case, the so-called “anti-sec group” thought so as well. They posted this message [...]
Just days after a report co-authored by Google claimed that the automatic update feature of the Chrome browser help improve security by silently installing patches without asking for approval from the user, the managed to demonstrate the downside of this approach.
There appears to be a serious vulnerability in Linux kernel versions < 2.6.28-git8. This was reported as a potential denial-of-service issue in many places; but it now appears to be more serious than that. This site over at blogspot.com posted exploit code that supposedly allows an attacker to gain root privileges on machines running sctp [...]
With the race to reach 1 million followers between Ashton Kutcher and CNN over, let’s look back at the runner-up that was on track to beat both to the finish line: @basementdad.