Slashdot Mirror

← Back to Domains

Domain: securityfocus.com

Stories and comments across the archive that link to securityfocus.com.

Stories · 365

  1. Chimp Can Hack Diebold Electronic Voting System

    · posted by ryuzaki0 · from the don't-say-we-didn't-warn-you dept. · 402 comments
    rbuysse writes "A million monkeys can write Shakespeare, but it only takes one to mess up an election. Scoop here." Blackboxvoting is behind this demonstration; there's also a lengthy thread on the Bugtraq mailing list.

  2. CEO Indicted for DDOSing Competitors

    Yro · Court · · posted by michael · from the one-way-to-get-ahead dept. · 521 comments
    ruland writes "It turns out there was a reason the hosting company CIT/Foonet was raided in February. SecurityFocus.com reports that the CEO of a web-based satellite T.V. retailer has been indicted for allegedly paying Foonet's administrator to arrange denial of service attacks against his competitors, causing outages as long as two weeks at a time, and $2 million in losses. Now he's skipped out on $750,000 bail, while the five packet monkeys who worked for him are left facing felony charges of their own."

  3. CEO Indicted for DDOSing Competitors

    Yro · Court · · posted by michael · from the one-way-to-get-ahead dept. · 521 comments
    ruland writes "It turns out there was a reason the hosting company CIT/Foonet was raided in February. SecurityFocus.com reports that the CEO of a web-based satellite T.V. retailer has been indicted for allegedly paying Foonet's administrator to arrange denial of service attacks against his competitors, causing outages as long as two weeks at a time, and $2 million in losses. Now he's skipped out on $750,000 bail, while the five packet monkeys who worked for him are left facing felony charges of their own."

  4. South Pole Research Station Hacked Twice

    Security · · posted by ryuzaki0 · from the doors-wide-open dept. · 292 comments
    Marda writes "It's been known for a while that Romainian cyber extortionists cracked the computer network at the Amundsen-Scott South Pole Station last year. Now SecurityFocus is reporting that another computer intruder penetrated the station just two months before, and cracked the data acquisition system for the Degree Angular Scale Interferometer (DASI), a radiotelescope that measures properties of the cosmic microwave background. It turns out the station was insecure 'purposely, to allow for our scientists at this remotest of locations to exchange data under difficult circumstances,' according to internal reports."

  5. South Pole Research Station Hacked Twice

    Security · · posted by ryuzaki0 · from the doors-wide-open dept. · 292 comments
    Marda writes "It's been known for a while that Romainian cyber extortionists cracked the computer network at the Amundsen-Scott South Pole Station last year. Now SecurityFocus is reporting that another computer intruder penetrated the station just two months before, and cracked the data acquisition system for the Degree Angular Scale Interferometer (DASI), a radiotelescope that measures properties of the cosmic microwave background. It turns out the station was insecure 'purposely, to allow for our scientists at this remotest of locations to exchange data under difficult circumstances,' according to internal reports."

  6. Emergency Alert System Insecure

    Security · · posted by ryuzaki0 · from the ahoooooga-ahooooooga dept. · 210 comments
    glebe writes "The U.S. Emergency Alert System used to issue disaster warnings and other alerts over T.V. and radio is vulnerable to spoofing and denial-of-service attacks, SecurityFocus is reporting. Apparently, 'the EAS was built without basic authentication mechanisms, and is activated locally by unencrypted low-speed modem transmissions over public airwaves.' The FCC acknowledged the security issues yesterday in a public notice seeking comment on the future of the system."

  7. Microsoft Windows: A Lower Total Cost of 0wnership

    It · Security · · posted by michael · from the you-go-girl dept. · 524 comments
    bahamutirc writes "Dave Aitel of Immunity, Inc. has written an excellent report detailing the lower Total Cost of 0wnership Microsoft Windows has over Linux. Dave takes a unique approach in comparing the two operating systems, and the results are not surprising. The paper was submitted to Bugtraq today and is available in PDF and Open Office."

  8. FCC Rules VoIP Must Be Tappable

    Yro · Privacy · · posted by timothy · from the that-brother-keeps-growing-bigger dept. · 568 comments
    pengie2 writes "The FCC has unanimously approved the U.S. Justice Department's bid to expand CALEA to broadband and VoIP networks, according to reports from SecurityFocus and News.com. This means, following a mandatory public comment period, service providers will have to wire their networks for easy law enforcement surveillance, the way phone companies do now. The feds have wanted this for a long time." Ebon Praetor adds a link to Reuters' version, writing "In addition, the FCC has decided that the push-to-talk, or walkie-talkie, functions available on phones from Nextel should also be subject to the same tapping regulations that regular phones are."

  9. Clever Caller ID Tricks With VoIP

    It · Security · · posted by timothy · from the making-the-most-of-the-line dept. · 259 comments
    An anonymous reader writes "securityfocus.com has an interesting article collecting some clever exploits for VoIP. According to the article, using 'the open-source Linux-based PBX software Asterisk, used in combination with a permissive VoIP provider' can be used to fool caller id, and even get caller numbers that are supposed to be private."

  10. Clever Caller ID Tricks With VoIP

    It · Security · · posted by timothy · from the making-the-most-of-the-line dept. · 259 comments
    An anonymous reader writes "securityfocus.com has an interesting article collecting some clever exploits for VoIP. According to the article, using 'the open-source Linux-based PBX software Asterisk, used in combination with a permissive VoIP provider' can be used to fool caller id, and even get caller numbers that are supposed to be private."

  11. NetGear Also Has Remote Access Wide Open

    Hardware · Wireless · · posted by CowboyNeal · from the hotspot-back-doors dept. · 215 comments
    Glenn Fleishman writes "On the heels of Linksys's WRT54G problem of not allowing remote access to be disabled in certain cases and firmware, BugTraq published this report that NetGear's WG602 access point has a hidden password that provides remote and local administrative control. Unlike Linksys's, where turning the firewall on (which is on by default, but a researcher found new units in which it was off when taken out of the box), the NetGear hole cannot be disabled. The backdoor seems to have been created by the vendor that packaged the device for NetGear."

  12. Area 51 Hackers Map Buried Surveillance Network

    It · Security · · posted by timothy · from the damned-if-you-do dept. · 876 comments
    advair writes "There's a story on SecurityFocus about a pair of Area 51 'hackers' who discovered a buried network of wireless motion sensors on the public land surrounding the "operating location near Groom Lake, Nevada." Using a frequency counter and a GPS receiver, they tracked down and logged 30 - 40 of the sensors, before the FBI and Air Force raided one of them, and questioned the other. Now one of the guys has been charged with a federal crime for allegedly removing one of the devices that was protecting a base that doesn't officially exist."

  13. SuSE 9.1 Available for Download

    Linux · Suse · · posted by michael · from the gecko-power dept. · 229 comments
    Aiua writes "Novell and SuSE AG have made the Live Evaluation CD of SuSE Linux 9.1 available for download. A list of mirrors carrying the 680MB ISO image is available on the SuSE Website. The Live CD allows you to test some of the new features of 9.1 without installation, and is a SuSE recommended download to test your computer for distribution compatability. The full Personal and Professional Editions are now shipping and available for purchase in the SuSE Store or your local reseller." Reader Sweetshark points out that the first release of the Live CD has problems, so make sure you get the most recent one: "SUSE Security Announcement: Live CD 9.1 (SuSE-SA:2004:011) describes a big security hole in the SuSE 9.1 Personal Edition Live CD: 'Upon boot, the Live CD will automatically configure a network card if one has been detected. [...] A configuration error on the Live CD allows for a passwordless, remote root login to the system via ssh, if the computer has booted from the Live CD and if it is connected to a network.' A fixed iso is available."

  14. U.S. Considering Ratifying Cybercrime Treaty

    Yro · Usa · · posted by timothy · from the your-best-interests-at-heart dept. · 535 comments
    waytoomuchcoffee writes "SecurityFocus has a new article on the Council of Europe's "Convention on Cybercrime". The U.S. has already signed the treaty, but it has not yet been ratified by the Senate (although President Bush has written a letter urging the treaty's passage). This treaty, among other items, would require the U.S. to "cooperate with foreign authorities" in conducting surveillance on American citizens who have committed no crime under U.S. law, but may have broken another country's law (selling historic Nazi posters on Ebay? Germany might have you wiretapped), prohibiting the "production, sale or distribution of hacking tools", whatever that means (would Nmap be illegal?) and require the U.S. to pass laws to "force users to provide their encryption keys" and the plain text of their encrypted files. Canada is a signatory as well."

  15. U.S. Considering Ratifying Cybercrime Treaty

    Yro · Usa · · posted by timothy · from the your-best-interests-at-heart dept. · 535 comments
    waytoomuchcoffee writes "SecurityFocus has a new article on the Council of Europe's "Convention on Cybercrime". The U.S. has already signed the treaty, but it has not yet been ratified by the Senate (although President Bush has written a letter urging the treaty's passage). This treaty, among other items, would require the U.S. to "cooperate with foreign authorities" in conducting surveillance on American citizens who have committed no crime under U.S. law, but may have broken another country's law (selling historic Nazi posters on Ebay? Germany might have you wiretapped), prohibiting the "production, sale or distribution of hacking tools", whatever that means (would Nmap be illegal?) and require the U.S. to pass laws to "force users to provide their encryption keys" and the plain text of their encrypted files. Canada is a signatory as well."

  16. Slashback: Documentary, Directory, FUD

    Developers · Slashback · · posted by timothy · from the dispatch-from-sleepy-hollow-tennessee dept. · 204 comments
    Slashback tonight brings some updates and clarifications to previous stories, including news of the successful production of both a BBS documentary and an open-source directory. Read on for more!

    I goof, therefore I am sorry. Many readers submitted rebuttals to the claim I repeated that an Israeli web portal was the first to give users 1GB email accounts; Protein Shake, for one, writes that Spymac has them beat. "Forget Google, forget Israel's web portal... 1 GB e-mail is already out there. At least a few weeks ago. From their site '1 GB e-mail account, 350 MB combined storage, personal blog, forum, gallery, auctions and more...'"

    "And this was back when phone lines were just strings painted to resemble copper ..." Jason Scott writes "The BBS Documentary, announced on Slashdot nearly three years ago, has wrapped up filming. With over TWO HUNDRED interviews in the can, I've been spending a lot of my spare time (and not-so-spare time) editing, but I decided to put out the first of what will likely be a few trailers for it. Stop by and check out how I've spent the last few years. The Documentary will be released as a 3-DVD set later this year."

    It's like Who's Who, only different. Another gargantuan effort completed on a different front: Tony Stanco writes with word that "The 910-page Open Source Reference Book is available for download."

    The project was announced just over a year ago; considering the contents that's not a bad turnaround.

    It's nearly enough to make one cynical. Alex Wolfe writes "In a move worthy of the Luddites, the New York City Council is quietly trying to ban the Segway . The Council has proposed a law that's technically a ban on motorized scooters, but Harris Siliver, founder of Citystreets, an urban improvement organization, says the NYC Department of Transportation is specifically targeting the electric, non-polluting Segway. Silver is joined in his opposition to the bill by Apple cofounder Steve Wozniak."

    Get out much? If you just can't get enough random flamebait, here's a small fix to follow the anti-Linux FUD spread earlier this month by Green Hills CEO Dan O'Dowd. InfoSec writes "This morning's Security Focus page had an article about Consumer Grade *nix. The writer of the article slams Linux for not having free automated updates, enabling services in default installations, and not warning users when they are using 'root'. Uhmm, I could be wrong, but hasn't Mandrake been doing that for quite some time?"

    apt-get update seems to count as free updates to me (though those folks do take donations), and root-use warnings may not be perfectly applied, but they are found in various forms (depending on distro) at OS, WM, and application levels, including notices that certain tasks can only be run as root or other superuser. (I think it's Xchat that calls me "an idiot" when I've tried to run it as root.)

  17. Slashback: Documentary, Directory, FUD

    Developers · Slashback · · posted by timothy · from the dispatch-from-sleepy-hollow-tennessee dept. · 204 comments
    Slashback tonight brings some updates and clarifications to previous stories, including news of the successful production of both a BBS documentary and an open-source directory. Read on for more!

    I goof, therefore I am sorry. Many readers submitted rebuttals to the claim I repeated that an Israeli web portal was the first to give users 1GB email accounts; Protein Shake, for one, writes that Spymac has them beat. "Forget Google, forget Israel's web portal... 1 GB e-mail is already out there. At least a few weeks ago. From their site '1 GB e-mail account, 350 MB combined storage, personal blog, forum, gallery, auctions and more...'"

    "And this was back when phone lines were just strings painted to resemble copper ..." Jason Scott writes "The BBS Documentary, announced on Slashdot nearly three years ago, has wrapped up filming. With over TWO HUNDRED interviews in the can, I've been spending a lot of my spare time (and not-so-spare time) editing, but I decided to put out the first of what will likely be a few trailers for it. Stop by and check out how I've spent the last few years. The Documentary will be released as a 3-DVD set later this year."

    It's like Who's Who, only different. Another gargantuan effort completed on a different front: Tony Stanco writes with word that "The 910-page Open Source Reference Book is available for download."

    The project was announced just over a year ago; considering the contents that's not a bad turnaround.

    It's nearly enough to make one cynical. Alex Wolfe writes "In a move worthy of the Luddites, the New York City Council is quietly trying to ban the Segway . The Council has proposed a law that's technically a ban on motorized scooters, but Harris Siliver, founder of Citystreets, an urban improvement organization, says the NYC Department of Transportation is specifically targeting the electric, non-polluting Segway. Silver is joined in his opposition to the bill by Apple cofounder Steve Wozniak."

    Get out much? If you just can't get enough random flamebait, here's a small fix to follow the anti-Linux FUD spread earlier this month by Green Hills CEO Dan O'Dowd. InfoSec writes "This morning's Security Focus page had an article about Consumer Grade *nix. The writer of the article slams Linux for not having free automated updates, enabling services in default installations, and not warning users when they are using 'root'. Uhmm, I could be wrong, but hasn't Mandrake been doing that for quite some time?"

    apt-get update seems to count as free updates to me (though those folks do take donations), and root-use warnings may not be perfectly applied, but they are found in various forms (depending on distro) at OS, WM, and application levels, including notices that certain tasks can only be run as root or other superuser. (I think it's Xchat that calls me "an idiot" when I've tried to run it as root.)

  18. Former Anti-Piracy 'Bag Man' Turns On DirecTV

    Yro · Tv · · posted by michael · from the made-man dept. · 257 comments
    Cowards Anonymous writes "SecurityFocus has this story: 'A one-time enforcer in DirecTV's anti-piracy campaign is suing his ex-employer for wrongful discharge, after he allegedly resigned rather than continue to prosecute the company's controversial war against buyers of hacker-friendly smart card equipment.' John Fisher claims that he was hired by DirecTV as a senior investigator to track down satellite signal pirates. Instead, he claims, he was no better than a 'bag man for the mob'; coercing people into paying money for stealing services when he had no proof whether they had really done so."

  19. Save a Chatlog... Go to Prison?

    Science · Court · · posted by CmdrTaco · from the hold-the-bots-responsible dept. · 486 comments
    Alien54 writes "You are engaged in a chat session with some friends and colleagues, when one of them makes a witty remark or imparts a pithy bit of information. You hit CTRL-A and select the conversation, then copy it to a document that you save. Under a little-noticed decision in a New Hampshire Superior Court in late February, these actions may just land you in jail. New Hampshire is "two-party consent state" -- one of those jurisdictions that requires all parties to a conversation to consent before the conversation can be intercepted or recorded. The decision is the first of its kind to apply that standard to online chats, and the ruling is clearly supported by the text of the law. But it marks a blow to an investigative technique that has been routinely used by law enforcement, employers, ISPs and others, who often use video tape or othermeans to track criminals in chat rooms. This also has troublesome implications [for employers] monitoring of email and other forms of electronic communications."

  20. SecurityFocus Updates 2 Apache Vulnerabilities

    Tech · Bug · · posted by timothy · from the chin-up-buckle-down dept. · 15 comments
    michael path writes "SecurityFocus released two updated Apache vulnerabilities, one affecting 2.0.x (a DOS vulnerability), the other affecting both the 1.3.x and 2.0.x revisions (a buffer overflow). IBM HTTP Server is also affected by these vulnerabilities in similar version numbers."

  21. SecurityFocus Updates 2 Apache Vulnerabilities

    Tech · Bug · · posted by timothy · from the chin-up-buckle-down dept. · 15 comments
    michael path writes "SecurityFocus released two updated Apache vulnerabilities, one affecting 2.0.x (a DOS vulnerability), the other affecting both the 1.3.x and 2.0.x revisions (a buffer overflow). IBM HTTP Server is also affected by these vulnerabilities in similar version numbers."

  22. Tracking the Blackout Bug

    Usa · · posted by ryuzaki0 · from the hindsight-is-20-20 dept. · 207 comments
    Alien54 writes "This earlier Slash story cited a CNN news report on how the August blackout was preventable. But, as seen in this Security Focus article, things are not so simple. 'In the initial stages, nobody really knew what the root cause was,' says Mike Unum, manager of commercial solutions at GE Energy. 'We test exhaustively, we test with third parties, and we had in excess of three million online operational hours in which nothing had ever exercised that bug,' says Unum. 'I'm not sure that more testing would have revealed that. Unfortunately, that's kind of the nature of software... you may never find the problem. I don't think that's unique to control systems or any particular vendor software.' Which leads to a number of other questions."

  23. Keystroke Logger Faces Federal Wiretap Charges

    Yro · Court · · posted by CowboyNeal · from the watching-the-watchmen dept. · 346 comments
    securitas writes "In what prosecutors say is the first case of its kind, a former insurance claims manager was indicted on federal wiretapping charges for allegedly installing a keystroke logger on another employee's computer. The device was secretly installed 'on a PC used by a secretary to senior executives at Bristol West Insurance Group.' Reuters reports that the man, who had been fired, was gathering information for a class action lawsuit against his former employer. SecurityFocus interviews would-be keystroke logger user Larry Lee Ropp who reportedly installed the KEYKatcher device on the PC."

  24. Anti-piracy Vigilantes Tracking P2P Users

    It · Internet · · posted by CowboyNeal · from the trojans-of-a-different-breed dept. · 864 comments
    brevard writes "From SecurityFocus comes news that a pair of coders with a deep hatred of software pirates have gone public with a months-old experiment to trick file sharers into running custom spyware they wrote that scolds users and phones home to a server. They circulated the program disguised as sought-after downloads like Unreal Tournament 2004 and Microsoft source code, and they have a website that updates in real time whever someone executes it. They've logged IP addresses for over 12,000 'pirates' since January. The EFF says the vigilantes may be committing a crime."

  25. Anti-piracy Vigilantes Tracking P2P Users

    It · Internet · · posted by CowboyNeal · from the trojans-of-a-different-breed dept. · 864 comments
    brevard writes "From SecurityFocus comes news that a pair of coders with a deep hatred of software pirates have gone public with a months-old experiment to trick file sharers into running custom spyware they wrote that scolds users and phones home to a server. They circulated the program disguised as sought-after downloads like Unreal Tournament 2004 and Microsoft source code, and they have a website that updates in real time whever someone executes it. They've logged IP addresses for over 12,000 'pirates' since January. The EFF says the vigilantes may be committing a crime."

  26. Spam Solutions from an Expert

    It · Spam · · posted by CowboyNeal · from the separating-the-wheat-from-the-chaff dept. · 420 comments
    Mod N writes "SecurityFocus has posted a nice survey of anti-spam technologies by spam expert Neal Krawetz, in which he delves deeply into the specifics and pitfalls of the numerous proposed solutions. Krawetz makes it obvious that securing the email infrastructure is a very complex problem that many of the current (simple) solutions can't solve alone."

  27. Spam Solutions from an Expert

    It · Spam · · posted by CowboyNeal · from the separating-the-wheat-from-the-chaff dept. · 420 comments
    Mod N writes "SecurityFocus has posted a nice survey of anti-spam technologies by spam expert Neal Krawetz, in which he delves deeply into the specifics and pitfalls of the numerous proposed solutions. Krawetz makes it obvious that securing the email infrastructure is a very complex problem that many of the current (simple) solutions can't solve alone."

  28. WebTV 911 Hacker... Cyber Terrorist?

    It · Security · · posted by CmdrTaco · from the this-will-be-interesting dept. · 452 comments
    Mastab286 writes "Federal agents have arrested David Jeansonne, 43, of Louisiana on cyberterrorism charges under the USA PATRIOT Act for a malware attack against eighteen MSN TV (formerly known as WebTV) customers. As part of an online conflict in July 2002, Mr. Jeansonne wrote a script to change the dial-up number of MSN TV equipment to the 911 emergency number. He disguised the script as a tool to change the colors of the user interface, and sent it to his eighteen foes; the next time they tried to log on, they would end up calling the police instead. Several of the customers sent the tool to friends, bringing the total number of victims up to twenty-one. The script also posted the users' browser history to a website and e-mailed hardware serial numbers to a free webmail account. Prosecutors charge that the act meets the definition of cyberterrorism since it endangered public safety."

  29. Gov't Vulnerability-Disclosure Program Draws Heat

    Developers · Security · · posted by timothy · from the skeletons-in-closet dept. · 101 comments
    AndreyF writes " Securityfocus.com reports: 'a long-anticipated program meant to encourage companies to provide the federal government with confidential information about vulnerabilities in critical systems took effect Friday, but critics worry that it may do more harm than good.' The article discusses both sides of the PCII question, but leaves me wondering why the pro argument rests on my trusting large corporate CEO's to 'do the right thing.'"

  30. Gov't Vulnerability-Disclosure Program Draws Heat

    Developers · Security · · posted by timothy · from the skeletons-in-closet dept. · 101 comments
    AndreyF writes " Securityfocus.com reports: 'a long-anticipated program meant to encourage companies to provide the federal government with confidential information about vulnerabilities in critical systems took effect Friday, but critics worry that it may do more harm than good.' The article discusses both sides of the PCII question, but leaves me wondering why the pro argument rests on my trusting large corporate CEO's to 'do the right thing.'"

  31. Blackout Cause: Buggy Code

    It · Bug · · posted by michael · from the civilization-meets-the-woodpecker dept. · 377 comments
    blanca writes "The big northeast blackout from last summer was caused in part by a software bug in an energy managment system sold by General Electic, according to a story on SecurityFocus. The bug meant that a computerized alarm that should have been triggered never went off, hindering FirstEnergy's response to the train of events that lead to the cascading blackout. Investigators found the bug in a intensive code audit following the outage, and a patch is now available."

  32. Blackout Cause: Buggy Code

    It · Bug · · posted by michael · from the civilization-meets-the-woodpecker dept. · 377 comments
    blanca writes "The big northeast blackout from last summer was caused in part by a software bug in an energy managment system sold by General Electic, according to a story on SecurityFocus. The bug meant that a computerized alarm that should have been triggered never went off, hindering FirstEnergy's response to the train of events that lead to the cascading blackout. Investigators found the bug in a intensive code audit following the outage, and a patch is now available."

  33. Cable Modem Hackers Release Improved Firmware

    It · Security · · posted by michael · from the improvise-adapt-overcome dept. · 419 comments
    FatCat writes "SecurityFocus has a story about a group of hardware and software hobbyists specializing in embeddded systems who've released their own custom firmware for Motorola Surfboard cable modems. The firmware lets you log in to an interactive VxWorks shell, or issue commands from a Web browser through an http interface. You load it by tapping an undocumented console serial port on the circuit board. So far, uncappers are apparently the primary consumers, and they're downloading up to 400 copies a day."

  34. Cable Modem Hackers Release Improved Firmware

    It · Security · · posted by michael · from the improvise-adapt-overcome dept. · 419 comments
    FatCat writes "SecurityFocus has a story about a group of hardware and software hobbyists specializing in embeddded systems who've released their own custom firmware for Motorola Surfboard cable modems. The firmware lets you log in to an interactive VxWorks shell, or issue commands from a Web browser through an http interface. You load it by tapping an undocumented console serial port on the circuit board. So far, uncappers are apparently the primary consumers, and they're downloading up to 400 copies a day."

  35. DARPA-Funded Linux Security Hub Withers

    Developers · Security · · posted by michael · from the unglamorous-work dept. · 281 comments
    mAriuZ writes "Initially funded by a grant from the Pentagon's DARPA, the Sardonix project aspired to replace the Linux security review process with a public website that meticulously tracks which code has been audited for security holes, and by whom. As conceived by Crispin Cowan, Sardonix was to attract volunteer auditors by automatically ranking them according to the amount of code they've examined, and the number of security holes they've found. Auditors would lose points if a subsequent audit by someone else turned up bugs they missed. ... In the end, though, nobody showed up."

  36. FBI Agent Talks Crime, Macs

    Apple · Security · · posted by pudge · from the put-down-that-one-button-mouse-and-back-away-slowly dept. · 654 comments
    hype7 writes "There's an article at SecurityFocus describing a visit an FBI agent to Washington University. His visit was ostensibly about computer security and the general public's complete lack of any idea on computer security whatsoever: 'I have spent a considerable amount in the computer underground and have seen many ways in which clever individuals trick unsuspecting users. I don't think most people have a clue just how bad things are.' His talk ranged from some of the pranks he's seen played on unsuspecting users, to Eastern European extortion of big banks." WeakGeek added, "FBI security guys are using Macs because, 'those machines can do just about anything: run software for Mac, Unix, or Windows, using either a GUI or the command line. And they're secure out of the box.' Another good quote: 'If you're a bad guy and you want to frustrate law enforcement, use a Mac.'"

  37. Comcast Targets Internet "Abusers"

    Yro · Internet · · posted by CowboyNeal · from the how-much-is-too-much dept. · 628 comments
    An anonymous reader writes "Here's a great Associated Press story on Comcast's invisible caps. The company has been threatening and then cutting off customers who 'abuse' their so-called 'unlimited' service by downloading too much. But Comcast won't reveal what the limits are. DSL Reports has been tracking this for a while, and it's good to see the mainstream press catch on."

  38. Warspying in San Francisco

    Yro · Privacy · · posted by michael · from the peeping-thomas dept. · 282 comments
    hak_fan writes "SecurityFocus has a story on a group of radio hobbiests in San Francisco who occasionally go out warspying for wireless cameras in the 2.4GHz band, using some customized equipment. Their latest expedition turned up some interesting finds."

  39. Warspying in San Francisco

    Yro · Privacy · · posted by michael · from the peeping-thomas dept. · 282 comments
    hak_fan writes "SecurityFocus has a story on a group of radio hobbiests in San Francisco who occasionally go out warspying for wireless cameras in the 2.4GHz band, using some customized equipment. Their latest expedition turned up some interesting finds."

  40. Another Serious MSIE Hole

    It · Security · · posted by timothy · from the why-my-dad-gets-no-tech-support dept. · 731 comments
    pjrc writes "Infoworld is reporting another new security hole that allows links to executable files to appear to be any other type of file, such as text or pdf. When combined with a previously reported spoofing bug, that Microsoft still hasn't fixed, Infoworld claims the result could be 'devastating'"

  41. Currency Detection Discovered in More Products

    Yro · Privacy · · posted by CmdrTaco · from the plot-thickens dept. · 677 comments
    netbsd_fan writes "BUGTRAQ is reporting that anti-counterfeiting spyware is being found in more and more products. What is also interesting is that these products block fair uses of currency images which do not break the law. What incentive do printer manufacturers have to treat their customers like criminals? Is this a precursor to DRM in scanners, CD drives, and output devices?"

  42. Currency Detection Discovered in More Products

    Yro · Privacy · · posted by CmdrTaco · from the plot-thickens dept. · 677 comments
    netbsd_fan writes "BUGTRAQ is reporting that anti-counterfeiting spyware is being found in more and more products. What is also interesting is that these products block fair uses of currency images which do not break the law. What incentive do printer manufacturers have to treat their customers like criminals? Is this a precursor to DRM in scanners, CD drives, and output devices?"

  43. Currency Detection Discovered in More Products

    Yro · Privacy · · posted by CmdrTaco · from the plot-thickens dept. · 677 comments
    netbsd_fan writes "BUGTRAQ is reporting that anti-counterfeiting spyware is being found in more and more products. What is also interesting is that these products block fair uses of currency images which do not break the law. What incentive do printer manufacturers have to treat their customers like criminals? Is this a precursor to DRM in scanners, CD drives, and output devices?"

  44. Currency Detection Discovered in More Products

    Yro · Privacy · · posted by CmdrTaco · from the plot-thickens dept. · 677 comments
    netbsd_fan writes "BUGTRAQ is reporting that anti-counterfeiting spyware is being found in more and more products. What is also interesting is that these products block fair uses of currency images which do not break the law. What incentive do printer manufacturers have to treat their customers like criminals? Is this a precursor to DRM in scanners, CD drives, and output devices?"

  45. Currency Detection Discovered in More Products

    Yro · Privacy · · posted by CmdrTaco · from the plot-thickens dept. · 677 comments
    netbsd_fan writes "BUGTRAQ is reporting that anti-counterfeiting spyware is being found in more and more products. What is also interesting is that these products block fair uses of currency images which do not break the law. What incentive do printer manufacturers have to treat their customers like criminals? Is this a precursor to DRM in scanners, CD drives, and output devices?"

  46. Microsoft Word Forms Passwords Hacked

    It · Microsoft · · posted by Cliff · from the back-to-the-drawing-board dept. · 438 comments
    An anonymous reader notes: "SecurityFocus has published a hack that can be used to unlock Microsoft Word documents that have been password protected. The 'secure' file can easily be edited and the original password re-inserted, removing any trace of the modification. A ZDNet UK article says Dell uses password protected Word files to send quotes, which could make for a messy legal battle." This feature, known as 'Password to Modify', is not the password protection on the document itself, just the protection that restricts unauthorized editing of the file. This hack allows someone to download such a file, edit it, and restore the password...effectively allowing changes to the file to go potentially unnoticed.

  47. Identity Theft and Social Networks

    It · Security · · posted by michael · from the stealing-whuffie dept. · 190 comments
    scubacuda writes "This Security Focus article looks at the lack of security social network sites have, particularly their lack of SSL logins, which means a user's session ID will be logged on any proxy and possibly sniffed. From the article: '[A]ccording to [Clay] Shirky, one thing is certain: "The value of each site is communally-created. Links and transactions are more important than individuals." In other words, each community creates its own kind of value. Thus, an attacker might hit Tribe to farm social networks for spam victims; and then he might exploit LinkedIn to get the contact information for a VC he wants to meet.'"

  48. Mac OS X Buffer Overflow Found

    · posted by ryuzaki0 · from the and-so-it-begins dept. · 161 comments
    MacDork writes "Well, if default settings in Mac OS X made Lance Ulanoff excited, this is really going to make him do the monkey boy dance... SecurityFocus's Bugtraq mailing list just posted a buffer overflow, in the utility for mounting and probing ISO 9660 file systems. No exploits were mentioned. No word on whether 'Max' alerted Apple or anyone outside of the Bugtraq mailing list though." Also, 'Max' made entirely unfounded, sweeping statements about the general quality of Mac OS X from this one little item, but oh well. When you're on top, you make a tempting target.

  49. Examining an Automated Spam Tool

    It · Spam · · posted by michael · from the processed-meat dept. · 415 comments
    Saint Aardvark writes "SecurityFocus has published an excellent column detailing how spammers r00ted an Apache server, and used it to send spam. The tool they used is (I hate to admit it) pretty sophisticated: it has macro capabilities, picks up email addresses from and reports success or failure to the master server. It's a very frightening read...and so is this: Message Labs reports that they now intercept 27 spam emails per second, up from 2 per second this time last year. Virus-created proxies are mainly to blame."

  50. Safari Security Hole Allows Cookie Theft

    Apple · Macosx · · posted by pudge · from the shut-it-down dept. · 70 comments
    An anonymous reader writes "MacSlash posted a story about a vulnerability in Safari. The exploit allows someone to steal any of your domain-based cookies (passwords, private info, etc.) from any website. Mozilla and Internet Explorer had the same bug in the past."