Welcome to the aforementioned slinky and sultry Web 2.0 crap.
Navigation
Tags
attrition: advisory errata archive vendor_fail news charlatan lazlo security_comp_fail going_postal rant box_of_shit movie_review book_review music_review contest buy_shit
twitter: technical_difficulties unsolicited_updates foursquare wefollow musings imdb dmfail
hobbies: critter_of_the_day squirrel guinea_pig stalking
related: osf datalossdb conference osvdb
type: quote screenshot photo video tweet audio question chat link
Links
Tools
-
DEF CON Security Charlatan of the Year Nominations
So many choices!
8 months ago -
NetworkWorld: Northrop Grumman constantly under attack by cyber-gangs
Northrop Grumman claims 300 0-day attacks against them last year, now a 0-day every 11 minutes.
8 months ago -
ISC-CERT ALERT 2010-10-28 (PDF)
Why SCADA deployments are fucked.
8 months ago -
Security Company Fail: Certigna publishes SSL private key by mistake
[While this disclosure turned out to be a private key for a development / testing network, the fact is it still should not have been published in a world readable directory. Doing so highlights a serious breakdown in security policy and a failure in secure operations.]
A French provider of SSL certificates appears to have made a bit of a boo-boo in its webserver configuration: publishing its private key for the world to see, and opening up a potentially serious security hole in the world’s web browsers.
SSL certificates serve two purposes on the Internet: to encrypt information, and to verify a webserver’s identity. An SSL certificate is what is used to keep the password you log in to your Internet banking site private, and also serves to ensure that you’re genuinely logging in to the bank’s own server.
8 months ago -
infosec island: LIGATT Email on LulzSec Dox PR Appears to be Fake
Wow, kudos to Anthony Freed and Infosec Island for their piece on LIGATT / LulzSec, *very* well done.
8 months ago -
Security Company Fail: Security 'expert' offers $10K reward for site hack, LulzSec obliges
myce:
Joseph Black, Senior Adviser at Black & Berg Cybersecurity Consulting, LLC, offered a challenge at his site’s homepage: hack it, and receive a $10,000 reward plus a position at the firm working alongside him. He felt so cocksure that he taunted the newly notorious online hacker group, LulzSec, via Twitter.And then, the group hacked the homepage of Black & Berg Cybersecurity Consulting.
8 months ago -
Security Company Fail: Unveillance faces troubled waters in the wake of LulzSec visit
In response to the news that the U.S. government wants to view hacking as an act of war, the group responsible for attacks on Sony and PBS targeted the Atlanta chapter of InfraGard, a security association that works with the FBI.
The aftermath of LulzSec docking their ship in InfraGuard’s port has resulted in accusations of corruption against data intelligence and metrics firm Unveillance.
8 months ago -
Security Company Fail: Cisco deceived Canadian courts in audacious ploy to jail executive, judge finds
VANCOUVER - The giant computer company Cisco and U.S. prosecutors deceived Canadian authorities and courts in a massive abuse of process to have a former executive thrown in jail, says a B.C. Supreme Court judge.
The point, said Justice Ronald McKinnon in a stinging decision delivered orally on Tuesday, was to derail a lawsuit launched by the former employee, and involved a series of machinations that would make a normal person “blanch at the audacity of it all.”
8 months ago -
Security Company Fail: LulzSec Hacks FBI Affiliate Infragard
LulzSec is at it again, bringing a whole new batch of stick-it-to-the-man.
In its most recent activity, LulzSec has defaced the website of Infragard Atlanta, the Atlanta branch of a cooperative between the FBI and public assets.
8 months ago -
Bank Info Security: BofA Breach: 'A Big, Scary Story'
Stay classy, BoA.
9 months ago -
Security Company Fail: New hack on Comodo reseller exposes private data
Yet another official reseller of SSL certificate authority Comodo has suffered a security breach that allowed attackers to gain unauthorized access to data.
Brazil-based ComodoBR is at least the fourth Comodo partner to be compromised this year. In March, the servers of a separate registration authority were hacked by attackers who used their access to forge counterfeit certificates signed with Comodo’s root signing key. Comodo admitted that two more of its resellers were hit in similar attacks, although no keys were issued.
Comodo has so far declined to name the resellers.
9 months ago -
TechDirt: Cisco Sued For Helping China Repress Falun Gong
9 months ago
-
The Daily Beast: Facebook Busted in Clumsy Smear on Google
Facebook “believes Google is doing some things in social networking that raise privacy concerns…”
9 months ago -
Security Company Fail: LastPass Says Hackers May Have Stolen Password Data
May 5 (Bloomberg) — LastPass, a company that offers to safeguard and simplify managing subscribers’ online passwords, said hackers may have broken into its database and stolen information on as many as 1.25 million accounts.
The company’s service allows customers to use one password with enhanced security features to access multiple password- protected accounts for online banking, Internet shopping, and other secure sites. The Vienna, Virginia-based company posted a message on its website late yesterday alerting customers to the breach in its security.
9 months ago -
antiduckface.com
10 months ago
