AV vendors Race-to-Zero Clue

Hackers of the world will once again unite at DEFCON 16, this August 8th, one of the industry's top conferences.  The world's best and brightest security minds will deliver presentations and papers, sharing their latest research...

Infosec Europe 2008 funded by Ministry of Silly Walks

For those of you illiterate in British comedy, the Ministry of Silly Walks is a fictitious British organization, which only existed in the world of Monty Python in the 1970's.   The classical comedy sketch presents a man in need of...

Internet hit by Tornado

Evidence of a new "attack pack" has surfaced, reports Shaun Nichols, providing further proof of the organized complexity of exploit code.  The web-based toolkit, called Tornado, is speculated to have been in operation for at least...

NSA holds 8th annual Cyber Defense Exercise

The National Security Agency/Central Security Service (NSA/CSS) Information Assurance Directorate is currently holding its 8th Annual Cyber Defense Exercise.  It started on April 21st and will be coming to a close this Thursday...

The CIA Hack...still working.

Once this vulnerability was submitted by Harry Sintonen to Wired's Threat Level last week, it's been spreading like wildfire throughout the web.  Discovery of a new XSS is nothing new, but does become noteworthy when it involves a...

Bookmark the 20 Useful IT security sites

About a week or two ago, Network World ran a good segment by Jon Brodkin…actually it was more of a slideshow with accompanying text…called, 20 Useful IT security sites.  It did contain some of the best online resources for...

ActiveX Security...Licence to Kill Bit.

The exploitation of ActiveX controls is not new to the security community.  While initially designed to provide website authors with new embeddable features, and granting Internet Explorer (IE) users access to these new functional...

Symantec Statistics and Malware's Mushroom Cloud

Initially, I set out to write this blog about the security risks involved with the misperception of numerical data, and the problems with conventional wisdom.  However, my internet readings led me slightly off course, in pursuit of...

Seizing the Epilepsy Attack

I may be a couple of days late with this one, but this is one of those few times, when I am truly amazed by the malicious intent of an internet exploit. Hackers defacing a website, frequented by epileptics, to intentionally cause...

BlackHat Europe Review, 0day Patch bogus

Today, I will actually get to covering BlackHat Europe 2008, which came to a close on Friday of last week.  The four day convention consisted of the usual training and briefings from some of the top technical experts in the security...

CamSecWest - Final thoughts

My last blog talked about Vancouver's CanSecWest, and I promised to give a wrap -up of BlackHat Europe today. But, I lied. Actually, I wanted to tie up some loose ends on CanSecWest before discussing BlackHat.Firstly, as most now...

Hacking in Canada

The past several days have been a busy and exciting time in the world of hacking.  There have been presentations, demonstrations, and uber-pwnage, happening across the globe.  Well...mostly Vancouver and AmsterdamHere are some...

The Internet Security of Real-World Threats

Cybercrime, primarily, begins with an intangible theft-strings of numbers and letters, that equate to valuable and personal information. When this data is illegally used, the affect on the victim is handled in the "real world",...

WEP – Where Everyone’s Permitted

The continued usage of WEP in wireless networks is staggering. In fact, I'm not sure why it's allowed as an option at all. You have two main security decisions to make when setting up a wireless network. Do you want to implement...

NetZero = Zero Net

I have recently conceived a new word, during the inexcusable absence from my blog. Adopting the usual, "if I thought of it, then surely it already exists" approach, I consulted the mother of all online (mis)information, Wikipedia,...

The Cardiac Hack

I always hoped this day would never come.... However, after reading the articles by Wired, The NY Times, CNET and Slashdot, I knew that this day had arrived.The day that hacking had branched out into an area that was murderously...

Knock, Knock...Who's there? Port Knock!

In our society, it often takes tragedy, to bring about change; unfortunate, but true. I am no exception. Over the weekend, I may have accidently left a few ports open. With 65,535 of them, it's hard to remember if they're all...

"You're FireWired!"

Vulnerability disclosure continues to be a difficult area for both black and white hat "security researchers". Occasionally, disclosure results in appreciation from the vendor and the subsequent timely release on an efficient patch....

Reloading the WiFi Shotgun

With the recent release of several new wireless exploits, I thought this might be a good time to revisit an "oldie but goodie" security tactic.I don't' keep statistics on hackers-number, skill level, favorite targets, tools used-and...

A DOS attack is not a DoS attack

Anyone who works in an IT related field, or who possesses a basic understanding of networking, or even those who have used the internet in the past 10 years, have heard of DoS attacks.  Regardless of method, the concept of bombarding...

Load More