Tag Archives: security

I just wanted to thank the folks at NBC Dateline for all the LULZ: Kinda reminds me of that whole Internet Haet Machine failure produced by Fox. And here I thought that “investigative journalism” means that one has to objectively … Continue reading →

I have always said that the biggest problem with Windows security is that everyone is running as an Admin by default. I never really preached the LUA principle on Windows machines though. Unfortunately, I’m guilty of using an account with … Continue reading →

This is for my cousin Anetta who likes to store sensitive information in her head. While it’s sometimes good to commit crucial passwords to memory, good documentation is important. My memory is not that great – and I must admit … Continue reading →

My boss called me today with a Quickbooks question. Of course the fact that I’m not an accountant, I do not use Quickbooks, and that I have only a vague idea of what it is used for didn’t cross his … Continue reading →

If you ever used Spybot and it’s resident registry protection tool TeaTimer you know what I mean. If you didn’t let me illustrate it to you using a picture: image stolen from forums.spybot.info Do you see the problem here? And … Continue reading →

Lately I noticed that my ClamAv installation is having some issues. Observe: # freshclam ClamAV update process started at Fri Feb 16 16:14:54 2007 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.88.2 Recommended version: 0.90 DON’T PANIC! Read … Continue reading →

In the morning today I noticed that I got around 10 new friend requests on MySpace. All of them were spam accounts and all but 2 have been deleted since then. Since I’m running Linux I decided to check out … Continue reading →

It appears that the website of the Dolphin Stadium (home of Sunday’s Super Bowl XLI) has been compromised, and a malicious trojan downloader was embedded into the website code: img © websense From the source: A link to a malicious … Continue reading →

I find it funny how this myth of an all powerful “hackers” that can break into any computer anywhere at any time is about as prevalent as the myth of super-spy. Most of us has really no idea of how … Continue reading →

Public key encryption is awesome – it’s a fact. The only problem with it is that no one sans few security geeks ever wants to use it. Most people’s adventures with email encryption starts when they download and install gpg … Continue reading →

Two factor security is great on paper, but often it turns out to be a major pain in the ass for the users. You wouldn’t think that carrying a small RSA token would be much of a problem. But for … Continue reading →

Yesterday I felt like crap. I haven’t been getting much sleep lately so I decided to call it a night and went to bed early. I think I fell asleep the instant my head hit the pillow. Only to be … Continue reading →

Vista installation appears to be very different from the multi-reboot procedure known from previous versions. Apparently the Vista DVD’s will simply contain a compressed disk image (in a proprietary Microsoft .wim format) which will simply be copied onto your drive. … Continue reading →

How to browse the web while maintaining your privacy and confidentiality (at least to some extent)? The quick answer is use onion an routing protocol such as Tor that will encrypt your connections, and use a number of proxy nodes … Continue reading →

There was a dude here at my work most of the morning pentesting our network. It’s actually kinda cool. I think that having someone enumerate the most obvious gaping holes in your security setup is a really good thing. Once … Continue reading →

It seems that voters casting early ballots using the Diebold machines in Florida already have reported persistent bugs and glitches preventing them from casting their votes correctly. Apparently most of the faulty machines would assign the votes cast for Democratic … Continue reading →

Here is a story for you: In 2003 a security researcher Bruce Sheiner pointed out that the anyone can print a fake boarding pass at home In February of 2005 the Slate magazine published an article describing the same security … Continue reading →

How long would it take you to brute force the md5 hash? Given a fast hardware able to conduct around a million of tests per second, it would take you somewhere close to 1022 years to crack it. Of course … Continue reading →

Today I have learned a new trick. You can do very basic pseudo-stegonography by simply using winrar and the rudimentary windows copy command. If you are to lazy to click on a link, let me show you how: First let’s … Continue reading →

I do not use FTP, and you shouldn’t use it either. Sending your password and files over the tubes in plaintext form might have been ok in the 80’s but nowadays it’s just asking for trouble. I use scp for … Continue reading →

I found this in my inbox yesterday: We will be adding a security layer (SSL) to the Blackboard site on Monday to provide greater security. We anticipate that this process will go smoothly. Please let us know if you have … Continue reading →

What is the worst password you could possibly use? Why it’s password of course. Closely trailing behind it are iloveyou and fuckyou and similar gems. But according the the Myspace password list analysis, nothing really beats cookie123. Apparently there are … Continue reading →

There are several ways to reliably [tag]crash IE[/tag] but this one is possibly the simplest and most effective way. All you need to do is to put the following line of j[tag]avascript[/tag] somewhere on your page: for (x in document.write) … Continue reading →

Thanks to the diligence of [tag]comment spammers[/tag] I have learned something interesting. I’m not sure if [tag]ny.com[/tag] is affiliated with the New York City in any way – it looks like a big commercial link site for NY related content. … Continue reading →

Nikto is an awesome perl script which will test your web server for vulnerabilities. For example, it will tell you if you have any gaping holes in your configuration that would allow attackers to run known exploits. It will also … Continue reading →