Blog

Stop Using IE… Umm… Again… For Now. Anyone on Lynx?

By Rich
An unpatched vulnerability being exploited in the wild. When I’m on a Windows system (I run it virtualized on my Mac for work) I tend to use multiple browsers since even Firefox has issues at times. I even do this on my Mac- running Firefox and Safari, switching between the two depending on where I’m going. But at this rate I’m going back to Lynx. (And if you go to “those” sites do yourself a favor and only browse from a virtual machine you reset after every use).

Update: No Bluetooth 0day Vulnerability, but a New Exploit

By Rich
After reviewing the materials I could find online I directly contacted Thierry Zoller and he was kind enough to respond with more details. In his words (with permission). Short version is the flaw is well patched, but the exploit is a new technique of getting a remote shell. No kernel bugs this time: Dear Rich Mogull, RM> Saw the ISC entry on your BT attacks. I’ve been writing a bit on this RM> issue and am wondering if you have any time for a couple quick RM> questions? RM> 1. Are currently patched Macs safe (OS X 10.4.8, 10.3.9)? Yes! The underflying

Don’t Panic: Bluetooth 0Day on Mac: Probably Patched

By Rich
I have no details, but am investigating. http://isc.sans.org/diary.php?storyid=1817 I know there are some Bluetooth 0days floating around for various platforms, but this one wasn’t on my list. This was presented at a conference in Europe. A copy of the presentation is here. In the presentation it looks like the flaw is patched, but I’m checking with the author to find out for sure. Right now nothing to panic about, but I do stand by my advice to start limiting wireless use in public areas. I still use my wireless, but I leave

Site Updates This Weekend

By Rich
I’ll be updating the look and feel of the site slightly, and performing some other system updates. There shouldn’t be any outages, but if you do notice anything strange or some HTML/CSS issues please let me know

E-voting Can be More Secure When Done Right

By Rich
In the comments of my last post, bkwatch reminds me that paper ballots are from from perfect. I totally agree. I’m also not against e-voting just on principle. Or against all e-voting. I’m just against insecure electronic voting. Which, based on what I’ve seen, is true of many, if not most, current implementations. Here’s what I said: Here”s why I don’t think the risk is overblown. First of all there are only a few manufacturers of voting machines. The problems we see are systemic to those manufacturers and systems. Thus the potential exits for

I Admit it: on E-Voting Hyperbole and Optimism;—Also, Diebold Fights HBO

By Rich
Now there’s something I need to admit here. Hopefully it won’t scare you courageous readers away. You see, as much as I (and fortunately, my employer) consider myself a security expert it wasn’t exactly my major. Nope, wasn’t computer science either. History, you ask? With a bit of molecular biology? Yep, you got it. So when Pete Lindstrom reminds me that it’s not like voter fraud is new to US elections I have to admit he’s right, and I knew it. Heck, to this day rumors still float around that Joe Kennedy may have

Former CEO of CA Gets 12 Years in Jail

By Rich
I don’t cover industry issues here, but this is just too good to pass up. Sanjay Kumar, former CEO of CA, is sentenced to 12 years and $8M in fines. U.S. District Judge Leo Glasser said though Kumar was not a violent criminal, he “did violence to the legitimate expectations of shareholders.” Prosecutor Eric Komitee said Kumar deserved severe punishment as the architect of an elaborate coverup that was “the most brazen in the modern era of corporate crime.” … After the FBI began investigating the company in 2002, Kumar orchestrated a cover-up that involved lying under oath about the “35-day

E-voting: Democracy is Dead. Dead and Rotted. Unless we Stop this Insanity

By Rich
I don’t know a single security expert that supports any current implementation of electronic voting. It’s too late for this election, but if we don’t take action before 2008, we might as well kiss what’s left of democracy in the United States goodbye. http://feeds.feedburner.com/~r/boingboing/iBag/~3/44064916/fl_evoting_machines_.html We’re not just disenfranchising a small segment of the population; we’re disenfranchising our entire society. Yes, I really think it’s that bad. At least it will be, if we don’t do something… …and yes- I plan on doing something,

More SCADA News- Water Plant Hacked

By Rich
I’m linking to Jim at DCS Security- he has the best SCADA background in the blog community and hopefully he’ll dig into this particular hack a little more: http://dcssec.blogspot.com/2006/11/more-on-water-system-hack.html The more we transition process control networks to the same tech we run the Internet on, and the same Windows and *nix systems we run our homes and businesses on, the more incidents like this we’ll see… (my original post on SCADA)

Month of Kernel Bugs Starts With Apple: November Should be Fun

By Rich
The first flaw isn’t all that interesting (affecting older PowerBooks, and only under certain conditions) but methinks November will be pretty darn interesting: http://blogs.zdnet.com/Ou/?p=359 http://kernelfun.blogspot.com/ http://www.securityfocus.com/brief/344 http://blog.washingtonpost.com/securityfix/2006/11/exploit_released_for_unpatched_1.html http://www.mckeay.net/secure/2006/11/a_month_of_kernel_bugs.html More later, but the nasty ones to watch out for will, I expect, generally be either for wireless drivers (like this one), or file systems (and make nasty USB keys with). Remember, these all run in ring 0 and can do
Page 320 of 327 pages ‹ First  < 318 319 320 321 322 >  Last ›