A Superbowl Wifi Problem

A Superbowl Wifi Problem

It’s an annual puff piece, whoever is in charge of security at the Super Bowl appears on the news in front of some barrier or computer screen, talking about the number of security guards, guard dogs, or whatever else passes as some grand measure of the ‘amount’ of security being applied. And as with Super […]

Read More →

Read More →

DHS incorrectly associates 84,000 web sites with child pornography

DHS incorrectly associates 84,000 web sites with child pornography

On February 15th a joint project of the Department of Homeland Security Immigrations and Customs Enforcement (ICE) and the Department of Justice termed “Operation Protect Our Children” confidently announced the seizure of ten domain names involved in the advertisement and distribution of child pornography. What they failed to mention was that they also knocked out […]

Read More →

Read More →

Colbert Explains Cyberwar

Colbert Explains Cyberwar

On the Colbert Report, host Stephen Colbert provided some background on “the First Great Cyberwar” as the hacktivist collective Anonymous has dubbed it, the “Defend Assange” sub-mission of Operation Payback. Operation Payback started as a fight against anti-piracy measures, but has moved to attacking web sites seen to be impeding Wikileaks in its mission to […]

Read More →

Read More →

Anonymous Releases Very Unanonymous Press Release

Anonymous Releases Very Unanonymous Press Release

Today, December 10th, Anonymous, an Internet gathering, released a press release which you can read below. In it, a description is provided of what Anonymous is about, what Operation Payback is, and where the media is getting it wrong. Also in it, its author forgot to remove his name in the pdf’s Meta information. Document […]

Read More →

Read More →

Paypal Sender Country XSS

Paypal Sender Country XSS

A new XSS vulnerability was identified on Paypal.com earlier today, found by d3v1l and disclosed on both Security-Shell and XSSed. The problem is with the parameter sender_country in a transaction called nvpsm. NVP is Paypal’s API for Merchants to use when interacting with the Paypal web site, it stands for Name-Value Pair. SM is short […]

Read More →

Read More →

Turning an ATM into a Slot Machine

Turning an ATM into a Slot Machine

Security researcher Barnaby Jack, currently at IOActive but a veteran of Foundstone, eEye, and Juniper with almost ten years in the industry, has demonstrated two exploit methods for ATM’s (Automated Teller Machines) in a presentation that is thus far the talk of the Black Hat 2010 conference. In a discussion originally slated for last year […]

Read More →

Read More →

114,000 iPad Owners: The Script that Harvested Their E-mail Addresses

114,000 iPad Owners: The Script that Harvested Their E-mail Addresses

Here is the script referenced in the Gawker story from earlier that describes how a number of early iPad 3G subscribers, including names like Harvey Weinstein, Michael Bloomberg, Diane Sawyer, and Rahm Emanuel had their e-mails revealed via a poorly designed web application hosted by AT&T. Goatse Security, named for the famous Internet shock image, […]

Read More →

Read More →

Thou Shalt Not Send Naked Pictures…To Anyone Ever

Thou Shalt Not Send Naked Pictures…To Anyone Ever

It’s becoming a familiar story, an angry parent of a student reports finding inappropriate images, self taken naked pictures and videos, on that student’s cell phone. The images and video were sent to the student by a high school football coach. The mother of the student e-mailed the pictures to the administration of the high […]

Read More →

Read More →

Top