Monday, April 21st, 2008
Almost everyone knows what CSRF or better unauthorized requests are. I never really embraced CSRF as the correct term for unauthorized request issues, because the term is outdated and inadequate to contemporary hacking. For me, an unauthorized request is the layer or automation of a hacking procedure without direct interference ...
Posted in Internet, Privacy, Security | No Comments
Thursday, April 17th, 2008
I’m not a Windows Vista fan. In fact, my new PC runs on XP, but uses OpenSource applications for most of my business needs. So why do I even care about a trick to get sluggish Vista browsing back to an acceptable speed? My mom uses Vista, and I love ...
Posted in Internet, Networking, Windows | No Comments
Wednesday, April 16th, 2008
For years, hackers have focused on finding bugs in computer software that give them unauthorised access to computer systems, but now there's another way to break in: hack the microprocessor.
Researchers at the University of Illinois at Urbana-Champaign demonstrated how they altered a computer chip to grant attackers back-door access to ...
Posted in Hardware, Privacy, Security | No Comments
Tuesday, April 15th, 2008
While most VoIP-related vulnerabilities are posted to the VOIPSA mailing list or blog, I thought it might be useful to have a informal quarterly summary of sorts among VoIP devices per searches from NIST. I hope folks find it helpful, and of course post comments if I’ve overlooked anything from ...
Posted in Hardware, Internet, Networking, Security, Software | No Comments
Monday, April 14th, 2008
A security researcher claims to have found a significant weakness in the wireless encryption of a DSL home gateway made by Thomson and distributed to broadband subscribers in the U.K. by network operator BT.
Exploiting the weakness could enable someone to connect to a victim's Wi-Fi router for malicious purposes such ...
Posted in Hardware, Internet, Security | No Comments
Tuesday, April 8th, 2008
Researcher Dan Kaminsky plans to show how a web-based attack could be used to seize control of certain routers.
Kaminsky has spent the past year studying how design flaws in the way that browsers work with the Internet's Domain Name System (DNS) can be abused in order to get attackers behind ...
Posted in Hardware, Internet, Privacy, Security | 1 Comment
Saturday, March 8th, 2008
If you haven't changed the default password on your home router, do so now.
That's what researchers at Symantec and Indiana University are saying, after publishing the results of tests that show how attackers could take over your home router using malicious JavaScript code.
For the attack to work, the bad guys ...
Posted in Hardware, Internet, Networking, Privacy, Security | No Comments
Saturday, March 8th, 2008
Imagine visiting a blog on a social site or checking your email on a portal like Yahoo's Webmail. While you are reading the Web page, JavaScript code is downloaded and executed by your Web browser. It scans your entire home network, detects and determines your Linksys router model number, and ...
Posted in Internet, Security | No Comments
Saturday, March 8th, 2008
Which operating system, embedded in more than 80% of enterprise IT environments, represents one of the fastest-growing hacker targets and potentially the most-devastating information-security vulnerability? Hint: It ain't Windows. Cisco Systems' Internetwork Operating System now sits at the center of the information security vortex. Because IOS controls the routers that ...
Posted in Hardware, Security | No Comments
Saturday, March 8th, 2008
Cisco's Linksys WRT54G Wireless-G Broadband Router has a flaw that could allow an attacker to gain administrative privileges on vulnerable devices. Even if the remote administration feature on the device is turned off, the router serves the administration web page on ports 80 and 443, protected only by a weak ...
Posted in Security | No Comments
