pw201 + security   42

The Untold Story of NotPetya, the Most Devastating Cyberattack in History | WIRED
"It was a perfect sunny summer afternoon in Copenhagen when the world’s largest shipping conglomerate began to lose its mind."
russia  hacking  Security 
september 2019 by pw201
Delta Pointers: Buffer Overflow Checks Without the Checks
Using the top bytes of pointers to implement efficent out-of-bound detection.
security  C  pointer  programming  overflow 
april 2018 by pw201
Notes from the Intelpocalypse []
A good, reasonably technical, summary of the Spectre and Meltdown attacks.
cpu  hardware  spectre  meltdown  security  intel 
january 2018 by pw201
How To Add A Security Key To Your Gmail (Tech Solidarity)
2FA without the SMS/phone number backup (which can be hacked by social engineering your mobile phone network provider).
email  google  2fa  authentication  security 
august 2017 by pw201
Troy Hunt: Introducing 306 Million Freely Downloadable Pwned Passwords
A service where you can check the clear text (if you trust the site owner) or hash of passwords to see whether they've leaked in any of the site hacks over the years.
security  passwords  api 
august 2017 by pw201
Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom’s Wi-Fi Chipsets | Exodus Intelligence
Broadcom kicking it old school: "In order to facilitate patching, an extensive thunk table is used in RAM, and calls are made into that table at specific points during execution. Should a bug fix be issued, the thunk table could be changed to redirect to the newer code."
android  wifi  broadcom  broadpwn  security 
july 2017 by pw201
Apple vs the FBI: Whoever wins, it's a mess - Franklin Veaux's Journal
A good look at the technical detail of what the FBI are asking Apple to do.
apple  FBI  security  encryption 
february 2016 by pw201
The Sad Futility of Trying to Stop Planes Crashing | VICE | United Kingdom
"There's a rule of thumb when you're designing a complicated system, which says that when you get to a point where you're applying fixes to fixes it may be time to step back and reconsider the whole thing."
flight  911  aviation  terrorism  crash  cfit  security 
march 2015 by pw201
GCHQ's 'jihad on tech firms' can only fail | Technology | The Guardian
Blaming Facebook for Lee Rigby's murder will only lead to a breakdown in the relationship between the police and tech companies, says Ross Anderson.
gchq  facebook  terrorism  security  lee-rigby  ross-anderson 
november 2014 by pw201
Edward Snowden: The Untold Story | Threat Level | WIRED
Wired managed to interview Snowden in Russia. Interesting stuff.
security  edward-snowden  nsa  gchq  encryption  eavesdropping 
august 2014 by pw201
Myths about /dev/urandom
This is relevant to my interests.
random  urandom  linux  encryption  security  unix  prng 
march 2014 by pw201
Printable True Bugs Wait Posters | natashenka
Abstain from strcpy! Wait for the string handling functions which are right for you.
programming  funny  security  bugs  C  stdlib 
february 2014 by pw201
On Hacking MicroSD Cards « bunnie's blog
SD cards aren't just inert flash chips: they have microcontrollers with firmware which can be updated in the field. Fun.
hacking  hardware  microsd  security  sd  memory  flash  embedded 
january 2014 by pw201
What they mean when the government says “We do not have ‘direct’ access to your info” | Fabius Maximus
They mean "we're sniffing the traffic, we don't have root on Google's servers", alleges Marcus Ranum.
nsa  google  spying  sniffer  marcus-ranum  privacy  security  prism 
august 2013 by pw201
Edward Snowden's not the story. The fate of the internet is | Technology | The Observer
"The fact is that Google, Facebook, Yahoo, Amazon, Apple and Microsoft are all integral components of the US cyber-surveillance system. Nothing, but nothing, that is stored in their "cloud" services can be guaranteed to be safe from surveillance or from illicit downloading by employees of the consultancies employed by the NSA. That means that if you're thinking of outsourcing your troublesome IT operations to, say, Google or Microsoft, then think again."
nsa  google  xkeyscore  cloud  edward-snowden  security  internet  china 
august 2013 by pw201
Schneier on Security: The Office of the Director of National Intelligence Defends NSA Surveillance Programs
"Here's a transcript of a panel discussion about NSA surveillance. There's a lot worth reading here, but I want to quote Bob Litt's opening remarks. He's the General Counsel for ODNI, and he has a lot to say about the programs revealed so far in the Snowden documents."
terrorism  nsa  spying  leaks  privacy  security  prism 
july 2013 by pw201
The Boston Marathon Bombing: Keep Calm and Carry On - Bruce Schneier - The Atlantic
"But our brains are fooling us. Even though this will be in the news for weeks, we should recognize this for what it is: a rare event. That's the very definition of news: something that is unusual -- in this case, something that almost never happens. "
terrorism  bruce-schneier  security 
april 2013 by pw201
Missiles over London: a new Olympic event | A Latent Existence
"Today Brian Whelan woke up to find information from the Ministry of Defence waiting by his letter box.

The leaflet informed him that during the London 2012 Olympic games the army will be putting missiles on the roof of his building and there will be soldiers on duty there 24 hours a day. He was not asked about this in advance, or given a choice, simply informed that his building was the best place to site these missiles."
brian-whelan  security  military  missiles  london  2012  olympics 
april 2012 by pw201
gmancasefile: TSA: Fail
"I have dealt with TSA since its inception and FAA security prior to that. I have witnessed TSA operate since they became a separate organization in 2002 and seen their reaction to intelligence provided them. I have now watched them operate for a decade, and I have respect for their hard-working employees who are doing a thankless job. But I have come to the conclusion that TSA is one of the worst-run, ineffective and most unnecessarily intrusive agencies in the United States government."
america  911  hijacking  usa  government  fbi  politics  DHS  security  tsa 
march 2012 by pw201
TSA Agent Threatens Woman With Defamation, Demands $500k For Calling Intrusive Search 'Rape' | Techdirt
A woman sexually assaulted by a Transport Security Agency employee is then threatened with a libel suit when she blogs about it. Thugs Standing Around, indeed. Her own lawyer writes an excellent letter in response. Note: contains a description of the assault.
privacy  surveillance  rape  defamation  tsa  security  transport 
september 2011 by pw201
Why Have Hackers Hit Russia's Most Popular Blogging Service? - TIME
Where LJ has been the past week or so. For once, it's not their fault.
internet  security  livejournal  politics  ddos 
july 2011 by pw201
Fixing HTTPS
Glyph, of Twisted Python fame, talks about ways to fix HTTPS, presumably in the light of the recent attacks on certification authorities.
https  security  internet  encryption 
april 2011 by pw201
Schneier on Security: Close the Washington Monument
"Let it stand, empty and inaccessible, as a monument to our fears."
security  terrorism  politics  government  washington  tsa  bruce-schneier 
december 2010 by pw201
Erasing David
Ross Anderson on poor operational security in the NHS, made worse by politics: "Last night’s documentary Erasing David shows how private eyes tracked down a target by making false pretext telephone calls to the NHS. By pretending to be him they found out when he and his wife were due to attend an ante-natal clinic, and ambushed him as he came out."
privacy  security  nhs  ross-anderson  health 
may 2010 by pw201
How Mark Zuckerberg Hacked The Harvard Crimson
Ah, the old "get people's failed logins, assume they typed the password for some other place" trick. Someone I knew at university did something similar with his Linux box, back when we all ran Linux boxes in our rooms: he rigged the login to fail the first time and log the password (this being easier than hacking up a special version of the login demon: you just write something to prompt, fail and then pass you on to the real login), and assumed what he got would do for other servers too. Happy days.
facebook  history  privacy  ethics  journalism  security  harvard  internet 
march 2010 by pw201
A Few Billion Lines of Code Later: Using Static Analysis to Find Bugs in the Real World | February 2010 | Communications of the ACM
Bunch of academics write a static checker and take it commercial. They are surprised to find that: Compilers for embedded targets accept stuff which isn't quite C, embedded programmers use the stuff, because we're evil. A worryingly large proportion of programmers are clueless ("No, ANSI lets you write 1 past the end of the array"), concluding that "You cannot often argue with people who are sufficiently confused about technical matters; they think you are the one who doesn't get it. They also tend to get emotional. Arguing reliably kills sales." Also, managers like graphs of bad stuff to go down over time, so don't like the tool to improve. Fun article. Via Metafilter.
programming  analysis  security  software  coverity  development  tools  C 
february 2010 by pw201
Is aviation security mostly for show? -
Bruce Schneier: "When people are scared, they need something done that will make them feel safe, even if it doesn't truly make them safer. Politicians naturally want to do something in response to crisis, even if that something doesn't make any sense."
security  terrorism  politics  travel  news  bruce-schneier 
december 2009 by pw201
moot wins, Time Inc. loses « Music Machinery
How Anonymous hacked the Time "Most influential person" poll.
funny  news  4chan  hack  captcha  recaptcha  anonymous  security  time 
april 2009 by pw201
Reliable DNS Forgery in 2008
The DNS attack which has had vendors scrambling to update their servers was supposed to be made public in August, but it's leaked. Here it is. Could get interesting...
exploit  hack  security  DNS  kaminsky  dan-kaminsky  poisoning  spoofing 
july 2008 by pw201
Security Engineering - A Guide to Building Dependable Distributed Systems
The second edition of Ross Anderson's book is out. The first edition is now freely available on his site, plus there are some sample chapters from the second one.
ross-anderson  security  book  cambridge  cryptography  internet 
april 2008 by pw201
Peter Gutmann's Home Page
Interesting home page of a security guru. The stuff on the commercial malware industry is particularly scary.
computers  phishing  programming  Security  cryptography  pki  crypto  research 
september 2007 by pw201
Searching For Evil
Ross Anderson's Google tech talk on various internet scams,
ross-anderson  google  phishing  internet  Security  advertising 
september 2007 by pw201
The Athens Affair
How some extremely smart hackers pulled off the most audacious cell-network break-in ever
exploit  security  vodafone  mobile  wiretap  exchange  athens  patch 
july 2007 by pw201

related tags

2fa  4chan  advertising  america  analysis  android  anonymous  api  apple  athens  authentication  aviation  bear  bluefrog  Bluetooth  book  botnet  bots  brian-whelan  broadcom  broadpwn  bruce-schneier  bugs  C  cambridge  captcha  cfit  china  cloud  computers  coverity  cpu  crash  crypto  cryptography  culture  dan-kaminsky  ddos  defamation  development  DHS  DNS  eavesdropping  edward-snowden  email  embedded  encryption  ethics  exchange  exploit  facebook  fbi  flash  flight  funny  gawker  gchq  google  government  hack  hacking  hardware  harvard  health  hijacking  history  https  intel  internet  iot  journalism  kaminsky  kerberos  law  leaks  lee-rigby  legal  linux  livejournal  london  marcus-ranum  media  meltdown  memory  microsd  military  missiles  mobile  news  nhs  nsa  olympics  overflow  passwords  patch  phishing  phone  php  pki  pointer  poisoning  politics  prism  privacy  prng  programming  random  rape  recaptcha  redhat  research  ross-anderson  russia  scam  sd  security  sniffer  social  software  sofware  spam  spectre  spoofing  spying  stdlib  surveillance  teddy  terrorism  time  tools  toys  transport  travel  tsa  unix  urandom  usa  Video  vodafone  washington  wifi  wikileaks  wiretap  xkeyscore 

Copy this bookmark: