Linux Hacks & Cracks - Page 71
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Crafted TLS packets can crash OpenSSL servers and clients. The problem is caused by an error in the ssl3_get_record() function, which processes SSL records. Data is transferred between end points in SSL records. According to an advisory from the OpenSSL development team, incorrectly formatted records can cause a memory access error.
The countries of hackers originating malware-laced spam runs have been exposed by new research, which confirms they are often located thousands of miles away from the compromised systems they use to send out junk mail.
Early this year, the big brains at Google admitted that they had been outsmarted. Along with 33 other companies, the search giant had been the victim of a major hack
Our read Paul observed malware being delivered from the ".sys" directory of various web sites. The URL follows the scheme: =....
A number of humorous yet undocumented features are hiding beneath the surface of some of the most popular open source software applications. Although easter eggs are generally easy to spot when you can look at an application's source code, there are a few that aren't widely known.
Great article by Kevin Poulsen. More than 100 drivers in Austin, Texas found their cars disabled or the horns honking out of control, after an intruder ran amok in a web-based vehicle-immobilization system normally used to get the attention of consumers delinquent in their auto payments.
McAfee, a leading maker of Internet security software, warned this week that software systems used by many companies to store and manage their intellectual property are being actively targeted by hackers and are in need of significantly increased security focus.
An Estonian virus writer has been jailed for two and a half years for creating a Windows worm family that launched denial of service attacks on the websites of a local insurance firm and ISP.
Two weeks ago, I essentially claimed that nearly every company I know is hacked -- and in many cases, thoroughly hacked. Although there's a bit of hyperbole in that statement, it isn't that far from reality. That statement, however, has led some readers to believe detecting hackers and preventing attacks is impossible. Nothing could be further from the truth.
Ongoing computer scams targeting small businesses cost U.S. companies US$25 million in the third quarter of 2009, according to the U.S. Federal Deposit Insurance Corporation. Online banking fraud involving the electronic transfer of funds has been on the rise since 2007 and rose to over US$120 million in the third quarter of 2009, according to estimates presented Friday at the RSA Conference in San Francisco, by David Nelson, an examination specialist with the FDIC.
Three University of Michigan computer scientists say they have found a way to exploit a weakness in RSA security technology used to protect everything from media players to smartphones and e-commerce servers.
Companies should take extra steps to secure their source code from the type of targeted attacks that hit Google, Adobe, Intel and others over the past few months. That's according to security vendor McAfee, which released a report detailing the way software source code was accessed in some of these attacks.
The number of software vulnerabilities fell overall in 2009, but the number of bugs in document readers and multimedia applications increased by 50 percent, according to IBM's annual X-Force Trend and Risk Report.
SQL injections top plenty of lists as the most prevalent means of attacking front-end Web applications and back-end databases to compromise data. According to recent published reports, analysis of the Web Hacking Incidents Database (WHID) shows SQL injections as the top attack vector, making up 19 percent of all security breaches examined by WHID.
A Russian security researcher on Thursday said he has released attack code that exploits a critical vulnerability in the latest version of Mozilla's Firefox browser.
Aaron Portnoy, TippingPoint Technologies Security Research Team Lead, has announced that the annual Pwn2Own contest will take place at this year's CanSecWest security conference on the 24th of March in Vancouver. To commemorate the 4th Pwn2Own contest, the total cash prize amount has been increased to $100,000 this year.
Former security researcher Max Butler has been sentenced to 13 years in federal prison for hacking financial firms and stealing nearly two million credit card numbers from banks, businesses and other hackers. The judgement is the longest sentence for a hacker in US history.
Patient care will not be affected by an NHS decision to pull a doctors' appraisal website offline to improve its security, but the life of UK doctors will be complicated. The return of the NHS Appraisal Toolkit, which provides an online database that allows NHS doctors to prepare for their annual appraisals, is not due until 3 March.
Most of us do not think twice about paying for something in a high street shop by keying in our pin. It is easy, fast and in most cases it works. But scratch a little under the surface and there are persistent reports of people who say they have been the subject of fraud of one kind or another on their credit or debit card.