Archive for Privacy
In October of 2006, a vulnerability in IE7 known as the "mhtml:" Redirection Information Disclosure was discovered. RSnake wrote up a post about how nasty it was. The basics: it took over the entire browser experience. Fortunately, the bug was patched [...]
Posted by Dre on Wednesday, May 7, 2008 in
Conferences,
Hacking,
Privacy and
Security.
Not to be outdone by Neohapsis Labs, NSS Labs also enters the fray with their blog, Security Product Testing. Again, I think that NSS Labs (like Neohapsis Labs) has been blogging for awhile, but it has picked up more pace lately. In the past, the TS/SCI [...]
Posted by Dre on Monday, May 5, 2008 in
News,
Privacy and
Security.
'Lo and behold, CERT has an excellent document on Securing your web browser! They cover IE, Firefox, and Safari -- three secure references for the three most popular browsers. The documentation and links provided are great. I was actually surprised that [...]
Posted by Dre on Tuesday, April 29, 2008 in
Defense,
Privacy and
Security.
The fine folks over at Neohapsis Labs appear to have a new blog focused on security related information. Technically, I guess they've had it up since January, but the posts are more frequent now. I just added them to my RSS feeds. Both Mike Murray and [...]
Posted by Dre on Monday, April 28, 2008 in
News,
Privacy and
Security.
In an article on the CNet Blogs, Chris Soghoian writes on Privacy: What should Google do? Brilliant article. A must read. I have one question, one comment, and one look into the future. Question: We might be able to trust Scroogle not to steal our search [...]
Posted by Dre on Thursday, April 3, 2008 in
Privacy.
Recently, I finished reading "The New School of Information Security" by Adam Shostack and Andrew Stewart. It's only about 200 pages, so it's certainly worth your time to pick up and read. Some people will compare it to "Security Metrics" by Andrew [...]
Posted by Dre on Monday, March 17, 2008 in
Books,
Privacy and
Security.
Here's a new 2008 security prediction for you -- The iPhone camera is an odd device. There is no notification that a picture is being taken, so the only requirement for malware is to wait for user activity and then start taking pictures. My prediction is [...]
Posted by Dre on Sunday, January 27, 2008 in
Apple,
Hacking,
Privacy,
Security and
Tech.
In my earlier article on Using Google Analytics to Subvert Privacy, I demonstrated how dangerous free tools could be to match privacy information to web clicks. But now that Google has updated their Analytics service to support internal search queries, [...]
Posted by Dre on Wednesday, October 17, 2007 in
Conferences,
News,
People,
Privacy,
Security and
Tech.
A lot of commotion has recently been stirred up around California Governer's, Arnold Schwarzennegar's recent vetoing of a bill (AB 779) that would strictly mandate all merchants to comply with. Many have scoffed at the Governer's "caving to lobbyists and [...]
Posted by Marcin on Tuesday, October 16, 2007 in
Politics,
Privacy and
Security.
A new release of Wordpress 2.3 was shipped last night. One of the features it sports is: Our new update notification lets you know when there is a new release of WordPress or when any of the plugins you use has an update available. It works by sending [...]
Posted by Marcin on Tuesday, September 25, 2007 in
Privacy.
Marcin decided to take the day off with pay and allow me to share with you a guest blog post. Thanks, Marcin! Hello, my name is Andre and I'm a blogoholic. On with the post! With the popularity of MySpace also came the desire to track others who look at [...]
Posted by Dre on Wednesday, September 12, 2007 in
Privacy and
Security.
Web 2.0 has (re)introduced a wide variety of attack vectors that can be used against Internet users to steal sensitive information, control the web browser, and more. The security industry has seen a shift from concentrating on the servers that house [...]
Posted by Marcin on Wednesday, August 15, 2007 in
Privacy and
Security.
Ryan Naraine of ZDNet points out a Greasemonkey script that blocks Gmail cookie-theft attacks. The script can be downloaded here, and it redirects Gmail to use a "secure" HTTPS connection. You can modify the script to @include redirect any site that has [...]
Posted by Marcin on Tuesday, August 7, 2007 in
Privacy and
Security.
kuza55 noted this morning that Firefox 2.0.0.5 has implemented support for httpOnly cookies. It's not perfect, as ma1 pointed out in the comments, but it's better than nothing. The Firefox browser could be made even more secure by building NoScript, [...]
Posted by Marcin on Thursday, July 19, 2007 in
Privacy,
Security and
Tech.
I've been real busy lately, but I came across several blogs and articles this week that I'd like to share, Andrew Hay style. =) CEO Crime & Punishment -- Ben Horowitz, CEO of Opsware Inc., shares his thoughts on what entices executives to commit white [...]
Posted by Marcin on Thursday, June 28, 2007 in
News,
Privacy,
Security and
Tech.
These two stories are interesting.. I wonder if Adam from Emergent Chaos has seen them: The most misused SSN of all time was (078-05-1120). In 1938, wallet manufacturer the E. H. Ferree company in Lockport, New York decided to promote its product by [...]
Posted by Marcin on Wednesday, June 20, 2007 in
Privacy.
Mikko @ F-Secure made a post on their blog about whether or not law enforcement organizations should be permitted to utilize security tools and hacking techniques in investigations that got me thinking. To me the answer to this question is very clear -- [...]
Posted by Casey on Tuesday, June 5, 2007 in
Politics,
Privacy and
Security.
Andrew Hay writes: Dell & Google Secretly Installing Software to Make Money Off Your Typos Those bastards, how is this business practice not illegal? New Dell machines that include the Google toolbar as part of a marketing agreement also include a secret [...]
Posted by Marcin on Thursday, May 24, 2007 in
News,
Privacy,
Security and
Tech.
Last week, I blogged about data classification and how it's difficult for many organizations to gain control of. The next day SearchSecurity published Data classification is first step in successful data protection, an article that addresses the need to [...]
Posted by Marcin on Wednesday, May 23, 2007 in
Privacy and
Security.
And the post of the day goes to Mike Rothman, and his comments on Javelin's research survey that claims 77% of 2750 consumers said they would not shop at stores that suffered data breaches. I think this number is crap. Why? The analogy I'll use is [...]
Posted by Marcin on Monday, April 16, 2007 in
Politics,
Privacy and
Security.
I asked a colleague once how to answer those silly questions, you know, the ones banks and other sites like to use to reset passwords? They're used to verify you are, who you say you "were." Well, my bank at the start of the year had introduced some [...]
Posted by Marcin on Wednesday, April 4, 2007 in
Intelligence,
Privacy and
Security.
While chatting in #snort-gui today, somebody noticed Gizmodo was showing off their ticket to Apple NAB. You can see they blurred the Name, Company and barcode on the ticket. Whoever did this, did a poor job because they didn't blur the name on the [...]
Posted by Marcin on Tuesday, March 20, 2007 in
Privacy and
Security.
Spam sucks. Why do spammers have to ruin every communication medium out there? Postal mail, email, popups, malware/spyware, and now comment spam. LonerVamp over at terminal23 has noticed an increase in spam on his blog as well. I had used Akismet to help [...]
Posted by Marcin on Thursday, February 15, 2007 in
Privacy and
Security.
I am not 100% positive or if this just merely coincidence, but I have a feeling my sister has fallen victim to the TJX security breach reported last week. Fraudulent transactions originating in France (of all places) began January 10th, comprosing four [...]
Posted by Marcin on Friday, January 26, 2007 in
News,
Privacy and
Security.
