NSA Metadata Program Likely Not Cost-Effective: While much of the coverage of the surveillance programs revealed by Edward Snowden have focused on the legality and constitutionality of the collection of metadata and Internet traffic in the name of counter-terrorism and national security, the question of whether these programs are actually cost effective has gone largely […]

12 Penetration Testing Add-On: 1. FoxyProxy Standard: This advance proxy management add-on for the Firefox internet browser supplements the built-in proxy capabilities of Firefox. The add-on switches the user’s internet connection over one or more proxy servers based on the URL patterns and has many other features as well. 2. Firebug: This tool allows the […]

4 paths to being a kernel hacker: I once tried asking for advice about how to get started with kernel programming, and was basically told: If you don’t need to understand the kernel for your work, why would you try? You should subscribe to the Linux kernel mailing list and just try really hard to […]

OpenSSL hack reveals urgent need to beef up security: The homepage of the OpenSSL Project was attacked by hackers around 8 pm EST on December 29 but the website depended upon by those who want to maintain secure communications for mobile apps, web servers and other software products, clarified that it was only defaced. The […]

Incident response and the false sense of security: Some time ago I was asked to help with incident response for a small company. While the incident itself was not very exciting, the lessons learned were a bit more than a surprise. The victim was shocked how spectacularly they failed even though they considered themselves to […]

Beyond Password Length and Complexity: Thanks to PCI-DSS requirements and other security standards that specify a minimum length and strength of password, most sysadmins now have the awareness and patience necessary to set up a basic password policy. However, many if not most systems still allow hackers to get a foot in the door by […]

Why it’s easy being a hacker – A SQL injection case study » Secure Solutions: Finding SQL injections today is like picking apples from an apple tree. It’s very easy, and anyone can do it. Ask any hacker you want, SQL injection is everywhere. There have been many folks predicting the end of SQL Injection, […]

How Google Cracked House Number Identification in Street View: Google Street View has become an essential part of the online mapping experience. It allows users to drop down to street level to see the local area in photographic detail. But it’s also a useful resource for Google as well. The company uses the images to […]

NSA critic Bruce Schneier joins security firm Co3 as CTO: The network security industry’s legendary free thinker Bruce Schneier Monday said he’s taken a job as CTO at Co3 Systems, but that this in no way will curtail his determination to speak and write candidly on important topics such as the National Security Agency’s (NSA) […]

Malicious ads infect thousands of Yahoo site visitors per hour: A Netherlands-based security firm detected an influx of Yahoo.com visitors being redirected to infected domains by way of malicious ads. According to a Friday blog post by the company, FOX IT, around 300,000 site visitors per hour were being sent to “random subdomains” that hosted […]