Archive for the 'Security' Category

Security Incident — Blog — WordPress.com [ wordpress.com got 0wned]

Wednesday, April 13th, 2011

this is just great … at least they notified their users in a timely manner. Change your passwd if you have wordpress.com account.

[Amazon AWS] PCI DSS Level 1 Compliance FAQs

Thursday, April 7th, 2011

Amazon AWS is “PCI DSS 2.0 Level 1 -compliant Shared Hosting Provider”. i.e. you can build your PCI-DSS compliant infrastructure using EC2, S3, EBS and VPC to store and process payment card data

A message from Comodo Hacker – Pastebin.com

Monday, April 4th, 2011

[also see LWN's write-up https://lwn.net/Articles/435214/ .] Curios message [allegedly] from a person who hacked into Comodo CA. Makes you wonder … Basically the whole SSL trust is just a piece of crap and cannot be trusted at all — major CA …

How not to post a security article | John Graham-Cumming

Thursday, March 31st, 2011

an excellent follow up on a hoax story about Samsung installing keyloggers on its laptops.

Anonymous speaks: the inside story of the HBGary hack

Wednesday, February 23rd, 2011

awesome story about how security firm HBGary was hacked, or what happens if you do not follow simple security best practices.

Black ops: how HBGary wrote backdoors for the government

Sunday, February 20th, 2011

articles describes operations of computer security firm HBGary, based on email archive of HBGary, that hacker group "Anonymous" has recently made available

Mozilla Plugin Check

Friday, February 18th, 2011

checks versions of all plugins installed/enabled in your web browser

Updated W32.Stuxnet Dossier is Available | Symantec Connect

Friday, February 18th, 2011

Stuxnet was a targeted attack on five different organizations — see the update posted by Symantec's researchers.
They have analyzed data from anti-virus software and made a graph based on IP and stuxnet version — this shows 5 different targets.

FPUpdater Tool README

Wednesday, February 9th, 2011

curl -v -H "Accept-Language: en-us;q=2.2250738585072012e-308" http://<your tomcat server>/someurl if your tomcat/Jboss/whatver runs on unlatched JVM — the thread will go into infinite loop

also see http://blogs.oracle.com/security/…

The Dubai Job: Big Issues: GQ

Saturday, January 22nd, 2011

story about how mossad conducted an assassination of hamas leader in Dubai