Ok, I’ve read this a few times, but I still cannot believe it. Yesterday the Department of Homeland Security disclosed that traveler’s laptop computers “or other electronic devices” can be confiscated, without any suspicion of a crime! Better yet, they can make and share copies of your data, have the data translated, unencrypted, [...]

This is great, Defcon16 is a mere few days away, but already, the drama has started! Of course there’s the excitement about security guru/celebrity Dan Kaminsky discovering the DNS flaw a few months back that will be revealed this week (so that folks won’t be able to reverse-engineer them to exploit the vulnerability…ahead of [...]

NOTE: at work I installed a web proxy to separate internal user traffic from external traffic hitting our production servers.  While I’m not part of the network team, they asked me to do this because of my prior experience and interest in such things.  The idea of this was to be a temporary fix until [...]

If anything, that should be the message to all Internet surfers out there.  This graphic shows the danger, the percentage of users who have their browsers at their most secure, in regards to patches/updates being applied. Clearly people running IE aren’t going through the trouble of updating, while Firefox has updates built in that [...]

Hillary is being crowned the ‘come from behind kid’ after ‘winning’ the New Hampshire primary; but this appears to be nothing but spin. First of all the results, Hillary took 39% of the popular vote to Barack ’s 37%, so Hillary wins, right? Not exactly, if you look at the delegate count you’ll [...]

Dan Kaminsky is a 7 year veteran of Black Hat and Defcon in Vegas, and he was pretty much a fixture when I was there last year. His performance during Friday nights’ TCP/IP drinking game was hilarious, and his talk the next morning even more so. This year he’s presenting info on the [...]

Defcon is almost here, and now I have a highlight planned for Saturday: AirTight Networks will be revealing a new varient of Evil Twin. Evil Twin has been known about longer that I was aware; basically it’s someone running a laptop in a wifi hotspot (like a coffee shop) that impersonates the hotspot’s access point [...]

In another scary move, Microsoft is behind a recent patent for an “advertising framework” that appears to be little more than an adware application on steriods. Coupled with another patent that aims to use “context data” from your hard drive to show you advertisements and “apportion and credit advertising revenue” to ad suppliers in [...]

One of my favorite things about being a Linux admin is the ability to specify how things are going to be executed on the servers. I’ve been running the Apache web server for over 10 years now (1997), so setting up a new environment is no big deal, but I wanted to take it farther [...]

I reported on this earlier, but only now are we learning the scope of the breach. “At least 45.7 million credit and debit card numbers were stolen by hackers who broke into the computer systems at the TJX Cos. in Framingham and the United Kingdom and siphoned off data over a period of several [...]

Anyone hosting a Wordpress 2.1.1 install should upgrade or immediately prevent access to certain queries to prevent an attack described here. If the server is running Apache with mod_security, simply update your httpd.conf with the following rules:
<IfModule mod_security.c>
SecFilterEngine On
SecFilterDefaultAction “deny,log,status:412″
# RULES: Prevent Wordpress 2.1.1 attack
# http://wordpress.org/development/2007/03/upgrade-212/
SecFilter “ix=”
SecFilter “iz=”
[...]
</IfModule>
And then restart Apache. Note that while this [...]

In this day and age security is often OVER emphasised in the guise of erroring on the side of caution (cue to pictures of shoeless passengers muddling through security checkpoints). I know people will say ‘better safe than sorry’, but when things like this happen, it makes you question if any of this [...]

A new report tells us that the FBI has lost 160 laptops in the last 44 months!  “Perhaps most troubling,” says the report, “the FBI could not determine in many cases whether the lost or stolen laptop computers contained sensitive or classified information. Such information may include case information, personal identifying information, or classified information [...]

UPDATE: goldenfiddle.com has great coverage of the image, and it’s use as a tshirt design; it looks like this is really going to happen!
“…Cause we are the Aqua Teen (Hunger Force)!” As for all of the knee-jerk reactionaries in Boston that brought on this craziness (which didn’t happen in the other 8 cities this [...]