[ UPDATE: Kaminsky has all but confirmed that, yes, the cat is out of the bag ]It looks very much like the nitty gritty of Dan Kaminsky's super-secret -- and heavily hyped -- DNS cache poisoning vulnerability has been figured out by reverse engineering guru Halvar Flake.Clearly irked by a demand request from Kaminsky and others to avoid speculating on the details of the flaw until the patch is fully deployed, Flake (left) published a guess on how to reliably forge and poison DNS lookups.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
Well, after getting 134 nominations, and spending countless hours pulling out nominees, the judges for the 2008 Pwnie Awards have announced the final nominees to be voted on. From the site:The final list of nominees for the nine Pwnie Award categories is finally published.
According to Zone-h.org, Kaspersky's Malaysian site has been defaced by a Turkish hacker during the weekend, through a SQL injection, leaving the following message - "hacked by m0sted And Amen Kaspersky Shop Hax0red No War Turkish Hacker Thanx to Terrorist Crew all team members".
After analyzing three weeks of spam data between June 13 to July 3, 2008, Roaring Penguin Software Inc. found evidence that spam originating from the top three free email providers (Gmail, Yahoo Mail and Hotmail) is increasing, with spammers in favor of abusing Gmail's privacy preserving feature of not including the sender's original IP in outgoing emails :"Spammers are increasingly using free e-mail providers to avoid IP address-based reputation systems.
Update: It would seem that Richard Stiennon agrees with me on the concept of a group of experts to advise, also on keeping away from spending ridiculous amounts of money.Cyber-terrorism...
Well, eight days, and a joint effort to help prevent phishing and two major arrests related to identity theft, and I feel like we've made a decent attack on the identity theft culture. Score one for the good guys for once.
Security alerts aggregator Secunia has raised an alarm for a "highly critical" vulnerability that puts users of the BlackBerry Enterprise Server at risk of code execution attacks.Technical details of bug are not available but Secunia says it is caused by an unspecified error in the BlackBerry Attachment Service when processing PDF files.
Owen Thor Walker, a 18 years old ringleader of an international cybercrime group, known as AKILL, part of the A-Team, a group of 8 script kiddies which were all caught in a operation called "Operation Bot Roast II" bust executed by the FBI and several international law enforcement agencies in 2007, responsible for pump'n'dump stock price manipulations through spam, infecting 1.
Update 07/16/2008: Apparently I neglected to mention that this has been patched already. Reading over it again and a heads up from a reader pointed out the error to me.
From MessageLabs:Spam levels for the US in June have reached 86% compared to spam levels at 81.5% in the rest of the world.