cybersecurity

There is no longer any such thing as Computer Security

security

There is no longer any such thing as Computer Security

Remember “cybersecurity”? Mysterious hooded computer guys doing mysterious hooded computer guy... things! Who knows what kind of naughty digital mischief they might be up to? Unfortunately, we now live in a world where this kind of digital mischief is literally rewriting the world’s history. For proof of that, you

By Jeff Atwood ·
Comments

social engineering

I Just Logged In As You: How It Happened

In my previous post I Just Logged In As You, I disclosed that someone was logging in as me -- specifically because they discovered my password. But how? If I wanted to discover someone's password, I can think of a few ways: 1. Educated guess. If you know

By Jeff Atwood ·
Comments

security

Dictionary Attacks 101

Several high profile Twitter accounts were recently hijacked: An 18-year-old hacker with a history of celebrity pranks has admitted to Monday's hijacking of multiple high-profile Twitter accounts, including President-Elect Barack Obama's, and the official feed for Fox News. The hacker, who goes by the handle GMZ,

By Jeff Atwood ·
Comments

spam

Designing For Evil

Have you ever used Craigslist? It's an almost entirely free, mostly anonymous classified advertising service which evolved from an early internet phenomenon into a service so powerful it is often accused of single-handedly destroying the newspaper business. Unfortunately, these same characteristics also make Craigslist a particularly juicy target

By Jeff Atwood ·
Comments

security

Trojans, Rootkits, and the Culture of Fear

Scott Wasson at The Tech Report notes that two of his family members fell victim to the eCard email exploit that has been making the rounds lately: I just dropped off a package containing my dad's laptop at the FedEx depot this afternoon. I spent parts of several

By Jeff Atwood ·
Comments

phishing

Phishing: The Forever Hack

Most of the hacking techniques described in the 1994 book Secrets of a Super-Hacker are now laughably out of date. But not all of them. A few are not only still effective, but far more effective in the current era of ubiquitous internet access. As the author notes early in

By Jeff Atwood ·
Comments

email security

Spam via SMTP Non-Delivery Reports

I have modest email needs, so I use the default SMTP and POP3 services in Windows Server 2003. Although I have email relay disabled, spammers are still managing to send spam through my SMTP service -- via non-delivery reports! In other words, spammers are intentionally sending email messages to nonexistent

By Jeff Atwood ·
Comments

security

The Six Dumbest Ideas in Computer Security

Marcus Ranum, the inventor of the proxy firewall [http://www.ranum.com/stock_content/about.html], brilliantly condenses why many security efforts are doomed from the start: they fall prey to the The Six Dumbest Ideas in Computer Security [http://www.ranum.com/security/computer_security/editorials/dumb/] : 1. Default

By Jeff Atwood ·
Comments

security

The Dancing Bunnies Problem

In an era of instant online worldwide connectivity, protecting users from themselves is a lot harder than it used to be. For one thing, full trust can't be trusted. And then there are all those dancing bunnies to contend with: What's the dancing bunnies problem? It&

By Jeff Atwood ·
Comments

passwords

Passwords vs. Pass Phrases

Microsoft security guru Robert Hensing hit a home run his first time at bat with his very first blog post [http://blogs.technet.com/robert_hensing/archive/2004/07/28/199610.aspx]. In it, he advocates that passwords, as we traditionally think of them, should not be used: > So

By Jeff Atwood ·
Comments