security
Remember “cybersecurity”? Mysterious hooded computer guys doing mysterious hooded computer guy... things! Who knows what kind of naughty digital mischief they might be up to? Unfortunately, we now live in a world where this kind of digital mischief is literally rewriting the world’s history. For proof of that, you
social engineering
In my previous post I Just Logged In As You, I disclosed that someone was logging in as me -- specifically because they discovered my password. But how? If I wanted to discover someone's password, I can think of a few ways: 1. Educated guess. If you know
security
Several high profile Twitter accounts were recently hijacked: An 18-year-old hacker with a history of celebrity pranks has admitted to Monday's hijacking of multiple high-profile Twitter accounts, including President-Elect Barack Obama's, and the official feed for Fox News. The hacker, who goes by the handle GMZ,
spam
Have you ever used Craigslist? It's an almost entirely free, mostly anonymous classified advertising service which evolved from an early internet phenomenon into a service so powerful it is often accused of single-handedly destroying the newspaper business. Unfortunately, these same characteristics also make Craigslist a particularly juicy target
security
Scott Wasson at The Tech Report notes that two of his family members fell victim to the eCard email exploit that has been making the rounds lately: I just dropped off a package containing my dad's laptop at the FedEx depot this afternoon. I spent parts of several
phishing
Most of the hacking techniques described in the 1994 book Secrets of a Super-Hacker are now laughably out of date. But not all of them. A few are not only still effective, but far more effective in the current era of ubiquitous internet access. As the author notes early in
email security
I have modest email needs, so I use the default SMTP and POP3 services in Windows Server 2003. Although I have email relay disabled, spammers are still managing to send spam through my SMTP service -- via non-delivery reports! In other words, spammers are intentionally sending email messages to nonexistent
security
Marcus Ranum, the inventor of the proxy firewall [http://www.ranum.com/stock_content/about.html], brilliantly condenses why many security efforts are doomed from the start: they fall prey to the The Six Dumbest Ideas in Computer Security [http://www.ranum.com/security/computer_security/editorials/dumb/] : 1. Default
security
In an era of instant online worldwide connectivity, protecting users from themselves is a lot harder than it used to be. For one thing, full trust can't be trusted. And then there are all those dancing bunnies to contend with: What's the dancing bunnies problem? It&
passwords
Microsoft security guru Robert Hensing hit a home run his first time at bat with his very first blog post [http://blogs.technet.com/robert_hensing/archive/2004/07/28/199610.aspx]. In it, he advocates that passwords, as we traditionally think of them, should not be used: > So