Archive for March, 2007
Attackers and defenders of computer systems both strive to gain complete control over the system. To maximize their control, both attackers and defenders have migrated to low-level, operating system code. In this paper, we assume the perspective of the attacker, who is trying to run malicious software and avoid detection.
Your DNS is a sweet spot for hackers who want to compromise your network; learn to protect it.
A survey of security and IT managers at the recent RSA conference shows that one-third don’t secure their home files or communications.
On the Web, we let strangers tell us who to trust, what to read, and where to go. Which means your good name can be worth real money. And reputation hacking can be big business.
It is not always a good idea to assume the world is out to get you when a stray packet arrives at your doorstep.
Skype expert Michael Gough examines the top five security misconceptions.
When you start WGA setup and get to the license agreement page but decided NOT to install the highly controversial WGA component and cancel the installation, the setup program will send information stored in your registry and the fact that you choose not to install WGA back to Microsoft’s servers.
Sun Microsystems and Red Hat have both submitted new versions of their trusted operating systems (OS) for Common Criteria (CC) certification evaluation. While these systems are being evaluated against the same CC protection profiles and at the same evaluation assurance level, these systems differ in significant ways that affect how a customer might choose to use such systems.
Backtrack provides a thorough pentesting environment which is bootable via CD, USB or the network (PXE). The Torrent is available here.
A security researcher scheduled to present information on issues with radio-frequency identification (RFID) technology at the Black Hat Federal conference this week was silenced by security technology giant HID Global, which claimed the presentation would violate its intellectual property.
This article covers some of the other mistakes that often occur when organizations try to use encryption to protect data at rest and data in transit and thus improve their security posture.
We have discovered a vulnerability in the Xbox 360 hypervisor that allows privilege escalation into hypervisor mode. Together with a method to inject data into non-privileged memory areas, this vulnerability allows an attacker with physical access to an Xbox 360 to run arbitrary code such as alternative operating systems with full privileges and full hardware access.