2007.10.29 Daily Security Reading

Identity thieves likely to be first-timers, strangers

An analysis of identity-theft cases closed by the U.S. Secret Service in the past six years has found that identity thieves typically do not have a criminal record and are generally not known by their victims.

DNS Recursion bandwidth amplification Denial of Service PoC

Facebook used against you!

Two pupils have been suspended from a private school after they were found to be members of a ‘dogging’ group featured in facebook.

Storm worm can befuddle NAC

Users will see that, for example, antivirus is turned on, but actually it isn’t scanning for viruses.

2007.10.22 Daily Security Reading

10 IT security companies to watch

Data-leak prevention, behavior-based malware detection among focus areas.

Research Shows Image-Based Threat on the Rise

New Purdue University research shows steganography, long considered a minor threat, may be on the rise.

Patent filed for revolutionary technique to quickly recover lost passwords

ElcomSoft has harnessed the combined power of a PC’s Central Processing Unit and its video card’s Graphics Processing Unit.

I Was a Hacker for the MPAA

In an exclusive interview with Wired News, gun-for-hire hacker Robert Anderson tells for the first time how the Motion Picture Association of America promised him money and power if he provided confidential information on TorrentSpy, a popular BitTorrent search site.

2007.10.15 Daily Security Reading

DNS Cache Poison (BIND 9)

A vulnerability in BIND 9 allows remote attackers to cause a cache poisoning attack against it.

Check Point Secure Platform Hack (pdf)

An uncensored real-time how I exploited a vulnerability in a kernel hardened EAL4+ certified firewall.

Analyzing the Effectiveness and Coverage of Web Application Security Scanners (pdf)

The study centered around testing the effectiveness of the top three web application scanners in the following 4 areas. Links crawled, Coverage of the applications tested using Fortify Tracer, Number of verified vulnerability findings and Number of false positives.

The Changing Storm

The latest Storm variants have a new twist. They now use a 40-byte key to encrypt their Overnet P2P traffic.

The Russian Business Network Responds

An individual claiming to represent the Russian Business Network has denied media reports the company provides Web hosting services to numerous cyber criminal operations.

How to Turn Your Browser Into a Weapon

Add these extensions to Firefox when you’re looking to do some hacking.

HD Moore takes iPhone exploits public

He says the device will still be vulnerable even after Apple patches it.