If you are a Qwest DSL subscriber using one of the Actiontec Q1000 models and in the last few days (around 11/11/11) you noticed that when you run Steam, it just hangs during Updating… and after a minute or so of waiting it pops up with a cryptic “Steam.exe (main exception): .. connect to the Internet“, even [...]
Tag Archives | security
AWS Elastic Load Balancer sends 2 Million Netflix API Requests to Wrong Customer
What is it? If you are unfamiliar with Amazon Web Services (AWS) or their Elastic Load Balancer (ELB) service, ELB is a load-balancing service that you can use to spread incoming traffic across many different EC2 server instances. ELB, like all things in the AWS cloud, is a dynamic service that scales up and down [...]
Designing a Secure REST (Web) API without OAuth
Situation You want to develop a RESTful web API for developers that is secure to use, but doesn’t require the complexity of OAuth and takes a simple “pass the credentials in the query” approach… or something equally-as-easy for people to use, but it needs to be secure. You are a smart guy, so you start [...]
TSA “Nude” Body Scanners Fails to Detect Firearms
You know those hugely expensive/controversial XRay body scanners that the TSA is employing at airports around the US that have everyone up in arms? Well NBC News is reporting that they aren’t that effective, with “plant” FBI agents making it through the scanner multiple times with a firearm. Adding insult to injury, none of the [...]
QN: Google’s reCAPTCHA has been Cracked
You know those reCAPTCHA anti-SPAM boxes you see on every other site’s signup page or story-submission page for social sites? Well it looks like it has been cracked for a while and even though Google continues to deny it, a researcher has proven that it has in fact been compromised.
Stop Companies from Tracking You with the Disconnect Chrome Extension
Most browsers provide a “Private” or “Anonymous” mode, but as some users have found out even in those modes browsers are still allowing companies to set Cookies that are used to track your location online. Some of the biggest offenders of location-tracking are Facebook, Google, Twitter and other mega-social news sites like Digg who’s socialization [...]
LinkedIn – A Social Network That Cares About Your Security
If you are a LinkedIn member you may have gotten a Privacy Notice email from them that went something like this today: This was in response to a security breach on a different site, Gawker.com, where a number of usernames and passwords were exposed. We want to make sure those leaked emails and passwords were [...]
NETGEAR Powerline AV 200 (XAVB2001) Ethernet Adapter Kit Review
NETGEAR’s Powerline AV 200 (XAV2001) adapters turns in strong numbers for a home network when compared to an existing Wireless-N solution; particularly over long, multi-room spans, even with noisy appliances in the way. In this review we measure the performance of the NETGEAR Powerline AV 200 adapters in increasing distances from our base station and compare [...]
AJAX SHA-1/256/384/512 Hash Generator Released
In addition to the other handy AJAX-enabled utilities we released, we’ve just added a SHA (1, 256, 384 and 512) generator utility to the collection. Enjoy!
Foursquare and Gowalla iPhone Apps Sending Passwords in Plaintext
Martin Kou did some Wireshark’ing this morning on the Foursquare iPhone application and found out it is logging you in to Foursquare by sending your password in plaintext over the wire. Foursquare replied and said they are rolling out an HTTPS authentication-based login today which is good news, but seriously, 1 million users later and [...]
ATM Card Skimmer Crimes Rampant in South East
We reported on ATM Card Skimmers in the past. It was amazing to most readers (me too!) how “normal” the addition of a card skimmer on your average ATM looks. Of course they are manufactured to slip onto the equipment unnoticed, but there is always that hope that you are attentive enough to catch such a [...]
Google Throws Privacy Out the Window by Default with Buzz
Update #1: Today Google rolled out the first of what we hope is many of the Buzz privacy controls that were lacking at launch. The changes include: More visible option to not show followers/people you follow on your public profile Ability to block anyone who starts following you More clarity on which of your followers/people [...]
How to Crack any Padlock
Pretty awesome real-world algorithm guide for cracking any padlock out there — not that secure for folks in-the-know:
ATM Card Skimmers – Hidden in Plain Sight and Hard to Spot
Recently ran across this article at KrebsonSecurity analyzing common ATM skimmers that they found installed around the city and I was amazed at how well hidden they were — I’m almost certain I’ve used an ATM or gas pump with a skimmer on it now that I look at these. One common theme that seems [...]
Re-entry into UAE / Dubai Fine for Americans and 34 Other Exempt Countries
If you have ever wanted to go to Dubai or anywhere else inside the United Arab Emirates and read recently about the new “no re-entry into the UAE in under 30 days” law that is going around you are probably thinking like I was: “Well, screw that trip…”. As it turns out, this law firstly [...]
Verified by Visa is Useless
I was just shopping on Newegg and decided to purchase some more RAM for my computer. I added the item to my shopping card, hit purchase, entered my Credit Card info and hit Finish. I had forgotten that I had enabled the frustratingly stupid “Verified by Visa” check-out security process in the past… I somehow [...]
Microsoft Will Never Understand Usability – Vista Device Driver Security Example
We took our first look at Microsoft’s inbility to create something genuinely useful and a minature review of Vista when we evaluated Windows Vista Backup at the beginning of the year. The premise of that article being that by evaluating a single program, and all the usability/functionality flaws it had, you got an impression of [...]
Using host.allow and hosts.deny for Quick Network Security
While configuring a firewall is by far the best way to secure your system, there are times when you need a way to access a remote server that doesn’t compromise security. A quick fix for boxes that need to be in the De Militarized Zone (DMZ) for a short period of time is to modify [...]
Software Algorithm to Recreate Keys from Photo Only
John Hering sent in a link to a story about UC Sand Diego computer programmers that have developed an image-recognition software algorithm that can reproduce a physical key only from a picture of the key. Maybe not the most surprising thing in the face of recently announced 2D-to-3D image generation technology, but leads to an [...]
WPA Wi-Fi Encryption Cracked
I guess it was only a matter of time utnil someone found a quick way to break WPA Wi-Fi Encryption. Erik Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key used by WPA in a relatively short amount of time: 12 to 15 minutes. So far [...]
Stream Your Video Feeds with Palantir
Snapshot from palantir.santinoli.com: Over the past couple of weeks I’ve dabbled with the idea to add a webcam to my personal site that monitored a couple of pet furballs. The task was not too straight forward. I ran into many hiccups with alpha software and missing libraries. Most of the software related to setting up [...]
Vodafone Study Confirms 25% of Security Breaches are due to Mobile Devices
Interesting tid-bit from Vodafone UK this morning, looks like after a long-winded study they found that: 25% of companies experience a security breach due to mobile device (notebook, cell phone) use in unapproved ways. 50% of employees have no idea their companies have mobile device use-policies in place. Sounds to me like the companies are [...]
Android's Unlock Screen is a Level of Security
Google’s Android mobile platform has a pretty interesting approach to the unlock screen that makes it more than just a simple way to avoid hitting buttons in your pocket. Android’s unlock screen actually introduces a new level of security to the device that didn’t previously exist on mobile phones without introducing an annoying new system [...]
Easy Encryption in Java and Python with Keyczar
Do you need to encrypt small text data, like serial numbers or customer numbers in your web application? With the amount of data being transmitted online and the increasing need to protect customers against identity theft, encryption is the one and only choice to keep customers safe. Unfortunately, implementing encryption is a daunting task and [...]
Recent Comments