The Buzz Media » security

Steam Cannot Connect to Internet for Qwest DSL User: Steam.exe exception and Hung Updating

Riyad Kalla — Sat, 12 Nov 2011 21:34:12 +0000

If you are a Qwest DSL subscriber using one of the Actiontec Q1000 models and in the last few days (around 11/11/11) you noticed that when you run Steam, it just hangs during Updating… and after a minute or so of waiting it pops up with a cryptic “Steam.exe (main exception): .. connect to the Internet“, even [...]

AWS Elastic Load Balancer sends 2 Million Netflix API Requests to Wrong Customer

Riyad Kalla — Sat, 29 Oct 2011 15:41:27 +0000

What is it? If you are unfamiliar with Amazon Web Services (AWS) or their Elastic Load Balancer (ELB) service, ELB is a load-balancing service that you can use to spread incoming traffic across many different EC2 server instances. ELB, like all things in the AWS cloud, is a dynamic service that scales up and down [...]

Designing a Secure REST (Web) API without OAuth

Riyad Kalla — Wed, 27 Apr 2011 01:32:31 +0000

Situation You want to develop a RESTful web API for developers that is secure to use, but doesn’t require the complexity of OAuth and takes a simple “pass the credentials in the query” approach… or something equally-as-easy for people to use, but it needs to be secure. You are a smart guy, so you start [...]

TSA “Nude” Body Scanners Fails to Detect Firearms

Riyad Kalla — Tue, 22 Feb 2011 03:39:00 +0000

You know those hugely expensive/controversial XRay body scanners that the TSA is employing at airports around the US that have everyone up in arms? Well NBC News is reporting that they aren’t that effective, with “plant” FBI agents making it through the scanner multiple times with a firearm. Adding insult to injury, none of the [...]

QN: Google’s reCAPTCHA has been Cracked

Riyad Kalla — Tue, 11 Jan 2011 16:39:11 +0000

You know those reCAPTCHA anti-SPAM boxes you see on every other site’s signup page or story-submission page for social sites? Well it looks like it has been cracked for a while and even though Google continues to deny it, a researcher has proven that it has in fact been compromised.

Stop Companies from Tracking You with the Disconnect Chrome Extension

Riyad Kalla — Fri, 24 Dec 2010 22:57:25 +0000

Most browsers provide a “Private” or “Anonymous” mode, but as some users have found out even in those modes browsers are still allowing companies to set Cookies that are used to track your location online. Some of the biggest offenders of location-tracking are Facebook, Google, Twitter and other mega-social news sites like Digg who’s socialization [...]

LinkedIn – A Social Network That Cares About Your Security

Riyad Kalla — Wed, 15 Dec 2010 03:42:49 +0000

If you are a LinkedIn member you may have gotten a Privacy Notice email from them that went something like this today: This was in response to a security breach on a different site, Gawker.com, where a number of usernames and passwords were exposed. We want to make sure those leaked emails and passwords were [...]

NETGEAR Powerline AV 200 (XAVB2001) Ethernet Adapter Kit Review

Riyad Kalla — Wed, 08 Sep 2010 03:22:27 +0000

NETGEAR’s Powerline AV 200 (XAV2001) adapters turns in strong numbers for a home network when compared to an existing Wireless-N solution; particularly over long, multi-room spans, even with noisy appliances in the way. In this review we measure the performance of the NETGEAR Powerline AV 200 adapters in increasing distances from our base station and compare [...]

AJAX SHA-1/256/384/512 Hash Generator Released

Riyad Kalla — Thu, 26 Aug 2010 07:55:13 +0000

In addition to the other handy AJAX-enabled utilities we released, we’ve just added a SHA (1, 256, 384 and 512) generator utility to the collection. Enjoy!

Foursquare and Gowalla iPhone Apps Sending Passwords in Plaintext

Riyad Kalla — Sun, 22 Aug 2010 14:08:06 +0000

Martin Kou did some Wireshark’ing this morning on the Foursquare iPhone application and found out it is logging you in to Foursquare by sending your password in plaintext over the wire. Foursquare replied and said they are rolling out an HTTPS authentication-based login today which is good news, but seriously, 1 million users later and [...]

ATM Card Skimmer Crimes Rampant in South East

Riyad Kalla — Wed, 14 Jul 2010 17:55:43 +0000

We reported on ATM Card Skimmers in the past. It was amazing to most readers (me too!) how “normal” the addition of a card skimmer on your average ATM looks. Of course they are manufactured to slip onto the equipment unnoticed, but there is always that hope that you are attentive enough to catch such a [...]

Google Throws Privacy Out the Window by Default with Buzz

Riyad Kalla — Fri, 12 Feb 2010 17:28:50 +0000

Update #1: Today Google rolled out the first of what we hope is many of the Buzz privacy controls that were lacking at launch. The changes include: More visible option to not show followers/people you follow on your public profile Ability to block anyone who starts following you More clarity on which of your followers/people [...]

How to Crack any Padlock

Riyad Kalla — Fri, 29 Jan 2010 03:23:59 +0000

Pretty awesome real-world algorithm guide for cracking any padlock out there — not that secure for folks in-the-know:

ATM Card Skimmers – Hidden in Plain Sight and Hard to Spot

Riyad Kalla — Fri, 22 Jan 2010 15:49:22 +0000

Recently ran across this article at KrebsonSecurity analyzing common ATM skimmers that they found installed around the city and I was amazed at how well hidden they were — I’m almost certain I’ve used an ATM or gas pump with a skimmer on it now that I look at these. One common theme that seems [...]

Re-entry into UAE / Dubai Fine for Americans and 34 Other Exempt Countries

Riyad Kalla — Fri, 22 Jan 2010 14:45:37 +0000

If you have ever wanted to go to Dubai or anywhere else inside the United Arab Emirates and read recently about the new “no re-entry into the UAE in under 30 days” law that is going around you are probably thinking like I was: “Well, screw that trip…”. As it turns out, this law firstly [...]

Verified by Visa is Useless

Riyad Kalla — Fri, 01 May 2009 17:04:03 +0000

I was just shopping on Newegg and decided to purchase some more RAM for my computer. I added the item to my shopping card, hit purchase, entered my Credit Card info and hit Finish. I had forgotten that I had enabled the frustratingly stupid “Verified by Visa” check-out security process in the past… I somehow [...]

Microsoft Will Never Understand Usability – Vista Device Driver Security Example

Riyad Kalla — Mon, 17 Nov 2008 17:42:58 +0000

We took our first look at Microsoft’s inbility to create something genuinely useful and a minature review of Vista when we evaluated Windows Vista Backup at the beginning of the year. The premise of that article being that by evaluating a single program, and all the usability/functionality flaws it had, you got an impression of [...]

Using host.allow and hosts.deny for Quick Network Security

Ray Gomez — Thu, 13 Nov 2008 15:19:30 +0000

While configuring a firewall is by far the best way to secure your system, there are times when you need a way to access a remote server that doesn’t compromise security. A quick fix for boxes that need to be in the De Militarized Zone (DMZ) for a short period of time is to modify [...]

Software Algorithm to Recreate Keys from Photo Only

Riyad Kalla — Fri, 07 Nov 2008 14:35:52 +0000

John Hering sent in a link to a story about UC Sand Diego computer programmers that have developed an image-recognition software algorithm that can reproduce a physical key only from a picture of the key. Maybe not the most surprising thing in the face of recently announced 2D-to-3D image generation technology, but leads to an [...]

WPA Wi-Fi Encryption Cracked

Jigsaw hc — Thu, 06 Nov 2008 17:29:15 +0000

I guess it was only a matter of time utnil someone found a quick way to break WPA Wi-Fi Encryption. Erik Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key used by WPA in a relatively short amount of time: 12 to 15 minutes. So far [...]

Stream Your Video Feeds with Palantir

Ray Gomez — Wed, 22 Oct 2008 23:57:50 +0000

Snapshot from palantir.santinoli.com: Over the past couple of weeks I’ve dabbled with the idea to add a webcam to my personal site that monitored a couple of pet furballs. The task was not too straight forward. I ran into many hiccups with alpha software and missing libraries. Most of the software related to setting up [...]

Vodafone Study Confirms 25% of Security Breaches are due to Mobile Devices

Riyad Kalla — Thu, 02 Oct 2008 14:27:48 +0000

Interesting tid-bit from Vodafone UK this morning, looks like after a long-winded study they found that: 25% of companies experience a security breach due to mobile device (notebook, cell phone) use in unapproved ways. 50% of employees have no idea their companies have mobile device use-policies in place. Sounds to me like the companies are [...]

Android's Unlock Screen is a Level of Security

Riyad Kalla — Sun, 28 Sep 2008 16:09:22 +0000

Google’s Android mobile platform has a pretty interesting approach to the unlock screen that makes it more than just a simple way to avoid hitting buttons in your pocket. Android’s unlock screen actually introduces a new level of security to the device that didn’t previously exist on mobile phones without introducing an annoying new system [...]

Easy Encryption in Java and Python with Keyczar

Ray Gomez — Fri, 15 Aug 2008 16:33:09 +0000

Do you need to encrypt small text data, like serial numbers or customer numbers in your web application? With the amount of data being transmitted online and the increasing need to protect customers against identity theft, encryption is the one and only choice to keep customers safe. Unfortunately, implementing encryption is a daunting task and [...]