Alex Rice of Websense Security Labs, dissected “Web-Attacker”, one of the most popular exploit kits on the web. He recently got a hold of the source code and takes us step by step through it all. For those who do not know how Web-Attacker works, here’s a brief scenario:

User visits a compromised webpage containing […]

Roger at InfoWorld has been running a password-cracking contest for some time now and just recently received the first correct cracks at his first password: a 10-character password with normal complexity. The other two that have still yet to be cracked, is a 15-character password with no complexity (lowercase, one or more English words), and […]

A new version of Gaim has been released, 2.0.0beta5. I cannot find release notes on this version, but I am going to try it out now.
We’ll see if they have fixed the url translation bug when using the Jabber protocol.

NIST has released SP800-100, Information Security Handbook: A Guide for Managers. I’m sure it’d benefit everyone in the security community, since you either are or one day will be a manager (or at least help make managers make more informed decisions). Here’s a quick run down on the sections it covers:

Introduction
Information Security Governance
System […]

Information Week is reporting a story involving a family of five, who await a hearing for charges of conspiring to export U.S. defense information to China.
Chi Mak, 66, of Downey, Calif., was an engineer with Power Paragon, a Navy contractor. He allegedly collected technical information about U.S. warship technologies, and then he and his wife, […]