Boss, I Think Someone Stole Our Customer Data The way Hoff puts it, sounds all too familiar. I can't count the number of times I've heard people talk about their systems and believe they're as secure as can be because they did one, some, or all of the [...]
Posted by Marcin on Thursday, August 30, 2007 in
Security.
I've been backlogged lately, mostly due to taking a trip up to Lake Winnipesaukee, NH, getting a BlackBerry 8800, and my birthday. I've added a whole bunch of articles to my "toread" list, which I hope to get to soon and comment on. Computer security [...]
Posted by Marcin on Wednesday, August 29, 2007 in
Security.
Today marks the 1 year anniversary of tssci security. I first started this blog last year with a goal to put my thoughts on security and technology in general out into the open. Since I started, I've learned a lot from other bloggers and people who read [...]
Posted by Marcin on Thursday, August 23, 2007 in
Other.
Add this to your .bashrc to make tab completion with bash more useful when handling multiple files with similar names: bind '"\t":menu-complete' Ctrl-D can be used to exit Bash. This can be very convenient and then again, almost too convenient. Specify [...]
Posted by Casey on Thursday, August 23, 2007 in
Linux.
Last year, a colleague pointed me to an article by Roland L. Trope in September/October 2006 IEEE Security & Privacy, Immaterial Transfers with Material Consequences. From the abstract: The need for such regulations is clear, but many firms underestimate [...]
Posted by Marcin on Wednesday, August 22, 2007 in
Defense and
Security.
Thanks to everyone involved at making this a successful event. It was my first time out to BeanSec, but unfortunately will likely be my last this year (I am going back to school in September). I made the two hour drive all the way out from Hartford, CT, [...]
Posted by Marcin on Wednesday, August 15, 2007 in
People.
Web 2.0 has (re)introduced a wide variety of attack vectors that can be used against Internet users to steal sensitive information, control the web browser, and more. The security industry has seen a shift from concentrating on the servers that house [...]
Posted by Marcin on Wednesday, August 15, 2007 in
Privacy and
Security.
Going to keep this one short... nothing too exciting in this issue. Phrack Issue Two -- Released 01/01/1986 Universal Informational Services via ISDN by Taran King This phile is a basic overview of ISDN. The central idea of ISDN, as AT&T Network Systems [...]
Posted by Marcin on Tuesday, August 14, 2007 in
Phrack a day.
For those living in Phoenix, Desert Code Camp is upon us. All morning and afternoon on Saturday, September 15 will be full of sessions that are all about code. My friend Adam Muntner (founder of QuietMove and contributor to Security Catalyst) will be [...]
Posted by Marcin on Monday, August 13, 2007 in
Conferences and
Security.
I've started (finally) filling out the projects section on my site. Check it out, I've got a couple neat scripts I wrote for performing various tasks. The section will continue to grow as I get better with various scripting languages and write [...]
Posted by Marcin on Monday, August 13, 2007 in
Other.
Sorry for being late to the game on this one, you've probably already read several personal accounts and all the stories and headlines that originated from Las Vegas last weekend. For those interested, below is my experience at my first DefCon ever, and [...]
Posted by Marcin on Friday, August 10, 2007 in
Conferences and
People.
This past weekend at DefCon, I had the opportunity to hang out with a couple people at the Lockpicking Village. I first met Deviant Ollam and Mouse and the crew back at ShmooCon. It was a lot of fun; I learned to break out of a pair of handcuffs in just [...]
Posted by Marcin on Friday, August 10, 2007 in
Lockpicking.
Today I came across a news article in reply to a question asked by Steven D. Levitt, "If you were a terrorist, how would you attack?" The blog posting has struck controversy among many people, and it just reminds me of all the full-disclosure debates we [...]
Posted by Marcin on Thursday, August 9, 2007 in
Intelligence and
Politics.
The other day I posted about a problem regarding the default behavior under OS X, which ignores permissions for mounted firewire drives. I decided to look for a solution to this rather than relying on administrators to set the proper option. What I [...]
Posted by Casey on Thursday, August 9, 2007 in
Apple and
Security.
When you mount a firewire hard disk under OS X it will mount with the 'Ignore ownership on this volume' option set. What this means is that owner information and file permissions will be ignored. Apple does this so that you can share a disk across [...]
Posted by Casey on Wednesday, August 8, 2007 in
Apple and
Security.
I am an avid OS X user and will be posting tools and security information regarding OS X regularly. I often need to create secure passwords that are easy to remember and today I found the perfect tool for doing this. It's called QuickPass and it's a [...]
Posted by Casey on Tuesday, August 7, 2007 in
Apple and
Security.
Ryan Naraine of ZDNet points out a Greasemonkey script that blocks Gmail cookie-theft attacks. The script can be downloaded here, and it redirects Gmail to use a "secure" HTTPS connection. You can modify the script to @include redirect any site that has [...]
Posted by Marcin on Tuesday, August 7, 2007 in
Privacy and
Security.
Here's our first "Phrack a Day" posting. We first mentioned this segment here. We won't be able to comment on every phile as we did this one, but we'll do our best to keep them short, informative, and entertaining. We also won't pretend like we know wtf [...]
Posted by Marcin on Thursday, August 2, 2007 in
Phrack a day.