tssci security

Archive for News

Don't Tell Mom the World is Gonna End

Today, another vulnerability has been making the headlines, various industry security professionals predicting apocalyspe, genocide and famine along with everything in between. It first started earlier this summer, back when Dan Kaminsky, in a [...]

Google Chrome first look

The bad: It's a front-end to WebKit much like Safari, with no bells-or-whistles The only add-ons are Web Inspector (from WebKit), Chrome's own Task Manager, and Chrome's own Java Debugger (they could have at least used Drosera which comes with Web [...]

Happy Two-Year Anniversary

Yesterday we celebrated tssci-security.com's two-year anniversary. I started this site on August 23rd, 2006 during my first internship, and oh my, how the time flew by. A lot of good things have come my way -- most as a direct result of this blog. The [...]

VBAAC Security and You

My good friend Arshan Dabirsiaghi at Aspect Security released an interesting paper today on Bypassing VBAAC with HTTP Verb Tampering. For those who don't know what VBAAC is, it stands for "Verb-Based Authentication Access Control." Unfortunately, most [...]

Another new blog over at NSS Labs

Not to be outdone by Neohapsis Labs, NSS Labs also enters the fray with their blog, Security Product Testing. Again, I think that NSS Labs (like Neohapsis Labs) has been blogging for awhile, but it has picked up more pace lately. In the past, the TS/SCI [...]

An update on Protocol hopping covert channels

At last year's Blackhat US 2007, the dominant discussion was around Joanna Rutkowska and Alex Tereshkin's "New Blue Pill" vs. Peter Ferrie, Nate Lawson, and Tom Ptacek's VT-x Rootkit Detection techniques. This included some follow-up material on the [...]

New blog over at Neohapsis Labs

The fine folks over at Neohapsis Labs appear to have a new blog focused on security related information. Technically, I guess they've had it up since January, but the posts are more frequent now. I just added them to my RSS feeds. Both Mike Murray and [...]

SQL Injection Fun v.RIAA

What started as a simple DoS against the RIAA through a SQL injection vulnerability, originally posted to Reddit in tinyurl form. UNION ALL SELECT BENCHMARK(100000000,MD5('asdf')),NULL,NULL,NULL,NULL%20-- led an attacker on to dump their entire database. [...]

More on Google Analytics: Now with Stolen Search Queries!

In my earlier article on Using Google Analytics to Subvert Privacy, I demonstrated how dangerous free tools could be to match privacy information to web clicks. But now that Google has updated their Analytics service to support internal search queries, [...]

Preventing and Detecting Sensitive Data on P2P Networks

Recently, we've heard a lot of talk about P2P apps and data leakage concerning various members of Congress. It started with this article over at NetworkWorld, followed up by the guys at nCircle, directing criticism towards Congree from Techdirt, comments [...]

Suggested reading this week

I've been real busy lately, but I came across several blogs and articles this week that I'd like to share, Andrew Hay style. =) CEO Crime & Punishment -- Ben Horowitz, CEO of Opsware Inc., shares his thoughts on what entices executives to commit white [...]

Dell + Google Toolbar... profit??!?!

Andrew Hay writes: Dell & Google Secretly Installing Software to Make Money Off Your Typos Those bastards, how is this business practice not illegal? New Dell machines that include the Google toolbar as part of a marketing agreement also include a secret [...]

Today's Lucky Numbers are...

09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

What happens when you wait until the last minute

People panic! Last night, TurboTax was unavailable for people to file their taxes. The problems have been since resolved, but let it be a lesson to all of us that we cannot depend entirely on technology. Technology will eventually fail us, like it did so [...]

Risk of Injury to a Minor == Stupid Law

I have been getting just as furious as paperghost lately over the whole Julie Amero case. By now you've all heard about it, a substitute teacher was surfing the internet and then bombarded with porn advertisements she couldn't get away. People debate her [...]

Linux 2.6.20 kernel relocatable on x86

Linus released kernel v2.6.20 (tar.bz2) to the public today, adding virtualization support through KVM and relocatable kernel support for x86, among other changes. The latter feature is an interesting one from a security perspective and for kdump users. [...]

Da Bears!

Once again, we're comin' to ya from Ditka's Restaurant in the heart of Chicago, the city of the big shoulders, and home to a certain team, which come January will run roughshod over the competition in Super Bowl XLI. A team that is known as.....Da Bears!

SCALE: SoCal Linux Expo

Literally right after RSA, SCALE is happening February 10th and 11th. I plan on making the drive out with several other friends from school. The presentations I'm looking forward to: New & Improved: How a More Modern IT Security Model Can Better Protect [...]

TJX security breach.. check

I am not 100% positive or if this just merely coincidence, but I have a feeling my sister has fallen victim to the TJX security breach reported last week. Fraudulent transactions originating in France (of all places) began January 10th, comprosing four [...]

Looking for a new home... host that is

The time is nearing and I will have to move my site to a new host. Along with the move, we'll undergo a domain name change to www.tssci-security.com as well. Currently we're hosted on a dedicated FreeBSD server running Apache, and I'm pretty happy with [...]

InformationWeek, the site who thinks its readers are dumb

Thank you very much InformationWeek! I was reading an IW article, Adobe Patches Acrobat And Reader XSS Bug, 3 Other Flaws, hoping to get some useful information from it. The article contains 15 links, two of which are other IW articles and three direct [...]

New Year's Resolutions

Happy New Year everyone! I had a great night with my friends and a lot of unneeded drama, but oh well. I'm disappointed I wasn't able to snag ShmooCon tickets for $75; they sold out in under three minutes! I'm still organizing a trip with several other [...]

Economic Espionage to Benefit a Foreign Government

A new case in my coverage of espionage stories, the Houston Chronicle is reporting this time a Chinese engineer working in Silicon Valley is indicted on 36 felony counts, including economic espionage to benefit a foreign government and various military [...]

FBI Raid

Remember the college student who had a website that allowed you to create fake boarding passes to get past TSA security checkpoints at the airport? Well, according to his blog, the FBI raided his home and left a warrant and a list of items for seizure [...]

N Korea Conducts Nuclear Test

According to news sources, the USGS in its seismic activity study, claims North Korea has conducted a nuclear test. At the moment, the Pentagon is working to confirm these claims, the South Korean stocks drop like rocks on their stock exchange, and Japan [...]

Farewell Tomcat, Hello JSF!

Alright, so the US Navy is marking this week as the end of line for the F-14 Tomcat. The Tomcat has been showing its age, becoming more expensive to maintain, and slowly being replaced by F/A-18 Super Hornets. As sad as it is to finally see the Tomcat [...]


CAIRNS, Australia - Steve Irwin, the hugely popular Australian television personality and conservationist known as the "Crocodile Hunter," was killed Monday by a stingray while filming off the Great Barrier Reef. [`news.com.au [...]

IBM to buy ISS

No... not the International Space Station (for you Slashdotters...) ARMONK, NY & ATLANTA - 23 Aug 2006: IBM (NYSE: IBM) and Internet Security Systems, Inc. (NASDAQ: ISSX) today announced the two companies have entered into a definitive agreement for IBM [...]

My New Site

I decided to create a page dedicated to what I'm thinking about and the projects I'm currently working on. The page is still being worked on, so the default images are going to go and be more customized to my liking. So, if you want to see what I've been [...]
blog comments powered by Disqus