Hack a day

Monday, October 27th, 2008

I’ve just discovered hackaday.com. For those of you interested in electronics, computers, engineering/etc….. you’ll probably find something interesting to read over there. Each day they will publish a hack from around the web, once a week though they present a video how to. Their most recent video how to at the time of this writing [...]

Big Go-Daddy hosting attack

Friday, June 2nd, 2006

In what feels like a continuation of recent bad news related to major hacks and data losses…..George Ou reports on a BIG hack of GoDaddy hosting customers. There was also a big hack-athon by Turkish hackers over the last week that will be recorded as the biggest mass-web-site-defacement on record… There seems to be a [...]

Ernst & Young loses laptop, exposes almost 250k hotels.com customers – database mayhem roundup

Thursday, June 1st, 2006

The Register is reporting on Ernst & Young’s loss of a laptop which had information on around 243,000 hotels.com customers. Apparently Hotels.com was notified on May 3rd. Apparently the laptop made use of a password as the only security measure. From the article….    Send article as PDF   

Network Security – Arp spoofing series

Monday, January 30th, 2006

I think I’ve wrapped up the series on arp spoofing and it’s implications for network security. I know there’s nothing earth shattering here, most network security types are well aware of the problems (and perhaps aware of more sophisticated solutions?). For some though, this series is likely an eye opener as there are myths that [...]

WMF 0-day update

Thursday, December 29th, 2005

Last night while I was in the midst of infecting a virtual machine, Microsoft issued a release that there’s a “possible vulnerability”… fortunately, their technical document is a bit more straightforward… technet advisory here. Spyware Confidential also has a good roundup on the coverage so far. There’s a bit more disturbing stuff coming too…    [...]

Workaround for the critical WMF zero-day exploit

Wednesday, December 28th, 2005

The Windows Meta File (WMF) zero-day (0-day) exploit is apparently, VERY nasty, no user intervention required (unless running firefox or opera). Just VISITING a malicous site (viewing a malicious email with image…) would be enough to get the system owned. It sounds as though a FULL reinstall is the best solution. Sunbelt has had some [...]

GMail security problem fixed

Friday, November 18th, 2005

Google’s not had a great week it would appear (Sony’s had worse… but that’s another story). The Analytics launch was somewhat rocky from most accounts and there is a GMail security bug that’s been announced and fixed. Details on the bug are here, and a writeup is also here. Apparently a flaw in the authentication [...]

Google Hack honeypot

Thursday, August 4th, 2005

I’ve found The Google Hack honeypot thanks to an entry at sans.org in the handlers diary. I’ve looked at it and it’s an interesting idea. The honeypot installs on your website and is invisibly linked to from another page. This way it gets spidered as if it was a real site. Then, it logs hack [...]

More phishing phighting

Friday, July 29th, 2005

I mentioned that I had gone after another two phishing sites the other day. One was down within 24 hours. I was impressed with the responsiveness, but it’s possible I wasn’t the first to complain. Still it was good to see it gone. I’m still working on the second. It’s hosted at an xo.com ip [...]

Web www.averyjparker.com

Switch to our mobile site