A short note...I was suprised with the way Firefox automatic update works. A positive suprise, I'll add. The info about security update appeared a minute or so after I ran FF, even before I learned about the patch.
One thing is important here, however. Making sure the update is authentic is a serious thing. Doing it wrong could cause enormous problems.
My favourite April 1st post this year: contest. A very special one. Bruce Schneier is asking for a movie plot showing a terrorist attack.
He's writing that the contest is real. It doesn't change my opinion concerning the best April 1 post.
RFID tags have very small storage. It's easy to assume they can't be used to attack other systems. It's not true. Data from the tags can be modified to cause buffer overflows, SQL injections and other attacks. The reason? Software that receives the data do not always parse it correctly.
It's nothing new. It's nothing new to read opinions like the one below (written until first big crash of the new system):
While we have some hesitation in giving the ''bad guys'' precise information on how to infect RFID tags, it has been our experience that when talking to people in charge of RFID systems, they often dismiss security concerns as academic, unrealistic, and unworthy of spending any money on countering, as these threats are merely ''theoretical.''
Techweb article shows possible reasons for the recent Citibank PIN scandal (large number of PINs for debit cards were stolen and new cards released in UK, Russia and Canada).
It happens (according to the article) that PIN encrypted data and keys used to encrypt them are kept at the same place. The question is why the PIN data is stored at all...
There was an interesting experiment: cdrom disks were given to employees of big financial institutions in London. The disks were said to be a Valentine Day promotion. They also had labels about not bypassing security policy.
The result? Just as expected. The software was run. Fortunately for the companies the program just made a notification. Imagine a case when it installs spyware, keylogger etc.
Famous cryptographer Adi Shamir says that many popular RFID tags can be easily cracked. They show specific power use patterns when recived bit is equal to the one expected in password. He tested a tags from populra vendors and they all seem to be unprotected.
Shamir thinks that a cell phone is enough to kill all the tags in the area. Bad news to the ones who want to use such tags everywhere.
I had yet another blog spammer's visit. This is interesting and shows how creative techniques they use.
First, it was a comment spam. Two entries (more than 6 months old) were affected. For someone who's not looking at ALL the comments, it'd be hard to spot.
The spam started to appear when there was a gap between the entries. When I posted a new entry, it stopped. This behaviour has reasons. When blog is not visited by the author it's a 'good' idea to spam it. Better profits. Taking the number of abandoned blogs...
IPs -- different. Looks like a botnet or something similar.
Time between posts. That's interesting. One and a half to eight hours. I guess it has something to do with the ranking system that says 'modified -- good, but modified too often -- bad'.
I have strange thing in my logs recently. Hundreds of visits from different IPs, with exactly the same User Agent headers and six different Referers. The addresses (or headers) are obviously spoofed, the Referer link is referer spam (from sites in .tf and .nr domains).
The interesting thing is, however, what they link to. To only one post -- the one I made in August about referer spam. What's even more interesting, I have found such links on at least one more site (which has no anti-referer protection), also in text about referer spam.
DRM (Digital Rights Management) is the topic I wrote about from time to time. After a number of discussions in the real life and online I started searching for studies showing benefits of DRM. Yes, benefits. And detailed studies, what means real research, not wishful thinking or marketing. And you know what? I couldn't find any... Still searching, however. If you know one, share a link to it with me.
A good read for everybody who may think about making secure equipment: a story of one product that failed. Explained in details why.
Recently performed research shows that attacks come after about five per cent of portscans.
It's more than I through (taking the amount of scans every machine online gets a day). It would be interesting to see how it looks for a 'desktop' machines (the research was made for honeypots, which were, probably, configured as servers), then compare the results and see if there's a pattern.
SANS shows how much it takes for an unpatched system to be attacked. That should be shown for every new Internet user, but unfortunatelly they usually learn about security after they have a compromised machine (or much later, in many cases).
The time when the data retention directive will be passed or rejected is comming. That reminded me about it and cause me to read the text. Well... disaster. From technical point of view it's just a disaster. Many possible ways to interpret it, especially my favourite, 'connection' used when talking about IP (there are *no* connectons at the IP level, there are connections at TCP level, but, technically, not on UDP one).
As a side note, strange ideas can be founc everywhere, an Australian senator wants ISPs to use filters to filter 'inappropriate' materials. Apart from the fact that implementing such thing is nearly impossible...
I stop here.
apt-get install tor
Polish online bank mBank changed the way its' online login system works. Now it doesn't accept browsers that don't sent Referer header (it can be turned off in Firefox and Opera). The error message the user gets looks like a notification about system compromise.
When Referer is sent, login goes smoothly. The problem is that you need to know the case of the problem. Support line doesn't help at this point.
