LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
How strictly do your users obey your security policies?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
Emily Ratliff: OS Security
DanWalsh LiveJournal
Security Bloggers Network
Latest Newsletters
Linux Advisory Watch: November 21st, 2008
Linux Security Week: November 17th, 2008
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Hacks/Cracks
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.



Identity Attack Spreads; 1.6M Records Stolen From Monster.com  21 August 2007 
Source: Network World - Posted by Eckie Silapaswang   
Everyone wants to make sure their financial institution is secure - the bank has security cameras, their websites use the strongest encryption algorithms, the works. What do you do when another store of your own personal wealth is compromised? What if this store of wealth is your very own identity along with your entire history of accomplishments? Read on to find out why security just isn't for "banks and money" and such - the very place people invest their hopes and dreams in gaining a better career is at risk.

Write Comment

 
New E-mail Attack Designed to Bypass Antivirus Products  15 August 2007 
Source: tmcnet - Posted by Bill Keys   
Avinti, a developer of proactive e-mail security solutions, has issued a security alert about a new e-mail attack that disguises malicious code behind a seemingly harmless e-greeting. Is this just another one of theses attacks which tries to trick users in downloading a virus? What I found interesting that the articles states that theses types of emails should not be considered Spam. What do you think? This also brings up the question should spam filter's try to block theses emails or is it the responsibly of anti-virus software?

Write Comment (1 Comments)

 
'Hackers' Deface UN Site  13 August 2007 
Source: Computer World - Posted by Eckie Silapaswang   
This just shouldn't be happening, no matter your side of the political fence. Last Sunday resulted in the UN website being publicly defaced with political messages from the hackers. I'm saying this shouldn't be happening because the attackers used an SQL injection attack against a reported "very common vulnerability". These types of attacks are "fairly easy to avoid and very surprising to find in such a high profile site". No matter what wing we fall under, security specialists should always fall under the role of doing your job, and making sure common holes like these are patched and secured.

Write Comment

 
VoIP Hacker Talks: Service Provider Nets Easy Pickings  10 August 2007 
Source: Network World - Posted by Eckie Silapaswang   
Robert Moore, a 23-year old hacker from Washington, summarizes his $1 million heist of VoIP minutes. His methods involved brute-force attacks against Cisco XM routers and Quintum Tenor voice gateways in order to gain access and route calls through them. Just to clarify (FTA) - the attacks could easily have been prevented if the default passwords were changed on the routers. Even so, read on to find out how he confused the intrusion detection systems, how he gained the address to attack, and how he knew which attacks to send to which ports.

Write Comment

 
Bug Bounty Program Answers Critics  10 August 2007 
Source: Computer World - Posted by Eckie Silapaswang   
This article brings up two interesting questions - should vendors place bounties on zero-day exploits in order to get a jump ahead in developing the signatures for the attacks? What if these signatures could be reversed-engineered to create an even deadlier exploit? Read on for a look into the cat and mouse chase of security vendors attempting to gain the upper hand on shutting down zero-day attacks, only to have their defense used against them. How do you feel about bug bounties?

Write Comment

 
Hackers click locks open at conference in US  06 August 2007 
Posted by Eckie Silapaswang   
"If you can't physically protect your computer, you are screwed," said Zac Franken, a hacker who engineered a way to outwit door locks relying on key cards. A security research from DefCon recently reported on several major vulnerabilities in some key locks used by not only home and businesses, but by the White House and Pentagon as well. Franken brings up a very obvious but often overlooked point - people leave computers on at night thinking that the building they're in is secure, but this is not the case. Read on to find out what steps Franken has taken in his attempt to report his claims.

Write Comment (1 Comments)

 
Hackers Hunt Invisible Rootkits  04 August 2007 
Source: TechWorld - Posted by Bill Keys   
Security researchers at the Black Hat show in Las Vegas are debating whether rootkits that mimic virtual machines can ever be detected. I have heard about virtual machine rootkits before but I did not think that they were undetectable. What do you think, are these rootkit really invisible?

Write Comment (1 Comments)

 
Hackers Crack VoIP Phones  03 August 2007 
Source: TechWorld - Posted by Bill Keys   
Sec Partners has detailed half a dozen ways to hack into VoIP phone systems that use the H.323 and Inter Asterisk eXchange protocols. Himanshu Dwivedi, principal partner at iSec, and Zane Lackey, security analyst there, also released exploit tools to back up their claims about the weaknesses in H.323 and IAX. Does this prove that we need to start thinking about VoIP security more seriously? I know I don't think about it much. Maybe the VoIP software will have to starting using security technologies like encryption or authentication. What do you think will help improve VoIP security?

Write Comment

 
BlackHat 2007: Day One Recap Wednesday Aug 01 2007  03 August 2007 
Source: ITtoolbox - Posted by Eckie Silapaswang   
Take two popular forensics tools (Sleuth Kit and Encase) and hammer and fuzz the hell out of them. What do you get? Read on to see a recap of a Black Hat Conference session as the writer gives you the results of the tests. I also enjoyed his few choice lines at the end concerning proper overall etiquette (hackers are human, after all ... most of us at least)...

Write Comment (1 Comments)

 
The Perfect Attack Against Your Security?  12 July 2007 
Source: ZDNet - Posted by Bill Keys   
"A socially engineered e-mail, which contains a Trojan file that exploits a zero-day vulnerability and then hides behind a rootkit, might be the perfect attack and impossible to defend against." It made me think is socially engineered hacks the perfect hack? Is fooling users considered the perfect hack? I feel finding a security vulnerability in software and using that vulnerability in a attack should be considered in a perfect attack.

Write Comment (1 Comments)

 
<< Start < Prev 4 5 6 Next > End >>

Results 41 - 50 of 1234
    
Partner:

 

Latest Features
A Secure Nagios Server
Never Installed a Firewall on Ubuntu? Try Firestarter
Review: Hacking Exposed Linux, Third Edition
Security Features of Firefox 3.0
Review: The Book of Wireless
April 2008 Open Source Tool of the Month: sudo
Open Source Tool of March: ZoneMinder
Yesterday's Edition
Hardening The Linux Kernel With Grsecurity (Debian)
Upcoming Conference Talks on SELinux Applications: sVirt and Kiosk Mode

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
  Security Projects ,   Latest News ,  Newsletters ,  SELinux ,  Privacy ,  Home,
 Hardening ,   About Us,   Advertise,   Legal Notice,   RSS,   Guardian Digital

(c)Copyright 2008 Guardian Digital, Inc. All rights reserved.