SEARCH RESULTS
 
Showing 1-10 of 25 records
 
Expand article

How a Classic Man-in-the-Middle Attack Saved Colombian Hostages

2008-07-10 01:00:00 by Bruce Schneier in Wired Security
 
...fool both sides -- because electronic communications are often intermittent. Imagine that one of the FARC guerillas became suspicious about who he was talking to. So he asks a question about their shared history as a test: "What did we have for dinner that time last year?" or something like that. On the telephone, the attacker wouldn't be...
 
Tags: implement mitm attacks, implement, mitm attacks, mitm, attack, mitm attack, bank, bank demands authentication, bank assumes
 
 
 
 
Expand article

Man-in-the-Middle Attacks

2008-07-15 06:47:19 by schneier in Schneier on Security
 
...fool both sides -- because electronic communications are often intermittent. Imagine that one of the FARC guerrillas became suspicious about who he was talking to. So he asks a question about their shared history as a test: "What did we have for dinner that time last year?" or something like that. On the telephone, the attacker wouldn't be...
 
Tags: implement mitm attacks, implement, mitm attacks, mitm, mitm attack, bank, bank demands authentication, bank assumes, attacker inserts
 
 
 
 
Expand article

Fierce 1.0

The Article has images
2007-12-20 16:39:32 by RSnake in ha.ckers.org web application security lab
...fool fierce into stopping before it sees the real output. Alas, it was a small but important issue to fix So! Much much more work to be done. Not the least of which is better dictionary support (especially with cnames like www.corp.company.com where corp represents a sub dictionary) better enumeration for things like www01, www02, etc Future...
 
Tags: fierce, fool fierce, production kinks, zone transfer, backtrack, production, dictionary, corp, kinks
 
 
 
 
Expand article

Cracking passwords on a PlayStation

2007-12-03 16:37:00 by Keith Brown in Security Briefs
 
...fool yourself - your keyspace is not 256 bits! If you used a 12 character password, it's only a 79-bit keyspace. And that's the best case, assuming you included numbers, punctuation characters, as well as upper and lower-case letters, and generated it from a good random source. If you only used numbers, you'd end up with a whopping 40-bit...
 
Tags: password, character password, key, password database, keyspace, 256-bit aes key, 40-bit keyspace, passwords, encryption
 
 
 
 
Expand article

Security Products: Suites vs. Best-of-Breed

2008-03-10 06:33:16 by schneier in Schneier on Security
 
...fool ourselves into believing whatever we don't have is better than what we have at the time. And the real solution is to buy results, not products Honestly, no one wants to buy IT security. People want to buy whatever they want -- connectivity, a Web presence, email, networked applications, whatever -- and they want it to be secure. That...
 
Tags: security, non-security companies, security companies, companies, magic security dust, provide, security industry, provide security, industry
 
 
 
 
Expand article

Things are not always what they seem - just ask Eliot Spitzer.

2008-03-11 13:17:00 by John Sexton in The Bullet Proof Blog
 
...fool us, then a future employee, vendor, internet scam artist or street pick pocket can also do it. Protect your assests and safeguard your future While you're at it, expect the unexpected Visit Sexton Executive Security at www.sextonsecurity.com
 
Tags: spitzer, eliot spitzer, street, street corner, street pick pocket, daily lives, lives, proverbial cookie jar, future employee
 
 
 
 
Expand article

FBI CSRF and Jail How to Get Someone Raided

2008-03-20 22:09:20 by Bill in Grumpy Security Guy
 
...fool the system. CSRF is better because your browser will actually go to the page and a forensics examination of your machine will show that you went there. Not a good position to be in in court with a jury and often times judge with no technical background at all Update from my buddy Zeno : The file that keeps track of places IE has been,...
 
Tags: fbi csrf, csrf, fbi, classic csrf, penetration test, penetration test rarely, control content, control, content
 
 
 
 
Expand article

PWN 2 PAWN: Why the Vista hacker turned to eBay

2008-04-02 00:00:00 by Robert McMillan in Network World on Security
 
When Shane Macaulay tried to sell the Fujitsu U810 laptop he won in a hacking contest last week, it seemed almost like an April Fool's joke
 
Tags: fujitsu u810 laptop, shane macaulay, april fool, joke, week
 
 
 
 
Expand article

Third Annual Movie-Plot Threat Contest

2008-04-07 15:50:38 by schneier in Schneier on Security
 
...fool DNA detectors. The Quantum Sleeper . Fear offers endless business opportunities. Good luck Entries due by May 1 The First Movie-Plot Threat Contest rules and winner . The Second Movie-Plot Threat Contest rules , semifinalists , and winner EDITED TO ADD (4/7): Submit your entry in the comments
 
Tags: movie-plot threat, annual movie-plot threat, criminal risk, risk, common household risk, product idea, product, terrorism risk, entries
 
 
 
 
Expand article

A better DOS than DOS and a better Windows than Windows

The Article has images
2008-04-17 20:36:34 by HASH0x8b37820 in StillSecure, After All These Years
...fool yourself. If you are going to rely on Microsoft Exchange, Microsoft AD and other Microsoft server products plus Microsoft applications and you are going to run your Mac hardware running Windows in a virtual hypervisor on top of it, you are just a "better Windows than Windows" but you still run Windows. Microsoft will use its stranglehold...
 
Tags: windows, joe wilcox miss, joe, real windows, windows market, microsoft, microsoft server products, wilcox, microsoft exchange