February 25, 2004 – 12:00 am
My friend Chad is at the RSA Security Conference in San Francisco this week. He’s been posting session notes to his Live Journal: Monday, Tuesday, Wednesday.
[ via Long Story, Short Pier ] Nathan Newman reports that the Freepers plan on stuffing the ballot box in MoveOn.org’s presidential preference poll.
Their genius plan: register multiple addresses and vote for Reverend Sharpton. Well, it says a great deal about Freepers if they think voting for a black man is embarassing.
The econony needs to [...]
March 19, 2003 – 12:00 am
Someone’s planted listening devices in the offices of several EU countries.
March 14, 2003 – 12:00 am
Updating an earlier item, the University of Texas and the US Attorney for the Western District of Texas announced the arrest of a UT student in the investigation of a theft of data from a campus system.
Kudos to UT Austin’s IT division for keeping alumni informed.
Update: 14 March 2003 The DoJ announced the arrest of a student, and that the stolen data had not been disseminated.
[ a big thanks to Laura V. for this ] Of Interest to Fellow UT Austin Alumni: on Sunday, March 2nd 2003, an administrative data system at the university was attacked and confidential information on [...]
February 6, 2003 – 12:00 am
Live Journal considered limits on the number of posts a user can make per day. They are hosting close to a million user ids on the system, and that population is large enough to include a few script kiddies trying to break their servers.
However, if you’re trying to stop script kiddies, then you don’t [...]
November 17, 2002 – 12:00 am
By now, everyone’s linked at Instapundit Glen Reynold’s article riffing on Unqualified Offering’s concept of massively parallel counter-terrorism, but in the light of the Administration opening the crypt where the Nation bricked-in John Pondexter, it’s useful reading.
This is a lesson I keep having to relearn from the Libertarians, you can trust your fellow citizen until [...]
October 10, 2002 – 12:00 am
I had not heard of this hoax before someone brought it up on a non-techie list I’m on.
If you’ve seen mail telling you that you should put wormalert@somewhere.com in your address book to protect you from viruses, it’s a hoax. We have set up an auto-responder at that address so that anyone who sends mail [...]
August 9, 2002 – 12:00 am
The featured story on this week’s A List Apart generated a discussion on security in PHP applications.
The moral of the story is never trust path information that’s handed to your application via GET and POST.
More like this: PHP, security
|
Posted under Uncategorized
|
Because now that the Soviet Union’s gone, someone has to keep up the tradition of the State spying on it’s own citizens.
It’s the Cultural Revolution, only with better marketing.
Joey deVilla observes that its something outta Bablyon 5. Unfortunately, Dellen isn’t around with a Minbari Fleet to save our collective keisters.
First of all, I think this is clever, and I ordered one today. But, given the mood of the country is to torch the Constitution, whipping out the Bill of Rights isn’t going to win hearts and minds at the security checkpoint.
And I’d bet that Homeland Security will ban them.
You gotta play to the mob, [...]
[ via PHP Everywhere ] More on modifying your scripts to support the changes to register variables in PHP 4.2.
March 22, 2002 – 12:00 am
To the members of the committee:
The bill introduced by Senator Hollings of the Commerce committee will have several negative effects:
You will further alienate the American people by codifying the notion that we are all guileless thieves who cannot be trusted in our homes.
How do you plan to gain the respect and trust of the people [...]
March 22, 2002 – 12:00 am
[ via Privacy Digest ] An inconsistent version of Digest Authentication in updates to Internet Explorer means that those clients may only authenticate to Microsoft’s IIS web server. Furthermore, other clients implementing Digest Authentication such as Opera, can’t authenticate with IIS. Microsoft claims a different reading of the standard for Digest Authentication, a method of [...]
March 19, 2002 – 12:00 am
The Mothership in Redmond suggests, Security Recommendation: Disable HTTP-GET and HTTP-POST Protocols for Production XML Web Services.
I need to read the report to see if this is an IIS or a more general problem. Sigh, I suppose we could just unplug the damned things from the router.
