Looks like a dutch datacenter providing virtual private servers (VPS) got owned. The community-driven Soleus Hosts has exported their iSCSI targets world-writeable, unless some bored dutch guy demonstrated the seriousness of this incident by replacing all the ssh-keys on the compromised boxes. (via bugblue)
SIGINT is a conference on discourse in the digital age, brought to you by the Chaos Computer Club, one of the biggest and most influential hacker organizations in Europe. Its stated purpose is to bring together, surprise, and enlighten those interested in playful and clever interactions with computers, networks, art, politics, and society. SIGINT is about participation and making the world a better place. The conference takes place in Cologne, Germany, in close proximity to the Ruhr area in Western Germany and not far from the borders of the Netherlands, Belgium, and Luxemburg.
Three London hospitals have been forced to shut down their entire computer systems for at least 24 hours after being hit by a virus.
Sending out enciphered postcards is great fun. The hackers at Entropia have published a set of cards on their website. Some postcards have already been deciphered, others are still undisclosed.
I tried to log in to Apple Developer Connection this morning to find out that my password had been changed and the email associated with my account was now a yahoo.com address that wasn't mine. Luckily, my "security question" was still the same, so I was able to reset the password and email address back.
It used to be that just the entertainment industries wanted to control your computers -- and televisions and iPods and everything else -- to ensure that you didn't violate any copyright rules. But now everyone else wants to get their hooks into your gear.
Some of you may be aware of the technique of banner grabbing to find out what software is running on a remote machine. It is done by reading out transmitted data that contains a product name and/or version, such as HTTP's "Server:" response header. Like virtually every content sent by a server, the server is totally free what to send, i.e. this can be easily faked by an HTTP server's admin, and is sometimes even done.
How do you protect yourself from dataloss, espionage, trojans, spam and worms? Information security is of central importance to companies. In various workshops, practitioners inform about existing risks and possible counter actions. A live demonstration shows how hackers work and where you can find possible security holes.
Hidden malicious circuits provide an attacker with a stealthy attack vector. As they occupy a layer below the entire software stack, malicious circuits can bypass traditional defensive techniques. Yet current work on trojan circuits considers only simple attacks against the hardware itself, and straightforward defenses. More complex designs that attack the software are unexplored, as are the countermeasures an attacker may take to bypass proposed defenses. (via fefe)
I dislike PHP. It's because it's users. The lecturer tells about xss among others and guess what his site suffers from? sigh.
