Looks like a dutch datacenter providing virtual private servers (VPS) got owned. The community-driven Soleus Hosts has exported their iSCSI targets world-writeable, unless some bored dutch guy demonstrated the seriousness of this incident by replacing all the ssh-keys on the compromised boxes. (via bugblue)
SIGINT is a conference on discourse in the digital age, brought to you by the Chaos Computer Club, one of the biggest and most influential hacker organizations in Europe. Its stated purpose is to bring together, surprise, and enlighten those interested in playful and clever interactions with computers, networks, art, politics, and society. SIGINT is about participation and making the world a better place. The conference takes place in Cologne, Germany, in close proximity to the Ruhr area in Western Germany and not far from the borders of the Netherlands, Belgium, and Luxemburg.
Hidden malicious circuits provide an attacker with a stealthy attack vector. As they occupy a layer below the entire software stack, malicious circuits can bypass traditional defensive techniques. Yet current work on trojan circuits considers only simple attacks against the hardware itself, and straightforward defenses. More complex designs that attack the software are unexplored, as are the countermeasures an attacker may take to bypass proposed defenses. (via fefe)
I dislike PHP. It's because it's users. The lecturer tells about xss among others and guess what his site suffers from? sigh.
In 1950, Alan Turing proposed a test to determine artificial intelligence: when an observer cannot distinguish a machine from a man (connected with a typewriter), this is artificial intelligence. Today, the day has come... (via fefe)
There's a new staff and a new release of the legendary phrack e-zine. (how could I miss this?)
boing boing reports that the brand new hddvd encryption key was leaked one weak after its rollout. grats.
"I've always wanted to change my legal name to ;DROP DATABASE; and see what kind of havoc ensues..."
The good, the bad, the ugly. Wireshark/Ethereal is probably the worst software ever written (besides IE). It counts 112 CVE entries and I finally give up hope that this software will ever improve. Why is it that hard to write a protocol analyzer?