Some of you may be aware of the technique of banner grabbing to find out what software is running on a remote machine. It is done by reading out transmitted data that contains a product name and/or version, such as HTTP's "Server:" response header. Like virtually every content sent by a server, the server is totally free what to send, i.e. this can be easily faked by an HTTP server's admin, and is sometimes even done.
Reprinted from: CACM 27/8, pp. 761-763 » .
boing boing reports that the brand new hddvd encryption key was leaked one weak after its rollout. grats.
Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications. David Brumley, Pongsin Poosankam, Dawn Song, and Jiang Zheng.
I tried to log in to Apple Developer Connection this morning to find out that my password had been changed and the email associated with my account was now a yahoo.com address that wasn't mine. Luckily, my "security question" was still the same, so I was able to reset the password and email address back.
they have delivered 100.000 units, all configured with a backdoor
"I've always wanted to change my legal name to ;DROP DATABASE; and see what kind of havoc ensues..."