I’m heading to Defcon 16 on Thursday to talk to some fellow hackers, meet colleagues, and to hopefully, not lose my shirt in Vegas. I think I’ll be much too busy to gamble, really.
For a conference that is so technically minded, they didn’t post the conference schedule in a useful format (HTML only! ew!), so [...]

Read Full Post  |  Comments

If you’re responsible for DNS at your organization, I urge you to immediately download updates for your DNS servers and patch them, today. Dan Kaminsky and other members of the DNS community announce that they are releasing patches for an extremely serious cache resolver issue impacting many vendors of DNS software, including ISC BIND and [...]

Read Full Post  |  Comments

Many Unix users are familiar with the system-wide english dictionary, known as /usr/dict/words. Nearly every word in /usr/dict/words has been registered by domain squatters, and most variants of the words are already in the brains of every automated password cracker on the planet.
This wordlist is a source when performing research on frequency tables and [...]

Read Full Post  |  Comments

Over at Chris Shiflett’s blog (he’s the author of Essential PHP Security) he’s got a nice writeup on foiling cross-site scripting attacks on web sites.
While this is an older article ( from 2004 ), it still addresses many dangerous issues that developers continue to create in production code.
One of our developers here recently wrote a [...]

Read Full Post  |  Comments