Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Security

Submission + - Phishing attacks on Tor anonymisation network (heise-security.co.uk)

Submitted by
juct
juct writes: "The guy who published account data of 100 embassies finally revealed, how he got this delicate information: he implemented a TOR exit node and sniffed the traffic routed through his system. And apparently he is not alone: According to heise Security during the last year the number of TOR exit nodes in the US and China multiplied. They located 26 only in Beijing."
Security

Submission + - Modern Hydra - the new tricks of spammers and phis (heise-security.co.uk)

Submitted by
juct
juct writes: "To shut down a botnet used to be easy: find the central Command&Control server and close it down. Fast Flux networks any more. heise Security describes how bot masters start to implement a new flexible layer of proxy intermediaries. These are numerous, and several replacements are available in the background should one of them be shut down — catch one, and two new ones will appear."
Security

Submission + - The Stamp of Incompetence (heise-security.co.uk)

Submitted by
juct
juct writes: "The electronic stamp service of the German Deutsche Post is a text-book example of how not to implement digital rights management. According to heise Security the PDF keeps you from printing the electronic stamp multiple times by phoning home. Bad luck if your printer had a paper jam the first time you tried to print. Circumventing this "copy protection" is as easy as printing into a file or making a regular photocopy. The copy protection mainly has been implemented to create some kind of barrier — regardless how feeble — to provide a legal basis for the pursuit of fraud analogous to the circumvention provisions of the US DMCA."
Windows

Windows Genuine Advantage Servers Out 300

Posted by kdawson from the single-point-of-disadvantage dept.
krewemaynard writes to let us know that Microsoft has been having major problems with its WGA servers since at least Friday evening. Quoting Ars: "Users of both Windows XP and Windows Vista were writing to say that they could not validate their installations using WGA, and one user even said that his installation was invalidated by the service... The Microsoft WGA Forums are full of problem reports, and Microsoft WGA Program Manager Phil Liu has acknowledged that there is a problem, and that MS is investigating." Update: 07/25 22:10 GMT by KD :Microsoft has identified and fixed the problem and posted instructions for anyone whose system mistakenly failed a WGA check. (The link posted earlier was to a 2006 article.)
Security

Submission + - No more PHP exploits because of Anti-Hacking laws (heise-security.co.uk)

Submitted by
juct
juct writes: "The German security expert Stefan Esser, who declared March to be the Month of PHP Bugs resigns to the new Anti-Hacking laws in Germany and removes all demo exploits from the MoPB pages. In his PHP security blog he explains: "This new law renders the creation and distribution of software illegal that could be used by someone to break into a computer system"."
Security

Submission + - Administrators watch out: "Chaos" about to (heise-security.co.uk)

Submitted by
juct
juct writes: "The CCC summer camp is about to start and administrators are advised to check their web pages more often than usual to check whether geeks have wreaked havoc there. The number of web page manipulation incidents always increases during CCC events. During the 21st Chaos Communication Congress in 2004, about 18,000 web sites suffered intrusions, this year there are already three sites listed as being hacked before the event even started."
Security

Submission + - Password stealing for dummies (heise-security.co.uk)

Submitted by
juct
juct writes: "Ever wondered why Cross Site Scripting (XSS) is said to be such a bad thing? Who on Earth clicks on links that are 8 inches long, contain funny characters en masse and still enters valid log-in data? This heise Security article shows with a little demo that XSS can be hidden everywhere and how this makes your password an easy prey."
Spam

Submission + - "Viagra spam" emperor gets 30 years behin (heise-security.co.uk)

Submitted by
juct
juct writes: "A Federal Court in Minneapolis has sentenced Christopher William Smith, master spammer and web dealer in illegal pharmaceuticals, to 30 years in prison. But despite the CAN-Spam Act introduced in his honour, the charges did not include spamming. Arrested in September 2006, Smith apparently tampered with the prison phone system to evade automatic call recording, and then attempted to negotiate hits on the family of a witness in his trial and of his own wife. The unusually severe sentence is ascribed as much to Smith's general behaviour (absconding and making death threats) as to the specific offences with which he was charged. Strangely, despite the CAN-Spam Act, none of the charges related directly to his use of spam."

Slashdot Top Deals

Things are not as simple as they seems at first. - Edward Thorp

Close