Monthly Archives: October 2006
Google’s Code Search Feature
Google launched a new code search feature on Tuesday. At least two sites already offer this functionality, but a great deal of attention follows Google wherever they go.
Code search is a great resource for web developers and programmers, but like the making available of all previously unsearched bodies of information, it’s given lots of flashlights to people interested in exploring dark corners. Here are some things that people have uncovered already:
- Customer databases with names, addresses, zip codes, phone numbers, and weakly encrypted passwords
- WordPress usernames and passwords
- Lots of nerd jokes like “here be dragons”
- “To be fixed” code
and many other thing.
SecureRF
- SecureRF
- Claims to offer the first feasible security for RFIDs. Conventional public key cryptography (such as RSA) is far too computationally intensive for an RFID. SecureRF provides a similar technology at far lower footprint by harnessing a relatively obscure area of mathematics: infinite group theory, which comes (of all places) from knot theory, a branch of topology.
Home computer security: a survey
The home computer security is an important chapter related to the security.
From the BBC site:
A BBC investigation into net-based attacks on Windows PCs found they could happen as much as every 15 minutes.
At least every hour, an unprotected PC set up as a honeypot logged a malicious attack that could render it unusable or make it access other machines
The Get Safe Online study released by the government found 21% of respondents felt most at risk from net crime, while 16% worried most about being burgled.
Intercepting VoIP calls
Intercepting normal telephone calls over landlines or mobile phone networks has become a routine procedure, Voice over IP connections frequently present a problem for investigators, especially when the persons being monitored use Skype via foreign servers or call direct from PC to PC and encrypt their data.
The Swiss Department of the Environment, Transport, Energy and Communications (UVEK) is therefore examining the use of spy software to allow it to listen in on conversations on PCs.
The software comes from Swiss security company ERA IT Solutions, which intends to supply it only to investigation agencies.
Comodo to give free security tools
From the company forum:
What Comodo is trying to do is simple! Give high quality high security desktop security products for free!
Admin password security survey
Interesting article about administrator (or super-user) password.
Cyber-Ark Software’s Enterprise Privileged Password Survey looked at the use of privileged or administrative passwords that exist within most computer systems or software applications.
Half of all enterprises have more administrative passwords than those attached to ordinary user accounts. And the 42 per cent of these privileged passwords are never changed, according to a survey.
Weak admin password security represents a well-understood hacker risk but many firms are failing to take the threat into account in their operations despite reports of widespread security breaches and concern over the issue.
PhishTank
PhishTank (a new OpenDNS project) went live this week:
PhishTank is a collaborative clearing house for data and information about phishing on the Internet. Also, PhishTank provides an open API for developers and researchers to integrate anti-phishing data into their applications at no charge.
Dying with your Passwords
Passwords are becoming, always more, part of our normal life.
This is an interesting story on the risks of dying without telling anyone your computer passwords.
