In 2011, we saw a large increase in web site exploits that exposed private user data as well as a breakdown in the trust of SSL (for various reasons) and the introduction of real malware on to the OS X scene. If there were just three things I could ask Mac users to do in… Continue reading
Posts Tagged → Password
WEIS 2011 :: Session 1 :: Attacks :: Where Do All The Attacks Go?
Dinei Florncio Cormac Herley Presentation [PDF] Twitter transcript #weis2011 New threat model (that may scale). Rather than use individual users & attackers, use population of users, pop of attackers #weis2011 assumption/proposition: attacker attacks when Expected{gain} > Expected{loss} #weis2011 (me) more good math on the slides. using the populations, they made a probability model to predict… Continue reading
Herding [Fire]sheep
By now, many non-IT and non-Security folk have heard of Firesheep, a tool written by @codebutler which allows anyone using Firefox on unprotected networks to capture and hjijack active sessions to popular social media sites (and other web sites). The sidebar/extension puts an attactive and easy-to-understand GUI over a process that “real” security people have… Continue reading
Quick Hits :: 2011-01-07
Security Smart Servers spot & block botnet attacks [NewScientist] Passwords are *so* 2010 – Building the ultimate bad arse CUDA cracking server… [SecManiac] Programming Interesting points/counterpoints on the efficacy of Node.js being tied so closely to the V8 javascript engine: NodeJS: To V8 or not to V8 [bruno fernandez-ruiz] On Bruno’s Concern About the Current… Continue reading