risk
Why Hackers Love Wi-Fi
Hackers love wireless networking. At DefCon 15, it was easy to predict which sessions would have lines running out the door and require getting there well in advance for a seat – it was the sessions with “wireless” or “Wi-Fi” in the title. The Wireless Village was very popular, and many of the hacking contests [...]
The Trouble with Copy Protection
SecurityFocus reports that a patch has been issued for a vulnerability in the Macrovision SafeDisc driver. Apparently, due to a flaw in how the driver handles configuration parameters (which probably means a garden-variety buffer overflow), it’s possible for a local user to use the driver to elevate privilege all the way to the kernel. This [...]
Social Engineering For Hire
There’s an article in PC Magazine about a company called TraceSecurity that performs audits of physical security via social engineering. Essentially, companies hire them to steal data, and they do so by simply talking their way into the facility and getting unrestricted physical access to the servers. If a skilled attacker has unrestricted physical access [...]
The War on the Unexpected
Bruce Schneier has a good post today called “The War on the Unexpected,” about the unintended results of asking the general population to report anything suspicious. Even discounting deliberate malfeasance (reporting the neighbor you don’t like as “suspicious”), people find a lot of things suspicious, and the gatekeepers have no motivation to apply intelligent filtering [...]
The Inevitability of False Positives
I was reading an article about web scanner coverage and false positives by Larry Suto that RSnake linked to on ha.ckers. Though this is only tangentially related to the actual paper, it reminded me of something interesting — the inevitability of false positives when detecting something rare. When measuring the error of a detection process, [...]
