Update (11/05/08): This solution should work for very small user bases, and it’s what worked for me. It might not work for you, and definitely won’t be practical if you have a large user base to manage. If you have a large user base (some have reported 4200+) then I suggest that you contact your [...]
Ben Worthen from the Wall Street Journal posted an interesting article about the fact that anti-virus companies were turning to gimmicks to try to raise awareness to the number of recent data security breaches. In this article, Worthen calls them out for what they really are — “publicity seeking moves”. Worthen cites anti-virus companies in [...]
If you’ve ever heard any of my presentations, one of the things I like to say is that malicious hackers, or any other types of criminals, are like electrons — they tend to, if not always, take the path of least resistance. That is, if given the choice between attacking system A, which requires 1 day of effort, [...]
Hi everyone, Kevin here. If things weren’t interesting enough already with this coming US presidential election, CNN reported this week that the Ohio Secretary of State’s office Web site was hacked (http://www.cnn.com/2008/POLITICS/10/22/ohio.website.hacked/). Government site hacking is pretty common, but what was particularly interesting about this was in the article Ohio’s Secretary of State reported that [...]
Hey everyone, Kevin here. I took our assessment product prototype out for a spin the other day, and it detected a fairly interesting SQL injection vulnerabilty on an extremely popular Web site (Alexa top 100 in the United States at least). The SQL injection vulnerabilty revealed itself in a HTTP 500 error response, similar to the following [...]
