A Study of Smart Cards

Cards are quite an interesting species of object that have invaded our lives in every way: we either use them for public transit, laundry, gift cards, phone cards, credit cards etc… One could gather quite a lot of power buy not only understanding their functioning, but also by being able to tamper their data. I […]

A small and quick introduction to ARP poisoning

This article won’t be about something new nor something extraordinary for any experienced computer security or even the average hacker, but since I’ve been ask this question quite often by some of my friends, I decided to explain how to sniff passwords from a network.  Moreover, I’m well aware I haven’t been writing anything for […]

Fun at the Library – Part 1

Since this is a slow news day, and I have an essay to handout tonight, I’ll just related one of my experiment I started yesterday. As I have more time, I will push further into the system. While waiting for a friend, I decided to stop by the library to pass time. As I was […]

Internet Explorer 7 Attack in the Wild

Bits of information about the new 0-day exploit are surfacing on the web. This exploit provokes a heap overflow in the XML parser of Internet Explorer 7. The exploit works with the fully patched version of Windows XP, Windows Server 2008 and Windows Vista SP1[1]. The Infection The exploit is initiated by a JavaScript file […]

ENISA releases list of mobile phones vulnerabilities

The European Network and Information Security Agency (ENISA) release a paper about general vulnerabilities that is affecting or will affect mobile communications. The organization surveyed experts via different medias to gather concerns from the industry about the future of wireless communications. The document discusses security issues about three different types of devices, each using wireless […]

Hacking Passwords from Google Mail Account Holders

Update: Apparently, the users whom domain were hijacked were hit by phishing attacks instead if using the vulnerability described below. Google deny this vulnerability, and are saying this bug was fixed last year. I was, however, still able to create the filter by forming the URL described when I didn’t sign off correctly. (by clicking […]

International Monetary Fund Infected With Spyware

According to a misleading and pretty much unrelated article, FOX News reports that the International Monetary Fund (IMF) network has been infected by spyware[1]. The IMF denies any security breach or critical intrusion problems. The article goes on discussing various topics such as the financial crisis, cyber security of the new president-elect and event describe […]

Programmer Convicted of Hacking U.S. Government

a person typing on laptop-while-wearing a fingerless gloves

Victor Faur, a Romanian accused of hacking the U.S Navy, NASA and Department of Energy systems between 2005 and 2006 has been accused of illegally breaking into unauthorized computer systems. At the end of a 10 months trial, the 28 years old computer programmer received a 16-month suspended prison sentence and will have to pay […]

TCP/IP Weapons Course to be Given at Black Hat Europe

For those who can get on location – and can afford it – Richard Bejtlich, from TaoSecurity will give a 2-days course on how to detect and react to an attack on a network. The course will cover those points: Collection: What data do you need to detect intruders? How can you acquire it? What […]