Wired reports that the method Nicolas Jacobsen used to gain access to T-Mobile accounts was through a known hole in their WebLogic server – for which BEA had a patch available. This however didn’t make Jacobsen a ‘script kiddie’ – he ended up writing his own custom interface to their customer database. Another good example [...]
Firefox has released version 1.0.1, which fixes the IDN spoofing issue, as well as about a dozen other security issues, and added some performance enhancements. Right now it’s a manual install, and sounds fairly tricky. You may want to stick with the fix I posted earlier for working around this problem until Firefox releases 1.0.1 [...]
It caught my eye that there were two different articles about major IT companies aiming to bring girls into IT this week. eSchool News reports on Cisco’s efforts to make IT, and in particular, their Tech Academy more appealing to girls. One of the interesting points of the article is that research shows girls are [...]
There must be something in the water cooler over at Information Week, because I think this week’s Secret CIO column is right on the money, and I usually disagree with him, or skip the column because it’s just whining about corporate politics. He talks about the commons sense that short password expiration times, combined with [...]
Bob Evans from Information Week has the most sane reporing I’ve read to date on RFID. I’m not sure why most reporters feel the need to create a stir about this technology, but it’s nice to hear a voice of reason. Tweet
A couple of posts ago, I talked about mounting .iso files as virtual CDs, but what if you want to burn that file to a CD in order to give it to a friend? (only legal software like Linux distros, right?) I’ve been using two easy ways to do this for a while without having [...]
A couple of posts ago, I talked about mounting .iso files as virtual CDs, but what if you want to burn that file to a CD in order to give it to a friend? (only legal software like Linux distros, right?) I’ve been using two easy ways to do this for a while without having [...]
I’ve been a big fan of Sysinternals’ freeware offerings for some time. They recently released a rootkit detector that they describe as: “RootkitRevealer is an advanced root kit detection utility. It runs on Windows NT4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode [...]
There is a lot of discussion going on about the hacking of Paris Hilton’s Sidekick. There seem to be four trains of thought: The bimbo gave out her password or used a weak one. Or was it socially engineered from her? At least, that’s what T-mobile should be praying. This was part of Nicolas Jacobsen’s [...]
Andrew White has posted another excellent article @ Novell Cool Solutions on registry hacks for administering student PCs. He calls them ‘draconian”, but I think they’re very insightful. Tweet