user data stolen — again

You’d think that a Monster once bitten would be twice shy.  But even though user information has been stolen from on at least two prior occasions, it has happened yet again.  This time, the data includes user IDs and passwords, as well  as contact information.  Monster does not store Social Security numbers, thankfully.  The […]

100 Million Credit Cards Stolen in Largest Cyber Crime Ever

If you are a small company that needs to process credit card payments, you probably can’t afford an expensive solution and high processing fees.  Most small customers go with a tailored service that understands small business needs, and one of the best companies working with small businesses is Heartland Payment Systems.  Chances are, if you […]

Antivirus 2009 Fail – A Good Reason to Use Linux

Can you spot anything wrong in this picture? It probably won’t be what most of you will think right away. Click to enlarge Now, if you “got it”, do you really need another reason to switch? [Via Digg]

A Lesson in Password Security

By Miss Cellania Contributing Writer, [GAS] Wired’s Threat Level blog has an interview with GMZ, the hacker who briefly helped himself to some high-profile accounts at Twitter a few days ago. The way he got in was ridiculously simple. 1. He identified a very active account. It later turned out to belong to a Twitter […]

Microsoft to Release Emergency Patch for Critical IE Flaw

According to Brian Krebs’ Security Fix blog, Microsoft is releasing an out of band patch to fix the critical flaw in all versions of Internet Explorer that we discussed on [GAS] last week.  This is great news.  While the number of home computers compromised by this attack is only about 1 in 500, security companies […]

IE7 0-Day Exploit Compromising Thousands of Hosts

By PatB Contributing Writer, [GAS] Hackers love to play cat and mouse with security firms.  A case in point is the current Internet Explorer 7 unpatched vulnerability being exploited worldwide.  On Tuesday, hackers waited until Microsoft released their monthly patches before revealing an undisclosed vulnerability in the web browser software, giving villains the maximum amount […]

Palin email guy : don’t call him a hacker

By Mark O’Neill Contributing Writer, [GAS] Lawyers acting for the guy who allegedly broke into Governor Sarah Palin’s Yahoo email account have filed motions arguing that their client should not be called “a hacker”.   Why?   It gives off “negative connotations”. So what are we supposed to call him?   An “email security tester”? “Because of the […]

Network Analysis: The Future is Now, and it’s FREE

Anyone in the cyber field that has been involved in a network investigation to determine the source and scope of a compromise knows that the process is time intensive.  Traditionally, such investigations require logfiles from various sources:  routers, firewalls, intrusion detection systems, and maybe packet captures from a sniffer if you have one.  Reconstructing the […]