Security and the Net

.SE domains offline

Maarten — Tue, 13 Oct 2009 18:09:07 +0000

Due to a bug in new software, all .se domain names have been unreachable last last night, and can in some cases continue to be unreachable. The problem started when the .SE registry published an updated list of nameservers. It’s an error DNS administrators around the world make on a daily basis, but it’s been [...]

Is mobile advertising working for Google?

Maarten — Tue, 22 Sep 2009 18:16:43 +0000

A little over a year ago, Google’s CEO Eric Schmidt said that the mobile Internet was “the next major growth wave for Google”. His prediction at the time was that mobile advertising revenue would surpass the revenue seen from “traditional” ads. Several months after Schmidt made these predictions, I first installed the incredible WPtouch theme [...]

Printing handcuff keys

Maarten — Fri, 18 Sep 2009 19:43:35 +0000

At this year’s Hacking At Random event/conference (HAR2009), a member of SSDeV (the “Sportenthusiasts of Lockpicking”) managed to pull off a very cool stunt: he copied a key for police handcuffs without owning the original key itself. What he did was print a key using a 3D printer; the key was created and checked by [...]

Extensions coming to Chrome browser

Maarten — Sun, 13 Sep 2009 18:35:10 +0000

Last week, the Chromium development team announced that the extension system has finally been released to the dev-channel. This is an important step, since it means users of the most bleeding edge version will now have the extensions system on by default, without requiring them to boot Chromium with the –enable-plugins flag. The “dev channel” [...]

Dutch Ministry accidentally publishes credit card info

Maarten — Sat, 12 Sep 2009 16:24:39 +0000

While the list of credit card numbers isn’t that large, this might just be one of the biggest blunders I’ve seen this month. The Dutch Ministry of Internal Affairs managed to publish the credit card numbers and expiration dates for both the Minister of Health and the Minister of Justice. The Telegraaf, one of the [...]

Tele2 Netherlands giving the same password to all users

Maarten — Sun, 23 Aug 2009 07:34:47 +0000

The Dutch branch of ISP Tele2, an European ISP that is active in 11 countries, has just admitted that they use the same password for all new subscribers. Their procedure goes like this:When a new subscriber signs up, they can choose a login or are assigned one. They are then sent a letter by Tele2 [...]

Palm defends tracking Pre user locations

Maarten — Sun, 16 Aug 2009 20:24:22 +0000

Would you like it if you knew the manufacturer of your phone was tracking your location every day to give you a “great user experience”? I personally wouldn’t buy a phone that does this, but this is exactly what Palm’s Pre is designed to do. Faced with complaints about this feature, the best explanation Palm [...]

How not to respond to security issues

Maarten — Sat, 15 Aug 2009 19:48:51 +0000

Wat is the worst response you can give when someone alerts you about a security issue in your software? I can almost hear you thinking: “waiting two years to fix it“, but there is an even worse response. Some companies just simple don’t respond at all. Simply amazing… After verifying the issue we contacted the company [...]

Squirrelmail plugins altered by hackers

Maarten — Tue, 04 Aug 2009 19:37:31 +0000

Last month, the webserver hosting the popular open source webmail suite SquirrelMail was compromised. At that time, the maintainers thought no source code had been altered: At approximately 1700 GMT, on June 16, it was discovered that the SquirrelMail webserver had been compromised. The project administrators took immediate action to mitigate any futher compromises, locking all [...]

Dutch court rules that The Pirate Bay should be blocked

Maarten — Thu, 30 Jul 2009 15:14:12 +0000

A Dutch court has just ruled that access to The Pirate Bay should be blocked for all visitors coming from the Netherlands. The block should be in place within 10 days.The case was brought before the court by Stichting BREIN, an organization that can be best described as the Dutch version of the RIAA. The [...]

iPhone 3GS encryption “useless”?

Maarten — Mon, 27 Jul 2009 18:06:24 +0000

Wired has a report about the iPhone 3GS encryption feature. Jonathan Zdziarski is quoted as saying the encryption is basically worthless; while that quote alone wouldn’t normally attract my attention, the article has a lot of details that should make a lot of businesses think twice about relying on the “wipe my phone” feature. As [...]

92% of Flash users affected by 0-day hole?

Maarten — Sun, 26 Jul 2009 21:12:48 +0000

Secunia released some interesting statistics last week; according to their numbers, at least 92% of the people using their PSI scanner that have Flase Player installed are running a version that is affected by the zero-day attack that was recently discovered. The real number might be even higher; they didn’t release combined numbers for users [...]

IPv6: downsides of a larger address space

Maarten — Wed, 15 Jul 2009 18:35:08 +0000

With the increasing uptake of the new IPv6 internet protocol, people are starting to notice some of the downsides of the larger amount of IP addresses that will become available. An excellent example are the MTU issues Geoff Huston wrote about earlier this year, and as IPv6 adoption increases more problems are likely to appear. [...]

Browser Security Lessons from the Chrome team

Maarten — Fri, 19 Jun 2009 18:14:16 +0000

ACM Queue has just added a new paper by Charles Reis, Adam Barth and Carlos Pizano. It expands upon the information published earlier about the effectiveness various browsers’ update mechanisms, adding information about the measures taken to keep users from visiting malicious websites and, more importantly, the ways in which they prevent the inevitable bugs [...]

New guess about YouTube losses

Maarten — Fri, 19 Jun 2009 08:10:58 +0000

New research by analyst firm RampRate suggests that a previous report by Credit Suisse that claimed YouTube was losing over a million dollars a day was based on wrong assumptions. The number RampRate arrives at is way lower; they estimate a loss of $174.2 million a year.The main difference is in the estimated cost of [...]

Belgian government releases source code for election software

Maarten — Thu, 18 Jun 2009 20:56:05 +0000

The Belgian government has just released the source code for the software used in the 2008 elections to the public. The news was first reported by the Open Source Observatory & Repository Europe; the files are presented in two zipfiles that contain mostly C and C++ source code. As the OSOR found, there appears to [...]

50 ways to inject your SQL

Maarten — Tue, 16 Jun 2009 21:01:19 +0000

No, this is not a list of 50 ways to inject SQL; it’s a link to a “50 ways to leave your lover” parody.The singer won’t win any awards for this performance, but the lyrics are great! Evade the regex, Rex Encode it all in hex Unbalance the quotes, Vinod And change the query Break the syntax, Max Use a backslash, [...]

Should Twitter manage their own hosting?

Maarten — Tue, 16 Jun 2009 20:44:33 +0000

As several news articles made clear yesterday, Twitter depends on NTT for hosting its website. They have only been with NTT for about a year now; the move there was announced in february of last year. While the move was part of their efforts to make their service more reliable, yesterday’s maintenance issue shows that sooner [...]

Spammers are stupid

Maarten — Sat, 13 Jun 2009 20:59:33 +0000

I just found the funniest comment I’ve ever seen in my moderation queue. It appears the spammer didn’t quite understand his automated comment-spam-posting software, so he posted his entire template instead: Hi Fellow Blogger, I’ve never posted before, {but|only} your article was so {good|genuine} I just had to {stop|come} in and say GREAT JOB ! [...]

Apple admits Mac OS users can get viruses

Maarten — Fri, 12 Jun 2009 21:27:09 +0000

It’s taken them several years to finally get to this point, but Apple has acknowledged that Mac users are not immune from viruses. During WWDC, their Mac OS security page was updated with the following text:There has been a warning about viruses and malware on their website before, but it was buried in their support [...]