Hackers

Excellent ‘Zero Day’ Series in Washington Post

Usually, the daily newspapers don’t excel when it comes to security coverage, but this week the Washington Post has some great reporting and stories under the “Zero Day” moniker. Besides interviews with hackers, security professionals and others, there’s a lot of colorful behind-the-scene details that I haven’t seen very often, even in security or IT trade publications. The series delves into the inner workings of the four zero-day attacks in Stuxnet, quotes from extreme hacker Charlie Miller of St. Louis… continue…

Stuxnet-Like Virus Flamer Hits the Middle East

A highly complex Stuxnet-like, targeted attack is appearing across many Middle Eastern computers. It’s not only going after particular organizations, but it’s also targeting personal computers that use home Internet connections. The malware, which goes by the names Flamer or Skywiper, is very hard to track down, but has some pretty wide-ranging effects. Flamer has the ability to steal documents, take screenshots of users’ desktops, spread via USB flash drives, disable security vendor products, and under certain conditions spread to… continue…

Northrop Grumman Hiring For Offensive Cyber Ops

Our sister site ClearanceJobs shows a job posting for a few good hackers who’ll conduct some cyberwarfare for defense contractor Northrop Grumman. The openings are in suburban D.C ., Colorado Springs and Sacramento. Besides knowing something about Java, agile development techniques and having other technical chops, you’d also need a Secret clearance. Also listed is “knowledge of security research tools like Metasploit, WorldWind, [and] Google Earth.” Since when did Google Earth become a security tool? We must have missed that… continue…

Watch a Scammer Try to Fleece a Security Engineer [Video]

Warning: Dumb***
When the bad guys contacted Noah Magram to sell him some bogus anti-virus software, they were toying with the wrong dude. Magram is a principal software engineer for security firm Sourcefire. Oops. The scammers told Magram he needed to update his software to prevent his PC from getting infections. And since this call came out of the blue, he was not only skeptical but also smart. Magram fired up a Windows VM session and let the caller have at it. In… continue…

Catch A Thief, Be A Thief

hacker
GroupOn’s Aaron Bedra, a senior software engineer, wants to unleash developers’ inner hacker when they’re building secure Web sites. For Bedra, it takes roughly eight minutes to find a glaring security hole in another programmer’s code. As a result, he recently tackled the topic “Unleashing Your Inner Hacker” at Future Insights Live in Las Vegas. He noted the top ten reported attacks haven’t changed much over a three-year period ending in 2010, yet some of the attacks continue to get… continue…

Security: User-Generated Content Best Practices

MilitarySingles.com’s treasure trove of user passwords recently came under attack by hackers, who devised a new twist in exploiting a weakness in the upload filter for user-generated content. Security vendor Imperva dissected this interesting attack in their report and it’s a worthwhile read. Hackers were able to obtain more than 170,000 records from the site by uploading malware using a Remote File Inclusion exploit in March. While this isn’t anything new, the unusual aspect of this attack is how passwords… continue…

‘Hackability’ is the Future of Programming in a Post-PC World [Video]

Is hacking at risk? With more platforms creating closed environments, what does that mean for the future of hackability? Hacking is critical for innovation and development, and now that the world is made of computers (what device doesn’t have a chip in it?) hacking has the power to innovate practically everywhere and affect our lives. “I love to make things that help other people make things,” says Adam Wiggins (@hirodusk), founder of the cloud application platform Heroku and a self-proclaimed… continue…

Security Professionals Aren’t Immune from Dumbass Moves

Spammers and fraudsters often wiggle into our lives through “social engineering,” pretending to be someone that we think we know. What are some of the security tricks you’ve fallen for? Fess up in the comments below.  It’s one of the oldest tricks in the book and yet it’s so effective. Guess that’s why it keeps resurfacing. We’ve all seen the bad guys dish out a range of schemes over the years, from using nefarious links embedded in an email to,… continue…

Introducing the Dice Security Talent Community

Security Community Logo
Our new Security Talent Community is online, with David Strom as your guide. David calls himself “an old security hand” in enterprise IT, and has created a number of print and online publications for IT managers. Use him as your guide to trends, best practices and the latest developments in cybersecurity, and be sure to ask questions and share your own thoughts on anything having to do with keeping your operations safe. Visit the Security Talent Community here.

HTTPS Websites Are Not 100 Percent Safe

https
Ninety percent of the top 2,000 HTTPS websites are reportedly vulnerable to Secure Socket Layer attacks. Data from the Trustworthy Internet Movement (TIM). The non-profit’s report TIM’s report is a part of its SSL Pulse, a project that scans the top 1 million websites tracked by Alexa using technology developed by security vendor Qualys to discover the security strength of HTTPS sites. Says PC World: SSL Pulse checks what protocols are supported by the HTTPS-enabled websites (SSL 2.0, SSL 3.0,… continue…