«
Expand/Collapse
68 items tagged "u.s."
Related tags:
chaos communication congress [+],
spy [+],
security [+],
military [+],
internet [+],
government [+],
china [+],
website [+],
vulnerability [+],
utility [+],
unix crypt [+],
united states [+],
u.s. geological [+],
u s geological survey [+],
tiffany rad [+],
technical [+],
survey website [+],
survey [+],
study [+],
sql [+],
seth schoen [+],
secret [+],
online [+],
megaupload [+],
legacy unix [+],
kim jong il [+],
jurisdiction [+],
jong il [+],
geographic challenges [+],
encryption algorithm [+],
encryption [+],
economic creativity [+],
denial of service [+],
cyber army [+],
country [+],
charlie miller [+],
ccrypt [+],
build [+],
authors [+],
attack [+],
world [+],
wiretap [+],
wants [+],
usa [+],
u.s. secret [+],
top [+],
space [+],
service [+],
nicholas merrill [+],
new york city [+],
mitigation steps [+],
john doe [+],
intelligence [+],
infrastructure [+],
house hearing [+],
house [+],
financial impact [+],
extradition [+],
electronic funds transfers [+],
electronic frontier foundation [+],
cyber attack [+],
customer turnover [+],
cost [+],
computer [+],
chaos communication camp [+],
benchmark study [+],
annual [+],
america [+],
abu dhabi [+],
working [+],
wong onn [+],
witness [+],
wiretap laws [+],
wikileaks [+],
ways [+],
warns [+],
warfare [+],
video kim [+],
video [+],
unmanned [+],
u.s. i [+],
u.s. border [+],
u.n. takeover [+],
tom brennan [+],
ticket brokers [+],
ticket [+],
threat [+],
testing [+],
testify [+],
takeover [+],
sweden [+],
suspected [+],
super [+],
string [+],
strategy [+],
stopped [+],
stellaris [+],
start [+],
spying [+],
spy chief [+],
spy agency [+],
space shuttle [+],
space plane [+],
south korea [+],
sony [+],
seeks [+],
security strategy [+],
secure [+],
secret service [+],
scorns [+],
scanners [+],
scada systems [+],
scada [+],
satellites [+],
ryan c. barnett [+],
russians [+],
russia [+],
risk [+],
ring [+],
report [+],
replace [+],
rebuffed [+],
realm [+],
ray [+],
psyche [+],
printer [+],
prepped [+],
preorder [+],
plead [+],
pc. here [+],
part [+],
pain [+],
outlines [+],
org [+],
open source tool [+],
officials [+],
nasdaq [+],
mini [+],
microcontrollers [+],
mckinnon [+],
marcia hofmann [+],
looks [+],
leaks [+],
laws [+],
launchpad [+],
laser [+],
laptop [+],
key witness [+],
key [+],
jailed [+],
iran [+],
internet wiretap [+],
intelligence report [+],
intelligence analyst [+],
intel [+],
import [+],
humanitarian project [+],
human surveillance [+],
human lie detectors [+],
human [+],
hackers [+],
hacker attacks [+],
hacker attack [+],
hacker [+],
guilty [+],
governmental networks [+],
government officials [+],
gary mckinnon [+],
former [+],
force [+],
fear [+],
export limits [+],
export [+],
expansion [+],
exert [+],
excused [+],
espionage [+],
electronics [+],
eleanor saitta [+],
ease [+],
dvb [+],
drone [+],
drm [+],
drill [+],
downed [+],
dos [+],
doomsday scenarios [+],
digital warfare [+],
digital television standards [+],
digital [+],
denials [+],
delivery [+],
defense pact [+],
defense [+],
declassifies [+],
ddos attacks [+],
ddos [+],
cyclist [+],
cybersecurity plan [+],
cyber thief [+],
cyber realm [+],
cyber criminals [+],
cyber commander [+],
cyber attacks [+],
cryptography [+],
crypto [+],
cortex [+],
convicted [+],
confessed [+],
conclusive answer [+],
computer security [+],
computer hacking [+],
commander talks [+],
command [+],
color laser printers [+],
color [+],
cipher strength [+],
chinese military [+],
chinese [+],
china world [+],
chief says [+],
change [+],
brown pleas [+],
broadcast [+],
border [+],
bolster [+],
body scanners [+],
body [+],
blackwater [+],
australia [+],
audio [+],
assassins [+],
arrests [+],
analyst [+],
allegedly [+],
airports [+],
agency [+],
afghanistan [+],
accused [+],
General [+],
Discussion [+],
cyber [+]
-
-
15:22
»
Packet Storm Security Recent Files
ccrypt is a command line utility for encrypting and decrypting files and streams. It was designed as a replacement for the standard Unix crypt utility, which is notorious for using a very weak encryption algorithm. ccrypt is based on the Rijndael cipher, which is the U.S. government's chosen candidate for the Advanced Encryption Standard (AES). This cipher is believed to provide very strong security. A compatibility mode is included for decrypting legacy "unix crypt" files.
-
15:22
»
Packet Storm Security Tools
ccrypt is a command line utility for encrypting and decrypting files and streams. It was designed as a replacement for the standard Unix crypt utility, which is notorious for using a very weak encryption algorithm. ccrypt is based on the Rijndael cipher, which is the U.S. government's chosen candidate for the Advanced Encryption Standard (AES). This cipher is believed to provide very strong security. A compatibility mode is included for decrypting legacy "unix crypt" files.
-
15:22
»
Packet Storm Security Misc. Files
ccrypt is a command line utility for encrypting and decrypting files and streams. It was designed as a replacement for the standard Unix crypt utility, which is notorious for using a very weak encryption algorithm. ccrypt is based on the Rijndael cipher, which is the U.S. government's chosen candidate for the Advanced Encryption Standard (AES). This cipher is believed to provide very strong security. A compatibility mode is included for decrypting legacy "unix crypt" files.
-
-
11:30
»
Hack a Day
Texas Instruments just open preorders for the new Stellaris LaunchPad. The boards won’t ship until the end of September, but if you don’t mind the wait you can get one for $4.99 including delivery (we’d wager non-U.S. addresses have to pay for delivery, but leave a comment if you know for sure several readers have reported [...]
-
-
21:53
»
SecDocs
Authors:
Seth Schoen Tags:
DRM Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: European digital television standards (both free-to-air broadcast and pay TV) developed by the DVB project are exemplary for including no digital rights management. But now DVB is rushing to change that and impose new restrictions on receiving equipment. EFF has participated in DVB meetings on DRM for the past two years. We've learned how the broadcasting and movie industries consider existing standards (including the pro-competitive Common Interface, which can give free/open source software legal access to pay TV programming) obsolete because they were designed in the 1990s before the DRM revolution. Now these standards are being rewritten and retrofitted with DRM. Even unencrypted free-to-air broadcasts may be restricted with the European equivalent of the U.S. broadcast flag policy. And pay TV programming will be restricted by DRM even after you've paid for it and received it in your house, intentionally erasing the distinction between making people pay for TV and controlling what kinds of devices they can receive it on. The industry is explicitly looking to the U.S. models for post-reception DRM and device reguations: the broadcast flag rule for over-the-air broadcasts and the cable plug-and-play regime for pay TV. Both of these schemes require receiving equipment to be licensed, certified, and tamper-resistant, and both of them are a disaster for compatibility with software on the PC. Here, for the first time, we present a detailed account of exactly what DVB is up to in these areas, and how this work is inspired by U.S. industry demands. The plan to embed DRM into European TV standards has a lot of momentum, but maybe we can stop it in its tracks. We need to make clear that DRM-free standards are a feature, not a bug, and that standards should be made more compatible, not less compatible.
-
-
21:39
»
SecDocs
Authors:
Seth Schoen Tags:
barcode Event:
Chaos Communication Camp 2007 Abstract: Almost all color laser printers help track their users by printing hard-to-see patterns of yellow dots all over every page. The Electronic Frontier Foundation has been trying to get to the bottom of these dot patterns. What are these dots saying, where do they come from, who can read them, and is there any hope of getting rid of them? For decades, color laser printers have invisibly tracked their users by including patterns of tiny yellow dots on every single output page. This tracking was known to people who worked in the imaging industry and was intermittently disclosed by some manufacturers in their documentation. But even today, most end-users remain unaware of it. For the past two years, the Electronic Frontier Foundation (EFF) has examined this tracking mechanism - a system of exemplary interest because of the non-transparent way in which governments appear to have persuaded technology firms to change their product design without any specific legal basis - and, with the help of many volunteers, we've learned how to read some of the hidden information. This research is ongoing, but we already know how to make the dots easily visible (with LED lights, microscopes, or ordinary color scanners), and we know how to read the data embedded by several major printer manufacturers. Typically, a printer will mark its output pages with the printer serial number and the date and time that the page was printed (if the printer has its own built-in clock). This information facilitates associating color print output with individuals, because it could be correlated with credit card records, server logs, surveillance camera footage, and the like. We've succeeded in attracting a large amount of media interest, including television, newspaper, and magazine coverage in the United States and around the world. (Note that we did not discover the existence of these dots; we are simply the first organization to start to make a reasonably detailed and public study of them.) This coverage is valuable, but it has not necessarily changed industry practices. To do that, we need to go further. We're continuing to try to break printer codes, to explore the world of document forensics and expose why many recordable media are far less anonymous than their users expect, and to try to compel the U.S. government to reveal its role in inducing printer companies to create this technology. In this talk, I'll present a hands-on demonstration of how to find and interpret the tracking codes in some typical color laser printer output, survey some of the historical and political issues, and invite audience members to join us in shedding more (blue?) light on the subject. We're also interested in countermeasures that would disable the tracking or make it ineffective, and I'll present the best known countermeasures together with their possible limitations. Perhaps CCC attendees can help us find better countermeasures.
-
-
21:49
»
SecDocs
Authors:
Seth Schoen Tags:
privacy Event:
Chaos Communication Camp 2011 Abstract: The Electronic Frontier Foundation will discuss the legal situation that international travelers face when entering or leaving the United States, as well as various ways that travelers can safeguard electronic devices and digital information at the border. A series of unfortunate court decisions allows border patrol agents to search travelers' laptops, mobile phones, and other digital devices without limitation at the United States border. Courts even allow agents to copy entire hard drives for no particular reason -- unlike domestic law enforcement, where civil liberties laws strictly regulate and limit search powers. These searches are relatively rare, but they continue to occur and could become more routine as computer forensics gets cheaper or agents develop new ways of targeting particular travelers. How can international travelers protect themselves when they enter the United States? Seth Schoen and Marcia Hofmann of the Electronic Frontier Foundation will present their latest research into protecting data during border crossings. Their white paper, "Laptop and Electronics Searches at the U.S. Border: A Privacy Guide for Travelers", will be unveiled at this presentation. It combines legal and technical perspectives, discussing the legal situation that international travelers face when entering or leaving the United States, as well as various ways that travelers can safeguard electronic devices and digital information at the border. Since border agents' powers are so extensive, our conclusions may not be happy ones; there is no magical technical or legal solution and all precautions and approaches still involve risks and tradeoffs. We hope that our work will provide a clear, up-to-date, and thorough overview of this issue for all travelers to the U.S.
-
-
21:28
»
SecDocs
Authors:
Tiffany Rad Tags:
law Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Concepts of sovereignty, freedom, privacy and intellectual property become amorphous when discussing territories that only exists as far as the Internet connects. International cyber jurisdiction is supported by a complicated web of international law and treaties. Jurisdiction hopping, a technique that is becoming popular for controversial content, is one we have used for the U.S. 1st Amendment censorship-resistant and non-profit hosting company, Project DOD, by using PRQ's services in Sweden. This technique is used to place assets in a diverse, but accessible, web of countries in which that content may be legal in the hosting country, but may have legal complications in the country in which it is accessed. As ownership and protection of property becomes a concept that is difficult to maintain across boundaries that are not easily distinguishable, can the U.S. "kill-switch" parts of the Internet and under what authority can it be done? Similarly, the geographic challenges to international cyber criminal law – and the feasibility of new sovereign nations – will be analyzed. When a cybercrime is committed in a country in which the electronic communication did not originate, there is difficulty prosecuting the crime without being able to physically apprehend a subject that is virtually within – and physically without – a country's boarders. Similarly, a technique called jurisdiction hopping can be used to place assets in a diverse, but accessible, web of countries in which that content may be legal in the hosting country, but is not in the country in which it is accessed. Lastly, if the U.S. attempts to isolate damage by cutting off Internet connections, under what authority can it be done? This presentation will discuss the types of international laws and treaties that may be cited in the event of extradition of cyber criminals, legal and geographic challenges – such as new sovereign nations – to jurisdiction hopping and the authority with which the U.S. may "kill switch" the Internet. I will also discuss the practical example of where, as a result of our Project DOD case in U.S. Federal court, we have put non-copyright infringing materials on PRQ's servers in Sweden to reduce the incidences of Digital Millennium Copyright Act’s "Take Down" infringement notices that are illegitimate.
-
-
21:36
»
SecDocs
Authors:
Eleanor Saitta Tags:
security Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: The past century our infrastructure has seen both massive expansion and heavy centralization. When it fails, it fails big -- this is the reality of our modern interconnectedness. We live in a world of crumbling bridges and bankrupt states, and our infrastructure will kill us. The people we’re relying on to keep us safe are trying to accomplish long-term risk management with short-term thinking. So, what now? We can't opt out, but we can become more resilient, and we can start thinking about risk differently. In this talk, we'll look at threat modeling in the real world, six ways to die, failing states, that big party in the desert, the failure of the humanitarian project, algae and the U.S. military, large-scale natural disasters, the power grid, and many other things. The problems we face are big in every sense of the word -- they involve some of the biggest things we've ever built -- but the solutions may not be. Can non-governmental networks step up when governments fail to provide basic services? Can we avoid a further expansion of neoliberalism in a post-infrastructural state? Are the power structures embedded in our infrastructure cultural destiny? What happens when maker culture grows up?
-
-
21:39
»
SecDocs
Authors:
Nicholas Merrill Tags:
privacy Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: My name is Nicholas Merrill and I was the plaintiff in a legal case in the US court system where I challenged the FBI’s policy of using a feature of the so-called USA PATRIOT act - what are called “National Security Letters” - to bypass the American Constitution's system of checks and balances and in violation of the United Nations Universal Declaration of Human Rights - in order to obtain protected personal information and to unmask anonymous Internet users. I spent over 6 years not able to speak to anyone (other than my lawyers) about my case - forced to lie to those closest to me due to an FBI gag order that carried a possible 10 year prison sentence for violating it. However the lawsuit resulted in the establishment of two key legal precedents and made changes that affect every Internet worker and Telephone worker in America. I would like to speak to the 27C3 audience in order to tell about my experience and to challenge (and offer my support and assistance to) those individuals who are in a position to challenge government surveillance requests to follow their consciences and do so. People who work at Internet Service Providers and Telephone companies as well as IT workers at Universities and private businesses are increasingly likely to encounter government attempts at surveillance. I would like to speak to the CCC regarding my experiences in resisting a National Security Letter and also a “Grand Jury Subpoena” as well as my experience of being gagged by the FBI for nearly 7 years - unable to speak on the subject or identify myself as the plaintiff in the NSL lawsuit. Nicholas Merrill founded Calyx Internet Access Corporation in 1995. Calyx Internet Access was one of the first commercial Internet service providers operating in New York City. Calyx pursued relationships with and worked with many activist groups on a pro bono or low-cost basis, including the New York Civil Liberties Union, the Independent Media Center (Indymedia.org) and the Drug Policy Foundation. In 2004, after a receiving a “National Security Letter” from the Federal Bureau of Investigation, and a subsequent request from the U.S. Secret Service, Calyx became involved with the ACLU and in using the legal system and the media to resist illegal government requests for information on Internet users. For six and a half years, Merrill and the ACLU tirelessly challenged the orders contained in the letter, resulting in the establishment of two key legal precedents overturning aspects of the national security letter program. Along the way he encountered court proceedings where he could not even be present - where he could not be referred to by name, but instead was referred to in all court documents as "John Doe". He also encountered heavy handed government censorship of court documents under the guise of "National Security" and secret evidence presented to the judge by the FBI that his attorneys were not allowed to see. The merging of Merrill's long interest in advocacy and free speech combined with his experience with the U.S. government inspired him to form a non-govermental organization (NGO) to deal specifically with this issue without being distracted or compromised by the requirements of a for-profit business.
-
21:39
»
SecDocs
Authors:
Nicholas Merrill Tags:
privacy Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: My name is Nicholas Merrill and I was the plaintiff in a legal case in the US court system where I challenged the FBI’s policy of using a feature of the so-called USA PATRIOT act - what are called “National Security Letters” - to bypass the American Constitution's system of checks and balances and in violation of the United Nations Universal Declaration of Human Rights - in order to obtain protected personal information and to unmask anonymous Internet users. I spent over 6 years not able to speak to anyone (other than my lawyers) about my case - forced to lie to those closest to me due to an FBI gag order that carried a possible 10 year prison sentence for violating it. However the lawsuit resulted in the establishment of two key legal precedents and made changes that affect every Internet worker and Telephone worker in America. I would like to speak to the 27C3 audience in order to tell about my experience and to challenge (and offer my support and assistance to) those individuals who are in a position to challenge government surveillance requests to follow their consciences and do so. People who work at Internet Service Providers and Telephone companies as well as IT workers at Universities and private businesses are increasingly likely to encounter government attempts at surveillance. I would like to speak to the CCC regarding my experiences in resisting a National Security Letter and also a “Grand Jury Subpoena” as well as my experience of being gagged by the FBI for nearly 7 years - unable to speak on the subject or identify myself as the plaintiff in the NSL lawsuit. Nicholas Merrill founded Calyx Internet Access Corporation in 1995. Calyx Internet Access was one of the first commercial Internet service providers operating in New York City. Calyx pursued relationships with and worked with many activist groups on a pro bono or low-cost basis, including the New York Civil Liberties Union, the Independent Media Center (Indymedia.org) and the Drug Policy Foundation. In 2004, after a receiving a “National Security Letter” from the Federal Bureau of Investigation, and a subsequent request from the U.S. Secret Service, Calyx became involved with the ACLU and in using the legal system and the media to resist illegal government requests for information on Internet users. For six and a half years, Merrill and the ACLU tirelessly challenged the orders contained in the letter, resulting in the establishment of two key legal precedents overturning aspects of the national security letter program. Along the way he encountered court proceedings where he could not even be present - where he could not be referred to by name, but instead was referred to in all court documents as "John Doe". He also encountered heavy handed government censorship of court documents under the guise of "National Security" and secret evidence presented to the judge by the FBI that his attorneys were not allowed to see. The merging of Merrill's long interest in advocacy and free speech combined with his experience with the U.S. government inspired him to form a non-govermental organization (NGO) to deal specifically with this issue without being distracted or compromised by the requirements of a for-profit business.
-
-
8:40
»
Packet Storm Security Advisories
Technical Cyber Security Alert 2012-24A - US-CERT has received information from multiple sources about coordinated distributed denial-of-service (DDoS) attacks with targets that included U.S. government agency and entertainment industry websites. The loosely affiliated collective "Anonymous" allegedly promoted the attacks in response to the shutdown of the file hosting site MegaUpload and in protest of proposed U.S. legislation concerning online trafficking in copyrighted intellectual property and counterfeit goods (Stop Online Piracy Act, or SOPA, and Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act, or PIPA).
-
8:40
»
Packet Storm Security Recent Files
Technical Cyber Security Alert 2012-24A - US-CERT has received information from multiple sources about coordinated distributed denial-of-service (DDoS) attacks with targets that included U.S. government agency and entertainment industry websites. The loosely affiliated collective "Anonymous" allegedly promoted the attacks in response to the shutdown of the file hosting site MegaUpload and in protest of proposed U.S. legislation concerning online trafficking in copyrighted intellectual property and counterfeit goods (Stop Online Piracy Act, or SOPA, and Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act, or PIPA).
-
8:40
»
Packet Storm Security Misc. Files
Technical Cyber Security Alert 2012-24A - US-CERT has received information from multiple sources about coordinated distributed denial-of-service (DDoS) attacks with targets that included U.S. government agency and entertainment industry websites. The loosely affiliated collective "Anonymous" allegedly promoted the attacks in response to the shutdown of the file hosting site MegaUpload and in protest of proposed U.S. legislation concerning online trafficking in copyrighted intellectual property and counterfeit goods (Stop Online Piracy Act, or SOPA, and Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act, or PIPA).
-
-
0:19
»
SecDocs
Authors:
Tiffany Rad Tags:
law Event:
Black Hat Abu Dhabi 2010 Abstract: Cyberspace, Cyber Criminal Prosecution & Jurisdiction Hopping Concepts of sovereignty, freedom, privacy and intellectual property become amorphous when discussing territories that only exists as far as the Internet connects. When a cyber crime is committed in a country in which the electronic communication did not originate, there is difficulty prosecuting the crime without being able to physically apprehend a subject that is virtually within -- and physically without -- a country's boarders. Similarly, a technique called jurisdiction hopping can be used to place assets in a diverse, but accessible, web of countries in which that content may be legal in the hosting country, but is not in the country in which it is accessed. Lastly, if the U.S. attempts to isolate damage by "kill switching" parts of the Internet, how will this affect critical infrastructure such as water, electricity and electronic funds transfers? Under what authority can it be done? This presentation will discuss the types of international laws and treaties that may be cited in the event of extradition of cyber criminals, legal and geographic challenges – such as new sovereign nations -- to jurisdiction hopping and the authority with which the U.S. may "kill switch" the Internet. Our most popular phone technologies use decade-old proprietary cryptography. GSM's 64bit A5/1 cipher, for instance, is vulnerable to time memory trade-offs but commercial cracking hardware costs hundreds of thousands of dollars. We discuss how cryptographic improvements and the power of the community created an open GSM decrypt solution that runs on commodity hardware. Besides GSM we discuss weaknesses in DECT cordless phones. The talk concludes with an overview of mitigation steps for GSM and DECT in response to our research, some of which are already being implemented.
-
0:17
»
SecDocs
Authors:
Tiffany Rad Tags:
law Event:
Black Hat Abu Dhabi 2010 Abstract: Cyberspace, Cyber Criminal Prosecution & Jurisdiction Hopping Concepts of sovereignty, freedom, privacy and intellectual property become amorphous when discussing territories that only exists as far as the Internet connects. When a cyber crime is committed in a country in which the electronic communication did not originate, there is difficulty prosecuting the crime without being able to physically apprehend a subject that is virtually within -- and physically without -- a country's boarders. Similarly, a technique called jurisdiction hopping can be used to place assets in a diverse, but accessible, web of countries in which that content may be legal in the hosting country, but is not in the country in which it is accessed. Lastly, if the U.S. attempts to isolate damage by "kill switching" parts of the Internet, how will this affect critical infrastructure such as water, electricity and electronic funds transfers? Under what authority can it be done? This presentation will discuss the types of international laws and treaties that may be cited in the event of extradition of cyber criminals, legal and geographic challenges – such as new sovereign nations -- to jurisdiction hopping and the authority with which the U.S. may "kill switch" the Internet. Our most popular phone technologies use decade-old proprietary cryptography. GSM's 64bit A5/1 cipher, for instance, is vulnerable to time memory trade-offs but commercial cracking hardware costs hundreds of thousands of dollars. We discuss how cryptographic improvements and the power of the community created an open GSM decrypt solution that runs on commodity hardware. Besides GSM we discuss weaknesses in DECT cordless phones. The talk concludes with an overview of mitigation steps for GSM and DECT in response to our research, some of which are already being implemented.
-
-
15:16
»
SecDocs
Authors:
Ryan C. Barnett Tom Brennan Tags:
DDoS DoS Event:
Black Hat DC 2011 Abstract: Denial-Of-Service is an attempt to make a computer resource unavailable to its intended users and is not new. In recent history April 2009, government and financial sites in the U.S. and South Korea were attacked by DDOS and were brought offline for days. This incident followed the Georgian DDOS attacks in 2008 and Estonian DDOS attacks in 2007. Common attack methods include systems infected with malware that are controlled and all connect to the target host at the same time using Layer 4 (Transport) which are already addressed by anti-DDOS solutions when employed. In 2009 a lethal form of Layer 7 (Application) attack techniques were being examined by Wong Onn Chee of OWASP Foundation Singapore and in 2010 together with Tom Brennan of OWASP Foundation presented the findings publicly for the first time with code samples. Tom Brennan will walk through the history and details of how this lethal HTTP POST DOS technique works, interesting findings in the protocol and the challenges in defending critical infrastructure against targeted attacks and demonstrate and release his open-source tool that can be used to test your own production systems -- or render others useless with the touch of a button from a single laptop.
-
-
7:25
»
Packet Storm Security Recent Files
Whitepaper called 2010 Annual Study: U.S. Cost of a Data Breach. Compliance pressures, cyber attacks targeting sensitive data drive leading IT organizations to respond quickly and pay more. This is a benchmark study of 51 U.S. companies about the financial impact, customer turnover and preventive solutions related to breaches of sensitive information.
-
7:25
»
Packet Storm Security Misc. Files
Whitepaper called 2010 Annual Study: U.S. Cost of a Data Breach. Compliance pressures, cyber attacks targeting sensitive data drive leading IT organizations to respond quickly and pay more. This is a benchmark study of 51 U.S. companies about the financial impact, customer turnover and preventive solutions related to breaches of sensitive information.
-
-
1:12
»
remote-exploit & backtrack
Hello,
I am currently doing research into cryptography export limits and have searched Google extensively but have not found a conclusive answer to my question.
A while back the United States relaxed it's import and export laws regarding encryption which is why software such as Firefox and Internet Explorer could provide 128-bit ciphers outside of the U.S. I have however heard that the same does not hold true for software that is not freely available. What if I were to use RSA encryption? Would I have to limit the cipher strength if I would want to communicate with the U.S.?
Thanks!
0day.today (was: 1337day, Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Wirevolution