Archive: July 2005
DefCon Day 2: Patching Your Hacker Toolkit
LAS VEGAS, July 30 -- New research released at the DefCon conference suggests that not only is it important to apply patches to fix security flaws in commonly used computer software, but that patch installation is important for the very...
By Brian Krebs | July 30, 2005; 5:17 PM ET | Comments (7)
DefCon Night 1: Team Kegbot
LAS VEGAS, July 30 -- Spent an educational evening last night with maybe 20 hackers who were elegantly mixing alcohol and technology into a wicked cocktail recipe that is sure to revolutionize fraternity parties from this day forward. The clever...
By Brian Krebs | July 30, 2005; 7:32 AM ET | Comments (2)
DefCon Day 1: Lynn Presentation Circulating on Internet
LAS VEGAS, July 29 -- The full, unedited version of Michael Lynn's controversial presentation on flaws he claims to have uncovered in the software powering Cisco Systems's widely used Internet routers has been posted on a series of Web...
By Brian Krebs | July 29, 2005; 11:13 PM ET | Comments (2)
DefCon Day 1: Hacker Mayhem
LAS VEGAS, July 29 -- Just got a tour of the sprawling campus that is the Alexis Park Hotel, where DefCon is in full swing. My guide was a junior "Goon," one of dozens of security folks wearing orange...
By Brian Krebs | July 29, 2005; 5:45 PM ET | Comments (5)
FBI Investigating Lynn's Role in Ciscogate
LAS VEGAS, July 29 -- Michael Lynn is being investigated by the FBI for criminal conduct after he gave a presentation detailing what he said are flaws in the critical routers supporting the Internet and many computer networks, according a...
By Brian Krebs | July 29, 2005; 4:57 PM ET | Comments (3)
FBI Investigating Lynn's Role in Ciscogate
LAS VEGAS, July 29 -- Michael Lynn is being investigated by the FBI for criminal conduct after he gave a presentation detailing what he said are flaws in the critical routers supporting the Internet and many computer networks, according a...
By Brian Krebs | July 29, 2005; 4:57 PM ET | Comments (3)
Text of the Cisco-ISS-Lynn-Black Hat Agreement
LAS VEGAS, July 29 -- Late yesterday I reported here that security researcher Michael Lynn had reached an agreement with Cisco Systems and his former employer, Internet Security Systems, to end a short-lived legal wrangle over his discussion of a...
By | July 29, 2005; 12:35 PM ET | Comments (2)
Black Hat Day 2: Peace Breaks Out
LAS VEGAS, July 28 -- Michael Lynn, the security researcher whose talk yesterday about new flaws in Cisco Systems routers landed him in court this morning, has settled the legal dispute with Cisco and his former employer, Atlanta-based Internet Security...
By Brian Krebs | July 28, 2005; 10:16 PM ET | Comments (4)
Pranks, Parties and Personalities
LAS VEGAS, July 28 -- The Michael Lynn Cisco-gate controversy has somewhat overshadowed everything else going on here at Black Hat, and I've been spending so much time getting to the bottom of the whole ordeal that I haven't had...
By Brian Krebs | July 28, 2005; 1:55 PM ET | Comments (6)
Black Hat: The Latest on Lynn and Cisco
LAS VEGAS, July 27 -- The Michael Lynn story keeps getting more interesting. The computer security researcher lost his job at Internet Security Systems today after he briefed Black Hat conference attendees about a flaw in the software that powers...
By Brian Krebs | July 27, 2005; 11:31 PM ET | Comments (18)
Black Hat Day 1: Update on Cisco-gate
LAS VEGAS, July 27 -- I promised earlier that I would follow up on this morning's pre-dawn post about one of the most eagerly awaited presentations here at Black Hat -- a talk to be given by Michael Lynn...
By | July 27, 2005; 4:23 PM ET | Comments (9)
Black Hat Day 1: A Cover Up?
LAS VEGAS, July 27: One of the primary reasons companies send their computer security experts to the annual Black Hat security conference here is to learn about new security vulnerabilities that bad guys could use to disrupt Internet communications that...
By Brian Krebs | July 27, 2005; 5:52 AM ET | Comments (27)
Paying a Bounty for Security Flaws
Another security company on Monday offered to pay security researchers who discover and responsibly report security flaws in commercial software products. The goal of the "Zero Day Initiative," announced Monday by TippingPoint, an Austin, Tex.-based security services firm owned by...
By Brian Krebs | July 26, 2005; 9:15 AM ET | Comments (2)
Where the Flaws Are
One of the major themes of this blog has been the need for computer users to develop their Internet "street smarts." Even those who observe the most basic security advice -- by applying Microsoft Windows patches and using antivirus and...
By Brian Krebs | July 25, 2005; 1:15 PM ET | Comments (6)
Flaw in Winamp Media Player Fixed
Nullsoft (Ã la AOL) has released an update for its Winamp media player to fix a dangerous security hole that could give attackers a way into your PC. According to Danish security firm Secunia and the Croatian company that uncovered...
By Brian Krebs | July 23, 2005; 10:52 AM ET | Comments (1)
Scary Advice for the Vegas Trip
I thought I was being sufficiently paranoid as I went about planning my trip out to Las Vegas next week for the back-to-back Black Hat and DefCon hacker conferences, but now I'm just plain spooked. Ever since I started telling...
By Brian Krebs | July 22, 2005; 5:05 PM ET | Comments (4)
Security Fix Is Heading to Vegas
I'll be heading into the soul-crushing heat of Las Vegas for six days next week to cover Black Hat and Defcon, two of the largest hacker conventions in the country. I'm planning to blog like a madman at the conferences,...
By Brian Krebs | July 21, 2005; 1:55 PM ET | Comments (9)
Mozilla Issues Another Update
Mozilla has issued another update to its Firefox Web browser to correct "stability" problems in version 1.0.5, as I discussed in yesterday's blog post about this. Firefox users can download the update manually from Mozilla's site. This update does not...
By Brian Krebs | July 20, 2005; 12:46 PM ET | Comments (5)
More Firefox Updates on the Way
Mozilla is getting ready to release yet another version of its Firefox Web browser, just days after it issued a new version to correct several security flaws in the program. According to an article at Mozillazine, the most recent release,...
By Brian Krebs | July 19, 2005; 11:43 AM ET | Comments (3)
Phlagrant Marketing
It's happened again: An Internet security company seeking a little free PR has coined yet another ominous-sounding word beginning with the letters "ph" to describe an online threat. The word of the day is "Phlooding." Granted, "phlooding" -- a term...
By Brian Krebs | July 18, 2005; 4:02 PM ET | Comments (1)
DHS: Exploits Out for Firefox Holes
The US Computer Emergency Readiness Team (US-CERT), a cyber-security outfit that's part of the Department of Homeland Security, says that it has received information that several new exploits have been released that could let bad guys take advantage of recently...
By Brian Krebs | July 16, 2005; 12:38 AM ET | Comments (2)
Unpatched, Critical Flaw Found In Windows XP
Security researchers have uncovered a potentially serious security hole in Windows XP and Windows XP Professional that could allow skilled attackers to take over vulnerable computers, even PCs equipped with the latest Microsoft software patches and running the built-in Windows...
By Brian Krebs | July 15, 2005; 10:40 AM ET | Comments (11)
Security Updates For Apple, Firefox
Mozilla has released a new version of its Firefox Web browser to fix at least a dozen serious flaws in the program. Firefox users can download the update manually from Mozilla's site, or click on the arrow in the upper...
By Brian Krebs | July 13, 2005; 9:30 PM ET | Comments (8)
A Closer Look: Three Critical Patches For Windows
As noted yesterday in this blog, Microsoft Corp. released software updates yesterday to fix at least four security flaws in its software, including three rated "critical," the company's most severe warning level. The free patches are available from Microsoft's Windows...
By Brian Krebs | July 13, 2005; 12:59 PM ET | Comments (0)
Microsoft Releases July's Batch of Patches
Microsoft today released its monthly series of software patches, including "critical" fixes for Windows, Office and Internet Explorer. As washingtonpost.com's Brian Krebs has noted many times in this blog, Microsoft classifies fixes as critical if the security holes they mend...
By | July 12, 2005; 5:04 PM ET | Comments (0)
Death Penalty For Hackers?
[Editor's note: The following entry was posted by washingtonpost.com staff writer Robert MacMillan.] Hell should reserve a special place for New York Times columnist John Tierney. I don't say that out of animosity. Rather, he came up with a few...
By Brian Krebs | July 12, 2005; 2:58 PM ET | Comments (0)
Death Penalty For Hackers?
[Editor's note: The following entry was posted by washingtonpost.com staff writer Robert MacMillan.] Hell should reserve a special place for New York Times columnist John Tierney. I don't say that out of animosity. Rather, he came up with a few...
By | July 12, 2005; 2:58 PM ET | Comments (0)
Watch Out For 'Typosquatter' Sites
Surely you've had this experience before: You mistype an Internet address in your Web browser, only to end up at a porn site or some random Web page that tries to install software or hijack your browser's settings. Well, score...
By Brian Krebs | July 11, 2005; 12:33 PM ET | Comments (8)
Lyrical Lessons in Security
I recently acquired the definitive piano transcription for the Jerry Lee Lewis hit "Great Balls of Fire," which I've been trying -- rather unsuccessfully so far -- to learn on an old upright piano I inherited from my grandmother. As...
By Brian Krebs | July 8, 2005; 3:30 PM ET | Comments (7)
Microsoft To Issue Three Security Updates
Microsoft said today it will issue a mere three security patches next Tuesday in its monthly release of security and software updates. The patches fix problems in computers running its Windows operating systems. I say "mere" because last month the...
By Brian Krebs | July 7, 2005; 4:35 PM ET | Comments (4)
U.K. News Sites Swamped in Wake of London Bombings
News Web sites in the United Kingdom struggled to remain reachable in the hours after a series of bombings in London this morning, as people turned to the sites for information about the attacks. The Web sites of Sky News,...
By Brian Krebs | July 7, 2005; 1:44 PM ET | Comments (1)
Teen Worm Writer Fined 1,000 Euros
[Editor's note: The following entry was posted by German-speaking washingtonpost.com staff writer Robert MacMillan.] While the English-language press was reporting that 19-year-old Sven Jaschan confessed on Tuesday that he was the creator of the "Sasser" worm, the German Press Agency...
By washingtonpost.com | July 6, 2005; 12:02 PM ET | Comments (2)
Microsoft Releases Fix for Serious IE Flaw
Microsoft Corp. today released a fix for a dangerous security flaw in its Internet Explorer Web browser -- a flaw that security experts said could allow attackers to seize control over vulnerable Windows PCs. The Microsoft advisory on the vulnerability...
By Brian Krebs | July 5, 2005; 7:01 PM ET | Comments (6)
New Exploit for Unpatched IE Flaw
On Friday, Security Fix warned readers about an unpatched flaw in Microsoft's Internet Explorer Web browser that could let attackers take over your computer if you visit a malicious or hacked Web site. I'm blogging about it again to let...
By Brian Krebs | July 5, 2005; 2:57 PM ET | Comments (3)
Microsoft Warns of Browser Security Hole
Microsoft Corp. on Thursday warned Windows users who browse the Internet with its Internet Explorer Web browser to be aware of a newly-discovered flaw in the program that could be used by attackers to seize control over affected machines. Microsoft...
By Brian Krebs | July 1, 2005; 2:20 PM ET | Comments (8)
