Author: Kimberly Lau

90 Articles

Motherboard Walls

August 13, 2008 by 14 Comments
[Chris Harrison] and a friend created these motherboard walls for Carnegie Mellon professor [Scott Hudson]. According to [Harrison], he amassed over 150 pounds of motherboards, most of them off of eBay, to create this surreal project. Nearly every inch of the lab is covered with motherboards, of different lengths and varying shades of green, silver, and black. We think it’s pretty festive.

[via Neatorama]

Defcon 16: Glimpses Of The Network Operations Center

August 11, 2008 by 5 Comments


Wired’s Threat Level takes us on a photo tour of the Defcon Network Operations Center, giving a unique behind-the-scenes perspective of one of the largest computer security conventions. The Defcon Network Operations Center is run by a volunteer group named the “Goons”. They keep operations running smoothly and securely with both high and low-tech resources, like a Cisco fiber switch and an armed guard, to protect the router and firewall.

Black Hat 2008: Google Gadgets Insecurity

August 9, 2008 by 2 Comments


Black Hat presenters [Robert “RSnake” Hansen], CEO of SecTheory, and [Tom Stracener], security analyst at Cenzic, criticized Google in their presentation “Xploiting Google Gadgets”. [Hansen] and [Stracener] say that there’s currently no way for Google to confirm whether Google Gadget creations contain malicious content or not; this leaves the application vulnerable to a wide range of hacking ugliness such as data poisoning, worms, and theft of data. [Hansen] himself isn’t exactly on the friendliest terms with Google. He’s got a bit of a contentious history and he claims that Google has threatened legal action against him. Nevertheless, if what was presented is true and accurate, then Google has a huge security issue that needs to be addressed sooner rather than later. Google has not yet commented on the situation.

Black Hat 2008: What’s Next For Firefox Security

August 8, 2008 by 23 Comments

Mozilla security chief [Window Snyder] made some surprising announcements about Firefox Next, Mozilla’s next major browser overhaul. In her chat at the Black Hat security conference, she introduced three new initiatives that focused on threat modeling, training, and vulnerability metrics. For the threat modeling initiative, she’s hired Matasano Security consultants to review Firefox’s code for weaknesses and recommend mitigation tactics to protect the browser from hacker attacks. This isn’t inherently unusual; what is abnormal is that the information, once the work is done, will be revealed to the public. The training initiative will have IOActive trainers working with Mozilla engineers on secure computer programming practices. At the end, according to [Snyder], online versions of the classes will be released to the public, along with the class materials. The last initiative revolves around security metrics, and is already in progress. Essentially, the project will ideally take the focus off of patch-counting and provide a better assessment of security and vulnerability issues. [Snyder] says “We’re in the early phase, working on incorporating feedback from the rest of the industry.” She also reveals some more Firefox developments, including possibly incorporating NoScript into the core browser and implementing protected mode, but they’re still a long way from becoming standard features.

More On GIFAR

August 6, 2008 by 9 Comments


[pdp] provides some perspective on the news regarding the GIFAR attack developed by researchers at NGS Software. As he explains, the idea behind the attack, which basically relies on combining a JAR with other files is not new. Combining JAR/ZIP files with GIF/JPG files will create hybrid files with headers at both the top and bottom of the file and allow them to bypass any image manipulation library as valid files. While tightened security and more stringent file validation practices are advisable, the problem is larger than just a vulnerability in browser security. ZIP is an incredibly generic packing technology used everywhere, from Microsoft files to Open Office documents, and of course, in JAR files. He closes with, “any file format that is based on ZIP, you allow your users to upload on your server, can be used in an attack”

[photo: Jon Jacobsen]

About:config Hacks For Firefox 3

August 3, 2008 by 9 Comments

Blogs DNA has some great suggestions for tweaking the Firefox 3 about:config file. Customize Firefox 3 to your particular preferences with hacks to reduce the number of auto-complete list in your URL bar, extend spell check to forms, and disable blinking text. All it takes is a few simple modifications to the about:config file. By editing the about:config file, you can have a Firefox 3 that is faster, less bloated, and more tailored to your browsing habits. Do you have any suggestions for tweaks to Firefox 3?

[via Digg]

Getting Around The Great Firewall Of China

August 3, 2008 by 15 Comments

[Zach Honig] is a photographer in Beijing covering the Olympics. In light of recent allegations of the Chinese government installing monitoring software and hardware in foreign-owned hotels, the necessity of protecting one’s information has become vital and urgent, especially for journalists and photographers. [Honig] provides some suggestions for circumventing the infamous Great Firewall of China; surfing the internet through a secure VPN connection and using a proxy such as PHProxy will allow users to visit websites that have been banned within China. Such simple tricks could mean the difference between not being able to find necessary information, and the ability to surf the internet freely and openly.

[via Digg]