Tuesday, October 16, 2007

10 reasons websites get hacked

List of top 10 web vulnerabilities classified by OWASP, here with a description of the problem and some examples.

Wait there is more! NSA is on your computer!

NSA LIKELY READING WINDOWS SOFTWARE IN YOUR COMPUTER

Sooner or later, a country that spies on its neighbors will turn on its own people, violating their privacy, stealing their liberties.

President Bush’s grab for unchecked eavesdropping powers is the culmination of what the National Security Agency(NSA) has spent forty years doing unto others.

And if you’re upset by the idea of NSA tapping your phone, be advised NSA likely can also read your Windows software to access your computer.

European investigative reporter Duncan Campbell claimed NSA had arranged with Microsoft to insert special “keys” in Windows software starting with versions from 95-OSR2 onwards.

And the intelligence arm of the French Defense Ministry also asserted NSA helped to install secret programs in Microsoft software. According to France's Strategic Affairs Delegation report, “it would seem that the creation of Microsoft was largely supported, not least financially, by NSA, and that IBM was made to accept the (Microsoft) MS-DOS operating system by the same administration.” That report was published in 1999.

The French reported a “strong suspicion of a lack of security fed by insistent rumours about the existence of spy programmes on Microsoft, and by the presence of NSA personnel in Bill Gates’ development teams.” It noted the Pentagon was Microsoft’s biggest global client.

And heck, who wouldn't belive the French?

More here.

Because George said NO!

More on GW's spying program -

According to documents released by lawmakers on Monday, major U.S. telephone carriers refused to answer questions from the Democratic-led Congress about their possible participation in President George W. Bush's warrantless domestic spying program...

More...

Saturday, October 13, 2007

Pre-9/11 wiretap bid is alleged

Why is this a surprise to anyone?

A former Qwest Communications International executive, appealing a conviction for insider trading, has alleged that the government withdrew a $200-million contract after Qwest refused to participate in an unidentified National Security Agency program that the company's top lawyer said was illegal.

Nacchio's account, which places the NSA proposal at a meeting on Feb. 27, 2001, suggests that the Bush administration was seeking to enlist telecommunications firms in programs without court oversight before the terrorist attacks. The Sept. 11 attacks have been cited by the government as the main impetus for its warrantless surveillance efforts.

More here.

Same church different pew...

http://www.wired.com/science/discoveries/news/2006/04/70619

Monday, October 01, 2007

The Breach Blog

The Breach Blog has an interesting compilation of recent security breaches.
 
Copyright 2017 e2e Security. Powered by Blogger Blogger Templates create by Deluxe Templates. WP by Masterplan