The security expert Bruce Schneier has recently written an article on Wired.com about using Wi-Fi networks that don’t have password protections. His position on this topic is, use it. His own wireless network is not protected so others can use it. The way he sees it is that other people benefit from it. This might come from the same ideology of hackers that everything in the internet should be free and everyone should have access to these. He is not worried about his security because he knows how to secure his computer no matter what network is he on. This is a great article to debate on whether you believe in using your neighbors unprotected WiFi and if you should allow your neighbors use your unprotected wireless network.
Similarly, I appreciate an open network when I am otherwise without bandwidth. If someone were using my network to the point that it affected my own traffic or if some neighbor kid was dinking around, I might want to do something about it; but as long as we’re all polite, why should this concern me? Pay it forward, I say.
Major news on Techcrunch, part of the source code of Facebook has been leaked. This either means that Facebook was hacked or is going open source. This is a big deal, this means people might have your password and information. I wouldn’t be surprised if it was done using some API bug since it is one of the most recent updates on Facebook. The source code for the main or home page was posted on a blog called Facebook Secrets. The question is how much longer will it last ?
From reading the source code you can tell that is not very well organized, seems a bit amateur. But then again it was started by college students who were still learning and are still probably learning. Now how secure is Facebook ? How much damage will it bring to the “company” that was just starting to get extremely popular ?
Update: An “official” response has been given at TechCrunch :
Hi Nic-
I wanted to clarify a few things in your story. Some of Facebook’s source code was exposed to a small number of users due to a bug on a single server that was misconfigured and then fixed immediately. It was not a security breach and did not compromise user data in any way. The reprinting of this code violates several laws and we ask that people not distribute it further.
Thanks to you and the TC readers for helping us out on this one.
Brandee Barker
Facebook
Yasser
DEFCON is one of the biggest “underground” hacking convention in the year. Every reporter that wants to find out about the latest security issues goes to this event. FBI and other authorities go there to learn what’s new. If there is one thing for sure about this convention is that everyone is welcomed, even reporters. But when an undercover reporter named Michelle Madigan tried to video tape people without permission trying to catch them admitting to illegal stuff she got caught and embarrassed. The organizers of DEFCON offered her a press pass several times but she refused it. She put on her hidden camera at a wrong time, it was “spot the undercover reporter” game time and guess who was the victim. Over 150 attendees tried taking pictures of her and videotaping her. Someone is not doing a very good job.
Yasser
Thanks to Google, hackers have it alot easier to find things. The famous website Johnny I Hack Stuff shows different tricks on how to find certain things. Since google finds everything that people let it, people are also able to find certain files that aren’t really ment to be seen by everyone. The latest Google Hack is using YouTube to find users and passwords for ftp sites. With this query we can find many ftp users, passwords and the address for the ftp.
The “flaw” is that if you click on a YouTube video from your ftp, logged in, then YouTube will record the refferal with it’s full address which includes the user and password for the ftp. The simple solution would be to not click on YouTube links from your FTP. The other solution would be Google filtering the refferals so it wouldn’t capture users and their passwords.
Yasser
Happy New Year Everyone!!! The best way to start this year is with a new security bug found in Gmail. It appears that Gmail stores our contact list information on a simple JavaScript file that could be read with a simple XSS. I dont know if you could access this file without XSS but I do know that you have to be loged in in order to see this. This was posted today on Digg and it seems as there will be more to come. This reminds me of the almost famous Gmail Bug that was found by Anelkaos, during that investigation we discovered how Gmail works its way around and I remember that many things are kept in JavaScript and if there where to be an XSS you could probably extract everything.
Yasser
I just finished reading this interesting article in SecurityFocus by Scott Granneman called A Hard Lesson in Privacy . It is a true story about someone who bought a used Intel Mac. Basically is the same old story about people who think they deleted files by placing in the recycle bin and then emptying that recycle bin. Now for the “average” user they think that after you do that there is no way of recovering that information; well you are wrong. The only way you are able to delete files “forever” is with software that your Operating System does not bring (according to the article Mac securely deletes files). Considering that most user use Windows, it is a different story you will need special software that deletes your files and overwrites them so they can’t be recovered.
I will give you a quick lesson on how this works, it will probably not even make much sense but it is worth trying. There is one big column with rows, these rows are “numbers” that indicate where your file is located, consider it like a street address. Next to that address (in the next column) is the information that it brings (the files information). There is another column with information about the adresses and saying if someone lives there (if it has something) or if it is empty. When you delete a file, it doesn’t really delete the information of the file, it just says in that other column that nothing is there (even though there really is, but it will be overwritten). Read more…
| DESIGN BY