Comp.Security Archives

April 16, 2003

Fugu 1.0 available

"Fugu is a native Mac OS X Cocoa GUI wrapper for OpenSSH's commandline sftp client. SFTP is a secure replacement for FTP: the session is encrypted via ssh, so nothing--most importantly passwords--is sent in the clear."

It's also free and open source.

April 18, 2003

90% Give Away Password

I almost put this in the "Work" category since password security is a part of my job. Instead, I made up a new category since the general subject is something in which I'm interested.

Office workers give away passwords for a cheap pen

Continue reading "90% Give Away Password" »

June 5, 2003

Teen girls train FBI 2B teen girls

It's an obvious problem and they chose the obvious solution. Agents are posing as teen girls online to catch pedophiles. How do the agents learn to act like a teen girl? They get teen girls to train them!

The first time the girls gave a quiz, all the agents failed.

"They, like, don't know anything," said Mary, 14, giggling.

"They're, like, do you like Michael Jackson?" said Karen, 14, rolling her eyes at just how out of it adults can be.

Putting this in my "Comp. Security" category was a bit of a stretch but, hey, knowing who you're communicating with is a part of security.

June 4, 2004

Favicon, security hole

I find this exploit amusing for some reason. You're probably familiar with "favicons," the images web servers can deliver to some browsers so you can have a tiny logo (or whatever) instead of a generic bookmark graphic on your address bar or in your bookmarks. Normally they're really small, like 15 pixels square. Well the folks at GreyMagic discovered that the Opera web browser could handle much wider graphics and that the graphic would cover up the URL in the address bar. This means a malicious web site could cover their hostname with a graphic displaying the URL of another site, say, "" Here's the sample graphic from GreyMagic's site:

sample URL obscuring favicon

I wish they had a screenshot of what this looked like in Opera, the demonstration page is only a demonstration if you have the browser. Opera has already issued a patch.

August 6, 2004

Nasty WiFi hacker trick

Oooh, this is bad. A fellow at this year's DefCon came up with a program that exploits the weak (or absent) security of an 802.11b WiFi network. His program, airpwn, inserts HTML into an HTTP transaction. What was his favorite thing to insert? How about replacing all the images on a web page with the picture? (If you don't know what it's a picture of, you really, really don't want to. Seriously.)

About Comp.Security

This page contains an archive of all entries posted to Extra88 in the Comp.Security category. They are listed from oldest to newest.

Funny is the next category.

Many more can be found on the main index page or by looking through the archives.

Powered by
Movable Type 3.31