Schneier on Security

MAY 11, 2022

Since its founding in 2003, ICE has not only been building its own capacity to use surveillance to carry out deportations but has also played a key role in the federal government’s larger push to amass as much information as possible about all of our lives.

Surveillance 343

Surveillance Government 343

Schneier on Security

OCTOBER 3, 2019

Data Collected: 22 Vendors 1,294 Products 4,956 Firmware versions 3,333,411 Binaries analyzed Date range of data: 2003-03-24 to 2019-01-24 (varies by vendor, most up to 2018 releases). [.]. In August, CyberITL completed a large-scale survey of software security practices in the IoT environment, by looking at the compiled software.

IoT 235

IoT Firmware Data collection Architecture 235

Schneier on Security

MAY 28, 2019

The earliest document number available on the site -- 000000075 -- referenced a real estate transaction from 2003. Modifying the document number in his link by numbers in either direction yielded other peoples' records before or after the same date and time, indicating the document numbers may have been issued sequentially.

Insurance 252

Insurance Small Business Accountability 252

Schneier on Security

APRIL 2, 2024

Through a 2010 FOIA request (yes, it took that long), we have copies of the NSA’s KRYPTOS Society Newsletter, “ Tales of the Krypt ,” from 1994 to 2003. There are many interesting things in the 800 pages of newsletter. There are many redactions.

Internet 338

Internet Internet 338

Schneier on Security

FEBRUARY 8, 2024

In 2003, I wrote : Clearly this isn’t all or nothing. I have long been a fan of software liability as a policy mechanism for improving cybersecurity. And, yes, software is complicated, but we shouldn’t let the perfect be the enemy of the good. There are many parties involved in a typical software attack.

Software 326

Software Government Cybersecurity 326

Anton on Security

JANUARY 20, 2022

My writing at the time shows that I was quite obsessed with correlation, especially correlation of normalized / categorized data that allowed detection content (rule) creation without knowing the event IDs and other details from each log source [because single event matching was not considered cool in 2003, and so why is it acceptable in 2022?]

Technology 211

Technology Engineering Data collection Firewall 211

Krebs on Security

JULY 23, 2020

had exposed approximately 885 million records related to mortgage deals going back to 2003. In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp.

Insurance 346

Insurance Financial Services Penetration Testing Scams 346

Krebs on Security

MAY 24, 2019

NYSE:FAF ] leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The earliest document number available on the site – 000000075 — referenced a real estate transaction from 2003.

Insurance 279

Insurance Banking Identity Theft Scams 279

CSO Magazine

FEBRUARY 2, 2021

He began as a marketing manager in 1997 and started AWS in 2003. The surprise announcement that Jeff Bezos will leave later this year and hand over the reins to AWS leader Andy Jassy marks a remarkable rise for Jassy.

Marketing 131

Marketing 131

Schneier on Security

FEBRUARY 2, 2018

What's more, it predated Stuxnet, with the first known instance occurring in 2003. Now, researchers have presented proof that digitally signed malware is much more common than previously believed.

Malware 190

Malware Antivirus Software Accountability 190

Krebs on Security

JUNE 29, 2023

In March 2020, the DOJ unsealed two criminal hacking indictments against Kislitsin, who was then head of security at Group-IB , a cybersecurity company that was founded in Russia in 2003 and operated there for more than a decade before relocating to Singapore.

Cybersecurity 297

Cybersecurity Cybercrime Hacking Government 297

Security Boulevard

SEPTEMBER 10, 2021

Back in the summer of 2003, the internet was plagued with worms such as Blaster and Sobig. The problems I spoke of in 2003, sadly, are still here with us 18 years later. In my 2003 testimony, I said, “The current flawed computing infrastructure is not going to change for the better overnight.

Software 59

Software Government Internet Internet 59

Heimadal Security

DECEMBER 2, 2021

is a technology company based in San Jose, California created in 2003. Ubiquiti Inc. Having its headquarters in New York City, Ubiquiti produces and distributes wireless data transmission and wired equipment for businesses and residences under a variety of brand names. What Happened?

Wireless 132

Wireless Technology Ransomware Malware 132

NopSec

MARCH 26, 2013

Some time ago I recall that there was a old Perl Metasploit module targeting Oracle database 8i unauthenticated remote overflow out there (CVE-2003-0095) According to National Vulnerability Database, the vulnerability reads: “Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, In this case, use VirtualAlloc() to bypass NX.

Penetration Testing 52

Penetration Testing Authentication Engineering Technology 52

Krebs on Security

AUGUST 12, 2019

that exposed more than 885 million personal and financial records tied to mortgage deals going back to 2003, KrebsOnSecurity has learned. Securities and Exchange Commissio n (SEC) is investigating a security failure on the Web site of real estate title insurance giant First American Financial Corp. First American Financial Corp.

Insurance 261

Insurance Banking Authentication Accountability 261

Penetration Testing

JUNE 22, 2024

The flaw, designated CVE-2024-2003 (CVSS 7.3) ESET, a leading cybersecurity provider, has addressed a high-severity vulnerability in its range of Windows security products.

Cybersecurity 91

Cybersecurity Antivirus Internet Internet 91

Dark Reading

MAY 14, 2019

Microsoft releases security updates for some out-of-support systems to fix a bug that could be weaponized as a worm if exploited.

79

79

Krebs on Security

SEPTEMBER 1, 2021

Between 2003 and 2006, Corpse focused on selling and supporting his Haxdoor malware. An ad circa 2005 for A311 Death, a powerful banking trojan authored by “Corpse,” the administrator of the early Russian hacking clique Prodexteam. Image: Google Translate via Archive.org.

Malware 336

Malware Cybercrime Internet Internet 336

WIRED Threat Level

FEBRUARY 21, 2021

In 2003, Barrett Lyon created a map of the internet. In 2021, he did it again—and showed just how quickly it's expanded.

Internet 106

Internet Internet 106

CSO Magazine

JULY 6, 2021

Rainbow tables were invented by IT expert Philippe Oechslin, who published a paper on his work in 2003. A rainbow table is a large, precomputed table designed to cache the output of cryptographic hash functions to decrypt hashed passwords into plaintext.

Passwords 129

Passwords 129

Security Affairs

JULY 17, 2020

on the CVSS scale and affects Windows Server versions 2003 to 2019. in the Windows DNS server that affects Windows Server versions 2003 to 2019, and can be triggered by a malicious DNS response. The bug affects the DNS server component that ships with all Windows Server versions from 2003 to 2019. ” states Krebs.

DNS 139

DNS Government Advertising Engineering 139

Schneier on Security

MARCH 18, 2022

Back in 2003, at the height of our collective terrorism panic, I coined the term security theater to describe measures that look like they’re doing something but aren’t. When it comes to the measures intended to keep us safe from COVID-19, I don’t even have to look very hard. But I’m not alarmed.

Banking 324

Banking Surveillance Cybersecurity 324

Krebs on Security

JUNE 3, 2019

” That vulnerability exists in Windows XP, Windows 2003, Windows 7, Windows Server 2008 R2, and Windows Server 2008. Microsoft did this to head off another WannaCry-like outbreak from mass-exploitation of a newly discovered flaw that Redmond called imminently “wormable.”

Ransomware 234

Ransomware Accountability Malware Government 234

Security Boulevard

SEPTEMBER 13, 2021

The list has been maintained by OWASP since its release in 2003 with updates every few years. The Open Web Application Security Project (OWASP) has released its draft Top 10 Web Application Security Risks 2021 list with a number of changes from the 2017 list (the last time the list was updated).

Risk 116

Risk 116

Krebs on Security

JANUARY 8, 2024

Icamis promoted his services in 2003 — such as bulk-domains[.]info A search on “icamis.ru” in Google brings up a 2003 post by him on a discussion forum designed by and for students of Amtek , a secondary school in Cherepovets (Icamis was commenting from an Internet address in Cherepovets). w s, icamis[.]ru

Cybercrime 259

Cybercrime Banking Computers and Electronics DDOS 259

SecureBlitz

FEBRUARY 8, 2021

Wondershare Recoverit is a file recovery toolkit that has been around since 2003. In this post, I will review the Wondershare Recoverit file recovery tool for Windows and Mac PC. It can retrieve over a thousand different file formats and file systems from PC. It offers you the best file recovery technology that can recover.

Technology 105

Technology Cybersecurity 105

Veracode Security

MAY 18, 2023

Even my 2003 testimony to Congress still proved that we have a long way to go in building secure software. The Slow Burn: From L0pht’s Testimony to Government Action L0pht’s 1998 testimony set the stage for the next 25 years of internet security awareness. However, it took years for change to start happening.

Cybersecurity 122

Cybersecurity Security Awareness Internet Internet 122

Security Boulevard

SEPTEMBER 27, 2021

It has been in draft form for months and has been updated several times since 2003, and before its latest iteration, in 2017. Last week was the 20 th anniversary of the Open Web Application Security Project ( OWASP ), and in honor of that date, the organization issued its long-awaited update to its top 10 exploits.

Network Security 97

Network Security 97

Security Affairs

JULY 15, 2022

Dragos researchers were also able to recover the password using the exploit over Ethernet, significantly increasing the severity of the flaw, tracked as CVE-2022-2003. The CVE-2022-2003 was responsibly disclosed to Automation Direct and the vendor addressed it with the release of a firmware update.

Passwords 128

Passwords Software Firmware Malware 128

Security Boulevard

JANUARY 20, 2022

data: 2003, source ). BTW, this last historical artifact makes me a bit angry, because at least one of the “cool” “search-based ‘SIEM’” vendors cannot do this today, in 2022, while the cheapest and simplest of the 1st generation SIM/SEMs could do it in 2003. (date: 2002, source ). date: 2002, source ).

Technology 138

Technology Engineering Data collection Firewall 138

Heimadal Security

SEPTEMBER 21, 2021

The Internet Information Services (IIS) is Microsoft Windows web server software included with all Windows versions since Windows 2000, XP, and Server 2003. Windows IIS servers were compromised by threat actors to add expired certificate notification pages asking visitors to download a malicious fake installer.

Internet 94

Internet Internet Software Cybersecurity 94

Security Boulevard

AUGUST 23, 2021

It's been 18 years since OWASP first published their list of Top 10 Web Application Security Risks in 2003. It wouldn't be unreasonable to think it would have been possible to solve web application security problems in that time frame. Yet, attacks continue to happen, and successfully target vulnerabilities in web applications.

Risk 96

Risk 96

Anton on Security

MARCH 1, 2021

OK, but now you’d be somewhat surprised where our journey will suddenly turn… Now, go and imagine the following scenarios: You face the attacker in possession of a machine that can auto-generate reliable zero day exploits and then use them (an upgraded version of what was the subject of 2016 DARPA Grand Challenge ) You face the attackers who use worms (..)

Information Security 246

Information Security Malware Cybersecurity 246

The Last Watchdog

JUNE 9, 2022

He has been a member of the California State Bar since 2003. About the essayist: Lyle Solomon has extensive legal experience as well as in-depth knowledge and experience in consumer finance and writing.

Identity Theft 274

Identity Theft Scams Insurance Internet 274

Adam Levin

MAY 29, 2019

left hundreds of millions of sensitive financial documents unprotected on its website dating back as far as 2003. First American Financial Corp.

Small Business 149

Small Business Insurance Banking Accountability 149

Adam Shostack

JANUARY 2, 2025

You could be an expert on Active Directory 2003, or Checkpoint's Firewall-1. Yesterday Recently on Emergent Chaos, I talked about Red Queen Races , where you have to work harder and harder just to keep up. In the pre-cloud world, you could fully update your skills. You could generate friction over moving to AD2012.

Firewall 130

Firewall Engineering Network Security 130

CyberSecurity Insiders

JUNE 16, 2022

NOTE 2 – In the year 2003, MS announced it is going to give its Windows source codes to nations, fearing any security concerns. NOTE 1- GSP is being offered by the American tech giant for people to trust in its products and services.

Government 124

Government Cyber Attacks Software Cybersecurity 124