Category: InfoSec

  • Placing the Blame

    This was originally published on Newstrolls and subsequently mirrored on attrition.org.] As I type this article, there is a significant effort under way to track down two individuals. Both “Maxus” and “Curador” are wanted by several law enforcement agencies, most notably the Federal Bureau of Investigation (FBI). Each person has committed a crime involving unauthorized computer access. […]

  • Have Script, Will Destroy (Lessons in DoS)

    [This was originally published on Hacker News Network (HNN), re-printed on Digital Mogul, translated to French, and mirrored on attrition.org. Images courtesy of Dale Coddington.] I began writing this article almost one year ago, after the onslaught of smurf attacks being launched against various networks throughout the Internet. At the time, the newly discovered Denial of Service […]

  • The Crime of Punishment

    [This was originally published on The Synthesis and mirrored on attrition.org.] As you read this, an unusual legal case history is being established around the prosecution of computer crime. Because computer crime is still a relatively new aspect in the arena of law and prosecution, each and every case sets important precedent that will be […]

  • Deconstructing the Hype

    [This was originally published on eEye.com and mirrored on attrition.org.] As a security consultant, I get a lot of e-mail about every topic in the security arena. Running a popular mail list, I tend to get more than most, especially with new product advertisements. For the most part I give them a once over before deleting […]

  • Why Linux Security Will Succeed

    [This was originally published on secure.linux.com and mirrored on attrition.org.] There is no subtlety in the race to gain the exalted title of having the most secure operating system. Both sides of the virtual fence argue their preferred operating system is more secure by default installation. More often than not, these OS bigots spend more […]

  • Setting Standards in Security

    [This was originally published on Aviary Magazine and mirrored on attrition.org.] Returning from Tokyo a few weeks back prompted me to remember an ongoing problem in the security community. I don’t necessarily mean the computer security community, but this certainly applies to computer/network security as well as anyone else. The reason this is a big […]

  • Not Just a Game Anymore

    [This was originally published on Hacker News Network (HNN) and mirrored on attrition.org.] This is a follow-up to a previous article titled Is it worth it? Dispelling the myths of law enforcement and hacking, released on November 22, 1999 via Hacker News Network. Included with this article are several sanitized copies of various documents pertaining to computer […]

  • The Wrong Approach

    [This was originally published on Aviary Magazine and mirrored on attrition.org.] Inside of one month, myself or thousands of other security consultants could eradicate over 90% of the vulnerabilities plaguing Unix systems today. Sound far fetched? It isn’t as crazy as it sounds. More crazy as that notion is why it hasn’t been done years […]

  • Is it worth it?

    [This was originally published on Hacker News Network (HNN) and mirrored on attrition.org.] Is it worth it?Dispelling the myths of law enforcement and hacking A recent chat with an active web page defacer made me realize just how naïve some crackers can be about law enforcement (LE). Despite a large amount of cases being brought […]

  • In Response To: Computer Crime-Abetting Sites…

    [This was originally published on Aviary Magazine and mirrored on attrition.org.] Original Article: http://biz.yahoo.com/bw/991018/ca_compute_1.html (Company Press Release) Computer Crime-Abetting Sites Will Dramatically Increase Costs for Businesses and Consumers Business Wire — Oct. 18, 1999 When it Rains it Pours It was only weeks ago that I wrote an article on inflated damage figures. After reading several pieces […]