Topic: Computer Security (Page 2)
You are looking at all articles with the topic "Computer Security". We found 27 matches.
Hint:
To view all topics, click here. Too see the most popular topics, click here instead.
π Capability Based Security
Capability-based security is a concept in the design of secure computing systems, one of the existing security models. A capability (known in some systems as a key) is a communicable, unforgeable token of authority. It refers to a value that references an object along with an associated set of access rights. A user program on a capability-based operating system must use a capability to access an object. Capability-based security refers to the principle of designing user programs such that they directly share capabilities with each other according to the principle of least privilege, and to the operating system infrastructure necessary to make such transactions efficient and secure. Capability-based security is to be contrasted with an approach that uses hierarchical protection domains.
Although most operating systems implement a facility which resembles capabilities, they typically do not provide enough support to allow for the exchange of capabilities among possibly mutually untrusting entities to be the primary means of granting and distributing access rights throughout the system. A capability-based system, in contrast, is designed with that goal in mind.
Capabilities as discussed in this article should not be confused with POSIX 1e/2c "Capabilities". The latter are coarse-grained privileges that cannot be transferred between processes.
Discussed on
- "Capability Based Security" | 2015-12-06 | 44 Upvotes 35 Comments
π Host Protected Area
The host protected area (HPA) is an area of a hard drive or solid-state drive that is not normally visible to an operating system. It was first introduced in the ATA-4 standard CXV (T13) in 2001.
Discussed on
- "Host Protected Area" | 2019-08-06 | 56 Upvotes 14 Comments
π Phreaking
Phreaking is a slang term coined to describe the activity of a culture of people who study, experiment with, or explore telecommunication systems, such as equipment and systems connected to public telephone networks. The term phreak is a sensational spelling of the word freak with the ph- from phone, and may also refer to the use of various audio frequencies to manipulate a phone system. Phreak, phreaker, or phone phreak are names used for and by individuals who participate in phreaking.
The term first referred to groups who had reverse engineered the system of tones used to route long-distance calls. By re-creating these tones, phreaks could switch calls from the phone handset, allowing free calls to be made around the world. To ease the creation of these tones, electronic tone generators known as blue boxes became a staple of the phreaker community. This community included future Apple Inc. cofounders Steve Jobs and Steve Wozniak.
The blue box era came to an end with the ever-increasing use of computerized phone systems which allowed telecommunication companies to discontinue the use of in-band signaling for call routing purposes. Instead, dialing information was sent on a separate channel which was inaccessible to the telecom customer. By the 1980s, most of the public switched telephone network (PSTN) in the US and Western Europe had adopted the SS7 system which uses out-of-band signaling for call control (and which is still in use to this day). Phreaking has since become closely linked with computer hacking.
Discussed on
- "Phreaking" | 2024-04-29 | 39 Upvotes 29 Comments
π WarGames was released today 40 years ago
WarGames is a 1983 American science fiction techno-thriller film written by Lawrence Lasker and Walter F. Parkes and directed by John Badham. The film, which stars Matthew Broderick, Dabney Coleman, John Wood, and Ally Sheedy, follows David Lightman (Broderick), a young hacker who unwittingly accesses a United States military supercomputer programmed to simulate, predict and execute nuclear war against the Soviet Union.
WarGames was a critical and commercial success, grossing $125Β million worldwide against a $12Β million budget. The film was nominated for three Academy Awards.
Discussed on
- "WarGames was released today 40 years ago" | 2023-06-03 | 53 Upvotes 14 Comments
π Iloveyou
ILOVEYOU, sometimes referred to as Love Bug or Love Letter for you, is a computer worm that infected over ten million Windows personal computers on and after 4 May 2000 when it started spreading as an email message with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-YOU.txt.vbs". The latter file extension ('vbs', a type of interpreted file) was most often hidden by default on Windows computers of the time (as it is an extension for a file type that is known by Windows), leading unwitting users to think it was a normal text file. Opening the attachment activates the Visual Basic script. The worm inflicts damage on the local machine, overwriting random types of files (including Office files, image files, and audio files; however after overwriting MP3 files the virus hides the file), and sends a copy of itself to all addresses in the Windows Address Book used by Microsoft Outlook. This made it spread much faster than any other previous email worm.
Discussed on
- "Iloveyou" | 2020-05-05 | 51 Upvotes 14 Comments
π The Hacker Crackdown: Law and Disorder on the Electronic Frontier
The Hacker Crackdown: Law and Disorder on the Electronic Frontier is a work of nonfiction by Bruce Sterling first published in 1992.
The book discusses watershed events in the hacker subculture in the early 1990s. The most notable topic covered is Operation Sundevil and the events surrounding the 1987β1990 war on the Legion of Doom network: the raid on Steve Jackson Games, the trial of "Knight Lightning" (one of the original journalists of Phrack), and the subsequent formation of the Electronic Frontier Foundation. The book also profiles the likes of "Emmanuel Goldstein" (publisher of 2600: The Hacker Quarterly), the former assistant attorney general of Arizona Gail Thackeray, FLETC instructor Carlton Fitzpatrick, Mitch Kapor, and John Perry Barlow.
In 1994, Sterling released the book for the Internet with a new afterword.
Discussed on
- "The Hacker Crackdown: Law and Disorder on the Electronic Frontier" | 2017-02-06 | 36 Upvotes 12 Comments
π Cold Boot Attack
In computer security, a cold boot attack (or to a lesser extent, a platform reset attack) is a type of side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer's random access memory by performing a hard reset of the target machine. Typically, cold boot attacks are used to retrieve encryption keys from a running operating system for malicious or criminal investigative reasons. The attack relies on the data remanence property of DRAM and SRAM to retrieve memory contents that remain readable in the seconds to minutes after power has been removed.
An attacker with physical access to a running computer typically executes a cold boot attack by cold-booting the machine and booting a lightweight operating system from a removable disk to dump the contents of pre-boot physical memory to a file. An attacker is then free to analyze the data dumped from memory to find sensitive data, such as the keys, using various forms of key finding attacks. Since cold boot attacks target random access memory, full disk encryption schemes, even with a trusted platform module installed are ineffective against this kind of attack. This is because the problem is fundamentally a hardware (insecure memory) and not a software issue. However, malicious access can be prevented by limiting physical access and using modern techniques to avoid storing sensitive data in random access memory.
Discussed on
- "Cold Boot Attack" | 2013-09-27 | 33 Upvotes 9 Comments
π Foldering
Foldering is the practice of communicating via messages saved to the "drafts" folder of an email or other electronic messaging account that is accessible by multiple people. The messages are never actually sent.
Foldering has been described as a digital equivalent of a dead drop.
Discussed on
- "Foldering" | 2023-08-17 | 35 Upvotes 4 Comments
π 2024 CrowdStrike incident: The largest IT outage in history
On 19 July 2024, a faulty update to security software produced by CrowdStrike, an American cybersecurity company, caused innumerable computers and virtual machines running Microsoft Windows to crash. Businesses and governments around the globe were affected by what one expert called the "largest IT outage in history".
Among the industries that were disrupted were airlines, airports, banks, hotels, hospitals, stock markets, and broadcasting; governmental services such as emergency numbers and websites were also affected. The error was discovered and a fix was made on the same day, but the outage continued to delay airline flights, cause problems in processing electronic payments, and disrupt emergency services.
Discussed on
- "2024 CrowdStrike incident: The largest IT outage in history" | 2024-07-19 | 24 Upvotes 4 Comments
π The Cuckoo's Egg
The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage is a 1989 book written by Clifford Stoll. It is his first-person account of the hunt for a computer hacker who broke into a computer at the Lawrence Berkeley National Laboratory (LBNL).
Discussed on
- "The Cuckoo's Egg" | 2019-01-29 | 14 Upvotes 10 Comments