This is a first, I think: The airline's central computer which registered technical problems on planes was infected by Trojans at the time of the fatal crash and this resulted in a failure to raise an alarm over multiple problems with the plane, according to Spanish daily El Pais (report here). The plane took off with flaps and slats retracted,...

One of the most interesting challenges of working as Chief Information Security Officer in a utilit ...(more)...

Jhaddix wrote an interesting blog posting showing some tools that can be added to firefox to perfor ...(more)...

Niels Provos has done an excellent blog post on how to exploit CVE-2010-0188:An integer overfl ...(more)...

Several readers have pointed us to an article about the preliminary report of the Spanair flight tha ...(more)...

Who knew? "Hulse was shooting with burst mode on his camera, so I know exactly what the interval is between the frames and I can calculate velocity of squid flying though the air," O'Dor says. "We now think there are dozens of species that do it. Squid are used to gliding in the water, so the same physiology probably allows...

We've received a couple reports lately of a bot written in Perl finding its way onto more and more U ...(more)...

...(more)...

Intel buys McAfee. It's another example of a large non-security company buying a security company. I've been talking about this sort of thing for two and a half years: It's not consolidation as we're used to. In the security industry, there are waves of consolidation, you know, big companies scoop up little companies and then there's lots of consolidation. You've...

In a lot of ways, our job in IT and Information Security is implementing change. But as we all ...(more)...

Good essay by Seth Godin: We pay the fear tax every time we spend time or money seeking reassurance. We pay it twice when the act of seeking that reassurance actually makes us more anxious, not less. We pay the tax when we cover our butt instead of doing the right thing, and we pay the tax when we take...

UPDATE Looks like some patches have already been released. More details can be found here&n ...(more)...

The Crypto 2010 Conference is going on right now at the University of California, Santa Barbara. Springer-Verlag publishes the proceedings, but they're available as a free download for the next few days....

Still minor, but this kind of thing is only going to get worse: The new research shows that other systems in the vehicle are similarly insecure. The tire pressure monitors are notable because they're wireless, allowing attacks to be made from adjacent vehicles. The researchers used equipment costing $1,500, including radio sensors and special software, to eavesdrop on, and interfere...

In June and July I posted two diaries (http://isc.sans ...(more)...

During Black Hat USA2010, Patrick Thomas presented a new web application fingerprinting tool c ...(more)...

---- Raul Siles Founder and Senior Security Analyst with Taddong www.taddong ...(more)...

About a year ago, I wrote a diary here at the ISC called Putting the ED back in ...(more)...

In seconds. Garage doors with automatic openers have always seemed like a lot of security theater to me....

During this year we wrote only a few times about DDOS(Distributed Denial of Service)atta ...(more)...