Alerts9:04 PM (1 minute ago)
Adobe/Acrobat 0-day in the wild?, (Fri, Feb 20th)
from
SANS Internet Storm Center, InfoCON: greenAccording to our friends over at Shadowserver, There is a new Acrobat 0-day in the wild. They ...(more)...
4:29 PM (4 hours ago)
MS09-002, XML/DOC and initial infection vector, (Thu, Feb 19th)
from
SANS Internet Storm Center, InfoCON: greenThe MS09-002 exploit that we posted a diary about two days ago (http://isc.sans ...(more)...
9:09 AM (11 hours ago)
Denial of Service against Time Warner (San Diego)?, (Thu, Feb 19th)
from
SANS Internet Storm Center, InfoCON: greenWe've had unconfirmed reports this morning of a Denial of Service against the DNS servers for Time W ...(more)...
Security News6:54 PM (2 hours ago)
Practical Example of csSQLi Using (Google) Gears Via XSS
from
CGISecurity - Website and Application Security News by Robert A.
"Yesterday, at the Blackhat DC security conference, I spoke about the dangers of persistent web browser storage. Part of the talk focused on how emerging web browser storage solutions such as Gears (formerly Google Gears) and the Database Storage functionality included in the emerging HTML 5 specification, could be attacked on...
1:36 PM (7 hours ago)
Bot Busts Newest Hotmail CAPTCHA
from
CGISecurity - Website and Application Security News by Robert A.
"The botnet, or collection of compromised PCs, can decipher Live Hotmail's CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) registration safeguard in about 20 seconds, said Websense Inc. security researcher Sumeet Prasad.CAPTCHA is the term for the distorted characters that many Web sites, such as e-mail services...
12:36 PM (8 hours ago)
Wikileaks Accidentially Leaks Its Donor List
from
CGISecurity - Website and Application Security News by Robert A.
"What's Wikileaks, the net's foremost document leaking site, supposed to do when a whistle-blower submits a list of email addresses belonging to the site's confidential donors as a leaked document? That's exactly the conundrum Wikileaks faced this week after someone from the controversial whistle-blowing site sent an emergency fund-raising appeal on...
Feb 18, 2009 (yesterday)
MS09-002 exploit in the wild
from
CGISecurity - Website and Application Security News by Robert A.
Sans is reporting the MS09-002 exploit is in the wild."Several AV vendors reported about MS09-002 exploits in the wild. We can confirm this – the exploit for the CVE-2009-0075 vulnerability (Uninitialized Memory Corruption) in Internet Explorer 7 is definitely in the wild and working as charm on an unpatched Windows XP...
Feb 17, 2009 (2 days ago)
Top-10 Vulnerability Discoverers of All Time (as well as 2008)
from
CGISecurity - Website and Application Security News by Robert A.
"Who discovers the most security vulnerabilities? That’s one of the more frequent questions I’ve encountered over the past few years. Funnily enough there’s usually a high correlation between the timing of my being asked and the latest marketing blitzkrieg customers may have encountered (not from IBM of course). It seems that...
2:31 PM (6 hours ago)
US feds pull travel site offline after hacker break-in
from
The Register - SecurityGovTrip trips up
A travel reservations website used by US government agencies remains offline more than a week after it was infected with malware that tried to install malicious code on the PCs of those who visited the site.…
11:31 AM (9 hours ago)
Grifters punt 'get rich quick' scams at Facebook users
from
The Register - SecuritySocial networking marks made an offer you can refuse
Grifters are using Facebook to lend credibility to an elaborate get rich quick scam designed to trick punters into handing over credit card details.…
8:30 AM (12 hours ago)
Laptop facial recognition defeated by Photoshop
from
The Register - SecurityTaking a long hard stare at biometric security
White hat security researchers have demoed how to bypass the facial recognition systems on several laptops.…
7:30 AM (13 hours ago)
Pirate Bay supporters ram Swedish IFPI website
from
The Register - Security'We're winning, stop hacking plz'
Pirate Bay co-founder Peter Sunde has pleaded with fans to stop attacking official entertainment industry websites after the Swedish wing of the The International Federation of the Phonographic Industry’s (IFPI) site was hacked yesterday.…
6:30 AM (14 hours ago)
Cybercrime losses tax UK small business
from
The Register - SecurityExposed SMEs call for reporting security blanket
Cybercrime and fraud are costing Britain's small business £800 a year each, according to a survey by the UK's Federation of Small Businesses (FSB).…
10:31 AM (10 hours ago)
Romeo 419ers take Canadian women for $300k
from
The Register - SecurityLonely hearts, empty wallets
Nigerian fraudsters have relieved a number of Edmonton women of a total of $300,000 in what the local Sun describes as "an online dating scam".…
1:30 AM (19 hours ago)
Hacker pokes new hole in secure sockets layer
from
The Register - SecurityMoxie Marlinspike's man-in-the-middle
Website encryption has sustained another body blow, this time by an independent hacker who demonstrated a tool that can steal sensitive information by tricking users into believing they're visiting protected sites when in fact they're not.…
Feb 18, 2009 (yesterday)
Google gears Gmail for PC hack attack
from
The Register - Security'Offline' web apps exposed
Over the past year, dozens of web-based services have adopted new features that allow them to be used even when an internet connection isn't available. The technologies making this possible may offer plenty of convenience, but they also make end users susceptible to powerful new attacks, a security researcher warns.…
Feb 18, 2009 (yesterday)
Using Group Policy to Negate Conflicker on Windows
from
WindowSecurity.com by (Derek Melber)
Different methods you can use to help secure a desktop from being infected with the ConFlicker worm.
3:47 PM (5 hours ago)
Hacker claims SQL bug on Symantec site
from
Network World on Security by Robert McMillan
A Romanian hacker who has spent the past few weeks exposing a common, but dangerous, Web programming error on security vendors Web sites says he's found a SQL injection flaw on Symantec's Web site. But Symantec says it's not a security issue.
3:47 PM (5 hours ago)
DHS names Callahan privacy chief
from
Network World on Security by Ellen Messmer
The Department of Homeland Security Thursday named Mary Ellen Callahan as the department's Chief Privacy Officer.
3:47 PM (5 hours ago)
Cloud security fears are overblown, some say
from
Network World on Security by James Niccolai
It may sound like heresy to say it, but it's possible to worry a little too much about security in cloud computing environments, speakers at IDC's Cloud Computing Forum said on Wednesday.
3:47 PM (5 hours ago)
Pirate Bay supporters hack Swedish IFPI Web site
from
Network World on Security by Jeremy Kirk
Hackers defaced the International Federation of the Phonographic Industry's (IFPI) Swedish Web site on Wednesday as The Pirate Bay trial continued.
3:47 PM (5 hours ago)
Researchers detail Intel TXT hacks at Black Hat
from
Network World on Security by Jaikumar Vijayan
Two security researchers fleshed out details Wednesday at the Black Hat conference in Washington of a method they disclosed earlier this year for circumventing Intel's new Trusted Execution Technology (TXT) security software.
3:47 PM (5 hours ago)
The Ultimate Browser Security Face-Off
from
Network World on Security by Tom Kaneshige
The Web is teeming with venomous exploits. And an ever-increasing quantity of that malware sneaks onto hard drives via the browser.
3:47 PM (5 hours ago)
The case for flat-rate services
from
Network World on Security by Steve Taylor and Jim Metzler
As we look at today's economic landscape, only one thing seems scarier than controlling expenses, and that is having unpredictable expenses. For that reason, we expect lots of services that have traditionally been usage based to be even more attractive if offered as a flat-rate service.
3:47 PM (5 hours ago)
Guidelines for securing IEEE 802.11i wireless networks
from
Network World on Security by M. E. Kabay
A useful free document, one not requiring registration and having 162 pages, is "Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i," which is Special Publication 800-97 from the National Institute of Standards and Technology.
3:47 PM (5 hours ago)
Bangkok upgrades surveillance network at Chinatown
from
Network World on Security by Carol Ko
The Bangkok government is now operating a 24-hour video surveillance network in the city's Chinatown for public safety and traffic management.
3:47 PM (5 hours ago)
NAC market continues to evolve
from
Network World on Security by Tim Greene
The NAC market continues to evolve, including the necessary and sometimes painful process of consolidation.
7:01 AM (14 hours ago)
Satellite Feed Hacking - Your Data Isn’t Private!
from
Darknet - The Darkside by Darknet
Hardware hacking is an interesting area and something not too many people get into as the soldering irons, capacitors and chipsets seem daunting. I did have a play around with cable boxes and satellite feeds in my earlier years and was surprised to find how insecure they were. Most traffic is transmitted unencrypted, the stuff that [...]Read the full post at darknet.org.uk
Feb 18, 2009 (yesterday)
Fast-Track 4.0 - Automated Penetration Testing Suite
from
Darknet - The Darkside by Darknet
The latest big buzz is Fast-Track released recently at ShmooCon by Securestate, basically Fast-Track is an automated penetration suite for penetration testers. For those of you new to Fast-Track, Fast-Track is a python based open-source project aimed at helping Penetration Testers in an effort to identify, exploit, and further penetrate a network....Read the full post at darknet.org.uk
3:29 PM (5 hours ago)
Sourcefire VRT posts some interesting Conflickr Analysis, (Thu, Feb 19th)
from
SANS Internet Storm Center, InfoCON: greenJust wanted to put out an article from a few friends of mine at the Vulnerability Research Team at S ...(more)...
4:10 PM (4 hours ago)
News: Advisor: U.S. needs policy to defend cyberspace
from
SecurityFocus NewsAdvisor: U.S. needs policy to defend cyberspace
1:11 PM (7 hours ago)
Brief: Kaminsky calls for DNSSEC deployment
from
SecurityFocus NewsKaminsky calls for DNSSEC deployment
Feb 18, 2009 (22 hours ago)
Brief: Man-in-the-middle attack sidesteps SSL
from
SecurityFocus NewsMan-in-the-middle attack sidesteps SSL
12:02 AM (21 hours ago)
Black hat, blank face: researchers crack biometric scanners
from
Ars Technica - Front page content by nate@arstechnica.com (Joel Hruska)
Biometric systems have been touted as the next big thing in computer security for the past several years, despite the fact that some of them—fingerprint scanners, for example—have proven to be incredibly easy to bypass, requiring little more, in some cases, than some scotch tape and a bit of patience. Facial-recognition scanners have been a hot commodity on laptops of late, but researchers scheduled to present at the ongoing Black Hat DC conference this week have demonstrated that current implementations have flaws of their own.
9:27 PM (12 minutes ago)
Group Spots Giant Hacks by Combing Small Newspapers
from
Wired Top Stories by Kim Zetter
A volunteer group of security researchers and ex-hackers track diverse sources for info on consumer data spills. Logging more than 394 million records lost or compromised in 1,700 incidents, they sometimes spot major breaches before the company at fault warns the public.
6:08 PM (3 hours ago)
IFPI Site Hacked to Protest Pirate Bay Trial
from
Wired Top Stories by David Kravets
Hackers protesting the Pirate Bay trial in Stockholm break into the Swedish website of the International Federation of the Phonographic Industry's website to show their displeasure.
5:01 PM (4 hours ago)
Hacker Claims SQL Bug on Symantec Site
from
PC World Latest Technology NewsSymantec is the latest company to fall prey to a Romanian hacker who has been finding SQL injection bugs in security sites.
4:01 PM (5 hours ago)
Computer Thefts Prompt Los Alamos Security Review
from
PC World Latest Technology NewsThe Los Alamos National Laboratories has launched a month-long project aimed at ensuring that offsite computer systems fully comply with the institution's information security policies.
4:01 PM (5 hours ago)
Fugitive Hacker Indicted for Running VoIP Scam
from
PC World Latest Technology NewsJust days after his apprehension in Mexico following two years on the run from law enforcement authorities, an alleged hacker...
4:01 PM (5 hours ago)
Researchers Detail Intel TXT Hacks at Black Hat
from
PC World Latest Technology NewsTwo security researchers fleshed out details at the Black Hat conference in Washington this week of a method for circumventing Intel's Trusted Execution Technology security software.
4:01 PM (5 hours ago)
Hackers Break Into Government Travel Site
from
PC World Latest Technology NewsA travel reservations Web site used by several federal agencies was hacked last week, and shunted unsuspecting users to a malicious domain.
12:54 AM (21 hours ago)
Cloud Security Fears Are Overblown, Some Say
from
PC World Latest Technology NewsConcerns about the security of cloud computing services may be overstated, panelists at IDC's Cloud Computing Forum said.
Feb 18, 2009 (yesterday)
Hackers Steal Thousands of Wyndham Credit Card Numbers
from
PC World Latest Technology NewsCriminals stole tens of thousand of credit card numbers from Wyndham Hotels and Resorts after hacking into a computer.
9:50 PM (13 minutes ago)
Conficker Worm Gets an Evil Twin
from
PC World Latest Technology NewsResearchers have spotted a new variant of the Conficker worm, dubbed Conficker B++.
Other NewsIntel Eyes Cloud Computing With New Hardware, Software
from
PC World Latest Technology NewsIntel earlier this week pitched hardware improvement that could boost performance of a cloud while cutting energy costs.
Posts
