- Vuln: Mahara Resume Blocktype Cross Site Scripting Vulnerability
- Vuln: Mahara Admin Password Reset Security Bypass Vulnerability
- Vuln: Google Chrome prior to 3.0.195.32 Multiple Security Vulnerabilities
- Vuln: Multiple Horde Products Cross-Site Scripting Vulnerabilities and File Overwrite Vulnerability
- Vuln: Mod_Perl Path_Info Remote Denial Of Service Vulnerability
- Vuln: Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
- Vuln: FreeBSD 'fifo_vnops.c' Resource Leak Local Denial of Service Vulnerability
- Vuln: Citrix NetScaler and Access Gateway Denial Of Service Vulnerability
- Vuln: PDFLib 'open_basedir' Restriction Bypass Vulnerability
- Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
Search
Search Result
-
Security 2009 report
Category: Network Security & Hacking News/Latest Security News
... of an individual, it is very easy and quick to determine if the one typing is the right person. So for identification purposes, his research is truly promising. Security_2009 I'd like to ...Friday, 06 November 2009 -
Fragus exploit pack’s pricy business model locks users in
Category: Network Security & Hacking News/Latest Security News
... is a big – real big – money maker for cybercriminals. A person willing to give up $800 is willing to accept a lot of risk and much like the stock market, the more risk you take on, the bigger the rewards. ...Friday, 06 November 2009 -
FTC Says Bloggers Must Disclose Freebies
Category: Network Security & Hacking News/Latest Security News
... Acme Co. And all I got in exchange was a free widget.” The good standby, “Paid Product Review,” should work fine (if you have no personality). Be Conspicuous: If you choose to take the ...Wednesday, 04 November 2009 -
Smoking (Cloud) Crack
Category: Network Security & Hacking News/Latest Security News
... If you don't have the secret key, your options for recovering the encrypted content are mathematically tantamount to nil. If you do have someone's secret key file, that person did something very wrong ...Tuesday, 03 November 2009 -
Fundamental Failures With Incident Response Plans
Category: Network Security & Hacking News/Latest Security News
... a data breach. Security folks have an innate desire to learn what happened to others so they can prevent encountering the same fate -- or so they say. However, after personally investigating hundreds of ...Tuesday, 03 November 2009 -
MIT's attack on EC2 an academic exercise
Category: Network Security & Hacking News/Latest Security News
... can be found on my personal blog. Check http://chenxiwang.wordpress.com/category/cloud-security/. What this attack highlights is that the security of cloud computing has everything to do with security ...Monday, 02 November 2009 -
Summarizing Zero Day's Posts for October
Category: Network Security & Hacking News/Latest Security News
The following is a brief summary of all of my posts at ZDNet's Zero Day for October. You can also go through previous summaries, as well as subscribe to my personal RSS feed or Zero Day's main feed. Notable ...Monday, 02 November 2009 -
The Pavlovian yes box
Category: Network Security & Hacking News/Latest Security News
... of how to perform a task and to understand why it works. To train someone on a subject only gives them part of that equation. A person who has been trained on a subject only knows a process to accomplish ...Monday, 02 November 2009 -
Malware Conceals Itself as Boss’s Letter
Category: Network Security & Hacking News/Latest Security News
... to Malware FAKEAV Uses Conficker Worm as Bait Users are advised to be wary in opening any attached file even if it comes from a person with authority or ‘boss’. Trend Micro users are protected ...Monday, 02 November 2009 -
How Secure is your UK Online Banking?
Category: Network Security & Hacking News/Latest Security News
... Many UK banks still resort to the security dated “knowledge based” authentication along side a person’s password. “Knowledge based” authentication is about asking the account holder a question which only ...Sunday, 01 November 2009 -
Email regarding Facebook account update is a phish – part 2
Category: Network Security & Hacking News/Latest Security News
... and got the login screen. When filling in dummy login and password we got redirected to the following screen and to our suprise we didn’t found a webform to submit personal details but instead ...Saturday, 31 October 2009 -
Finjan says controlled access Web portals now prime target of cybercriminals
Category: Network Security & Hacking News/Latest Security News
... using web application firewalls and securing the backend database using database security tools, he explained, are a logical course of preparing to defend those IT resources that contain personal and business ...Friday, 30 October 2009 -
Survey: Employees spend work time shopping
Category: Network Security & Hacking News/Latest Security News
... in 10 Americans who use a mobile work device such as a BlackBerry or iPhone plan to use it for holiday shopping. The increasing use of mobile work devices for personal business such as shopping can lead ...Friday, 30 October 2009 -
Defeating Zombies: Five Ways To Improve Defenses
Category: Network Security & Hacking News/Latest Security News
... Nessus has numerous plugins to test for a wide variety of applications installed on the user's desktop. Some recent scanning of my own personal systems revealed that some applications were out of date! ...Friday, 30 October 2009 -
Enterprise Open Source Intelligence Gathering – Part 3 Monitoring and Social Media Policies
Category: Network Security & Hacking News/Latest Security News
... is to put your Yahoo! Pipe RSS feeds and the other feeds you determined as important and put them into the RSS reader of your choice. I personally like Google Reader because it’s easy to use and ...Thursday, 29 October 2009 -
Phishing experiment sneaks through all anti-spam filters
Category: Network Security & Hacking News/Latest Security News
A recently conducted ethical phishing (New study details the dynamics of successful phishing) experiment impersonating LinkedIn by mailing invitations coming from Bill Gates, has achieved a 100% success ...Thursday, 29 October 2009 -
Securing the Toughest Times
Category: Network Security & Hacking News/Latest Security News
... who is affected in order to know what needs to be protected. Security can also help properly protect the “list” prior to the official announcement. Security personnel (both physical and information) ...Wednesday, 28 October 2009 -
Partnerships and Procurement Are Not the Answer
Category: Network Security & Hacking News/Latest Security News
... cyber threats will require the Defense Department to work more closely with experts in industry... Indeed, the Pentagon must ultimately change its culture, say independent analysts and military personnel ...Wednesday, 28 October 2009 -
Enterprise Open Source Intelligence Gathering – Part 2 Blogs, Message Boards and Metadata
Category: Network Security & Hacking News/Latest Security News
... used) to analyze metadata: EXIFtool http://www.sno.phy.queensu.ca/~phil/exiftool/ (my personal favorite! The swiss army knife of metadata tools) Metagoofil http://www.edge-security.com/metagoofil.php ...Wednesday, 28 October 2009 -
Fordham report on Children's Privacy
Category: Network Security & Hacking News/Latest Security News
Following the No Child Left Behind mandate to improve school quality, there has been a growing trend among state departments of education to establish statewide longitudinal databases of personally identifiable ...Wednesday, 28 October 2009 -
Nastygram: Spoofed FDIC bank fail e-mail
Category: Network Security & Hacking News/Latest Security News
... lead to a counterfeit FDIC page that offers a copy of "your personal FDIC insurance file" to see whether your coverage has been impacted. The files are offered as Adobe PDF Read Full Article ...Wednesday, 28 October 2009 -
US-CERT warns about BlackBerry spyware app
Category: Network Security & Hacking News/Latest Security News
A free BlackBerry spyware application has been released to allow an attacker to call a user's BlackBerry and listen to personal conversations. A free BlackBerry spyware application has been released ...Wednesday, 28 October 2009 -
Interesting Information Security Bits for 10/27/2009
Category: Network Security & Hacking News/Latest Security News
Good afternoon everybody! I hope your day is going well. Here are today's Interesting Information Security Bits from around the web. Some good tips and resources for gathering intelligence. Enterprise ...Tuesday, 27 October 2009 -
Ongoing FDIC Spam Campaign Serves Zeus Crimeware
Category: Network Security & Hacking News/Latest Security News
An ongoing spam campaign impersonating The Federal Deposit Insurance Corporation, is attempting to drop zeus samples by enticing users into installing pdf.exe and word.exe. "Subject: FDIC has officially ...Tuesday, 27 October 2009 -
DHL tracking email contains Bredolab trojan
Category: Network Security & Hacking News/Latest Security News
MX Lab is intercepting a large amount of emails regarding a DHL tracking error with an attached Bredolab trojan. The emails are from Manager Lucinda Poe delivery@dhl-usa.com, where the name of the person ...Tuesday, 27 October 2009 -
Bob Blakley Gets Future Shock Dead Wrong
Category: Network Security & Hacking News/Latest Security News
... got nothing to hide" and others pay for post office boxes, I don't know how we can settle on a single societal norm. And in a world in which cheesy-looking web sites get more personal data — no ...Tuesday, 27 October 2009 -
Gawker Media tricked into featuring malicious Suzuki ads
Category: Network Security & Hacking News/Latest Security News
A group of cybercriminals have successfully managed to trick Gawker's ad sales team into featuring malicious ads serving Adobe exploits (CVE-2008-2992; CVE-2009-0927) and scareware, by impersonating a ...Tuesday, 27 October 2009 -
Commission considers wider-ranging data breach notification law
Category: Network Security & Hacking News/Latest Security News
The European Commission will consider passing new laws forcing organisations that lose personal data to go public with that loss. The Commission has until now been opposed to the creation of wide-ranging ...Tuesday, 27 October 2009 -
Have a workable plan, or else…
Category: Network Security & Hacking News/Latest Security News
... to during the incident? We’ve all seen plans that call for using network analyzers that aren’t accessible to the organization or that call for numbers of personnel that just don’t ...Monday, 26 October 2009 -
Vuln: Linux Kernel 'PER_CLEAR_ON_SETID' Incomplete Personality List Access Validation Weakness
Category: Network Security & Hacking News/Security Exploits and Security Patches
Linux Kernel 'PER_CLEAR_ON_SETID' Incomplete Personality List Access Validation Weakness Read Full Article ...Monday, 26 October 2009 -
Enterprise Open Source Intelligence Gathering – Part 1 Social Networks
Category: Network Security & Hacking News/Latest Security News
... people “John Doe” site:facebook.com *To search personal profile status updates (unless they were made public wall posts via pages or groups) you need to be logged into Facebook and use the ...Monday, 26 October 2009 -
Using Evil WiFi To Educate Users & IT Admins
Category: Network Security & Hacking News/Latest Security News
... possibilities like relying on antivirus to keep their users safe, but I settled on one of my favorite attacks...wireless network impersonation and connection hijacking. During my keynote at Operation ...Monday, 26 October 2009 -
UK newspaper Web site hacked; 500,000 job-seekers affected
Category: Network Security & Hacking News/Latest Security News
In what is being described as a "deliberate and sophisticated crime," the Guardian newspaper in the U.K. says the careers section of its Web site was hacked. In what is being described as a "deliberate ...Monday, 26 October 2009 -
Quick Steampunk Book Review: Boneshaker
Category: Network Security & Hacking News/Latest Security News
... go over the top with the Steam-ification of things. Not a single person went around with brass watch gears sewn to the lapels of their great coat! Top hats with random gears? NONE! This book is about the ...Sunday, 25 October 2009 -
Penetration Testing vs. Vulnerability Assessments
Category: Network Security & Hacking News/Latest Security News
... IT department submits the information regarding the system as opposed to an internal or external person hacking into the network. When a company hires us to do a vulnerability assessment, they have given ...Friday, 23 October 2009 -
Paypal phishing: take online survey and receive money
Category: Network Security & Hacking News/Latest Security News
... progress bar and get a redirect to hxxp://www.developmentalfun.com/attachments/paypal.eu/Revalidate.htm?cmd_submitaccess0023044.submit=data_refund. This is where I need to fill in personal details for ...Friday, 23 October 2009 -
Suicide Bomber Strikes Near Nuclear Facility in Pakistan
Category: Network Security & Hacking News/Global Security News
... a security checkpoint near the Kamra Air Weapon Complex in the district of Attock, Geo News reported. Three security personnel and four This story comes to us via Homeland Security - National Terror ...Thursday, 22 October 2009 -
Best Practices for Verifying and Cleaning up a Compromised Site
Category: Network Security & Hacking News/Global Security News
... from users. October is a great time to brush up on cyber security tips and ensure you're taking the necessary steps to protect your computer, website, and personal information. For general cyber security ...Thursday, 22 October 2009 -
Law of confidence can trump libel law, rules High Court
Category: Network Security & Hacking News/Latest Security News
The High Court has upheld a famous person's rights under the law of confidence over someone else's right to reveal his activity with a prostitute under defamation law. The High Court has upheld a famous ...Thursday, 22 October 2009 -
Report on Chinese Government Sponsored Cyber Activities
Category: Network Security & Hacking News/Latest Security News
... by a person familiar with them.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com) Today's Wall Street Journal features the following story: China ...Thursday, 22 October 2009 -
ZBOT and a CapitalOne Phish
Category: Network Security & Hacking News/Latest Security News
... but to a ZBOT variant. Running the so-called ‘digital certificate’ will only install the notorious ZBOT malware into your system, and will proceed to log your keystrokes, steal personally-identifiable ...Thursday, 22 October 2009 -
Playing games
Category: Network Security & Hacking News/Latest Security News
... and fail to account for a possible offense. Flexibility is critical not just in information security, but in all aspects of our personal and professional lives. People who plan ahead certainly can start ...Wednesday, 21 October 2009 -
Vista Didn't Fail Because of Security
Category: Network Security & Hacking News/Latest Security News
Bruce Schneier points in his blog to an article in The Telegraph in which Steve Ballmer blames the failure of Vista on security. Every security person around should clear their throat loudly. Security ...Wednesday, 21 October 2009 -
Explore the new security features in Windows 7
Category: Network Security & Hacking News/Latest Security News
... system is improved for Windows 7 and creates copies of your most important personal files, ... Windows 7, the newest operating system from Microsoft, simplifies computer security, making it easier for ...Wednesday, 21 October 2009 -
Bredolab trojan keeps on using DHL tracking emails to infect systems
Category: Network Security & Hacking News/Latest Security News
MX Lab keeps on intercepting Bredolab variants where the DHL tracking story is present in the email. The From address is Manager Reinaldo Pelletier delivery@dhl-usa.com. The name of the person is choosen ...Wednesday, 21 October 2009
Site Search
Login Form
Sponsor Advertisements
 |