Privacy feature in Internet Explorer 8 leaks private data
|
Fri, 29 Aug 2008 07:13:24 -0700
A privacy feature built into the second beta version of Microsoft's Internet Explorer 8 browser aren't as private as advertised.
The InPrivate Browsing feature in Microsoft's latest browser is designed to delete a user's browsing history and other personal data that is gathered and stored during regular browsing sessions. The feature is commonly referred to as 'porn mode' for its ability to hide which websites have been visited from nosy spouses or employers.
Forensic experts however found it trivial to retrieve the history, according to a test by Webwereld, an IDG affiliate in the Netherlands, and Fox IT, a Dutch firm specializing in IT security and forensic research. ... |
|
| |
The people who make the best guns are not usually the people who are best at making bullet-proof vests.
|
Fri, 29 Aug 2008 04:40:44 -0700
While having a beer with Ed Skoudis at Defcon 16, he shared an interesting idea he has been kicking around, something like "Exploit for the sake of exploiting, the bad guys do it, why can't we... with permission of course."
After the Defcon blur wore off, I followed up with him via email, I asked him if he could elaborate on that conversation, here's what he said: READ MORE |
|
| |
The Current Trend in Spam is Using SWF Redirects
|
Fri, 29 Aug 2008 04:36:25 -0700
One of the new trends in spam e-mails used for malware distribution is the use of maliciously crafted SWF files hosted on legitimate servers. The ActionScript code of the files includes a redirect that takes users to websites that host malware or prompts them to download the malware directly. READ MORE |
|
| |
Terror threat system crippled by technical flaws, says Congress
|
Fri, 29 Aug 2008 04:20:18 -0700
U.S. House subcommittee is charging that a $500 million IT project intended to "connect the dots" on terrorists and help prevent another 9/11 is a failure; it can't even handle basic Boolean search terms, such as "and," "or" and "not."
Allegations of waste and mismanagement were outlined in a staff memo and letter (download PDF) from the Subcommittee on Investigations and Oversight, which is part of the Committee on Science and Technology. The material was released last week in what is a usually a quiet month for Congress during its August recess.
The bulk of the subcommittee's charges come from a memo (download PDF) prepared by subcommittee staff about a data ... |
|
| |
McAfee SiteAdvisor sued over spyware tag
|
Fri, 29 Aug 2008 04:18:48 -0700
In a case that could tie the hands of companies trying to protect their customers from internet threats, a website owner with past ties to a notorious piece of spyware has filed a lawsuit claiming it is being unfairly maligned by warnings from McAfee that the site poses a risk to its customers.
7Search.com filed the complaint in US District Court in Illinois. It seeks unspecified monetary damages and an injunction ordering McAfee's SiteAdvisor service to designate the site as safe. SiteAdvisor, which warns users when they are about to visit a site that may pose security threats, currently displays a warning that reads: "Feedback from credible users suggests that downloads on this ... |
|
| |
How hackers pull a fast flux on security enforcers
|
Fri, 29 Aug 2008 04:15:59 -0700
In the continuing computer security arms race, a technique called fast flux is the bad guys' latest way of thwarting attempts to shut down phishing scams and other Web nasties.
Fast flux was first seen around two years ago, according to Derek Manky, security researcher with Fortinet Inc. in Vancouver. Around a year ago it became popular with operators of botnets - networks of computers belonging to unsuspecting users and infected with bots, allowing them to be controlled remotely and used for phishing and other scams.
Tom Slodichak, chief security officer at security specialist WhiteHat Inc. in Burlington, Ont., says fast flux is a response to security enforcers ... |
|
| |
Fog of attack clouds Best Western hack
|
Fri, 29 Aug 2008 04:14:43 -0700
Analysis Conflicting claims by Best Western and Glasgow's Sunday Herald over the scope of a recent security breach have been put under the microscope by security watchers. The paper claims that eight million records were potentially exposed, while the hotel insists only ten records were accessed.
Register readers familiar with Best Western systems said that the issue turns on whether the compromised PC was able to access the hotel chain's worldwide reservation system or only local data. The issue of whether archived data on guest records was accessible from the infected PC also comes into play.
According to the Herald, an Indian hacker sold information on how to access ... |
|
| |
