FOLLOW US
Malware Authors Leave Their Fingerprints On Their Work, Black Hat Researcher Says
Jul 29,2010 |
Careful study of malware can help experts recognize its source and protect against it
Black Hat USA 2010: Complete Coverage
Jul 29,2010 |
A round-up of articles leading up to and live coverage from Black Hat USA 2010, July 24 to 29, Las Vegas
Predicted Fallout Following WikiLeaks Video
Jul 29,2010 |
Government agencies could become all the more secretive, says Gartner VP
ATMs At Risk, Researcher Warns At Black Hat
Jul 28,2010 |
Barnaby Jack demonstrates remote and local exploits that work on popular bank machines
Internet Infrastructure Reaches Long-Awaited Security Milestone
Jul 28,2010 |
The DNS root is now officially signed with security protocol DNSSEC -- next comes development, penetration-testing of the technology
Researcher Exposes Massive Automated Check Counterfeiting Operation Out of Russia
Jul 28,2010 |
'Big Boss' operation used VPN-tunneling botnet, Zeus Trojan, database-hacking, and money mules to help print and cash phony checks
ATMs At Risk, Researcher Warns At Black Hat
Barnaby Jack demonstrates remote and local exploits that work on popular bank machines
Texas Firm Says It Holds A Patent On Spam Filtering
Lanier Law Firm files suit against 36 companies, including top security tool vendors
Tech Insight: How To Cut Security Costs Without A Lot Of Pain
Everything from trading costly training for local conferences to outsourcing some security tasks can save money --- but first carefully consider the options
Malware Authors Leave Their Fingerprints On Their Work, Black Hat Researcher Says
Careful study of malware can help experts recognize its source and protect against it
Microsoft Launches 'Coordinated' Vulnerability Disclosure Program
Microsoft abandons controversial 'responsible disclosure' term, supporting public disclosure of unpatched bug details when attacks hit
Researcher Pinpoints Widespread Common Flaw Among VxWorks Devices
Diagnostics service feature in VxWorks OS kept activated in some VoIP, DSL, SCADA systems leaves them open to attack
Researcher Exposes Massive Automated Check Counterfeiting Operation Out of Russia
'Big Boss' operation used VPN-tunneling botnet, Zeus Trojan, database-hacking, and money mules to help print and cash phony checks
Sourcefire Rolls Out Open-Source 'Razorback'
New platform aimed at better detecting and defending against advanced, targeted attacks
One Breach = $1 Million To $53 Million In Damages Per Year, Report Says
New Ponemon report studies real attack cases and their financial fallout; new Digital Forensics Association study tallies five-year public breach data
Internet Infrastructure Reaches Long-Awaited Security Milestone
The DNS root is now officially signed with security protocol DNSSEC -- next comes development, penetration-testing of the technology
Enterprise Security Market To Grow Nearly 14 Percent In 2010, Study Says
Outlook for 2011 also looks bullish, according to industry research firm Canalys
FTC Slaps Twitter Down Hard For Lax Security, Privacy Violations
Social networking site's claims will be scrutinized for 20 years; security program will be audited for 10 years
'App Genome Project' Exposes Potential Smartphone Risks
Researchers from Lookout will present their findings thus far in study of freebie Android, iPhone apps
Report: British Ministry Of Defense Lost More Than 1,000 Storage Devices In Two Years
Many of the devices were unencrypted; other agencies also at risk
RSA Reports Address Rise In Enterprise Adoption Of Consumer Technologies
Survey of IT and security pros shows most organizations giving end users more leeway and influence in social networking, gadgets
SecureWorks And Dell Partner To Provide Information Security Services To SMB Market
Panda Security, Defence Intelligence Help Bring Down Butterfly Botnet Author
Symantec Earnings Announcement -- Q1 2011
Symplified Unveils Enhancements To Identity And Access Management Platform
Veracode Announces VERAFIED Mark Of Software Security
CoreTrace Launches User-Focused Application Whitelisting Tool
Cloud Security Alliance Announces New User Certification
Open Security Foundation Offers Clearinghouse For Cloud Security Resources
Radiant Logic Enhances Contextual Security Via XACML
SPYRUS Announces Mac and Linux Support For High Assurance Encrypting Flash Drives
INFOWORLD
AT&T Won't Stop Black Hat Demo Of Cell Phone Eavesdropping
JULY 29, 2010
| Operator denies rumors that it will step in to stop presentation at conference
THE REGISTER
Smart Meters Pose Hacker Kill-Switch Risk, Researchers Warn
JULY 29, 2010
| Bad guys could take advantage of ability to turn off power remotely
SEARCH SECURITY
Black Hat: Targeted Network Security Attacks Beating Forensics Efforts
JULY 29, 2010
| Sophisticated approaches foil companies' layered defenses, researchers say
V3.CO.UK
Black Hat: SSL Is Broken, Conference Founder States
JULY 29, 2010
| Thirteen years after hacker conference began, customers still can't safely do business online, Moss decries
ECOMMERCE-GUIDE.COM
FTC Leaning Toward Do-Not-Track List For Online Ads
JULY 29, 2010
| New rules would allow users to opt out of online behavioral tracking
HOST EXPLOIT
Security Lessons From The "Adult" Web
JULY 29, 2010
| Adult sites pose five to six times the risk of malware, according to study
CNET
DHS Tries To Defuse Privacy Criticism, Asks For Help
JULY 29, 2010
| Concerns about Internet monitoring and surveillance are unwarranted, Lute says at Black Hat
WIRED
Court Says Privacy Advocate May Publish Social Security Numbers
JULY 29, 2010
| Federal appeals court tells Virginia attorney general to back off
A look at the 25 most popular stories ever posted on the pages of Dark Reading.
- Four Threats for '09 That You've Probably Never Heard Of (Or Thought About)
- PHPBB Password Analysis
- New Phishing Attack Targets Online Banking Sessions With Phony Popups
- IDC Report: Most Insider Leaks Happen By Accident
- Tech Insight: SQL Injection Demystified
- Researchers Build Anonymous, Browser-Based 'Darknet'
- Test Results: 2009 Anti-Malware Suites Better at Sniffing Out Threats
- Researchers Hack Faces In Biometric Facial Authentication Systems
- The 6 Worst Cloud Security Mistakes
- Hacking The Router Patching Conundrum
- Turkish Hackers Take Out Top Porn Site
- Social Engineering, the USB Way
- Weaponizing Apple's iPod Touch
- Defcon: New Hack Hijacks Application Updates Via WiFi
- How Hackers Will Crack Your Password
- Widespread Confickr/Downadup Worm Hard To Kill
- Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses
- The Seven Deadliest Social Networking Hacks
- 'Mafiaboy': Cloud Computing Will Cause Internet Security Meltdown
- Researchers Take Over Dangerous Botnet
- New Trojan Attack Masquerades As CNN News Report On Gaza
- 6 Tips For Doing More Security With Less
- Heartland Struggles To Measure Extent Of Massive Security Breach
- Visa Tests Credit Card With Random Number Generator
- Researchers To Unleash Backbone-Hacking Tools At Black Hat Europe
Free Vulnerability Management Trial
Qualys is offering a free 14-day trial of its vulnerability management solution, which helps enterprises identify, fix, and report on network security threats.
Free Security Tools from Sophos
Scan for security risks, threats, rootkits and unauthorized applications.
Info-Tech Research Group
A specialist in small and medium-sized businesses, Info-Tech offers a different perspective than research houses that focus on the Fortune 1000.
Video
Evil Bytes
BY John H. Sawyer
Conquering Large Web Apps With Solid Methodology
July 21, 2010
02:16 PM -- This is one of those weeks where I'm trying to wrap up as much as possible before I'm out of the office for Black Hat, BSides, and Defcon. One of those things on my list is a Web application assessment for a client that's a monstrous, open-source beast with subapplications bolted on from all over the place and tons of places for vulnerabilities to ...
SophosLabs Insights
BY Graham Cluley
Block Windows Shortcut Exploit Without Losing Your Shortcut Icons
July 26, 2010
11:31 AM -- Here at SophosLabs we've been working out the best way to protect computer users against the zero-day flaw that has hit all versions of Windows.
Hacked Off
BY Gadi Evron
Killed By Code: The FDA And Implantable Devices Security
July 26, 2010
06:19 AM -- A new report from the Software Freedom Law Center deals with the security implications of bionic medical devices being implanted into the human body.
Security Views
BY Jennifer Jabbusch
Four Must-Have SMB Security Tools
July 28, 2010
10:12 PM -- Regardless of their size, many SMBs still need to meet strict compliance regulations, such as PCI and HIPAA. In addition to any special requirements, there are a few security technologies every small business should have in place. Here are my four SMB security must-haves.
Dark Dominion
BY Kelly Jackson Higgins
Security BSides Grows, But Not Too Much
July 23, 2010
05:10 PM -- The security "unconference" is back in Vegas, and this time the setting is a gated private resort with multiple swimming pools and a sand beach, and the number of attendees signed up so far for the free -- yes, free -- event has doubled. But that doesn't mean Security BSides will lose the intimate vibe that its organizers envisioned and encouraged ...
CS Island
BY Robert Richardson
There's A Recipe For That
June 15, 2010
11:09 AM -- Back in the dark ages when I was a programmer, I became horribly fascinated with a tool called make. It was a tool for dealing with the complexities of, well, making finished executable code.
Featured Resources
Security Whitepapers
- Desktop Software Lockdown: Prevent Zero-Day Attacks
- Best Practices When Enabling Smart Card Authentication in a KVM System
- Why Companies Aren't Relaxing PC Lockdown Policies
- Anatomy of Insider Risk - Why You Could Be Your Worst Enemy
- The New Basics Of IT Management
- eBay: How the World.s Online Marketplace Secures itself
14th Annual CSI SurveySecurity pros generally happy with products; not so much with awareness programs
MORE
|
Published:2010-07-22
Severity:High
Description:Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name.
Published:2010-07-22
Severity:High
Description:Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to the default URI in an rss .xml action, or the id parameter to (2) pag1.php, (3) pag1-guest.php, (4) rss-comment_post.php (aka rss-coment_post.php), or (5) rss-pic-comment.php.
Published:2010-07-22
Severity:Medium
Description:Cross-site scripting (XSS) vulnerability in Small Pirate (SPirate) 2.1 allows remote attackers to inject arbitrary web script or HTML via an onmouseover action in an img BBCode tag within a url BBCode tag.
Published:2010-07-22
Severity:High
Description:SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3.11c Beta and 0.3.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a user action to index.php.
Published:2010-07-22
Severity:Medium
Description:Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the (1) uid parameter, (2) uid parameter in a login_lookup action, (3) uid parameter in an adminlogin action, (4) campaignid parameter in a createcampaign action, (5) type parameter in a view_account_stats action, (6) period parameter in a view_account_stats action, (7) uid parameter in a view_adrates action, (8) accname parameter in an account_confirmation action, (9) loginpass parameter in an account_confirmation action, (10) e9 parameter in a setup_account action, (11) from parameter in an email_advertisers action, (12) message parameter in an email_advertisers action, (13) idno parameter in an edit_ad_package action, (14) Advertiser Name field, (15) First Name field, (16) Last Name field, (17) Address field, (18) Phone Number field, (19) Password Hint field, or (20) URL field; and (21) allow remote authenticated users to inject arbitrary web script or HTML via an unspecified form associated with a view_adrates action.
