FOLLOW US
Tech Insight: Retooling Vulnerability Scanning, Penetration Testing for IPv6
Sep 03,2010 |
Traditional host discovery via network scanning won't work with IPv6, but alternative methods are available
Five Ways to Stop Mass SQL Injection Attacks
Sep 02,2010 |
The best practices for mitigating this popular form of attack often are not being deployed
IPv6 Transition Poses New Security Threats
Sep 02,2010 |
Next-generation IP protocol comes with more security as well as some potential flaws of its own
Networked Scanners Offer A Window Into The Enterprise, Researcher Says
Sep 01,2010 |
Emerging Web-based features make it possible to capture document contents remotely, Zscaler's Sutton warns
U.S. Businesses Could Lose Up To $1 Billion In Online Banking Fraud This Year
Sep 01,2010 |
Small- to midsized businesses taking the biggest hit, experts say, but consumer banking customers could be next in the bull's eye
Product Watch: Verizon, VMware Team Up With Hybrid Cloud Service
Sep 01,2010 |
New Verizon service offers private public-cloud option
'BadB' Now Charged In RBS WorldPay ATM Case
Alleged ID theft ringleader arrested earlier this month also implicated in massive payroll debit card account theft
DNSSEC Will Drive Certificate Market
While DNNSEC will improve domain authentication, certificates still needed to verify the brand
Researcher Cracks ReCAPTCHA
Homegrown algorithms for cheating Google's reCAPTCHA released earlier this month
U.S. Businesses Could Lose Up To $1 Billion In Online Banking Fraud This Year
Small- to midsized businesses taking the biggest hit, experts say, but consumer banking customers could be next in the bull's eye
Careful With That Third-Party Web Widget
Smaller businesses are more likely to use third-party Web applications on their websites -- and they are less likely to scan such code
Mass Drive-By Attack Used Web Widget
Attackers took a different spin on mass infection, and targeted hosting provider Network Solutions Inc.
Tech Insight: Retooling Vulnerability Scanning, Penetration Testing for IPv6
Traditional host discovery via network scanning won't work with IPv6, but alternative methods are available
IPv6 Transition Poses New Security Threats
Next-generation IP protocol comes with more security as well as some potential flaws of its own
Misconfigured Networks Are Easiest Prey, Hacker Survey Says
Network vulnerabilities are simple to find, easy to attack, DEFCON survey respondents say
Five Ways to Stop Mass SQL Injection Attacks
The best practices for mitigating this popular form of attack often are not being deployed
Delaware Contractor Mistakenly Posts Personal Data Of 22,000 Employees
Data sent along with RFP was not randomized to hide sensitive information, officials say
Four Best Practices For Tokenization
Going beyond Visa's best practices guide
Firewalls Top Purchase Priority In 2010, Survey Says
Mobile computing, social networks, cloud computing named as the top three threats
Product Watch: Verizon, VMware Team Up With Hybrid Cloud Service
New Verizon service offers private public-cloud option
Building Botnets For Fun And Profit
Creating a botnet business can be lucrative -- and isn't as hard as you might think, Black Hat speaker says
Networked Scanners Offer A Window Into The Enterprise, Researcher Says
Emerging Web-based features make it possible to capture document contents remotely, Zscaler's Sutton warns
Enterprise Data Continues To Leak, Study Says
More than one third of companies have experienced the loss of sensitive data in the last year
Major Disruption of Pushdo Botnet Wasn't The Original Goal
Botnet's spam traffic cut by 80 percent
Qualys Releases QualysGuard PCI 5.0 with New Dashboard and Interactive Workflows
nCircle Releases Updated PCI Scan Service
Cloud Security Alliance's User Certification Now Available
Check Point Simplifies Public and Private Cloud Security
Centrify Automates Cloud Security for Enterprise Private and Public Clouds
Onapsis Unveils Security Assessment Tool For SAP
Trend Micro InterScan Messaging Security Virtual Appliance VMware Ready for Mail Security
SKUNKPOST
Blackberry Battle: UN Says Share The Data
SEPTEMBER 3, 2010
| The United Nations' telecommunications chief says Research In Motion should provide law enforcement agencies around the world access to its customer data
GOVERNMENT COMPUTER NEWS
Snoop Dogg Joins Cybercrime Fight Because 'Hack Is Wack'
SEPTEMBER 3, 2010
| Rapper Snoop Dogg and Symantec's Norton are sponsoring a video contest for raps about hacking, identity theft, and computer viruses – the winner gets to meet Snoop, two free tickets to his concert, and a new laptop with Norton Internet Security 2011
MICROSOFT SECURITY RESEARCH & DEFENSE BLOG
The Enhanced Mitigation Experience Toolkit 2.0 is Now Available
SEPTEMBER 3, 2010
| EMET applies security mitigation technologies to prevent vulnerabilities in third-party or other applications from successfully being exploited
THREAT POST
Apple Uses Security Advisory to Push iTunes 10 Upgrade
SEPTEMBER 3, 2010
| Aside from a new social network and GUI upgrades, in the iTunes 10 version Apple also fixed some major vulnerabilities that leave iTunes prone to Web-based attacks
PC WORLD
To Boost Security, Facebook Adds Remote Logout
SEPTEMBER 3, 2010
| Facebook is gradually rolling out a new security feature that lets users see which computers and devices are logged into their Facebook accounts so they can remove
unauthorized ones
US-CERT
Google Releases Chrome 6.0.472.53
SEPTEMBER 3, 2010
| Google has released Chrome 6.0.472.53 for Linux, Mac, and Windows to patch multiple vulnerabilities that could let an attacker run code, bypass security restrictions, steal information, or launch spoofing attacks
THE LOCAL
New Government ID Cards Easily Hacked
SEPTEMBER 3, 2010
| The Chaos Computer Club demonstrated on television how personal information on the new German identification cards can be hacked using the new home scanning machines that go with the cards
IT SECURITY PORTAL
India And Russia Are The Biggest Producers Of Viruses
SEPTEMBER 3, 2010
| India has knocked the U.S. out of the number one virus producer title, according to new data from Network Box, which says India is responsible for 13.74 percent of all of the world’s viruses, followed by Russia, with 11 percent, and the U.S., with just over 8 percent, down from 14.65 percent last month
A look at the 25 most popular stories ever posted on the pages of Dark Reading.
- Four Threats for '09 That You've Probably Never Heard Of (Or Thought About)
- PHPBB Password Analysis
- New Phishing Attack Targets Online Banking Sessions With Phony Popups
- IDC Report: Most Insider Leaks Happen By Accident
- Tech Insight: SQL Injection Demystified
- Researchers Build Anonymous, Browser-Based 'Darknet'
- Test Results: 2009 Anti-Malware Suites Better at Sniffing Out Threats
- Researchers Hack Faces In Biometric Facial Authentication Systems
- The 6 Worst Cloud Security Mistakes
- Hacking The Router Patching Conundrum
- Turkish Hackers Take Out Top Porn Site
- Social Engineering, the USB Way
- Weaponizing Apple's iPod Touch
- Defcon: New Hack Hijacks Application Updates Via WiFi
- How Hackers Will Crack Your Password
- Widespread Confickr/Downadup Worm Hard To Kill
- Drive-By 'War Cloning' Attack Hacks Electronic Passports, Driver's Licenses
- The Seven Deadliest Social Networking Hacks
- 'Mafiaboy': Cloud Computing Will Cause Internet Security Meltdown
- Researchers Take Over Dangerous Botnet
- New Trojan Attack Masquerades As CNN News Report On Gaza
- 6 Tips For Doing More Security With Less
- Heartland Struggles To Measure Extent Of Massive Security Breach
- Visa Tests Credit Card With Random Number Generator
- Researchers To Unleash Backbone-Hacking Tools At Black Hat Europe
Free Vulnerability Management Trial
Qualys is offering a free 14-day trial of its vulnerability management solution, which helps enterprises identify, fix, and report on network security threats.
Free Security Tools from Sophos
Scan for security risks, threats, rootkits and unauthorized applications.
Info-Tech Research Group
A specialist in small and medium-sized businesses, Info-Tech offers a different perspective than research houses that focus on the Fortune 1000.
Video
Evil Bytes
BY John H. Sawyer
Finding Exposed Devices On Your Network
September 1, 2010
08:30 AM -- When browsing through SHODAN, it never ceases to amaze me what I can find. How is it that people think it's okay to leave their printers, routers, fiber channel switches, and industrial control systems completely open to the Internet?
SophosLabs Insights
BY Graham Cluley
Fake Facebook Dislike Button Latest In A Long Line Of Survey Scams
August 17, 2010
06:45 AM -- Facebook users are proving to be easy prey for the current wave of survey scammers.
Hacked Off
BY David Maynor
The Case For Zero-Day Penetration Testing
August 26, 2010
03:27 PM -- Penetration testing is a tightrope act where you balance existing knowledge with a mixture of freshly released- and zero-day knowledge. As a penetration tester, I often hear the argument that zero-day attacks do not belong in a test, that there is no time to prepare for them, so of course the target will be compromised. But I have the exact opposit ...
Security Views
BY Adrian Lane
The Essentials Of Database Assessment
August 30, 2010
10:22 PM -- The three fundamental database security operational practices are refining access control, database configuration settings, and patching. And by "operational" I mean you do them over and over to make sure they are right.
Dark Dominion
BY Tim Wilson
Dark Reading Launches New Tech Center On Authentication
August 8, 2010
02:27 PM -- Today Dark Reading launches a new feature: the Authentication Tech Center, a subsite of Dark Reading devoted to bringing you news, insight, and in-depth reporting on the topic of authentication and certification of end user access.
CS Island
BY Robert Richardson
There's A Recipe For That
June 15, 2010
11:09 AM -- Back in the dark ages when I was a programmer, I became horribly fascinated with a tool called make. It was a tool for dealing with the complexities of, well, making finished executable code.
Featured Resources
14th Annual CSI SurveySecurity pros generally happy with products; not so much with awareness programs
MORE
|
Published:2010-08-19
Severity:High
Description:Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
Published:2010-08-19
Severity:Medium
Description:Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.
Published:2010-08-19
Severity:Medium
Description:Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.
Published:2010-08-19
Severity:Medium
Description:Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors.
Published:2010-08-19
Severity:Low
Description:Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree.
