Best Of Web
Best Of The Web
NEXTGOV
Private Sector Not Adequately Defending Cyberspace, Security Expert Warns
Voluntary initiatives aren�t working, researcher says
SAN FRANCISCO EXAMINER
Glue Gun Goons Target Unwary ATM Users
Thieves glue down keys on ATM machines and then steal money when customers go into bank for help
NEXGOV
Cyberattacks Against Federal Networks Were Up 40 Percent In 2010
Federal agencies in fiscal 2010 reported 41,776 cyber incidents � up from 30,000 attacks in 2009
SYMANTEC BLOG
Phishing Continues to Target New Zealand Earthquake Victim
Attacks lure users to check in with the bank and provide additional personal information
ARS TECHNICA
Obama Administration Endorses New Privacy Regs, Do Not Track
President calls for new legislation and FTC power to enforce it
SOPHOS NAKED SECURITY BLOG
FedEx Notification Malware Attack Spammed Out
A malware-rigged spam attack posing as a parcel delivery notification is spreading worldwide
SC MAGAZINE
Microsoft, Google Warn Of Limited MHTML Exploits
Microsoft says it has seen "limited, targeted attacks" against an unpatched scripting vulnerability that affects all supported versions of Windows
GOV INFOSECURITY
IRS Financial Systems Vulnerable To Insider Threats
Federal auditors say the Internal Revenue Service is vulnerable to rogue insiders due to inconsistent implementation of security access controls
INTERNET STORM CENTER
Internet Explorer 9 Is Out, Includes New Security Features
Among the new security features is SmartScreen for catching socially engineered malware, Pinned Sites, and SafeSEH
PHILLY.COM
Data Security In Demand, Pays Well
IT security job openings are on the rise, up 54 percent this year on one online job posting site, and yield relatively high salaries
E-COMMERCE TIME
Tech Sector Plays Offense In Shaping Federal Cybersecurity Policy
The Business Software Alliance, The Center for Democracy and Technology, the Internet Security Alliance, TechAmerica, and the U.S. Chamber of Commerce have teamed up and met with congressional staffers to brief them on the coalition�s new white paper on cybersecurity, "Improving our Nation's Cybersecurity through the Public-Private Partnership"
THE WALL STREET JOURNAL
Firefox Maker: 'Do Not Track' Likely to Be Regulated
Mozilla's CEO says the do-not-track tool that lets consumers keep their online habits from being monitored will likely get regulatory backing
WIRED
Former NSA, CIA Chief: Declassify Cyber Vulnerabilities
Retired four-star General Michael Hayden says the U.S. government classifies too much information on cybersecurity vulnerabilities, and that it�s "easier to learn about physical threats from U.S. government agencies than to learn about cyberthreats"
H SECURITY
Google Users Targeted By Hackers
Politically motivated attack also is affecting a major social network, Google says
TECHWORLD
Security B-Sides Speaker List Promises "Left Field"
Alternative conference offers security speakers session that follow the road not taken
KCRA
Health Net Security Breach Could Affect 1.9M Enrollees
Company will not say if missing server drives were stolen or simply lost
STUFF
Iran Launches Cyberattack -- Report
Paramilitary group is attacking websites of 'enemies,' state-owned newspaper acknowledges
SYMANTEC
Spam, Phishing Up In February
U.S. continues to dominate as the most prolific spammer
GOVERNMENT INFO SECURITY
Sensitive Data Remains On Disposed PCs
Many disposed PCs repackaged for public auctions � but haven�t been wiped clean
THE REGISTER
Adobe Promises Emergency Patch For Flash, Reader Bugs
Critical vulnerability is being exploited to install malware on victim machines, company says
eWEEK
Twitter Settles With FTC Over Privacy Breach And Account Hacking
Social network concedes that poor security led to two major hacks in 2009
REUTERS
Hacker Group Releases Bank Of America Employee Correspondence
Anonymous has published emails related to questions around whether the bank improperly foreclosed on some homes
THE ORLANDO SENTINEL
Feds: Ring Bought Stolen Credit Card Numbers, Spent Thousands In Central Florida
Seven members of a Central Florida crime ring spent hundreds of thousands of dollars with stolen credit card numbers that they purchased online from hackers based in or connected to Azerbaijan
GOV INFOSECURITY
OCR's McAndrew On Enforcing HIPAA
Health and Human Services' Susan McAndrew says the two recent HIPPA violation cases demonstrate that the program will be enforced for compliance
NIR GOLDSHLAGER BLOG
Gaining Administrative Privileges On Any Blogger.com Account
Google's Blogger platform was found to have a bug that allows an attacker to add himself as an administrator on the victim's account
THREAT POST
Google Patches WebKit Bug in Chrome
Google has fixed a vulnerability used by researchers to win one portion of the Pwn2Own contest at CanSecWest
ASSOCIATED PRESS
Report: Iran's Paramilitary Launches Cyber Attack
Iranian hackers working for the Revolutionary Guard's paramilitary Basij group have launched attacks on websites of the "enemies," a state-owned newspaper has reported
EASTERN ECHO
Students' Info Lifted, Provided To Third Party
Eastern Michigan University is investigating two former student employees who allegedly gave the names, birthdates, and Social Security numbers of approximately 45 students to a third party
THE DARK VISITOR
US #1 Perp Attacking China�s Classifed Networks
Rising�s new reports shows more than 10 million attacks on classified networks in China -- 90% which the IPs came from mainly the U.S., Japan, and South Korea
BUSINESS INSIDER
"Don't Type" And 9 Other Awkward And Hilarious CAPTCHAs
What does your CAPTCHA say about you? Solve Media provides a slide show of funny word combinations found in CAPTCHAs
COMPUTERWORLD
With Hacking, Music Can Take Control Of Your Car
Researchers have discovered techniques where a hacker could turn a song on a CD into a Trojan by adding code to a digital music file in the car's sound system
INFO-SECURITY
Naval Academy Adds Cybersecurity To Curriculum
The Naval Academy will beef up cybersecurity education in response to its new Fleet Cyber Command/10th Fleet
INFORMIT BLOG
Software [In]security: Software Patents And Fault Injection
Gary McGraw discusses Cenzic���s patent suit, and the invention of fault-injection for security
KATU NEWS
Police Find ATM Skimmer At Credit Union; Suspect Sought
Vancouver, Wash., authorities are searching for a man who allegedly put a skimming device on an ATM at a local credit union after someone reported a suspicious device
THE HACKER NEWS
35,000 Chinese Websites Hacked In 2010
The National Computer Network Emergency Response Technical Team/Coordination Center of China has reported that 35,000 websites on the Chinese mainland were attacked in 2010, including 4,635 government websites
THE REGISTER
DDoS Malware Comes With Self-Destruct Payload
The DDoS attacks on dozens of South Korea's government websites also have carried a malicious payload that causes the infected machines recruited to carry out the assaults to self-destruct and destroy sensitive files
COMPUTERWORLD
Verizon Offers Refunds For Fraudulent SMS Messages
Group duped users into signing up and paying for short-message services, company alleges
TECHNORATI
FTC: Consumer Complaints About Malware, Spyware, Adware Climbed 279 Percent In 2010
"Badware" complaints have risen nearly 850 percent in the past two years, commission says
ZDNET
Pwn2Own 2011: IE8 On Windows 7 Hacked With Three Vulnerabilities
Irish researcher wins CanSecWest hacker contest
PUBLIC INTELLIGENCE
Morgan Stanley Demands Removal Of HBGary AnonLeaks Document
Document released by Anonymous contains CERT information
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-2059
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
CVE-2013-2007
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
CVE-2013-2006
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.
CVE-2013-1977
OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.
CVE-2013-1964
Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors.