Best Of Web
Best Of The Web
IT SECURITY PORTAL
400 Percent Increase In USBs Left At The Dry Cleaners
More than 17,000 storage sticks left behind in 2010, study says
FORTINET
Fortieth Anniversary Of The Computer Virus
A look back at some of the most innovative and dangerous attacks since Creeper in 1971
SOFTPEDIA
Zeus Trojan Targets Blackberry Devices
Zeus-in-the-mobile attack steals SMS messages, Trend Micro researchers say
ZDNET
Safari/Macbook First To Fall At Pwn2Own 2011
French pen-testing firm successfully exploits zero-day flaw in Apple software
SECURITY INFOWATCH
USC Computer Breach Affects Thousands
The University of South Carolina has suffered a data breach that exposed the Social Security numbers and other private information of nearly 31,000 people, including faculty, staff, retirees, and students
AFP
US Probes Hacker Threat Over WikiLeaks Soldier
The Pentagon is investigating the Anonymous hactivist group's cyberthreat against the military base that is being used to hold Private Bradley Manning, who is suspected of giving documents to WikiLeaks
NETWORK WORLD
Researchers Unmasking Anonymous Email Senders
Researchers at Concordia University in Quebec have come up with a way to unmask anonymous emailers by analyzing patterns in their writing style, providing law enforcement more information than the IP address
ENGADGET
Microsoft Confirms Internet Explorer 9 Will Launch On March 14th
The release of the new IE browser version will coincide with a press event/party at SXSW and downloads will be available starting at 9 p.m. Pacific
THE SMOKING GUN
Undercover Web Site Derailed By Hosting Firm
An undercover website operated by the DHS in order to catch prospective "sex tourists" was shut down by the Web-hosting provider due to complaints about the site�s content
COMPUTERWORLD
Apple Patches Critical Mac Bugs With Java Updates
Apple yesterday shipped a Java security update that patches 27 vulnerabilities in Java for its Leopard and Snow Leopard
ZDNET BLOG
Dear ISP, It's Time To Quarantine Your Malware-Infected Customers
ISPs should reposition themselves as socially oriented companies, and truly educate the end user as well as alerting and disconnecting malware-infected customers
SC MAGAZINE
Microsoft Closes Four Vulnerabilities, Including DLL Issue
Microsoft released three patches fixing four vulnerabilities that would allow a new remote attack vector to be used for spreading malware
McAFEE
Malware In Recent Korean DDoS Attacks Destroys Systems
Attacks are similar to those launched against the U.S. and South Korea in 2009
THE REGISTER
IPv6 Intro Creates Spam-Filtering Nightmare
Migration will make it more difficult to screen email, experts warn
SOPHOS
Microsoft In Windows Update Spell-Check Shocker
Software giant misspells its own name in Windows update
FEDERAL NEWS RADIO
CIA Cyberattack Still Being Investigated
Authorities say they are still uncertain if attack was the work of a prankster or a foreign government
BLOOMBERG
Hacking Of DuPont, J&J, GE Were Undisclosed Google-Type Attacks
Project Aurora-type attacks hit DuPont, others, but were kept secret, HBGary documents show
ZDNET
Linux Distributor Security List Destroyed After Hacker Compromise
Attackers used a back door to sniff email traffic, report says
ADOBE LABS
Flash Player 10.3 Beta With Privacy-Related Improvements Now Available
New release offers enhanced privacy features
MICROSOFT
March 2011 Security Bulletin Release
Software giant rolls out three updates, one considered critical
BANGKOK POST
The Anti-Social-Network
A group of U.K. teenagers used their hacking prowess to create "Crimebook," a social networking site for criminals
EWEEK
Congress Cuts $20 Million From Cyber-Security in Interim Bill
Some $20 million was cut from cybersecurity in the continuing resolution keeping the government operating until March 18-- the House originally had asked for $60 million in cuts
V3
China Suspected As France Admits G20 Hack
Hackers infiltrated computers in French Finance Ministry in order to steal documents relating to the G20 Summit in February -- the attack began with email attachments rigged with malware
BBC
US And Israel Were Behind Stuxnet Claims Researcher
Israel and the U.S. created the Stuxnet worm to sabotage Iran's nuclear program, Ralph Langner told attendees of the TED Conference last week
SFGATE
Free Anti-Virus Software Does The Job, Experts Say
Free software helps find malware, and paid software has more features that might help keep you from getting a problem in the first place, analysis says
TECHWORLD
WordPress Founder Claims China Root Of Hacker Attacks
DDoS attack that took down WordPress last week originated in China and does not appear politically motivated after all, WordPress founder says
JON OBERHEIDE BLOG
How I Almost Won Pwn2Own Via XSS
Google has patched a serious cross-site scripting vulnerability discovered in the Android Market that would allow an attacker to remotely install arbitrary apps by tricking them into clicking a malicious link
VENTURE BEAT
Security Experts Spot Malware That Attacked Android Phones
In further analysis, Lookout researchers say the DroidDream malware typically operates while the user is likely to be sleeping, from 11 p.m. to 8 a.m., so the user won�t notice unusual behavior on the phone
GOVERNMENT COMPUTER NEWS
Those Behind Stuxnet Attack Might Not Be Who We Think They Are
Investigative tools no match for sophisticated attacks
FINEXTRA
South Korean Bank Websites Hit By DDoS Attacks
The Korea Communications Commission (KCC) said seven bank websites are among a total of 40 victim sites hit by distributed denial-of-service attacks that spanned the President�s and other government sites
INFOWORLD
5 Tips For Keeping Malware Off Your Android Smartphone
Always research the publisher of the app, read online reviews, check app permissions, get a malware scanner for your phone, and don�t download APKs
COMPUTERWORLD
Apple's IPad 2 Provokes IT Anxiety
Experts express disappointment in how difficult it is for IT to deploy and manage these tablets -- Apple has not addressed these issues with either version of the iPad
THE GUARDIAN
China Plans To Track Beijing Citizens Through Their Mobiles
Human rights campaigners are worried about China's plans to track every mobile phone user in Beijing via GPS for what the government claims is for traffic management purposes
MCAFEE BLOG
Analysis Of Android/DRAD Bot
Infected application was related to a wallpaper application called Dandelion, and builds a botnet and uses a Trojan to perform search engine optimization
PC WORLD
Android Edges RIM, Apple As Most Popular Smartphone OS
Google's Android is now officially the most popular smartphone operating system in the U.S., according to new Nielsen data, with 29 percent of market, followed by Research In Motion's BlackBerry and Apple's iPhone, each with 27 percent of the market
PC ADVISOR
Microsoft: We Won�t Update IE Before Pwn2Own
Microsoft may be instead waiting to see what exploits hackers reveal in IE at the contest next week at CanSecWest and focus on getting any necessary patches out quickly
OZARKS FIRST
Security Breach Unsettling For Thousands Of MSU Students
More than 6,000 Missouri State University students had their Social Security numbers exposed after the data was placed on an unsecured server that left the information exposed publicly on the Internet
V3.CO.UK
GhostMarket Cybercrime Forum Fraudsters Jailed
Site said to be the largest English-language forum of its kind
BEFORE IT'S NEWS
Greek Cybercrime Department Prevented 19 Suicides In Jan.-Feb.
Unit says it tracked down users who posted suicide notes on the Web and gave them assistance
MICROSOFT
Microsoft To Issue Three Updates On Light Patch Tuesday
Only one of the patches is considered critical, software giant says
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3496 (vipnet_client, vipnet_coordinator, vipnet_personal_firewall, vipnet_safedisk)
Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file.
CVE-2013-2849 (chrome)
Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
CVE-2013-2848 (chrome)
The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors.
CVE-2013-2847 (chrome)
Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2013-2846 (chrome)
Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2840.