Best Of Web
Best Of The Web
THIS IS SOUTH DEVON
Hacker Admits Stealing $12 Million Worth Of Poker Chips From U.S. Gaming Company
Ashley Mitchell, 29, of the U.K. says he stole 400 billion chips from Zynga and then sold some of them on the black market
INFOSEC ISLAND
Researchers Claim First Hack-Free Software Development
Australian researchers said they have developed the first hack-free software that was designed to be malware resistant, called the seL4 operating system microkernel
COMPUTERWORLD UK
London Stock Exchange 'Under Major Cyberattack' During Linux Switch
A new open-source-based trading system running at the London Stock Exchange may have been hacked last year when the LSE began its changeover to the new Linux-based platform, report says
WIRED
Report: Efforts To Secure Nation's Power Grid Ineffective
An audit by the Department of Energy's Inspector General concludes that security standards for the electric power grid are inadequate and have been implemented inconsistently and improperly in some cases
KREBS ON SECURITY
Spammers Hijack Internet Space Assigned To Egyptian President's Wife
Junk email artists grab addresses assigned to Egyptian government
THE TECH HERALD
Microsoft Offers FixIt Tool To Address Latest Vulnerability
After proof-of-concept is published, software giant takes steps to correct the problem
TG DAILY
100,000 Users Targeted In Mass P2P Sharing Lawsuit
Thought you were safe from those old Napster lawsuits? Think again
WASHINGTON POST
FBI In Hundreds Of Privacy Violations, Report Finds
Bureau may have committed as many as 40,000 intelligence violations since 9/11, study says
SLASHDOT
DHS Offers $40M For Top Cybersecurity Research
Program is designed to encourage research and development on a broad range of technologies
V3.CO.UK
London Stock Exchange Under Cyberattack
Report suggests hackers are trying to disrupt U.K.'s critical infrastructure
TLLOD.COM
Calm Before The Storm? Insights Into Waledac 2.0
Storm's successor preparing to change its spots, researchers say
PLENTY OF FISH
Plenty Of Fish Hacked
CEO of website offers his views on the hack -- and the hacker
ADOBE BLOG
Carnegie Mellon University Study Suggests Browser Cookie Respawning May Be Waning
New study of 500 randomly selected websites suggests that the use of Flash Player local storage to respawn browser cookies may be on the decline, with only two instances of this practice found
V3
London Stock Exchange Under Cyber Attack
The London Stock Exchange (LSE) has reportedly been investigating a possible attack on its systems gearted at disrupting the markets � an expert is quoted as calling the attack "advanced and persistent"
SOURCEFORGE
Sourceforge Attack: Full Report
A recent targeted attack on Sourceforge used root privilege escalation attack led to the theft of credentials that were then used to access machines with externally-facing SSH, according to Sourceforge
THREAT POST
DHS: $40 Million To Research Next Big Thing in Cyber Security
U.S. Department of Homeland Security has issued a request for proposals in a $40 million initiative to encourage research and development in cybersecurity, including developing more resilient software, passwords and CAPTCHA alternatives, and security metrics
TREND MICRO BLOG
Is Retaliation the Answer?
Turning the tables and hacking back at attackers is a dangerous game that can result in retaliation, DDoS attack, and risks of dealing with criminals more than willing to break the law
PC WORLD
Android Becomes Best-Selling Smartphone OS, Says Canalys
Android became the number one-selling smartphone platform as of the fourth quarter of 2010, with 32.9 million Android smartphone shipments worldwide, a market research company says
ZSCALER BLOG
Egypt ... Now Just Gyped
Zscaler data showed a 68 percent increase in transactions to Egypt Web servers on January 26 and the decline and drop to nearly zero on January 28, with the exception of www.egyptse.com, the Egyptian Stock Exchange
THE REGISTER
Judge Rebukes 'World's No. 1 Hacker'
A judge in Georgia has reprimanded a controversial security industry executive for improperly subpoenaing Yahoo and Twitter in an attempt to get user names and passwords belonging to security 25 researchers
MICROSOFT SECURITY BLOG
Microsoft Issues XSS Advisory
Security Advisory 2501696 reveals a cross-site scripting vulnerability in Windows� MIME Encapsulation of Aggregate HTML protocol handler that, if exploited, could result in malware to run in the user's IE session
WIRED
Would-Be Suicide Bomber Killed By Unexpected SMS From Mobile Carrier
An unexpected text message from a wireless company offering Happy New Year�s wishes exploded a would-be suicide bomber�s vest bomb on Russia New Year�s Eve, inadvertently thwarting a planned attack and killing the would-be bomber
FEDERAL NEWS RADIO
DHS Readies New Tools To Combat Cyber Attacks
The Department of Homeland Security is in the final stages of deploying its Einstein intrusion protection system (IPS) implementation across government agencies, and is working on the next version as well, due to be installed in 2011
NAKED SECURITY BLOG
Facebook Awarded Over $360 Million Damages Against Spammer
A U.S. district court awarded Facebook $360,500,000 in statutory damages and issued a permanent injunction against a spammer named Philip Porembski, who allegedly acquired the credentials of some 116,000 Facebook members and spammed out more than 7.2 million messages to their friends
PC WORLD
With Protests Growing, Egypt Cuts Links To Internet
ISPs in Egypt stopped providing the Border Gateway Protocol (BGP) routing and cut off Egyptian users from the rest of the Internet in the wake of civil unrest
NETWORK WORLD
Hackers Turn Back The Clock With Telnet Attacks
New Akamai report says the Telnet protocol is increasing being used to attack servers via mobile networks, some 10 percent of attacks from mobile networks in the third quarter came from the remote access tool Telnet
SUNBELT BLOG
FTC Nails 2008 Scareware Distributors For $8 Million
Two men were fined $8.2 million to settle a U.S. Federal Trade Commission action that charged them with using deceptive advertising to sell consumers rogue security products in 2008; the money will be used to reimburse victims
BANKINFOSECURITY
Senate Democrats Unveil Cybersecurity Bill
Senate Majority Leader Harry Reid and Democratic chairs of the seven committees that oversee IT security introduced new legislation for securing and protecting U.S. critical infrastructure, including the power grid, military assets, financial and telecommunications networks
MICRO SCOPE
EU Gives Intel Green Light On McAfee Deal
The European Union has approved Intel's acquisition of McAfee under the condition it gives other security firms access to its technology as well
MSNBC
The Man In Charge Of Making The Web Safer
White House cybersecurity coordinator Howard Schmidt told MSNBC that the Trusted Identities initiative could use a fob, smart card, or application on a mobile device for e-commerce
BUSINESS INSIDER
Most Users Don't Want To Share Their Location
Microsoft survey on location-based services found that most people think risks outweigh the benefits of sharing their location with others through services, such as Facebook Places and Foursquare
BBC
Five Arrested Over 'Anonymous' Web Attacks
Five men were arrested in the U.K. in connection with Web attacks against high-profile targets as a symbol of support for Wikileaks
WIRED
New York Times: Assange Was A Source, Not Media Partner
An in-depth piece in the newspaper's magazine also says Assange hinted at suing the newspaper if it published the WikiLeaks documents before he allowed it to
SUCURI SECURITY
What To Do When Your Site Gets Blacklisted
Save the index file, scan site for malware, remove the malware, and change all passwords, security firm advises
CNET
Site Of AT&T-IPad Hackers Is Hacked
Goatse Security's website was hacked this week apparently in protest of the hacker group's legal woes after exposing a hole in AT&T's website for iPad customers last year
GAMES BLOG
Farmville Possibly Hacked, Facebook Responds To Other Security Issues
A player known as Ekşın Man has been posting messages on walls of users who aren't his "friends" via the FarmVille app, prompting concerns among players
THE REGISTER
Man Knows When You're Signed In To GMail, Twitter, Digg
A Web developer can tell if visitors to his site are logged in to Gmail, Facebook, Twitter, Digg, and thousands of other websites by using the status codes returned by these sites, in combination with some JavaScript code he embeds
COMPUTER WEEKLY
Smart Meter And Smart Grids: Security Risk Or Opportunity?
Among the top motivations for smart-grid hacking are free electricity and running a botnet on smart meters
MCAFEE BLOG
Massive Online Bank Phishing Attacks In China
McAfee has witnessed SMS Web-phishing attacks targeted Bank of China online banking customers, with a message that sends them to a link that appears to be the bank�s own site
GOVINFOSECURITY BLOG
Giving Obama A 'D' in Infosec
The National Security Cyberspace Institute gave President Obama a "D" in cybersecurity even as his administration has been the most active in this arena, and Melissa Hathaway says it's a fair grade
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3270 (vnx_control_station, celerra_control_station)
EMC VNX Control Station before 7.1.70.2 and Celerra Control Station before 6.0.70.1 have an incorrect group ownership for unspecified script files, which allows local users to gain privileges by leveraging nasadmin group membership.
CVE-2013-1014 (itunes)
Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.
CVE-2013-1011 (itunes)
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
CVE-2013-1010 (itunes)
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
CVE-2013-1008 (itunes)
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.