Best Of Web
Best Of The Web
INTERNET NEWS
Microsoft Preps Fixes For 13 Security Holes
September patches will fix critical flaws in XP, Windows Server 2003, and Windows Vista, as well as Outlook 2002 Service Pack 3
TG DAILY
Film Studios 'Launch Cyber Attacks On Torrent Sites'
An Indian firm says it waged DDoS attacks on illegal torrent websites on behalf of movie companies, including 20th Century Fox
E-SECURITY PLANET
Is Microsoft Looking To Buy Symantec?
Several investor publications, including Barron's Tech Trader Daily and TheStreet, led with the rumor that Microsoft may be courting Symantec, but such a deal is not imminent, they say
THE BALTIMORE SUN
Employee Charged With Hacking Computer With Porn
Disgruntled worker allegedly used home computer to access Baltimore Substance Abuse System's system, distribute confidential emails from his boss, and break into boss' presentation and insert image of naked woman
MICROSOFT
Microsoft To Issue Nine Patches On Patch Tuesday
Four of the September patches are ranked "critical"
NIST
NIST Finalizes Initial Set Of Smart Grid Cybersecurity Guidelines
Guidelines include high-level security requirements and a framework for assessing risks
MOBILE CRUNCH
iPhone Hacker Discovers New Jailbreaking Exploit
To fix it, Apple must ship new hardware, researcher says
GOVERNMENT INFO SECURITY
Identity Theft: How To Protect Consumers
An interview with Anne Wallace, president of the Identity Theft Assistance Center
SOPHOS
Hacker Behind $9 Million RBS WorldPay ATM Heist Escapes Russian Jail
Following conviction in Russian court, attacker gets six-year suspended sentence
DEFENSE TECH
The Challenge Of Attribution In Cyberwar; Bring On The Lawyers
Tracking cyberattacks back to their original sources will be problematic, military leaders say
NETWORK WORLD
Hackers Create 57,000 Malicious Pages Per Week
Some 375 keywords or brands are hijacked each week, PandaLabs study says
SECURELIST
Android SMS Trojan Now Being Delivered Via SEO Techniques
Malware is triggered by searches of pornography via smartphone
SECURELIST
Twitter XSS In The Wild
Malicious exploit distributes JavaScript payload
THINQ.CO.UK
Pirate Bay Down, Police Raids Across Europe
File-sharing site is target of police dragnet, reports say
WIRED
Ad Firm Sued For Allegedly Re-Creating Deleted Cookies
Federal suit says Specificmedia found a way to remake cookies deleted by users
GOVERNMENT COMPUTER NEWS
Can You Trust Your Data Recovery Vendor?
New NIST guidelines seek to shore up lax vetting processes
SOFTPEDIA
Multiple TechCrunch Websites Infected
Code injection attack affects multiple websites at popular technology publisher
SC MAGAZINE UK
Cybercriminals Seek 'Full' Sets Of Credentials That Trade For Only A Few Dollars
Malicious kits put hackers in business for very little money, RSA study says
RIANOVOSTI
U.S. Gets Ready To Knock The World Offline
Is the U.S. military too focused on cyberwar?
COMPUTERWORLD
Microsoft Investigates Years-Old IE Bug
Only major browser still not patched, says Google security researcher
Another Family Of DDoS Bots: Avzhan
ASERT BLOG
New DDoS bot family appears to be related to IMDDOS/P>
THREAT POST
Gumblar Crew Starts Monetizing Compromised Servers
The group behind the Gumblar mass website infections over the last 18 months is now using some of its compromised servers in spam operations pushing Viagra and fake watches
THE NEW NEW INTERNET
Swedish Political Party Sites Hit By Hackers
Several Swedish political party websites were targeted with DDoS attacks, and one attack posted the organization��s internal emails and passwords
WIRED
Darpa��s Star Hacker Looks To WikiLeak-Proof Pentagon
New Cyber Insider Threat (CINDER) project aims to detect hostile intent or potential removal of sensitive data
COMPUTERWORLD
Researchers Slate 'Month Of Bugs' Launch For Wednesday
The disclosures claim to include unpatched vulnerabilities in Excel, Internet Explorer, and other Microsoft, Apple, and Mozilla applications
EWEEK
New Apple QuickTime Security Flaw Discovered
Vulnerability could be used to bypass security protections in Microsoft Windows
H SECURITY
Microsoft Tool For DLL Vulnerability Interferes With Some Applications
Tool that prevents DLL hijacking may cause some apps not to work properly
REDIFF BUSINESS
Hackers First Attack Quantum Cryptographic Systems
Hackers have performed the first "invisible" attack on quantum cryptography, report says
PC WORLD
Scam Preys On Required TweetDeck Update
Twitter warns users not to upload spurious "update" file
BANGKOK POST
Hackers Attack Philippine Government Website
Government goes on alert following takedown of site
H SECURITY
Unpatched Security Holes: IBM Re-Evaluates
X-Force changes report on vulnerabilities following debate with vendors
GOVERNMENT INFO SECURITY
Senator Gives White House "Incomplete" On Cybersecurity Performance
Administration is trying, but job still isn't done, Carper says
BANK INFO SECURITY
Ten Tips To Thwart Skimming
Best practices to help banks and retailers stop skimming scams
BLOOMBERG NEWS
RIM Averts BlackBerry Ban in India With 60-Day Security Test
India will test Research In Motion��s monitoring solution for 60 days to see if it allows its messenger and enterprise mail services to be tapped by security agencies
THREAT POST
Firefox 4 to Include HTTP Strict Transport Security Support
Mozilla adding to Firefox 4 a new technology called HTTP Strict Transport Security to help thwart man-in-the-middle attacks that let HTTP connections look like HTTPS ones
ELECTRONIC FRONTIER FOUNDATION
Good News: Security Researcher Released on Bail
Hari Prasad, the Indian security researcher arrested for allegedly stealing an electronic voting machine, revealed major security holes in the machine but would not say who gave him the machine
INNOVATIONS REPORT
Vulnerability In Commercial Quanto Cryptograph
Researchers at the Norwegian University of Science and Technology, the University of Erlangen-Nurnberg, and Max Planck Institute for the Science of Light in Erlangen have created a technique that exploits imperfections in quantum cryptography systems
SOPHOS BLOG
iPad And iPhone 4 Tester Scams Hit Facebook
If users find a message about testing iPad and iPhones, they should remove them and change their passwords
COMPUTERWORLD
3M Offers $943M For Biometric Security Vendor Cogent Systems
Acquisition will allow 3M to expand its ID card and authentication systems business beyond its border control and law enforcement markets and into other commercial sectors, the company says
INFOWORLD
No Good Can Come Of A Malware Convention
Some attendees ma show up to learn more about fighting malware, but it��s likely to attract potential black hat attackers
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-2059
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
CVE-2013-2007
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
CVE-2013-2006
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.
CVE-2013-1977
OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.
CVE-2013-1964
Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors.