Welcome Guest. | Log In | Register | Membership Benefits
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173


Best Of The Web

THE DAILY BEAST
Asperger's, Overdiagnosed, Ill Defined, May Not Be a Syndrome Much Longer
Psychiatrists working on the latest edition of the DSM are tightening the definition of autism and possibly eliminating the designation of Asperger?s altogether

COMPUTERWORLD
Microsoft To Issue More Critical Patches Next Week For Win7 Than XP
Microsoft plans to release nine security updates next week to patch 21 vulnerabilities, and researchers say to apply the Internet Explorer patch ASAP

HBGARY BLOG
APT And The Five Eyes Nations
APT is not just a U.S.-centric problem, according to HBGary, which has seen one APT group targeting U.K. and New Zealand defense industries

THREAT POST
New Tool Will Automate Password Cracks On Common SCADA Product
New tools make it easy to test and exploit vulnerable programmable logic controllers

ATLANTIC WIRE
How Anonymous Could Destroy This Law Firm
Military law firm under fire from Anonymous after handling the defense in controversial case

INFOSEC ISLAND
Straight Talk About Compliance From A Security Viewpoint
In the end, compliance is a target that moves at the whim of the auditor

CYBER WAR NEWS
Insight Into The Foxconn.com Data Leak
Foxconn was storing users' passwords and information in clear text, researcher says

HAARETZ
'Anonymous' Hacker Group Threatens 'Reign Of Terror' Against Israel
Group uploads video blaming Israel for committing "crimes against humanity"

SEARCH SECURITY
Survey: Types Of DDoS Attacks On The Rise Due To Hacktivist Groups
Nearly all respondents say they experience at least one DDoS attack per month

BBC
Hackers Vow New 'Anonymous' Attacks On Kremlin Groups
Members of hacktivist group in Russia say they will continue to target pro-Kremlin activists

WASHINGTON POST
Path Deletes Contact Data, Updates App
Company behind journaling app says it has erased all the data that it obtained from users' address books

THE REGISTER
Marlinspike Asks Browser Vendors To Back SSL-Validator
Security researcher Moxie Marlinspike is urging browser developers to support his open-source Convergence project for ensuring trust -- it currently works as an add-on for Firefox

MCAFEE BLOG
Do You Have A False Sense of Cybersecurity For Mobile?
Close to three-quarters of Americans have never installed data protection applications or security software on their mobile devices

IT NEWS
Trustwave Admits Issuing Man-In-The-Middle Digital Certificate, Mozilla Debates Punishment
Security firm says issuing subordinate root certificates to companies so they can snoop on SSL-encrypted traffic is a common industry practice

ARS TECHNICA
Google To Strip Chrome Of SSL Revocation Checking
Google said its Chrome browser will no longer use certificate revocation lists (CRLs) and the online certificate status protocol to handle truest for SSL-based URLs, calling it basically "worthless"

NETWORK WORLD
FTC Warns Background Screening Mobile Apps May Be Unlawful
The Federal Trade Commission has warned six unidentified mobile applications developers, warning them that their background screening apps may be violating federal law

THE TELEGRAPH
Facebook Criticized For 'Hurting' Cybercrime Investigation
A security researcher at Kaspersky Lab criticized Facebook for identifying the alleged members of the Koobface gang

THREAT POST
Researchers Crack Satellite Phone Ciphers
German researchers broke encryption for two protocols for satellite phones, allowing them to listen in on conversations

ZDNET
Malware's The Next Nuclear Bomb: Kaspersky
Eugene Kaspersky, CEO of Kaspersky Lab, says governments already are building malware in the form of cyberweapons

THE STATESMAN
Austin-Based Stratfor Faces Lawsuit Over Data Breach
Federal class action suit filed against Stratfor seeks more than $50 million in damages

HOMELAND SECURITY NEWS WIRE
Anonymous Takes Down DHS Website In Hacking Spree
Hacktivist group takes down DHS homepage along with others in coordinated campaign

HELP NET SECURITY
U.S. Developing Plan To Regulate Critical Infrastructure Company Cyber Defense
Senate plan to boost government's ability to regulate the security of critical infrastructure industries is spurring heated debate

HACKER NEWS
University Of Washington Vulnerable And Database Leaked By Hacker
Database containing passwords and other data is breached more than once

MOBILEDIA
Cyberattacks To Surpass Terrorism Threat, FBI Says
While stopping terrorists is the agency's top priority, cyberattacks pose an increasing threat, director says

ARN
Increasing Malware And Lax Security Biggest Fears For Users: Sophos
Security vendor's latest report reveals what users are really concerned about when going online

CBC NEWS
Four Signs Hacktivism Has Gone Mainstream
Here are a few reasons 2012 could be the year of the hacktivist

INFOSEC ISLAND
Why Infosec Rocks --And Sucks
A look at the pluses and minuses of being a security professional

POLITICO
Senate Cyber Bill: Is This The Lucky Week?
The long-awaited Senate cybersecurity bill may go public later this week that helps beef up the security of the nation's critical infrastructure

IT WORLD
Facebook Malware Scam Takes Hold
A link to malware purporting to be CNN coverage of a US attack on Iran is reaching hundreds of thousands of Facebook users

SC MAGAZINE
Hackers Claim Symantec Would Pay $50,000 Extortion
A Pastebin posting showing a purported email string between a Symantec employee and the hacker who claimed to have stolen source code from the security firm appears to indicate a bribe by the security firm to keep its source code from going public

HACK IN THE BOX
Facebook's Zuckerberg Defends Hacking
Mark Zuckerberg, Facebook CEO, says hackers "believe that something can always be better, and that nothing is ever complete" and "just have to go fix it"

NEW STATESMAN
How Did Anonymous Hack The FBI?
The recent leak of a conference call between FBI agents and Scotland Yard officers apparently occurred after the hackers hacked authorities' email accounts

GOOGLE MOBILE BLO
Android And Security
Google is adding a new service code-named "Bouncer" that automatically scans apps in the Android Market for potentially malicious software -- once a new Android app is uploaded, Bouncer analyzes it for known malware and suspicious behavior

ICS SANS DIARY
Critical PHP Bug Patched
The PHP 5.3.9 release included a security fix that was incorrectly implemented and ultimately introduced another, more severe remote code vulnerability -- experts say to apply the new 5.3.10 of PHP and to avoid .9 if possible

ADOBE BLOG
Flash Player Sandboxing Is Coming To Firefox
Adobe has launched a public beta of a Flash Player sandbox -- Protected Mode -- for the Firefox 4.0 and later and will run on Windows Vista and Windows 7

SYMPLIFIED
HTC Android Phones Can Leak Wi-Fi Passwords
Exposed 802.1X credentials can be picked off by rogue applications

THREAT POST
Update: VeriSign Admits To Security Breaches In 2010
Incidents in 2010 were not reported to company management until late 2011, officials say

SOPHOS
Anonymous Spies On FBI/UK Police Hacking Investigation Conference Call
Hacktivist group releases recording of call on Internet

IMPERVA
SQL Injection Part II: Seeing A Blind SQL Injection
Groundhog predicts long winter of SQL injection attacks

9TO5 MAC
Passware: Filevault Can Be Brute Force Cracked During The Span Of A Lunch Break
Security company says Apple's standard encryption tool is easily decrypted


Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173








Bugs
ENTERPRISE VULNERABILITIES
Vulnerability:ssl-vpn end-point interrogator/installer activex control
Published:2010-11-03
Severity:High
Description:Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method.
Vulnerability:gvim
Published:2010-11-03
Severity:High
Description:Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.
Vulnerability:cforms
Published:2010-11-03
Severity:Medium
Description:Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.
Vulnerability:links, wsn links, wsn links
Published:2010-11-03
Severity:High
Description:Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
Vulnerability:deluxebb
Published:2010-11-03
Severity:Medium
Description:SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.



Briefing Centers
POWERFUL INFORMATION
AT YOUR FINGERTIPS
(SPONSORED LINKS)