Best Of Web
Best Of The Web
TECHEYE
Apple Still Says No To Jailbreaking IPhones
The Library of Congress has revised the Digital Millennium Copyright Act, making it legal to jailbreak the iPhone -- but Apple is still against jailbreaking
HELP NET SECURITY
100 Million Facebook Pages Published On Torrent Site
Facebook pages and personal information of 100 million users of the popular social network is available for download on a torrent site
EWEEK
Cloud Security Alliance Creates Certification Program For IT Pros
CSA has established a user certification program called the Certificate of Cloud Security Knowledge (CCSK)
THE REGISTER
Zeus Bot Latches Onto Windows Shortcut Security Hole
The makers of the Zeus cybercrime toolkit and other strains of malware have begun taking advantage of an unpatched shortcut handling flaws in Windows
GOVERNMENT COMPUTER NEWS
Windows XP In The Crosshairs Of Online Attackers
Operating system becoming a popular target, studies report
NEW YORK TIMES
What's For Sale On The Bug Market?
A look at the business of selling online exploits -- and who's selling them
HOMELAND SECURITY NEWSWIRE
Siemens: Removing SCADA Trojan May Disrupt Power Plants
Tools used to detect and remove malware could interrupt sensitive operations, company warns
ZDNET UK
Cybersecurity Challenge Kicks Off
U.K. competitions could lead to prizes, including internships and jobs
INFOWORLD
The Quiet Threat: Cyberspies Are Already In Your Systems
It might sound far-fetched, but the threat of espionage is very real, experts say
CNN
Citibank Patches Security Hole In iPhone App
Older version mistakenly saved personal information, banking giant says
FOX BUSINESS
Biggest National Security Threat: Cyberattack
America is under attack and not doing enough to stop it
HBVL.BE
Belgian Court Found Fraud In Internet Banking
Internet fraud ring steals money from current accounts, often without the victims ever knowing it
HELP NET SECURITY
L0phtCrack 6.0.9 Released
The popular password audit and recovery tool for Windows and Unix passwords has been updated with new features in scheduling, hash extraction from 64-bit Windows versions, multiprocessor algorithms, and networks monitoring and decoding
THE REGISTER
EU Climate Exchange Website Hit By Green-Hat Hacker
The European Union Climate Exchange website was hacked by protesters against carbon credits
THE NEW YORK TIMES
Hackers With Enigmatic Motives Vex Companies
Researchers reflect on disclosure timing and getting paid for their work
THE GUARDIAN
Chinese Army To Target Cyber War Threat
The People's Liberation Army has unveiled the Information Security Base, its first department focused on cyberwar threats
TOMBOM
Privacy Concerns At Defcon
Researcher Chris Paget warns that his presentation at Defcon will include intercepting cell phone calls, but says not to worry about privacy concerns
INDIAN EXPRESS
Three Police Constables Make Off With ATM, Caught On Camera
Four men, including three policemen, stole an ATM from the Corporation Bank in Shahjahanpur
COMPUTERWORLD
Yahoo May Fund Hackers With Good Ideas
But so far it has no specific plans on how this would work
THE GLOBE AND MAIL
UAE Says RIM Blackberry A Threat To National Security, Social Mores
United Arab Emirates officials say BlackBerry smartphones are a potential threat to the country's national security and is looking at changing how the devices operate to gain better control over them
NEW YORK TIMES BLOG
Apple's Web Browser Allows Sites to Collect Personal Information
A flaw in Apple's Safari Web browser allows sites to harvest personal information from visitors, including their name, address, and phone number
IMPERVA BLOG
Imperva Finds Master Hacker Who Dupes Thousands Into Phishing Army
A new, automated cloud-based phishing kit has been discovered that keeps data collection separate from the phishing site so it preserves stolen data
VERACODE
Deadly Combo: Zero Day Application Vulnerability + OS Vulnerability = Attacker Win
Siemens didn't fix the hard-coded password vulnerability when it was first publicly disclosed, but, rather, waited more than two years once it was being exploited
THE REGISTER
The Hack In The Box ATM Talk That Never Was...
The researcher whose ATM fraud talk was pulled from a recent hacker conference says he was not pressured by ATM manufacturers or banks to forgo his presentation
REUTERS
Baidu May Press Claims Over Hackers: U.S. Judge
China's leading search engin can sue its U.S.-based domain name service provider, Register.com, for breach of contract, gross negligence, and recklessness related to an attack by hackers, a U.S. judge ruled
FOXNEWS.COM
Is National Security Behind Google's Wi-Fi Spying?
EFF questions whether there's a relationship between Google and the NSA, and why that may explain the federal government's apparent hands-off approach to the WiFi spying issue
M86 SECURITY
Revisiting The King Of Spam
Rustock is purely a spambot, and its malware is updated frequently -- it focuses almost purely on Canadian Pharmacy spam campaigns
SOPHOS
More Malware Exploiting Windows Shortcut Vulnerability
Sophos has found two new malware samples being spread by the .LNK vulnerability, following the Stuxnet attack
THE REGISTERE
38 States Grill Google On Three-Year Wi-Fi Slurp
"Snooping code" presents more questions than answers
COMPUTERWORLD
New 'Kraken' GSM-Cracking Software Is Released
Open-source group finds method for breaking A5/1 encryption used by many GSM systems
THREATPOST
Old Wireless Flaws Still Haunting Networks
Researchers at Black Hat will expose new threats to old WEP wireless systems
THREAT POST
How Mass SQL Injection Attacks Became An Epidemic
A look at the growth of an increasingly popular attack vector
DARKNET
Clever Attack Allows Theft Of Names And Addresses From IE And Safari
Browser leaks threaten safety of user data
HOST EXPLOIT
Bank Websites Could Leave Customers Vulnerable
Poorly secured banking sites may expose users to attack, study says
PWNIES.COM
Nominations For Pwnie Awards 2010
Nominees for best bugs -- and biggest gaffes -- of the security year
COMPUTERWORLD UK
Black Hat Conference Will Reveal Hacker Fingerprint Analysis
Advancements in malware analysis could make it easier to attribute code to a specific author
MICROSOFT
Microsoft Releases 'Fix-It' Tool For New Windows Threat
The free tool removes the graphical representation of icons on the Task bar and Start menu bar and replaces them with white icons
FORBES BLOG
Researchers Will Turn Google And Bing Into Web Bug Warning System
A new set of tools to be unleashed at Black Hat next week convert Google and Bing into a sort of automated early warning system for Web hacks worldwide
THREAT POST
Firefox Hit By Drive-by Download Flaws
Mozilla has patched Firefox with a fixes for 16 security flaws that exposed users to drive-by download, data theft, and local bar-spoofing attacks
HEALTHCARE INFOSECURITY BLOG
Prepare Now For HIPAA Modifications
Among the possible changes to HIPAA -- adding patient safety, health information, other organizations that facilitate transmission of patient health records
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
- Three Principles to Improve Data Security and Compliance
- Aligning IT with strategic business goals: A proactive approach to managing IT risk to your business
- Connecting the Dots: Are You Seeing the Complete Big Data Picture?
- How crowdsourced testing has changed the game for innovative software companies
- Ensuring Your Apps Work in the Real World
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3562
Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3561
Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.
CVE-2013-3560
The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3559
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.
CVE-2013-3558
The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.