Best Of Web
Best Of The Web
COMPUTERWORLD
Microsoft Smacks Patch-Blocking Rootkit Second Time
Microsoft again has attempted to kill a mutating rootkit that has blocked some Windows users from installing security updates
FIFA
Be Wary Of World Cup Email Scams And Internet Hoaxes
FIFA warns of email scams and Internet hoaxes that claim to be part of a FIFA lottery, prize draw, or competition, ask for additional payment for tickets you have "won," or ask for personal information to secure tickets
CIO
The Hacker, The Con Man, The ATM -- And You
19-year-old grocery store employee who was arrested for trying to steal hundreds of thousands of dollars from ATMs was going to use default passwords he found on the Web to reprogram the ATMs
COMPUTERWORLD UK
Microsoft Alleged Click Launderers Claim Innocence
AdCenter beta customers named in two click fraud lawsuits Microsoft filed this week maintain their innocence, saying assisted the software giant in investigating the problem
THREAT POST
Survey Shows Most Flaws Sold For $5,000 Or Less
Data shows that vast majority of vulnerabilities, both client-side and server-side, are being sold for less than $5,000
ARS TECHNICA
Report: Facebook Caught Sharing Secret Data With Advertisers
Facebook, MySpace, Digg, and a handful of other social-networking sites have been sharing users' personal data with advertisers without users' knowledge or consent
H ONLINE
History Stealing 2.0: I Know Where You Live
Developers have refined techniques for gleaning specific information about users from their browser histories such that websites can now find out what articles a user has recently read on news sites, their postal code, and which search terms that have entered into search engines
IT WEB
Quantum Encryption Cracked
Physicists at the University of Toronto in Canada have cracked a commercial quantum cryptography system for the first time in history
SECURITY PARK
Two Thirds Of Data Security Breaches Come From Small Companies
New U.K. rules allow Information Commissioner's Office (ICO) to fine businesses up to ��500,000, equivalent to 10 percent of the highest annual turnover of a small company if they lose confidential personal data
THE REGISTER
IBM Hands Out Malware-Stuffed USB At Security Conference
IBM inadvertently gave attendees of IBM's AusCERT conference malware-infected USB sticks
MASHABLE
WARNING: Facebook Clickjacking Attack Spreading Through News Feed
New attack consists of a message starting with the phrase "try not to laugh xD" with a link to fbhole.com
NETWORK WORLD
Wal-Mart Pushing For Chip-And-Pin Payment Cards In U.S., Report Says
Wal-Mart wants to see chip-and-pin payment cards adopted in the U.S. to better secure financial transactions, according to a report from the Smart Card Alliance event
NEXTGOV
NASA Security Chief Orders Bold Change To Secure Networks
NASA will move from certifying networks are compliant with an old federal regulation to monitoring systems for holes and real-time reporting of threats
SOFTPEDIA
Dutch Public Transportation Website Leaks Private Passenger Information
SQL injection is to blame, authorities say
COMPUTERWORLD
Microsoft Touts Hotmail Security Adds; Users Complain Of Account Hacks
Users say they wish the new security measures were already in place
MSN
U.S. Scientists "Hack" Into Indian Voting Machines
University of Michigan study shows how "tamperproof" machines could be manipulated
TG DAILY
IRS Mulls Tighter Security For Electronic Filing
New procedure could make it harder for tax pros to access electronic filing portal
CNET
Can VeriSign Deal Make Symantec The Web's Identity Broker?
Some observers question security giant's ability to handle the identity piece
SOPHOS
British Home Secretary Reconsiders Extradition Of Gary McKinnon
U.K. celebrities join in fight to keep NASA hacker from U.S. courts
MSN
Pakistan Blocks YouTube Over UnIslamic Content
Crackdown on "offensive" content continues
COMPUTERWORLD
Hacker Steals 22,000 Email Addresses, Demands Astley Tune
Dutch hacker Darkc0ke hacks radio station database, threatens to publish it unless song is played
SOPHOS BLOG
60% Of Facebook Users Consider Quitting Over Privacy
Online poll also finds 16% already having left the social network due to its privacy issues
THREAT POST
Windows 7 Hit by Display Driver Security Hole
Vulnerability could expose users to code execution and denial-of-service attacks, the company warned in an advisory issued late yesterday
METASPLOIT BLOG
Metasploit Framework 3.4.0 Released!
Latest version of the Metasploit Framework has officially been released and includes more than 100 new exploits
THE REGISTER
Google Street View Whacked By German Prosecutors, Czech Data Watchdog
Google has come under scrutiny by European officials
NETWORK WORLD
Black Duck Eggs And Other Secrets Of Chinese Hackers
Ira Winkler says Chinese hackers are already well-entrenched in U.S. networks: "We're generally screwed."
COMPUTERWORLD
Facebook Fixing Embarrassing Privacy Bug
Web programming bug could let attackers alter profile pages or make restricted information public
THINQ
Credit Card Criminal Forum Hacked
Carders.cc, a German Web forum that sells stolen credit card details has been hacked, and the contents of the site's database leaked
GREY LOGIC
Cyber Self Defense: Reduce Your Attack Surface
Agencies are not doing enough to monitor and block risky practices, study says
THREATPOST
Microsoft To Share Vulnerability Details With Governments
Omega initiative features a Defense Information Sharing Program that will give governments a heads-up on pre-patch flaws
H ONLINE
Open MySQL Security Holes
Forthcoming version of Oracle MySQL said to contain important security patches
HOST EXPLOIT
Grand Jury Returns Indictment Charging Nine With Exceeding Authorized Computer Access
Individuals employed by contractor allegedly accessed Obama student loan records through Department of Education systems
AIR FORCE NEWS
Three Thousand Officers Switch To Cyberspace Specialty
Air Force communications officers are now working in cybersecurity, following the switch of 27,000 enlisted personnel in November
KREBS ON SECURITY
Following The Money, Part II
Moscow businessman is accused of conducting spam campaign while serving as a government anti-spam advisor
DANCHO DANCHEV'S BLOG
Koobface Gang Responds To "Ten Things You Didn't Know About The Koobface Gang"
Cyber gang tries to deny association with some exploits
ALERT LOGIC
Facebook Vulnerability May Have Led To Exposure Of Personal Information
Specially crafted link may have allowed attackers to alter users' profiles, researchers say
FOX NEWS
Dozens of TSA Officials Had Identities Stolen in Boston Security Breach
A Massachusetts couple has been charged with identity theft against dozens of Transportation Security Agency officials in Boston
HELP NET SECURITY
Attack Detectors On CPU's Expose Backdoors
Scientists from Columbia University have developed tools that can detect attacks on a computer's CPU
THE INDEPENDENT
Gary McKinnon: 'They Can't Return Me To A Place I Wasn't In'
In an email interview, McKinnon says extraditing him to the U.S. is against the rules of the Magna Carta, and worries him
INFOSECURITY MAGAZINE
Google Says Street View Cars Collected WiFi Data By Mistake
Google admitted it mistakenly collected data sent over WiFi networks using its Street View cars gathering images for its Street View service
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-2059
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
CVE-2013-2007
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
CVE-2013-2006
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.
CVE-2013-1977
OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.
CVE-2013-1964
Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors.