Best Of Web
Best Of The Web
PC WORLD
Security Guard Pleads Guilty to Hacking His Employer
Former security guard pleads guilty to charges that he broke into his employer's computers while working the night shift at a Dallas hospital
IT WIRE
Microsoft Controls Worldwide Physical Security Operations From Three Sites
Microsoft Global Security monitors physical security at the company's premises around the world via three centers, located at Redmond, Wash.; Reading, U.K.; and Hyderabad, India
MEDIA POST
Facebook Friends' Names Leak Into Search Engine Results
Facebook members who don't opt-in to Facebook privacy settings have found their name in search results on google.com and names of a few of their Facebook friends listed below including friends who want to remain private
THE REGISTER
Five In Slammer Over Itunes/Ebay Card-Laundry Caper
Five U.K. residents have been arrested for laundering money using iTunes gift vouchers that they sold via eBay and other auction sites
NETWORK WORLD
Car Hackers Can Kill Brakes, Engine, And More
Researchers can connect to a standard diagnostic computer port included in late-model cars and turn off the brakes, change the speedometer reading, and lock passengers in the vehicle
STOREFRONT BACKTALK
Target, Starbucks Suffer Mobile Gift Card Security Hole
Cards number represented by the barcode displays just enough information for cloning and tricking POS barcode scanners
GOVINFOSECURITY
The Wit and Wisdom of Howard Schmidt
Schmidt says in speech that President Obama "is very committed" to moving to e-health environment with the right security and privacy controls
NZ HERALD
Google Collects Home Wireless Data
Google confirmed it gathered data about personal wireless connections from homes around New Zealand in order to provide data for mobile users of Google maps
THE REGISTER
'Bulletproof' ISP For Crimeware Gangs Knocked Offline
Russia-based crimeware-friendly network knocked offline Friday after the plug was pulled on its upstream service provider
IT PRO PORTAL
Imperva Uncovers Massive Botnet
Server-based botnet made up of 300 Web servers is capable of waging sophisticated denial-of-service attacks
TREND MICRO BLOG
Your Tweet Is My Command
Twitter bot builder is being offered for free over the Net and can be used to attack user systems and to wage DDoSes
COMPUTERWORLD
Facebook IDs Hacker Who Tried To Sell 1.5M Accounts
Kirllos found to be Russia-based and likely a low-level actor who does appear to have hacked Facebook accounts
TECHNOLOGY REVIEW
For Sale: Thousands Of Hacked Twitter Accounts
Russian cybercriminal forums offer batches of 1,000 hacked accounts for under $200
ALL FACEBOOK
Facebook Calls All-Hands Meeting On Privacy
After backlash on Instant Personalization, social networking site considers its options
SCIENCE DAILY
Improved Online Security For A Tenth Of The Cost
Fiber optic "beacon" allows users to share encrypted data in a simple, low-cost fashion
SYMANTEC
Phishing Attacks Up 33 Percent Last Month
Automated toolkits account for a portion of the increase, according to Symantec report
MASHABLE
Facebook Attracts More Phishing Attacks Than Google And IRS
Social networking site is now the fourth-biggest target; PayPal stays at No. 1
BUSINESS COURIER
SEC: Stock Market Drop Not Cyber-Terrorism
Officials say free-fall wasn't caused by hackers �� but they're not convinced the problem was a simple keystroke error, either
TMCnet
Insecure File Transfer Practices Lead To Security Vulnerabilities At Federal Agencies
Agencies are not doing enough to monitor and block risky practices, study says
V3.CO.UK
Research Claims IT Makes People Happy
Sense of control, easy communications contribute to users' well-being, study finds
STOREFRONT TALKBACK
New Data Breach Law Says Assessor--Not Visa--Has The Final Word
New law in Washington state tries to force retailers to reimburse financial institutions for any cost incurred due to a breach
HOME OFFICE IDENTITY & PASSPORT SERVICE
Identity Card Initiative To Be Scrapped
Both parties that now form the new British Government say they will cancel Identity Cards and the National Identity Register
MSNBC
German Court Orders Wireless Passwords For All
Germany's top criminal court has ruled that users must secure their private wireless connections by password or face fines
COMPUTERWORLD
Botnet Test That Aimed DDoS At ISP Leads To Guilty Plea
A man charged in the 2006 computer attacks on The Planet and T35 Hosting has agreed to plead guilty after allegedly creating a botnet with another man and trying to sell it for 15 cents per infected computer
THE HILL
FCC To Examine Voluntary Cybersecurity Certification
As part of the National Broadband Plan, the FCC has begun the process of establishing a voluntary cybersecurity certification program for Internet and other communication providers
KREBS ON SECURITY
FBI Promises Action Against Money Mules
Top FBI official said the agency will take enforcement action against so-called money mules who willingly or unknowingly help cybercriminals launder money stolen via online banking fraud
THE ATLANTIC
The Enemy Within
A look at the evolution of the Conficker worm and how it's still out there, waiting
US-CERT
Adobe Releases Update For Shockwave Player
Adobe's security update addresses multiple vulnerabilities in Adobe Shockwave Player 11.5.6.606 and earlier versions for both Windows and Macintosh operating systems
THE NEW INTERNET
Senate Confirms Lt. General Alexander To Head Cyber Command
NSA director will lead effort to protect military systems
MICROSOFT SECURITY RESPONSE CENTER
Microsoft Releases Two Critical Security Updates
Patch Tuesday releases focus on email apps, Visual Basic
WASHINGTON POST
Twitter Briefly Zeroes Out 'Follow' Accounts To Fix A Bug
If your followers briefly went down to zero, it wasn't your fault
EWEEK
Windows Security Software Bypassed With New Technique, Researchers Find
Researchers at Matousec.com outline new method for circumventing popular AV apps
INFOWORLD
Social Networking Raises Legal, Regulatory Issues For Businesses
Many companies finding social networking advantages are just too valuable to block
DASIENT
Q1 Web-Based Malware Data And Trends
Report finds 720,000 infected websites, up from 560,000 in Q4
COBIT CONSULTING
Palo Alto Networks Vulnerability
Cross-site scripting flaw found in next-gen firewalls
COMPUTERWORLD
Heartland Breach Expenses Pegged At $140 Million -- So Far
$42 million set aside to fund future settlements
14-WMAZ
No Evidence Wall Street Drop Was Part Of Cyber Attack
Obama administration adviser for homeland security and counterterrorism says there's no evidence that a cyberattack caused the turbulence in the Dow Jones industrials last week
THE WASHINGTON POST
The Cybersecurity Boom
The Washington, D.C., metropolitan area is fast becoming a cybersecurity capital, as well as an IT stronghold
THE REGISTER
New Attack Bypasses Virtually All AV Protection
Researchers have discovered a way to bypass protections built in to many popular desktop antivirus products, including those of McAfee, Trend Micro, AVG, and BitDefender
ARS TECHNICA
The Potential Dangers Of Microsoft's Secret Patches
Core Security Technologies suggests that with secret fixes within patches, Microsoft could be underplaying some patches, which could result in companies incorrectly prioritizing patches
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-2059
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
CVE-2013-2007
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
CVE-2013-2006
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.
CVE-2013-1977
OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.
CVE-2013-1964
Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors.