Best Of Web
Best Of The Web
WIRED
TJX Accomplice Sentenced to 7 Years in Prison
Christopher Scott, who helped TJX hacker Albert Gonzalez and others hack into corporate networks, was sentenced to 7 years and one day after pleading guilty to breaching the wireless access points of several retailers between 2003 and 2007 in order to steal credit and debit card data
NEW YORK TIMES BLOG
Keeping a Closer Eye on Employees' Social Networking
A new service makes it easier for companies to keep tabs on their employees' social networking activities
THE REGISTER
Kit Attacks Microsoft Keyboards (And A Whole Lot More)
Security researchers unveiled an open-source device that captures the traffic of a wide variety of wireless devices, including keyboards, medical devices, and remote controls
US NEWS & WORLD REPORTE
Cyberwar Rhetoric Is Scarier Than Threat of Foreign Attack
Marcus Ranum says with the government using the rhetoric of warfare and others warning of danger, it's more about turf enlargement for the feds and vendors selling billions of dollars of solutions to the "problem"
SANS INTERNET STORM CENTER
"Copyright Lawsuit Filed Against You"
New malicious email attack attempts to download additional payload, and only a few AV solutions detect the malicious document
RGJ.COM
Utah Police Arrest Suspected ATM Skimmers; May Be Related To Reno-Sparks Cases
Utah police department arrested two men on charges they illegally hooked up devices to gas station pumps to collect ATM personal identification numbers from unsuspecting customers there
MICROSOFT BLOG
Microsoft to Issue Out-of-Band IE Patch Tomorrow
Attacks are underway exploiting recently revealed flaws in IE6, IE7
ZDNET BLOG
Facebook's Privacy Changes: When Will It Go Too Far (And Will You Even Notice)?
Facebook is trying to downplay a proposed privacy setting change where it will share user data with external sites automatically
LIGHT BLUE TOUCHPAPER
How To Get Money Back From A Bank
Most banks beg off complaints by making it time-consuming and complicated to get a refund, so the best option is to sue the bank
COMPUTERWORLD
Military Warns Of 'Increasingly Active' Cyber-Threat From China
U.S. Navy Admiral Robert Willard told the U.S. House Armed Services Committee that U.S. military and government networks and computer systems continue to be the target of intrusions that appear to originate out of China
SUNBELT BLOG
XBox Live Director's Account Compromised
Larry Hryb, director of XBox Live programming, aka "Major Nelson," had his account taken over at the weekend, with offensive messages posted in the biography section
HEALTHINFOSECURITY.COM
Janitor Plays Key Role in ID Theft Ring
A janitor stole personal information from patient files at Chicago's Northwestern Memorial Hospital on behalf of an identity theft ring in a year-long scam
SYMANTEC BLOG
Password Survey Results
Forty-five percent of users have just a few passwords that are alternated for all accounts
H ONLINE
Large Patch Day For Cisco Admins
Cisco released seven security advisories for its IOS software, including patches for vulnerabilities in IPSec, NAT, SIP, MPLS
INQUISITR
Indiana Woman Claims Facebook Status Update Prompted Robbery
One of her Facebook "friends" allegedly burglarized her house after she posted an update indicating that she and her fiance would be out for the evening
THE REGISTER
World Cup-Themed PDF Attack Kicks Off
Malicious emails are spreading, posing as messages from African Safari organizer Greenlife and claiming that an attached PDF contains a guide to the soccer tournament
ZDNET
EFF: Gmail Vulnerable To Snooping: SSL Certificates Often Faked
The Electronic Freedom Frontier released a report by Internet computer researchers suggesting several international intelligence agencies can and do regularly inject revised SSL security certificates
HOMELAND SECURITY NEWSWIRE
DHS To Work With ISP To Test Einstein 3 Cyber Security System
The Department of Homeland Security will work with a commercial ISP to test the partially classified Einstein 3 system, a real-time, deep packet inspection system for federal agency network traffic
PC WORLD
Is Your Mobile Phone Giving Up Your Phone Number?
Researcher says some networks are reformatting Web data they send to Websites, adding customer information, such as phone numbers, that then can be logged by Web publishers
WIRED
iPhone Hacker Thinks He's Cracked the iPad, Too
George Hotz, the first hacker to unlock the iPhone, says he has developed a new hack for all iPhone OS devices, and he thinks it will work on the iPad, as well
WIRED
TJX Hacker Gets 20 Years In Prison
Albert Gonzalez's sentence is the lengthiest ever imposed in the U.S. for hacking or identity theft
ARCTIC STARTUP
Over 120,000 Sanoma User Credentials Stolen
Breach represents Finland's biggest identity theft ever
COMPUTERWORLD UK
IETF Close To Standard For Reporting Cybercrime
Spec could allow security experts to react faster to cybercrime events, observers say
COMPUTER WEEKLY
SANS Founder Slams 'Terribly Damaging' U.S. Cybersecurity Law
Designed to improve security, FISMA has done just the opposite, expert says
SOPHOS
Celebrity Twitter Hacker Caught By French Police
Hack gave 25-year-old access to personal data of many celebrities, including Barack Obama
ICSA LABS
On The Origin Of Spam
Geographic "origins" of spam can be deceiving, expert says
REUTERS
Inside A Global Cybercrime Ring
Ring harnessed code-writing capability of hundreds of students and young people
SUNBELT
Rogue Toolbars Serve Up Facebook Phishing Pages
Toolbars that offer special features can deliver a nasty sting, researchers say
CNET
U.S. Cyber Command Prepped To Launch
U.S. Cyber Command is ready to go, but waiting Senate approval of its new commander Army Lt. Gen. Kenneth Alexander, director of the NSA
ZSCALER BLOG
March Madness Malware
Several Google searchers for NCAA March Madness terms turned up malicious results that spread fake antivirus
ESECURITY PLANET
FBI Underboss Says Cyber Criminals The New Mafia
Assistant FBI Director Steven Chabinsky said he FBI and other law enforcement agencies have developed organization charts for cybercriminal enterprises, including the coders, the techies and the hackers
BBC
Chinese Web Users Boycott Google
While some citizens gathered outside Google's office in Beijing in support of its decision to end censorship, other Chinese citizens are unhappy
CSO ONLINE
Smart Phone Attacks: Here And Now
The path to smart phone security is about the same as the security on larger computing systems
THE REGISTER
Our Health, Tax, And Search Data Siphoned
Google, Yahoo, Bing, and other leading Websites are leaking medical histories, family income, search queries, and massive amounts of other sensitive data that can be intercepted even when encrypted, computer scientists revealed in a new research paper
THE WASHINGTON POST
Thousands Of Dollars Taken From Bank Accounts Linked To ATM Card Skimmer
Thousands of dollars in unauthorized withdrawals were made from bank accounts in the Washington area after a skimming device was attached to an ATM at a Wachovia branch in Alexandria, Va.
COMPUTERWORLD
U.S. Said To Be Eyeing Cybersecurity Ambassador Role
The U.S. State Department and Congress reportedly are considering creating an ambassador-level position for negotiating cybersecurity matters at the United Nations and for ensuring the country has a consistent international policy on the issue
SOPHOS
Critical Firefox Security Hole Fixed -- Have You Updated?
Mozilla makes early release of Firefox 3.6.2 to help close vulnerability
TECH WORLD
Russia Arrests WorldPay Hackers After FBI Plea
Arrest could mark sea change in Russian stance toward cybercrime, experts say
WIRED
Secret Service Paid TJX Hacker $75,000 A Year
Gonzalez worked undercover, informing on bank card thieves for law enforcement, witness says
VIRUSLIST.COM
Spam Volume Stays Steady In February
Phishing, malware were up slightly, Kaspersky report says
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2012-4697
TURCK BL20 Programmable Gateway and BL67 Programmable Gateway have hardcoded accounts, which allows remote attackers to obtain administrative access via an FTP session.
CVE-2011-4520
Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.
CVE-2011-4519
Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.
CVE-2011-4518
Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2012-6563
engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.