Best Of Web
Best Of The Web
WIRED
Hacking, Lock-Picking, Booze And Bacon: DefCon 17 In Review
A look at highlights of the world's largest hacker convention, including a hacked ATM, hacked badges, and hacked parking meters
NETWORK WORLD
After Links To Cybercrime, Latvian ISP Is Cut Off
An ISP in Riga, Latvia, with alleged ties to online cybercrime -- including botnets, phishing, and rogue antivirus products -- has been shut down
WALL STREET JOURNAL
Regulators Rethink Approach To Online Privacy
FTC, other agencies ask experts for advice on ways to overhaul privacy rules
TIMES ONLINE
The Top 10 Online Scams
Social networking scams rate No. 1, researchers say
HELP NET SECURITY
Cyber Attacks At U.S. Energy Companies
In study, half of security pros at U.S. energy firms say they resolve more than 150 attacks per week
STOREFRONT BACKTALK
Heartland Says Breach Has Cost It $32 Million This Year
Figure includes $22.1 million in fines and settlements, officials say
THE STAR
Toronto Hydro Admits Customer Data Breach
About 179,000 Toronto Hydro customer account numbers were illegally accessed in the company's e-billing system
LAS VEGAS SUN
Gaming Execs: Despite Reports, Hackers Didn't Touch ATMs
Reports that hackers wheeled a fake ATM into Riviera casino are untrue, officials say
COMPUTERWORLD
Korean 'Journalists' Booted From Defcon
Impostors may have been gathering intelligence from security researchers, show organizers say
SYMANTEC
Symantec Issues State Of Spam, State Of Phishing Reports
Researchers offer details on current phishing, spam trends
FORBES
Twitter: More Secure Than You Think
A security expert who helps run Defcon's Wall of Sheep says although Twitter is well-represented on the list of users sending passwords over unsecured networks at the show, the problem is more third-party sites and applications
SECURITY MANAGEMENT
China: 'Hacker Schools' Become Big Business
Schools that teach both hackers and defenders generated more than $34 million last year, report says
THE BETTER BUSINESS BUREAU
Widespread Harassment From Phony Debt Collectors Raises Concerns Of Mass Data Breach
The BBB has issued an alert about fake debt collectors, who are equipped with social security numbers, bank account numbers, and employer information
ZDNET
Fake Microsoft Patch Malware Campaign Makes A Comeback
Bots are now spamming out a phony update for Microsoft Outlook and Outlook Express
THOUGHTCRIME
Moxie Marlinspike Updates SSLSniff
Version 0.6 supports the null-prefix attacks demonstrated at BlackHat and Defcon 17 last week
ZDNET
U.S. Marines Ban Facebook, MySpace, Twitter
The Marine Corps is no longer allowing the use of social networking sites on its network, saying they're a "proven haven for malicious hackers and content"
THE STAR
Toronto Hydro Admits Customer Data Breach
About 179,000 Toronto Hydro customer account numbers were illegally accessed in the company's e-billing system
HEISE SECURITY
Adobe Patches Vulnerability In Reader And Acrobat
Adobe fixes critical security vulnerabilities relating to Flash
INTERNET NEWS
Black Hat Wi-Fi Network Hit By 154 DoS Attacks
Aruba says it detected nine rogue APs, 175 attempts to access Aruba's mobility controller, and 23 impersonation attacks
WIRED
Feds At DefCon Alarmed After RFIDs Scanned
Reader placed at the conference sniffed data from RFID-based ID cards as part of a security awareness project
FORBES
Twitter: More Secure Than You Think
A security expert who helps run Defcon's Wall of Sheep says although Twitter is well-represented on the list of users sending passwords over unsecured networks at the show, the problem is more third-party sites and applications
IDG NEWS SERVICE
Hacking The Defcon Badge
Lie detectors, puzzles, motion detectors -- a look at this year's Defcon badge hacks
THE EXAMINER
NJ Man Charged With Web Name Theft, Sale On Ebay
Union, N.J., man is the nation's first to be prosecuted for domain-name theft
KASPERSKY
Monthly Malware Statistics: July 2009
Cybercriminals are finding new vulnerabilities in popular software so they can use multiple programs to infect victims
FORBES
Twitter: More Secure Than You Think
A security expert who helps run Defcon's Wall of Sheep says although Twitter is well-represented on the list of users sending passwords over unsecured networks at the show, the problem is more third-party sites and applications
THE STAR
Toronto Hydro Admits Customer Data Breach
About 179,000 Toronto Hydro customer account numbers were illegally accessed in the company's e-billing system
THE REGISTER
Scareware Package Mimics Windows Blue Screen Of Death
A new feature with the phony SystemSecurity rogueware mimics Windows' "blue screen of death"
SOPHOS BLOG
Firefox 3.5.2 Released To Fix Critical Security Problem
Mozilla has issued a major update that fixes security issues including hacks demonstrated at Black Hat USA last week
ERRATA SECURITY BLOG
@30k Feet
An insider's view on Delta Airlines' new WiFi in-plane service security -- like any other WiFi hotspot, your main risks are your cookies/passwords being stolen if you don't encrypt everything
NATIONAL CYBERSECURITY.COM
Net Attacks Triple In 2 Years
The Homeland Security Department says attacks on federal systems have jumped more than 250 percent during the past two years
TECHDIRT
Spammer Discovers His Insurance Policy Doesn't Cover $6 Million Spam Fines
A former spammer who ended up in bankruptcy is unsuccessful in attempts to get his insurance company to pay his fines
THE WALL STREET JOURNAL
Security Cyber Czar Steps Down
Melissa Hathaway, who conducted the Obama administration's cybersecurity review, says she's leaving for "personal reasons"E
SCHNEIER ON SECURITY
Another New AES Attack
New practical attack on AES-256 prompts Bruce Schneier to recommend new apps that don't use AES-256
F-SECURE BLOG
Twitter Now Filtering Malicious URLs
F-Secure says Twitter has started filtering tweets that contain links to known malware sites
HOMELAND SECURITY NEWSWIRE
Fort Meade Leads The Competition For New U.S. Cyber Center Site
Defense Secretary Robert Gates is recommending the Defense Department create a new agency called the U.S. Cyber Command at Fort Meade, Md. -- hometown of the NSA
THE STAR
Toronto Hydro Admits Customer Data Breach
About 179,000 Toronto Hydro customer account numbers were illegally accessed in the company's e-billing system
ZDNET
Microsoft Confirms Windows 7 Activation Leak
Microsoft's director of Genuine Windows says an ISO file of Windows 7 RTM sent to Lenovo that contains a number used to verify the authenticity of the software was leaked over the Net
US-CERT
ISC BIND 9 Vulnerable To Denial Of Service Via Dynamic Update Request
ISC BIND 9 contains a vulnerability that could allow an unauthenticated attacker to wage a DOS attack
FORBES
Twitter: More Secure Than You Think
A security expert who helps run Defcon's Wall of Sheep says although Twitter is well-represented on the list of users sending passwords over unsecured networks at the show, the problem is more third-party sites and applications
ASERT BLOG
Return To The Iranian Firewall
Traffic changes over the past several days suggest the return of more severe filtering by the Iranian government
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3496 (vipnet_client, vipnet_coordinator, vipnet_personal_firewall, vipnet_safedisk)
Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file.
CVE-2013-2849 (chrome)
Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
CVE-2013-2848 (chrome)
The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors.
CVE-2013-2847 (chrome)
Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2013-2846 (chrome)
Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2840.