Best Of Web
Best Of The Web
HA.CKERS.ORG
Slowloris HTTP DoS
New tool released by hacker RSnake creates a SYN flood-like attack in HTTP against Apache
SOPHOS
Outlook Reconfiguration Emails Carry Malicious URLs
Attack may be new Zbot variant or a generic backdoor Trojan
NETWORK WORLD
Survey Finds Lack Of Concern For Cloud Security
Fifty percent of companies using or planning to use cloud computing services don't know how they will secure their data there
INFORMATION EXEC
MAAWG Needs Consumer Help In Fight Against Cybercrime
MAAWG and other industry leaders realize the need to enlist consumers in the fight against cybercrime
FEDERAL COMPUTER WEEK
Hathaway: National Cyber Incident Response Plan Coming By Year End
A comprehensive national incident response plan will be completed by the end of the year for response to the cyberattacks, says Melissa Hathaway
THE NEW INTERNET
SAIC Releases Global Cyber Security Model
SAIC and the Supply Chain Management Center at the University of Maryland have published a white paper that analyzes secure supply chains via the Internet
GOVERNMENT COMPUTER NEWS
Cerf Says Internet Lacks Essential Features
One of the fathers of the Internet, Vinton Cerf, says the Net needs authentication and security tools
TG DAILY
China Backs Down Over Green Dam Web Filter
A Chinese official says users will not be mandated to use the Web filtering software
SOPHOS
Cligs Short URL Service Hacked, Millions Redirected
Blogger gets 2.2 million hits before problem can be redirected
SLIGHT PARANOIA
Security Experts Ask Google To Embrace HTTPS For Google Apps
Encryption is important to security of popular apps, experts say
TG DAILY
Universities And Schools Hacked To Sell Viagra And Porn
Cross-site scripting vulnerabilities make education sites a target for attackers, researchers say
IT PRO PORTAL
U.K. Government To Launch U.S.-Like Cybersecurity Center
National center would deal with foreign threats, cybercrime gangs
NEXTGOV
China's 128 Cyberattacks A Minute
U.S. prepares defenses for escalating volume of attacks
INFO SECURITY
PBX Hacking Moves Into Professional Domain As Arrests Stack Up
After years in the background, old hack stands up again
FEDERAL COMPUTER WEEK
DoD Command Won't Militarize Cyberspace
New cyber command will continue to focus primarily on .mil domain, Deputy Defense Secretary says
FINEXTRA
Financial Institutions Have Lost Battle To Protect Customer Data -- TowerGroup
Financial institutions must now assume that all of their customers' and prospects' data has been compromised, study says
WASHINGTON POST.COM
Default Passwords Led To $55 Million In Bogus Phone Charges
The U.S. Justice Department is investigating three Filipino residents accused of hacking into thousands of private telephone networks in the U.S. and overseas via factory-set or default passwords in voicemail
BLOOMBERG
SEC Says 'Spoofed' E-mail Called For Inspector General's Firing
An email urging Chairman Mary Schapiro to fire the agency's inspector general was sent by an outsider posing as an SEC employee
VNUNET
New Facebook URLs Raise Cyber-Squatting Fears
Although Facebook has enacted measures to counter the efforts of cyber-squatters, brand owners must move quickly to mitigate the risk of abuse, experts say
INTERNET EVOLUTION
Social Media Ignites In Iran
Bursts of information out of Iran via Twitter and blogs may either be shedding light into one of the darkest of the world's corners, or merely adding to the confusion and chaos
PWNIE AWARDS
Nominations Open For The Pwnie Awards 2009
Researchers are accepting nominations for best bugs and most lame vendors, as well as other categories
PHISH LABS
Open Formmailers Won't Die
Those pervasive formmailers ("contact us" and "feedback," for example) continue to get abused by fraudsters
COMPUTERWORLD
Open Government Could Lead To Data Leaks
Without new data classification and other standards, the administration's push to move more information online could lead to the inadvertent exposure of sensitive data, security experts say
MAKING THE WEB
Stealing Your History -- Without JavaScript
A newly discovered method sniffs your browsing history without using JavaScript
THE REGISTER
Apple Fans Targeted By Smut-Punting Malware
Two new malware attacks are on the loose against Macs, including one that offers a portal for adult videos
BBC NEWS
China's Computers At Hacking Risk
All PCs in China could be at risk of being taken over by hackers due to flaws in compulsory government software
SOPHOS
Mormon Church's Official Twitter Account Hacked
Attackers use it to spam anti-Mormon messages to followers
HEISE SECURITY
Attacks On SHA-1 Made Even Easier
Australian researchers discover a faster and simpler way of disrupting the SHA-1 hash algorithm
INFORMATIONWEEK
Risk Intolerant: Defense In Depth And The Rise Of Data Loss Prevention
An in-depth analysis of DLP technology
COMPUTERWORLD
Symantec, McAfee To Pay Fines Over Auto-Renewals
Symantec and McAfee have each agreed to pay the New York Attorney General's office $375,000 in fines to settle charges they automatically charged customers software subscription renewal fees without permission
REUTERS
Ex-Govt. Cyber Official, Exec Mulled For Czar Job
Leading candidates for the post include Scott Charney, head of Microsoft's cybersecurity division, and Paul Kurtz, who led Obama's cybersecurity transition team and worked on the National Security Council under both Bush and Clinton
THREAT POST
Mozilla Patches 11 Firefox Security Holes
Six of 11 security vulnerabilities are critical
SOFTPEDIA
Trojan Advertised As Open Source Antivirus Software
'Virus Doctor' offered mostly to e-banking customers in spam campaign
ZDnet
Video Malware Targets Mac Users
Fake video codec bears ill gifts for Web-surfing Mac users
GOVERNMENT INFO SECURITY
Cyber Security R&D Needs New Approach, Experts Say
Focus on established technologies keeps research focusing backward, witnesses tell Congress
COMPUTER WEEKLY
Security Risks Will Limit Cloud Computing, Says Firewall Inventor
Few large businesses will give up control unless benefits outweigh risks, Check Point chairman says
TECHNICAL INFO.NET
Making Sense Of SQL Injection
Some insight on the latest SQL injection threats, and what they mean to your enterprise
TIMES ONLINE
Criminal Gang Bought On Music On iTunes And Amazon Using Stolen Cards
Group wrote music, then bought it to increase popularity
GOVERNMENT COMPUTER NEWS
Effective IT Security Starts With Risk Analysis, Former GAO CTO Says
Government systems will remain a high profile target, Rhodes warns
HUGHESNET
China Defends Net Filtering Software Amid Outcry
Despite security concerns and public backlash, government stands behind decision
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
- HP Newsletter with Gartner Research: Maximizing Your Infrastructure through Virtualization
- Understanding Holistic Database Security 8 Steps to Successfully Securing Enterprise Data Sources
- A How-To Guide on Using Cloud Services for Security-Rich Data Backup
- Holistic Risk Management: Perspectives from IT Professionals
- Aligning IT with strategic business goals: A proactive approach to managing IT risk to your business
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2012-4697
TURCK BL20 Programmable Gateway and BL67 Programmable Gateway have hardcoded accounts, which allows remote attackers to obtain administrative access via an FTP session.
CVE-2011-4520
Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.
CVE-2011-4519
Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.
CVE-2011-4518
Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2012-6563
engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.