Best Of Web
Best Of The Web
NEMESIS
Multiple Bugs On EBAY.CO.UK Website
Researchers discover XSS and iFrame URL injection vulnerabilities that let bad guys launch phishing attacks
THE AUSTRALIAN
Chinese Spies Target PM Kevin Rudd's Email
Prime minister of Australia directly targeted by Chinese hackers trying to break into his email and mobile phone communications
FACEBOOK BLOG
How Microsoft And Facebook Teamed Up Against Koobface Virus
Microsoft's program manager for the company's Malware Protection Center tells how his team worked with Facebook's security team to battle Koobface
BUSINESS WIRE
Anti-Phishing Working Group Leading Initiative To Stop Consumers From Falling Prey To Money Laundering Scams
New public education initiative will deliver free countercrime video instruction to consumers
COMPUTERWORLD
British UFO Hacker's Supporters Rally At U.S Embassy In London
Gary McKinnon's mother was among the protesters demonstrating against his extradition to the U.S. for breaking into military and NASA computers
COMPUTERWORLD UK
G20 Protests: Don't Be Paranoid, But Prepare For Cyberattack, Say Analysts
Banks will face threats of defaced Websites, wireless network intrusions while world leaders convene at G20 summit
WIRED
Vowing to Prevent 'Cyber Katrina,' Senators Propose Cyber Czar
Legislation would federalize cybersecurity and let government regulate cybersecurity protocols in private industry
SCHNEIER ON SECURITY
Who Should Be In Charge Of U.S. Cybersecurity?
Putting national cybersecurity in NSA's hands is a bad idea, says security technologist Bruce Schneier
SEARCHSECURITY
Cloud Computing Group To Tackle Security Concerns
New organization will give security advice to companies adopting cloud computing products
DOXPARA BLOG
New, Improved Conficker Scanner
A new, more accurate nmap Beta 7 is released
ZDNET
DDoS Attack On UltraDNS Affects Amazon.com, Salesforce.com, Petco.com
NeuStar-managed DNS service customers knocked offline for several hours by a distributed denial-of-service attack
COMPUTERWORLD
Conficker's Makers Lose Big, Expert Says
Attackers behind Conficker worm wasted their effort, thanks to widespread attention, argues Symantec executive
THE STRAITS TIMES
Hackers Copied Chinese Cabinet Official's Files
Attackers break into a senior Chinese cabinet official's computer containing drafts of Premier Wen Jiabao's government work
MSNBC
Dalai Lama Condemns Hacking Of Computers
The Dalai Lama says no matter who is hacking into the computers of his Tibetan government-in-exile, the data appears to go to the Chinese government
ZDNET
Malicious Sites Jump 200 Percent
MessageLabs report says it blocked 200 percent more malicious sites with spyware in March than in February
GOOGLE BLOG
Google-Postini Spam Data And Trends: Q1 2009
Overall spam volume is back on track after a drop following the McColo takedown
COMPUTERWORLD
Kaiser Fires 15 Workers For Snooping In Octuplet Mom's Medical Records
A Kaiser Permanente hospital fires 15 employees and reprimands eight others for improperly accessing Nadya Suleman's personal medical
NIST NEWS
Free Online Antivirus, Spyware, And Firewall Scanners Review
A look at free online virus and scanning tools available today
FBI
2008 Internet Crime Report
Internet fraud complaints rise 33.1 percent compared to year prior
IT RISK SPACE
Conficker Handling Instructions
A step-by-step removal of Conficker worm, including a removal tool
CNET
Symantec Investigating Customer Credit-Card Data Theft
Symantec says 200 U.S. customers' credit cards may have been leaked from call center in India
TECHWORLD
Foreign Phisher Makes History With U.S. Conviction
A Romanian man has become the first foreigner convicted by a U.S. court for phishing
HONEYNET PROJECT
Know Your Enemy: Containing Conficker
New research paper explains how to detect, contain, and remove Conficker
WIRED
Former Teen Stock Swindler Hit With New Hacking Charges
Van T. Dinh, who was once imprisoned for an online stock-trading scheme, is back in jail again after allegedly hacking into a currency exchange service
CSO ONLINE
3 Ways Pen Testing Helps DLP (And 2 Ways It Doesn't)
Orbitz CISO says penetration testing is valuable in his data loss prevention strategy -- but it doesn't detect all security problems
THE REGISTER
EU Issues Ultimatum On Internet Privacy
The European Commission delivered an ultimatum to Internet firms to improve privacy or face regulatory enforcement
IT WORLD
Taiwan Says It Will Discuss Cybercrime With China
Official says Taiwan will raise issue of cyberespionage with China during an upcoming meeting in Beijing
BETA NEWS
Virginia Anti-Spam Law Now Dead After Supreme Court Rejects Appeal
An effort to reinvigorate an antispam law that sends serial spammers to jail has failed
ENTERPRISE SECURITY TODAY
Partnership Aims To Fight Cybercrime
Concerned communities in the San Francisco area have formed a cybercrime-fighting alliance in possibly the largest such community effort
COMPUTERWORLD
Gartner: No Need To Drop Heartland, RBS Worldpay Over PCI Delistings
Gartner experts say decision to revoke payment companies' PCI compliance shouldn't affect clients
TENABLE SECURITY
The Anatomy Of Security Disasters
Security expert Marcus Ranum discusses why security breaches happen -- and what to do about them
NETWORK WORLD
Mafiaboy Speaks Out
Teen hacker-turned-pen-tester discusses why the Internet is still broken
DAILY MAIL
19,000 U.K. Credit Card Details Posted On The Net...And Available On Google
Database of stolen identities found with simple Google search
MULTICHANNEL NEWS
Web Privacy Bill Coming
Legislation would prevent online marketers from sharing Web-surfing data without permission
THE REGISTER
Researchers Poke Holes In Super Duper SSL
Assumptions made following initial vulnerability discovery are wrong, researchers say
CBS NEWS
The Internet Is Infected
60 Minutes
SOFTPEDIA
Conficker Hits U.K. Parliamentary Network
Security memo instructs users to stop using removable storage devices
H-DESK.COM
Malware As A Christmas Gift
A guide to recognizing and avoiding holiday-related attacks
SWITCHED.COM
Fifteen Dangerous Emails You Should Delete Immediately
Screen shots show how to recognize the nastiest email attacks
INFOWORLD
Eight Easy Steps To iPhone Security
First rule: never, never leave your iPhone unlocked
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-2059
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
CVE-2013-2007
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
CVE-2013-2006
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.
CVE-2013-1977
OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.
CVE-2013-1964
Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors.