Best Of Web
Best Of The Web
IT WORLD
With Lawsuit Settled, Hackers Now Working With MBTA
After flap with transportation authority over vulnerability disclosure, students now offer advice on security
CNET
Looking Ahead At Security Trends In 2009
Despite downturn, IT security will continue to be a top priority in coming year
WHATISSPYWARE.ORG
Subject Lines Spammers Just Can't Resist
If you see one of these favorites, run, don't walk, to the delete key
FOX NEWS
World Bank Admits Top IT Vendor Has Been Barred For Eight Years
Satyam Computer Services employees accused of placing spyware on bank apps
SAN JOSE MERCURY NEWS
Fry's Exec Accused of $65 Million Fraud To Pay Off Gambling Debts
Company vice president allegedly masterminded a kickback scheme that cost the company millions
WASHINGTON POST
Navy Lab Thief Gets 18 Months In Prison
Computer technician stole more than 19,000 pieces of equipment over ten-year period
WIRED
One Hacker's Audacious Plan To Rule The Black Market In Stolen Credit Cards
Hacker attempted to consolidate the stolen data market
SECURITY FOCUS
Hashing Contest Moves On To Mass Free-For-All
More than 50 finalists for standard now seek to break competitors' entries
ARBOR NETWORKS
New Attack Patterns Emerge In 2009
Podcast outlines new directions for the bad guys in the coming year
BANK INFO SECURITY
Top 10 Security Breaches Of 2008
Ghost of TJX still looms large on breach scene
WIRED
Man Receives Compensation For Cyberbullying
Chinese man suffered "virtual lynching," court says
SECURITYPARK.NET
Ignorance Of Cyber Crime And Cyber Terrorism May Lead To Huge Losses And Endanger Live
EC council member says security is not just network administrator's responsibility, but also each Internet user
VNU
Federal Reserve Spam Attack Emerges
Clever new phishing scam posing as U.S. Federal Reserve warns users about a phishing scam
ZERO IN A BIT
Credit for Researchers
It may be time to get more academic about crediting security researchers for their finds
SOPHOS
McColo Up Again, Down Again
Notorious hosting firm came back online briefly, thanks to a Swedish ISP with a router in San Jose
COMPUTERWORLD
Spam Levels Fluctuate As Crooks Try To Revive Botnets
Some researchers say spam levels are up; others say they are staying down
TIMES OF IT SECURITY
Microsoft Yanks Fake Security Software
Anti-malware tool removes bogus software from nearly a million PCs in just nine days
MASHABLE
Gmail Hack: A Route To Domain Theft?
Gmail has lots of fans, but it may also be the source of recent domain thefts
CHUTNEY TECH
New Report Predicts Massive Increase In Malware And Phishing In 2009
Attackers looking to bolster their efforts after botnet shutdowns, MessageLabs says
HELP NET SECURITY
Free Tool Tests VoIP Systems For Targeted Eavesdropping Vulnerability
Sipera's UCSniff helps detect efforts to tap into phone conversations
ICANN.ORG
281,000 Domains To Be Transferred From EstDomains To Directi
Transfer forced by de-accreditation of EstDomains following CEO's conviction
HELP NET SECURITY
Findings Of The Latest Global Phishing Survey
Phishers concentrating their efforts on top-level domains
DENVER POST
British Government's Identity Card Program Begins
Foreign nationals must carry ID cards for the first time since WWII
WLWT NEWS
Thousands At Risk After Hacker Breaches Computer Mainframe
Luxottica Retail says details on 59,000 employees have been downloaded
NETWORK WORLD
IETF: Should We Fight The Kaminsky Bug?
Standards body debates fixing DNS or pushing new security scheme
WASHINGTON POST
Pharmaceutical Extortionists Take On CIA, FBI, DoD, NSA
Data "kidnappers" may not have known that Express Scripts has a huge base of law enforcement customers
SILICON.COM
Privacy Tsar To Fine Firms Recklessly Losing Data
UK Information Commissioners Office gets more power to punish firms that play fast and loose with data
BBC NEWS
US TV Anchor Convicted of Hacking
News presenter hacked into rival's email and leaked gossip to the press
WIRED
Secret Geek A-Team Hacks Back, Defends Worldwide Web
How Dan Kaminsky found and fought the bug that bears his name
CNET
Senator Probes Privacy Law Following Obama Phone Record Breach
Leahy asks questions about Telephone Records and Privacy Protection Act
INFOWORLD
Ways To Keep Your Laptop, Privacy Safe During Holiday Travel
Ten tips for keeping your data from falling into the wrong hands
BUSINESS WEEK
Network Security Breaches Plague NASA
NASA computers and Websites have been under attack from abroad, stirring national security concerns
ARS Technica
Microsoft Cleans Fake Antivirus Tool From 994,061 PC's
For every 1,000 machines in the US scanned by the MSRT during the last seven days, five were infected with FakeSecSen malware
MARKET WATCH
Javelin Ranks Top U.S. Banks' Identity Safety Measures for Customers
Bank of America is top-ranked for security due to partnering with its customers to protect against identity fraud
IOL
High-Tech Fraud Syndicate Busted
A cybercrime syndicate in South Africa with plants inside various organizations has been broken up
HEISE SECURITY
Buffer Overflow in Vista's TCP/IP Stack
A local vulnerability in Windows Vista could be used by an attacker to take over the OS
SEARCHSECURITY
Apple iPhone 2.2 Update Includes Critical Security Patches
New version of firmware fixes software flaws in both the iPhone and iPod Touch
WIRED
Facebook Awarded Record $873 Million in Spam Suit
In the largest judgment ever under CAN-SPAM, Facebook won't likely see much of the award money
CNET
Online Quiz Tests Phishing Knowledge
SonicWall Phishing and Spam IQ Quiz lets you test your ability phishing-detection acumen
COMPUTERWORLD
Chinese Team Mistakenly Released Unpatched IE7 Exploit
Many hackers already knew about the vulnerability, experts say
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
- Three Principles to Improve Data Security and Compliance
- Aligning IT with strategic business goals: A proactive approach to managing IT risk to your business
- Connecting the Dots: Are You Seeing the Complete Big Data Picture?
- How crowdsourced testing has changed the game for innovative software companies
- Ensuring Your Apps Work in the Real World
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3562
Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3561
Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.
CVE-2013-3560
The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-3559
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.
CVE-2013-3558
The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.


