Welcome Guest. | Log In | Register | Membership Benefits
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173


Best Of The Web

ARS TECHNICA
Accused Estonian Fraudster Extradited To The U.S. Appears In Federal Court
An Estonian man allegedly was among seven Estonian and Russian men who headed up the DNSChanger exploit that infected 4 million users worldwide in a click-fraud scheme

NAKED SECURITY BLOG
MG0893.zip: Your Photo All Over Facebook? Naked? Malware Campaign Spammed Out
A spammed email campaign purports to have information about a revealing photo posted online of the recipient, but instead spreads a Trojan

THE WORLD
US And China Prepare Cyber Defenses In Face of Increased Hacking Threat
Former Chinese patriotic hacker says hacking is about searching for the truth, and provides a peek at the mindset of the Chinese hacker

BREAKINGPOINT SYSTEMS
Ready For DNSSEC?
As global DNSSEC deployment begins, concerns arise for carriers and enteprises -- performance of security devices and bandwidth issues, for example ? so proper testing is crucial

FORBES
Cybercrime Game Theory: Why Apple's Malware Grace Period Ended Early
Malware writers started targeting Macs sooner than expected, and Sourcefire's Adam O'Donnell talks about how this transpired

THREAT POST
FBI Investigating Election Tampering Following Arrest Of CSUSM Student
The FBI is investigating an allegation that a candidate for student body president at California State University San Marcos stole 700 student identities in an attempt to alter election results

BLOOMBERG
Chinese Espionage Campaign Targets U.S. Space Technology
China is stealing U.S. military and civilian space technology in effort to disrupt U.S. access to satellites, State Dept. says

FIERCE GOVERNMENT IT
FBI: Our Social Media Monitoring Is 'Targeted'
FBI officials say they are choosy about when to watch users' social networking activity

BBC
The Memory Stick That Self-Destructs
If you lose it, you can track its location -- and even remotely scramble its content

BBC
Web Surveillance Plans Create 'Nation Of Suspects'
In U.K., government proposals to watch what people do online creates huge privacy concern

CSO
Compliance Isn?t Security, But Companies Still Pretend It Is, Survey Says
HIMSS Analytics Report says increased compliance hasn't slowed increase in breaches of medical records

HELP NET SECURITY
Businesses Unable To Comply With EC 24-Hour Breach Notification
U.K. businesses say they can't meet the deadlines for notification under new guidelines

ELECTRONIC FRONTIER FOUNDATION
Yes, CISPA Could Allow Companies To Filter Or Block Internet Traffic
Proposed U.S. cybersecurity legislation could enable service providers to spy on users, pass their information to government agencies

INFOSEC ISLAND
On The Value Of Security Conferences
Many security conferences spend too much time preaching to the choir, expert says

SAN JOSE MERCURY NEWS
Homeland Security Chief Contemplating Proactive Cyber Attacks
Homeland Security Secretary Janet Napolitano this week said she would consider having technology companies work with the government in "proactive" efforts to stop attackers outside the U.S.

THE WASHINGTON POST
Several Nations Trying To Penetrate U.S. Cyber-Networks, Says Ex-FBI Official
At least six countries are rooting through U.S. corporate and military computer systems looking for data and establishing a presence for possibly disrupting or destroying those networks, says Shawn Henry, who retired from his post last month

THREAT POST
Google Warns 20,000 Webmasters About 'Weird Redirects'
Google has warned around 20,000 website owners that their sites may be compromised and are performing "weird" redirections, possibly to malicious sites

FORBES BLOG
Flashback Mac Botnet Shrinking, But Researchers Disagree Wildly On How Much
Data is all over the map on whether the Flashback Trojan targeting Macs is now dead in the water or a plague that hasn't been eradicated

CNET
White House Questions CISPA Cybersecurity Bill
The Obama administration says information-sharing bills must preserve 'privacy and civil liberties' but stopped short of a veto threat

ESECURITY PLANET
Report: Stuxnet Malware Planted By Iranian Double Agent
Security expert Mikko Hypponen, chief research officer at F-Secure, says this latest theory doesn't add up: "If they had a mole inside who could plant it to the right place, why write a worm at all? I don't buy it," he told one news outlet

THREAT POST
Teen's Arrest Underscores Need for More Secure Web Development
A 15-year-old Austrian boy arrested for breaking into nearly 260 companies during the first three months of this year says he got into hacking because he was bored

TIME MAGAZINE
Anonymous Named To Time's 100 Most Influential People In The World List
The hacktivist collective's disruptive hacks of Arab dictatorships, the Vatican, banking and entertainment firms, the FBI, CIA, Stratfor, and San Francisco's BART transport system helped earn it a spot on the list this year

THREAT POST
New Mac Malware, SabPub, Used In Targeted Attacks
Kaspersky Lab says new malware named SabPub exploits the same Java security hole as the Flashback Trojan and can be used for targeted attacks against Mac users

NAKED SECURITY BLOG
Apple Ratchets Up Security On App Store And iTunes
Apple is forcing some iTunes/App Store/iOS customers to set up three new security questions and an alternate email as another layer in anti-phishing and protection from online fraud

THE NEW YORK TIMES
The Cybercrime Wave That Wasn't
The true measure of the cybercrime problem is the fallout on victims rather than on the gains by the bad guys

CSO ONLINE
Law Firms See Big Money In Healthcare Breach Cases
Filing privacy breach cases as class actions is new and new legal precedents will be made, and plenty of money is at stake

CLEVELAND.COM
Bridgestone Trade Secrets Case Against Scientist Follows FBI Probe
A former scientist at Bridgestone Americas Center for Research & Technology in Akron has been arrested for giving trade secrets that he copied onto CDs to a Chinese polymer maker

BBC
Facebook Supports CISPA Cyber-Security Bill
Facebook is backing the new HR 3523 Cyber Intelligence Sharing and Protection Act that would let government agencies access data of users under suspicion of posing a cyberthreat as well as enable better information-sharing among security agencies and online firms

THE LOS ANGELES TIMES
With So Much At Stake, Companies Turn To Hired Hackers
Aerospace industry firms such as Boeing are recruiting cybertalent in more nonconventional areas, such as job candidates with experience and talent in cybersecurity contests and efforts

ZDNET BLOG
New Version Of Mac OS X Trojan Exploits Word, Not Java
A second variant of the Mac OS X Trojan called SabPub is exploiting a Microsoft Word security hole, not Java vulnerabilities that were used before

THREAT POST
Apple Releases Fix For Flashback Malware
Apple rolls out Java update that is designed to remove Flashback Trojan

INFO SECURITY
Dirt Jumper DDoS Bot Family Has Over 300 Varieties
New version of commercial crimeware kit has already been used to attack numerous websites

SECURITY WEEK
Analyzing the Verizon Breach Report
Hacktivists, organized crime take different approaches to enterprise attacks

SECURITY & DEFENSE AGENDA
CISPA Debate Heats Up
Public backlash to Cyber Intelligence Sharing and Protection Act forces bill's sponsors to step forward

INFOWORLD
Oracle To Issue 88 Security Patches
Latest patch batch will be even larger than the last one, company says

THE LOCAL
Anti-Nazi Hacktivists Vow To Continue Cyberwar
German hackers pledge to continue campaign against the far right, despite crackdown on hacktivism

TECHWORLD
BlackBerry Still Trumps Android For Security, Analysis Finds
Android lags badly, is too fragmented, experts say

GOVERNMENT INFO SECURITY
Assessing Medical Device Security
Panel calls for pre-market security reviews

THE HACKER NEWS
Iran Replacing Google, Hotmail With Its Own Internal Search Engines And Email Services
Iran has disputed a report that quoted an Iranian minister for information and communications technology saying Iran was replacing Internet services, such as Google, Yahoo, and Hotmail, with homegrown services by the country

SYMANTEC BLOG
OSX.Flashback.K -- Suffering A Slashback -- Infections Down To 270,000
Symantec says that the number of Apple Macintosh computers infected with Flashback in the past 24 hours is about 270,000, down from 380,000


Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173








Bugs
ENTERPRISE VULNERABILITIES
Vulnerability:ssl-vpn end-point interrogator/installer activex control
Published:2010-11-03
Severity:High
Description:Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method.
Vulnerability:gvim
Published:2010-11-03
Severity:High
Description:Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.
Vulnerability:cforms
Published:2010-11-03
Severity:Medium
Description:Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.
Vulnerability:links, wsn links, wsn links
Published:2010-11-03
Severity:High
Description:Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
Vulnerability:deluxebb
Published:2010-11-03
Severity:Medium
Description:SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.



Briefing Centers
POWERFUL INFORMATION
AT YOUR FINGERTIPS
(SPONSORED LINKS)