Best Of Web
Best Of The Web
CIO
Flame Authors Order Infected Computers To Remove All Traces Of The Malware
Flame includes a self-destruct module that overwrites file data to prevent forensic analysis
INFORISK TODAY
LinkedIn Has Neither CIO Nor CISO
With echoes of the Sony and RSA breaches of 2011, LinkedIn says it has no chief information officer nor chief information security officer
SECURITY WEEK
Microsoft Hardens Windows Update, Preps 25 Security Fixes For Patch Tuesday
Microsoft sill patch 25 security vulnerabilities next week, including three critical ones; expert says to focus on Office patches first
EURASIA REVIEW
Barak Acknowledges Israeli Cyberwarfare Capability For First Time
Israeli defense minister confirms one of country's worst-kept military secrets -- country has cyberunit
IT NEWS
Microsoft To Repair Internet Explorer Fault Discovered At Hacking Contest
Patch Tuesday will include a fix for a vulnerability in Internet Explorer that came out of the Pwn2Own hacking contest earlier this year at CanSecWest
THREAT POST
More Sophisticated DDoS Attack A New Threat To Apache Servers
A DDoS attack targeting Web servers has improved its cryptography and attack capabilities to become a more serious threat, Arbor Networks says
WEBSENSE BLOG
Malicious URLs In Fake Craigslist Emails
Websense Security Labs has spotted malicious emails posing as automated notifications from Craigslist -- the embedded URLs redirect the user to malicious web sites hosting Blackhole Exploit Kit
STARS AND STRIPES
Germany Confirms Existence Of Operational Cyberwarfare Unit
Top secret unit is already operational, but its purposes and methods aren't clear
THE NEW YORKER
The Rewards (And Risks) Of Cyber War
A look at the cyber buildup -- and what it could mean
LOS ANGELES TIMES
Like LinkedIn, eHarmony Is Hacked; 1.5 Million Passwords Stolen
Popular dating site says most of the passwords have already been cracked
DIGITAL BOND
Siemens -- The Good, The Bad, And The Bravado
Following security troubles, company offers details on its future security strategy
V3.CO.UK
North Korea Implicated In Malware Attacks On Airport
South Korean officials trace malware to North Korean sources
SOFTPEDIA
CloudFlare Details How AT&T Systems Were Bypassed By Hackers
Attack begins with phone call in which attacker impersonates the CEO
PHYS.ORG
Cyber Experts Warn Of 'Intelligent Weapons'
Global defense experts warn such weapons could be virtually unstoppable
THE WALL STREET JOURNAL
FBI Probes Leaks On Iran Cyberattack
The FBI is investigating who disclosed information about U.S. cyberattacks against Iran's nuclear facilities in the wake of a book excerpt published by The New York Times
SECURELIST
Flame: Replication Via Windows Update MITM Proxy Server
Flame malware uses several methods to replicate itself in addition to the Microsoft Windows Update service -- an in-depth look at how this works
THREAT POST
Firefox 13 Fixes Seven Security Vulnerabilities
Mozilla patched seven security vulnerabilities, including four critical ones, in its new Firefox 13 version, which will download automatically for most users at a restart
DIGITAL BOND BLOG
NY Times Historical Fiction On Stuxnet
The New York Times' article's assertion that Stuxnet propogated beyond Natanz due to an error in the code is incorrect, SCADA expert says
HAARETZ
Israel Airport Security Demands Access To Tourists' Private Email Accounts
Some U.S. tourists with Arab names report being asked by Israeli airport security to provide them access to their personal email accounts
BBC
IPv6: Trillions Of New Net Addresses Now Possible
Internet Protocol version 6 officially launched today as the ultimate replacement for IPv4, which has dwindling address space
KREBS ON SECURITY
Alleged Romanian Subway Hackers Were Lured To U.S.
The suspected leader of a Romanian hacker gang and two others who allegedly stole payment card data from hundreds of Subway restaurants were lured to the U.S. by undercover U.S. Secret Service agents who promised them money and girlfriends
SANS INTERNET STORM CENTER
BIND 9 Update -- DoS Or Information Disclosure Vulnerability
Internet Systems Consortium has issued a security advisory about a possible denial-of-service attack against BIND-named DNS servers -- mostly recursive name servers � but authoritative primary and secondary name servers could also be at risk
THREAT POST
Flame Attackers Used Collision Attack To Forge Microsoft Certificate
Tactic broke cryptographic algorithm used in certificates, experts say
NEW YORK TIMES
A Pandora's Box We Will Regret Opening
Cyberattacks between countries could be the beginning of a long war, expert says
CITY PRESS
'Moroccan Ghosts' Hackers Target Police Website
Police's civilian secretariat site is vandalized
CANBERRA TIMES
Search Engine Exposes Industrial-Size Dangers
Young researchers expose weaknesses of industrial control systems
CLOUDMARK
Dialing Into SMS Spam
The number of SMS scams has quadrupled over the first five months of the year, researchers say
TECHCRUNCH
A Closer Look At The CloudFlare Security Breach
Attack was the result of smart social engineering and a flaw in Google's account recover system
GOVERNMENT INFO SECURITY
Open Letter To New Obama Infosec Adviser
Longtime Central Intelligence CISO offers advice to Michael Daniel
INFOWORLD
Why I Can't Get Inflamed Over Flamer
Latest malware doesn't deserve its celebrity status, expert argues
THE REGISTER
Small Banking Trojan
Tinba (Tiny Banker) is a small, 20-kilobyte file that infitrates browsers and steals banking credentials
THE REGISTER
Apple Quietly Reveals iOS' Security Innards
Apple published a guide to iOS security that spells out the security safeguards it provides
THE NEW YORK TIMES
Expert Issues A Cyberwar Warning
Eugene Kaspersky is also using his company's role in exposing Stuxnet, Duqu, and Flame to argue for an international treaty banning cyberwarfare
INTERNET EVOLUTION
In Defense Of Stuxnet
Stuxnet appears to fall under the National Security Act of 1947 for authorized covert operations
CNET BLOG
Flame: A Glimpse Into The Future Of War
Cyberwar claims are overhyped, but things are heating up in international conflicts where malware is replacing drone strikes
TREND MICRO BLOG
Malicious PowerPoint Contains Exploit, Drops Backdoor
Email contains malicious PowerPoint attachment that includes an embedded Flash file and exploit
FORBES BLOG
U.S. Administration's Reckless Cyber Policy Puts Nation At Risk
U.S.'s refusal to join the ITU's International Multilateral Partnership Against Cyber Threats (IMPACT) left the U.S. out of the loop when Flame alerts hit
NETWORK WORLD
Anonymous Claims Attack On Facebook
Anonymous is claiming responsibility for sporadic service failures around the world at Facebook on Thursday night, while Facebook says loading "issues" were resolved
HELP NET SECURITY
Could Security Breaches Cost Lives?
More than a quarter of companies believe that a major breach could potentially cost customers their lives, study says
INFOSEC ISLAND
Security: How Many People Does It Take?
Security pros should focus only on what they need to protect, not who is attacking them, expert says
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-2059
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
CVE-2013-2007
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
CVE-2013-2006
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.
CVE-2013-1977
OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.
CVE-2013-1964
Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors.