Best Of Web
Best Of The Web
CNET
Mozilla Is First Major Tech Company To Denounce CISPA
While Facebook, Microsoft, and Oracle have thrown their support behind the controversial Internet surveillance bill that passed in the House last week, Mozilla says the bill "infringes on our privacy"
INFOSEC ISLAND
Did Iran Recover Encrypted Data From Downed Stealth Drone?
If Iran did really recover encrypted data from the downed U.S. drone as it claims, could they use the information gained to compromise another unmanned drone?
SCHNEIER ON SECURITY
Cybercrime As A Tragedy Of The Commons
An essay on cybercrime contends that cybercrime isn't as major a problem as thought, and exaggerating the effects of cybercrime is a direct result of how the estimates are generated, Bruce Schneier notes
E-HACKING NEWS
"The Unknowns" Hacker Group Hacked NASA, US Air Force, ESA, And Others
A group of hackers who goes by "The Unknowns" says it hacked NASA, the U.S. Air Force, Harvard University, Renault, and the European Space Agency -- the group posted documents on Pastebin that it says prove the breaches
OXFORD UNIVERSITY BLOG
Musings On Mac Malware
Oxford University's OxCERT says it has been "somewhat overwhelmed by Mac malware" over the past couple of weeks, and this may be the biggest outbreak since Blaster hit Windows machines in 2003
THREAT POST
Google Fixes Five Bugs In Chrome 18
Google has issued an update that patches five security vulnerabilities in its Chrome browser, including three high-severity flaws
BLOOMBERG
Military Secrets Leak From U.S. Universities With Rules Flouted
Sensitive information gets out through university course material
COMPUTERWORLD
Hackers Pick Google's Pocket With Mac Virus
Hackers behind Mac virus could be making $10,000 a day by hijacking clicks, Symantec says
CIO
Proposed Bill Would Protect Employees� Facebook Passwords
A bill filed in the U.S. House of Representatives would protect people from snooping employers and schools
THE REGISTER
Skype Slurping Software Threatens IP Exposure
It's a P2P problem, says Redmond subsidiary
SECURITY WEEK
Why Bad Security Is Bad Business
Business leaders must learn that IT security risks are real risks to their success
TRUSTEER
Fake G-Men Attack Hijacks Computers For Ransom
Ransomeware poses as the U.S. Department of Justice and hijacks victims' computers
COMPUTERWORLD
Iran Admits Expanded Cyberattacks, Claims It's Identified Hackers
But state-backed media reports are thin on details
SECURITY NEWS DAILY
How Far Behind Is Apple's Security?
Eugene Kaspersky says Apple is 10 years behind Microsoft. Is he right?
GOVERNMENT COMPUTER NEWS
House Wraps Up Cyber Week By Passing Two More Security Bills
The House of Representatives passed both the Cybersecurity Enhancement Act of 2011, H.R. 2096, and the Advancing America�s Networking and Information Technology Research and Development Act of 2012, H.R. 3834 -- all following passage of the controversial Cyber Intelligence Sharing and Protection Act (CISPA)
THE LOS ANGELES TIMES
Full FCC Report On Google Street View Reveals New Details
The Google engineer who wrote Street View software said he intentionally wrote it for the program to grab emails, passwords, and other data from unprotected wireless networks and told fellow engineers and a senior manager that he did so
FARS NEWS
Cyber Attack Fails To Hack Iranian Science Ministry
Iran's Ministry of Science, Research and Technology yesterday said hackers did not get inside the Ministry's network despite media reports of their network going down after a cyberattack
IT PRO UK
Workplace Facebook Bans Are A Waste Of Time
Barracuda Networks' chief research officer says when companies ban social networks in the workplace, users usually find a way around the ban
THE WALL STREET JOURNAL BLOG
Religious Sites Are Worst For Malware, Report Finds
Symantec's new Internet Security Threat Report says religious websites are the most at risk of harboring malware, mainly fake antivirus software attacks
COMPUTERWORLD
Snow Leopard Users Most Prone To Flashback Infection
Russian antivirus firm Dr. Web says data shows that nearly two-thirds of the Macs infected by the Flashback Trojan were Macs running OS X 10.6, a.k.a. Snow Leopard, while 28 percent of Lion OS users are running outdated versions of the OS
HELP NET SECURITY
Popular Android Apps Leak Private Information
AhnLab has discovered many popular Android apps are asking for excessive permissions to access to user data
NAKED SECURITY BLOG
Intruder Compromises User Database For Star Trek Online And Other MMORPGs
Cryptic Studios had informed users that it suffered a database breach exposing online gaming customers 16 months ago, exposing user account names, handles, and encrypted passwords, some of which were cracked
NAKED SECURITY BLOG
Python-Based Malware Attack Targets Macs. Windows PCs Also Under Fire
SophosLabs says a new malware attack targeting both Mac and Windows computers exploits the Java vulnerability that was used in the Flashback Mac infection -- patches for the Java vulnerability have been available since Feb. 14 for Windows, Linux, and Unix computers, and since early April for Mac
NETWORK WORLD
Microsoft Patches Hotmail After 0-Day Remote Password Reset Exploited In The Wild
Microsoft has now fixed a zero-day password reset and setup flaw in Hotmail that cybercriminals were already exploiting
CNET
Globalsign Breach Stemmed From Unpatched Server
CA GlobalSign's Web server breach last year was tied to a piece of open-source software not being updated, a senior GlobalSign executive told ZDNet UK
SEARCH SECURITY
Google Vulnerability Reward Program Increases, Microsoft Unfazed
Google has increased its bounty for vulnerabilities that allow for code execution to $20,000, but lowered it bounty for lower-risk bugs
THREAT POST
Critical Bug Reported In Oracle Servers
Proof-of-concept exploit code is out for a remotely exploitable bug in all current versions of Oracle's database server -- Oracle reported the bug fixed, but actually only fixed it in upcoming, not existing, versions of the software
COMPUTERWORLD
Engineers Look To Fix Internet Routing Weakness
Internet traffic can be maliciously routed in order to spy on communications, so experts are studying for an easier fix to remedy this
THE CHICAGO SUN TIMES
House Passes CISPA Cybersecurity Bill Obama Opposes
The U.S. House of Representatives voted in favor of the Cyber Intelligence Sharing and Protection Act (CISPA), which would encourage companies and the feds to share information on cyberattacks
THE REGISTER
Elgamal, Marlinspike Join Dream Team Tackling SSL Screw-Ups
The new SSL Pulse dashboard shows that only 10 percent of the world's top websites follow SSL deployment best practices.
BLOGSPOT
The Facebook Hack -- What Really Happened
Convicted hacker tells the story in his own words
CNET
House Approves CISPA Despite Last-Minute Push By Opponents
Bill that allows Internet companies to open their networks to the feds passes by 248-168 vote
CyberCrime & Doing Time
SOCA and FBI Seize 36 Criminal Credit Card Stores
U.K. and U.S. agencies complete joint operation targeting 36 criminal websites
SECURITY WEEK
Trustworthy Internet Movement Looks To Fix SSL, Certificate Authority Ecosystems
TIM announces that it has chosen SSL governance and implementation as its first project
IT WORLD
World's Most Dangerous Hackers Want To Steal How You Make Money
Intellectual property becomes an important currency in cybercrime
TRENDLABS MALWARE BLOG
Usenix LEET 2012: Observations On Emerging Threats
A look at the characteristics and trends in today's most sophisticated exploits
THREAT POST
Backdoor In Equipment Used For Traffic Control, Railways Called 'Huge Risk'
Security researchers warn of risk posed by embarrassing security hole in industrial control software
IT WORLD
FBI Steps UP 'Internet Doomsday' Awareness Malware Campaign
FBI says infected users must deal with DNS changer malware or risk losing Internet in July
THREAT POST
Firefox 12 Debuts With Silent Update Mechanism
Mozilla has released version 12 of Firefox and the browser now includes an automatic update mechanism so users don't have to install patches themselves anymore
ASHIMMY BLOG
Hiding Behind A Mac Is No Longer An Option
The honeymoon is over for Macs, with the recent Flashback malware attack that infected more than 600,000 machines, and Apple's not-so smooth response to the attack
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3270 (vnx_control_station, celerra_control_station)
EMC VNX Control Station before 7.1.70.2 and Celerra Control Station before 6.0.70.1 have an incorrect group ownership for unspecified script files, which allows local users to gain privileges by leveraging nasadmin group membership.
CVE-2013-1014 (itunes)
Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.
CVE-2013-1011 (itunes)
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
CVE-2013-1010 (itunes)
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
CVE-2013-1008 (itunes)
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.