Best Of Web
Best Of The Web
THREAT POST
Researchers Crack Satellite Phone Ciphers
German researchers broke encryption for two protocols for satellite phones, allowing them to listen in on conversations
THE TELEGRAPH
Facebook Criticized For 'Hurting' Cybercrime Investigation
A security researcher at Kaspersky Lab criticized Facebook for identifying the alleged members of the Koobface gang
ARS TECHNICA
Google To Strip Chrome Of SSL Revocation Checking
Google said its Chrome browser will no longer use certificate revocation lists (CRLs) and the online certificate status protocol to handle truest for SSL-based URLs, calling it basically "worthless"
CBC NEWS
Four Signs Hacktivism Has Gone Mainstream
Here are a few reasons 2012 could be the year of the hacktivist
HOMELAND SECURITY NEWS WIRE
Anonymous Takes Down DHS Website In Hacking Spree
Hacktivist group takes down DHS homepage along with others in coordinated campaign
MOBILEDIA
Cyberattacks To Surpass Terrorism Threat, FBI Says
While stopping terrorists is the agency's top priority, cyberattacks pose an increasing threat, director says
HACKER NEWS
University Of Washington Vulnerable And Database Leaked By Hacker
Database containing passwords and other data is breached more than once
HELP NET SECURITY
U.S. Developing Plan To Regulate Critical Infrastructure Company Cyber Defense
Senate plan to boost government's ability to regulate the security of critical infrastructure industries is spurring heated debate
INFOSEC ISLAND
Why Infosec Rocks --And Sucks
A look at the pluses and minuses of being a security professional
THE STATESMAN
Austin-Based Stratfor Faces Lawsuit Over Data Breach
Federal class action suit filed against Stratfor seeks more than $50 million in damages
ARN
Increasing Malware And Lax Security Biggest Fears For Users: Sophos
Security vendor's latest report reveals what users are really concerned about when going online
IT WORLD
Facebook Malware Scam Takes Hold
A link to malware purporting to be CNN coverage of a US attack on Iran is reaching hundreds of thousands of Facebook users
SC MAGAZINE
Hackers Claim Symantec Would Pay $50,000 Extortion
A Pastebin posting showing a purported email string between a Symantec employee and the hacker who claimed to have stolen source code from the security firm appears to indicate a bribe by the security firm to keep its source code from going public
ADOBE BLOG
Flash Player Sandboxing Is Coming To Firefox
Adobe has launched a public beta of a Flash Player sandbox -- Protected Mode -- for the Firefox 4.0 and later and will run on Windows Vista and Windows 7
NEW STATESMAN
How Did Anonymous Hack The FBI?
The recent leak of a conference call between FBI agents and Scotland Yard officers apparently occurred after the hackers hacked authorities' email accounts
HACK IN THE BOX
Facebook's Zuckerberg Defends Hacking
Mark Zuckerberg, Facebook CEO, says hackers "believe that something can always be better, and that nothing is ever complete" and "just have to go fix it"
ICS SANS DIARY
Critical PHP Bug Patched
The PHP 5.3.9 release included a security fix that was incorrectly implemented and ultimately introduced another, more severe remote code vulnerability -- experts say to apply the new 5.3.10 of PHP and to avoid .9 if possible
POLITICO
Senate Cyber Bill: Is This The Lucky Week?
The long-awaited Senate cybersecurity bill may go public later this week that helps beef up the security of the nation's critical infrastructure
GOOGLE MOBILE BLO
Android And Security
Google is adding a new service code-named "Bouncer" that automatically scans apps in the Android Market for potentially malicious software -- once a new Android app is uploaded, Bouncer analyzes it for known malware and suspicious behavior
THREAT POST
Update: VeriSign Admits To Security Breaches In 2010
Incidents in 2010 were not reported to company management until late 2011, officials say
SOPHOS
Anonymous Spies On FBI/UK Police Hacking Investigation Conference Call
Hacktivist group releases recording of call on Internet
INFOWORLD
Security Slackers Risk Internet Blackout On Mar. 8
If feds pull down temporary DNS fix as planned, machines infected with DNSChanger Trojan won't be able to access the Web
IMPERVA
SQL Injection Part II: Seeing A Blind SQL Injection
Groundhog predicts long winter of SQL injection attacks
SYMPLIFIED
HTC Android Phones Can Leak Wi-Fi Passwords
Exposed 802.1X credentials can be picked off by rogue applications
9TO5 MAC
Passware: Filevault Can Be Brute Force Cracked During The Span Of A Lunch Break
Security company says Apple's standard encryption tool is easily decrypted
TECH WORLD
Trojan Gang Targets BT, Talk Talk And Sky Customers
Thieves target phone service logins to fool verification checks
GOOGLE CHROME BLOG
German Federal Office Of Information Security Recommends Chrome
Best practices guide recommends Chrome for its security benefits
YAHOO! NEWS
Komen Foundation Controversy Spurs Website Hack
Best-funded breast cancer organization in the U.S. comes under fire for decision to end support for Planned Parenthood
SECURITY NEWS DAILY
Anonymous Attacks American Nazis
Hacktivists take down and deface American Nazi Party website
THE GUARDIAN
Oscars Vote Vulnerable To Cyberattack Under New Online System, Experts Warn
Academy to switch to electronic ballots in 2013 -- but move from paper voting does not eliminate prospect of foul play
CNET
Kelihos Botnet Makes A Comeback
A once-dead botnet has been resurrected and resumes its spamming ways
FIERCE HEALTH IT
Report: Data Breaches From Unencrypted Devices Up 525 Percent in 2011
Healthcare organizations need to server as their own watchdogs, study says
SECURITY NEWS DAILY
Authentication Giant VeriSign Hacked Repeatedly In 2010
Company admits to multiple hacks, but won't say what information was stolen
HERALD SUN
Governments Struggling To Fight Cybercrime, UN Says
International action to snuff out cybercrime is desperately needed, United Nations official says
BITCYBER SECURITY
Cridex Trojan Breaks CAPTCHA, Targets Facebook, Twitter Users
Variant of banking Trojan can communicate with CAPTCHA-breaking server
CNET
Dubious Android Apps May Not Be Malware--Just Ads
Symantec may have mistakenly flagged more than a dozen Android apps as malware, security researchers at ICSA Labs say
THREAT POST
Game On: Gamma Ray Scanners To Guard 'Most Technologically Secure' Super Bowl Ever
Organizers of Super Bowl XLVI built an $18 million regional operation center that includes surveillance cameras, and security staffers with iPhones for wiring any suspicious or malicious activity to the center during the game at Lucas Oil Stadium
TRUSTEER BLOG
Malware Redirects Bank Phone Calls To Attackers
Trusteer says a variant of Zeus called Ice IX steals telephone account information from victims to divert calls from the bank to the attacker
COMPUTERWORLD
Facebook Files For $5B IPO
According to papers filed with the U.S. Securities and Exchange Commission, Facebook earned $3.7 billion in revenues in 2011
ABC NEWS
FBI Director Says Cyberthreat Will Surpass Threat From Terrorists
FBI Director Robert Mueller testified before Congress that cyberespionage, computer crime, and attacks on critical infrastructure will overtake terrorism as the No. 1 threat facing the country
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-2059
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
CVE-2013-2007
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
CVE-2013-2006
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.
CVE-2013-1977
OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.
CVE-2013-1964
Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors.