Best Of Web
Best Of The Web
INFOSEC ISLAND
Put Away The Pitchforks: RSA Grants BSides Sponsor Waivers
Organizers of the RSA Conference are issuing waivers for RSA sponsors and exhibitors to participate in BSides San Francisco as well
FIERCE GOVERNMENT
Clapper Sounds Alarm On Cyber Capabilities Of Iran, China And Russia
Director of national intelligence James Clapper said in testimony before Congress that Iran's cyberpower has increased "dramatically" and that the cyberintelligence capabilities of China and Russia are a big threat
CSO ONLINE
Kelihos Botnet, Once Crippled, Now Gaining Strength
Microsoft and Kaspersky Lab say the botnet, which was taken down in September, is now coming back to life and spamming again
SOFTPEDIA
TinKode Arrested By Romanian Authorities
Grey hat hacker accused of hacking into major U.S. websites
INTERNATIONAL BUSINESS TIMES
Anonymous Hacks French Government Website As Acta Row Rumbles On
Hacktivist group defaces government site in protest of an international copyright law
HELP NET SECURITY
Greatest Risks To Database Security
Organizational issues, not hacks or leaks, are greatest challenge
SECURITY NEWS DAILY
Choosing The Best Website Security Software For Your Business
The trick is finding tools that enhance both security and performance
BLOOMBERG
China-Based Hackers Target Law Firms As Back Doors In Search For Deal Data
Hackers rifled one secure computer network after the next, report says
HELP NET SECURITY
Law Firms Get Hacked For Deal Data
Cyberspies hired by big companies and foreign governments go on hunt for sensitive information
THE REGISTER
Cyberwar Report: Israel, Finland Best Prepared For Conflict
Sweden is also among nations that are better prepared than most, study says
BLOOMBERG
Cybersecurity Disaster Seen In U.S. Survey Citing Spending Gaps
Critical infrastructure companies would have to spend nine times more on security to prevent a digital Pearl Harbor, study says
GOV INFOSECURITY
Push On For Comprehensive Infosec Bill
The White House wants Congress to pass comprehensive cybersecurity legislation this year, taking an approach backed by the Senate versus a piecemeal one in the House, according to a blog post by White House cybersecurity coordinator Howard Schmidt
NAKED SECURITY BLOG
The FBI Vs. The FTC: The Battle For User Privacy In Social Media
Conflicting policies in the U.S. regarding user privacy on social media were highlighted recently with the FBI's plans to develop an app that can grab intelligence from social media, while the Federal Trade Commission is after Facebook and Google for changes in their privacy policies
BUSINESSWEEK
RIM's Heins 'Here To Fight' for BlackBerry Revival Against Apple
RIM is rebuilding its BlackBerrys on BB10, an operating system based on software used to run nuclear power plants and unmanned aerial drones, as its new CEO gears up to revive the flagging mobile platform
THE WASHINGTON POST
Megaupload Data Could Be Deleted Starting Thursday
The fate of data stored on file-sharing site Megaupload remains unclear for users who had legitimate files on the site, such as documents, photos, and home videos
CHANNELCONOMICS
Cloud Heating Up Security Competition
Symantec and McAfee are each increasing revenues despite losing some customers to one another -- and it's all due to the cloud
FORBES
Hacker's Demo Shows How Easily Credit Cards Can Be Read Through Clothes And Wallets
A few hundred dollars' worth of equipment can invisibly see credit card data through a wallet, purse, or pocket
RIA.RU
Russia Must Be Ready For Space, Cyber Wars
Chief of the General Staff of the Russian Armed Forces Nikolai Makarov said this weekend that warfare has moved online and to aerospace, and Russia is looking at how Western countries are moving this direction
INFOSEC ISLAND
Urgent: Help Us Save Security BSides San Francisco
BSides San Francisco is looking for non-RSA participating sponsors to keep the event on schedule after sponsors were notified that companies that sponsor RSA cannot sponsor another event in a five-mile radius
SECURITY WEEK
85 Percent Of Malware Comes From The Web, 30K Sites Infected Daily, Says Sophos
More than 30,000 websites are infected daily -- 80 percent of which are legitimate sites infected by attackers -- and two-thirds of them were hijacked by the Blackhole Trojan crimeware kit
STANFORD CYBERLAW
MegaUpload: A Lot Less Guilty Than You Think
The legal ramifications of the case are complicated, including the jurisdictional implications over whether the U.S. has jurisdiction over someone who uses a hosting provider in the Eastern District of Virginia, and over a company that uses PayPal
FINEXTRA
SEC Charges Latvian Trader With Account Hijacking
A Latvian man has been charged by the Securities and Exchange Commission with hacking into online brokerage accounts and altering stock prices -- he made some $850,000 in the scam, which cost others millions of dollars
CSO ONLINE
Middle East Stock Exchanges Hit By Hackers
The Saudi Arabia and Abu Dhabi stock exchanges were the target of hackers in what appears to be part of online protests
THREAT POST
FBI Looking For App To Monitor Twitter And Facebook For Threat Data
The FBI is planning to craft an application for monitoring news feeds, Twitter, and Facebook to gather information on emerging threats and new events
COMPUTERWORLD
Massive Android Malware Op May Have Infected 5 Million Users
"Android.Counterclank" malware was packaged in 13 different apps, including "Sexy Girls Puzzle" to "Counter Strike Ground Force� and many still available this afternoon on the Android Market
NETWORK WORLD
Google Says Privacy Change Won't Affect Government Users
Google says its new privacy policy will not create problems for customers of Google Apps for Government (GAFG) -- it won't change existing contracts for how it handles and stores government customers' data
NAKED SECURITY BLOG
Poll Reveals Widespread Concern Over Facebook Timeline
Facebook's new Timeline feature for the social network's profiles goes live soon and is mandatory, but half of Facebook users say they are concerned about it, according to a new poll
THREAT POST
Does DNS SEC Really Interfere With SOPA/PIPA?
Proposed legislation has many problems, but incompatibility with DNS SEC may not be one of them
CBS NEWS
NYSEG, Rochester Gas Warn Customers Of Data Breach
Subcontractor's employee got unauthorized access to customer information, utilities say
NETWORK WORLD
Hacking Stunt: Stealing Smartphone Crypto Keys Using Plain Old Radio
Researcher will demonstrate method of intercepting codes using radio waves at RSA next month
RT
The FBI Would Like To Monitor You On Facebook And Twitter
Agency issues RFI for technology that would help bad actors� social networking data "pop" on a map
WIRED
Hackers Breached Railway Network
Government memo says unnamed railroad in Pacific Northwest was slowed in Dec. 1 attack
MASHABLE
Twitter Acquires Malware Analysis Company
Technology from Dasient will be integrated into popular social network
INFORMATION AGE
U.S. Government Security Website Hacked
FTC site offering guidance on security is taken down by Anonymous
WASHINGTON POST
Google Announces Privacy Changes Across Products; Users Can't Opt Out
Search engine provider will stitch together data from YouTube, Gmail, and other Google tools to harvest more complete data about users
REUTERS
Symantec Tells Customers To Disable PCAnywhere Software
Symantec is advising users to stop using its pcAnywhere software for accessing remote PCs because the blueprints to that software have been stolen, putting users at risk of attack
READ WRITE WEB
Google Issues New Privacy Policy For One Unified Google Experience
Google announced a privacy policy overhaul effective March 1 that treats all Google services as unified and can share data among one another
SC MARKETSCOPE
White Hat Hackers: It's Time For A New Code Of Ethics
Author says he's "ashamed to be part of an industry that tolerates increasing the risks it's trying to defend against, all for the sake of marketing"
BANK INFOSECURITY
Why Debit Fraud Grows
The American Bankers Association says losses associated with debit fraud has surpassed that of check fraud, some $955 million in 2010, and most banks experienced such losses in 2011
NETWORK WORLD
Google Patches Several Serious Chrome Bugs
Google yesterday patched four vulnerabilities in Chrome, and said it had also patched a fifth flaw two weeks ago that was inadvertently left out of the release notes
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-2059
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
CVE-2013-2007
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
CVE-2013-2006
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.
CVE-2013-1977
OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.
CVE-2013-1964
Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors.