Best Of Web
Best Of The Web
THE REGISTER
Insulin Pump Delivers Fatal Dosage Over The Air
At Hacker Halted, researcher Barnaby Jack shows attack that hijacks nearby insulin pumps
THREAT POST
Microsoft Invents New Way To Measure Online Safety (And Finds That Consumers Stink At It)
End users scored an 'F' in online safety practices, according to a new study by Microsoft
COMPUTERWORLD
Kelihos Botnet Domain Provider Promises To Make Amends
Czech-based DotFree will collaborate on domain abuse cases
POLITICO
Hackers 'Close' To Major Damage
Department of Homeland Security chief says attackers have already 'come close' to shutting down parts of the nation�s critical infrastructure
CNET
Hackers Target Oakland Police After Occupy Protest
Hackers have targeted the Web site for the city's police department and offered a $1,000 reward for information on police action that apparently injured a protester there
NEW SCIENTIST
Inside Facebook's Massive Cybersecurity System
Social networking giant releases details of the security system it uses to fight off cyberscams
YAHOO! NEWS
Slovenia Police Detain Alleged Botnet Hacker
Alleged hacker is believed to be responsible for a virus that infected 12 million computers worldwide
ASSOCIATED PRESS
Slovenia Police Detain Alleged Botnet Hacker
Slovenian police have in custody an alleged computer hacker responsible for the Mariposa virus
SEARCH SECURITY
New Duqu Trojan Analysis Questions Stuxnet Connection
Research indicates there is not enough evidence to link Duqu to Stuxnet, questions idea that Duqu is a new version
TECH WORLD
Trojan Hack Lands Cycle Star Floyd Landis With Suspended Sentence
The prosecution in the case against former Tour de France cyclist Floyd Landis says he should receive an 18-month suspended sentence for his alleged role in a plot to hack the French national anti-doping laboratory
THE REPUBLIC
Ex-Student Accused Of Data Breach At E. Michigan
A former Eastern Michigan University student has been charged with eight felony counts for the alleged breach of students' personal information
REUTERS
Exclusive: Medtronic Probes Insulin Pump Risks
Medtronic asked software security experts to study the safety of its insulin pumps in the wake of revelations about a new flaw in a model of one of its pumps
EWEEK EUROPE
Nuclear And Military Data Taken In Mitsubishi Hack
The Asahi Shimbun news service reported that sensitive information on fighter aircraft, helicopters, nuclear power plant design, and safety plans were stolen in the recent targeted attack
THE JAKARTA POST
Duqu Registers No Alarm For Siemens, Infection Hits Indonesia
Siemens Corp. says its industrial control systems are not at risk to the new Duqu malware attack
SC MAGAZINE
'Strange' Bug Spotted In Chrome
A newly discovered problem in Google Chrome can let an attacker remotely execute code outside the browser's built-in sandbox
SECURITY NEWS DAILY
AntiSec Hackers Claim Responsibility For Police Website Attacks
Hackers defaced police department websites in Boston and Alabama in support of the Occupy Boston movement and in protest for violence against demonstrators
COMPUTERWORLD
Appeals Court Says Some Claims May Proceed In Hannaford Data Breach Lawsuit
The U.S. Court of Appeals for the First Circuit has ruled that some consumers can seek compensation for their fraud-prevention expenses from Hannaford in the wake of its data breach
NAKED SECURITY BLOG
Tsunami Backdoor For Mac OS X Discovered
A new backdoor Trojan horse for Mac OS X has been discovered
THE WALL STREET JOURNAL
Lawmakers Seen As Latest Target In Hacking Wave
A report in the Asahi Shimbun Tuesday says PCs and servers of Japanese lawmakers have been hit by a prolonged cyberattack that appears to have been monitoring their activities for about a month
THE NATIONAL POST
Pan Am Officials Deny Database Breach
Pan American Games officials have denied allegations a database containing the personal information of journalists covering the event was hacked, even though some journalists reported receiving an anonymous email warning of a security problem on the website for press credentials
FAST COMPANY
Skype's Huge, New Security Headaches
Even when Skype users block callers, allow only calls from their contact list, and connect from behind a firewall, hackers can pilfer information
BT SECURE THINKING
Why You Still Can't Teach A Machine To Hack
Some of today's Web application scanners miss most of the really dangerous issues and throw false positives
LIFE HACKER
The Most Common Hiding Places For Workplace Passwords
Users leave their passwords under their keyboards, phones, and mouse pad, and on their monitors or in their top desk drawers
TOR PROJECT BLOG
Rumors Of Tor's Compromise Are Greatly Exaggerated
One of the recently exposed "attacks" was not an attack on Tor, but on software behind a Tor hidden service
HOMELAND SECURITY NEWS
80 Percent Of U.S. Small Businesses Have No Cyber Security Policies In Place
Although most small business owners believe Internet security is critical to their success, many don't take basic precautions, according to a new survey of U.S. small businesses
BBC
Hackers Take Down Child Pornography Sites
Anonymous has briefly taken offline 40 sites it says traded in images of child sexual abuse, but critics say this could impeded ongoing investigations against these sites
EWEEK
FBI Official Backs Alternative Internet To Secure Critical Systems
FBI assistant director says time has come to consider a new secure alternative Internet
THE TELEGRAPH
WikiLeaks' Money Woes Brings End To Leak Of Secrets
Whistleblowing website is temporarily suspending publication of leaks to fight a "blockade" by credit card companies
CFO WORLD
Got Cyber Insurance? If Not, Trouble Follows
Standard business insurance doesn't cover data breaches or loss involving data
THE LOOKOUT BLOG
Security Alert: Legacy Makes Another Appearance, Meet Legacy Native (LeNa)
Google has removed apps infected with LeNa, a new Android Trojan spun off of DroidKungFu
NAKED SECURITY BLOG
Microsoft's YouTube Channel Has Been Hacked
Could have been the result of an employee with administrative rights over the channel account being careless with his password
KREBS ON SECURITY
Who Else Was Hit By The RSA Attackers?
List indicates that more than 760 other organizations had networks that were compromised with some of the same resources used to hit RSA, 20 percent of which were Fortune 100 companies
NAKED SECURITY BLOG
'Found A Funny Picture Of You!' Twitter Phishing Attack
New attack under way that tricks followers into giving up their username and password
CRN
U.S. Knew Of Libyan Radar Bugs, Expert Says
U.S. government officials were likely aware of vulnerabilities in Libyan radar systems -- but did not launch the attacks
MASHABLE
New Security Threat: Infected QR Codes
Kaspersky Lab has spotted QR code-tampering in Russia, and says infected QR codes could also be used for phishing scams
CNET
Gameloft Shuts Down Web Games After Security Breach
Leading mobile-game developer says a security breach prompted its shutdown of websites
EFF
FBI Ramps Up Next Generation ID Roll-Out -- Will You End Up In The Database?
The FBI early next year will begin launching its new Next Generation Identification (NGI) facial recognition service
SYSTEMS AND NETWORKS SECURITY
U.S. Deliberating On Cyberwarfare Legal Framework
Air Force General Robert Kehler said that deliberations on military doctrine and legal framework for cyberwarefare are under way
REUTERS
Obama Officials, Senators Agree To Seek Cyber Deal
Senior Obama administration officials and Senators agreed to speed up cybersecurity legislation adoption
INFOSECURITY
Nemours Loses Data On 1.6 Million Patients And Employees
Nemours, a children's healthcare system, says three unencrypted backup tapes containing personal information on 1.6 million patients and employees have been lost
Best Of Web Archive:
Most Recent | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-2059
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
CVE-2013-2007
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
CVE-2013-2006
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.
CVE-2013-1977
OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.
CVE-2013-1964
Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors.