| Monday December 22nd 2014

Feedburner

Subscribe by email:

We promise not to spam/sell you.


Search Amazon deals:

‘security’ Archives

The Rocky Road To Secure Code

The Rocky Road To Secure Code

Homeland Security's Build Security In, Microsoft's Software Development Lifecycle (SDLC), BSIMM, and now OpenSAMM: Secure application development programs are spreading amid calls for more secure code. The practice of writing applications from the ground up with security in mind remains in its infancy, even with software giant Microsoft leading [...]

Security Expert Calls For New Model For “Demonetizing” Cybercrime

Security Expert Calls For New Model For “Demonetizing” Cybercrime

SAN FRANCISCO -- RSA CONFERENCE 2009 -- A top U.S. botnet expert has proposed a new approach to fighting cybercrime: Hit the bad guys where it hurts -- in their wallets -- by making online crime less lucrative and more risky to carry out. Joe Stewart, director of malware research for SecureWorks, says the current approach, which includes [...]

Cybersecurity Act of 2009

Cybersecurity Act of 2009

A recently proposed but little-noticed Senate bill would allow the federal government to shut down the Internet in times of declared emergency, and enables unprecedented federal oversight of private network administration. The bill's draft states that "the president may order a cybersecurity emergency and order the limitation or shutdown of [...]

Microsoft warns of copycat Conficker worm

Microsoft warns of copycat Conficker worm

The 1 April Conficker scare may have come and gone, but Microsoft has uncovered a new worm that has updated itself to imitate Conficker’s characteristics. The worm ‘Neeris’ has been active for a few years, but has been updated to target the same Microsoft flaw MS08-067 – which Conficker exploited to become so successful. Other [...]

Man finds card skimmer on ATM

Man finds card skimmer on ATM

Dan says over the weekend he discovered a card skimmer attached to the ATM at his local WaMu branch. He pulled it off and took photos of it. This past weekend I went to use the local WaMu ATM to get some cash money. When I walked up to the ATM something struck me as funny…I couldn't quite put my finger on it but the card reader didn't look [...]

Bemoaning the death of Hacker Culture

Bemoaning the death of Hacker Culture

Do you get the feeling that the information security industry has really changed the last 3-5 years? Remove the obvious: the industry is much larger, of higher public profile, and much better funded across the board. I would venture to guess, that way back when, say, in the dark ages of 1999, the primary reason people chose to get into the field [...]

New Rootkit Attack Hard To Kill

New Rootkit Attack Hard To Kill

Researchers have come up with a way to create an even stealthier rootkit that survives reboots and evades antivirus software. Anibal Sacco and Alfredo Ortega, both exploit writers for Core Security Technologies, were able to inject a rootkit into commercial BIOS firmware using their own Python-based tool that installed the rootkit via an [...]

Verified by Visa: British banks phish their own customers

Verified by Visa: British banks phish their own customers

Security expert Ben Laurie has a scorching indictment of the "Verified by Visa" program used by British banks. This system is basically the perfect system for phishers and identity thieves, and conditions honest people to behave in foolish ways that leave them vulnerable to having their life's saving taken off of them. "Frame inline displays the [...]

Six Tips For Doing More Security With Less

Six Tips For Doing More Security With Less

Cybercrime is on the rise as organizations face the tough realities of a poor economy putting the squeeze on their security spending. But don't panic -- some creative ways to defend your data on a tight budget do exist. The discrepancy between security priorities and the money to fund them is becoming painfully obvious. According to a recent [...]

TSA: More gate searches in store for fliers

TSA: More gate searches in store for fliers

WASHINGTON — A new, more aggressive effort by airport screeners aims to halt randomly selected passengers for a security check just before they step onto their departing plane, according to a government memo obtained by USA TODAY. Scores of passengers have already been pulled aside for searches as they waited in line at airport gates for [...]

Cross Site Scripting (XSS) Prevention Cheat Sheet

Cross Site Scripting (XSS) Prevention Cheat Sheet

This article provides a simple positive model for preventing XSS using output escaping/encoding properly. While there are a huge number of XSS attack vectors, following a few simple rules can completely defend against this serious attack. These rules apply to all the different varieties of XSS. Both reflected and stored XSS can be addressed by [...]

Pwn2Own 2009: Safari on a MacBook falls in seconds

Pwn2Own 2009: Safari on a MacBook falls in seconds

Charlie Miller has done it again.  For the second consecutive year, the security researcher hacked into a fully patched MacBook computer by exploiting a security vulnerability in Apple’s Safari browser. “It took a couple of seconds.  They clicked on the link and I took control of the machine,” Miller said moments after his [...]

HOWTO: Use iptables to Block Brute Force Attacks

I left a linux machine online with ssh open for a day. It dropped incoming login attempts after the username was entered. These are the usernames the "hacker(s)" tried: account adam adine adm admin admin1 admin2 administrator admissions advice ahmed airport akademik alan albert alberto alex alfred ali alias alice allan alpha alumni amanda [...]

Major Cybercrime Busts Take Place In Romania

Major Cybercrime Busts Take Place In Romania

The Romanian police had a busy Wednesday, breaking up a major bank fraud ring and arresting another individual who is accused of breaking into major U.S. government and university servers. According to news reports, the Romanian police, working along with the FBI, arrested 20 individuals who allegedly built cloned bank sites and then drained [...]

No User Action Required In Newly Discovered PDF Attack

No User Action Required In Newly Discovered PDF Attack

Merely storing, without opening, a malicious PDF file can trigger an attack that exploits the new, unpatched zero-day flaw in Adobe Reader, a researcher has discovered. Didier Stevens, a researcher and IT security consultant with Contrast Europe NV, today released a proof-of-concept demonstration that shows how a file infected with the Adobe [...]

Secure file deletion: A single overwrite will do it

Secure file deletion: A single overwrite will do it

The myth that to delete data really securely from a hard disk you have to overwrite it many times, using different patterns, has persisted for decades, despite the fact that even firms specializing in data recovery, openly admit that if a hard disk is overwritten with zeros just once, all of its data is irretrievably lost. Craig Wright, a [...]

Firefox Updates to 3.0.7

Firefox Updates to 3.0.7

...and fixes bugs and improves security FTW. Nothing too sexy to report, but Firefox updated tonight to version 3.0.7. Head on over to the release notes for more of the specifics, but basically you'll get several behind the scenes security and stability fixes as a part of a big old list of bugs that were smashed. If Firefox didn't already take [...]

New Flaw Lets Attacker Control Gmail “Change Password” Function

New Flaw Lets Attacker Control Gmail “Change Password” Function

A researcher today released a proof-of-concept for a vulnerability he discovered in Google Gmail that lets an attacker change a Gmail user's password, wage a denial-of-service attack on the account, or even access other Gmail users' email. The cross-site request forgery (CSRF) flaw -- which researcher Vicente Aguilera Diaz from Madrid-based [...]

Next Generation “War-Dialing” Tool On Tap

Next Generation “War-Dialing” Tool On Tap

War-dialing is back, and it's not limited to finding modems anymore. Renowned researcher HD Moore is putting the final touches on his latest project -- a telephone auditing tool that also finds PBXes, dial tones, voicemail, faxes, and other phone line connections for security assessment, research, or inventory. This is not your father's [...]

Why forced change password policies are ridiculous

Why forced change password policies are ridiculous

Forced password-changing policies lead to two things: More frustrated users locked out of their accounts, leading to more painful support requirements A huge number of unenecrypted text files on local filesystems called "mystupidnewpassword.txt" I study IT Security in the graduate program of UNC Charlotte. For the most part, UNCC is a [...]

 Page 6 of 14  « First  ... « 4  5  6  7  8 » ...  Last »