About
Dennis Fisher is a journalist with more than 13 years of experience covering information security.
WASHINGTON, D.C.– As the speed of technological innovation has continued to increase in recent years, it has completely outpaced the ability of companies, consumers and regulators to keep up with the ways in which those changes affect online privacy, experts say, and in order to make real improvements in the way that sensitive data is handled, all of the concerned parties will need to change the way they think about privacy.
WASHINGTON, D.C.–The United States has a responsibility to take a leadership role in securing the Internet against both internal and external attackers, a duty that the federal government takes very seriously, the country’s top military cybersecurity official said Tuesday. However, Gen. Keith Alexander, director of the National Security Agency and commander of the U.S. Cyber Command, provided virtually nothing in the way of details of how the government intends to accomplish this rather daunting task.
A dangerous XSS bug surfaced on Twitter on Monday, and researchers have seen active exploits for the bug, which allows an attacker to steal the session cookie of a Twitter user with a simple click-and-you’re-owned technique.
There’s an unpatched vulnerability in Internet Explorer 8 that enables simple data-stealing attacks by Web-based attackers and could lead to an attacker hijacking a user’s authenticated session on a third-party site. The flaw, which a researcher said may have been known since 2008, lies in the way that IE 8 handles CSS style sheets.
Google is planning to overhaul its main privacy policy in an effort to make the document more readable and usable for normal people. In addition, Google also is eliminating privacy policies for some of its individual products and services, which it deemed redundant.
Scareware and rogue AV programs have enjoyed a very good run in the last few years, making millions of dollars for their creators and generally making life miserable for victims. And while there’s been some innovation recently in the mechanisms attackers use to keep the programs resident on infected machines, researchers say that for the most part, users’ lack of security savvy and laziness about updating their PCs essentially obviates the need for the use of novel techniques to make these scams work.
Mitigation has become the word of the moment at Microsoft, and the company on Thursday continued its recent flow of tools designed to lessen the effectiveness of certain attacks with the release of version 2.0 of its Enhanced Mitigation Experience Toolkit.
Google has released a new version of its Chrome browser and has included more than a dozen security fixes in the update. The new version, 6.0.472.53, was released two years to the day after the company pushed out the first version of Chrome.
In this video, Niklas Wolff of the CSIS Security Group demonstrates an exploit for the recent integer overflow vulnerability in Adobe Reader (CVE-2010-2862), disclosed at Black Hat in July, that allows remote code execution.
Online bank fraud, for all of its obvious ploys and tired tactics, is still a remarkably effective way to make money. Too lazy or clueless to get a real job? Go phishing. Lots of people are doing it, and by some estimates, it’s evolving into a nearly $1 billion business.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
