About
Dennis Fisher is a journalist with more than 13 years of experience covering information security.
Dennis Fisher talks with security researcher Moxie Marlinspike about his new startup, Whisper Systems, his RedPhone and TextSecure voice and data encryption software and the challenges of maintaining privacy in the Google Age.
Adobe, which has been under fire for the security of its flagship products, Flash and Reader, for some time now, may be on the verge of changing its patching process to push fixes out on a monthly schedule, which would coincide with Microsoft’s monthly Patch Tuesday releases.
The current raft of stories about privacy problems on Facebook and other high-profile sites is leading to a renewed consideration in some circles of whether there’s a need for tighter government regulation of sites’ privacy policies and user notifications. Regulation, experts say, may be the only real way to force sites to respect users’ privacy.
A researcher has developed a new type of phishing attack that takes advantage of the way that browsers handle tabbed browsing and enables an attacker to use a script running in one tab to completely change the content in another tab. The attack, demonstrated by Aza Raskin of Mozilla, could be used for highly targeted attacks against customers of a specific bank, Webmail service or credit-card company.
In this video, Aza Raskin of Mozilla demonstrates a new class of phishing attack in which the attacker is able to use malicious code in one browser tab to completely change the content in another tab on a victim’s browser.
One of the more trite and oft-repeated maxims in the software industry goes something like this: We’re not focusing on security because our customers aren’t asking for it. They want features and functionality. When they ask for security, then we’ll worry about it. Not only is this philosophy doomed to failure, it’s now being repeated in the realm of privacy, with potentially disastrous effects.
This was an amazingly busy news week in the security world, with a lot of major stories competing for your attention: Microsoft sharing pre-patch vulnerability data with foreign governments, IBM handing out certified pre-owned USB keys, Google spying on Wi-Fi users. If you missed anything, never fear, we’ve got a quick review of that matters from the last week. Read on.
We conducted our third live chat this week, this one with HD Moore, the founder of the Metasploit Project and the CSO of Rapid7. Moore got a lot of great questions on a wide variety of topics, so if you weren’t able to join us, here’s a full transcript of the chat.
A new survey, which may be the first of its kind, has looked at the relative trustworthiness and responsiveness of the various organizations that buy vulnerabilities and found that TippingPoint’s Zero Day Initiative is rated by researchers as the most trustworthy and is the preferred buyer.
There is a new point-and-click tool circulating online that enables virtually anyone to create a piece of malware that will connect a PC to a budding Twitter botnet.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
