Mike Bailey on Adobe Flash Vulnerabilities
Dennis Fisher talks with Mike Bailey of Foreground Security about his research on Adobe Flash flaws, the same-origin policy and Web site security.
Dennis Fisher
About
Dennis Fisher is a journalist with more than 13 years of experience covering information security.
Adobe Flash Vulnerability a Serious Problem, Experts Say
The same-origin policy vulnerability in Adobe Flash that was disclosed last week by a researcher at Foreground Security is more serious than just a simple software flaw, experts say. It illustrates a fundamental flaw in the way that Flash objects are handled by Web servers and Web browsers, alike, leading to a serious weakness on both ends of the Internet communication channel.
Windows Exploitation Part 2
In part two of his lecture on exploiting Microsoft Windows, Dino Dai Zovi discusses specific techniques for attacking Windows machines.
In May 2007, President Bush authorized the National Security Agency,
based at Fort Meade, Md., to launch a sophisticated attack on an enemy
thousands of miles away without firing a bullet or dropping a bomb. At the request of his national intelligence director, Bush ordered
an NSA cyberattack on the cellular phones and computers that insurgents
in Iraq were using to plan roadside bombings. The devices allowed the
fighters to coordinate their strikes and, later, post videos of the
attacks on the Internet to recruit followers. Read the full story [National Journal].
WASHINGTON–There has been a big push in recent years in the security community toward metrics, and measurements of all types have become a hot topic in certain corners of the industry. But measurement for measurement’s sake is useless-and perhaps even counterproductive–if the security team in an organization doesn’t define its goals and parameters ahead of time, experts say.
WASHINGTON–Microsoft has spent several years and untold millions of dollars working on methods to write more secure and reliable software, and now the company is encouraging other organizations to make the same investment in software security.
The four men whom a federal grand jury indicted this week for their alleged roles in a scam that stole millions of dollars from RBS WorldPay were no fools. The small crew of hackers had a distinct division of labor, operated with skill and efficiency and left one of the world’s larger banks holding the bag.
U.S. and international prosecutors have taken down a criminal ring that they allege was responsible for an ATM scam last year that stole about $9 million from RBS WorldPay. The criminals were able to evade the company’s encryption system used on payroll debit cards and withdraw money from ATMs in 280 cities around the world.
The attackers behind the insidious Koobface worm have taken to using Google Reader accounts that they control to spread the worm through shared Reader items. The infection method–which has been used before by Facebook worms–is another indication of the resilience and changing tactics the malware authors are employing.
Security researcher and former penetration tester Dino Dai Zovi delivers a lecture at the Polytechnic Institute of New York University on exploiting Windows.
