One of the patches released by Microsoft last week is not providing protection against the vulnerability it was meant to fix, according to a researcher who today accused Microsoft of making functionality a higher priority than security.
In an ironic twist, Kevin Mitnick, a social engineering master who went to jail for impersonating others to get information to access computer networks without authorization, couldn’t access his own Facebook account for weeks because administrators at the social networking site didn’t believe he was who he said he was.
In this Network World interview at SOURCE Boston, well-known hardware hacker Joe ‘Kingpin’ Grand talks about lessons rom the “Prototype This” show, the changing face of security research and his upcoming vulnerability assessment work. The video also includes an interview with Dan Kaminsky about his DNS vulnerability.
In a statement on Monday, the BBC said that its decision to purchase and use a botnet to espose the malware epidemic had been “in the public interest”.
“It was not our intention to break the law,” the BBC told ZDNet UK on Monday. “There is a powerful public interest in demonstrating the ease with which such malware can be obtained and used; how it can be deployed on thousands of infected computers without the owners even knowing it is there; and its power to send spam e mail or attack other websites undetected.”
Credit card giant Visa has taken Heartland Payment Systems and RBS WorldPay off its list of service providers that are compliant with the PCI Data Security Standard.
Over at the Zero Day blog [zdnet.com], I covered the saga of the one-year-old Windows token kidnapping vulnerability that remains unpatched and is now being exploited in malicious hacker attacks.
(Research by Joe Stewart, SecureWorks)
In response to published reports [outdustry.com] about a hacking attack [appletell.com] against the iTunes gift card system, security researcher Joe Stewart has gone digging for answers and comes up with an eyebrow-raising theory.
(By Richard Gray, Telegraph.co.uk)
Sir Tim Berners-Lee, the creator of the worldwide web, has revealed how he fell victim to online fraudsters while trying to buy a gift over the internet.
The Anti-Phishing Working Group (APWG) hasdeveloped a way for police and other organizations to report e-crimes in a common data format readable by a Web browser or other application, according to a report by Jeremy Kirk [CIO.com].
Apple has issued an advisory to warn that malicious hackers can rig audio files to hijack usernames and passwords from its popular iTunes media player.
The company described the bug as a “design issue” in the iTunes podcast feature can be abused via rigged audio files to cause an authentication dialog to be presented to the user. From that dialog, a hacker can hijack iTunes credentials and upload it to the podcast server.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
