Charlie Miller (right), the security researcher who won last year’s Pwn2Own hacker contest, is predicting that Apple’s Safari browser will be the easiest target this year.
In a note posted on the popular Daily Dave mailing list, Miller describes Safari as “easy pickin’s” and forecasts that at least four zero-day Safari flaws will be used during the contest at CanSecWest later this month.
Opera Software has shipped a high-priority security patch for its flagship Web browser to plug at least three vulnerabilities that expose Windows users to code execution and cross-domain scripting attacks.
The Opera 9.64 upgrade also adds support for DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization), two anti-exploitation mechanisms that helps to limit the damage from malware attacks on the Windows platform.
More than two years after Symantec pulled the plug on L0phtCrack, the venerable password cracking tool is being prepped for a return to the spotlight.
The original creators of L0phtCrack has reacquired the tool with plans to release a new version at next week’s SOURCE Boston conference.
A lack of corporate mandates to quickly install Oracle Corp.’s security patches may be leaving many Oracle database installations exposed to vulnerabilities for extended periods of time, according to survey results released last week.
From the article:
Brian Krebs’ terrific reporting on the targeted malware attacks against small businesses in the U.S. continues today with a closer look at the way “money mules” operate and their roles in the cybercrime operation.
In this article, Krebs interviews a “money mule” and shows the layers of online job recruitment, the sign-up process that includes bank account details and the way money is siphoned from stolen bank accounts and wired to international locations. This is a must read article [washingtonpost.com]
The number of identification theft cases surged in 2008, according to a report (.pdf) based on the Federal Trade Commission’s annual data.
In 2008, ID theft was by far the biggest complaint to the FTC, representing 26 percent of complaints. The next biggest complaint — third party and creditor debt collection scams — represented only 9 percent of complaints.
The open-source PHP Group has issued a patch for at least four security flaws in the widely-used general-purpose scripting language.
With PHP 5.2.9 (see announcement), the PHP development team corrects a total of 50 bugs, including a publicly-known flaw that allows attackers to read the contents of arbitrary memory locations in certain situations.
Facebook and other social networks can be downright unfriendly when it comes to scam attempts. PC World’s JR Raphael has put together five attack scenarios and information on how to protect yourself and your Facebook friends.
Over at Microsoft’s MSDN magazine, there’s a really interesting article by Bryan Sullivan suggesting a defense-in-depth strategy to protect Web sites and applications from cross-site scripting (XSS) and cross-site request forgery (XSRF) attacks.
internetnews.com’s Kenneth Corbin has the scoop on plans by Google to launch a members-only security forum for businesses, law enforcement, government agencies and others to combat malware and fraud on the Web.
In addition to Google, the Internet Security Community will draw participation from Xerox PARC, representatives of the Federal Trade Commission and others.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
