Cryptography


New Class of XSS Attacks Emerging

A new type of cross-site scripting (XSS) attack that exploits commonly used network administration tools could be putting users’ data at risk, a researcher says. Read the full article. [Dark Reading]

Medicaid CIO: Security for Many Companies Is ‘Embarassing’

The level of information security in systems run by some companies that
want to be linked electronically with the Centers for Medicare and
Medicaid Services (CMS) is so rudimentary that it is “almost
embarrassing,” said Julie Boughn, CMS’ chief information officer. Read the full article. [Federal Computer Week]

Spyware Botnet ‘GhostNet’ Uses The Cloud

Espionage network GhostNet, first identified about a year ago, is much larger and more sophisticated than previously assumed according to a study entitled “Shadows in the Cloud”, by the Munk Centre for International Studies, the Information Warfare Monitor, the SecDev Group and the Shadowserver Foundation. Read the full article. [The H Security]


CanSecWest: Two security researchers at search engine giant Google have discovered
20 kernel bugs, about half remaining unpatched, affecting Windows,
Linux and the popular VMware virtualization software over the last
several years. Read the full article. [TechTarget]

Security expert Andreas Bogk warns that, despite recent PHP
improvements, the session IDs of users who are logged into PHP
applications remain guessable. Upon close examination, the alleged
improvements display frightening weaknesses. Read the full article. [The H Security]

Organized computer criminals yanked more than $200,000 out of the
online bank accounts of a Missouri dental practice this month, in yet
another attack that exposes the financial risks that small- to
mid-sized organizations face when banking online. Read the full article. [KrebsonSecurity]

Data on 3.3 million borrowers was stolen from a nonprofit company that helps with student loan financing. The
theft occurred on March 20 or 21 from the headquarters of Educational
Credit Management Corp. (ECMC), which services loans when student
borrowers enter bankruptcy. Read the full article. [Computerworld]