Browsing Category: Data Breaches

[img_assist|nid=1790|title=|desc=|link=none|align=right|width=115|height=115]They’re the Internet equivalent of storm chasers, spending endless hours scanning and sleuthing, looking for the telltale signs of botnets. Here’s an inside look at the battle against cybercrime’s weapons of mass infection. Read the full article. [CSOonline.com]

Read more...

[img_assist|nid=1787|title=|desc=|link=none|align=left|width=115|height=115]A critical vulnerability in the Wikipedia Toolbar extension for Firefox has been discovered that can be exploited by an attacker to compromise a victim’s system. According to the Secunia report, the cause of the problem is due to the application using invalidated input in a call to eval() which can be exploited to execute arbitrary JavaScript code.

Read more...

[img_assist|nid=1788|title=|desc=|link=none|align=right|width=115|height=115]Hackers are increasingly targeting law firms and public relations
companies with a sophisticated e-mail scheme that breaks into their
computer networks to steal sensitive data, often linked to large
corporate clients doing business overseas. Read the full article. [NYTimes.com/AP]

Read more...

[img_assist|nid=1776|title=|desc=|link=none|align=left|width=115|height=115]The recent ACM Cloud Computing Security Workshop in Chicago was devoted specifically to cloud security. Speakers included Whitfield Diffie, a cryptographer and security
researcher who, in 1976, helped solve a fundamental problem of
cryptography: how to securely pass along the “keys” that unlock
encrypted material for intended recipients. Diffie, now a visiting professor at Royal Holloway, University of
London, was until recently a chief security officer at Sun
Microsystems. He sat down with Technology Review’s chief
correspondent. Read the full article. [Technology Review]

Read more...

[img_assist|nid=1775|title=|desc=|link=none|align=right|width=175|height=88]A hacker has broken into the Nebraska Worker’s Compensation database,
prompting an FBI investigation and an effort to contact those who may
be affected. Several thousand people could be affected by the
breach, which was discovered last week when the state’s chief
information officer noticed an unusual amount of Internet traffic
traversing the Worker’s Compensation courts server. Read the full article. [KETV.com]

Read more...

[img_assist|nid=1752|title=|desc=|link=none|align=right|width=115|height=115]Injection attacks top the 2010 OWASP Top 10 list of Web application security threats, including SQL, OS, and LDAP injection, followed by cross-site scripting (XSS), broken authentication and session management, insecure direct object references, cross-site request forgery (CSRF), security misconfiguration, failure to restrict URL access, unvalidated redirects and forwards, insecure cryptographic storage, and insufficient transport layer protection. The list is considered a “release candidate” that will be published in its final form in 2010. Read the full article. [Dark Reading]

Read more...

[img_assist|nid=1742|title=|desc=|link=none|align=left|width=165|height=112]Security researchers have released a paper detailing successful man-in-the-middle attacks against several smartphones. The SSL enabled log in sessions on the tested, Nokia N95, HTC Tilt, Android G1 and iPhone 3GS devices was sniffed using the publicly available SSLstrip tool, with the attack taking place over insecure Wi-Fi network, now prevalent literally everywhere. Read the full article. [ZDNet]

Read more...

[img_assist|nid=1712|title=|desc=|link=none|align=left|width=115|height=115]Researchers at the University of Pennsylvania say they’ve discovered a
way to circumvent the networking technology used by law enforcement to
tap phone lines in the U.S.The flaws they’ve found “represent a serious threat to the accuracy and completeness of wiretap records used for both criminal investigation and as evidence in trial,” the researchers say in their paper, set to be presented today at a computer security conference in Chicago. Read the full article. [PC World]

Read more...

[img_assist|nid=1701|title=|desc=|link=none|align=right|width=115|height=115]Let’s try to separate the wheat from the chaff. Let’s start by looking at the vulnerability itself. It is a “man-in-the-middle” (MitM) attack in which an attacker can use an SSL feature called “negotiation” to inject bad stuff into an SSL session. Right, so that’s not good news. But the sky isn’t exactly falling yet, so we can all remain calm for now. Let’s put things into perspective here… In order to use an MitM attack to actually effect damage isn’t entirely
trivial. The attacker either needs to be on the same local network as
the client, or in the network path between the client and the server. By far, the most likely of these scenarios, at least in the near term,
is to attack systems on a local network. We have a little bit of
leverage there. Read the full article. [Computerworld]

Read more...

A researcher is working on tools for
penetration testers that’s a first step toward ultimately integrating
and correlating data among different types of penetration-testing
products. Josh Abraham, a.k.a. “Jabra,” will release some proof-of-concept tools at the OWASP AppSec Conference in Washington, D.C., that let pen testers integrate data they gather in their white-hat hacking projects. Read the full article. [Dark Reading]

Read more...