Browsing Category: Web Security

Categories: Malware, Web Security

From Computerworld (Gregg Keizer)
A URL-shortening service that condenses long Web addresses for use on micro-blogging sites like Twitter was hacked over the weekend, sending millions of users to an unintended destination, a security researcher said today. Read the full story [cio.com]  Also see commentary from Roel Schouwenberg [viruslist.com]

Read more...

Categories: Web Security

A collection of some of the top names in the security community has sent a letter asking Google to force users of its online applications to use secure connections by default. And Google has responded quickly, saying that it is investigating the possibility of enabling HTTPS connections by default for users of Gmail, Google Calendar and other applications.

Read more...

Categories: Malware, Web Security

A security researcher who specializes in browser and Web 2.0 vulnerabilities plans to use the month of July to expose serious vulnerabilities in the Twitter ecosystem.
The Month of Twitter Bugs, a project which launches on July 1, is the handiwork of Aviv Raff.  It will disclose a  combination of cross-site scripting (XSS) and cross-site request forgery (CSRF) flaws that put Twitter users at risk of malicious hacker attacks.

Read more...

Categories: Web Security

By Alex Rothacker, Team SHATTER

It seems as though the latest rash of threats and attacks all have a familiar ring to them: they’re all aimed at social networking sites like Twitter and Facebook, which is interesting, because smart attackers will use whatever means possible to get to the stuff that really counts – enterprise data.

Read more...

From ZDNet (Dancho Danchev)
Researchers from ParetoLogic are reporting on a newly discovered Mac OS X malware variant posing as fake video ActiveX object [paretologic.com] found at a bogus Macintosh PortTube site.
The use of fake video codecs is a social engineering tactic exclusively used by malware targeting Windows, and seeing it used in a Mac OS X based malware attack proves that successful social engineering approaches remain OS independent.  Read the full story [zdnet.com]

Read more...

Categories: Web Security

From ZDNet (Dancho Danchev)
A currently ongoing malware attack across Twitter is abusing the momentum offered by Twitter’s trending topics in order to trick users into visiting bogus exclusive video sites and infect them with malware.
The campaign, spreading since last week, is relying on a growing number of automatically registered bogus Twitter accounts, which combine trending topics and hashtags with custom messages and pre-defined Tinyurl links, all leading to identical fake codec which is droping three different malware samples. Read the full story [zdnet.com]

Read more...

Categories: Cryptography, Web Security

One of the few things that most people in the security community seem to agree on is that there is a dire need for better security around Web applications. That need begins with the lack of security training for most Web developers and extends through the inconsistent use of Web-application testing, both pre-deployment and post-deployment. But one issue that has been overlooked for years probably belongs at the top of the list of Web application security woes: the haphazard use of cryptography.

Read more...