Browsing Category: Web Security

Categories: Web Security

After a two year absence, IBM X-Force is reporting [iss.net] a significant spike in image-based spam.   
“Since March 20th, we have been witnessing a rebirth of image-based spam.  At first, we saw a small trial of image-based spam, reaching 5-10%.  Then, in late April, we saw another blast (this time a much bigger effort) reaching 15-22% of all spam, according to researchers Ralf Iffert and Holly Stewart.

Read more...

From The H Security
Updating browsers without first asking users is apparently the most successful way of ensuring wide distribution for the latest version – thus minimising the number of vulnerable browsers. A joint study [techzoom.net] by Google Switzerland and the ETH (Swiss Federal Institute of Technology) in Zurich concludes that, if an update requires too much user interaction or effort, users will either abort the process or fail even to run it. Read the full story [h-online.com]

Read more...

Categories: Web Security

From ZDNet (Dancho Danchev) 
Yesterday, a French hacker claimed to have gained access to Twitter’s administration panel, and based on the screen shots that he included featuring internal data [zataz.com] for accounts belonging to U.S President Barack Obama, Britney Spears, Ashton Kutcher, and Lily Allen, as well as a detailed overview of different sections behind the scenes of Twitter, his claims [mashable.com] seem pretty legitimate. Read the full story [zdnet.com].

Read more...

Categories: Web Security

Identity thieves are currently launching a massive attack on Facebook [techcrunch.com], using fake log-in pages to hijack usernames and passwords.
The attackers are using Facebook’s mail system to send a one-line message luring users to “fbaction.net,” a site that clones the social networking site’s log-in screen. Read the full story [zdnet.com]

Read more...

Security holes in the Apache Geronimo Application Server and SAP cFolders headline a list of five serious Web app vulnerabilities that demand immediate attention.
According to Mark Painter from the HP Security Laboratory, the Geronimo flaws expose users to a variety of attack vectors that could lead to the theft of sensitive information and cookie-based authentication credentials.  Here’s the top-five list [zdnet.com]

Read more...

Categories: Government, Web Security

By Ozzie Diaz
There are those that would argue U.S. House Representative Pete Hoekstra is too connected. According to a recent article in a top security trade publication, Rep. Hoekstra sent tweets during his recent trip to Iraq. Some of the tweets included: “Just landed in Baghdad. I believe it may be first time I’ve had bb service in Iraq. 11th trip here.” and “Moved into green zone by helicopter Iraqi flag now over palace. Headed to new US embassy Appears calmer less chaotic than previous here.”

Read more...

Categories: Web Security

From The H Security (Jürgen Schmidt) 
Secure data transmission on the internet relies on encryption and security certificates. Mozilla has revised the way Firefox 3 handles certificates, but not always for the better. A few modifications will sort things out – and give you more security. Read the full story [h-online.com]

Read more...

Categories: Web Security

From ZDNet Zero Day
Now that Oprah’s all a twitter, it looks like everyone’s favorite micro-blogging tool is finally taking a hard look at security.
According to a job listing posted online, Twitter is searching for software engineers to focus specifically on application and infrastructure security.  Read the full story [zdnet.com]

Read more...