In this Google Tech Talk, Mike Andrews, a security consultant from Foundstone, discusses common techniques for exploiting weak spots in Web applications. (Running time: 1:26)
Browsing Category: Web Security
Malware that attacks mobile phones and other handheld devices has been the Next Big Threat for most of the last decade. And much like the Year of PKI, it’s never really materialized. Security experts have postulated that this is mainly because there’s not enough valuable data on these devices to attract the money-motivated attackers. But a new paper, “Understanding the Spreading Patterns of Mobile Phone Viruses,” from a group of scientists shows that the barriers are more likely market saturation and geography.
Dennis Fisher t[img_assist|nid=2479|title=|desc=|link=none|align=right|width=100|height=100]alks to Adam Shostack of Microsoft, about the evolution of thinking around “The New School of Information Security,” his new group blog and what surprised him most when he went to work at Microsoft.
From The Register (Dan Goodin)
Overlooked design weaknesses in a widely used type of wireless network are seriously jeopardizing the network security of the retailers and manufacturers [theregister.co.uk] that rely on them, a security expert has determined.
So-called FHSS, or frequency-hopping spread spectrum, networks are an early form of the 802.11 wireless data standard. Although transmission speeds, at about 2 Mbps, lag far behind more recent 802.11 technologies, they remain widely used by many Fortune 1000 companies, particularly those with large warehouses or factory floors. Read the full story [theregister.co.uk]
Security researchers at Kaspersky Lab (our corporate sponsor) are warning about a new potentially unwanted program [viruslist.com] targeting Symbian-based smart phones.
The program, called iPornPlayer (screenshot at right), promises sexually-explicit content on handsets but there’s a hefty price attached because it calls international premium rate numbers.
Read the full story [viruslist.com]
Dennis Fisher talks wi[img_assist|nid=2486|title=|desc=|link=none|align=right|width=100|height=100]th Rich Mogull, founder of Securosis, about the behind-the-scenes effort by the Honeynet Project and others to identify Conficker-infected PCs, as well as the hype surrounding the DLP market and the level of DLP adoption.
The FBI’s Internet Crime Complaint Center (IC3) says complaints of online crime hit a record high in 2008, driven mostly by non-delivery of goods and service and those pesky 419 (Nigerian) e-mail scams.
Accordign to a new report (PDF from ic3.gov), the center received a a total of 275,284 complaints, a 33.1% increase over the previous year. The total dollar loss linked to online fraud was $265 million, about $25 million more than in 2007. The average individual loss amounted to $931. Other significant findings include:
From DarkReading (Kelly Jackson Higgins)
Another reason to be careful what you post on Facebook: All it takes is a simple Google search, and phishers and marketers can glean a treasure trove of private information [darkreading.com] based on relationships among Facebook “friends,” according to new research.
Researchers from the U.K.’s University of Cambridge recently published a paper [PDF frm cam.ac.uk] detailing a project in which they developed a software tool to correlate and map Facebook profiles they found via public search engines, such as Google, to build detailed maps of relationships among Facebook members. Read the full story [darkreading.com]
From Facebook, by Jeff Williams, Microsoft
When the Koobface worm hit Facebook users last year, the company’s security team scrambled to help affected users reset their accounts and avoid new infections. But the worm has continued to crop up periodically since then, and so the anti-malware team at Microsoft has been helping the Facebook technicians get a handle on the attack.
By Matt Hines, eWEEK
Security researchers are highlighting a more powerful breed of attack that is specifically targeting users of the open source Mozilla Firefox web browser.
Long touted for its improved security over rival browsers including Microsoft IE, Firefox has been mined for dozens of vulnerabilities over the last few years, but the application hasn’t ever faced the same level of attacks as Explorer. However, experts are charting the emergence of a new, sophisticated breed of Firefox threat that packs a significantly more potent punch than its predecessors. Read the full story [eweek.com]