João Saramago » Security

DDoS Attack On Wikileaks Increasing

js — Mon, 13 Dec 2010 15:53:20 +0000

tetrahedrassface writes “According to the Twitter feed for Wikileaks, the attack on the controversial site is increasing and is now at 10 Gigabits per second. In light of the recent release of highly sensitive documents and calls by many lawmakers …

Windows 7 Phone Gets Jailbreak Tool

js — Mon, 13 Dec 2010 15:51:03 +0000

An anonymous reader writes “Developers have released a ‘jailbreak’ tool for Microsoft’s Windows Phone 7, allowing the handsets to run any application, not just those approved for distribution through Microsoft’s Marketplace. Although reminiscent of jailbreak tools for the iPhone, this …

The Golden Hour of Phishing Attacks

js — Mon, 13 Dec 2010 15:50:19 +0000

Orome1 writes “Trusteer conducted research into the attack potency and time-to-infection of email phishing attacks. One of their findings was that 50 per cent of phishing victims’ credentials are harvested by cyber criminals within the first 60 minutes of phishing …

A Third of World’s Spam From One Russian Man

js — Mon, 13 Dec 2010 15:49:22 +0000

DaveNJ1987 writes “The FBI believes that one third of the world’s spam messages are being generated by one 23-year-old Russian man. Oleg Nikolaenko of Moscow is being blamed for operating the Mega D botnet that sent spam emails from over …

Microsoft Builds JavaScript Malware Detection Tool

js — Mon, 13 Dec 2010 15:44:02 +0000

Trailrunner7 writes “As browser-based exploits and specifically JavaScript malware have shouldered their way to the top of the list of threats, browser vendors have been scrambling to find effective defenses to protect users. Few have been forthcoming, but Microsoft Research …

Dutch Police Arrest MasterCard Attacker

js — Mon, 13 Dec 2010 15:42:17 +0000

An arrest has been made in the case of the DDoS attacks against MasterCard, Visa, PayPal, and others. The Dutch police has arrested a Dutch guy [Dutch] who has already confessed to taking part in the attacks. Most likely, he …

Apple, Google Diss the DoD Over Mobile Security

js — Mon, 13 Dec 2010 15:26:21 +0000

Julie188 writes “The Defense Information Systems Agency (DISA) has long supported the use of BlackBerry smartphones for soldiers. It built a system called Go Mobile to provide secure communications, training, and collaboration applications to mobile soldiers. DISA recently decided to …

Has Progress Been Made In Fighting DDoS Attacks?

js — Mon, 13 Dec 2010 15:25:58 +0000

alphadogg writes “As the distributed denial-of-service attacks spawned by this week’s WikiLeaks events continue, network operators are discussing what progress, if any, has been made over the past decade to detect and thwart DoS attacks. Participants in the North American …

New Windows Kernel Vulnerability Bypasses UAC

js — Mon, 29 Nov 2010 12:17:39 +0000

xsee writes “A new vulnerability in the Windows kernel was disclosed Wednesday that could allow malware to attain administrative privileges by bypassing User Account Control (UAC). Combined with the unpatched Internet Explorer vulnerability in the wild this could be a …

China’s Politburo Behind Google Cyber-Attack?

js — Mon, 29 Nov 2010 12:15:57 +0000

theodp writes “While Wikileaks itself is under a DoS attack, details about the US State Department cables obtained by WikiLeaks are starting to come out via the mainstream media. Among the most newsworthy, reports Techcrunch’s Erick Schonfeld, is one set …

WikiLeaks Under Denial of Service Attack

js — Mon, 29 Nov 2010 12:15:24 +0000

wiredmikey writes “WikiLeaks has reported that its Web site is currently under a mass distributed denial of service attack. The attack comes around the time of an expected release of classified State Department documents, which the Obama administration says will …

Security Expert Warns of Android Browser Flaw

js — Mon, 29 Nov 2010 12:14:49 +0000

justice4all writes “Google is working on a fix to a zero-day flaw discovered by British security expert Thomas Cannon that could lead to user data on a mobile phone or tablet device being exposed to attack. Cannon informed Google before …

Researcher To Release Web-Based Android Attack

js — Sun, 07 Nov 2010 17:28:18 +0000

CWmike writes “A computer security researcher says he plans to release code Thursday that could be used to attack some versions of Google’s Android phones over the Internet. The attack targets the browser in older, Android 2.1-and-earlier versions of the …

Massive DDoS Cuts Myanmar Off From Net

js — Sun, 07 Nov 2010 17:28:00 +0000

Trailrunner7 writes “The nation of Myanmar, formerly known as Burma, found its access to the Internet severed by a massive denial of service attack, according to a report by Arbor Networks. The source or motivation of the attack isn’t known, …

Schneier@TEDxPSU

js — Sun, 07 Nov 2010 17:26:22 +0000

No Tubo: Reconceptualizing Security (20 min.) Link to the original site

Former Student Gets 30 Months For Political DDoS Attacks

js — Sun, 07 Nov 2010 17:26:10 +0000

wiredmikey writes “A former University of Akron student was sentenced Friday to 30 months in prison, followed by 3 years of supervised release for conducting denial of service attacks on the sites of several prominent conservative figures as well as …

Facebook User IDs were sold to data brokers, company admits

js — Wed, 03 Nov 2010 12:46:08 +0000

By Ed Oswald, Betanews In yet another black eye for social networking site Facebook, the site disclosed Friday that several developers were selling user data to a third-party. User IDs, or unique identifiers given to every registered member of the …

Serious Security Bugs Found In Android Kernel

js — Wed, 03 Nov 2010 12:43:59 +0000

geek4 writes with this excerpt from eWeek Europe: “An analysis of Google Android Froyo’s open source kernel has uncovered 88 critical flaws that could expose users’ personal information. An analysis of the kernel used in Google’s Android smartphone software has …

Why Facebook Won’t Stop Invading Your Privacy

js — Fri, 22 Oct 2010 10:54:05 +0000

GMGruman writes “Every few weeks, it seems, Facebook is caught again violating users’ privacy. A code error there, rogue business partners there. The truth, as InfoWorld’s Bill Snyder explains, is that Facebook will keep on violating your privacy, no matter …

RDS Protocol Bug Creates a Linux Kernel Hole, Now Fixed

js — Fri, 22 Oct 2010 10:53:43 +0000

Trailrunner7 writes “The open-source Linux operating system contains a serious security flaw that can be exploited to gain superuser rights on a target system. The vulnerability, in the Linux implementation of the Reliable Datagram Sockets (RDS) protocol, affects unpatched versions …

Comcast Migrating Customers To DNSSEC Resolvers

js — Wed, 20 Oct 2010 17:23:26 +0000

ctg1701 passes along this quote from a Comcast announcement: “Starting today we will begin migrating customers who have opted out of our Domain Helper service over to our production DNSSEC-validating servers. This will happen first in a selected part of …

New Firefox iFrame Bug Bypasses URL Protections

js — Wed, 20 Oct 2010 17:19:25 +0000

Trailrunner7 writes “There is a newly discovered vulnerability in Mozilla’s flagship Firefox browser that could enable an attacker to trick a user into providing his login credentials for a given site by using an obfuscated URL. In most cases, Firefox …

Root Privileges Through Linux Kernel Bug

js — Wed, 20 Oct 2010 17:18:08 +0000

Lars T. writes “The H has a story about a Linux kernel bug that allows root level access. ‘According to a report written by Rafal Wojtczuk (PDF), a conceptual problem in the memory management area of Linux allows local attackers …

1978 Cryptosystem Resists Quantum Attack

js — Wed, 20 Oct 2010 17:17:41 +0000

KentuckyFC writes “In 1978, the CalTech mathematician Robert McEliece developed a cryptosystem based on the (then) new idea of using asymmetric mathematical functions to create different keys for encrypting and decrypting information. The security of these systems relies on mathematical …

The Hidden Security Risk of Geotags

js — Wed, 20 Oct 2010 17:16:50 +0000

pickens writes “The NY Times reports that security experts and privacy advocates have begun warning consumers about the potential dangers of geotags, which are embedded in photos and videos taken with GPS-equipped smartphones and digital cameras. By looking at geotags …

Trojan-Infected Computer Linked To 2008 Spanair Crash

js — Wed, 20 Oct 2010 17:16:23 +0000

An anonymous reader writes “Two years ago, Spanair flight JK-5022 crashed shortly after takeoff in Madrid, killing 154 of its 172 passengers and crew. El Pais online newspaper reports that the ground computer responsible for triggering an alarm after three …

A Conference For Malware Writers

js — Wed, 20 Oct 2010 17:13:02 +0000

tsu doh nimh writes “There is a security conference being held in Mumbai later this year called MalCon, and the organizers say it’s the first ever conference dedicated to the ‘malcoder community.’ Brian Krebs interviewed one of them and got …

Home WiFi Network Security Failings Exposed

js — Wed, 20 Oct 2010 17:09:01 +0000

An anonymous reader writes “The shocking state of home wireless (Wi-Fi) network security in the UK has been revealed by a life assistance company study. CPP used an ‘ethical hacker,’ Jason Hart, to test thousands of Wi-Fi networks across six …

US Reigns As Most Bot-Infected Country

js — Wed, 20 Oct 2010 17:08:01 +0000

Trailrunner7 writes “The US has by far the highest number of bot-infected computers of any country in the world, with nearly four times as many infected PCs as the country in second place, Brazil, according to a new report by …

Windows DLL Vulnerability Exploit In the Wild

js — Wed, 20 Oct 2010 16:59:59 +0000

WrongSizeGlass writes “Exploit code for the DLL loading issue that reportedly affects hundreds of Windows applications made its appearance on Monday. HD Moore, the creator of the Metasploit open-source hacking toolkit, released the exploit code along with an auditing tool …

Viruses Tapped To Create Spray-On Batteries

js — Wed, 20 Oct 2010 16:59:14 +0000

disco_tracy writes “Two different viruses have been used to create the cathode and anode for a lithium-ion battery. If research pans out, the parts could be grown in and harvested from tobacco plants and then woven into or sprayed onto …

25% of Worms Spread Via USB

js — Wed, 20 Oct 2010 16:58:00 +0000

An anonymous reader writes “In 2010, 25 percent of new worms have been specifically designed to spread through USB storage devices connected to computers, according to PandaLabs. This distribution technique is highly effective. With survey responses from more than 10,470 …

New QuickTime Flaw Bypasses ASLR, DEP

js — Wed, 20 Oct 2010 16:57:41 +0000

Trailrunner7 writes “A Spanish security researcher has discovered a new vulnerability in Apple’s QuickTime software that can be used to bypass both ASLR and DEP on current versions of Windows and give an attacker control of a remote PC. The …

Teacher Asks Students To Plan a Terrorist Attack

js — Wed, 20 Oct 2010 16:57:29 +0000

Tired of looking at an endless parade of dioramas, an Australian teacher had her class plan a terrorist attack that would “kill as many innocent Australians as possible.” “The teacher, with every best intention, was attempting to have the students …

Many Hackers Accidentally Send Their Code To Microsoft

js — Wed, 20 Oct 2010 16:55:55 +0000

joshgnosis writes “When hackers crash Windows in the course of developing malware, they’ll often accidentally agree to send the virus code straight to Microsoft, according to senior security architect Rocky Heckman. ‘It’s amazing how much stuff we get.’ Heckman also …

New Malware Imitates Browser Warning Pages

js — Tue, 14 Sep 2010 23:42:07 +0000

Jake writes with this excerpt from Ars: “Microsoft is warning about a new piece of malware, Rogue:MSIL/Zeven, that auto-detects a user’s browser and then imitates the relevant malware warning pages from Internet Explorer, Firefox, or Chrome. The fake warning pages …

Finland To Legalize Use of Unsecured Wi-Fi

js — Fri, 13 Aug 2010 11:59:23 +0000

Apotekaren writes “The Finnish Ministry of Justice has started preparing changes to a current law that criminalizes using unsecured wireless hot spots (Google translation; Finnish original). The reasoning includes the impossibility of tracking unlawful use, the ease of securing networks, …

Linux IRC Server Gets Trojan, Press Harps On Linux Security

js — Fri, 13 Aug 2010 11:59:03 +0000

Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan’s been holding open the backdoor in the source …

A fina arte do phishing…

js — Fri, 13 Aug 2010 11:58:26 +0000

… num telefone perto de si : ) Link to the original site

Mass SQL Injection Attack Hits Sites Running IIS

js — Fri, 13 Aug 2010 11:58:21 +0000

Trailrunner7 writes “There’s a large-scale attack underway that is targeting Web servers running Microsoft’s IIS software, injecting the sites with a specific malicious script. The attack has compromised tens of thousands of sites already, experts say, and there’s no clear …

Backdoor Found In UnrealIRCd Source Archive

js — Fri, 13 Aug 2010 11:58:16 +0000

l_bratch writes “A malicious backdoor was added to the UnrealIRCd source archive some time around November 2009. It was not noticed for several months, so many IRC servers are likely to be compromised. A Metasploit exploit already exists.” Read more …

Is Cyberwarfare Fiction?

js — Fri, 13 Aug 2010 11:55:32 +0000

An anonymous reader writes “In response to calls by Russia and the UN for a ‘cyberwarfare arms limitation treaty,’ this article explains that ‘cyberwar’ and ‘cyberweapons’ are fiction. The conflicts between nation states in cyberspace are nothing like warfare, and …

Adobe Warns of Flash, PDF Zero-Day Attacks

js — Fri, 13 Aug 2010 11:55:13 +0000

InfosecWarrior writes “Adobe issued an alert late Friday night to warn about zero-day attacks against an unpatched vulnerability in its Reader and Flash Player software products. The vulnerability, described as critical, affects Adobe Flash Player 10.0.45.2 and earlier versions for …

Android Data Stealing App Downloaded By Millions

js — Fri, 13 Aug 2010 11:50:47 +0000

wisebabo writes “A wallpaper utility (that presents purloined copyrighted material) ‘quietly collects personal information such as SIM card numbers, text messages, subscriber identification, and voicemail passwords. The data is then sent to www.imnet.us, a site that hails from Shenzen, China.’” …

Android Rootkit Is Just a Phone Call Away

js — Fri, 13 Aug 2010 11:50:37 +0000

alphadogg writes “Hoping to understand what a new generation of mobile malware could resemble, security researchers will demonstrate a malicious ‘rootkit’ program they’ve written for Google’s Android phone next month at the Defcon hacking conference in Las Vegas. Once it’s …

Prosecuting DDoS Attacks?

js — Fri, 13 Aug 2010 11:50:31 +0000

dptalia writes “We all have heard of major DDoS attacks taking down countries, companies, and organizations. But how many of them are ever prosecuted? And how many prosecutions are even successful? I’ve done some research and it appears the answer …

ReCAPTCHA.net Now Vulnerable to Algorithmic Attack

js — Fri, 13 Aug 2010 11:49:50 +0000

n3ond4x writes “reCAPTCHA.net algorithms have been developed to solve the current CAPTCHA at an efficacy of 30%. The algorithms were disclosed at DEFCON 18 over the weekend and have since been made available online. Also available is a video demonstration …

Android growth spurs new mobile malware, SMS Trojan discovered

js — Fri, 13 Aug 2010 11:46:40 +0000

By Tim Conneally, Betanews Security researchers at Kaspersky Lab announced the first malware for the Android operating system to be classified as a Trojan-SMS, the most widespread type of malware on mobile phones. The malware is disguised as a media …

BBC Builds Smartphone Malware For Testing Purposes

js — Fri, 13 Aug 2010 11:46:06 +0000

siliconbits writes “BBC News has shown how straightforward it is to create a malicious application for a smartphone. Over a few weeks, the BBC put together a crude game for a smartphone that also spied on the owner of the …

SMS Trojan Steals From Android Owners

js — Fri, 13 Aug 2010 11:45:49 +0000

siliconbits writes “A Trojan posing as a media player for Android smartphones automatically sends text messages to premium rate numbers, according to Kaspersky Lab. Company officials say the Trojan, dubbed Trojan-SMS.AndroidOS.FakePlayer.a, is the first of its kind for the Android …

Apple closes PDF flaw in iOS updates for iPhone, iPad

js — Fri, 13 Aug 2010 11:45:36 +0000

By Ed Oswald, Betanews Apple released iOS 4.0.2 for the iPhone and iPod touch, and iOS 3.2.2 for the iPad on Wednesday, effectively closing the PDF flaw which allowed hackers access to the internal code of those devices. The exploit …

Verizon Changing Users Router Passwords

js — Thu, 05 Aug 2010 17:11:10 +0000

Kohenkatz writes “I have Verizon FIOS at home and my Verizon-supplied Actiontec router had the password ‘password1′ that the tech assigned to it when he set it up three years ago. I received an email from Verizon that said ‘we …

Using XSS & Google To Find Physical Location

js — Thu, 05 Aug 2010 17:11:02 +0000

wiredmikey sends along a brief (and quite poorly written) report from Security Week on Samy Kamkar’s talk at Black Hat last week. In the video, which is amusing, he demonstrates how to obtain location information (within 30 feet, in the …

iPhone Jailbreak Uses a PDF Display Vulnerability

js — Thu, 05 Aug 2010 17:10:25 +0000

adeelarshad82 writes “Latest reports indicate that the website that ‘jailbreaks’ iPhones, iPads, and iPod Touches does so by means of a PDF-based vulnerability in OS X. PDF parsing and rendering is a core feature of OS X, and there have …

‘Project Vigilant’ Recruits At Defcon To Track You

js — Thu, 05 Aug 2010 16:48:40 +0000

angry tapir writes “A secretive volunteer group that tries to track terrorists and criminals on the Internet went to the Defcon hacker conference in hopes of recruiting information security experts, but it will first have to overcome some skepticism. That’s …

Malicious Hardware Hacking May Be the Next Frontier

js — Thu, 05 Aug 2010 16:47:37 +0000

An anonymous reader writes “It’s a given that hackers will target software, and that’s enough for many people to worry about. But now there’s the possibility that hackers would hide malicious code in the hardware itself. A hardware hack could …

Death of Windows XP SP2 Support Is a Security Risk

js — Thu, 29 Jul 2010 17:04:20 +0000

With Windows XP SP2 support ending in three weeks, a new report highlights the security risks that come with running an unsupported service pack. Link to the original site

Fifth of Android Apps Expose Private Data

js — Thu, 29 Jul 2010 17:03:03 +0000

WrongSizeGlass writes “CNet is reporting that a fifth of Android apps expose private data. The Android market threat report details the security issues uncovered. Dozens of apps were found to have the same type of access to sensitive information as …

FBI Failed To Break Encryption of Hard Drives

js — Thu, 29 Jul 2010 17:01:55 +0000

benoliver writes to let us know that the FBI has failed to decrypt files of a Brazilian banker accused of financial crimes by Brazilian law enforcement, after a year of attempts. Five hard drives were seized by federal police at …

FTC Wants Browsers To Block Online Tracking

js — Thu, 29 Jul 2010 16:59:14 +0000

storagedude writes “The FTC wants a do-not-track mechanism that would allow Web users to opt out of online behavioral tracking, similar to the national do-not-call registry. The agency’s preferred method for accomplishing this would be a browser-based tool that would …

ATM Hack Gives Cash On Demand

js — Thu, 29 Jul 2010 16:59:03 +0000

angry tapir writes “Windows CE-based ATMs can easily be made to dole out cash, according to security researcher Barnaby Jack. Exploiting bugs in two different ATM machines at Black Hat, the researcher from IOActive was able to get them to …

YouTube Hit By HTML Injection Vulnerability

js — Thu, 29 Jul 2010 13:01:48 +0000

Virak writes “Several hours ago, someone found an HTML injection vulnerability in YouTube’s comment system, and since then sites such as 4chan have had a field day with popular videos. The bug is triggered by placing a <script> tag at …

Wireless Presenters Attacked Using an Arduino

js — Thu, 29 Jul 2010 13:00:32 +0000

An anonymous reader writes “This week Dutch security researcher Niels Teusink described a method of attacking wireless presenter devices at an Amsterdam security conference. He had a demo showing how it is possible to use an Arduino and Metasploit to …

100 Million Facebook Pages Leaked On Torrent Site

js — Thu, 29 Jul 2010 11:57:38 +0000

Stoobalou writes “A directory containing personal details about more than 100 million Facebook users has surfaced on an Internet file-sharing site. The 2.8GB torrent was compiled by hacker Ron Bowes of Skull Security, who created a web crawler program that …

Skype Encryption (Partly) Revealed

js — Wed, 28 Jul 2010 18:02:41 +0000

TSHTF writes “Just weeks after Skype unveiled a public API for the service, a group of cryptographers led by Sean O’Neill have successfully reverse engineered the encryption used by the Skype protocol. Source code is available under a non-commercial license …

REMnux, the Malware Analysis Linux OS

js — Wed, 28 Jul 2010 18:02:05 +0000

Trailrunner7 writes “A security expert has released a stripped-down Ubuntu distribution designed specifically for reverse-engineering malware. The OS, called REMnux, includes a slew of popular malware-analysis, network monitoring and memory forensics tools that comprise a very powerful environment for taking …

Google Chrome Extension Steals Login Details

js — Wed, 28 Jul 2010 18:01:57 +0000

An anonymous reader sends word of a proof-of-concept Google Chrome browser extension that steals users’ login details. The developer, Andreas Grech, says that he is trying to raise awareness about security among end users, and therefore chose Chrome as a …

Wi-Fi WPA2 Vulnerability Found

js — Wed, 28 Jul 2010 14:44:56 +0000

BobB-nw sends along news based on yet another press release in advance of the Black Hat conference: a claimed vulnerability in WPA2 Enterprise that leaves traffic open to a malicious insider. “…wireless security researchers say they have uncovered a vulnerability …

Google Goes On Offensive vs. JavaScript Attacks

js — Wed, 28 Jul 2010 14:44:29 +0000

alphadogg writes “Google’s e-mail security team has updated its Postini engine to stop a new type of JavaScript attack that helped fuel a rise in spam volume in recent months. Google says it has seen a surge in obfuscated JavaScript …

Root DNS Zone Now DNSSEC Signed

js — Wed, 28 Jul 2010 14:43:35 +0000

r00tyroot writes with news that slipped by yesterday, quoting from the Internet Systems Consortium’s release: “ISC joined other key participants of the Internet technical community in celebrating the achievement of a significant milestone for the Domain Name System today as …

Millions of Home Routers Are Hackable

js — Wed, 28 Jul 2010 14:43:19 +0000

Julie188 writes “Craig Heffner, a researcher with Maryland-based security consultancy Seismic, plans to release a software tool at the Black Hat conference later this month that he says could be used on about half the existing models of home routers, …

Windows Vulnerable To ‘Token Kidnapping’ Attacks

js — Wed, 28 Jul 2010 14:42:46 +0000

cuppa+tea writes “More than a year after Microsoft issue a patch to cover privilege escalation issues that could lead to complete system takeover, a security researcher plans to use the Black Hat conference spotlight to expose new design mistakes and …

Damn Vulnerable Linux

js — Wed, 28 Jul 2010 14:42:35 +0000

The most vulnerable and exploitable operating system ever! Link to the original site

Attackers Using Social Networks For Botnet Control

js — Wed, 28 Jul 2010 14:42:22 +0000

Trailrunner7 writes “Bot herders and the crimeware gangs behind banker Trojans have had a lot of success in the last few years with using bulletproof hosting providers as their main base of operations. But more and more, they’re finding that …

Windows XP Remote Assistance Exploit Discovered

js — Fri, 18 Jun 2010 14:46:01 +0000

An insecurity expert has has discovered a vulnerability in older versions of Windows which pesky attackers could exploit to take over control of your PC. Somewhat ironically, the vulnerability afflicts the Help and Support Center for Windows XP and Server …

Clickjacking Worm Exploits Facebook “Like” Feature

js — Wed, 02 Jun 2010 12:19:22 +0000

An anonymous reader writes “For the last 24 hours, a series of attacks have exploited Facebook’s ‘Like’ feature through a clickjacking vulnerability. Using subjects such as ‘This Girl Has An Interesting Way Of Eating A Banana, Check It Out!’ hackers …

76% Web Users Affected By Browser History Stealing

js — Mon, 31 May 2010 11:52:00 +0000

An anonymous reader writes “Web browser history detection with the CSS:visited trick has been known for the last ten years, but recently published research suggests that the problem is bigger than previously thought. A study of 243,068 users found that …

Commercial Quantum Cryptography System Hacked

js — Mon, 31 May 2010 11:49:13 +0000

KentuckyFC writes “Any proof that quantum cryptography is perfect relies on idealized assumptions that don’t always hold true in the real world. One such assumption is related to the types of errors that creep into quantum messages. Alice and Bob …

Symantec To Buy VeriSign’s Authentication Business

js — Mon, 31 May 2010 11:41:48 +0000

overThruster writes “Security giant Symantec is taking another step toward global domination of the information security market with the purchase of VeriSign’s authentication business. Back in April they purchased PGP Corporation and GuardianEdge. VeriSign is the best known Certificate Authority; …

IBM Distributes USB Malware At Security Conference

js — Mon, 31 May 2010 11:41:14 +0000

bennyboy64 and other readers let us know that IBM sent out an email to all attendees to the Australian Computer Emergency Response Team (AusCERT) 2010 conference, warning them that some of the USB drives handed out to delegates contained malware. …

Malware on Hijacked Subdomains, a New Trend?

js — Mon, 31 May 2010 11:32:24 +0000

The Unmask Parasites blog discusses a technique attackers are using more and more often recently: modifying a compromised site’s DNS settings to redirect various subdomains to different IPs that serve up malware, often leaving site administrators none the wiser. Quoting: …

Google Offers Encrypted Web Search Option

js — Mon, 31 May 2010 11:32:17 +0000

alphadogg writes “People who want to shield their use of Google’s Web search engine from network snoops now have the option of encrypting the session with SSL protection. In the case of Google search, SSL will protect the transmission of …

Facebook Bug Lets Hackers Delete Friends

js — Mon, 31 May 2010 11:31:52 +0000

swandives writes “There’s lot of talk about Facebook and privacy at the moment, but a bug in Facebook’s website lets hackers delete Facebook friends without permission. Steven Abbagnaro, a student from Marist College in Poughkeepsie, New York reported the flaw, …

Microsoft Dynamics GP “Encrypted” Using Caesar Cipher

js — Mon, 31 May 2010 11:31:44 +0000

scribblej writes “Many large companies use Microsoft’s Dynamics GP product for accounting, and many of these companies use it to store credit card numbers for billing customers. Turns out these numbers (and anything else in GP) are encrypted only by …

Google Launches Encrypted Search Beta

js — Mon, 31 May 2010 11:30:56 +0000

Looking at the past few week of Google news, you’ll be forgiven for thinking Google doesn’t do anything else beyond making Android. While there’s sexier stuff going on within Google, the company is also still trying to improve its core …

iPhone’s PIN-Based Security Transparent To Ubuntu

js — Mon, 31 May 2010 11:26:04 +0000

ndogg writes “Security experts found that the iPhone 3GS has very little security, even with a PIN set up. They plugged one into Ubuntu 10.04, and it was automounted with almost all of the iPhone’s data exposed. This has been …

Secure Communication Comes To Android

js — Mon, 31 May 2010 11:24:03 +0000

An anonymous reader writes “Forbes is reporting that Moxie Marlinspike and Stuart Anderson’s startup, Whisper Systems, has released a public beta of two Android applications that provide encrypted call and SMS capabilities for your Android phone. In the wake of …

German User Fined For Having an Open WI-Fi

js — Fri, 14 May 2010 12:38:23 +0000

Kilrah_il writes “A German citizen was sued for copyright infringement because copyrighted material was downloaded through his network while he was on vacation. Although the court did not find him guilty of copyright infringement, he was fined for not having …

Position-Based Quantum Cryptography Proved Secure

js — Fri, 14 May 2010 12:37:54 +0000

KentuckyFC writes “Physicists have developed a new kind of quantum cryptography that uses position measurements to guarantee the security of a message. The technique is based on triangulation. Alice uses several transmitters to send messages to Bob who returns them …

Anyone Can Play Big Brother With BitTorrent

js — Thu, 13 May 2010 13:34:25 +0000

An anonymous reader writes “I was at the 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats yesterday, and there were people from the French Institute for Computer Science who have continuously spied on most BitTorrent users on the Internet …

IBM. Redbook. Mainframe Security

js — Thu, 13 May 2010 12:58:02 +0000

Publicado ontem. ToC: Introduction Introduction Security of the IBM Mainframe: yesterday and today Technical view z/Architecture: hardware and z/OS concepts Virtualization z/VM Security Other operating systems z/OS Security Hosting the building blocks of IBM Security Framework in z/OS Security exploiters …

Sarah Palin hacker convicted

js — Thu, 13 May 2010 12:57:42 +0000

By Tim Conneally, Betanews In late 2008, David C. Kennel obtained the Yahoo email address of former Alaska Governor Sarah Palin, and then used simple deduction to answer the “challenge question” that would grant access to her password and subsequently …

“Why I Want My Daughter to be a Hacker”

js — Thu, 13 May 2010 12:57:20 +0000

A ler. AQUI. Link to the original site

DNSSEC and the Geopolitical Future of the Internet

js — Mon, 10 May 2010 10:08:28 +0000

synsynackack writes “The Register reports that the DNSSEC protocol could have some very interesting geo-political implications, including erosion of the scope of state sovereign powers. The chairman of ICANN, Peter Dengate-Thrush, explained, ‘We will have to handle the geo-political element …

The Desktop Security Battle May Be Lost

js — Mon, 10 May 2010 10:08:17 +0000

Trailrunner7 writes in with a Threatpost.com article that begins: “For years, security experts, analysts and even users have been lamenting the state of desktop security. Viruses, spam, Trojans and rootkits have added up to create an ugly picture. But, the …

Hot Sales In China For Wi-Fi Key-Cracking Kits

js — Mon, 10 May 2010 10:08:07 +0000

alphadogg writes “Dodgy salesmen in China are making money from long-known weaknesses in a Wi-Fi encryption standard, by selling network key-cracking kits for the average user. Wi-Fi USB adapters bundled with a Linux operating system, key-breaking software, and a detailed …

Hacker Develops ATM Rootkit

js — Mon, 10 May 2010 10:07:52 +0000

alphadogg writes “One year after his Black Hat talk on automated teller machine security vulnerabilities was yanked by his employer, security researcher Barnaby Jack plans to deliver the talk and disclose a new ATM rootkit at the computer security conference. …

New Windows Attacks Outsmart Anti-virus

js — Mon, 10 May 2010 10:07:31 +0000

According to The Register, “Researchers say they’ve devised a way to bypass protections built in to dozens of the most popular desktop anti-virus products, including those offered by McAfee, Trend Micro, AVG, and BitDefender. The method, developed by software security …

Critical Flaw Found In Virtually All AV Software

js — Mon, 10 May 2010 10:07:26 +0000

Securityemo writes “The Register is running an article about a new method to bypass antivirus software, discovered by Matousec. By sending benign code to the antivirus driver hooks, and switching it out for malicious code at the last moment, the …

Journalists Yahoo E-Mail Accounts Compromised In China

js — Tue, 27 Apr 2010 13:04:03 +0000

andy1307 writes “According to this article in the New York Times, In what appears to be a coordinated assault, the e-mail accounts of at least a dozen rights activists, academics and journalists who cover China have been compromised by unknown …