Both Twitter and Google have pulled some decent jokes this Halloween. Starting with Google, they have as usual implemented a holiday logo, this year the logo’s candy unwraps each time you click on it. More subtly though, the robots.txt file on Google contains some special instructions for User-agent: Kids.
Archive for October, 2009
The Twitter worm/twishing attack of the other day has caught some interesting casualties in its net, most notably Marco Rubio a former Speaker of the Florida House of Representatives and a viable candidate for one of Florida’s Senate seats in 2010 and Zach Wamp, a candidate for Governor of Tennessee and a 14 year U.S. congressional representative.
A new twitter worm is being reported making the rounds this morning, which is actually an expertly crafted variant of the worm we reported back on September 24th. The variant has changed the direct message from “ROFL, this you on here?” to “hi. this you on here?”. The bad actor in China has also used a new URL, but with the same Twitter login landing page identifiable by its stray HTML brace “>” following the line under ‘Sign in to Twitter’. This important difference in wording should allow for a spate of new captured twitter credentials.
When you are in security long enough, people in your daily life seem to seek you out when they have a problem that may be security related. This morning was one of those times, when a friend showed me her most recent ATM receipt in a panic.
If you replace watch.swf with warp.swf in a url on youtube, a new application shows up that dynamically opens up new nodes of related videos. Its both interesting and bizarre, anda good way to burn five minutes: Youtube Warp.
This morning a security researcher identified that he was able to carry out a successful SQL Injection attack against donate.barackobama.com, the official campaign donation site of current President Barack Obama, and gain access to credentials such as user names and passwords for persons who have donated to the Obama campaign, as well as administrative user credentials. On his blog he goes on to postulate the further attack possibilities with admin access such as web site defacement, uploading phpshells, and so forth. The problem is that the researcher Unu didn’t find an SQL injection site on donate.barackobama.com, he found one on a calendar application at Roosevelt University. In the process of finding out how that would be possible, a real web site vulnerability on the Obama web site reveals itself.
Several months ago, users of a wireless carrier in the United Arab Emirates (UAE) were sent an SMS message to their Blackberry devices instructing them to install a software patch that would resolve recent network trouble they’ve been experiencing. The patch turned out to be spyware (Etisalat.A[MA]) and would intercept the user’s email, sending the [...]
This morning at 11am Homeland Security Secretary Janet Napolitano addressed the nation as part of the ongoing activities around National Cybersecurity Awareness Month. This is the sixth year of this program, sponsored by the National Cyber Security Division (NCSD) of the Department of Homeland Security, in which the department advises the American people on staying safe online. This year’s theme is “Our Shared Responsibility”, reinforcing the idea that all computer users have a responsibility for protecting themselves online. The address this morning featured the ability to ask questions of the Secretary, we sent one in, and Secretary Napolitano answered it.
During Yahoo!’s Hack Days, developers create web applications relying on Yahoo’s APIs (application program interface) or open source libraries. Initially started as an internal Yahoo event in 2005 by the then CTO Chad Dickerson, Hack Days for the public are also scheduled with the first one appearing in 2006 at the company headquarters in Sunnyvale California. The event typically involves scheduled talks along with hacking time, demo sessions, and prizes for the top hacks. This year’s event on October 17th in Taiwan added a somewhat controversial aspect to the gathering, the objectification of women.