Tag: "featured"

A Superbowl Wifi Problem

A Superbowl Wifi Problem

It’s an annual puff piece, whoever is in charge of security at the Super Bowl appears on the news in front of some barrier or computer screen, talking about the number of security guards, guard dogs, or whatever else passes as some grand measure of the ‘amount’ of security being applied. And as with Super […]

Enterprise security policy around BYOD

New York Event: Bring Your Own…[Security] Problem?

Cross posted from 451 Information Security Every day thousands of users are bringing their own problems to work in the form of personally owned smart phones and laptops being used to access company system resources. When the bells, whistles, design, and applications on consumer phones started to outpace the stately Blackberries the senior executives carried, […]

Anonymous Releases Very Unanonymous Press Release

Anonymous Releases Very Unanonymous Press Release

Today, December 10th, Anonymous, an Internet gathering, released a press release which you can read below. In it, a description is provided of what Anonymous is about, what Operation Payback is, and where the media is getting it wrong. Also in it, its author forgot to remove his name in the pdf’s Meta information.

Paypal Sender Country XSS

Paypal Sender Country XSS

A new XSS vulnerability was identified on Paypal.com earlier today, found by d3v1l and disclosed on both Security-Shell and XSSed. The problem is with the parameter sender_country in a transaction called nvpsm.

Turning an ATM into a Slot Machine

Turning an ATM into a Slot Machine

In a talk originally slated for last year before it was muffled by Juniper based on the concerns of “an affected ATM vendor”, Jack demonstrates what he calls jackpotting an ATM.

Persistent XSS on Twitter.com

Persistent XSS on Twitter.com

Twitter user 0wn3d_5ys has demonstrated a persistent cross site scripting (XSS) vulnerability he found on June 21st using his own Twitter account (visit at your own risk) that appears to be due to a lack of input validation of the application name field when accepting new requests for Twitter applications.

The “Aurora” IE Exploit Used Against Google in Action

The “Aurora” IE Exploit Used Against Google in Action

The big news hit earlier this week, the attack vector that allowed bad actors presumably from China into the networks of Google, Juniper, Adobe, and some 30 other firms was an Internet Explorer zero day, a use after free vulnerability on an invalid pointer reference affecting IE 6, 7, and 8 but only used in IE 6 according to Microsoft.

Scareware Purveyors, Spammers, and Crooks Take Advantage of Haiti Earthquake

Scareware Purveyors, Spammers, and Crooks Take Advantage of Haiti Earthquake

Bad actors have taken advantage by engaging in search engine poisoning including taking over existing web sites, using techniques that boost search ranking, and installing malicious software using scareware tactics on user’s PC’s. They also set up fake donation web sites. Finally, they employ Spam e-mail, Twitter messages, and related electronic communication methods in order to direct users to these web sites.

Baidu.com the Latest Victim of Iranian CyberArmy

Baidu.com the Latest Victim of Iranian CyberArmy

A group called the Iranian Cyber Army has, fresh off the heels of their DNS attack on Twitter last month, hijacked the domain of Chinese search engine Baidu.com.

JUNOS (Juniper) Flaw Exposes Core Routers to Kernel Crash

JUNOS (Juniper) Flaw Exposes Core Routers to Kernel Crash

A report has been received from Juniper at 4:25pm under bulletin PSN-2010-01-623 that a crafted malformed TCP field option in the TCP header of a packet will cause the JUNOS kernel to core (crash).

Page 1 of 212