Vulnerabilities

E973b16363b3de77b360563237df7e32

Open Source Intelligence Operations Part One

May 10, 2010 Added by:Bozidar Spirovski

Wikipedia defines Open source intelligence (OSINT) is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence. In reality, the methodology used in OSINT is the information gathering phase of every penetration phase. They only stuck a fancy name to the process.

Comments  (0)

E376ca757c1ebdfbca96615bf71247bb

The Need to Develop Security Guidelines For Medical Devices

May 10, 2010 Added by:shawn merdinger

In the April 2010 issue of New England Journal of Medicine, William Maisel and Tadayoshi Kohno state that “medical-device manufacturers have a legal responsibility to be vigilant and responsive to security threats, although their specific responsibilities have not been well delineated.”

Comments  (1)

37d5f81e2277051bc17116221040d51c

Scammers Bait 40,000 Facebook Victims with Ikea Gift Card

April 21, 2010 Added by:Robert Siciliano

It’s just a matter of setting up a fake Facebook page and marketing it to a few people who then send it to their friends and it goes somewhat viral. The Ikea scam hooked 40,000 unsuspecting victims with the promise of a $1,000 gift card.

Comments  (0)

Ba5964a1284ac16d4277991e7225699c

How to be exposed via xss - in one click - just doing your job...

April 16, 2010 Added by:Jason Remillard

As the attacks on infrastructure become more complicated, the true nature of deep penetration attacks prove food for thought for all developers and operators.  Consider this case - where the apache open source infratructure itself became significantly exposed by a simple XSS attack that utilized some social engineering techniques (i.e. getting folks to click on things), to load others up with...

Comments  (2)

Ba5964a1284ac16d4277991e7225699c

Why we did it, and don't want to make money from it..

March 18, 2010 Added by:Jason Remillard

A description of the automated wordpress security plugin by SSM. If you're running WP, check it out!

Comments  (0)

6d117b57d55f63febe392e40a478011f

Hacker Releases Second Video of Enhanced XerXeS DoS Attack on Apache Vulnerability

March 11, 2010 Added by:Anthony M. Freed

Infosec Island has once again gained exclusive access to a video demonstration of the XerXeS DoS. This new video shows a little more of the XerXeS dashboard, and reveals even more about the attack technique – watch the text box on the left as Jester mentions “Apache” for the first time outside of our private conversations.

Comments  (15)

B426b30042abbc15e363cb679bbc937d

Press F1 for Help, pwned.

March 08, 2010 Added by:Daniel Kennedy

Microsoft published security advisory 981169 yesterday in response to the zero day vulnerability reported a few days prior. The vulnerability is in the help system and can be triggered by luring an Internet Explorer user into pressing the F1 key. Windows 2000, Windows XP SP2 & SP3, and Windows 2003 SP2 with Internet Explorer 7 and Internet Explorer 8 are all affected.

Comments  (0)

Ba5964a1284ac16d4277991e7225699c

Trust but verify...

March 08, 2010 Added by:Jason Remillard

Very interestingly enough, in the past five or six days we have been detecting ad networks including Google Adsense, Adultadwords, and Adbrite allowing malware-laden ads on their networks.  We are not the only ones who have identified this issue, check out the following links for more information about them:

Comments  (1)

E4b33dbe234685965beb3e9f2a0ad456

Google, Adobe, and Big Oil Attack Commonalities

March 07, 2010 Added by:Ted LeRoy

The work of protecting information is becoming more difficult with time.  The recently discovered attacks on Google, Adobe, Marathon Oil, ExxonMobil, and ConocoPhillips illustrate an alarming trend.  The attacks even gave rise to a new attack model, the Advanced Persistent Threat (APT).

Comments  (0)

6d117b57d55f63febe392e40a478011f

Exclusive Video of XerXeS DoS Attack

February 22, 2010 Added by:Anthony M. Freed

Infosec Island has gained exclusive access to a video demonstration of the XerXeS DoS attack as it is unleashed on the Taliban website www.alemarah.info, and carried out by infamous patriot hacker The Jester (th3j35t3r).

Comments  (10)

0f48ebb4a6ca02dbf5141affdbfa6898

The Dragon’s Lair?

February 21, 2010 Added by:Bill Wildprett, CISSP, CISA

An excellent article in the N.Y. Times on February 18th stated that two Chinese schools, the Shanghai Jiaotong University and the Lanxiang Vocational School were involved in the recent online attacks against Google and dozens of other U.S. corporations.  These conclusions come...

Comments  (1)

D5e39323dd0a7b8534af8a5043a05da2

De-cloaking in Internet Explorer

February 13, 2010 Added by:Fred Williams

I ran across a pretty interesting article on RSnake's blog about using a URL to get users to disclose personal information. I tested this in IE8 and the posting claims it works in IE6 and IE7 as well.  I tested in Firefox with and without NoScripts enabled and it doesn't work.  Yay Firefox!

Comments  (5)

Ba5964a1284ac16d4277991e7225699c

Why Regular Malware Scanning is important for your customers...

December 15, 2009 Added by:Jason Remillard

The path to website security is littered with good intensions of course, however, the intensions need a revamp in order to prove good.  In this case, the good ol' days of giving your clients an ssl cert, a simple firewall on there server are NOT GOOD ENOUGH.

Comments  (6)

7fef78c47060974e0b8392e305f0daf0

Are you running a WordPress Blog? Update it today

August 12, 2009 Added by:Infosec Island Admin

Another security release for Wordpress was released yesterday (version 2.8.4) which patches a rather annoying security flaw discovered with all prior versions. By sending a specially crafted URL as an unauthenticated user to your WP blog, and attacker can essential reset your admin password and lock you out of your blog.

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Adobe Releases Critical Patches for Flash Player

July 31, 2009 Added by:Infosec Island Admin

Today, Adobe released version 10.0.32.18 of their Flash Player software. This new version fixes multiple critical vulnerabilities, many of this Adobe has not been forthcoming about.

Comments  (4)

7fef78c47060974e0b8392e305f0daf0

Google to Build Malware Resistant OS

July 09, 2009 Added by:Infosec Island Admin

According to Google's official Blog, Google plans to extend their Google Chrome browser (considered by most security professionals to be the most insecure browser out there) into a lightweight operating system designed to primarily interact with web-enabled technologies.

Comments  (2)

Page « < 14 - 15 - 16 - 17 - 18 > »