Vulnerabilities

A88973e7d0943d295c99820ab9aeed27

Pending Domain Name System Changes

May 28, 2010 Added by:Simon Heron

The Domain Name System (DNS) is undergoing a change that was started in December of 2009 and is intended to complete in July of this year, 2010. In the light of a number of exploits of vulnerabilities with DNS identified over the past year or so, a more secure implementation is being brought into play which could cause problems with connectivity in some cases.

Comments  (0)

37d5f81e2277051bc17116221040d51c

Watching Out For Criminal Hacks

May 25, 2010 Added by:Robert Siciliano

We use the web to search out tons of information, to shop online and to connect with friends and family. And in the process criminals are trying to whack us over the head and steal from us. And they’ve become very proficient at their craft while most computer users know enough about protecting themselves today as they did 15 years ago. Which equates to not so much.

Comments  (1)

E973b16363b3de77b360563237df7e32

Impact of Online Intelligence Searches part II

May 17, 2010 Added by:Bozidar Spirovski

In our previous article - "Open Source Intelligence Operations" we looked at the generic process of information gathering. But what is this process looking for? The answer to this question is important to all parties..

Comments  (0)

Ba5964a1284ac16d4277991e7225699c

Wordpress mass infection continues to spread....

May 12, 2010 Added by:Jason Remillard

As reported yesterday, and now reinforced by our friends at wpsecuritylock.com, the godaddy malware infections continue to grow, and now seems to be spreading across different hosters and now targeted applications.

Comments  (2)

8880ca0deddd14fc387dca5cd9538fa0

Web Application Insecurity - VIDEO

May 10, 2010 Added by:Jeremiah Talamantes

As a professional penetration tester, I help organizations identify and validate vulnerabilities in their systems everyday. However even in today's heighten awareness for vulnerabilities in web apps, I tend to find myself involved in more network-centric pen tests vs. application-centric pen tests. Some of this can be attributed toward the maturity of network security. But as security profess...

Comments  (4)

E973b16363b3de77b360563237df7e32

Open Source Intelligence Operations Part One

May 10, 2010 Added by:Bozidar Spirovski

Wikipedia defines Open source intelligence (OSINT) is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence. In reality, the methodology used in OSINT is the information gathering phase of every penetration phase. They only stuck a fancy name to the process.

Comments  (0)

E376ca757c1ebdfbca96615bf71247bb

The Need to Develop Security Guidelines For Medical Devices

May 10, 2010 Added by:shawn merdinger

In the April 2010 issue of New England Journal of Medicine, William Maisel and Tadayoshi Kohno state that “medical-device manufacturers have a legal responsibility to be vigilant and responsive to security threats, although their specific responsibilities have not been well delineated.”

Comments  (1)

37d5f81e2277051bc17116221040d51c

Scammers Bait 40,000 Facebook Victims with Ikea Gift Card

April 21, 2010 Added by:Robert Siciliano

It’s just a matter of setting up a fake Facebook page and marketing it to a few people who then send it to their friends and it goes somewhat viral. The Ikea scam hooked 40,000 unsuspecting victims with the promise of a $1,000 gift card.

Comments  (0)

Ba5964a1284ac16d4277991e7225699c

How to be exposed via xss - in one click - just doing your job...

April 16, 2010 Added by:Jason Remillard

As the attacks on infrastructure become more complicated, the true nature of deep penetration attacks prove food for thought for all developers and operators.  Consider this case - where the apache open source infratructure itself became significantly exposed by a simple XSS attack that utilized some social engineering techniques (i.e. getting folks to click on things), to load others up with...

Comments  (2)

Ba5964a1284ac16d4277991e7225699c

Why we did it, and don't want to make money from it..

March 18, 2010 Added by:Jason Remillard

A description of the automated wordpress security plugin by SSM. If you're running WP, check it out!

Comments  (0)

6d117b57d55f63febe392e40a478011f

Hacker Releases Second Video of Enhanced XerXeS DoS Attack on Apache Vulnerability

March 11, 2010 Added by:Anthony M. Freed

Infosec Island has once again gained exclusive access to a video demonstration of the XerXeS DoS. This new video shows a little more of the XerXeS dashboard, and reveals even more about the attack technique – watch the text box on the left as Jester mentions “Apache” for the first time outside of our private conversations.

Comments  (15)

B426b30042abbc15e363cb679bbc937d

Press F1 for Help, pwned.

March 08, 2010 Added by:Daniel Kennedy

Microsoft published security advisory 981169 yesterday in response to the zero day vulnerability reported a few days prior. The vulnerability is in the help system and can be triggered by luring an Internet Explorer user into pressing the F1 key. Windows 2000, Windows XP SP2 & SP3, and Windows 2003 SP2 with Internet Explorer 7 and Internet Explorer 8 are all affected.

Comments  (0)

Ba5964a1284ac16d4277991e7225699c

Trust but verify...

March 08, 2010 Added by:Jason Remillard

Very interestingly enough, in the past five or six days we have been detecting ad networks including Google Adsense, Adultadwords, and Adbrite allowing malware-laden ads on their networks.  We are not the only ones who have identified this issue, check out the following links for more information about them:

Comments  (1)

E4b33dbe234685965beb3e9f2a0ad456

Google, Adobe, and Big Oil Attack Commonalities

March 07, 2010 Added by:Ted LeRoy

The work of protecting information is becoming more difficult with time.  The recently discovered attacks on Google, Adobe, Marathon Oil, ExxonMobil, and ConocoPhillips illustrate an alarming trend.  The attacks even gave rise to a new attack model, the Advanced Persistent Threat (APT).

Comments  (0)

6d117b57d55f63febe392e40a478011f

Exclusive Video of XerXeS DoS Attack

February 22, 2010 Added by:Anthony M. Freed

Infosec Island has gained exclusive access to a video demonstration of the XerXeS DoS attack as it is unleashed on the Taliban website www.alemarah.info, and carried out by infamous patriot hacker The Jester (th3j35t3r).

Comments  (10)

0f48ebb4a6ca02dbf5141affdbfa6898

The Dragon’s Lair?

February 21, 2010 Added by:Bill Wildprett, CISSP, CISA

An excellent article in the N.Y. Times on February 18th stated that two Chinese schools, the Shanghai Jiaotong University and the Lanxiang Vocational School were involved in the recent online attacks against Google and dozens of other U.S. corporations.  These conclusions come...

Comments  (1)

Page « < 15 - 16 - 17 - 18 - 19 > »