Oct 9th, 2008 · As discussed previously on Slashdot, concern has been raised over a class of 'clickjacking' vulnerabilities which affect all major Web browsers. These exploits allow an attacker to place invisible or seemingly legit objects on a Web page that perform …
Oct 5th, 2008 · An anonymous reader alerts us to a two-week-old story that hasn't gotten much traction in the press to date. A Japanese newspaper and the AP report that China plans to demand source code from hardware manufacturers, and ban the sale of products from companies …
Sep 30th, 2008 · An anonymous reader sends a link to DarkReading on the recent announcement by Princeton researchers of four major Web sites on which they found exploitable cross-site request forgery vulnerabilities. The sites are the NYTimes, YouTube, Metafilter, and …
Sep 4th, 2008 · A few weeks ago a video of a talk given by Adam Savage of the television show MythBusters spread across the internet (including a mention on Slashdot.) On the video Savage stated that the show was unable to produce an episode about previously known RFID …
Aug 29th, 2008 · Researchers at MIT have created a method for analyzing networks to detect exploitable vulnerabilities using attack graph analysis which can be done in near real time. The new Lincoln Labs tool will allow admins of large networks to detect their most vulnerable …
Aug 22nd, 2008 · ZDNet's Zero Day blog is reporting that a DNS server of one of China's largest ISPs has been poisoned to redirect typos to a malicious site rigged with drive-by exploits. The DNS poisoning attacks are affecting customers of China Netcom (CNC) and are …
Aug 18th, 2008 · Black Hat 08 disclosed several SSL VPN and DNS vulnerabilities that caused several people to sit up and take notice. Some of these new exploits performed a brilliant Man-In-The-Middle attack on SSL VPN tunnels. This article walks you through how using …
Aug 16th, 2008 · The Boston subway hack case has exposed a familiar rift in the security industry over responsible disclosure standards. Many see the temporary restraining order preventing three MIT undergrads from publicly discussing vulnerabilities they discovered in …
Aug 11th, 2008 · snydeq sends along InfoWorld coverage of the EFF's plans to appeal a US District Court order that kept three MIT students from presenting detailed flaws in the Massachusetts Bay Transportation Authority e-ticketing system at Defcon. And an anonymous reader …
Aug 8th, 2008 · scribbles89 sends in a story with that alarmist headline from Neowin.net; it does sound like it could be a game-changer. "While this may seem like any standard security hole, other researchers say that the work is a major breakthrough and there is very …
Aug 5th, 2008 · Zack Anderson, an MIT student, created a solution to wardriving on a budget: warcarting. The Warcart is a shopping cart retrofitted with just about every sort of wireless sniffing device available. It has pivoting antennas and a smoke grenade launcher. …
Aug 1st, 2008 · Our IT department has been tasked with creating a list of authorized software, and only allowing software to be added to such a list after it has been thoroughly tested. In theory that sounds like a great idea — but how should we test apps to make …
Aug 1st, 2008 · Apple has just released Security Update 2008-005, which patches BIND against the Kaminsky DNS poisoning issue. 'This update addresses the issue by implementing source port randomization to improve resilience against cache poisoning attacks. For Mac OS …
Jul 17th, 2008 · Firefox 3.0.1 was released today. It fixes 3 security vulnerabilities, including a critical issue reported by Billy Rios, Ben Turner, and Dan Veditz . The issue could be combined with an issue in Apple's Safari browser to read data from the user's disk …
Jul 17th, 2008 · The age-old full disclosure debate has been raging again, this time in no other place than at the foundations of the open-source flagship GNU/Linux operating system: within the Linux kernel itself. It beggars belief, but even Linux creator, Linus Torvalds, …
Jun 28th, 2008 · ZDNet Zero-Day blogger Nate McFeters has asked the question, 'Should vulnerabilities be treated as defects?' McFeters claims that if vulnerabilities were treated as product defects, companies would have an effective way of forcing developers and business …
Jun 23rd, 2008 · ruphus13 notes a six-pack of serious vulnerabilities discovered in Ruby by a member of Apple's security team, Drew Yao. Patches are linked from the ruby-lang.org advisory. "With the following vulnerabilities, an attacker can lead to denial of service …
Jun 18th, 2008 · O'Reilly Media is running an interview with Gordon Mohr, Chief Technologist for the Internet Archive (archive.org). If you've ever wondered how pages are selected for archiving, or just how they manage such a huge quantity of data, the answers are here. …
Jun 11th, 2008 · The folks at Kaspersky labs are turning to distributed computing to factor the RSA key used by the GPcode virus to encrypt people's files and hold them for ransom. There are two 1024-bit RSA keys to break, which should require a network of about 15 million …
Jun 9th, 2008 · The Last H.O.P.E. ('Hackers on Planet Earth') Conference is set for July 18-20, 2007, at the Hotel Pennsylvania in New York City. The organizers have announced their supplemental speaker list, adding on to the initial list. Topics will include 'Crafting …
