Two researchers from Trustwave will demonstrate how to use man-in-the-middle attacks against Oracle databases to steal user credentials and take over sessions at Black Hat Europe next week. Two researchers from Trustwave will demonstrate how a man-in-the-middle attack on Oracle databases can be leveraged to swipe user credentials and hijack sessions at the upcoming Black [...]
Archive for the ‘Security’ Category
Study calls for more C-level involvement in cybersecurity
Organizations with top executives who aren’t involved in cybersecurity decisions face a serious problem — a major hit to their bottom lines, according to a report released Wednesday. “Many organizations see cybersecurity as solely an IT problem,” said Karen Hughes, director of homeland security standards programs at the American National Standards Institute (ANSI), one of [...]
Free app makes paid web scanners dead in the water
Google’s upgraded version of its automated Web application scanner, SkipFish, has received glowing reviews from local security experts. The free tool designed by Google software engineer Michal Zalewski, and launched late last week, scans for web application vulnerabilities. Penetration testing firm HackLabs director Chris Gatford said the tool is “blazingly fast” and accurate. The revamped [...]
Apple delivers record monster security update
Apple today patched 92 vulnerabilities, a third of them critical, in a record update to its Leopard and Snow Leopard operating systems. Security Update 2010-002 plugged 92 holes in the client and server editions of Mac OS X 10.5 and Mac OS X 10.6, breaking a record that has stood since March 2008 . The [...]
Microsoft runs fuzzing botnet, finds 1,800 Office bugs
Microsoft uncovered more than 1,800 bugs in Office 2010 by tapping into the unused computing horsepower of idling PCs, a company security engineer said today. Office developers found the bugs by running millions of “fuzzing” tests, said Tom Gallagher, senior security test lead with Microsoft’s Trustworthy Computing group. Fuzzing, a practice employed by both software [...]
Browser fingerprints: A big privacy threat
Forget cookies — even the ultrasneaky, Flash-based “super cookies.” A new type of tracking may identify you far more accurately than any cookie — and you may never know it was there. The method pulls together innocuous data about your browser, such as plug-ins, system fonts, and your operating system. Alone, they don’t identify you. [...]
Jedi Packet Trick punches holes in firewalls
Hackers have hit on a new way to break into computers: by attacking the firmware used in networking cards. Independent security researcher Arrigo Triulzi is set to unveil one such attack on Friday at the CanSecWest security conference. He calls his technique the Jedi Packet Trick. It essentially installs a clandestine virtual private network inside [...]
iPhone falls in Pwn2Own hacking contest
A delayed flight didn’t stop Vincenzo Iozzo and Ralf Weinmann from scoring a cool US$15,000, a brand-new iPhone and a trip to Las Vegas at the annual Pwn2Own hacking contest in Vancouver on Wednesday. The security researchers developed an undisclosed attack on the iPhone’s mobile Safari browser to get access to a phone and then [...]
The Web’s greatest security threats revealed
Where are the greatest Web-related security threats today? Analysis of Web Hacking Incidents Database (WHID) reveals that in 2009 social networks were at the greatest risk, malware and defacement remained the most common outcome of Web attacks, and SQL injection was the most common attack vector. Here’s a deeper dive on the findings and what [...]
Tech apocalypse: Five doomsday scenarios for IT
Technology drives just about everything we do, and not just at our jobs. From banks to hospitals to the systems that keep the juice flowing to our homes, we are almost entirely dependent on tech. More and more of these systems are interconnected, and many of them are vulnerable. We see it almost every day. [...]