Latest Posts
From the Web
Carrell Clinic guard indicted
July 31, 2009 from: Office of Inadequate Security
A federal grand jury in Dallas has returned an indictment charging an Arlington, Texas, man, who worked as a contract security guard at the Carrell Clinic on North Central Expressway in Dallas, with felony offenses related to his compromising and damaging the hospital’s computer system, announced Acting U.S. Attorney James T. Jacks of the Northern District of Texas. Jesse William McGraw, a/k...
Comments (0)
Extremely Sensitive US Secrets Found on P2P Networks
July 29, 2009 Added by:Infosec Island Admin
According to an article released by the Washington Post today, private firm, Tiversa, Inc, discovered extremely sensitive information on global P2P Networks.
Comments (0)
From the Web
URL bar spoofing vulnerability
July 28, 2009 from: Mozilla Security Blog
Firefox - The URL in the address bar can be spoofed when a new window or tab is opened by a malicious web page.
Comments (0)
From the Web
Locking up the valuables: Opt-in security with ForceTLS
July 28, 2009 from: Mozilla Security Blog
Computers are increasingly mobile and, to serve them, more and more public spaces (cafes, airports, libraries, etc.) offer their customers WiFi access. When a web browser on such a network requests a resource, it is implicitly trusting the hotspot not to interfere with the communication. A malicious computer hooked up to the network could alter the traffic, however, and this can have some un...
Comments (1)
From the Web
Network Solutions suffers crippling data breach
July 27, 2009 from: Office of Inadequate Security
Over half a million credit card holders may have had their account details captured by hackers, after web hosting firm Network Solutions revealed that more than 4,000 of the e-commerce sites it hosts could have been breached.
Comments (1)
From the Web
Credit industry slow to protect customers from CreditMaster scam
July 25, 2009 from: Office of Inadequate Security
Recent cases in which people have been charged with online fraud for allegedly making purchases with illegally obtained credit card numbers have shed light on the lack of effective measures taken to frustrate the CreditMaster scam used in these incidents, even though the credit card industry was already aware of its existence.
Comments (0)
From the Web
Network Solutions hacked
July 24, 2009 from: Office of Inadequate Security
Hackers have broken into Web servers owned by domain registrar and hosting provider Network Solutions, planting rogue code that resulted in the compromise of more than 573,000 debit and credit card accounts over the past three months, Security Fix has learned.
Comments (1)
From the Web
Ensuring Critical Patch Update Quality
July 24, 2009 from: The Oracle Global Product Security Blog
A commentary about Oracle's Critical Patch Update (CPU) program works from Eric Maurice of Oracle
Comments (0)
From the Web
Too much personal data released
July 24, 2009 from: Office of Inadequate Security
Personal information of almost 900 people was given to a public-housing resident [in Virginia] who requested a list of those who had been banned from Hampton Redevelopment and Housing Authority property.
Comments (0)
From the Web
Leahy reintroduces data breach bill
July 23, 2009 from: Office of Inadequate Security
Senate Judiciary Chairman Patrick Leahy (D-Vt.) has reintroduced a data breach bill that would set tougher rules for government agencies and private sector firms regarding consumers’ personal information.
Comments (0)
From the Web
Heartland breach felt in Bermuda
July 23, 2009 from: Office of Inadequate Security
Hundreds of Bermudians may have been the victims of credit card fraud stemming from a US security breach in January.
Comments (1)
From the Web
Report: Shortage of cyber experts may hinder govt
July 22, 2009 from: hackyourself.net
Federal agencies are facing a severe shortage of computer specialists, even as a growing wave of coordinated cyberattacks against the government poses potential national security risks, a private study found.
Comments (2)
From the Web
wget DNS-rebinding and Weak Intranet Port Scanning
July 21, 2009 from: Rsnake's blog at ha.ckers.org
Albeit this a technical document, some interested points on browser technology in general (Linux's "wget" command) and DNS re-binding protection methods, this is an interesting read for you more saavy webappsec guys
Comments (1)
From the Web
Firefox crash not exploitable (CVE-2009-2479)
July 19, 2009 from: Mozilla Security Blog
In the last few days, there have been several reports (including one via SANS) of a bug in Firefox related to handling of certain very long Unicode strings. While these strings can result in crashes of some versions of Firefox, the reports by press and various security agencies have incorrectly indicated that this is an exploitable bug. Our analysis indicates that it is not, and we have seen no ex...
Comments (1)
From the Web
Measure What Matters – The SEC Essentials
July 14, 2009 from: Mozilla Security Blog
People want to know that they are safe when they browse the web. There are important differences between browsers when it comes to security, and so it’s no surprise to see a growing number of groups out there attempting to compare browsers based on their security record. That’s great news; not only does it help inform users, but it also lets browser authors know where they stand, and w...
Comments (0)
From the Web
July 2009 Critical Patch Update Released
July 14, 2009 from: The Oracle Global Product Security Blog
This Critical Patch Update includes 10 additional fixes for Oracle Database Server. Three of these 10 vulnerabilities are remotely exploitable without authentication. None of these vulnerabilities affect client-only deployments.
Comments (0)
From the Web
Critical JavaScript vulnerability in Firefox 3.5
July 14, 2009 from: Mozilla Security Blog
A bug discovered last week in Firefox 3.5’s Just-in-time (JIT) JavaScript compiler was disclosed publicly yesterday. It is a critical vulnerability that can be used to execute malicious code.
Comments (1)
Not So Smart Grid?
July 14, 2009 Added by:Infosec Island Admin
According to a security researcher, the so-called Smart Grid technology being rolled out accross the country as part of the stimulus bill, may be vulnerable to numerous attacks. According to the researcher, many of the commands that allow the power company to interact with the smart-meters at the user's house (for example) do not require authentication, have no encryption and are ripe fo...
Comments (3)
From the Web
Hash Information Disclosure Via Collisions - The Hard Way
July 14, 2009 from: Rsnake's blog at ha.ckers.org
Every hashing algorithm has possible collisions once you allow a certain number of chars to be hashed. Let’s say you found out that “bob” and “sam” collided in whatever hashing algorithm. If you created an account on a web server with the password of “bob” and then later typed in the password of “sam” assuming no salts you would be able to get ...
Comments (0)
PCI Auditor Being Sued for Certifiying CardSystems as Compliant
July 13, 2009 Added by:Infosec Island Admin
Savvis is being dragged into court to defend their PCI DDS certification of CardSystems in 2004, which was subsequently responsible for losing a quarter of a million credit card numbers. This is the first of potentially many legal actions against PCI auditors that certified organizations as compliant, when they were subsequently breached and responsible for the loss of consumer cred...