Latest Posts


From the Web

McAfee keeps leaked details to itself

July 31, 2009 from: Office of Inadequate Security

McAfee is yet to confirm with delegates to its recent Strategic Security Conference that their details were leaked in a bulk email, as reported on iTnews yesterday.

Comments  (0)


From the Web

Clampi Trojan stealing online bank data

July 31, 2009 from: Office of Inadequate Security

Hundreds of thousands of Windows computers are believed to be infected with a Trojan called “Clampi” that has been stealing banking and other login credentials from compromised PCs since 2007, a security researcher said on the eve of the Black Hat security conference.

Comments  (0)


From the Web

Carrell Clinic guard indicted

July 31, 2009 from: Office of Inadequate Security

A federal grand jury in Dallas has returned an indictment charging an Arlington, Texas, man, who worked as a contract security guard at the Carrell Clinic on North Central Expressway in Dallas, with felony offenses related to his compromising and damaging the hospital’s computer system, announced Acting U.S. Attorney James T. Jacks of the Northern District of Texas. Jesse William McGraw, a/k...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Extremely Sensitive US Secrets Found on P2P Networks

July 29, 2009 Added by:Infosec Island Admin

According to an article released by the Washington Post today, private firm, Tiversa, Inc, discovered extremely sensitive information on global P2P Networks.

Comments  (0)


From the Web

URL bar spoofing vulnerability

July 28, 2009 from: Mozilla Security Blog

Firefox - The URL in the address bar can be spoofed when a new window or tab is opened by a malicious web page.

Comments  (0)


From the Web

Locking up the valuables: Opt-in security with ForceTLS

July 28, 2009 from: Mozilla Security Blog

Computers are increasingly mobile and, to serve them, more and more public spaces (cafes, airports, libraries, etc.) offer their customers WiFi access. When a web browser on such a network requests a resource, it is implicitly trusting the hotspot not to interfere with the communication.  A malicious computer hooked up to the network could alter the traffic, however, and this can have some un...

Comments  (1)


From the Web

Network Solutions suffers crippling data breach

July 27, 2009 from: Office of Inadequate Security

Over half a million credit card holders may have had their account details captured by hackers, after web hosting firm Network Solutions revealed that more than 4,000 of the e-commerce sites it hosts could have been breached.

Comments  (1)


From the Web

Credit industry slow to protect customers from CreditMaster scam

July 25, 2009 from: Office of Inadequate Security

Recent cases in which people have been charged with online fraud for allegedly making purchases with illegally obtained credit card numbers have shed light on the lack of effective measures taken to frustrate the CreditMaster scam used in these incidents, even though the credit card industry was already aware of its existence.

Comments  (0)


From the Web

Network Solutions hacked

July 24, 2009 from: Office of Inadequate Security

Hackers have broken into Web servers owned by domain registrar and hosting provider Network Solutions, planting rogue code that resulted in the compromise of more than 573,000 debit and credit card accounts over the past three months, Security Fix has learned.

Comments  (1)


From the Web

Ensuring Critical Patch Update Quality

July 24, 2009 from: The Oracle Global Product Security Blog

A commentary about Oracle's Critical Patch Update (CPU) program  works from Eric Maurice of Oracle

Comments  (0)


From the Web

Too much personal data released

July 24, 2009 from: Office of Inadequate Security

Personal information of almost 900 people was given to a public-housing resident [in Virginia] who requested a list of those who had been banned from Hampton Redevelopment and Housing Authority property.

Comments  (0)


From the Web

Leahy reintroduces data breach bill

July 23, 2009 from: Office of Inadequate Security

Senate Judiciary Chairman Patrick Leahy (D-Vt.) has reintroduced a data breach bill that would set tougher rules for government agencies and private sector firms regarding consumers’ personal information.

Comments  (0)


From the Web

Heartland breach felt in Bermuda

July 23, 2009 from: Office of Inadequate Security

Hundreds of Bermudians may have been the victims of credit card fraud stemming from a US security breach in January.

Comments  (1)


From the Web

Report: Shortage of cyber experts may hinder govt

July 22, 2009 from: hackyourself.net

Federal agencies are facing a severe shortage of computer specialists, even as a growing wave of coordinated cyberattacks against the government poses potential national security risks, a private study found.

Comments  (2)


From the Web

wget DNS-rebinding and Weak Intranet Port Scanning

July 21, 2009 from: Rsnake's blog at ha.ckers.org

Albeit this a technical document, some interested points on browser technology in general (Linux's "wget" command) and DNS re-binding protection methods, this is an interesting read for you more saavy webappsec guys

Comments  (1)


From the Web

Firefox crash not exploitable (CVE-2009-2479)

July 19, 2009 from: Mozilla Security Blog

In the last few days, there have been several reports (including one via SANS) of a bug in Firefox related to handling of certain very long Unicode strings. While these strings can result in crashes of some versions of Firefox, the reports by press and various security agencies have incorrectly indicated that this is an exploitable bug. Our analysis indicates that it is not, and we have seen no ex...

Comments  (1)


From the Web

Measure What Matters – The SEC Essentials

July 14, 2009 from: Mozilla Security Blog

People want to know that they are safe when they browse the web. There are important differences between browsers when it comes to security, and so it’s no surprise to see a growing number of groups out there attempting to compare browsers based on their security record. That’s great news; not only does it help inform users, but it also lets browser authors know where they stand, and w...

Comments  (0)


From the Web

July 2009 Critical Patch Update Released

July 14, 2009 from: The Oracle Global Product Security Blog

This Critical Patch Update includes 10 additional fixes for Oracle Database Server. Three of these 10 vulnerabilities are remotely exploitable without authentication. None of these vulnerabilities affect client-only deployments.

Comments  (0)


From the Web

Critical JavaScript vulnerability in Firefox 3.5

July 14, 2009 from: Mozilla Security Blog

A bug discovered last week in Firefox 3.5’s Just-in-time (JIT) JavaScript compiler was disclosed publicly yesterday. It is a critical vulnerability that can be used to execute malicious code.

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

Not So Smart Grid?

July 14, 2009 Added by:Infosec Island Admin

According to a security researcher, the so-called Smart Grid technology being rolled out accross the country as part of the stimulus bill, may be vulnerable to numerous attacks. According to the researcher, many of the commands that allow the power company to interact with the smart-meters at the user's house (for example) do not require authentication, have no encryption and are ripe fo...

Comments  (3)