I’m not sure what the real intentions are but doesn’t it sound a bit odd that the Telegraph media group CIO will thank the guys at Hackersblog for exposing their SQL injection vulnerabilities?
Oh great! Its now my account that has been compromised .. ouch! Interestingly this is the first time any service provider has sent me any such notification. This may be in part because I live in Europe where data breach notification is still being debated therefore many providers may remain silent until exposed.
This is a mail I received from Spotify this evening
Researchers from the University of Cambridge have published a paper which discusses problems with the introduction of new hand held card readers optimized for online banking in the UK. Here is a part of the abstract:
Looks like F-Secure made it to the “sql-injected” and “xsscripted” list.
Attack is not new but it looks like it its becoming popular… Symantec reports:
a Trojan installed on an infected machine runs a rogue DHCP server on the local network and serves bogus DHCP packets to other machines when they request a new IP configuration. If the Trojan is fast enough in sending out these [...]
An article by Zdnet’s Zero Day blog discusses the current spread of malware via the Windows Autorun functionality - USB being the main transport agent.Talking about the malware, it notes:
Their functionality varies. It started out with online games password-stealers targeting World of Warcraft, LineAge and others. But over the last months, we’re seeing malware being [...]
It’s been reported that WordPress, a popular blogging application is vulnerable to cross-site scripting (XSS). The vulnerability, discovered in the RSS feed generator and complete with a PoC, affects all versions prior to and including version 2.6.3. A week after the vendor (WordPress) was notified, it released a new version (2.6.5).
Secunia, a vulnerability management firm, has given home users an opportunity to improve their security with its release of Personal Software Inspector (PSI) version 1.0. Released for Windows, PSI aims to raise the security bar by checking and updating all the software installed on the home PC with the latest security patches. Download your copy [...]
After many reported vulnerabilities and poor security practices on Obama’s web sites such as change.gov and barackobama.com, CNN reports that Obama’s phone records have also been improperly accessed by Verizon employees NOT authorised to do so.
The report quotes the President of Verizon Wireless saying “the personal wireless account of President-elect Barack Obama had been accessed [...]
Vulnerability disclosure has been raging for as long as it has been. While some support what is known as Full Disclosure, a practice of going public with full details of security vulnerabilities, what appears to be an industry norm these days is called Responsible Disclosure where the details of the vulnerability is first disclosed to the vendor. So why does there appear to be a rift between TrendMicro and ISS X-Force?
