For years, the security community has benefited from a virtuous circle consisting of vendors, researchers and media. Researchers perform a valuable task in working to identify weaknesses in products and technologies that could lead, in theory or in practice, to potentially preventable exploits and attacks. Vendors take that research and use it to make more secure products. Finally, the media reports publicly on the process to help ensure practitioners and product users can accurately assess risks related to these potential vulnerabilities
Microsoft released an emergency Windows update on Sunday after revealing that one of its trusted digital signatures was being abused to certify the validity of the Flame malware that has infected computers in Iran and other Middle Eastern Countries.
The compromise exploited weaknesses in Terminal Server, a service many enterprises use to provide remote access to end-user computers. By targeting an undisclosed encryption algorithm Microsoft used to issue licenses for the service, attackers were able to create rogue intermediate certificate authorities that contained the imprimatur of Microsoft's own root authority certificate—an extremely
The FTC has reached a settlement with Epic Marketplace, a large online ad network, related to what the FTC says is the company's practice of sniffing users' browser history for the purpose of serving them targeted ads related to a variety of sensitive topics. The settlement bars Epic from performing history sniffing and requires the company to destroy all of the data it's collected from consumers up to this point through history sniffing.The consent decree from the FTC is the latest in a series of actions from various agencies regarding the practice of history sniffing and tracking users across the Web. The FTC has been focusing on this practice
An unknown hacker has posted more than 8 million cryptographic hashes to the Internet that appear to belong to users of LinkedIn and a separate, popular dating website.
The massive dumps over the past three days came in postings to user forums dedicated to password cracking at insidepro.com. The bigger of the two lists contains almost 6.46 million passwords that have been converted into hashes using
CLEVELAND — Internet users are becoming vulnerable to hackers who can infiltrate software and gain access to webcams.
“The main thing to worry about is when software is able to turn on your camera without notifying you, without the user explicitly turning it on, that’s the main issue,” said Feross Aboukhadijeh, a student at Stanford University in California.
Via Skype, Feross told FOX 8 about his online discovery last year that criminals were able to “clickjack” – or trick – computer users into handing over control of their webcams via Adobe Flash Player. The move enabled hackers to turn on cameras and watch people without permission.
The above comment might seem incredibly harsh, but really, there's no good excuse for a site this prominent to not have a salted, secure password hashing system. Even if they started with an unsalted password system, users can be migrated to the newer more secure system on next login.
The only way I could regain respect for LinkedIn is if we find that these unsalted hashes were from users who never logged in to LinkedIn after the security upgrade. From the replies of other HN users who have found their password hashes in the leaked list, this doesn't seem to be the case though.
I can understand database leaks. Bad things happen.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post. Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use. A SQL injection is a virus or bug that effects an application that is not properly coded or secured. There are many different configurations of various software used to build and run a website. An
A federal judge rejected a Pennsylvania woman's argument that her employer violated a federal anti-hacking statute when it took control of her LinkedIn account after firing her. The court ruled the harms cited by the plaintiff were too speculative to pass muster under the Computer Fraud and Abuse Act (CFAA).Linda Eagle was the head of a company called Edcomm when it was acquired in 2010. But relations soured and Eagle was fired the following year. Eagle had shared her LinkedIn password with another Edcomm employee so that she could help Eagle manage the account. When Eagle was shown the door, her former assistant changed the password on her account,
The general in charge of the National Security Agency on Monday said the lack of national cybersecurity leglislation is costing us big and amounting to what he believes is "the greatest transfer of wealth in history."
U.S. Army Gen. Keith B. Alexander urged politicians to stop stalling on approving a much-needed cybersecurity law - of which various versions currently are circulating in Congress. At the same time, he implored private companies to better cooperate with government agencies, many of whom remain mum because of privacy concerns.
"We can do the protection of civil liberties and privacy and cybersecurity as a nation.
Hackers dumped another huge cache of stolen passwords, this time exposing what they said are as many 35,000 plaintext passcodes from the website of clothing maker Billabong International.
A post on CodePaste.net claimed 20,000 to 35,000 user names and corresponding passwords were retrieved in the hack of billabong.com. But the post included only 1,435 plaintext user credentials and didn't explain the discrepancy. Australia-based Billabong provides the accounts to customers to make frequent online purchasing more easy. The post also included what it claimed were user names and hashed passwords
- The Language of UX: Beyond Buzzwords -
- Discover the opportunities and challenges associated with mobile retail - Mobile Commerce World - Mobile Commerce World
- Get practical strategies to build a solid plan for profitability and success - Mobile Commerce World - Mobile Commerce World
- Delve into technologies and business issues around mobile payments and wallets - Mobile Commerce World - Mobile Commerce World
- Explore best practices for marketers in the new mobile world - Mobile Commerce World - Mobile Commerce World
- Meeting the Unilever eScience Challenges: To out-compute is to out-compete
- How to Automate CE 2.0 Service Delivery
- BYOD and Windows 7 Migration are the Questions. Is Desktop as a Service the Answer?
- Intelligent Management of WAS Applications: Reduce Cost, Complexity, and Errors
- Data Center Performance: Optimization Secrets Revealed