Informationweek Influencer
regsecurity (@regsecurity)
- Twitter Bio:
- The Register Security News
- Location:
- London - UK
- Website:
- http://www.theregister.co.uk/security/
regsecurity's Selections From the Web
As the overpriced beers flowed and dusk approached in central London pubs surrounding the venue of RSA Europe last week, talk often turned towards the (ISC)2 security certification body.(ISC)2, which administers the widely recognised Certified Information Systems Security Professional (CISSP) qualification, was "a waste of money" and its board of directors "filled with a bunch of out-of-touch boobs" who are unaware of the practical issues in the working life of an infosec professional, we heard.Membership fees for the organisation are $85 a year. But what do the 80,000 (ISC)2 members get in return?A cursory search reveals that the beer-fuelled
FBI agents may not have been the first to rumble the affair between CIA director David Petraeus and his biographer that led to the four-star general's resignation on Friday.Anyone with a copy of the leaked Stratfor databases, a half-decent PC, some political nous and a barrel of luck could have uncovered the fling months ago, it has emerged.Paula Broadwell, the former spy chief's mistress and biographer, was a customer of Stratfor, the private intelligence outfit that was attacked by Anonymous hackers last year. Buried in the megabytes of subsequently leaked information was Broadwell's Yahoo! email address and her hashed Stratfor login password.
Once installed on a compromised machine, Wirenet-1 logs key presses to capture passwords and sensitive information typed by victims. The program also grabs passwords submitted to Opera, Firefox, Chrome and Chromium web browsers, and credentials stored by applications including email client Thunderbird, web suite SeaMonkey, and chat app Pidgin. The malware then attempts to upload the gathered data to a server hosted in the Netherlands.
The software nastie was intercepted by Russian antivirus firm Dr Web, the company that carried out much of the analysis of the infamous Flashback trojan. Dr Web describes
A Georgian security researcher is due to present details of an unpatched vulnerability in Google's Chrome browser at the Malcon security conference in India over the weekend.Years ago the circumstances of Ucha Gobejishvili's presentation would hardly have raised an eyebrow but that was before Google began offering up to $60,000 in bug bounties for the low-down on most serious, remotely exploitable bugs in its Chrome web browser software.Gobejishvili has apparently forgone potential financial rewards by leaving Google in the dark before unwrapping a remotely exploitable hole in the Chrome web browser, which reportedly involves a critical vulnerability
Forensic analysis of two command-and-control servers behind the Flame espionage worm has revealed that the infamous malware has been around for longer than suspected - and as links to other mystery sophisticated software nasties.Flame was built by a group of at least four developers as early at December 2006, according to freshly published joint research by Symantec, Kaspersky Lab and the United Nations' International Telecommunication Union.The malware, which infected Microsoft Windows computers across the Middle East, came to light in May when Iranian authorities found it siphoning off data to its foreign handlers.Over the last six years, the
Several senior police officials and the former deputy interior minister of Georgia have been arrested on suspicion of spying on former opposition leaders and attempting to influence the result of October’s parliamentary elections.The arrests come after new prime minister Bidzina Ivanishvili’s coalition swept to power at the election, ending the nine-year rule of the government of president Mikheil Saakashvili, who remains in his post until October 2013.The 11 interior ministry officials and former deputy interior minister and current vice mayor of Tbilisi, Shota Khizanishvili, are accused of hacking their opponents’ PCs to illegally obtain personal
Free whitepaper – Forrester: Prepare For Anywhere, Anytime, Any-Device Engagement with a Stateless Mobile ArchitectureAustralia’s high end tech research engine NICTA will take a pivotal role in an US$18 million US Defence project which will develop software to protect the systems in drones from cyber attack.The US Defense Advanced Research Projects Agency (DARPA) awarded the 4.5 year contract to a global consortium, which includes Australia's NICTA, the Boeing Company, Galois, the University of Minnesota and led by Rockwell Collins. A team of six to eight dedicated NICTA researchers will be placed on the project with more staff added at peak
More details have emerged of a new attack that allows hackers to hijack encrypted web traffic - such as online banking and shopping protected by HTTPS connections.The so-called CRIME technique lures a vulnerable web browser into leaking an authentication cookie created when a user starts a secure session with a website. Once the cookie has been obtained, it can be used by hackers to login to the victim's account on the site.The cookie is deduced by tricking the browser into sending compressed encrypted requests for files to a HTTPS website and exploiting information inadvertently leaked during the process. During the attack, the encrypted requests
A shortcoming in browsers including Firefox and Opera allows crooks to easily hide an entire malicious web page in a clickable link - ideal for fooling victims into handing over passwords and other sensitive info.Usually, so-called "phishing attacks" rely on tricking marks into visiting websites designed by criminals to masquerade as banks and online stores, thus snaffling punters' credentials and bank account details when they try to use the bogus pages. However this requires finding somewhere to host the counterfeit sites, which are often quickly taken down by hosting companies and the authorities or blocked by filters.Instead, the malicious
A potent Java security vulnerability that first appeared earlier this week actually leverages two zero-day flaws. The revelation comes as it emerged Oracle knew about the holes as early as April.
Windows, Mac OS X and Linux desktops running multiple browser platforms are all vulnerable to attacks. Exploit code already in circulation first uses a vulnerability to gain access the restricted sun.awt.SunToolkit class before a second bug is used to disable the SecurityManager, and ultimately to break out of the Java sandbox.
"The beauty
Upcoming Events
Live Events
- The Language of UX: Beyond Buzzwords -
- I Can See Clearly Now - E2 Conference Boston
- Learn how to enage customers through mobility - Mobile Commerce World - Mobile Commerce World
- The E2 Social Business Leaders - E2 Conference Boston - E2 Conference Boston
- The A-to-Z of Building Your Big Data Initiative - E2 Conference Boston - E2 Conference Boston
This Week's Issue
Current Healthcare Issue
- Healthcare CIO 20: Innovation is tough amid today's regulatory checklists. These leaders are getting it done.
- Lessons Learned: Boston area CIO John Halamka reflects on the marathon bombing
- And much more!
- Read the Current Issue
Current Education Issue
- Hacking Higher Ed: The cybersecurity challenge on college campuses lies as much with the students as with malicious outsiders.
- When Education Gets Too Virtual: Students can use technology to undermine the integrity of education.
- And much more!
- Read the Current Issue
Related Whitepapers
Related Reports
