Informationweek Influencer
Web Security News (@WebSecurityNews)
- Twitter Bio:
- Web Security News is a digest of important security announcements and events about web application security techniques and strategies.
- Location:
- Keystone, Colorado, USA
- Website:
- http://twitter.com/websecuritynews
Web Security News's Selections From the Web
Disclosing a flaw in a widely used system without making someone at least a little angry requires a delicate touch. But Andrew Auernheimer, a.k.a. “Weev,” a 26-year-old finder of security vulnerabilities, is anything but delicate.Two years ago, Auernheimer and a friend made a surprising discovery about the way AT&T was protecting its web database of iPad cellular data accounts: That is, AT&T wasn’t protecting it at all. Any customer could access his or her account data by going to an AT&T URL containing their iPad’s unique numerical identifier. No password, cookie, or login procedure was required to bring up a user’s private information. Auernheimer
Symantec's chart shows a distribution of zero-day exploits based on how long they persist before being discovered. The average is close to 10 months. (Click to enlarge.)Software vendors are constantly on the watch for so-called “zero day” vulnerabilities–flaws in their code that hackers find and exploit before the first day companies become aware of them. But the term “zero-day” doesn’t capture just how early hackers’ head-starts often are: Day zero, it seems, often lasts more than 300 days.That’s one of the findings of a broad study of hackers’ zero-day exploits by two researchers at the antivirus firm Symantec that they plan to present at the
CLEVELAND — Internet users are becoming vulnerable to hackers who can infiltrate software and gain access to webcams.
“The main thing to worry about is when software is able to turn on your camera without notifying you, without the user explicitly turning it on, that’s the main issue,” said Feross Aboukhadijeh, a student at Stanford University in California.
Via Skype, Feross told FOX 8 about his online discovery last year that criminals were able to “clickjack” – or trick – computer users into handing over control of their webcams via Adobe Flash Player. The move enabled hackers to turn on cameras and watch people without permission.
FBI agents may not have been the first to rumble the affair between CIA director David Petraeus and his biographer that led to the four-star general's resignation on Friday.Anyone with a copy of the leaked Stratfor databases, a half-decent PC, some political nous and a barrel of luck could have uncovered the fling months ago, it has emerged.Paula Broadwell, the former spy chief's mistress and biographer, was a customer of Stratfor, the private intelligence outfit that was attacked by Anonymous hackers last year. Buried in the megabytes of subsequently leaked information was Broadwell's Yahoo! email address and her hashed Stratfor login password.
Google has never been stingy when it comes to paying for information about security vulnerabilities in products. Now it’s offering an especially large–and especially nerdy–sum of money.At its third Pwnium hacking competition in Vancouver in March, the company is ponying up a total of $3.14159 million in prizes for hackers who can demonstrate critical security vulnerabilities in its Chrome OS operating system running on a Samsung Series 5 550 Chromebook, according to a notice posted Monday on its Chromium blog. Any participant who can take over a Chromebook user’s browser or entire computer via a malicious Web page can earn a $110,000 payout.
Upcoming Events
Live Events
- Big Data: Architecting Systems at Speed - E2 Conference Boston
- Learn how to enage customers through mobility - Mobile Commerce World - Mobile Commerce World
- Explore best practices for marketers in the new mobile world - Mobile Commerce World - Mobile Commerce World
- Learn how to best integrate mobile commerce with your current systems -- Mobile Commerce World - Mobile Commerce World
- Evaluating Emerging Technologies for the Enterprise - E2 Conference Boston
This Week's Issue
Current Healthcare Issue
- Healthcare CIO 20: Innovation is tough amid today's regulatory checklists. These leaders are getting it done.
- Lessons Learned: Boston area CIO John Halamka reflects on the marathon bombing
- And much more!
- Read the Current Issue
Current Education Issue
- Hacking Higher Ed: The cybersecurity challenge on college campuses lies as much with the students as with malicious outsiders.
- When Education Gets Too Virtual: Students can use technology to undermine the integrity of education.
- And much more!
- Read the Current Issue
Related Whitepapers
Related Reports
