Informationweek Influencer
Sam Bowne (@sambowne)
- Twitter Bio:
- I teach Ethical Hacking at City College San Francisco. My statements are my own, not official positions of CCSF.
- Location:
- San Francisco
- Website:
- http://samsclass.info
Sam Bowne's Selections From the Web
Twitter users with SMS enabled are vulnerable to an attack that allows anyone to post to their account. The attacker only needs knowledge of the mobile number associated with a target’s Twitter account. Messages can then be sent to Twitter with the source number spoofed.Like email, the originating address of a SMS cannot be trusted. Many SMS gateways allow the originating address of a message to be set to an arbitrary identifier, including someone else’s number.Facebook and Venmo were also vulnerable to the same spoofing attack, but the issues were resolved after disclosing to their
Sumit Suman recently visited a site, did not sign up for anything, did not connect via social media, but got a personal email from the site the next day.I’ve learned that there is a “website intelligence” network that tracks form submissions across their customer network. So, if a visitors fills out a form on Site A with their name and email, Site B knows their name and email too as soon as they land on the site.It all started 2 weeks ago when I got a promotional email (anonymized to avoid promotion) offering toI get B2B marketing emails all the time but what caught my eye was the inclusion of a report snapshot for 42Floors.com showing names,
The sophisticated espionage toolkit known as Flame is directly tied to the Stuxnet superworm that attacked Iran’s centrifuges in 2009 and 2010, according to researchers who recently found that the main module in Flame contains code that is nearly identical to a module that was used in an early version of Stuxnet.
Researchers at Russia-based Kaspersky Lab discovered that a part of the module that allows Flame to spread via USB sticks using the autorun function on a Windows machine contains the same code that was used in a version of
The above comment might seem incredibly harsh, but really, there's no good excuse for a site this prominent to not have a salted, secure password hashing system. Even if they started with an unsalted password system, users can be migrated to the newer more secure system on next login.
The only way I could regain respect for LinkedIn is if we find that these unsalted hashes were from users who never logged in to LinkedIn after the security upgrade. From the replies of other HN users who have found their password hashes in the leaked list, this doesn't seem to be the case though.
I can understand database leaks. Bad things happen.
RunningShoes.com CEO Chad Weinman lost more than $10,000 when GoDaddy went offline Monday. Photo: RunningShoes.comThese days when there’s trouble on the internet, there’s usually someone at the ready to jump up and take (or assign) blame for whatever went wrong, nevermind the facts. It can mean free publicity for your cause — whether it’s killing laws like SOPA or beefing up the federal budget for cyber security.Sometimes it doesn’t much more than a tweet and a Pastebin post to get a serious amount of free publicity. So in the spirit of yesterday’s GoDaddy incident where a random Twitter handle claimed to have downed the hosting giant, here
The ADS-B system that is the cornerstone of the FAA’s NextGen ATC modernization plan is at risk of serious security breaches, according to Brad Haines (aka RenderMan), a hacker and network security consultant who is worried about ADS-B vulnerabilities. Haines outlined his concerns during a presentation he gave at the recent DefCon 20 hacker conference in Las Vegas, explaining that ADS
MIT was hacked on Tuesday around noon, with MIT URLs redirecting to a webpage claiming credit for the attack in remembrance of Aaron Swartz.As a result of the hack, people who visited tried to reach MIT over the Internet were redirected to the hacked Web page pictured here: http://goo.gl/kxdm1. The hack affected all names under mit.edu, including web.mit.edu, tech.mit.edu, etc.The hack and subsequent outages were due to a compromise at EDUCAUSE, the registrar that provides information on all .EDU names. A registrar, which allows users to purchase domain names, also specifies the domain name system (DNS) servers for a domain, which convert domain
Posted on 29 January 2013. | Arbor Networks released its 8th Annual Worldwide Infrastructure Security Report offering a rare view into the most critical security challenges facing todays network operators.Posted on 29 January 2013. | Imperva announced a new report which examines the dangers of third-party code in cloud computing.Posted on 28 January 2013. | The past 12 months have been, to say the least, an active time for the information security landscape in Europe.Posted on 28 January 2013. | Help Net Security put SafeNet's new President and CEO in the hot seat to learn more about his background, as well as future plans.Posted on
An investigation by the U.S. Federal Trade Commission (FTC) has suggested that the social networking site fell short in reviewing and verifying applications, and therefore "deceived" developers over security ratings.
When developers passed along an application into the now-closed verified apps scheme, it is reported that the social networking site was paid up to $95,000 in order to give software green 'ticks' of approval. By doing so, individual applications were given a "test for trustworthy user experiences" by Facebook.
However, an in-depth investigation into Facebook's practices, conducted by Commissioners Jon Leibowitz,
Posted on 25 January 2013. | Here's advice on what users should do to minimize the danger to themselves and others if they have fallen for these scams, and what they can do to stop falling for similar ones in the future.Posted on 24 January 2013. | The backdoor accounts are present on in Barracuda Spam and Virus Firewall, Web Filter, Message Archiver, Web Application Firewall, Link Balancer, Load Balancer, and SSL VPN appliances.Posted on 23 January 2013. | Augmented Reality is not the stuff of science fiction any more, and we should all be at least familiar with its current and likely future uses. This book aims to be an easy-to-digest
Upcoming Events
Live Events
- The Language of UX: Beyond Buzzwords -
- I Can See Clearly Now - E2 Conference Boston
- Learn how to enage customers through mobility - Mobile Commerce World - Mobile Commerce World
- The E2 Social Business Leaders - E2 Conference Boston - E2 Conference Boston
- The A-to-Z of Building Your Big Data Initiative - E2 Conference Boston - E2 Conference Boston
This Week's Issue
Current Healthcare Issue
- Healthcare CIO 20: Innovation is tough amid today's regulatory checklists. These leaders are getting it done.
- Lessons Learned: Boston area CIO John Halamka reflects on the marathon bombing
- And much more!
- Read the Current Issue
Current Education Issue
- Hacking Higher Ed: The cybersecurity challenge on college campuses lies as much with the students as with malicious outsiders.
- When Education Gets Too Virtual: Students can use technology to undermine the integrity of education.
- And much more!
- Read the Current Issue
Related Whitepapers
Related Reports
