151 matches found
Google Looking Into Hardware to Help Kill the Password
Google is looking at a number of hardware-based authentication mechanisms to bypass one of security’s biggest vulnerabilities: the written password. Wired Magazine got an advanced look at a report submitted by a Google security team for IEEE Security & Privacy Magazine that discusses alternatives...
Researchers Exploit Cloud Browsers to do Anonymous, Large-Scale Computing
Researchers from two U.S. universities have created a way to anonymously use cloud-based Web browsers to perform large-scale computing tasks – a feat that also demonstrates how hackers might secretly harness massive computing power to launch attacks. Using the MapReduce technique developed by...
Automated Toolkits Named in Massive DDoS Attacks Against U.S. Banks
Attackers targeting major U.S. banks with distributed denial of service attacks are using a number of toolkits to automate the job. Prolexic Technologies, a security company specializing in DDoS protection services, identified one toolkit called itsoknoproblembro, a kit that attacks multiple port...
Advanced Threats Are Not All the APT
By B.K. DeLong We have heard variations on the argument that within the context of information security, the “advanced persistent threat” APT is not really all that advanced or new, that it is being made too big a deal of or FUD and that it is no more than marketing hype though more of an effort...
Simplest Phones Open to 'SMS of Death' !
It's a scene from an as-yet-unmade thriller: Across a country, tens of thousands of cellphones all blink white at the same, and turn themselves off. Calls are lost, phones are rendered useless, and the affected mobile operator is forced to pay a ransom or lose customers. It hasn't happened yet. B...
Identifying Suspicious URLs
In the Google TechTalk, Justin Ma, a PhD candidate at UC San Diego, discusses a novel method for determining which URLs are malicious by applying large-scale online learning techniques...
WordPress Users Affected by Large Attack
In the past few days a number of websites created using WordPress have been hacked. While the attack initially appeared to be limited to web sites hosted by American ISP DreamHost, it has since become apparent that blogs hosted at GoDaddy, Bluehost and Media Temple have also been affected. Read t...
How to Take Down a Botnet
The botnet problem has reached epidemic levels in recent months, with the continued growth of large-scale botnets, as well as the identification of smaller, more targeted networks around the world. But researchers have been taking steps to disrupt botnets of late, with some notable successes, as...
Real World Security – Andy Weeks Interview
Andy Weeks, manager of risk and compliance for enterprise information security, at Humana Inc., one of the larger companies in the world, knows a thing or two about large-scale security implementations. And in a company whose customer data is one of its main assets, security is a corporate...
How to defend against botnet attacks
Botnets have become one of the more insidious threats on the Internet in the last few years. Large-scale botnets such as the Storm, Asprox and Nugache networks have caused tremendous problems by serving as platforms for spamming operations, DDoS attacks and other mischief. In this podcast from...
bitweaver-sqlxss.txt
HSC Bitweaver XSS & SQL Injection Vulnerability Bitweaver is an open source content management system. Its speed and power are ideal for large-scale community websites and corporate applications, but it is simple enough for non-technical small site users to set up and administrate. It comes fully...