Adobe has announced plans to modify the next version of its Flash Player to use an "allow/deny" system to mitigate clipboard hijack attacks.The change will be fitted into the final version of Flash Player 10 to demand user interaction when a Shockwave (.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
VMware has released new ESXi and ESX 3.5 packages to fix a "critical" security issue that allows a remote, unauthenticated attacker to launch harmful code on the host running the hypervisor.
Guest editorial by Andrew StormsLast week Apple proved that they are not ready for prime time enterprise relationships.Apple has tried to position the iPhone as enterprise-ready, but this last round of software updates demonstrated beyond a shadow of a doubt how far they have to go to understand the enterprise mentality.
A college student identified as Rubico has claimed responsibility for hacking into Sarah Palin's personal email, and provided a detailed 1st person account of how he hacked into the email account using the password "popcorn" which he managed to reset by successfully answering her security question “Where did you meet your spouse?
Norway's largest BitTorrent tracker Norbits (norbits.net) with approximately 10,000 users, is currently under a DDoS attack launched from a group known as MORRADi, which is also speculating that it has managed to compromise the tracker and is threatening to release personal details of its users including IPs, until the tracker is closed :"In an NFO file obtained by IT-Avisen, a group called MORRADi takes responsibility for the attack on Norbits.
This week's attack on Sarah Palin's e-mail account highlights how the same application could have very different threat models depending on the technology used. While this is a general issue for all Software-as-a-Service offerings versus traditional desktop packages, let's focus on just e-mail for now.
DarkMarket, an infamous underground message board that provides a haven for identity thieves to buy, trade and sell stolen data, plans to shut down operations.According to Threat Level's Kevin Poulsen, the three-year-old forum will go dark on October 4.
Searching for details regarding the latest celebrity gossip may expose you to everything the IT underground has to offer - from adware and spyware to misleading offers and fake newsletters enticing you to opt-in into a spammer's campaign. McAfee owned SiteAdvisor has recently released the 2008 list of the celebrity names that are most actively abused by malicious attackers in order to attract legitimate traffic to their malicious sites.
Timing is everything, and from a cybercriminal's perspective, a new school year means segmenting their email databases to launch a targeted attack welcoming everyone back online. According to MessageLabs Intelligence :"Starting in early September, MessageLabs intercepted a targeted, email-borne malware attack on US schools and government organizations, a majority of which are located in New Mexico, Virginia, Illinois and Hawaii.
It looks like the Sarah Palin Yahoo mailbox attack mentioned by Ryan Naraine and Chris Wysopal is real. Assuming that you are a high-value target, let's talk briefly about how you can prevent this from happening:Connect to your mailbox only from computers you trust.