[ UPDATE: Facebook has reversed itself and fixed this vulnerability ] The Register's Dan Goodin has the scoop on an obvious security vulnerability that's being ignored by the powers at Facebook.The issue, as demonstrated by this proof-of-concept, shows how a social network application can be rigged to hijack a Facebook user's session identification cookies, deliver pop-up messages or change the color of Facebook pages.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
If the StopBadware coalition has its way, software updaters from Sun Microsystems (see screenshot above) and Apple will carry the embarrassing "badware" label.According to a draft of revamped guidelines (.
In what appears to be a mass defacement, where several hundred domains take advantage of a shared hosting provider, starting as of this Friday, an...
More than a week after a cryptic note hinted at a security breach at Fedora, the open-source group has finally fessed up to two separate server intrusions that compromised the security of Red Hat's OpenSSH packages.The confirmation follows eight days of media speculation and conjecture over a brief e-mail that simply mentioned "an issue in the infrastructure systems" and calls into question Red Hat's ability to promptly -- and accurately -- disclose security breaches.
Cybercriminals know how to take advantage of anticipated traffic by abusing the momentum of a particular event, like the U.S presidential election in this case.
The DNS server of one of China's largest ISPs has been poisoned to redirect typos to a malicious site rigged with drive-by exploits.According to a warning from Websense Security Labs, the DNS poisoning attacks are affecting customers of China Netcom (CNC) and are using a malicious iFrame to launch exploits for known vulnerabilities in RealNetworks' RealPlayer, Adobe Flash Player and Microsoft Snapshot Viewer.
According to published reports, Nokia and Sun have both confirmed the existence of serious security problems in the Series 40 and Java Platform Micro Edition (Java ME) , giving instant credibility to the claims by Polish hacker Adam Gowdiak.
In addition to this long list of missing Microsoft patches, there are at least three serious (unpatched) vulnerabilities in the Microsoft Office productivity suite.On August 12, the same day Microsoft released a slew of Office patches, TippingPoint's DV Labs published a bare-bones advisory warning about a new high-risk Office flaw that allows code execution attacks.
The United States Computer Emergency Response Team (US-CERT) has raised an alarm for a serious vulnerability in Apache Tomcat, warning that a proof-of-concept exploit is publicly available.The code, posted to Milw0rm.
Someone's been chatting a lot during the weekend, but picking up FEMA's PBX network as their main carrier might not have been the smartest thing to do. Over 400 calls, lasting from three up to ten minutes were placed through their network, a breach made possible due to an insecurely configured Private Branch Exchange system :"A hacker broke into a Homeland Security Department telephone system over the weekend and racked up about $12,000 in calls to the Middle East and Asia.