Italy's tax department posted every Italian's declared earnings and tax contributions on a site that was quickly overwhelmed by onlookers.According to the BBC:There has been outrage in Italy after the outgoing government published every Italian's declared earnings and tax contributions on the internet.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is an outspoken and controversial author and journalist; she contributes to ZDNet, CNET, CBS News and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
Researcher Juan Pablo Lopez Yacubian has reported another URI abuse exploit.From Security Focus:Novell GroupWise is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
From Microsoft: A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
HP has plugged another ActiveX vulnerability in its software update application.The patch (CVE-2008-0712) covers "a potential vulnerability has been identified with the HPeDiag ActiveX control which is a component of HP Software Update running under windows.
There's been a lot of noise and violent thrashing over the last couple days regarding a flaw that was originally believed to be a flaw in Microsoft's IIS (Internet Information Server), but has since been pointed out as simply a well thought out SQL Injection attack. For those of you who aren't familiar with SQL Injection attacks, it's a pretty well known web application attack vector that exists in high volume on dynamic applications, say for instance, on your banking site.
Rob Carter, Billy Rios, and I have been blogging about and speaking at conferences like Black Hat and ToorCon all year on the subject of URI handler abuse. One might think these types of flaws are soon to go away, but one look at SecurityFocus and FullDisclosure today and you can see that's not the case.
Opera 9.5 Beta 2 has stepped up its security game.
Microsoft's 7th BlueHat conference--which features external and internal security researchers--will focus on web applications and architecture.The invitation only conference kicks off May 1 and runs through May 2.
In an email to me, Dancho Danchev reported another victim of the same type of DDoS attack mentioned as hitting CNN. We'll keep our ears open for other instances.
According to Netcraft:"The CNN News website has twice been affected since an earlier distributed denial of service attack last Thursday. CNN fixed Thursday's attack by limiting the number of users who could access the site from specific geographical areas.