What is the U.S. doing about security?   21 May 2008 03:53 GMT
I've been terrible busy lately.  Hopefully you all here haven't noticed, as I've been working hard to still keep my posts flowing, but I've just got time to catch up with several blogs that I read often.  One of those blogs is the Emergent Chaos blog...
Source: ZDNet

Over 1.5 million pages affected by the recent SQL injection attacks   20 May 2008 23:05 GMT
In an attempt to mitigate the impact of the recent waves of SQL injection attacks, and provide more transparency into the approximate number of affected pages, the Shadowserver Foundation is starting to maintain a list of all the malicious domains used in the continuing efforts by copycats to inject as...
Source: ZDNet

Ouch: Mozilla patches 24 total issues in Firefox, SeaMonkey, XULRunner, and Thunderbird   20 May 2008 22:02 GMT
Good grief... just off the wire from Full-Disclosure, thanks to Robert Buchholz, Mozilla has patched a total of 24 issues across Firefox, SeaMonkey, XULRunner, and Thunderbird. I can't remember the last time I saw such a huge list of fixes coming out of the Mozilla camp, so this caught...
Source: ZDNet

Puncturing the myth of the invulnerable OS   20 May 2008 21:37 GMT
I keep trying to come up with explanations for why rational technical publications continue to amplify the nonsensical research coming out of Australian security vendor PC Tools in the past few weeks. Jedi mind tricks? Post-hypnotic suggestions embedded in web pages served from the Southern Hemisphere? Sunspots? There's certainly...
Source: ZDNet

Pro-Serbian hacktivists attacking albanian web sites   20 May 2008 20:08 GMT
The rise of pro-kosovo web site defacement groups was marked in April, 2008, with a massive web site defacement spreading pro-kosovo propaganda. The ongoing monitoring of pro-kosovo hacking groups indicates an ongoing cyberwar between pro-serbian supporting hacktivists successfully defacing Albanian sites, and building up capabilities by releasing a list of...
Source: ZDNet

PayPal fixes XSS vulnerability   20 May 2008 19:43 GMT
PayPal fixed an XSS vulnerability today that drew some attention.  Harry Sintonen reported an XSS vulnerability in the "safe" area of the PayPal application.  It was particularly interesting due to the use of EV certs employed by PayPal, which are intended to help prevent phishing attacks (a very real threat...
Source: ZDNet

Secunia finds 'highly critical' Foxit Reader Flaw   20 May 2008 18:44 GMT
Add the popular Foxit Reader to the list of desktop software applications to be patched as a matter of priority. According to vulnerability research outfit Secunia, there's a "highly critical" vulnerability in the alternative PDF reader software that can be exploited by malicious hackers to take complete...
Source: ZDNet

Apple under pressure to fix Safari 'carpet bomb' flaw   20 May 2008 17:37 GMT
The Google-backed StopBadware.org coalition has called on Apple to rethink its stance on whether the Safari "carpet bomb" issue reported by Nitesh Dhanjani constitutes a serious security risk. Dhanjani originally discovered than it is possible for a booby-trapped Web site to litter the user's Desktop Windows or...
Source: ZDNet

Are you wary of the insider on the outside?   20 May 2008 14:37 GMT
Whenever the risks from the inside threat are discussed, it's usually about the disgruntled/malicious employee within the firewall abusing permissions to steal data or plant malware in sensitive parts of the network. But, there's an insider on the outside that's often forgotten -- the ex-employee with access...
Source: ZDNet

Does running Vista make you feel safe from malware?   20 May 2008 13:34 GMT
Another day, another report casts doubt on Vista's immunity to malware. Do you feel safer running Vista? "PC Tools maintain that Vista is not immune from online threats. Further research and analysis has confirmed our contention that additional third-party protection is absolutely necessary for all Windows Vista users" said...
Source: ZDNet