Social Engineering 'Capture The Flag' Contest Returns To DefCon

Social Engineering 'Capture The Flag' Contest Returns To DefCon

Social Engineering 'Capture The Flag' Contest Returns To DefCon

Posted:

InfoSec News: Social Engineering 'Capture The Flag' Contest Returns To DefCon: http://www.darkreading.com/insider-threat/167801100/security/vulnerabilities/229400287/social-engineering-capture-the-flag-contest-returns-to-defcon.html
By Kelly Jackson Higgins Darkreading March 24, 2011
The first-ever social engineering contest at DefCon in Las Vegas last [...]

Expedia's TripAdvisor Member Data Stolen in Possible SQL Injection Attack

Posted:

InfoSec News: Expedia's TripAdvisor Member Data Stolen in Possible SQL Injection Attack: http://www.eweek.com/c/a/Security/Expedias-TripAdvisor-Member-Data-Stolen-in-Possible-SQL-Injection-Attack-522785/
By Fahmida Y. Rashid eWEEK.com 2011-03-24
TripAdvisor discovered a data breach in its systems that allowed attackers to grab a portion of the Web site’s membership list from its [...]

Gmail, Hotmail Pose Government Security Risk

Posted:

InfoSec News: Gmail, Hotmail Pose Government Security Risk: http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=229400231
By Mathew J. Schwartz InformationWeek March 24, 2011
Government use of Webmail is under fire in Australia, with one government oversight group calling for it to be blocked inside [...]

European Commission hit by cyberattack

Posted:

InfoSec News: European Commission hit by cyberattack: http://www.computerworld.com/s/article/9215041/European_Commission_hit_by_cyberattack
By Jennifer Baker IDG News Service March 24, 2011
The European Commission, including the body's diplomatic arm, has been hit by what officials said Thursday was a serious cyberattack. [...]

Congressman Probing HBGary Scandal Fears ‘Domestic Surveillance’

Posted:

InfoSec News: Congressman Probing HBGary Scandal Fears 'Domestic Surveillance': http://blogs.forbes.com/parmyolson/2011/03/23/congressman-probing-hbgary-scandal-fears-domestic-surveillance/
By Parmy Olson Forbes.com March 23 2011
When a small team of hackers launched a 24-hour assault on software security firm HBGary Federal last month, they did so to take revenge on [...]

[SecArt-11] 3rd Workshop on Intelligent Security - Deadline Approaching (April 4, 2011)

Posted:

InfoSec News: [SecArt-11] 3rd Workshop on Intelligent Security - Deadline Approaching (April 4, 2011): Forwarded from: Yacine Zemali <yacine.zemali (at) ensi-bourges.fr>
[Apologies if you receive multiple copies. Please distribute this call to interested parties.] 3rd Workshop on Intelligent Security Security and Artificial Intelligence (SecArt-11) [...]

Firm points finger at Iran for SSL certificate theft

Posted:

InfoSec News: Firm points finger at Iran for SSL certificate theft: http://www.computerworld.com/s/article/9214998/Firm_points_finger_at_Iran_for_SSL_certificate_thefthttp://www.computerworld.com/s/article/9214998/Firm_points_finger_at_Iran_for_SSL_certificate_theft
By Gregg Keizer Computerworld March 23, 2011
Iran may have been involved in an attack that resulted in hackers acquiring bogus digital certificates for some of the Web's biggest sites, including Google and Gmail, Microsoft, Skype and Yahoo, a certificate issuing firm said today.
The bogus certificates -- which are used to prove that a site is legitimate -- were acquired by attackers last week when they used a valid username and password to access an affiliate of Comodo, which issues SSL certificates through its UserTrust arm.
Today, Comodo's CEO said his company believes the attack was state-sponsored and pointed a finger at Iran.
"We believe these are politically motivated, state driven/funded attacks," said Melih Abdulhayoglu, the CEO and founder of Comodo, a Jersey City, N.J.-based security company that is also allowed to issue site certificates.
[...]

ZeuS cybercrime cookbook on sale in underground forums

Posted:

InfoSec News: ZeuS cybercrime cookbook on sale in underground forums: http://www.theregister.co.uk/2011/03/23/zeus_source_code_sale/
By John Leyden The Register 23rd March 2011
Cybercrooks are offering what purports to be source code for the infamous ZeuS cybercrime toolkit though underground forums.
The would-be seller, nicknamed IOO, has lent credibility to the offer by including screenshots of what appears to be portions of the source code for ZeuS to his sales pitch. IOO offers to discuss the sale to prospective buyers via either Jabber or ICQ. He is prepared to accept payment via any escrow service.
The screenshots make reference to peinfector.cpp, a project of ZeuS known as "Murofet". Security researchers - while unable to verify the sale is genuine - are taking the potential offer seriously.
"Prior to this there were several rumors that the Zeus/Zbot code was sold to the creator of SpyEye," writes Peter Kruse, an eCrime specialist who works for Danish security consultancy CSIS Security.
[...]

Teenage hackers shut down a PHP cloud hosting firm

Posted:

InfoSec News: Teenage hackers shut down a PHP cloud hosting firm: http://www.theinquirer.net/inquirer/news/2036653/teenage-hackers-shut-php-cloud-hosting-firm
By Asavin Wattanajantra The Inquirer March 23, 2011
A COUPLE of 16-year old hackers had their wicked way exploiting a security vulnerability recently that allowed one of them to steal and [...]

Federal Cyber Attacks Rose 39% In 2010

Posted:

InfoSec News: Federal Cyber Attacks Rose 39% In 2010: http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=229400156
By Elizabeth Montalbano InformationWeek March 23, 2011
Cyber attacks on the federal government increased in 2010 over the previous year, even though the total number of cybersecurity incidents [...]

Tech Insight: HTTPS Is Evil

Posted:

InfoSec News: Tech Insight: HTTPS Is Evil: http://www.darkreading.com/authentication/167901072/security/privacy/229301300/tech-insight-https-is-evil.html
By Adam Ely Contributing Writer Darkreading Mar 23, 2011
Last week, Twitter joined Facebook and other social networks in a default HTTPS option to help protect the privacy of users on its site. Many believe the author of FireSheep is to thank for pushing HTTPS support up the priority list for social networks.
With the new HTTPS setting, millions of people are now able to protect their private -- and not so private -- postings from prying eyes on airplanes, at coffee shops, or anywhere else they might browse their favorite social network sites. Facebook was cheered by the security community for finally taking this fundamental step in protecting the sessions and data of users.
Enterprise IT organizations, on the other hand, aren't so sure about the new security measures. Their first question: How do you monitor what's coming in and out of the corporation if all of the transports are encrypted?
The perils of social networks have been researched and reported many times. The reality is that any transport method out of an organization [...]

7 communication mistakes CSOs still make

Posted:

InfoSec News: 7 communication mistakes CSOs still make: http://www.csoonline.com/article/677948/7-communication-mistakes-csos-still-make
By Joan Goodchild Senior Editor CSO March 23, 2011
For many years, we heard security professionals lament the way they are perceived. Terms such as "the place where good ideas go to die" and "the [...]

Career Bobs

Posted by Rohan ingale at 1:42 AM

0 comments:

Post a Comment