Cisco has just “enhanced” the security of their website by forcing you to enter two secret questions and answers when you register for an account. To quote Bruce Schneier: It’s a great idea from a customer service perspective — a user is less likely to forget his first pet’s name than some random password — [...]
Hot on the heels of yesterdays news about large-scale phishing attempts targeting Twitter users, Twitter just announced that a number of high-profile accounts were hacked.
A presentation at 25C3 today detailed how researchers were able to create their own Certificate Authority that is recognized by all current webbrowsers, allowing them to create valid certificates for any website they like. While it’s presented as an example of why using MD5 hashes is considered harmful, it also serves as a perfect example [...]
Graham Cluley warns people about a new wave of phishing attempts being sent via Google Calendar. These are legitimate mails, receiving via Google Calendar, from Google’s mailservers, looking just like a real invitation for a meeting or party. In fact, it is just that. A phisher creates a fake Gmail account, sets up a meeting [...]
As more people are becoming concerned about their online privacy, the use of tools to protect that privacy such as Tor and Privoxy isĀ getting more common. One of the main features that these offer are “hiding” your IP address; privoxy by offering the option to send all your traffic through a proxy server, and Tor [...]
Microsoft just released MS08-78, a security bulletin describing the issue that has been affecting Internet Explorer users for almost a week (CVE-2008-4844). The bug is fixed for Internet Explorer 5.01, 6, 7 and the beta version of IE8. As Microsoft points out on their Internet Explorer homepage, the browser is now “safer than ever”. Don’t [...]
This is a bad week for browser security; not only is Microsoft rushing out an emergency patch tonight, other browser makers are releasing their own updates as well as people worldwide go online to do their Christmas shopping. Opera released version 9.63 of their browser yesterday, fixing several security issues. The most critical ones allow [...]
That might sound like a stupid thing to ask. If your account is emptied, you surely did something wrong. You were careless with your password, didn’t update your virus scanner, clicked some links in a spam message that happened to install malware, et cetera. Right? So what happens when that’s not what happend? What if [...]
More details about the zero-day exploit for IE7 are starting to surface. The most shocking detail is that this is actually an older issue: eEye reports that this was first seen on 11/15. eEye says that no mitigation strategies currently exist; Symantec suggests that disabling Javascript will at the very least disable the currect attack [...]
Just in time for the holidays, a new bug has been found in Internet Explorer that enables hackers to execute arbitrary code. This was first reported by McAfee: The root cause was found to be the incorrect handling of certain XML tags in Internet Explorer 7.x that references already freed memory in the mshtml.dll. We [...]
