Security and the Net

News and opinions about security, the internet and more

Entries for the ‘News’ Category

FBI exploring Second Life

Just when I thought the hype surrounding Second Life was over, the FBI has apparently started exploring virtual worlds. So far, their efforts have been rather modest (a couple of virtual billboards with the Most Wanted list and other information), but if this “pilot test” is successful is might be expanded:

Leave a Comment

Are adult sites safe? How misquoting can change a story

This week, I saw reports on a couple of fairly large news sites and blogs about a study that supposedly shows porn sites contain far less malware than “normal” websites. While this makes for nice headlines, I was interested in this study and spent some time looking for the actual data used to reach this […]

Leave a Comment

XSS against Google services: scary, but fixed fast

Let’s start with the bad news: a researcher known only by his nickname “Inferno” just announced he has found a cross-site scripting vulnerability on many Google services. While XSS attacks are, unfortunately, a common thing this one is far scarier than most. Since almost all Google services use a single cookie on the domain […]

Comments (1)

Silent updates: improving security?

A paper comparing the update mechanisms for several different webbrowsers was published by Google and ETH Zurich yesterday. The full text can be found here, with a blog post accompanying it. As expected, Firefox and Chrome are updated fastest; Firefox because of the in-your-face warnings when a new version is available, and Chrome because updates […]

Comments (1)

Another security breach offers a look at Twitter’s admin interface

A French site posted screenshots that supposedly show Twitter’s admin pages earlier today. While the fact that somebody apparently managed to gain access to one of their admin accounts is not really newsworthy any longer given Twitter’s recent track record, the screenshots themselves are interesting to look at.

Leave a Comment

OAuth session fixation attack

Last week, Twitter temporarily stopped using OAuth authentication. The information they posted on their blog was pretty light on details, and the same thing goes for the security advisory that was posted later. Since then, more details and some better explanations of attack scenario’s have surfaced; let’s have a closer look at the security issue […]

Leave a Comment

Paid content coming to YouTube?

During a conference call with investors about Google’s Q1 earnings, CEO Eric Schmidt made some interesting comments about YouTube. To give you some background about this: last week, David Silversmith published estimates about how much Google is losing on YouTube, which came down to over a million dollars a day:

Comments (6)

“Kaminsky 2.0” at Black Hat Europe tomorrow?

I’ve heard several reports, including one from a large Dutch news site, mention that a new security issue will be revealed at Black Hat Europe tomorrow. It is said to have the same impact as the DNS bug found by Dan Kaminsky last year. No further details have been provided, but since the full speaker […]

Leave a Comment

Amazon: technical glitch, censorship gone wrong, or was it a hacker?

This weekend, lots of writers saw their books disappear from Amazon’s bestseller lists. Somehow, the sales ranking for their books was removed. Since this ranking is an important way for potential buyers to select the contents of their shopping cart, this prompted several angry responses by authors.

Comments (1)

Dutch Electronic Patient Records delayed over privacy, hacking fears

The Dutch Ministry of Health announced yesterday that the rollout of the national Electronic Healt Records system EPD has been delayed until later this year. One of the reasons is that experts found a vulnerability in the chipcard used to access patient records. The implementation of the encryption algorithm on the cards enabled an attacker […]

Leave a Comment