If we believe what researchers said at Black Hat USA conference held in Las Vegas then websites deploying Ajax definitely need to fear about web based threats. Ajax imparts richness to the website and at the same time refreshes the content without the need for reloading the whole page. Poorly coded websites can give a chance to hackers to change the order in which the function is executed by the program. JavaScript leads to increased possibility of attracting the attention of hackers and chances of mistakes in an Ajax application are more as compared to traditional web applications since the client plays a larger part in data processing, presentation and possibly storage.
Read more…
Four US journalists have filed a lawsuit against Hewlett-Packard (HP) claiming they suffered mental anguish and emotional distress because the computer company illegally spied on them last year.
Read more…
Microsoft’s update to Windows Vista’s PatchGuard, a kernel protection scheme designed to keep malicious or unproven code at arm’s length, has nothing to do with recent hacks of another Vista defence, Microsoft claims. The update to Kernel Patch Protection (KPP), also known as PatchGuard, was issued on Tuesday to Vista 64-bit users, but the description of the enhancement was unclear. All Microsoft said at the time was “this update adds checks to this protection for increased resiliency in Windows”.
Read more…
Users of Yahoo’s instant messaging platform are being warned to avoid webcam invites from unknown sources after a vulnerability in the platform was disclosed this week. The zero-day flaw was first published on Chinese security forums, but researchers at McAfee said this week that they recreated the flaw on Yahoo Messenger version 8.1.0.413.
Read more…
Storm, the Trojan that Hoovers PCs into hacker-controlled botnets, roared back into life last month in several waves, security researchers said earlier this week, and has blown by 2005′s Sober to become the most prolific e-mail-borne malware ever. âThis is the biggest since Sober in mid-to-late 2005,â said Sam Masiello, the director of threat research at MX Logic, referring to a long-lasting worm whose variants struck repeatedly in the second half of 2005, often in extremely high numbers. In November 2006, for instance, e-mail filtering companies reported malware-laden e-mail counts spiking 1,500 per cent in a week, and said they were intercepting four times the usual number of infected messages.
Read more…
he Storm worm is undergoing a resurgence but, unlike the first variant, which had an executable file as an email attachment, the latest Trojan-horse attack is delivered over the web. Unsuspecting computer users are tricked into clicking on the links in emails, often in the form of e-cards, and get infected when they visit websites containing the Storm worm.
Read more…
TJX Companies, owner of the TJ Maxx and TK Maxx retail chains, now estimates a data theft earlier this year has cost it ÂŁ59m. The news came in a US Securities and Exchange Commission filing yesterday. In an earlier filing, TJX Companies, had tallied the cost of the network break-ins at about $20 million, though it noted that figure could go higher. TJX said yesterday it has more clearly determined “its potential liability from the computer intrusion(s) and recorded an after-tax charge of $118 million.”
Read more…
The Land Registry has attempted to dispel accusations that its online register leaves homeowners open to ID fraud.
Read more…
August 15, 2007 (Computerworld) — A self-proclaimed hacker crew calling itself “clpwn” — as in “clown” — that’s been bragging about how it’s defaced sites such as CNN and Playboy Casino isn’t doing anything earth-shattering, said a security researcher today. But the group is a reminder of how things once were, when true hackers plied their trade for notoriety rather than profit.
Read more…
PDF spam, junk email with its message attached as a PDF file to get past spam filters, poses no security risk, says Adobe. Responding to a query on whether PDF spam can embed malicious software, Erick Lee, a security engineer at Adobe, wrote in an email on Wednesday: “PDF is no more able to embed malware on an unsuspecting user’s system than any other typical email attachment.”
Read more…