If we believe what researchers said at Black Hat USA conference held in Las Vegas then websites deploying Ajax definitely need to fear about web based threats. Ajax imparts richness to the website and at the same time refreshes the content without the need for reloading the whole page. Poorly coded websites can give a chance to hackers to change the order in which the function is executed by the program. JavaScript leads to increased possibility … read more »
August 20th, 2007 in
General News Source:
newsnow.co.uk
Four US journalists have filed a lawsuit against Hewlett-Packard (HP) claiming they suffered mental anguish and emotional distress because the computer company illegally spied on them last year.
Reporters from the Associated Press and from the technology website CNet say they suffered a “serious invasion of privacy” when private investigators hired by HP assumed false identities to obtain their personal phone records.
The plaintiffs a… read more »
August 17th, 2007 in
General News Source:
newsnow.co.uk
Microsoft’s update to Windows Vista’s PatchGuard, a kernel protection scheme designed to keep malicious or unproven code at arm’s length, has nothing to do with recent hacks of another Vista defence, Microsoft claims. The update to Kernel Patch Protection (KPP), also known as PatchGuard, was issued on Tuesday to Vista 64-bit users, but the description of the enhancement was unclear. All Microsoft said at the time was “this… read more »
August 17th, 2007 in
General News Source:
newsnow.co.uk
Users of Yahoo’s instant messaging platform are being warned to avoid webcam invites from unknown sources after a vulnerability in the platform was disclosed this week. The zero-day flaw was first published on Chinese security forums, but researchers at McAfee said this week that they recreated the flaw on Yahoo Messenger version 8.1.0.413.
The vulnerability “seems like a classic heap overflow that can be triggered when the victim acc… read more »
August 17th, 2007 in
General News Source:
scmagazine.com
Storm, the Trojan that Hoovers PCs into hacker-controlled botnets, roared back into life last month in several waves, security researchers said earlier this week, and has blown by 2005’s Sober to become the most prolific e-mail-borne malware ever. “This is the biggest since Sober in mid-to-late 2005,” said Sam Masiello, the director of threat research at MX Logic, referring to a long-lasting worm whose variants struck repeatedly in the … read more »
August 17th, 2007 in
General News Source:
newsnow.co.uk
he Storm worm is undergoing a resurgence but, unlike the first variant, which had an executable file as an email attachment, the latest Trojan-horse attack is delivered over the web. Unsuspecting computer users are tricked into clicking on the links in emails, often in the form of e-cards, and get infected when they visit websites containing the Storm worm.
Jim Dowling, director of Asia sales at Sophos, said in an email on Friday that the new cam… read more »
August 17th, 2007 in
General News Source:
zdnet.co.uk
TJX Companies, owner of the TJ Maxx and TK Maxx retail chains, now estimates a data theft earlier this year has cost it £59m. The news came in a US Securities and Exchange Commission filing yesterday. In an earlier filing, TJX Companies, had tallied the cost of the network break-ins at about $20 million, though it noted that figure could go higher. TJX said yesterday it has more clearly determined “its potential liability from the computer… read more »
August 16th, 2007 in
General News Source:
computerworld.com
The Land Registry has attempted to dispel accusations that its online register leaves homeowners open to ID fraud.
It has denied claims by the anti-ID cards pressure group, NO2ID, that it has not paid sufficient attention to security in making mortgage deeds and leases available online, and that they could reveal information which could be used to steal an individual’s identity.
The Land Registry insisted that an open register is the norm, … read more »
August 16th, 2007 in
General News Source:
zdnet.co.uk
August 15, 2007 (Computerworld) — A self-proclaimed hacker crew calling itself “clpwn” — as in “clown” — that’s been bragging about how it’s defaced sites such as CNN and Playboy Casino isn’t doing anything earth-shattering, said a security researcher today. But the group is a reminder of how things once were, when true hackers plied their trade for notoriety rather than profit.
“… read more »
August 16th, 2007 in
General News Source:
computerworld.com
PDF spam, junk email with its message attached as a PDF file to get past spam filters, poses no security risk, says Adobe. Responding to a query on whether PDF spam can embed malicious software, Erick Lee, a security engineer at Adobe, wrote in an email on Wednesday: “PDF is no more able to embed malware on an unsuspecting user’s system than any other typical email attachment.”
Over the last two months, security vendors have see… read more »
August 16th, 2007 in
General News Source:
zdnet.co.uk
