The rush to adopt Ajax is leading web developers to make basic security mistakes, in some cases a decade old, that leave gaping holes in their applications. That is according to researchers here at the Black Hat security conference in Las Vegas. Some said that in some cases developers should avoid Ajax altogether rather than open their businesses to attack.
Websense has revealed one of its methods for monitoring malicious web activity. The security company revealed its technique on Sunday at the Defcon show in Las Vegas. The company uses a series of web bots and user accounts, collectively referred to as “HoneyJax”, to mimic Web 2.0 user activity. Honeypots mimic email servers and accounts, while honeyclients simulate client activity, such as a user’s browser, when visiting websites, to determine whether that website is malicious.
LinuxWorld today played host to a demonstration of the vulnerabilities of Web 2.0, with SPI Dynamic’s senior security engineer, Matt Fisher, offering some new examples of what criminals are doing online, armed with little more than a desktop browser. Cross-site scripting attacks are the number one online threat, according to the Mitre organisation, in part because they are so easy to do.
The iPhone has been hacked once again. In fact, what still makes this event newsworthy is the fact that hackers find new ways of cracking Apple’s smartphone every time. In fact, there are no two hacks alike, just as the Nintendo emulator on the iPhone sounds like a pretty special achievement. Hackers have managed to put the NES on the iPhone. That’s a start, although it proves to be one of the oldest game packs created. For those who still love to play them and feel like the iPhone will add some touchscreen thrill to the game, this proves to be one excellent solution. Still, it might feel like the user is wasting the high capabilities of this device on playing such old games.
Microsoft on Thursday blocked an application which could have allowed malicious code into the Vista kernel. The software giant blocked Atsiv, which circumvented a significant security feature in the 64-bit version of the operating system. The security feature â which is intended to prevent unsigned code from being loaded into the Vista 64-bit kernel â is designed to help mitigate malicious kernel drivers typically used by rootkits.
A US student who revealed a weakness he had discovered in MySpace has had his profile removed from the social-networking site. Rick Deacon demonstrated how to hijack other MySpace users’ profile pages and infect computers to fellow hackers at the five-day long Defcon conference in Las Vegas. Deacon’s method worked only with Firefox and not the Internet Explorer web browser. He demonstrated how to entice MySpace users to click links and a file that obtains their passwords.
If this info is true, the team from Hackint0sh and a Macedonian hacker successfully broke open the iPhoneâs carrier lock allowing it to be used with a European SIM card. The previous hack only let the iPhone make calls, however, this process is suppose to fully unlock all functionalities such as incoming and outgoing calls, SMS and EDGE data access.
Security vendors have warned email users to be as vigilant about PDF attachments as they would for other file formats, after seeing a sharp rise in spam containing infected PDF files. Email security vendor Messagelabs reported on Tuesday that PDFs made up 20 percent of image-based spam in July, up 10 percent from June. Image-based spam makes up around 22 percent of total spam, the company said. MessageLabs believes attackers are using the PDF format because it more easily bypasses antivirus and anti-spam filters, and that users tend to trust the authenticity of a PDF over other types of documents, even if they don’t recognise the sender.
LAS VEGAS (AFP) – US federal agents are reaching out to computer hackers for help fighting crime and terrorism as a tug-of-war between privacy and public safety continues on the Internet. The National Security Agency (NSA), the Department of Defense and the FBI were among the spy, military and police agencies represented at DefCon, an international gathering of hackers in Las Vegas. Hackers and computer security professionals made up the bulk of the more than 6,000 people that took part in the three-day conference which ended Sunday, according to founder Jeff “Dark Tangent” Moss.
A security firm has detailed six ways to hack into VoIP phone systems that use the H.323 and Inter Asterisk eXchange protocols. Himanshu Dwivedi, principal partner at iSec, and Zane Lackey, security analyst there, also released exploit tools to back up their claims about the weaknesses in H.323 and IAX. Their presentation was made at the Black Hat conference in Las Vegas.