MICROSOFT IS showing all comers how to hack into its Internet Information Server and is not giving any hints how to work around the problem. The Vole says an exploit, which was discovered on December 15, 2006, and made public at the end of May, is actually a feature. Apparently versions 5.x allow bypass of basic authentication by using the “hit highlight” feature. The hit-highlighting feature can be used by an unauthorised user to nick documents.
Read more…
One of the most popular mail solutions on the Internet, Google’s Gmail, was again affected by a vulnerability that can permit an attacker to view or delete some of the messages stored into an account. The Mountain View company’s employees were quite quick in fixing the flaw and managed to repair it in a few hours since it was reported. Basically, the vulnerability could be exploited through a malicious page that provided the attacker the access to the Gmail account. As The Hacker Webzine reports, it is extremely dangerous because the giant Google keeps all its web-based services such as Calendar, AdWords and Gmail on the same sign-on technology. Using a simple vulnerability discovered in the mail solution, the hacker would be able to access all these services.
Read more…
Today we talk about Cross Site Request Forgery (also known as XSRF) abbreviated in CSRF, from which pronounce has come the friendly name “Sea Surf” 
Following the previous papers on Cross Site Scripting written by me, i thought it was an obvious step to deal with this theme: here i am then! This kind of vulnerability, which is very common and understimated, permits to make a victim user to send any kind of HTTP request to a website in which he is logged in and trusted in some way.
Read more…
Security researchers have warned of new vulnerabilities in Mozilla’s Firefox and Microsoft’s Internet Explorer. In a posting to the Full Disclosure mailing list, security researcher Michal Zalewski outlined two vulnerabilities in each of the popular browsers. The vulnerabilities could allow attackers to overwrite the URL bar, or steal user data and remotely download and execute code.
Read more…
The rapidly expanding ranks of people banking online has raised questions over whether consumers are armed to deal with the growing threat from cyber pirates.
Read more…
The latest malware spam run is using gripping news headlines as email subjects to hook in unsuspecting victims. And while this is not something new, the use of actual news headlines can make it more difficult to distinguish it as malicious.
Read more…
Commonly grouped along with external mobile threats, mobile viruses have become common throughout todayâs mobile community. The fleeting question on the mind of so many mobile owners is why. To understand todayâs mobile virus, one must look back at the evolution of computer viruses. Viruses donât typically enter a medium such as mobile communication as malicious attacks rather they start with software developers pushing the limits of modern coding. Initial developments in computer viruses would often remove or otherwise alter a strategic kernel or other file type in effort of achieving a desired result. Mobile viruses began with much of the same innocence. The early mobile viruses would merely drain the battery of a mobile handset while todayâs mobile viruses can practically render a cell phone useless.To understand why mobile viruses have become so destructive one must understand that as a hacker the more malicious your virus is the better it is. As a group, hackers are scientist that in my humble opinion, fuel the development of technology. Generally hackers get a bad wrap, but it is their persistence in exploring the edge of technology that makes them extremely interesting. The reason mobile viruses are so fascinating to me is that dissecting them really is â this is the former U.S. Marine about to come through â like dismantling daisy chain explosives. In case youâre not the military type, daisy chain explosives are any variety of bombs that are interlinked to cause a chain of explosions that to the naked eye looks like a single blast.
Read more…
Spammers have launched a new attack that could jeopardise the security of SMEs, new figures show.
Read more…
Cyber-criminals are developing a new genre of highly sophisticated and evasive attacks designed to bypass signature-based and database-reliant security technology, new research claims.
Read more…
A new hacking method is causing concern for the lengths it goes to avoid detection by security software and researchers. The attack involves a website that has been hacked to host malicious code, an increasingly common trap on the Internet. If a user visits one of the sites with an unpatched machine, it’s possible that the computer can become automatically infected with code that can record keystrokes and steal financial data typed into forms.
Read more…