For now, from what I read, there’s no “elegant” solution to any browser yet.
Apparently, the only sure way to protect yourself is disabling JavaScript, plugins/ActiveX and iFRAMEs, but I think that would severely affect usability.
The most elegant solution available is for Firefox, ie to install the NoScript add-on but even that is not perfect (not foolproof), because at the end, it’s still up to the user i.e. “users can decide for themselves whether to continue clicking, or free up the mouse from the underlying — and potentially exploitive — content.”
Get NoScript add on here:
https://addons.mozilla.org/en-US/firefox/addon/722
I cannot find any details on how to deal with clickjacking for IE from Microsoft’s website, the best step-by-step info I could get is here:
http://hackademix.net/2008/09/29/clickjacking-and-other-browsers-ie-safari-chrome-opera/
Written by pinolobu on October 10th, 2008 with no comments.
Read more articles on Uncategorized.
The world’s first computer network protected by “unbreakable” quantum cryptography was launched recently at a scentific conference in Vienna.
It connects 6 locations across Vienna and a nearby town, using 200 km of standard fibreoptic cables.
Quantum cryptography is completely different from the usual cryptography currently in use, which are based on mathematical procedures; they are extremely hard, but not impossible to crack, given enough computing power or time.
Quantum cryptography are based on the Heisenberg Uncertainty Principle: you cannot measure quantum information without disturbing it. That means a communications channel between 2 users encrypted with quantum cryptography is impossible to eavesdrop without creating a disturbance: the eavesdropper would create a mark on it.
Full story: http://news.bbc.co.uk/2/hi/science/nature/7661311.stm
Written by pinolobu on October 10th, 2008 with no comments.
Read more articles on news.
On 18th September 2008, hackers broke into one of the 2 private yahoo.com mailbox of the US Republican vice-presidential candidate, Alaska Governor Sarah Palin. The bad guys then posted several messages and family photos from her inbox to Wikileaks, which were then further distributed by blogs.
Apparently the culprit was a 4chan user who used Palin’s password reset challenge question to change her password.
If you think it’s just email, consider this: no less than the FBI and Secret Service have since begun a joint investigation into the incident.
Full story:
The BBC
Written by pinolobu on September 20th, 2008 with no comments.
Read more articles on news.
There’s now an attack that hijacks the clipboard where copied text is stored. It puts a difficult to remove weblink into the clipboard that, if clicked on, gets you to a website selling fake security software. The code inserting the link has been found in flash-based advertisements seen on many legitimate websites. The attack has hit both Windows and Mac versions of Mozilla Firefox web browser.
Full story
Written by pinolobu on August 19th, 2008 with no comments.
Read more articles on news.
The BBC reported on 7th August that Dan Kaminsky said that the DNS cache poisoning vulnerability is worse than initially feared. Kaminsky is the man who found the bug.
He said fixes for the bug in DNSes had focused on web browsers but it could be abused by hackers in many other ways. Hence, every network is at risk.
Full story
Written by pinolobu on August 7th, 2008 with no comments.
Read more articles on news.
Yahoo News reported 1st July 2008 that hackers broke into Citibank’s network of ATMs inside 7-Eleven stores and stole customers’ PIN codes. This highlighted a disturbing security hole in the most sensitive part of a banking record: the PIN.
Apparently this netted the thieves millions of dollars in illegal profits.
More importantly for the average consumers, it showed that criminals were able to access PINs by attacking the back-end computers responsible for approving the cash withdrawals (the 3rd party processor). That means, they probably did not have to touch the ATMs at all.
A critical issue is that how the hackers infiltrated the system has not been publicly answered yet.
It could only be speculated that:
(i) they could’ve gained admin access to the server through a flaw in the network or by figuring out their passwords; or
(ii) they installed malware on a banking server to capture unencrypted PINs as they passed through.
Yes, this is a more sophisticated method than phishing.
Full story
Written by pinolobu on July 31st, 2008 with no comments.
Read more articles on news.
Attack code that exploits flaws in the net’s addressing system are starting to circulate online, say security experts. The code could be a boon to phishing gangs who redirect web users to fake bank sites and steal login details. In light of the news net firms are being urged to apply a fix for the loop-hole before attacks by hi-tech criminals become widespread. Net security groups say there is anecdotal evidence that small scale attacks are already happening.
Full story
Written by pinolobu on July 28th, 2008 with no comments.
Read more articles on news.
The domain names hijacked were ICANN.com and IANA.com — for the ICANN subdivision known as the Internet Assigned Numbers Authority. Visitors to those addresses are normally redirected automatically to the organization’s main sites at ICANN.org and IANA.org, neither of which was affected by the attack.
ICANN said Thursday that new, unspecified security measures should prevent such attacks in the future. The organization also said it was reviewing other security procedures.
Source
Written by pinolobu on July 12th, 2008 with no comments.
Read more articles on news.
According to the Department of Homeland Security, since 2005, MT has only had 10 reported security vulnerabilities, as compared to Wordpress’ 100+
Full story
Written by pinolobu on June 15th, 2008 with no comments.
Read more articles on news.
Wordpress is arguably the most popular blogging platform. Hence, it’s a give that it has become a popular target for blackhat hackers.
The intentions are usually search-engine optimization (SEO) of other sites the bad guys control, as well as traffic-redirection and more.
And recently there were many automated attacks which exploited recently discovered security vulnerabilities in Wordpress.
Most damning, while usually Wordpress was able to keep up, in the past few days “new exploits have appeared that nobody seems to have answers for.”
Full story
Written by pinolobu on June 15th, 2008 with no comments.
Read more articles on news.