IT Security Top Headlines » news

It’s time to move from Wordpress to Movable Type: more secure?

pinolobu — Sun, 15 Jun 2008 07:16:33 +0000

According to the Department of Homeland Security, since 2005, MT has only had 10 reported security vulnerabilities, as compared to Wordpress’ 100+

Full story

Wordpress vulnerabilities result in mass blog cracks

pinolobu — Sun, 15 Jun 2008 07:13:21 +0000

Wordpress is arguably the most popular blogging platform. Hence, it’s a give that it has become a popular target for blackhat hackers.

The intentions are usually search-engine optimization (SEO) of other sites the bad guys control, as well as traffic-redirection and more.

And recently there were many automated attacks which exploited recently discovered security vulnerabilities in Wordpress.

Most damning, while usually Wordpress was able to keep up, in the past few days “new exploits have appeared that nobody seems to have answers for.”

Full story

Was the Malaysian Prime Minister Office website defaced or not?

pinolobu — Fri, 06 Jun 2008 13:02:36 +0000

The PM announced price hikes in petrol and diesel prices on 4th of June 2008. As a result, by the next day the website of the Prime Minister’s Office was apparently defaced by disgruntled person(s).

Upon closer inspection however, it seems to be a remote file inclusion attack, taking advantage of a Lotus Domino vulnerability, on which platform the website is running, meaning the attacker was not able to execute commands on the server, else it would have been worse.

As of now though, if you still follow the “hacked link” it will not be accessible anymore.

Quite interesting: the “manifesto” seems to have been modified since then, to include the following text:

A special officer to Datuk Seri Abdullah Ahmad Badawi confirmed the incident and said it was an “unsuccessful hacking attempt“. “What happened is that someone copied the URL (the site’s address) and cloned it to make it look like the real site. Special Officer? There is nothing special about you just the same as the rest of those lazy adminz. UBAH GAYA HIDUP … Lancau ahh

Burglars stole laptop, laptop struck back, burglars got arrested

pinolobu — Tue, 13 May 2008 13:42:35 +0000

It’s a Mac. Does Windows machines have such features?

Full story

Security flaw turns Gmail into open-relay server

pinolobu — Sun, 11 May 2008 07:20:28 +0000

A recently-discovered flaw in Gmail is capable of turning Google’s e-mail service into a highly effective spam machine. According to the Information Security Research Team (INSERT), Gmail is susceptible to a man-in-the-middle attack that allows a spammer to send thousands of bulk e-mails through Google’s SMTP service without fear of detection. This attack bypasses both Google’s identity fraud protection mechanisms and the current 500-address limit on bulk e-mail.

Full story

High street chains will be the next victims of cyber terrorism

pinolobu — Fri, 25 Apr 2008 20:00:20 +0000

High street chains will be the next victims of cyber terrorism, some of the world’s elite hackers have warned.

They claim it is only a “matter of time” before the likes of Tesco and Marks & Spencer are targeted.

Criminals could use the kind of tactics which crippled Estonia’s government and some firms last year, they warned.

The experts were members of the infamous “Hackers Panel” which convened in London this week at the InfoSecurity Europe conference.

The panel includes penetration testers and so-called “white hat” hackers, who help companies tighten up their digital security by searching for flaws in their defences.

Previous panellists include Gary McKinnon, known as Solo, alleged by the US government to have hacked into dozens of US Army, Navy, Air Force, and Department of Defense computers.

The “hackers” usually remain anonymous, “for security reasons”, but this year’s panellists agreed to break cover.

Full story

Hackers are still exploiting 10 year old web vulnerabilities

pinolobu — Mon, 14 Apr 2008 13:22:56 +0000

Web designers making very old mistakes are letting malicious hackers hijack visitors to their sites, say experts. Many of the loopholes left in the code created for websites have been known about for almost a decade say the security researchers. The poor practices are proving very attractive to hi-tech criminals looking for a ready source of victims. According to Symantec the number of sites vulnerable in this way almost doubled during the last half of 2007.

Full story

There are now more than 1 million computer viruses

pinolobu — Thu, 10 Apr 2008 13:54:05 +0000

Yes, that number includes all malicious software: viruses, worms and trojans.

That’s what security firm Symantec Corp said in the latest edition of its bi-annual Internet Security Threat Report. The company added that most of these were created in the past year.

Full article

US homeland security chief says cyber risk “equals 9/11 impact”

pinolobu — Wed, 09 Apr 2008 14:11:38 +0000

On the 8th of April 2008, the BBC reported that the US homeland security chief has made a heartfelt plea to Silicon Valley workers to stand up and be counted in the fight to secure the cyber highway.

Michael Chertoff invoked the attacks of 9/11 as he sought to galvanise IT professionals and security experts.

He told the world’s biggest IT security conference that serious threats to cyberspace are on “a par this country tragically experienced on 9/11″.

Such attacks can hit financial bodies and a government’s powers, he said.

Full version

The world’s largest information security industry conference and expo

pinolobu — Wed, 09 Apr 2008 14:06:18 +0000

The RSAConference claims to be the most comprehensive forum in information security.

The 2008 edition in the US claim to have 17,000 attendees from the industry’s best and brightest.

There are 19 class tracks and more than 220 sessions.

Keynote addresses from Microsoft, RSA, The Security Division of EMC, CA, VeriSign, Symantec, TippingPoint, Oracle, and IBM.

Many networking (the human sort) events such as the Peer2Peer Sessions, First-Time Attendee Orientation, Welcome Reception, and the annual RSA® Conference Codebreakers Bash.

More than 350 exhibitors.