Thursday, 14 March 2013 12:05

Hackers Focus On Third-Party Targets

Significant flaws in Microsoft Operating Systems and programs are becoming a smaller portion of the total. Secunia reports that 86 percent of active vulnerabilities in 2012 affected third-party products such as Java, Flash and Adobe Reader. In 2007, third-party vulnerabilities made up less than 60 percent of the total.

On the plus side, the dangerous window between discovery of a vulnerability and creation of a patch is getting smaller. Secunia reports same-day patch availability for 80 percent of these threats in 2012, up from a bit over 60 percent in 2007. 

Published in News
Thursday, 25 October 2012 11:40

Hackers Get 10 Months to pwn Victims

"Tell no one, compromise everyone" -- Hackers exploit security vulnerabilities in software for 10 months on average before details of the holes surface in public, according to a new study based on a paper [PDF] on the research - Before We Knew It: An Empirical Study of Zero-Day Attacks In The Real World.

Two researchers from Symantec Research Labs identified 18 zero-day attacks between 2008 and 2011, and 11 of them were previously undetected. “A typical zero-day attack lasts 312 days on average and that, after vulnerabilities are disclosed publicly, the volume of attacks exploiting them increases by up to five orders of magnitude,” the researchers noted.

Published in News
Monday, 23 April 2012 18:02

Hacking Governments With Hijacked Sites

Malicious code planted within compromised Wed pages has become the latest method for attackers targeting government organizations, according to research from security firm Zscaler, V3.co.uk reported April 21. The firm discovered many government-affiliated Web sites with code that directs users to attack servers.

The most recent site to become infected was that of the French budget minister. It was found to contain obfuscated Javascript code that sends the user to a third party site and then attempts to exploit vulnerabilities and install malware on the targeted system. The attack is the latest in what Zscaler sees as a string of site hijackings aimed at government-controlled domains.

Published in News
Thursday, 12 April 2012 17:35

Human Body Vulnerable to Cyberattack

The next frontier of cybercrime could be the human body, a researcher at the Black Hat Security Conference demonstrated. In his presentation, "Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System," Jay Radcliffe showed how a hacker could remotely hack two medical devices used to treat diabetes and trigger them to malfunction — with potentially disastrous results.

"Wireless communication with insulin pumps are not secure, they're not designed to be updated and there's no way of patching them," he told the audience. "It's not like a phone, where you can download a firmware update."

Published in Practical

Security experts found many compromised WordPress and Joomla Web sites used by spammers to advertise sketchy diet pills and counterfeit luxury goods. The owners of these sites are most likely unaware of what is going on.

Web masters often fail to check their sites’ subdirectories for signs of malicious files and Web pages, thus allowing cybercriminals to use the domain’s reputation to host their scams. Attackers often brute-force administrator passwords to gain access to a site’s back end.

Published in News
Thursday, 19 April 2012 15:10

Wearable Firewall Stops Pacemaker Hacking

Researchers from Purdue and Princeton universities have developed a solution to what could be catastrophic problem for millions of people who use insulin pumps, pacemakers, and other personal medical devices that rely on wireless communication to function: MedMon — a signal-jamming personal firewall for medical devices that detects potentially malicious communications going into, or coming from, a wearable or implanted device.

After identifying malicious signals, MedMon employs electronic jamming, similar to technology used in military systems, to prevent any potentially harmful wireless commands from getting through to the device and causing it to falter or accept instructions that could cause its wearer harm.

Published in Practical
Network neutrality is the principle that Internet users should be in control of what content they view and what applications they use on the Internet. The Internet has operated according to this neutrality principle since its earliest days. It is this neutrality that has allowed the internet to innovate and grow. Without equal access the internet dies.