Web Security »
Researcher finds major security weakness in Chrome and Internet Explorer browsers, but Microsoft is not worried
A vulnerability in both Microsoft Internet Explorer and Google Chrome browsers can trick you into executing malicious code on your copmuter, says an independent researcher. According to Rosario Valotta, who presented the malicious attack during the Hack in the Box security conference, both browsers have a security weakness that can be exploited when users issue operating-system-level commands, commands include printing or saving.…Read More »
The Communications Assistance for Law Enforcement Act in the United State allows law enforcement to wiretap internet communications, like VoIP (typically a warrant is needed for such wiretaps but there are so many “national security” loopholes nowadays, it is hard to tell).…Read More »
Google releases Chrome Office Viewer extension, will help you avoid those pesky virus-infected Office files
Google just released a new Chrome extension called the Chrome Office Viewer — it of course let’s you open and view Microsoft Office files (Word, Excel, and PowerPoint only) directly in your browser. It sounds like just another way to make things more convenient (and make Chrome OS sound more appealing, although this extension is also available on Windows and Mac OS X too — not just Chrome OS), but that’s not the good part.…Read More »
Search engines like Google and Bing index the web. The web contains thousands (millions?) of malware links, either malicious websites or malicious downloads. So it shouldn’t surprise anyone that malware links can be found when searching via a search engine. The people at major search engines, including Google and Bing, realize this fact and put effort into filtering out malicious links.…Read More »
Apple may have fixed their password security hole, but you should probably enable two-step verification
Just in case you missed it, Apple made a pretty serious boo-boo on the security front yesterday. The security issue was that Apple’s iForgot password reset tool was made vulnerable to hackers — if they managed to manipulate the URL in the date of birth page, they could reset your password.…Read More »
Is Apple losing its touch? Major security hole allowed hackers to easily reset passwords to Apple accounts using iForgot
There was a time when Apple products were popularly recognized as being secure. Or at least more secure than the competition. For example, for the longest time Mac OS X was synonymous with “doesn’t get viruses” (which, of course, has never been true — malware makers just never targeted Macs in the past).…Read More »
Internet-wide scan reveals millions of devices are exploitable due to use of default passwords like “admin” or “root”
A researcher, who has chosen to remain anonymous, has performed an internet-wide scan to determine the security level of gadgets like printers, webcams, and set-top boxes all across the world.
The scan was done by using the researcher’s custom-written code to send out more than 4 trillion messages.…Read More »
After many famous companies admitting that they have been hacked, it is now the turn of Evernote, the market leader in note taking apps. In a post on the official blog, the developers revealed that they “discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service.”
Though the developers maintain that no accounts or information was compromised, they have made it mandatory for users to change their passwords.…Read More »
So you thought you would be safer with Flash gone and HTML5 taking over? Generally speaking, you are probably right — but not in this particular situation. Computer science graduate Feross Aboukhadijeh has demonstrated a proof-of-concept that allows websites to download unlimited amounts of data to your computer… until your hard drive runs out of free space.…Read More »
Nir Goldshlager runs a “Web Application Security Blog.” He’s also happened to find a variety of security holes and exploits on sites like Facebook, Twitter and PayPal. His latest discovery, however, was a glaring hole in Facebook’s OAuth system: Nir was able to find a flaw that gave him access to everyone’s entire Facebook account — without having to install anything, or even click the “allow” button for apps.…Read More »
Is the Chinese or Eastern Europeans? Maybe someone else? We don’t really know. All we know is there has been a recent string of hacks against multi-million and multi-billion dollar corporations in the past few months. Microsoft is now the latest victim.…Read More »
We have had a lot of hacking stories lately on dotTech simply due to a sudden spike in public cybercrime incidents. However, by and large the most recent incidents were either low-key (e.g. Twitter attack hacked) or aimed at the corporate sector rather than ordinary citizens (e.g.…Read More »
Is China innocent? New reports claim cyber attacks on Facebook, Twitter, and Apple came from Eastern Europe
After recent cyber attacks on high-profile companies like Facebook, Twitter and then Apple, everyone seemed to be pointing fingers at China. But now reports have surfaced claiming that the attacks on those companies originated from Eastern Europe.
An Eastern European gang, that is determined to sell company secrets like research and other confidential information in the underground market, is responsible for the attacks according to the reports. …Read More »
In a statement released yestreday, Apple has disclosed that a number of their employees’ Macs have been compromised by malware through a vulnerability in the Java plug-in for browsers.
The website that was infected and considered responsible for hosing the malware has been identified as ‘iPhoneDevSDK’, an online forum for software developers.…Read More »
The Singapore Police Force has reported a sudden rise in the number of “cyber blackmail” cases being reported. The cases are also similar in that the primary target are men, and that they are tricked through social media networks.
There have been 50 cases in the last year alone that involve women luring men through social networks like Facebook, then initiating cyber sex sessions over video chat.…Read More »
As with most companies nowadays, Burger King has an official Twitter account. (Yes, even dotTech has a Twitter account even though I don’t consider us a company per se.) It is not entirely clear who did it or how they did it, but today Burger King’s Twitter was hacked… and turned into ‘McDonalds’.…Read More »
Most of us dislike having toolbars in our browsers because they are annoying; not only do they tend to hijack our homepages, but they use up a lot of screen real estate, making it more difficult to surf the web… especially if you have 12 toolbars installed in one browser.…Read More »
The same time the Wall Street Journal, New York Times and Twitter were attacked, there was a fourth company that also fell victim to a “sophisticated attack.”
Facebook, which is home to more than a billion users worldwide, was hit by a zero-day exploit that installed malware on a handful of their employees’ laptops.…Read More »
I just wanted to give everyone a head-up that some scumbag is using dotTech’s email to spend spam emails.
If you receive an e-mail from “firstname.lastname@example.org” that is not characteristic of the emails we send (i.e. not an article or comment notification), then the email is probably spam.…Read More »
Hackers have managed to access one of the US Federal Reserve’s websites and steal a “limited amount of data,” according to a statement. The notice that was sent via the Fed’s Emergency Communication System, however, warned that email addresses, phone numbers and other contact information had been stolen and published.…Read More »
In the wake of (alleged) cyberwarfare by China, US president now has the power to order (preemptive) cyber attacks
According to a report by The New York Times, a secret White House legal review has granted the president of the United States the legal authority to order preemptive cyber attacks against a target (which can be a country), when there is credible evidence of a pending attack.…Read More »
An upcoming book co-authored by Google’s Eric Schmidt and Jared Cohen was previewed by The Wall Street Journal, and it looks like China’s reputation as of late isn’t going anywhere anytime soon.
The book is called The New Digital Age, and it says that China is the ”the most sophisticated and prolific” hacker of foreign firms, as well as ”the world’s most active and enthusiastic filterer of information.” The book also talks about the Chinese government’s alleged involvement with infrastructure provider Huawei, which it believes will put the US at “an economic and political disadvantage” because ”the United States will not take the same path of digital corporate espionage, as its laws are much stricter (and better enforced) and because illicit competition violates the American sense of fair play.”
Also mentioned is the dangers posed by the country’s ”mix of active citizens armed with technological devices and tight government control…” Schmidt and Cohen believe that it is extremely volatile, could cause widespread instability and might even result in “some kind of revolution in the coming decades.” Yikes.…Read More »
No one’s really safe from hackers these days, with Twitter joining the New York Times as one of the recent victims of security breaches recently. Twitter announced in a blog post that it detected unusual access patterns during the week, which led them to discovering attempts to access user data. …Read More »
Some may call it obvious but just having antivirus software installed isn’t going to help you much if hit by zero-day attacks. The New York Times had antivirus from Symantec (Norton) installed on the devices connected to their network, but that didn’t stop Chinese hackers from retrieving usernames and passwords of their reporters, among other things.…Read More »
The traditional password is now considered by many to be a security flaw. A combination of characters that can be cracked or even guessed is probably not the best way to safeguard our online lives today, and services like LastPass or 1Password provide an alternative through their software-generated passwords.…Read More »
You know that latest Java exploit that had the world up in arms, with Firefox and Apple blocking Java and U.S. Department of Homeland Security recommending people disable Java? Yeah, well, Oracle has issued updates to Java to address and plug the exploit.…Read More »
A critical vulnerability in the Ruby on Rails framework has been discovered to bring devastating effects to those affected. One of the developers that confirmed its existence, Ben Murphy, says that it “gives hackers a simple and reliable way to pilfer database contents, run system commands, and cause websites to crash.”
What makes this even more troubling is the fact that it won’t be affecting just a handful of sites on the oldest versions of Rails, but the vulnerability is present in versions spanning the past six years — which will be affecting more than 240,000 sites on the internet.…Read More »
It looks like Yahoo! has learned its lesson when it comes to security. After its mail service was recently hacked by an XSS exploit, the company has not only patched the problem but is also quietly rolling out an HTTPS option for its users.…Read More »
Firefox is going to start forcing HTTPS usage for sensitive websites, to thwart man-in-the-middle attacks
After reading the title of this article, you must be thinking “sounds like what HTTPS Everywhere does”. No, not exactly.
You see there are some websites out there that use HTTP Strict Transport Security (HSTS), a protocol that forces browsers to default to HTTPS when connecting to the website in question.…Read More »
Fake e-mail from “Microsoft Windows 8 Team” claims to give you free Windows 8 but is actually a phishing attack
We have seen many e-mail scams, ranging from e-mails that try to steal your information to e-mails that try to infect your computer with malware. In particular one fake e-mail was particularly clever because it used the cover of a real Microsoft e-mail to infect your computer.…Read More »
Ever wonder what are the passwords people use the most? SplashData, a software company that makes password management programs and apps, has compiled its annual “Worst Passwords” list for 2012, which gives us some insights on what the most popular bad passwords used by people.…Read More »
Curious as to who you can thank for those glorious spam emails you receive? India, Italy, and United States, the top three countries when it comes to number of spam sent from July 2012 to September 2012.
According to the “Dirty Dozen” report by SophosLabs, a UK-based digital security firm, India sent a whopping 16.1% of the world’s spam during the quarter that ended in September; Italy sent 9.4%; and the United States sent 6.5%:
To be fair to the Indians, Sophos points out that the spam coming out of India does not necessarily mean that Indians or Indian companies are the ones sending the spam.…Read More »
These are seven new malicious emails you should stay clear of — emails from YouTube, Google, Facebook, LinkedIn, British Airways, and DHL Express
dotTech has gotten into the habit of warning our readers about web security issues, namely malicious emails that make their rounds in the inboxes of people around the world — such as the fake Windows Update password stealing email and the fake email from Microsoft.…Read More »
Reports are emerging of an extension by the name of “Settings Protector” is installing itself in Google Chrome for some users. It isn’t entirely clear where this extension comes from, how it is being installed, what it does, or if it is Windows-only or affects other platforms too.…Read More »