Attacks Resources

Sponsored White Papers, Webcasts, and Downloads

Gaping holes in RealPlayer patched: Digital media delivery firm RealNetworks has shipped a high-prority patch to cover four gaping holes in its flagship RealPlayer software, warning that the vulnerabilities could put users at risk of code execution attacks. The patch comes a few hours after Secunia released an advisory warning for one...; Tags: Vulnerability, RealNetworks Inc., RealNetworks RealPlayer, Digital Music, Digital Media, Security, Personal Technology, Consumer Electronics, Ryan Naraine; Blog posts 2008-07-25
Microsoft joins 'patch DNS now' chant; Apple patch missing: On the heels of the release of weaponized exploit code for the DNS cache poisoning vulnerability, Microsoft has joined the chorus of security pros pleading with DNS server providers to immediately apply patches to protect users from malicious attacks. The Redmond, Wash. security...; Tags: Apple Macintosh, DNS, Vulnerability, Apple Inc., Exploit Code, Microsoft Corp., Attack, Dan Kaminsky, Domain Names, Apple Mac OS X, Networking, Security, Internet, Operating Systems, Software, Apple Mac OS, Ryan Naraine; Blog posts 2008-07-25
GMail adds "https:"-only connections but still not by default: Google has added a new "Browser Connection" feature to GMail to allow users to force e-mail sessions to always use the more secure "https:" protocol but, strangely, this is not turned on by default. In the Settings tab, at the very bottom, GMail users can now select...; Tags: Google Inc., Google Gmail, HTTP, E-mail Providers, Cloud Computing, Internet, Ryan Naraine; Blog posts 2008-07-25
How OpenDNS, PowerDNS and MaraDNS remained unaffected by the DNS cache poisoning vulnerability: The short answer is being paranoid about tackling a known vulnerability. It's 2001, and Daniel J. Bernstein DJB, author of the then popular djbdns security-aware DNS implementation, is applying basic math principles to raise awareness on what's to turn into the "sky is falling" critical Internet vulnerability in 2008, in...; Tags: DNS, Vulnerability, Anomaly, Attack, OpenDNS, MaraDNS, NSS, Domain Names, Networking, Internet, Dancho Danchev; Blog posts 2008-07-25
Offshore outsourcers likely to beef up security following Bangalore blasts: A series of bombs have exploded in Bangalore and companies that have technology operations in India are likely to need increased security precautions following what appears to be a terrorist attack. According to various reports from Reuters and Rediff.com, nine bomb blasts have rattled Bangalore, which hosts...; Tags: India, Bangalore, Rediff.com India Ltd., Sacchin Uppal, Outsourcing, Business Security, Security, It Operations, Business Operations, Outsourcing & Subcontracting, Larry Dignan; Blog posts 2008-07-25

Click fraud in 2nd quarter of 2008 more sophisticated, botnets to blame: Whereas the overall click fraud rate isn't increasing, it's not decreasing either, remaining flat for the first two quarters of 2008, according to data gathered from the Click Fraud Network, consisting of more than 4,000 online advertisers and agencies. Click Forensics report for the second quarter of 2008, indicates that...; Tags: Click Fraud, RK West, Dancho Danchev; Blog posts 2008-07-25
Kaminsky suggests long-term fix will still have to be determined, but patch now, or pay soon: Kaminsky suggests long-term fix will still have to be determined, but patch now, or pay soonTTLSomething I wish I'd asked during the webcast and which I can't quite get my head around:It was said that setting a long TTL doesn't help because of the way delegation works - has to...; Tags: Domain names, DNS server, TTL, server, Kaminsky; Discussion threads 2008-07-24
Another student hacks another police website: Another student hacks another police websiteRE: Another student hacks another police websitethey should probably code their site correctly with decent form validatation and revalidation, so that SQL injection attacks like this don't work. It's not that hard!; Tags: Web site development, Web technology, police website, Web site; Discussion threads 2008-07-24
Apple looking to hire iPhone hacker: Apple is in the market for someone capable of hacking into the iPhone. According to this job listing, the company is looking for an iPhone Security Engineer capable of, among other things, developing "proof of concept" attacks on the device's current security mechanisms. ...; Tags: Apple iPhone, Apple Inc., Hacker, Security Mechanism, Security, Ryan Naraine; Blog posts 2008-07-24
2016: "You're watching the Linux Channel.": 2016: "You're watching the Linux Channel."My ViewFirst, no one hates Microsoft more than I do - for both practical and ethical reasons. After dealing with Microshaft's endless parade of crap for nearly two decades, I finally abandoned my PC for a Mac. It was one of the best moves of...; Tags: UNIX, Operating systems, OPEN SOURCE, Linux; Discussion threads 2008-07-24
|)ruid and HD Moore release part 2 of DNS exploit: |)ruid and HD Moore release part 2 of DNS exploitSo, Linux's BIND the first to be exploited...So, Linux's BIND the first to be exploited...Nice work!CoolNate, nice post and analysis!Wasn't the replacing the ns.victim.com cache entry part of the Halvar Flake speculation? I thought first part of the exploit was to...; Tags: Domain names, NETWORKING, Operating systems, Alecco, DNS, ruid, exploit, HD Moore, Linux; Discussion threads 2008-07-24
|)ruid and HD Moore release part 2 of DNS exploit: [Updated 07/24/2008: Gallery images of diffs of code revisions has been included and will be updated as things change, see here.] Earlier today, noted researchers |)ruid and HD Moore released exploit code for the Metasploit tool for attacking the DNS flaw that was originally reported by Dan...; Tags: DNS, Domain, Server, Entry, Exploit, NS, NS Record, Domain Names, Networking, Internet, Nathan McFeters; Blog posts 2008-07-23
Attack code published for DNS flaw: The urgency to patch Dan Kaminsky's DNS cache poisoning vulnerability just went up a few notches. Exploit code for the flaw, which allows the insertion of malicious DNS records into the cache of the target nameserver, has been added to Metasploit, a freely distributed attack/pen-testing tool....; Tags: Ryan Naraine; Blog posts 2008-07-23
iPhone vulnerable to phishing, spamming flaws: Security researcher Aviv Raff left has discovered a pair of basic design flaws that could turn your iPhone into easy bait for malicious phishing and spamming attacks. According to an advisory from Raff, the iPhone's Mail and Safari applications are susceptible to a URL Spoofing vulnerability which...; Tags: Apple iPhone, Apple Safari, Vulnerability, Spamming, Flaw, Aviv Raff, Phishing, Spam, Security, Spam And Phishing, Ryan Naraine; Blog posts 2008-07-23
A look at the recent Firefox 3 vulnerability: A look at the recent Firefox 3 vulnerabilityLOLAlways makes me laugh when a Firefox article is written critical of it, no one adds an opinion.If this were about IE, the thread would be huge.quit making such a big deal, read moreWhy do people write about security vulnerabilities that have happened...; Tags: Web browsers, SECURITY, vulnerability, Mozilla Firefox, Mozilla Firefox 3.0; Discussion threads 2008-07-23
Another student hacks another police website: Oh the fun. Once again, another police website has been hacked by a student, showing that even the police aren't safe from all crimes. This is another link in the long chain of attacks over the years from egotistical teenagers trying to get a kick out of life without sticking...; Tags: Web Site, Attack, Web Site Development, Web Technology, Internet, Zack Whittaker; Blog posts 2008-07-23
McAfee debunks recent vulnerabilities in AV software research, n.runs restates its position: Several days after blogging about a research conduced by n.runs AG that managed to discover approximately 800 vulnerabilities in antivirus products, McAfee issued a statement basically debunking the number of vulnerabilities found, and providing its own account into the number of vulnerabilities affecting its own products : "A recent...; Tags: Software, McAfee Inc., Antivirus, Vulnerability, Vendor, Flaw, N.Runs, Dancho, Security, Viruses And Worms, Dancho Danchev; Blog posts 2008-07-23
75% of online banking sites found vulnerable to security design flaws: In a paper entitled "Analyzing Web sites for user-visible security design flaws" to be published at the Symposium on Usable Privacy and Security meeting at Carnegie Mellon University July 25, Atul Prakash and two of his doctoral students examined 214 financial institutions in 2006, finding that over 75% of all...; Tags: Bank, Online Banking, Flaw, Security, Financial Services, Dancho Danchev; Blog posts 2008-07-23
Georgia President's web site under DDoS attack from Russian hackers: From Russia with political love? It appears so according to a deeper analysis of the command and control servers used by the attackers. During the weekend, Georgia President's web site was under a distributed denial of service attack which managed to take it offline for a couple of hours. The...; Tags: Web, Russia, Server, Web Site, Hacker, Distributed Denial Of Service, Georgia, Attack, Russian, Shadowserver, C&C, C&C Server, Web Site Development, Security, Internet, Dancho Danchev; Blog posts 2008-07-22
Evil tech administrators: Evil tech administratorsEvil Tech Admin'sI've work at a few places where some of the Admin's I worked with were a bit on the sneeky side. So As a admin I made sure there was a back door incase one fo these admins tried to pull the same stunt. Its happened...; Tags: NETWORKING, Recruitment & Selection, administrator, network; Discussion threads 2008-07-22