Monday, January 26th, 2009
The 'RunAs' application included with Microsoft Windows is prone to a local information-disclosure vulnerability that may reveal information about password lengths.
A local attacker may exploit this issue to gain information about user passwords. This may aid in further attacks, such as brute-force or dictionary attacks against passwords.
An attacker requires local, ...
Posted in Security, Windows | No Comments
Wednesday, January 14th, 2009
Security vendor Symantec is using new virtual machine technology to protect Web surfers from online attack.
Called Vibes, the software bounces between three different virtual machine sessions, depending on what the user is doing on the Web. When Vibes spots the SSL (Secure Sockets Layer) protocol used for secure Web transactions, ...
Posted in Internet, Privacy, Security | No Comments
Monday, January 12th, 2009
A bug found in all major browsers could make it easier for criminals to steal online banking credentials using a new type of attack called "in-session phishing," according to researchers at security vendor Trusteer.
In-session phishing (pdf) gives the bad guys a solution to the biggest problem facing phishers these days: ...
Posted in Coding, Internet, Privacy, Security | No Comments
Friday, January 9th, 2009
A team of researchers from Bonn University and RWTH Aachen University have analysed the notorious Storm Worm botnet, and concluded it certainly isn't as invulnerable as it once seemed. Quite the reverse, for in theory it can be rapidly eliminated using software developed and at least partially disclosed by Georg ...
Posted in Internet, Networking, Security | No Comments
Tuesday, January 6th, 2009
An 18-year-old hacker with a history of celebrity pranks has admitted to Monday's hijacking of multiple high-profile Twitter accounts, including President-Elect Barack Obama's, and the official feed for Fox News.
The hacker, who goes by the handle GMZ, told Threat Level on Tuesday he gained entry to Twitter's administrative control panel ...
Posted in Coding, Internet, Privacy, Security | No Comments