Blog Posts Tagged with "Research"

7d55c20d433dd60022642d3ab77b8efb

Installation of Vendor's Patch Does Not Guarantee Security

March 26, 2012 Added by:Alexander Polyakov

A vulnerability in Lotus Domino was quickly disassembled, and the resulting exploit employed, demonstrating that the existing patch could be bypassed by a critical 0-day vulnerability. The result was an attack on the Domino Controller service and a full server compromise...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

Reflections on the Zero-Day Exploits Market

March 26, 2012 Added by:Plagiarist Paganini

Once the vulnerability and exploit are found, the researcher must be able to in a short time identify the possible customers, then contact them for negotiating the price and completing the sale. There are concrete risks...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Reflections on a Past Vulnerability, Kind Of...

March 22, 2012 Added by:Brent Huston

I don’t want to dig into the debate about open disclosure and non-disclosure. You may have different opinions about it than I do, and I am perfectly fine with that. I choose this path in vulnerability handling because it makes the world a safer place for all of us...

Comments  (0)

Bd623fa766512fdf6b57db66f522b741

Who Fights for the Users?

March 11, 2012 Added by:Ali-Reza Anghaie

The No More Free Bugs effort has changed the landscape by which security research is done. Before, you had one monetized market for such research - the black market. Now a new player has entered the fray - Government - and I'm not entirely sure I like where this is going...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Researchers Successfully Hacked Online Voting System

March 07, 2012 Added by:Headlines

"Within 48 hours of the system going live, we had gained nearcomplete control of the election server. We successfully changed every vote and revealed almost every secret ballot. Election officials did not detect our intrusion for nearly two business days..."

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

EFF to European Parliament: Protect Coders’ Rights

March 05, 2012 Added by:Electronic Frontier Foundation

EFF asked Parliament to protect the rights of researchers and whistleblowers. In the course of fixing a problem they could inadvertently violate laws and by reporting a vulnerability researchers could risk exposure to a lawsuit or criminal investigation...

Comments  (1)

37d5f81e2277051bc17116221040d51c

Do You Have A False Sense of Security for Mobile?

March 02, 2012 Added by:Robert Siciliano

With unit sales of smartphones and tablets eclipsing those of desktop and laptop PCs, cybercriminals will continue setting their sights on mobile, and increased mobile Internet use will continue exacerbating security and data breach issues. Protect yourself...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

Targeting of Android Devices Leads Malware Trends for 2012

February 24, 2012 Added by:Headlines

"Smartphones and tablets are finally delivering consumers with these converged and connected experiences we've been promised for so long. But this is a double edged sword: as smart device usage becomes more sophisticated, so too are cyber criminals' methods of attacking..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Sophisticated New Zeus Variants Continue to Propagate

February 24, 2012 Added by:Headlines

"Every peer in the botnet can act as a C&C server, while none of them really are one. Bots are now capable of downloading commands, configuration files, and executables from other bots - every compromised computer is capable of providing data to the other bots..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

IPv6 Protocol Implementation is Not a Security Panacea

February 22, 2012 Added by:Headlines

"The same thing that made the IPv6-enabled Internet valuable has also made it an increasingly valuable venue for attacks. While the frequency of attacks is relatively modest on IPv6 today, we expect that accelerated adoption will be followed in-kind by an accelerated pace of attacks..."

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

NIST Pursues Health Record System Usability Testing

February 22, 2012 Added by:Infosec Island Admin

The National Institute of Standards and Technology (NIST) seeks manufacturers of electronic health record (EHR) systems to participate in a research effort to develop methods for assessing the usability of health information systems...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

Researchers Demonstrate Cell Phone Tracking Vulnerability

February 20, 2012 Added by:Headlines

Researchers at the University of Minnesota’s College of Science and Engineering have revealed a technique that could allow an unauthorized third-party to track the location of a cell phone using data available from cellular networks...

Comments  (0)

37d5f81e2277051bc17116221040d51c

One in Three Massachusetts Residents’ Records Breached

February 15, 2012 Added by:Robert Siciliano

Massachusetts has one of the most stringent data protection laws on the books. Companies are now reporting when even a single individual’s information has been compromised. Despite strict security requirements, companies are continually being hacked in record numbers....

Comments  (0)

924ce315203c17e05d9e04b59648a942

In Cyber - Losers Ignore, Survivors React, Winners Predict

February 15, 2012 Added by:Richard Stiennon

Every organization has a choice: become a victim of cyber attack and pay the cost of recovery then rely on quick reactions to changes in the threat space to survive the next attack, or predict the escalation in attacks and invest early in the defenses required...

Comments  (0)

01ceb9281b3fb3dbb90c3efbe327717e

Security Flaw in eBanking Affects Over 100 Million Users

February 14, 2012 Added by:Alan Woodward

CAPTCHAs. You've all had to use them at some point - those funny, distorted versions of a piece of text that only a human can decipher. I was shocked to learn that CAPTCHAs were being used in eBanking and could successfully be attacked nearly 100% of the time....

Comments  (2)

0a8cae998f9c51e3b3c0ccbaddf521aa

Will the Real IT Security Researcher Please Stand Up?

February 12, 2012 Added by:Rafal Los

Most security researchers are comfortable with identifying flaws and racing to be the first to find zero-day vulnerabilities. Is this productive? Isn’t erring human? If that is the case, why is it surprising to find flaws in new software or applications?

Comments  (2)

Page « < 1 - 2 - 3 - 4 - 5 > »