vulnerabilities
Most Users Clueless about Cybersecurity, FBI Says
According to two U.S. government officials, Internet crime rates will continue to increase because end-users and enterprises lack awareness and education about the current online threat landscape.
Article link
'Mafiaboy': Cloud Computing Will Cause Internet Security Meltdown
Reformed black-hat hacker Michael Calce, better known as the 15-year-old "mafiaboy" who, in 2000, took down Websites CNN, Yahoo, E*Trade, Dell, Amazon, and eBay, says widespread adoption of cloud computing is going to make the Internet only more of a hacker haven.
Article link
Month Of Twitter Bugs Goes Live With Mini-URL Flaws
The Month of Bugs phenomenon is back, with a new project aimed at exposing vulnerabilities in third-party Twitter applications.
File link
PDF Vulnerabilities and Attack Surface
Attack surface is a term used to convey the amount of code available to attackers in a program. As a general matter, the more features added to a program, the greater the attack surface. For example, adding a web server to your web browser? You increase the attack surface.
Article link
A Month of Twitter Bugs
The bugs will focus on the Twitter API and third party sloppy use of it. Raff will warn these services in advance and give them time to fix their problems before he parades them in public. He adds that bugs of this sort are common on Web 2.0 mashup sites. Perhaps it takes something like this to raise awareness of a problem.
Twitter Security in Spotlight with Month of Twitter Bugs
Security researcher Aviv Raff is launching a Month of Twitter Bugs in July to call attention to security issues affecting the microblogging service. As part of the initiative, Raff says he will publish a new third-party Twitter service vulnerability every day.
Article link
Reminder: You Can't Trust the "From:" Line in an E-Mail
A spoofed e-mail recently caused a stir at the SEC (Securities and Exchange Commission), underscoring credibility problems in the Internet's e-mail system.
Article link
Adobe Hardening Security and Incident Response Practices
Adobe has announced a series of measures to improve security throughout the company's products and practices. Growing out of a threat landscape that has brought unwelcome attention to Adobe Reader and Acrobat from malicious actors across the Internet, the company months ago began a 3-pronged approach to improving the safety of their software.
Article link
Microsoft Advises on Serious IIS Vulnerability
Microsoft has issued a security advisory for a vulnerability in the IIS web server that comes with Windows Server versions. The vulnerability is in the WebDAV (Web-based Distributed Authoring and Versioning) feature which is a set of HTTP extensions to allow clients to manipulate files on web servers. Because of the vulnerability, an unauthenticated user could gain access to files that normally require authentication.
Article link
