New Google bugs empower phishermen

Saturday, October 11th, 2008

Google's Gmail service suffers from security flaws that make it trivial for attackers to create authentic-looking spoof pages that steal users' login credentials, a security expert has demonstrated. Google Calendar and other sensitive Google services are susceptible to similar tampering. A proof-of-concept (PoC) attack, published by Adrian Pastor of the GNUCitizen ...

Web Gives Hackers More Territory, Tools

Sunday, September 28th, 2008

As more people become accustomed to Web surfing and downloading software and multimedia, legitimate Web sites have become the favorite targets of hackers. "The hacking of legitimate Web sites is the biggest threat today," said David Freer, Symantec's vice president for consumer business in Asia-Pacific and Japan. Freer revealed that based on ...

Email Address Dictates Spam Volume

Thursday, August 28th, 2008

Everyone knows that some people get more spam than others, but new research shows that it may have something to do with the first letter of your email address. Richard Clayton, a security researcher at the University of Cambridge in the U.K., says he found evidence that the more common the ...

DNS poisoners hijack typo domains

Friday, August 22nd, 2008

Websense, the security services provider, has reported a successful case of cache poisoning on name servers of one of the largest Chinese ISPs. Netcom customers are said to have been steered by criminals to manipulated pages on which exploits for RealPlayer, MS Snapshot Viewer, Adobe Flash Player and Microsoft Data ...

An Illustrated Guide to the Kaminsky DNS Vulnerability

Sunday, August 10th, 2008

The big security news of Summer 2008 has been Dan Kaminsky's discovery of a serious vulnerability in DNS. This vulnerability could allow an attacker to redirect network clients to alternate servers of his own choosing, presumably for ill ends.This all led to a mad dash to patch DNS servers worldwide, ...