Infosecurity News
Context says Khronos fix to WebGL flaw is insufficient
Context Information Security, which identified a flaw in the new WebGL 3D graphics standards that exposes Firefox and Chrome browsers to hackers, said that a fix proposed by vendor Khronos Group does not address the wider security issue.
FBI sucks in complete internet pipes in latest surveillance evolution.
It looks as though the FBI is quietly canning its long-standing Carnivore methodology of scanning internet users' sessions, and, where it is difficult to isolate a users' actual IP session, simply replicating and recording the entire IP data pipe.
Security researcher warns over Google Doodle scareware infection
A German security researcher has warned on a new hacker methodology of infecting users by presenting poisoned web search results as a primary hit after they click on a Google Doodle.
Facebook security measures do not go far enough, say security experts
Security experts have warned that Facebook's latest security innovations against spam e-mail and online fraud may have mixed results in effectiveness and user experience.
US Attorney General Eric Holder dashes hope of UK trial for hacker Gary McKinnon
US authorities are still insisting that self-confessed UK hacker, Gary McKinnon, face a US court, despite ongoing efforts to have the trial in the UK.
Indian security agencies gear up for wide-ranging Web 2.0 surveillance
Whilst UK and US security agencies keep their IT/communications surveillance systems and plans under carefully guarded wraps, the Indian government has taken the approach of being quite open. According to a report in the Economic Times, the Indian Centralised Monitoring System (CMS) is now being tendered for.
Anonymous splinter group blamed for attack on Eidos International site
It seems that the loose organisation of the Anonymous hacktivist group is causing problems, as reports are coming in that the web portal of Eidos International, a major gaming firm, was hacked and defaced on Wednesday night (US time) of this week.
VA has failed to fix information security gaps for over a decade, says GAO
For more than a decade, the Department of Veterans Affairs (VA) has failed to fix information security problems identified by the Government Accountability Office (GAO), as well as the VA’s Office of the Inspector General, the VA’s independent auditor, and the department itself, the GAO told a House panel.
Jericho Forum professional explains challenges ahead in digital security
James Whyte, head of IT service delivery with F&C Investments, and a member of the Jericho Forum, says that there is now a clear need for an effective - and secure - digital ecosystem in cyberspace.
Zeus source code: from $100K to free in a matter of months
Reports are coming in that the source code for Zeus, a long-running trojan that has been modified many times since the summer of 2007, is now available on several underground forums.
Facebook flaws leaked data to third parties, claims researcher
The reputation of the apparent cybercriminal's playground that is Facebook took another battering this week after a Symantec researcher revealed that as many as 100,000 Facebook applications are leaking data to third parties.
Theft of Michaels' customer card numbers extends nationwide
The theft of credit and debit card numbers from PIN-pad tampering at Michaels stores in the Chicago area extends nationwide, the company admitted this week.
Canadian government is vulnerable to WikiLeaks-type data breach, report warns
The Canadian government is vulnerable to a security breach similar to the US government’s WikiLeaks snafu that resulted in the leak of hundreds of thousands of sensitive documents, concluded an internal government report.
Alarm bells sound on Microsoft acquisition of Skype
Microsoft's acquisition of Skype for $8.5 billion has not gone down well in some quarters, with some experts questioning the wisdom of allowing the Redmond giant access to such a massive unified communications service.
Jericho Forum unveils best practice identity commandments
The Jericho Forum has taken the wraps off a set of best practice identity principles - enshrined in a set of commandments - which seek to lay down the ground rules for IT security professionals when dealing with the complex world of digital identities.
Facebook flaws leaks millions of data elements to third parties claims researcher
The reputation of the apparent cybercriminal's playground that is Facebook took another battering this week after a Symantec researcher revealed that as many as 100,000 Facebook applications are leaking data to third parties.
Organizations not equipped to prevent DDoS attacks, DNS failures
Many organizations are not equipped to prevent and respond to web infrastructure failures caused by distributed denial of service (DDoS) attacks and Domain Name System (DNS) failures, according to research commissioned by VeriSign.
WebGL opens browser to attacks that can disable computer
A researcher at the Context Information Security consulting firm has identified a number of serious vulnerabilities in the new WebGL 3D graphics standard enabled by default in Firefox 4 and Google Chrome browsers, and as an option in the Apple Safari browser.
FERC wants more power to protect electric grid from cyber attacks
The Federal Energy Regulatory Commission (FERC) is looking to expand its authority to protect the electrical grid against cyber attacks.
Sony Ericsson posts info on hacking Xperia Android phones
In a move that has caused raised eyebrows in the smartphone industry, Sony Ericsson has posted detailed information on how to hack its Xperia range of Android smartphones.
