We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Is the cloud a hacker's paradise? A survey at last month's Defcon hacking conference paints that picture. Sponsored by security vendor Fortify Software, the survey asked 100 hackers who attended Defcon about security in the cloud.
Cloud vendors are not doing enough to address the security of their services, according to 89% of the hackers and IT security experts polled at a recent hacking conference in Las Vegas.
Criminal organizations are calling on black market hackers-for-hire, where they can buy the tools and services they need to break into brokerage accounts, says a new report by Canada's crime watchdog.
For almost 18 months starting in 2005, attackers used wireless networks at TJX and other retail chains to steal credit card data. The vulnerabilities were not an isolated instance: Subsequent research found that about half of all retail outlets in one shopping center had insecure wireless networks.
As a high-profile, Washington-based think tank, the Center for American Progress takes strong positions on hot-button topics, such as health care reform, the Middle East and the state of the economy. With John Podesta, former chief of staff to former President Bill Clinton as its president and CEO, CAP remains firmly planted on the left side of the political equation.
A Russian man accused of selling stolen credit card numbers online for nearly a decade has been arrested in Nice, France, and faces charges in an indictment unsealed Wednesday, the U.S. Department of Justice said.
A server-based botnet that preys on insecure websites is flooding the net with attacks that attempt to guess the login credentials for secure shells protecting Linux boxes, routers, and other network devices.
A bug in Facebook's login system allows attackers to match unknown email addresses with users' first and last names, even when they've configured their accounts to make that information private.
Consumers and businesses in Great Britain have lost more than $1 million so far this summer from a Trojan that is infecting their computers, prompting them to log into their bank accounts, and then is surreptitiously transferring money to scammers in other countries, security researchers said on Tuesday.
Google has fixed a flaw in its Audio CAPTCHA software that could have given scammers a way to automatically set up phoney accounts with the company's services.
Security researchers have uncovered the command and control network of a Zeus 2 botnet sub-system targeted at UK surfers that controlled an estimated 100,000 computers.
At the DEFCON hacking conference, which ended yesterday, IT security researchers Nicholas Percoco and Christian Papathanasiou demonstrated what they claim is the first rootkit for Android. Their aim was to show how slight the obstacles to the development of a such a rootkit are and how powerful the result can be. Android is Linux-based and desktop Linux rootkits are nothing out of the ordinary.
A few companies in the Fortune 500 need to upgrade their Web browsers. And while they're at it, a little in-house training on social engineering wouldn't be a bad idea, either.
A researcher at the Def Con security conference in Las Vegas demonstrated that he could impersonate a GSM cell tower and intercept mobile phone calls using only $1500 worth of equipment. The cost-effective solution brings mobile phone snooping to the masses, and raises some concerns for mobile phone security.
Well it looks like what happened to WEP all those years ago is going to happen to GSM now. The methods have been known, the theory is established but the breaking point is when freely available tools are published that makes it possible for anyone to perform the attacks even without really understanding what is going on.
A security expert found a way to catch the talks at Black Hat for free, thanks to bugs in the video streaming service used by the security conference. Michael Coates, the head of Web security for Mozilla, said he discovered several problems while trying to sign up for the US$395 service.
Security firm Imperva reports a free phishing kit called "Login Spoofer 2010" that turns perpetrators into victims, is currently being touted in hacker forums. "Hackers" who have clicked through the foolproof user interface and used the program's wizard to set up their own online phishing page for PayPal,
Skilled malware writers have found a way for less experienced cyber criminals to do their work for them. A new freeware phishing kit being offered in hacker forums offers cyber criminals a way to set up fake websites and spam emails to capture users
The vast majority of people browsing the web are vulnerable to attacks that expose detailed information about their viewing habits, including news articles they've read and the Zip Codes they've entered into online forms.
A Wikileaks editor, deciding not to risk a confrontation with federal agents, skipped a high-profile speaking engagement at a hacker conference here on Saturday. Instead, Jacob Appelbaum, a Seattle-based programmer for the Tor Project, who's involved in the Wikileaks Web site, took over the 1 p.m. ET keynote slot on behalf of co-founder Julian Assange.
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
