Authorities have dismantled SocksEscort, a service that sold access to a large proxy network built from compromised residential routers. Investigators say much of the infrastructure sat on infected SOHO networking devices, many running embedded Linux...
At the beginning of this decade, Microsoft represented a cybercriminal's dream target: universally-used software, brimming with bugs ready to be exploited to hijack users' PCs. But as the software giant has slowly cleaned up its security flaws, hackers are looking toward another vendor whose products are nearly as ubiquitous and whose bounty of vulnerabilities are just being discovered: Adobe.
Already closed in Opera, Firefox and Chrome, the format string vulnerability caused by a flawed implementation of the dtoa C function for converting floating point numbers into strings (double to ascii) is creating further ripples. Maksymilian Arciemowicz, who discovered the problem, has released several advisories stating that the Thunderbird 2.x email client, as well as the Sunbird 0.9 calendar application and the Flock and Camino browsers, are or were also affected.
A Romanian hacker has posted a proof-of-concept attack exploiting vulnerabilities on the Pentagon's public Website that were first exposed several months ago and remain unfixed.
The hacker, who goes by Ne0h, demonstrated input validation errors in the site's Web application that allow an attacker to wage a cross-site scripting (XSS) attack.
Two NASA sites recently were hacked by an individual wanting to demonstrate that the sites are susceptible to SQL injection.
The websites for NASA's Instrument Systems and Technology Division and Software Engineering Division were accessed by a researcher, who posted to his blog screen shots taken during the hack.
The world is not only losing the war against spam, the situation might be about to get a whole lot worse with the emergence of a new type of automatic botnet able to thrive without direct human control, Symantec's MessageLabs division has warned.
A new phishing campaign is designed to steal FTP credentials from website owners so the fraudsters can set up fake bank websites, a security firm warned Monday.
The messages appear to come from web hosting providers, such as Yahoo, according to researchers at Trusteer.
Miscreants took advantage of weak security to hack into two NASA-run websites over the weekend.
The websites of NASA's Instrument Systems and Technology unit and Software Engineering division were broken into and screenshots illustrating the hack posted online.
The lack of malware on Linux may be about to change after a developer admitted he has developed a 'package of malware for Unix/Linux'
A developer who claims he is tired of the
Mogeneration, an Australian software company, has hired the author of the first iPhone worm, Ashley Towns, to develop applications for the iPhone App Store. At the beginning of November, 21 year old Towns circulated the "Ikee" worm via Australian operator Optus's UMTS network. The worm penetrates vulnerable jailbroken iPhones and spreads using open SSH connections.
Hackers have managed to find a way around one of the key antipiracy protections built into Windows 7.
Ordinarily, the operating system requires users to activate their copy of Windows 7 within 30 days. However, a recently outlined method allows the normal notifications to be turned off.
Notorious spammer Alan Ralsky has been jailed for more than four years over his role in a masterminding a stock fraud spam campaign that made him an estimated $2.7m.
A Seattle computer security consultant says he's developed a new way to exploit a recently disclosed bug in the SSL protocol, used to secure communications on the Internet. The attack, while difficult to execute, could give attackers a very powerful phishing attack.
The prospect of restricting access to your database is tricky when it comes to privileged users, such as database administrators who need to keep the databases running, developers who need to tap into databases to get them to work, or super users who just need an inordinate amount of access to get their jobs done.
Researchers show how Adobe Flash can be exploited in browsers when victim visits sites that accept user-generated content. Researchers have discovered a new attack that exploits the way browsers operate with Adobe Flash -- and there's no simple patch for it.
A hacker in the Netherlands broke into some jailbroken iPhones and sent text messages to the owners asking them to pay to find out how to secure their phones, according to postings in a Dutch forum called Tweakers.net.
Symantec is warning about a new Trojan horse that encrypts files on compromised computers but offers no ransom note like other software designed to hold data hostage for a fee.
IT security and data protection firm Sophos is warning internet users who have visited the Gizmodo technology and gadget blog to scan their computers after it was revealed that the website was delivering adverts laced with malware last week.
We're reported in the past on hacks of the President's campaign web site barackobama.com, still used for political campaigning: This one on January 26, 2009 served malware to users and this one from April 21, 2008 redirected users to the Hillary Clinton campaign site (note: Friends of Hillary is still taking contributions).
