security

DNS exploit code is in the wild

As of Wednesday, an exploit code allowing someone to attack the domain name system (DNS) was available in various places on the Internet.

On July 8, IOActive researcher Dan Kaminsky disclosed a flaw in the DNS but would not provide the details until all the affected vendors had released patches and all the systems worldwide could be patched. He figured that it would take about 30 days for that to happen.

The 30-day mark just happened to coincide with his speaking engagement at Black Hat in Las Vegas on August 6.

But on Monday, fellow Black Hat presenter Halvar Flake attacked Kaminsky's pleaRead more

Pairing your cell with Bluetooth? Buyer beware

I admit it; I've been in denial about my cell phone habit.

I'm a multitasker on the phone and I tend to make calls when I'm in transit. Why not get some of those calls I have to make out of the way while I'm walking or driving? (I really do try to not use the phone while on the bus so as not to annoy other passengers, but sometimes it just can't be avoided.)

Of course, I've known for months that I was going to have to curb the habit while driving because … Read more

Studies: Banking Web sites, corporate computers are insecure

A new study about security problems with financial Web sites may have you thinking twice about doing online banking.

And a separate study found widespread security problems in corporate computers across numerous industries.

More than 75 percent of the Web sites of more than 200 financial institutions were found to have at least one design flaw that could put customer data at risk, according to a study released this week from the University of Michigan.

Atul Prakash, a professor in the university's Department of Electrical Engineering and Computer Science, and two doctoral students examined the Web sites of 214 … Read more

iPhone vulnerable to phishing attacks

Security researcher Aviv Raff said on Wednesday that the iPhone's Mail and Safari applications are prone to URL spoofing and could allow phishing attacks against iPhone users.

The alert was anticipated. Prior to the release of the iPhone on July 11, Raff was one of a few security researchers who indicated they had found vulnerabilities but were waiting to see the final iPhone 2.0 release.

By crafting a specially designed URL, Raff says an attacker could create an e-mail link that appears in Mail to be from a trusted site (a financial institution or social network). By clicking … Read more

Blogspot.com cited as the No. 1 host for malware

According to a report out Wednesday, antivirus vendor Sophos says it detects one Web page with malicious content every 5 seconds--a trend that is up 300 percent from 2007.

In its Security Threat Report for the first half of 2008, Sophos says it finds just over 16,000 malicious pages each day, mostly the result of malicious SQL-injection attacks on legitimate Web sites such as the attack on Sony's U.S. PlayStation site in July. Tricks used by criminal hackers include using simple HTML code to place via SQL-injection a 1x1 pixel element (about the size of a pin … Read more

SF employee accused of setting network sabotage time bomb

Bail for a San Francisco city employee accused of hijacking the city's network remained at $5 million on Friday after prosecutors accused the worker of rigging the network to sabotage it the next time it was shut down for maintenance or due to a power failure, according to The San Francisco Chronicle.

Terry Childs, 43, was arrested July 13 on charges of tampering with the city's computer network. He remained in jail after the hearing on Wednesday.

In a secret meeting with Mayor Gavin Newsom on Monday, Childs revealed the passwords to the system so officials could take … Read more

Five quick, useful Google Calendar tweaks

I keep waiting for the day I can view my Google Calendar entries while I'm offline--without having to export the entries to Outlook or another standalone calendar program. Until that day, here are five ways to get make better use of Google's free calendar service.

Lock out unwanted viewers To make sure your calendar entries are private, click the down arrow next to the calendar under My Calendars on the left side of the screen. Choose "Share this calendar" to open that tab in your settings. Uncheck "Make this calendar public," and be sure … Read more

CNET News Daily Podcast: Why some developers might work late tonight

An unlikely drama is playing out in, of all places, the security research field. Researcher Dan Kaminsky says that earlier this year, he discovered a serious flaw in the Domain Name System that drives the Internet. He's spent the last few months coordinating a huge project to get the flaw patched by all necessary companies before disclosing details about the flaw. But now a fellow researcher has taken a public guess at what the flaw was. And whether he's right or not, Kaminsky is warning companies to patch their software immediately. Reporter Robert Vamosi joins me in the … Read more

Is Kaminsky's DNS flaw public?

Thirteen days after Dan Kaminsky asked his fellow security researchers not to speculate on the details of his DNS flaw, a fellow Black Hat researcher published his own speculation, and apparently got it right.

On July 8, IOActive researcher Kaminsky disclosed a flaw in the Domain Name System (DNS), but would not provide the details until all the affected vendors had released patches and all the systems worldwide could be patched. He figured it would take about 30 days for that to happen. The 30-day mark also just happened to coincide with his speaking engagement at Black Hat in Las … Read more

CNET News Daily Podcast: Hacker conference proves nothing is private on the Net

As the Last HOPE (Hackers on Planet Earth) conference comes to an end in New York, CNET News' Elinor Mills gives the lowdown on what she learned from 3,000 hackers about lock-picking, private investigation, and the security of consumer electronics.

According to new reports, Carl Icahn will be doing his bidding inside the Yahoo executive board come August, with no specific statements that he'll try to sell the search business to Microsoft.

This weekend's megahit, The Dark Knight, is up on the Web and it may be a sign that smaller Web sites are flying under the … Read more