security

iPhone vulnerable to phishing attacks

Security researcher Aviv Raff said on Wednesday that the iPhone's Mail and Safari applications are prone to URL spoofing and could allow phishing attacks against iPhone users.

The alert was anticipated. Prior to the release of the iPhone on July 11, Raff was one of a few security researchers who indicated they had found vulnerabilities but were waiting to see the final iPhone 2.0 release.

By crafting a specially designed URL, Raff says an attacker could create an e-mail link that appears in Mail to be from a trusted site (a financial institution or social network). By clicking … Read more

Blogspot.com cited as the No. 1 host for malware

According to a report out Wednesday, antivirus vendor Sophos says it detects one Web page with malicious content every 5 seconds--a trend that is up 300 percent from 2007.

In its Security Threat Report for the first half of 2008, Sophos says it finds just over 16,000 malicious pages each day, mostly the result of malicious SQL-injection attacks on legitimate Web sites such as the attack on Sony's U.S. PlayStation site in July. Tricks used by criminal hackers include using simple HTML code to place via SQL-injection a 1x1 pixel element (about the size of a pin … Read more

SF employee accused of setting network sabotage time bomb

Bail for a San Francisco city employee accused of hijacking the city's network remained at $5 million on Friday after prosecutors accused the worker of rigging the network to sabotage it the next time it was shut down for maintenance or due to a power failure, according to The San Francisco Chronicle.

Terry Childs, 43, was arrested July 13 on charges of tampering with the city's computer network. He remained in jail after the hearing on Wednesday.

In a secret meeting with Mayor Gavin Newsom on Monday, Childs revealed the passwords to the system so officials could take … Read more

Five quick, useful Google Calendar tweaks

I keep waiting for the day I can view my Google Calendar entries while I'm offline--without having to export the entries to Outlook or another standalone calendar program. Until that day, here are five ways to get make better use of Google's free calendar service.

Lock out unwanted viewers To make sure your calendar entries are private, click the down arrow next to the calendar under My Calendars on the left side of the screen. Choose "Share this calendar" to open that tab in your settings. Uncheck "Make this calendar public," and be sure … Read more

CNET News Daily Podcast: Why some developers might work late tonight

An unlikely drama is playing out in, of all places, the security research field. Researcher Dan Kaminsky says that earlier this year, he discovered a serious flaw in the Domain Name System that drives the Internet. He's spent the last few months coordinating a huge project to get the flaw patched by all necessary companies before disclosing details about the flaw. But now a fellow researcher has taken a public guess at what the flaw was. And whether he's right or not, Kaminsky is warning companies to patch their software immediately. Reporter Robert Vamosi joins me in the … Read more

Is Kaminsky's DNS flaw public?

Thirteen days after Dan Kaminsky asked his fellow security researchers not to speculate on the details of his DNS flaw, a fellow Black Hat researcher published his own speculation, and apparently got it right.

On July 8, IOActive researcher Kaminsky disclosed a flaw in the Domain Name System (DNS), but would not provide the details until all the affected vendors had released patches and all the systems worldwide could be patched. He figured it would take about 30 days for that to happen. The 30-day mark also just happened to coincide with his speaking engagement at Black Hat in Las … Read more

CNET News Daily Podcast: Hacker conference proves nothing is private on the Net

As the Last HOPE (Hackers on Planet Earth) conference comes to an end in New York, CNET News' Elinor Mills gives the lowdown on what she learned from 3,000 hackers about lock-picking, private investigation, and the security of consumer electronics.

According to new reports, Carl Icahn will be doing his bidding inside the Yahoo executive board come August, with no specific statements that he'll try to sell the search business to Microsoft.

This weekend's megahit, The Dark Knight, is up on the Web and it may be a sign that smaller Web sites are flying under the … Read more

Column: Will you be ditching your antivirus app anytime soon?

For the last few months, I've been hearing some well-regarded security people tell me they are considering ditching their antivirus protection all together. They haven't done it, but these individuals feel the days of having a special application scan to remove malware on your desktop are numbered. Malware has changed, but the applications to ferret them out have not.

Antivirus programs, as we know them today, are based on 20-year-old technology of pattern matching. Pattern matching may have worked in the days of the Micheangelo virus and even as recently as Netsky, but methodically matching each and every … Read more

Last HOPE to become Next HOPE

NEW YORK--In case you were worried, HOPE is not dead.

Just as hackers experiment with technology, push boundaries, and subvert the concepts of what it means to be safe and secure, the organizers of the HOPE (Hackers on Planet Earth) conference have had some fun of their own.

Despite calling the event this weekend "Last HOPE," it won't be the final one; just the most recent one, organizer Emmanuel Goldstein told attendees at the closing ceremonies Sunday night.

There will be another one in two years. It will be called "Next HOPE," he said.

That … Read more

Hacking with no technology

NEW YORK--The typical image of a hacker is a kid hunched over his keyboard in the wee hours of the night staring at commands on his computer screen that unlock the secrets of the national government.

But, according to someone who knows better, the woman sitting next to you in the airport or Starbucks fiddling with her digital camera while you work on your company's confidential sales data could be just as dangerous.

One of the more fascinating talks at the Last HOPE hacker conference this weekend was by Johnny Long, a security researcher who hacks, writes books on … Read more