SEARCH RESULTS
 
Showing 1-10 of 477 records
 
Expand article

The DDoS Attack Against CNN.com

The Article has images
2008-04-22 19:30:53 by HASH0x8b2d1ec in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...attack against CNN.com, whether successful or not in terms of the perspective of complete knock-out, which didn't happen, is a perfect and perhaps the most recent example of a full scale people's information warfare in action . Utilizing the bandwidth of the over 200 million nationalism minded Chinese Internet users, can greatly outpace any...
 
Tags: ddos, ddos-ing cnn, cnn, ddos people, warfare, information warfare attack, attack, ddos attack, chinese script kiddies
 
 
 
 
Expand article

Evaluating And Protecting Yourself From The Cold-Boot Encryption Attack

2008-02-25 19:47:24 by rmogull in securosis.com
 
...attack released by Ed Felten and the Princeton Center for Information Technology Policy . This is some seriously impressive work with major implications, but despite all the articles Ive seen there has been little information on how to evaluate and mitigate your personal or organizational risk Thats where I come in Im not going to assume you...
 
Tags: disk, full-disk encryption, encryption, disk encryption, systems, file encryption systems, encryption system, file encryption, tools
 
 
 
 
Expand article

Massive IFRAME SEO Poisoning Attack Continuing

The Article has images
2008-03-27 21:12:29 by HASH0x8b4fa7c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...attack is slowly turning into a what looks like a large scale web application vulnerabilities audit of high profile sites. Following the timely news coverage , Symantec's rating for the attack as medium risk, StopBadware commenting on XP Antivirus 2008 , and US-CERT issuing a warning about the incident, after another week of monitoring the...
 
Tags: massive, single massive seo, profile sites, profile sites iframe, attack, seo, malware, malware attack, massive blackhat seo
 
 
 
 
Expand article

Thwarting a large-scale phishing attack

2007-06-11 11:35:00 by Niels Provos in Google Online Security Blog
 
...attack where criminals attempt to lure unsuspecting web surfers into logging into a fake website that looks like a real website, such as eBay, E-gold or an online bank. Following a successful attack, phishers can steal money out of the victims' accounts or take their identities. To protect our users against phishing, we publish a blacklist of...
 
Tags: myspace, myspace profiles, real myspace content, myspace account, attack, dummy myspace account, phishers move, phishers, lower-value sites
 
 
 
 
Expand article

Massive RealPlayer Exploit Embedded Attack

The Article has images
2008-01-07 18:58:52 by HASH0x89c7e1c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...attack is massive and ugly, what's most disturbing about it is the number of sites affected, which speaks for coordination at least in respect to having established the infrastructure for serving the exploit before the vulnerability became public One of our readers noted that there are a number of state government and educational sites...
 
Tags: exploit, realplayer exploit, uc8010 domain, domain, uc8010, exact exploit, attack uc8010, malware, malware exploitation kits
 
 
 
 
Expand article

Safari & IE Attack Code Released

2008-06-11 01:59:04 by Dave Lewis in Liquidmatrix Security Digest
 
...Attack code for the latest Safari problem was released on Sunday From Network World A hacker has posted attack code that exploits critical flaws in the Safari and Internet Explorer Web browsers The source code, along with a demo of the attack, was posted Sunday on a computer security blog. It can be used to run unauthorized software on a...
 
Tags: attack, attack code, safari, safari bug, safari users, exploits critical flaws, computer security blog, chief technical officer, shavlik technologies
 
 
 
 
Expand article

Minimizing the Attack Surface, Part 1

2008-06-24 19:09:34 by Chris Eng in Zero in a bit
 
...attack surface. You learned how to disable services using /etc/inetd.conf. Then you learned about rc.d and how to prevent unnecessary services from being launched at startup. Next, maybe you configured the Xserver to disallow remote connections or moved on to removing setuid permissions from files. As you worked, youd periodically re-scan the...
 
Tags: attack surface, custom web applications, web, services, prevent unnecessary services, unnecessary services, security, third-party libraries, fix security holes
 
 
 
 
Expand article

S&K Menswear two-phased attack

The Article has images
2008-01-03 10:40:36 by Evan Francen in The Breach Blog
...attacker requested the CVV2 codes to match the credit card numbers. It is unknown how many customers were duped by the second phase of the attack Reference URL New Hampshire Attorney General Breach Notification Report Credit New Hampshire State Attorney General Response From the official breach notification and letter to customers This...
 
Tags: information, personal information, information security practices, notification, information security, breach notification letter, sample customer letter, credit card, credit card data
 
 
 
 
Expand article

The Epileptics Forum Attack

The Article has images
2008-03-31 02:40:24 by HASH0x8b062fc in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...attack abusing epileptics' photo sensitivity . Hackers post seizure causing flashing images at an Epileptics forum Internet griefers descended on an epilepsy support message board last weekend and used JavaScript code and flashing computer animation to trigger migraine headaches and seizures in some users. The nonprofit Epilepsy Foundation,...
 
Tags: epileptics forum, forum, attack, seizure, actual seizure image, epileptics, computer attack, forum postings courtesy, hackers post seizure