SEARCH RESULTS
 
Showing 1-10 of 30 records
 
Expand article

ZDNet Asia and TorrentReactor IFRAME-ed

The Article has images
2008-03-04 09:15:20 by HASH0x8b3f7c8 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...ZDNet Asia and TorrentReactor is very creative at the strategic level, whereas the IFRAME-ing tactic remains the same. The sites' search engines seem to have been exploited to have the IFRAME injected, not embedded, within the last 24 hours, redirecting to known Russian Business Network's IPs and ex-customers in the face of rogue anti-virus...
 
Tags: iframe, zdnet asia, pages, pages redirect, iframe-ed pages, torrentreactor, iframe-ing tactic remains, seo practices, torrentreactor seo practices
 
 
 
 
Expand article

More CNET Sites Under IFRAME Attack

The Article has images
2008-03-06 10:50:57 by HASH0x8b1424c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...ZDNet Asia , namely, TV.com , News.com and MySimon.com which I'll assess in this post. In the time of posting this, no other CNET sites are involved in the campaign, including ZDNet's international sites such as, ZDNet India, ZDNet U.K, and ZDNet Australia, but the abovementioned ones. And so, we have three more sites part of CNET Networks'...
 
Tags: iframe, cnet sites, sites, iframe-ed pages, pages, cnet, iframe redirects, iframe campaign, campaign
 
 
 
 
Expand article

Blue Box #78: Cisco IP phone vulnerabilties, WiFi handset insecurity, IETF security-related news, VoIP security news, listener comments and more

The Article has audio podcast
2008-04-29 13:56:50 by HASH0x8b2fcac in Blue Box: The VoIP Security Podcast
 
...ZDNet: Design flaw in wireless VoIP handsets endanger the enterprise followed by Cisco confirms vulnerability in 7921 WiFi IP phone Voice of VOIPSA : Slides about P2PSIP security new available Voice of VOIPSA : RUCUS mailing list & BOF Voice of VOIPSA : End-to-end VoIP security using DTLS -SRTP Also a whole bunch on SIP Identity SIP Torture...
 
Tags: voip security news, news, listener comment line, comments, listener comments, comment line, cisco, phone, podcast
 
 
 
 
Expand article

Blue Box #78: Cisco IP phone vulnerabilties, WiFi handset insecurity, IETF security-related news, VoIP security news, listener comments and more

2008-04-29 14:56:49 by Dan York in Blue Box: The VoIP Security Podcast
 
...ZDNet: Design flaw in wireless VoIP handsets endanger the enterprise followed by Cisco confirms vulnerability in 7921 WiFi IP phone Voice of VOIPSA : Slides about P2PSIP security new available Voice of VOIPSA : RUCUS mailing list & BOF Voice of VOIPSA : End-to-end VoIP security using DTLS -SRTP Also a whole bunch on SIP Identity SIP Torture...
 
Tags: voip security news, news, listener comment line, comments, listener comments, comment line, cisco, phone, podcast
 
 
 
 
Expand article

Injecting IFRAMEs by Abusing Input Validation

The Article has images
2008-03-07 15:53:50 by HASH0x8bac8b8 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...ZDNet Asia began to surface. Attackers appear to have abused the ZDNet search engine's cache by exploiting a script-injection issue, which is then being cached in Google. Clicking the affected link in Google will cause the browser to be redirected to a malicious site that attempts to install a rogue ActiveX control. On March 6, 2008, the...
 
Tags: input validation, input validation checks, plan input validation, input, input validation refers, input validation flaw, iframes, iframe, iframe attack
 
 
 
 
Expand article

Google Text Ad Subversion

2007-12-20 16:02:12 by RSnake in ha.ckers.org web application security lab
 
...ZDNet that explained that Googles text ads are getting subverted by trojans on peoples machines to get them to click on other peoples ads. It wasnt clear what those ads were, exactly, but there you have it. I see this kind of thing as a clear path for future monetization - similar to how bad guys are adding extra form fields into forms via...
 
Tags: ads, googles ads, peoples ads, peoples machines, googles text ads, extra form fields, basic purpose, bad guys, future monetization
 
 
 
 
Expand article

Blue Box #67: Contest for listeners, discussion about status, some VoIP security news, listener comments

2007-10-27 14:33:13 by HASH0x8a0958c in Blue Box: The VoIP Security Podcast
 
...ZDNet: "Jericho Forum voices concerns over VoIP Security Telappliant: "VoIP 'more secure than traditional phone systems'" (note the last paragraph about VOIPSA SecurityFocus: "VoIP Hopping: A Method of Testing VoIP Security or Voice VLANs and Release of "VoIP Hopper tool SIP Hacking Workshop in November in Vienna Upcoming shows Oct...
 
Tags: voip, voip security news, voip networks, voip security, voip security podcast, listener comments, listener, voip hopper tool, comments
 
 
 
 
Expand article

Blue Box #70: 2-yr Anniversary show, VoIP security vulnerabilities, Vonage, Comcast, phishing, listener comments and much, much more...

2007-11-07 22:52:27 by Dan York in Blue Box: The VoIP Security Podcast
 
...ZDNet???s Russell Shaw Wired: Phones Aren???t Safe Either, Hackers Say ??? also discussed in Network World and Russell Shaw We???ve toasted so many of these (VoIP) networks??? and Dustin Trammell???s blog (in the list of sessions he attended SANS : Vishing, Skype, and VoIP-Based Fraud (sent in by Craig Bowser CXO Today: The Phishing Epidemic...
 
Tags: voip security, voip security vulnerabilities, voip security news, voip, voip security podcast, consumer voip, vulnerabilities, sans voip security, sans
 
 
 
 
Expand article

Links for 2008-01-09 [del.icio.us]

2008-01-10 00:00:00 by Editor in Anton Chuvakin Blog -
 
...ZDNet Three predictions for identity management in 2008 - Network World EventSource Newsletters - Jan 08 The secret to effective log management is to gather ALL of the data. The aspects of LM that add value to investigations and compliance are seriously minimized if the integrity or completeness of the data can be questioned. Thus, its pretty...
 
Tags: security, security predictions, log management, effective log management, data, data collection, predictions, security warrior, anton chuvakin blog