erdemkose teknoloji meraklısı

Over the weekend I received a handful of reports of individuals using Direct Messages inside of Twitter to phish for Twitter accounts and passwords. A cluster of compromised Twitter accounts are sending out person-to-person phishing messages inside the Twitter network. These messages and the target website are similar to standard social network phishing messages, except [...]

RealNetworks has shipped a new version of its Helix Server to plug at least four vulnerabilities that introduce code execution and denial-of-service risks. The flaws affect Helix Server Version 11.x, Helix Server Version 12.x, Helix Mobile Server Version 11.x and  Helix Mobile Server Version 12.x.  Three of the four bugs are considered “highly critical” because [...]

Third party plug-ins like Adobe Flash do a poor job of cleaning traces of your browser sessions, rendering private-browsing features somewhat useless, according to a new study by researcher Katherine McKinley. McKinley, a researcher at iSec Partners, created a tool for testing the functionality of clearing private data after a browser session and browsing in private [...]

Sensing a shift in upcoming defense priorities, Lockheed and Boeing are both launching information security product divisions. Bloomberg is reporting that both Lockheed Martin and Boeing are building security product groups to address the military’s needs in defending cyberspace. I doubt that the military requires technology to “defend cyberspace” that is fundamentally different technology than [...]

Guest post by John Viega Today there’s been a lot of buzz about the clever new attack on public key infrastructure from Alex Sotirov and a team of researchers.   In the attack, the bad guy ends up with his own Certification Authority (CA) that is fully trusted according to every major browser. People are [...]

Guest post by Chris Eng In the wake of this morning’s 25C3 presentation by Alex Sotirov and Jacob Appelbaum, most of the coverage I’ve read so far has focused on the technical details and real-world impact of their findings. Rightly so — their paper describing the attack is a fascinating read filled with enough gory details [...]

Using computing power from a cluster of 200 PS3 game consoles and about $700 in test digital certificates, a group of hackers in the U.S. and Europe have found a way to target a known weakness in the MD5 algorithm to create a rogue Certification Authority (CA), a breakthrough that allows the forging of [...]

Microsoft is pouring cold water on public reports of a serious code execution vulnerability in the newest versions of its Windows Media Player software. Following the release of proof-of-concept code alongside a claim that the bug can be remotely exploitable to launch arbitrary code, a Microsoft spokesman insists this “is not a product vulnerability.” Here’s Microsoft’s [...]

Amazon has warned its customers that one of Samsung’s digital picture frames shipped to customers infected with a virus. While Samsung has some egg on its face, malware that ships on consumer hardware is not as serious of an issue as it may seem. Earlier this week Amazon alerted its customers to an issue affecting [...]

Microsoft late Monday issued a pre-patch advisory confirming a remote code execution vulnerability affecting its SQL Server line. The vulnerability, publicly disclosed with exploit code more than two weeks ago, affects Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server [...]

In a brilliant physical-world example of what happens when too much value is placed upon open identification systems for determining reputation, a group of high school students are setting off speeding enforcement cameras using fake license plates belonging to their enemies. According to an article in the D.C. area Montgomery County Sentinel, high school students are [...]

Hackers are using a combination of DNS redirection, software vulnerabilities and the open-source Apache Web server to exploit holes in Sony’s new PlayStation Home virtual world, according to a Telegraph report. The hack is allowing developers to customize their PlayStation Home experience beyond the options provided by Sony but there’s a worrysome component [...]

Once again confirming the trend of having more legitimate sites serving exploits and malware than purely malicious ones, Chinese hackers have been keeping themselves busy during the last couple of days, launching massive SQL injection attacks affecting over 100,000 web sites. The SQL injection attacks serving the just patched Internet Explorer XML parsing exploit, are launched [...]

Guest post by Eric Schultze Microsoft’s latest Internet Explorer out-of-band patch release needs to be installed right away.  The number of infected websites is growing at an alarming rate — even people visiting legitimate websites are getting hacked with this exploit. Patch it now - just do it.  Why did this come out as an emergency release? [ [...]

There isn’t much to report just yet, but Microsoft has posted a patch for the widely exploited IE7 vulnerability.  After applying the patch, you should feel free to carry on with your previous activities.

Mozilla is joining Microsoft and Opera on the browser patching treadmill. The open-source group has rolled out the final security fix for the Firefox 2 branch and a new version of Firefox 3 to plug about a dozen security holes that could lead to remote code execution attacks, browser crashes and information disclosure issues. [ SEE: [...]

Microsoft is planning to ship an emergency Internet Explorer update tomorrow (December 17) to counter an escalating wave of malware attacks targeting a zero-day browser vulnerability. [ SEE: Hackers exploiting (unpatched) IE 7 flaw to launch drive-by attacks ] The out-of-band update, which will be rated critical, follows the public discovery of password-stealing Trojans exploiting the [...]

Malware hunters at Websense Security Labs have discovered legitimate Google sponsored links being used to plant scareware programs (rogue anti-virus applications) on the computers of Windows users. In a blow-by-blow description of the rogueware attack, Websense researcher Elad Sharf shows how an innocent Google search for the Winrar file archiver and data compression utility can lead [...]

Opera has released version 9.63 of its browser as a “recommended security upgrade” that fixes at least seven security vulnerabilities, some with serious risk implications. The most serious of the flaws could lead to remote code execution if an Opera user is tricked into surfing to a maliciously rigged Web page.  Two of the bugs [...]

I was traveling the eastern seaboard all of last week, visiting family, friends, and old work colleagues in Philadelphia, New York, and Boston, so I didn’t have much opportunity to provide feedback to what had become the most heavily discussed blog post I have yet generated. Two weeks ago, people got all hot and bothered because [...]