Sign up for our Technology Newsletter 
RSA To Replace SecureID Tokens
June 10, 2011 by admin
Filed under Around The Net
Comments Off on RSA To Replace SecureID Tokens
In an acknowledgement of the severity of its recent systems breach, RSA Security said Monday that it will replace SecureID tokens for any customer that asks.
Customers have been left to ponder whether or not to trust RSA’s security tokens since March, when the company confirmed that it had been hacked and issued a vague warning to its customers. Then, two weeks ago, government contractor Lockheed Martin was reportedly forced to pull access to its virtual private network after hackers compromised the SecureID technology.
In a letter sent to customers Monday, RSA confirmed that the Lockheed Martin incident was related to SecureID. Information “taken from RSA in March had been used as an element of an attempted broader attack on Lockheed Martin,” RSA Executive Chairman Art Coviello stated in the letter.
Coviello said the company remains “highly confident in the RSA SecureID product,” but acknowledged that the recent Lockheed Martin attack and general concerns over hacking, “may reduce some customers’ overall risk tolerance.”
Microsoft’s IE Latest Flaw: ‘Cookiejacking’
Comments Off on Microsoft’s IE Latest Flaw: ‘Cookiejacking’
A technology security researcher has discovered a flaw in Microsoft Corp’s widely used Internet Explorer browser that he said may allow hackers to steal credentials to access FaceBook, Twitter and other websites.
He coined the technique as ”cookiejacking.”
“Any website. Any cookie. Limit is just your imagination,” said Rosario Valotta, an independent Internet security researcher based in Italy.
Hackers can exploit the flaw to access a data file stored inside the browser known as a “cookie,” which holds the login name and password to a web account, Valotta wrote.
Once a hacker has that cookie, he or she can use it to access the same site, said Valotta, who calls the technique “cookiejacking.”
The vulnerability affects all versions of Internet Explorer, including IE 9, on every version of the Windows operating system.
To take advantage of this flaw, the hacker must first persuade the victim to drag and drop an object across the PC’s screen before the cookie can be hijacked.
That sounds like a difficult task, but Valotta said he was able to do it fairly easily. He built a puzzle that he put up on Facebook in which users are challenged to “undress” a photo of an attractive woman.
“I published this game online on FaceBook and in less than three days, more than 80 cookies were sent to my server,” he said. “And I’ve only got 150 friends.”
Microsoft said there is little risk a hacker could succeed in a real-world cookiejacking scam.
“Given the level of required user interaction, this issue is not one we consider high risk,” said Microsoft spokesman Jerry Bryant.
Sony Hacked Again
May 29, 2011 by admin
Filed under Around The Net
Comments Off on Sony Hacked Again
More than 2000 users of Sony Ericsson’s Canadian Website are impacted by the latest hack attack to hit a battle worn Sony. Sony Ericsson is joint mobile phone venture between Sony and Ericsson. According to Sony hackers made off with e-mail addresses, passwords and phone numbers–but no credit card details. Sony has now shut down the affected site. Around 1000 of the stolen records from the Sony Canadian Website are already online, posted by Idahc, a “Lebanese grey-hat hacker”.
“Sony Ericsson’s Website in Canada, which advertises its products, has been hacked, affecting 2000 people,” a Sony spokesperson told AFP. “Their personal information was posted on a Website called The Hacker News. The information includes registered names, email addresses and encrypted passwords. But it does not include credit card information.”
“Sony Ericsson has disabled this e-commerce Website,” Sony detailed to IDG News. “We can confirm that this is a standalone website and it is not connected to Sony Ericsson servers.” For security, Sony has shut down the Canadian Sony Ericsson eShop page, which currently reads: “D’oh! The page you’re looking for has gone walkabout. Sorry.”
Apple Admits To Security Issues
Apple has finally acknowledge and has promised an update for Mac OS X that will find and remove the MacDefender fake security software, and warn uninfected users when they download the infectious program.
The announcement — part of a new support document that the company posted late Tuesday — was the company’s first public recognition of the threat posed by what security experts call “scareware” or “rogueware.”
Apple has taken criticism for not publicly responding to the MacDefender threat.
“In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants,” Apple said in the document. “The update will also help protect users by providing an explicit warning if they download this malware.”
Apple also outlined steps that users with infected Macs can take to remove the scareware.
Andrew Storms, director of security operations with nCircle Security, was surprised that Apple said it would embed a malware cleaning tool in Mac OS X.
Google Moves Quickly To Plug Data Leaks
May 24, 2011 by admin
Filed under Smartphones
Comments Off on Google Moves Quickly To Plug Data Leaks
Google confirmed that it’s starting to roll out a server-side patch for a security vulnerability in most Android phones that could allow hackers to access important credentials at public Wi-Fi hotspots.
“Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in Calendar and Contacts,” said a Google spokesman in an emailed statement. “This fix requires no action from users and will roll out globally over the next few days.”
Google will apparently apply the fix to its servers since it does not need to push out an over-the-air update to Android phones.
Experts applauded Google’s fast reaction.
“It’s impressive how quickly Google fixed this,” said Kevin Mahaffey, chief technology officer and a co-founder of San Francisco-based mobile security firm Lookout. “Google’s security team, especially on Android, is very, very quick to deal with issues.”
Whatever Google is implementing will shut the security hole that three German researchers publicized last week.
According to the University of Ulm researchers, who tested another researcher’s contention last February that Android phones sent authentication data in the clear, hackers could easily spoof a Wi-Fi hotspot — in a public setting such as an airport or coffee shop — then snatch information that users’ phones transmitted during synchronization.
In Android 2.3.3 and earlier, the phone’s Calendar and Contacts apps transmit information via unencrypted HTTP, then retrieve an authentication token from Google. Hackers could eavesdrop on the HTTP traffic at a public hotspot, lift authentication tokens and use them for up to two weeks to access users’ Web-based calendars, their contacts and also the Picasa photo storage and sharing service.
EBS Coming To Your Smartphone
May 14, 2011 by admin
Filed under Smartphones
Comments Off on EBS Coming To Your Smartphone
In the event of local and/or nationwide disasters, wireless carriers will soon begin alerting the public by sending emergency SMS text messages to mobile phones.
AT&T, Sprint, T-Mobile and Verizon Wireless have all agreed to a participate in this new Emergency Broadcast System alert method. It will initially be rolled out in New York and Washington, D.C., later this year, and nationwide next year, in April at the earliest.
The emergency text messages will cover public safety threats, Amber Alerts for missing children, and messages from the president, the New York Times reports. Messages will be free for customers, who can opt out of them all except the presidential messages.
We don’t expect the alerts to be frequent,” Julius Genachowski, chairman of the Federal Communications Commission, told the Times. “They will be reserved for when they are truly needed, for tornadoes or for disasters like 9/11.”
Genachowski said the emergency texts will look different from ordinary messages, making them more difficult for hackers to infiltrate or fake. They’ll probably appear directly on the screen, along with a special vibration or other signal. No word on how closely they’ll resemble the tone and color bars of the current Emergency Broadcast System for televisions, or whether users can expect “this is a test” messages on a regular basis.
Hackers Breach WordPress Servers
April 15, 2011 by admin
Filed under Around The Net
Comments Off on Hackers Breach WordPress Servers
Hackers have gained access to several servers that support WordPress and may have obtained source code, according to the founding developer of Automattic, the company behind the popular blogging platform.
Matt Mullenweg wrote on the WordPress blog that Automattic has been reviewing log records to determine how much information was breached and re-evaluating “avenues to gain access.”
“We presume our source code was exposed and copied,” Mullenweg wrote. “While much of our code is open source, there are sensitive bits of our and our partners’ code. Beyond that, however, it appears information disclosed was limited.”
Microsoft Delivers Massive Security Updates
Comments Off on Microsoft Delivers Massive Security Updates
Microsoft today patched a whopping 64 vulnerabilities in Windows, Office, Internet Explorer (IE), and other software, including 30 bugs in the Windows kernel device driver and one in IE that was exploited at the Pwn2Own hacking contest last month.
The company also delivered a long-discussed “backport” to Office 2003 and Office 2007 that brings one of the newer security features in Office 2010 to the older editions.
The 17 updates, which Microsoft dubs “bulletins,” tied a record set late last year, but easily beat the October 2010 mark for the total number of flaws they fixed. Altogether, today’s updates patched 64 vulnerabilities, 15 more than in October and 24 more than in the former second-place collection of December 2010.
Nine of the 17 bulletins were pegged “critical,” Microsoft’s highest threat ranking, while the remainder were marked “important,” the next-most-serious label.
Microsoft and virtually every security expert pegged several updates that users should download and install immediately.
“There are three we think are top priorities,” said Jerry Bryant, group manager with the Microsoft Security Response Center (MSRC), in an interview earlier today. Bryant tagged MS11-018, MS11-019 and MS11-020 as the ASAP updates.
Adobe Flash Exploited
March 16, 2011 by admin
Filed under Around The Net
Comments Off on Adobe Flash Exploited
Hackers have found a way to exploit Adobe Flash Player by using a zero-day vulnerability by using Microsoft Excel documents that was confirmed by Adobe yesterday. Adobe representatives that they will not be able to patch Flash until next week. Therefore, if you use Flash you are on your own until next week. Read More….
New Exploit Exposed In Microsoft Windows
Comments Off on New Exploit Exposed In Microsoft Windows
It is being reported that hackers have been able to exploit holes in Windows and Microsoft new of the issue since January of 2011.The exploit deals with the Windows protocol handler in Windows for MHTML. Be advised the exploit can only be done if the user is running Internet Explorer. Apparently, hackers are using cross-site scripting attacks are intercepting and collecting peoples information, spoofing the content that is displayed to the browser, or interfering with the user’s browsing activities. Read More….