Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
Network

Submission + - MariaDB and MySQL Authentication Bypass Exploit (batblue.com)

Submitted by
JohnBert
JohnBert writes: "A security bug in MariaDB and MySQL has been revealed, allowing a known username and password to access the master user table of a MySQL server and dump it into a locally-stored file. By using a tool like John the Ripper, this file can be easily cracked to reveal text passwords that can provide further access. By committing a threaded brute-force module that abuses the authentication bypass flaw to automatically dump the password database, you can access the database using the cracked password hashes even if the authentication bypass vulnerability is fixed."

Submission + - Twitter Turns On SSL Encryption For Some Users (computerworld.com)

Submitted by
JohnBert
JohnBert writes: "Twitter is slowly turning on automatic encryption on its website, a move following other major providers of web-based services to thwart account hijacking over wireless networks.

Twitter has offered an option for users to turn on SSL (Secure Sockets Layer) encryption, but said on Tuesday that it will turn the feature on by default for some users. It did not indicate when the option would be turned on by default for all users.

SSL encryption, indicted by "https" in the URL bar and sometimes a padlock in the browser window, is an encryption protocol used to protect communication between a client and a server. It is important to use because unencrypted information passed over wireless networks can be intercepted."

Submission + - Facebook Data Collection Under Fire Again (computerworld.com)

Submitted by
JohnBert
JohnBert writes: "A German privacy protection authority is calling on organizations there to close their Facebook fan pages and remove the social networking site's "Like" button from their websites, arguing that Facebook harvests data in violation of German and European Union law.

The Independent Centre for Privacy Protection (ULD), the privacy protection agency for the German state of Schleswig-Holstein, issued a news release on Friday saying Facebook builds a broad, individualized profile for people who view Facebook content on third-party websites.

Data is sent back to Facebook's servers in the U.S., which the agency alleges violates the German Telemedia Act, the German Federal Data Protection Act and the Data Protection Act of Schleswig-Holstein. The agency alleges the data is held by Facebook for two years, and wants website owners in the state to remove links to Facebook by the end of next month or possibly face a fine."

Submission + - Anonymous Breaches Another US Defense Contractor (computerworld.com)

Submitted by
JohnBert
JohnBert writes: "The politically oriented hacking group, Anonymous, has released 1GB of what it says are private e-mails and documents from an executive of a U.S. defense company that sells unmanned aerial vehicles to police and the U.S. military.

The documents were publicized in a post on Pastebin, with links leading to the actual material on another website. The material purportedly belongs to Richard Garcia, a senior vice president at Vanguard who was a U.S. Federal Bureau of Investigation (FBI) special agent for 25 years.

Anonymous took special delight in the breach, as Garcia is director of InfraGard, an organization that liaises between private sector companies and the FBI. A group affiliated with Anonymous called LulzSecurity, or LulzSec, breached and defaced one of InfraGard's websites belonging to its Atlanta chapter in June."

Submission + - Google Highlights Trouble in Detecting Malware (computerworld.com)

Submitted by
JohnBert
JohnBert writes: "Google issued a new study on Wednesday detailing how it is becoming more difficult to identify malicious websites and attacks, with antivirus software proving to be an ineffective defense against new ones.

The company's engineers analyzed four years worth of data comprising 8 million websites and 160 million web pages from its Safe Browsing service, which is an API (application programming interface) that feeds data into Google's Chrome browser and Firefox and warns users when they hit a website loaded with malware.

Google said it displays 3 million warnings of unsafe websites to 400 million users a day. The company scans the Web, using several methods to figure out if a site is malicious."

Submission + - Google Patches 30 Chrome Bugs, Adds Instant Pages (computerworld.com)

Submitted by JohnBert
JohnBert writes: Google patched 30 vulnerabilities in Chrome, paying out the third-highest bounty total ever for the bugs that outsiders filed with its security team.

The company packaged the patches with an update to Chrome 13, adding Instant Pages to the "stable" channel of the browser. The feature, which Google earlier tucked into Chrome 13 previews, proactively pre-loads some search results to speed up browsing.

Google last upgraded Chrome's stable build in early June. Like Mozilla, which this year shifted to a rapid-release schedule, Google produces an update about every six-to-eight weeks.

Fourteen of the 30 vulnerabilities patched were rated "high," the second-most-serious ranking in Google's four-step scoring system, while nine were pegged "medium" and the remaining seven were labeled "low."

Submission + - FBI Arrests 12 in 'Anonymous' Hackers Probe (computerworld.com) 1

Submitted by JohnBert
JohnBert writes: The FBI has reportedly arrested more than 12 people in what appears to be a nationwide crackdown against alleged members of the Anonymous hacking group. News of the arrests in California, New Jersey and Florida was reported today by Fox News and CBS News. Both stories were based on information from unnamed sources.

Spokesmen from the FBI's national office in Washington and from its field offices in San Francisco and New York confirmed to Computerworld that the agency had carried out law enforcement actions related to an ongoing cybercrime investigation. However they would neither confirm nor deny the arrests or name the group that was being investigated.

A spokespersons from the FBI's Washington office and its San Francisco field office hinted that a statement related to today's action would be released shortly.

Submission + - EU Considers Strict Data Breach Notification Rules (computerworld.com)

Submitted by JohnBert
JohnBert writes: The European Commission is examining whether additional rules are needed on personal data breach notification in the European Union.

Telecoms operators and Internet service providers hold a huge amount of data about their customers, including names, addresses and bank account details. The current ePrivacy Directive requires them to keep this data secure and notify individuals if such sensitive information is lost or stolen. Data breaches must also be reported to the relevant national authority.

"The duty to notify data breaches is an important part of the new E.U. telecoms rules," she said. "But we need consistency across the E.U. so businesses don't have to deal with a complicated range of different national schemes. I want to provide a level playing field, with certainty for consumers and practical solutions for businesses."

Slashdot Top Deals

Never buy from a rich salesman. -- Goldenstern

Close