85166797
submission
dinscott writes:
QRLJacking (i.e. Quick Response Code Login Jacking) is a method for tricking users into effectively logging into an online account on behalf of the attacker by making them scan the wrong QR code.
52475255
submission
dinscott writes:
During Social Engineer Capture the Flag contest, one of the most prominent and popular annual events at DEF CON 21, a pool of 10 men and 10 women, from diverse backgrounds and experience levels, tested their social engineering abilities against 10 of the biggest global corporations, including Apple, Boeing, Exxon, General Dynamics and General Electric. The complete results of the competition are in, and they don't bode well for businesses.
47350551
submission
dinscott writes:
If you think of cyberspace as a resource for you and your organization, it makes sense to protect your part of it as best you can. You build your defenses and train employees to recognize attacks, and you accept the fact that your government is the one that will pursue and prosecute those who try to hack you.
But the challenge arises when you (possibly rightfully so) perceive that your government is not able do so, and you demand to be allowed to “hack back”.
23954558
submission
dinscott writes:
After having its SSL and EVSSL certificates deemed untrustworthy by the most popular browsers, around 4200 qualified certificates — i.e. certificates used to create digital signatures — issued by the CA are currently in the process of being revoked and their holders notified of the fact by the Dutch independent post and telecommunication authority (OPTA).
Starting from yesterday, OPTA has terminated the accreditation of DigiNotar as a certificate provider for "qualified" certificates. The revocation of this accreditation also makes DigiNotar unqualified to issue certificates under the PKIoverheid CA.
22512064
submission
dinscott writes:
Google has begun notifying its users that a particular piece of malware is installed on their computers by showing a big yellow notification above their search results.
The warning begun popping up yesterday, and does so only for users whose computers have been infected by a particular strain of malware that hijacks search results in order to drive users towards websites that use pay-per-click schemes.
19264902
submission
dinscott writes:
According to a survey that examines how IT professionals and employees view the use of policies and technologies to manage and protect users' electronic identities, the sharing of work log-ins and passwords between co-workers is a regular occurrence.
It's no wonder then that half of them are concerned about insider threats to network security in their company's current infrastructure!
But one of the most surprising results shows that one in 10 IT professionals admit they have accounts from previous jobs, from which they can still access systems even though they've left the organization.
19225962
submission
dinscott writes:
Last month, The New York Times run a story about Stuxnet having been developed by the Americans and the Israelis as a part of a joint project, but it was based on the claims by confidential sources.
But, it now seems that the information from these sources was correct. The Haaretz — Israel's oldest daily newspaper — reports about the a surprising video that was played at a party organized for General Gabi Ashkenazi's last day on the job.
18834822
submission
dinscott writes:
An unknown hacker broke into the 26-year-old internet celebrity's Facebook account and posted a bizarre message calling upon the firm to adopt a social cause. More than 1800 people "liked" the update before Facebook took down their CEO's page. Facebook has made no public statement about how the hack occurred, possibly to save their CEO from embarrassment.
