For all those among us who concern ourselves with protecting data on computers with the aid of firewalls, antivirus programs, and security patches...there is a vulnerability you may still be missing: side-channel attacks.
U.S. government agencies are scrambling to plug one of their biggest security holes: sensitive information -- names, addresses and Social Security numbers, for example -- stored on laptops, handhelds, and thumb drives.
LinuxSecurity.com: SAN FRANCISCO - May 20, 2008 - CoverityT, Inc., the leader in improving software quality and security, today announced the availability of the Scan Report on Open Source Software 2008. The Coverity Scan site was developed with support from
Ali Jasbi has reported a vulnerability in AbleDating, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "keyword" parameter in search_results.php is not properly sanitised before being used in SQL queries. This can
CWH Underground has reported some vulnerabilities in phpFreeForum, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "message" parameter in error.php and the "nickname" and "randomid" parameters in part/menu.php is not properly sanitised
A security issue has been reported in Cerberus Helpdesk, which can be exploited by malicious people to disclose potentially sensitive information. The security issue is caused due to an error in the authentication process for certain pages and can be
A vulnerability has been reported in HP-UX, which can be exploited by malicious, local users to bypass certain security restrictions or cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error and can potentially be
Specialist IP CCTV supplier and value-added distributor Controlware Communications Systems has won the award for Best Project at the IFSEC Security Industry Awards. Having also won the same award last year this represents a unique double for Controlware.A panel of
FLIR Systems, Inc. has acquired the stock of Ifara Tecnologias, S.L., a provider of middleware and client application software used to create sensor networks. Based in Madrid, Spain, Ifara develops software technology, hardware, and developer tools used for the creation
A man has been arrested, accused of attempting to blackmail Formula One racing drivers Adrian Sutil and Lewis Hamilton. German police are reported to have arrested a man who is alleged to have tried to sell a hard disk which
PestBlock lets you protect your privacy and your computer from a variety of spyware and unwanted programs, from those that expose your confidential information, to those that diminish the performance of your computer. [Update | License: Demo $39.95 | Requires:
A computer labeled as coming from the Oklahoma Tax Commission ended up in an auction with personally identifiable information, including Social Security numbers, intact and unencrypted.With governments like these, who needs enemies? Grifters seeking financial gain at the expense of
This paper, written by Brett Pladna will discuss piracy and copyright infringement. Since the boom of the Internet it is possible to download all types of files.
TJX, the retailer that was hit with a major security breach, has sacked a whistle blower who was exposing the company's security issues. According to the ha.ckers.org site: I had some very disturbing news today from one of the forum
Can you remember being a kid, when your parents first told you what your SSN was? I remember mine telling me to never give it to anyone. Of course, then as soon as I got my first job as a
Trillian users beware:Â There are multiple serious security holes in the popular cross-platform IM application. According to alerts issued by TippingPoint's Zero Day Initiative ZDI, the vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of Trillian Pro.
Last week, Google's Niels Provos made an announcement regarding a newly introduced feature aiming to help owners of compromised sites in understanding the implications of the compromise, as well as the malicious events that took place when Google last indexed
Snort is "an open source network intrusion detection (IDS) and prevention system (IPS). In addition to being available as a package for most Unix operating system distributions, various commercial hardware devices also use Snort as an IDS/IPS". Remote exploitation of
