Join the God Side, Jesus is Coming…….

What do you think of when you see this little guy on a webpage:

lock

You’re probably thinking something along the lines of “it means the page is secure”. The more tech savvy among you may suggest that it means HTTPS has been used to encrypt the content in transit.

The problem is that it doesn’t mean anything of the kind. In fact it had absolutely nothing to do with website security. And therein lies the problem – the padlock lies to us, it implies things that it is not and it’s downright misleading.

Excellent post, read more at troyhunt.com

A security consultant has notified Skype of a cross-site scripting flaw that could be used to change the password on someone’s account, according to details posted online.

The consultant, Levent Kayan, based in Berlin, posted details of the flaw on his blog on Wednesday and notified Skype a day later. He said on Friday he hasn’t heard a response yet.

The problem lies in a field where a person can input their mobile phone number. Kayan wrote that a malicious user can insert JavaScript into the mobile phone field of their profile.

There are some mitigating factors, such as that the attacker and victim must be friends on Skype. Also, the attack may not immediately execute when the victim logs in. Kayan said he noticed the behavior happened only after the victim logged in several times. But he said in an e-mail that once it happens the first time, “it happens with each re-login.”

Skype should be checking the input into the mobile phone field and validating that it is indeed a phone number and not executable code. The problem affects the latest version of Skype, 5.3.0.120, on Windows XP, Vista and 7 as well as Mac OS X operating system.

Source: networkworld

What’s JailbreakMe? It’s an easy way to jailbreak an Apple iOS device using a PDF (related) vulnerability.

It’s done with a “drive-by” style exploit.

All somebody needs to jailbreak their (newer) iPad/iPhone/iPod is to visit jailbreakme.com and to touch the free/install button. The German Federal Office for Information Security has issued a warning about this. They’re concerned about the potential for targeted malicious attacks using trojanized versions of the JailbreakMe exploit.

Source: F-Secure

 

Election fraud and accusations of rigged voting might be as old as US election systems themselves, but some may wonder, if a hacker can gain access to the election voting system, how secure are elections anyway?

The AntiSec movement is definitely rolling along, but Anonymous is pointing to a recent hack that could raise some serious questions over the integrity of voting in Florida. It seems that a hacker who uses Twitter obtained parts of the Florida voting database which has been subsequently posted to Paste2. It appears that the hacker in question wanted to show that voting fraud can easily happen today and dumped parts of the Florida database to prove it.

Source: Zeropaid

The NHS has signed a deal with Zscaler – a cloud-based security and bandwidth management company.

A document seen by IT Pro detailed a Zscaler webinar stating the NHS was a customer, even though no formal announcement has been made.

Zscaler’s product offering sends all customer traffic through the cloud, analyses it and then allows organisations to add policies on both security and bandwidth management.

No further details on the contract have been officially released.

Its key protection areas include email, web security and data loss prevention. The last area will be important for the NHS, which has seen data leave its premises and go missing numerous times.

 

Source: ITPRO

Google’s new social networking site, Google+, which is built to beat Facebook primarily on privacy features, has several privacy bugs the company is working to fix.

Many of the existing privacy bugs in Google+ revolve around the site’s mechanism to block users, according to a list of known problems Google has published and is in the process of fixing.

For example, after a user blocks someone, that blocked person may not always be removed from the user’s extended circles and the blocked person’s posts will remain on the user’s activity stream.

Source: ComputerWorld

This is an old post but it keeps happening along the years.

Despite high-profile security breaches such as Jack Straw’s Hotmail account being compromised, and cybercriminals gaining access to celebrity Twitter accounts after cracking an administrator password, a third of computer users are still using the same password for every website they access according to newly revealed stats* from Sophos.

Password chart

Very few computer users seem to have woken up to the risks of using weak passwords and the same ones for every site they visit. With social networking and other internet accounts now even more popular, there’s plenty on offer for hackers and by using the same password to access Facebook, Amazon and your online bank account, you’re making it much easier for them.

Recent news:  26,000 sex website passwords exposed by LulzSec

Source: nakedSecurity

Tag Cloud