The high-profile DDoS attack against GitHub that went on for several days last month was the end result of an operation that included several phases and extensive testing and optimization by the attackers. Researchers at Google analyzed the attack traffic over several weeks and found that the attackers used both Javascript replacement and HTML injections. […]
Tag Archives: Web Security
Active Defense Can Give Pause to Threats
Enterprises can use existing networking tools to put up internal barriers against hackers in order to frustrate them on to other targets.
Bypassing OS X Security Tools is Trivial, Researcher Says
SAN FRANCISCO–For years, Apple has enjoyed a pretty good reputation among users for the security of its products. That halo has been enhanced by the addition of new security features such as Gatekeeper and XProtect to OS X recently, but one researcher said that all of those protections are simple to bypass and gaining persistence […]
The Real ‘Next Generation’ of Security Revealed at RSA
During his RSA keynote today, Juniper Networks’ Chris Hoff shared the stage with 9-year-old hacker Reuben Paul, in a talk meant to be a call to action for the security industry to teach young programmers security and privacy from the outset.
Threat Intelligence Sharing Still Seen as a Challenge
SAN FRANCISCO–The discussion about information sharing has been going on in the security community since before there was a security community, but the tone and shape of the conversation have changed recently thanks to an executive order from the Obama administration and the relentless drumbeat of attacks and data breaches. The benefits of sharing threat intelligence are […]
‘Fully Secure Systems Don’t Exist’
SAN FRANCISCO–The more things change, the more they stay the same. Thirty years ago, Adi Shamir, one of the inventors of the RSA algorithm, was asked to do a keynote speech at a conference and spoke about his laws of computer security. They were a set of principles that he developed over the years relating […]
Renewed Attention on Android Apps Failing SSL Validation
CERT researcher Will Dormann presented an update on his research looking at Android apps that fail to validate SSL; Google meanwhile, says it will get stricter with enforcement.
Microsoft Data Shows Drop in Remote Code Execution Bugs Being Exploited
SAN FRANCISCO–One of the downsides to being a software company with a huge customer base is that your products are going to be prime targets for attackers. But the flip side to that coin is that you’re going to gather a lot of data about vulnerabilities and attacks. Microsoft has been collecting that data for […]
NetNanny Found Using Shared Private Key, Root CA
An issue with the content-control software NetNanny could open users’ systems up to man-in-the-middle (MiTM) attacks, HTTPS spoofing and intercept, researchers warned Monday.
Crypto ‘Front Door’ Debate Likely to Go On For Years
SAN FRANCISCO–Encryption is the hot new topic in security at the moment, as it has been any number of times in the last few decades. And, as in the past, the notions of key escrow, mandated legal access to encrypted systems and other ideas for helping governments defeat cryptosystems have followed right along with the latest crypto […]