Web Service Security

Microsoft scrambles to address widespread ASP.NET bug

By

There is no holiday lull for Microsoft, as the software giant is working to address a potentially dangerous denial-of-service vulnerability impacting its entire .NET Framework. Other vendors may be impacted too.

Baidu suing registrar for negligence in cyberattack

By

Leading Chinese search engine Baidu, is suing Register.com, its U.S.-based web hosting provider, over a recent cyberattack that left the site unusable for several hours, according to published reports. On Jan. 12, Baidu visitors were redirected to a page announcing that the site had been overtaken by the Iranian Cyber Army. On Wednesday in a Manhattan federal court, Baidu filed a complaint against Register.com claiming that negligence by the company resulted in severe damage to the search giant. A Register.com spokesperson reportedly has said the lawsuit is "without merit." A representative could not be reached by SCMagazineUS.com. — AM

Political hackers deface Network Solutions-hosted sites

By

Politically motivated hackers were able to break into several of Network Solutions' servers and then display their illegitimate content.

Web technologies account for 78 percent of all bugs

By

Of all vulnerabilities in web technologies discovered in the first half of 2009, 90 percent were present in web applications.

Rampant brute-force attack against Yahoo Mail

By

Attackers are exploiting a web service application to crack into Yahoo email accounts.

Survey: Social networks increasingly blocked

By

Companies are increasingly blocking access to social networking sites, according to a new survey.

Social network attacks top website target list

By

Social networking sites, such as Twitter and Facebook are the most commonly attacked websites, replacing government websites as the targets of choice.

eBay mandates developer password change

eBay mandates developer password change

By

The giant web marketplace site eBay has warned developers of a security vulnerability, and is requiring that they change their credentials immediately.

Researchers laud Twitter alerts on bad links

By

Twitter has begun alerting users when they attempt to post a link to a malicious site.

Source of Adobe zero-day bug patched

By

One of the flaws at the heart of Adobe's ColdFusion 8.0.1 zero-day vulnerability has been patched.

Latest upgrade to iPhone includes 46 security fixes

Latest upgrade to iPhone includes 46 security fixes

By

Apple on Wednesday released the long-anticipated upgrade to its iPhone operating system.

Researcher plans to unveil a month of Twitter bugs in July

By

A security researcher plans to raise awareness about how third-party developer sites can be exploited to abuse social networking sites, namely Twitter.

ISP Pricewert shuttered for distributing spam

By

An internet service provider accused of violating federal law by hosting malicious sites and working with cybercriminals has been shut down, but the California-based company plans to appeal.

Cybercriminals targeting Twitter "trending topics"

By

Cybercriminals are using Twitter to propagate malicious links in an attack that's easier to mount than black-hat search-engine optimization (SEO), according to PandaLabs.

Twitter hit with rogue anti-virus scams

By

Users of popular blogging platform Twitter fell victim this past week to a scareware scam.

"Beladen" website compromises cropping up

By

A mass injection attack similar but unrelated to Gumblar has infected more than 40,000 websites, according to new research from Websense.

IT professionals confused about Web 2.0

By

Even IT professionals are confused about what constitutes Web 2.0, according to a survey released Wednesday.

OTA seeks comment

By

The Online Trust Alliance (OTA), an industry group whose mission is to eliminate email and internet fraud, has released for comment a draft document outlining its Online Trust Principles. OTA said the principles listed in the document are a major step toward establishing business practices for greater online protection. After a 30-day comment period and subsequent ratification, OTA plans to work with business and regulatory agencies to drive adoption, according to an announcement describing the initiative. — CAM

Microsoft validates web server vulnerability

By

Microsoft on Tuesday confirmed the presence of a privilege-escalation vulnerability in its Internet Information Services web server -- but said no exploits are underway.

New Microsoft IIS flaw

By

A vulnerability in Microsoft Internet Information Services (IIS) web server could enable an attacker to access or upload files to protected WebDAV folders. The SANS Internet Storm Center said in a blog post that "adding certain Unicode characters to an URL makes it possible to bypass authentication in IIS." The vulnerability was rated "moderately critical" and affects Microsoft IIS 5.1 and 6.0, according to an advisory from Secunia. Storm Center handlers recommended turning off WebDav until more details about the vulnerability are uncovered. — AM

Cloud computing providers require strong audits

By

Companies must develop better ways of evaluating the security and privacy practices of the cloud services they utilize, according to a report by Forrester released Friday.

Rogue product ads on F-Secure, McAfee, Trend Micro searches

By

Google searches for a number of security products and vendors -- including F-Secure, Norton, McAfee and Trend Micro -- have yielded advertisements with links to rogue products.

Despite downturn, IT security spending to increase

By

Management increasingly is recognizing security as a top business priority, which is resulting in higher budgets for some organizations despite the economic slowdown, according to a new survey.

Realtors hack competitor email

By

Three real estate agents in Rockingham, N.C. were charged with illegally accessing a Hotmail account belonging to the employee of a competitor. RE/MAX Tri City Realty agents Wendy Robson Massagee, 43; Kim Dawn Whitley, 40; and Jamie Moss-Godfrey, 41, allegedly used the victim's username and password to access the account and view work-related emails, according to a report in the Richmond County (N.C.) Daily Journal. All three were released and are scheduled to appear in local court on April 23. - AM

Privacy group urges FTC to investigate Google's cloud services

By

The Electronic Privacy Information Center, a privacy advocacy group, filed a complaint with the Federal Trade Commission on Tuesday urging an investigation of Google's cloud computing services to determine the adequacy of its privacy and security safeguards.

Web apps account for 80 percent of internet vulnerabilities

By

Vulnerabilities in web applications made up 80 percent of all web-related flaws in the second half of 2008 and rose in prevalence by about eight percent from the first half of the year.

Google's interest-based advertising sparks privacy debate

By

Google on Wednesday launched an "interest-based" advertising service, sparking a larger discussion among privacy-advocacy groups over data collection concerns.

Google's glitch in the cloud

By

Google Docs, a web-based word processor, experienced a glitch that shared documents without permission.

Firefox update addresses multiple security issues

By

Mozilla on Wednesday issued Firefox 3.0.7, which fixes multiple security issues that could potentially enable an attacker to run arbitrary code on a victim's computer, cause a denial-of-service condition, obtain sensitive information, or spoof the location bar, according to an advisory from US-CERT Thursday.

Phishing attack on iStockphoto

By

Online photography store iStockphoto warned of a phishing attack targeted against its website on Wednesday, "We strongly urge all users who logged in at some point today to change their passwords," the company said on its website. "In addition, do not open any site mail for the next 24 hours." Attackers created a fake iStockphoto login screen, saved users' credentials on a malicious server then redirected them back to the website's main page. The company said that no financial information was breached. — AM

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US