|
Written by ph0bYx
|
|
Wednesday, 30 March 2011 10:37 |
The hacker said his attack was mounted in revenge for the Stuxnet virus attack on his country's nuclear programme.
The boast follows a major security breach at Comodo Group, a “certification authority” which acts as an independent third party to ensure communications between users and websites are properly encrypted. The integrity of such encryption is a fundamental part of web security, foiling attackers who could otherwise easily monitor emails or steal online banking details.
Comodo last week admitted it had been forced to revoke nine digital certificates for web service providers including Google, Microsoft, Skype and Yahoo after it emerged they had been fraudulently issued by someone who broke into its systems. The attack was traced to Iran, and now an individual has come forward to claim responsibility.
|
|
|
Written by ph0bYx
|
|
Monday, 28 March 2011 21:32 |
|
An email was sent out earlier today on the Full-Disclosure mailing list, detailing the compromise of numerous MySQL websites along with portions of their database containing usernames and passwords.
|
|
Last Updated on Monday, 28 March 2011 21:33 |
|
Written by ph0bYx
|
|
Wednesday, 23 March 2011 20:48 |
It's been revealed that UK ISPs and Rights Holders are debating a controversial ("Plan B") alternative to the Digital Economy Act's (DEA) original website blocking clause. The move would see broadband providers adopt a new Voluntary Code of Practice to block any website that is deemed to "facilitate" internet copyright infringement.
A list of the 100 worst offenders, including The Pirate Bay, NewzBin2 and several cyberlocker file storage sites (e.g. Rapidshare?), has reportedly already been drawn up. The confirmation comes shortly after Ofcom was asked to review the DEA's original web blocking measures (here) and some anticipate that the review will ultimately deem those unfeasible.
Since then the UK government has been working hard to bring both ISPs and Rights Holders together, largely in the hope that they would draw up a more workable alternative to the original measures (here).
|
|
Written by ph0bYx
|
|
Saturday, 19 March 2011 21:08 |
|
Breaking in to an encrypted router and using the WiFi connection is not an criminal offence, a Dutch court ruled. WiFi hackers can not be prosecuted for breaching router security.
A court in The Hague ruled earlier this month that it is legal to break WiFi security to use the internet connection. The court also decided that piggybacking on open WiFi networks in bars and hotels can not be prosecuted. In many countries both actions are illegal and often can be fined.
|
|
Written by ph0bYx
|
|
Saturday, 19 March 2011 21:06 |
|
The PHP developers have released PHP 5.3.6, a maintenance update to the PHP interpreter. Among over 60 bug fixes are a number of fixes for security related problems.
A format string vulnerability in the phar extension of PHP 5.3.5, CVE-2011-1153, may allow attackers to view memory, cause a denial of service or execute arbitrary code. There was also an integer overflow in the shmop_read() function which allowed for denial-of-service (CVE-2011-1092). Other flaws included crashes with crafted tags in exif metadata and ziparchive with empty archives. Security has also been enhanced in the protocol parsing done by the fastcgi process manager (FPM SAPI). Some of the flaws reportedly affect all versions of PHP 5.3.x and earlier.
|
|
|
|
|
Page 22 of 40 |
