You searched for Apt | Page 320 of 335 | The Security Ledger with Paul F. Roberts

Search Results for "Apt"

Podcast: Switch To IPV6 Demands A Security Re-Think

April 10, 2013 Paul Roberts

Editor’s Note: This interview with Qualys CTO Wolfgang Kandek was originally recorded on March 29th. You’re probably not aware of it, but a major transformation is taking place on the Internet. We’ve exhausted the approximately 4.3 billion available addresses for IPV4 – Internet Protocol Version 4 – the Internet’s lingua franca. (Roughly 98% of all Internet traffic.) With billions of new, intelligent devices set to join the global Internet in the next decade, a new addressing scheme was needed. Enter Internet Protocol Version 6 (IPV6), which will create a practically inexhaustible supply of new addresses and some much needed, new security features that can prevent man in the middle attacks, ARP poisoning and a host of other ills. But organizations that have the luxury of waiting to upgrade their networks should do so, says Qualys CTO Wolfgang Kandek in this exclusive interview with The Security Ledger. From vulnerability scanning to […]

Anti-Social: Popular WordPress Sharing Plugin Linked To Payday Loan Spam

April 9, 2013 Paul Roberts

A popular plug-in for sharing blog content on social networks was discovered to have hidden code that was injecting WordPress blogs with links to phony Pay Day Loan offers and other spam, according to the firm Sucuri. The plug-in, named Social-Media-Widget (SMW) was compromised with malicious code 12 days ago, in concert with an update of the widget. The new version of the plug-in contained a hidden call to a remote PHP script that inserted “Pay Day Loan” spam text and links into WordPress web sites running the plugin. The goal was to infect as many web sites as possible with text that would increase the web reputation and visibility of a web site run by the spammers, according to the post on Tuesday, by Daniel Cid, Sucuri’s CTO. SMW is among the most popular add-ons for Wordpess sites. It allows bloggers who use WordPress to configure sharing buttons that will […]

Application Security ‘Precrimes’ Report: SQL Injection, Crypto Hacks in 2013

April 8, 2013 Paul Roberts

We have plenty of industry-provided reports that tell us what happened in the past. The annual Verizon Databreach Investigations Report is due out any day, providing data on breaches investigated by that company’s incident response professionals, as well as information from law enforcement agencies around the world. And, with the first quarter gone, its safe to assume that similar reports will follow from Symantec and others. But what about the threats for 2013? That’s where Veracode’s State of Software Security (SoSS) report comes in. Released to the public today, SoSS documents the kinds of software vulnerabilities that company found during 2012. And, where there are vulnerabilities, there will be attacks, Veracode CTO Chris Wysopal says. So what’s on tap for 2013? SQL injection attacks are likely to be one of the main attack types against web-based applications this year, as they were last year, Veracode says. That’s because SQL […]

That Facebook Account Hijack Vulnerability Is Still Dangerous. Here’s Why.

April 6, 2013 Paul Roberts

Did you hear about that really dangerous security hole that allows attackers to manipulate third party Facebook applications to hack into your Facebook account? Skype and Dropbox both said they fixed a web site redirection vulnerability that both companies fixed before the vulnerability was disclosed? Great news, right? Right. Except for the fact that the same vulnerability may exist in hundreds, or even thousands of other Facebook applications and still provides a ready pathway into Facebook accounts, according to Nir Goldshlager, the Israeli security researcher who discovered the vulnerability. Goldshlager described the vulnerability, which he named the “UnFix Bug” on his web site in a post on Wednesday, after discussing details of the hole with the online publication TechCrunch. It is just the latest in a string of security holes he has discovered in OAuth, an open authentication standard used by social networking sites like Facebook and Twitter. The vulnerability allows a […]

The New Normal: Wednesday Is DDoS Day At Citi

April 4, 2013 Paul Roberts

How common are crippling denial of service attacks aimed at Western banks? Here’s one sign: Wednesday is unofficially “DDoS day” at Citi, according to a Senior Vice President for Information Security at the financial services powerhouse. Speaking on Wednesday at an event hosted by Perdue University, Mamani Older told an audience at CERIAS 2013 that massive distributed denial of service – or DDoS – attacks have become “business as usual” for Citi, and that those launching the attacks have fallen into a predictable schedule of attacks. Hump day, she said, is Citi’s turn to fend off a torrent of Internet traffic designed to interrupt the bank’s operations and sever its connections to its customers, she said. “We should be getting hit right now,” she said. Older was speaking on a panel on the topic of “security metrics” and “security analysis.” The panel was part of CERIAS 13, an annual information security symposium […]