Search Results for "Target"

Update: DARPA Cyber Chief Peiter “Mudge” Zatko Heads To Google

Editor’s Note: Updated with comment from Google on Zatko’s role. – PFR Noted hacker and innovator Peiter “Mudge” Zatko, a project manager for cyber security research at DARPA for the past three years- will be setting up shop in the Googleplex, according to a post on his Twitter feed. Zatko, who earned fame as a founding member of the early 1990s Boston-area hacker confab The L0pht and later as a division scientist at government contractor BBN Technologies, announced his departure from DARPA following a three-year stint as a Program Manager in DARPA’s Information Innovation Office on Friday. “Given what we all pulled off within the USG, let’s see if it can be done even better from outside. Goodbye DARPA, hello Google!” he Tweeted. Google did not immediately respond to a request for comment on Zatko’s hiring and Zatko declined to expound on his title and responsibilities within the search giant. However, he has acknowledged that […]

Continue Reading

Hacked WordPress Plug-in Put On Double, Secret Probation

A plug-in that was pulled from the official WordPress plug-in directory has been restored, but will be monitored closely, after the plug-in’s owner claimed a rogue contractor introduced malicious code into the popular web publishing add-on. Social Media Widget, a free plug-in for the WordPress blogging platform with more than a million downloads, was restored to the WordPress.org official plugin directory on Thursday, days after it was found injecting WordPress websites with spam links to web sites offering Pay Day Loans. In a post on a support forum for Social Media Widget, Samuel Wood, a WordPress administrator, said that WordPress.org was willing to give the owner and the plug-in, Brendan Sheehan, a second chance. “Naturally we do take a very hard line on spam, and obviously an author putting malicious code into a plugin is enough grounds for us to bring down the ban hammer,” Wood wrote on Friday. “But […]

Continue Reading

Anti-Social: Popular WordPress Sharing Plugin Linked To Payday Loan Spam

A popular plug-in for sharing blog content on social networks was discovered to have hidden code that was injecting WordPress blogs with links to phony Pay Day Loan offers and other spam, according to the firm Sucuri. The plug-in, named Social-Media-Widget (SMW) was compromised with malicious code 12 days ago, in concert with an update of the widget. The new version of the plug-in contained a hidden call to a remote PHP script that inserted “Pay Day Loan” spam text and links into WordPress web sites running the plugin. The goal was to infect as many web sites as possible with text that would increase the web reputation and visibility of a web site run by the spammers, according to the post on Tuesday, by Daniel Cid, Sucuri’s CTO. SMW is among the most popular add-ons for Wordpess sites. It allows bloggers who use WordPress to configure sharing buttons that will […]

Continue Reading

Application Security ‘Precrimes’ Report: SQL Injection, Crypto Hacks in 2013

We have plenty of industry-provided reports that tell us what happened in the past. The annual Verizon Databreach Investigations Report is due out any day, providing data on breaches investigated by that company’s incident response professionals, as well as information from law enforcement agencies around the world. And, with the first quarter gone, its safe to assume that similar reports will follow from Symantec and others.   But what about the threats for 2013? That’s where Veracode’s State of Software Security (SoSS) report comes in. Released to the public today, SoSS documents the kinds of software vulnerabilities that company found during 2012. And, where there are vulnerabilities, there will be attacks, Veracode CTO Chris Wysopal says. So what’s on tap for 2013? SQL injection attacks are likely to be one of the main attack types against web-based applications this year, as they were last year, Veracode says. That’s because SQL […]

Continue Reading

That Facebook Account Hijack Vulnerability Is Still Dangerous. Here’s Why.

Did you hear about that really dangerous security hole that allows attackers to manipulate third party Facebook applications to hack into your Facebook account? Skype and Dropbox both said they fixed a web site redirection vulnerability that both companies fixed before the vulnerability was disclosed? Great news, right? Right. Except for the fact that the same vulnerability may exist in hundreds, or even thousands of other Facebook applications and still provides a ready pathway into Facebook accounts, according to Nir Goldshlager, the Israeli security researcher who discovered the vulnerability. Goldshlager described the vulnerability, which he named the “UnFix Bug” on his web site in a post on Wednesday, after discussing details of the hole with the online publication TechCrunch. It is just the latest in a string of security holes he has discovered in OAuth, an open authentication standard used by social networking sites like Facebook and Twitter. The vulnerability allows a […]

Continue Reading
1 300 301 302 303 304 319