Tag: software

With $Pi Million At Stake, Chrome Withstands Hacker Assault

With $3.14159 million in prize money at stake, Google’s Chrome OS has withstood attempts to hack it in the company’s semi-annual Pwnium contest in Vancouver, a Google spokeswoman told The Security Ledger. In a statement Thursday, Google spokeswoman Jessica Kositz said that the company did not receive any winning entries during the day-long contest, but that the company is evaluating work that may qualify for a partial prize:  a potentially infinite series of Google Wallet transfers in the amounts:  $1 followed by $.50 followed by $.25 followed by $.125 and so on. OK – We made that last part up. Pwnium runs alongside the better known pwn2own contest at CanSecWest. This year, Google is providing funding for both contests. However, in 2012 the company pulled its support for pwn2own, objecting to the lack of a requirement of “responsible disclosure” – in which entrants must disclose the details of their exploits to the […]

EverNote Latest Site Hacked In Coordinated Attack

The online personal and business productivity service Evernote.com said on Saturday that it is the victim of a hack that exposed encrypted user password information, forcing password resets across a broad swath of the service’s 50 million registered users. The Redwood City, California-based firm revealed in a blog post that its internal security team discovered “suspicious activity on the Evernote network” that “appears to have been a coordinated attempt to access secure areas of the Evernote Service.” The company said it sent password reset messages to its users as a “precaution” but didn’t believe that stored information in users’ accounts or payment information had been exposed. The hack is just the latest of a prominent online firm. In recent weeks, Twitter, Facebook, Apple and Microsoft have all reported compromises of their internal networks. Those intrusions were linked to attacks aimed at developers and relied on exploits of previously unknown “zero day” […]

RSA Security Conference 2013

Malware’s Future Looks A Lot Like Its Present

SAN FRANCISCO – What does the future of malicious software look like? Depressingly like the present, according to a panel of leading experts. Phishing attacks, spam and even self-propagating worms will continue to plague technology users in the years ahead, just as they have for much of the last two decades, according to experts at the RSA Security Conference in San Francisco on Wednesday. However, the malware will operate across a far more crowded landscape of mobile devices, virtual machines, cloud-based computing resources and Internet connected “stuff” – complicating the job of securing sensitive information. The panel, “50 Minutes into the Future: Tomorrow’s Malware Threats” asked the experts to look into the crystal ball and predict what malicious software would look like in the near- and distant future. The answer was: much like it looks today. Dave Marcus, the director of security research and communications at McAfee Labs, said that the […]

Browser Security Still A Sore Spot For Companies (Podcast)

Clueless “end users” are a common straw man (or woman) in the security industry. They’re blamed for everything from data breaches to malware infections. Accepted wisdom is that companies “get it” when it comes to security – consumers (their employees) don’t. But what if it is the other way around? That’s one tantalizing bit of data you could take away from Qualys’s Browser Check service. The free online vulnerability scanning service has assessed millions of endpoints in its two years of existence. And, by and large, it has found that consumers – not corporate users – are following good security practice by migrating to more modern, and secure web browsers. In  our inaugural Security Ledger Podcast, we sat down with Wolfgang Kandek, the Chief Technology Officer at Qualys Inc. to find out. Qualys operates Browser Check (browsercheck.qualys.com), a free service that allows consumers to assess the security of their browser […]

Are Mobile App Developers Prey In A Massive Watering Hole Attack?

Say you’re a “bad guy” and what you really want to do is compromise the systems of some high value targets – like software developers working a prominent, Silicon Valley firms like Facebook and Twitter.   Breaking through the front door isn’t easy – these companies mostly have the technology chops to protect their networks and employees. Phishing e-mails are also a tough sell: the developer community is heavy on Apple Mac systems and – besides – application developers might be harder to phish than your average Fortune 500 executive. A better approach might be to let your prey come to you – attacking them passively by gaining control of a trusted third party web site – a so-called “watering hole.” That’s a scenario that has played out in a number of recent, high profile attacks, such as the so-called “VoHo” attacks documented by Symantec and RSA. It may also be […]