In-brief: Google warned its users that unauthorized digital certificates have been issued for several of its domains. The certificates are linked to an intermediary certificate authority for CNNIC, which administers China’s domain name registry. Updated with comment from Kevin Bocek of Venafi. Paul 3/27/2015Read more ›
Post Tagged with: "Web"
In-brief: Outrage over Lenovo’s promotion of privacy busting adware continued to grow amid lawsuits and more spying revelations. The big question: is this the final – final straw for the beleaguered Secure Sockets Layer (SSL) technology? (Updated to add comment from Kevin Bocek of Venafi.)Read more ›
Recently, the Akamai Threat Research Team unveiled a unique distributed brute force attack campaign targeting nearly five hundred WordPress applications. What’s interesting about this campaign? It clearly demonstrates how Web attackers are becoming more sophisticated, attempting to evade security controls – specifically Web Application Firewalls (WAFs) and rate control protections. A Short Primer to Brute-Force Attacks Brute force Web attackers attempt to gain privileged access to a Web application by sending a very large set of login attempts, within a short period of time. Using volumetric single source of attack is easily mitigated by blacklisting. Today’s brute force attacks are typically characterized by volumetric attacks coming from distributed IPs. In this way, if the attacker’s source IP is detected, they can still continue with the attack campaign by switching a source IP. As part of this cat-and-mouse evolution, WAFs are enhanced with several rate control measures that detect and block […]Read more ›
Online gaming networks including Sony’s Playstation network were the victims of large-scale denial of service attacks that coincided with the Christmas holiday. As of Saturday, Microsoft’s X-Box gaming network had returned to full operation, while Sony’s Playstation Network was still struggling to restore service, 48 hours after attacks attributed to an online hacktivist group known as The Lizard Squad hobbled the gaming networks on their biggest day of the year: Christmas. “Update: PS4, PS3, and Vita network services are gradually coming back online – thanks for your patience,” Sony tweeted via its @AskPlayStation Twitter account early Saturday. The source of the denial of service attacks has not been confirmed. However, the group claiming responsibility for them has claimed that the attacks were more prank than anything else: an effort to irritate Playstation and X-box owners who received a new device on Christmas Day, only to find they couldn’t connect it to the […]Read more ›
The hack of Sony Pictures Entertainment, which first came to light on November 24th, devolved this week into a chaotic international “whodunnit” with conflicting reports attributing the incident to everything from the government of North Korea to the government of China to global hacktivist group Anonymous to disgruntled Sony employees. For sure: those attributing the attack to hacking crews within the military of the Democratic Peoples Republic of Korea (DPRK) had their argument bolstered by reports in the New York Times and elsewhere claiming that the U.S. government now believes that the DPRK, under the leadership of Kim Jong Un, was responsible for the devastating hack. Officials at Sony Pictures Entertainment clearly believe the connection is credible, ordering the cancellation of the release of the Sony Pictures film The Interview following threats of violence on theaters showing the film. That acceded to a key demand of the hackers, who have used the […]Read more ›