(China)
(Japan)
(Korea)Feed aggregator
Some Versions of Ruby on Rails Vulnerable to New Parsing Attack
A vulnerability exists in Ruby on Rails’ JavaScript Object Notation (JSON) code that could open the Web framework up to a slew of security problems. Patches were published yesterday, but if left unpatched, the vulnerability could let attackers bypass authentication systems, inject arbitrary SQL code, inject and execute arbitrary code and perform a denial of service attack on a Ruby on Rails app.
Apple Releases iOS 6.1 With Fixes for More Than 20 Vulnerabilities
Apple has fixed dozens of security vulnerabilities in iOS with the release of version 6.1, including a serious flaw in the kernel and a number of bugs in the WebKit framework. The company also revoked trust in the bad TurkTrust certificates that were discovered late last year.
Multilayer DDoS Attacks Have Reset Stage for Network Attacks
Back in the dark days of dial-up connectivity, attackers wouldn’t bother compromising home computers as bots to be used in distributed denial-of-service. The lack of bandwidth made PCs persona non grata in the DDoS world. Instead, attackers targeted Web servers, the only machines with the high-speed broadband connections to make DDoS viable.
In the years since, broadband has literally come home and personal machines have been compromised by the millions for everything from spam to flood attacks against websites and online services.
Descriptions: Trojan.Win32.Jorik.Carberp.ar
Descriptions: Trojan.Win32.Agent2.dmvt
Descriptions: Trojan.Win32.KillFiles.afz
Netherlands, Canada Say WhatsApp Still Violates Privacy Laws
Dutch and Canadian officials say the popular mobile text messaging app WhatsApp violates their countries' privacy laws because it rifles through users' contacts to find other devices hooked up to the service.
Google Announces Pwnium 3, Ups Ante and Offers $3M+ in Rewards
Search giant Google is planning a third iteration of its vulnerability-finding contest, Pwnium. This year’s competition is set to be held alongside next month’s CanSecWest security conference on March 7 in Vancouver, BC. Unlike last year’s inaugural Pwnium, which was parallel to CanSecWest's older Pwn2Own competition, this year Google teamed up with HP’s Zero Day Initiative, the group behind Pwn2Own, to work on the contest’s outlines and “underwrite a portion of the winnings.”
Court: Government Need Not Justify Warrantless Data Requests
A Virginia appeals court on Friday denied a right-to-access order filed by the Electronic Frontier Foundation and the American Civil Liberties Union on behalf of Icelandic parliamentarian Birgitta Jonsdottir and computer security researchers Jacob Appelbaum and Rop Gonggrijp. The denial confirms a lower court's ruling that neither those individuals nor the public has the right to see the documents a court uses to justify its warrantless acquisition of information.
Twitter Complied with 69% of US Government Requests for Account Data
Government requests for user account information made to Twitter pale in comparison to the number made to Google, but nonetheless, the number is on the rise according to Twitter’s Transparency Report, released today. Twitter’s report said government requests are generally made in conjunction with some kind of criminal investigation; 815 requests came from the United States government and Twitter complied 69 percent of the time; 57 percent worldwide.
Facebook Graph Search Mines Potentially Rich Data for Phishers, Attackers
Facebook is serious about its new Graph Search feature, which helps users of the social media site narrowly search for friends with common interests in a much more intuitive fashion than a Google search, for example. Founder Mark Zuckerberg had tagged Graph Search the third Facebook pillar, right alongside the site’s news feed and timeline. So why are security and privacy experts nervous? There’s some serious horsepower behind Graph Search, and there are users whose interests aren’t as benign as finding friends of friends in a particular location who happen to like country music, fine wine and yoga.
Pentagon Plans Massive Increase in Cybersecurity Teams
As the Senate pushes for legislation to improve information-sharing on threats and attacks and President Barack Obama prepares to issue an executive order on cybersecurity, the Department of Defense is looking for a massive increase in the number of trained cybersecurity personnel helping to defend the country's private and public networks.
