Null Pointer Security Flaws: The Next Big Scare

22Apr08

Mark Dowd published a paper [here] recently called “Application-Specific Attacks: Leveraging the ActionScript Virtual Machine”; that has excited researchers [here]. In it Mark points out techniques that promise to open up a class of exploits and vulnerability research previously thought to be prohibitively difficult, in other words exploiting Null Pointers. But what are Null Pointers [...]

Filed under: General Security   |  Leave a Comment
Tags: exploits, hacking

Infosec Europe: 45% of women happy to trade passwords for Chocolate

21Apr08

A survey by Infosecurity Europe (www.infosec.co.uk) of 576 office workers have found that women far more likely to give away their passwords to total strangers than their male counterparts, with 45% of women versus 10% of men prepared to give away their password, to strangers masquerading as market researches with the lure of a chocolate [...]

Filed under: General Security   |  1 Comment
Tags: infosecurity europe, password management, polls, social engineering

Infosec Europe: Infosecurity London Expo

21Apr08

It’s that time of the year again, time to grab our emailsystems paper bag from the reception and fill it with a few goodies and loads of paper from the many exhibitors of Infosecurity Europe expo in London this week. Myself and a select elite team of “secret shoppers” will be there providing you with [...]

Filed under: Expos & Cons   |  Leave a Comment
Tags: hacking, infosecurity europe

Oklahoma leaks tens of thousands of social security numbers

20Apr08

Residents of Oklahoma State have reportedly been hit this week with the bad news that tens of thousands of their names, social security numbers and allied data were effectively available on the Web for around three years. The source of the problem is simply a classic SQL injection vulnerability, a security lapse that could easily [...]

Filed under: General Security   |  Leave a Comment
Tags: hacking, Oklahoma, social security, sql injection, USA

UK Banks to Customers: “Your fault if you get hacked!”

16Apr08

A recent investigation by Finjan, a secure web gateway products company, has warned that according to the 2008 Banking Code report online banking customers may be responsible for losses on their account if they don’t keep their PC secure and if they don’t use using up-to-date anti-virus and spyware software and a personal firewall. Under [...]

Filed under: General Security   |  Leave a Comment
Tags: banks, hacking