Monthly Archives: June 2013
If you have web-facing code written in Ruby, and you support SSL (which you do, right?), be sure to patch as soon as you can, to avoid falling victim to what seems very much like a four-year-old flaw...
An Italian security researcher has rediscovered a trick known as "user interface redressing" and used it to detail some potentially risky behaviour in IE 8.
Paul Ducklin takes a look to see just how dangerous keyjacking can be...
It's Saturday, and that means *60 Second Security*, where we aim to touch on some of the more thought-provoking security topics of the past week in just one minute of video.
Why not give this week's video a go?
A Canadian police officer who pleaded guilty to planting spyware on his wife's BlackBerry, suspecting that she was having an affair, gets a slap on the wrist after claiming that he didn't know that planting the cyber bug was a crime.
Google has expanded its Transparency Report data to include stats from their 'Safe Browsing' system, which keeps tabs on where malware and phishing sites are hosted. The data is a little short on definition, but shows which hosting providers are doing the worst job of keeping their IP space clean.
UK researcher Jack Whitten found that a few easy back-and-forths with Facebook SMS updates on his mobile phone could let him reset passwords on others' accounts. Facebook gives him $20k for finding it. That deserves a 'Like'!
Remember last week, when Naked Security et al. told you that Facebook leaked email addresses and phone numbers for 6 million users, but that it was really kind of a modest leak, given that it's a billion-user service?
OK, scratch the "modest" part.
The sheriff's office in King's County, Seattle, was in the process of adding encryption software this past spring and as of March had done so on 60% of all computers.
The laptop that got stolen from a detective's truck, unfortunately, was in the 40%, and that's why 6,300 people are now looking at the potential of identity theft.
Norwegian-based browser maker Opera has announced a network intrusion.
Users *may* have been infected with malware by an Opera update.
Paul Ducklin offers advice on what to do...
As usual, there's a handy mixture of important-sounding security fixes and some interesting new features.
No yet-known vices, so why not ensure you've got the update right away?
The process may hold up submissions, Google says, but no cause for freak-out. The scan shouldn't ever take more than an hour, it says - time well spent for the greater security good.
Senator Patrick Leahy, along with other US senators, has introduced a bill to limit National Security Agency (NSA) spying on domestic targets.
They're not asking for it to stop, mind you - just that it be more transparent with regards to privacy.
About a year ago, a Korean graphical designer came out with an "anti-surveillance" typeface called ZXX, as a sort of protest against electronic eavesdropping.
But, in the aftermath of PRISM, are there *really* any anti-surveillance properties to ZXX? Paul Ducklin has a look...
We think it's about time we ask you about what YOU want from us. Have your say, and maybe win a t-shirt!
The world's business leaders have high levels of confidence in their organisations' cyber defences, but that confidence is largely out of tune with reality, according to a recent report.
The EC has published new breach disclosure rules that exempt companies from disclosure if they're using encryption. It's an odd loophole, given how data handling can be bungled, encryption or no.
In this article, Fraser Howard takes a look at Glazunov - an exploit kit that has been increasingly active in recent weeks. In this deep dive, readers can learn more about how these attacks operate.
Anti-spam legislation in Canada should have been in force several years ago but it's unlikely that the laws will have any teeth for several more years, and they may even fall by the wayside. So Canadians, unless you want to be the weak link, pester your politicians to pull their collective fingers out.