While the in-depth analysis of Flame continues, and we learn more and more about its intricacies and capabilities, one question remains: why did the AV industry fail to spot it earlier?
Taking a bite of the iOS security Apple: A glimpse inside
In an unprecedented move at openness, Apple has issued a document on iOS security that provides details on the system architecture, encryption and data protection, network security features, and device access for iOS devices.
Facebook redesigns admin controls to prevent page hijacking
Facebook has improved the protections for page administrators by enabling them to assign lower admin rights, which helps prevent page hijacking.
Warning about the dangers in browser syncing
Chrome v19 introduced a ‘tab sync’. This in turn, claims Imperva, introduces a new threat vector for business – a threat Imperva terms BYOB (bring your own browser).
Hulk DoS tool analyzed and mitigated
On 17 May, security researcher Barry Shteiman released Hulk (HTTP unbearable load king). It is, as its name suggests, a denial-of-service (DoS) tool that operates by sending an unbearable load of HTTP requests to the target web server, overloading it a…
Launching Forward with IPv6
With the era of freely available IPv4 addresses nearing its end, I’m pleased to see that 2012 appears to be the year when the IPv6 Internet will finally reach maturity and launch into wide-scale commercial use. For over a decade, the groundwork for th…
US government drags its feet on declassifying documents
The number of US government documents that were declassified, as well as the number reviewed for declassification, dropped in fiscal year (FY) 2011. This was compared with the previous fiscal year, according to an annual report by the Information Secur…
Majority of firms plan to institute employee monitoring for social media use
Around 60% of corporations said they plan to implement a formal security monitoring plan for employee use of social media by 2015, according to a survey by Gartner.
Military grade chips may not be as secure as we think
Sergei Skorobogatov and Chris Woods have discovered a backdoor into a military grade chip, permitting ‘a new and disturbing possibility of a large scale Stuxnet-type attack via a network or the Internet on the silicon itself’.
PayPal researcher proposes technique to thwart clickjacking attacks
Researcher Brad Hill with PayPal argues that a combination of a randomized user interface (UI) and a backend screenshot comparison tool could put an end to clickjacking attacks.