Tag Archives: security

After FBI domain expires, seized Megaupload.com serves up porn

Earlier this week, something suspicious started happening with Web addresses related to sites seized by the FBI from Megaupload and a number of online gambling sites. Instead of directing browsers to a page with an FBI banner, they started dropping Web surfers onto a malicious feed of Web advertisements—some of them laden with malware.

Read on, source: After FBI domain expires, seized Megaupload.com serves up porn | Ars Technica

Proposed rule change to expand feds’ legal hacking powers moves forward

A controversial proposed judicial rule change allowing judges to issue warrants to conduct “remote access” against a target computer regardless of its location has been approved by a United States Courts committee, according to the Department of Justice.

Read on, source: Proposed rule change to expand feds’ legal hacking powers moves forward | Ars Technica

WordPress patches critical XSS vulnerability

WordPress developer Auttomatic is urging users to urgently update their installations of the company’s publishing platform to fix a critical vulnerability that could lead to attackers taking over entire sites.Jouko Pynnönen of security vendor Klikki.fi discovered a cross-site scripting (XSS) flaw in WordPress that allows commenters to inject Javascript into sites.When admin users check the comments to moderate them and execute the Javascript they contain attackers can gain full control of the target WordPress site through the plugin and theme editors.

Read on, source: WordPress patches critical XSS vulnerability – Security – News – iTnews.com.au

Critical HTTPS bug may open 25,000 iOS

At least 25,000 iOS apps available in Apple’s App Store contain a critical vulnerability that may completely cripple HTTPS protections designed to prevent man-in-the-middle attacks that steal or modify sensitive data, security researchers warned.FURTHER READING1,500 IOS APPS HAVE HTTPS-CRIPPLING BUG. IS ONE OF THEM ON YOUR DEVICE?Apps downloaded two million times are vulnerable to trivial man-in-the-middle attacks.As was the case with a separate HTTPS vulnerability reported earlier this week that affected 1,500 iOS apps, the bug resides in AFNetworking, an open-source code library that allows developers to drop networking capabilities into their iOS and OS X apps. Any app that uses a version of AFNetworking prior to the just-released 2.5.3 may expose data that’s trivial for hackers to monitor or modify, even when it’s protected by the secure sockets layer (SSL) protocol. The vulnerability can be exploited by using any valid SSL certificate for any domain name, as long as the digital credential was issued by a browser-trusted certificate authority (CA).

Read on, source: Critical HTTPS bug may open 25,000 iOS apps to eavesdropping attacks | Ars Technica