35338771
submission
yahoi writes:
AT&T has teamed up with an 11-year-old hacker and DefCon Kids to host a hacking contest during the second annual conference that runs in conjunction with the adult Def Con hacker show later this month in Las Vegas. The kid who finds the most zero-day bugs in mobile apps wins $1,000 and an IPad, courtesy of DefCon Kids. The contest was inspired by the mini-hacker's discovery last year of a whole new class of mobile app vulnerabilities.
33248107
submission
yahoi writes:
Researchers at NC State are sharing their analysis and classification of Android malware samples under a new project that they hope will help shape a new way of fighting malware, learning from the lessons of the PC generation and its traditional anti-malware products.
8394630
submission
yahoi writes:
A researcher who conducted a successful spear-phishing experiment with a phony LinkedIn invitation from "Bill Gates" is about to reveal the email products and services that failed to filter the spoofed message — and that list includes Microsoft Outlook 2007, Microsoft Exchange, Outlook Express, and Cisco IronPort. The experiment was aimed at measuring the effectiveness of email security controls in several major products and services. And the simplicity and success of the test demonstrated just how powerful social engineering can be and what little technology can actually do about it, security experts say.
6250511
submission
yahoi writes:
The financial crisis appears to be exacerbating fraud by bank employees: a new survey found that 70 percent of financial institutions say that in the last 12 months they have experienced a case of data theft by one of their workers. Meanwhile, most banks don't want to talk about the insider threat problem and remain in denial, says a former Wachovia Bank executive who handled insider fraud incidents at the bank and has co-authored a new book called Insidious — How Trusted Employees Steal Millions and Why It's So Hard for Banks to Stop Them that investigates several real-world insider fraud cases at banks.
5910255
submission
yahoi writes:
Companies around the world are leaving themselves wide open to Web- and client-side attacks, according to a new report released today by the SANS Institute that includes real attack data gathered from multiple sources. SANS found that most organizations are focusing their patching efforts and vulnerability scanning on the operating system, but they're missing the boat: 60 percent of the total number of attacks occur on Web applications, and many attacks are aimed at third-party applications such as Microsoft Office, and Adobe Flash and other tools. Exacerbating the problem, they're taking twice as long to patch Microsoft Office and other applications than to patch their operating systems.
4255415
submission
yahoi writes:
Researchers have discovered a major botnet operating out of the Ukraine that has infected 1.9 million machines, including large corporate and government PCs mainly in the U.S. The botnet, which appears to be larger than the infamous Storm botnet was in its heyday, has infected machines from some 77 government-owned domains — 51 of which are in the U.S. government. Researchers from Finjan who found the botnet say it's controlled by six individuals, and includes machines in major banks.
http://www.darkreading.com/security/attacks/showArticle.jhtml;jsessionid=J2N12SRZKGSNIQSNDLRSKH0CJUNN2JVN?articleID=217000166
3461795
submission
yahoi writes:
Vietnamese researchers have cracked the facial recognition technology in Lenovo, Asus, and Toshiba laptops that is used for authentication in lieu of the standard logon/password. The researchers were able to easily bypass the biometric authentication system built into the laptops by using photos of an authorized user as well as by creating multiple phony facial images in brute-force attacks. One of the researchers will demonstrate the hack at Black Hat DC this week. He says the laptop makers should remove the facial biometrics feature from their products because the vulnerability of this technology can't be fixed.
http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml;jsessionid=1TT4XOGIHD2DCQSNDLRSKHSCJUNN2JVN?articleID=213901113
