TweakTown NewsRefine News by Category:
A Melbourne twit has flagged a Twitter vulnerability that let overnight attacks happen to Twitter users, which could have affected up to half a million users.
A cross-site scripting flaw used recently by RainbowTwtr was used in a copycat attack by Melbourne teen, Pearce Delphin.
RainbowTwtr's attack changed the profile backround picture to a rainbow colour and tweeted the script in an update. The code was quickly re-tweeted by hundreds of users.
If you haven't seen already, Twitter.com is under attack exploiting a flaw in its system with a simple code called "onmouseover" that is used to execute code or a command when your mouse cursor is moved over the bad area.
My @camwilmot account has personally been affected just now and as far as I can see, it only affects the front page of Twitter.com and not other pages such as your profile page.
Basically what I did by mistake was move my mouse over a strange tweet with black color background over the text and then that took over my Chrome v6 browser. Now when I load the old Twitter.com I am unable to access the page and if I click anywhere a link is opened in a new window. Meanwhile tweets are automatically being made consisting of re-tweets of the latest tweets from a Twitter user called "Matsta". Is this some sort of attempt to push Twitter to move all of its users to the new Twitter.com design that was unveiled last week or just a way to highlight flaws in Twitter's security? Some Twitter users are reporting that the new Twitter.com is not affected, but at the time of writing we could not confirm if this is true or not.
06:45 US PST UPDATE: Here is an update from Twitter: We've identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit.
We can all agree that the internet is fantastic and opens up an entire world of information and other fun stuff for us to consume. We can also agree that the internet can be a massive pile of crap that we have to deal with thanks to spam, viruses, and botnets. Microsoft is fighting botnets and has won a major legal battle against one of the big botnets this week.
A US District Court judge for the Eastern Virginia district has granted Microsoft ownership of 276 domains that were once part of the massive Waledac cybergang botnet. The botnet was hit with the first major blow early this year when the same judge granted a temporary restraining order that took the 276 domains offline.
Logitech has announced a new home security system that records HD video with motion alerts and is accessible from anywhere. The new system is called Logitech Alert.
The system comes in an Alert 750i Master system and a weatherproof 750e Outdoor Master System with night-vision. Both master systems come with the HD camera and PC software for recoding video on a Mac or a PC.
People trying to browse the NZXT site last night as well as those subscribed to the NZXT newsletter got an awful surprise when a letter was released stating that NZXT was going out of business. This was an attack on their site in which hackers infiltrated the site and changed product warranties, deleted products and banners, and even sent out a newsletter stating that NZXT was going out of business.
The folks at NZXT have since booted the hackers, cleaned up the site and have assured us that NZXT is still going strong and plan to continue business as usual.
The sheer amount of data and computer systems that is in use in the military in the US is staggering. It takes a fleet of specialists to support these systems and ensure the data is safe and available to those who need it.
The Air Force has had communications officers for years that are tasked with maintaining the computer systems at a base. The Air Force has taken about 30,000 of these communications specialists and retasked them as cyberspace specialists.
The new specialty will still maintain the computer systems at bases around the world, but they will also be experts on how computers and communications can improve war-fighting capabilities. The new officers will spend 115 days in training compared to the 26 day training that communications officers received.
We have all heard about how Adobe's Acrobat Reader and Flash browser plug-ins are vulnerable to exploits. But did you know that the actual file format specification for all PDFs is also a vector for attack?
Both Adobe and Foxit are working ways to correct the issue or at least provide additional user warnings about the danger of opening unknown PDFs.
There have been lots of stories about the flaws found in some encrypted flash drives and hard drives recently. This means that the data many thought was safe is not. If you are in the market for a new flash drive with encryption, the MXP Bio Encrypted USB drive may be it.
The drive offers hardware encryption of all data stored on it with AES-256 CBC hardware encryption. The drive also has a malware-proof mode to protect it against attacks. The most interesting part is that the drive can be configured for 1, 2, or 3 factor authentication.
The authentication process includes biometrics and digital identity with PKI tokes such as the RSA SecurID and OATH OTP. Capacity and pricing information are unknown, but expect the drive to be expensive.
Wow this one sort of sent a chill down my spine until I remembered that my home network is protected by WPA-2 enterprise with a RADIUS server, 4096-bit certificates, (machine and user) and a bunch of tin foil hats and black radar repelling spray paint.
If you are wondering what I am so paranoid about well there is this group of scientists in Japan that have figured out how to break the WPA protocol as long as you are using the Temporal Key Integrity Protocol TKIP. If you are using the Advanced Encryption Standard (AES) you are safe for now.
The problem lies in the fact that not all wireless devices support AES. Yes most new ones do but you still see a smattering of TKIP only or devices that default to auto for the encryption standard.
Now while breaking this key is significant, it is not a first. WPA with TKIP has been broken before. To crack it took roughly 15 minutes. This time, well it took about 60 seconds.
Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, the tow people responsible for this new fast hack plan on releasing the details at a technical conference on September 25th.
Now, I will say that while this is scary, it is the "scientists" that never reveal their methods that actually scare me more.
Wow, I know this little bit of news is sure to annoy a few people out there. As Mozilla complains that a browser election when Windows 7 is installed is just not enough it is having a hard time competing with IE 8 in terms of security.
According to a recent Study performed by NSS Labs Internet Explorer is more secure than FireFox 3, Chrome, Safari 4, and even Opera.
The test was to see if each browser was capable of withstanding common Web-Based attacks.
The numbers were pretty telling. IE 8 was able to block about 81% while FireFox only caught 54%. Chrome V2 only caught 7%, Safari 4 Caught 21% and Opera only managed to stop 1% of the attacks. The success of IE 8 is mostly attributed to the built in SmartScreen technology that screens websites for common attack vectors. Granted you can get something similar for FireFox but even so it still did not outperform the built in one in IE 8.
This test, while not the end all of security tests is still not good news for Mozilla and Opera, they are telling the EU commission that they are not able to get market share because MS is locking them out. But with security like this it is possible that people will chose MS' IE over them for the security.