SecTheory in the News
01/12/2012 Friday Summary: January 13, 2012 [Securosis]
01/11/2012 Stratfor Back Online; CEO Decries Hacking As Censorship [Forbes]
01/11/2012 Stratfor site is back online after recovering from Anonymous attack [Venture Beat]
01/11/2012 Stratfor back online after cyberhack [Associated Press]
01/11/2012 Stratfor CEO: Data wasn't encrypted, and hackers made multiple attacks [Statesman]
05/27/2011 Microsoft Downplays IE 'Cookiejacking' Bug [PC World]
05/19/2011 Black Hat Introduces Inaugural Content Review Board [PR Newswire]
02/22/2011 Facebook users subjected to more clickjacking [The Register]
11/26/2010 Detectados graves problemas de seguridad en el sistema operativo de Palm [ElMundo.es]
11/24/2010 Researchers Find Security Flaws in Palm Smartphone webOS [eWeek]
11/23/2010 Researchers Uncover Holes In WebOS Smartphones [DarkReading]
11/03/2010 LASCON 2010: HTTPS Can Byte Me [The Agile Admin]
11/02/2010 LASCON 2010: Why ha.ckers.org Doesn’t Get Hacked [The Agile Admin]
08/01/2010 Highlights from Black Hat and Defcon [ReadWrite Enterprise]
07/30/2010 Most SSL Sites Poorly Configured [DarkReading]
07/30/2010 Black Hat Conference Presenters Poke Holes in SSL [WHIR]
07/30/2010 Researchers Hack the Internet to Keep Us Safe [Black Web 2.0]
07/29/2010 Attacking The Edges Of Secure Internet Traffic [NPR]
07/29/2010 Twenty-Four More Reasons Not To Trust Your Browser's "Padlock" [Forbes]
07/29/2010 Black Hat 2010: Even with SSL/TLS, browsers still are susceptible to attack [SC Magazine]
07/29/2010 Black Hat: Researchers poke holes in HTTPS, SSL Web browser security [TechTarget]
07/29/2010 Researcher Reveals Major SSL and Browser Flaws [ThreatPost]
07/23/2010 Researcher finds Safari reveals personal information [ComputerWorld]
06/15/2010 SecTheory Webinar: "Advanced Persistent Threats (APTs): Clarity Over Hype, Please…" [CoreTrace]
06/14/2010 Kaminsky Issues Developer Tool To Kill Injection Bugs [DarkReading]
06/11/2010 Googler criticized for disclosing Windows-related flaw [C|Net]
06/10/2010 Microsoft Issues Advisory on Windows Help Flaw [Virtualization Review]
06/10/2010 Googler releases Windows zero-day exploit, Microsoft unimpressed [ZDNet]
06/10/2010 Google researcher gives Microsoft 5 days to fix XP zero-day bug [ComputerWorld]
06/08/2010 CoreTrace to Host Free Webinar on Advanced Persistent Threats [EarthTimes]
06/07/2010 Facebook 'Like' button used by viral scammers to push links - is malware next? [The Guardian]
06/05/2010 Worm Facebook: How To Avoid [NewsOXY]
06/05/2010 Facebook Becomes Victim Of Worm [eCanadaNow]
06/03/2010 Rash of Facebook 'likejacks' still flaring [The Register]
05/28/2010 Researchers Beat Clickjacking Defenses of Top Websites [eWeek]
05/24/2010 Apple Safari 'Carpet Bomb' Flaw Remains Unfixed Two Years Later [DarkReading]
05/10/2010 F5 Networks Files Patent Lawsuit Against WAF Vendor Imperva [DarkReading]
04/16/2010 12 "White Hat" hackers you should know [Network World]
04/14/2010 Researcher shows new clickjacking methods [Network World]
04/05/2010 Firefox plans fix for decade-old browsing history leak [The Register]
03/19/2010 Google Patches Chrome as Hacking Contest Nears [PC World]
03/18/2010 If The Hat Is Black... [The New New Internet]
03/15/2010 The Future of Botnets [ThreatPost]
03/11/2010 Hacker Releases Second Video of Enhanced XerXeS DoS Attack on Apache Vulnerability [Infosec Island]
02/22/2010 Stopping Stealthy Downloads [MIT Technology Review]
02/18/2010 The Great Debate: Cyber Security [PBS]
02/17/2010 Mozilla Foundation Security Advisory 2010-02 [Mozilla.org]
02/17/2010 Google patches XSS hole in its Buzz social media platform [SC Magazine]
02/16/2010 Security Bug Opens Google Buzz to Hackers [The New York Times]
02/16/2010 Google Buzz bug exposes user geo location [The Register]
02/06/2010 Experts weigh in on dangers of cyber attacks [My San Antonio]
01/30/2010 Firefox-based attack wreaks havoc on IRC users [The Register]
01/28/2010 Chrome apes IE8, adds clickjacking, XSS defenses [ComputerWorld]
01/26/2010 Attackers Targeting .Edu Sites in SEO Poisoning Campaigns [ThreatPost]
01/19/2010 New Proxy Promises To Shield Users From Google Data Collection [DarkReading]
01/18/2010 Cyber security czar to discuss risks of online info [Houston Chronicle]
01/18/2010 How to open a parachute during free-fall: Introducing Quick Security References (QSRs) [MSDN]
01/12/2010 U.S. Army Website Hacked [DarkReading]
01/12/2010 Top Ten Web Hacking Techniques of 2009 (Official) [Jeremiah Grossman's Blog]
12/27/2009 Fake sites trick search engines [The Durango Herald]
12/24/2009 Facebook Hit By Clickjacking Attack [Network Computing]
12/09/2009 How fake sites trick search engines to hit the top [USA Today]
12/01/2009 US-CERT Warns of VPN Attack That Bypasses Browser Security [DarkReading]
11/02/2009 ¿Exhibiría su vida privada? [El Financiero]
10/29/2009 Mozilla Firefox Multiple Vulnerabilities [Secunia]
10/27/2009 Mozilla Foundation Security Advisory 2009-54 [Mozilla]
10/08/2009 SecTor Followup [SecuObs]
10/07/2009 SSL Still Mostly Misunderstood [DarkReading]
10/05/2009 New Firefox security technology blocks Web attacks, Mozilla claims [ComputerWorld]
10/01/2009 Firefox feature looks to foil XSS attacks [SecurityFocus]
08/07/2009 A Browser's View of Your Computer [MIT Technology Review]
08/02/2009 Web Surfers Forced to Choose Security or Anonymity [PCWorld]
07/30/2009 Google's 'Safe Browsing' Could Compromise Privacy [Slashdot]
07/29/2009 Black Hat: Security Research Celebs Prepare to Rock Black Hat [eWeek]
07/29/2009 Google Safe Browsing Feature Could Compromise Privacy [DarkReading]
07/22/2009 Rapid7 Announces Participation at DEFCON and Black Hat 2009 [BusinessWire]
07/22/2009 Firefox 3.5 and IE8 Abused to Spy Inside Intranets [SoftPedia]
07/20/2009 Two Newly Disclosed Hacks Prey On Browser, Web Security [DarkReading]
07/16/2009 Experts question security of Google OS [MSNBC]
07/14/2009 Firefox 3.5 Vulnerability Rated 'Highly Critical' [InformationWeek]
07/13/2009 Google Chrome Browser Exhibits Risky Behavior [InformationWeek]
07/09/2009 Will Google's OS Make the Desktop Safe? [PC World]
07/08/2009 Hey Google: Make GMail secure! [SearchSecurity]
06/29/2009 Firefox Aims to Unplug Scripting Attacks [MIT Technology Review]
06/29/2009 Robert Hansen on Slowloris, DoS attacks and RFC-1918 networks [Threatpost]
06/22/2009 Mitigating the 'Slowloris' HTTP DoS Attack [Threatpost]
06/20/2009 Tiny-traffic DoS attack spotlights Apache flaw [The Register]
06/18/2009 Remote handbrake for web server [The H Security]
06/16/2009 Encrypt the Cloud, Security Luminaries Tell Google [Wired]
06/16/2009 Google urged to beef up Gmail security [San Francisco Chronicle]
06/11/2009 New Exploit Uses JavaScript To Compromise Intranets, VPNs [Slashdot]
06/10/2009 New attack class exploits intranet weaknesses [Threatpost]
06/09/2009 Popular Internal IP Addressing Scheme Could Leave Enterprises Vulnerable [DarkReading]
05/22/2009 Clickjacking: Hijacking clicks on the Internet [C|Net]
05/21/2009 Adobe Adopts Microsoft's Patch Tuesday Approach [Washington Post]
05/14/2009 A Blueprint to Stop Browser Attacks [Technology Review]
05/04/2009 Sex offender crackdown in online realm [KXAN]
05/01/2009 'Twitterjacking' -- Identity Theft in 140 Characters or Less [FOXNews]
05/2009 How Hackers Can Steal Secrets from Reflections [Scientific American]
04/30/2009 Twitter Identify Theft [IGN]
03/30/2009 Clickjacking: Potentially harmful Web browser exploit [ZDNet Asia]
02/25/2009 Adobe Releases Critical Flash Player Update [SoftPedia]
02/13/2009 Twitter attack exposes awesome power of clickjacking [The Register]
02/02/2009 Birth of a Security Feature: ClickJacking Defense [MSDN Internet Explorer Blog]
01/30/2009 Popular browsers continue to be vulnerable to clickjacking attacks - Updated [Heise Security Online]
01/30/2009 Clickjacking Threat To Firefox [Linux Magazine]
01/28/2009 IE8's clickjacking protection will have 'zero impact,' says researcher [ComputerWorld]
01/27/2009 IE8 Security Part VII: ClickJacking Defenses [MSDN Internet Explorer Blog]
01/27/2009 IE8's clickjacking fix not much help, experts say [NetworkWorld]
01/26/2009 Microsoft Goes After Clickjacking in IE8 [eWeek]
01/23/2009 White House Web Site Revisits Privacy Policy [InformationWeek]
12/15/2008 Intrepidus Group Experiences 100 Percent Growth as More Than 60,000 Employees Have Been Trained Using PhishMe - Industry's First Proactive Anti-Phishing Software Solution [Yahoo Finance via PR Newswire]
12/12/2008 Researcher: Chrome, Safari password managers need work [MacWorld]
12/05/2008 Flash is anathema to green browsing, says study [BusinessGreen]
12/05/2008 Blokujesz reklamy – dbasz o srodowisko! [Benchmark.pl]
12/05/2008 Bespaar energie, blokkeer online-advertenties [Automatisering Gids]
12/05/2008 Sokba kerülnek a Flash reklámok az internetezoknek [HWSW.hu]
12/04/2008 Blocking Online Ads May Save Energy [InformationWeek]
12/04/2008 Use Firefox e salve o planeta [Pinceladas da Web]
12/04/2008 Surfer sans pub réduit votre consommation électrique [ZDNet.fr]
12/04/2008 Use Firefox, Save the Planet [Sitepoint]
12/03/2008 Popular Home DSL Routers At Risk Of CSRF Attack [DarkReading]
12/03/2008 Safe laptop battery time using NoScript [Security4all]
12/03/2008 New hacking method threatens web users [KXAN]
12/03/2008 Adobe Flash als Stromfresser [Gamestar.de]
12/03/2008 Surfer sans pub réduit votre consommation électrique [GreenIT.fr]
12/02/2008 Save battery life, time, the world! Use a script blocker. [UMPC Portal]
12/02/2008 Blokujac reklamy... chronisz planete [Dziennik Internautow]
12/02/2008 Making the Web more secure and a bit greener too? [ISS]
12/02/2008 Studie: Flash sorgt für höheren Stromverbrauch [WinFuture]
12/02/2008 Browsing Habits Can Save Energy Too - A study compared the power consumption of the most common dynamic web technologies [SoftPedia]
12/02/2008 "Conservative in what you send..." [Adobe]
12/02/2008 Go Green with NoScript! [Hackadmemix]
12/02/2008 Study spanks Adobe Flash for abuses of power [The Register]
12/02/2008 Could your Web surfing be greener? [InfoWorld]
11/24/2008 10 Security Researchers Making a Difference [Baseline]
11/11/2008 Microsoft Security Bulletin MS08-069 – Critical [Microsoft]
10/30/2008 Defense Intelligence Agency Fixes Risky Web Site Code [Information Week]
10/30/2008 Security Now 168: Clickjacking [Security Now]
10/20/2008 Adobe Flash Patch Addresses 'ClickJacking' Flaw [Washington Post]
10/20/2008 Browsers getting harder and harder to secure [TechTarget]
10/19/2008 Clickjacking: Potentially harmful web browser exploit [TechRepublic]
10/18/2008 Flash Player Update Brings Flash Player 10 To Remove Flaws That Inspire Clickjacking Attacks [Encyclocentral]
10/17/2008 Adobe Flash Player Fix Stops 'Clickjacking' [InformationWeek]
10/17/2008 Adobe shutters Clickjacking flaw [SecurityFocus]
10/16/2008 Adobe's Flash Player 10 upgrade addresses clickjacking [SC Magazine]
10/16/2008 Adobe (Somewhat) Fixes ClickJacking Vulnerability [InformationWeek]
10/15/2008 Beware of being click-jacked on the Internet [Business Daily Africa]
10/15/2008 Browser security a concern for website development [Tech Target]
10/14/2008 My (Tentative) Wish List For A Better Secure Browser [InformationWeek]
10/14/2008 Beware of new online threat [Republican Herald]
10/10/2008 Security Bites 117: How 'Clickjacking' attacks hide behind the mouse [CNET]
10/09/2008 Researchers warn of 'clickjacking' threat [ZDNet]
10/09/2008 Clickjacking exploits enable hackers to hijack webcams [SC Magazine]
10/08/2008 Web Surfers Face Dangerous New Threat: 'Clickjacking' [Yahoo! News]
10/08/2008 Creepy Clickjacking Bug Lets Hackers Control Webcams [TechNewsWorld]
10/08/2008 Clickjacking Attack Lets Web Sites See, Hear You [InformationWeek]
10/08/2008 Creepy Clickjacking Bug Lets Hackers Control Webcams [E-Commerce Times]
10/08/2008 'Clickjacking' attack hides behind the mouse [CNET]
10/08/2008 Microsoft Weighs in on Clickjacking [Microsoft Watch]
10/08/2008 'Clickjackers' could hijack webcams, microphones, Adobe warns [ComputerWorld]
10/07/2008 Flash Player workaround available for "Clickjacking" issue [Adobe]
10/07/2008 Adobe Releases Clickjacking Advisory as Demo of Vulnerability Circulates [eWeek]
10/07/2008 Details of Clickjacking Attack Revealed With Online Spying Demo [DarkReading]
10/06/2008 FAQ: Clickjacking - is your PC at risk? [PC Advisor]
10/03/2008 TCP flaws may lead to DoS attacks, say researchers [ZDNet]
10/02/2009 Vendors Fixing Bug That Could Crash Internet Systems [PCWorld]
10/01/2008 Clickjacking Defense Will Require Browser Overhaul [DarkReading]
09/30/2008 Critical Clickjacking Vulnerabilities Will Soon Be Disclosed [SoftPedia]
09/30/2008 “Clickjacking” The Network Security Podcast, Episode 122 [Network Security Podcast]
09/30/2008 Clickjacking vulnerability to be revealed next month [NetworkWorld]
09/30/2008 Researchers weigh "clickjacking" threat [SecurityFocus]
09/29/2008 UPDATED: Browser-Makers Seek Clickjacking Fix [ENT News]
09/29/2008 "Clickjacking" poses major web browser threat [SC Magazine]
09/29/2008 Browser-Makers Seek Clickjacking Fix [Redmond Channel Partner]
09/29/2008 FAQ: Clickjacking -- should you be worried? [Computerworld]
09/27/2008 Heard of clickjacking? Your browser is under threat [Indiatimes]
09/27/2008 Clickjacking and NoScript [Hackademix]
09/26/2008 'Clickjacking' Attack Prompts Warning To Disable Browser Plug-Ins [InformationWeek]
09/26/2008 New clickjacking affects all browsers; cause remains unknown [ars technica]
09/26/2008 News Flash: NoScripts Helps Fight Clickjacking 0-Day [Securitymonks]
09/26/2008 Security researchers warn of new 'clickjacking' browser bugs [Computerworld]
09/25/2008 Fortify views Adobe crackers' approach on Clickjacking as positive [Security Watch]
09/25/2008 Clickjacking: Researchers raise alert for scary new cross-browser exploit [ZDNet]
09/19/2008 Is "clickjacking" the next threat? [Heise Online]
09/17/2008 Adobe Gets Hackers to Nix Clickjacking Talk [IT Business Edge]
09/17/2008 Security researchers and vendors--a truce? [CNET]
09/17/2008 Critical Clickjacking Vulnerabilities Affecting All Browsers Being Kept Secret [Softpedia]
09/16/2008 At Adobe's request, hackers nix 'clickjacking' talk [Macworld]
09/16/2008 Disclosure of Major New Web 'Clickjacking' Threat Gets Deferred [DarkReading]
09/16/2008 Adobe yanks speech exposing critical 'clickjacking' vulns [The Register]
09/15/2008 Thanks to Jeremiah Grossman and Robert "RSnake" Hansen [Adobe PSIRT]
08/29/2008 IE8 Beta 2 [Microsoft Developer Network]
08/22/2008 That password-protected site of yours - it ain't [The Register]
08/15/2008 10th birthday sees Google covering many bases [Computerworld]
08/14/2008 Google Gadgets öppnar för attacker [IDG.se]
08/09/2008 Google Haveth a Hole, Google Doth Protest a Fix [Mashable.com]
08/09/2008 Surfing Google may be harmful to your security [The Register]
08/07/2008 Researchers Warn of Social Networking Scams [Washington Post]
08/07/2008 Beware of the Gadgets [Government Computer News]
08/07/2008 Hackers target Google Gadgets [USA Today]
08/06/2008 Google Gets Racked Over The Coals At Black Hat [Information Week]
08/05/2008 Black Hat 2008 promises to be big [Yahoo! News]
08/01/2008 Security Bites 110: Breaking Google Gadgets [C|Net]
07/31/2008 How Twitter got pwned in 2 hours [Security4all]
07/28/2008 Security experts will reveal Google Gadgets vulnerability [ArcaVir]
07/25/2008 Get Ready For Google Gadget Malware [Information Week]
07/21/2008 Cenzic to Present on "Xploiting Google Gadgets: Gmalware and Beyond" at Black Hat 2008 [Reuters]
07/21/2008 Google Gadgets are risky business [Network World]
07/22/2008 Intrepidus Group Introduces PhishMe to Help Organizations Deal With Growing Pandemic of Spear Phishing [LA Times via PR Newswire]
07/22/2008 'PhishMe' Tool Lets Businesses Spear-Phish Themselves [DarkReading]
07/17/2008 Vulnerabilities Could Expose Broad Range of Java Apps [DarkReading]
06/23/2008 Web browsers face crisis of security confidence [The Register]
06/2008 Anatomy of an XSS Attack: Exploit, Impact and Response [ISSA Journal]
05/23/2008 TJX Staffer Sacked After Talking About Security Problems [PCWorld]
05/23/2008 Delving Into Google Health's Privacy Concerns [Slashdot]
05/22/2008 RSnake picks on Google Health... yes, Google wants your medical records, too! [ZDNet]
03/25/2008 Mozilla Foundation Security Advisory 2008-16 [Mozilla]
03/17/2008 Browser Session Virtualization [Securosis]
03/11/2008 Can Source Boston save us from boring security conferences? [TechTarget]
02/26/2008 Researchers show how the Simple Network Management Protocol can be abused for cross-site scripting attacks [DarkReading]
02/22/2008 Goolag makes Google Hacking a snap [The Industry Standard]
02/11/2008 Why many popular websites are risky [American Public Media]
01/09/2008 Spam your printer from the Web? Researcher shows how [InfoWorld]
01/07/2008 Hacker Launches XSS Worm Replication Contest [eWeek]
01/05/2008 Contest seeks the most diminutive XSS worm [Channel Register]
11/22/2007 Many businesses still holding off on upgrading to Vista [ITworld Canada]
10/05/2007 Hackers at Microsoft?! Now Wait a Minute . . . [PCWorld]
09/27/2007 Adobe gifts internal file permissions to unwashed masses [The Register]
09/25/2007 Podcast #47 - Web application security with RSnake and Jeremiah [StillSecure]
09/24/2007 Unholy trinity of flaws put Google users at risk [The Register]
09/08/2007 A US CERT reminder: The net is an insecure place [The Register]
08/21/2007 Cenzic Patent Case Worries Web Researchers, Vendors [DarkReading]
08/21/2007 Researcher crosses swords with Google over XSS 'flaw' [The Register]
08/18/2007 Google Gadgets can be misused by phishers [Infoworld]
08/16/2007 Student reprimands Facebook for bad manners and exposed code [The Register]
08/13/2007 WhiteHat Security Adds Six Partners to Growing Alliance Program [PR Newire]
08/07/2007 Black Hat: JavaScript Flaws Ease Intranet Attacks [InformationWeek]
08/06/2007 Mozilla vows to patch any critical flaws in 10 days [InfoWorld]
08/06/2007 BLACK HAT: Mozilla says it can patch flaws in 10 days [ITWorld]
08/06/2007 Retro attack gets new life, worries browser makers [SecurityFocus]
08/06/2007 Black Hat: Mozilla says it can patch flaws in 10 days [Computerworld]
08/06/2007 Mike Shaver, ten days, and expletives [Mozilla.com]
08/03/2007 Security Bites Podcast: An interview with RSnake [C|Net]
08/03/2007 Black Hat USA 2007 Round-Up Part 1 [TaoSecurity]
08/03/2007 Blackhat 07: Secure Your Web Apps [NetworkWorld]
08/02/2007 Web 2.0 applications raise security issues [Computerworld]
08/01/2007 Black Hat: Security researchers show how corporate intranets are ripe for emerging attacks [InfoWorld]
07/30/2007 Security Researcher Acknowledgements for Microsoft Online Services [Microsoft]
07/19/2007 Firefox raises barrier to cross-site scripting attacks [ZDNet]
07/12/2007 Demonstrating the Top 10 Web Application Hack Attacks Webinar [Infosecurity Magazine]
07/09/2007 Is your network ready for Web 2.0 traffic? [NetworkWorld]
07/05/2007 An Auction Site for Vulnerabilities [DarkReading]
06/19/2007 Click Fraud Index [ClickFraudNetwork]
06/19/2007 Industry Click Fraud Rate Jumps Past 15 Percent in Second Quarter 2007-Botnet Traffic, Parked Domains and Made-for-Ad Sites Cited as Growing Click Fraud Sources Click Fraud Rate for Content Networks Hits 25.6 Percent [Austin Ventures]
06/10/2007 Google Turns to Security [PCWorld]
06/10/2007 Analysis: A business case for security at Google [InfoWorld]
06/05/2007 Google Desktop Vulnerable to Hackers [CSO Magazine]
06/05/2007 Google Desktop vulnerable to new attack [Computerworld Asia]
06/01/2007 Beware of that man between you and your Google Desktop [ZDNet]
05/22/2007 Wrestling With Malware, Google Launches Security Blog [TechWeb]
05/26/2007 As Web 2.0 evolves, security becomes an issue [Washington Post]
05/16/2007 Robert Hansen on Phishing, the Bad Guys, and the Online Mafia [Channel 9 MSDN]
05/14/2007 Do you know what's leaking out of your browser? [ZDNet]
05/10/2007 The Phisher King [Forbes]
05/10/2007 Microsoft BlueHat Security Briefings: Spring 2007 Sessions and Interviews [Microsoft]
05/10/2007 Microsoft invites hackers back for Blue Hat [Computerworld]
05/01/2007 Google Desktop vulnerable to new attack [InfoWorld]
04/17/2007 Corporate data slips out via Google calendar [PCWorld]
03/16/2007 Hackers promise month of MySpace bugs [Washington Post]
03/07/2007 RSnake, Unmasked [DarkReading]
03/06/2007 A New Battleground for Computer Security [Wall Street Journal and mirrored at MarketWatch]
03/06/2007 Click Forensics Expands Management Team and Board of Advisors [Investors.com]
02/26/2007 Second Google Desktop Attack Possible, Researchers Say [CIO Magazine]