SecTheory in the News

01/12/2012 Friday Summary: January 13, 2012 [Securosis]

01/11/2012 Stratfor Back Online; CEO Decries Hacking As Censorship [Forbes]

01/11/2012 Stratfor site is back online after recovering from Anonymous attack [Venture Beat]

01/11/2012 Stratfor back online after cyberhack [Associated Press]

01/11/2012 Stratfor CEO: Data wasn't encrypted, and hackers made multiple attacks [Statesman]

05/27/2011 Microsoft Downplays IE 'Cookiejacking' Bug [PC World]

05/19/2011 Black Hat Introduces Inaugural Content Review Board [PR Newswire]

02/22/2011 Facebook users subjected to more clickjacking [The Register]

11/26/2010 Detectados graves problemas de seguridad en el sistema operativo de Palm []

11/24/2010 Researchers Find Security Flaws in Palm Smartphone webOS [eWeek]

11/23/2010 Researchers Uncover Holes In WebOS Smartphones [DarkReading]

11/03/2010 LASCON 2010: HTTPS Can Byte Me [The Agile Admin]

11/02/2010 LASCON 2010: Why Doesn’t Get Hacked [The Agile Admin]

08/01/2010 Highlights from Black Hat and Defcon [ReadWrite Enterprise]

07/30/2010 Most SSL Sites Poorly Configured [DarkReading]

07/30/2010 Black Hat Conference Presenters Poke Holes in SSL [WHIR]

07/30/2010 Researchers Hack the Internet to Keep Us Safe [Black Web 2.0]

07/29/2010 Attacking The Edges Of Secure Internet Traffic [NPR]

07/29/2010 Twenty-Four More Reasons Not To Trust Your Browser's "Padlock" [Forbes]

07/29/2010 Black Hat 2010: Even with SSL/TLS, browsers still are susceptible to attack [SC Magazine]

07/29/2010 Black Hat: Researchers poke holes in HTTPS, SSL Web browser security [TechTarget]

07/29/2010 Researcher Reveals Major SSL and Browser Flaws [ThreatPost]

07/23/2010 Researcher finds Safari reveals personal information [ComputerWorld]

06/15/2010 SecTheory Webinar: "Advanced Persistent Threats (APTs): Clarity Over Hype, Please…" [CoreTrace]

06/14/2010 Kaminsky Issues Developer Tool To Kill Injection Bugs [DarkReading]

06/11/2010 Googler criticized for disclosing Windows-related flaw [C|Net]

06/10/2010 Microsoft Issues Advisory on Windows Help Flaw [Virtualization Review]

06/10/2010 Googler releases Windows zero-day exploit, Microsoft unimpressed [ZDNet]

06/10/2010 Google researcher gives Microsoft 5 days to fix XP zero-day bug [ComputerWorld]

06/08/2010 CoreTrace to Host Free Webinar on Advanced Persistent Threats [EarthTimes]

06/07/2010 Facebook 'Like' button used by viral scammers to push links - is malware next? [The Guardian]

06/05/2010 Worm Facebook: How To Avoid [NewsOXY]

06/05/2010 Facebook Becomes Victim Of Worm [eCanadaNow]

06/03/2010 Rash of Facebook 'likejacks' still flaring [The Register]

05/28/2010 Researchers Beat Clickjacking Defenses of Top Websites [eWeek]

05/24/2010 Apple Safari 'Carpet Bomb' Flaw Remains Unfixed Two Years Later [DarkReading]

05/10/2010 F5 Networks Files Patent Lawsuit Against WAF Vendor Imperva [DarkReading]

04/16/2010 12 "White Hat" hackers you should know [Network World]

04/14/2010 Researcher shows new clickjacking methods [Network World]

04/05/2010 Firefox plans fix for decade-old browsing history leak [The Register]

03/19/2010 Google Patches Chrome as Hacking Contest Nears [PC World]

03/18/2010 If The Hat Is Black... [The New New Internet]

03/15/2010 The Future of Botnets [ThreatPost]

03/11/2010 Hacker Releases Second Video of Enhanced XerXeS DoS Attack on Apache Vulnerability [Infosec Island]

02/22/2010 Stopping Stealthy Downloads [MIT Technology Review]

02/18/2010 The Great Debate: Cyber Security [PBS]

02/17/2010 Mozilla Foundation Security Advisory 2010-02 []

02/17/2010 Google patches XSS hole in its Buzz social media platform [SC Magazine]

02/16/2010 Security Bug Opens Google Buzz to Hackers [The New York Times]

02/16/2010 Google Buzz bug exposes user geo location [The Register]

02/06/2010 Experts weigh in on dangers of cyber attacks [My San Antonio]

01/30/2010 Firefox-based attack wreaks havoc on IRC users [The Register]

01/28/2010 Chrome apes IE8, adds clickjacking, XSS defenses [ComputerWorld]

01/26/2010 Attackers Targeting .Edu Sites in SEO Poisoning Campaigns [ThreatPost]

01/19/2010 New Proxy Promises To Shield Users From Google Data Collection [DarkReading]

01/18/2010 Cyber security czar to discuss risks of online info [Houston Chronicle]

01/18/2010 How to open a parachute during free-fall: Introducing Quick Security References (QSRs) [MSDN]

01/12/2010 U.S. Army Website Hacked [DarkReading]

01/12/2010 Top Ten Web Hacking Techniques of 2009 (Official) [Jeremiah Grossman's Blog]

12/27/2009 Fake sites trick search engines [The Durango Herald]

12/24/2009 Facebook Hit By Clickjacking Attack [Network Computing]

12/09/2009 How fake sites trick search engines to hit the top [USA Today]

12/01/2009 US-CERT Warns of VPN Attack That Bypasses Browser Security [DarkReading]

11/02/2009 ¿Exhibiría su vida privada? [El Financiero]

10/29/2009 Mozilla Firefox Multiple Vulnerabilities [Secunia]

10/27/2009 Mozilla Foundation Security Advisory 2009-54 [Mozilla]

10/08/2009 SecTor Followup [SecuObs]

10/07/2009 SSL Still Mostly Misunderstood [DarkReading]

10/05/2009 New Firefox security technology blocks Web attacks, Mozilla claims [ComputerWorld]

10/01/2009 Firefox feature looks to foil XSS attacks [SecurityFocus]

08/07/2009 A Browser's View of Your Computer [MIT Technology Review]

08/02/2009 Web Surfers Forced to Choose Security or Anonymity [PCWorld]

07/30/2009 Google's 'Safe Browsing' Could Compromise Privacy [Slashdot]

07/29/2009 Black Hat: Security Research Celebs Prepare to Rock Black Hat [eWeek]

07/29/2009 Google Safe Browsing Feature Could Compromise Privacy [DarkReading]

07/22/2009 Rapid7 Announces Participation at DEFCON and Black Hat 2009 [BusinessWire]

07/22/2009 Firefox 3.5 and IE8 Abused to Spy Inside Intranets [SoftPedia]

07/20/2009 Two Newly Disclosed Hacks Prey On Browser, Web Security [DarkReading]

07/16/2009 Experts question security of Google OS [MSNBC]

07/14/2009 Firefox 3.5 Vulnerability Rated 'Highly Critical' [InformationWeek]

07/13/2009 Google Chrome Browser Exhibits Risky Behavior [InformationWeek]

07/09/2009 Will Google's OS Make the Desktop Safe? [PC World]

07/08/2009 Hey Google: Make GMail secure! [SearchSecurity]

06/29/2009 Firefox Aims to Unplug Scripting Attacks [MIT Technology Review]

06/29/2009 Robert Hansen on Slowloris, DoS attacks and RFC-1918 networks [Threatpost]

06/22/2009 Mitigating the 'Slowloris' HTTP DoS Attack [Threatpost]

06/20/2009 Tiny-traffic DoS attack spotlights Apache flaw [The Register]

06/18/2009 Remote handbrake for web server [The H Security]

06/16/2009 Encrypt the Cloud, Security Luminaries Tell Google [Wired]

06/16/2009 Google urged to beef up Gmail security [San Francisco Chronicle]

06/11/2009 New Exploit Uses JavaScript To Compromise Intranets, VPNs [Slashdot]

06/10/2009 New attack class exploits intranet weaknesses [Threatpost]

06/09/2009 Popular Internal IP Addressing Scheme Could Leave Enterprises Vulnerable [DarkReading]

05/22/2009 Clickjacking: Hijacking clicks on the Internet [C|Net]

05/21/2009 Adobe Adopts Microsoft's Patch Tuesday Approach [Washington Post]

05/14/2009 A Blueprint to Stop Browser Attacks [Technology Review]

05/04/2009 Sex offender crackdown in online realm [KXAN]

05/01/2009 'Twitterjacking' -- Identity Theft in 140 Characters or Less [FOXNews]

05/2009 How Hackers Can Steal Secrets from Reflections [Scientific American]

04/30/2009 Twitter Identify Theft [IGN]

03/30/2009 Clickjacking: Potentially harmful Web browser exploit [ZDNet Asia]

02/25/2009 Adobe Releases Critical Flash Player Update [SoftPedia]

02/13/2009 Twitter attack exposes awesome power of clickjacking [The Register]

02/02/2009 Birth of a Security Feature: ClickJacking Defense [MSDN Internet Explorer Blog]

01/30/2009 Popular browsers continue to be vulnerable to clickjacking attacks - Updated [Heise Security Online]

01/30/2009 Clickjacking Threat To Firefox [Linux Magazine]

01/28/2009 IE8's clickjacking protection will have 'zero impact,' says researcher [ComputerWorld]

01/27/2009 IE8 Security Part VII: ClickJacking Defenses [MSDN Internet Explorer Blog]

01/27/2009 IE8's clickjacking fix not much help, experts say [NetworkWorld]

01/26/2009 Microsoft Goes After Clickjacking in IE8 [eWeek]

01/23/2009 White House Web Site Revisits Privacy Policy [InformationWeek]

12/15/2008 Intrepidus Group Experiences 100 Percent Growth as More Than 60,000 Employees Have Been Trained Using PhishMe - Industry's First Proactive Anti-Phishing Software Solution [Yahoo Finance via PR Newswire]

12/12/2008 Researcher: Chrome, Safari password managers need work [MacWorld]

12/05/2008 Flash is anathema to green browsing, says study [BusinessGreen]

12/05/2008 Blokujesz reklamy – dbasz o srodowisko! []

12/05/2008 Bespaar energie, blokkeer online-advertenties [Automatisering Gids]

12/05/2008 Sokba kerülnek a Flash reklámok az internetezoknek []

12/04/2008 Blocking Online Ads May Save Energy [InformationWeek]

12/04/2008 Use Firefox e salve o planeta [Pinceladas da Web]

12/04/2008 Surfer sans pub réduit votre consommation électrique []

12/04/2008 Use Firefox, Save the Planet [Sitepoint]

12/03/2008 Popular Home DSL Routers At Risk Of CSRF Attack [DarkReading]

12/03/2008 Safe laptop battery time using NoScript [Security4all]

12/03/2008 New hacking method threatens web users [KXAN]

12/03/2008 Adobe Flash als Stromfresser []

12/03/2008 Surfer sans pub réduit votre consommation électrique []

12/02/2008 Save battery life, time, the world! Use a script blocker. [UMPC Portal]

12/02/2008 Blokujac reklamy... chronisz planete [Dziennik Internautow]

12/02/2008 Making the Web more secure and a bit greener too? [ISS]

12/02/2008 Studie: Flash sorgt für höheren Stromverbrauch [WinFuture]

12/02/2008 Browsing Habits Can Save Energy Too - A study compared the power consumption of the most common dynamic web technologies [SoftPedia]

12/02/2008 "Conservative in what you send..." [Adobe]

12/02/2008 Go Green with NoScript! [Hackadmemix]

12/02/2008 Study spanks Adobe Flash for abuses of power [The Register]

12/02/2008 Could your Web surfing be greener? [InfoWorld]

11/24/2008 10 Security Researchers Making a Difference [Baseline]

11/11/2008 Microsoft Security Bulletin MS08-069 – Critical [Microsoft]

10/30/2008 Defense Intelligence Agency Fixes Risky Web Site Code [Information Week]

10/30/2008 Security Now 168: Clickjacking [Security Now]

10/20/2008 Adobe Flash Patch Addresses 'ClickJacking' Flaw [Washington Post]

10/20/2008 Browsers getting harder and harder to secure [TechTarget]

10/19/2008 Clickjacking: Potentially harmful web browser exploit [TechRepublic]

10/18/2008 Flash Player Update Brings Flash Player 10 To Remove Flaws That Inspire Clickjacking Attacks [Encyclocentral]

10/17/2008 Adobe Flash Player Fix Stops 'Clickjacking' [InformationWeek]

10/17/2008 Adobe shutters Clickjacking flaw [SecurityFocus]

10/16/2008 Adobe's Flash Player 10 upgrade addresses clickjacking [SC Magazine]

10/16/2008 Adobe (Somewhat) Fixes ClickJacking Vulnerability [InformationWeek]

10/15/2008 Beware of being click-jacked on the Internet [Business Daily Africa]

10/15/2008 Browser security a concern for website development [Tech Target]

10/14/2008 My (Tentative) Wish List For A Better Secure Browser [InformationWeek]

10/14/2008 Beware of new online threat [Republican Herald]

10/10/2008 Security Bites 117: How 'Clickjacking' attacks hide behind the mouse [CNET]

10/09/2008 Researchers warn of 'clickjacking' threat [ZDNet]

10/09/2008 Clickjacking exploits enable hackers to hijack webcams [SC Magazine]

10/08/2008 Web Surfers Face Dangerous New Threat: 'Clickjacking' [Yahoo! News]

10/08/2008 Creepy Clickjacking Bug Lets Hackers Control Webcams [TechNewsWorld]

10/08/2008 Clickjacking Attack Lets Web Sites See, Hear You [InformationWeek]

10/08/2008 Creepy Clickjacking Bug Lets Hackers Control Webcams [E-Commerce Times]

10/08/2008 'Clickjacking' attack hides behind the mouse [CNET]

10/08/2008 Microsoft Weighs in on Clickjacking [Microsoft Watch]

10/08/2008 'Clickjackers' could hijack webcams, microphones, Adobe warns [ComputerWorld]

10/07/2008 Flash Player workaround available for "Clickjacking" issue [Adobe]

10/07/2008 Adobe Releases Clickjacking Advisory as Demo of Vulnerability Circulates [eWeek]

10/07/2008 Details of Clickjacking Attack Revealed With Online Spying Demo [DarkReading]

10/06/2008 FAQ: Clickjacking - is your PC at risk? [PC Advisor]

10/03/2008 TCP flaws may lead to DoS attacks, say researchers [ZDNet]

10/02/2009 Vendors Fixing Bug That Could Crash Internet Systems [PCWorld]

10/01/2008 Clickjacking Defense Will Require Browser Overhaul [DarkReading]

09/30/2008 Critical Clickjacking Vulnerabilities Will Soon Be Disclosed [SoftPedia]

09/30/2008 “Clickjacking” The Network Security Podcast, Episode 122 [Network Security Podcast]

09/30/2008 Clickjacking vulnerability to be revealed next month [NetworkWorld]

09/30/2008 Researchers weigh "clickjacking" threat [SecurityFocus]

09/29/2008 UPDATED: Browser-Makers Seek Clickjacking Fix [ENT News]

09/29/2008 "Clickjacking" poses major web browser threat [SC Magazine]

09/29/2008 Browser-Makers Seek Clickjacking Fix [Redmond Channel Partner]

09/29/2008 FAQ: Clickjacking -- should you be worried? [Computerworld]

09/27/2008 Heard of clickjacking? Your browser is under threat [Indiatimes]

09/27/2008 Clickjacking and NoScript [Hackademix]

09/26/2008 'Clickjacking' Attack Prompts Warning To Disable Browser Plug-Ins [InformationWeek]

09/26/2008 New clickjacking affects all browsers; cause remains unknown [ars technica]

09/26/2008 News Flash: NoScripts Helps Fight Clickjacking 0-Day [Securitymonks]

09/26/2008 Security researchers warn of new 'clickjacking' browser bugs [Computerworld]

09/25/2008 Fortify views Adobe crackers' approach on Clickjacking as positive [Security Watch]

09/25/2008 Clickjacking: Researchers raise alert for scary new cross-browser exploit [ZDNet]

09/19/2008 Is "clickjacking" the next threat? [Heise Online]

09/17/2008 Adobe Gets Hackers to Nix Clickjacking Talk [IT Business Edge]

09/17/2008 Security researchers and vendors--a truce? [CNET]

09/17/2008 Critical Clickjacking Vulnerabilities Affecting All Browsers Being Kept Secret [Softpedia]

09/16/2008 At Adobe's request, hackers nix 'clickjacking' talk [Macworld]

09/16/2008 Disclosure of Major New Web 'Clickjacking' Threat Gets Deferred [DarkReading]

09/16/2008 Adobe yanks speech exposing critical 'clickjacking' vulns [The Register]

09/15/2008 Thanks to Jeremiah Grossman and Robert "RSnake" Hansen [Adobe PSIRT]

08/29/2008 IE8 Beta 2 [Microsoft Developer Network]

08/22/2008 That password-protected site of yours - it ain't [The Register]

08/15/2008 10th birthday sees Google covering many bases [Computerworld]

08/14/2008 Google Gadgets öppnar för attacker []

08/09/2008 Google Haveth a Hole, Google Doth Protest a Fix []

08/09/2008 Surfing Google may be harmful to your security [The Register]

08/07/2008 Researchers Warn of Social Networking Scams [Washington Post]

08/07/2008 Beware of the Gadgets [Government Computer News]

08/07/2008 Hackers target Google Gadgets [USA Today]

08/06/2008 Google Gets Racked Over The Coals At Black Hat [Information Week]

08/05/2008 Black Hat 2008 promises to be big [Yahoo! News]

08/01/2008 Security Bites 110: Breaking Google Gadgets [C|Net]

07/31/2008 How Twitter got pwned in 2 hours [Security4all]

07/28/2008 Security experts will reveal Google Gadgets vulnerability [ArcaVir]

07/25/2008 Get Ready For Google Gadget Malware [Information Week]

07/21/2008 Cenzic to Present on "Xploiting Google Gadgets: Gmalware and Beyond" at Black Hat 2008 [Reuters]

07/21/2008 Google Gadgets are risky business [Network World]

07/22/2008 Intrepidus Group Introduces PhishMe to Help Organizations Deal With Growing Pandemic of Spear Phishing [LA Times via PR Newswire]

07/22/2008 'PhishMe' Tool Lets Businesses Spear-Phish Themselves [DarkReading]

07/17/2008 Vulnerabilities Could Expose Broad Range of Java Apps [DarkReading]

06/23/2008 Web browsers face crisis of security confidence [The Register]

06/2008 Anatomy of an XSS Attack: Exploit, Impact and Response [ISSA Journal]

05/23/2008 TJX Staffer Sacked After Talking About Security Problems [PCWorld]

05/23/2008 Delving Into Google Health's Privacy Concerns [Slashdot]

05/22/2008 RSnake picks on Google Health... yes, Google wants your medical records, too! [ZDNet]

03/25/2008 Mozilla Foundation Security Advisory 2008-16 [Mozilla]

03/17/2008 Browser Session Virtualization [Securosis]

03/11/2008 Can Source Boston save us from boring security conferences? [TechTarget]

02/26/2008 Researchers show how the Simple Network Management Protocol can be abused for cross-site scripting attacks [DarkReading]

02/22/2008 Goolag makes Google Hacking a snap [The Industry Standard]

02/11/2008 Why many popular websites are risky [American Public Media]

01/09/2008 Spam your printer from the Web? Researcher shows how [InfoWorld]

01/07/2008 Hacker Launches XSS Worm Replication Contest [eWeek]

01/05/2008 Contest seeks the most diminutive XSS worm [Channel Register]

11/22/2007 Many businesses still holding off on upgrading to Vista [ITworld Canada]

10/05/2007 Hackers at Microsoft?! Now Wait a Minute . . . [PCWorld]

09/27/2007 Adobe gifts internal file permissions to unwashed masses [The Register]

09/25/2007 Podcast #47 - Web application security with RSnake and Jeremiah [StillSecure]

09/24/2007 Unholy trinity of flaws put Google users at risk [The Register]

09/08/2007 A US CERT reminder: The net is an insecure place [The Register]

08/21/2007 Cenzic Patent Case Worries Web Researchers, Vendors [DarkReading]

08/21/2007 Researcher crosses swords with Google over XSS 'flaw' [The Register]

08/18/2007 Google Gadgets can be misused by phishers [Infoworld]

08/16/2007 Student reprimands Facebook for bad manners and exposed code [The Register]

08/13/2007 WhiteHat Security Adds Six Partners to Growing Alliance Program [PR Newire]

08/07/2007 Black Hat: JavaScript Flaws Ease Intranet Attacks [InformationWeek]

08/06/2007 Mozilla vows to patch any critical flaws in 10 days [InfoWorld]

08/06/2007 BLACK HAT: Mozilla says it can patch flaws in 10 days [ITWorld]

08/06/2007 Retro attack gets new life, worries browser makers [SecurityFocus]

08/06/2007 Black Hat: Mozilla says it can patch flaws in 10 days [Computerworld]

08/06/2007 Mike Shaver, ten days, and expletives []

08/03/2007 Security Bites Podcast: An interview with RSnake [C|Net]

08/03/2007 Black Hat USA 2007 Round-Up Part 1 [TaoSecurity]

08/03/2007 Blackhat 07: Secure Your Web Apps [NetworkWorld]

08/02/2007 Web 2.0 applications raise security issues [Computerworld]

08/01/2007 Black Hat: Security researchers show how corporate intranets are ripe for emerging attacks [InfoWorld]

07/30/2007 Security Researcher Acknowledgements for Microsoft Online Services [Microsoft]

07/19/2007 Firefox raises barrier to cross-site scripting attacks [ZDNet]

07/12/2007 Demonstrating the Top 10 Web Application Hack Attacks Webinar [Infosecurity Magazine]

07/09/2007 Is your network ready for Web 2.0 traffic? [NetworkWorld]

07/05/2007 An Auction Site for Vulnerabilities [DarkReading]

06/19/2007 Click Fraud Index [ClickFraudNetwork]

06/19/2007 Industry Click Fraud Rate Jumps Past 15 Percent in Second Quarter 2007-Botnet Traffic, Parked Domains and Made-for-Ad Sites Cited as Growing Click Fraud Sources Click Fraud Rate for Content Networks Hits 25.6 Percent [Austin Ventures]

06/10/2007 Google Turns to Security [PCWorld]

06/10/2007 Analysis: A business case for security at Google [InfoWorld]

06/05/2007 Google Desktop Vulnerable to Hackers [CSO Magazine]

06/05/2007 Google Desktop vulnerable to new attack [Computerworld Asia]

06/01/2007 Beware of that man between you and your Google Desktop [ZDNet]

05/22/2007 Wrestling With Malware, Google Launches Security Blog [TechWeb]

05/26/2007 As Web 2.0 evolves, security becomes an issue [Washington Post]

05/16/2007 Robert Hansen on Phishing, the Bad Guys, and the Online Mafia [Channel 9 MSDN]

05/14/2007 Do you know what's leaking out of your browser? [ZDNet]

05/10/2007 The Phisher King [Forbes]

05/10/2007 Microsoft BlueHat Security Briefings: Spring 2007 Sessions and Interviews [Microsoft]

05/10/2007 Microsoft invites hackers back for Blue Hat [Computerworld]

05/01/2007 Google Desktop vulnerable to new attack [InfoWorld]

04/17/2007 Corporate data slips out via Google calendar [PCWorld]

03/16/2007 Hackers promise month of MySpace bugs [Washington Post]

03/07/2007 RSnake, Unmasked [DarkReading]

03/06/2007 A New Battleground for Computer Security [Wall Street Journal and mirrored at MarketWatch]

03/06/2007 Click Forensics Expands Management Team and Board of Advisors []

02/26/2007 Second Google Desktop Attack Possible, Researchers Say [CIO Magazine]