Here’s a big (in)security round up.
Hamster plus Hotspot equals Web 2.0 meltdown! | George Ou:
People are still talking about Robert Graham’s side-jacking demonstration at Black Hat. Errata will release Hamster, the tool Graham used to make cookie-stealing a point-and-click affair, some time this week. Most people have no idea that their passwords — masked out with asterisks on their own displays (whether PDA, laptop, or desktop at home connected over wifi) — are sent in plaintext. One of DefCon’s highlights is the Wall of Sheep, a digital monument of gullibility and trust. An image can be found here. It shows that even people attending a convention of the security-minded fail to use effective measures to protect their privacy on wifi networks. Some sites should NEVER be used over wifi because they don’t offer secure servers. There’s no excuse to not use a VPN, SSH, or other tools to be safe in bad neighborhoods.
Dark Reading – Desktop Security – Malware: Serious Business – Security News Analysis:
Another DefCon presentation showed that there’s a thriving market for exploits.
Public Wi-Fi use raises hacking risk:
Here’s another article quoting Graham about the dangers of hotspots. Hotspots tend to be unencrypted and they’re very easily spoofed.
New Security Holes Put PC Users at Risk:
Will the next big exploit vector be streaming media?
Spammer tricks getting more personal; PDF spam also increasing:
MessageLabs, an e-mail filtering vendor, reports that targeted spam is becoming more frequent as corporate executives’ data from Web2.0 sites is collected. Spammers using Facebook and LinkedIn to target executives are increasingly using PDFs to get their messages through spam filters. In addition to the issue raised at the end of the article about text2pdf exploits, there are additional cross-scripting holes in PDF itself.