Ad: Manage updates with the Download App
  • CNET
  • All Vulnerabilities and attacks posts

Vulnerabilities and attacks

Twitter warns of additional hacks, threats

Twitter knows that many high-profile accounts have suffered at the hands of hackers in recent days, but is putting much of the onus of responsibility on the account holders themselves.

On Monday, Twitter sent a memo to major media and news outlets about the threat -- if they hadn't known already or at least reported on some of them -- and noted that it believed these "attacks will continue." (Buzzfeed posted the memo in full.)

Twitter acknowledged that the "incidents" appear to be "spear phishing attacks that target your corporate email," that appear … Read more

See how beautiful a DDoS attack can look

We've all heard of a distributed denial of service (DDoS) attack and know what it is: when a person or people attempt to take down a Web site by flooding it with connection requests. These max out the site's bandwidth, making it unable to accept new requests. The attacks are usually automated and can be accomplished in a variety of ways. The loss of traffic during the attack itself, and the recovery afterward, can end up costing Web sites quite a lot.

But what does that actually look like? Well, nothing by itself; but thanks to a Web site traffic visualization tool called Logstalgia, Ludovic Fauvet, developer of the Web site VideoLAN (which created and distributes the free multimedia player VLC), managed to capture an April 23 DDoS attack on his site. … Read more

LivingSocial hacked; 50 million affected

Daily deals Web site LivingSocial is the latest database target for hackers, who have compromised the personal information of more than 50 million people.

In internal LivingSocial e-mails obtained by AllThingsD, the unknown culprits appear to have made off with the names, e-mails, birthdates, and encrypted passwords of what appears to be the vast majority of LivingSocial customers.

The Washington, D.C.-based site, owned in part by Amazon, claims around 70 million customers worldwide. The company's divisions in the Philippines, South Korea, Indonesia, and Thailand remain unaffected because they are hosted on different servers.

To put this breach … Read more

Police arrest Dutchman for alleged Spamhaus Web attacks

Authorities in Barcelona have arrested a Dutchman for his alleged involvement with one of the Web's biggest cyberattacks, the BBC reported today.

Spanish police detained a 35-year-old man believed to be Sven Kamphuis, the owner and manager of Dutch hosting firm Cyberbunker. Officials are making plans for his transfer to the Netherlands.

It was widely reported previously that Cyberbunker, a site hosting company, was behind the multiple Web attacks on Spamhaus, an antispam organization. The attack -- called a distributed denial-of-service, or DDoS, attack -- involved overloading Spamhaus' severs with requests. It also slowed down the Internet for part of Europe, … Read more

Cyberattacks triple in 2012, Akamai says

Cyberwarfare incidences jumped sharply in 2012, Akamai said, with the number of distributed denial of service attacks more than tripling from the previous year.

Akamai, one of the world's largest globally distributed networks, said its customers reported being targeted by 768 DDoS attacks last year, more than three times as many as in 2011. The company's State of the Internet report released Tuesday also found that more than a third of those attacks targeted the commerce sector, while another 20 percent targeted enterprise customers.

"In many ways, DDoS has become the weapon of choice for multiple types … Read more

Security certificate problem trips up Bing Web site

A security certificate problem triggered warnings not to use Bing over a secure Web connection Friday, and Microsoft said an issue with network service provider Akamai is to blame.

Browsers displayed prominent error messages and warnings at about 9 a.m. PT when visiting https://bing.com.

The HTTPS standard governs how Web browsers and Web servers set up encrypted communications, for example so that others can't eavesdrop on network activity to find out what you're searching for, but valid and up-to-date security certificates are required for such communications.

"An attacker on your network could be trying … Read more

Top Wi-Fi routers easy to hack, says study

The Wi-Fi router you use to broadcast a private wireless Internet signal in your home or office is not only easy to hack, says a report released today, but the best way to protect yourself is out of your hands.

The report, written by research firm Independent Security Evaluators of Baltimore, found that 13 of the most popular off-the-shelf wireless routers could be exploited by a "moderately skilled adversary with LAN or WLAN access." It also concludes that your best bet for safer Wi-Fi depends on router vendors upping their game. All 13 routers evaluated can be taken … Read more

Targeted cyberattacks jump 42 percent in 2012, Symantec says

Internet users are seeing less spam but more targeted attacks, according to security software company Symantec.

Looking at last year's security landscape, Symantec's Internet Security Threat Report 2013 found that traditional spam accounted for 69 percent of all e-mail in 2012, down from 75 percent in 2011. Yet, 30 billion spam messages are still sent on a daily basis.

Junk e-mails that hawk sex or dating products and services now account for 55 percent of all spam, taking the top spot away from pharmaceutical spam.

Malware is also part of one out of every 291 e-mail messages, with … Read more

Oracle preps 128 security patches; Java gets 42

Oracle will release today 128 fixes for security vulnerabilities that affect "hundreds" of its products.

The software giant and Java maker said in a pre-release announcement today that four of the patches include fixes for Oracle's flagship database product, which can be exploited remotely without the need for a username or password.

Also, 29 security fixes will arrive for Oracle Fusion Middleware, with 22 of these also for preventing attacks without the need for authentication.

Affected components include Oracle HTTP Server, JRockit, WebCenter, and WebLogic.

Both Oracle products have a common vulnerability scoring system (CVSS) rating of … Read more

Anonymous again hacks into North Korean Web sites

Anonymous is once again trying to raise the hackles of North Korea by hacking into one of the country's official news sites.

For the second time this month, the North Korean news and information site Uriminzokkiri.com has been taken down. Trying to access the site today delivers an eventual timeout error. In the official Twitter account for Uriminzokkiri, which Anonymous took over earlier this month, the group tweeted that "more of North Korean websites are in our hand. They will be brought down."

North Korean Web sites minjok.com, jajusasang.com, and paekdu-hanna.com had also … Read more