Last week hackers flocked to Las Vegas to attend the biggest annual hacking conference in the world, DEFCON, and at least one of them claims that he detected a large scale CMDA and 4G surveillance operation that targeted attendees indiscriminately.The claim was made in a post to the Full Disclosure mailing list yeste... |
11 August 2011
10:22 GMT |
 |
|
Serious cross-site scripting (XSS) vulnerabilities that could be exploited to hijack people's accounts have been identified in the ICQ website and instant messaging application.The vulnerabilities were discovered by Levent Kayan, an Armenian security researcher who recently found a similar flaw in Skype."ICQ.com... |
28 July 2011
11:00 GMT |
|
|
A new Android app makes hijacking other people's Facebook, Twitter, YouTube and Amazon sessions a breeze over private or open wireless networks.Called FaceNiff, the app is the work of a Polish programmer named Bartosz Ponurkiewicz and was apparently released on his website in mid-May."It is possible to hijack se... |
2 June 2011
11:36 GMT |
|
|
Microsoft does not consider an Internet Explorer bug that facilitates session hijacking attacks a high risk, but security researchers think otherwise and past examples support their opinion.Last week at the Hack in the Box security conference in Amsterdam, Italian security researcher Rosario Valotta demoed an attack ... |
27 May 2011
07:59 GMT |
|
|
Google has patched a security hole in its ClientLogin authentication protocol which allowed potential attackers to steal authentication tokens for several services.Last week, researchers from the University of Ulm in Germany published a research paper that revealed that over 99% of Android smartphones were vulnerable... |
26 May 2011
10:41 GMT |
|
|
An independent security researcher has discovered several security issues with LinkedIn session cookies which can expose users to man-in-the-middle attacks.At the core the problems reported by New Delhi-based researcher Rishi Narang are not different than those affecting any service whose users can connect over insec... |
23 May 2011
13:56 GMT |
|
|
Security researchers have discovered a vulnerability in Google's ClientLogin authentication protocol which allows potential attackers to execute session hijacking attacks against Android users.The security hole was identified by researchers from the Institute of Media Informatics of the University of Ulm in Germ... |
17 May 2011
07:38 GMT |
|
|
Trusteer, a provider of secure browsing solutions, warns that a new banking trojan capable of hijacking online banking sessions in real time has been identified.Dubbed OddJob, after Goldfinger's henchman in the Bond series, the trojan appeared a few months ago, but it was kept under wraps because of ongoing law ... |
22 February 2011
06:56 GMT |
|
|
Four members of the Missouri House of Representatives and one of their staff have reported their Facebook accounts being hijacked since the beginning of this year.Democrat Stacey Newman and Republicans Donna Lichtenegger and Dave Schatz are among the state representatives who fell victim to the hackers.According to S... |
8 February 2011
08:33 GMT |
|
|
A Firefox security extension, which forces HTTPS connections on many popular websites, has been updated to better protect users from session hijacking attacks.Dubbed "HTTPS Everywhere" the add-on is the creation of civil rights watchdog Electronic Frontier Foundation (EFF) and the Tor project, a developer of anonymiz... |
24 November 2010
13:26 GMT |
|
|
Microsoft will start allowing users to encrypt their Hotmail communications with SSL on an opt-in basis, in order to protect themselves from session hijacking attacks. At the end of September, Microsoft enhanced the security of Hotmail accounts by allowing users to associate trusted computers and mobile phone number... |
5 November 2010
06:09 GMT |
|
|
A newly released Firefox extension, allows virtually anyone to hijack other people's accounts on popular websites like Facebook or Twitter, when connected over open wireless networks and not using HTTPS.The extension is called Firesheep and was released as an open source project by a software developer named Er... |
25 October 2010
09:29 GMT |
|
|
A new cross-site scripting (XSS) weakness identified on Twitter and can be leveraged by attackers to hijack users' sessions and post on their behalf.According to a report from the XSSed Project, the vulnerability is located in the search script on dev.twitter.com and was discovered by a researcher calling himsel... |
6 September 2010
13:15 GMT |
|
|
A Google security researcher has found a security hole on a Twitter subdomain which facilitated session hijacking attacks. The compromise was possible because of a too broad domain scope used for the session cookie.The flaw was discovered and documented on his blog by Google Security Engineer Billy Rios. Rios previou... |
20 July 2010
05:41 GMT |
|
|
Security researchers from antivirus vendor Bitdefender warn of a new malware-distribution campaign that attempts to pass a computer trojan as open source antivirus software. Once installed on the computer, the malware directs browser requests to Paypal, Abbey and Halifax to phishing pages. E-banking customers should... |
11 June 2009
08:15 GMT |
|
|
A self-confessed web security researcher going by the online handle "Inferno" has published details of a serious XSS vulnerability in Google’s Support Python Script, which could have facilitated a wide variety of attacks, including session hijacking. Because of the widespread use of the vulnerable script on Goo... |
13 May 2009
04:18 GMT |
|
|
Find us on Google+
