Defense in Depth

Researcher: Wii and iPhone browsers could allow phishing

In a paper (PDF) presented at the Usability, Psyschology, and Security Conference 2008 in San Francisco, researchers from the University of California at Davis warned that browsers within popular electronic gadgets often eliminate important security features available on desktop browsers.

Researchers Yuan Niu, Francis Hsu, and Hao Chen looked at the Mobile Safari browser in Apple iPhone, as well as the Opera browser included in the Nintendo Wii and DS gaming systems. In general, they cited the reliance on screen typing as a deterrent to typing in known URLs. They said users are more likely to click on URLs presented … Read more

Cyberprotests planned in support of China

Several groups of Internet organizers plan to show on Saturday that they can mobilize patriotic Chinese Internet users and wield their influence worldwide against what they say is anti-Chinese media in the Western world.

The Dark Visitor, a site that tracks the activities of Chinese computer hackers, is reporting that a distributed denial-of-service (DDoS) attack on CNN.com is planned for 8 p.m. Beijing time, or 5 a.m. PT in the United States.

But the organizers themselves (Google translated page) appear to be waffling, and Jose Nazario of Arbor Networks reports that there has been little preattack activity … Read more

Women more likely to give up passwords than men

What would it take to get you give up your office network password to a total stranger? In London, women were more likely than men to give over their password for a piece of chocolate, says researchers for Infosecurity Europe.

The survey was conducted among 576 office workers contacted outside the Liverpool Street Station in London. The good news is that, overall, just 21 percent of those questioned would give up their password, with 45 percent of women saying yes versus 10 percent of men. Last year, 64 percent of people surveyed said were prepared to give away their passwords … Read more

Gmail cookie stolen via Google Spreadsheets

Security researcher Bill Rios reported Monday that a cross-site scripting (XSS) attack against Google Spreadsheet could have exposed all of Google's services. XSS can occur whenever a legitimate site accepts input from the user but does not filter that input properly and could allow the injection of potentially malicious instructions. In this case, however, once an attacker gained access to any xxxx.google.com site, they would have access to other Google services, such as Gmail, Docs, and Code.

In an e-mail to CNET News.com, a Google representative confirmed that the flaw as described by Rios has been … Read more

Researcher: Misunderstandings surround RFID in use today

When asked how RFID worked, a group of novices responded to a recent academic survey with "witchcraft" and "magic."

In a talk Monday at USENIX Usability, Psyschology and Security Conference (UPSEC) 2008 in San Francisco, Andrew McDiarmid of the University of California, Berkeley, shed light on how ordinary people perceive RFID-enabled cards in their day to day life. He said while novices and intermediates were familiar with times when RFID-enabled smart cards such as work access cards or transit cards didn't work, they couldn't explain it. On the other hand, advanced users knew enough … Read more

Press barred from Gore's RSA speech

When Al Gore agreed to talk at the end of the RSA 2008 conference, the 2007 Nobel Laureate stipulated in his contract with RSA that no members of the press would be allowed inside the keynote address. Many of my colleagues in the press were put out about this, and rightly so.

Fortunately, this year I was registered as a speaker at RSA 2008, so I didn't have my usual press pass (although the nice guardians at the press room door certainly didn't stop me from going inside).

Since individual attendees at RSA are allowed to blog and … Read more

Gore's RSA talk updates 'Inconvenient Truth'

SAN FRANCISCO--Global warming is real, and new evidence shows it may be worse than we previously thought, former Vice President Al Gore said during an RSA keynote address on emerging green technologies Friday.

The talk, which ran 45 minutes and closed the conference here, updated the presentation used in his Academy Award-winning documentary An Inconvenient Truth.

Friday's talk was similar to one Gore delivered in February at the annual TED conference, but without the slides. During the speech here, the 2007 Nobel Laureate was interrupted by hecklers three times; each was removed by security.

In an arrangement with RSA, … Read more

Echo Boom hackers: Shame

On Thursday morning, at this year's RSA conference in San Francisco, Chris Boyd of Facetime and I will present a talk "How to Adapt to the Echo Generation's Social Media Hacking Game." The following is a preview of that talk, presented in three parts. On Tuesday we learned who the Echo Generation are. Wednesday we saw how they use online social media for hacks. Today, we'll see how Chris uses features of social networks and Web 2.0 to shut these kids down.

Known as the Sherlock Holmes of France, famed criminologist Edmond Locard once … Read more

Echo Boom hackers: A dangerous game

On Thursday morning, at this year's RSA Conference in San Francisco, Chris Boyd of Facetime and I will present a talk called "How to Adapt to the Echo Generation's Social-Media Hacking Game." The following is a preview of that talk, presented in three parts. Yesterday, we saw who the Echo Generation are. Today, we're looking at how they use online social media for hacks. Tomorrow, we'll see how Chris uses features of social networks and Web 2.0 to shut these kids down.

For the last few years, Chris Boyd, director of malware research … Read more