Skip navigation
Help

Imperva

warning: Creating default object from empty value in /var/www/vhosts/sayforward.com/subdomains/recorder/httpdocs/modules/taxonomy/taxonomy.pages.inc on line 33.

Werwin15

Researchers have devised two new attacks on the Transport Layer Security and Secure Sockets Layer protocols, the widely used encryption schemes used to secure e-commerce transactions and other sensitive traffic on the Internet.

The pair of exploits—one presented at the just-convened 20th International Workshop on Fast Software Encryption and the other scheduled to be unveiled on Thursday at the Black Hat security conference in Amsterdam—don't pose an immediate threat to the millions of people who rely on the Web-encryption standards. Still, they're part of a growing constellation of attacks with names including BEAST, CRIME, and Lucky 13 that allow determined hackers to silently decrypt protected browser cookies used to log in to websites. Together, they underscore the fragility of the aging standards as they face an arsenal of increasingly sophisticated exploits.

"It illustrates how serious this is that there are so many attacks going on involving a protocol that's been around for years and that's so widely trusted and used," Matthew Green, a professor specializing in cryptography at Johns Hopkins University, told Ars. "The fact that you now have CRIME, BEAST, Lucky 13, and these new two attacks within the same week really illustrates what a problem we're facing."

Read 14 remaining paragraphs | Comments

0
Your rating: None


Reflected XSS vulnerabilities in action

Aspect Security

When my neighbor called early Wednesday morning, she sounded close to tears. Her Yahoo Mail account had been hijacked and used to send spam to addresses in her contact list. Restrictions had then been placed on her account that prevented her from e-mailing her friends to let them know what happened.

In a blog post published hours before my neighbor's call, researchers from security firm Bitdefender said that the hacking campaign that targeted my neighbor's account had been active for about a month. Even more remarkable, the researchers said the underlying hack worked because Yahoo's developer blog runs on a version of the WordPress content management system that contained a vulnerability developers addressed more than eight months ago. My neighbor's only mistake, it seems, was clicking on a link while logged in to her Yahoo account.

As someone who received one of the spam e-mails from her compromised account, I know how easy it is to click such links. The subject line of my neighbor's e-mail mentioned me by name, even though my name isn't in my address. Over the past few months, she and I regularly sent messages to each other that contained nothing more than a Web address, so I thought nothing of opening the link contained in Wednesday's e-mail. The page that opened looked harmless enough. It appeared to be an advertorial post on MSNBC.com about working from home, which is something I do all the time. But behind the scenes, according to Bitdefender, something much more nefarious was at work.

Read 11 remaining paragraphs | Comments

0
Your rating: None

Screen shot 2012-04-11 at 11.53.36 PM 2

Editor’s Note: TechCrunch columnist Semil Shah currently works at Votizen and is based in Palo Alto. You can follow him on Twitter @semil

“In the Studio” opens its doors this week to one of Silicon Valley’s most quietly active venture capitalists who, after years working in technology operations for major networking companies, a stint with an Asian telecom giant, and nearly a decade investing in mobile, gaming, digital media, and networking companies, is paying particular attention to the implications of big data and the potential opportunities they create.

For the past decade, Ping Li has been investing in across a broad range of technology companies with Accel Partners, where he is a general partner. Since their defining Series A investment in Facebook, the firm has been on a roll, opening offices in New York City and expanding its footprint overseas, all while maintaining their anchor in the middle of Palo Alto’s University Avenue. And, over the past few years, Accel has also developed an interest in “big data.”

The term “big data” is thrown around often in conversation or at tech conferences, but despite the generalizations and hype, significant opportunities exist for entrepreneurs and investors alike. Last year, I attempted to analyze how big data impacted the consumer web and concluded that while opportunities were abundant, very few were in a positions to capitalize on them given the scarcity of talent in these specific areas of the consumer web.

Li and his partners at Accel are certainly looking at big data as it applies to consumer products — the massive amounts of unstructured social data we are all generating through social media and applications, waiting to be harvested. On the enterprise side of things, however, Li believes big data is on the verge of going mainstream, where datasets and analytical tools will soon be available to everyone, igniting new waves of innovation that could disrupt major public companies from the platform all the way to the application layer.

In this conversation, Li shares his views on the big data landscape and also offers subtle advice to potential founders looking into the space. Having the benefit to see many big data technologies and applications over the past few years, he has developed a keen sense of what minefields founders need to look out for when creating these technologies. To take things a step further, Li and his partners at Accel launched a $100M Big Data Fund, invested in creating an ecosystem of academics, technologists, and thought-leaders, and are hosting a private conference at Stanford on May 9 on this topic (technologists working on big data who would like to attend can contact Accel directly through the conference site).

0
Your rating: None