Last week a group of six 'm-commerce' experts took part in a round robin discussion in Manchester, England to determine the best ways forward for developers interested in creating a serious mobile web presence yet wanting to make money through the medium of mobile advertising at the same time. Anyone who has been involved in this particular area of Internet growth will appreciate just what a serious challenge the mobile web presents to those who have not invested, in thought and deed as much as financially, in getting to grips with a realistic m-commerce marketing strategy. Unless you are creative …

Member Avatar
Member Avatar
+0 forum 3

The second annual Imperva Hacker Intelligence Initiative report, this one entitled [Monitoring Hacker Forums](http://www.imperva.com/docs/HII_Monitoring_Hacker_Forums_2012.pdf), is out and reveals that the threat surfaces being discussed by the hacker community are very different from those that businesses are spending money on defending against attack. ![dweb-hackers](/attachments/small/0/dweb-hackers.jpg "align-right") The Imperva research analysed the content of a number of online hacker communities, including many lesser known forums in order to get a more accurate snapshot of what those doing the hacking are actually discussing. By looking at a total of more than 400,000 different conversational threads, Imperva was able to determine that SQL injection and …

Member Avatar
Member Avatar
+0 forum 2

If you don't know who [Alan Turing](http://en.wikipedia.org/wiki/Alan_Turing) was, then shame on you. The British code breaker, mathematics genius and father of both computer science and artificial intelligence is rightly credited with helping to bring the second world war to an end. Turing was also gay, and that's where the shame has stuck firmly on the UK establishment for more than 60 years. Turing was convicted for 'homosexual activity' in 1952, and his punishment was to be chemically castrated. This shameful and appaling conviction meant that Turing was unable to continue his pioneering code-breaking work at Bletchley Park as he lost …

Member Avatar
Member Avatar
+8 forum 16

Earlier this month, security outfit FireEye’s 'FireEye as a Service' researchers out in Singapore [discovered and reported](https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html) on a phishing campaign that was found to be exploiting a zero-day in Adobe Flash Player vulnerability (CVE-2015-3113). That campaign has been well and truly active for a while now, with attacking emails including links to compromised sites serving up benign content if you are lucky and a malicious version of the Adobe Flash Player complete with the exploit code if you are not. Adobe has now [responded with a security update](https://helpx.adobe.com/security/products/flash-player/apsb15-14.html) with the following recommendations: Users of the Adobe Flash Player Desktop …

Member Avatar
Member Avatar
+2 forum 1

It's been a year now since the Dyre malware family was first profiled, and there is no sign of infection rates slowing down. In fact, [reports](http://www.scmagazine.com/trend-micro-documents-new-malware-infections/article/418266/) would seem to suggest just the opposite with infections up from 4,000 at the end of last year to 9,000 at the start of this. The lion's share being split pretty evenly between European and North American users. So I was interested to spot this Tweet from Ronnie T [@iHeartMalware](https://twitter.com/iheartmalware) who is actually Ronnie Tokazowski, a senior researcher at PhishMe, which declares: "I'm tired of dumping #Dyre configurations by hand. So I wrote a …

Member Avatar
Member Avatar
+1 forum 4

While keen to point out that Microsoft's TechNet portal security was "in no way compromised" by the tactic, researchers with security outfit FireEye [discovered](https://www.fireeye.com/blog/threat-research/2015/05/hiding_in_plain_sigh.html) that [a well established China-based hacking campaign called Deputy Dog](https://www.fireeye.com/blog/threat-research/2013/09/operation-deputydog-zero-day-cve-2013-3893-attack-against-japanese-targets.html) had managed to create profiles and posts on TechNet that contained embedded Command and Control codes for use with a BlackCoffee malware variant. This method of hiding in plain sight is nothing new, but it can make detection problematical as the data (especially within a technical forum such as TechNet) is simply 'lost' in a sea of similar code from genuine users of a well respected …

Member Avatar
+1 forum 0

It all started pretty well, with the announcement by Mozilla at the end of last month that the Firefox web browser would make the Internet a safer place by encrypting everything. That's everything, even those connections where the servers don't even support the HTTPS protocol. Developers of the Firefox browser have moved one step closer to an Internet that encrypts all the world's traffic with a new feature that can cryptographically protect connections even when servers don't support HTTPS. The 'Opportunistic Encryption' (OE) feature essentially acts as a bridge between non-compliant plaintext HTTP connections and fully compliant and secure HTTPS …

Member Avatar
+1 forum 0

Content Management Systems (CMS) may not be the most interesting topic on the tech table, but oh boy does WordPress liven things up in this sector. Not, it has to be said, always in a good way. I've lost count of the number of WordPress vulnerability stories that I've read over this last 12 months, and have even written a few myself. of course, more often than not [it isn't WordPress itself that is the problem](http://www.itpro.co.uk/security/24163/the-wordpress-cms-isnt-insecure-you-are) but one of the gazillion plug-ins that are out there and being used to customize it and add functionality. There was the [SoakSoak malware](https://www.daniweb.com/web-development/php/news/489065/kings-of-google-gun-for-supersoaker-soaksoak-wordpress-malware-warning) …

Member Avatar
Member Avatar
+3 forum 2

Spring has been getting rather unseasonably hot for Apache users as far as security flaws go. First there was news of how the FREAK (Factoring Attack on RSA-EXPORT Keys) vulnerability could impact Apache. For more on FREAK see this [excellent analysis](http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html) by Matthew Green, a cryptographer and research professor at Johns Hopkins University. Green points out that "Apache mod_ssl by default will generate a single export-grade RSA key when the server starts up, and will simply re-use that key for the lifetime of that server. What this means is that you can obtain that RSA key once, factor it, and …

Member Avatar
+1 forum 0

Addressing last weeks Securi-Tay conference hosted by the Abertay Ethical Hacking Society in Scotland, Stephen Tomkinson from the NCC Group detailed how Blu-ray players can do more than play videos; they can open up a new attack surface for the hacker. Tomkinson demonstrated a new tool that had been released in order to enable the investigation of embedded network devices, and used the network exposed features on a common Blu-ray player as an example. He showed how an innocent looking Blu-ray disc can actually circumvent sandboxes and present the hacker with control of the underlying systems. Of course, that innocent …

Member Avatar
+2 forum 0

"Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems." These are the words of Brad Arkin, Chief Security Officer at Adobe as he reveals that one of the biggest names in the software business has fallen victim to …

Member Avatar
Member Avatar
+3 forum 10

2014 was not a good year for Microsoft, with the Xbox Live network being disrupted at both ends of December by [Lizard Squad DDoS attacks](https://www.daniweb.com/software-development/game-development/news/488412/lizard-squad-claims-responsibility-for-taking-down-xbox-live-today) and then as the year was finally coming to an end a different hacking collective dropped another bomb onto Xbox. A posting on Twitter simply stated "Hey, @Xbox! We thought we'd drop on by and End 2014 with a bang ;)" along with a link to a file on Kim Dotcom's Mega cloud storage service. That file, freely available for download by anyone, was the official Xbox One Software Development Kit. ![dweb-xboxone.jpg](/attachments/large/0/c74c87eb29bf89b2cc9ce2f0855f42fe.jpg "align-center") Interestingly, the …

Member Avatar
Member Avatar
+0 forum 2

Microsoft this week acquired [url=http://www.teamprise.com/]Teamprise[/url], a division of [url=http://www.sourcegear.com/]SourceGear[/url] that built tools to give developers access to Visual Studio 2008 Team Foundation Server from systems running Linux, Mac OS X and Unix.SourceGear's flagship [url=http://www.sourcegear.com/sos/]SourceOffSite[/url] provides remote access to Visual SouceSafe, Microsoft's version control system. Teamprise comes in [url=http://www.teamprise.com/products/download/]three forms[/url]. The Plug-in for Eclipse allows developers source control, bug tracking, build and reporting operations from within their current Eclipse environment or Eclipse-based IDE. Teamprise Explorer does the same but can can stand alone. There's also the Command-Line Client automated builds and other scripting situations. Updated to version 3.2 in March, Teamprise …

Member Avatar
Member Avatar
+1 forum 3

If you are a programmer than you probably know or at least know of C++ well now a company called Digital Mars is developing the D programming lanugage. [I] "D is a systems programming language. Its focus is on combining the power and high performance of C and C++ with the programmer productivity of modern languages like Ruby and Python. Special attention is given to the needs of quality assurance, documentation, management, portability and reliability." [/I]Basically this programming language is looking to combine the best of all there is out there using features from C, C++, C#, and Java as …

Member Avatar
Member Avatar
+1 forum 20

Google has been quick to blacklist domains implicated, most often unwittingly, in the distribution of what has become known as the SoakSoak malware campaign courtesy of soaksoak.ru being the first domain in the redirection path it used. With 11,000 domains blocked over the weekend, you might be forgiven for thinking that it's another WordPress hosting sites security problem sorted before it can do any harm. However, most experts I have spoken to would seem to agree that 11,000 domains is just the tip of this particular iceberg and the actual number of soaksoak impacts on WordPress specific sites is in …

Member Avatar
+2 forum 0

A group describing itself as "DDoS kings" who "just want to watch the world burn" has claimed responsibility for taking the Microsoft Xbox Live network down for an hour or two earlier today. The [Lizard Squad](https://twitter.com/LizardPatrol), posting from a Twitter account called LizardPatrol, published a message warning that "Microsoft will receive a wonderful Christmas present from us" and say that taking Xbox Live offline was "a small dose of what's to come on Christmas." ![0992b2b58f5ba1e2f918a1f8b4d51f95](/attachments/large/0/0992b2b58f5ba1e2f918a1f8b4d51f95.jpg "0992b2b58f5ba1e2f918a1f8b4d51f95") The downtime impacted upon users of both the Xbox 360 and Xbox One, returning an 80151909 error when trying to connect to Xbox Live. …

Member Avatar
+1 forum 0

Think that macro viruses written in VBA (Visual Basic for Applications) are just something that people using the Internet a couple of decades ago had to worry about? Think again. Word macro attacks never went away, they just went into decline. New evidence suggests they could be making something of a comeback though. Coupled with research showing how non-English speaking recipients are being targeted by phishers using this technique, it makes for worrying reading some 15 years after [Melissa](http://en.wikipedia.org/wiki/Melissa_%28computer_virus%29) struck fear into the email using world. Whenever I hear non-English and phishing uttered in the same breath, I tend to …

Member Avatar
Member Avatar
+1 forum 2

You might be forgiven for thinking that the iPhone is the most secure of the smartphone choices, especially if you've opted for a 5S or above with that fingerprint reader for secure ID and iOS 8 as the most robust of operating systems. Forgiven, but wrong; despite the claims from Apple that iOS is designed with advanced security technologies built in rather than bolted on. If you go by the results of the annual [PWN2OWN](http://www.pwn2own.com/) hacking competition which was held in Tokyo last week, then iOS fell behind Android and to add to the jaw-dropping amongst many pundits Android in …

Member Avatar
Member Avatar
+1 forum 3

A Drupal security advisory, [SA-CORE-2014-005](https://www.drupal.org/SA-CORE-2014-005), rather embarrassingly states that: > Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks. This vulnerability can be exploited by anonymous users. I think that's a whoops, with an uppercase W. The highly critical SQL injection vulnerability is to be found in versions of Drupal …

Member Avatar
+2 forum 0

As well as being CEO of penetration testing specialists High-Tech Bridge, Ilia Kolochenko is also perhaps unsurprisingly a white hat hacker of some repute. Equally unsurprising is the fact that he has [warned](https://www.htbridge.com/blog/plugins_and_extensions_the_achilles_heel_of_popular_cmss.html) that security vulnerabilities in leading CMS platforms such as Drupal, Joomla and WordPress are effectively leaving the security door wide open for hackers to walk through. Kolochenko refers to the threat posed by old plugins, passwords and extensions as being the 'Achilles heel of popular CMS' and for good reason. High-Tech Bridge regularly tests popular CMSs via the ImmuniWeb online penetration testing service and equally regularly, sadly, …

Member Avatar
Member Avatar
+4 forum 1

A report from Hold Security claims that one of the biggest ever online heists has been committed by a Russian crime gang. It would appear that the data theft includes, wait for it, no less than 1.2 billion (yes billion) username and passwords along with around half a billion email addresses obtained from more than 400,000 websites. In total, Hold Security says, the stolen data amounts to some 4.5 billion items. According to the [report](http://www.holdsecurity.com/news/cybervor-breach/) the gang acquired databases of stolen credentials from online dark markets which were then used to attack e-mail providers, social media, and other websites. Spam …

Member Avatar
Member Avatar
+2 forum 2

Bugs are, and always have been, a fact of life for the software developer. However, if Microsoft researcher Andrew Begel has his way, they could be a thing of the past. Last month a paper entitled '[Using Psycho-Physiological Measures to Assess Task Difficulty in Software Development](http://research.microsoft.com/apps/pubs/default.aspx?id=209878)' was published which Begel co-authored. This week, Begel spoke at the annual Microsoft Research Faculty Summit on the subject. Basically what Begel and his research colleagues are saying is that the existing work looking at dealing with programming errors tends to focus on the "post hoc identification of correlations between bug fixes and code" …

Member Avatar
Member Avatar
+1 forum 1

Another day, another breach. The latest to disclose that there had been some 'unauthorised access' to systems and internal company data' is music streaming service Spotify. The disclosure itself was something of an odd one, claiming that investigation suggested only a single user's data had been compromised following an issue with the Android app. Oskar Stal, CTO at Spotify, claims that the investigation suggests no password, financial or payment information was accessed. "Based on our findings, we are not aware of any increased risk to users as a result of this incident" Stal insists, continuing "...as a general precaution will …

Member Avatar
Member Avatar
+1 forum 1

Feedly app left attack window open for malicious JavaScript hackers according to one security researcher. Security consultant and blogger Jeremy S [revealed](http://breaktoprotect.blogspot.in/2014/04/feedly-android-application-zero-day.html) that the Feedly Android app, or at least the version prior to the update on March 17th 2014, had been subject to a zero-day JavaScript code injection vulnerability. Jeremy reported the discovery to the Feedly developers who patched the vulnerability within 24 hours, ethical disclosure working at its best if you ask me. The Singapore based researcher explained that the code injection was possible from an RSS feed into the app itself as the Feedly app didn't sanitize …

Member Avatar
+0 forum 0

Wearable computing has been a buzzword for so long that it's easy to get blinded by the hype and not realise that actually it's a reality; and one that got even more real with the announcement by Google of Android Wear. Forget the fitness bands of today and the 'smart watches' of yesteryear, with Android Wear Google hopes to get the jump on Apple (likely to announce a smart watch iOS platform real soon now) by extending the hugely popular Android OS to wearables. The starting point of this strategy being smart watches that combine time-telling with app notifications, voice …

Member Avatar
Member Avatar
+0 forum 1

It has been [officially confirmed](http://php.net/archive/2013.php#id2013-10-24-2) that the php.net website of the open-source PHP programming language has been hacked and infected with malware. The successful breach of the site came to light yesterday morning when the Google Safe Browsing service started flagging php.net as serving up malicious scripts. This was, at first, denied by php.net which Tweeted claims that it was down to a false negative by Google. However, that position has changed and now it has been officially confirmed that two servers at php.net had been hacked and were, indeed, hosting malicious code in order to install malware on the …

Member Avatar
Member Avatar
+13 forum 10

The average DaniWeb member if not already au fait with Pastebin.com is almost certainly aware of something like it. A pastebin has become, for many programmers, a default tool in the coding box and for very good reason: it makes sharing large quantities of code very easy indeed. Of course, any pastebin is essentially just a temporary text store and that means any type of text, not just code; and it's here that the problems for [pastebin.com](http://pastebin.com) would appear to start. The service has been branded "a major trading place for exploits and passwords" according to recently released research. ![601d5c136ccdd3c2b09d9d6ec4851946](/attachments/small/0/601d5c136ccdd3c2b09d9d6ec4851946.jpg …

Member Avatar
Member Avatar
+0 forum 2

As a gamer myself, I thought that last year was a pretty good one. After all, not only did I get to play both GTA V and Call of Duty: Ghosts (indeed, I'm still playing it and working my may through the prestige levels) but if I had enough spare cash and will I could have bought an Xbox One or PlayStation 4. As it happens, I did buy a Lenovo IdeaPad Y510P which can manage a pretty respectable average of 40fps in Crysis on the high quality settings at native resolution. However, according to research figures from Kaspersky Lab, …

Member Avatar
Member Avatar
+0 forum 2

Companies using IBM's Rational and Tivoli product will breathe easier today, thanks to new, integrated versions of nine tools that the company says will facilitate communication and closer collaboration between software development and support teams in the enterprise. What's more, prices will remain where they are, and the updates are free for current subscribers. According to the company, the integrations are intended to address individual frustration points that it sees being experienced by teams, particularly those of the geographically dispersed variety, and improve efficiency for organizations using both through automation. One of the four couplings involves Rational ClearQuest, which development …

Member Avatar
Member Avatar
+0 forum 4

Aggressive adware, of the kind that creates shortcuts on your screen or changes your search engine configuration, has arrived on Android devices and then some. According to security vendor Bitdefender, as much as 90% of free Android apps contain adware with up to 75% coming with the 'aggressive' variety. ![dweb-androidadware](/attachments/small/0/dweb-androidadware.jpg "align-right") Although adware on the PC has become something of a non-problem courtesy of better educated users and software solutions both within browser clients and third party solutions combining to make it relatively easy to deal with these days. The kind of pop-up creating adware most often seen on the …

Member Avatar
Member Avatar
+0 forum 1

The End.