Worldwide LocationsActivIdentity Blog
« Back to Blog HomepageSSL Security, Hacking – Industry News Wrap-up – ActivIdentity Blog
Nov 1, 2011 7:38pm | 0 Comment
This week’s industry news wrap-up will focus on SSL security scrutiny, abuse of ecommerce sites and hacking gone awry. Here are the stories that caught our attention: SSL Servers No Match For Laptop-Based Hack
SSL security has been under scrutiny lately due to the recent surge in enterprise security breaches and the increasing number of improperly configured websites, which leave SSL incredibly vulnerable to man-in-the-middle attacks. A hacker group known as The Hackers Choice (THC) this week released a tool that abuses the SSL renegotiation feature and, according to Dark Reading’s Kelly Jackson Higgins, has the potential to take down an HTTPS Web server in a denial-of-service attack using a single laptop via a DSL connection.
Fraudsters Find Creative ways to Abuse E-Commerce Sites
It seems that where there’s a website, there’s a way – to hack it, that is. Regardless of whether or not companies are up-to-date with software patches, fraudsters are honing their skills and taking alternate, creative routes to exploit marketing campaigns and/or incentive programs. Author Jeremy Kirk points to a real-world situation in which there were no reported bugs in the abused system – the criminal was using the site as intended, albeit abnormally, to obtain large sums of money
Stupid hacker tricks: Exploits gone bad
“If the Internet is the new Wild West, then hackers are the wanted outlaws of our time. Like the gun-slinging bad boys before them, all it takes is one wrong move to land them in jail,” writes author JP Raphael. From hacking FBI-sponsored websites to DDoS attacks to PayPal, this article examines five hacks gone terribly wrong. These outrageous hacker slip-ups have landed the culprits in InfoWorld’s Stupid Hacker Tricks Hall of Shame.
Tags: n/a
Post a Comment
All fields are required.
Legal Disclaimer
Some of the individuals posting to this blog website work for ActivIdentity Corporation ("ActivIdentity"). Opinions expressed in the blog postings and in any corresponding comments are the personal opinions of the original authors, not of ActivIdentity. The blog postings are provided for informational purposes only and are not meant to be an endorsement or representation by ActivIdentity or any other party. This blog website is available to the public. ActivIdentity moderates the comments and comments will not be posted until they are approved by the moderator. ActivIdentity does not guarantee that your comments will be posted to this blog website and ActivIdentity may refuse to post any comments in its sole discretion. No information you consider confidential should be posted to this blog website. By posting comments, you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to this blog website. You release ActivIdentity from any liability related to your use of this blog website and the content on this blog website. Your use of this blog website is also subject to the terms and conditions of the ActivIdentity Legal Notice available at http://www.actividentity.com/legal/ (the "Legal Notice"). The blog postings are "materials" and any comments that you post to this blog website are "feedback," each as defined in the Legal Notice.
Some of the individuals posting to this blog website work for ActivIdentity Corporation ("ActivIdentity"). Opinions expressed in the blog postings and in any corresponding comments are the personal opinions of the original authors, not of ActivIdentity. The blog postings are provided for informational purposes only and are not meant to be an endorsement or representation by ActivIdentity or any other party. This blog website is available to the public. ActivIdentity moderates the comments and comments will not be posted until they are approved by the moderator. ActivIdentity does not guarantee that your comments will be posted to this blog website and ActivIdentity may refuse to post any comments in its sole discretion. No information you consider confidential should be posted to this blog website. By posting comments, you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to this blog website. You release ActivIdentity from any liability related to your use of this blog website and the content on this blog website. Your use of this blog website is also subject to the terms and conditions of the ActivIdentity Legal Notice available at http://www.actividentity.com/legal/ (the "Legal Notice"). The blog postings are "materials" and any comments that you post to this blog website are "feedback," each as defined in the Legal Notice.
Subscribe to our RSS FeedSearch Blog
Category
Identity & Access ManagementRecent Posts
Recent Comments
Blogroll
The Forrester Blog For Security & Risk ProfessionalsComputer Weekly: David Lacey's IT Security Blog
Infosecurity Magazine: Security Viewpoint
Pro Security Zone: Editor's Blog
IT Pro
Adventures in Security
ha.ckers.org
Information Security: Security Bytes
Krebs on Security
SC: Data Breach Blog
Schneier on Security
Securosis
GovInfoSecurity.com: The Security Scrutinizer
GCN Tech Blog
Cybersecurity
Gartner Blog Network
Cnet: Insecurity Complex
Computerworld: Security Impact Blog
Computerworld: Security is Sexy
eWeek Security Watch
InformationWeek Security Weblog
Network World: Security Strategies Alert
ZDNet.com: Zero Day
Bank Info Security: Industry Insights
Bank Technology News
CRN Community: Hot Topics
Threatpost: Digital Underground