Stories about: X-Force

A SQL injection attack that has affected at least a half-million Web sites has entered a "third wave" that's more resistant than previous versions to traditional security measures, according to IBM security researchers.

Hackers now mask virtually every Web browser exploit as part of their normal procedure to evade detection by security software, said IBM's X-Force research team Tuesday.

A self-proclaimed hacker crew calling itself "clpwn" -- as in "clown" -- that's been bragging about how it's defaced sites such as CNN and Playboy Casino isn't doing anything earth-shattering, said a security researcher Wednesday. But the group is a reminder of how things once were, when true hackers plied their trade for notoriety rather than profit.

Like many just-launched e-commerce sites in the world, this unnamed Web site has a fairly functional, if somewhat rudimentary, home page. A list of options at top of the home page allows visitors to transact business in Russian or in English, offers an FAQ section, spells out the terms and conditions for software use and provides details on payment forms that are supported.

In the same way some e-commerce sites serve up customized content based on a user's profile, cybercriminals are increasingly using personalization techniques to more effectively attack those who visit their Web sites.

Window Snyder, chief security officer at open source browser maker Mozilla, is caught in the crosshairs of the raging browser vulnerability battle.

A flaw in Snort, the popular open-source intrusion detection system, could be used by attackers to run malicious code on vulnerable machines, several security organizations reported Monday.

The number of new software security vulnerabilities identified by security experts, hackers and others during the first eight months of this year has already exceeded the total recorded for all of 2005, according to Internet Security Systems.

Internet Security Systems (ISS) has added Linux support to its Proventia Server Intrusion Prevention System (IPS) platform.

Internet Security Systems said it has uncovered a flaw in the most recent version of the Sendmail open-source code used primarily in Unix-based and some Windows-based e-mail gateways.

The CERT Coordination Center is warning users about a serious security vulnerability in the OpenSSH (Secure Shell) that could enable a remote attacker to run malicious code or launch a denial of service attack against machines running the popular suite of secure network connectivity tools.