News security
Meta data allows XSS attacks
Security expert Tyler Reguly from nCircle organization says that data fields for storing meta information offer plenty of possibilities for XSS (cross-site scripting) attacks. He points out that this type of XSS attack is not novel, but he wanted to alert public of this issue. JavaScript embedded in Whois and DNS (Domain Name System) records and SSL (Secure Sockets Layer) certificates can, under certain circumstances, be executed in a browser.
How Smart Is Your Home?
Within reach is a smart home that is responsive to residents' wishes and needs due to technological advances that support ambient intelligence, including sensors, computer networks, databases, and intelligent agents, writes Washington State University professor Diane J. Cook.
FCC propose plan for Internet access controlling
The chairman of Federal Communications Commission, Julius Genachowski, outlined a plan that would allow the agency to control high-speed Internet transmissions. The plan calls for the FCC to reclassify broadband transmission service as a telecommunications service, but with exempting it from many of the rules that affect telephone service. The goal of this is to prevent Internet service providers (ISP) from discriminating against certain applications, Internet sites, or users.
A new service for cracking weak passwords has become available at end of September. The service is capable of detecting the type of hashes used and is based on the Amazon AWS platform. This new service can be accessed on its website PWAudit.com, and is still in beta. Its functionality is based on establishing the type of hash that is presented and then trying all possible combinations that can make up the hash. This is known as a brute force attack.
