Google Inc. has fixed a security flaw in its Gmail Web-based e-mail service that allowed attackers to hijack users' e-mail accounts. "Google was recently alerted to a potential security vulnerability affecting the Gmail service. We have since fixed this vulnerability, and all current and future Gmail users are protected," Google spokesman Nathan Tyler said.
Tyler declined to discuss the nature of the problem, but a source close to Google confirmed that the flaw allowed an attacker to gain complete control over a user's account.
An increase in the usage of web applications is directly related to an increase in the number of security incidents for them. Today, web application security is finally getting more prominent attention. This attention comes with the benefit of it being addressed as a higher priority now, but with the drawback of still being in an emerging area of technology. This article highlights both technical and business trends in web application security. Traditionally, vulnerability analysis (and its management) has been focused at the network or operating system level.
So you’ve got a Gmail mail account? Or maybe you’ve just received an invitation? Well, we have some bad news for you: Your mail box is exposed. A major security hole in Google's mail service, allows full access to user accounts, without the need of a password.
Linux distributor Suse has warned of one of the most serious security holes to date in version 2.6 of the Linux kernel, which could allow attackers to shut down a system running 2.6-based software.
The 2.6 kernel, completed at the end of last year, brings a number of enterprise-friendly features to Linux, but is still in the early stages of rolling out in commercial products. While a number of Linux vendors have released software for technical enthusiasts running the new kernel, Novell-owned Suse is one of the few offering an enterprise product based on 2.6.
Robert Graham says that many hackers are graduating into the pro ranks, a development that carries worrisome implications for corporate security. "Before this year, we really saw just kids that are playing and pretending to be masterminds," said Graham, who did important early work in the development of intrusion-prevention systems. "But this year, we saw the rise of the professional hacker."