Networked Scanners Offer A Window Into The Enterprise, Researcher Says It happens every day — a sensitive document lies in the copier room, forgotten by the person who left it on the scanner. No big deal, right? Nobody else was able to read it.

Computerworld – Starting tomorrow, a little-known group of security researchers will kick off a month of bug disclosures that target unpatched vulnerabilities in software from Adobe, Microsoft, Mozilla, Apple and others. But the researcher who came up with the idea of month-long bugfests four years ago isn’t optimistic that reviving the practice will have much of an impact on the general state of computer security. The “Month Of Abysssec Undisclosed Bugs” (MOAUB) will feature flaws in Microsoft’s Excel and Internet Explorer, the Linux-based cPanel Web hosting control panel, and other software, said Abysssec Security Research in a post to the firm’s blog earlier this month

Mariposa Botnet Operators Didn’t Bite In ‘Cookie-Stuffing’ Offer The Slovenian man recently arrested for allegedly writing the malware used to build the now-infamous Mariposa botnet also sold an additional feature for his bot software, a form of cookie fraud known as “cookie-stuffing.” According to the researcher who helped take down Mariposa, the Spanish operators who purchased the bot software from the Slovenian man known as “Iserdo” and then built Mariposa, for some reason didn’t opt for the feature, which he offered for 200 euros, even though it would have increased their potential profits. “That was one module they didn’t buy,” says Luis Carrons, technical director of PandaLabs, which teamed up with the FBI, Defence Intelligence, and Georgia Tech to derail the botnet in December of last year. “The most likely explanation is that they didn’t even know what it was about

United Nations Website Contains SQL Injection Flaws Three Years After Hack, Researcher Says Three years after the United Nations’ website was defaced by activist hackers using a SQL injection attack, the site still contains multiple instances of these vulnerabilities. Security researcher Robert Graham, CEO of Errata Security, did his now-annual checkup on the UN site and found that while the UN had removed the bug that was exploited in the August 2007 attack, the site is still rife with multiple SQL injection vulnerabilities

Most SSL Sites Poorly Configured The good news about SSL-based websites: Most are running strong encryption.

Malware Authors Leave Their Fingerprints On Their Work, Black Hat Researcher Says At the rate that malware is proliferating, it sometimes seems impossible to tell one bit of malicious code from the next. But according to a security researcher here, malware authors leave “fingerprints” all over their work, which could aid security professionals in stopping them. At a session on malware attribution, HB Gary researcher Greg Hoglund outlined a wide variety of methods that can be used to identify the source of malware, which can be extremely useful in determining how to defend against it.

ATMs At Risk, Researcher Warns At Black Hat A security researcher today gave notice to companies that make automated teller machines (ATMs). Here on the first day of the Black Hat conference, Barnaby Jack, director of research at IOActive, demonstrated attacks that would allow a criminal to compromise ATMs, allowing hypothetical thieves to steal cash, copy customers’ ATM card data, or learn the master passwords of the machines