Provided by CommunityDNS, the information in this post consists of news items in the security-based Internet community.

U.S. weighs risks of civilian harm in cyberwarfare

The laws of war require attacks to be proportional to the threat. Regarding cyberwarfare attacks or retaliations, such efforts could have a far more reaching affect in terms of second- and third- order civilians. While defense departments have an idea when it comes to traditional forms of warfare, President Obama’s administration is trying to understand the far reaching, or unintended affects that may result when it comes to cyberwarfare. Cyberweaponry is designed to be disruptive and not destructive. Understanding the effects of disruption is what officials are working to understand. How much force can be used when, in term of cyberwarfare, “force” is not clearly defined.

Click here for more information.

Defcon: New Hack Hijacks Application Updates via WiFi

Taking advantage of unsecured WiFi connections, sessions over such networks can be hijacked. To be specific, applications delivering software updates can be hijacked to a malicious site to have malware downloaded instead.

Click here for more information.

cPanel, Netgear and Linksys susceptible to nasty attack

cPanel, for website administration and Linksys and Netgear for wireless networks are susceptible to web-based attacks that can take control of your systems. Using cross-site forgery, vulnerabilities can be exploited simply by browsing over to a malicious site.

Regarding cPanel, the CSRF attacks take advantage of trust sensitive web-based services of previously logged in users. Without users’ knowledge, websites under CSRF attack allow users to take certain actions, such as executing online financial transactions.

Firefox’s RequestPolicy extension blocks the majority of CSRF attacks. Mozilla has proposed a specification in which Firefox would allow “white-listed” sites, such as banks, merchants and other organizations, to download their java script. The browser would deny use of JavaScript if the site were not on the white-list.

Click here for more information.

Researcher Exposes Flaws in Certificate Authority Web Applications

The automated validation process, used by most certificate authorities, to make the process easier for customers and provide low overhead makes things simpler for the hacker.

While SSL has come under attack recently for its vulnerabilities one researcher discovered vulnerabilities in the certificate authorities that issue such certificates.

Click here for more information.

Defense Department eyes hacker con for new recruits

As reported in previous News Bits, the US government is working at finding ways to become more serious regarding the cyber world’s malicious community as well as countering threats associated with Cyberwarfare. Government and government contractors have sought to recruit those with the hacker mentality. At two recent hacker conferences the government was recruiting in force.

Click here for more information.

Net Neutrality Bill Calls on FCC to Babysit ISPs

A bill, recently introduced in the Congressional House, targets Net neutrality. The bill seeks to preserve the open nature of the Web. The FCC (Federal Communications Commission) would be tasked ensuring Net neutrality by keeping an eye on ISPs.

Click here for more information.