Showing category "Security" (Show all posts)

CNET Hacker Chart : Keeping up with the hackers

Posted by CNET on Wednesday, June 22, 2011, In : Security 

The number of hacking events of late is making our heads spin at CNET. By our count, there have been more than 40 computer attacks, network intrusions, or data breaches in the last few months. And they seem to be a daily occurrence.

In previous coverage we've noted that it seems to be open hacking season, written about some of the hackers and groups who are behind the attacks and speculated on their motives, so we thought we'd provide a chronological chart listing the attacks so we could ...


Continue reading ...
 

Phishers use HTML attachments to evade browser blacklists

Posted by on Tuesday, March 22, 2011, In : Security 

To get around phishing blacklists in browsers, scammers are luring people by using HTML attachments instead of URLs, a security firm is warning.

Chrome and Firefox are good at detecting phishing sites and warning Web surfers via a browser notice when they are about to visit a site that looks dangerous. So good, in fact, that scammers are resorting to a new tactic to lure victims into their traps via e-mails--attaching HTML files that are stored locally when they are opened, according ...


Continue reading ...
 

How to avoid disaster-related Internet scams

Posted by on Tuesday, March 22, 2011, In : Security 
In every disaster scammers see an opportunity, and the crisis in Japan is no exception. Already there have been fake Red Cross e-mails circulating and there will no doubt be more scams coming.

Those e-mails appear to come from the British Red Cross. They provide some news on the earthquake and tsunami in Japan and urge people to donate to a Yahoo e-mail address on a Moneybookers account, a money transfer service that enables recipients to remain anonymous, according to App River, an e-m...


Continue reading ...
 

Geinimi Android Trojan horse discovered

Posted by vijai on Sunday, January 2, 2011, In : Security 

There has been something of a sting in the tail of the year for lovers of the Android mobile operating system, as researchers uncovered a new Trojan horse.

The Troj/Geinimi-A malware (also known as "Gemini") has been seen incorporated into repackaged versions of various applications and games, and attempts to steal data, and may contact remote URLs.

Although some media reports have portrayed Geinimi as the first ever malware for the Google Android operating system, this isn't correct. For insta...

Continue reading ...
 

Searching for free stuff online can be costly

Posted by vijai on Thursday, September 16, 2010, In : Security 
This pie chart shows the different threats that can come from 
visiting Web sites that advertise unauthorized content.

This pie chart shows the different threats that can come from visiting Web sites that advertise unauthorized content.

(Credit: McAfee)

It's common knowledge that you can catch computer viruses on porn Web sites. But did you know it's also risky to surf the Web searching for free movies or music?

A study from McAfee to be released on Tuesday finds that adding the word "free" when looking for entertainment content in search engines greatly increases the chances of landing on a site hos...


Continue reading ...
 

How secure is your e-mail password?

Posted by Elinor Mills (CNET Writer) on Thursday, September 16, 2010, In : Security 
Access to an e-mail account opens up access to all sorts of other information that could be used to steal someone's identity and drain bank accounts, open up credit cards, and even take out loans in their name.

It's not just personal information at stake in e-mail accounts. Use of weak password-reset security questions is believed to have allowed someone to access the Yahoo e-mail account of a Twitter employee last year and then use that to access the person's Google Docs account where there w...

Continue reading ...
 

Be cautious of Internet access at airports

Posted by Oyya-Info on Thursday, August 26, 2010, In : Security 

Accessing the Internet via an open Wi-Fi network is risky because you have no idea who is the hot spot provider or who is connected to it. At the airport it may seem more secure to use a terminal to check your e-mail or update your Facebook status; however, according to Symantec, these terminals might not be secure at all.

In a recent article on the company's Web site, Nick Johnston, senior software engineer of Symantec Hosted Services, wrote that at one Internet terminal at a large airport ...


Continue reading ...
 

Stuxnet Malware could hijack power plants, refineries

Posted by Oyya-Info on Tuesday, August 17, 2010, In : Security 
A worm that targets critical infrastructure companies doesn't just steal data, it leaves a back door that could be used to remotely and secretly control plant operations, a Symantec researcher said on Thursday.

The Stuxnet worm infected industrial control system companies around the world, particularly in Iran and India but also companies in the U.S. energy industry, Liam O'Murchu, manager of operations for Symantec Security Response, told CNET. He declined to say how may companies may have be...

Continue reading ...
 

VeriSign adds malware scanning to SSL services

Posted by Oyya-Info on Tuesday, July 20, 2010, In : Security 

VeriSign is adding malware scanning to its authentication services for Web site operators, the company announced on Monday.

The "VeriSign Trusted" check mark seal indicates to Web surfers that VeriSign has verified that the site represents the organization or company that it purports to be and that it is using encryption to protect communications between the site and its visitors. Now, existing and new VeriSign SSL customers will have their sites scanned daily to check for malware as ...


Continue reading ...
 

DNSSEC protocol to plant security at Net's roots

Posted by Oyya-Info on Friday, July 16, 2010, In : Security 
The secure domain name server (DNS) protocol DNSSEC guarantees the authenticity of the mechanism that converts human-friendly internet addresses to the Internet Protocol numeric address system. DNSSEC — short for Domain Name System Security Extensions — uses digital signatures to assure name servers that the DNS data they receive has not been intercepted or tampered with.

The organisation responsible for managing the assignment of IP addresses and domain names, Icann, on Thursday publishe...

Continue reading ...
 

What to do with passwords once you create them

Posted by Oyya-Info on Friday, July 16, 2010, In : Security 

Cryptography expert Bruce Schneier used to write his passwords down on a slip of paper and keep it in his wallet.

Today, he uses a free Windows password-storage tool called Password Safe that he designed five years ago and released into the open-source community. The desktop application lets users remember only one master password to access their password list.

But Schneier still recommends the paper method for people who don't have their computers with them at all times like he doe...


Continue reading ...
 

Survey: 63% don't change passwords very often

Posted by Oyya-Info on Saturday, March 27, 2010, In : Security 

Security firm Symantec on Friday released results of a survey on password management that showed 63 percent of respondents don't change their passwords very often, 45 percent use a few passwords that they alternate for all accounts, and some 10 percent don't change their passwords at all.

A not so far-fetched analogy of the password by the University of Wyoming

These are a startling numbers as, according to the survey, 44 percent of respondents said they have more than 20 accounts...


Continue reading ...
 

When malware strikes via bad ads on good sites

Posted by Oyya-Info on Tuesday, March 16, 2010, In : Security 

Matt Drudge and Michael Arrington found themselves this week in an unpleasant position when visitors to their respective Drudge Report and TechCrunch sites were targeted by malware that appeared to have come from ads.

While Drudge vehemently denied it and blamed accusers with playing politics, Arrington acknowledged on Thursday that there had been malware-laden ads on TechCrunch on Wednesday. It's unclear which ad network served up the malware and what type of malware it was, althoug...


Continue reading ...
 

Want really secure Gmail? Try GPG encryption

Posted by Oyya-Info on Thursday, January 14, 2010, In : Security 

Perhaps Google's announcement that Chinese cyber attackers went after human rights activists' Gmail accounts has made you skittish about just how private your own messages are on the Google e-mail service.

Well, if you want to take a significant step in keeping prying eyes away from your electronic correspondence, one good encryption technology that predates Google altogether is worth looking at. It's called public key encryption, and I'm sharing some instructions on how to get it working i...


Continue reading ...
 

Scammers exploit Google Doodle to spread malware

Posted by Oyya-Info on Thursday, December 17, 2009, In : Security 

This Google Doodle featuring the Esperanto flag was exploited by scammers to spread malware, according to Barracuda Networks.

(Credit: Google)

Online scammers are taking advantage of the public's interest in the Google Doodle to spread malware, a security firm warned on Tuesday.

In so-called "SEO poisoning," scammers use search engine optimization techniques to increase the distribution of malware. They create special malware-rigged Web sites or hide malware on legitimate Web sites they've...


Continue reading ...
 

Character limitations in passwords considered harmful

Posted by Oyya-Info on Thursday, December 3, 2009, In : Security 

For about the 4,000th time in the last five years, I tried to sign up for a new Web service, but it wouldn't accept my proposed password. Apparently, the site operators decided that passwords should contain only letters and numbers. Aarrrrgh! This isn't the first time I've seen this idiocy, and it won't be the last. But it should be.

Guidelines on how to construct a strong password almost uniformly recommend using a mixture of upper and lower case letters, numbers, and symbols. Tools for gene...


Continue reading ...
 

Chrome OS security: 'Sandboxing' and auto updates

Posted by Oyya-Info on Tuesday, November 24, 2009, In : Security 
With most computers threatened by attacks coming through Web applications, it's no surprise that security would be a key piece of Chrome OS, Google's browser-based operating system that stores data in the cloud.

Google showed off its new lightweight operating system designed for Netbooks and cloud computing on Thursday. As anticipated, it will rely on many of the same security features and concepts used by the Chrome browser.

"The browser is the operating system. We've expanded the browser to...


Continue reading ...
 

New Firefox 3.6 beta aims to cut crashes

Posted by oyya-Info on Thursday, November 19, 2009, In : Security 

Mozilla released a third beta of Firefox 3.6 on Wednesday, adding stability and performance features, and said it hopes to lock down the code soon for its first release candidate.

The new beta, for Windows, Mac, and Linux, includes a component directory lockdown that makes it harder for other software to meddle with the open-source browser's state by preventing that software from sidling into the same folder as the browser's own components. The result should be fewer crashes, said Mozilla's...


Continue reading ...
 

Apple plugs holes for domain spoofing, other attacks

Posted by Oyya-Info on Tuesday, November 10, 2009, In : Security 

Apple on Monday released a large security update for Mac OS X that fixes dozens of vulnerabilities and provides protection against potential attacks exploiting a weakness in the protocol used to verify that a domain is legitimate.

There are 43 specific issues addressed in the 2009-006 update, released the same day as Mac OS X v.10.6.2.

It plugs a variety of holes for the Mac OS X v10.5.8, 10.6, 10.6.1, and Mac OS X Server v10.6 and 10.6.1, many of which could lead to arbitrary code execution...


Continue reading ...
 

New Trojan encrypts files but leaves no ransom note

Posted by Oyya-Info on Tuesday, November 3, 2009, In : Security 

Symantec is warning about a new Trojan horse that encrypts files on compromised computers but offers no ransom note like other software designed to hold data hostage for a fee.

Instead, a Web search for terms related to the Trojan horse leads to a company offering a way to remove the malware. The company offering the product used to charge for it but now offers it for free.

Trojan.Ramvicrype uses the RC4 algorithm to encrypt files on systems running Windows 98, 95, XP, Windows Me, Vista, N...


Continue reading ...
 

More security breaches hit midsize companies

Posted by Oyya-Info on Thursday, October 29, 2009, In : Security 

More midsize companies are being attacked by cybercriminals at the same time they're spending less on security, says a McAfee report released Wednesday.

Across the world, more than half of the 900 midsize businesses (51 to 1,000 employees) surveyed by McAfee for its report, The Security Paradox, said they've seen an increase in security breaches over the past year. Despite the threat, the recession has caused most of these companies to freeze their IT security budgets.

Midsize organizations have seen an increase in cyberthreats in 2009. (Credit: McAfee)

M...


Continue reading ...
 

Bank Trojan botnet targets Facebook users

Posted by Oyya-Info on Thursday, October 29, 2009, In : Security 

On the heels of one fake Facebook e-mail scam, a researcher warned on Wednesday of another such campaign in which users of the popular social network are being tricked into revealing their passwords and downloading a Trojan that steals financial data.

In the latest scam being blasted to e-mail in-boxes, a legitimate-looking Facebook notice asks people to provide information to help the social network update its log-in system, said Fred Touchette, a senior security analyst at AppRiver. When...


Continue reading ...
 

Adobe exploit puts backdoor on computers

Posted by Oyya-Info on Sunday, October 11, 2009, In : Security 

A new zero-day exploit targeting Adobe Reader, as well as 9.1.3 and earlier versions of Adobe Systems' Acrobat, drops a backdoor onto computers using JavaScript, Trend Micro researchers warned on Friday.

Trend Micro identified the exploit as a Trojan horse dubbed "Troj_Pidief.Uo" in a blog post. It arrives as a PDF file containing JavaScript-based malware, "Js_Agent.Dt," and then drops a backdoor called "Bkdr_Protux.Bd."

The exploit affects Microsoft Windows 98, ME, NT, 2000, XP, and Serv...


Continue reading ...
 

Comcast pop-ups alert customers to PC infections

Posted by Oyya-Info on Friday, October 9, 2009, In : Security 

Comcast is launching a trial on Thursday of a new automated service that will warn broadband customers of possible virus infections, if the computers are behaving as if they have been compromised by malware.

For instance, a significant overnight spike in traffic being sent from a particular Internet Protocol address could signal that a computer is infected with a virus taking control of the system and using it to send spam as part of a botnet.

Comcast is launching a trial of a service that...


Continue reading ...
 

Verizon, McAfee team up on security products

Posted by Oyya-Info on Thursday, October 8, 2009, In : Security 
With security and cloud-computing both hot-button topics, Verizon Communications and McAfee are joining forces to offer customers a combination of the two.

Verizon's business unit and McAfee announced Thursday a new joint venture to sell cloud-based security products and services to large businesses and government agencies. With more companies tapping into the "cloud" to lower costs and outsource administration, McAfee and Verizon will sell a new suite of cloud-based security products, expandi...

Continue reading ...
 

Banking Trojan steals money from under your nose

Posted by Oyya-Info on Wednesday, September 30, 2009, In : Security 

Researchers at security firm Finjan have discovered details of a new type of banking Trojan horse that doesn't just steal your bank log-in credentials but actually steals money from your account while you are logged in and displays a fake balance.

The bank Trojan, dubbed URLZone, has features designed to thwart fraud detection systems which are triggered by unusual transactions, Yuval Ben-Itzhak, chief technology officer at Finjan, said in an interview Tuesday. For instance, the software is...


Continue reading ...
 

Malware worldwide grows 15 percent in September

Posted by Oyya-Info on Tuesday, September 29, 2009, In : Security 

A rise in malware has caused the number of infected PCs worldwide to increase 15 percent just from August to September, says a report released Tuesday from antivirus vendor Panda Security.

Across the globe, the average number of PCs hit by malware now stands around 59 percent, an all-time high for the year. Among 29 countries tracked, the U.S. ranked ninth with slightly more than 58 percent of its PCs infected. Taiwan hit first place with an infection ratio of 69 percent, while Norway came i...


Continue reading ...
 

Why virus writers are turning to open source

Posted by Oyya-Info on Saturday, September 19, 2009, In : Security 

Malware developers are going open source in an effort to make their malicious software more useful to fraudsters.

By giving criminal coders free access to malware that steals financial and personal details, the malicious software developers are hoping to expand the capabilities of old Trojans.

According to Candid W?est, threat researcher with security firm Symantec, around 10 percent of the Trojan market is now open source.

The move to an open source business model is allowing criminals t...


Continue reading ...
 

SANS report: IT Security defenses misdirected

Posted by Oyya-Info on Tuesday, September 15, 2009, In : Security 

Organizations are finding it difficult to prioritize defense strategies against cyberattacks because most of them do not have an Internet-wide view of the attacks, according to a report from SANS Institute, the security training organization.

As a result, two security risks--Web applications and phishing--carry the greatest potential for damage, even though users instead tend to concentrate on less-critical risks.

The report, published by security training organization SANS Institute, amalg...


Continue reading ...
 

Symantec tool calculates your data's value to thieves

Posted by Oyya-Info on Thursday, September 10, 2009, In : Security 

It's no secret that criminals are stealing credit card and bank account data and selling it underground. But most people would find it shocking to learn just how little their sensitive personal information costs.

Symantec on Thursday is launching its Norton Online Risk Calculator, a tool that people can use to see how much their online information is worth on the black market. The tool also offers a risk rating based on demographics, online activity, and estimated value of online informatio...


Continue reading ...
 

Trend Micro launches new security tracking tool

Posted by Oyya-Info on Monday, August 31, 2009, In : Security 

It used to be that an IT administrator could warn employees about opening attachments from unknown sources or clicking on links from unknown e-mail senders as the first line of defense against spam, malware, and other bad stuff on the Internet.

Today, the seedy side of the Internet comes in many different forms and from many different sources. Stop for a moment and think about the new places where malware might be buried, hidden, released, and shared--a legitimate site that's been hacked, a b...


Continue reading ...
 

Symantec pulls Norton patch after error reports

Posted by Oyya-Info on Thursday, August 27, 2009, In : Security 

This is the error message on the Norton support Web site after users reported that the patch failed to install properly.

(Credit: Symantec)

Symantec is providing a fix for customers who got error messages after a patch deployment went awry for some Norton users, the company said on Tuesday.

The problem started last Wednesday when Symantec deployed patches for Norton AntiVirus 2009, Norton Internet Security 2009, and Norton 360 v3 via LiveUpdate. Some customers received error messages saying th...


Continue reading ...
 

Cisco wireless LANs at risk of attack, 'skyjacking'

Posted by Oyya-Info on Tuesday, August 25, 2009, In : Security 

Cisco Systems wireless local area network equipment used by many corporations around the world is at risk of being used in denial-of-service attacks and data theft, according to a company that offers protection for WLANs.

Researchers at AirMagnet, which makes intrusion-detection systems for WLANs, discovered the vulnerability, which affects all lightweight Cisco wireless access points, as well as the exploit that could be used against networks that have the Over-the-Air-Provisioning (OTAP) ...


Continue reading ...
 

How to make strong, easy-to-remember passwords

Posted by Oyya-Info on Friday, August 14, 2009, In : Security 

One of the best ways to protect your online security is to have strong passwords that you change periodically. But that's easier said than done. Coming up with hard-to-guess passwords is hard enough, but it's even harder to have separate passwords for different sites and to remember new ones after you change them.

One way to create a password that's hard to guess but easy to remember is to make up a phrase. You could type in the entire phrase (some sites let you use spaces, others don't) or y...


Continue reading ...
 

FAQ: The ins and outs of DoS attacks

Posted by Oyya-Info on Friday, August 7, 2009, In : Security 

Thursday's denial-of-service attack that knocked Twitter offline for a few hours and affected Facebook, LiveJournal, and Google Sites and Blogger wasn't your average attack.

Typically, someone who has a bone to pick with a specific Web site will round up some hijacked PCs and use them to try to shut the site down. In this case, whoever was responsible was trying to block access to a specific user's accounts and not the sites themselves.

Denial-of-service attacks aren't always straight forwa...


Continue reading ...
 

Symantec Phishing Report - Attacks rose 52 percent

Posted by Oyya-Info on Thursday, August 6, 2009, In : Security 

Phishing attacks rose 52 percent in July while spam as a percentage of all e-mail stayed about the same compared with the previous month, according to the latest reports from Symantec that tracked spam and phishing activity for the month.

The State of Spam (PDF) and State of Phishing (PDF) reports were released Thursday.

With some fluctuations, spam averaged around 89 percent of all e-mail in July, noted Symantec. That compares with about 90 percent for the month of June. There are dist...


Continue reading ...
 

Researchers exploit flaws in SSL and domain authentication system

Posted by Oyya-Info on Thursday, July 30, 2009, In : Security 
Two researchers have separately uncovered flaws in the way domain names are verified on the Internet that could allow attackers to impersonate a site and steal information from unsuspecting Web surfers.

Dan Kaminsky, who discovered a serious flaw in the Domain Name System (DNS) last year, and Moxie Marlinspike gave presentations at the Black Hat security conference on Wednesday about how someone could acquire certificates for domains they don't own and thus trick people into visiting those i...


Continue reading ...
 

From iPhones to smart grids at Black Hat, Defcon

Posted by Oyya-Info on Monday, July 27, 2009, In : Security 

My favorite security show each year is one at which there are no sales pitches, the speakers favor black T-shirts and dyed hair over suits and ties, and the talks tend to be controversial enough to prompt legal threats and even arrests.

I'm talking about Defcon, which starts Thursday and runs through Sunday. The event turns part of the Las Vegas strip into a geek equivalent of "Animal House" for a three-day weekend every summer.

Started in 1993 by Jeff Moss, aka Dark Tangent, Defcon bring...


Continue reading ...
 

HP researchers develop browser-based darknet

Posted by Oyya-Info on Sunday, July 26, 2009, In : Security 

Two researchers for Hewlett-Packard have created a browser-based darknet, an idea that could make it easier for businesses to keep eavesdroppers from uncovering confidential information.

Darknets are encrypted peer-to-peer networks normally used to communicate files between closed groups of people. Most darknets require a certain level of technological literacy to set up and maintain, including taking care of the necessary servers. However, HP researchers Billy Hoffman and Matt Wood plan nex...


Continue reading ...
 

Researchers to offer tool to break into Oracle databases at hacker show

Posted by Oyya-Info on Thursday, July 23, 2009, In : Security 

Security experts will be releasing a tool that can be used to break into Oracle databases during their presentation at the Black Hat and Defcon hacker conferences next week in Las Vegas.

Chris Gates and Mario Ceballos will present Oracle Pentesting Methodology and give out "all the tools to break the 'unbreakable' Oracle as Metasploit auxiliary modules," according to the summary of their presentation on the Defcon Web site.

Gates is a member of the Metasploit project, an open-sour...


Continue reading ...
 

Chrome security in limelight with Google OS plan

Posted by Oyya-Info on Wednesday, July 22, 2009, In : Security 

The techniques Google uses to protect Chrome users from browser-based attacks have taken on new importance with the company's plan to make the software the centerpiece of a Netbook operating system.

Two weeks ago, Google announced plans for the open-source Chrome OS designed for people who spend most of their time on the Web. The Google Chrome operating system is a "natural extension" of the Chrome browser, Sundar Pichai, vice president of product management, and Linus Upson, engineering d...


Continue reading ...
 

Linux exploit gets around security barrier

Posted by Oyya-Info on Tuesday, July 21, 2009, In : Security 

A security researcher has released zero-day code for a flaw in the Linux kernel, saying that it bypasses security protections in the operating system.

The source code for the exploit was made available last week by researcher Brad Spengler on the Dailydave mailing list. According to the researcher, the code exploits a vulnerability in Linux version 2.6.30, and 2.6.18, and affects both 32-bit and 64-bit versions. The 2.6.18 kernel is used in Red Hat Enterprise Linux 5.

The exploit bypasses nul...


Continue reading ...
 

Symbian admits Trojan slip-up

Posted by Oyya-Info on Saturday, July 18, 2009, In : Security 

The Symbian Foundation has acknowledged that its process for keeping malicious applications off Symbian OS-based phones needs improvement, after a Trojan horse program passed a security test.

The botnet-building Trojan, which calls itself "Sexy Space," passed through the group's digital-signing process, Symbian's chief security technologist Craig Heath said Thursday. Heath said the group is working on improving its security-auditing procedure.

"When software is submitted, we do try to filt...


Continue reading ...
 

Zero-day flaw found in Firefox 3.5

Posted by Oyya-Info on Wednesday, July 15, 2009, In : Security 

There is a critical JavaScript vulnerability in the Firefox 3.5 Web browser, Mozilla has warned.

The zero-day flaw lies in Firefox 3.5's Just-in-time (JIT) JavaScript compiler. Proof-of-concept code to exploit the vulnerability has been posted online by a security research group, Mozilla said in a post on its security blog on Wednesday. Security company Secunia rated the vulnerability as "highly critical" on Wednesday.

The hole could allow a hacker to launch a "drive-by" attack, according to...


Continue reading ...
 

Botnet worm in DOS attacks could wipe data out on infected PCs

Posted by Oyya-Info on Friday, July 10, 2009, In : Security 

The denial of service attacks against Web sites in the U.S. and South Korea that started last weekend may have stopped for now, but code on the infected bots was set to wipe data on Friday, security experts said.

There were no immediate reports of any of the compromised PCs in the botnet having files deleted, but that doesn't mean it wasn't happening or won't in the future, said Gerry Egan, a product manager in Symantec's Security Technology Response group.

There are only about 50,000 infe...


Continue reading ...
 

Microsoft warns of hole in Video ActiveX control

Posted by Oyya-Info on Monday, July 6, 2009, In : Security 

Microsoft on Monday warned of a vulnerability in its Video ActiveX Control that could allow an attacker to take control of a PC if the user visits a malicious Web site.

There have been limited attacks exploiting the hole, which affects Windows XP and Windows Server 2003, Microsoft said on its Security Response Center blog.

This is the second DirectShow security hole Microsoft has announced in the past few months. The company has yet to provide a security update for a vulnerability announced ...


Continue reading ...
 

Postini: Google's take on e-mail security

Posted by Oyya-Info on Thursday, July 2, 2009, In : Security 

The computer security industry historically borrows military defense concepts to combat digital threats, literally creating war rooms where experts follow attacks in progress on huge screens with phones ringing off the hook. 

Not so at Google's Postini e-mail security service provider unit. Instead, computerized systems monitor 3 billion messages per day that flow in and out of customer systems and pass through Postini's thousands of machines in data centers around the U.S. and in Europe befo...


Continue reading ...
 

Microsoft Security Essentials not quite a must-have

Posted by Oyya-Info on Wednesday, June 24, 2009, In : Security 

Microsoft on Tuesday released its latest foray into security software as a limited beta. Microsoft Security Essentials, known in development as Morro, is limited to 75,000 downloads in four countries: the United States, Israel, Brazil, and China.

Security Essentials contains all the basic features that users have come to expect from free security software: multiple built-in and customizable scan options, a scheduler, automatic definition file updates, a real-time defense shield, and rootkit...


Continue reading ...
 

Microsoft's free anti-malware beta to arrive next week

Posted by Oyya-Info on Friday, June 19, 2009, In : Security 

Microsoft will launch a public beta of its anti-malware service, Microsoft Security Essentials, on Tuesday as it phases out its Live OneCare suite in favor of a simpler free consumer security offering.

Microsoft Security Essentials, which will run on Windows XP, Vista, and Windows 7, will be available in the U.S., Brazil, and Israel in English and Brazilian Portuguese. A public beta version for Simplified Chinese will be available later in the year.

The service works like traditional antivi...


Continue reading ...
 

Google considers request to boost privacy

Posted by Oyya-Info on Wednesday, June 17, 2009, In : Security 

PST to clarify that Gmail data has always been encrypted by default when a user types in https:// and that last year they offered the ability to set https:// as the default.

More than three dozen security and privacy advocates and researchers are asking Google to offer better data protection for users of Gmail and other Google apps and Google said on Tuesday that it is considering doing that, if it doesn't slow down the apps too much.

You may not know this but you can set Gmail to encrypt ...


Continue reading ...
 

Dasient helps Web sites avoid blacklists, malware

Posted by Oyya-Info on Tuesday, June 16, 2009, In : Security 

Last week, PBWorks founder David Weekly found out from some customers that his hosted collaboration site had been blacklisted by Symantec for hosting malware and, thus, visitors to any of the 10 million pages on PBWorks were being warned that the site wasn't safe.

"(Damn) you, Norton Safe Web. Whenever one file on one PBWorks space has a virus, all of PBworks is marked unsafe?!" a frustrated Weekly wrote on Twitter and Facebook on Thursday. In a follow-up interview, he said: "That's tarnishi...


Continue reading ...
 

The botnet threat in China's censorship software

Posted by Oyya-Info on Monday, June 15, 2009, In : Security 

Experts have warned of serious security flaws in the Chinese government's censorship software, which could open the door to hackers creating huge botnets.

Programming errors in the Green Dam Youth Escort software, which the Chinese Ministry of Industry and Information Technology said Tuesday must be preinstalled on all new computers in the country, are at the root of the flaws, according to experts from the University of Michigan.

"Once Green Dam is installed, any website the user visits ...


Continue reading ...
 

Look Ma, I created a botnet!

Posted by Oyya-Info on Monday, June 15, 2009, In : Security 

The abstract concepts of "botnet" and "Trojan" just became a lot more concrete for me.

In less than an hour on Thursday, I was able to use programs readily available on the Internet underground for as little as $300 to infect several Windows clients and take complete control of them in a test environment.

In contrast to the real world, the McAfee Malware Experience event, which was akin to a Malware 101 class (or, in my case, Malware ...


Continue reading ...
 

Microsoft takes aim at fake antivirus program

Posted by Oyya-Info on Monday, June 15, 2009, In : Security 

Microsoft's Malicious Software Removal Tool was updated this week to detect a generic type of fake antivirus program known as "Win32/InternetAntivirus."

The Microsoft Malware Protection Center gives Win32/InternetAntivirus an alert level of "severe." The software is "a rogue program that displays false and misleading alerts regarding malware, in order to convince users to purchase rogue security software," according to a Microsoft Malwa...


Continue reading ...
 

Hacker named to Homeland Security Advisory Council

Posted by Oyya-Info on Monday, June 15, 2009, In : Security 

Jeff Moss, founder of the Black Hat and Defcon hacker and security conferences, was among 16 people sworn in on Friday to the Homeland Security Advisory Council.

The HSAC members will provide recommendations and advice directly to Secretary of Homeland Security Janet Napolitano.

Moss' background as a computer hacker (aka "Dark Tangent") and role as a luminary among young hackers who flock to Defcon in Las Vegas every summer might seem to make him an odd choice to swear allegiance to the...


Continue reading ...
 

ATM malware lets criminals steal data and cash

Posted by Oyya-Info on Monday, June 15, 2009, In : Security 

Malware has been found on ATMs in Eastern Europe and elsewhere that allows criminals to steal account data and PINs and even empty the machine of its cash, a computer forensics expert said.

About 20 ATMs have been compromised in that manner, mostly in Russia and the Ukraine, but there are "early indications" of compromised ATMs in the U.S., said Nicholas Percoco, vice president and head of SpiderLabs at Trustwave, which provides data security and payment card compliance services.

Percoco ...


Continue reading ...
 

McAfee's new family shield

Posted by Oyya-Info on Monday, June 15, 2009, In : Security 

On the heels of Symantec's OnlineFamily.Norton released earlier this year, security stalwart McAfee jumps into the family protection game with a new home-oriented protection program. Called McAfee Family Protection, the program offers many familiar tools to parents in the hopes of fostering conversation while protecting children from harm.

McAfee Family Protection protects children based on multiple levels of technology.

(Credit: McAfee)

McAfee Family Protection offers block...


Continue reading ...
 

Data backup service leads to recovery of stolen laptop

Posted by Oyya-Info on Monday, June 15, 2009, In : Security 

Using a data backup program helps recover lost data but can also help get a stolen laptop back--if you're lucky.

A Berkeley, Calif., man recently recovered his stolen laptop after seeing photos the thief took of himself with the built-in camera via his Internet-based data backup program.

That's according to a police officer's article in an e-mail newsletter from Berkeley City Councilmember Susan Wengraf that was posted to the Web by open-source advocate Bruce Perens.

It all started on ...


Continue reading ...
 

Turkish hackers breached U.S. Army servers

Posted by Oyya-Info on Monday, June 15, 2009, In : Security 

Hackers based in Turkey penetrated two U.S. Army Web servers and redirected traffic from those Web sites to other pages, including one with anti-American and anti-Israeli messages, according to a report in InformationWeek.

The hackers, who go by the group name "m0sted," breached a server at the Army's McAlester Ammunition Plant in Oklahoma on January 26 and a server at the U.S. Army Corps of Engineers' Transatlantic Center in Winchester, Va., on September 19, 2007, the report said.

Inve...


Continue reading ...
 

Gumblar attack is alive, worse than Conficker

Posted by Oyya-Info on Monday, June 15, 2009, In : Security 

The Web site compromise attack known as Gumblar has added new domain names that are downloading malware onto unsuspecting computers, stealing FTP credentials to compromise more sites, and tampering with Web traffic, a security firm said on Thursday.

The Gumblar attack started in March with Web sites being compromised and attack code hidden on them. Originally, the malware downloaded onto computers accessing those sites came from the gumblar.cn domain, a Chinese domain associated with Russ...


Continue reading ...
 

Clickjacking: Hijacking clicks on the Internet

Posted by Oyya-Info on Monday, June 15, 2009, In : Security 

What if you reached to grab a newspaper out of a news stand and you found a rock in your hand instead? How about opening the front door to a grocery store and ending up on a boat?

This sounds like a Matrix movie, but the virtual equivalent of this is real and poses one of the most serious new risks on the Internet, according to Jeremiah Grossman, chief technology officer and co-founder of Whitehat Security.

"Most exploits (like worms and attacks that take advantage of holes in software) ca...


Continue reading ...
 

Microsoft warns of new server vulnerability

Posted by Oyya-Info on Monday, June 15, 2009, In : Security 

A new, unpatched vulnerability exists in one of Microsoft's server products, the company warned late Monday.

In a technical bulletin, the company said it is looking into "public reports of a possible vulnerability in Microsoft Internet Information Services (IIS)."

The company said that a flaw exists in a certain type of Web serving operation.

"An elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS handles HTTP requests," Microsoft said. "An attacker ...


Continue reading ...
 

Protecting yourself from vishing attacks

Posted by Oyya-Info on Monday, June 15, 2009, In : Security 

You might have heard about online "phishing" scams designed to steal money from unsuspecting Web users, but now criminals are using another type of scam called "vishing" to commit the same crimes.

Last week, the Federal Trade Commission filed lawsuits against two telemarketing firms in Florida and a company claiming to sell extended automobile warranties for violating the Do Not Call registry and fraud for selling bogus warranties for between $2,000 and $3,000 a pop. Since 2007, the compan...


Continue reading ...
 

Pirated Windows 7 RC builds botnet

Posted by Oyya-Info on Monday, June 15, 2009, In : Security 

A pirated version of Windows 7 Release Candidate infected with a Trojan horse has created a botnet with tens of thousands of bots under its control, according to researchers at security firm Damballa.

The software, which first appeared on April 24, spread as quickly as several hundred new bots per hour, and controlled roughly 27,000 bots by the time Damballa took over the network's command and control server on May 10, the firm said Tuesday.

The pirated software was spread via popular pir...


Continue reading ...
 

Microsoft patches critical PowerPoint hole

Posted by Oyya-Info on Monday, June 15, 2009, In : Security 

Microsoft on Tuesday released a patch aimed to fix a critical vulnerability in PowerPoint that had already led to exploits.

The vulnerability is listed as critical for Office 2000, but rated only as important for Office XP, Office 2003, and Office 2007. However, the hole had already formed the basis of targeted attacks, prompting Microsoft to issue a warning last month.

Although Microsoft says the hole is now patched in the Windows version of P...


Continue reading ...
 

Cybercriminals use fake search engines to spread malware

Posted by Oyya-Info on Monday, June 15, 2009, In : Security 

Cybercriminals have moved on from search engine optimization techniques and are now creating fake search sites designed solely to direct Web surfers to pages hosting malware, Panda Security warned on Wednesday.

Previously, attackers resorted to sending e-mails with malicious code in attachments and with links to malicious Web sites and took measures to push those Web sites higher in search engine rankings. Now, they're also creating fake search engines that ...


Continue reading ...
 

McAfee blasted for having holes in its Web sites

Posted by Oyya-Info on Monday, June 15, 2009, In : Security 

Security researcher Mike Bailey released this screen shot showing that he gained access to McAfee Secure via a cross-site request forgery hole.

Security vulnerabilities on McAfee sites, including one designed to scan customers' sites for flaws, exposed certain customer accounts and could have been used for phishing attacks in which malware disguised as McAfee software could be distributed, security experts say.

McAfee said late on Tuesday that most of the vulnerabilities were fixed, excep...


Continue reading ...
 

Feds' red tape left medical devices infected with computer virus

Posted by Oyya-Info on Monday, June 15, 2009, In : Security 

The Conficker Internet virus has infected important computerized medical devices, but governmental red tape interfered with their repair, an organizer of an antivirus working group told Congress on Friday.

Rodney Joffe, one of the founders of an unofficial organization known as the Conficker Working Group, said that government regulations prevented hospital staff from carrying out the repairs.

Joffe, who also is the senior vice president for the telecom clearinghouse Neustar, told a panel of ...


Continue reading ...
 

Microsoft tightens Windows 7 security for USB drives

Posted by Oyya-Info on Monday, June 15, 2009, In : Security 

In the wake of the Conficker worm spreading via removable storage devices among other methods, Microsoft said on Tuesday it is making a change to the way Windows 7 handles USB drives.

As a result of the change, most USB drives will not be able to automatically launch a program using a Windows feature known as AutoRun, Microsoft said in a post on its Security Research & Defense Blog.

So, if an infected USB drive is inserted on a machine then the AutoRun task will not be displayed, Microso...


Continue reading ...
 

McAfee launches free online cyber crime help center

Posted by Oyya-Info on Monday, June 15, 2009, In : Security 

Is your computer acting funny? Are you worried that you may have visited a malicious Web site or opened an e-mail attachment with malware?

Instead of worrying about it you can now go to a new Web site McAfee is launching on Tuesday that is designed to help computer users figure out if they have legitimate reason to be concerned.

The new Cybercrime Response Unit offers a forensic scanning tool that checks for malware on the computer and cookies left by suspicious Web sites to help deter...


Continue reading ...
 

Conficker virus begins to attack computers

Posted by Oyya-Info on Monday, June 15, 2009, In : Security 

Conficker, also known as Downadup or Kido, was expected to wreak havoc on April 1 when it was due to be activated, but it failed to cause many problems.

Internet virus experts, however, claim it is now quietly turning thousands of personal computers into servers of e-mail spam and installing spyware.

The worm started spreading late last year, infecting millions of computers and turning them into "slaves" that respond to commands sent from a remote server that effectively ...


Continue reading ...
 

Public-private security cooperation at RSA

Posted by Oyya-Info on Monday, June 15, 2009, In : Security 

In past years, I looked at the RSA security conference as a high-tech flea market staffed by the world's best security carnival barkers. Yes, important security topics were discussed, but the real focus of the show was selling products and doing deals.

This year's event has its share of tacky presentations and booth babes, but I'm hearing a lot of chatter about a far more important topic: the state of information security and its impact on us all. Finally, the combination of unending dat...


Continue reading ...
 

F-Secure says stop using Adobe Acrobat Reader

Posted by Oyya-Info on Monday, June 15, 2009, In : Security 

With all the Internet attacks that exploit Adobe Acrobat Reader people should switch to using an alternative PDF reader, a security expert said at the RSA security conference on Tuesday.

Of the targeted attacks so far this year, more than 47 percent of them exploit holes in Acrobat Reader while six vulnerabilities have been discovered that target the program, Mikko Hypponen, chief research officer of security firm F-Secure, said in a briefing with journalists.

Just last month, Adobe iss...


Continue reading ...
 

Firefox 3.0.9 targets 12 security vulnerabilities

Posted by Oyya-Info on Monday, June 15, 2009, In : Security 

Mozilla released an update to Firefox 3 on Tuesday that patches 12 security vulnerabilities, four of which it rated as critical.

Firefox 3.0.9, the Web browser's third update this year, fixes two critical vulnerabilities in the Firefox browser engine and two in its JavaScript engine, according to a security advisory posted Tuesday:

Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes ...

Continue reading ...
 

Windows 7 security enhancements

Posted by Oyya-Info on Monday, June 15, 2009, In : Security 

Windows 7 makes remote connectivity to corporate networks seamless, protects data on thumb drives, and offers fewer user account control prompts to bug users compared to Vista, Microsoft said on Monday.

The software giant began an education blitz about the security features of the newest version of its operating system at the start of the RSA 2009 security conference.

Windows 7, which was released in public beta in January, will have 29 percent fewer user account control (UAC) prompts ...


Continue reading ...
 

SMS messages could be used to hijack a phone

Posted by Oyya-Info on Monday, June 15, 2009, In : Security 

Be careful who you give your mobile phone number out to. An attacker with the right toolkits and skill could hijack your phone remotely just by sending SMS messages to it, according to mobile security firm Trust Digital.

In the Trust Digital demo on YouTube, an attacker sends an SMS message to the victim phone (on the left) which opens up a Web browser and downloads an executable file that directs it to send an SMS to the attacker's phone (on the right).

(Credit: Trust Digital)

In what it ...


Continue reading ...
 

Symantec acquires Mi5, expands security offerings

Posted by Oyya-Info on Monday, June 15, 2009, In : Security 

SAN FRANCISCO--Symantec has acquired Web security firm Mi5 Networks and plans to announce two new security suites at the RSA security conference on Tuesday.

Mi5 sells a Web security appliance that protects corporations against Web-based threats. Symantec will integrate the technology into its offerings later in 2009 and offer it as a stand-alone product, Joan Fazio, director of product marketing for Symantec Endpoint Security, said in an interview.

The all-cash transaction was completed ...


Continue reading ...
 

Secure software? Experts say it's no longer a pipedream

Posted by Oyya-Info on Monday, June 15, 2009, In : Security 

With the Conficker worm still hot and Microsoft patching multiple software vulnerabilities last week, it might be reasonable to assume the bad guys are winning the battle to get control over Internet-connected computers.

That's not necessarily the case. Developers are increasingly equipped with tools to shore up their products and vendors are collaborating in unprecedented ways to not only close holes in software, but also make sure they aren't in there in the first place, according to se...


Continue reading ...
 

Teen gets job and spreads another Twitter worm

Posted by Oyya-Info on Monday, June 15, 2009, In : Security 

The teenager who created the worms that hit Twitter earlier this week has been hired by a Web application development firm and on Friday released a fifth worm on the microblogging site.

Twitter fought off four waves of worm attacks last weekend and into Monday in which Twitter users were infected just by clicking on the name or image of someone whose account was infected. The worms appeared to do no damage other than spread to infected users' followers and modify profile pages.

Michael...


Continue reading ...
 

Conficker also installs fake antivirus software

Posted by Oyya-Info on Monday, June 15, 2009, In : Security 

Researchers have discovered another feature of the Conficker worm that provides an additional clue about the intent of the creators--the worm installs malware that masquerades as antivirus software, Trend Micro

said on Friday.

The worm, which has infected millions of Windows-based computers on the Internet, is downloading a program called Spyware Protect 2009 and displaying warning messages saying that the computer is infected and offering to clean it up for $49.95, according to the Trend ...


Continue reading ...
 
 



Best Communitation Website
Which communication website is best?

Myspace
Facebook
Twitter
Furry-paws
Youtube


Make a Free Website with Yola.