Posted by CNET on Wednesday, June 22, 2011,
In :
Security
The number of hacking events of late is making our heads spin at CNET.
By our count, there have been more than 40 computer attacks, network
intrusions, or data breaches in the last few months. And they seem to be
a daily occurrence. In previous coverage we've noted that it seems to be open hacking season, written about some of the hackers and groups who are behind the attacks and speculated on their motives, so we thought we'd provide a chronological chart listing the attacks so we could ... Continue reading ...
Posted by on Tuesday, March 22, 2011,
In :
Security
To get around phishing blacklists in browsers, scammers are luring
people by using HTML attachments instead of URLs, a security firm is
warning. 
Chrome and
Firefox
are good at detecting phishing sites and warning Web surfers via a
browser notice when they are about to visit a site that looks dangerous.
So good, in fact, that scammers are resorting to a new tactic to lure
victims into their traps via e-mails--attaching HTML files that are
stored locally when they are opened, according ... Continue reading ...
Posted by on Tuesday, March 22, 2011,
In :
Security
In every disaster scammers see an opportunity, and the crisis in Japan
is no exception. Already there have been fake Red Cross e-mails
circulating and there will no doubt be more scams coming. Those
e-mails appear to come from the British Red Cross. They provide some
news on the earthquake and tsunami in Japan and urge people to donate to
a Yahoo e-mail address on a Moneybookers account, a money transfer
service that enables recipients to remain anonymous, according to App River, an e-m... Continue reading ...
Posted by vijai on Sunday, January 2, 2011,
In :
Security
There has been something of a sting in the tail of the year for lovers of the Android mobile operating system, as researchers uncovered a new Trojan horse.
The Troj/Geinimi-A malware (also known as "Gemini") has been seen incorporated into repackaged versions of various applications and games, and attempts to steal data, and may contact remote URLs.
Although some media reports have portrayed Geinimi as the first ever malware for the Google Android operating system, this isn't correct. For insta... Continue reading ...
Posted by vijai on Thursday, September 16, 2010,
In :
Security
This pie chart shows the different threats that
can come from visiting Web sites that advertise unauthorized content.
(Credit:
McAfee)
It's common knowledge that you can catch computer viruses on porn Web
sites. But did you know it's also risky to surf the Web searching for
free movies or music? A study from McAfee to be released on
Tuesday finds that adding the word "free" when looking for entertainment
content in search engines greatly increases the chances of landing on a
site hos...
Posted by Elinor Mills (CNET Writer) on Thursday, September 16, 2010,
In :
Security
Access to an e-mail account opens up access to all sorts of other information that could be used to steal someone's identity and drain bank accounts, open up credit cards, and even take out loans in their name.
It's not just personal information at stake in e-mail accounts. Use of weak password-reset security questions is believed to have allowed someone to access the Yahoo e-mail account of a Twitter employee last year and then use that to access the person's Google Docs account where there w... Continue reading ...
Posted by Oyya-Info on Thursday, August 26, 2010,
In :
Security
Accessing the Internet via an open Wi-Fi network is risky because you have no idea who is the hot spot provider or who is connected to it. At the airport it may seem more secure to use a terminal to check your e-mail or update your Facebook status; however, according to Symantec, these terminals might not be secure at all.
In a recent article on the company's Web site, Nick Johnston, senior software engineer of Symantec Hosted Services, wrote that at one Internet terminal at a large airport ... Continue reading ...
Posted by Oyya-Info on Tuesday, August 17, 2010,
In :
Security
A worm that targets critical infrastructure companies doesn't just steal data, it leaves a back door that could be used to remotely and secretly control plant operations, a Symantec researcher said on Thursday.
The Stuxnet worm infected industrial control system companies around the world, particularly in Iran and India but also companies in the U.S. energy industry, Liam O'Murchu, manager of operations for Symantec Security Response, told CNET. He declined to say how may companies may have be... Continue reading ...
Posted by Oyya-Info on Tuesday, July 20, 2010,
In :
Security
VeriSign is adding malware scanning to its authentication services
for Web site operators, the company announced on Monday. The
"VeriSign Trusted" check mark seal indicates to Web surfers that
VeriSign has verified that the site represents the organization or
company that it purports to be and that it is using encryption to
protect communications between the site and its visitors. Now, existing
and new VeriSign SSL customers will have their sites scanned daily to
check for malware as ... Continue reading ...
Posted by Oyya-Info on Friday, July 16, 2010,
In :
Security
The secure domain name server (DNS) protocol DNSSEC guarantees the authenticity of the mechanism that converts human-friendly internet addresses to the Internet Protocol numeric address system. DNSSEC — short for Domain Name System Security Extensions — uses digital signatures to assure name servers that the DNS data they receive has not been intercepted or tampered with. The organisation responsible for managing the assignment of IP addresses and domain names, Icann, on Thursday publishe...
Posted by Oyya-Info on Friday, July 16, 2010,
In :
Security
Cryptography expert Bruce Schneier used to write his passwords down on a
slip of paper and keep it in his wallet. Today, he uses a free
Windows password-storage tool called Password
Safe that he designed five
years ago and released into the open-source community.
The desktop application lets users remember only one master password to
access their password list. But Schneier still recommends the
paper method for people who don't have their computers with them at all
times like he doe... Continue reading ...
Posted by Oyya-Info on Saturday, March 27, 2010,
In :
Security
Security firm Symantec on Friday released results
of a survey on password management that showed 63 percent of respondents
don't change their passwords very often, 45 percent use a few passwords
that they alternate for all accounts, and some 10 percent don't change
their passwords at all.
A not so far-fetched analogy of the password by
the University of Wyoming
These are a startling numbers as, according to the
survey, 44 percent of respondents said they have more than 20
accounts...
Posted by Oyya-Info on Tuesday, March 16, 2010,
In :
Security
Matt Drudge and Michael Arrington found themselves this week in an
unpleasant position when visitors to their respective Drudge Report and
TechCrunch sites were targeted by malware that appeared to have come
from ads. While Drudge vehemently denied it
and blamed accusers with playing politics, Arrington acknowledged on
Thursday that there had been malware-laden ads on TechCrunch on
Wednesday. It's unclear which ad network served up the malware and what
type of malware it was, althoug... Continue reading ...
Posted by Oyya-Info on Thursday, January 14, 2010,
In :
Security
Perhaps Google's announcement that Chinese cyber attackers went after human rights activists' Gmail accounts has made you skittish about just how private your own messages are on the Google e-mail service.
Well, if you want to take a significant step in keeping prying eyes
away from your electronic correspondence, one good encryption
technology that predates Google altogether is worth looking at. It's
called public key encryption, and I'm sharing some instructions on how
to get it working i... Continue reading ...
Posted by Oyya-Info on Thursday, December 17, 2009,
In :
Security
This Google Doodle featuring the Esperanto flag was exploited by scammers to spread malware, according to Barracuda Networks.
(Credit:
Google)
Online scammers are taking advantage of the public's interest
in the Google Doodle to spread malware, a security firm warned on
Tuesday. In so-called "SEO poisoning," scammers use search
engine optimization techniques to increase the distribution of malware.
They create special malware-rigged Web sites or hide malware on
legitimate Web sites they've... Continue reading ...
Posted by Oyya-Info on Thursday, December 3, 2009,
In :
Security
For about the 4,000th time in the last five years, I tried to sign
up for a new Web service, but it wouldn't accept my proposed password.
Apparently, the site operators decided that passwords should contain
only letters and numbers. Aarrrrgh! This isn't the first time I've seen this idiocy, and it won't be the last. But it should be.
Guidelines on how to construct a strong password almost uniformly
recommend using a mixture of upper and lower case letters, numbers, and
symbols. Tools for gene... Continue reading ...
Posted by Oyya-Info on Tuesday, November 24, 2009,
In :
Security
With most computers threatened by attacks coming through Web
applications, it's no surprise that security would be a key piece of
Chrome OS, Google's browser-based operating system that stores data in
the cloud.
Google showed off its new lightweight operating system designed for Netbooks and cloud computing on Thursday. As anticipated, it will rely on many of the same security features and concepts used by the Chrome browser.
"The browser is the operating system. We've expanded the browser to... Continue reading ...
Posted by oyya-Info on Thursday, November 19, 2009,
In :
Security
Mozilla released a third beta of
Firefox 3.6
on Wednesday, adding stability and performance features, and said it
hopes to lock down the code soon for its first release candidate.
The new beta, for Windows, Mac, and Linux, includes a component directory lockdown
that makes it harder for other software to meddle with the open-source
browser's state by preventing that software from sidling into the same
folder as the browser's own components. The result should be fewer
crashes, said Mozilla's... Continue reading ...
Posted by Oyya-Info on Tuesday, November 10, 2009,
In :
Security
Apple on Monday released a large security update for Mac OS X that
fixes dozens of vulnerabilities and provides protection against
potential attacks exploiting a weakness in the protocol used to verify
that a domain is legitimate. There are 43 specific issues addressed in the 2009-006 update, released the same day as Mac OS X v.10.6.2.
It plugs a variety of holes for the Mac OS X v10.5.8, 10.6, 10.6.1, and
Mac OS X Server v10.6 and 10.6.1, many of which could lead to arbitrary
code execution... Continue reading ...
Posted by Oyya-Info on Tuesday, November 3, 2009,
In :
Security
Symantec is warning about a new Trojan horse that encrypts files on
compromised computers but offers no ransom note like other software
designed to hold data hostage for a fee.
Instead, a Web search for terms related to the Trojan horse leads to a
company offering a way to remove the malware. The company offering the
product used to charge for it but now offers it for free.
Trojan.Ramvicrype uses the RC4 algorithm to encrypt files on systems
running Windows 98, 95, XP, Windows Me, Vista, N... Continue reading ...
Posted by Oyya-Info on Thursday, October 29, 2009,
In :
Security
More midsize companies are being attacked by cybercriminals at the
same time they're spending less on security, says a McAfee report
released Wednesday.
Across the world, more than half of the 900 midsize businesses (51 to 1,000 employees) surveyed by McAfee for its report, The Security Paradox,
said they've seen an increase in security breaches over the past year.
Despite the threat, the recession has caused most of these companies to
freeze their IT security budgets.
M... Continue reading ...
Posted by Oyya-Info on Thursday, October 29, 2009,
In :
Security
On the heels of one fake Facebook e-mail scam, a researcher warned on
Wednesday of another such campaign in which users of the popular social
network are being tricked into revealing their passwords and
downloading a Trojan that steals financial data.
In the latest scam being blasted to e-mail in-boxes, a
legitimate-looking Facebook notice asks people to provide information
to help the social network update its log-in system, said Fred
Touchette, a senior security analyst at AppRiver. When... Continue reading ...
Posted by Oyya-Info on Sunday, October 11, 2009,
In :
Security
A new zero-day exploit targeting Adobe Reader, as well as 9.1.3 and
earlier versions of Adobe Systems' Acrobat, drops a backdoor onto
computers using JavaScript, Trend Micro researchers warned on Friday.
Trend Micro identified the exploit as a Trojan horse dubbed "Troj_Pidief.Uo" in a blog post. It arrives as a PDF file containing JavaScript-based malware, "Js_Agent.Dt," and then drops a backdoor called "Bkdr_Protux.Bd."
The exploit affects Microsoft Windows 98, ME, NT, 2000, XP, and Serv... Continue reading ...
Posted by Oyya-Info on Friday, October 9, 2009,
In :
Security
Comcast is launching a trial on Thursday of a new automated service
that will warn broadband customers of possible virus infections, if the
computers are behaving as if they have been compromised by malware.
For instance, a significant overnight spike in traffic being sent from
a particular Internet Protocol address could signal that a computer is
infected with a virus taking control of the system and using it to send
spam as part of a botnet.
Comcast is launching a trial of a service that... Continue reading ...
Posted by Oyya-Info on Thursday, October 8, 2009,
In :
Security
With security and cloud-computing both hot-button topics, Verizon
Communications and McAfee are joining forces to offer customers a
combination of the two.
Verizon's business unit and McAfee announced Thursday a new joint
venture to sell cloud-based security products and services to large
businesses and government agencies. With more companies tapping into
the "cloud" to lower costs and outsource administration, McAfee and
Verizon will sell a new suite of cloud-based security products,
expandi... Continue reading ...
Posted by Oyya-Info on Wednesday, September 30, 2009,
In :
Security
Researchers at security firm Finjan have discovered details of a new
type of banking Trojan horse that doesn't just steal your bank log-in
credentials but actually steals money from your account while you are
logged in and displays a fake balance.
The bank Trojan, dubbed URLZone, has features designed to thwart fraud
detection systems which are triggered by unusual transactions, Yuval
Ben-Itzhak, chief technology officer at Finjan, said in an interview
Tuesday. For instance, the software is... Continue reading ...
Posted by Oyya-Info on Tuesday, September 29, 2009,
In :
Security
A rise in malware has caused the number of infected PCs worldwide to
increase 15 percent just from August to September, says a report
released Tuesday from antivirus vendor Panda Security.
Across the globe, the average number of PCs hit by malware now
stands around 59 percent, an all-time high for the year. Among 29
countries tracked, the U.S. ranked ninth with slightly more than 58
percent of its PCs infected. Taiwan hit first place with an infection
ratio of 69 percent, while Norway came i... Continue reading ...
Posted by Oyya-Info on Saturday, September 19, 2009,
In :
Security
Malware developers are going open source in an effort to make their malicious software more useful to fraudsters.
By giving criminal coders free access to malware that steals financial
and personal details, the malicious software developers are hoping to
expand the capabilities of old Trojans.
According to Candid W?est, threat researcher with security firm
Symantec, around 10 percent of the Trojan market is now open source.
The move to an open source business model is allowing criminals t... Continue reading ...
Posted by Oyya-Info on Tuesday, September 15, 2009,
In :
Security
Organizations are finding it difficult to prioritize defense strategies
against cyberattacks because most of them do not have an Internet-wide
view of the attacks, according to a report from SANS Institute, the
security training organization.
As a result, two security risks--Web applications and
phishing--carry the greatest potential for damage, even though users
instead tend to concentrate on less-critical risks.
The report, published by security training organization SANS Institute, amalg... Continue reading ...
Posted by Oyya-Info on Thursday, September 10, 2009,
In :
Security
It's no secret that criminals are stealing credit card and bank account
data and selling it underground. But most people would find it shocking
to learn just how little their sensitive personal information costs.
Symantec on Thursday is launching its Norton Online Risk Calculator,
a tool that people can use to see how much their online information is
worth on the black market. The tool also offers a risk rating based on
demographics, online activity, and estimated value of online
informatio... Continue reading ...
Posted by Oyya-Info on Monday, August 31, 2009,
In :
Security
It used to be that an IT administrator could warn employees about
opening attachments from unknown sources or clicking on links from
unknown e-mail senders as the first line of defense against spam,
malware, and other bad stuff on the Internet.
Today, the seedy side of the Internet comes in many different
forms and from many different sources. Stop for a moment and think
about the new places where malware might be buried, hidden, released,
and shared--a legitimate site that's been hacked, a b... Continue reading ...
Posted by Oyya-Info on Thursday, August 27, 2009,
In :
Security
 This is the error message on the Norton support Web site after users reported that the patch failed to install properly. (Credit: Symantec)
Symantec is providing a fix for customers who got error messages after
a patch deployment went awry for some Norton users, the company said on
Tuesday.
The problem started last Wednesday when Symantec deployed patches for
Norton AntiVirus 2009, Norton Internet Security 2009, and Norton 360 v3
via LiveUpdate. Some customers received error messages saying th... Continue reading ...
Posted by Oyya-Info on Tuesday, August 25, 2009,
In :
Security
Cisco Systems wireless local area network equipment used by many
corporations around the world is at risk of being used in
denial-of-service attacks and data theft, according to a company that
offers protection for WLANs.
Researchers at AirMagnet, which makes intrusion-detection
systems for WLANs, discovered the vulnerability, which affects all
lightweight Cisco wireless access points, as well as the exploit that
could be used against networks that have the Over-the-Air-Provisioning
(OTAP) ... Continue reading ...
Posted by Oyya-Info on Friday, August 14, 2009,
In :
Security
One of the best ways to protect your online security is to have
strong passwords that you change periodically. But that's easier said
than done. Coming up with hard-to-guess passwords is hard enough, but
it's even harder to have separate passwords for different sites and to
remember new ones after you change them.
One way to create a password that's hard to guess but easy to remember
is to make up a phrase. You could type in the entire phrase (some sites
let you use spaces, others don't) or y... Continue reading ...
Posted by Oyya-Info on Friday, August 7, 2009,
In :
Security
Thursday's denial-of-service attack that knocked Twitter offline for a few hours and affected Facebook, LiveJournal, and Google Sites and Blogger wasn't your average attack.
Typically, someone who has a bone to pick with a specific Web site will
round up some hijacked PCs and use them to try to shut the site down.
In this case, whoever was responsible was trying to block access to a
specific user's accounts and not the sites themselves.
Denial-of-service attacks aren't always straight forwa... Continue reading ...
Posted by Oyya-Info on Thursday, August 6, 2009,
In :
Security
Phishing attacks rose 52 percent in July while spam as a percentage
of all e-mail stayed about the same compared with the previous month,
according to the latest reports from Symantec that tracked spam and
phishing activity for the month.
The
State of Spam (PDF) and State of Phishing (PDF) reports were released Thursday.
With some fluctuations, spam averaged around 89 percent of all e-mail
in July, noted Symantec. That compares with about 90 percent for the
month of June. There are dist... Continue reading ...
Posted by Oyya-Info on Thursday, July 30, 2009,
In :
Security
Two researchers have separately uncovered flaws in the way domain names
are verified on the Internet that could allow attackers to impersonate
a site and steal information from unsuspecting Web surfers.
Dan Kaminsky, who discovered a serious flaw in the Domain Name System (DNS) last year,
and Moxie Marlinspike gave presentations at the Black Hat security
conference on Wednesday about how someone could acquire certificates
for domains they don't own and thus trick people into visiting those
i... Continue reading ...
Posted by Oyya-Info on Monday, July 27, 2009,
In :
Security
My favorite security show each year is one at which there are no sales
pitches, the speakers favor black T-shirts and dyed hair over suits and
ties, and the talks tend to be controversial enough to prompt legal
threats and even arrests.
I'm talking about Defcon,
which starts Thursday and runs through Sunday. The event turns part of
the Las Vegas strip into a geek equivalent of "Animal House" for a
three-day weekend every summer.
Started in 1993 by Jeff Moss, aka Dark Tangent, Defcon bring... Continue reading ...
Posted by Oyya-Info on Sunday, July 26, 2009,
In :
Security
Two researchers for Hewlett-Packard have created a browser-based
darknet, an idea that could make it easier for businesses to keep
eavesdroppers from uncovering confidential information.
Darknets are encrypted peer-to-peer networks normally used to
communicate files between closed groups of people. Most darknets
require a certain level of technological literacy to set up and
maintain, including taking care of the necessary servers. However, HP
researchers Billy Hoffman and Matt Wood plan nex... Continue reading ...
Posted by Oyya-Info on Thursday, July 23, 2009,
In :
Security
Security experts will be releasing a tool that can be used to break
into Oracle databases during their presentation at the Black Hat and
Defcon hacker conferences next week in Las Vegas.
Chris Gates and Mario Ceballos will present Oracle Pentesting
Methodology and give out "all the tools to break the 'unbreakable'
Oracle as Metasploit auxiliary modules," according to the summary of
their presentation on the Defcon Web site.
Gates is a member of the Metasploit project, an open-sour... Continue reading ...
Posted by Oyya-Info on Wednesday, July 22, 2009,
In :
Security
The techniques Google uses to protect Chrome users from browser-based
attacks have taken on new importance with the company's plan to make
the software the centerpiece of a Netbook operating system.
Two weeks ago, Google announced plans for the open-source Chrome OS
designed for people who spend most of their time on the Web. The Google
Chrome operating system is a "natural extension" of the Chrome browser,
Sundar Pichai, vice president of product management, and Linus Upson,
engineering d... Continue reading ...
Posted by Oyya-Info on Tuesday, July 21, 2009,
In :
Security
A security researcher has released zero-day code for a flaw in the
Linux kernel, saying that it bypasses security protections in the
operating system.
The source code for the exploit was made available last week by
researcher Brad Spengler on the Dailydave mailing list. According to
the researcher, the code exploits a vulnerability in Linux version
2.6.30, and 2.6.18, and affects both 32-bit and 64-bit versions. The
2.6.18 kernel is used in Red Hat Enterprise Linux 5.
The exploit bypasses nul... Continue reading ...
Posted by Oyya-Info on Saturday, July 18, 2009,
In :
Security
The Symbian Foundation has acknowledged that its process for keeping
malicious applications off Symbian OS-based phones needs improvement,
after a Trojan horse program passed a security test.
The botnet-building Trojan,
which calls itself "Sexy Space," passed through the group's
digital-signing process, Symbian's chief security technologist Craig
Heath said Thursday. Heath said the group is working on improving its
security-auditing procedure.
"When software is submitted, we do try to filt... Continue reading ...
Posted by Oyya-Info on Wednesday, July 15, 2009,
In :
Security
There is a critical JavaScript vulnerability in the
Firefox 3.5 Web browser, Mozilla has warned.
The zero-day flaw lies in Firefox 3.5's Just-in-time (JIT)
JavaScript compiler. Proof-of-concept code to exploit the vulnerability
has been posted online by a security research group, Mozilla said in a post on its security blog on Wednesday. Security company Secunia rated the vulnerability as "highly critical" on Wednesday.
The hole could allow a hacker to launch a "drive-by" attack,
according to... Continue reading ...
Posted by Oyya-Info on Friday, July 10, 2009,
In :
Security
The denial of service attacks against Web sites in the U.S. and South
Korea that started last weekend may have stopped for now, but code on
the infected bots was set to wipe data on Friday, security experts said.
There were no immediate reports of any of the compromised PCs in the
botnet having files deleted, but that doesn't mean it wasn't happening
or won't in the future, said Gerry Egan, a product manager in
Symantec's Security Technology Response group.
There are only about 50,000 infe... Continue reading ...
Posted by Oyya-Info on Monday, July 6, 2009,
In :
Security
Microsoft on Monday warned of a vulnerability in its Video ActiveX
Control that could allow an attacker to take control of a PC if the
user visits a malicious Web site.
There have been limited attacks exploiting the hole, which affects Windows XP and Windows Server 2003, Microsoft said on its Security Response Center blog.
This is the second DirectShow security hole Microsoft has announced in
the past few months. The company has yet to provide a security update
for a vulnerability announced ... Continue reading ...
Posted by Oyya-Info on Thursday, July 2, 2009,
In :
Security
The computer security industry historically borrows military defense concepts to combat digital threats, literally creating war rooms where experts follow attacks in progress on huge screens with phones ringing off the hook.
Not so at Google's Postini e-mail security service provider unit.
Instead, computerized systems monitor 3 billion messages per day that
flow in and out of customer systems and pass through Postini's
thousands of machines in data centers around the U.S. and in Europe
befo... Continue reading ...
Posted by Oyya-Info on Wednesday, June 24, 2009,
In :
Security
Microsoft on Tuesday released its latest foray into security software as a limited beta. Microsoft Security Essentials,
known in development as Morro, is limited to 75,000 downloads in four
countries: the United States, Israel, Brazil, and China.
Security Essentials
contains all the basic features that users have come to expect from
free security software: multiple built-in and customizable scan
options, a scheduler, automatic definition file updates, a real-time
defense shield, and rootkit... Continue reading ...
Posted by Oyya-Info on Friday, June 19, 2009,
In :
Security
Microsoft will launch a public beta of its anti-malware service,
Microsoft Security Essentials, on Tuesday as it phases out its Live
OneCare suite in favor of a simpler free consumer security offering.
Microsoft Security Essentials, which will run on Windows XP, Vista, and
Windows 7, will be available in the U.S., Brazil, and Israel in English
and Brazilian Portuguese. A public beta version for Simplified Chinese
will be available later in the year.
The service works like traditional antivi... Continue reading ...
Posted by Oyya-Info on Wednesday, June 17, 2009,
In :
Security
PST to clarify that Gmail data has always
been encrypted by default when a user types in https:// and that last
year they offered the ability to set https:// as the default.
More than three dozen security and privacy advocates and researchers
are asking Google to offer better data protection for users of Gmail
and other Google apps and Google said on Tuesday that it is considering
doing that, if it doesn't slow down the apps too much.
You may not know this but you can set Gmail to encrypt ...
Posted by Oyya-Info on Tuesday, June 16, 2009,
In :
Security
Last week, PBWorks founder David Weekly found out from some customers
that his hosted collaboration site had been blacklisted by Symantec for
hosting malware and, thus, visitors to any of the 10 million pages on
PBWorks were being warned that the site wasn't safe.
"(Damn) you, Norton Safe Web. Whenever one file on one PBWorks space
has a virus, all of PBworks is marked unsafe?!" a frustrated Weekly
wrote on Twitter and Facebook on Thursday. In a follow-up interview, he
said: "That's tarnishi... Continue reading ...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
Experts have warned of serious security flaws in the Chinese
government's censorship software, which could open the door to hackers
creating huge botnets.
Programming errors in the Green Dam Youth Escort software, which the
Chinese Ministry of Industry and Information Technology said Tuesday must be preinstalled on all new computers in the country, are at the root of the flaws, according to experts from the University of Michigan.
"Once Green Dam is installed, any website the user visits ... Continue reading ...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
The abstract concepts of "botnet" and "Trojan" just became a lot more concrete for me.
In less than an hour on Thursday, I was able to use programs readily
available on the Internet underground for as little as $300 to infect
several Windows clients and take complete control of them in a test
environment.
In contrast to the real world, the McAfee Malware Experience event,
which was akin to a Malware 101 class (or, in my case, Malware ... Continue reading ...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
Microsoft's Malicious Software Removal Tool was updated this week to
detect a generic type of fake antivirus program known as
"Win32/InternetAntivirus."
The Microsoft Malware Protection Center
gives Win32/InternetAntivirus an alert level of "severe." The software
is "a rogue program that displays false and misleading alerts regarding
malware, in order to convince users to purchase rogue security
software," according to a Microsoft Malwa... Continue reading ...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
Jeff Moss, founder of the Black Hat and Defcon hacker and security conferences, was among 16 people sworn in on Friday to the Homeland Security Advisory Council.
The HSAC members will provide recommendations and advice directly to Secretary of Homeland Security Janet Napolitano.
Moss' background as a computer hacker (aka "Dark Tangent") and role as
a luminary among young hackers who flock to Defcon in Las Vegas every
summer might seem to make him an odd choice to swear allegiance to the...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
Malware has been found on ATMs in Eastern Europe and elsewhere that
allows criminals to steal account data and PINs and even empty the
machine of its cash, a computer forensics expert said.
About 20 ATMs have been compromised in that manner, mostly in Russia
and the Ukraine, but there are "early indications" of compromised ATMs
in the U.S., said Nicholas Percoco, vice president and head of SpiderLabs at Trustwave, which provides data security and payment card compliance services.
Percoco ...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
On the heels of Symantec's OnlineFamily.Norton released earlier this year, security stalwart McAfee jumps into the family protection game with a new home-oriented protection program. Called McAfee Family Protection, the program offers many familiar tools to parents in the hopes of fostering conversation while protecting children from harm.
 McAfee Family Protection protects children based on multiple levels of technology. (Credit: McAfee)
McAfee Family Protection offers block... Continue reading ...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
Using a data backup program helps recover lost data but can also help get a stolen laptop back--if you're lucky.
A Berkeley, Calif., man recently recovered his stolen laptop after
seeing photos the thief took of himself with the built-in camera via
his Internet-based data backup program.
That's according to a police officer's article in an e-mail newsletter from Berkeley City Councilmember Susan Wengraf that was posted to the Web by open-source advocate Bruce Perens.
It all started on ...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
Hackers based in Turkey penetrated two U.S. Army Web servers and
redirected traffic from those Web sites to other pages, including one
with anti-American and anti-Israeli messages, according to a report in InformationWeek.
The hackers, who go by the group name "m0sted," breached a server at
the Army's McAlester Ammunition Plant in Oklahoma on January 26 and a
server at the U.S. Army Corps of Engineers' Transatlantic Center in
Winchester, Va., on September 19, 2007, the report said.
Inve...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
The Web site compromise attack known as Gumblar has added new domain
names that are downloading malware onto unsuspecting computers,
stealing FTP credentials to compromise more sites, and tampering with
Web traffic, a security firm said on Thursday.
The Gumblar attack started in March with Web sites being compromised
and attack code hidden on them. Originally, the malware downloaded onto
computers accessing those sites came from the gumblar.cn domain, a
Chinese domain associated with Russ...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
What if you reached to grab a newspaper out of a news stand and you
found a rock in your hand instead? How about opening the front door to
a grocery store and ending up on a boat?
This sounds like a Matrix movie, but the virtual equivalent of this is
real and poses one of the most serious new risks on the Internet,
according to Jeremiah Grossman, chief technology officer and co-founder
of Whitehat Security.
"Most exploits (like worms and attacks that take advantage of holes in
software) ca... Continue reading ...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
A new, unpatched vulnerability exists in one of Microsoft's server products, the company warned late Monday.
In a technical bulletin,
the company said it is looking into "public reports of a possible
vulnerability in Microsoft Internet Information Services (IIS)."
The company said that a flaw exists in a certain type of Web serving operation.
"An elevation of privilege vulnerability exists in the way that
the WebDAV extension for IIS handles HTTP requests," Microsoft said.
"An attacker ...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
You might have heard about online "phishing" scams designed to steal
money from unsuspecting Web users, but now criminals are using another
type of scam called "vishing" to commit the same crimes.
Last week, the Federal Trade Commission filed lawsuits
against two telemarketing firms in Florida and a company claiming to
sell extended automobile warranties for violating the Do Not Call
registry and fraud for selling bogus warranties for between $2,000 and
$3,000 a pop. Since 2007, the compan... Continue reading ...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
A pirated version of Windows 7
Release Candidate infected with a Trojan horse has created a botnet
with tens of thousands of bots under its control, according to
researchers at security firm Damballa.
The software, which first appeared on April 24, spread as quickly as
several hundred new bots per hour, and controlled roughly 27,000 bots
by the time Damballa took over the network's command and control server
on May 10, the firm said Tuesday.
The pirated software was spread via popular pir...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
Microsoft on Tuesday released a patch aimed to fix a critical vulnerability in PowerPoint that had already led to exploits.
The vulnerability is listed as critical
for Office 2000, but rated only as important for Office XP, Office
2003, and Office 2007. However, the hole had already formed the basis
of targeted attacks, prompting Microsoft to issue a warning last month.
Although Microsoft says the hole is now patched in the Windows version
of P...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
Cybercriminals have moved on from search engine optimization techniques
and are now creating fake search sites designed solely to direct Web
surfers to pages hosting malware, Panda Security warned on Wednesday.
Previously, attackers resorted to sending e-mails with malicious code
in attachments and with links to malicious Web sites and took measures
to push those Web sites higher in search engine rankings. Now, they're
also creating fake search engines that ...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
 Security
researcher Mike Bailey released this screen shot showing that he gained
access to McAfee Secure via a cross-site request forgery hole.
Security vulnerabilities on McAfee sites, including one designed to
scan customers' sites for flaws, exposed certain customer accounts and
could have been used for phishing attacks in which malware disguised as
McAfee software could be distributed, security experts say.
McAfee said late on Tuesday that most of the vulnerabilities were
fixed, excep...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
The Conficker Internet virus has infected important computerized
medical devices, but governmental red tape interfered with their
repair, an organizer of an antivirus working group told Congress on
Friday.
Rodney Joffe, one of the founders of an unofficial organization
known as the Conficker Working Group, said that government regulations
prevented hospital staff from carrying out the repairs.
Joffe, who also is the senior vice president for the telecom
clearinghouse Neustar, told a panel of ... Continue reading ...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
In the wake of the Conficker worm spreading via removable storage
devices among other methods, Microsoft said on Tuesday it is making a
change to the way Windows 7 handles USB drives.
As a result of the change, most USB drives will not be able to
automatically launch a program using a Windows feature known as
AutoRun, Microsoft said in a post on its Security Research & Defense Blog.
So, if an infected USB drive is inserted on a machine then the AutoRun task will not be displayed, Microso...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
Is your computer acting funny? Are you worried that you may have
visited a malicious Web site or opened an e-mail attachment with
malware?
Instead of worrying about it you can now go to a new Web site McAfee is
launching on Tuesday that is designed to help computer users figure out
if they have legitimate reason to be concerned.
The new Cybercrime Response Unit
offers a forensic scanning tool that checks for malware on the computer
and cookies left by suspicious Web sites to help deter...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
Conficker, also known as Downadup or Kido, was expected to wreak havoc on
April 1 when it was due to be activated, but it failed to cause many
problems.
Internet virus experts, however, claim it is now quietly turning thousands of
personal computers into servers of e-mail spam and installing spyware.
The worm started spreading late last year, infecting millions of computers and
turning them into "slaves" that respond to commands sent from a remote
server that effectively ...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
In past years, I looked at the RSA security conference
as a high-tech flea market staffed by the world's best security
carnival barkers. Yes, important security topics were discussed, but
the real focus of the show was selling products and doing deals. This year's event has its share of tacky presentations and
booth babes, but I'm hearing a lot of chatter about a far more
important topic: the state of information security and its impact on us
all. Finally, the combination of unending dat...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
With all the Internet attacks that exploit Adobe Acrobat Reader people
should switch to using an alternative PDF reader, a security expert
said at the RSA security conference on Tuesday.
Of the targeted attacks so far this year, more than 47 percent of them
exploit holes in Acrobat Reader while six vulnerabilities have been
discovered that target the program, Mikko Hypponen, chief research
officer of security firm F-Secure, said in a briefing with journalists.
Just last month,
Adobe iss...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
Mozilla released an update to
Firefox 3 on Tuesday that patches 12 security vulnerabilities, four of which it rated as critical.
Firefox 3.0.9, the Web browser's third update this year, fixes two
critical vulnerabilities in the Firefox browser engine and two in its
JavaScript engine, according to a security advisory posted Tuesday:
Mozilla developers identified and fixed several stability bugs in the
browser engine used in Firefox and other Mozilla-based products. Some
of these crashes ...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
Windows 7 makes remote connectivity to corporate networks seamless,
protects data on thumb drives, and offers fewer user account control
prompts to bug users compared to Vista, Microsoft said on Monday.
The software giant began an education blitz about the security features
of the newest version of its operating system at the start of the RSA
2009 security conference.
Windows 7, which was released in public beta in January, will have 29 percent fewer user account control (UAC) prompts ...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
Be careful who you give your
mobile phone
number out to. An attacker with the right toolkits and skill could
hijack your phone remotely just by sending SMS messages to it,
according to mobile security firm Trust Digital.
 In
the Trust Digital demo on YouTube, an attacker sends an SMS message to
the victim phone (on the left) which opens up a Web browser and
downloads an executable file that directs it to send an SMS to the
attacker's phone (on the right). (Credit: Trust Digital)
In what it ... Continue reading ...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
SAN FRANCISCO--Symantec has acquired Web security firm Mi5 Networks and
plans to announce two new security suites at the RSA security
conference on Tuesday.
Mi5 sells a Web security appliance that protects corporations against
Web-based threats. Symantec will integrate the technology into its
offerings later in 2009 and offer it as a stand-alone product, Joan
Fazio, director of product marketing for Symantec Endpoint Security,
said in an interview.
The all-cash transaction was completed ...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
With the Conficker worm still hot and Microsoft patching multiple software vulnerabilities last week, it might be reasonable to assume the bad guys are winning the battle to get control over Internet-connected computers.
That's not necessarily the case. Developers are increasingly equipped
with tools to shore up their products and vendors are collaborating in
unprecedented ways to not only close holes in software, but also make
sure they aren't in there in the first place, according to se... Continue reading ...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
The teenager who created the worms that hit Twitter earlier this week
has been hired by a Web application development firm and on Friday
released a fifth worm on the microblogging site.
Twitter fought off four waves of worm attacks
last weekend and into Monday in which Twitter users were infected just
by clicking on the name or image of someone whose account was infected.
The worms appeared to do no damage other than spread to infected users'
followers and modify profile pages.
Michael... Continue reading ...
Posted by Oyya-Info on Monday, June 15, 2009,
In :
Security
Researchers have discovered another feature of the Conficker worm that
provides an additional clue about the intent of the creators--the worm
installs malware that masquerades as antivirus software, Trend Micro
said on Friday.
The worm, which has infected millions of Windows-based computers on the
Internet, is downloading a program called Spyware Protect 2009 and
displaying warning messages saying that the computer is infected and
offering to clean it up for $49.95, according to the Trend ... Continue reading ...
| |
