|
| Top
Security News |
WordPress Vulnerable To Custom Field Uploads
Those who have not upgraded WordPress to 2.2.1, or WordPress MU to 1.2.3, should do so to help mitigate a newly disclosed vulnerability. The possibility of being exploited still exists after upgrading. Alexander...
The Horror Of Spyware
Coding Horror's Jeff Atwood ventured onto the Internet in search of no-cd game patches for a fresh re-installation of Windows XP SP2, and got nailed by a drive-by malware installation.By venturing online...
State's Data Stolen In Ohio
Another data theft has occurred, and this one affects over 100,000 Ohioans. It's no clever hacker who was behind the breach, however - someone stole a device containing names and social security numbers out...
NATO Takes A Look At Cyber Security
A man with the last name of "Gates" has advised NATO countries to brace themselves for cyber attacks, but it wasn't Bill, Microsoft's CEO. Instead, it was Robert, America's Defense Secretary. Moreover, Robert...
FBI, DOJ Reveal Operation Bot Roast
Operation Bot Roast has been a success - sort of. Information provided by the FBI and the Department of Justice revealed that "investigations have identified over 1 million victim computer IP addresses," but it...
Captchas Go To The Dogs, Cats
Those strings of distorted letters and numbers are supposed to make things hard on spammers - not innocent users. But as spammers have gotten smarter, those captchas have gotten harder to read, and...
|
|
|
 |
| Gain The Skills To Manage An Organization-Wide Information Security Program. Sign Up Now.
|
|
The ability to do a kind of advanced search on Facebook could have revealed information from private profiles to anyone who knew how to look for it.
Facebook closed off a hole in its search functionality, and gave its users a greater level of privacy control of their profiles.
Chris Soghoian blogged about how Facebook search could be a privacy concern, especially in relation to European privacy laws.
"The Europeans do care about privacy. Sexuality and Religion are bits of information that they consider to be highly sensitive.. and thus, my little go fish attack is now suddenly a lot more important than it was before," Soghoian wrote.
"While Facebook does allow users to control their profile's existence in search queries, this second preference is not automatically set when a user makes their profile private - and thus many users do not know to do so," he wrote.
Doing an advanced query for a Facebook user's name and any profile attribute associated with it would retrieve a matching result if it exists. Soghoian demonstrated the proof of concept by creating a profile for himself and searching for its attributes.
A Facebook representative responded on Soghoian's blog, and said Facebook has fixed the problem.
Brandee Barker, director of corporate communications at Facebook, commented that information marked as private by a user will not return a result for an advanced search query.
Fake Microsoft Patch Delivers Trojans Instead: A bogus email being circulated around the net claims to fix a zero-day vulnerability in Microsoft Outlook.
However, security firm Sophos warns that the the only security threat comes from the offer of the patch itself:
Users are encouraged by the email to download a patch which, it is claimed, will fix the problem and prevent them from becoming attacked by hackers.
However, clicking on the link contained inside the email does not take computer users to Microsoft's website but one of many compromised websites hosting a Trojan horse.
In examples seen by Sophos experts, the emails have contained the recipient's full name, and the company they work for, in an attempt to lull user's into a false sense of security.
The emails, which have the subject line "Microsoft Security Bulletin MS07-0065," also arrive with a person's real name and the name of their employer. As with similar attacks like this one that pretend to be from Microsoft, this email should be deleted immediately.
About
the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
|
|
,
Inc. 2549 Richmond Rd. Lexington KY, 40509
