 |
 |
 |
|
| David Utter > |
|
Bloggers Nail China On Olympian Age Lies China's Olympic gymnasts consist of athletes under the permitted age of competition, as illustrated at length by a number of hard-charging online sources.
BitTorrent Clients Suffer Overflow Flaw Software clients from BitTorrent and uTorrent contain critical vulnerabilities that could permit remote code execution.
Microsoft Patches Fix Image Vulnerabilities Critical fixes arrived for Microsoft applications in the August edition of their Patch Tuesday round of updates, including corrections for overflow vulnerabilities in image file formats in Microsoft Office.
Georgia, Russia Engaged In Cyber War Sites for Georgia fled the country in favor of hosting elsewhere as numerous DDOS attacks from Russia took out Georgian web properties.
Subway Card Hackers Can't Talk At Defcon A trio of MIT students planned to talk about the Boston subway's inherent problems with its payment card system, but an injunction took their presentation off the Defcon slate of topics.
Critical Microsoft Patches Arriving Tuesday With a dozen patches on tap for Microsoft for August 12th, security pros should note seven of them will arrive as fixes for critical issues.
Sports, Politics Ride Latest Spam Wave The Summer Olympics, the NFL, and the ongoing Presidential campaigns all present ripe content for spammers and the malware they try to deliver to victims.
Lost TSA Data Laptop Found In Its Office A laptop containing details on 33,000 people allowed to bypass security checkpoints at airports turned up after being missing for more than a week.
Countrywide Insider Stole Data For Two Years Major mortgage lender Countrywide has more problems than those presented by the abysmal housing market: an employee pilfered data on nearly 2 million customers over a two-year period.
Worm Squirms After MySpace, Facebook Users Another pest started making the rounds of social networking recently, offering people a video but secretly dropping a Trojan onto vulnerable systems.
Google, The Lazy Path To Hacking The power of Google's search and its depth of indexing, matched with a few operators for queries, makes it a fun place to poke around for possible holes.
Trojans Prick PCs As Top Malware Threat An assessment of the leading computer threats through the first half of 2008 found malware riding along in Trojans posing the most problems for people.
Oracle WebLogic Hit With Zero-Day Exploit A workaround emerged from Oracle as news circulated of a remotely exploitable flaw, without requiring authentication, involving the WebLogic platform.
Design, Not Patching, Key To Secure Software The current DNS cache poisoning variation requiring a fix on numerous nameservers around the globe could have been anticipated and stopped; one developer did that in 2000.
Metasploit's Moore Sapped Via DNS Flaw The same critical DNS issue that HD Moore and his associates raced to include in their security testing toolkit, the Metasploit Project, bounced back against the noteworthy security researcher.
Photobucket Hack Attributed To Critical DNS Flaw When photo sharing site Photobucket suffered an attack at the hands of Turkish hackers, it turns out they exploited the serious DNS vulnerability later detailed by security researcher Dan Kaminsky.
Open Source, The Patriotic Solution Noted technologist Tim Bray repeated a call for the work of civic processes to use open source software for fulfillment.
Olympic Spam Reaching Olympian Proportions A couple of weeks ahead of the Beijing Olympics, spammers continue to rollout millions of messages with an Olympic theme.
Metasploit Loads Up DNS Attack Code Script kiddies and sophisticated hackers gained easy access to code for exploiting a critical flaw in the domain name service (DNS) system when the Metasploit Project added two attacks to its toolkit.
Romanian Pleads Guilty In US Phishing Case Eighteen months after being indicted by a federal court, one of a group of seven Romanian citizens pleaded guilty to involvement with phishing bank details from people.
DNS Flaw Details Emerge Security pros have been urged to patch vulnerable DNS systems if they have not done so already.
Server Theft Trumps Server Hacking The brute force technique applied to physical goods long before it ever came up in the conversation about breaking passwords to gain access to resources.
Critical DNS Issue Threatens Internet No hyperbole, no joke. People familiar with a flaw in the domain name system sounded a sobering call to administrators everywhere to fix their systems.
Mozilla Patches Firefox 3 A fix for a vulnerability reported a few hours after the Firefox 3 Download Day opened began arriving on people's computers.
Oracle Troubled By Web Component Security The latest run of vulnerability fixes released by Oracle showed troubling trends with making services available with web-facing resources.
Unpatched Systems Survive Four Minutes Online The presence of a firewall helps, but without something blocking the path from automated probes to one's PC, its survivability declines rapidly.
Internet Cafes Threatened Ahead Of Olympics Throngs of visitors to China during the Summer Olympics will include many who want to check up on their email or other online resources. That could be a problem.
Swiss Slammed By Lots Of Spam Inboxes in the tiny European country picked up far more spam than anywhere else in the world during the month of June.
Microsoft Patch, ZoneAlarm Make PCs Too Secure A little incompatibility between a fix for the Windows Domain Name System caused users of a popular firewall product to lose their Internet connections.
Get Ready: Windows XP SP3 On Tap Microsoft pegged July 10th at 1 pm EDT as the release date and time for the third service pack for the Windows XP operating system.
Fortune 500 Lacking In Email Validation One vendor claimed some 60 percent of the Fortune 500 do not use methods of qualifying outgoing email, which could leave them open to being spoofed by forgers.
Google Discovers Privacy "Privacy" became part of Google's home page just before the 4th of July. You're forgiven if you missed the switch.
Google Open-Sources Ratproxy Security Tool An internally-used web application security assessment tool called ratproxy gained broader availability with Google's decision to release it publicly.
Software Should Be Like Food Researchers of web browser security suggested a "best before" approach to informing people their software may not be so fresh any longer.
Feds Slowly Improving In Computer Security Federal Information Security Management Act (FISMA) requirements pad on the paperwork for agencies, but the demands of the Act have made a positive impact in computer security.
Canned Air Helped Beat Encrypted Hard Drives Sure the custom software had something to do with it, but some students at Princeton also found that compressed air enabled an unlikely crack.
ICANN, IANA, Fall Prey To Hacks Turkish hackers believed responsible for shenanigans with image site Photobucket.com's domain earlier in June struck at two major domains that hold responsibilities affecting the entire Internet.
Microsoft, Google Endorse Health Records Standard The two big tech companies joined with a variety of insurers and consumer groups in backing standards governing the privacy and accessibility of health information online.
HP Writes Scrawlr For SQL Injection Detection A recent spate of thousands of SQL injection attacks across the Internet created the need for a tool to diagnose a website's potential vulnerability to them.
Judge, Jury, And Google Trends A Florida trial will serve as the venue for an interesting defense: determining if searching for adult content is mainstream enough to get a defendant out of an obscenity charge.
Early Russert Wikipedia Update Leads To Firing Securing confidential trade secrets poses one challenge to security pros, but the spread of private inside chatter via the Internet makes for an impossible task.
Mozilla Sees Little Risk In Firefox 3 Flaw A vulnerability affecting both the latest version of the Firefox browser as well as the previous one, Firefox 2, poses minimal concerns for users according to Mozilla.
Instant Worm Creation Software Hits The Web A point and click interface for turning .exe files into self-replicating worms makes malware creation an easy prospect for attackers.
Router Attacks Witnessed In The Wild A variant of the Zlob Trojan may be carrying an exploit against routers, subjecting them to brute force attacks against login procedures.
Spammers Shield Junk With Google Docs Another tool in the arsenal of spammers comes courtesy of a well-meaning service from Google.
Universities Show Little Control Over Personal Data Columbia and the University of Florida are two of the latest schools with personally identifiable information about their students posted by the thousands online.
Voice Phishing Rising In Threat Vishing, or voice over Internet Protocol phishing, attempts to steal information from people via the phone rather than the computer.
Once Again, China Implicated In Computer Espionage At the highest levels of government in the United States, some Congressmen believe attackers from China infiltrated their computers.
Microsoft Closes Critical Bluetooth Flaw The monthly updates from Microsoft brought a few Critical repairs to its customers; one fix corrected a remotely executable vulnerability in the Bluetooth stack.
Microsoft Sues Repeat Offenders Over Piracy Sellers of counterfeit software continue to bedevil Microsoft, as the company announced a new series of lawsuits against sellers of pirated versions of Windows.
Economy, IRS Figure In May Spam The monthly look at the State of Spam by security vendor Symantec found the usual efforts to take advantage of current events by spammers.
4Chan Stadium Threat Hoaxer Sentenced An ex-grocery clerk in Wisconsin who repeatedly posted threats of stadium bombings to a website will spend six months in jail.
Romania, Hong Kong Top List Of Dangerous TLDs Whatever the reason, .ro domains figured prominently in a look at where the most dangerous sites on the Internet reside.
Walter Reed Medical Suffers Data Breach File sharing blamed for compromise that may have exposed patient data from the military health system with an outsider.
Gutierrez Possible Victim Of Chinese Cyber Spying Whispers about a potential malware compromise of computers used by Commerce Secretary Carlos Gutierrez during a trip to China raises suspicions in Washington.
Unlocking The Security Of Locks Hackers at New York's 'The Last HOPE' conference in July plan to discuss security of a different sort: the humble, physical lock.
TJX Dinged Over Security-Related Firing A former employee of TJX, which suffered one of the hugest security breaches and exposures of consumer information in recorded history, claimed he had been fired for whistleblowing the company's practices.
Dell Slapped In NY Fraud Case New York's Attorney General Andrew Cuomo won big against the computer maker, with Dell accused of numerous unsavory business practices regarding its financial and tech support offerings.
Aussie Telco Hands Out Infected USB Drives A little perk delivered to AusCERT attendees by national telco Telstra contained a little something extra besides their storage capability.
Woops: Oklahoma Auctions Tax Data-Loaded Drive A computer labeled as coming from the Oklahoma Tax Commission ended up in an auction with personally identifiable information, including Social Security numbers, intact and unencrypted.
White House Parody Site Pranked With Malware A malicious bit of code injection into whitehouse.org poses a concern because some people don't realize the authentic White House site is at whitehouse.gov.
Terrorism Courts The Web A Senate Committee isn't happy with the way terrorist groups embraced online video and the web browser as a recruitment tool.
Chinese Sites Hit With Script Injections A malware attack using a Javascript injection to exploit several old flaws targeted over 327,000 sites in Asia.
Apple's Odd Attitude About Safari The hallmark of Apple's products makes them work as invisibly as possible for their users. In the case of the Safari web browser, it downloads items without letting people know it's happening.
Rumor: Cisco Rootkit Coming To EuSecWest A researcher at Core Security allegedly created a rootkit for the widely-used Cisco brand of routers, and will reveal his research next week in London.
Microsoft Fixes Long-Standing MDB Flaw Remote code execution vulnerabilities received attention from Microsoft in its most recent edition of Patch Tuesday updates; one has been publicly known for seven months.
America's Botnet Needed, Says AF Colonel An Air Force colonel's suggestion that American needs a botnet provokes a strange idea: that the military and intelligence communities don't have one now.
Gas Savings Spam Fills Inboxes The inevitable attention of spammers turned to soaring gas prices, with one set of junk messages promising a way to save at the pump.
Google Expands Enterprise Web Security Security vendors had a stealth competitor enter the marketplace when Google announced it would offer a product that provides web security; Google recently extended security coverage to roaming enterprise users.
Utilities At Risk Over Network Security Utilities' legacy systems receive updates to allow centralized management of their resources over a computer network. Convenient? Sure. Safe? Questionable.
Trojan Plaguing File Sharing Networks A massive outbreak of malware began hitting media swappers hundreds of thousands of times nearly a week ago.
EFF Wonders About Digital Music Rights The disclosure by Microsoft that they will disable license servers and eliminate the ability for MSN Music customers to listen to music purchased from the service on new computers drove the Electronic Frontier Foundation to cry foul.
India Cites Ongoing Chinese Cyber Attacks A year and a half of electronic warfare against public and private network resources in India has been traced back to a variety of attacks and antagonists in China.
McAfee Digests Spam Experiment The 30-day challenge to run an unprotected computer and surf the Internet while filling out every form and answering every spam ended with the reinforcement of a lesson: nothing comes for free.
Storm Botnet Subsides Something new may be on tap to replace Storm as the big botnet pest, as its size decreased substantially in April.
Forgery Spam Still Hammering Inboxes Junk mailings touting all kinds of products, including steeply discounted luxury item knockoffs, pose threats beyond dodgy products.
Israeli Private Eyes Stole Corporate Secrets A private investigation firm made use of spyware to pilfer secrets from companies in Israel; four of their staffers received criminal sentences.
iPhone Gains VPN Boost With Check Point VPN-1 support from security vendor Check Point for Apple's iPhone arrived as the glitzy gadget continues to gain fans from enterprise users.
Microsoft Patch Process Called Security Risk Patch Tuesday could be Exploit Tuesday if malicious hackers escalate the rate at which they reverse engineer security patches.
SQL Injections Hitting Thousands Of Sites The dynamic capabilities of websites powered by back-end databases made thousands of them targets for injections of unsanitized code.
Baker College Takes Cyber Defense Crown The 3rd annual National Collegiate Cyber Defense Competition (CCDC) featured teams of students working to be the best at defending a business network from threats.
More ISPs Quietly Interfere With P2P Comcast serves as the most visible target for Internet users' anger over tampering with BitTorrent and other peer to peer traffic, but the issue may extend beyond them to other Internet service providers.
Microsoft Won't Sue Over Legitimate Flaw Discovery Security researchers do not want to end up being arrested or sued for pointing out problems on a website, and Microsoft would rather know the awful truth than prosecute.
eBay Has Its Romanian Hacker An arrest in Budapest turned up one Vlad Constantin Duiculescu, aka Vladuz, a thorn in the side of the online marketplace.
Google Touts Malware Fight, Skips Real Question The ongoing battle against malware brought plenty of good guys to the fight, but Google's latest discussion of its role leaves out a key question.
Mozilla Fixes Critical Firefox JavaScript Issue Garbage collection in the Firefox JavaScript engine caused browser crashes for some people.
Oracle Issues Critical Product Fixes Patches for the Oracle database and other products arrived as part of the company's quarterly fix cycle.
US District Court Spoofed By Malware Criminals A wave of phishing spam tries to fake out recipients by spoofing a subpoena from a US District Court.
Google Builds Tools To Fight Child Porn An ongoing effort with the National Center for Missing & Exploited Children (NCMEC) by Google produced video tools for use in finding exploitative images and videos.
Old Mistakes Cause New Security Problems The more things change, the more developers keep making the same mistakes, leading to exploits and other problems for visitors.
PayPal Calls For Partnerships Against Phishing One of the most popular phishing targets on the Internet wants to thwart criminals, but needs a lot of help to do so.
Should We Know Where To Find Google? A publication recently put out a list of Google's datacenters by city; though it's interesting to us, Google probably has good reasons for not appreciating it.
Damballa Responds To Kraken Criticisms Security researchers at Damballa who discussed a big new botnet received lots of pushback from the security community.
Microsoft Patches Crack Down On Drive-Bys Malicious websites could exploit unpatched components in Internet Explorer and other Microsoft technologies.
Kraken Exceeds Storm Botnet In Size A new headache for security pros from the Fortune 500 on down emerged in accounts of a wider-reaching botnet called Kraken.
Online Criminals Outsource Their Work A study by security vendor Finjan suggested a trend in criminal behavior has them farming work out to established rings with a technology infrastructure in place.
EU: 18 Months Too Long To Keep Search Data The Article 29 Data Protection Working Party in Europe wants search engines to commit to a much shorter period of data retention than they enjoy today.
Google Street View Becomes Driveway View While one Pittsburgh couple sues Google over its Street View pictures of their residence, another neighboring home found itself the focus of a Google camera car that drove up its driveway.
Google Dinged Over SEO Poisoning The search optimization poisoning attacks against dozens of websites continues its onslaught, with infected search results showing up in Google.
Identity Info Breaches Hitting Everywhere In 2008 Commercial businesses, colleges and universities, government offices, and medical facilities of varying sizes share the common label of being hit by identity thieves.
Another Young Cyber Criminal Eludes Jail Botnet runner Owen Walker, aka AKILL and other names, committed and profited from his role in a gang that infected over a million computers, but did so under the age of 18.
RealPlayer, QuickTime Get Urgent Updates Fixes for both products emerged to counter threats against vulnerabilities in these popular multimedia applications.
Hannaford Grocery Breached With Malware The introduction of malware into the grocery chain's network allowed outsiders to grab credit card information as it traveled from the point-of-sale to the company's back end systems.
IBM Banned From New Government Contracts An ongoing dispute with the Environmental Protection Agency led to the EPA, and all government agencies by extension, banning IBM from receiving new contracts and other federal business.
Advance Auto Parts Compromised For Card Data People who used credit or debit cards at one of 14 locations identified by Advance Auto Parts may have had that information accessed via a network breach.
Virgin Media To Strike Out Music Downloaders The British ISP plans to obey the will of the music industry by warning and shutting off accounts for individuals accused of illicit file sharing.
McAfee Feeding Volunteers Spam For A Month Fifty global volunteers armed with clean laptops and new email addresses will spend 30 days exploring the Internet while unprotected from its threats.
Euro 2008 Ticket Reseller Infecting Site Visitors It appears another code injection attack at a site reselling tickets for the Euro 2008 soccer matches put visitors at risk of a drive-by infection.
IM, P2P Attacks Persist, Pose Low Risk The immediacy of someone potentially clicking on a malicious link delivered by instant messenger or a peer to peer network conversely makes these attacks a low risk.
SafeCentral Locks Down Online Transactions Authentium's Virtual ATM concept reemerged as a secure desktop-to-web application called SafeCentral, which looks like an ideal choice to prevent identity theft.
Porn, Viagra Ads Hawk Fake Security Software A case in Washington state concerns a man using bogus security software to spam other computers via a Windows service.
NSA End Run Gave It Total Information Awareness When Congress ended funding for TIA in 2003, the Bush Administration simply packed up the pieces and sent them to the National Security Agency.
Microsoft Admits Ignoring Jet Flaw Security engineers at Microsoft ignored addressing this latest exploit for years, as they believed existing protections mitigated the threat.
Canadian Privacy, US Laws, And Google
Google AdWords Phish In The Wild Don't get reeled in by this one if you are a Google AdWords client: a new stream of phishing emails aimed at you have been hitting inboxes.
Sequoia Voting Thwarts New Jersey Investigation Discrepancies in the vote recording by machines provided by Sequoia Voting Systems for the New Jersey primary spurred calls for an investigation, one that Sequoia fought off with legal threats.
Government Digital Security Leaks, We Bleed A glacial readjustment of security priorities from the evil-outsider model to the accidental internal leaker of data leaves federal resources playing a frantic game of catch-up.
Justice Catching Up To Spammers Daniel Mascia and Robert Soloway face federal penalties for their spamming, while Robert Bentley awaits a decision on leniency in exchange for his help in tracking down botnetters.
Software Spotlighted Spitzer Shenanigans The US Government hates money laundering and anything that might indicate someone trying to evade taxes, or worse, fund terrorist activity.
Grocery Chain Bagged By Online Criminals As many as 4.2 million credit card numbers were exposed during a security breach lasting several months at East Coast grocer Hannaford Bros.
Berners-Lee: Protect Consumers From Online Tracking The man who gave the world the World Wide Web would give its users much more protection from tracking than they have today.
Google Keeps Safe With Log Data The voluminous log files Google retains on the activities of its users actually helps the search company combat threats.
Trend Micro Toasted By Hack Attack Among the many sites impacted by a massive outbreak of code injection attacks, security vendor Trend Micro suffered an embarrassing breach itself.
Massive Attack: 10,000 Pages Compromised A large scale assault on computer users began with the corruption of over 10,000 web pages through code injection. The attackers are looking for online gaming passwords.
IBM Securing Mashups With SMash IBM gives the OpenAjax Alliance a new toy to play with for securing mashup applications and safeguarding systems from malicious code.
Seven Virus Pieces In Tibet Bad puns on movie titles aside, the various components of a recently spotted computer threat uses images from Tibet to entice people to accept an attack on their systems.
Click Fraud Trojan Targets Google, Yahoo Top search engines Google, Yahoo, along with China's Baidu, received attention from the ongoing work of click fraudsters distributing a Trojan to boost ad click revenue.
Bloggies Award Site Hands Out Malware Ahead of their awards ceremony at SXSW Interactive, the website for the Bloggies received a nasty dose of code injection.
G-Archiver Swears Password Theft An Accident Testing code left within the release version of Gmail backup software G-Archiver sent usernames and passwords to a developer's Gmail account.
Microsoft Fixes Word, Excel Flaws Patch Tuesday, March 2008 edition, arrived today with new bulletins for Microsoft Office productivity programs Word and Excel.
Amazing Pentagon Breach Happened Last Summer A vulnerability in Windows found itself at the end of accusatory fingers of blame over a June 2007 Pentagon hack that led to the theft of sensitive information from the nation's defense epicenter.
Little Islands Do Big-Time Spamming Not on a scale with the worst offenders for volumes of spam, but on a per-person basis, some very small places push out a lot of junk mailings.
Pentagon Declares War On Google Mappers After Google Street View images of Fort Sam Houston appeared online, the Pentagon declared all US military installations off limits to Google's vehicles.
WikiLeaks Gets Its Domain Back Swiss bank Julius Baer backed off its legal efforts to thwart WikiLeaks, after a judge rescinded a prior order that took the company's wikileaks.org domain name offline.
Social Networking Blocks Increasing MessageLabs believes more businesses have been blocking access to social networking sites to safeguard users; companies block from 13 to 47 percent of such sites by their analysis.
Oodle Suggests Safety For Online Classified Deals Meeting a seller in a dark and distant parking lot at 3 am with a large amount of cash to complete a transaction could be a really bad idea.
Spammers Fix On Presidential Candidates For Scams Junk email based on interest in US Presidential hopefuls and other celebrities tries to hook people into handing over money.
Oxfam Charity Spoofed By Lottery Scammers You haven't won £850,000 ($1.68 million) from humanitarian charity Oxfam, no matter what an email message may tell you to the contrary.
Email, Web Monitoring Leads To Firings As security pros battle to keep their enterprises secure and sensitive data inside the network, their monitoring efforts have yielded plenty of real-world impacts.
DOJ Spoofers Spamming The Web Again Email spam made to look like an official Department of Justice message carries a payload no computer user will find just or fair.
Arsenal Fan Site Smacked With Malware The Online Gooner website picked up a nasty malware injection, filled with an assortment of malicious treats for vulnerable visitors.
AVG Says It Has It All In Security The recent arrival of Grisoft's AVG Internet Security version 8.0 throws a battery of solutions at the myriad threats on the Internet.
Criminals Stepping Up Healthcare Attacks People working in the healthcare industry need to be as aware of digital threats as anyone else. Patient data has real value to identity thieves.
VMware Bug Threatens Host A problem in the client-side Windows hosted VMWare products could let a malicious guest into the host system.
Phishers Love Online Gambling Countries with favorable laws permitting the hosting of online gambling sites also draw the attention of criminals looking for places to host phishing sites.
New Worm Same As The Old Worm We have all heard of security by obscurity, but some malware creators are opting for attacking from obscurity.
Pakistan Caused Global YouTube Problems An outage lasting about two hours took YouTube off the Internet due to an attempt by the Pakistani government to block the site.
Spammers Find Way To Abuse Auto-Responders A new trick from spammers utilizes accounts created on webmail services, with auto-responder messages established, to get junk mailings into people's inboxes.
Network Solutions, ICANN Sued Over Domain Frontrunning A filing in US District Court for the Central District of California seeks satisfaction from ICANN and Network Solutions over the latter's practice of locking up domains searched for through its site.
EFF Challenges Adobe On Flash DRM Digital rights management technology being applied to Flash will limit what can be done with streamed Flash content. The EFF questioned the practice, but we think it's here to stay.
Odd Canadian Interest In Money Laundering Online enticements to engage in money laundering appear to have a following among Canadians, thanks to certain laws in the country.
Japan Nails Massive Spammer Yuki Shiina reputedly sent more than 2 billion junk messages promoting gambling and dating websites.
Warcraft Scammers Phishing For Gold Criminals continue to plague World of Warcraft players with attempts to phish their login details and other information, and steal their gold and loot.
Trojan Poses As Hillary Clinton A purported link to a Hillary Clinton interview video leads to a malicious download, through a Google redirection link.
Happy Spamentine's Day Spam messages with a Valentine's theme reach out for the lovestruck and the lovelorn, in some cases with targeted messages.
Big Patch Tuesday Prompts Responses Security companies weighed in with opinions about Microsoft's substantial February updates.
Firefox 3 Beta 3 Released The next version of the Firefox web browser moved a step closer to full release with the formal debut of the latest beta.
Russia Acknowledged As Spam Superpower The United States may send out the most spam due to botnetted computers, but Russia has gained second place.
Valentine Malware No Lovely Gift Artistry rather than a lengthy text come-on represents the attack vector some spammers took with their Valentine's holiday mailing.
Industry Group Defining Malware Testing To fight the enemy, one has to know the enemy, and the security vendors backing the recently formed Anti-Malware Testing Standards Organization (AMTSO) wish to do that.
Adobe Patches Several Reader Issues Users of Adobe Reader or Acrobat likely witnessed updates arrive on their computers as Adobe pushed out security fixes.
Critical Microsoft Office Patches On Tap February's Patch Tuesday will have a dozen security bulletins hitting installs around the globe. Seven of the twelve received a Critical rating.
IBM Patches DB2 Flaws A couple of dodgy issues with IBM's DB2 Universal Database required attention from security engineers to thwart potential problems.
Tech, Media, Telco Companies Stink At Security Woeful preparedness for security breaches and a reactive mindset prevail among industries that collectively should really know better.
YouTube A Hit With The CIA Social media may hold something more than Star Wars kids or weeping Britney fans; it could be key to tracking down terrorism.
Swedish Viagra Sellers Boned By Cops Authorities in Sweden cracked down on seven men for operating an illegal online pharmacy that sold drugs to 65 countries.
Europe Keeps Passing Out Spam For the third month in a row, spam originating from North America trailed that coming out of Europe, at least at first glance.
Facebook May Suffer Image Uploader Flaw An unpatched vulnerability in an Active X library for an image uploading tool used by the social networking site has exploit code in the wild.
TSA Blogs The Unfriendly Skies Anyone who has to fly probably has a beef with the Transportation Security Administration and its seemingly-bizarre policies, and the initial flood of comments at the TSA's new blog demonstrated that.
Managing Risk A Risky Business Security vendor Symantec looked at IT risk management in its report on trends. Availability proved the key idea for security pros.
Digg Can Kill You With Generosity As the social media site Digg gains in membership, more people will try to hit links from its front page to a destination hosting a featured story. That could be bad.
Unbloating Vista Could Be Security Risk A frustrated Windows Vista user who turns to the vLite application to shrink the OS can pick and choose components to remove, including the Windows Firewall.
Redirection Key To Phishing Attacks More phishing efforts by criminals make use of redirection and other DNS tricks to keep investigators from tracking down their sites.
Bad Banners Hit Expedia, Rhapsody Malicious Flash banner ads appearing on the Expedia travel site, and on Rhapsody's music site, deliver unwanted programs to unsuspecting visitors.
Mozilla Prepping Firefox Chrome Fix Though Firefox users would only be vulnerable if a chrome package is flat, rather than contained in a jar, Mozilla plans a quick fix.
Snopes Pushing Popup Zango Adware Sunbelt Software's Alex Eckelberry has become tired of seeing Fastclick ads popping up on Snopes, pushing an adware-laden product.
HR Application Process May Endanger Companies It does no good to tell people not to open email from untrusted sources, much less attachments, only to have one department do so all the time.
Most Phishers Clueless, Say Researchers The use of pre-made phishing kits by less than detail-oriented phishers gives lie to the belief that phishers tend to be savvy and sophisticated criminals.
Domain Tasting Not Just For Speculators Criminal spammers using fast-flux and rockphish techniques to hide their machines from investigators also acquire and release thousands of domains in the five-day grace period allowed for domain registrations.
Authentify Wants To Rock Out-of-Band Authentication A second line of authentication could be all it takes to make a disappearing data tape with details on thousands of people worthless to whoever stole it.
Apple Altered DTrace Tool, Says Leventhal The debugging tool DTrace has been ported to Apple's architecture, but it has been changed to prevent it from being used against iTunes.
Facebook Shoots Down Gun Ads The owner of a firearms training center in Nevada had his advertising campaign on Facebook scuttled by the social networking site.
Second Life Economy, Banks Crushed People who plugged real money into the online world Second Life and its virtual banks promising rich returns have been left holding the bag.
Drive-By Pharming Now A Reality What had been suggested as a potential threat a year ago, an attack that would alter a victim's DNS settings simply by visiting a malicious web page, surfaced as a recent threat.
Master Boot Records Endangered Again New rootkits have a familiar target - the master boot record, where they can hide from detection and removal.
Storm Worm Marks One Year The massive botnet of thousands of machines co-opted by the Storm worm began around this time last year with a huge spam outbreak.
Skype Vulnerability Threatens Video Searchers Looking for video through Skype could expose a computer to a cross-zone scripting vulnerability that could lead to remote code execution.
Window Snyder Says Firefox Fixed Faster In response to a publication's comparison of Firefox and Internet Explorer fix times, Snyder showed how they missed a few key points.
Zero Day Excel Threat Vexes Microsoft Public disclosure of a newly found vulnerability in several versions of the Microsoft Excel spreadsheet program have the software company racing to repair it.
Phishers Griefing World Of Warcraft Players Criminals seeking valid players logins for MMORPGs have turned their phishing attention to the best-known presence in online gaming.
Sunbelt, Dell Unsheathe Ninja Blade An email security appliance from Sunbelt debuted on Dell's PowerEdge server line; the device takes the spam fight to the gateway and off the desktop.
MySpace Not A Source Of Microsoft Updates Bogus friend requests on MySpace led people to malware downloads purporting to be a Windows 'Automatic Update'.
Q4 2007 Spam Reached 96 Percent Of Email Global spam levels measured by Commtouch swelled through the fourth quarter of 2007, hitting a high of 96 percent of all email in October 2007.
TSA Website Slammed Over Security Flaws A blistering report from the House Oversight Government Reform Committee bashed the Transportation Security Administration over its website's failings.
Nigerian Spam Restitution Latest Scam Attempt Members of Nigerian royalty seeking help expatriating money are so five years ago. The newest scheme offer people reimbursement for their losses to 419 scams.
Barbara Moratek Leads To Malware Criminals have been packing an assortment of sites with malware and other junk, and are using the name "Barbara Moratek" to get those sites indexed by Google and others.
SQL Injection Hitting Numerous Websites Web applications have long been targeted when injection flaws could be exploited, with one automated bot stepping up its injection attacks.
Microsoft Patches Critical Vista Vulnerability The first Patch Tuesday of 2008 for Microsoft led off with only one Critical-rated issue to fix, along with an Important-rated patch for Windows.
Facebook Secret Crush On Sleazy Apps The Secret Crush/My Admirer app tossed off the Facebook social networking site required people to send it to other users, who would have to install it so the sender could use it.
Products, Scams Made In China A hot product at a wholesale price may lead shoppers to questionable websites; the unwary could have their greed turned against them.
Storm Botnet Triples In Size Holiday infections from Christmas to New Years led to the Storm botnet increasing by more than 200 percent.
Beware The Facebook Phish Compromised accounts on Facebook have enabled criminals to try and entice people into logging in to the site from a fake login page.
Trojan Malware Dials It In Getting infected by one particular Trojan will lock up the PC and try to extort the victim into calling in a payment to get it unlocked.
Spammers Use Video In Stock Scams Forget the simple plaintext email of stock symbols and Buy Now messages. Some scammers have turned to video to promote their pump and dump schemes.
Storm Worm Gets Sexy For Holidays The persistent malware pest returned in a volley of spam to thousands of email inboxes around the world.
Russians Pestered By Online Hacks Too In 2007, Russia suffered its share of online attacks, and needed to repel over 1.4 million of them this year.
Twitter Presents Reasons To Fear It The one-to-many model of "tweeting" a message to a broad group of people on Twitter could pose a challenge to the more highly paranoid security pros out there.
Internet Explorer Update Gets An Update Post-installation issues caused by Microsoft's cumulative fix for Internet Explorer this month affected a "small number of customers."
Caller ID Spoofing The Next Big Threat Some enterprising websites offer ways to spoof a Caller ID for pranking purposes. Criminals have figured out how to scam people with this spoofing in a virtually foolproof way.
Canadian ISPs Caught Up In Facebook Lawsuit Canadian company SlickCash hammered Facebook's servers for two weeks in June, the social networking site alleged in court documents.
It's Time To Block Russia And China Many security pros working in corporate environments routinely block access to sites on the Internet, for security reasons. The time has come to take the fight to the places that harbor spies and thieves.
Windows Vista SP1 Drops To Customers An early Christmas present containing hundreds of fixes for the Vista operating system popped up on Microsoft's website.
Spammers Love Free Stuff Easy registrations for free accounts on website or blog hosts, and websites with poor security, provide spammers with lots of ways to try and pull in victims.
Patch Tuesday Draws Industry Comments PC security firms offered opinions on Microsoft's December patch releases, which included three critical fixes.
Rogers Internet Injects Itself Into Google A Canadian ISP has attracted attention by tucking a little bit of JavaScript into the Internet datastream to present subscriber notification messages.
Critical IE Update Arrives Tomorrow The December 2007 edition of Microsoft's regular patch schedule has fixes for critical issues in Internet Explorer and Windows in store.
Fasthosts Hacked, Sites Taken Offline A break-in at the UK-based site host resulted in the loss of banking information and other details to criminal hackers.
Google Search Revealed A British man who purportedly vanished while canoing years ago, and turned up recently claiming amnesia, showed up in a photograph in a Google search.
Behind The Scenes: Secunia Spars With Autonomy A spat over the disclosure of vulnerabilities and patches with Autonomy's KeyView software has blown up as Secunia published Autonomy's threats against the firm.
Fake Yahoo Greetings Site Pushes Malware Greeting card spam serving as a cover for malicious downloads has been hitting inboxes recently in the form of fake Christmas cards.
AVG Picks Up Exploit Prevention Labs Roger Thompson's company, featuring the LinkScanner search results inspector, has been purchased by AVG's owner, Grisoft.
Bilked Canadian Blasts eBay Over $20K Loss A car buyer lost a substantial sum after wiring money to someone he thought was the seller but turned out to be someone who hijacked the seller's page.
MPAA Crocked For Software Copyright Violation A "University Toolkit" made available to schools to spy on network traffic for infringing content proved to be infringing itself, and embarrassing the Motion Picture Association of America.
British Firms Warned Of Chinese Threat Aggressive attacks by Chinese state organizations against business interests in the United Kingdom have the country's MI5 agency sounding an alarm.
Imperva Offers Stop Sign To Web Threats JavaScript highjacking and cross-site request forgeries threaten to make a mockery of modern Web 2.0 applications unless app providers do something to secure them.
New Zealand Rousts Teenaged Botherder The 18-year-old going by the alias 'Akill' received a visit from cops in New Zealand after the FBI pegged him as the ringleader of an international criminal group.
Free Gift Advertiser Settles With FTC The Federal Trade Commission won a settlement with Adteractive over its free gift online promotions that actually required people to pay money or participate in other promotions to be eligible.
Cyber 'Cold War' Exists With China State sponsored threats comprise part of the problems McAfee warned security pros about in their latest report on cybercrime and the threat to the government and private sector.
SANS Cites Users, Apps As Main Threat Targets Computer users and custom applications created with minimal attention to security emerged as the top two attack targets favored by criminals.
Symantec Predicts Security Trends For 2008 The ongoing Presidential campaigns by candidates for the Oval Office could be misrepresented by online criminals seeking financial gains or information from voters.
New Apple QuickTime Vulnerability Exposed A zero-day exploit in Apple's QuickTime software now has accompanying proof of concept code that can affect version 7.3 of the player.
Kiwi Finds Ripe Flaw In Windows A partially-corrected vulnerability leaves Windows users, including people running the latest version, Vista, potentially open to attack.
United Kingdom Loses Millions Of Identities An astonishing combination of poor judgment and lack of information control led to a junior functionary being able to lose personal banking details about 25 million Britons.
Firefox 3 Beta 1 Out For Testing Security updates rate among the numerous tweaks made by the Mozilla Foundation to the next version of Firefox.
China Poses Major Tech Threat To US Espionage against corporate and government systems in the United States and Europe represents only one portion of the Chinese threat to critical technology infrastructures.
Smartphone Security Concerns Slowly Arriving A rise in threats to smartphones, as their capabilities have approached those of a typical laptop computer, looks like a credible problem in the future of mobile platforms.
YouTube, GeoCities Used Again By Spammers Malware attacks using YouTube and GeoCities as fronts for phishing scams have been spotted in the wild.
Apple Plugs Holes In Tiger, Safari A massive 41 bugs needed attention from Apple engineers to correct them in a round of security fixes for Mac OS X Tiger and the Safari web browser.
Swedish Embassy Email Hacker Busted Police hauled off Dan Egerstad for questioning over his publishing of email account information belonging to government entities.
Jarring Firefox Exploit Endangers Google Accounts Through the use of a malicious .jar file, an attacker could grab details of a victim's Google Account, and the flaw enabling this has been known for months.
Notes: Patch Tuesday And Remote Management The mildest patch update from Microsoft since it skipped one in March 2007 took place this week, and LANDesk launched its Gateway Appliance for managing patches and other updates for remote devices.
Government Wants To Redefine Privacy Forget about anonymity. A highly-placed government intelligence official thinks it's time for Americans to get used to domestic spying.
Botnet Master 'Acid' Busted By Feds A plea agreement by John Kenneth "acid/acidstorm" Schiefer for his role in cracking 250,000 PCs likely made him the first person indicted for wiretapping by botnet.
Alicia Keys Victimized By MySpace Hack The injection of a large image background on a page full of rich media content from the Grammy winning musician included a link to a malware server in China.
Whistleblower Lobbies Against Telco Immunity Mark Klein has been at the epicenter of a class-action lawsuit against AT&T to determine if they illegally wiretapped millions of Americans and shared their findings with the National Security Agency.
Alert Logic Automates Log Management The company's latest service, on-demand log management, arrived to complement Alert Logic's product line.
Salesforce.com Falls For Phishing Attack Software as a Service took a credibility hit as news emerged of a successful phish against a Salesforce.com staffer, which resulted in a loss of data to criminal spammers.
Microsoft Vexed By Macrovision Zero-Day A critical flaw in the secdrv.sys driver affects some versions of Windows, but Macrovision has a fix available.
Commtouch Offers New Malware Outbreak Center Email security company Commtouch unveiled its Malware Outbreak Center and associated tools today, to provide a look at various aspects of spam and viruses.
Spammers Exploiting Advanced Google Search No one should be feeling lucky with spam that sends them to a purported retail site via the use of advanced search operators in Google.
Feds Contend Email Privacy Ends At The ISP The Sixth Circuit will hear an appeal by the US Government that seeks to treat email as being outside the usual Fourth Amendment protections against unreasonable search.
Firefox Quietly Updates To 2.0.0.9 Several previously fixed items regressed to an unfixed state in Firefox 2.0.0.8, requiring Mozilla to quickly release a new version.
Presidential Hopefuls Threaten The Browser Criminals who are registering domain names that resemble legitimate websites for campaigning Presidential candidates hope to infect visitors with malware.
Macs Victimized By Naughty Video Trojan The Mac platform received unwanted attention from a group of professional malware writers, who crafted a Trojan and placed it on several pornography sites.
Gmail Close To Spam Fighting Perfection Although Google sees about 70 percent of incoming mail to Gmail users as being spam, less than a percent of that junk makes it through their filters to recipients.
Melissa Strips For Captcha Translations Some enterprising malware creators have created an enticing piece of software to help them break common captcha schemes on Yahoo's sites.
Trailing A Spam Transaction A security researcher at CA took a trip through a typical spam offer, by making a purchase to see how the pieces of a scam all fit together.
House Committee Screws Up Whistleblower Email Someone accidentally sent an email containing all the whistleblower email addresses to the entire list of addresses that submitted tips about abuse in the Justice Department. Then it gets worse.
NVidia Chip Helps Vista Password Cracking Elcomsoft didn't need Blue Gene or a similar supercomputer to speed up their password cracking 25 times faster. They needed a GeForce 8800 Ultra off the shelf.
Teens Online No Big Deal To Parents People with teenagers may not think the Internet is as good for kids as they thought it was a couple of years ago, but they don't think it's any worse, either.
Anonymity Leaves Usenet Providers GigaNews and Usenet Server have made changes to their terms of service, quietly removing references that touted the anonymity features for their subscribers.
Malicious PDFs Try To Exploit Adobe Flaw Fixes for Adobe Reader and Acrobat versions 8.1 or prior need to be installed to mitigate a critical vulnerability and the exploits flying around the Internet trying to penetrate those flaws.
Anonymous On Craigslist? Maybe Not One security researcher found his interest in one particular post on Craigslist piqued so much, he decided to try and track down the poster.
OiNK Torrent Tracker Slaughtered By IFPI Invitation-only music tracker OiNK.cd has been shut down, with its 24-year-old administrator arrested in Britain in connection with the investigation.
Boo! Halloween Spam Arrives Holidays have always been a favorite time to try and scam people, and the fall party that is Halloween is no exception.
Mozilla Releases Firefox 2.0.0.8 Automatic update screens should be popping up for Firefox users, as a new release of the browser with security fixes and Mac OS X Leopard support arrived online.
Social Networking Means No More Secrets A social networking profile only contains what its owner adds to it. In this modern Internet age, some people put in way too much information and endanger themselves.
Insiders And The Risky Business Of Security One person with an administrator password and access to critical systems can cause chaos within a business.
The Absolute Poker Kerfuffle A losing player at an online tournament at Absolute Poker asked for, and received, a hand history file from the site. The file showed the tournament winner either had the most amazing run of luck in the history of the playing card, or that someone helped the winner see hole cards.
Storm Botnets Using Encrypted Traffic A 40-byte key used to communicate with specific nodes on a Storm botnet could be a harbinger of an even greater Storm threat.
Yowza! Oracle Has 51 Patches Pending Microsoft gets way too much blame for needing lots of patches for their products; Oracle will ship 51 fixes for its products in October.
Stuff The Military-Industrial Complex Should Use An embarrassing breach of Department of Homeland Security computers from a Chinese site has at least one Congressman fuming, and the rest of us wondering what $1.7 billion buys in security these days.
Word Exploiter: Hi, I'm A Mac An attack targeted at a newly-patched flaw in Microsoft Word came from a document created on an Apple Macintosh.
International Websites Plagued By Attacks Government websites in the US and abroad suffered hacks that caused them to point to pharmaceutical and adult content sites.
Russian Spammer Gunned Down The murder of Alexey Tolstokozhev ended with a calling card - a final head shot by the killers.
Critical Fixes Arrive For Outlook Express, Word, IE Patch Tuesday may as well have arrived with a siren screaming, considering the fixes needed for three of Microsoft's most widely used products.
Ca.Gov Shutdown Avoidable, Says DNS Inventor Dr. Paul Mockapetris had some comments to make after the federal General Services Administration caused California IT pros grief with a shutdown of their domain record.
Election 2008 Faces Cybercrime Risks The various threats that plague users of technology could be a problem for the people who want to settle in to 1600 Pennsylvania Avenue with an election win next year.
Prof's Laptops Stolen At Carnegie Mellon Two laptops were removed from a locked office during the first weekend of September at Carnegie Mellon University; these laptops contained personally identifying information about students.
Hallmark, YouTube Vexed By Spammers Malicious greeting card payloads and abuse of YouTube's 'invite-a-friend' email feature have posed issues for everyday users and security pros.
Got AV? Maybe You Don't Having antivirus software installed on a system is not the same as having an updated antivirus solution in place; surprisingly, some people don't understand the difference.
Critical Fixes Coming For Office, Windows Microsoft's regularly scheduled monthly patches arrive on Tuesday with fixes for issues rated Critical in the Windows operating system and the Office productivity suite.
Ca.Gov Domain Still Plagued By Spammers The kerfuffle that erupted when the General Services Administration evaporated California's ca.gov domain still hasn't yielded a full cleaning of that domain's websites.
Feds Deleted California's .Gov Domains What started as an action to correct a hacked website from redirecting traffic to a porn domain ended up with the entire ca.gov domain being deleted.
Criminals Hitting Inboxes With Housing Spam Scams on the rise in September aimed at taking advantage of a drop in interest rates by soliciting personal information for housing-related "offers."
The Biggest Enemy Of Security Pros Chinese spies and Russian profiteers may be near the top of the list of what vexes security professionals the most, but user apathy has to be considered too.
Feds Crack Down On Spyware, DDoS Perps Media Motor has been shutdown by the Federal Trade Commission as part of a settlement, and a 21 year-old male from California was arrested in connection with a DDoS attack on Castlecops.
Gap Has One: 800,000 Identities Stolen A stolen laptop was at the center of the latest episode of massive identity theft when a contractor working for Gap clothing reported the loss of the device.
ABN Amro Data Leaked On P2P The use of a P2P program on a computer in ABN Amro Mortgage Group's network revealed over 5,000 security numbers to unknown parties.
Phishers Bait People With IRS Refunds The latest scam making the rounds of inboxes promises refunds of $109.30 from the Internal Revenue Service, directly to one's Visa or MasterCard debit card.
Shocking: Hackers Could Crack Electrical Grid The Department of Homeland Security was so alarmed at the emergence of a video of a generator being hacked remotely, they asked CNN to withhold certain details about it.
Beware The Gmail Filter Attack An issue with Google's Gmail service could lead to one's email with attachments being quietly forwarded to a third party.
Google Preaches On Privacy Again The search advertising company followed up an earlier video about general practices like the use of cookies and IP addresses to improve search results with another video about their personalization and privacy tools.
Spammers Opting For Text Again Image and PDF spam have been on the downturn, with plain old text and a tricky use of the mailto tag arriving in pump and dump spams.
DHS Blasts Unisys Over Chinese Hack They have sent the FBI after Unisys to find out why a $1.7 billion contract to provide security for Department of Homeland Security computers failed to do so.
Shavlik Goes Google For Patch Gadget A new gadget for systems with Windows 2000 SP4 or Windows XP SP2 running Google Desktop arrived from patch management software maker Shavlik today.
Apple Used In Money Laundering Scam Apple has been victimized by job recruitments for freelance financial representatives in Europe that lead to a counterfeit Apple reseller site.
Webmasters Shouldn't Be Insecure Various injection attacks against websites have compromised some and turned them into covert malware distributors. Google has a few tips on keeping sites safe.
Firefox Updated, Fixes QuickTime Flaw Apple has yet to patch a critical security vulnerability in QuickTime, but the latest update to the Firefox browser protects its users from an exploit of that issue.
Monster Breach Extended Into Fed Jobs Bank USAjobs.gov, managed by the federal Office of Personnel Management, has been warning its users that the attack on Monster.com also exposed their personal information.
Iran Blocks Google Iranian web surfers have been unable to reach Google or its services like Gmail, thanks to active blocking by the government.
Microsoft Calls Stealth Updates Necessary Although a Windows user may opt to not have updates applied automatically, the Windows Update service can and will grab its own updates, a practice that raised some security pro eyebrows.
Governments Stink At Protecting Computers Countries besides the United States have complained of attacks by Chinese hackers, some of them successful.
Microsoft Goes Light On Latest Patches Only one Critical issue emerged with this month's security bulletin from Microsoft, along with three other Issues rated Important.
EU Official Wants Bomb Queries Censored Search engines that can connect dangerous people with details on bomb-making should not be able to provide those results, according to the European Union's top security official.
China Preps Cyber Attack On Carrier Groups Detailed plans to cripple a pair of US aircraft carrier battle groups through electronic warfare are just part of China's ongoing attacks against targets in the US and other countries.
Something Strange About AdsOnCraigs A software package aimed at people who want to manage multiple listings on popular classifieds site Craigslist should be viewed with suspicion by potential buyers.
PDFs Down, Greeting Cards Up In Spam The massive crush of PDF spam that had filled inboxes in early August, but receded dramatically through the month.
Rutkowska, McAfee Sparring Again Joanna Rutkowska, creator of the proof-of-concept Blue Pill malicious hypervisor, and security firm McAfee, have posted points and counter-points about the direction of the security industry.
Pfizer Exposes 34,000 To Identity Theft It's the third breach of data security this summer for pharmaceutical giant Pfizer, and the Connecticut Attorney General wants answers.
China Accused Of Pentagon Cyber Espionage Beijing's government has denied involvement in a June incursion into the Pentagon's computer network.
Trend Micro Targeted By Phishing Scam A just-arrived spam claimed "Your Money on Bank Account has Been Stolen" and provided a link to a Chinese site for a free trial of "TrendMicro AntiSpyware."
Windows Vista SP1 Arrives In Beta Microsoft's heavily touted, latest version of Windows finally gains a much-needed service pack, but it's still just a little out of reach.
Blogger Users Under Storm Advisory The Storm worm has been appearing in comments on blogs hosted on Google's Blogger platform.
PDF Spam Scourge May Be Over Criminals using PDFs as a way to slip spam and Trojans to email recipients may be backing off their once-heavy usage of the PDF to do so.
Sony Has Another Rootkit Issue It's not Velvet Revolver CDs at risk this time, but USB sticks distributed under Sony's name that show up with hidden software.
Double V Could Be Double Trouble Using a pair of Vs to make a W in a URL could lead to troubling results for the unwary web surfer.
iPhone Cracker Swaps Phone For 350Z George Hotz managed to unlock an iPhone so a T-Mobile SIM card would work in it and connect Apple's mobile phone product to that network.
US Searchers Kept Out Of TorrentSpy Anyone in the US who still uses TorrentSpy will want to find alternatives, as the search site no longer welcomes visitors from US IP addresses.
Mobile DoS Threats Enabled By Flaws Researchers have found several ways that a persistent attacker can cause problems for users of a wireless phone network.
The Wrap: Fujacks, E-Cards, And Google Gamers who were infected with the Fujacks worm should be pleased to know four people have been charged with creating and distributing it online.
Monster.com Recruiter Accounts Compromised Job hunters on Monster who have posted resumes may have had their personal details exposed through phished recruiter accounts, which would permit criminals to browse hundreds of thousands of profiles.
Haste Urged With Latest Microsoft Patches Those who have not updated their PCs with recent patches from Microsoft for VML and for Excel risk having flaws in those vectors exploited by attackers.
Internet Gunned Down Near Cleveland Someone shot up a fiber-optic cable and caused significant Internet slowdowns throughout the US on Monday.
Monster.com Visitors Victimized By Malware Malicious ads appearing on Monster and other job sites have led to Trojans being placed on job seekers' computers, leading to thousands of cases of identity theft.
ZoneAlarm Affected By Several Flaws Check Point Zone Labs was forced to patch a number of vulnerabilities with its products, including their firewall and anti-virus software.
Storm Gang Offering Fake Microsoft Tool A component called Microsoft Data Access allows applications to connect to various data sources, but the one being offered by scammers will drop a worm onto a PC.
McAfee Helps Efforts Against Domestic Violence The security company has been working with the National Network to End Domestic Violence's 'Safety Net' program, and educating law enforcement and others about the role of spyware in these cases.
Info Theft Threats Will Rise Through 2007 The last half of the year looks like it will be accompanied by a continued rise in information stealing malware.
Microsoft Fixes Another Vista Problem Nine security bulletins from Microsoft for its 'Patch Tuesday' monthly update included fixes for several critical vulnerabilities in their software. One of the fixes covered a problem in the newest Microsoft operating system, Vista.
More Facebook Code Emerges A couple of days after publishing the home page source code for Facebook, the bloggers behind Facebook Secrets revealed the source code for search functionality on the social networking site.
Facebook Opened Its Source Code Anyone with a fascination for seeing a PHP-powered page make calls to a bunch of PHP scripts got an eyeful from social networking site Facebook over the weekend.
United Nations Website Defaced Attackers used a SQL injection attack to deface the United Nations web page containing speeches by its Secretary-General, Ban Ki-Moon.
New Cybersecurity Laws A "Waste of Time" Roger Thompson of Exploit Prevention Labs took a few minutes to talk about botnets, foreign security threats, and the likelihood new US laws on computer security will have any effect.
Pearl Jam Hit By AT&T Censorship A webcast of Pearl Jam's Lollapalooza performance suffered some censorship at the hands of AT&T's content monitor.
Google Uses YouTube To Explain Privacy A video produced by the search advertising company explained some of Google's most basic privacy practices.
Storm Worm Surging Again Electronic greeting card spam has been the most recent way criminals try to infect people's computers with botnet software.
Mozilla Clarifies Ten Day Claim Even though it seems like Mozilla cranks out its patches in record time, the truth is it usually takes longer than ten days to test and evaluate patches for products like Mozilla.
Dateline Producer Cracked At Defcon Defcon 15 enjoyed the attentions of a would-be undercover Dateline producer, whose escapades at the conference ended with her being asked to leave the Las Vegas gathering.
Security Pros, Beware Of No-Tech Hacks Focus too much on Metasploit and application exploits, and you may be too engrossed to pay attention to the guy wearing a jumpsuit and carrying a toolbox.
Malware Count Will Reach 300,000 A troublesome milestone rests on the horizon, as McAfee expects to record the 300,000th unique piece of malware very soon.
Brazilian Spammers Hit MSN Users A new greeting card spam hitting people using Microsoft's MSN Messenger will drop a Trojan with similar characteristics to a notorious family of bank credential stealing Trojans.
Lost Cellphones Add Up For Owners We worry so much about software security, be it applications or operating systems, that it's easy to forget softer targets like cellphones. Losing one can have consequences beyond mere inconvenience.
Google Zaps Malware Spam Blogs A large number of Blogspot blogs appeared in July, toting malicious JavaScript and sending visitors to some seriously undesirable content and malware.
Publicizing Software Flaws Still Controversial To disclose or not disclose publicly has been a topic for security professionals in the technology realm for some time, and both points of view could be correct.
Zango Still Misbehaving, Says Researcher Spyware researcher Ben Edelman has been following Zango's software installation practices before and since their November 2006 settlement with the FTC, and found the company still doing some questionable practices.
YouTube Plans Video Fingerprinting Lawsuits from several organizations about copyright infringing videos appearing on YouTube has Google's video service readying a screening solution to stop them from being uploaded.
Personalized Spam May Lead To Infection Social engineering through data mining allows criminals to make their email come-ons look legitimate, but visiting included links could lead to a system being compromised.
Apache Neglect Leads To Problems It's difficult to imagine a responsible webmaster leaving the core server software unpatched when fixes for exploits emerge, but that seems to be happening on a number of legitimate websites.
Firefox Fixes FileType Flaw A serious zero-day flaw in Firefox on Windows XP could allow local programs to be executed after certain URLs launch the wrong handler in the system.
Beware Of Natalie From Facebook There may have been a real Natalie behind the social engineering scam found by a McAfee researcher, but her Facebook connection is a total fake.
EFF Smacks Universal Music Over DMCA A short video of a toddler dancing to part of Prince's 'Let's Go Crazy' got yanked from YouTube after Universal complained about copyright infringement.
Fox News Gaffe Revealed Personal Data As many as 1.5 million email addresses may have been revealed to visitors arriving at an unsecured FTP server courtesy of a login left available by an error on the Fox News website.
Microsoft Helps Shutter Chinese Counterfeiters The FBI and Chinese authorities wrapped up a syndicate that may have put more than $2 billion in counterfeit Microsoft products into circulation.
Fox News Forgets About Directory Security Most webmasters prefer not to allow visitors to browse their directory structures, but somebody on the Fox News online staff forgot this step.
Maiffret Talks REM, Apple, And Black Hat eEye CTO Marc Maiffret chatted with SecurityProNews ahead of his firm's release of their hardware appliance for managing security and asset vulnerability assessment ahead of the Black Hat conference.
eBay Scammers Working Hard Against Sellers Beware of aggressive attempts by Nigerian scam artists who work somewhat sophisticated ploys to separate people from their merchandise without paying.
Opera Updated To Fix BitTorrent Flaw A problem in Opera 9.2 could allow a malicious torrent to cause the execution of arbitrary code with the local user's privileges.
Phishing Quiz Tests Its Takers An online quiz hosted at McAfee's SiteAdvisor website challenges people to pick out authentic sites and messages from pairs of real and fake ones.
Disney Victimized By Account Data Thief Credit card numbers and other personal information made their way to undercover investigators from an order processing subcontractor for the Disney Movie Club.
Oracle Releases Numerous Critical Patches Products ranging from databases to application serves and the PeopleSoft product line required a vast number of security fixes.
Firefox Fixes Flaws, Releases 2.0.0.5 An issue with the firefoxurl URI handler has been corrected by the Mozilla Foundation, which began pushing out a patched version of Firefox 2 to its users.
Safari Calls On iPhone Endanger Users Apple has been working on fixing an issue with the iPhone's native Safari web browser, where dialing a number from a page displayed in Safari could be exploited.
Overflow Problem Spotted In Yahoo Messenger A specially crafted address book entry in Yahoo Messenger could cause the product to crash, and may present an arbitrary code execution problem.
Several Flaws Fixed In Flash, Java The presence of the Flash Player and the Java Runtime Environment on millions of PCs worldwide makes them a massive target for attackers.
EFF Uncovers FBI Abuses In Documents The Electronic Frontier Foundation published hundreds of FBI documents obtained under the Freedom of Information Act; some of those documents revealed requests made for phone records when no court order supporting the request had been filed.
Boeing Employee Busted For Stealing Data Gerald Eastman claimed his downloading and dissemination of Boeing documents over a couple of years amounted to whistle-blowing, not theft.
Storm Botnet Driving PDF Spam The latest plague of spam arriving in PDF attachments probably comes from a stunningly huge botnet operated by some familiar names.
AP Easily Grabs Sensitive Military Documents Associated Press found it could obtain a number of sensitive military documents from file servers simply by connecting to them.
Apple Patches QuickTime Vulnerability A remotely exploitable problem in QuickTime's SMIL file processing integer handling could lead to overflow conditions.
FTC Spam Summit Opens Today Microsoft and Yahoo will be among the panel participants at the Federal Trade Commission's two-day Spam Summit in Washington DC.
Firefox To Fix Handler Vulnerability A problem with the 'firefoxurl' URI handler had been partially blamed on Internet Explorer's failure to properly validate input sent to the handler. Mozilla plans to fix its component.
Stock Scammers Spam SEC Lawyer The penny stock pump-and-dump scheme run by two Texas men used zombie computers to push out their spams.
Firefox Process Enables IE Flaw Both the Internet Explorer and Firefox browsers are to blame for an input validation problem similar to one seen in Apple's Safari browser.
The Trojan That Talks Trash A new trojan making the rounds will taunt its victims vocally as it deletes files from a compromised PC.
Fraud Spam Continues To Rise Levels of scam and fraud spam persist in harassing email users, as Symantec's monthly spam landscape report showed an increase in those junk messages.
Three Critical Patches Pending For Microsoft The advance notification from Microsoft for its next patch release showed six patches, three of them for Critical issues, are on tap for July.
Card Scammers Act Like Robin Hood It may be hard to believe, but some Internet-based credit card thieves have been making charitable contributions of small amounts to verify if a card is valid or not.
Free iPhone Sites Full Of Spam You get what you pay for, so the saying goes, and those expecting a free Apple iPhone in exchange for filling out a form are getting plenty of junk email in return.
iPhone Fakery In Circulation A trojan-driven phishing site offering non-existent iPhones for sale serves only to part the unwary from their cash.
Fake DOJ Messages Hide Trojans Spam messages claiming to be from the Department of Justice have been hitting inboxes and bringing along a Trojan downloader.
Undetectable Rootkit? Prove It A quartet of security researchers want Joanna Rutkowska to build a version of her Blue Pill rootkit and show it can be made undetectable.
Harry Potter And The Annoying Worm Along with the fifth movie and the seventh book about JK Rowling's young wizard, a worm is coming to unwary PC users.
Facebook Tightens Up Security The ability to do a kind of advanced search on Facebook could have revealed information from private profiles to anyone who knew how to look for it.
PDF Spam Pumps Stock Scam A classic pump-and-dump stock scam has been hitting inboxes, with PDF messages containing image-based stock spam.
Keep iPhone Security In Mind Before plunking down $499 or more, plus AT&T's plan charges, for a shiny new Apple iPhone on Friday evening, be sure to remember that the Internet aspect of the device could be targeted by malicious attackers.
WordPress Vulnerable To Custom Field Uploads Those who have not upgraded WordPress to 2.2.1, or WordPress MU to 1.2.3, should do so to help mitigate a newly disclosed vulnerability.
CNBC Million Dollar Challenge Contested Various stock-related shenanigans may have influenced the results of a contest on CNBC, with a $1 million prize at stake.
Homeland Security Suffers Hacks Scores of attacks against Department of Homeland Security machines led lawmakers on Capitol Hill to lambaste the Department's CIO.
McAfee Predictions Mixed To Date The computer security software company made some predictions for 2007, and nailed some of them while missing on others.
Google Publishes Safe Browsing API Developers can connect to Google's blacklists of websites through the use of a newly launched API and use it to help protect application users.
The Horror Of Spyware Coding Horror's Jeff Atwood ventured onto the Internet in search of no-cd game patches for a fresh re-installation of Windows XP SP2, and got nailed by a drive-by malware installation.
Malware Pummels Italian Websites A major attack in Europe has hit sites in Italy particularly hard, with cracked websites now hosting code leading to drive-by malware downloads.
Yahoo Webcam Exploits Emerge A pair of zero-day exploits for part of Yahoo's Messenger service can cause arbitrary code execution at the user's level of access.
Smog: Spam Comes To Games While the issue of spam in multiplayer online games isn't as massive as the general spam problem, there are spammers who plague gamers with their ads for services.
Symantec Ghost Spooked By DoS Flaws Symantec had to patch a bunch of problems with its Ghost Solution Suite to fend off possible denial of service exploits.
Google Earth Helped Alleged Terrorists The schemers behind planning a plot against JFK International Airport used Google's sophisticated mapping tool to help them.
Image Spam Persists As A Problem Messaging security firm MessageLabs said image spam accounted for between 15 and 20 percent of the volume of spam seen in May 2007.
ISPs, Users Slammed For Botnet Problem Frustrated security professionals want to do something to stem the tide of computer botnets, and suggest among other ideas that people should need to get an Internet license before they surf.
Anti-Forensics Thwarts Investigations The bad guys who can do the most damage to a network aren't bashing their way through the front door, but slipping in with what look like legitimate deliveries. They are sticking around undetected as well.
Spammer Bust Could Lower Junk Email Robert Alan Soloway has been a fixture on the Spamhaus list of prolific spammers, but now he'll be known as "defendant."
YouTube Fixes Privacy Issue What had appeared to pose a serious privacy concern with YouTube and observed by several people for about a month has been corrected.
Social Media Threatened By Malware As Conde Nast and regular web surfers discovered on Reddit last week, a promoted story could be linked to a drive-by download of malware online.
Child's Disappearance Fuels Scammers The vanishing of Madeleine McCann from a Portuguese hotel spurred an effort to fund her search, followed by the attempts to exploit her abduction for financial gain.
Trojan Injects Fields Into Secure Forms People who do any sort of online secure access need to be aware of an even more insidious threat to them via infected machines.
Microsoft Wants To Learn Your Life Through the wonders of technology, Microsoft thinks it can figure you out based on your web browsing history.
Turkey Trashing Australian Websites Malicious hacking activity affecting websites in Australia has been originating mostly from Turkey over the past eight years.
Spam Is Up, Few People Care The amount of spam peppering inboxes has increased, but fewer people are bothered by the endless parade of phishing and stock scams.
Sophos Finds A BadBunny A low-threat worm affecting the OpenOffice productivity suite arrived at the offices of security firm Sophos, complete with a pornographic bunny suit picture attached.
MSDN Touting Silverlight Security Developers commenting on the security model for Microsoft's Silverlight application development platform have extolled its virtues.
Google Debuts Security Blog Online security efforts at the world's dominant search engine will be the focus of posts from Google's researchers on a newly created Online Security blog.
Microsoft Offers Two Office Security Tools A pair of new tools from Microsoft could help mitigate threats from attacks that target Office and component programs like Word and PowerPoint.
Symantec Crashes Chinese Computers The company's Norton antivirus product declared a couple of important Windows components to be malware after a flawed signature update.
|