German Court Mandates Wi-Fi Lockdown
German citizens who use wireless Internet connections will need to secure them from now on or face a penalty. The Federal Court of Justice (which is effectively Germany's Supreme Court) has decided that people who fail to secure their connections should face fines of up to around $125.
Facebook Becomes A Favorite Target Of Phishers
Due to widespread concerns about its thoughts on users' privacy, Facebook has been under all sorts of fire lately, facing criticism from U.S. senators, European data protection authorities, and many tech experts. Now, yet another problem's cropped up, as Facebook's been called a top target of phishers.
Sophos Assuages Fears Over Khobe Threat
Straight from Sophos, there's good news regarding a security threat called Khobe: simply put, it isn't much of a menace at all. Headlines comparing it to an 8.0 earthquake or claiming that standard security measures are useless have little to no bearing on the reality of the situation.
Flaw Found With Facebook Instant Personalization Service
It may once again be time to go over your Facebook profile and make sure nothing too personal is written there. In addition to untrustworthy acquaintances and outright scammers, users now apparently have to worry about security holes introduced by the new "instant personalization" program.
Twitter Follow Bug Temporarily Hobbles Site
Mischief-makers had more than a little fun at Twitter's expense today. The discovery of a bug that let users manipulate which accounts followed them led to all sorts of hijinks, and Twitter eventually had to reset everyone's following/followers lists in order to fix the problem and undo all the damage.
Symantec Makes Two Acquisitions
In exchange for a good deal less than $400 million, Symantec is becoming a bigger, better security company. Symantec announced yesterday that it has acquired GuardianEdge and PGP Corporation for about $70 million and $300 million, respectively.
China Drops Off "Dirty Dozen" Spam List
With stories concerning the cyberattacks on Google and other companies still popping up on a regular basis, this may come as something of a surprise - or even seem wrong - but new data from Sophos indicates that China isn't a huge source of spam. Indeed, China's name didn't even appear on a new list of the top twelve spam-relaying countries.
Scareware Becoming A Bigger Threat
Most people have been there: your antivirus software alerts you to a problem, you say something unprintable, and then you click whatever button offers the best chance of resolving the matter. The problem is, fake antivirus programs are becoming more common and trickier.
New Malware Scheme Targets iPad Owners
iPad owners and all-around Apple fans can take comfort in one fact today: the iPad isn't technically affected by a new problem. However, iPad owners who also own PCs running Windows have been targeted by a fresh scheme meant to create a backdoor and steal important info.
McAfee Offers Fixes, Talks Compensation Following Bad Update
A well-known computer security company is working hard this week to salvage its reputation. After issuing a software update that effectively disabled many computers, McAfee's worked out several ways to solve the problem, indicated that it will reimburse people who spent money getting their PCs fixed, and offered subscription extensions.
New Mac Malware Variant Detected
Yesterday, Elinor Mills published an interview transcript in which hacker Marc Maiffret said, "[T]he Apple community is pretty ignorant to the risks that are out there." Today, one of those risks was made much harder to overlook, with a new variant of malware getting identified.
U.S. Cyber Command Nominee Discusses Policies
While it's difficult to draw too many conclusions from it - a number of important questions are only answered in a classified supplement, and laws on the subject are still being established - a new document quoting an Army general has shed some light on how the U.S. military views the issue of cyber warfare.
Postini Discusses Virus, Spam Trends
The latest spam and virus report from Postini has arrived, and believe it or not, the news isn't all bad. Postini found that spam volume fell by an impressive 12 percent between the fourth quarter of last year and the first quarter of this one.
Apache Foundation Hit By Targeted Attack
The Apache Foundation, a nonprofit organization that supports open source software projects and is itself supported by important companies like Google, Yahoo, Microsoft, HP, and Facebook, has been attacked, and the Apache Infrastructure Team warned people today that some passwords were compromised in the process.
Microsoft Schedules Major Patch Tuesday
It's likely that at least a few Microsoft employees had to work overtime in preparation for tomorrow's Patch Tuesday activities. The company's supposed to release 11 security bulletins in order to address 25 vulnerabilities, which may send signals about both its dedication to fixing stuff and the state of some popular software.
Whole Foods Scam Hits Facebook
It's a known fact that people tend to let their guards down when using social networks. Also, Whole Foods enjoys a positive reputation, and free stuff has a definite draw. Unfortunately, a new scam on Facebook capitalizes on all of these truths.
Majority Of New Malware: Banker Trojans
Unfortunately for the rest of the world, PandaLabs has determined that malware makers are still hard at work. And unfortunately for everybody's finances, malware makers aren't content to churn out little "gotcha" tricks, instead focusing more than anything on banker Trojans.
Chinese Hackers Thought To Be Back In Yahoo Email Attack
It's not hard to imagine that, sooner or later, computer experts outside China might choose to reinforce the Great Firewall (in an attempt to keep Chinese hackers contained) rather than fight it and support free speech. And it's not hard to imagine that they'd do so in the near future, considering that Chinese hackers have been accused of going after key individuals yet again.
Symantec Discusses Password Use In The Security Community
One of the problems of covering security-related surveys is that the participants often aren't representative of SecurityProNews readers; it's a good bet that you guys are a lot more cautious than the average individual. But readers of Symantec's Security Response blog were recently quizzed, and their approach to dealing with passwords seems worth repeating.
Fake Antivirus Software Spreads On Facebook
Marketers have determined in study after study that social networks are powerful things; a recommendation from a friend can be worth incalculably more than a bunch of random emails or even proper commercials. Facebook users should watch out, then, as a security firm's determined that fake antivirus software is on the loose.
Computer System Hack Leads To Disabled, Honking Cars
As if regular hacking wasn't bad enough, a man in Texas took it upon himself to illegally access a computer system and then go after over 100 people's cars. Customers of Texas Auto Center were affected as their vehicles began to honk incessantly, or worse yet, not start.
More Evidence Discovered Of Vodafone-Mariposa Problem
Europeans who have recently purchased a specific sort of smartphone from Vodafone might want to keep it far away from their computers (or run some virus scans if it's too late for that). Today, a researcher announced that he's found the Mariposa botnet client preloaded on a second HTC Magic device.
Iran Cracks Down On Alleged U.S. Cyber War Network
Whether or not the American government knows it, we've apparently gone to (cyber) war. Iranian authorities claim to have arrested 30 people who were part of an online conspiracy, and they've attacked 29 sites that were supposedly backed by the U.S., too.
AVG Offers LimeWire Users Improved Protection
Given that file-sharing does indeed involve the sharing of files, it can be a dangerous practice, resulting in the spread of malware. Security experts should be pleased to hear, then, that LimeWire has teamed up with AVG to give its "Pro"-level users an additional layer of protection.
Jail Sentences Not Certain For Mariposa Botnet Authors
Although the three men believed to be behind the Mariposa botnet were recently identified and arrested by Spanish authorities, it looks like they may avoid serving any jail time for their online trespasses. Spain's cybercrime laws are quite weak at the moment.
McAfee: Intellectual Property Poorly Guarded In Aurora Attacks
Google and the other companies that were affected by Operation Aurora had some commendable security measures in place, according to a new report from McAfee; you might consider them the virtual equivalents of steel doors with reinforced hinges. However, it turned out that the companies might have left their internal safe doors unlocked.
Open Identity Exchange Launches
Online identity theft might become less of a problem in the future thanks to the efforts of Google, PayPal, Equifax, VeriSign, Verizon, CA, and Booz Allen Hamilton. Today, these organizations announced the formation of the Open Identity Exchange (OIX).
M86 Security Finds URL Filters, Anti-Virus Scanners Ineffective
New data from M86 Security corroborates the widely held idea that anti-virus scanners and URL filters won't save careless Web users. Indeed, the security company estimates that more than half of all threats can evade these two means of detection, leaving people at risk from lots of nasty stuff.
Qualys Introduces Malware Scanner For Sites
The beta version of a free service has become available to help website owners keep their properties safer. QualysGuard Malware Detection is designed to scan sites for malware infections and other threats, regardless of sites' size or the site owners' physical location.
Google Attack Traced To Chinese Schools
The physical sources of the online attacks that targeted Google, Yahoo, Adobe, and many other organizations have been fairly well pinpointed, according to a new report. The supposed starting points: computers at two Chinese schools.
New Kneber Botnet Tied To 75,000 Systems
This may turn into an unplug-your-computer-and-pay-for-everything-with-cash kind of day for some security experts. NetWitness announced this morning that it's discovered a new ZeuS botnet affecting 75,000 systems in 2,500 organizations. Social networks, financial systems, and government organizations are all thought to have been compromised.
M86 Security Documents Increases In Spam, Attacks
This may not come as shocking news - the trend has been acknowledged and recorded for years - but it's becoming less and less safe out there, according to a new report from M86 Security. Increases in problems related to spam, zero-day vulnerabilities, URL shorteners, and Twitter were all recorded.
Kaspersky Patents Hardware Security Solution
Even if unobtrusiveness is a desirable trait in security solutions, the average person is likely to feel more confident in something he can see and feel than mere software. Kaspersky could be onto something, then, as it's patented a hardware-based antivirus system designed to fight rootkits.
Spammers Make Situation Iffier For Google Buzz
People who chose not to use Google's newest social experiment, Google Buzz, now have one more reason to congratulate themselves on the decision. That means folks who are giving Google Buzz a try may want to be careful, though, as spammers are also testing the figurative water.
Firefox Add-Ons Caught With Malware
Around 4,600 Firefox users who followed the rules in terms of acquiring add-ons (meaning not getting them from all over the 'Net) may still have picked up some malware. Mozilla admitted today that two add-ons available through the official Add-on for Firefox page came with unwelcome companions.
Google, NSA May Team Up
Fair warning: this isn't yet official, and the original whispers about it didn't come from anyone who's willing to be named. Still, a report's indicated that Google and the National Security Agency are prepared to work together for the sake of online security.
Infineon Chip's Weakness Discovered
The Infineon SLE 66 CL PE chip can be found in a lot of products, including smart cards, the Xbox 360, and normal computers. It's a good chip, too, with lots of security measures in place. But it could perhaps use a few more, as a researcher has figured out how to compromise it.
Twitter Affected By Phishing Scare
Another security scare spread through the Twitter community this morning. Emails sent by Twitter advising members to reset their passwords created a bit of a stir, as account lockouts were occurring simultaneously and people were concerned that the messages had come from phishers.
Spam, Malware Become More Common On Social Networks
Social networks might be transforming from friendly, "where everybody knows your name"-type places into playgrounds for malware authors and spammers. New data from Sophos shows that there has been a significant increase in the number of attacks against social networks' users, at least.
Tor Bounces Back Following Security Breach
The Tor community suffered a slight scare this week as a security breach was announced. Apparently two out of seven directories authorites were compromised earlier this month, along with a metrics server. Fortunately, it looks like Tor remains as safe (or safer) than ever.
Microsoft Hurries Out IE Patch
The time-honored idea of "Patch Tuesday" has gone out the window (no pun intended, promise) in response to an Internet Explorer vulnerability Microsoft's classified as critical. A patch will be issued today, Thursday the 21st, in response to the threat, instead.
17-Year-Old Windows Flaw Found
Here's a little something to make people who are interested in security shudder: a vulnerability's been discovered, and believe it or not, it's present in just about every version of Windows from 1993's Windows NT 3.1 on.
New Version Of Avast Antivirus Software Introduced
A new version of what many people regard as the best free security product available has been released. Avast Free Antivirus Version 5.0 is available, and it comes with more than just a simple upgrade or tweak compared to the previous offering.
Google China Hackers May Have Had Inside Man
Google's original announcement about an attack based in China was almost breathtaking; it was hard to imagine the tech leader, which employs thousands of brilliant people, losing so badly to hackers. But an explanation could be surfacing insofar as a new report's indicated that some Google employees may have helped the hackers.
Heartland Agrees To $60 Million Breach Settlement
The story of the Heartland Payment Systems data breach has come one step closer to reaching a conclusion. As part of a settlement, Heartland's agreed to pay Visa credit card issuers as much as $60 million.
Hackers Further Exploit PDF Vulnerability Ahead Of Patch
Non-fans of the PDF file format now have one more reason to harbor negative feelings towards it. Hackers have found another way to exploit a vulnerability on a rather large scale, and it's supposed to be five more days before Adobe puts a fix in place.
FTC Examines Cloud Computing With Respect To Security
The federal government - or at least the arm of it known as the Federal Trade Commission - may soon weigh in on the benefits and risks associated with cloud computing. The FTC has promised to consider the subject at a meeting to be held later this month.
Hacker Swaps Spanish Prime Minister For Mr. Bean
The character known as Mr. Bean is famous for getting into awkward (and hilarious) situations, and yesterday, he showed up in an unusual place yet again. On a site dedicated to Spain's EU presidency, a photo of Mr. Bean seemed to replace one of Spain's elected leader.
Kingston Recalls Not-Entirely-Secure USB Drives
Three models of Kingston Secure USB drives may not quite be quite as safe as promised. Indeed, Kingston announced today that an unspecified problem will make it necessary for users to send a lot of devices back to the manufacturer for a fix.
Justice Department, Secret Service Mark More Guilty Pleas
The future of Albert Gonzalez hasn't gotten any brighter since we last discussed him. Yesterday, the hacker (who was already on the hook for 19 charges related to computer hacking and credit card fraud) pleaded guilty to even more crimes.
White House Cybersecurity Czar Named
The position of White House Cybersecurity Coordinator has finally been filled. Earlier this week, Howard Schmidt was awarded the job, and initial reactions to his appointment have been quite positive.
Mobile Security Becoming A Hotter Topic
A lot of security-related talk revolves around computers, and rightly so - historically, they've been the most vulnerable electronic device. But as cell phones get more and more advanced, experts are pointing out that it may prove necessary to be careful when using them, too.
Scammers Compromise Google Doodle Search Results
A significant number of the people who expressed interest in yesterday's Google Doodle may now have malware-ridden computers as a result. Clicking on the Doodle led to search results for "L.L. Zamenhof," and apparently a majority of the top 50 results were poisoned sites.
2009's "Most-Hacked Software" Named
It's that time of year again: the time at which all sorts of organizations put together lists naming the best and worst things they've seen over the past 12 months. Below, you'll find out what Forbes and iDefense determined to be very much in the "worst" category, as they got together to name "The Year's Most-Hacked Software."
Bruce Schneier Recommends Security Chill Pill
Knowledge may be power, but it can also represent a path to anxiety and paranoia. Security expert Bruce Schneier highlighted this connection in a recent (and sure to be controversial) article calling upon people to more or less ignore the different security scares that occur on a regular basis.
Germany Goes On The Offensive Against Malware
The German government is supporting an interesting plan to fight malware nationwide. ISPs will, as they've been known to do in other circumstances, look for unusual traffic patterns, and then computer owners who are suspected to be in trouble will be advised to visit a special website or telephone a brand new call center for help.
Google Goes After Impersonator Scammers
As huge corporations go, Google's a pretty cuddly one, but according to the search giant itself, everyone should be careful about offers of employment or wealth that involve its name. "Google Money" scammers represent a growing problem that the company is trying to combat.
Facebook Users Too Quick To Make Friends
It's probably happened to everyone: a person who sounds vaguely familiar, claims to have attended the same high school, or just plain looks nice sends you a friend request on Facebook. Only new stats from Sophos show that perhaps far too many folks accept these requests.
Strategies For Handling A Hack Discussed
Hacks happen; they're sort of a fact of modern life. And while the way in which any given company tries to prevent them is important, so is how it handles the aftermath. So, heading into the holiday/heavy hacking season, a new guide gives both businesses and consumers some ideas about best practices.
Godfather Of Spam Receives 51-Month Sentence
Alan Ralsky, a 64-year-old who's better known in certain circles as the "Godfather of Spam," isn't going to bother anyone again for quite some time. Yesterday, Ralsky was sentenced to 51 months in prison and five years of supervision following his release, and he'll also have to forfeit $250,000.
Beware Of Scams On Black Friday
Black Friday is, according to most retailers and sales-tracking organizations, the busiest shopping day of the year; a whole lot of money changes hands as people begin their holiday gift-gathering. Just be careful, because scammers also become extra-active on this occasion.
Security Problems Found With Firefox Extensions
Firefox users should take a moment to reevaluate which of the extensions they use they can do without. Security consultants have determined that some extensions represent security risks insofar as their vulnerabilities can put entire systems in jeopardy.
Two Arrested Over ZeuS/Zbot Trojan
Computer users all over the world may owe a "thank you" to the Metropolitan Police's e-crimes unit. Officers based there have tracked down and arrested two individuals whom they believe are connected to the ZeuS or Zbot trojan.
Senate Uncovers Online Credit Card Tricks
A report issued by a U.S. Senate committee only uses the word "scam" when quoting different consumers; the report's title employs the phrase "aggressive sales tactics," instead. Still, it looks like a number of big online companies have been caught profiting off people's confusion.
McAfee: Cyberwarfare A Big Threat
It might not be long before we return to the days of schoolchildren diving under their desks in warfare preparedness drills. Only now, instead of hiding from nukes, the kiddos may be unplugging their computers, since McAfee has indicated that a cyberarms race is taking place.
ICSA Labs Finds Flaws In New Security Products
It's sometimes fun to be an early adopter, as the long lines and waitlists for things like iPhones and the new Camaro have proven. But where security products are concerned, do yourself a favor and let other folks go first, since a fresh report indicates that it can take more than a single try to get things right.
GFI Acquires Spam Blocklist SORBS
Control of the Spam and Open Relay Blocking System (SORBS) has officially changed hands. Security specialist GFI confirmed its acquisition of SORBS late yesterday, and also shared an idea or two about what it will do with the entity.
Congress Interested In Having ISPs Block Scam Sites
American lawmakers may soon pass a bill that would attempt to make the Internet a little safer for everyone. A new report indicates that ISPs could be asked to block scam sites and emails (among other things) that invoke the name of the Securities Investor Protection Corporation (SIPC).
Yes, Windows 7 Needs Antivirus Software
More confirmation came yesterday that it is, quite simply, a terrible idea to leave a Windows 7 computer running without antivirus protection. Chester Wisniewski, a Senior Security Advisor at Sophos Canada, found that the operating system is vulnerable to all sorts of stuff.
M86 Security Purchases Finjan
This morning, M86 Security became bigger and better than ever. Or, to be more explicit: M86, which is a company that specializes in Web and messaging security products, acquired Finjan, an organization focused on Web gateway solutions for the enterprise market.
Microsoft Security Report Highlights Worm Problem
The latest Microsoft Security Intelligence Report (dubbed SIRv7) has been released, and while rogue security software was the "single largest threat category for the first half of 2009," the real news relates to worms. Worm infections became very common during the same period.
Nigeria Announces Early Results Of Anti-Scammer Initiative
No one's sure how many there are to go, but according to a Nigerian official, there are about 800 scam email addresses and 18 criminals that can be considered "down." Mrs. Farida Waziri, the chairperson of a government agency, announced that some shutdowns and arrests occurred thanks to an initiative called Project Eagle Claw.
65,000 Time Warner Cable Customers At Risk
Time Warner Cable customers would do well to poke their heads under their desks and see what sort of hardware has been attached to their computers. It seems that individuals who've been stuck with a certain cable modem/Wi-Fi router combo may be at risk.
Hackers Exploit Kanye West Death Hoax
If you happen to hear that Kanye West has died, we'd urge you not to shed any tears. Also, try not to look up the details on unfamiliar sites, as hackers have been exploiting rumors about the rapper's passing in order to spread scareware and make money.
Google Voice's Security/Privacy Verified
Google Voice users (along with everyone who isn't yet a user, but might be once more invites become available) shouldn't worry that all of their voicemails will be made searchable. Google issued a statement last night to answer some security- and privacy-related questions.
Kaspersky CEO Calls For Internet Passports, Police
It might - at least for the sake of a thought exercise - be time to once again decide where you come down on the freedom versus safety debate. The CEO of Kaspersky Lab seems to feel strongly that, for the sake of security, we should do away with online privacy and give all individuals a form of online ID.
Bahama Botnet Cheats Search Companies
Fans of "The Prisoner" - or any number of sci-fi shows - may recognize the tactics of a new botnet. The Bahama Botnet, as it's called, fools the users of infected machines into thinking they're in a familiar environment, but controls elements so that it benefits from individuals' actions.
FBI Shares Info About Record-Setting Phishing Case
Synchronicity strikes again. Yesterday, just as the hubbub over the Hotmail- and phishing-related password dump started to subside, the FBI announced that 100 people have been targeted by law enforcement as part of a global investigation it calls Operation Phish Phry.
Department Of Defense Sort Of Embraces Cloud Computing
For security experts and cloud computing proponents, there's good and bad news this week. The good is that cloud computing can apparently be safe enough to meet the military's standards. The bad is that the cloud computing options available to civilians don't seem to measure up.
Email Password Leak Swells To Involve All Major Providers
Yesterday, when reports indicated that the passwords to certain Hotmail accounts had been published, we tried to play it safe by suggesting that all Hotmail users change their passwords. Now, we're just going to recommend that everybody revisit those settings, as it seems that the passwords to Gmail, Yahoo, and AOL accounts have also been leaked.
10,000 Hotmail Account Passwords Published Online
People with Hotmail accounts - and particularly people with Hotmail accounts beginning with the letter "a" or "b" - should change their passwords as soon as possible. A list containing about 10,000 account names and passwords has been published online.
MessageLabs Names Most- (And Least-) Spammed States
When considering where to live, it's wise to look up stats about an area's climate, the cost of living, and its proximity to other important stuff in your life. Symantec's MessageLabs recently supplied some information about your odds of getting spammed, too.
Twitter Phishing Scam Underway
Twitter users whose online acquaintances claim to be rolling on the floor with laughter should probably just leave well enough alone. A Twitter phishing scam featuring the acronym ROFL is spreading via direct messages at a rapid pace.
Demon Internet Spills Customers' Details
The people at ISP Demon Internet are almost certainly wishing their employer had a different name today. A data mishap has made it way too easy for about 3,700 customers - plus a lot of privacy advocates and random onlookers - to describe the company as devilish.
Chinese Hackers Target Foreign Media
Under normal circumstances, the media isn't really supposed to involve itself in a story. Reporters don't join protests in Washington; embedded journalists don't shoot insurgents in Iraq. Some news organizations with branches in China aren't being given much of a choice, however, as they're the targets of fresh cyberattacks.
Microsoft: Free Security Software Due Within Weeks
No matter how much skill and expertise other companies have demonstrated, sometimes it's just nice to know that a corporate behemoth is backing up a product. And people who feel that way about security software are about to get a treat, as Microsoft Security Essentials should be released soon.
Gonzalez Pleads Guilty To 19 Charges
Today, as was expected, Albert Gonzalez pleaded guilty to 19 charges related to computer hacking and credit card fraud. Gonzalez was a key player in what prosecutors called the largest instance of identity theft in U.S. history.
Enormous Malware Archive Creates Stir
A Dutch company known as the Frame4 Group has created what's almost the computing equivalent of a Center for Disease Control lab. The Malware Distribution Project is, according to its own site, the "world's biggest private malware archive."
Avsim Hacker (Maybe) Brought Before Cops
Perhaps people who like to spend their spare time in the cockpits of imaginary F-16s should be left alone. The man in charge of a flight simulator site that was attacked claims to have identified the hacker and forwarded information to the authorities.
Email Password Hackers Present Real Threat
The next time you have something really important to tell someone, consider whether a drive over to his or her house wouldn't be a nice way of spending a few minutes. One reporter has found that it's quite easy (and perhaps all too common) for people to buy email accounts' passwords from hackers.
Laptops, CDs Alarm Governors, Credit Unions
Today's lesson - that stuff in the physical world can pose a security threat - is a simple one. It seems to be an important one, too, as governors and credit unions are receiving unsolicited and suspicious laptops and CDs.
Conficker Remains On The Threat Radar
The Conficker worm didn't bring about a virtual apocalypse on April 1st, and for that, the security community was thankful. Yet at the same time, Conficker didn't commit hara-kiri or disappear, and it's continued to spread and pose a threat to this day.
Report Warns Of Oil Rig Hacking
If North Korean scientists, nerdy members of the Earth Liberation Front, or some other forces decide to disrupt the oil supply, they might need little more than a computer to pull off the stunt. A Norwegian research group has indicated that offshore oil rigs are becoming increasingly vulnerable to hacking.
McAfee Highlights Danger Of Celebrity-Related Searches
People who insist on following the lives of celebrities (and particularly, attractive female ones) should be careful. McAfee's compiled a list of the most dangerous celebs to search for, and the report, which includes a lot of familiar names, also outlines some scary threats.
Three Of Four Charges Dismissed In Terry Childs Case
Terry Childs, the San Francisco network administrator who kept some rather important passwords to himself last summer, is now facing a considerably shorter list of accusations. A judge has dismissed three of the four charges that were brought against him.
U.N. Lets Site Stay Vulnerable For Two Years (And Counting)
Regardless of his (or her) politics, the average security professional should probably have a pretty low opinion of the United Nations. There's word that a vulnerability hackers exploited about two years ago remains unfixed on the U.N.'s site.
China Backs Off Green Dam, Lessening Botnet Threat
The Chinese government has made a concession that should help the security community breathe a little easier. Essentially, it's backed off a plan to install the Green Dam software filter on every new computer in the country.
WordPress Password Problem Crops Up
People who use version 2.8.3 of the WordPress blogging software may want to download an update posthaste. A vulnerability's been discovered that, while it won't let other folks take over accounts, will allow troublemakers to lock out administrators.
Email Marketers Attacked By Hackers
Hackers hit a prominent email marketing company this weekend, and now some details have been released for public consumption. It seems that some Campaign Monitor accounts were compromised, and many advertising campaigns may now face a bit of an uphill climb.
Government May Step Up Protection Of Consumer Data
In theory, the data that consumers give to advertisers isn't a security issue. In practice, however, consumers don't always know that they're giving away the info, and other parties often try to intercept it. So it may interest you to know that an important figure at the FTC is interested in altering the traditional online exchange.
McKinnon's Appeals Rejected Again
Gary McKinnon is running out of options. It's now looking much more likely that admitted hacker will be extradited to the U.S., as two formal requests that might have led to trials in the U.K. have been rejected by the High Court.
Famous Security Experts' Sites Hacked
Here's a discouraging piece of news for anyone who's put security professionals Dan Kaminsky and Kevin Mitnick on a pedestal: both men's sites were hacked in apparent coordination with the start of the Black Hat security conference.
Spam Levels Top Pre-McColo Highs
Well, here's hoping that you enjoyed the respite. Although the takedown of McColo had a definite effect on spam levels, they've rocketed back up, and McAfee has asserted that spam and botnet problems are now at an all-time high.
Spammers Branch Out With Translation Techniques
The concept of universal communication might not be such a fantastic, utopian thing after all. It seems that spammers are using automated translation services to their advantage, hitting more people with less effort than ever.
Budget Cuts Spell Bad News For Security
In most conflicts, the winning side is the one that's better-funded. Medieval knights in pricey armor could mop up any number of peasants, for example, and America's modern bombers were able to take out most of Saddam's planes before they even got off the ground. Unfortunately, then, it makes sense that budget cuts are hurting security professionals.
Australian Police To Go Wardriving
Some Australians who haven't secured their wireless networks may soon be getting a (relatively friendly) visit from the police. It seems that a few officers intend to do a little wardriving in order to find unsecured networks and warn the owners of possible problems.
One-Third Of Survey-Takers Respond To Spam Emails
Here's a statistic that'll send shivers down the spine of anyone responsible for keeping more than a single personal computer safe: according to the Messaging Anti-Abuse Working Group, about one-third of individuals admit to responding to spam emails.
Twitter (And Its Employees) Hit Hard In Security Breach
To be clear: Twitter users aren't facing any sort of threat (or at least no new threat related to this fresh development). But a hacker has been able to get hold of all sorts of Twitter's confidential corporate info, and said info now seems very likely to make its way into public sight.
U.S. And S. Korea Attacks: "Source Located In United Kingdom"
When the U.S. and South Korea became victims of cyber attacks last week, logic and not a little evidence pointed to North Korea as the culprit. However, a new report traces the attacks to the U.K., instead.
Gmail Unveils eBay/PayPal Authentication Icon
The Gmail Spam Czar (yes, that appears to be his official, printed-on-a-business-card title) is doing his best to make sure you never again see another email falsely claiming to be from eBay or PayPal. And in this fight, he's introduced a new authentication icon.
Chinese Official Says Green Dam Still Looms
It looks like Chinese computer buyers - and perhaps the security sector and people all over the world - aren't safe from Green Dam, after all. Although it looked like the Chinese government was going to give up on the censorship software, officials have now said they're just delaying, not canceling, its release.
Google Weighs In On Q2 Spam Trends
Google's trying to keep its users safe from spam, but the fight isn't an easy one. Amanda Kleha of the company's message security and archiving team supplied some stats regarding spam today, and the situation definitely looks hairy enough to keep filters on their figurative toes.
Report: Financial And Social Media Scams Taking Off
MarkMonitor's latest Brandjacking Index has been released, and if you hadn't already guessed, scammers are trying to take full advantage of the financial crisis with related subjects lines and the like. A less predictable discovery was that they're attacking through social networks on a regular basis, too.
MessageLabs Gives Botnet Rundown
According to a new report from MessageLabs, you can probably blame botnets for about eight out of every ten pieces of spam you receive. And if you'd like to get more specific, MessageLabs went on to identify and describe some of the most powerful botnets around.
Morro Set For Tuesday Release
Microsoft's free security software is almost here (in beta form, anyway). Microsoft intends to make Morro available as a download next week on Tuesday the 23rd, and you'll want to act fairly quickly in order to get a copy.
Finjan Finds Infected PCs Selling For Half A Cent
Most people know that powerful computer criminals don't all have setups similar to those of James Bond villains; a lot of damage can be done with just a little bit of outdated equipment. But a new report from Finjan drives home how very accessible botnets have become.
AMA Adopts New Security Guidelines
The American Medical Association has taken a step that should make everyone breathe a little easier in the event of a security breach affecting their medical records. Four new guiding principles have been established and passed on to physicians.
Experts, Google Discuss More Secure Gmail
Earlier today, 38 security experts sent an open letter to Google concerning the security and privacy afforded by Gmail, Google Docs, and Google Calendar. The search giant responded soon after with a blog post, and it appears to represent almost exactly what the experts wanted to hear.
Name Of Spam King Sent To U.S. Attorney
One of the security community's least favorite people may be in serious trouble. Sanford Wallace's head-in-the-sand style of defense appears to have failed him as a federal judge has suggested that the U.S. Attorney's office investigate the self-proclaimed "spam king."
DOD Prohibits Removable Storage Devices To Stop Worm
"Lockdown" must be the Department of Defense's middle name. As a worm seems to be making its way through the military's computers, the DOD has responded by banning flash drives, CDs, and just about everything else that can store data and be moved from one machine to another.
Microsoft Announces Free PC Security Product
If you heard a deafening swallowing sound sometime in the past day or so, we can explain its origin. The corporate makers of security software must have collectively gulped when Microsoft announced its plans to offer a free consumer security product.
Google Unveils Calculators To Promote Security Products
The economy's nasty condition is making people rethink all sorts of things: whether trucks and SUVs are cooler than clown cars, whether steak is that much better than ramen, and so on. Google wants to help when it comes time to decide whether to embrace its security offerings.
McColo Takedown = Street Justice?
When McColo was stopped in its tracks last week, most of the online world cheered. The rhyme and reason behind the development mattered little in light of seeing less spam. Only now, there's at least some question of whether or not things went through the right channels.
Safari Update May Add Equal Measures Security, Instability
It seems that the newest version of Safari is operating under the motto "better safe or sorry." The Safari 3.2 update is supposed to have fixed several vulnerabilities, but at the same time, users are reporting frequent crashes.
Microsoft Fixes Flaw After Seven Years
If you've ever forgotten an appointment, anniversary, or birthday, you know that being late by even a little bit can be terribly awkward. It almost seems worth it to get an arm or leg set in plaster just so you have a proper excuse. Now Microsoft's trotted out its version of a cast story to explain a seven-year patch delay.
Skype Scrambles After Breach And Censorship Revelations
American companies operating in China have what might be considered a tradition of getting in trouble over privacy and censorship, and Skype, the Internet communications company, is the latest to encounter hot water. Its president has done his best to explain the situation.
Defense Companies Hit By Malicious Code
Some security stories relate to fairly harmless issues, but this one might go well beyond "whoops." It seems that LIGNex1 and Hyundai Heavy Industries, two Korean companies that construct things for the military, have had malicious code planted within their computer systems.
After Airport Stop, Kevin Mitnick Shares Travel Tips
The next time you have to take off your shoes and belt at an airport, keep in mind that things could be much worse. You might get detained and questioned for four hours, for example, which is something hacker-turned-security-consultant Kevin Mitnick recently experienced on a return trip from Colombia.
Cisco Releases Trio Of Advisories
Cisco released three security advisories yesterday, and some onlookers are taking the move as a sign that the company is a little on edge. It seems the patches fall outside Cisco's normal release schedule, and also come right before an important rootkit presentation.
Bhutto's Death Turned Into Malware Bait
Virus authors often try to capitalize on current events, and the assassination of Benazir Bhutto has proven to be a popular target; just hours after the former Prime Minister of Pakistan was killed, malware distributors spread files claiming to show her death.
(Another) Update For Yahoo Messenger
Last week, a Yahoo Messenger security update was issued; this update fixed a pretty serious flaw. Now Yahoo's at it again, and it's the same piece of software that's in trouble.
State's Data Stolen In Ohio
Another data theft has occurred, and this one affects over 100,000 Ohioans. It's no clever hacker who was behind the breach, however - someone stole a device containing names and social security numbers out of an intern's car.
NATO Takes A Look At Cyber Security
A man with the last name of "Gates" has advised NATO countries to brace themselves for cyber attacks, but it wasn't Bill, Microsoft's CEO. Instead, it was Robert, America's Defense Secretary.
FBI, DOJ Reveal Operation Bot Roast
Operation Bot Roast has been a success - sort of. Information provided by the FBI and the Department of Justice revealed that "investigations have identified over 1 million victim computer IP addresses," but it seems that only a small number of arrests have come as a result.
Captchas Go To The Dogs, Cats
Those strings of distorted letters and numbers are supposed to make things hard on spammers - not innocent users. But as spammers have gotten smarter, those captchas have gotten harder to read, and many companies are looking for a new type of defense. Pictures of Fluffy and Fido may provide exactly that.
Yahoo Posts Quick Fix For Messenger Bug
As always, it would have been best if the vulnerability hadn't existed in the first place. That said, you may have to give Yahoo credit for its quick response - after two sample attacks were posted online, the company patched up its messenger service within about 24 hours.
Microsoft To Send Out Six On Patch Tuesday
This next Patch Tuesday will be a big one - Microsoft plans to release six new fixes, four of which will address critical vulnerabilities. Five of the six patches relate to issues of remote code execution.
Security Industry Experiences Feeding Frenzy
Security companies seeking to be bought out will probably have their wish granted, according to one recent article.
Kaspersky Top Twenty Back To Normal
Kaspersky Lab has released its latest Online Scanner Top Twenty, and the report indicates that, in comparison to last month, "the malware landscape has returned to a more normal state of affairs."
UK Spammer's Appeal Rejected
Peter Francis-Macrae has been described as "the UK's worst spammer." It seems likely that he will lose that title at some point in the next few years, though - Francis-Macrae's appeal was dismissed in court this week, and he now faces a six-year prison sentence.
Microsoft Forefront Security Beta Steps Up
Yesterday morning, Microsoft launched a public beta called Forefront Security for Sharepoint. According to a press release, this product will provide "protection against the latest threats," "integration to help optimize server performance," and "simplified management control."
Security Consultant Finds Flaws – Without Permission
A self-declared security consultant recently went to unusual (and perhaps illegal) lengths to gain a new customer. Gerasimos Macridis, a New Zealander, examined the security measures of the nation's Reserve Bank - without its permission - and then asked for payment when he reported his findings.
Microsoft Rushes To Get IE Patch Ready
Microsoft is prepared to break with tradition in order to patch the latest flaw in Internet Explorer. That's right - the company will release the patch before Patch Tuesday - assuming it can get a patch ready in time.
New Internet Security Threat Report From Symantec
Symantec has released another Internet Security Threat Report, and the news isn't good. Attacks and vulnerabilities are up almost across the board, with one notable exception - the number of vulnerabilities discovered in the Opera Web Browser is down.
Ou And Oli On The Wisdom Of Using Antivirus Software
George Ou has an interesting stand on antivirus software: he thinks the stuff is worthless. This morning, Ou made something of a supporting argument with a blog entry titled "Proof that Antivirus software makes your PC crawl."
More Government Computers Disappear
This is probably going to sound terribly familiar, but here it is: hundreds of government computers have gone missing.
Symantec, Adobe Object To Microsoft's Plans
Symantec and Adobe have made what one source called their first "official complaints" about Microsoft's plans to provide its own security for Vista. Adobe reportedly "told the European Commission that Microsoft should be barred from building into Vista competing software for reading and creating electronic documents."
Dell, Symantec Take On “Out-of-Control Email”
Dell and Symantec have teamed up to deliver the "first validated blueprint for simplified email security [and] management."
Visa, Chamber of Commerce Identify Vulnerabilites
A recent report from Visa - available on the U.S. Chamber of Commerce's website - identified the "top five data security vulnerabilities leading to compromises." In addition to giving a brief description of each threat, the report weighed "risk impact," and offered "risk mitigation strategies."
The Bigger Threat: Surfing Or Spam?
E-mail attachments may not be that dangerous, at least in comparison to surfing the Web, according to a recent study conducted in Denmark. IDC Denmark found that company networks were more likely to be infected by malicious software through surfing, not spam.
Cybercrime Grows Up
According to Christopher Painter, cybercrime is no longer the result of a few teenagers with some time on their hands. It is becoming the domain of serious criminals, and they often belong to organized syndicates.
Microsoft Beats Spammer In Court, Onlookers Still Unhappy
Microsoft won a court case against a British spammer this week, and was awarded what may be a record-setting amount of money. Nonetheless, some experts believe that "the case highlights a failure in the British legal system to tackle spam."
Microsoft Attempts To Keep Vista Security Intact In EU
Another development has occurred in Microsoft's ongoing European legal battle.
Security Scrutinized In The Phone Industry
Due to several recent security issues, phone companies are coming under the magnifying glass. In particular, the issue of "pretexting" - "a scam where unauthorized individuals pretend to be someone they're not to obtain personal information" - has gotten a lot of attention.
Lawsuit Against Zango Dismissed; Gloating Ensues
Zango is an adware firm; there is some evidence that the company's products tend more towards the "spyware" side of things. A class-action lawsuit against the entity (and on that subject) was dismissed yesterday. Zango issued a press release about it, and handled the matter in a not-exactly-polite way.
Trojan Horse Discovered On Samsung Site
People generally expect to enjoy a degree of safety when they visit the website of a major corporation. There's an implicit guarantee that these brand names won't have any malware on their pages. That trust may have been broken, though, with the recent revelation that the Samsung site is home to a Trojan horse.
London Leads In CNP Fraud
London sounds like a great place -home to Buckingham Palace, the National Gallery, and the All England Lawn Tennis and Croquet Club, it is often simply referred to as "the City." London recently earned a title that is somewhat less admirable, though - Early Warning designated it the UK's "no. 1 credit card fraud hotspot."
Spammer's Appeal Is Junked
The first person in the U.S. to face an actual prison sentence for spamming may, in fact, begin serving that prison sentence in the near future. Jeremy Jaynes, who was first convicted in 2004, lost his petition before the Virginia Court of Appeals.
Microsoft's BrowserShield Shows Promise
Microsoft wants to "save people," and a research project called BrowserShield is designed to do just that. Helen Wang and John Dunagan are in charge of the project, which offers "vulnerability-driven filtering of network data."
Kaspersky Online Scanner Is "Most Unusual"
The latest online scanner Top Twenty from Kaspersky Lab showed several surprising trends - Alexander Kostev described it as "the most unusual we have seen since we started keeping records." Thirteen of the entries were brand new to the list.
eBay Auction Turns Into Highway Robbery
Meeting a seller face-to-face is a great way to avoid shipping charges on an online purchase. Cash payments can also preempt online arrangements - sellers would rather have your money, now, than someone else's money at some point in the future. Of course, some sellers prefer to take your money and keep the goods, which is what one British man discovered.
eBay Faces Accusation Over Data Retention
Privacy International (PI) has accused eBay of employing unfair "data retention practices."
DRM Removal Tool Made Available
Someone has figured out how to "remove Microsoft's DRM from individualized media files," and the tool that does it has been made available on a public forum. Called FairUse4WM, "this program is ONLY designed and intended to enable fair-use rights to PURCHASED media," but there is a considerable potential for abuse.
Contact Info Sent Out In Verizon Slipup
The contact information of about 5,000 Verizon Wireless customers was recently leaked. Except that "leaked" is too passive a word - the data was actually e-mailed to roughly 1,800 individuals. This appears to have been a mistake, however, and not the result of a malicious act.
Symantec, Microsoft Prepare For War
Symantec and Microsoft are gearing up for a major court battle. Unfortunately, we're not going to be privy to most of the details - they won't become a part of the public record. Tracing the number of suits and countersuits between the two companies creates an interesting picture of their dispute, however.
Student Loans Given, Personal Data Lost
College students generally need all the financial help they can get. As such, some of them apply for federal aid. Unfortunately, a federal site exposed the personal information of many borrowers, which, if exploited, could greatly increase their troubles. No one has reported any incidents of identity theft yet, however.
U.K. Spammer Sentenced
A U.K. teen was sentenced to a two-month curfew after pleading guilty to sending about five million spam e-mails.
Mitnick Sites Hit By Hackers
Kevin Mitnick, the well-known hacker-turned-security-consultant, was hit by an instance of cybercrime over the weekend when his own sites were defaced. Vandals (based in Pakistan, according to several sources) left a message that proclaimed "ZMOG!! THE MITNICK GOTZ OWNED!!" along with a few things that seem better left unrepeated.
Public Internet Use Fraught With Danger?
Be careful about using the Internet in public places - that's the main point of a new article outlining the potential dangers of this common practice. Whether a person is taking advantage of a wireless connection on their own computer, or sitting at a terminal owned by a library or hotel, there are a number of risks of which they should be aware.
Cleversafe Offers Storage Solution
Chris Gladwin's last venture allowed a lot of people to get a lot of music - he was the founder, president, and CEO of MusicNow. After selling MusicNow to Circuit City, Gladwin created a system that helped him protect his music and other data files. That system, called Cleversafe, is widely available.
Vista's Implications For Open Source
Bill Thompson, a respected technology commentator, voiced some of his thoughts about Vista's security measures earlier today. He believes this Microsoft product could be something very important - "the point at which the ongoing argument between two very different models of how software should be developed and maintained is finally resolved."
Vista Beta Gets Patched
Microsoft hasn't even released Vista yet, but it's already patching it. "Fixes" have been issued for the beta version, anyway. Depending on one's point of view, that could be a good thing or a bad sign - great customer service, or a really shaky start for the operating system.
MacBook Hack May Be Irrelevant
At the Black Hat conference, researchers took over a MacBook by exploiting a flaw in the machine's wireless software driver. Apple fans everywhere gasped in horror. Now, Apple has stepped forward to say, in essence, "it's not our problem." And it looks like the company is right.
An Effort To Eradicate Card-Not-Present Fraud
APACS, a banking industry entity, wants to solve card-not-present fraud. The UK payments association is in the early stages of planning a solution - it still hasn't settled on one (or more than one) approach - but an effort is underway. Gridsure, a personal authentication system, is one product up for consideration.
Software Providers Annoy Bug Hunters
Bug hunters appear to be reconsidering the informal pact they've struck with software companies. Most of these unpaid researchers have been willing to quietly inform the manufacturers of any problems they discover. Now, some of them may be getting frustrated with the lack of response that can follow.
Microsoft Patch For IE Causes Crashes
Microsoft may have created a cure that's worse than the disease. A security update for Internet Explorer is said to make the browser crash under certain conditions.
The “Consumer Guide For Online Security”
Robert Tyack wants to help you shop online safely, and as the owner of MyTimeShopping.com, he's in a position to know the topic well. Tyack compiled a list of "five ways Web consumers can keep their personal information secure while shopping freely on the Internet."
Banking Details Sold In Nigeria
Nigeria is not a pleasant place in the minds of security-conscious computer owners (as the country relates to that particular issue, anyway). First it acted as home to many phishing attempts and spam e-mails. Now information about thousands of British bank accounts is being sold in that nation.
Police Policy On Encryption Creates Controversy
British police may soon be able to demand that suspects decrypt protected information on their computers.
OpenOffice May Have Six Flaws
A report from the French Ministry of Defense claimed to identify six security flaws in OpenOffice.org software. ZDNet covered this news; now "The OpenOffice.org Team" has posted a slightly snippy statement in reply.
Forno On Failing Security
In the opinion of one security consultant, Internet security is a serious problem. Perhaps even more troubling, he argues, is the way in which the situation is deteriorating. This trend is driven by a large number of factors.
U.S. Agrees To Int'l Cybercrime Treaty
The United States Senate approved the Council of Europe's Convention on Cybercrime on Thursday. "This treaty provides important tools in the battles against terrorism, attacks on computer networks and the sexual exploitation of children over the Internet, by strengthening U.S. cooperation with foreign countries in obtaining electronic evidence," according to a statement from Attorney General Alberto Gonzales.
Experts Give Warnings About JavaScript, AJAX
"Beware Web worms and viruses" - that's the message from several different security researchers at the Black Hat conference. The use of JavaScript and AJAX technology to create these was one of the main focuses. Apparently this threat is of the "here and now" variety.
Symantec Hobbles Church Of England
Symantec stepped on some holy toes recently when Norton Antivirus "incorrectly identified part of Visual Liturgy," a program used by the Church of England, "as a piece of malware." Users were advised to delete a particular file, and this action effectively killed the software. Whoops.
E-Passports Susceptible To Cloning
The new e-passports, which contain RFID chips, were said to be "brilliant" and "ingenious." (Admittedly, I'm paraphrasing.) Most importantly, e-passports were said to be secure. Now, before they've even been properly distributed, they've been cloned.
Vista Gets Dropped Into A Black Hat
In the "what doesn't kill you makes you stronger" department, Microsoft has taken Vista to the Black Hat security conference. About 3,000 people will get the opportunity to take a shot at Microsoft's oft-delayed baby. The lessons from this could really improve the product - assuming it survives, of course.
Spammers Embrace Classic Literature
I've seen spam messages with dangerous attachments, spam that tried to sell Viagra, and spam that tried to convince me to send money to Nigeria. Now I've received spam that seems to exist for the sole purpose of spreading random quotes from classic pieces of literature. Apparently this is a growing phenomenon.
An Online Security Fix For Banks: A Credit Card
U.S. banks have to meet federal guidelines regarding online security, and they have to do it by December 31, 2006. A number of banks seem wholly unprepared. Innovative Card Technologies believes its product - a password-generating chip inside a credit card - is the solution.
McAfee SecurityCenter Update Fixes Flaw
McAfee has released SecurityCenter 7.0, which should fix a vulnerability found in some previous version of its SecurityCenter software. "This attack requires the end user to perform certain actions in order to be exploited," according to the security company.
McAfee Releases New Line Of Protection Suites
McAfee released five new security products today, with four of them each offering a different level of protection. This could be a brilliant move, if people feel the need to "max out" and buy the most expensive suite. It might be less successful if everyone tries to skimp. The fifth product is an application for wireless security.
When JavaScript Goes Bad
Researchers at SPI Dynamics and WhiteHat Security have discovered a new way in which JavaScript can act as malware. This method of attack can bypass firewalls and other security measures, and affects just about everything connected to target computers, from servers to devices.
Yahoo Finance Defaced
Yahoo Finance upgraded its site a couple of weeks ago. Apparently the makeover didn't go over so well with some people - Yahoo Finance was defaced over the weekend, according to a report from Zone-H.
Homeland Security Unprepared For Cyberattack?
Senator Tom Coburn heavily criticized the U.S. Department of Homeland Security today, citing large amounts of money spent and little progress to show for it. The Republican from Oklahoma pushed for changes in the organization.
Security Issues Are Users' Fault?
David Chisnall thinks the biggest problem with computer security is you. Maybe not you, specifically, but users in general are often the "weakest link," as Chisnall pointed out in an article titled "Security Is a UI Problem."
Junk E-Mail Reaches Astronomic Levels
Everyone knows that there is a lot of less-than-great e-mail out there. An article released today indicates levels that are shockingly high, though - "95% of e-mail is junk," it proclaims, and most of that isn't from any certain businesses or organizations. "80% of e-mail came from compromised hosts."
Mozilla Releases Important Firefox Update
Mozilla has released Firefox 1.5.0.5. This version is a "security update" that patches not one, not two, but twelve security issues. "We recommend that all users upgrade to this latest version," Mozilla said in a decidedly understated fashion.
Trojan Invades Through Firefox
McAfee has reported that a new Trojan horse is loose, and this one "is installed as a Mozilla/Firefox component extension." Named "FormSpy," it should only pose a low risk to both corporate and home users.
Symantec, Yahoo Partner Up
Symantec and Yahoo have announced that they are joining forces "to protect consumers online." The partnership isn't an entirely charitable move, however - "Norton Internet Security provided by Yahoo" will cost $49.99 per year. And that's only the "special promotional annual fee."
Microsoft Patch Missed The Target?
The existence of a Windows vulnerability (and/or malware that targets it) is announced. Microsoft offers a patch, which everyone downloads, and everything is fine again for a while. That's how it usually goes, anyway. But Microsoft may not have completely secured one recent vulnerability.
Mac Malware: Here It Comes?
There's a commonly held belief that Macs are safe from viruses, if only because no one bothers to attack Apple's products. New information from the Kaspersky Lab indicates that this "safe" status may be endangered, though.
Microsoft Keeps Security Conference Attendees Mum
Microsoft is making a lot of security experts uncomfortable. The company has requested that attendees of the Microsoft Security Response and Safety Summit sign nondisclosure agreements.
PowerPoint Attack May Have Been Espionage
Somebody's been causing Microsoft a headache with a zero-day attack against PowerPoint. That's not terribly remarkable - Microsoft products are often targeted by cybercriminals. But researchers at Symantec believe this attack could be an example of industrial espionage.
Scam E-Mail Impersonates SpysoftCentral
If you want to keep your computer safe, be careful about accepting random offers of protection against spyware, even if they appear to be from legitimate corporations. This lesson (which many people have already learned) came out of one of the latest e-mail scams.
PayPal Flaw Gets Accidental Two-Year Reprieve?
A recent development has shaken many users' confidence in PayPal. It seems a security flaw that was "discovered" last month was actually nothing new at all; the same vulnerability was supposedly first identified about two years earlier.
Another MySpace-Related Security Problem
A new security issue has arisen with MySpace, the popular social networking site. This spyware is the latest in a string of MySpace-related problems. There's good news, though - if run Windows, and if you've bothered to update it since January, you should be safe from this threat.
SQL Injection Attacks Rise Dramatically
SecureWorks has released a report detailing the large rise in SQL Injection attacks.
A Dangerous Development In Rootkit Evolution
Like so many security threats, rootkits are getting more dangerous. But now this breed of malware has taken a big leap forward.
Yahoo Mail Popular With Fraudsters
Early Warning, a British company that specializes in "preventing CNP card fraud," has compiled a "list of top ten email addresses used by online card fraudsters." Bad news for people hoping to tighten up their spam filter - they're all services that are pretty common. Gmail managed to stay off the list, but Yahoo, Hotmail, AOL, and MSN are all present.
Symantec Finds Fault With Vista
Did you expect Microsoft to stick to the latest Vista launch date? Don't hold your breath. The security firm Symantec says it has discovered a number of bugs and flaws in the operating system's networking technology. Microsoft's response was decidedly waspish.
McAfee Points Finger At Open-Source Techniques
Open-source software is often thought of in rather soft and cuddly terms. After all, it's free, and usually works to everyone's benefit (or at least tries to). But now, researchers at McAfee have made public their belief that hackers are using open-source tools to their own advantage.
New Microsoft Tool Fights Spamming
Microsoft wants to end the problem of search engine spamming, and company researchers have created a tool to do it. Called the Strider Search Defender, its less slick subtitle (which also describes how it works) is "Automatic and Systematic Discovery of Search Spammers through Non-Content Analysis."
Vulnerabilities On The Auction Block
If you happened to discover a security vulnerability, what would you do with that information? Perhaps nothing, and just continue to sit on your rear. Maybe you'd tell the affected company about it and hope for good karma. And apparently there's another (not necessarily malicious) possibility - you might try to sell the vulnerability.
Microsoft Hands Vista Over To Hackers
Microsoft has announced plans to attend the Hack in the Box Security Conference 2006, an Asian hackers' conference. What's more, the company intends to bring along Vista. This isn't as strange as it sounds - an increasing number of businesses like to solicit the opinions of security communities (even shady ones) on their new products.
Microsoft Employees Offer Protection From Google Results
Some of the sites Google indexes will automatically redirect you to executable files. This can be convenient, if you're trying to download something like Firefox, as Claudiu Spulber was. But it might not be such a good thing if some sort of malware is on the other end of that link.
Citibank, OCBC Bank Affected By Phishing
A recent phishing scam targeting Citibank and OCBC Bank customers went a step beyond most by spoofing two-factor identification. E-mails asked the individuals to supply their user name, password, and a token-generated key.
Laptops Lag In Data Security
How many laptops containing "sensitive person data" have been stolen in the past few months...
Hacker's Extradition Moves Forward
Gary McKinnon, the British hacker who was charged with breaking into a number of U.S. military systems, is one step closer to being extradited to the U.S. Britain's Interior Minister John Reid approved the transfer, although McKinnon has said he will challenge the decision.
Microsoft: You Say “Security Threat,” I Say “Feature”
It turns out that something Microsoft considers a "legitimate feature" of Windows XP and Internet Explorer is also something of a security risk. By entering an address into the Web browser, users could inadvertently (or intentionally, as Microsoft argues) open an executable file.
Spam Shifts To IM, Blogs
Cybercriminals are diversifying, according to a new report from MessageLabs. Their data indicates that threats are being transmitted through less-common methods such as "mobile text messaging, Web-based instant messaging, weblogs and social networking communities such as MySpace.com."
ISPs Fear Zombies
A report from StreamShield Networks revealed that the greatest concern for ISPs in the UK is the "potential disruption to service that spam zombie machines can cause." Chainsaw sales have risen sharply accordingly. (Okay, not really.)
Sheriff's Department Combats Open Wi-Fi
If you are in control of an open Wi-Fi access point (and if you live in Douglas County, Colorado), the police may come a-knocking at your door in the near future. It won't necessarily be a bad thing, though - they'll just advise you to lock the access point down.
Spain Tries To End Piracy, File-Sharing
The Spanish government is attempting to end piracy with two drastic new laws. The first measure will ban peer-to-peer file-sharing; the second introduces a tax on all blank media, including memory chips, CDs, and DVDs.
Unsecured Wi-Fi: A Cause For Concern?
Researchers at the University of Indiana found that almost half of the Wi-Fi access points in Indianapolis don't run encryption. This seems like a major oversight. But security expert Bruce Schneier thinks it doesn't particularly matter.
Phishing Fears
If Rachna Dhamija is right, the problem of phishing is a dangerous one. What's more, Dhamija believes it may become worse, and that the current approach to solving it won't do. Dhamija is a co-author of the paper "Why Phishing Works," and the creator of Dynamic Security Skins.
Verimatrix Secures Russian IPTV
Verimatrix released a statement on Monday that it will secure Russian Internet Protocol Television (IPTV) deployment. The Verimatrix Content Authority System (VCAS) will serve "the first ever interactive television service for the Siberian region of Russia."
Patrolling The Mean Cyber-Streets: Norton Confidential
Symantec has introduced a product that sounds more like a bad cop show than a security solution. Behold: Norton Confidential. The press release describes it as "a comprehensive online transaction security solution that will allow consumers to transact on the Internet with confidence that their personal information will remain safe."
Anti-Virus Market Going Strong – For Now
If you're looking to make some money, the anti-virus market is a good place to be. Global anti-virus software revenues reached $4 billion in 2005, which constitutes a 13.6 percent over 2004 sales. Continued growth is expected in the short term.
Schmidt On Cybercrime
Howard Schmidt believes that cybercrimes are taking place with increasing frequency, and in ways that are increasingly complex. Schmidt, who was a cyber-security adviser to the Bush administration, the former chief information security officer at Microsoft and eBay, and now works for R&H Security Consulting, spoke at an SD forum seminar.
Hacker Named In Torrentspy Suit
Some time ago, Valence Media, parent company to Torrentspy, filed a lawsuit alleging that the MPAA had hired a hacker to steal data. Now that previously anonymous hacker has been identified.
Ohio University Security Fails
Ohio University has an annual surplus to the tune of $1.4 million (on average), according to a report from Moran Technology Consulting. The company blames the school for not spending some of this on data security. To say OU has had security problems would be a gross understatement.
Authentication To Save The Internet?
"I think security is only going to get worse and every proposed product is doomed to failure," Roger A. Grimes wrote earlier today. "I predict that within a few days the Internet will collapse and online communication as we know it will cease to exist and the Internet will have to be rebuilt from the ashes over the next six months."
Duo Hack Laptop Through Wi-Fi Driver
In a presentation at the impending Black Hat USA 2006 conference, two security researchers will demonstrate how they managed to take over a laptop computer by exploiting poorly written code in the wireless device driver.
Hacker Cites Government Cover-up, UFOs
A British hacker who broke into the computer systems of the U.S. military claimed he did it in order to research UFOs. That's not some tech-related acronym that you haven't encountered; Gary McKinnon says he was researching unidentified flying objects of extraterrestrial origin.
Google Promotes Consumer Privacy
Google wants to protect your privacy. That's what the company is claiming, anyway, as it joins the Consumer Privacy Legislative Forum. This group would do away with the contradictory and sometimes incomplete mess of regulatory state laws, and enact a federal law in their place.
Young Programmer Develops Security Solutions
It seems that far too many gifted young programmers choose to act as hackers. It's a way to make a name for themselves (of a sort), and causing damage has an undeniable appeal to some people. But Ivan Sergeev has taken a different approach - he's become one of the good guys.
Yamanner Leads New Threat
Last week, a new worm known as "Yamanner" spread through Yahoo's e-mail system. The problem was solved in short order and did relatively little damage while it still existed. What's more troubling is how the worm spread-when users opened just the e-mail itself, not any attachments, it sprang into action-and the strong possibility that more could follow suit.
Google Pages Used To Host Trojan Horse
The security vendor Websense sent out a warning on Friday that Google's Web page hosting service, known as Google Pages, was being used to host a Trojan horse. It is believed the discovery was made before the malware's author(s) could launch an attack.
Kaspersky: Anti-Virus Ball In Microsoft’s Court
Eugene Kaspersky, the head of Anti-Virus Research at Kaspersky Lab, believes that Microsoft, criminals, and malware will determine the future of the anti-virus industry. More specifically, he hopes that the former will help limit and crack down on the latter two.
Opinions Vary On Microsoft's Forefront
Microsoft raised eyebrows as it introduced the Forefront line of security products on Monday. This represents a much larger shift towards security on the part of the software giant, but also puts the company in the delicate position of trying to sell fixes for its own products.
Losses Due To Cybercrime Decrease
Is cybercrime becoming a thing of the past? In short, no. Respondents to a survey by the Computer Security Institute (CSI) and the FBI reported an average of $168,000 in cybercrime losses. But that's down 18 percent from 2005, and is part of a four-year trend of lowering numbers.
Symantec Makes $2 Billion Convertible Debt Offering
Symantec has announced a $2 billion convertible debt offering, and it will use the proceeds to buy back about $1.5 billion of common stock. Symantec said it will issue separate stock-purchase warrants. The news caused RBC Capital Markets to raise its earnings for the security company.
Worm Attacks Yahoo E-mail Service
The security specialist Symantec Corp. has issued a warning about a worm targeting Yahoo's e-mail service. The worm only requires that the e-mail containing it be opened - whereas most worms are located in attachments - but Symantec says the impact has been low.
Microsoft Offers Live Labs Security Products
Microsoft is continuing to expand its security-related offerings as it adds two beta projects, Microsoft Live Labs Security Token Service and Microsoft Live Labs Relay Service, to its lineup.
Survey Reveals Security Doubts
A new security survey from Datalink showed a disturbing number of "technology decision makers" feel vulnerable to network, host, and storage security breaches. These results come in the midst of a rash of news stories about stolen laptops, lost data tapes, and hacked customer information.
Microsoft Antigen Secures Enterprise Messaging
Microsoft launched five enterprise e-mail security products, collectively known as the Antigen line, this Tuesday. The effort represents Microsoft's first endeavor in corporate security in over a year.
Mossberg Slaps Symantec's Wrist
Although computer users are concerned about security, they're not willing to go to too much trouble to ensure their safety. That's the conclusion reached by Walt Mossberg and the heads of Symantec and RSA Security at the Wall Street Journal's D: All Things Digital conference.
ASLR Joins Vista's Bag Of Tricks
Microsoft Windows Vista Beta 2 has been equipped with a security feature that should help protect the system against buffer overrun exploits. The addition of Address Space Layout Randomization (ASLR), which is known more for being used in the open-source world, is part of a larger strategy to make automated attacks on Vista more difficult to execute.
EU Takes Action Against Cybercrime, Spam
The European Union is planning to strengthen measures against hackers, cyber crime, and even spam. A plan formulated by the European Commission hopes to address the former two problems by sending out alerts about breaches of Internet security.
Online Bill Pay Growing More Popular, And Safer
According to recent surveys, more people than ever before are paying their bills online. This practice may be safer than it was in the past, as well-data also indicated that individuals who pay their bills online have a lower chance of having their identities stolen.
Vista UAC Offers Protection, Headaches
In the beta version of Windows Vista, many users have found the User Account Control (UAC) to be little more than a nuisance. A large number of them have apparently disabled the feature, which is designed to protect the computer. But there are other, and better, options than that strong measure.
Iskorpitx Strikes Again
Type the word "Iskorpitx" into Google, and see what you get. Exactly the same word spit back at you, except from any number of different sites. That's because Iskorpitx is the handle of a hacker who recently committed the biggest hacking incident in web-hosting history. Those search results are the graffiti he left.
IT Security Pros Unhappy
IT security professionals are feeling undervalued lately. According to a Dark Reader survey, 80 percent of security specialists received a raise of 10% or less last year, which represents somewhat less than the overall increase on IT spending of 15% (a figure supplied by the Robert Half International human resources research firm).
|
|
iEntry 10th Anniversary
RSS
Archive
