July 2006 - Posts

New Bot-Powered eBay Scam Uncovered


Scammers are using bots to create bogus eBay accounts that boast trustworthy profiles in a new scheme to rip off buyers, a security company said Monday.

The scam, said Sunnyvale, Calif.-based Fortinet, is a new twist on an old con where criminals set up bogus auctions, rake in the proceeds, and then scram, never intending to ship anything to buyers.

TechWeb

Posted Mon, Jul 31 2006 18:04 by Don
Filed under:

New threat from 'suicide' virus


The latest threat to intellectual property comes in the shape of malicious software (malware) that is capable of infecting a computer, hiding itself until the user accesses specific files or Web sites--in order to steal files or passwords--and then deleting any trace of itself.

ZDNet
Posted Mon, Jul 31 2006 13:46 by Don
Filed under:

eBay, PayPal Users Hit Hardest By Phishing


Three out of every four phishing attacks target users of online auctioneer eBay and its electronic payment system PayPal, a security company said Thursday. Of the phishing e-mails captured so far in 2006 by U.K.-based Sophos' network of spam traps -- often called "honeypots" -- 54.3 percent took aim at PayPal users and 20.9 percent tried to dupe users of eBay.

TechWeb
Posted Mon, Jul 31 2006 10:31 by Don
Filed under:

Response Speed Is Key with Stolen Laptops



News Analysis: After a laptop goes missing, companies must rush to determine the severity of the incident based on the data involved, and decide who to call first for outside help.

It's the call that no IT manager wants to receive, but one that's clearly ringing bells across the world of enterprise security: An employee's laptop computer has been stolen, and it may contain sensitive data.

eWeek
Posted Mon, Jul 31 2006 6:31 by Don
Filed under:

Yahoo! and Symantec Join Forces to Protect Consumers Online


Yahoo! Inc. (Nasdaq:YHOO), a leading global Internet company, and Symantec Corporation (Nasdaq:SYMC), the leading security software company, are partnering to offer Internet security services to hundreds of millions of Yahoo! and Symantec customers worldwide. Launching today, Norton Internet Security provided by Yahoo! is designed to give consumers the confidence to travel the Internet freely by helping to protect from viruses, hackers, spyware and spam.

Read story at creativepro.com
Posted Mon, Jul 31 2006 6:25 by Don
Filed under:

Microsoft to Push IE7 as an Automatic Update?


Microsoft to push IE7 as an automatic update by ZDNet's Ed Bott -- If you’re a Microsoft product manager and you want to make sure that the latest version of Internet Explorer gets on as many computers as possible, how do you handle the upgrade? Why not deliver it automatically? That’s the thought process behind today’s announcement that IE7 will be offered to as a High Priority update to anyone who has Automatic Updates turned on.


Posted Sun, Jul 30 2006 6:51 by Don | 1 comment(s)
Filed under:

FAQ: JavaScript insecurities


Web sites are becoming more interactive thanks to JavaScript, but the increased use of the decade-old scripting language is raising security questions.

JavaScript is playing a major role in the Web 2.0 boom, which is causing a splash as it stretches the boundaries of what Web sites can do. But malicious JavaScript, especially in combination with increasingly common Web site security flaws, could lead to insidious Web-based attacks, security experts warn.

Read story at news.com


Posted Sun, Jul 30 2006 5:18 by Don
Filed under:

The security risk in Web 2.0


Web 2.0 is causing a splash as it stretches the boundaries of what Web sites can do. But in the rush to add features, security has become an afterthought, experts say.

Story at news.com

Posted Fri, Jul 28 2006 13:41 by Don
Filed under:

U.S. Army requires trusted computing


The U.S. Army will open its second purchase period this year for small computers, requiring that all systems have specialized hardware designed to add strong data security to the system.

Known as the Trusted Computing Platform, the hardware specification uses encryption and specialized memory to secure a computer's data, allowing only the application that created a file to access that data and allowing hard drive data to be locked to a specific computer, for example.

Read story at securityfocus.com
Posted Fri, Jul 28 2006 13:36 by Don
Filed under:

Social-networking sites rife with wormable flaws


An audit of two popular social-networking sites found a dozen wormable vulnerabilities in less than an hour, a researcher for antivirus firm F-Secure stated on Thursday.

The company performed the research following three high-profile security incidents targeting popular social-networking site MySpace in the last year. Most recently, a banner ad on MySpace compromised almost 1.1 million computers, according to analysts at VeriSign's security consultancy, iDefense.

Read story at securityfocus.com


Posted Thu, Jul 27 2006 18:44 by Don
Filed under:

Mozilla Firefox Multiple Vulnerabilities


Description:
Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a user's system.

1) An error within the handling of JavaScript references to frames and windows may in certain circumstances result in the reference not being properly cleared and allows execution of arbitrary code.

The vulnerability only affects the 1.5 branch.

2) An error within the handling of Java references to properties of the window.navigator object allows execution of arbitrary code if a web page replaces the navigator object before starting Java.

The vulnerability only affects the 1.5 branch.

3) A memory corruption error within the handling of simultaneously happening XPCOM events results in the use of a deleted timer object and allows execution of arbitrary code.

The vulnerability only affects the 1.5 branch.

4) Insufficient access checks on standard DOM methods of the top-level document object (e.g. "document.getElementById()") can be exploited by a malicious web site to execute arbitrary script code in the context of another site.

The vulnerability only affects the 1.5 branch.

5) A race condition where JavaScript garbage collection deletes a temporary variable still being used in the creation of a new Function object may allow execution of arbitrary code.

The vulnerability only affects the 1.5 branch.

6) Various errors in the JavaScript engine during garbage collection where used pointers are deleted and integer overflows when handling long strings e.g. passed to the "toSource()" methods of the Object, Array, and String objects may allow execution of arbitrary code.

7) Named JavaScript functions have a parent object created using the standard "Object()" constructor, which can be redefined by script. This can be exploited to run script code with elevated privileges if the "Object()" constructor returns a reference to a privileged object.

8) An error within the handling of PAC script can be exploited by a malicious Proxy AutoConfig (PAC) server to execute script code with escalated privileges by setting the FindProxyForURL function to the eval method on a privileged object that has leaked into the PAC sandbox.

9) An error within the handling of scripts granted the "UniversalBrowserRead" privilege can be exploited to execute script code with escalated privileges equivalent to "UniversalXPConnect".

10) An error can be exploited to execute arbitary script code in context of another site by using the "XPCNativeWrapper(window).Function(...)" construct, which creates a function that appears to belong to another site.

The vulnerability only affects the 1.5 branch.

11) A memory corruption error when calling "nsListControlFrame::FireMenuItemActiveEvent()", some potential string class buffer overflows, a memory corruption error when anonymous box selectors are outside of UA stylesheets, references to removed nodes, errors involving table row and column groups, and an error in "crypto.generateCRMFRequest" callback may potentially be exploited to execute arbitrary code.

12) An error within the handling of "chrome:" URI's can be exploited to reference remote files that can run scripts with full privileges.

Solution:
Update to version 1.5.0.5.
http://www.mozilla.com/firefox/

http://secunia.com/advisories/19873/
Posted Thu, Jul 27 2006 12:40 by Don
Filed under:

Trojan Spoofs Firefox Extension, Steals IDs


An identity-stealing keylogger that disguises itself as a Firefox extension and installs silently in the background was discovered Tuesday by security vendor McAfee.

According to the Santa Clara, Calif.-based company, the "FormSpy" Trojan horse monitors mouse movements and key presses to steal online banking or credit card usernames and passwords, other login information, and URLs typed into Firefox, the popular open-source browser. Another component of the Trojan sniffs out passwords from ICQ and FTP sessions, and IMAP and POP3 traffic, said McAfee. All collected information is sent to an IP address hard-coded into the Trojan.

TechWeb


Posted Wed, Jul 26 2006 17:49 by Don
Filed under:

Mac apps whacked by flaw finders


A short analysis of Apple's flagship operating system published on Monday found that researchers discovered fewer vulnerabilities in the core software in the first half of this year than during the same period in 2005, but that applications vulnerabilities skyrocketed.

The analysis--penned by Claudiu Dumitru, a security researcher at antivirus firm Kaspersky--found that flaw finders uncovered 24 vulnerabilities in the core Mac OS X operating system during the first six month of this year, compared to 38 vulnerabilities in the first half of 2005.

SecurityFocus


Posted Wed, Jul 26 2006 6:36 by Don
Filed under:

Attack code puts Windows PCs at risk


Two new pieces of computer code that could spawn attacks on Microsoft Windows PCs have been released onto the Internet, security companies have warned.

The first exploit code takes advantage of a "critical" flaw in the Windows Dynamic Host Configuration Protocol, or DHCP, client, according to a customer alert sent out by the French Security Incident Response Team on Monday. Microsoft released a fix on July 11 for the problem, Symantec said in its own advisory for subscribers.

Read story at news.com


Posted Tue, Jul 25 2006 18:39 by Don
Filed under:

U.S. Atop 'Dirty Dozen' Spam List


The U.S. again snatched the top prize as the world's leading spam throughway for the third year in a row.

The good news is that the amount of spam channeled through computers in the U.S. is down significantly, dropping from about 56 percent of the worldwide total in 2004, according to a report just released by security solutions provider Sophos Plc.

Read story on internetnews.com

Posted Tue, Jul 25 2006 15:05 by Don
Filed under:

Ransomware getting harder to break


Hackers may soon be pushing out ransomware packages so complex that they're beyond the decryption capabilities of the anti-virus industry, according to a study by Russian anti-virus firm Kaspersky Lab.

The report, Malware Evolution: April – June 2006, Hidden Wars, states that the creators of so-called ransomware packages are making the lives of security researchers more difficult by using more powerful and sophisticated encryption algorithms. Ransomware packages use malicious code to gain control of user files, encrypt them and threaten users that they won't see these files again unless they hand over a cash "ransom" to hackers.

Read story at Channel Register


Posted Tue, Jul 25 2006 8:28 by Don
Filed under:

Yahoo, Symantec debut Net security service


Yahoo and Symantec unveiled a joint consumer Internet security service Monday that will help the two companies compete against major rivals such as Google and Microsoft.

The two companies said they would offer Symantec's Norton Internet Security product directly to Yahoo customers in an expected deal that expands an ongoing partnership and seeks to take advantage of growing consumer demand for more Internet protection

Read the News.com story
Posted Tue, Jul 25 2006 5:36 by Don
Filed under:

Office Exploits Reveal New Direction In Attack Strategies


The recent run of publicized vulnerabilities in Microsoft Office and subsequent threats from malicious documents demonstrate that attackers are automating their hunt for exploits and turning toward targeting people, not systems, a security researcher said Monday.

The three months of Office vulnerabilities -- which started in May with Word, then spread in June and July to Excel and PowerPoint, respectively -- demonstrate a shift in tactics, said Alfred Huger, senior director of engineering with Symantec's security response group.

TechWeb


Posted Mon, Jul 24 2006 15:38 by Don
Filed under:

A month of browser bugs


Scott Granneman looks at the virtues and pitfalls of browser fuzzing and the overwhelmingly positive impact it has on the security community.

SecurityFocus
Posted Mon, Jul 24 2006 12:40 by Don
Filed under:

Agencies to Teach Cybersecurity Protection


Federal scientists who study how hackers try to break into computer-based controls for nuclear reactors and other automated industrial systems are passing the secrets on to the private operators of such facilities.

The U.S. Department of Energy and U.S. Department of Homeland Security will sponsor free classes in protecting remote controls of critical infrastructure during an international cybersecurity summit in Las Vegas Sept. 28-30.

Story...

Posted Mon, Jul 24 2006 10:54 by Don
Filed under:
More Posts Next page »