Security Fix
Main
Security
Anti-MalwareMalware
MSNBC Security
Security Fix
Security World News
Random Feeds
Archives
| Jul 2011 | Jun 2011 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 | Feb 2009 | Jan 2009 | Dec 2008 | Nov 2008 | Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 |Sat, 29 Aug 09
Snow Leopard's Anti-Malware Feature
http://feeds.voices.washingtonpost.com/click.phdo?i=f30b72941fdc0c60a112de00f5b720e5
Apple has long maintained that Mac users don't need to worry about viruses and other malicious software. So it's hardly surprising that many media outlets have seized upon revelations that Snow Leopard, the newest version of Apple's OS X operating system, detects and warns users about certain types of malicious software designed to attack Macs. Snow Leopard went on sale Friday and I haven't had a chance to fiddle with it yet (I'm hoping to tackle this over the weekend). By most accounts this anti-malware feature is fairly limited, with the caveat that it could quite easily be expanded to accommodate future security threats to the Mac platform. A blog entry from computer security firm Sophos includes a clever video showing the performance of the Snow Leopard feature alongside the company's own security software built for the Mac. Graham Cluley, a senior technology consultant at Sophos, said Snow Leopard's ability
Fri, 28 Aug 09
Phishing Attacks on the Wane
http://feeds.voices.washingtonpost.com/click.phdo?i=aaa0ba656b54c96498a33020fb2a2c04
Phishing attacks have fallen out of favor among cyber crooks who make a living stealing personal and financial information, according to a report released this week by IBM. Instead, attackers increasingly are using malicious Web links and password-stealing Trojan horse programs to filch information from victims, the company found. The analysis from X-Force, IBM's security research and development division, notes that Trojan horse programs are taking the place of phishing attacks aimed at financial targets. The company found that throughout 2008, phishing volume was, on average, 0.5 percent of overall spam volume. In the first half of 2009, however, phishing attacks fell to an average of 0.1 percent of spam volume. The targets of phishing attacks also changed, IBM says: In the first half of 2009, 66 percent of phishing schemes targeted the financial industry, down from 90 percent in 2008. I looked at the number of phishing sites tagged
Fri, 28 Aug 09
U.K. Govt: Spammers Before Downloaders?
http://feeds.voices.washingtonpost.com/click.phdo?i=747b536fa89aa75b3eaddfd4efef05b4
The British government plans to suspend the Internet accounts of residents suspected of downloading pirated music and films, according to news reports. But the latest figures on the geographic location spam-spewing zombie PCs suggest the U.K. government might do better to start by disconnecting the nation's most notorious uploaders. The Associated Press reports that plans announced Tuesday by the British Treasury Minister include blocking access to download sites, and temporarily suspending users' Internet accounts. The story didn't say how many of Britain's estimated 48.7 million Internet users are suspected of being serial music and movie downloaders. But Security Fix reviewed the 8.8 million Internet addresses around the globe that are on Spamhaus.org's composite block list -- which tracks connections that show strong signs of being spam relays -- and found that roughly 60,000 U.K. systems currently are blasting junk e-mail to the rest of the world on behalf of spammers.
Thu, 27 Aug 09
Microsoft Expands Office Anti-Piracy Program
http://feeds.voices.washingtonpost.com/click.phdo?i=da94efbcd46779b3535edc0e7a7f4299
Microsoft expanded its anti-piracy program this week, shipping a new software update that checks whether Office users are running a licensed or pirated version of the productivity suite. Windows users who have Automatic Updates turned on probably have by now noticed at least one new update available from Redmond. The patch represents the next phase of the Office Genuine Advantage (OGA) anti-piracy pilot program Microsoft launched last year. Microsoft says the update is being gradually rolled out to different countries, so the update will not be available to everyone at the same time. The program checks against Office XP, Office 2003, and Office 2007 installations. Even users who have Automatic Updates set to download and install patches for them will need to approve a license agreement before the OGA patch will fully install. That's a good thing, too, because according to Microsoft, this patch cannot be removed once it is
Wed, 26 Aug 09
Businesses Reluctant to Report Online Banking Fraud
http://feeds.voices.washingtonpost.com/click.phdo?i=155d16293c80b2fd79aa62c3d6c148a2
A confidential alert sent on Friday by a banking industry association to its members warns that Eastern European cyber gangs are stealing millions of dollars from small to mid-sizes businesses through online banking fraud. Unfortunately, many victimized companies are reluctant to come forward out of fear of retribution by their bank. According to the alert, sent by the Financial Services Information Sharing and Analysis Center (FS-ISAC), the victims of this type of fraud tell different stories, but the basic elements are the same: Malicious software planted on a company's Microsoft Windows PC allows the crooks to gain access to the victim's corporate bank account online. The attackers wire chunks of money to unwitting and in some cases knowing accomplices in the United States who then wire the money to the fraudsters overseas. As grave as that sounds, the actual losses from this increasingly common type of online crime almost certainly
Tue, 25 Aug 09
Tighter Security Urged for Businesses Banking Online
http://feeds.voices.washingtonpost.com/click.phdo?i=9ac7b06463a4f87f0e2ef2aa7421f74f
An industry group representing some of nation's largest banks sent a private alert to its members last week warning about a surge in reported cybercrime targeting small to mid-sized business. The advisory, issued by the Financial Services Information Sharing and Analysis Center, recommends that commercial banking customers take some fairly rigorous steps to secure their online banking accounts. For example, the group recommends that commercial banking customers "carry out all online banking activity from a standalone, hardened, and locked-down computer from which e-mail and Web browsing is not possible." Such a system might be a virgin install of Windows with all the proper updates, using something like Microsoft steady state. Even smarter would be a Mac, or some flavor of Linux, or even a Live CD distribution of Linux (after shutdown, all changes are erased). Why take such extreme precautions? The alert indicates that the sophistication, stealth, and sheer volume
Tue, 25 Aug 09
Malware Writers: Will That Be OS X, or W?
http://feeds.voices.washingtonpost.com/click.phdo?i=ef90e84f7e832b356f7560edd726ab79
Security researchers increasingly are finding that sites designed to trick the visitor into installing malicious software will serve different malware depending on whether the visitor arrives at the page using a Microsoft Windows PC or a Mac. Trend Micro researcher Ivan Macalintal recently found a new variant of the dreaded DNS changer Trojan that checks to see which operating system the visitor's Web browser appears to be riding on, and then offers the appropriate Windows- or Mac-based installer. The malware was masquerading as a pirated version of Foxit Reader and several anti-virus applications. This follows a similar finding last month by McAfee, which spotted the same tactic being used at sites that try to trick the user into installing a browser plug-in supposedly needed to view online videos: The bogus plug-in was offered as a ".exe" file for Windows visitors, and a ".dmg" installer file for those who browsed the
Thu, 20 Aug 09
TwitBlock Helps Root Out Spammy Followers
http://feeds.voices.washingtonpost.com/click.phdo?i=c46d9d43a44e1e4ee4a46ff1b8a05255
Those of you who use Twitter know how quickly one can accumulate unknown "followers," people who sign up to receive updates on their Twitter pages whenever you post a Tweet. Unfortunately, it's not uncommon to find that a number of those unknown followers aren't really people at all, but fake profiles designed to draw visitors away from your profile to adult Web sites and other dicey online destinations. A new service called TwitBlock makes this task of separating spam from fan an interesting and fun - if not always accurate - exercise (hat tip to Mashable). TwitBlock uses OAuth, an open authentication protocol that allows users to approve an application to act on their behalf without sharing their password. More information on using OAuth is available here. The criteria by which TwitBlock rates the spamminess of a Twitter follower is explained here. TwitBlock is still in alpha mode, meaning it
Tue, 18 Aug 09
TJX Hacker Indicted in Heartland, Hannaford Breaches
http://feeds.voices.washingtonpost.com/click.phdo?i=c5b680fd611c4d3972ad67a28b941257
A federal grand jury has indicted three individuals for allegedly hacking into credit and debit card payment processing giant Heartland Payment Systems last year, as part of an investigation the Justice Department is calling the largest identity theft case ever prosecuted. According to indictments returned Monday in a New Jersey federal court, the government believes the same individuals were involved in a string of high-profile data breaches between October 2006 and May 2008, including intrusions at Hannaford Brothers Co., and 7-Eleven, Inc. In total, the government alleges the hackers stole data on more than 130 million credit and debit cards from Princeton, NJ-based Heartland. Read the full story, at this link here. A copy of the indictment is available here.
Tue, 18 Aug 09
Security Patch Catchup: Java, Safari & OS X
http://feeds.voices.washingtonpost.com/click.phdo?i=8340fe9b7ede53d45afed88e1796e3d1
Security Fix took a mini-vacation last week, but that's all it takes to fall behind in important software security updates. Here's a quick pointer to some recent updates that have recently happened. The last time I wrote about Java updates was at Update 13, but as several readers have pointed out, the latest version is now Update 16. Near as I could tell, Updates 14 and 16 did not include security updates. Indeed, Java maker Sun Microsystems says users who have Java SE 6 Update 15 have the latest security fixes and do not need to upgrade to version 16 to be current on security fixes. However, Update 15 shipped fixes for a number of serious security holes, so if you've got an earlier version of this program installed, take a few minutes to update. Don't know whether you have Java or what version you may have? Visit this link.
Wed, 12 Aug 09
Microsoft Fixes 19 Windows Security Flaws
http://feeds.voices.washingtonpost.com/click.phdo?i=855a0aff6f4421a9fa667ee067d1b404
Microsoft today issued a raft of software updates to plug at least 19 security holes in its various Windows operating systems and other software, 15 of which earned the company's most dire "critical" rating. This month's batch of patches fix some fairly dangerous flaws. Redmond labels a security flaw "critical" if attackers could use it to seize control over a vulnerable system without any help from the victim. What's more, a dozen of the flaws earned the highest rating on Microsoft's "exploitability index," which is the software maker's best estimation of the likelihood that criminals will soon develop reliable ways to exploit them to break into Windows-based machines. Patches are available for Windows 2000, XP, Vista, Windows Server 2003 and Windows Server 2008. Microsoft said none of the vulnerabilities affect Windows 7, its newest operating system. Windows users can download the updates from Windows Update or via Automatic Updates Many
Fri, 7 Aug 09
Hackers Target House.gov Sites
http://feeds.voices.washingtonpost.com/click.phdo?i=f5ecd77d586886af5d661bdb190b8009
Hackers broke into more than a dozen Web sites for members of the U.S. House of Representatives in the past week, replacing portions of their home pages with digital graffiti, according House officials. The landing pages at house.gov for Reps. Duncan Hunter (R-Calif.), Jesse L. Jackson, Jr. (D-Ill.), and Spencer Bachus (R-Ala.) were among at least 18 member pages that were defaced in a series of break-ins that apparently began earlier this month, according to zone-h.com, a site that archives evidence of Web site attacks. Adam Bozzi, a spokesman for Rep. Harry Mitchell (D-Ariz.), confirmed that Mitchell's site was among those hacked. Bozzi said it appears the attackers broke in by guessing passwords used to administer the site. Bozzi said the messages that the hackers left behind had been erased, and that his office now has stronger passwords for the site. The hackers replaced portions of the member pages with
Thu, 6 Aug 09
Researchers: XML Security Flaws are Pervasive
http://feeds.voices.washingtonpost.com/click.phdo?i=513834783a61e8ac137f05510adf49a0
Security researchers today unveiled details about a little-known but ubiquitous class of vulnerabilities that may reside in a range of Internet components, from Web applications to mobile and cloud computing platforms to documents, images and instant messaging products. At issue are problems with the way many hardware and software makers handle data from an open standard called XML. Short for "eXtensible Markup Language," XML has been used for many years as a fast and efficient way to transport, store and structure information across a wide range of often disparate applications. Researchers at Codenomicon Ltd., a security testing company out of Oulu, Finland, say they found multiple critical flaws in XML "libraries," chunks of code that are typically used and re-used in software applications to process XML data. Codenomicon is a spinoff from the University of Oulu, and is run by many of the same individuals who in 2001-2002 found and
Wed, 5 Aug 09
Twitter Tries to Tame Tainted Links
http://feeds.voices.washingtonpost.com/click.phdo?i=2dbb83f368dfcb0e76ce90ba6e8f6dff
Faced with a recent surge in the number of malicious software programs using its micro-blogging service to spread, Twitter is making an effort to block users from posting links to known malicious Web sites. The initiative, first noted in a blog posting by Finnish anti-virus maker F-Secure Corp., involves the use of Google's Safe Browsing program, which the search giant uses to prevent Internet users from visiting Web sites that Google's bots have flagged for installing malicious software. "Our Safety and Security team has been using the Safebrowsing API for many months," Twitter co-founder Biz Stone wrote in a reply to an inquiry by Security Fix. Web sites flagged in Google searches by the Safe Browsing bots are generally accompanied by a warning under the search result listing that reads: "This Site May Harm Your Computer." If you ignore that warning and click the link anyway, Google will try to
Wed, 5 Aug 09
Security Updates for iPhone, Adobe Reader
http://feeds.voices.washingtonpost.com/click.phdo?i=f15f1f2e8a23424a600af6ec55d5856c
Apple has issued a security update for the iPhone. The patch fixes a vulnerability demonstrated recently at a hacker conference in Las Vegas, where security researchers showed they could hijack an iPhone simply by sending it a series of booby-trapped text messages. Apple's patch comes in response to research revealed at last week's Black Hat security conference, by well-known Apple hacker Charlie Miller and co-presenter Collin Mulliner, a Ph.D. student in telecommunications security at the Technical University of Berlin. The two showed that a specially designed text-message barrage could allow attackers to hijack various iPhone core functions, such as making calls and turning on the device's microphone and camera. The update is available only through iTunes, which should auto-detect that the update is available. If it doesn't, or you don't want to wait around for an auto-update notice (Apple says that process can take up to a week), click the
Sat, 1 Aug 09
Following the Money: Rogue Anti-virus Software
http://feeds.voices.washingtonpost.com/click.phdo?i=bae7b9320ec00228b80a045ccf71ed84
By its very nature, the architecture and limited rules governing the Web make it difficult to track individuals who might be involved in improper activity. Cyber-sleuths often must navigate through a maze of dead-end records, pseudonyms or anonymous corporations, usually based overseas. The success rate is fairly low. Even if you manage to trace one link in the chain -- such as a payment processor or Web host -- the business or person involved claims that he or she was merely providing a legal service to an unknown client who turns out to be a scammer. But every so often, subtle links between the various layers suggest a more visible role by various parties involved. This was what I found recently, when I began investigating a Web site name called innovagest2000.com. This Innovagest2000 domain has for at least four years now been associated with spyware and so-called "scareware," surreptitiously installed