Thursday, January 31, 2008

AntiVir Scores Highly in A/V Test

AV-Test in Germany is one of the top research facilities in the world for testing anti-malware protection. Over the years we have published many test results of theirs, and we have some fresh ones now.

Read the article HERE.

New attack proves critical Windows bug

Security researchers yesterday said they'd discredited Microsoft's claim that the year's first critical Windows vulnerability would be "difficult and unlikely" to be exploited by attackers. On Tuesday, Immunity updated a working exploit for the TCP/IP flaw spelled out in Microsoft's MS08-001 security bulletin, and posted a Flash demonstration of the attack on its Web site.

Read the article HERE.

Information is our only security weapon

Computer security expert Bruce Schneier took a swipe at a number of sacred cows of security including RFID tags, national ID cards, and public CCTV security cameras in his keynote address to (currently being held in Melbourne, Australia). These technologies were all examples of security products tailored to provide the perception of security rather than tackling actual security risks, Schneier said. The discussion of public security — which has always been clouded by emotional decision making — has been railroaded by groups with vested interests such as security vendors and political groups.

Read the article HERE.

Terror suspects hone anti-detection skills

In an age of spy satellites, security cameras and an Internet that stores every keystroke, terrorism suspects are using simple, low-tech tricks to cloak their communications, making life difficult for authorities who had hoped technology would give them the upper hand.

Read the article HERE.

Mozilla ups Firefox bug threat

Mozilla bumped up the threat ranking for an unpatched Firefox bug to "high" yesterday, but promised a fix is coming in Version, now slated for release on Feb 5.

Read the article HERE.

Spammers dive into Google's lucky dip

Google's "I'm feeling lucky" button was designed to save web searchers time by automatically opening the first page of a query. It turns out the feature, and similar ones from other search engines, are increasingly helping junk mailers get around anti-spam products.

Read the article HERE.


Coming across a PHP RFI (Remote File Inclusion) exploit is an everyday event. (At least if you're analyzing malware…) Typically, most of the exploits we see install a web-based backdoor such as the C99 shell for the attacker to use. Every once in a while we run into something more sinister.

Read the article HERE.

How much to stop 'domain tasters'?

A proposal by the overseer of the Internet's addressing system could cut back on the practice of "domain tasting" and make it easier for people to reserve the domain names they want for their Web sites.

Read the article HERE.

Google's new Experimental Search

There's more information than ever on the web, and Google is testing some new ways to visualize it all. Ars evaluates Google's Experimental Search features which feature alternate views for search results and more.

Read the article HERE.

Wednesday, January 30, 2008

Encrypting VoIP Traffic With Zfone

Some people worry about the easy with which their voice communications may be spied upon. Laws like CALEA have made this simpler in some ways, and with roaming wiretaps even those not under direct investigation may lose their privacy. Phil Zimmermann , creator of PGP, has come up with a project called Zfone which aims to do for VoIP what PGP did for email.

watch the video HERE.

Exploit Could Taint Forensics

What if a hacker could taint your forensics investigation with an exploit? That's one of the scarier risks associated with cross-site request forgery (CSRF), a common and stealthy vulnerability found in many Web applications.

Read the article HERE.

Windows 7 fake spotted on BitTorrent

Pranksters have taken advantage of interest in the next version of Windows to post fake - but reportedly harmless - builds of Windows 7 on BitTorrent.

Read the article HERE.

To Open or Not to Open

Go on any security Web site and their best practices state that you should “never view, open, or execute any email attachment unless the attachment is expected and the purpose of the attachment is known.” But what if it’s your job to open attachments?

Read the article HERE.

Windows 7 hasn’t slipped to 2011

This is just a quick post to help guide those who aren’t used to Micro-speak.

Read the article HERE.

Tuesday, January 29, 2008

Unreal Test Rootkit

Unreal is Not malicious. This rootkit is not intended to be runned with Host Intrusion Prevention Systems. It is intended ONLY for testings with modern AntiRootkit software.

Read the article HERE.

Spies In the Phishing Underground

Both Nitesh and Billy are well-known security researchers that have recently managed to infiltrate the phishing underground. What started as a simple examination of phishing sites, turned into an extraordinary view of the ecosystem that supports the phishing effort that plagues modern day financial institutions and their customers.

Read the article HERE.

Studying Malware Analysis

There are very few places in the world where you can actually study malware analysis. We decided to do our small part to improve this situation and we're happy to announce that we've started a course at the Helsinki University of Technology.

Read the article HERE.


Software Tool Strips Windows Vista To Bare Bones
A free software tool that promises to strip down the Windows Vista operating system -- which even some Microsoft officials have called "bloated" -- to a minimalist state is attracting big interest on the Internet.

Read the article HERE.

Browser DOM Checker
A simple utility to thoroughly validate DOM, XMLHttpRequest, and cookie security restriction handling in modern web browsers. Notable features include exhaustive hierarchy crawling, cross-domain IPC system for blind write verification, page transition checks, and more. DOM Checker had been used to find a number of major security bypass and information disclosure problems in several popular browsers, and we had worked closely with vendors to resolve them (although it's worth noting that the tool still reports anywhere from 10 to 30 low-risk, design-related information disclosure issues in these programs).

Read the article HERE.

Metasploit version 3.1 adds iPhone support
Version 3.1 of exploit framework Metasploit has been released. The most important changes since version 3.0, released around 10 months ago, are a Windows graphical interface, numerous integrated tools and additional modules. In developing the GUI, which now provides a file and process browser, Metasploit developer H.D. Moore received support from security specialist Fabrice Mourron. The tools include the METASM suite, written in Ruby, which includes an assembler, disassembler, compiler, linker and debugger.

Read the article HERE.

TrueCrypt 5.0
Release scheduled for: February 4, 2008

Cyber Security Bulletins: Release Date - Jan 28

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT).

Read this weeks bulletin HERE.

Windows Home Server vulnerable

For the second time in three days, Microsoft added another product to the list of those vulnerable to a critical bug patched nearly three weeks ago. Windows Home Server, the company's newest operating system, is also at risk to the vulnerabilities spelled out by the MS08-001 security bulletin, according to a Friday update.

Read the article HERE.

News, Hints, Tips, Tricks & Tweaks

Read this weeks articles at WXPNews HERE.

Windows 7 won't be released next year

Contrary to all that is being said on the net, it clearly looks like Microsoft is NOT planning to release Windows 7 in 2009. Microsoft's official response, by an Email dated 26th January, 2008, to WinVistaClub states that Windows 7 is still in the planning stage and will take approximately 3 years to develop.

Read the article HERE.

Troubleshooting RPC across firewalls

Applications that want to talk to other servers will often use the Remote Procedure Call (RPC) infrastructure to communicate instead of inventing their own protocol. From an IT perspective this is a pain because we like known protocols with defined ports. From a development perspective this is nice because we don't want to write more code than we have to. More modern applications are going to take advantage of technologies like Windows Communications Foundation (WCF) which enables administrators to configure how the applications will talk, including the transport protocol (e.g. TCP, HTTP, custom protocols), along with the transport-specific properties (e.g. ports). While we wait for the uptake on WCF we will likely be stuck with RPC-based applications for quite some time. With that being the case it is best to understand how RPC works and the implications brought forth by firewalls.

Read the article HERE.

Untraceable or Uncatchable?

On Friday, I caught a showing of "Untraceable," a horror/thriller flick about a serial killer who relies on computer insecurity to help him broadcast his crimes onto the Internet. Far too many hacker movies completely flub the technical details, and from viewing the trailers I was certain this one would as well. But the film actually got most of its Internet facts right - nevermind the bit where the bad guy remotely hacks a car, or the laughably inaccurate point-and-click trap-and-trace capabilities of the FBI agent.

Read the article HERE.

Monday, January 28, 2008

RFID guinea pigs

The Halifax bank is enrolling unsuspecting customers in trials of a new generation of RFID-enabled bank cards, and trying to keep them in the program even if they have mis-givings about the wave and pay technology. PayWave allows punters to debit their account without having to enter a PIN or sign for goods valued at less than £10.

Read the article HERE.

Microchips Everywhere: a Future Vision

Here's a vision of the not-so-distant future: A seamless, global network of electronic "sniffers" will scan radio tags in myriad public settings, identifying people and their tastes instantly so that customized ads, "live spam," may be beamed at them.

Read the article HERE.

MSDN Magazine : February 2008

This month, look deep inside the workings of the CLR so that you can build your own compiler. See how to generate intermediate language instructions, get an understanding of language definition, the parser, creating a .NET assembly, and everything else you need to know to compile your language of choice to run in the CLR.

Read the magazine HERE.

Keeping your Linux desktop secure

One of the main reasons people move from Windows to Linux is the promise of greater security from malware on the Internet. Everyone knows you need to add extra security to try to keep a Windows desktop safe, but what do you have to do to accomplish the same thing on Linux? To answer that question, we asked a number of well-known Linux kernel hackers and a security expert for their thoughts on the matter.

Read the article HERE.

German Skype Trojans Revealed

Wikileaks has released documents from the German police revealing Skype interception technology. The leaks are currently creating a storm in the German press.

Read the article HERE.

Another Julie Amero situation developing?

Remember Julie Amero? Well, this time, the story is in Florida.

Read the article HERE.

Social Networking

Social networking sites are an increasingly popular way for people to keep in contact with friends, family and business colleagues. These sites offer a rich set of features that enable users to share personal information as well as videos, music, and images with members of their network—all in the name of keeping their contacts updated with what goes on in their lives. Although the ability to share information and multimedia files are among social networking sites’ greatest strengths, hackers see these assets as new vectors to attack unsuspecting users.

Read the article HERE.

My Friend Bill
I just signed up for a MySpace page. I’ve become very interested in social networking and it was time to join the fun. Once you create an account the next step is to add some friends to your network. So the first thing I decided to do was send an invite my friend Bill Gates.

Read the article HERE.

JaseZone? More like FakeZone
Well, we all know that there is a certain amount of risk we have to accept when we place personal information on a Web site, including the possibility that someone may use that information without your explicit permission.

Read the article HERE.

Sunday, January 27, 2008

MySpace riches come under attack

Anybody who says crime doesn't pay obviously hasn't talked to Sanford Wallace. In just six months' time, the prolific purveyor of spam and spyware engineered a scam on MySpace that netted at least $555,850, according to court documents filed this week.

Read the article HERE.

Spam and virus filtering for e-mail

Look beyond tools like SpamAssassin and Amavis to see how you can extend them and provide additional filtering facilities to lower the amount of spam hitting the e-mail boxes of your users. Most companies use spam and virus filtering services on their UNIX platforms, but there are some methods that you can use that help improve your filtering scores and might even eliminate spam reaching inboxes.

Read the article HERE.

Hacking Flash Memory

The major feature we are concerned about from a security point of view is that you cannot infinitely rewrite it. With normally memory and normal hard-disks, you can rewrite the contents trillions of times without concern. With flash memory, after rewriting data a few hundred thousand times, the block goes bad. It's quite easy to intentionally write a program that would continuously overwrite a block of flash until it failed.

Read the article HERE.

Web 2.0 Security

Web 2.0 is an umbrella term coined to include technologies used for providing user-centric web based services. Here, the services are architected and programmed so that they can be personalized and used dynamically. The architectural philosophy is called Service Oriented Architecture (SOA).

Read the article HERE.

Hollywood's 'Untraceable': Fact or fiction?

Former FBI Special Agent Ernest E.J. Hilbert II learned a lot about cybercrime before signing on to be the director of security enforcement at and when asked to look over a Hollywood script about cybercrime, he took on the challenge. The ironic thing, he points out, is that the fiction portrayed in the film (opening Jan. 25) is not so different from the facts he encountered on the job. Hilbert recently talked with Network World Senior Editor Denise Dubie about his past in law enforcement, his participation in "Untraceable" and why Americans need to become more aware of the dangers that lurk in cyberspace.

Read the article HERE.

Saturday, January 26, 2008

Work-At-Home Money Mule Scams

Money mules typically are recruited via spam or targeted e-mail. The recipient is often told the potential employer found her resume on and would he or she be interested in working a small number of hours per week to make anywhere from hundreds to thousands of dollars a week. The company usually represents itself as some kind of international finance operation or shipping company. In reality, most are fronts for cyber crime operations that are desperately seeking a constant stream of new recruits to help launder the proceeds of phishing scams and password-stealing computer viruses.

Read the article HERE.

Security and privacy aren't opposites

If there's a debate that sums up post-9/11 politics, it's security versus privacy. Which is more important? How much privacy are you willing to give up for security? Can we even afford privacy in this age of insecurity? Security versus privacy: It's the battle of the century, or at least its first decade. In a Jan. 21 New Yorker article, Director of National Intelligence Michael McConnell discusses a proposed plan to monitor all -- that's right, all -- internet communications for security purposes, an idea so extreme that the word "Orwellian" feels too mild.

Read the article HERE.

Malware authors target Mac

Cybercrooks are looking beyond PCs running Microsoft as targets for attack, with Macs increasingly in the firing line of hacker activity. That's according to the latest edition of the SophosSecurity Threat Report, which predicts that - based on early flaws with the inbuilt Safari browser - Apple's iPhone devices might also become targets in future.

Read the article HERE. hits back against AskEraser critics

Search engine vendor has come out swinging against several privacy advocacy groups over a complaint they filed last week with the U.S. Federal Trade Commission alleging that a new service called AskEraser isn't living up to its promise of deleting the search histories of Web users.

Read the article HERE.

Can you legislate for everything?

As a result of your draconian views the UK Computer Misuse Act now has a provision for criminally charging authors of legitimate security tools that are used by cyber criminals. Mr Harris I have news for you. For years the world has looked in with amusement as America passed laws to stop people wearing certain clothes (you can’t wear jeans low on your waist in parts of Louisiana for instance and even crazier restrictions exist in Utah). In this fair Isle we are all guilty of sniggering at the frequent reports of American cases where drink drivers sue their dinner party hosts for not providing soft drinks and fatties sue burger chains because they “made them” get fat.

Read the article HERE.

A Father's True Confession

A dozen years ago, David Kaczynski tipped the FBI that he suspected his brother, Theodore, was the Unabomber. It was an agonizing decision to out his estranged sibling, and even harder to come to grips with knowing that he was related to the most sought after domestic terrorist in U.S. history.

I am suffering a similar pain. Read the article HERE.

Friday, January 25, 2008

Prevent snooping on your Google searches

The following 10 websites are all hosted on the same server as and they are exact replicas of the main Google website - you cannot find a single difference unless you look at your browser address bar. And the URL names of these websites ("ABN Amro Bank Group", "I Love Your Robin", "United American Fund", etc) sound fairly ambiguous so your boss (or local ISP) will never feel that they you are doing a search on

Read the article HERE.

Free virus scanner for Macs

ClamXav is aimed at users who don't want to mess about with ClamAV on the command line and who are unwilling to pay for an anti-virus product. The program also includes a background process called Sentry that can monitor specific folders and automatically check all files arriving in them.

Read the article HERE.

Biggest privacy breach at MySpace to date

A 17-gigabyte file purporting to contain more than half a million images lifted from private MySpace profiles has shown up on BitTorrent, potentially making it the biggest privacy breach yet on the top social networking site. The creator of the file says he compiled the photos earlier this month using a MySpace security hole. That hole, still unacknowledged by the News Corporation-owned site, allowed voyeurs to peek inside the photo galleries of some MySpace users who had set their profiles to "private," despite MySpace's assurances that such images could only be seen by people on a user's friends' list.

Read the article HERE.

McAfee Avert Labs Blog

Good read today...
Is it Domain Tasting or Domain Misusing?
New Wine in a Old Bottle - StealthMBR Rootkit
A self-deprecating trojan author arrested
First ‘cyber-war’ hacker convicted in Estonia

Read the articles HERE.

Unencrypted data in the post

Today's story of a cretinous government data giveaway is brought to you by... the Ministry of Justice. On the scale of government ineptitude this hardly ranks alongside the loss of 25 million child benefit details last year, nor the loss of a laptop containing unencrypted details of members of the armed forces - but it is still serious. A story in this morning's Daily Mail revealed that four CDs were sent in the post and included details on 55 defendants and other restricted information, "potentially including" highly sensitive details of alleged victims of and witnesses to crimes.

Read the article HERE.

Mozilla security chief confirms bug in Firefox

Mozilla's chief of security has confirmed a vulnerability that could cause fully patched versions of Firefox to expose a user's private data.

Read the article HERE.

Is WPA2 more secure than WPA

AirDefense recently did a Wireless LAN security survey of New York City retailers where they declared two thirds of retailers insecure. According to the AirDefense survey, a third used zero link layer wireless LAN security and a third used “weak security”.

Read the article HERE.

Thursday, January 24, 2008's Privacy Tool Tracks Users

A coalition of privacy groups filed a federal complaint Saturday against, alleging that AskEraser - the company's recently unveiled search engine history anonymization tool - doesn't actually protect users' privacy and could be used to track people when they thought they were anonymous.

Read the article HERE.

Massive Java Update Includes Security Fixes

Sun has released another update to its Java software that brings some 370 bug fixes, including a number of security updates.

Read the article HERE.

Stealing Phish from Fraudsters

A recurrent group of Moroccan fraudsters calling themselves Mr-Brain has launched a website dedicated to offering easy-to-use phishing site code, email templates and other hacking tools. The website offers phishing kits for many of the most common targets, such as Bank of America, eBay, PayPal and HSBC. The tools and code provided by Mr-Brain are designed to make it extremely easy for other fraudsters to deploy realistic phishing sites. Only a very basic knowledge of programming is required to configure the PHP scripts to send victims' details to the fraudsters' chosen electronic mail address. Deploying one of these fully working kits can be done in as little as one minute – another factor that adds to their appeal.

Read the article HERE.

Skype blocks videos

Skype has completely deactivated the "Add video to chat" function in its client software to close a potential security hole in its Windows software.

Read the article HERE.

Antivirus reviews 2008

To make sure I'm insured for the next digital doomsday, over the past few weeks I've checked out all the major brands of antivirus software (latest versions till date). My poor PC had to go through a horrible degree of abomination, but in the end my finds were sure worth it.

Read the article HERE.

Latest antivirus test results from Andreas Marx
As always, good stuff from Andreas Marx of We have just finished a new comparison test of AV software. All products (in the "best" available Security Suite edition) were last updated on January 7, 2008 and tested on Windows XP SP2 (English).

Read the article HERE.

New versions of Apache web server released

The Apache Foundation has released Apache versions 2.2.8, 2.0.63 and 1.3.4, in which the developers have patched some vulnerabilities and numerous other errors not related to security.

Read the article HERE.

Wednesday, January 23, 2008

Comodo Firewall Still A Mess

My post back in November [Comodo Firewall Pro version 3 a disaster] began...."The long-awaited Comodo Firewall Pro version 3 was officially released on November 20. And it is a total flop". Nothing has changed. As a matter of fact, it gets worse. Scot’s Newsletter Blog reported that : "I have learned directly from Comodo executives that the Basic Firewall installation option of Comodo 3 does not offer any outbound leak protection whatsoever. They may add that protection in a future version of Comodo 3.x. The Basic Firewall option turns off Comodo 3’s Defense+HIPS module, which provides the leak protection for Comodo 3. The previous generation of the Comodo 2.4 provided anti-leak protection without the HIPS. And those that read my post are hopefully still using that version. Or have switched.

Live on the Web: Kevin Mitnick

After an absence of eight years, hacker Kevin Mitnick rediscovered the Web on Tuesday afternoon. He did exactly what everyone does when they first log on: He vanity surfed, wrestled with browser plug-ins and was assailed by pop-up porn ads.

Read the article HERE.

Confusing domain threatens Aussie users

A US-based anti-spyware company has registered the "" domain name, which experts fear could be used by cybercriminals to create more convincing phishing attacks.

Read the article HERE.

Cybercriminals moving beyond Microsoft

The report reveals that in 2007 organised criminal gangs for the first time arrived at Apple's doorstep with the intention of stealing money. With proof that hackers are extending their efforts beyond Windows, Sophos is warning computer users of all operating systems not to be complacent about security.

Read the article HERE.

Secrets 2 Encryption Tool Released

Originally introduced by the Global Islamic Media Front (GIMF), the second version of the Mujahideen Secrets encryption tool was released online approximately two days ago.

Read the article HERE.

Virtualization: What are the security risks?

Virtualization will become dominant in enterprises, but the security risks are fuzzy at best. Meanwhile, the usual defense–firewalls, security appliances and such aren’t ready for virtualization.

Read the article HERE.

Thanks for saying No to Ask

Our friend BillP of WinPatrol said "No to Ask Toolbar". Will Ad-Aware do the same?

Read the article HERE.

Fending off digital thieves

Within 10 hours on Jan. 9 - midnight to 10 a.m. - computer hackers lurking in cyberspace scanned Virginia Tech's computer networks 15,000 times, looking for a way to reach information, such as credit card or Social Security numbers, contained in some of the cabinet's drawers.

Read the article HERE.

51% Of Malicious Web Sites Are Hacked

The number of legitimate Web sites that have been hacked and seeded with code that tries to infect visitors PCs with malware now exceeds the number of sites specifically created by cyber criminals, according to a report released today.

Read the article HERE.

Tide is turning for web application firewalls

There is a long-running tradition in the web application firewall space; every year we say: "This year is going to be the one when web application firewalls take off!" So far, every year turned out to be a bit of a disappointment in this respect. This year feels different, and I am not saying this because it's a tradition to do so. Recent months have seen a steady and significant rise in the interest in and the recognition of web application firewalls. But why is it taking so long?

Read the article HERE.

Malicious worm hits Nokia handsets

Security vendor Fortinet has uncovered a malicious SymbianOS Worm that is actively spreading on mobile phone networks. Fortinet's threat response team warned that the worm, identified as SymbOS/Beselo.A!worm, is able to run on several Symbian S60 enabled devices. These include the Nokia 6600, 6630, 6680, 7610, N70 and N72 handsets.

Read the article HERE.

Tuesday, January 22, 2008

Do we need computer competence tests?

Indignation is the immediate response if you suggest to any computer user that they should be given a licence to use their PC only if they pass a test. Why is this? Every time some kid clicks on a phishing link and invokes a Trojan program, or some greedy idiot agrees to send their bank details to a bunch of crooks in Israel or Russia in the hope of getting hold of illegal cash, their computer gets compromised, and joins the army of "bots" which mean that legitimate businesses are fleeced of terrifying amounts of money by organised criminals.

Read the article HERE.

Yahoo Mail hacked by Russian researcher

Yahoo's system for preventing automated systems from registering web-based Yahoo Mail email accounts has been cracked by a Russian security researcher.

Read the article HERE.

Browser Toolbars Reviewed

Tonight I wanted to look at one of the least-discussed, but most popular set of tools on the web - the browser toolbar. Although toolbars have been around since the mid-1990's, their most dominant era (from the late '90's-early 2000's) has been interpreted as a sign of the toolbar's demise. But rumors of the toolbar's death are, in my opinion, premature.

Read the article HERE.

E-crime and Socioeconomic Factors

Interesting points by F-Secure with two main issues covered, namely the lack of employment opportunities for skilled IT people who turn to cyber crime to make a living, and the emerging economies across the globe, whose citizens in their early stages of embracing new economic models will suffer from the inevitable unequal distribution of income due to their government's lack of experience or motivation.

Read the article HERE.

Cyber Security Bulletins: Release Date - Jan 2

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT).

Read this weeks bulletin HERE.

News, Hints, Tips, Tricks & Tweaks

Read this weeks articles at WXPNews HERE.

Problems with Trend Micro Security Suite

You need to remove any of the following programs that may be installed in your computer. Having these products installed together with Trend Micro products could result to loss of Internet connection or slow computer performance.

Read the article HERE.

Monday, January 21, 2008

Another Skype vulnerability

Security researcher Aviv Raff has discovered and demonstrated a flaw within Skype that allows malicious code to be run under certain circumstances. The problem is caused by Skype's web control. The program uses Internet Explorer to render internal and external HTML, but does so using "Local Zone" security settings.

Read the article HERE.

RIAA Website Wiped Clean

Apparently the RIAA is so busy suing consumers that they forgot to hire a decent programmer. With a simple SQL injection, all their propaganda has been successfully wiped from the site.

Read the article HERE.

Autoupdate of IE7

Microsoft has warned corporate administrators that it will push a new version of Internet Explorer 7 their way next month, and it has posted guidelines on how to ward off the automatic update if admins want to keep the older IE6 browser on their companies' machines. The IE7 upgrade is scheduled to roll out via WSUS (Windows Server Update Services) on Feb. 12.

Read the article HERE.

PGP Updated to be a Good Citizen

PGP has updated a number of components in its flagship PGP Encryption Platform to improve performance, functionality and make it less obtrusive to the user.

Read the article HERE.

Secure VNC with Hamachi

The last time I wrote about VNC, several of you asked, "But why not easier-to-set-up solutions like" Well, mostly because VNC software is cross-platform and free (as in speech - no upsell). It works on the Mac, Linux and Windows - and it offers a level of granular control that you don't get with third party services in the middle. It does require some comfort with advanced networking concepts, though, and I hear LogMeIn (which owns Hamachi, coincidentally) is great, so don't let me stop you from going that route.

Ready to set up VNC with Hamachi? Here's how.

Encrypted Partitions in Ubuntu

In a previous article, I talked about using shred to securely delete files. Now we’ll delve into using encrypted volumes in Linux to secure our data in the first place, so that we don’t need to use programs like shred. Along the way, we’ll benchmark the raw performance of an encrypted volume and compare the results to an unencrypted volume and see just what kind of real world compromises we see.

Read the article HERE.

Who Invented the Firewall?

Nir Zuk says he developed the technology used in all firewalls today. David Pensak claims to have built the first commercially successful firewall. Marcus Ranum says his own reputation as inventor of the firewall is "marketing BS," and that David Presotto is the man.

Read the article HERE.

Sunday, January 20, 2008

600,000 is not a happy number

Data lost for 650,000 customers
A computer tape containing personal data of 650,000 customers of about 230 retailers including J.C. Penney is missing, credit card issuer GE Money said on Friday. Richard Jones, a spokesman for the General Electric unit, said a backup computer tape being stored at a facility operated by Iron Mountain, an information protection and storage company, had been lost. Jones added that Social Security numbers of about 150,000 people were also included on the tape.

Read the article HERE.

MoD loses data of 600,000 would-be recruits
The personal details of 600,000 people interested in joining Britain's armed forces have been lost after a laptop belonging to a Royal Navy officer was stolen, the Ministry of Defence disclosed tonight. It is the latest extraordinary data loss incident involving a Government department and potentially the most serious as recruits to the armed forces are targets for terrorists. The laptop containing the data was stolen from a vehicle parked overnight in the Edgbaston area of Birmingham on Jan 9 but was only made public late tonight.

Read the article HERE.

Yahoo CAPTCHA software cracked

A security researcher has claimed that Yahoo's system for blocking automated access to its systems - the CAPTCHA image-recognition system - has been effectively cracked.

Read the article HERE.

The Pirates Can't Be Stopped

This teenager hacked into the outfit charged with protecting companies like Sony, Universal, and Activision from online piracy—the most daring exploit yet in the escalating war between fans and corporate giants. Guess which side is winning.

Read the article HERE.

Cyberattacks Blacked Out Cities

Cyber-security experts have long warned of the vulnerability of critical infrastructure like power, transportation and water systems to malicious hackers. Friday, those warnings quietly became a reality: Tom Donahue, a CIA official, revealed at the SANS security trade conference in New Orleans that hackers have penetrated power systems in several regions outside the U.S., and "in at least one case, caused a power outage affecting multiple cities".

Read the article HERE.

Video - Mac DNS Changer Trojan

Unwanted Mac Software has been a recent topic. With that in mind, Patrik produced a video demonstration of Trojan:OSX/DNSChanger. THIS VIDEO demonstrates the results of the DNS changes made on a Mac OSX system.

Security and obscurity

Many of us are familiar with a concept know as security by obscurity. The term has quite negative connotations within the security community - often for the wrong reasons. There's little debate about whether security by obscurity is bad; this is true because it means the secret being hidden is the key to the entire system's security. Obscurity itself, however, when added to a system that already has decent controls in place, is not necessarily a bad thing. In fact, when done right, obscurity can be a strong addition to an overall approach.

Read the article HERE.

Analysis: Metcalfe's Law + Real ID = disaster

Not only are privacy and security not at odds with one another, but in a networked, database-driven world, they're virtually identical. Here's why Real ID will make a hash of both.

Read the article HERE.

Windows 7 set for late 2009 release

Several reports are claiming that an extremely early version of the next iteration of Windows has already made it into the hands of a few Microsoft partners.

Read the article HERE.

Saturday, January 19, 2008

Mexico and Africa to become malware hotspots

Central America, India, China and Africa are likely to become the hotspots of malware production and cybercrime over the next five years, according to an analysis by net security firm F-secure.

Read the article HERE.

'Hacker Safe' Web Sites Found Vulnerable

Computer scientists say that more than 60 sites certified as safe by McAfee's ScanAlert service have been vulnerable to cross-site scripting attacks.

Read the article HERE.

Scary Faces Of Malicious Software

If the phishing scams, computer viruses and worms that land in our inboxes each day take the form of hostile-looking beasts, we might all want to avoid them like the plague. Such is the vision of Romanian artist Alex Dragulescu, whose stunning renderings of some of the more prevalent nasties out there helps put a menacing face to malware such as "Storm," and "Netsky."

Read the article HERE.

Facebook faces privacy questions

Facebook is to be quizzed about its data protection policies by the Information Commissioner's Office. The investigation follows a complaint by a user of the social network who was unable to fully delete their profile even after terminating their account.

Read the article HERE.

Google's Blogger Service Joins OpenID

Not to be outdone by Yahoo's recent OpenID announcement, Google has announced that Blogger URLs can now be used as OpenID identities. With two very large announcements back to back, OpenID availability is fast approaching critical mass.

Read the article HERE.

UK Wants 'Radical Islam' Internet Filters

The British government wants to filter "militant islamism" from the Web in the same way it filters access to child pornography, according to Reuters. Right after telling her audience that the Internet is something the government shouldn't dabble too heavily in, Home Secretary Jacqui Smith tells her audience that if you can prevent consumers from accessing child porn sites, the same thing should be applied to "Islamist radicalization".

Read the article HERE.

The British government may also like to consider a 'Christian Taliban' filter. This would eliminate the ravings of its radical leader - George Bush. As the Home Secretary said : "If we are ready and willing to take action to stop the grooming of the vulnerable young on social networking sites, then I believe we should also take action against those who groom vulnerable people for the purposes of violent extremism" - read that as the US initiated War For Oil.

Friday, January 18, 2008

MPACK Toolkit v0.94

SecGeeks have posted an item inviting you to download the Mpack toolkit. If you are not sure how it works, Symantec Security Response have a video at YouTube showing how MPack compromises systems.

The contents of the download is :
mpack v0.94
-- mpack - source code
-- []_Dream3Builder_Poly_179.exe - binary
-- Readme.txt
PandaLabs Report - MPack uncovered (2007).pdf
KAV.log - antivirus scan log

DIY Fake MSN Client Stealing Passwords

This tool deserves our attention mostly because of its do-it-yourself (DIY) nature. Custom error messages, two options for to kill or restore MSN after the password is obtained, and custom FTP settings to upload the accounting data.

Read the article HERE.

Bot detector by Trend Micro

Trend Micro has developed a bot detector and is providing a free Beta version of it for downloading. RUBotted runs in the background and monitors a computer's network activities.

Read the article HERE.

Comodo Launches Memory Firewall

Comodo launches Memory Firewall - one of the only ways to protect against buffer overflow attacks. In its continuing commitment to keep PCs safe from malware, Comodo announced today an important, new security solution to prevent buffer overflow attacks from damaging users computers.

Read the article HERE.

Happy Birthday to the Storm Worm

This week marks the one-year anniversary of the emergence of the spam-enabling Storm worm, a tenacious strain of malicious software that probably speaks more about the future of online crime than almost any other malware family circulating online today.

Read the article HERE.

Online crime gangs embrace open source

Add the malware bazaar to the list of marketplaces being radically reshaped by the forces of globalization. That's the conclusion of Thomas Holt, a professor of criminal justice at the University of North Carolina at Charlotte, who says the marketplace for rootkits, Trojans and other software nasties increasingly transcends national boundaries. In many respects, malware creation mimics open source communities, in which legions of programmers spanning the globe tweak one another's code to add new features and fix bugs.

Read the article HERE.

60 flaws after being patched

Some CA products containing antivirus components have inherent code problems, according to vulnerability-testing company Secunia. One CA product particularly criticised by Secunia was ARCserve Backup, which the security company said was poorly coded.

Read the article HERE.

Security breakdown

As the market for selling exclusive information on software vulnerabilities grows, Sean Hargrave reveals how the hackers' gain is your loss when it comes to PC security

Read the article HERE.

Yahoo embraces OpenID

The OpenID online authentication standard got a massive boost today. Yahoo has announced it intends to adopt OpenID, and will be offering all current Yahoo account holders the chance to upgrade to OpenID accounts.

Read the article HERE.

Thursday, January 17, 2008

Web infection remains elusive mystery

The innovative technique is much more than an academic curiosity. Because the rogue code does not exist on any server until an end user visits it, the javascript remains invisible to site administrators. The randomness also prevents most antivirus programs from detecting the javascript. Equally frustrating, it prevents researchers from running a simple web search that ferrets out every web address where the attack code is hosted.

Read the article HERE or Dancho Danchev's Blog Item HERE.

Macworld.ars: First day coverage round-up

Your intrepid Ars Technica reporters have been going full tilt here at Macworld. We've covered announcements big and small, chatted with company representatives from all manner of companies, and churned out coverage all day long for our readers. Here's a recap of our first day's coverage so you don't have to hunt it down.

Read the article HERE or watch the videos HERE.

Excel Zero Day Overdue?

Last night Microsoft released Security Advisory (947563) due to the discovery of a targeted zero-day attack. Microsoft states the following products are vulnerable:

Read the article HERE.

Zero-day Windows flaws set at $20,000

A security research company is offering $20,000 for information on undisclosed security flaws in Microsoft's Windows OS. Submitters need to illustrate a working exploit and document it, according to the company's Web site, which is filled with misspelled words.

Read the article HERE.

The world's most wanted cyber-jihadist

When police raided a flat in West London in October 2005, they arrested a young man, originally from Morocco, called Younes Tsouli. They had no idea, at the time, just how significant he was.

Read the article HERE.

A tenfold improvement in battery life?

Stanford University researchers have made a discovery that could signal the arrival of laptop batteries that last more than a day on a single charge.

Read the article HERE.

Britain's fastest supercomputer unveiled

A supercomputer that could help answer some of science's biggest questions will be unveiled on Monday. With the power of 12,000 desktop PCs, the mammoth machine called HECToR is the country's fastest computer and one of the most powerful in Europe. It can make 63 million million calculations each second, allowing scientists to conduct research into everything from climate change to new medicines. The purpose-built machine is housed in 60 wardrobe-sized cabinets in the University of Edinburgh's advanced computing centre near the Scottish capital.

Read the article HERE.

Wednesday, January 16, 2008

Social networking

MySpace to Let Parents Block Their Children From Joining
Representatives from MySpace and the attorneys general of 49 states are announcing a new partnership to fight sexual predators and clean up social networks. Among the dozens of measures MySpace has agreed to take, the social network will let parents submit the e-mail addresses of their children, so the company can prevent anyone from using that address to set up a profile. It will also set the profiles of all 16 and 17-year-olds to private, so only their established online friends can visit their pages - essentially creating a “closed” section for users under age 18.

Read the article HERE.

Presenting a "Teen Dating Website"
Is this the weirdest social networking site ever? A minimum age of 13, lots of guys in their thirties using the site and Zango Adware (that requires you to be 18+ to install in the first place) - not forgetting the permalinks to "Russian bride" websites, of course. Myspace doesn't seem so bad now, does it?

Read the article HERE.

Facebook and the CIA
In a piece of carefully researched critique, Guardian Unlimited writer Tim Hodgkinson does a masterful job unpacking the politics of Facebook, implying that the company’s backer’s real agenda is the realization of the original American dream.

Read the article HERE.

Military industrial complex aims to revamp email

A consortium of British and US military agencies and defense and aerospace firms have agreed a new standard for secure email. Security experts are watching the developments closely, but are unsure how much of the specification will make it into public use or commercial email security products.

Read the article HERE.

US on way the to becoming a Police State

US National Intelligence Director Mike McConnell is drawing up plans for cyberspace spying that would make the current debate on warrantless wiretaps look like a "walk in the park". Ed Giorgio, who is working with McConnell on the plan, said that would mean giving the government the autority to examine the content of any e-mail, file transfer or Web search.

Read the article HERE.

First Rogue Cleaning Tool for Mac

We've just found the first Mac rogue application and it's called MacSweeper. It claims to clean your Mac from compromising files and it will always find something to fix/clean but the only way to do so is to buy the program.

Read the article HERE.

2008 - "Year of Filters"

Could 2008 be the Year of the Filter? As major ISPs publicly announced plans to start filtering their networks for copyright violations and a Congressional bill pushes colleges to adopt "technology-based deterrents" to file-swapping, filtering could go mainstream this year. It could also backfire spectacularly.

Read the article HERE.

Save XP Petition

For those of you that bypass the "News, Hints, Tips, Tricks & Tweaks" link every Tuesday, you will have missed the "Sign the "Save XP" Petition" story. Don't want to upgrade to Vista (or its successor) - ever? You're not alone. InfoWorld wants to keep Windows XP available "indefinitely" and they've created an online petition that they plan to present to Microsoft this spring, asking for just that. If you want to save XP from XPiration, you can add your name.

Sign the petition HERE.

Tuesday, January 15, 2008

Banking in Silence

Targeting over 400 banks and having the ability to circumvent two-factor authentication are just two of the features that push Trojan.Silentbanker into the limelight. The scale and sophistication of this emerging banking Trojan is worrying, even for someone who sees banking Trojans on a daily basis.

Read the article HERE.

Home Routers Vulnerable to Flash UPnP Attack

During the last week we’ve tried to prepare you for this very moment by exposing bits and pieces on how UPnP works and why it is so important to keep it in mind when testing and securing networks. We’ve also talked about how the Universal Plug and Play can be combined with simple XSS attacks in order to create a powerful mechanism for remotely reconfiguring vulnerable routers without any means of authentication or authorization with the targeted device. Today, we are going to show you that UPnP can be exploited across the Web without the need of XSS.

Read the article HERE.

Safeguarding Your Passwords

It's tough to navigate the Web and do business online without having to remember dozens of passwords, yet in my experience, very few people give much thought to securing these precious credentials. Most folks simply take advantage of the simple password storage features built into Web browsers like Internet Explorer and Firefox. However, there are some alternatives that I'd like to spotlight, which can help Web users more safely generate, manage and store passwords.

Read the article HERE.

Windows Vista Upgrade Available to Public

Reversing its initial decision to keep the Windows Vista Service Pack 1 release candidate restricted to private testers, Microsoft has made the near-complete upgrade available for download to the general public.

Read the article HERE.

Cyber Security Bulletins: Release Date - Jan 14

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT).

Read this weeks bulletin HERE.

News, Hints, Tips, Tricks & Tweaks

Read this weeks articles at WXPNews HERE.

MySpace reveals child predator blocks

MySpace is mending its frayed relations with the top law enforcers of 50 US jurisdictions by beefing up measures to protect underage users from pedophiles.

Read the article HERE.

Honeypot project to entrap more hackers

In addition to tweaking their tactics for tracking and luring malware distributors in 2008, WASC project leaders said they are also planning to add new honeypots to their existing network, which already spans locations in Europe, Russia, South America, and the United States.

Read the article HERE.

Sun releases Java SE 6 Update 4

Sun has released update 4 for Java SE 6, which fixes some 370 bugs including several security issues. Read the article HERE.

Users and Oracle quarterly critical patches

Oracle issues dozens of security patches every quarter, but that doesn't mean database administrators are necessarily implementing them. In fact, a good two-thirds of all Oracle DBAs appear not to be installing Oracle's security patches at all, no matter how critical the vulnerabilities may be.

Read the article HERE.

Monday, January 14, 2008

Symantec releases online cyber-security quiz

In the realm of companies I wouldn't expect to release an online game, Symantec is right up at the top of the list. But that's just what the security software firm has done with its Cyber Smackdown online quiz [requires Adobe Flash Player 9], a Web-based game that tasks players with answering questions related to cyber security. It's a good idea, and if Symantec had bothered to come up with some difficult questions or even a few dozen different questions, it would have also been a nice manifestation. [ I just heard from Symantec, and the deal is that the company plans to release a full version of the game on Jan. 10 which will have 120 questions. The version with 12 questions is a CES-only version. ]

Read the article HERE.

At this time the site is still running with 12 questions, none of which have any relevence to security. Perhaps the other 108 to be added will rectify that. Which begs the question, why so many questions, when the site could probably get away with 50? But then I look at the provider, and bloatware just keeps springing to my mind.

Are you a security wizard ?
Think you know security? You might want to think again! Experts say that computers with Internet access are attacked by hackers on average every 39 seconds. Are you sure you’re doing enough to protect your personal data?

Take the test HERE.

Phish or Fake?
Test your Phish IQ : How well can you spot phishing sites? Many of the readers of this blog are pretty savvy when it comes to security issues. So, we’ve created a deceptively easy but devilishly hard 10-question phishing quiz.

Are you up to the challenge? Take the tests.

SiteAdvisor Spyware Quiz
McAfee SiteAdvisor Spam Quiz

Send Files of Unlimited Size Directly

Lifehacker has an article describing a new file transfer system. Ever need to transfer a large file, only to find out your friend doesn't use the same chat client or the connection doesn't work? PipeBytes, a free online file transfer web app, is like a private BitTorrent for temporary transfers of unlimited size files. The sender heads to PipeBytes and gets a code to upload a file, and once the recipient enters the code, the site serves as the connector. While that unfortunately means PipeBytes has to be kept open in a browser window, you can, of course, open new tabs around it and ignore the ad-enabled YouTube videos that play. Those concerned about sites like YouSendIt or Mailbigfile holding onto your files or email may have found a somewhat more discreet solution.

Corsair Flash Drives

Corsair have new/larger 32GB USB flash drives for you.
Now you can lose twice as much information.

Read more HERE.

Sunday, January 13, 2008

Bank card attack: Only Martians are safe

Security researchers from Cambridge University have discovered a way to attack chip and PIN cards -- and warn only Martian cardholders are safe from the exploit. Since the introduction of mandatory chip and PIN cards in the UK, banks have increasingly turned down fraud victims claiming compensation on the grounds that such chip-embedded smartcards cannot be cloned.

Read the article HERE.

Safety and Security Online magazine

In each issue, we gather important security information that is tailored to the interests and concerns of parents, teens, kids, and seniors. Also, while you are at the Security At Home website, take time to have a look at some of the Video Tutorials.

Read the magazine HERE.

Securing Linux laptops

Before we get to how to protect yourself, you need to accept a depressing statistic. According to the FBI, 97% of stolen computers are never recovered. While you can do things to better your odds you pretty much have to accept the fact that when your notebook disappears, it's gone and so is everything that was on it.

Read the article HERE.

Fierce Domain Scan

Fierce domain scan was born out of personal frustration after performing a web application security audit. It is traditionally very difficult to discover large swaths of a corporate network that is non-contiguous. It's terribly easy to run a scanner against an IP range, but if the IP ranges are nowhere near one another you can miss huge chunks of networks.

Read the article HERE.

Saturday, January 12, 2008

Security holes also discovered in VLC

Many of you have long ago disposed of your Apple Quicktime player and are now using other alternatives. heise Security describes how the current versions of QuickTime ( and VLC(0.8.6d) are affected. I was using VLC, but now prefer Miro, which I have found to be a superior product. BUT, although not mentioned, I would think that Miro is also exposed to the same vulnerability.

Malware hitches a ride on digital devices

In the past month, at least three consumers have reported that photo frames - small flat-panel displays for displaying digital images - received over the holidays attempted to install malicious code on their computer systems. The incidents underscore that the proliferation of electronic devices with onboard memory means that consumers have to increasingly be aware of the danger of unwanted code hitching a ride. While many consumers are already wary of certain devices, such as digital music players, USB memory sticks and external hard drives, that include onboard memory, other types of electronics have largely escaped scrutiny.

Read the article HERE.

KDE 4.0 Released

The KDE development community officially announced the much-anticipated release of KDE 4.0 this morning. This new version of the open-source desktop environment represents a daring leap forward for the project and includes many radical deviations from the previous KDE 3.5.x series. Significant changes are present at virtually every level of the KDE desktop stack, from the underlying development architecture to the user interface.

Read the article HERE.

Trend Micro RUBotted

Trend Micro RUBotted (Beta) is a small program that runs on your computer, watching for bot related activities. RUBotted intelligently monitors your computer's system behavior for activities that are potentially harmful to both your computer and other people's computers. RUBotted monitors for remote command and control (C&C) commands sent from a bot-herder to control your computer.

Read more HERE, and remember, it's BETA software.

Anti Rootkit Scanners for Vista

There are currently only 7, out of the 20 or so scanners available, that will work with Vista. These scanners will also only work with 32 Bit versions of Vista.

Read the article HERE.

Friday, January 11, 2008

The World's Biggest Botnets

What makes three of today's largest botnets tick, what they're after – and a peek at the 'next' Storm. Read the article HERE.

Steal This Wi-Fi

Whenever I [Bruce Schneier] talk or write about my own security setup, the one thing that surprises people -- and attracts the most criticism -- is the fact that I run an open wireless network at home. There's no password. There's no encryption. Anyone with wireless capability who can see my network can use it to access the internet.

Read the article HERE.

Microsoft still at forefront of insecurity

Hackers have hijacked the Xbox Live account of a celebrity gamer and made off with a prized piece of virtual armor in a brazen act that suggests the online Microsoft service still puts the security of its users at risk. Colin Fogle gained widespread acclaim in gaming circles after posting a video showing how it was possible for a Halo 3 player to shoot and kill himself with his own sniper rifle. Bungie Studios, maker of the wildly popular first-person shooter title, was so impressed it awarded him a special piece of in-game Recon armor and publicly acknowledged the feat. Since then, the 18-year-old says his Xbox Live account has been hijacked three times.

Read the article HERE.

Network Solutions defends frontrunning

Domain registrar Network Solutions has come under fire this week for what some believe is "domain name frontrunning." The practice resulted in Network Solutions registering a previously-unregistered domain to itself immediately after someone searched for it, then holding the domain for four days before it could be purchased by someone else or at another registrar. But the company claims that it's merely trying to protect customers from others doing exactly that. Until there is more regulation over frontrunning from ICANN, this is the best it can come up with.

Read the article HERE.

'The New Face of Cybercrime'

Fortify® Software has announced it will present the world premiere of a new documentary, "The New Face of Cybercrime," in private screenings at three cities -- San Francisco, New York, and London -- this month. An expert panel discussion about cybercrime and a reception will follow each screening.

Read the article HERE or view a short preview HERE.


Revealed: USB 3.0 jacks and sockets
USB 3.0, the upcoming version of the universal add-on standard re-engineered for the HD era, made a small appearance at the Consumer Electronics Show (CES). It wasn't demonstrated in operation, but we did get to see what the new connectors look like. The new spec will be compatible with older USB 1.1 and 2.0 products.

Read the article HERE.

Plastic fibre slashes optical network costs
A new European project using plastic fiber and off-the-shelf components could make optical networking so cheap and simple that installation could be a DIY job for even a non-technical person.

Read the article HERE.

Thursday, January 10, 2008

Island hopping

The technique of island hopping—penetrating a network through a weak link and then hopping around systems within that network—has been around for years. But it continues to take on new dimensions. In today's security-conscious IT environments, people are often the weakest link, and malicious users are finding ways to use this to their advantage (think phishing and other forms of social engineering).

Read the article HERE.

XP/Vista IGMP Buffer Overflow — Explained

Slashdot has a story about the remotely exploitable, kernel-level buffer overflow discussed in today's security bulletin MS08-0001, what is the actual bug that triggers this? The bulletin doesn't give all that much information. This movie (Flash required) goes through the process of examining the 'pre-patch' version of tcpip.sys and comparing it against the 'post-patch' version of tcpip.sys. This comparison yields the actual code that causes the overflow: A mistake in the calculation of the required size in a dynamic allocation.

Relay attacks on card payment

At this year’s Chaos Communication Congress (24C3), I presented some work I’ve been doing with Saar Drimer: implementing a smart card relay attack and demonstrating that it can be prevented by distance bounding protocols. My talk (abstract) was filmed and the video can be found below.

Read the article [or watch the video] HERE.

Vista to thwart rogue gadgets

Microsoft today urged Windows Vista users to download a new security tool that automatically disables suspicious or malicious "gadgets," the small applets that mimic the "widgets" popular on Mac OS X. "Vista treats gadgets like it treats all executable code," said the advisory that accompanied the update. "Gadgets are written using HTML and script, but this HTML is not located on an arbitrary remote server as Web pages are. HTML content in the gadget is downloaded first as part of a package of resources and configuration files and then executed from the local computer." In other words, gadgets could be dangerous, even malicious.

Read the article HERE.

The malware 'shadow economy'

Viruses, malware and online crime are evolving from the realm of geeks into a major shadow economy that closely mimics the real world. Maksym Schipka, a senior architect at security firm MessageLabs, claims to have identified a sophisticated online black market with tens of thousands of participants. This underground internet economy is worth over $105bn, making it bigger than the global drugs trade.

Read the article HERE.

What will Bill Gates do next?

I guess this is just the start of the parodies, but the standard has been a lot higher than I expected. For those of you that enjoyed the video of Bill's Last At Work, we now have the Top Ten Suggestions for a fad-wadded geek with time on his hands.

Wednesday, January 09, 2008

Rootkit Hides From Windows and Anti-Virus Tools

BootRoot hooks into the area of the Windows operating system that handles both networking and writing data to the hard drive. That means if it is installed along with a Trojan horse program that runs after Windows boots up - such as a keystroke-logging program, for example - the rootkit is capable of re-installing the Trojan even if anti-virus or other security software installed on the system subsequently finds and deletes the Trojan.

Read the article HERE - and a technical analysis may be found HERE.

Microsoft fixes flaws with two patches

Microsoft on Tuesday released its January 2008 security bulletin, which includes only two updates: One is designated as "critical" by the software giant and the second one is deemed "important". Both concern the Windows operating system. There are no Microsoft Office updates this month.

Read the article HERE or at SANS.

Embedded exploit web site attack underway

Google searches for the two involved malicious domains and this morning returned between 87,000 and 103,000 hits, of which we estimate around 80 per cent were pages containing references to the malcious scripts.

Read the article HERE.

Yahoo to Embrace OpenID?

A string of code buried within Flickr, Yahoo's photo sharing site, suggests the internet giant is gearing up to support the decentralized identity system OpenID by becoming an OpenID provider.

Read the article HERE.

F-Secure Health Check

Health Check is a free online tool designed to identify needed security updates. Health Check currently requires Internet Explorer. Additional browser support will be added in the future.

Go to the website HERE.

Big news day yesterday

Yesterday was one of the biggest news days I have seen for some time. Was there really that much news; or were there just a lot of people coming back to work after a nice holiday break, all with a story that they have been saving for their return? Probably a bit of both.

As some of you may be aware, I live in Adelaide [South Australia] and usually post my blog between 7am and 9 am. That makes it late afternoon in NY, and late evening in the UK. By the time I had finished reviewing all of the stories available, there were just to many to post yesterday. So, here are the leftovers, as today, unsurprisingly, there is almost no news.

Anatomy of a hack attack
With the help of security experts, we reconstruct a typical hack attack on two large organisations and walk through the steps that the head of IT should follow in such a case.

Monday, 9am... Read the article HERE.

And the winner for "top virus" of 2007 is...
Not a virus. Not even a malware. Neither is the runner up… It's the method of how malware is populated. According to a [Sophos] report, the most common malware attack in 2007 is the notorious IFRAME.

Read the article HERE.

Hacker Voice Radio
HVR is an online radio show set up as an vocal forum for all the UK hackers and phreaks to come together, work together and a place to share information. HVR is hosted by either Beia or Naxxtor, frequent co-hosts are 10nix, _hyper_, Vesalius and Blue_Chimp - Tuesday, Wednesday and Thursday at 9pm GMT. You can listen live by tuning into the stream at those times. We encourage all our listeners to join the IRC channel (#hvr on during the show to interact with your hosts.

Read more HERE.

Bill Gates’ last day at Microsoft
A video spoof shown during the CES 2008 keynote by Bill Gates about his last full day at Microsoft in July starring himself, Brian Williams, Steve Ballmer, Matthew McConaugheyr, Robbie Bach, Jay-Z, Bono, Steven Spielberg, George Clooney, Jon Stewart, Kevin Turner, Hillary Clinton, Barack Obama, Al Gore, Ray Ozzie and Craig Mundie,

Amazing who they can call for a guest appearance in the name of Bill Gates.
Watch this very funny [7 minute] video HERE.

Tuesday, January 08, 2008

Important Update For Ad-Aware SE Users

Last Friday morning I had an item that suggusted you remove Ad-Aware SE. It seems this may have been a hasty decision. There is now an update to this story from the original source. Also, Security Fix has a must read article if you are using this software.

Malware 2.0 Meets Security 2.0

A three-pronged approach can prevent threats from damaging data networks. Although many companies have policies in place that deny employee access to Web sites that are not work related, the monitoring and enforcement of these policies is not always easy. Over the past year, there have been numerous stories about employees who visited Web sites such as YouTube or, resulting in their work computer becoming infected with a piece of Web-borne malware. This type of problem is likely to grow as cyber criminals find that the use of Web-borne malware can infect hundreds of thousands of users in moments.

Read the article HERE.

Phishing at the Top Level

ICANN and overbearing governments are gearing up for a major expansion of the attack surface of the DNS. A potentially lucrative minefield for phishing domains may open up through a series of developments currently underway. One of them is the move by some governments to develop alternative root servers. The other is the development of internationalized domain names, especially top-level domains. In at least one case the two are combined.

Read the article HERE.

'White hat' hackers in demand

Gregston Chu knows all the tricks of being a hacker, from talking his way into secure buildings to exploiting holes in Internet security or gaps in internal company systems to grab control of computers. That makes him a highly valued consultant and as such, he's crisscrossed the U.S. and traveled to Europe and Asia to uncover computer system vulnerabilities for Fortune 100 companies and other large corporations.

Read the article HERE.

'First' iPhone Trojan rolls into town

Hackers have created Trojan horse malware targeted at Apple's much-hyped iPhone device. The package - more of a prank than a threat - poses as an "important system" upgrade supposedly needed prior to upgrading to version 1.1.3 of Apple's firmware. The "iPhone firmware 1.1.3 prep" seems to lack malicious purpose. Problems kick in when users try to uninstall the package.

Read the article HERE.

World's smallest firewall cut down to size

Israeli company Yoggie Security Systems has announced a radically cut-down version of its Pico USB security device for laptops.

Read the article HERE.

'Hacker safe' Web site gets hacked

Just because a Web site has a certification claiming that it is virtually hack-proof doesn't necessarily mean it's immune to all intrusions. A case in point is, which on Friday began notifying an unspecified number of customers that their personal and financial data may have been compromised by an intrusion into the systems that run the online technology retailer's Web site.

Read the article HERE.

MacHeist II

Last December, Mac users around the world participated in what became to be known as the most explosive Mac indie software event in history. Tens of thousands of users participated in MacHeist missions, discovering clues, solving puzzles, and winning free software prizes.

Now, one year later, we're ready to make history again. MacHeist 2 is now in progress, and it is set to have more bangs, thrills, and software freebies than last time around.

Read more HERE.

Clarkson stung after bank prank

TV presenter Jeremy Clarkson has lost money after publishing his bank details in his newspaper column. The Top Gear host revealed his account numbers after rubbishing the furore over the loss of 25 million people's personal details on two computer discs.

I think that he is a deserving recipient of the first "Vanish" award for this year.

The seemingly boundless capability of people to invent new ways of being stupid will never, ever cease to astound me.

Read the article HERE.