Bull publicizes bootable USB drive
by Dave NixonBull has a gadget for businesses concerned about the security of data stored on laptops, namely a bootable, portable password-protected hard disk drive with an embedded cryptographic processor that shields data if the device is misplaced or stolen. Globull is a bright red item about the size and weight of an iPod Classic. It has a colour display, houses a 60GB hard disk drive and has a USB 2.0 cable ...
Apple improves software download utility for Windows with version 2.1
by Janine de BloisApple has responded to critism of its “Software Update” tool for Windows. In version 2.1 users now see a split window with two separate lists for updates and new software. The complaint from many security (and other) sources had been that users of the old version often ended up with new software they had not intended to install. The confusion was caused by the new software being included in ...
Microsoft warns web-hosting providers of zero-day flaw
by Janine de BloisThe vulnerability affects Windows XP Service Pack 2 as well as all supported versions and editions of Windows Server 2003, Windows Vista, and Windows Server 2008. It allows for elevation of privilege from authenticated user to LocalSystem. An attack is possible through authenticated user provided code. Internet Information Services (IIS) and SQL Server are affected. As yet, no known attacks have exploited this vulnerability. Microsoft is working ...
April 27, 2008
Malware targets Oympic emails
by Brian TurnerMessageLabs has reported that it has identified at least thirteen different Olympic themed attacks, using email to try and fool users into downloading trojans. With legitimate-sounding email subject titles such as "The Beijing 2008 Torch Relay" and "National Olympic Committee and Ticket Sales Agents", some attacks purport to be from the International Olympic Committee, based in Lausanne Switzerland, however the reality is that all but one attack has been sent from ...
April 20, 2008
UK phishing attacks double
by Dave NixonPhishing attacks on UK customers have more than doubled for the first quarter of this year, according to Apacs, the UK payment association. Apacs recorded more than 10,000 reported phishing incidents in the first quarter of 2008, in excess of 200 percent up from the same period last year. Online banking victims due to fraud have decreased by one-third from £33.5m in 2006 to £22.6m in 2007, Apacs said, but ...
Zero-day flaw uncovered in Microsoft Works
by Dave NixonChinese-language blogs are specifying a zero-day susceptibility in Microsoft Works, the company's lower-end office productivity suite, according to security vendor McAfee. The vulnerability is inside an ActiveX control for the Works' Image Server, wrote McAfee analyst Kevin Beets. A PC would need to visit a website engineered to exploit the flaw, Beets wrote. A zero-day flaw is a software vulnerability that has become public knowledge but for which no ...
Apple finally fixes $10k fault
by Dave NixonApple has released a security patch for its Safari web browser, fixing the flaw that earned one security researcher $10,000 at the CanSecWest security conference. The flaw was exploited by Independent Security Evaluators Researcher Charlie Miller to gain access to a MacBook Air computer three weeks ago. It lies in the WebKit open-source HTML rendering engine used by Safari and several other Mac OS X programs. The bug lay in ...
Tibet struggle usurped to install rootkit
by Dave NixonA cartoon that mocks the efforts of a Chinese gymnast at the Olympic games is the most recent tactic used by cyber-criminals to infect Windows PCs, according to McAfee's Avert labs. While the movie files, which show the cartoon followed by images supporting a free Tibet, are playing, a keystroke logging tool, hidden by a rootkit, is installed on to the user's PC. McAfee researcher, Patrick Comiotto, said that this ...
Vendor claims to nix URL-bypassing sites
by Dave NixonProxy blocking company 8e6 has stated that its software can now curtail the proxy scripts that have lately swamped the Internet as a way of bypassing URL blocking systems. Such scripts give non-expert users a method to evade the conventional web URL filtering systems employed by government, libraries, universities and companies by initiating private web pages running applications that circumvent such filtering. Anybody using such sites as a ‘launchpad’ will ...
Google Apps hit by session-stealing assault
by Dave NixonA security researcher has exposed a grave flaw in Google Spreadsheets, which could give an attacker access to all of a user's Google services. While the bug, a cross-site scripting (XSS) flaw, has now been fixed by Google, it is a sign of the dangers that can go together with the growing popularity of Software as a Service (SaaS), according to researcher Billy Rios, who uncovered the problem. Due ...
ISPs accused of tampering with web pages
by Dave NixonApproximately one percent of the Internet web pages are being altered in transit, sometimes in a detrimental way, according to researchers at the University of Washington. In a paper, set to be delivered Wednesday, the researchers document some worrying practices. In July and August they tested data sent to about 50,000 computers and revealed that a small number of Internet service providers (ISPs) were injecting ads into web pages on ...
April 18, 2008
Browser attacks becoming more sophisticated say experts
by Janine de BloisSecurity experts at the RSA Conference 2008 warn that browser attacks are becoming more sophisticated. Infected websites can allow a browser to be taken over in bot-like fashion. For example on a virtual world site, an avatar could walk out on the screen, turn off mouse and key controls-making it difficult stop the attack. An infected browser can change registry time stamps to make it difficult to detect even ...
New Standards For Credit Card Processing and Collection
by Lashan ClarkeInformation released by the PCI Security Council detail the use of a new version of the standards used to process credit cards. The standards will be known as the Payment Application Data Security Standard or the PA-DSS. The highlight of the PA-DSS is that is sets out the information needed to merchants to properly process credit cards. The security standards for managing data collected in regards to credit cards, comes ...
April 17, 2008
Only 21% Reveal Passwords
by Lashan ClarkeA wise person will be protective of their password in the times we live in. However, current research has shown that not everyone is as wise to protect their personal information. Using a survey conducted outside of Liverpool Street Station, the results showed that a little more than twenty percent of people gave up their passwords when offered a free chocolate bar. This is sixty-four percent less than in 2007. ...
April 16, 2008
Hacker Attacks CCP’s Popular Game
by Lashan ClarkeThe source code for another game has supposedly been hacked. A computer hacker has stated that he or she hacked the source for the game EVE Online. In order to prove this was true, the hacker then posted the code to numerous P2P websites. The hacker has stated it will only remove the hacked source code when the game's manufacturer acknowledeges that the game has security flaws. The hacker has ...
April 15, 2008
DOJ Highlights Fight Against Money Laundering
by Lashan ClarkeAt the recent RSA Security Conference, two attorneys for the Department Of Justice section that deals with cybercrime, highlighted two online sites that have been used in the past to launder money. Working with the Computer Crime and Intellectual Property Section (CCIPS), the attorneys stated that Web sites E-gold and Neteller have previously been used to transfer dollars to foreign casinos. E-gold is based within the West Indies, and charges ...
April 14, 2008
DHS Secretary Hopes To Improve Defense Against CyberCrime
by Lashan ClarkeAt a meeting for the Department of Homeland Security (DHS), the Secretary of the DHS spent time emphasising how the government feels about cybrsecurity and what role it plans to take in tackling it in the future. The federal government would like to continue to see private and public firms develop a sense of togetherness in tackling cybercrime. By doing so, better communication is achieved between the private and public ...
Rift Caused By Malfunctioning Voting Machines
by Lashan ClarkeThere has been a rift that continues to widen between security scientists, and manufacturers of voting machines. The rift has been widening to the point that many at the RSA Security Conference was calling on both industries to consider a "truce". Numerous flaws have been found in the softwared used in electronic voting machines, and this has caused researchers in the security sector to distrust them. However, voting machine manufacturers insist ...
April 11, 2008
Adobe Issues Flash Update
by Lashan ClarkeAfter the recent fall of the Windows Vista laptop using a security hole in Adobe Flash, Adobe issued a new update to correct the hole within the software. This update was issued to correct the compromise that was realised at the CanSecWest Conference. The new update was also issued to correct other problems within the player, such as securities holes that could contribute to a vector attack. The company ...
Fortinet wins Deep Throat Porn filter check
by Dave NixonThe contentious 'Deep Throat Fight Club' test of porn filters held at this week's RSA security show has affirmed a winner. According to organisers Untangle, the best performer was Fortinet. Fortinet detected 97.7 percent on the main blocking porn test, only a whisker ahead of rivals Watchguard (97.3 percent), Websense (97.0 percent), SonicWall (96.1 percent), and Barracuda (94.0 percent). On the 'porn categorisation' test, which calculated performance against a human ...