Browsing Author: Paul Roberts

With LinkedIn: The Bell Tolls For Simple Password Hashing

This week’s revelations about leaks of user passwords from the professional networking site LinkedIn, dating Web site eHarmony.com and music site Last.fm suggest that even tech-savvy firms are slow to accept that hashes -a once-reliable technology for storing data online – now offer scant protection for sensitive data.

Read more...

Last.fm, Mum On Breach, Adopts ‘More Rigorous’ Password Security

Last.fm, the online music streaming service, said it has implemented ‘more rigorous’ security for customer account passwords in the wake of reports that some of those passwords had been leaked online. 

Read more...

flame_hidden

How The Flame Malware Stayed Hidden For So Long

The past week has brought to light more revelations about the mysterious Flame (or sKyWIper) worm that was first identified at the end of May. Among them: the eye-popping admission from Microsoft that the malware’s authors found a way to use that company’s Windows Update feature to distribute the malware.

Read more...

Report: North Korea Accused Of DDoS Attack On South Korean Airport

North Korean agents have been linked to a malware attack on a South Korea’s Incheon International Airport, according to a report from the JoongAng Daily, a South Korean paper.

Read more...

DHS Issues Joint Warning On Flame’s Windows Update Hack

The U.S. Department of Homeland Security is warning IT administrators and operators of industry control systems about the danger posed by the Flame (aka sKyWIper) malware after Microsoft acknowledged that the malware is able to spoof its Windows Update service to push malicious code onto vulnerable systems.

Read more...

Cloudflare CEO: AT&T Voicemail Hack Key To Compromise

Loose security protecting voice mailboxes at mobile carrier AT&T provided a key element necessary to successfully hack the Google Enterprise Apps account of tech firm CloudFlare, according to an account of the hack posted by CEO Matthew Prince.

Read more...

Adele Bests Adderall As Affiliate Spammers Offer Music Downloads

Categories: Scams, Web Security

Cyber criminals long ago discovered that there’s a big market for pharmaceuticals online, prompting a tsunami of pharmaceutical spam offering everything from “herbal Viagra” to Prozac and Adderall. But new data from security firm Webroot suggests that scammers are experimenting with new products, namely: pirated musical downloads of Top 40 artists like Adele, Pink and Kings of Leon.

Read more...

The Vienna Connection? Trying To Stamp Out Flame, Researchers Find Clues To Its Origins

Categories: Malware

Researchers at Kaspersky Lab, domain registrar GoDaddy and OpenDNS have taken steps to cut off Internet access for machines infected with the Flame worm. In the process, the researchers say they uncovered a large and complex command and control infrastructure of more than 80 Web domains and collected clues that put the origins of Flame as early as 2008.

Read more...

Top Web Browsers Vulnerable To Rogue Download Vulnerability

Security researcher and Google employee Michal Zalewski is warning of a potentially serious security hole that affects the three major Web browsers, Internet Explorer, Firefox and Google’s Chrome browser and that could make it easy for attackers to push malicious downloads from domains other than that being visited by unsuspecting Web users.

Read more...

DHS Says No Evidence That Flame Targets Industrial Systems, But Urges Caution

In and advisory, the Department of Homeland Security’s Industrial control System (ICS) CERT said that it doesn’t believe the Flame malware targets industrial control systems (ICS) or SCADA systems, but the group advised critical infrastructure owners to be on alert.

Read more...