Browsing Author: Paul Roberts

With LinkedIn: The Bell Tolls For Simple Password Hashing

This week’s revelations about leaks of user passwords from the professional networking site LinkedIn, dating Web site eHarmony.com and music site Last.fm suggest that even tech-savvy firms are slow to accept that hashes -a once-reliable technology for storing data online – now offer scant protection for sensitive data.

Read more...

How The Flame Malware Stayed Hidden For So Long

The past week has brought to light more revelations about the mysterious Flame (or sKyWIper) worm that was first identified at the end of May. Among them: the eye-popping admission from Microsoft that the malware’s authors found a way to use that company’s Windows Update feature to distribute the malware.

Read more...

Adele Bests Adderall As Affiliate Spammers Offer Music Downloads

Categories: Scams, Web Security

Cyber criminals long ago discovered that there’s a big market for pharmaceuticals online, prompting a tsunami of pharmaceutical spam offering everything from “herbal Viagra” to Prozac and Adderall. But new data from security firm Webroot suggests that scammers are experimenting with new products, namely: pirated musical downloads of Top 40 artists like Adele, Pink and Kings of Leon.

Read more...

The Vienna Connection? Trying To Stamp Out Flame, Researchers Find Clues To Its Origins

Categories: Malware

Researchers at Kaspersky Lab, domain registrar GoDaddy and OpenDNS have taken steps to cut off Internet access for machines infected with the Flame worm. In the process, the researchers say they uncovered a large and complex command and control infrastructure of more than 80 Web domains and collected clues that put the origins of Flame as early as 2008.

Read more...

Top Web Browsers Vulnerable To Rogue Download Vulnerability

Security researcher and Google employee Michal Zalewski is warning of a potentially serious security hole that affects the three major Web browsers, Internet Explorer, Firefox and Google’s Chrome browser and that could make it easy for attackers to push malicious downloads from domains other than that being visited by unsuspecting Web users.

Read more...