Browsing Category: Vulnerabilities

Online Ad Sales Open Door to Viruses

Online Ad Sales Open Door to Viruses

From The Wall Street Journal (Emily Steel)
On a Saturday night at the end of May, visitors to the forums section of Digital Spy, a British entertainment and media news Web site, were greeted with an ad that loaded malicious software onto their computers. The Web site’s advertising system had been hacked.
A number of such attacks have occurred this year, as perpetrators exploit the complex structure of business relationships in the online advertising, with its numerous middlemen and resellers. Web security experts say they have seen an uptick in the number of ads harboring malware as the economy has soured and publishers, needing to boost their ad revenues, outsource more of their ad-space sales.  Read the full story [wsj.com]

Read more...

How to Avoid Scareware Attacks

From Just Ask Gemalto (Dennis Fisher)
Computer users have been conditioned over the last few years to recognize and avoid many of the more common scams and threats on the Internet: email viruses, phishing, spam, Nigerian 419 ploys and work-at-home money-mule schemes. You know that an email promising funny pictures of Britney Spears is probably more likely to install malware on your machine than to brighten up your day with more of Britney’s zany antics.

Read more...

Buy an Infected PC for 5 Cents

Categories: Malware, Vulnerabilities

From PC World (Erik Larkin)
It doesn’t take much to get started in Internet crime these days. Find the right site, hand over $50, and you can start wreaking havoc with 1,000 already-infected PCs.
Finjan, a San Jose, CA security company, looked into the “Golden Cash” site, used by black hats to buy and sell the use of hijacked computers. The crooks behind the site infect PCs (or pay others to do so) with the Golden Cash remote-control malware, and then sell access to those PCs. And that access doesn’t cost much.  Read the full story [pcworld.com]

Read more...

iPhone 3.0 Includes 46 Security Patches

Categories: Vulnerabilities

Apple’s latest iPhone OS 3.0 software updates includes patches for multiple vulnerabilities, some with serious security implications.
The update, which is only available for download via iTunes, covers a total of 46 documented vulnerabilities, including several that allows malicious code execution if a user simply visits a rigged Web site or views a manipulated image.  Read the full Apple advisory [apple.com]

Read more...

Patch Counting: Horseshoes and Hand Grenades

Categories: Vulnerabilities

By Eric Schultze
Like the old saying goes, “Close only counts in horseshoes and hand grenades.”  I’ve developed a corollary this week, “The ‘number of flaws’ only matters to vulnerability assessment scanners and journalists.”
I’ve read many news stories this week talking about the record number of flaws/vulnerabilities that Microsoft fixed in the June ’09 Patch Tuesday release. For the record, I’m saying that none of this is relevant.

Read more...

New SMS Hacking Tool Coming at Black Hat

Categories: Vulnerabilities

From DarkReading (Kelly Jackson Higgins)

Texting just keeps getting riskier: Researchers at next month’s Black Hat USA in Las Vegas will demonstrate newly discovered threats to mobile phone users, as well as release a new iPhone application that tests phones for security flaws.

“We set out to create a graphical SMS auditing app that runs on the iPhone,” says Luis Miras, an independent security researcher. The tool can test any mobile phone, not just the iPhone, for vulnerabilities to specific exploits that use SMS as an attack vector.  Read the full story [darkreading.com]

Read more...

Researchers to Show Off Veiled Browser Darknet

Categories: Vulnerabilities

One of the more interesting presentations on the schedule at next month’s Black Hat conference is a talk by renowned Web security researcher Billy Hoffman of HP on a new method for implementing a darknet in browsers using just PHP and JavaScript. The approach, which Hoffman and his co-presenter Matt Wood call Veiled, is a low-overhead method for giving users the ability to evade Web monitoring and censorship.

Read more...

Apple Patches Old Java for Mac Vulnerabilities

Categories: Vulnerabilities

Apple has finally released a Java for Mac update to fix multiple security flaws that were patched upstream more than six months ago.
The fix comes three weeks after developers released proof-of-concept code to demonstrate the severity of the flaw and to nudge embarrass Apple into shipping the patch. Read the full story [zdnet.com]

Read more...

Cormac Herley on the Underground Economy, IRC Economics and the Externalities of Cybercrime

Dennis Fisher talks with Cormac Herley of Microsoft Research about the paper he co-authored on the realities of the underground economy, why sales of stolen credit cards resemble a market for lemons and how we can get better data on cybercrime activities.

Read more...