Browsing Category: Web Security

[img_assist|nid=880|title=|desc=|link=none|align=left|width=115|height=115]Online,
the biggest battle these days is against botnets: networks of infected
computers which hackers can use — unbeknownst to the machine’s owner
— for online crimes including sending out spam or launching a denial
of service attack. The black-hat techniques
employed to snare users into a botnet web have evolved to a level that
makes them often undetectable by even the most sophisticated security
products. Combine that with a lack of user knowledge, and the threat of
infection becomes very high. Read the full article. [CSOonline.com]

Read more...

[img_assist|nid=1853|title=|desc=|link=none|align=left|width=115|height=115]Under Fedora 12, users are able to install software from repositories without being prompted for root password. The undocumented change in Fedora 12 has caused consternation amongst Fedora users. The change is part of PolicyKit’s policy for desktop users and was made to make the system easier for desktop users. Read the full article. [The H Security] 

Read more...

[img_assist|nid=1837|title=|desc=|link=none|align=right|width=115|height=115]Authorities in the U.K. have arrested two people in connection with using a notorious Trojan in a scheme to steal online banking information. The man and the woman, both 20, were arrested by the Metropolitan Police Service in Manchester, according to police. The duo is accused of using the Zeus Trojan, also known as Zbot, in a plot to steal information. It is believed the Trojan was configured to record victim’s online bank account information and passwords, as well as credit card numbers and other information. Read the full article. [eWEEK]

Read more...

[img_assist|nid=1821|title=|desc=|link=none|align=right|width=115|height=115]Mozilla will add a new lockdown feature to
Firefox 3.6 that will prevent developers from sneaking add-ons into the
program, the company said. The new feature, which Mozilla dubbed “component directory
lockdown,” will bar access to Firefox’s “components” directory, where
most of the browser’s own code is stored. The company has billed the
move as a way to boost the stability of its browser. Read the full article. [Computerworld]

Read more...

[img_assist|nid=1812|title=|desc=|link=none|align=left|width=115|height=115]Security researchers have detected a massive blackhat SEO (search engine optimization) campaign consisting of over 200,000 compromised web sites, all redirecting to fake security software (Inst_58s6.exe), commonly referred to as scareware. The massive blackat SEO campaign has been launched by the same people who operate/or manage the campaigns for the Koobface botnet. Read the full article. [ZDNet]

Read more...

[img_assist|nid=1803|title=|desc=|link=none|align=left|width=115|height=115]Yes, Mac fans, virus writers continue to focus primarily on Windows, since nine of 10 computers connected to the Web are PCs. However, phishers are platform agnostic. And right now phishing attacks are surging. Phishers rely on social engineering to victimize Web users. And their latest sleigh-of-hand is to lure your into giving up your Web mail or social network account log-ons. Anyone who uses Hotmail, YahooMail, Gmail, Facebook, MySpace, LinkedIn or Twitter is likely being attacked — doesn’t matter what computer operating system they happen to be using. Read the full article. [USA Today]

Read more...

[img_assist|nid=1790|title=|desc=|link=none|align=right|width=115|height=115]They’re the Internet equivalent of storm chasers, spending endless hours scanning and sleuthing, looking for the telltale signs of botnets. Here’s an inside look at the battle against cybercrime’s weapons of mass infection. Read the full article. [CSOonline.com]

Read more...

[img_assist|nid=1787|title=|desc=|link=none|align=left|width=115|height=115]A critical vulnerability in the Wikipedia Toolbar extension for Firefox has been discovered that can be exploited by an attacker to compromise a victim’s system. According to the Secunia report, the cause of the problem is due to the application using invalidated input in a call to eval() which can be exploited to execute arbitrary JavaScript code.

Read more...