Browsing Category: Web Security

Categories: Web Security

A routine security update for a Microsoft Windows component installed on tens of millions of computers has quietly installed an extra add-on for an untold number of users surfing the Web with Mozilla’s Firefox Web browser, according to a report [washingtonpost.com] by Brian Krebs
The Firefox add-on was silently added to Firefox when users downloaded a service pack for the Microsoft .NET Framework.  Annoyances.org explains why this is a security problem:

Read more...

Categories: Web Security

From The Last Watchdog (Byron Acohido)
There’s power in simplicity. That’s the upshot of the phishing attack now bombarding Facebook users.  Many FB’ers are receiving messages titled, simply, “Hello.” The body of the text contains a brief imperative sentence: “Check areps.at” or “Check bests.at” Several USA Today staffers have received these bogus messages.
Clicking on the “areps.at” or “bests.at” hyperlink takes you to a realistic-looking, but counterfeit, Facebook login page, where you will be prompted to type your userID and password. You don’t have to be particularly gullible to fall for this. You can be in a hurry;  multitasking on the ragged edge, networking multiple places, as part of  a job where you’re being asked to do more with less. Read the full story [lastwatchdog.com]

Read more...

Categories: Web Security

From SearchSecurity.com (Rob Westervelt)

IT managers are under pressure from the top executives in their organizations to relax their policies on Web security in order to make users more productive. A new survey of more than 1,000 IT managers found that sales and marketing personnel also are leaning on IT staffs to make life easier for users who already are using tools such as Google Apps and social networking sites on their own.

Read more...

Categories: Malware, Web Security

From IDG News Service (Robert McMillan)
A new attack that peppers Google search results with malicious links is spreading quickly, the U.S. Computer Emergence Response Team warned [us-cert.gov] on Monday.

The attack, which has intensified in recent days, can be found on several thousand legitimate Web sites, according to security experts. It targets known flaws in Adobe’s software and uses them to install a malicious program on victims’ machines, CERT said. Read the full story [cio.com]

Read more...

Categories: Web Security

Little, if anything, gets Mac users more exercised than a mention of their favorite machine’s security problems. Despite the fact that security experts believe Macs to be much easier to exploit than Windows machines, Mac users simply trot out the old saw about there not being any virus attacks on Macs. Not only is that assertion demonstrably false, but it misses the point entirely: Virus attacks are not an indicator of the security of an operating system.

Read more...

Categories: Web Security

From SC Magazine (Chuck Miller)
Attackers have discovered that spreading their malware is a much easier task on social networking sites than it is on the rest of the Web. The success rate for malware on social networking sites such as Twitter and Facebook is 10 percent, compared with less than one tenth of that on normal sites and through email.

Read more...

Categories: Web Security

At a Churchill Club event in Santa Clara, Calif., Peter Solvik, managing director at Sigma Partners, talks to a panel of CIOs about how they’re making mobile devices more secure in the enterprise and whether their employees prefer the BlackBerry over the iPhone. The panel includes: Matt Carey, chief information officer of Home Depot; Karenann Terrell, CIO of Baxter; and Lars Rabbe, former CIO of Yahoo.

Read more...

Categories: Web Security

From PC World (Aurora Dizon)
The “Twitter porn names” game, currently Twitter’s top trending topic, may be a fun distraction that gives you and your friends something to tweet about. But it also has a security hole–one that is no technical snafu. It could be simple human error, but it’s also possible that this security hole is an example of truly sneaky social engineering. Read the full story [pcworld.com]

Read more...