Browsing Category: Web Security

Categories: Malware, Web Security

An ongoing attack on Google users is sending victims to rogue anti-virus software sites, researchers said this week.
The attack takes advantage of Google’s page-ranking feature, according to researchers at eSoft’s Threat Prevention Team. The scam works like this: An attacker hacks a site, but instead of embedding exploits on the hacked site, they put links to other websites to boost rankings for malicious sites, and Google users in particular seem to be the targets. Read the full story [scmagazineus.com]

Read more...

Categories: Web Security

Security researchers are reporting on an ongoing scareware serving campaign abusing the popular micro-blogging service Twitter.

Hundreds of tweets using four different URL shortening services are currently spammed through the automatically registered Twitter accounts, relying on a pseudo-random text generation using Twitter’s trending topics.  Read the full story [zdnet.com]

Read more...

Categories: Web Security

From PC Mag (Larry Seltzer)

Just when we were getting the point across that you need to be careful about what links you click on, along comes the new phenomenon of shortened links through redirection services, making it that much harder to be careful. There are products and services that can help though.
The success of these services has been driven mostly by Twitter, whose 140 character limit on posts makes it important for links to be as short as possible. The fact remains that when you click on a shortened link you don’t know where you will end up. Read the full story [pcmag.com]

Read more...

Categories: Malware, Web Security

There are security conferences, and then there is Virus Bulletin. While virtually all of the presentations are from researchers working at antimalware vendors and other security companies, the talks are quite technical and this year’s conference, which starts Wednesday in Geneva, Switzerland, features one most interesting speaker: Eric Davis of Google.

Read more...

Categories: Cryptography, Web Security

Locked in a cat-and-mouse game with spammers who use bots to defeat anti-fraud mechanisms and create fake accounts, Google today announced a deal to acquire reCAPTCHA, a company that provides those squiggly words at login screens.
The ReCAPTCHA deal isn’t exactly a security transaction.  Strategically, it gives Google an excellent crowd-sourcing tool to beef up its already impressive machine-vision algorithms (think book-scanning and maps) but, in the long run, the ability to use CAPTCHAs that are near-impossible for bots to decipher allows Google to raise the bar significantly in the fight against bots and spam.

Read more...

Categories: Web Security

Microsoft’s Security Development Lifecycle (SDL) team has released two new security tools to help developers test and verify the security of software programs.
The tools — BinScope Binary Analyzer and MiniFuzz File Fuzzer — are available for download at no cost.

Read more...

Categories: Web Security

DarkReading is reporting on the launch of a new experimental service set up to detect spam and threats on the popular Twitter microblogging service.
The experiment, called TwiGUARD, lets Twitter users check if a follower is a spammer or if a link embedded in a tweet is malicious.

Read more...

Starting with the upcoming releases of Firefox 3.5.3 and Firefox 3.0.14, Mozilla will warn users if their version of the popular Adobe Flash Player plug-in is out of date, according to Mozilla Human Shield Johnathan Nightingale.
Once the browser is updated, Mozilla will present the user with a visual notice on its first-run Web site that the Flash Player plugin contains security and stability vulnerabilities.

Read more...