Browsing Category: Web Security

Categories: Malware, Web Security

From IDG News Service (Robert McMillan)
Former Apple Macintosh evangelist Guy Kawasaki posts Twitter messages about a lot of different thing, but the message he put up Tuesday was really out of character: “Leighton Meester sex tape video free download!”
His message included a link that, after some further clicking, landed Kawasaki’s followers on a fake porn site where online criminals try to install a nasty Trojan horse program on victim’s computers. And in an interesting twist, the program attacks both Mac and Windows users.  Read the full story [computerworld.com]

Read more...

Categories: Web Security

Mozilla’s security engineers are working on new technology that promises to mitigate a large class of Web application vulnerabilities, especially the cross-site scripting (XSS) plague against modern Web browsers.
The project, called Content Security Policy, is designed to shut down XSS attacks by providing a mechanism for sites to explicitly tell the browser which content is legitimate. It can also help mitigate clickjacking and packet sniffing attacks. Read the full story [zdnet.com]  Also see Mozilla’s explanation of the technology [mozilla.org]

Read more...

Categories: Web Security

From IDG News Service (Robert McMillan)
Opera has added a lot of cool new features to its upcoming Opera 10 browser, and one of them is almost sure to catch the eye of cyber criminals.
It’s called Opera Unite, and while Opera promotes it as an exciting new platform for next-generation Web development, some security experts say it could become the botmaster’s best friend. Read the full story [computerworld.com]

Read more...

Categories: Malware, Web Security

From MediaPost (Laurie Sullivan)
A wave of fake Twitter email invitations sent in hopes of luring people to unzip a file to find out who invited them has been hitting unsuspecting victims. The message carries a mass-mailing worm. It looks around on infected computers and sends emails to addresses it finds.
The message appears as if it came from a Twitter account, but unlike a legitimate Twitter message, there is no invitation URL in the body of the email. Instead, the user sees an attachment that appears as a .zip file containing an invitation card. When the zip file is opened, the virus spreads. Read the full story [mediapost.com]

Read more...

Categories: Web Security

From DarkReading (Gadi Evron)

Facebook users are facing a new threat, 419 scams in chat form, masquerading as friends.
I know because it just happened to me (think: 419 scam). An “acquaintance” sent me a message using Facebook chat that said, “Hi.” Easy enough. I replied in kind. Then she told me a horror story of being held at gunpoint and stranded in London.  Read the full story [darkreading.com]

Read more...

Categories: Web Security

From InfoWorld (Roger Grimes)
Talk about a turnaround. It’s always hard to recognize the larger, slow-moving paradigm shifts as they happen. But after a decade of bad press regarding its commitment to software security, Microsoft seems to have turned the tide. Redmond is getting consistent security accolades these days, often from the very critics who used to call it out. Many of the world’s most knowledgeable security experts are urging their favorite software vendors to follow in the footsteps of Microsoft. Read the full story [InfoWorld.com].

Read more...

From The Wall Street Journal (Emily Steel)
On a Saturday night at the end of May, visitors to the forums section of Digital Spy, a British entertainment and media news Web site, were greeted with an ad that loaded malicious software onto their computers. The Web site’s advertising system had been hacked.
A number of such attacks have occurred this year, as perpetrators exploit the complex structure of business relationships in the online advertising, with its numerous middlemen and resellers. Web security experts say they have seen an uptick in the number of ads harboring malware as the economy has soured and publishers, needing to boost their ad revenues, outsource more of their ad-space sales.  Read the full story [wsj.com]

Read more...

From Just Ask Gemalto (Dennis Fisher)
Computer users have been conditioned over the last few years to recognize and avoid many of the more common scams and threats on the Internet: email viruses, phishing, spam, Nigerian 419 ploys and work-at-home money-mule schemes. You know that an email promising funny pictures of Britney Spears is probably more likely to install malware on your machine than to brighten up your day with more of Britney’s zany antics.

Read more...