Browsing Category: Web Security

Categories: Web Security

The FBI’s Internet Crime Complaint Center (IC3) says complaints of online crime hit a record high in 2008, driven mostly by non-delivery of goods and service and those pesky 419 (Nigerian) e-mail scams.
Accordign to a new report (PDF from ic3.gov), the center received a a total of 275,284 complaints, a 33.1% increase over the previous year. The total dollar loss linked to online fraud was $265 million, about $25 million more than in 2007. The average individual loss amounted to $931.  Other significant findings include:

Read more...

Categories: Web Security

From DarkReading (Kelly Jackson Higgins)
Another reason to be careful what you post on Facebook: All it takes is a simple Google search, and phishers and marketers can glean a treasure trove of private information [darkreading.com] based on relationships among Facebook “friends,” according to new research.

Researchers from the U.K.’s University of Cambridge recently published a paper [PDF frm cam.ac.uk] detailing a project in which they developed a software tool to correlate and map Facebook profiles they found via public search engines, such as Google, to build detailed maps of relationships among Facebook members.  Read the full story [darkreading.com]

Read more...

Categories: Malware, Web Security

From Facebook, by Jeff Williams, Microsoft
When the Koobface worm hit Facebook users last year, the company’s security team scrambled to help affected users reset their accounts and avoid new infections. But the worm has continued to crop up periodically since then, and so the anti-malware team at Microsoft has been helping the Facebook technicians get a handle on the attack.

Read more...

Categories: Web Security

By Matt Hines, eWEEK
Security researchers are highlighting a more powerful breed of attack that is specifically targeting users of the open source Mozilla Firefox web browser.
Long touted for its improved security over rival browsers including Microsoft IE, Firefox has been mined for dozens of vulnerabilities over the last few years, but the application hasn’t ever faced the same level of attacks as Explorer. However, experts are charting the emergence of a new, sophisticated breed of Firefox threat that packs a significantly more potent punch than its predecessors.  Read the full story [eweek.com]

Read more...

Categories: Web Security

By Vivian Yeo, ZDNet Asia

The threat from Web-based malware is growing at a rapid pace, with nearly 200 percent more malicious sites [zdnet.com] identified this month, according to a new report from MessageLabs.
Released Tuesday, the MessageLabs Intelligence Report revealed that 2, 797 new Web sites hosting malicious content including spyware, were blocked by the security vendor in March, a 200 percent jump over the previous month.
Read the full story [zdnet.com]

Read more...

Just days ahead of an April 1st activation date for the Conficker worm, a pair of security researchers from the Honeynet Project have scored a major breakthrough, finding a way to remotely and anonymously fingerprint the malware on infected networks.
Now, with the help of Dan Kaminsky and Rich Mogull, off-the-shelf network scanning vendors, including the freely available nmap, have the ability to quickly detect Conficker infections.

Read more...

Categories: Web Security

Mozilla has released Firefox 3.0.8 to fix a pair of code execution holes that put users of the browser at risk of drive-by download attacks.  It includes a fix for one of the flaws exploited during this year’s CanSecWest Pwn2Own hacker contest.
The update also fixes a separate zero-day flaw disclosed earlier this week on a public exploit site. Both issues are rated “critical,” Mozilla’s highest severity rating.

Read more...

Categories: Web Security

By Robert McMillan, IDG News Service
Researchers at the University of Texas at Austin have taken a close look at the way anonymous data can be analyzed and have come to some troubling conclusions [infoworld.com].
In a paper [33bits.org] set to be delivered at an upcoming security conference, they showed how they were able to map out the connections on public social networks such as Twitter and Flickr. They were then able to identify people who were on both networks by looking at the many connections surrounding their network of friends. The technique isn’t 100 percent effective, but it may make some users uncomfortable about whether they should allow their data to be shared in an anonymous format.
Read the full article [infoworld.com]

Read more...

Categories: Web Security

By Jeremiah Grossman, White Hat Security
Someone begins watching a basketball game and asks who is winning. You might helpfully answer, “Lakers up 76 to 64.” Imagine if instead you said, “The Lakers are 60% from the field, have 12 rebounds, are 8 of 10 from the line, and the average height of the starting lineup is 6’7.” Sure, these are important statistics, but they certainly do not answer the question. (Inspired by Richard Bejtlich) The person listening would probably think you were trying to be funny, a jerk, or perhaps both.
Yet, this is how the Web security industry responds when businesses ask about the security of their websites. “We identified 21 security defects including eight Cross-Site Scripting and four SQL Injection, we are improving our SDL processes, and most of our programmers have been through security training.” Again, important metrics, but still not answering the most important question — how well defended is a website from getting hacked.

Read more...