Spyware, Viruses, & Security forum

General discussion

NEWS - April 20, 2007

by Donna Buenaventura / April 19, 2007 8:40 PM PDT

Anti-phishing tool pays off at Nationwide

Software deployed by Nationwide to automatically identify and shut down phishing scams has paid for itself in three months by reducing online fraud, the building society said last week.

The roll-out followed the creation of the Strategic Fraud Initiative group at Nationwide to consider options for combating phishing attacks, which seek to obtain customer account and log-in information using spoof e-mails and websites.

The MarkMonitor software, which took 10 days to implement, has shut down hundreds of phishing scams during its first three months of operation. Prior to deploying MarkMonitor, Nationwide staff manually tracked phishing scams carried out against the company.

Discussion is locked
You are posting a reply to: NEWS - April 20, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - April 20, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Security researchers face hurdles
by Donna Buenaventura / April 19, 2007 8:42 PM PDT
In reply to: NEWS - April 20, 2007

Security researchers say that they are still facing hurdles in developing solutions for the latest security attacks.

In one example from last year, US security expert Cody Pierce of Tipping Point thought the he knew right away what he had found, but he wasn't exactly sure how serious it was. Pierce and his fellow researchers had spent much of the early part of last year poking around in the ActiveX controls in Windows XP, looking for controls that might be vulnerable.


Collapse -
Popular sites highly vulnerable to attack
by Donna Buenaventura / April 19, 2007 8:43 PM PDT
In reply to: NEWS - April 20, 2007

Eight out of ten websites contain flaws that can allow attackers to steal customer data, create phishing exploits, or craft a variety of other attacks, a security company said.

WhiteHat Security regularly scans hundreds of "very popular, very high-traffic sites" for its online business customers, said Jeremiah Grossman, the company's founder. "More than likely, you have shopped there, or bank there," he said. Thirty percent of scanned sites contain an urgent vulnerability, such as one that allows direct access to a company database with customer information, he said.

Two out of three scanned sites have one or more cross-site scripting (XSS) flaws, which take advantage of problems with sites' programming and are increasingly used in phishing attacks.


Collapse -
Lloyds TSB certificate glitch sparks concerns
by Donna Buenaventura / April 20, 2007 12:12 AM PDT
In reply to: NEWS - April 20, 2007

Online banking customers logging onto the Lloyds TSB website on Friday morning were confronted by potentially confusing warnings about a security certificate.

Consumers were greeted with a "website certified by an unknown authority" pop-up message for *.clickshift.com after accessing online.lloydstsb.co.uk. The domain involved is not an essential part of the Lloyds site, so refusing the certificate doesn't cause a problem. The certificate involved is attached to a webtrends stats gathering engine.

Instead of advising customers to refuse the certificate, Lloyds TSB online banking staff told Reg readers to click OK when the SSL security error popped up. So users are being asked to ignore a warning about the possibility that confidential information might be stolen by someone pretending to be clickshift.com, an entity few are likely to recognise in the first place.


Collapse -
Ad networks tracking users without cookies
by Donna Buenaventura / April 20, 2007 10:36 AM PDT
In reply to: NEWS - April 20, 2007
Collapse -
ISC: Port 443 / https increase
by Donna Buenaventura / April 20, 2007 10:39 AM PDT
In reply to: NEWS - April 20, 2007
Collapse -
Safari zero-day exploit nets $10,000 prize
by Donna Buenaventura / April 20, 2007 10:40 AM PDT
In reply to: NEWS - April 20, 2007

A New York-based security researcher spent less than 12 hours to identify and exploit a zero-day vulnerability in Apple's Safari browser that allowed him to remotely gain full user rights to the hacked machine. The feat came during the second and final day of the CanSecWest "pwn-2-own" contest in which participants are able to walk away with a fully-patched MacBook Pro if they are first able to hack it.


Collapse -
Also: Hacker breaks into Mac at security conference
by Donna Buenaventura / April 20, 2007 10:52 AM PDT
Collapse -
Satnav hacking made simple
by Donna Buenaventura / April 20, 2007 10:42 AM PDT
In reply to: NEWS - April 20, 2007

A pair of hackers have demonstrated a way to spoof travel information messages displayed on satellite navigation systems used by Italian drivers to bypass accidents, traffic jams and plot the most efficient routes from one point to another.


Collapse -
Russians crack OpenOffice security
by Donna Buenaventura / April 20, 2007 10:44 AM PDT
In reply to: NEWS - April 20, 2007

OpenOffice users who've locked their files and forgotten the password - or who have a document but not the password for it - can now crack their way in, thanks to a toolkit from a Russian developer specialising in password recovery.

Unsurprisingly called OpenOffice Password Recovery, its developer Intelore claims it can even allow for typing errors, so you can get back a document after mistyping the password - whatever the password length. The program can also remove read-only and revision locks from documents.


Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?