11 total posts
Taking Least Privilege to the Max
"Symantec is arguing that Windows Vista's User Access Control features are too intrusive, and perhaps they have a point. There's no reason to assume Microsoft got things perfect. Windows has a rich history of third parties adding value and making it better."
Read more on the above at http://www.eweek.com/article2/0,1759,2083762,00.asp?kc=EWRSS03129TX1K0000614 (an opinion by Larry Seltzer for eWeek)
PayPal claims key victory against fraud
Key fob device provides new security code every 30 seconds
Shaun Nichols in California, vnunet.com 15 Jan 2007
PayPal has introduced a keychain device designed to protect customers from account theft.
The PayPal Security Key is a small key fob which automatically generates a new six-digit code approximately every 30 seconds.
When users log in to their PayPal accounts, they are asked to enter the code from the key fob.
Read more: http://www.vnunet.com/vnunet/news/2172508/paypal-offers-coded-keychain
WSLabs, Malicious Websites / Malicious Code: Brazilian and R
WSLabs, Malicious Websites / Malicious Code: Brazilian and Russian Blackhats working together
Websense Security Labs has discovered that Brazilian-based malicious code authors are now utilizing a popular web exploit kit which originates in Russia. This combination of the groups working together is relevant because previously we have not seen such collaboration. The Web Attacker toolkit allows attackers to place code on their website to infect users when the site is visited. This toolkit is the most popular exploit kit on the web today. Previously, Brazilian attacks mostly used deception as a means to dupe users into running their code. These attacks provide the largest volume of unique samples that we see on daily basis.Of the sample attacks that we received this morning, one is a fake news story about a robbery that claims to have a large reward for the capture of the criminal. Another attack is contained in an email asking you to view some photos.In both examples, the attackers used email as the lure to attract visitors to their sites. Both sites contained live code that
installed and downloaded information stealing malicious code, if the visitor's PC was not fully patched.Screenshots are available within full alert details.For additional details and information on how to detect and prevent this type of attack: http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=724
Symantec: Vista A/V Tool Still Too Chatty
January 15, 2007
Symantec: Vista A/V Tool Still Too Chatty
By Matt Hines
In positioning itself to provide aftermarket applications for Microsoft's Vista operating system, anti-virus market leader Symantec is highlighting some shortcomings it believes to exist in the new platform's own security tools.
Among the conclusions of a presentation delivered to the media during the week of Jan. 8 by Symantec Vice President of Engineering Rowan Trollope is the software maker's finding that the UAC (User Account Control) feature of Vista, a security innovation highly touted by Microsoft, remains unwieldy and confusing to users.
Read more: http://www.extremetech.com/article2/0,1697,2083952,00.asp
McAfee, Inc. Reports on Online Identity Theft Trends
McAfee announced the availability of a white paper from McAfee Avert(R) Labs highlighting global identity theft trends, including a dramatic increase in online and computer-based identity theft.
According to the report, the number of keyloggers -- malicious software code that tracks typing activity to capture passwords and other private information -- has increased by 250 percent between January 2004 and May 2006. Additional findings show that the number of phishing alerts tracked by the Anti-Phishing Working Group has multiplied 100-fold over the same period of time. The report also provides practical guidelines that minimize the risk of identity theft to help readers protect themselves and prevent this increasingly common crime. The white paper, titled, "Identity Theft," is available for download at
SonicWALL Email Security Data Shows Increased Convergence
Data collected by SonicWALL, Inc. from its SMARTLABS network of over one million email users showed increased convergence in the 2006 malware ecosystem, with combinations of spam, phishing, viruses and DHA attacks delivering new levels of profitability for online fraudsters. During the year, SonicWALL recorded twice as many directory harvest attacks (DHA) as all spam attempts, which rose to two and a half times their 2005 levels, together with greater and more ingenious levels of phishing attacks, and a sharp increase in 'stealth' virus attempts.
MySpace users need to use better passwords
An active scam Web site designed to look like the login page for social-networking site MySpace.com appears to have stolen user names and passwords from nearly 60,000 people, according to data in a file that was linked to today from a popular security mailing list.
The phishing site, which is most likely being advertised via blasts of junk e-mail, looks identical to the real MySpace.com login page. A separate text file located on the scam site's Web server includes page after page of user names (in this case, e-mail addresses) and passwords, offering a rare insight into just how successful phishing scams can be for fraudsters.
Rainbow table targets Word, Excel crypto
Office workers looking to protect their documents may want to select a higher grade of encryption.
Swiss information-technology firm Objectif S
Anti-Piracy Firm Holds $40K Hacker Challenge
Wibu Systems announced Hacker's Contest 2007 for the company's CodeMeter system at last week's Macworld Expo. CodeMeter is a software protection system that runs on Mac OS X, Windows and Linux. The winner of the contest will receive US$40,000.