Spyware, Viruses, & Security forum

General discussion

NEWS - July 03, 2010

Southsea youth arrested over

Discussion is locked
You are posting a reply to: NEWS - July 03, 2010
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - July 03, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Subway scam hits Facebook

In reply to: NEWS - July 03, 2010

Facebook users beware: A link offering a free gift card to Subway is a scam.

The advertisement instructs consumers to click the "like" button to receive a free gift card, said Janet Hart, spokeswoman for the Southern Piedmont Better Business Bureau. Those who click the link could infect their computers why spyware or malware.

The national Better Business Bureau discovered the scam Thursday and has confirmed with Subway that the promotion does not exist.

The Herald

Collapse -
How to fix PDF /Launch flaw

In reply to: NEWS - July 03, 2010

From the Bkis Global Task Force Blog:

In previous blog entry, I commented that the latest patch of Adobe still cannot fix PDF launch vulnerability. Adobe has confirmed this issue on their blog. Accordingly, Brad Arkin, Director of Product Security and Privacy for Adobe Systems, said that the solution in the latest patch for /Launch flaw is ?not a perfect solution?.

The flaw still remains and the risk for users remains large. Adobe should release the next patch as soon as possible.

According to Adobe blog, blacklist has been used to fix the flaw. Brad says that blacklist bypassed by using quotes makes the mistake. However, I think that Adobe can still resolve the problem by using blacklist mechanism.

My advice is: standardize the parameter string passed to /Launch before comparing with blacklist, a basic principle in secure coding. Thus, fixing the flaw is easy.

I have emailed Adobe. I hope that they would soon release a complete patch.

Posted Here: http://blog.bkis.com/en/how-to-fix-pdf-launch-flaw/

Collapse -
Six Messy Database Breaches So Far In 2010

In reply to: NEWS - July 03, 2010

From a National Guardsman's external hard drive faux pas to a financial services firm's slack practice of password-sharing, this year has already had its share of shocking database exposures

Whether it be insecure Web applications, poor password management, or a lack of database policies and monitoring, the average database today is at risk of exposure through a host of different threat vectors that many organizations are not even aware of -- let alone are addressing. Already in 2010, the number of database breaches as a result of such mistakes is mounting.

The list of disturbing database breaches so far this year mostly could have been avoided. The affected organizations had to learn the hard way, through public embarrassment and expensive incident response procedures. But the missteps that led to them provide a cautionary tale for other organizations.

Garnering that cultural commitment starts with awareness. Here are six of the more eye-popping database-related breaches so far this year -- and some lessons learned from each:

1. Arkansas Army National Guard
2. University of Louisville
3. WellPoint
4. Virginia Beach Department of Social Services
5. Florida International University
6. Lincoln National Corp.

Dark Reading

Collapse -
IT insider admits stealing info for 2,000 bank employees

In reply to: NEWS - July 03, 2010

A former IT worker for the Bank of New York has admitted to stealing personal information of 2,000 employees and using it to steal more than $1m from charity bank accounts, city prosecutors said.

Adeniyi Adeyemi, 27, used his position as a contract computer technician at the bank's headquarters to steal the personal identifying information of 2,000 employees, most of whom worked in the IT department. Over an eight-year span, he used the information to set up dummy bank accounts in the employees' names and then transfer stolen funds from at least 11 charities throughout the world.

Adeyemi used publicly available routing numbers for the charities to initiate wire transfers through financial sites such as ETrade and Fidelity and deposit them into the dummy accounts. To better cover his tracks, he then transferred the funds to a second layer of dummy accounts, according to a press release issued by the New York City District Attorney.

The Reg

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Best Black Friday Deals

CNET editors are busy culling the list and highlighting what we think are the best deals out there this holiday season.