16 total posts
New tool in the fight against malware distribution
The Internet Storm Center often reports on the use of defaced websites in malware distribution. High profile examples such as the recent Dolphin Stadium web site compromise show that web masters have every reason to be very interested in exactly what they are serving up to an ever more mobile and global audience.
Niels Provos recently released a tool, SpyBye, that allows a webmaster to perform exactly such an audit. SpyBye, of which version 0.2 was released yesterday, is a proxy server that analyzes a requested url, submits any links it finds through a rule based engine (including a list of known malicious sites) and then categorizes these in three categories: harmless, unknown or dangerous. A webmaster can install it on his local machine and then access his website to get detail on what exactly is taking place during the connection - that same webmaster, having knowledge of the expected content, will also be able to easily identify content that is suspicious, but could otherwise have been unreadable when obfuscated through some form of URI-encoding.
Don't trust your network to open source
Black Hat event features RFID tiff, cybercrime update
IOActive, a small security consulting company, brought out some big guns to help defend itself against an RFID giant at the conference on Wednesday. Leveraging the American Civil Liberties Union (ACLU) and the U.S. Department of Homeland Security (DHS), IOActive hosted a panel discussion that turned into a pep rally to support its fight to disclose RFID security flaws that were detailed in a presentation quashed by RFID card vendor HID.
Storm Worm refuses to die
Phishing threats remained at the top of the danger list of reported malware in February, Fortinet has reported.
The security firm warned that the most notorious threat remains the Tibs worm, otherwise known as Storm Worm, accounting for 3.91 per cent of all detections.
Fortinet added that, according to its monitoring, no fewer than 36 variants of the Storm Worm have been active this month, although one variant accounted for nearly 60 per cent of related detections.
Storm Worm continues to have a severe impact on mailboxes worldwide, according to Guillaume Lovet, EMEA threat response team leader at Fortinet.
Symantec clears Vista on malware
Symantec's latest set of white papers found that rootkit malware will not install in Vista without users being notified, and that all kernel-level rootkits are blocked unless users ignore multiple pop-ups and click the 'Allow' button.
Graham Cluley, senior technology consultant at Sophos, said that the User Account Control in Vista is an important enhancement designed to prevent the installation of malware.
"However, it is also very intrusive with a high number of alerts that end users need to respond to, so there is a strong likelihood of it being disabled unless they are trained in how to use it," he added.
"This is one of the weaknesses that malware authors will undoubtedly attempt to exploit."
Symantec's study found that between 96 and 98% of malware such as spyware and Trojans is also blocked.
Gmail Updates and Alerts
Google created a new category in their Gmail Help Discussions:
"Hi Gmailers - The purpose of this sub-group is to provide you with valuable information regarding technical issues that Gmail may be experiencing. Posts will be made by Gmail Alerts Manager, a Google employee, and will have as accurate and up-to-date information as possible. "
Report: Java coders should secure samples
A whitepaper published on Monday by code auditing firm Fortify Software found that open-source projects written in Java have an order of magnitude fewer defects than those written in other languages, but the sample code provided to developers continues to be buggy.
Hacker steals data from French presidential candidate
A hacker stole sensitive data from a computer in the offices of French far-right leader Jean-Marie Le Pen, police said, fueling his fears that rivals used it to try and keep him out of the presidential race.
The security breach at Le Pen's National Front party headquarters comes as the campaign intensified ahead of the April and May election with several candidates facing smear scandals in recent weeks.
My.Netscape rebirth;No ads on initial launch
Netscape team is proud to release a Beta of the next generation My.Netscape, at: http://my.netscape.com
This site will be live tomorrow (Tuesday 3/6).
My.Netscape will retain its identity as a personalized homepage, with a minimum of ad clutter. The initial release will in fact have no ads at all! Our programming staff has worked hard to create a framework that allows for scalability and UI elegance.
Company offers boost for Vista security
A security vendor is offering an add-on product for Windows Vista's User Account Control feature, which has been flagged as a threat to business users because it can be easily bypassed by hackers.
BeyondTrust's Privilege Manager 3.0, which will be available on March 19 and costs $30 per user, protects enterprise desktops running Vista with User Account Control in two major ways, said John Moyer, CEO of BeyondTrust.
Apple plugs eight QuickTime holes
Apple on Monday released updates to its QuickTime media player software to repair eight serious security vulnerabilities.
The vulnerabilities expose both Macs and Windows PCs to cyberattack, Apple said in a security alert. In all cases, an attacker could craft a malicious file which, when opened with QuickTime, could give the miscreant full control over a computer running the software, Apple said.