Archive for April, 2007
2007.04.26 Daily Security Reading
by Rodney Campbell on Apr.26, 2007, under Security
103 Free Security Apps for Mac, Windows and Linux
To keep your computer safe (and save some cash while doing it) we’ve assembled a list of 103 free security apps for Mac, Windows and Linux. By the end of the article you should have enough resources to secure even the most naïve system, for free!
It’s about 2 and a half years since the standards bodies threw up their hands and left SMTP authentication to the industry. Implementation progress has been slow but positive. And there have been some surprises.
Optical link hacking unsheathed
Techniques for extracting data flowing over fibre optic links are evolving to make the technique easier to apply (pdf).
Rootkit that is able to load from Windows Vista boot-sectors.
Web threats to surpass e-mail pests
By next year, Internet users can expect more cyberattacks to originate from the Web than via e-mail, security firm Trend Micro predicts.
Russinovich Says, Expect Vista Malware
Despite all the anti-malware roadblocks built into Windows Vista, a senior Microsoft official is lowering the security expectations.
2007.04.20 Daily Security Reading
by Rodney Campbell on Apr.20, 2007, under Security
State Department got mail _ and hackers
A break-in targeting State Department computers worldwide last summer occurred after a department employee in Asia opened a mysterious e-mail that quietly allowed hackers inside the U.S. government’s network.
Staff use of social media is an unseen threat, says security firm
Over one third of businesses do not monitor their employees’ internet use, according to a survey carried out by an information security firm.
Attackers improve on JavaScript trickery
As JavaScript becomes an increasingly key component of online attacks, attackers are investing more energy in obfuscation and other techniques to make defenders’ attempts at reverse engineering more difficult, a security researcher told attendees at the annual CanSecWest conference on Wednesday.
How Security Companies Sucker Us With Lemons
With so many mediocre security products on the market, and the difficulty of coming up with a strong quality signal, vendors don’t have strong incentives to invest in developing good products. And the vendors that do tend to die a quiet and lonely death.
2007.04.18 Daily Security Reading
by Rodney Campbell on Apr.18, 2007, under Security
New AACS cracks cannot be revoked, says hacker
Folks at the Doom9 forums sent word that they have found yet another way around the copy protection for high definition discs… They cannot revoke this hack.
A new ruling which said a college had breached a woman’s privacy by secretly monitoring her e-mails, means employers cannot spy on staff.
Vista For Forensic Investigators
SecurityFocus has a two-part article offering a high-level look at changes in Windows Vista that a computer forensic investigator needs to know about. Part 1 covers the different versions of Vista available and Vista’s built-in encryption, backup, and system protection features. Part 2 continues with a look at typical user activities such as Web browser and email usage.
2007.04.16 Daily Security Reading
by Rodney Campbell on Apr.16, 2007, under Security
No end in sight to hacking of ‘WoW’ accounts
For months, hackers–most likely in China and Russia, according to security watchers–have been surreptitiously installing keylogging software on WoW players’ Windows computers, hijacking their accounts and selling off their often valuable in-game assets.
Announcing: Bruce Schneier’s Second Annual Movie-Plot Threat Contest
The first Movie-Plot Threat Contest asked you to invent a horrific and completely ridiculous, but plausible, terrorist plot. All the entrants were worth reading, but Tom Grant won with his idea to crash an explosive-filled plane into the Grand Coulee Dam.
The Web can help kids learn, communicate, and socialize, but it also exposes them to risks.
Developers warned to secure AJAX design
Most frameworks for deploying interactive functionality use JavaScript in a way that could lead to their applications leaking user data.
Can stuck torrents beat pirates?
Online filesharing of movies and music has the Hollywood hotshots hopping mad, but they are fighting back with the help of anti-piracy firms.
Microsoft to wait and see on Vista activation hacks
There are two methods that seem to work, and the software giant is monitoring both to see if they pose any substantial threat to the company’s business model.
Mark Russinovich examines some interesting email.
2007.04.10 Daily Security Reading
by Rodney Campbell on Apr.10, 2007, under Security
Image Spam: Getting the Picture?
Spam. We’ve all seen enough of it. But just as familiarity has bred contempt (and stopped most email users responding to it), spammers have come up with a new technique to snare the unwary and get around corporate security measures.
Four steps to battling botnets
How do you know if your computer, or any of the computers in the network you manage, has become infected with zombie code? After all, the programs that turn a computer into an undead slave for spammers and phishers don’t install a desktop icon or an entry on the Windows Start menu. A survey of experts reveals some agreement on basic steps you can take to reduce the risk of having your machines join the army of the evil botnet undead.
New class of attack targets embedded devices
Researcher finds vulnerability in embedded chips that can compromise routers or mobile phones… Often, it’s simply too expensive for hardware makers to shut down JTAG access
JavaScript Hijacking (pdf)
An increasing number of rich Web applications, often called Ajax applications, make use of
JavaScript as a data transport mechanism. This paper describes a vulnerability we term JavaScript Hijacking, which allows an unauthorized party to read confidential data contained in JavaScript messages.
Top 12 OS X Tiger Security Issues
It’s been called one of the safest operating systems of all time, but Mac’s OS X Tiger may not be as safe as it seems. This list provides its top security issues and how to plug them.