Archive for January, 2008
2008.01.30 Daily Security Reading
by Rodney Campbell on Jan.30, 2008, under Security
Report – 51 Percent Of Malicious Web Sites Are Hacked
The number of legitimate Web sites that have been hacked and seeded with code that tries to infect visitors PCs with malware now exceeds the number of sites specifically created by cyber criminals.
Symantec reported Tuesday that the first case of drive-by pharming, in which a hacker changes the DNS settings on a customer’s broadband router or wireless access point and directs the link to a fraudulent Web site, has been observed in the wild. The first drive-by pharming attack has been observed against a Mexican bank.
Spies In the Phishing Underground
Security researchers Nitesh Dhanjani and Billy Rios, who recently managed to infiltrate the phishing underground. What started as a simple examination of phishing sites turned into an extraordinary tour through the ecosystem that supports the business of phishing.
2008.01.16 Daily Security Reading
by Rodney Campbell on Jan.16, 2008, under Security
Retrospective: 10 Security Blunders
Every year gets its share of major, jaw-dropping security blunders. This is a retrospective for the 21st century so far, with special attention on 2007.
Zero-Day Exploit For Apple’s QuickTime Posted
Vulnerability affects both Windows and Mac OS X versions of Apple’s QuickTime software.
Polish teen derails tram after hacking train network
The 14-year-old modified a TV remote control so that it could be used to change track points.
Malware Distribution Through Physical Media a Growing Concern
In the past month, at least three consumers have reported that photo frames – small flat-panel displays for displaying digital images – received over the holidays attempted to install malicious code on their computer systems.
Most Home Routers Vulnerable to Flash UPnP Attack
GNU Citizen have been researching UPNP Vulnerabilities in home routers, and have produced a flash swf file capable of opening open ports into your network simply by visiting an unfortunate URL.
2008.01.10 Daily Security Reading
by Rodney Campbell on Jan.10, 2008, under Security
Thinking fast-flux: New bait for advanced phishing tactics
Years ago, attackers would often have one or two really important machines that were the centerpiece of their criminal money-making schemes. The bad guys, thus, often faced one or more single points of failure in their criminal infrastructures. So, how have today’s enterprising bot-herders, making millions of dollars from their criminal empires, responded to the single points of failure? Two words: fast flux.
Eavesdropping on Bluetooth headsets
Few users realize that Bluetooth headsets can be exploited granting a remote attacker the ability to record and inject audio through the headset while the device is not in an active call.
Seen more as a prank than an actual threat, a Trojan horse for the Apple iPhone, has already come and gone. Still, users should be on the look out for a package called “iPhone firmware 1.1.3 prep,” described as something you need to install before updating to the new 1.1.3 firmware.
Matt Richard from Verisign’s iDefense sent us some information regarding the Master Boot Record (MBR) rookit that’s been found in the wild in the past weeks.