Rodney Campbell's Blog

Voice over IP under threat

There has recently been considerable alarm about the possibility of a malicious code spreading via Skype. Skype is a system that allows voice communication over established Internet connections, in an environment very similar to that of telephone calls. It even allows calls to be made to telephones from a computer, with lower tariffs than that of a normal call.

HD-DVD anti-copy encryption cracked

A programmer going on by the name muslix64 has posted a Java-based application that will free the encrypted video from its protection.

IE users at risk for 284 days in 2006

Exploits and unpatched critical vulnerabilities put the users of Internet Explorer at risk 77 percent of the time last year, according to the latest number crunching by Brian Krebs of the Washington Post’s Security Fix blog.

The Month of Apple Bugs, Apple responds by assigning an engineer to fix the problems.

NAC: A User’s Guide

Are you confused by NAC? If so, you’re not alone. Even NAC (Network Access Control) vendors can’t agree on what exactly the concept means.

Subverting Ajax (pdf)

The ability of modern browsers to use asynchronous requests introduces a new type of attack vectors. In particular, an attacker can inject client side code to totally subvert the communication flow between client and server. In fact, advanced features of Ajax framework build up a new transparent layer not controlled by the user.

Spoofed/Forged Email

A general overview of email spoofing and the problems that can result from it.

Changing Your MAC Address In Window XP/Vista, Linux And Mac OS X

Flash phishing

We’ve now seen several phishing web sites that are using flash-based content instead of normal HTML. Probably the main to reason to do this is to try to avoid phishing toolbars that analyze page content.

Five Hackers Who Left a Mark on 2006

In the security year that was 2006, zero-day attacks and exploits dominated the headlines.

Keep Your Identity Safe This Christmas

Identity thieves love Christmas too, and with many of us traveling abroad or visiting family and friends, it’s the perfect time for them to steal your identity. Even airline boarding pass stubs can, in some cases, contain enough information for identity fraudsters to steal your identity.

Skype Worm in the Wild

Internet security firm Websense has discovered a worm that uses Skype to propagate.

Data theft using JavaScript

The Windows clipboard is used for everyday copy-and-paste operations. When copying sensitive information such as credit-card numbers and passwords, the data is stored in an unencrypted form on the clipboard and is accessible from any web site with simple JavaScript code.

Month of Apple bugs coming

Two security researchers have made an early New Year’s resolution, promising to release information on a security bug in Apple’s software every day for a month, most likely January.

Corporate protection against fraud

The main problem for users in 2007 will be Internet fraud. The most well-known is the classic phishing. If gullible users receive an email from their bank, they will go where they are told to and leave enough data to seriously compromise their checking account without thinking twice. But there are fewer and fewer users of this kind, as the information is slowly getting through to Internet users.

An Ominous Milestone: 100 Million Data Leaks

Rapid-fire announcements this week by U.C.L.A. (800,000 records) and Aetna (130,000) moved the total to the threshold, when Boeing revealed the other day that a laptop recently stolen from an employee’s car contained names, Social Security numbers and other data on 382,000 current and former employees of the aerospace giant – bringing the total to a grim 100,152,801 records.

PHP security under scrutiny

Web applications written in PHP likely account for 43 percent of the security issues found so far in 2006.

Non-OS-dependant malware

All too often people talk about the disadvantages of the Windows operating system: it has too many security flaws, it is not properly patched, it is not security oriented… Until the much talked about Vista system finally reaches our computers, there will still be plenty of time to protest.

Microsoft speeds up phishing shield for IE 7

When you use Windows Internet Explorer 7 to visit a Web page, the computer may respond very slowly as the Phishing Filter evaluates Web page contents.

The hole trick – How Skype & Co. get round firewalls

In order to be able to exchange packets with their counterpart as directly as possible they use subtle tricks to punch holes in firewalls.

Hackers Selling Vista Zero-Day Exploit

Underground hackers are hawking zero-day exploits for Microsoft’s new Windows Vista operating system at USD$50000 a pop, according to computer security researchers at Trend Micro. The Windows Vista exploit – which has not been independently verified – was just one of many zero-days available for sale at an auction-style marketplace.

Gartner: 75% of networks will have undetected malware

By the end of 2007, 75% of enterprises will be infected with undetected, financially motivated malware that evaded their traditional perimeter and host defenses, according to a new Gartner report.

Backframe – JavaScript attack console

Backframe attack console is a full featured attack console for exploiting web browsers, web users and remote applications. The console is based on a client-server interaction.

The Ten Most Important Security Trends of the Coming Year

SANS Experts Predict the Future.