Virus Information News

[First]  [Previous] |    153     154     155     156     157     158     159     160     161     162    | [Next]  [Last] of 172 page(s)

Facebook Mischief

F-Secure Weblog

by Sean

January 26, 2010

Facebook recently published a nice new feature: Reply to this email to comment on this status.

But is it secure? As it turns out, based on our testing, anyone can use the Reply To address, from any e-mail account.

U.S. enables Chinese hacking of Google

CNN

by Bruce Schneier

January 23, 2010

In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access.

Google's system isn't unique. Democratic governments around the world -- in Sweden, Canada and the UK, for example -- are rushing to pass laws giving their police new powers of Internet surveillance, in many cases requiring communications system providers to redesign products and services they sell. Many are also passing data retention laws, forcing companies to retain information on their customers. In the U.S., the 1994 Communications Assistance for Law Enforcement Act required phone companies to facilitate FBI eavesdropping, and since 2001, the National Security Agency has built substantial eavesdropping systems with the help of those phone companies. Systems like these invite misuse: criminal appropriation, government abuse and stretching by everyone possible to apply to situations that are applicable only by the most tortuous logic. The FBI illegally wiretapped the phones of Americans, often falsely invoking terrorism emergencies, 3,500 times between 2002 and 2006 without a warrant. Internet surveillance and control will be no different.

New Zero-Day Threats and High Spam Levels: MessageLabs Report

WHIR Web Hosting Industry News

January 22, 2010

According to a report released last week by Symantec, 83.4 percent of spam at the end of 2009 originated from botnets. Around 900 million spam emails, originated from free webmail accounts, and more than 79 percent of webmail spam came from three well-kno

"Despite the best efforts of the webmail providers to prevent this abuse of their services, there is still a viable market in the underground economy for buying and selling legitimate and usable webmail accounts," Symantec Hosted Services MessageLabs Intelligence senior analyst Paul Wood said in a statement. Last month, a new zero-day vulnerability in a popular version of a .PDF viewer was found to target high-level individuals in the public sector, education, financial services and large international corporations. It arrives as a .PDF file containing embedded malicious Javascript code. The attack also had a social engineering aspect -- the attack varied according to the individual and organization being targeted, making it seem legitimate. MessageLabs Intelligence actually blocked the first versions in November 2009, protecting Symantec Hosted Services customers from the attack before it began.

Users still make hacking easy with weak passwords

computerworld.com

by Jaikumar Vijayan

January 21, 2010

In a report likely to make IT administrators tear out their hair, most users still rely on easy passwords, some as simple as "123456," to access their accounts.

A report released today by database security vendor Imperva Inc. serves as another reminder of why IT administrators need to enforce strong password policies on enterprise applications and systems. Imperva's report is based on an analysis of 32 million passwords that were exposed in a recent database intrusion at RockYou Inc., a developer of several popular Facebook applications. The passwords, which belonged to users who had registered with RockYou, had been stored by the company in clear text on the compromised database. The hacker responsible for the intrusion later posted the entire list of 32 million passwords on the Internet.

Chinese Search Engine Baidu Sues Its US Web Host Over Hacking Incident

WHIR Web Hosting Industry News

January 20, 2010

Following a January 12 attack that left Baidu's main search engine inaccessible for several hours, Baidu announced on Wednesday that it had filed a lawsuit against register.com and that it was actively seeking a new hosting provider for its search engine.

"The fault of register.com led to the malicious and unlawful altering of the domain name of Baidu, which made thousands of people unable to visit baidu.com and brought serious losses to Baidu," the company stated. Last week, Baidu searches were reportedly redirected, and its homepage carried the message, "This site has been hacked by Iranian Cyber Army." This suggests that it was the same group that hacked social networking site, Twitter, last month.

Network Solutions Responds to Site Defacements

WHIR Web Hosting Industry News

January 20, 2010

After hackers defaced hundreds of websites hosted by Network Solutions, the company said Tuesday that it is monitoring this threat and working with law enforcement organizations as it works to restore the impacted sites. "We have discovered the cause of a

"Hackers were able to add a file displaying illegitimate content on top of the customer website content. This was an issue on multiple servers and unknown intruders were able to get through by using a file inclusion technique. There was no danger to any personally identifiable or secure information." Bellamkonda noted that after this issue is sorted out, Network Solutions will be undertaking precautionary actions that may include some server configuration modifications.

Better Security through Software

blog.facebook.com

by Jake Brill

January 12, 2010

One of the best defenses against security threats is a good offense, and we want to help you take the offensive by having the latest security software installed on your computer...

Spammers Exploit Free Web Hosting Services

WHIR Web Hosting Industry News

by David Hamilton

January 11, 2010

Temporarily benefiting from a host's legitimate reputation, spammers are taking advantage of "free-hosting" services for their nefarious purposes.

In its January 2010 Spam Report, McAfee made note of the growing trend of spammers signing up for free subdomains and complimentary hosting. Oftentimes they are allowed to use a unique third-level domain, giving them the appearance of a legitimate site. "Using a free hosting service is a good tactic for spammers because it is easier to automatically block a new infected website than to block a site that has been around for a longer period and has possibly had legitimate traffic associated with it," wrote the McAfee report's authors. "This edge can provide spammers a few precious additional hours before the spam-blocking services of the world blacklist that host. In the course of a few hours a botnet can generate billions of messages." With long-time free hosting site Geocities shutting its doors just months ago, dozens of similar free hosting sites have sprung up to provide free web space to anyone who requests it. Unfortunately, spammers have requested a lot of it.

Warning on possible Android mobile trojans

f-secure.com

by Mikko

January 11, 2010

Google's Android mobile operating system has an open Marketplace much like the iTunes AppStore. This week approximately 40 "banking" applications sold through the Marketplace were removed due to security concerns.

Since the applications were not developed or authorised by the banks themselves, they could not do real online banking from the Android device. Apparently they only opened the web interface of the online bank for the user. On the other hand, they could have stolen user credentials.

Ransomware - Buy Back Your Own Files

f-secure.com

January 8, 2010

Initial infection makes it look as if certain files - mostly Microsoft Office documents, video, music and image files - on the infected system had been "corrupted" and a recommended utility will "fix" them.

If the utility is downloaded and executed, the luckless user finds that it can "only repair one file in unregistered version". To repair - or more accurately, decrypt - anything more, the user has to buy the product. Think about this from the users point of view. "Oh my god I've lost my important files!" "Thank god I found this great product that recovered them perfectly for just $89.95" "I'm going to recommend Data Doctor to all my friends". Effectively, user is forced to pay a ransom for his own files and the user doesn't even realize he's paying a ransom.

[First]  [Previous] |    153     154     155     156     157     158     159     160     161     162    | [Next]  [Last] of 172 page(s)