IT security, vunerabilities, bugs, fixes, flaws, RSA conference and Infosec.

« June 2006 | Main | August 2006 »

On the hook

This may not be much of a surprise, but users of eBay and PayPal are the target of more than 75 per cent of all phishing emails.

Around 54.3 per cent of malicous phishing emails in 2006 so far were attempting to steal information from PayPal users, while 20.9 per cent were aimed at eBay users.

July 31, 2006 | Permalink | Comments (0) | TrackBack

Firefox security update

Mozilla today released a significant security update for Firefox - version  The fix closes a vulnerability exploited by a new piece of malware that poses as an extension to the web browser.

The FireSpy-A Trojan horse, also known as FormSpy, infects computers that have already been hit by the Dloadr-AKL Trojan horse. The FireSpy Trojan horse installs itself into the Registry and can steal passwords, credit card numbers and confidential data.

July 27, 2006 | Permalink | Comments (0) | TrackBack

A sign of things to come?

I hear that the government-backed provider of financial services, National Savings and Investment (NSI), is planning to issue 500,000 customers with two-factor authentication devices for online/telephone use.

Forrester Research analyst Benjamin Ensor says that most financial institutions are looking at some form of two-factor authentication, although consumers may not yet be aware of the shift.

July 27, 2006 | Permalink | Comments (0) | TrackBack

Upsetting the Apple cart

Well, after years of feeling more secure, it looks like vulnerabilities in Mac OS are on the rise. A study by  Kaspersky  identified a total of 60 security vulnerabilities in the first half of 2006, compared to 51 during the same period in 2005.

How'd you like them apples?

July 25, 2006 | Permalink | Comments (0) | TrackBack

Fuzzy logic

Security experts have been warning that artificial intelligence tools used by software developers have been adopted by hackers to find new vulnerablilities. The methodology seems to work by trying to brute force bugs, which can then be analysed for exploit potential.

On another note, a previously secret malware search capability in Google has also been hijacked by virus writers. Sigh - don't we know security through obscurity doesn't work?

July 24, 2006 | Permalink | Comments (0) | TrackBack

Web threats double

And just as I was reporting that virus ridden emails are on the decrease, McAfee said that it has officially released protection for malicious threat number 200,000 in its database, which has doubled since the 100,000 threshold was passed in 2004.

Not looking good is it?

July 7, 2006 | Permalink | Comments (0) | TrackBack

Whoops! a false positive for Symantec

Turns out Symantec is falsely identifying the Nullsoft Scriptable Install System (NSIS) open source tool as a virus. Apparently this is the fourth time NSIS has been falsely targeted.

Fifth time lucky eh guys?

July 7, 2006 | Permalink | Comments (0) | TrackBack

The evolution of virus distribution

It seems that viruses transmitted by email are on the decrease, but spam mail - often with a link to a site containing malware - is on the rise. I guess that shows we're doing something right, but in the end it's down to the user.

July 7, 2006 | Permalink | Comments (0) | TrackBack