IT security, vunerabilities, bugs, fixes, flaws, RSA conference and Infosec.

« September 2006 | Main | November 2006 »

Happy Halkoween!

Ok, it's probably just a marketing stunt on the back of All Hallows' Eve but I guess they have a point. Websense is warning that scammers are probably using websites discovered by mis-typing addresses or searches - such as 'halkoween' instead of 'halloween'. The word of warning goes for anytime of year though - it'll probably be wheeled out again at 'Christnas'.

October 31, 2006 | Permalink | Comments (0) | TrackBack

Vista kernel cracked?

And by a security firm no less. These guys Authentium claim to have got access to Vista's well guarded kernel.

"If we (the good guys) can gain access to the Vista kernel, so can sophisticated, well-financed hackers. These days, most hackers are exactly that - sophisticated and well-financed."

October 30, 2006 | Permalink | Comments (0) | TrackBack

Happy families

So it looks like Microsoft is trying to play happy families with the security industry, despites all the fallings out between Microsoft, McAfee and Symantec. Microsoft has been talking up the improved security, reliability and integrity of the Windows kernel to provide greater stability, protection and defence against malicious threats.

Thing is it's the kernel that's caused all the upset in recent days. McAfee for one has claimed Microsoft is denying computer security companies access to Vista's underlying technology.

October 25, 2006 | Permalink | Comments (0) | TrackBack

$182 per compromised record

Apparently the  average cost of a data breach is $182 per compromised record. Pretty pricey eh?

But if 72 per cent of respondents indicated that the cause of the data breach was because digital information was not properly protected, it's a case of pay now, or pay later.

October 23, 2006 | Permalink | Comments (0) | TrackBack

You want fries with that?

This is a gem. McDonalds Japan has got itself into a bit of a pickle after being caught serving up spyware with its Big Macs. Turns out some 10,000 winners of MP3 players in a competition held in August got more than they bargained for.

The MP3 players were infected with the QQPass virus, which emails out passwords amongst other nasties. Looks like the Hong Kong supplier could be in the frame here. Don't know how good your Japanese is so here's a Babelfish trans. Not that it's any more readable...

Has McDonalds bitten of more than it can chew?

October 22, 2006 | Permalink | Comments (0) | TrackBack

You are talking out of your BackOrifice

It's been widely touted recently that the threat from viruses and worms is rapidly being overcome. One of the latest proponents of this argument is Symantec, which has asserted that such threats are effectively a thing of the past.


Traditional nasties are, Symantec burbles, waning as cyber-criminals turn to identity theft. But how are these nefarious scammers conducting their identity thievery? They are not hiding in dark alleyways, jumping on unsuspecting victims and making off into the choking miasma of  Olde London  Town to pass on their ill-gotten gains to some shadowy cyber-Fagin.

In fact they are using a variety of methods including key-loggers, rootkits and precisely the Trojans that Symantec says are no longer a threat to steal sensitive personal and financial details.

We, with due respect, believe that the proponents of the notion that we've seen the last of viruses, Trojans and worms are talking out of their BackOrifices.

October 18, 2006 in Viruses | Permalink | Comments (1) | TrackBack

Myths of ebanking

It seems like lots of people are still put off of ebanking because of security concerns. Personally I don't see what the fuss is about, I've always found the experience very reassuring. The only genuine worry i can understand is phishing emails that pretend to be from a bank. But you just have to remember that no bank ever asks you to either email or log on and change or verify your details.

October 13, 2006 | Permalink | Comments (0) | TrackBack

More mobile malware

Taking a pop at both Windows CE and Symbian today is Russian antivirus outfit Kaspersky. Windows CE is wide open because it has no restrictions on executable applications and their processes, the company says. Same goes for Symbian, on which the level of application security is very similar to that of Windows CE.

October 11, 2006 | Permalink | Comments (0) | TrackBack

Google: "We keep the bad guys out"

Or not. Just one day after launching a new security page provng that Google "takes security very seriously" blah blah and how it keeps the bad guys out, a bug in Blogger allows someone to post a fake message on the official Google Blog.


October 9, 2006 | Permalink | Comments (0) | TrackBack


Less than a week after Google launches its Code Search to the benefit of coders everywhere and hacker are already scouring its database for potential vulnerabilities. Mind you, some of them are pretty obviously pointed out in the comments.

Then there's the humorous ones.

October 8, 2006 | Permalink | Comments (0) | TrackBack

The Russian extortionists

You always hear how the internet has become the new home for the criminal fraternity and these stories that Russian hackers have been trying to extort money from bookmakers certainly supports the claims.

It's quite worrying that they actually made good on their threats too, taking sites out of commission. They got caught out though. 

October 5, 2006 | Permalink | Comments (0) | TrackBack

Web 2.0 worries

Uh oh, looks like in all the Web 2.0 excitement, somebody forgot about security. Ajax applications may be exposing enterprises to a new series of security threats.

Ajax uses web services techniques to transmit information directly from a database to the website. In a non-Ajax application, the same application would have required a web server to build the actual webpage that is presented to the user. But an Ajax application combines disparate data sources directly on the client system.

October 4, 2006 | Permalink | Comments (0) | TrackBack

Firefox hacker exposed. Whooops

Mischa Spiegelmock, the security expert who claimed to have discovered a critical vulnerability in Firefox has admitted that the bug would only crash the browser and that he had been unable to execute arbitrary code.

Apparently, the main purpose of the talk was to be humorous.

October 3, 2006 | Permalink | Comments (0) | TrackBack

And there's more folks

Apple has released a security update that fixes 15 different vulnerabilities in Mac OS X. Bit of a catch up post this but this security fix comes one week after Apple released a patch for vulnerabilities in its AirPort wireless networking components.

You know. The vulnerability it denied ever existed.

October 2, 2006 | Permalink | Comments (0) | TrackBack

XSS attacks on the rise

Cross site scripting attacks continue to be a significant problem, says NTA Monitor. And the increasing number of blogs and forum sites out there is just giving the bad guys an opportunity to hit more machines.

It's just a matter of being cautious and being wise to these problems.

October 1, 2006 | Permalink | Comments (0) | TrackBack