IT security, vunerabilities, bugs, fixes, flaws, RSA conference and Infosec.

« October 2006 | Main | December 2006 »

Old viruses still beat on Vista

Well Microsoft launched Vista today along with a whole bunch of other stuff like Office. I know all the Microsoft crew, as well as most of the media, is out partying tonight in celebration. Sophos had some sobering words though, when it pointed out that some older viruses still affecting older versions of Windows are also capable of affecting Vista.

Let's hope the Microsoft security crew don't get too hung over.

November 30, 2006 | Permalink | Comments (0) | TrackBack

Psiphon beats web censors

Defintley a worthy tool here. Toronto University has developed a tunneling tool that will allow your friends and acquaintances in censored countries to access the internet freely. Psiphon essentially turns a home computer into a server and allows the operator of the host computer to send a unique web address to friends allowing them to access the internet via the server over an encrypted connection.

Get it here from Friday.

November 29, 2006 | Permalink | Comments (1) | TrackBack

Adware upsets Apple cart

Proof-of-concept code for an adware program that targets Apple's OS X operating system has been discovered.

The application installs itself through a feature in OS X that allows system libraries to be installed without notifying the user and could automatically launch a browser window every time the user opened an application.

November 28, 2006 | Permalink | Comments (0) | TrackBack

Dangling cursor snarfing?

This is a new one. Dangling cursor snarfing? Well, apparently it affects a number of Oracle databases and allows attackers to launch a SQL injection attack.

Some claim that Oracle's security is starting to slip.

November 27, 2006 | Permalink | Comments (0) | TrackBack

How low can they go?

This is pretty low, even for fraudsters. A mass email is going around offering jobs at a children's charity. But it's really just a hook to get people to send money in and act as part of a money laundering operation.

Be prepared for more of these - the season of goodwill is almost upon us...

November 26, 2006 | Permalink | Comments (0) | TrackBack

Beware the evil twin

AirDefense has warned that knowledgeable hackers are setting up rogue wifi points to nab information off of well to do folks. Apparently the baddies are targeting airports and specialist garages etc. So beware when logging onto your favourite free wifi.

November 23, 2006 | Permalink | Comments (0) | TrackBack

Untrusting Brits

Half of all Brits harbour a deep distrust of the internet, according to some research. Confidence levels in companies ability to protect information is also low. Sounds like a sensible attitude to me.

November 23, 2006 | Permalink | Comments (0) | TrackBack

Second Life hit by in game worm

In a scene that is reminiscent of any number of sci-fi films, virtual world Second Life had to shut down for a few minutes on Sunday after a rogue coder launched an in game worm. The worm took such a toll on the database that the game servers choked.

November 20, 2006 | Permalink | Comments (0) | TrackBack

Are consumers educating themselves?

Sure looks like it. According to Lycos' latest top 10 search results, the term 'spyware' was leading the pack, ahead of recent top searches like 'poker' and 'Pamela Anderson'.

it's good to know that people are actively seeking out information about the subject.

November 16, 2006 | Permalink | Comments (0) | TrackBack

Is Windows CE a threat?

Microsoft may bring its blemished security record from the desktop to the mobile, Symantec has said. Although its not such an issue at present, the antivirus firm reckons as Win CE becomes more popular, we will start seeing more mobile security threats.

November 15, 2006 | Permalink | Comments (0) | TrackBack

Mozilla wins the phish fight?

Mozilla's Firefox beats Microsoft Internet Explorer 7 hands down in terms of anti-phishing. Apparently, Firefox correctly blocked 243 more sites than IE7.

The study was commissioned by Mozilla though.

November 14, 2006 | Permalink | Comments (0) | TrackBack

You need antivirus too!

After Microsoft seems to have been sounding off at how secure and virus-proof Vista is, Jim Allchin has had to clarify that users will still need antivirus software. "Most users will use some form of antivirus software, and that will be appropriate for their scenarios," Allchin said.

Apparently Allchin's seven year old son is the only one that doesn't need antivirus on Vista.

November 13, 2006 | Permalink | Comments (0) | TrackBack

Inconsistent sentencing for hackers?

This is interesting. A Fathers 4 Justice campaigner who admitted hacking and virus spreading offences has been let off the hook. Whereas other hackers have been sent down, maybe the judge had a soft spot for this guy?

November 9, 2006 | Permalink | Comments (0) | TrackBack

Phishers drive fraud losses up

Banks are losing increasing amounts due to fraud caused by phishing scams, according to new figures from Apacs. Web bank losses rose by 55 per cent from £14.5m in the first six months of 2005 to £22.5m in the same period this year and it looks like consumers are still unaware of online security.

November 7, 2006 | Permalink | Comments (0) | TrackBack

Microsoft XML vulnerability

An exploit has been spotted in the wild for an unpatched vulnerability in the Microsoft XML core services, according to Symantec.

All versions of Internet Explorer make use of this functionality and are likely to be possible vectors of attack.

November 6, 2006 | Permalink | Comments (0) | TrackBack

Wiki worm warning

I guess it had to happen sooner or later. Hackers have been using Wikipedia to distribute links to malware. In one case a Wikipedia entry was created containing false information about a new version of the Blaster worm, along with a link to a fix. Except the link went straight to something nasty.

November 5, 2006 | Permalink | Comments (0) | TrackBack

Apple Airport in security shakedown

Proof-of-concept code has been posted for a new vulnerability in Apple's AirPort . The report suggests that the vulnerability could allow for remote code execution on a user's machine.Doesn't look like it's being actively exploited though.

November 2, 2006 | Permalink | Comments (0) | TrackBack

Got safe?

One year since the launch of the Get Safe Online campaign and the list of threats for October contains the usual suspects in terms of malware. Netsky, Mytob and Zafi all get a mention.

Time to update that antivirus software and get safe people.

November 1, 2006 | Permalink | Comments (0) | TrackBack