IT security, vunerabilities, bugs, fixes, flaws, RSA conference and Infosec.

« February 2007 | Main | April 2007 »

Microsoft the leak in Xbox attacks

Well Microsoft has said that social engineering is to blame for Xbox Live gamers losing their IDs, but the company neglected to mention it's the Bungie helpdesk that is being targeted.

The 'infamous' clan, who are behind a lot of the gamer tag thefts, have been boasting about their social engineering exploits on the web. Although the 'infamous' website seems to have gone down now:

March 22, 2007 | Permalink | Comments (0) | TrackBack

Xbox Live fraud on the rise

There seems to be an increasing number of thefts of gamer IDs on the Xbox Live platform, which I guess can only be expected as the console becomes more popular. Undoubtedly the problem will also spread to the other internet connected console platforms too. Interestingly it seems that the problem is due to gamers falling out with each other.

March 21, 2007 | Permalink | Comments (0) | TrackBack

MySpace targeted in month of bugs

And the latest "month of bugs" target is none other than social networking monster, MySpace. Although its very tongue in cheek, the guys behind it have actually been doing some real research, even though they themselves reckon "month of bugs" are annoying.

March 19, 2007 | Permalink | Comments (0) | TrackBack

A sticky security problem

This reads a bit far fetched but McAfee reckons that stickykeys, a tool designed to aid access, could aid access for malicious users. If you replace the stickykeys .exe with command prompt - cmd.exe - you can launch the comand line even when locked out of the machine just by hitting shift 5 times.

But, as Microsoft points out, in order to set this up, you'd need admin access anyway.

March 18, 2007 | Permalink | Comments (0) | TrackBack

Spam at record levels

And it just keeps on growing. Spam levels in February 2007 topped 93 per cent of all email traffic monitored by internet security firm Postini.

Postini reckons the growth is largely due to the number of botnets out there.

March 18, 2007 | Permalink | Comments (0) | TrackBack

Chinese malware on the increase

Security researchers are noticing an increase in malware originating from China, says Facetime. Apparently, Chinese criminals are now developing their own file downloaders and rootkits.

"They are starting to realize that you can make silly amounts of money from installing malware," says Facetime.

March 16, 2007 | Permalink | Comments (1) | TrackBack

The Second Life security risk

Apparently it has become so commonplace for workers to visit the Second Life universe from their office PC that Sophos is warning that the popular game has become a security risk.

The security firm will start blocking Second Life via is security suite on enterprise networks.

March 14, 2007 | Permalink | Comments (0) | TrackBack

DDoS attacks as adverts?

Quite an interesting development. Icann last week published a report on the DDoS attack against the web root servers earlier this year. While the attack was largely unsuccesful, Icann reckons that the move could have been a show of strength by some botnet, possibly as an advertisement - botnet for hire.

March 12, 2007 | Permalink | Comments (0) | TrackBack

Bagle still going strong

Would you believe it? Three years on an Bagle is still going strong. This must be one of the most successful pieces of malware ever created. And according to Commtouch, the worm is only getting better at staying under the radar and avoiding detection.

March 8, 2007 | Permalink | Comments (0) | TrackBack

It's old advice...

but it bears repeating. Keep your passwords secure. Use complex passwords and use different passwords for each account.

More than half of surfers use the same one or four passwords to access up to 20 online banking and e-commerce accounts, according to Kaspersky.

Gartner recently said that identity theft has increased by 50 per cent since 2003 in the US alone.

March 7, 2007 | Permalink | Comments (0) | TrackBack

Intel hacker cleared at last

It took 12 years but Randal Schwartz has had his conviction for hacking Intel's password files quashed.

He worked at Intel in the 90's and was amazed at how lax the tech firm was about its password security, so he went about proving it in a way that upset the company. now he's been cleared of his sentence but still fears ill will from the industry.

March 5, 2007 | Permalink | Comments (0) | TrackBack

How much spam?

Between 70 and 80 per cent of all internet traffic running across Russian networks last year was spam, so says Kaspersky Labs. Wow. That's a lot. Spammers are continuing to use graphics to evade spam filters and apparently spam is becoming increasingly criminalised.

March 1, 2007 | Permalink | Comments (0) | TrackBack