IT security, vunerabilities, bugs, fixes, flaws, RSA conference and Infosec.

« March 2007 | Main | May 2007 »

Google AdWords scam

This has been making the headlines over the past few days. Cyber-criminals are using Google's AdWords to infect unsuspecting users with malware. The crooks buy ads under the name of trusted organisations and then set up the pages to hijack users with nasties.

April 30, 2007 | Permalink | Comments (0) | TrackBack

Web page warning

More evidence at Infosec today that malware authors are cutting out email and using web pages as their attack vector of choice. Between 5,000 and 20,000 infected pages are discovered daily. And as much as 70 per cent of web malware is found on legit sites that have been compromised. Scary stuff.

April 26, 2007 | Permalink | Comments (0) | TrackBack

Can the network be secure?

Well as Infosec kicks off in London, our man on the ground has noticed a division of opinion over network security. One argument is on the impossibility of a secure network and the need to protect data, contrasted by the other argument that network security is achievable within certain parameters.

Only one person at the show seems to think they have a secure network. They must be pretty confident if they're willing to admit that.

April 25, 2007 | Permalink | Comments (0) | TrackBack

Beating off the porn menace

An audit has discovered that over a quarter of work PCs harbour porn. "A significant number of employees continue to ignore corporate policies and in some cases are going to extraordinary lengths to bypass protection systems in order to obtain and distribute inappropriate material," said the firm behind the research. No kidding.

April 23, 2007 | Permalink | Comments (0) | TrackBack

Bulldog hacked in 2005?

There's news going around that around 100,000 customer details, including credit card info, was stolen from UK ISP Bulldog in 2005. The revelation came out in the Guardian. It's pretty bad that this info wasn't made known until almost two years later though. Surely the customers have a right to know?

April 19, 2007 | Permalink | Comments (0) | TrackBack

Attack of the super rootkits

New rootkit developments are keeping security experts on their toes, according to McAfee. Rootkits are routinely including malware such as Trojans, worms and viruses that actively conceal their existence at a low level within operating systems and are becoming more prevalent and more sophisticated and will continue to do so.

April 18, 2007 | Permalink | Comments (0) | TrackBack

The Linux wifi bug

This one has been hitting the headlines of late - a flaw in the Madwifi driver for Linux. Thing is, this was all patched and sorted last year so pretty much everyone should be safe. Of course, Linux has its own in built wifi defence - it's a pain in the butt to get wifi working at all on the OS.

April 17, 2007 | Permalink | Comments (0) | TrackBack

Paris Hilton naked!

Apparently hackers are exploiting the Microsoft Windows animated cursors (ANI files) bug by sending out emails promising nudie pics of Paris Hilton. We'll probably have to let the antivirus software sort this one out then... just beware of any emails headed "Hot pictures of paris hilton nude".

April 12, 2007 | Permalink | Comments (0) | TrackBack

It was only a matter of time

Hackers have found a BIOS hack that circumvents the anti-piracy features built into the Windows Vista operating system.

The method uses a feature that allows system builders to qualify new computers as licensed by inserting a short digital marker in the BIOS. The marker bypasses product activation and anti-piracy checks.

Another method uses software that fools Windows into believing that it is running on a qualifying system.

Microsoft is apparently monitoring the situation.

April 11, 2007 | Permalink | Comments (0) | TrackBack

The end of email?

IDC notes that heavy levels of spam are making users reconsider email as their choice of communication medium. These days it's all about instant messaging and VoIP...

April 10, 2007 | Permalink | Comments (0) | TrackBack

Backing McKinnon?

This is an interesting survey from Sophos - do you think alleged Nasa hacker Gary McKinnon should go to jail? Sophos found 48 per cent want jail, 42 per cent want cmmmunity service and 10 per cent think a fine is appropriate. It's interesting to see ho hacking is interpreted as a crime by the tech sector and what people think is the most appropriate punishment.

April 10, 2007 | Permalink | Comments (0) | TrackBack

MS falls for April 1 hoax

None of the usual media outlets fell for the Week of Vista Bugs hoax, yet it appears that Microsoft did. Ooops. When contacted, the company issued a standard response but made no mention of the fact that the flaws were fabricated.

April 4, 2007 | Permalink | Comments (1) | TrackBack

Windows cursor bug

Microsoft is rushing out an out of cycle patch for the Windows animated cursor bug that cropped up. Apparently a rush of exploits targeting this attack have forced the company to take emergency action.

April 3, 2007 | Permalink | Comments (0) | TrackBack