 Site Navigation
 Latest Discussions
Chachazz @ 02-8-10 21:33
Read: 11 Comments: 0
Chachazz @ 02-8-10 21:23
Read: 12 Comments: 0
Terryala @ 02-8-10 20:27
Read: 12 Comments: 0
Terryala @ 02-8-10 20:14
Read: 28 Comments: 0
Terryala @ 02-8-10 20:12
Read: 13 Comments: 0
nineine @ 02-7-10 16:07
Read: 70 Comments: 0
DonZ @ 02-7-10 14:29
Read: 88 Comments: 1
Gogia @ 02-6-10 23:06
Read: 34 Comments: 1
bellgamin @ 02-6-10 20:27
Read: 172 Comments: 6
Terryala @ 02-6-10 00:22
Read: 24 Comments: 0
Chaff @ 02-5-10 16:13
Read: 93 Comments: 6
Terryala @ 02-5-10 12:30
Read: 21 Comments: 0
Terryala @ 02-5-10 12:25
Read: 48 Comments: 0
stimso @ 02-5-10 10:13
Read: 41 Comments: 0
|
|
Infected add-ons found on Mozilla download site |
| Posted by Terryala - 02-8-10 20:14 - 0 comments |
 |
Infected add-ons found on Mozilla download site Mozilla has discovered two 'experimental' add-ons for its Firefox browser which contain dangerous malware. According to Mozilla, version 4.0 of Sothink Web Video Downloader is infected with password sniffer Win32.LdPinch.gen and Master Filer is infected with the backdoor trojan Win32.Bifrose. Where malware has infected a Windows system following installation of an infected browser add-on, uninstalling the add-on alone will not remove the infection. In its advisory on the problem, Mozilla lists several anti-virus programs which are able to recognise the malware and have been able to do so for some time. But this is where it gets embarrassing for Mozilla – the infected add-ons have been available from the official download site for several months and, according to Mozilla, have together been downloaded around 4,600 times. The infected add-ons were only discovered and removed, on 25th January and 2nd February, following use of additional anti-virus scanning software by Mozilla. Mozilla should really have been alert to the danger since malware had been found in a Vietnamese language pack back in 2008. In that case the malware merely displayed advertising, but it could, according to Mozilla developers, also have been used for more nefarious activities. That script, designated HTML.Xorer also appears to have slipped past Mozilla's anti-virus scanner. As a result, Mozilla developers announced that the add-on directory would in future be checked for malware on a daily basis. The current case illustrates the point that it is still advisable to check add-ons for viruses before installing them, using, for example, an online service such as VirusTotal. http://www.h-online.com/security/news/item...ite-924307.html
|
Read 28 times - make a comment
|
FBI wants records kept of Web sites visited |
| Posted by TheSentinel - 02-7-10 14:52 - 0 comments |
 |
QUOTE FBI wants records kept of Web sites visited By Declan McCullagh CNET News Posted on ZDNet News: Feb 05, 2010 12:38:56 PM The FBI is pressing Internet service providers to record which Web sites customers visit and retain those logs for two years, a requirement that law enforcement believes could help it in investigations of child pornography and other serious crimes. FBI Director Robert Mueller supports storing Internet users' "origin and destination information," a bureau attorney said at a federal task force meeting on Thursday. As far back as a 2006 speech, Mueller had called for data retention on the part of Internet providers, and emphasized the point two years later when explicitly asking Congress to enact a law making it mandatory. But it had not been clear before that the FBI was asking companies to begin to keep logs of what Web sites are visited, which few if any currently do. More: http://news.zdnet.com/2100-9595_22-390703.html
|
Read 39 times - make a comment
|
Microsoft to fix 26 vulnerabilities on patch day |
| Posted by Terryala - 02-5-10 12:25 - 0 comments |
 |
Microsoft to fix 26 vulnerabilities on patch day This Tuesday, the 9th of February, Microsoft plans to fix 26 security vulnerabilities in Office and in all supported Windows versions. There are 13 updates and bulletins describing the threats posed, five of which the company classes as critical. Microsoft's Security Response Team is already recommending administrators and users to treat bulletins 1 ,2, 3 and 6 as maximum priority and to test and install them as soon as they are made available. The bugs fixed include the now 17 year old vulnerability in the Virtual DOS Machine, which, using various tricks, allows 16-bit programs to manipulate the kernel stack belonging to any process. This can be exploited by users with restricted privileges to execute code with system privileges. There will not be a patch for the newly discovered vulnerability in Internet Explorer. Microsoft does not appear to be prioritising this problem, since it primarily affects pre-Vista Windows versions. From Vista onwards, Internet Explorer (7 and 8) runs in protected mode, which prevents exploitation of the vulnerability. A fix-it tool is available for earlier versions. The denial-of-service (DoS) vulnerability in the Windows 7 and Windows Server 2008 R2 SMB clients, discovered in mid November, will also remain unpatched. This bug can only be exploited using manipulated SMB servers sending crafted packets to clients – a scenario which apparently occurs so infrequently that Microsoft has yet to see a single instance. The vulnerability when parsing file names with semicolon extensions in Internet Information Server 6.0 (IIS) will likewise remain unpatched. Microsoft is also reminding users that support for various Windows versions expires this year. There will be no further updates for Windows 2000 after 13th July 2010 and Windows XP Service Pack 2 will also cease to be supported after this date. SP2 users are advised to update to SP3. Windows Vista RTM will be supported until 13th April 2010 only, Vista SP1 until 12th July 2011. http://www.h-online.com/security/news/item...day-923011.html
|
Read 48 times - make a comment
|
Fake Firefox site bundles undead adware |
| Posted by Terryala - 02-4-10 15:24 - 0 comments |
 |
Fake Firefox site bundles undead adware QUOTE Zango crapware rises from the grave
By John Leyden
Posted in Malware, 3rd February 2010 15:59 GMT
Adware slingers have taken advantage of the buzz around the latest version of Firefox to establish a fake browser download site.
The counterfeit Firefox download site is disguised as a kosher browser download site and might easily fool the unwary. A closer look, however, reveals the version of Firefox on offer is version 3.5 (instead of the latest 3.6 version supplied by Mozilla). In addition, terms such as "Anti-Pishing" (sic) are misspelled on the glossy counterfeit download site. Web users taken in by the scam will wind up downloading browser software contaminated with the Hotbar toolbar from Pinball Corp, formerly Zango. The software bombards marks with irksome pop-up ads while also further slowing performance by loading the Hotbar weather application in the system tray.
Security firm eSoft, which documents the risk here, reckons that the ruse is more likely the brainchild of a rogue Pinball agent rather than the firm itself. Pinball rewards its pay-per-install affiliate with up to $1.45 per install, eSoft adds.
Users looking to get the latest version of Firefox are advised to go to Mozilla's getfirefox.com site. eSoft has blocked access to the fake site for users of its technology. Other vendors can be expected to follow suit.
Zango was repeatedly obliged to defend itself against accusations that its ad-serving software was distributed without the informed consent of users. Security firms routinely categorised Zango's software as adware, sparking unsuccessful lawsuits against Kaspersky Lab and PC Tools in 2007. Its PR staff tenaciously held the line that any problems were down to rogue affiliates, which it was in the process of culling even before it paid the FTC to settle a privacy lawsuit back in 2006.
However its chief tormentors - Ben Edelman, an assistant professor at the Harvard Business School, and Chris Boyd, former security researcher at Facetime Security - continued to document evidence of malpractice by Zango years after the FTC settlement. Zango went titsup last April, but its Hotbar technology lingers on the interwebs, as evidenced by the fake Firefox download ruse. http://www.theregister.co.uk/2010/02/03/fa...refox_download/
|
Read 52 times - make a comment
|
Microsoft confirms new vulnerability in Internet Explorer |
| Posted by Terryala - 02-4-10 15:19 - 0 comments |
 |
Microsoft confirms new vulnerability in Internet Explorer Microsoft has confirmed the existence of a security vulnerability revealed at the Black Hat DC security conference on Tuesday and itself issued a warning. The vulnerability allows a crafted website to access and read the content of arbitrary files on a PC. Although an attacker needs to know the specific path and file name, for a standard Windows installation these are usually known default paths. All versions of Internet Explorer from 5.01 to 8 on all supported Windows platforms are reportedly affected. Windows XP Home users, however, appear to be unaffected by the problem, as XP Home does not include a hidden C$ administrative share for websites to access. For Internet Explorer 7 and 8 running under Windows 7, Vista or Server 2003/2008, the vulnerability cannot be exploited as long as protected mode is activated in the browser (as it is by default). Microsoft has said that it is looking into how it can solve the problem. However, solving it is not going to be straightforward, as Jorge Luis Alvarez Medina of Core Security Technologies, who discovered the vulnerability, has repeatedly stressed. The crux of the problem is that security zone settings in Internet Explorer do not always bite if a path is entered in the browser in UNC (Uniform Naming Convention) format (e.g. file://127.0.0.1/C$/.../index.dat). This means that under specific conditions JavaScript from the Internet Zone can access (and render) local files, despite the zone model being intended to prevent this. Core Security reported two similar cross-domain vulnerabilities to Microsoft in 2008 and 2009, for which Microsoft released updates. However, until now, Microsoft has always merely patched things up, without addressing the actual core problem. As a result Medina has been able to discover a new means of reading local files. To overcome the hurdles set up by Microsoft, he takes advantage of a bug in the way the MIME type of local files is determined and a weakness when processing OBJECT tags. As an interim solution, Microsoft has released a downloadable fix-it tool which disables the Internet Explorer file protocol. This could, however, cause problems for some other applications. http://www.h-online.com/security/news/item...rer-922111.html
|
Read 50 times - make a comment
|
Fake Microsoft Outlook Update Installs Trojan |
| Posted by TheSentinel - 02-3-10 19:59 - 0 comments |
 |
QUOTE Fake Microsoft Outlook Update Installs Trojan Erik Larkin Feb 3, 2010 7:22 pm A malicious spam campaign caught by Panda Labs is using a fake Microsoft Update notice to trick victims into installing a Trojan. While well crafted, the attack still provides dead giveaways. The e-mail, which Panda posts with a screen shot, is spoofed to look as if it comes from Microsoft Support. With a realistic-looking subject and e-mail body that attempts to piggy-back on the constant (and correct) advice to keep your computer up-to-date with patches, it's a great example of a social engineering attack. More: http://www.pcworld.com/article/188456/fake...lls_trojan.html
|
Read 59 times - make a comment
|
Hackers paralyse emissions trading scheme |
| Posted by TheSentinel - 02-3-10 19:55 - 0 comments |
 |
The H ŽOnline Security reports on 3 February about hackers which hacked emission trade scheme, causing a huge financial damage QUOTE 3 February 2010, 13:31 Hackers paralyse emissions trading scheme Emissions trading is considered the yardstick for reducing pollutant emissions. Using market-based mechanisms, it aims to encourage economies and businesses to gradually reduce their overall emissions, such as those caused by burning fossil fuels. Emissions permits that define a specific volume of a greenhouse gas such as carbon dioxide are assigned or purchased, allowing businesses which emit less than their permitted volume to sell excess permits on a trading platform specifically set up for the purpose. Businesses which produce more pollutants than they have permits for must obtain additional certificates. More: http://www.h-online.com/security/news/item...eme-921075.html
|
Read 51 times - make a comment
|
Multiple vulnerabilities in VMware products |
| Posted by TheSentinel - 02-1-10 19:47 - 0 comments |
 |
The H Online report 1. February 2010 about lot of open holes in VMware products QUOTE 1 February 2010, 16:28 Multiple vulnerabilities in VMware products VMware has advised of a number of vulnerabilities in several of its products, including ESX, Server, VirtualCenter and vCenter. According to the company, a number of the issues relate to problems in the Java Runtime Environment (JRE) and several of the 47 vulnerabilities can be used by an attacker to compromise a system. More: http://www.h-online.com/security/news/item...cts-919475.html
|
Read 83 times - make a comment
|
|