Anti-Phishing: Yahoo – ‘E-mail account security warning’

Summary Email title: ‘E-mail account security warning’ Scam target: Yahoo e-mail users Email format: HTML e-mail Sender: administration @ YAHOO.COMSender spoofed? Yes Scam call to action: ‘Your e-mail account will be disabled because of improper using in next three days, if you are still wishing to use it, please, resign youraccount information. For details see the attached file.’ Scam goal: Installing malicious software on victim’s computer Call to action format: Attached file Attachment type: .PIF file – hidden executable E-mail This message represents quite a large category of phishing. It is targeted at inexperienced users that are overly gullable and … Continue reading Anti-Phishing: Yahoo – ‘E-mail account security warning’

Anti-Phishing Alert – Citibank – ‘Safeguard your account MsgID#…’

Summary Email title: ‘Safeguard your account MsgID# ‘ Scam target: Citibank customers  Email format: HTML e-mail Sender: Citibank.message @ emailmessage.citibank.comSender spoofed? Yes Scam call to action: ‘Recently there have been a large number of cyber attacks pointing our database servers. In order to safeguard your account, we require you tosign on immediately… Please use our secure counter server to indicate that you have signed on, please click the link bellow…’ Scam goal: Getting victim’s credit/debit card information, SSN, contact information (name, phone number, address, etc.)  Call to action format: URL link  Visible link: h++p://219.138.133.5/verification/ Called link : h++p://219.138.133.5/verification/Phish website on IP: 219.138.133.5 E-mail    This phish uses some interesting and dangerous tricks. The message itself is simple but … Continue reading Anti-Phishing Alert – Citibank – ‘Safeguard your account MsgID#…’

Hackers use Google to access photocopiers

As such devices as photocopiers become digital, they can be connected to the Internet, making them searchable through Google. Google indexes IP (internet protocol) addresses and web content sent between them. A misconfigured server can broadcast sensitive details about a network, such as what sorts of devices reside on it, with login names and passwords. This allows experienced “Google hackers” to find details about a photocopier and read what people are copying on it. They can also find sensitive data in Google forums as security personnel from differing companies trade advice. Companies should periodically inspect the Google cache for sensitive … Continue reading Hackers use Google to access photocopiers

Macromedia JRun Has Multiple Bugs That Permit Session Hijacking, Cross-Site Scripting, and File Source Code Disclosure

SecurityTracker URL:  http://securitytracker.com/id?1011404 Impact:  Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, Not specified, User access via network Fix Available:  Yes   Exploit Included:  Yes   Vendor Confirmed:  Yes    Version(s): 3.0, 3.1, and 4.0  Description:  Several vulnerabilities were reported in Macromedia’s JRun server. A remote user can conduct cross-site scripting and session-fixation attacks. A remote user can also view source code for certain types of files on the system. The impact of a buffer overflow was not specified. The vendor reported that an implementation error in JRun 4.0 in … Continue reading Macromedia JRun Has Multiple Bugs That Permit Session Hijacking, Cross-Site Scripting, and File Source Code Disclosure

GDI Scanner Released

GDI Scanner Releasedhttp://isc.sans.org/diary.php?date=2004-09-23 This is a preliminary diary, and will be updated throughout the day, as the situation warrants, due to the possibility of a rapidly emerging exploit, or worm, we are releasing this early. Over the last 24hrs, several exploits taking advantage of the JPEG GDI vulnerability (MS04-028) have been released. We expect a rapid developemnt of additional exploits over the next few days. Tom Liston has put together a scanner, which will scan your systems for vulnerable versions of the GDI libraries you can get it at http://isc.sans.org/gdiscan.php This program should have an MD5 checksum of (91ff45c6158e77eb57fbf6fbe38f05d1) Several … Continue reading GDI Scanner Released

Firm justifies job for virus writer

A German computer security firm has defended its decision to hire the self-confessed teenage author of the Sasser and Netsky worms. Securepoint said its decision to employ Sven Jaschan offered the German teen a “second chance”. The job offer has certainly reopened the debate about how closely anti-virus firms should work with the people it is employed to counter. Some anti-virus firms have criticised Securepoint, arguing that it is sending a dangerous message to virus writers. http://news.bbc.co.uk/1/hi/technology/3677774.stm

Computer Associates to Pay $200M to Avoid Prosecution

Computer Associates International Inc. (CA) has agreed to pay more than $200 million to avoid criminal prosecution in a massive accounting scandal, a federal law enforcement source told The Associated Press on Wednesday. In addition, the company’s former general counsel, Steven Woghin, is expected to plead guilty in Brooklyn federal court Wednesday to securities fraud, conspiracy and obstruction of justice, according to the source, speaking to the AP on condition of anonymity. The settlement was expected to be announced in Washington. http://www.informationweek.com/shared/printableArticle.jhtml?articleID=47900963

AOL offers RSA authentication security to its members

America Online and RSA Security have launched AOL PassCode, a new premium service thatoffers members a second level of AOL account protection through the use of a keychain-sized device that generates and displays a unique six-digit numeric code every 60 seconds. “AOL PassCode is like adding a deadbolt to your AOL account by automatically creating a new secondary password every 60 seconds,” said Ned Brody, AOL’s senior vice president for Premium Services. “Many of our members use their accounts for business purposes, financial transactions or other sensitive activities. AOL PassCode offers a higher standard of protection through the same state-of-the-art … Continue reading AOL offers RSA authentication security to its members

Sophos Anti-Virus Fails to Detect Malicious Code in Files Named With Reserved DOS Device Names

SecurityTracker URL:  http://securitytracker.com/id?1011387 Date:  Sep 22 2004 Impact:  Modification of system informationFix Available:  Yes   Exploit Included:  Yes   Vendor Confirmed:  Yes   Advisory:  iDEFENSEVersion(s): prior to 3.86  Description:  iDEFENSE reported a vulnerability in Sophos Anti-Virus as packaged with Sophos Small Business Suite. A remote user can create malicious code that will evade the anti-virus detection capabilities. It is reported that malicious code within a filename that uses a reserved MS-DOS device name (e.g., AUX, CON, PRN, COM1, LPT1) will not be detected by the on-demand scanning feature and by the real-time on-access protection feature. The vendor was notified on August 6, 2004. … Continue reading Sophos Anti-Virus Fails to Detect Malicious Code in Files Named With Reserved DOS Device Names