Services tap people power to spot malware

Crowdsourcing for the common good People-driven security, an approach that pools the judgments of individual participants to identify new threats, is gathering momentum, with uses popping up in everything from antimalware and spam blocking to site filtering. OpenDNS’s Domain Tagging, introduced in February, is the latest example of this kind of strength in numbers. The free Web-filtering service allows subscribers to block sites in their choice of categories. But instead of one company deciding whether a site is malicious, pornographic, or otherwise unsavory, anyone who volunteers can help do the filtering. Illustrating the trend’s extent, Google created a page last … Continue reading Services tap people power to spot malware

Schneier lambasts Microsoft ‘friendly worms’

Security expert Bruce Schneier has criticised the concept of using “friendly worms” to distribute software patches. Following the publication of Microsoft’s Sampling Strategies for Epidemic-Style Information Dissemination paper on Friday, Schneier criticised the concept of using worm-like techniques to distribute software patches. The security expert said that, while it may seem like poetic justice to turn a weapon against itself and would seem to solve problems of home users not patching, the idea was “stupid”. http://news.zdnet.co.uk/security/0,1000000189,39327030,00.htm

Nautica Apparel website hacked

The Taiwanese version of Nautica Apparel, Inc. has been compromised and is being used to install several pieces of malware on to victim computers. A spam wave is on which attempts to lure potential victims to the site by offering a link to view a video. http://sunbeltblog.blogspot.com/2008/02/nautica-apparel-website-hacked.html

iPhone DoS vulnerability

With the large number of web applications for the iPhone, Apple lists more than 600, the Mobile Safari browser plays a large role. Recently a Denial of Service(DoS) vulnerability was discovered in iPhone’s web browser.More at http://www.avertlabs.com/research/blog/index.php/2008/02/20/iphone-dos-vulnerability/

Browser: Opera released v9.26 – security fixes

Version 9.26 of Opera Browser has been released.  Download now to take advantage of security and stability fixes.  Below are the security advisories of Opera: Simulated text inputs can trick users into uploading arbitrary files Image properties can be used to execute scripts Representation of DOM attribute values could allow cross-site scripting Stability fixes and others.  See release notes http://www.opera.com/docs/changelogs/windows/926/ Posted too at Calendar of Updates

Kaspersky AV and Internet Security Suite user’s receives Critical Fix 1

On February, 19th 2008 Kaspersky Labs announces release of Critical Fix 1 for Kaspersky Anti-Virus 7.0 Kaspersky Internet Security 7.0. The full version number is 7.0.1.325. IMPROVEMENTS compared to version 7.0.1.321: Error that caused computer and web browsers (Microsoft Internet Explorer, Mozilla, Firefox) to slow down when Kaspersky Anti-Virus is running has been fixed. Error that caused slowdown during loading of Microsoft Office 2007 applications when Kaspersky Anti-Virus is running has been fixed. Error that caused slowdown during loading of computer’s operating system when Kaspersky Anti-Virus is installed has been fixed. http://www.kaspersky.com/support/kis7/tech?qid=208279696 Posted too at Calendar of Updates

Mozilla Foundation Security Advisory 2008-07

Title: Possible information disclosure in BMP decoderImpact: ModerateAnnounced: February 19, 2008Reporter: Gynvael Coldwind // VexilliumProducts: Firefox, Thunderbird, SeaMonkeyFixed in: Firefox 2.0.0.12Thunderbird 2.0.0.12SeaMonkey 1.1.8 Description Security researcher Gynvael Coldwind of Vexillium (crediting help from udevd and porneL) demonstrated that BMP images could be used to reveal small chunks of uninitialized memory that might contain sensitive data from other pages or other programs, and that this data could be extracted from the image using methods associated with the <canvas> feature. Note: Because this flaw also affected products from other vendors disclosure was delayed until they could release a fix. WorkaroundDisable JavaScript until … Continue reading Mozilla Foundation Security Advisory 2008-07

Got malware? Now you can bank online anyway

The CSIRO has developed a tool it says will prevent criminals snooping on online communications, but hacking experts say the system is not foolproof. The tool, dubbed the Trust Extension Device (TED), developed by the government research body, is a set of software tools loaded on to a portable storage device, which the CSIRO claims will allow online banking customers to create a quarantined desktop environment on computers that have been compromised by trojans, viruses or other malware. “The TED is a set software components currently because it’s implemented on a USB stick. It essentially starts a virtualisation machine. It’s … Continue reading Got malware? Now you can bank online anyway

Russian hosting network runs a protection racket

It attacks shady sites, hits them up for anti-attack hosting services The Russian Business Network, a notorious hacker and malware hosting network, runs a protection racket that extorts as much as US$2,000 a month in fees for “protective Web services” from borderline sites, a researcher alleged. The RBNExploit blog — which is authored by one or more anonymous researchers — spelled out the racket run by the group, which is thought to be headquartered in St. Petersburg, Russia, and has been pegged by security professionals as a major source of malware and cyber criminal activity. http://www.arnnet.com.au/index.php/id;1496227928;fp;16;fpid;1

Hackers step up website attacks

Trend Micro has warned that hackers are intensifying attacks on legitimate websites to spread malware. The security firm’s 2007 Threat Report and 2008 Forecast debunked the myth about “not visiting questionable sites”. Just because a user visits a gambling or adult-content site does not necessarily mean that web threats are lurking in the shadows. But legitimate sites with the latest sports news, or links in a search engine result, could potentially infect visitors with malware. Trend Micro explained that an underground malware industry has carved itself a thriving market by exploiting the trust and confidence of web users. http://www.vnunet.com/vnunet/news/2210040/hackers-step-website-attacks