Tech Industry Takes Aim at ‘Password Overload’

The idea is to bring the concept of an identity card, like a driver’s license, to the online world. Rather than logging on to sites with user IDs and passwords, people would gain access to sites using a secure digital identity overseen by a third party. Such identity cards would also reduce the number of phishing incidents. Microsoft, Google and PayPal, a unit of eBay, are among the founders of an industry organization that is hoping to solve the problem of password overload among computer users. The Information Card Foundation is an effort to create a single industrywide approach to … Continue reading Tech Industry Takes Aim at ‘Password Overload’

AVG update disguises LinkScanner traffic as IE6

Earlier this month, AVG was pointed to as the source of a new bandwidth hog on the Internet with one of their fancier anti-malware tools causing a huge jump in traffic on popular sites. At least admins were able to identify what was going on and filter out the nonsense traffic under this scenario. However, AVG has made things more difficult with a recent update in which its LinkScanner program disguises itself as IE6. http://www.techspot.com/news/30641-AVG-update-disguises-LinkScanner-traffic-as-IE6.htmlhttp://www.theregister.co.uk/2008/06/26/avg_disguises_fake_traffic_as_ie6/

ICANN and IANA’s domains hijacked by Turkish hacking group

What happens when the official domain names of the organizations that issue the domain names in general, and provide allthe practical guidance on how the prevent DNS hijacking, end up having their own domain names hijacked? A wake up call for the Internet community. The official domains of ICANN, the Internet Corporation for Assigned Names and Numbers, and IANA, the Internet Assigned Numbers Authority were hijacked earlier today, by the NetDevilz Turkish hacking group which also hijacked Photobucket’s domain on the 18th of June. Zone-H mirrored the defacements, some of which still remain active for the time being. http://blogs.zdnet.com/security/?p=1356

Antispam group outlines defenses to block botnet spam

A major antispam organization is pushing a set of new best practices for ISPs (Internet service providers) to stop increasing volumes of spam from botnets. The guidelines, from the Messaging Anti-Abuse Working Group (MAAWG), were drawn up at a meeting in Germany last week and deal with forwarded e-mail and e-mail that is sent from dynamic IP (Internet Protocol) addresses. http://www.maawg.org/home/ More:  http://www.networkworld.com/news/2008/062608-antispam-group-outlines-defenses-to.html

Internet Explorer 6 & 7 Vulnerabilities

Internet Explorer 7 Frame Location Handling Vulnerability sirdarckcat has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct spoofing attacks. The problem is that it is possible for a website to modify the location of another frame in another window by setting the location to an object instead of a string. This can be exploited to load malicious content into a frame of a trusted website. The vulnerability is confirmed in IE7. Other versions may also be affected. Solution:  Do not visit or follow links from untrusted websites.http://secunia.com/advisories/30851/ Internet Explorer 6 Window “location” Handling … Continue reading Internet Explorer 6 & 7 Vulnerabilities

Debate rages over whether Internet ad blocking hurts Web

EasyList and the free Adblock Plus software it works with may be the most popular and most effective of all the ad blocking systems on the Web. Using EasyList, which is also free, AdBlock Plus screens out not just pop-ups, but virtually every other Internet ad form, including in-page display and video, based on Rick’s list. Rick in the middle of a fierce debate over ad blockers and what role they could have on the development of the Web. Some Web site owners argue that the blockers could have a devastating effect on the availability of content on the Web. … Continue reading Debate rages over whether Internet ad blocking hurts Web

HSBC scripting flaws play into the hands of phishers

Several HSBC websites are subject to scripting flaws that create a possible mechanism for crooks to create more convincing phishing scams. Security blog xssed.com has posted a list of affected domains, which include HSBC sites in multiple territories including the UK. Xssed has been tracking problems on the bank’s sites since last year. The bank has been taking up to two months to fix problems, with issues pointed out to it in May still unresolved. Flaws in the Greek HSBC website and its flagship .com site were added earlier this week.http://www.theregister.co.uk/2008/06/25/hsbc_scripting_flaws/

PokerGame TrojanHorse attempts to take control Macs

OSX.Trojan.PokerStealer Trojan Horse Attempts to Take Control of Macs Another Trojan targeting the Mac has been found on the Web, as the number of malicious applications increases with the growing popularity of Apple computers. Security vendor Intego discovered the latest malware masquerading as a program for Mac OS X called “PokerGame.” The application is a script wrapped in an executable bundle that’s distributed by e-mail as a Zip file. http://www.intego.com/news/ism0803.asphttp://news.yahoo.com/s/cmp/20080626/tc_cmp/208800731