Gmail will enter https for users

Gmail will now automatically enter https:// even if the user will type http://mail.google.com only.  Google Gmail Team started securing the email communication using Gmail service on Thursday. Read more in the blog: http://gmailblog.blogspot.com/2008/07/making-security-easier.html

Apple Safari Cross-Domain Cookie Injection Vulnerability

Affected Software:    Safari 3.xSafari for Windows 3.x A vulnerability has been discovered in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions. The problem is that websites are allowed to set cookies for certain country-specific secondary top-level domains. This can e.g. be exploited to fix a session by setting a known session ID in a cookie, which the browser sends to all web sites operating under an affected domain (e.g. co.uk, com.au). The vulnerability is confirmed in Apple Safari for Windows 3.1.2. Other versions may also be affected. Solution:  Do not browse untrusted web sites … Continue reading Apple Safari Cross-Domain Cookie Injection Vulnerability

The Planet offers free backup, discounted data protection and firewalls

The Planet announced three new promotions that offer enhanced data protection and security for Planet Alpha dedicated server customers. For a limited time, new orders of Network Backup and EVault Backup are free for the first 90 days. Both solutions are hosted on The Planet’s world-class managed storage infrastructure and are available in 10GB – 80GB or larger capacities for mission-critical environments. http://www.net-security.org/secworld.php?id=6344

DNS Flaw Unfixed as Experts Argue Protocol

Speculation continues as to what the ultimate systemic Domain Name System (DNS) flaw could be. This flaw apparently allows Web surfers to be spoofed, directing them to fake Web sites to gain passwords and load malware on their computers. The flaw was first revealed by Dan Kaminsky, a researcher at security firm IOActive Inc., although Kaminsky largely withheld the technical details of the exploit. In a Friday morning press conference, Kaminsky said that many of the patches released by various IT vendors and security firms reacting to his bug discovery (reported by CNet News.com) are at best temporary fixes to … Continue reading DNS Flaw Unfixed as Experts Argue Protocol

Beware Fake Anti-Mailware With Fake Editors Choice Awards

From Larry Seltzer of PC Mag: This isn’t news, but it’s worth reminding everyone: there is a large category of malicious programs that present themselves as antispyware or antivirus programs. Having already established that they will lie about these things, they may lie about others. For instance, we recently came across one which claims to have won a number of awards, including the PC Magazine Editors’ Choice. http://blogs.pcmag.com/securitywatch/2008/07/beware_fake_antimailware_with.php

Security flaws in online banking sites found to be widespread

More than 75 percent of the bank Web sites surveyed in a University of Michigan study had at least one design flaw that could make customers vulnerable to cyber thieves after their money or even their identity. Atul Prakash, a professor in the Department of Electrical Engineering and Computer Science and doctoral students Laura Falk and Kevin Borders examined the Web sites of 214 financial institutions in 2006. They will present the findings for the first time at the Symposium on Usable Privacy and Security meeting at Carnegie Mellon University July 25. http://www.ns.umich.edu/htdocs/releases/story.php?id=6652 via http://blogs.zdnet.com/security/?p=1536

Hackers attack businesses, blogs and Web 2.0 sites

IT security and control firm Sophos has published new research into the first six months of cybercrime in 2008. The Sophos Security Threat Report examines existing and emerging security trends and has identified that criminals are increasingly using creative new techniques in their attempt to make money out of internet users. Website infection rate three times faster than 2007 Sophos has identified that the number one host for malware on the web is Blogger (Blogspot.com), which allows computer users to make their own websites easily at no charge. Business websites attacked, office workers at risk, Web 2.0 introduces new threatsThousand … Continue reading Hackers attack businesses, blogs and Web 2.0 sites

Asprox computer virus infects key government and consumer websites

Cyber-criminals have attacked key government and consumer websites, allowing them to steal the personal details of anyone browsing the sites, The Times has learnt. Eastern European hackers are suspected of placing the Asprox virus on more than a thousand British websites, including those run by the NHS and a local council, in the past two weeks. Experts described the Asprox virus as an alarming departure from commonplace viruses, which tend to be spread through rogue e-mails and unregulated websites. Unlike other viruses, Asprox sits undetected on mainstream sites, with any visitor at risk of being infected. The virus automatically installs … Continue reading Asprox computer virus infects key government and consumer websites

RIPN and PCWorld.com response on IP Hijacking in PCWorld.com’s IP address

I blog it the other day and the response by the 2 company is at http://www.dozleng.com/updates/index.php?showtopic=16134 The impact of this type of issue to users are: DisruptionDeceptionDisclosure So it’s good that pcworld.com is now on it and taking security measures to avoid it in happening again. We normally block bad domains and bad IP address.  Whenever a good IP address get hijack by another ‘entity’ (domain), we still trust the owner of legitimate IP address but we need to take action by continue blocking it until we are positive that the owner of the legitimate IP address is “on” it … Continue reading RIPN and PCWorld.com response on IP Hijacking in PCWorld.com’s IP address