Seadragon.com Goes Live

At Seadragon.com you can share any image on the web as a zoomable photo. Simply point Seadragon.com at any image you’ve got on the web, and in no time flat, you’ve got a zoomable viewer just like this one. Share the link on Facebook, Twitter, or through email or IM. Or embed it directly on your blog, eBay listing or virtually any site. Go ahead, click on the image below (or use your mousewheel) to zoom in, and drag it to pan around. Huge images on the web just haven’t been fun in the past. Between the downloading, the snapping … Continue reading Seadragon.com Goes Live

Firefox NULL Character CA SSL Certificate Validation Security Bypass Vulnerability

Mozilla Firefox is prone to a security-bypass vulnerability because the application fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. Firefox 3.0 is vulnerable; other versions may also be affected. Note that additional Mozilla products such as Thunderbird and SeaMonkey may also be affected, but this has not been confirmed. Not Vulnerable: Mozilla Network Security Services (NSS) 3.12.3 Mozilla Firefox 3.5 http://www.securityfocus.com/bid/35888/discuss

Vkontakte accounts compromised

Today data from more than 40,000 VKontakte accounts (the Russian equivalent of Facebook) was put up on a hacker site. We know that the site (83.133.120.252) is a phishing site, and our personal products block attempts to access the site. Trojan.Win32.VkHost.an (which we added detection for on 28th July) spreads via the VKontakte app (hxxp://vkontakte.ru/app711384?&m=2, currently blocked by VKontakte admins). Once installed, this Trojan modifies the hosts file: 83.133.120.252 vkontakte.ru 83.133.120.252 odnoklassniki.ru If your machine is infected and you try and open either of the sites, the browser gets redirected to a phishing page which requests login credentials. The login … Continue reading Vkontakte accounts compromised

BBC Tech journalist falls into common Twitter trap

Rory Cellan-Jones is a busy chap. He’s the BBC expert on all things technological and pops up with alarming frequency on television, radio and online talking about the hot tech story of the day. He also has a faithful following of over 10,000 fans on Twitter where he tweets throughout the day about what he’s up to. In fact, from time to time, his seeming addiction to telling the micro-blogging site about his early morning runs with the family dog has made the headlines itself. But now, a rather irritating "feature" of Twitter has bitten poor Rory in the bottom. … Continue reading BBC Tech journalist falls into common Twitter trap

Intel warns over bare-metal BIOS bug – Set bug panic meters to ‘important’

Intel has warned that some of its motherboards contain a flaw in their BIOS setup that creates a privilege escalation vulnerability. As a result of the security bug, users already logged in as administrators could change code running in System Management Mode. SMM is a privileged operating environment that operates outside of operating system control, creating a possible mechanism (at least in theory) for mounting rootkit-style attacks on vulnerable systems. Exploiting the bug would probably require physical access to affected systems, a fair amount of skill and not a little luck in locating a vulnerable box. Desktop and server systems … Continue reading Intel warns over bare-metal BIOS bug – Set bug panic meters to ‘important’

Researchers find insecure BIOS ‘rootkit’ pre-loaded in laptop;Anti-theft software could create security hole

A popular laptop theft-recovery service that ships on notebooks made by HP, Dell, Lenovo, Toshiba, Gateway, Asus and Panasonic is actually a dangerous BIOS rootkit that can be hijacked and controlled by malicious hackers. The service — called Computrace LoJack for Laptops — contains design vulnerabilities and a lack of strong authentication that can lead to “a complete and persistent compromise of an affected system,” according to Black Hat conference presentation by researchers Alfredo Ortega and Anibal Sacco from Core Security Technologies. For it to be an effective theft-recover service, Ortega and Sacco explained that it has to be stealthy, … Continue reading Researchers find insecure BIOS ‘rootkit’ pre-loaded in laptop;Anti-theft software could create security hole

New Encryption, Vendor Privacy Requirements Good for Banks

New Massachusetts Data Security Regulation adds encryption, vendor responsibility to the privacy mix. Financial institutions have been regulated for years under the GLBA Safeguards Rule, which includes data security regulations that are similar (but not identical) to those found in the Massachusetts Data Security Regulation. The key benefit of the new regulation to the financial services industry is that it now holds third-party vendors directly accountable to protect personal information. The concern, naturally, will be over the additional impact (and costs) to the industry as each state follows suit with similar (but not identical) legislative initiatives. The significant new requirement … Continue reading New Encryption, Vendor Privacy Requirements Good for Banks

Black Hat: Hackers crack smart parking meter hole

A team of hackers disclosed Thursday at the Black Hat conference in Las Vegas that they have discovered a way to create a custom-made smart card for parking meters so they never run out. Joe Grand, a hardware hacker who is president of research-and-development firm Grand Idea Studio, said the purpose of the project was to shed light on the digital security vulnerabilities of embedded devices, such as parking meters, which can be exploited to perpetrate financial fraud. "Hardware is inherently trusted, and it shouldn’t be," Grand said. Continue reading in http://www.scmagazineus.com/Black-Hat-Hackers-crack-smart-parking-meter-hole/article/140940/

U r pwned: hardcore hackers turn to text messaging

Apple’s iPhones and phones running Microsoft’s Windows Mobile and Google’s Android operating systems were all shown to be vulnerable. In some cases, the problems weren’t with software, but the way cellular networks process messages. The findings are troubling as people increasingly use their phones for handling sensitive data, like email and online banking. Phones are morphing into mini-computers, which means they’re going to start getting attacked like PCs. In some respects, phones are relatively safer. Cellular carriers control their networks more tightly than anyone controls the internet, so they’re in a better position to stop new types of attacks that … Continue reading U r pwned: hardcore hackers turn to text messaging

Verizon offers free service to help developers test for Microsoft ATL flaw

Verizon Business is offering a free scanning service to help software developers more quickly determine whether any controls and components they built using Microsoft’s Active Template Libraries (ATL) are vulnerable to the issues identified in the emergency security update issued by Microsoft on Tuesday. The scanning service, along with a self-diagnostic questionnaire, is available online. It is designed to scan compiled code and produce a list of properties where the ATL vulnerabilities might exist, said Russ Cooper, senior security strategist with Verizon Business. http://www.networkworld.com/news/2009/072909-verizon-offers-free-service-to.html