Security News

Dr. Neal Krawetz: Online Impersonations: No Validation Required
Online Impersonations: No Validation Required

News: A Mac gets whacked, a second survives
A Mac gets whacked, a second survives

Startup pitches smarter AV (InfoWorld)
InfoWorld - With a name like Robot Genius you wouldn't expect the company's leaders to be modest, but the more you hear the firm's Chairman Stephen Hsu talk about his startup's new approach to anti-malware, the more you believe the name might fit.

Cyberattacks at federal agencies draw House scrutiny
As more is learned about intrusions reported on government computer systems last year, politicians question adequacy of fixes put in place.

Federico Biancuzzi: 0wning Vista from the boot
0wning Vista from the boot >> Advertisement << ALERT: “How A Hacker Launches A Blind SQL Injection Attack Step-by-Step”!” - White Paper Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=701600000004c29

MacBook hacked in contest at security event
Zero-day vulnerability in Safari Web browser used to commandeer a MacBook in hack-a-Mac contest at CanSecWest conference.

Brief: New England bankers sue TJX for breach
New England bankers sue TJX for breach >> Advertisement << ALERT: “How A Hacker Launches A Blind SQL Injection Attack Step-by-Step”!” - White Paper Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=701600000004c29

News: MacBooks withstand mild attacks on patch day
MacBooks withstand mild attacks on patch day

F-Secure Puzzled Over Google Results
What is it about the numeric sequence 13123390 that has Finnish security firm F-Secure so curious about Google’s search results for it? Their first blog post about the number appeared on Monday: Make a Google search for “13123390″. How many results do you get? Are you sure? Explain what’s happening. It looks like F-Secure and some other people saw some weird result pages, with ‘Results: 1-10 of about 5 for 13123390′ going on for five pages. But it appears most people are seeing normal results. We’re seeing ‘Results 41 - 45 of about 31 for 13123390′, with the option of seeing omitted duplicate results. We opted to see them: ‘Results 71 - 71 of about 31 for 13123390.’

Brief: No pay off in extortion attacks?
No pay off in extortion attacks?

Infocus: Building Secure Applications: Consistent Logging
Building Secure Applications: Consistent Logging

Free Anti-Rootkit Tools (PC Magazine)
PC Magazine - Many free tools are available to detect rootkits. Some also attempt to remove them.

Microsoft Labs Tackle Security (PC World)
PC World - In a move to strengthen its response to security threats, Microsoft Corp. is opening two labs to study the growing amount of malicious software circulating on the Internet, security executives announced Wednesday.

Vuln: Aircrack-ng Airodump-ng Authentication Packet Buffer Overflow Vulnerability
Aircrack-ng Airodump-ng Authentication Packet Buffer Overflow Vulnerability

April 2007
ZDNet Blogs - The vast majority of pirated black-market software being sold in the back alleys from Moscow to Bangladesh are laced with backdoors and rootkits. Not selling them software at prices proportional to their income levels simply means the bad guys get

Security researchers warn that phishers are manipulating QuickTime
eWeek - A study done by anti-virus veteran Roger Thompson rates Symantec’s Norton AntiVirus 2007 as the best at detecting and removing stealth rootkits; Microsoft’s Windows Defender was a big disappointment in the study.

What’s New Now
Baseline - Turn Their Attention to the Corporate World McNealy Out as Sun CEO, Schwartz In Government-Funded Startup Blasts Rootkits Mobile Case Study: RouteOne deploys specialized SOA hardware from IBM to simplify, help secure & accelerate SOA Better Email

Itanium 2 used to build DNS super-server
TechWorld - SourceT authenticates its own code when the server is booted up, a process that makes the system immune to rootkits and similar malware, Secure64 said. Since unnecessary functions have been stripped out of the OS, dedicated systems running it can

These programs protect you from Internet nasties
Cincinnati Enquirer - RootkitRevealer will help you discover rootkits on your computer. Rootkits are a type of malware that can make themselves invisible. RootkitRevealer sniffs out some of their common tricks. SDelete is a file shredder. Data recovery tools can’t read the

Microsoft teams up with EMC
TechWorld - Microsoft will now include EMC’s Smarts network monitoring technology in future versions of Microsoft System Center Operations Manager, its end-to-end IT systems monitoring software. EMC is also developing network management and root-cause analysis

Featured Businesses Join the Network
WBZ-AM - 24 hours / 7 days Security and Privacy Solutions Office computer monitoring software Kantrovitz &Associates, P.C. Contact: Steven H. Kantrovitz Business hours: 8:00am to 6:00pm Essex Vacuum 8 am - 5 pm M-F 9 am - 4 pm Sat 12 pm - 5 pm Sun (Saugus

Four steps to battling botnets
Computerworld - says that there s something like a 10-to-1 chance that such behavior indicates the PC is part of a botnet. Enterprise network administrators can also keep a close watch for suspicious outbound activity using their network-monitoring software.

Printer-friendly view
Tolerance.org - The results of another survey, commissioned by the National Center for Missing and Exploited Children (NCMEC) and Cox Communications last spring, shows that nearly half of parents surveyed do not have or do not know about monitoring software or their

Online Press Release
PRWeb - Popular Anti-Keylogger Plugin Adds Support for IE 7 and Firefox Six weeks after KeyScrambler s initial release on July 29, 2006, QFX Software rolled out the much anticipated new version, KeyScrambler 1.1, with newly added support for Microsoft

Eric Kinney, President
PRWeb - Here is it at last Anti-keylogger 5.0 for Microsoft Windows NT/2000/XP. - 2004-06-21 Teaneck Resident Takes Future into Own Hands with Ingenious New Business: AutoEval Jason Bass, 8-year Teaneck, New Jersey resident establishes AutoEval

Security Step 4: Response
eWeek - The IT executive at the company profiled in the “Anatomy of a rootkit hack” did just that and found, to his dismay, that an IT staffer had used a domain administrator name and password on the rootkit- and keylogger-infected system. That security

Barclays Bank Fights Back Against Phishing Scams
Information Week - These device-generated passwords expire in two minutes, so even if a keylogger picked up one it would most likely have expired by the time the hacker got his hands on it. Barclays last year also offered free antivirus software in hopes of stopping the

Spammers, hackers seize on Virginia Tech shootings (InfoWorld)
InfoWorld - Spammers and hackers are using the slayings at Virginia Tech as a gory lure to infect computers with malicious software, security experts noted Thursday.

Worst week for viruses in a year?
The largest proliferation of email virus attacks in more than a year is likely to have occurred last Thursday, according to security company Postini. Postini said two variations of the Storm Worm virus, which originally spread across the internet in January, have quickly driven global virus levels 60 times higher than their daily average. Email users should be on alert for messages with “love”-related subject lines and an executable attachment that would contain a Trojan virus, as well as messages with “Worm Alert!” subject lines that contained a dot-zip file full of malicious code. According to warning notices from Postini - as well as VeriSign, which has also been following the threat - clicking on the executable file in one of the new Storm Worm emails installs a rootkit with anti-security measures that mask the malicious software’s presence from virus scans and shut down security programs that may be running. The virus then taps into a private peer-to-peer network where it can download new updates and upload personal information from the compromised computer. Additionally, the virus scans the machine’s hard drive to locate email addresses to which it can replicate itself.

New Worm Wriggles on Skype (PC World)
PC World - A worm targeting Skype Ltd.'s VOIP (voice over Internet protocol) application is harvesting e-mail addresses and directing users to a range of sites hosting other malicious software, security vendors said Monday.