Computer Security Research - McAfee Avert Labs Blog: "I always get a lot of questions about confidence scams. These types of spam emails have been around almost as long as email has been available to the public. Confidence scams are a child of phishing scams, and the annoying little brother of lonely girl scams, always showing up at the wrong time or hiding just around the corner. They’re difficult to eliminate completely because they are always re-inventing themselves.
Confidence scams, like lonely girl scams, are attempting to relieve a target of their money by convincing them to give it up willingly for a cause. They can appeal to the compassionate heart by asking for help with an orphanage, or to a baser greed by asking for help smuggling money out of a country.
The emails themselves are generated by a sweatshop of workers who create an account on a free email website, fill in a vague template with plot points, and then send it off to random recipients. A different reply_to field is created in order to redirect any replies to another free email account which is there solely for the purposes of receiving the replies (the scammer assumes that the newly created sending account will be revoked for the spamming actions)."
Saturday, August 29, 2009
Ability to crack mobile phone encryption described as worrying - SC Magazine UK
Ability to crack mobile phone encryption described as worrying - SC Magazine UK: "The ability to crack standard GSM cell phone A5/1 encryption has been described as worrying as it could have a profound impact on the mobile phone industry.
Speaking at the recent Hacking at Random conference in The Netherlands, Karsten Nohl detailed plans on how to crack A5/1, and make the results available for anyone to use.
His demonstration only required a radio card and top-of-the-line laptop and allowed GSM calls to be snooped and decrypted. It works by pre-generating the encryption keys used in GSM into a codebook table that can be quickly and easily looked up on the fly.
Cellcrypt CEO Simon Bransfield-Garth claimed that the development was worrying, as it marks a massive lowering of the bar for criminal organisations to illegally tap mobile phone conversations.
Bransfield-Garth, said: “Everybody has known for quite some time that a theoretical hack of GSM existed. This news means that the theoretical risk will become a very real one within the next six months. Governments have taken steps to manage the threat for years and now this is a very worrying prospect for anyone that discusses valuable or confidential information over their mobile phone."
Speaking at the recent Hacking at Random conference in The Netherlands, Karsten Nohl detailed plans on how to crack A5/1, and make the results available for anyone to use.
His demonstration only required a radio card and top-of-the-line laptop and allowed GSM calls to be snooped and decrypted. It works by pre-generating the encryption keys used in GSM into a codebook table that can be quickly and easily looked up on the fly.
Cellcrypt CEO Simon Bransfield-Garth claimed that the development was worrying, as it marks a massive lowering of the bar for criminal organisations to illegally tap mobile phone conversations.
Bransfield-Garth, said: “Everybody has known for quite some time that a theoretical hack of GSM existed. This news means that the theoretical risk will become a very real one within the next six months. Governments have taken steps to manage the threat for years and now this is a very worrying prospect for anyone that discusses valuable or confidential information over their mobile phone."
Thursday, August 27, 2009
Twitter XSS vulnerability not yet fixed - SC Magazine US
Twitter XSS vulnerability not yet fixed - SC Magazine US: "A major cross-site-scripting vulnerability in Twitter that could result in a user's account being taken over has yet to be fixed despite Twitter's claim that it has, according to the software developer who discovered the bug.
James Slater first described the vulnerability, which allows malicious JavaScript code to be inserted into tweets, Tuesday on the blog of Dave Naylor, a search marketing executive.
Twitter's application programming interface (API), used by developers to create applications to post tweets -- such as TweetDeck, TwitterFox or HootSuite -- does not properly filter the URL of these programs. As a result, users could actually insert malicious JavaScript code along with a URL."
James Slater first described the vulnerability, which allows malicious JavaScript code to be inserted into tweets, Tuesday on the blog of Dave Naylor, a search marketing executive.
Twitter's application programming interface (API), used by developers to create applications to post tweets -- such as TweetDeck, TwitterFox or HootSuite -- does not properly filter the URL of these programs. As a result, users could actually insert malicious JavaScript code along with a URL."
Wireless flaw could let hackers breach wired network - SC Magazine US
Wireless flaw could let hackers breach wired network - SC Magazine US: "Researchers at a security firm on Tuesday disclosed a vulnerability within the Cisco wireless framework that could offer intruders a gaping entryway into an organization's network.
The AirMagnet Intrusion Research Team said it discovered an exploit, known as 'skyjacking,' which could enable someone -- either on purpose or by accident -- to take control of a wireless access point (AP) and point it to an outside Cisco controller.
'Access points do not normally get connected to the wrong controller,' Wade Williamson, AirMagnet's director of product management, told SCMagazineUS.com on Monday. 'If [one does], you have a big problem. We've uncovered a way where, by accident or design, an access point could get connected to the wrong controller or a controller that's not in its network.'"
The AirMagnet Intrusion Research Team said it discovered an exploit, known as 'skyjacking,' which could enable someone -- either on purpose or by accident -- to take control of a wireless access point (AP) and point it to an outside Cisco controller.
'Access points do not normally get connected to the wrong controller,' Wade Williamson, AirMagnet's director of product management, told SCMagazineUS.com on Monday. 'If [one does], you have a big problem. We've uncovered a way where, by accident or design, an access point could get connected to the wrong controller or a controller that's not in its network.'"
Monday, August 24, 2009
New mass SQL injection attack infects 56,000 websites - SC Magazine US
New mass SQL injection attack infects 56,000 websites - SC Magazine US
Tens of thousands of websites have been compromised with a suite of malware containing backdoors, password stealers and downloaders, according to a security firm.
“It's a pretty potent concoction, from a malware perspective,” Mary Landesman, ScanSafe's senior security researcher, told SCMagazineUS.com on Monday.
So far, more than 56,000 sites have been compromised -- via SQL injection -- with a malicious IFRAME that loads exploits from several attacker-owned domains, Landesman said. The malware-hosting domains were registered between Aug. 3 and 9.
Tens of thousands of websites have been compromised with a suite of malware containing backdoors, password stealers and downloaders, according to a security firm.
“It's a pretty potent concoction, from a malware perspective,” Mary Landesman, ScanSafe's senior security researcher, told SCMagazineUS.com on Monday.
So far, more than 56,000 sites have been compromised -- via SQL injection -- with a malicious IFRAME that loads exploits from several attacker-owned domains, Landesman said. The malware-hosting domains were registered between Aug. 3 and 9.
Free copy of VigilancePro Encrypted Vault Manager - SC Magazine UK
Free copy of VigilancePro Encrypted Vault Manager - SC Magazine UK
VigilancePro Encrypted Vault Manager (EVM) from Overtis Systems aims to protect data by sending it through encrypted vaults. It enables information to be shared safely and securely via email or on removable media such as USB drives, CDs or DVDs.
Once the software has been downloaded the user can create a vault and enter a strong pass phrase. Files and folders can then be moved into the vault and are automatically encrypted. Once the vault is closed it can be copied onto removable media devices or attached to an email and sent to the recipient in a secure manner.
To open the vault and access the encrypted information, the recipient needs to have VigilancePro EVM installed and also be given the pass phrase.
Now you can try it for yourself. In order to download a free copy of VigilancePro EVM click here and then fill in your details and enter the voucher code: VPEVMSCUK1.
VigilancePro Encrypted Vault Manager (EVM) from Overtis Systems aims to protect data by sending it through encrypted vaults. It enables information to be shared safely and securely via email or on removable media such as USB drives, CDs or DVDs.
Once the software has been downloaded the user can create a vault and enter a strong pass phrase. Files and folders can then be moved into the vault and are automatically encrypted. Once the vault is closed it can be copied onto removable media devices or attached to an email and sent to the recipient in a secure manner.
To open the vault and access the encrypted information, the recipient needs to have VigilancePro EVM installed and also be given the pass phrase.
Now you can try it for yourself. In order to download a free copy of VigilancePro EVM click here and then fill in your details and enter the voucher code: VPEVMSCUK1.
Computer Security Research - McAfee Avert Labs Blog
Computer Security Research - McAfee Avert Labs Blog
The W32/Induc virus has been in the wild for at least a year. During this period it has succeeded in infecting a lot of Delphi installations, including manufacturers of some pretty popular software packages.
On a victim’s machine this virus searches for the presence of a specific version (4.0, 5.0, 6.0 and 7.0) of the Delphi compiler.
The W32/Induc virus has been in the wild for at least a year. During this period it has succeeded in infecting a lot of Delphi installations, including manufacturers of some pretty popular software packages.
On a victim’s machine this virus searches for the presence of a specific version (4.0, 5.0, 6.0 and 7.0) of the Delphi compiler.
Norton Safe Web, from Symantec - Dirtiest websites of Summer 2009
Norton Safe Web, from Symantec - Dirtiest websites of Summer 2009
It comes as no surprise that 48% of the Dirtiest Web Sites are, well, dirty— sites that feature adult content. However, other Dirtiest sites run the gamut of subject matter, including sites dedicated to deer hunting, catering, figure skating, legal services, and buying electronics. Viruses are the most common threat represented on the Dirtiest list, followed by security risks and browser exploits. Simply clicking through to a site with these threats could put you at risk of exposing your computer to infection, and worse, put your identity, personal and financial information into the hands of cybercriminals.
It comes as no surprise that 48% of the Dirtiest Web Sites are, well, dirty— sites that feature adult content. However, other Dirtiest sites run the gamut of subject matter, including sites dedicated to deer hunting, catering, figure skating, legal services, and buying electronics. Viruses are the most common threat represented on the Dirtiest list, followed by security risks and browser exploits. Simply clicking through to a site with these threats could put you at risk of exposing your computer to infection, and worse, put your identity, personal and financial information into the hands of cybercriminals.
Sunday, August 23, 2009
Phishing apps found on Facebook - SC Magazine US
Phishing apps found on Facebook - SC Magazine US
A new round of rogue Facebook applications sends notifications that lead users to phishing sites, according to researchers at Trend Micro.
The apps look innocuous, but if installed on a user's account can set off a chain of events designed to lure friends to phishing sites.
“Once this application is added [to an account], it uses the image of one of your friends (because your apps can see any info that you can see) to tell you that someone has generously sent you a meaningless graphic,” Rik Ferguson, solutions architect at Trend Micro, wrote in a blog post updated Wednesday. “It also gives you options of how to respond to this dubious gift, but no button to act on those options.”
A new round of rogue Facebook applications sends notifications that lead users to phishing sites, according to researchers at Trend Micro.
The apps look innocuous, but if installed on a user's account can set off a chain of events designed to lure friends to phishing sites.
“Once this application is added [to an account], it uses the image of one of your friends (because your apps can see any info that you can see) to tell you that someone has generously sent you a meaningless graphic,” Rik Ferguson, solutions architect at Trend Micro, wrote in a blog post updated Wednesday. “It also gives you options of how to respond to this dubious gift, but no button to act on those options.”
Researcher details Facebook CSRF flaw - SC Magazine US
Researcher details Facebook CSRF flaw - SC Magazine US
security researcher this week described a flaw that hackers could exploit to siphon Facebook users' personal information, without their knowledge, through the use of a rogue application.
Ronen Zilberman said that to be infected, a user must merely open a non-related website, ideally an online forum, where the attacker has seeded a malicious image tag link. If successful, the perpetrator could evade privacy settings and retrieve victims' full names, profile pictures and friend's lists.
He described the cross-site request forgery (CSRF) vulnerability -- which Facebook has since fixed -- Wednesday on his Quaji blog.
Much of the blame for the bug rests on a site feature known as "Automatic Authentication," Zilberman said. This component allows Facebook applications to receive personal information about a user when he or she visits the application's "canvas page."
But Zilberman found a way for the hacker to receive that same information without the user knowingly interacting with any application. He was able to embed an IMG tag on a third-party website. If a user visited the site, Facebook would believe the user was actually interacting with the application, and thus the attacker could receive the data.
"We need a way to trick Facebook into (thinking) the app page it is (clandestinely) accessing is a result of the user's interaction," he said. "It turns out that a simple redirect from one page to another in the same application fools Facebook because the second request originates from a Facebook URL (the first request).Therefore, the second request activates 'Automatic Authentication' and personal info is sent."
Facebook has fixed the problem, but Zilberman said the issue could be present across other social networking sites.
"Our team pushed a fix for this bug on Monday, shortly after it was reported to us, and before the details were made public," Facebook spokesman Simon Axten told SCMagazineUS.com on Friday. "The information exposed was very limited and included only the user's name, Facebook user ID, profile picture, and list of friends. User privacy settings were also respected. That is, if you had hidden certain information from platform applications, that information was still inaccessible. We have no evidence that the bug was ever used for malicious purposes."
security researcher this week described a flaw that hackers could exploit to siphon Facebook users' personal information, without their knowledge, through the use of a rogue application.
Ronen Zilberman said that to be infected, a user must merely open a non-related website, ideally an online forum, where the attacker has seeded a malicious image tag link. If successful, the perpetrator could evade privacy settings and retrieve victims' full names, profile pictures and friend's lists.
He described the cross-site request forgery (CSRF) vulnerability -- which Facebook has since fixed -- Wednesday on his Quaji blog.
Much of the blame for the bug rests on a site feature known as "Automatic Authentication," Zilberman said. This component allows Facebook applications to receive personal information about a user when he or she visits the application's "canvas page."
But Zilberman found a way for the hacker to receive that same information without the user knowingly interacting with any application. He was able to embed an IMG tag on a third-party website. If a user visited the site, Facebook would believe the user was actually interacting with the application, and thus the attacker could receive the data.
"We need a way to trick Facebook into (thinking) the app page it is (clandestinely) accessing is a result of the user's interaction," he said. "It turns out that a simple redirect from one page to another in the same application fools Facebook because the second request originates from a Facebook URL (the first request).Therefore, the second request activates 'Automatic Authentication' and personal info is sent."
Facebook has fixed the problem, but Zilberman said the issue could be present across other social networking sites.
"Our team pushed a fix for this bug on Monday, shortly after it was reported to us, and before the details were made public," Facebook spokesman Simon Axten told SCMagazineUS.com on Friday. "The information exposed was very limited and included only the user's name, Facebook user ID, profile picture, and list of friends. User privacy settings were also respected. That is, if you had hidden certain information from platform applications, that information was still inaccessible. We have no evidence that the bug was ever used for malicious purposes."
Tuesday, February 24, 2009
Automated IS Auditing
Friday, February 13, 2009
Cisco VPN & Vista x64
The Cisco IPSec VPN Client does not currently support 64-bit Operating Systems nor will it. If you have a need for an IPSec Client that does have 64-bit OS support, NCP Secure Communications has a Universal VPN Client that is 64 Bit compatible and will even import/convert your existing .pcf profiles for a seamless migration to a 64-bit client.
Wednesday, January 21, 2009
Bringing life to Muslim Heritage
Discover 1000 years of missing history and explore the fascinating Muslim contribution to present day Science, Technology, Arts and Civilisation.
more here ..
Subscribe to:
Posts (Atom)