Networking Forum

Computerworld is [URL="http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9071638&source=rss_news6"]reporting the possibility[/URL] of a worm or bot in the wild that is specifically targeting D-Link branded routers. It refers to a three year old vulnerability which Symantec security researchers believe is being exploited by a new exploit. Apparently, the Symantec security response team has seen an increase …

According to [URL="http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9070840&intsrc=hm_list"]reports[/URL] it would appear that Microsoft has confirmed the presence of a critical vulnerability which impacts upon users of MS Word for Windows 2000, XP and Server 2003 SP1. Shame it has taken many weeks for Microsoft to admit this, and only after a second security vendor recently …

[URL="http://www.frsirt.com/english/advisories/2008/0928"]FrSIRT[/URL], the French Security Incident Response Team, has reported that multiple vulnerabilities have been identified in various IP-PBX software applications that can be exploited by attackers to bypass security restrictions and cause denial of service attacks or otherwise compromise vulnerable systems. The software is used by an ever increasing number …

[URL="http://po-ru.com/about/"]Paul Battley[/URL] is a software developer from London who can probably lay claim to being the biggest thorn in the side of the BBC right now. No sooner had the mighty British Broadband Corporation [URL="http://news.bbc.co.uk/1/hi/technology/7293988.stm"]announced[/URL] that his hack which allowed people to download iPlayer TV streams meant for an iPhone …

[URL="http://www.avertlabs.com/research/blog/index.php/2008/03/12/another-mass-attack-underway/"]Security researchers at McAfee[/URL] have uncovered one of the biggest attacks of its kind to date, with some 10,000 web pages which had been rigged to entrap unsuspecting visitors. Although the infected web pages look the same as they always did, under the hood the cyber-crooks had added some redirection …

According to messaging security experts [URL="http://www.messagelabs.com/intelligence.aspx"]MessageLabs[/URL] there has been a 100 percent rise in the amount of spam from Gmail during February, along with a worrying 200 percent increase in targeted Trojan attacks. The February MessageLabs Intelligence Report, published today, paints a sorry picture as far as IT security is …

Bruce Schneier is a security legend, and posts like [URL="http://www.wired.com/politics/security/commentary/securitymatters/2008/03/securitymatters_0306"]this one[/URL] go a long way to proving just why. In this Wired commentary Schneier gives the best explanation I have seen as to why the ‘transparent society’ argument is a myth, why it is not better than privacy but rather …

The Trend Micro [URL="http://blog.trendmicro.com/over-400-phish-kits-on-the-loose/"]TrendLabs Malware Blog[/URL] is reporting that the volume of totally free do it yourself phishing kits available in the wild on the web had moved past the 400 mark. Ironically, some are even used by phishers to phish other phishers…

According to a [URL="http://www.yougov.com"]YouGov[/URL] survey published today by [URL="http://www.verisign.com"]VeriSign[/URL] the average UK consumer is worth £10,077 ($20,000) online in terms of banking, gaming and shopping accounts. The pan-European survey on consumer attitudes to online security concludes that UK Internet users are putting as much as £361 billion ($720 billion) at …

A hearty slap on the back must go to authorities in South Korea who have [URL="http://www.sophos.com/news/2008/03/lee-shin-ja.html"]arrested and charged[/URL] the 41 year old ex-CEO of an antivirus software company with distributing fake security scareware. Lee Shin-ja was formerly CEO with security outfit Media Port, and stands accused of distributing the 'free' …

Unified threat management specialists Fortinet has [URL="http://www.fortiguardcenter.com/reports/roundup_feb_2008.html"]announced[/URL] the most reported high-risk threats during the course of the last month, and it makes interesting reading. According to Fortinet it proves that birds of a feather do flock together as the most definable malware trend was most definitely the fact that the …

According to the [URL="http://www.timesonline.co.uk"]Sunday Times[/URL] one couple got more than they bargained for courtesy of the almost extortionate charges that mobile phone companies are allowed to levy in Europe when it comes to sending text or data while 'roaming' away from your home country. Although the case in question might …

[URL="http://www.avertlabs.com"]McAfee Avert Labs[/URL] has warned that the number of spammers which use the 'out of office' functionality of web-based email systems to distribute junk mail is on the increase. The particular technique in question, which involves spammers setting up web-based email accounts which are configured to auto-respond with spam instead …

The Cult of the Dead Cow, the infamous hacking collective, has released a Google hacking utility called Goolag Scan that brings the ability to search the information engine for web-based data that is normally hidden to anyone wannabe with a web browser and half a brain. It does this by …

According to the Pakistan Telecommunications Authority (PTA) while the blocking of the YouTube website over the weekend in Pakistan was intended the worldwide outage that saw the popular video streaming service become unavailable to huge swathes of the planet was accidental. Anyway, PTA spokesman Khurram Mehran assures us it is …

Last year I [URL="http://www.daniweb.com/blogs/entry1466.html"]exposed[/URL] a security breach involving the online collection of applications for visa documents allowing Indian citizens to visit the UK, an expose that ended up with the [URL="http://www.daniweb.com/blogs/entry1817.html"]UK government itself being found guilty[/URL] of breaking the Data Protection Act and which kick-started something of a sea change …

It is not often that a drunken discussion provides anything more than a hangover the following morning, but recently a bunch of IT security experts got talking while the beer was flowing and someone asked the question: what is the biggest threat on the IT landscape today? Everything from 'the …

Who could forget [URL="http://en.wikipedia.org/wiki/Jon_Lech_Johansen"]DVD Jon[/URL], the Linux guru who was co-author of DeCSS? This Linux application 'unlocked' DVDs with content otherwise protected by Content Scrambling System (CSS) encryption and landed DVD Jon in front of a judge. Which did not stop him from continuing his quest to free audiovisual content …

It has been estimated that something in the region of 70 percent of the ATMs in current use are based not on the proprietary hardware, software and communication protocol platforms of old but instead on PC/Intel hardware and commodity operating systems, the most popular being Windows XP embedded. In fact, …

[B]Rumors and speculation about why five undersea cables to the Middle East have been severed — and what it means for IT security[/B]. Since [B]Jan. 30, 2008,[/B] there has been a troubling pattern of underwater anarchy. At first, it was reported that two, then three, then five undersea [URL="http://en.wikipedia.org/wiki/Fiber-optic"]fiber-optic[/URL] cables …

Security researchers at [URL="http://www.sophos.com"]Sophos Labs[/URL] have revealed that nearly 70 percent of all Linux honeypot infections are caused by a single virus. Perhaps even more shocking, all things considered, is the fact that the virus in question, Linux/Rst-B, is actually six years old now. So concerned is Sophos at this …

[URL="http://en.wikipedia.org/wiki/Nicodemo_Scarfo,_Jr."]Nicodemo Scarfo Jr[/URL], a well-connected member of the [B]New York[/B] and [B]Philadelphia[/B] organised crime families, knows all about keylogging. But rather than using the technique to steal or launder money, he was brought down by the [B]Magic Lantern[/B] [URL="http://en.wikipedia.org/wiki/Keylogger"]keylogger[/URL] that the FBI installed on his computer via a Trojan. It …

It has been a couple of months now since a Russian security researcher, Evgeny Legerov, confirmed that the widely deployed media software RealPlayer was vulnerable to a zero-day exploit. The Russian company, Gleg, is in the business of selling information on such exploits and security flaws. Unfortunately, according RealNetworks's Vice …

In today's heightened threat environment, it is a constant battle for IT security departments to stay on top of all possible attacks and vulnerabilities they could encounter. With insider threats on the rise and the continuous danger posed by external hackers, coupled with the alarmingly quick development of stronger and …

Today sees the official formation of the Anti-Malware Testing Standards Organization ([URL="http://www.amtso.org"]AMTSO[/URL]) which has come about following an industry wide concern about the lack of any real-world standards that apply to anti-malware solutions when it comes to testing. Why is this important? Because unless the testing methodologies used to evaluate …

Although there has been no great fuss made, no pin badges sold and no banners waved, Monday 4th February is for all intents and purposes the day IPv6 grows up. Because from that day, IPv6 IP addresses will be able to be directly translated into domain names and vice versa, …

It has been a long time coming, but a virus writer has finally been arrested by the Japanese authorities. According to security specialists [URL="http://www.sophos.com"]Sophos[/URL] law enforcement agencies in Kyoto, Japan, have arrested three men who stand accused of plotting to infect users of a popular P2P file-sharing network with a …

A CIA analyst speaking at the SANS 2008 SCADA and Process Control Summit in New Orleans has admitted that hackers have not only been able to penetrate the power grids of several countries, but also successfully cut power to several cities, all from the relative safety of the Internet. Central …

The Fortinet [URL="http://www.fortiguardcenter.com"]threat response team[/URL] has reported a new and malicious Symbian OS based worm that is currently actively infecting mobile phone networks. According to Fortinet, the worm comes packaged in disguise as a multimedia file with a name such as sex.mp3 or love.rm and enables it to easily con …

It doesn’t really matter where you live in the world, the chances are that your country has been hit by some high profile data loss scandal during the course of the last year or so. Everything from retail operations such as TJ Maxx losing the odd 40 million or so …

A posting at [URL="http://seclists.org/dailydave/2008/q1/0000.html"]Daily Dave[/URL], which is part of the [URL="http://insecure.org/"]Insecure.org[/URL] security website, by the founder of a Moscow based security vendor called [URL="http://www.gleg.net"]Gleg[/URL], would suggest that it's not a very good start to the new year for RealPlayer 11 users. Gleg Ltd chief technology officer Evgeny Legerov made a …

Kaspersky Lab has [URL="http://www.viruslist.com/en/analysis?pubid=204791980"]published its list[/URL] of the most prevalent viruses for the end of 2007, and although an email worm retains the top spot the more interesting stuff is happening immediately below it in the rankings of shame. Specifically, the second, fourth and seventh places which are all occupied …

In an interview with Australian publication [URL="http://www.computerworld.com.au/index.php/id;1891124482;pp;1;fp;16;fpid;1"]Computerworld[/URL] and ahead of his appearance as a keynote speaker at the Australian Linux Conference 2008, renowned security expert Bruce Schneier has compared Linux to Star Wars and suggests fanboys feel the force a bit more. Schneier will give a presentation entitled "Reconceptualising Security" …

[URL="http://www.nochex.com"]Nochex[/URL] has been providing secure online payment services to small and medium businesses in the UK ever since 2001. It seems to take security seriously, as anyone dealing with your money should, with encrypted data transfers, encrypted data storage and servers at the same highly secure location as used by …

Nick Breese is a researcher with New Zealand based security outfit [URL="http://security-assessment.com/"]Security-Assessment.com[/URL] and found himself giving a presentation at the Kiwicon hacker conference in Wellington earlier this week. His presentation looked at the use of the PlayStation 3 games console to crack passwords, and Breese concluded that when compared to …

The annual [URL="http://www.mcafee.com"]Virtual Criminology Report[/URL], published today, warns that international international cyber espionage is set to be the biggest single threat to national security next year. Right there on the front line of this cyber cold-war is China, according to report authors McAfee. However, that is just the tip of …

I have two mobile phones. One is purely for personal calls and so that number is only known to my family and closest friends. The other is purely for business calls, the number is printed on my business. A couple of times last week I received what are known as …

The security experts at [URL="http://www.avertlabs.com"]McAfee's Avert labs[/URL] have been consulting the Tarot card, rubbing their crystal balls and generally predicting what levels of IT doom and gloom we can expect to be experiencing during the course of 2008. Unsurprisingly, they expect to see an increase in web exploits and those …

Back in May, I [URL="http://www.daniweb.com/blogs/entry1466.html"]broke the story[/URL] on DaniWeb in this very blog of how the online application facility for UK visas was not only insecure, but that it had potentially been so for years. The company concerned, VFS Global, which operated the visa online application form filing service on …

Research commissioned by Internet security software makers [URL="http://www.avguk.com/stop-cybertheft"]AVG[/URL] has revealed that one in three people in the UK have experienced some kind of cyber theft over the Internet. What's more, it is also one of the UK's most feared crimes, outranking burglary, assault and robbery according to the independent study …

Remember when SCO used to be known as a big fish in the Unix OS pond, well respected and pretty much a pillar in this particular vendor community? No, neither do I. The image of a company that sought to claim IBM had somehow inappropriately contributed to Linux development, a …

[URL="http://www.mcafee.com"]McAfee Inc[/URL]. has today released the results of new research which found that nearly one in four people in Europe are putting themselves at increased risk of online fraud or identity theft simply because of poor password habits. The research, of 3500 consumers in the UK, France, Germany, Italy, Spain …

Finjan Inc has published its latest Web Security Trends [URL="http://finjan.com/content.aspx?id=827"]report[/URL] which contains everything you would expect, plus something you probably would not: your widgets are out to get you. Widgets, or desktop gadgets if you prefer, are exposing users to a whole host of not so delightful security exploits. Finjan's …

In the UK last year there were a staggering 3,237,500 cybercrimes committed according to a new [URL="https://www.garlik.com/index1.php?page=cybercrime"]report[/URL] from online identity specialists [URL="http://www.garlik.com"]Garlik[/URL] in collaboration with leading criminologists. Do the math and that works out to one cybercrime committed every ten seconds in the UK alone. Of these, some 60 percent …

A survey by secure data specialists [URL="http://www.cyber-ark.com/news-events/pr_20070530.asp"]Cyber-Ark Software[/URL] has revealed that the least trustworthy members of staff include temps, cleaners, security guards and the board of directors. PR, marketing and sales staff were also low on the list. At the other end of the trust scale, the personnel and legal …

According to a report in the [URL="http://www.ft.com/cms/s/0/9dba9ba2-5a3b-11dc-9bcd-0000779fd2ac.html"]Financial Times[/URL] of all publications, the Chinese military has hacked the Pentagon in what it describes as the most successful cyber attack on the US defense department to date. Although the Pentagon has acknowledged that a computer system which serves the office of US …

[URL="http://www.mcafee.com"]McAfee Inc.[/URL] has today announced the findings of new research which reveals that, as far as European small and medium businesses are concerned, size does matter when it comes to security and risk. Having sampled more than 600 IT decision makers from small and medium sized businesses across Europe, McAfee's …

The number crunchers at security specialists [URL="http://www.sophos.com"]Sophos[/URL] have published the figures revealing which bits of malware have been spreading the fastest during August. While the fact that infected spam attachments have dropped from one in 322 for the first six months of the year to one in every 1000 for …

A Symantec Security Response [URL="http://www.symantec.com/enterprise/security_response/weblog/2007/08/a_monster_trojan.html"]posting[/URL] suggests that Monster.com, the huge job hunting website, has been subject to an online attack resulting in the theft of personal data in the form of resumes of its users. "We analyzed a sample of a new Trojan, called Infostealer.Monstres, which was attempting to access …

Jeff Jones is a Strategy Director in the Microsoft Security Technology Unit, part of the team trying to make Microsoft products more secure, poor guy. No surprise that he publishes a vulnerability report on his Microsoft TechNet hosted [URL="http://blogs.technet.com/security/default.aspx"]Security Blog[/URL] which always seems to suggest that Microsoft Windows is far …