[security] Forum Topics

[URL="http://www.theinquirer.net/gb/inquirer/news/2008/07/04/hundreds-thousands-laptops-left"]According to The Inquirer[/URL] a new report by the Ponemon Institute, rather appropriately sponsored by Dell, has revealed that an astonishing number of laptops are lost at airports across the United States on a weekly basis. Asking questions of 800 business travellers at some 106 major airports in the US, …

It’s been more than 10 days since the latest AppleScript.THT Trojan horse for Mac OS X reared its ugly head, yet still no word or fix from Apple. The new threat to versions 10.4 and 10.5 is classified as critical by the SecureMac security site, exploits a hole in the …

Heads up users of Yahoo Mail. A cross-site scripting vulnerability has been discovered that could allow hackers to steal a user’s session IDs and ultimately private information, according to [URL=http://blog.cenzic.com/public/item/207752]a report[/URL] yesterday from security risk assessment firm Cenzic. In an excerpt from the Cenzic blog post, the company reports: “If …

Remember the big fuss that spread all over the world when HM Revenue and Customs, the UK government department that deals with income tax and the like, managed to lose discs containing the financial details of 25 million people? amazingly, the official Independent Police Complaints Commission enquiry into the shameful …

Sandro Gauci, founder of [URL="http://enablesecurity.com"]EnableSecurity[/URL], has revealed that six years on from his 2002 report into extended HTML form attacks the problem has simply refused to go away. The original report included details of how attackers could abuse non-HTTP protocols in order to launch Cross Site Scripting attacks, even in …

[URL="http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/"]Multiple arbitrary code execution vulnerabilities in Ruby[/URL] have been revealed by the [URL="http://www.apple.com/support/security/"]Apple Product Security[/URL] team which could lead to Denial of Service attacks. A total of five vulnerabilities have been reported, with versions impacted being: [INDENT]1.8.4 and all prior versions 1.8.5-p230 and all prior versions 1.8.6-p229 and all prior …

Amazingly, according to [URL="http://www.theinquirer.net/gb/inquirer/news/2008/06/20/teen-faces-years-hacking"]The Inquirer[/URL], an Orange County hacker is facing an incredible 38 years in prison if found guilty of several counts relating to hacking into his school computer. It seems that Omar Khan, 18, of Coto de Caza, California hacked into computer in order to change his grades. …

Fellow DaniWeb blogger Guy Clapperton [URL="http://www.daniweb.com/blogs/entry2585.html"]makes some excellent points[/URL] about why, as a "self-employed Mac user," he bought himself a new iPhone following yesterday's announcement of the new 3G model. Are there any compelling reasons to get a new iPhone if you're a corporate employee or business owner, though? Actually, …

[URL="ttp://www.kaspersky.com"]Kaspersky Lab[/URL] is warning the public at large to be on the lookout for a new version of the blackmail virus Gpcode which has started to appear in the wild. This particularly nasty twist on the virus format encrypts your files using an RSA encryption algorithm, this time with a …

[URL="http://www.verdict.co.uk"]Verdict Research[/URL] has published a report which suggests that the credit crunch is benefiting web-based businesses as consumers in the UK flock to the Internet in search of money saving bargains. With £15bn ($30bn) spent online by UK consumers in the last 12 months, [URL="http://www.startups.co.uk/6678842909857992097/online-sales-rise-by-a-third.html"]according to the research[/URL], this equates …

The [URL="http://www.oecd.org/dataoecd/53/34/40724457.pdf"]Malicious software (malware): a security threat to the Internet economy[/URL] report published by the Organisation for Economic Co-operation and Development over the weekend suggests that the PC malware infection rate in the US has hit 25 percent. These OECD cybercrime infection findings are highly disturbing, admits Geoff Sweeney, CTO …

According to reports the most serious forthcoming threats to IT security will be revealed during the Gartner Security Summit in Washington this coming week, and it looms like the consumerization of IT will be right there front of stage. Something that Gartner research fellow, John Pascatore, describes as the Gen …

Mac OS X is safer today than it was Tuesday, thanks to Apple. The company on Wednesday posted [URL= http://support.apple.com/kb/HT1141]Security Update 2008-003[/URL], containing forty one performance and security fixes for the enhanced Active Directory, AirPort, iChat, Mail, Time Machine and several other components of the company’s operating system. It also …

[URL="http://searchsecurity.techtarget.com.au/articles/24758-Telstra-distributes-malware-infected-USB-drives-at-AusCERT"]Reports are filtering through[/URL] that delegates at the annual Australian AusCERT security conference were given USB sticks replete with malware. It would appear that the Oz telco Telstra handed out the memory sticks, unware of the malware payload, during a security tutorial of all things. The malware apparently took advantage …

In a [URL="http://www.computerworld.com.au/index.php/id;649220418;fp;16;fpid;1"]comprehensive review[/URL] of the new ZonaAlarm virtualized security environment that is ForceField, Roger Grimes praises the elegant user interface. While admitting to being a big fan of Check Point and the ZoneAlarm brand, Grimes remains skeptical of these kind of virtualization products and it would appear with good …

Have you ever wondered exactly how a botnet works? A wotnet, you ask? A botnet, I say. You know, the thing that your computer might well be a part of, without your knowledge or approval, which is used to launch distributed denial of service attacks, send spam, distribute malware and …

According to security experts [URL="http://www.sophos.com"]Sophos[/URL] a man has been arrested after allegedly trying to sell a hard drive which had previously belonged to Formula One racing driver Adrian Sutil and contained personal and financial data. The police in Germany are said to be questioning the man regarding a blackmail attempt …

A report entitled "[URL="http://ece.uprm.edu/~andre/insert/gmail.html"]Exploiting the Trust Hierarchy among Email Servers[/URL]" published by Pablo Ximenes from the University of PR at Mayaguez, USA and Andre dos Santos at the State University of Ceara, Brazil suggests that Google Mail is flawed in such a way so as to turn it into massive …

Threat statistics just released by managed security company [URL="http://www.network-box.com"]Network Box[/URL] reveals that phishing attacks now account for 67 percent of all malware by volume. This compares with just 24 percent in February and 48 percent in March, suggesting that the phishers are continuing to be successful where other distribution and …

Security vendor PC Tools [URL="http://blog.threatexpert.com/2008/04/kraken-changes-tactics.html"]has published[/URL] the source code and mathematical algorithm used in the domain name generation technique applied by the latest Kraken bot variant, Bobax. Analysis by researchers at PC Tools has uncovered how Bobax talks to control centres via HTTP using pseudo-random DNS names with a variable …

One of the best known soccer clubs in the world is tackling the phishing threat and has placed a penalty on the head of those who might try to con their fans on the web. As the annual InfoSecurity Europe show kicks off, so Manchester United has launched the implementation …

Following on from the RSA security conference the other week, where PayPal published a paper which included comment from chief information security officer Michael Barrett that suggested 'unsafe' web browsers would be banned, the eBay owned payments company has now appeared to backtrack somewhat. Online media channels, and in particular …

Research by security as a service specialists [URL="http://www.scansafe.com"]ScanSafe[/URL] has proven something that pretty much everyone knew already: namely that people working at home are more likely to view online pornography than those stuck in an office somewhere. I mean, it hardly needed a survey to dig up that little gem, …

If you believe the results of a survey conducted by [URL="http://www.infosec.co.uk"]InfoSecurity Europe[/URL] then women are four times as likely to give away their passwords for chocolate than men. This reveals two things: women prefer chocolate to IT and men rather predictably do not. It also reveals that we, as a …

[URL="http://www.itpro.co.uk/news/187851/apple-iphone-vulnerable-through-safari.html"]According to IT Pro[/URL] the Apple iPhone is vulnerable to Denial of Service attacks. These can occur when an iPhone user opens a JavaScript containing HTML page which triggers the vulnerability. An application Denial of Service attack can then crash the Safari browser on the phone, and quite possibly the …

Rather surprisingly, Kaspersky Lab has forecast that the security threat landscape will increase by more than 20 million programs by the end of 2008 when compared to the 2007 year-end figures, a ten-fold increase no less. That is worth repeating: the number of [B]new[/B] malicious applications in circulation by the …

According to [URL="http://www.itpro.co.uk/news/186540/the-security-business-has-no-future-says-ibm.html"]reports[/URL] the general manager of Internet security with IBM has warned that "the security business has no future." Speaking at the RSA conference in San Francisco, IT Pro says, Val Rahmani warned that the enterprise must fundamentally change security strategies if it is to have any success within …

[URL="http://www.fortiguardcenter.com"]According to unified threat management specialist Fortinet[/URL] Facebook users had better start paying attention to the postings that appear on their message wall within the popular social networking site. It appears that spammers are moving away from targeting third party applications, as evidenced in the recent 'Secret Crush' case, and …

Researchers at web gateway security specialists [URL="http://www.finjan.com"]Finjan[/URL] have uncovered an underground crime data exchange service which is highly sophisticated in nature. The exchange, known as SellCVV2, promotes the sale of fraudulent credit card data, offering not only volume discounts for fraudsters with bigger ambitions, but guarantees as well. According to …

Computerworld is [URL="http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9071638&source=rss_news6"]reporting the possibility[/URL] of a worm or bot in the wild that is specifically targeting D-Link branded routers. It refers to a three year old vulnerability which Symantec security researchers believe is being exploited by a new exploit. Apparently, the Symantec security response team has seen an increase …