background preloader

Internet Security

Facebook Twitter

Naughty JavaScript can be planted in IM status messages. Protecting your mid-size business from today’s security threats Security shortcomings in both ICQ instant messenger for Windows and the ICQ website create a possible mechanism for account hijacking, a security researcher warns. Levent Kayan warns that the software fails to screen against the inclusion of JavaScript code in user-supplied status messages. The shortcoming means that this JavaScript code might be run on a victim's machine providing they are tricked into opening the booby-trapped status message using a vulnerable ICQ client. The technique might be used to steal session cookies, enabling the hijacker to impersonate victims, or (with greater difficulty) to gain access to local files on a compromised PC.

Kayan found a similar cross-site scripting flaw involving Skype earlier this month. Heise Security was able to reproduce the flaw discovered by Kayan using the current 7.5 version of ICQ. Protecting your mid-size business from today’s security threats.

Facebook

Windows Security Praised. 'grouchysmurf', on 15 Aug 2011 - 23:12, said: Ok..maybe I need to step this back a bit.Point 1: Vista should have NEVER gone to market....Point 2: WinXP came at a time when they had supposedly worked out all the kinks, and XP was called the Super OS of the future...My expectation is that they get it right. I understand the occasional patch, I do. Stuff happens....but the shear VOLUME of patches and their history so far is nothing to be proud of. We as customers do not have to settle for second rate product delivery....So, since this has opened up some opinions, I ask this...when is enough enough?

When will we have the ultimate "god" os? Well I do think that Vista was truly a stepping stone for Windows 7..... 12-14 years ago when XP came about it actually was a lot nicer.. Asking for a 'GOD' system is a bit much... In the 50's the ad campaign was ' of the future '.. In two years.. three years there will be more OSes.. there will be exploits and patches to keep those out... Did Adobe hide 400 vulnerability fixes in latest Flash Player patch? Google information security engineer Tavis Ormandy accuses Adobe of burying the results of an ongoing security audit. A high-profile Google researcher has accused Adobe of hiding the fact that it patched a whopping 400 unique vulnerabilities in yesterday's critical Flash Player update. According to Tavis Ormandy, an information security engineer at Google who has a history of controversial vulnerability disclosures, the 400 unique Flash Player vulnerabilities were sent to Adobe as part of an ongoing security audit but there's no documentation on these fixes in the new update.

"Apparently that number was embarrassingly high, and they're trying to bury the results, so I'll publish my own advisory later today," Ormandy said on his Twitter feed. Adobe's advisory that accompanies the Flash Player update does in fact acknowledge Ormandy's work: Adobe would also like to thank Tavis Ormandy and the Google Chrome team for their great work on several improvements to this Flash Player release. Fake Firefox Update Email Tries To Steal Your Passwords & Install A Trojan [News] This is a scam attempted by some people who are targeting the most gullible of users (which is none of our readers are of course) into installing a backdoor Trojan that will log your passwords and possibly do unscrupulous things with them.

Keep your passwords safe, and disregard this email should you receive it. Users should always be aware that clicking links from unknown senders is not a good idea, and will generally lead to a negative result. Still it is worth warning about this one particular. Please remember that Firefox will update itself automatically, so if you ever receive an email or link telling you that your version of Firefox needs to be updated, please ignore it. This email made the rounds this past weekend, and will probably continue to do so, so please be aware and delete it if you get one. This is clearly one of the weaker attempts to get passwords, but there are people out there who will fall for such trickery.

Source: Naked Security. A Hacker Speaks: How Malware Might Blow Up Your Laptop. We depend on our computers to get work done, and so we try to safeguard them appropriately. But our trusty laptops, desktops, and tablets rely on their own internal network of sophisticated computer chips to function. These tiny chips--called microcontrollers--regulate everything from the battery in your laptop to the headlights on your car--and they aren’t always so secure. Microcontrollers have their own CPU and enough discrete memory to run simple programs, and although they’re usually designed for a single task, they can be reprogrammed via updates to the device firmware. Typically the hardware manufacturer delivers such downloadable updates to improve the performance of your device, but there’s nothing stopping a hacker from mimicking those updates and injecting your device with malicious code.

"I’d just wrapped a presentation on iPhone hacking and wanted to work on something more flashy," said Miller during an interview with PCWorld. As it turns out, he probably could. Google Warns 1 Million PCs Hit by Search Hijack. A quick-witted Google engineer has uncovered evidence that as many as one million Windows PCs appear to be infected by browser redirection malware that is sending searches through proxy servers in order to generate traffic. This type of attack has been around for years in one form or another, but the scale of what Google engineer Damian Menscher chanced upon from a single family of malware is still unusual in its scale.

Performing routine maintenance on a data center, Menscher noticed unusual traffic still arriving at the servers from unusual addresses. Calling in help from security experts, it was discovered that the requests were coming from a large clutch of PCs infected by proxy redirection malware. Google has now added a layer of detection that picks up on the redirection attack and gives its victims a search page message 'Your computer appears to be infected' if traffic through the proxies is noticed.

Internet Health Map.

Virtual Private Networks