|
Fake Trend Micro Virus Clean Tool Spreads Malware Dirt
TrendLabs | Malware Blog - by Trend Micro
Trend Micro recently discovered malware posing as the Trend Micro Virus Clean Tool being sent through email by Chinese hackers. This is a screenshot of the email message:
Figure 1. Spam email in Taiwanese looking very much like it came from Trend Micro.
Moving Offices in Ann Arbor
Security to the Core | Arbor Networks Security Blog
We spent the past four and a half years (or so) in our location, a full floor of a downtown office building. We’re now bursting at the seams with staff, equipment, and our current space just wasn’t suiting us any longer. We spent the past few
'Mojave' Isn't Windows Se7en
Security Garden
None
SecuriKey Professional Edition 2.1
Network Security Blog
Thanks to Rich, I had an opportunity to write a review of SecuriKey Professional for MacWorld. They sent me the USB key fobs, I played around with it for a couple of weeks on my MacBook Pro, and I generally liked the product. The only thing I wish they&
Yahoo plays defunct DRM tune
InfoWorld Gripe Line | Ed Foster
It's getting to be an old song. This week the Yahoo Music Store sent a message to customers saying they will turn off their DRM servers after September, thus
Fixing noise on Ubuntu Hardy 8.04, aka setting max_cstate
Inliniac
Not security related at all, but it took me so much time to figure this out, I want to share this with the world!
I own a Lenovo Thinkpad T60 that I like very much. There is one annoyance, and that is that when on battery, the laptop produces a high pitch
Pharma Invests Big in Stem Cells
Technology Review Feed - TR Editors' Blog
GSK gives the Harvard Stem Cell Institute $25 million.
 Advanced Robotic Hand Mimics Human's
Technology Review Feed - TR Editors' Blog
A Sensopac hand can grasp an egg, snap its fingers, and carry coffee.
Call Center Folks Have Huge Amounts Of Access TO PII
Realtime Community | IT Compliance
Need more reasons from my post from yesterday about why call centers need targeted training and ongoing awareness?
If so, then here is the se
Is More Regulation Always the Way to Go?
Speaking of Security, the RSA Blog and Podcast
Over in the US, Senator Obama has recently been talking about his stance on Cyber terrorism. While there were many interesting points in his proposals, I wanted to home in on his comments regardi
Web Form Spam Alive and Kicking
TrendLabs | Malware Blog - by Trend Micro
Spammers have never balked at using Web forms as a way of sending out spam messages–anything to expose their wares. Basically they will look for a public Web server that allows them to provide feedback or information to a certain company. These Web
Banker Summons You to Court
TrendLabs | Malware Blog - by Trend Micro
For the longest time now, Brazilian banking Web sites have been one of the favorite targets of malware criminals for stealing sensitive banking information from users. These spyware Trojans are usually coupled with spam emails with various, and quite clev
Size Definitely Matters
Norwegian Honeynet Project
Following up on some of the SSH brute force attack data we’ve previously presented, here are some statistics on the length of the passwords used in the attacks we’ve observed during the last six months. The graph below shows the number of atta
New FISA Analysis
Emergent Chaos
Vox Libertas, a blogger at the Daily Kos has written an analysis of the new US FISA law in his article, "I think I understand the FISA bill. Do I?" Vox Libertas has taken an approach that I can appreciate....
2% of a big number, is a big number
Robert Hensing's Blog
Don't be evil.
http://blogs.pcmag.com/securitywatch/2008/07/google_blogger_hosts_2_of_worl.php
 SSO Summit Day One Morning Session
1 Raindrop
I am at the SSO Summit, high in the Colorado mountains (9200 feet elevation to be exact), the I-70 West sign is one of my favorite road signs. Ping Identity has done a great job putting this together. It is the perfect size around 125 people. Most of the
One Spammer Jailed, Another Walks
Security Fix
Spam king Robert Soloway was sentenced this week to 47 months in prison for sending more than 90 million junk e-mail messages over a three month period. Meanwhile, federal authorities are searching for a spammer who walked away from a
Before You Go on That Vacation....
Security Fix
None
Open Source Laptop Tracking Service
Schneier on Security
Adeona. Looks good.
One Spammer Jailed, Another Walks
Security Fix
Spam king Robert Soloway was sentenced this week to 47 months in prison for sending more than 90 million junk e-mail messages over a three month period. Meanwhile, federal authorities are searching for a spammer who walked away from a prison camp on Sunda
Before You Go on That Vacation....
Security Fix
None
SF Expands on Childs' Crimes. Bail Maintained.
Cheap Hack
None
Antivirus fail . . .
Robert Hensing's Blog
Lately I'm not a big fan of AV and it amazes me that AV hasn't been beaten up more badly than it has given how it runs on pretty much every desktop in the civilized world and how critical writing solid, secure code is these days.
It looks l
Microsoft Mojave
Robert Hensing's Blog
"We are here in San Francisco, where we've secretly replaced the fine operating system these people usually use with Windows Vista, Let's see if anyone can tell the difference!"
Its all out there
Network Security Blog
As everyone knows, Matasono accidentally released confirmation of the DNS vulnerability. And rumor has it there’s been unstable code to take advantage of it since last week and stable code since earlier this week. And HD Moore has released a Metas
Yes, AT&T, we mean you!
Network Security Blog
There’s little or no excuse for someone as big as AT&T to not be patched yet!
Mubix took a shot of his iPhone as proof that AT&T is screwing the pooch on this one. It was suggested recently that the IP shown there might actually be the pu
New DSN Exploits are being developed - Patch your servers now
Harry Waldron - Microsoft MVP Blog
 Below are resources for corporate users related to the developments associated with the new DSN vulnerabilities. The CERT advisory has
Enough With Default Allow Revision 2
ModSecurity Blog
None
Whats the Cyber in Cyber-Security?
Freedom to Tinker
Recently Barack Obama gave a speech on security, focusing on nuclear, biological, and infotech threats. It was a good, thoughtful speech, but I couldn’t help noticing how, in his discussion of the infotech threats, he promised to appoint a “N
A Question
securosis.com
If you can tell, with absolute certainty, that systems are vulnerable to an exploit without needing to test the mechanism, what good is served by releasing weaponized attack code immediately after patches are released, but before most enterprises can patc
F-Secure Rescue CD 3.00
F-Secure Antivirus Research Weblog
Our colleagues from the Linux team blogged about it last month, but it's worth repeating:
The latest version of our Emergency Rescue CD is available.
It's a bootable Linux CD
75 Percent Of Banking Websites Vulnerable To Cyber Thieves Study Shows
National Cyber Security - Blogs
University of Michigan study revealed startling facts.
ANN ARBOR, Mich.—More than 75 percent of the bank
Web sites surveyed in a University of Michigan study had at least
Assessing your Organizations Network Perimeter (pt. 3)
BlogInfoSec.com
Welcome once again to the risk rack. This time on the risk rack we will be continuing our review of how to assess your organizations network perimeter.
As a reminder the identified steps were:
Step 1: Define the functions and purposes of your network pe
None
NetSec
None
Anti-Terrorism Stupidity at Yankee Stadium
Schneier on Security
They's at Yankee Stadium:
The team contends that sunscreen has long been on
Patch your DNS NOW!!!!!
PandaLabs
The exploit is here. Metasploit has developed a module to trigger the last DNS vulnerability (announced by Dan Kaminsky two weeks ago). The DNS system translates names to numbers the Internet can use (www.pandasecurity.com -> 88.221.26.28). This thr
Three ModSecurity Rule Language Annoyances
ModSecurity Blog
None
Vulnerabilities in Antivirus Software - Conflict of Interest
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
None
Open Thread
Emergent Chaos
What's on your mind?...
Email Hacking Going Commercial
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
None
!$title$!
securosis.com
!$text$!
Leveraging Client-Side Exploits In Your Pentests
Carnal0wnage Blog
None
Five favorite targets of Chinese hackers
The Dark Visitor
One thing that has always interested me is the types of targets Chinese hackers seek out for attack. Since it is impossible for us to protect everything, or be everywhere, understanding the most likely targets should be a high priority. Of course this is
DNS Fail Open Goat Award
Robert Hensing's Blog
Kaminsky's flaw has a metasploit module: http://www.caughq.org/exploits/CAU-EX-2008-0002.txt
On the Internet - no one hears your screams.  Malware Abuses DoubleClicks Open Redirects
TrendLabs | Malware Blog - by Trend Micro
The Trend Micro Advanced Threat Research has discovered a number of malicious URLs under the domain of global Internet advertising company, DoubleClick:
hxtp://ad.doubleclick.net/click;h=ADWAJJzSVGmEDCBbJkMiTUfmdIhuADWAJJzS;~ss cs=%3fhttp://www.{BLOCKED}
|
