We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
An online business based in Russia will pay Web sites 6 cents for each machine they infect with adware and spyware, security researchers said Tuesday, calling the practice "awful."
The Witty worm, which infected more than 12,000 servers a year ago, came from a single computer in Europe and used a U.S. military base's vulnerable systems to kick-start the epidemic, according to an analysis released by three researchers this week.
Three young hackers under investigation for unlawfully accessing personal information on thousands of people in a LexisNexis database have characterized their act as a cyberjoyride that got out of hand. The hackers, ages 16, 19 and 20, spoke with Wired News by phone Monday and said that in January and February they accessed LexisNexis data -- which included the Social Security number, birth date, home address and driver's license number of numerous celebrities and hacker friends -- to claim bragging rights, rather than to steal identities or sell the information to identity thieves, as some published reports have stated.
Computer users already anxious about viruses and identity theft have new reason to worry: Hackers have found a way to lock up the electronic documents on your computer and then demand $200 over the Internet to get them back.
Security experts have warned of a substantial rise in the number and complexity of hacking attacks during the first half of 2005. According to research commissioned by carrier AT&T, the volume of traditional email attachment viruses has fallen, but the speed at which new variants are appearing is increasing.
This KYE white paper aims to provide practical information on the practice of phishing and draws on data collected by the German Honeynet Project and UK Honeynet Project. This paper focuses on real world incidents that the Honeynet Project has observed in the wild, but does not cover all possible phishing methods or techniques. Attackers are constantly innovating and advancing, and there are likely to be new phishing techniques already under development or in use today.
Cisco Systems issued a statement Monday confirming that police in Sweden have arrested a suspect in connection with the theft of its networking equipment source code last year. A spokesman for the FBI, which began working on the theft last May, said the case is ongoing and declined to offer details.
The incident seemed alarming enough: a breach of a Cisco Systems network in which an intruder seized programming instructions for many of the computers that control the flow of the Internet. Now federal officials and computer security investigators have acknowledged that the Cisco break-in last year was only part of a more extensive operation - involving a single intruder or a small band, apparently based in Europe - in which thousands of computer systems were similarly penetrated.
Two vulnerabilities in the popular Firefox browser have been rated "extremely critical" because exploit code is now available to take advantage of them. The cross-site scripting and remote system access flaws were discovered in Firefox version 1.0.3, but other versions may also be affected, said security company Secunia, which issued the ratings Sunday.
The 25-year-old researcher has spent years analyzing how spyware and adware programs work and publicizing his findings. That often results in red faces and, occasionally, lawsuit threats from companies like WhenU and Claria, formerly known as Gator. When testing spyware and adware, Edelman isn't about to sacrifice his own Windows XP computer. So he uses the VMware utility to create a virtual Windows box.
Hackers continue to develop new ways to infiltrate computer systems, staying one step ahead of software providers by targeting an array of applications, according to a recent report from the SANS Institute Latest News about SANS Institute. Some 600 new Internet security Latest News about Security vulnerabilities were found by SANS during the first quarter of 2005, a 20 percent increase over the same period last year. The surge indicates a continuous assault by individuals aiming to cash in on software vulnerabilities.
The e-mail began, "Your site is under attack," and it gave Mickey Richardson two choices: "You can send us $40K by Western Union [and] your site will be protected not just this weekend but for the next 12 months," or, "If you choose not to pay...you will be under attack each weekend for the next 20 weeks, or until you close your doors."
Surfers trying to visit the web site of popular secure email service Hushmail were redirected to a false site early Sunday following a hacking attack. Hush Communications said hackers changed Hushmail's DNS records after "compromising the security" of its domain registrar (Network Solutions). These changes were undone after a few hours on Sunday and normal Hushmail services have now been restored.
Security experts attending the Wireless LAN Event in London last Wedesday found that anonymous hackers in the crowd had created a Web site that looked like a genuine log-in page for a Wi-Fi network, but which actually sent 45 random viruses to computers that accessed it. "[This] gets very nasty as we've never seen it before," said Spencer Parker, a director of technical solutions at AirDefense. "It downloads 45 different randomly generated viruses, worms and keyloggers so antivirus software doesn't protect it. It doesn’t recognise the signatures."
Thieves who accessed a DSW Shoe Warehouse database obtained 1.4 million credit card numbers and the names on those accounts - 10 times more than investigators estimated last month. DSW Shoe Warehouse said Monday that it has contact information for about half of those people and started sending letters notifying them of the thefts, which happened at 108 stores in 25 states between November and February. A list of the stores is available on the company's Web site.
Here's a wake-up call for those who ditched Internet Explorer for Firefox, believing it's more secure than Microsoft's much-attacked browser: Proof-of-concept code targeting security holes in Firefox and the Mozilla Suite have started appearing on public mailing lists. An attacker could exploit the flaws to launch malicious code. But users can protect themselves by updating to Firefox 1.0.3 and Mozilla Suite 1.7.7.
Data apparently stolen from the popular clothing retailer Polo Ralph Lauren Inc. is forcing banks and credit card issuers to notify thousands of consumers that their credit-card information may have been exposed.
Data broker LexisNexis said Tuesday that personal information may have been stolen on 310,000 U.S. citizens, or nearly 10 times the number found in a data breach announced last month. An investigation by the firm's Anglo-Dutch parent Reed Elsevier determined that its databases had been fraudulently breached 59 times using stolen passwords, leading to the possible theft of personal information such as addresses and Social Security numbers.
Phishers are moving away from big banking institutions and heading for smaller targets, according to the Anti-Phishing Working Group (APWG). In its study of phishing activity in February the group found that, while four out of five attacks were still on six major banks, the number of smaller organisations being targeted is rising fast.
Older worms and viruses continued to dominate March's list of Top 10 baddest apples, said security firms Thursday, in part because users don't update their anti-virus defenses, but also because 2005's entries have been too weak to unseat the old guard. According to the list produced monthly by Sophos, the Zafi.d worm led the Top 10 for March by accounting for 45.1 percent of all the malicious traffic the U.K.-based security vendor monitored. Netsky.p came in second with 21 percent of the month's total. Rounding out the top 10 were Zafi.b, Sober.k, Netsky.d, Netsky.z, Netsky.b, MyDoom.o, Netsky.c, and Netsky.q.
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
