We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Attackers could exploit two "serious" security holes in the Telnet program supplied with MIT Kerberos 5 to cause a buffer overflow and launch malicious code, the Massachusetts Institute of Technology's (MIT) Kerberos Team warned in an advisory.
While most e-mail users are on guard against viruses, they are far too casual about instant messages, says Sophos security analyst Greg Mastoras. "Virus writers like to exploit low-hanging fruit, and IM is a low-hanging fruit."
Brazilian police last week arrested the suspected kingpin of a gang which looted an estimated $37m from online banking accounts. Valdir Paulo de Almeida allegedly masterminded a scam to raid accounts using a Trojan horse sent by email to thousands of victims, mostly Brazilian.
First came phishing scams, in which con artists hooked unwary internet users one by one into compromising their personal data. Now the latest cyberswindle, pharming, threatens to reel in entire schools of victims. Pharmers simply redirect as many users as possible from the legitimate commercial websites they'd intended to visit and lead them to malicious ones. The bogus sites, to which victims are redirected without their knowledge or consent, will likely look the same as a genuine site. But when users enter their login name and password, the information is captured by criminals.
Robert Lyttle, one of two hackers behind the Deceptive Duo team responsible for a number of network breaches in 2002, including a U.S. Navy database, has decided to plead guilty to the charges filed by the U.S. Attorneys' Office last year, according to documents filed in the case. The plea agreement between federal prosecutors and Lyttle in the case U.S. v. Robert Lyttle will be entered in U.S. District Court, Northern District of California, Oakland Division, Friday afternoon as part of a change of plea hearing. Kyle Waldinger, the assistant U.S. attorney listed on the agreement, was not available for comment at press time.
Phishing Attacks reported by members of the Netcraft Toolbar community show that many large banks are neglecting to take sufficient care with the development and testing of their online banking facilities. Well known banks have created an infestation of application bugs and vulnerabilities across the Internet, allowing fraudsters to insert their data collection forms into bona fide banking sites, creating convincing frauds that are undetectable to most customers. Indeed, a personal finance journalist writing for The Motley Fool was brave enough to publicly admit to having fallen for a fraud running on Suntrust's site and having her current account cleaned out. It's a reasonable premise that if a Motley Fool journalist can fall for a fraud, anyone can.
The computer breach at consumer data broker Seisint raised identity theft in the United States to crisis proportions Thursday, a day after the second major data broker disclosed that its database containing a plethora of private information on virtually every American was compromised. LexisNexis' Seisint division and rival ChoicePoint, each with large computer centers in Boca Raton, sell consumers' addresses, Social Security numbers, driver license numbers and other personal information stored in electronic databases. These firms operate free from government regulation. That's almost certain to change as Congress is asking why this sensitive consumer information is not secured from computer hackers who are intent on stealing people's identities.
Access the Internet using an unprotected personal computer and a hacker will be “knocking at the door
F-Secure has become the latest security firm to be embarrassed by a flaw in its flagship security product line, but the company manged to patch the flaw while it was still only 'theoretical' F-Secure has released a patch for a serious flaw in its antivirus products, the second time in a week a security company has warned of a risk in its software.
Hackers forced the state to pull down its Web site Tuesday, but officials said no private information was compromised. However, the hacker left the message "Look what I can do!" For most of the day, visitors to nh.gov saw a message that the site was down for maintenance, posted after hackers go into a server sometime after midnight.
A manhunt for the alleged Filipino hacker of the government portal "gov.ph" and other government websites was launched after the suspect went into hiding, the police said Tuesday. Judge Antonio Eugenio of the Manila Regional Trial Court ordered the arrest of a certain JJ Maria Giner on January 24, 2005 for violating section 33a of the Electronic Commerce Law. Giner remains at large to date however.
Three unpatched flaws in Internet Explorer now pose a higher danger, a security company warned, after code to exploit one of the issues was published to the Internet. Secunia said Friday that it had raised its rating of the vulnerabilities in Microsoft's browser to "extremely critical," its highest rating. The flaws, which affect IE 6, could enable attackers to place and execute programs such as spyware and pornography dialers on victims' computers without their knowledge, said Thomas Kristensen, Secunia's chief technology officer.
A vulnerability within Microsoft's WINS (Windows Internet Naming Service), a component of popular server software such as Windows Server 2003, has been heavily exploited since the last day of 2004, several security organizations reported Tuesday.
Almost a month after Microsoft released a fix for a security issue in the WINS (Windows Internet Name Service) name server, malicious exploits continue to haunt tardy network administrators. According to an alert from the SANS ISC (Internet Storm Center), there has been a startling increase in hacker probes directed at TCP port 42 and UDP 42, which handle WINS services. "If you have not patched your WINS servers in respective companies or campuses, beware. Patching these systems is now overdue," the center warned.
Malware used to be easy to detect and avoid. Virus writers would attach a malicious programme to an e-mail and distribute it as widely as possible. If any of the recipients opened the attachment, the virus could delete system and data files, search for confidential information and propagate itself on the local network. In those simple days, viruses were like vampires -- as long as you didn't invite them in, they couldn't do you any harm. If you refrained from opening e-mail attachments from strangers, then you were safe.
The source code for the most prevalent worm targeting mobile phones has been made public, a dangerous disclosure that may lead to more effective attacks. The source code for the most prevalent worm targeting mobile phones has been made public, security firms announced Wednesday, a dangerous disclosure that may lead to more effective attacks. Cabir, which first appeared in June, uses Bluetooth to infect smart phones running the Symbian operating system. Disguised as a security utility, Cabir itself doesn't do any permanent damage, but it has been used to deliver other malicious codes, such as the Skulls Trojan horse, to phones.
It took hackers less than a week to produce a working exploit that attacks a new, unpatched vulnerability in Microsoft's Internet Explorer, security firms said Tuesday.
Malware authors on Christmas day left dubious "gift" packages in e-mailboxes across the Internet. Fresh attacks, which took advantage of old Internet Explorer bugs, as well as new versions of the Santy worm fouled the holidays for some Windows users and PHP server admins. A posting on the Full Disclosure mailing list described a new attack that can proceed without user intervention. Called "Microsoft Internet Explorer Full Remote Compromise w/o User Intervention," the exploit is based on old vulnerabilities in Internet Explorer in Windows XP SP2 (Service Pack 2).
A Chinese security group has released sample code to exploit two new unpatched flaws in Microsoft Windows. The advisory comes in the week before Christmas, a time when many companies and home users are least prepared to deal with the problems. Security firm Symantec warned its clients of the vulnerabilities on Thursday, after the Chinese company that found the flaws published them to the Internet. One vulnerability, in the operating system's LoadImage function, could enable an attacker to compromise a victim's PC when the computer displays a specially crafted image placed on a Web site or in an e-mail. The other vulnerability, in the Windows Help program, likewise could affect any program that opens a Help file.
Students of iconoclastic computer scientist Daniel Bernstein have found some 44 security flaws in various Unix applications, according to a list of advisories posted online. The flaws, which range from minor slipups in rarely used applications to more serious vulnerabilities in software that ships with most versions of the Linux operating system, were found as part of Bernstein's graduate level course at the University of Illinois at Chicago.
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
