Source: Network World - Posted by Eckie Silapaswang
Musicians are constantly reinventing themselves in an attempt to "keep up with the times" - noone wants to be that oldies band / artist. Malware and worms do the same, this time through emailing sensationalist headlines that are too juicy to not click on. Read on for a quick overview of how worms have no vacations as well as an interesting point about these new attacks trends - they keep up with our time to stay relevant. Even the message bodies are conformed to 2007!
Robert Hansen provides us a very intriguing paper on web application security by focusing on the attacks on intranets through web browsers. This is not to say that all servers will be vulnerable to the attacks described in the paper, rather that the web servers act as a proxy to enable certain forms of probing and attacks. Read on for a more detailed account of an increasing trend of internet hacks.
Even with the latest layers of security in spam and virus filtering, there is still the threat of social engineering attacks that lay waste to the best security systems possible. Enter the latest Botnet attacks, this time using YouTube and "confirmation spam" as bait for unsuspecting users to infect their systems. In the world of social networking and Web 2.0 where everything "just works", how do you reach users who still believe that Windows is the internets and explain to them what social engineering is?
Source: The Inquirer - Posted by Eckie Silapaswang
Careful with your graphics cards - if you run Gentoo Linux and use Nvidia drivers, you could be leaving yourself open due to bad file permissions on default driver settings. Be sure to get the latest updates to the driver - unless you enjoy having your clock frequencies tuned way up by malicious hackers.
Source: Network World - Posted by Eckie Silapaswang
Everyone wants to make sure their financial institution is secure - the bank has security cameras, their websites use the strongest encryption algorithms, the works. What do you do when another store of your own personal wealth is compromised? What if this store of wealth is your very own identity along with your entire history of accomplishments? Read on to find out why security just isn't for "banks and money" and such - the very place people invest their hopes and dreams in gaining a better career is at risk.
Avinti, a developer of proactive e-mail security solutions, has issued a security alert about a new e-mail attack that disguises malicious code behind a seemingly harmless e-greeting.
Is this just another one of theses attacks which tries to trick users in downloading a virus? What I found interesting that the articles states that theses types of emails should not be considered Spam. What do you think? This also brings up the question should spam filter's try to block theses emails or is it the responsibly of anti-virus software?
Source: Computer World - Posted by Eckie Silapaswang
This just shouldn't be happening, no matter your side of the political fence. Last Sunday resulted in the UN website being publicly defaced with political messages from the hackers. I'm saying this shouldn't be happening because the attackers used an SQL injection attack against a reported "very common vulnerability". These types of attacks are "fairly easy to avoid and very surprising to find in such a high profile site". No matter what wing we fall under, security specialists should always fall under the role of doing your job, and making sure common holes like these are patched and secured.
Source: Network World - Posted by Eckie Silapaswang
Robert Moore, a 23-year old hacker from Washington, summarizes his $1 million heist of VoIP minutes. His methods involved brute-force attacks against Cisco XM routers and Quintum Tenor voice gateways in order to gain access and route calls through them. Just to clarify (FTA) - the attacks could easily have been prevented if the default passwords were changed on the routers. Even so, read on to find out how he confused the intrusion detection systems, how he gained the address to attack, and how he knew which attacks to send to which ports.
Source: Computer World - Posted by Eckie Silapaswang
This article brings up two interesting questions - should vendors place bounties on zero-day exploits in order to get a jump ahead in developing the signatures for the attacks? What if these signatures could be reversed-engineered to create an even deadlier exploit? Read on for a look into the cat and mouse chase of security vendors attempting to gain the upper hand on shutting down zero-day attacks, only to have their defense used against them. How do you feel about bug bounties?