Peaches

Botnet C&C Server Hosted on Google Groups in order to thwart traffic filtering mechanisms "Malware researchers have discovered a computer trojan, which uses a private Google Groups newsgroup to receive updates and instructions from its authors. This threat suggests that cybercrooks are taking legit Web 2.0 services into consideration for C&C implementation. Last month, security researchers from Arbor Networks announced the discovery of a Brazilian banking trojan, which was receiving commands via a Twitter account and various pastebin services. Inspired by this finding, Vaclav Vincalek,

Turn an Old Floppy Into a Password Safe Rick Broida Think back. Wayyy back. Remember floppy disks? If you're like me, you've probably got a box of them in a closet, serving absolutely no practical use. (When was the last time you owned, or even used, a computer with a floppy drive?) Over at Instructables, there's a clever, and downright amusing, tutorial on turning an old disk into a password safe. No, not a digital repository for your passwords, but an actual "safe." See, I know plenty of people who can't remember their passwords for love nor money. They sign up for, say, eBay, then can't get

Slackware update for mozilla-firefox Highly critical Description: Slackware has issued an update for mozilla-firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, or compromise a vulnerable system. secunia advisories - http://secunia.com/advisories/36709/

Sep14 Bogus Profile in LinkedIn Leads to FAKEAV by Macky Cruz (Technical Communications) Research Manager Ivan Macalintal found a bogus profile in LinkedIn that appears as one of the search results when the keyword “obama” is used. Cybercriminals riddled the profile page with links. The .cn links lead to a URL under the y0utybe domain (notice similarity with the legitimate video-sharing site), which in turn leads to a URL (under the .com domain localtubeonline). Finally, the links land the user on familiar malicious territory–an .EXE download (file name flash-plugin_update.40069.exe). The sa

“See Who Blocked You on MSN” Phishing Attacks by Merianne Polintan (Anti-spam Research Engineer) We have received samples of a new phishing mail targeting users of MSN Messenger inviting them to see who deleted or blocked them from their contact list. Users would be interested to know who among their friends have deleted them from their lists. It is obvious that the intention of the cybercriminals is to harvest the user’s MSN Messenger login credentials. Afterwards, they can then continuously sends spam messages to the account or, worse, they can use the account for their malicious intent.

PandaLabs: Non-Delivery Report Email Spam Rises 2000% In August, 20 percent of spam messages exploited this technique Sep 14, 2009 | 09:24 AM London, September 14th, 2009 - In August 2009, PandaLabs recorded a 2000 percent increase in the amount of different NDR spam messages in circulation (compared to the number of samples detected between January and June this year). Twenty percent of global spam monitored by Panda Security uses this technique. An NDR (non-delivery report) is an email automatically sent by mail systems to advise senders of problems delivering their messages. These messa

14 September 2009, 10:52 Botnet discovered on Linux servers A network of hijacked Linux servers is apparently being used to distribute malicious software to Windows PCs. According to an analysis by web developer Denis Sinegubko, the comprised systems all have one thing in common: the light weight web server nginx is running and serving content through port 8080. Otherwise, these systems are inconspicuous and appear to operate quite normally. This new tactic was discovered when links to malware posted in China were replaced by dynamic DNS names from DynDNS.com and No-IP.com. The infected serve

A DETECTIVE STORY - SO PAY CLOSE ATTENTION: Three elderly ladies are excited about their first Yankees Baseball game. They smuggled a bottle of Jack Daniels into the game. The game is real exciting and they are enjoying themselves drinking Jack Daniels mixed with soft drinks. Soon they realize that the bottle of Jack Daniels is almost gone and the game has a lot of innings to go. Using the clues given, what inning is the game in and what is the status of the game? Think! Think some more! You're gonna love it ........ And the Answer is: It's the bottom of the fifth and the bags are

Chrome adds new defence for cross-site scripting attacks Google has released Chrome 4.0.207.0 for Mac and Linux into its developer channel (a.k.a. the Dev channel). In addition to several bug fixes, the latest Dev release of Google's web browser adds a new defence for cross-site scripting (XSS) attacks. The 4.0.207.0 release uses a reflective XSS filter that checks each script before it executes to check if the script appears in the request that generated the page. Should it find a match, the script will be blocked. According to Chromium developer Adam Barth, the developers plan to post an ac

Thanks, Canada: Facebook's 4 Big Privacy Fixes Jared Newman Pick on Canada all you want, but this week the country did good by muscling Facebook into making privacy changes. Our northern neighbors took the lead on scrutinizing Facebook's privacy policy and required alterations in accordance with Canada's privacy laws. Here are the four major privacy fixes we'll be seeing from Facebook, plus a couple privacy concerns that remain: Third-Party Data Mining Canada's concern: When you install an app, such as "Superpoke" or "25 Random Things," you're always asked to give the app developer full access

Apple's iPhone 3.1 anti-phishing ineffective? According to several reports, the new anti-phishing feature Apple introduced in iPhone OS 3.1 for its mobile version of the Safari web browser is unreliable. The new Fraud Warning feature (under Settings, Safari) is intended to warn users against opening fraudulent web pages. In a post to The Mac Security Blog, Apple security specialist Intego says that, while the anti-phishing feature in the desktop version of Safari successfully blocks malicious pages, the mobile version "simply does not seem to work". Dan Moren from Macworld also noted that the

September 11, 2009 11:44 AM PDT Hacker pleads guilty to ID thefts netting millions by Elinor Mills A 28-year-old Miami man who made millions breaking into computer networks and stealing credit card numbers pleaded guilty on Friday and agreed to forfeit more than $2.7 million in restitution, as well as a condo, jewelry, and a car. Albert Gonzalez, a former federal government informant and the alleged ringleader of one of the largest known identity theft cases in U.S. history, pleaded guilty (as expected) to 19 counts of conspiracy, computer fraud, wire fraud, access device fraud, and aggravat

How To Easily Install Ubuntu Linux On Any PC In this walkthrough, Senior Editor Robert Strohmeyer walks you through the steps needed to install Ubuntu--a popular Linux distribution and Windows competitor--on a PC. This fast, simple operating system runs well on limited system resources, boots quickly, and is very easy to operate. PCWorld Video ... http://www.pcworld.com/article/164927/how_..._on_any_pc.html

Ubuntu update for firefox and xulrunner Highly critical Description: Ubuntu has issued an update for firefox and xulrunner. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, or compromise a vulnerable system. Secunia Advisories - http://secunia.com/advisories/36710/

Apple unloads 47 fixes for iPhones, Macs and QuickTime Monster security patch batch By Dan Goodin Apple has issued fixes for more than 47 security bugs in the Mac, iPhone and QuickTime media player, some that allowed attackers to take complete control of the underlying device. The patches, which were released over a 24-hour period starting Wednesday, fix critical vulnerabilities in a variety software made both by Apple and third parties. OS X components included Alias Manager, CarbonCore, ClamAV, ColorSync, and CoreGraphics and Adobe Flash. The updates were available for both the Tiger and Le

September 9, 2009 Microsoft may rush out emergency patches Unpatched Microsoft bugs raise red flags Robert McMillan Microsoft has released its security updates for the month of September, but a couple of unpatched flaws have some security experts wondering if the software company will be forced to release an emergency patch sometime in the month ahead. Security researchers believe that an unpatched flaw in the SMB (Server Message Block) 2 software that ships with Windows Vista and Windows Server 2008 could turn into a major headache. Proof-of-concept code showing how the bug could be used to c

New Dell Adamo is world's thinnest laptop Concept design just 10mm thick at edge Agam Shah Hoping to generate some buzz around its Adamo laptops, Dell showed off an ultra-thin design on Wednesday that could heat up the race between PC makers trying to build the world's thinnest laptop. Dell put up a web page showing an Adamo that measures just 9.9mm (0.4 inches) at its thinnest point. That's almost half as thick as the current Adamo 13, which measured 16.39mm (0.65 inches) at its thinnest point. Dell insisted on calling the product a "design concept," however, and it wasn't immediately clear i

Here comes Windows 7 Windows 7 is scheduled for release at the end of October. Here's what you need to know between now and then. What the heck is Windows 7, and why should I care? Windows 7 is the new operating system from Microsoft that will replace Windows Vista...which was the new operating system from Microsoft that replaced Windows XP. The operating system is the heart and soul of your computer. It manages the hardware and software resources on a computer. It's what makes the computer understand what you type on the keyboard, and it's what makes your email program go get your email.

Sep10 2009 FakeAV for 9/11 by Jessa De La Torre (Threat Response Engineer) As the anniversary of the horrible September 11 attacks in The United States approaches, Trend Micro researchers donned their research coats and waited for the people behind FAKEAV to make their move. Predictably, they did not disappoint. Through SEO poisoning, users searching for any reports related to September 11 may find themselves stacked with Google search results that lead to a rogue AV malware detected by Trend Micro as TROJ_FAKEAV.BOH. full details at Trendmicro - http://blog.trendmicro.com/

Firefox Update will Remedy Flash Flaw Gregg Keizer, Computerworld Mozilla's next update for Firefox, slated to ship Tuesday, will check for outdated versions of Flash Player, a frequent target of hackers, the company said on Friday. The move is the open-source browser maker's opening salvo against out-of-date, open-to-attack plug-ins from vendors like Apple, Adobe, Microsoft and Sun. One security expert applauded the news. "This is a great way of improving the security of Web browsers," said Wolfgang Kandek, chief technology officer at security firm Qualys, in a blog entry Saturday. "Flash is

Apple QuickTime Multiple Vulnerabilities Highly critical Description: Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to potentially compromise a user's system. 1) An error in the parsing of H.264 movie files can be exploited to cause memory corruption. 2) An error in the parsing of MPEG-4 video files can be exploited to cause a buffer overflow. 3) An error in the parsing of FlashPix files can be exploited to cause a heap-based buffer overflow. 4) An error in the parsing of H.264 movie files can be exploited to cause a heap-based buffer ov

Red Hat update for seamonkey Highly critical Red Hat has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, or compromise a vulnerable system. http://secunia.com/advisories/36669/

FTP service of Microsoft IIS 5 and 6 vulnerable to attacks - Update 2 An exploit which allegedly enables attackers to obtain system privileges on a Microsoft server via its FTP service has appeared on the Full Disclosure mailing list. According to its author, "Kingcope", the vulnerability affects the FTP service of Microsoft's Internet Information Services 5 server suite, and apparently even affects version 6, which has "Stack Cookie Protection". No patch for the vulnerability is available so far. The source code of the exploit was published as a PDF file. First reports by independent securit

<H2 itxtvisited="1">Get a new browser</H2>With the constant talk about Firefox and IE, sometimes it seems as if there are no new browsers under the sun. Nothing could be further from the truth, though. Special-interest browsers are out there, and we've found three great ones with features that the big players forgot to add. Maxthon If you want a browser with absolutely every possible feature packed in, Maxthon is the browser for you. It's a power-user's browser, with just about every capability you can imagine - and no doubt many you've never heard of. For starters, its handling of

Review: Windows 7 RTM -- a closer look Now that Windows RTM is in the can, what is the final verdict? Is it worth upgrading? full story & screenshots - computerworld - http://www.computerworld.com/s/article/913...ok?pageNumber=1