Computer Security Articles

While surfing the internet, I suddenly landed on a link where I found a very interesting article, by Jeff Jones, about “BROWSER VULNERABILITY ANALYSIS OF INTERNET EXPLORER AND FIREFOX”. Although the article is pretty old (2007) but yes its very interesting and worth reading. I am posting a few excerpts from the article. BROWSER VULNERABILITY [...]

Read the full story

Article Topics & Links: Microsoft Information Security Tools Team  Website | RSS Feed Anti-XSS Library v3.1 Released!  – 17-Sep-2009 Introducing the Connected Information Security Framework and Risk Tracker  – 16-Sep-2009 Want to Develop Software Security Tools?  – 16-Sep-2009 Want to Shape Great Security Tools ?  – 15-Sep-2009 CISF Security Portal Architecture  – 15-Sep-2009 Automating Windows [...]

Read the full story

  View full post on .:: Malware Info ::.

Read the full story

Heap spraying is a technique which is implemented using Javascript and the sole purpose is arbitrary code execution. Although heap spray exploits has been in use since 2001 but since 2005 a more widespread use of this technique is seen in exploits targeted for web malwares. Let us now see what actually heap spraying is [...]

Read the full story

Are you using an older operating system? If you are, your computer is more susceptible to infections from bot-related malicious software. That’s according to the just-released Microsoft Security Intelligence Report covering the first half of 2010. Read about this and other key findings in the report, which focuses on the battle against botnets. The report [...]

Read the full story

Internet Explorer 9: Designed to help the web development community create rich, interoperable, standards-compliant web applications by providing the platform, tools, and features for the future web. Tune in to this exclusive webcast series on Internet Explorer 9 to explore cool new features of this next generation browser and to create the next big thing [...]

Read the full story

PC World – Microsoft Security Essentials is fake. Well, it is and it isn’t. Microsoft Security Essentials is a free antimalware protection program from Microsoft, but a new malware threat identified by security software vendor F-Secure is also masquerading as Microsoft Security Essentials. You want to avoid that one. View full post on Yahoo! News: [...]

Read the full story

Facebook Thursday announced that it will start encrypting User IDs before they are transmitted to third-party Web sites. View full post on Computerworld Security News

Read the full story

Microsoft Security Essentials is fake. Well, it is and it isn’t. Microsoft Security Essentials is a free antimalware protection program from Microsoft, but a new malware threat identified by security software vendor F-Secure is also masquerading as Microsoft Security Essentials. You want to avoid that one. View full post on Network World on Security

Read the full story

Google on Friday said that it collected entire e-mails, URLs, and passwords when its Street View cars accidentally sniffed unencrypted Wi-Fi networks. View full post on PCMag.com Security Coverage

Read the full story

We need to comply with .. is a phrase that will send quivers of fear, loathing, despair, or joy through many a security person’s body. Fear, because you have been through it before and know what is around the corner. Despair and loathing, because you are told to to the basic minimum to comply rather [...]

Read the full story

ThinkPoint is a new addition to the long list of rogue antivirus programs. ThinkPoint uses fake codec download tricks for its distribution. Once installed, it shows a fake “Microsoft Security Essentials Alert” popup box showing a non-existent threat. ThinkPoint adds a Winlogon Shell registry entry, so that ThinkPoint starts up instead of Windows Explorer during [...]

Read the full story

ODbgScript is a plugin for OllyDbg, which is, in our opinion, the best application-mode debugger out there. One of the best features of this debugger is the plugin architecture which allows users to extend its functionality. ODbgScript is a plugin meant to let you automate OllyDbg by writing scripts in an assembly-like language. Many tasks [...]

Read the full story

“Memory-scrapping malware is malicious software designed to examine memory of sensitive processes and extract data that would otherwise be unavailable in persistent storage.” – Slightly paraphrasing Anand Sastry’s definition from his article on credit card data compromises via memory-scraping malware. View full post on Lenny Zeltser on Information Security

Read the full story

Cydia Store is similar to Apple’s App Store, except it’s for jailbroken iPhones. There’s a wide variety of free apps on Cydia and dozens of commercial applications on Cydia Store. By browsing the available applications in Cydia, you’ll find gems like these: OwnSpy? Remote iPhone Spy? Let’s take a closer look. The website of the [...]

Read the full story

“Warpigs” from group “m00p” pleaded guilty today at the Southwark Crown Court in London. We here at F-Secure are happy to get some closure on this long case, with which we’ve been working for a number of years. This malware group produced several different malware families over several years. They were created for financial gain. [...]

Read the full story

Last year, I wrote briefly about the Dr. Kent case. I made the point that this statement was absolutely false: Under questioning by Kent’s attorney, D. James O’Neil, Investigator Barry Friedman said he had found evidence of some viruses, so-called “trojans” and other unwanted software on Kent’s computer when he analyzed its hard drive at [...]

Read the full story

Microsoft fixed a record number of vulnerabilities in its October Patch Tuesday. The company issued 16 bulletins to patch 49 separate vulnerabilities. All versions of Windows from Windows XP up to the latest versions, Windows 7 and Server 2008 R2, are affected. In addition, various security flaws in Microsoft Office were also fixed, as versions [...]

Read the full story

This is the last segment in the series. To begin with, I have a question for you… What do you call a device that has a 1 gigahertz microprocessor, 512 megabytes of RAM, several gigabytes of solid state storage, runs programs, can be programmed, and can access the internet? Sound a bit like a Netbook, [...]

Read the full story

Learn how to remove any virus, spyware or malware manually using the Botts Technique. No software to buy and takes only a few minutes. Need expert help? Visit exids.com for manual virus removal help. The Botts Technique is a ground breaking virus and spyware removal method that every technician should know about. It requires only [...]

Read the full story

Security   Microsoft Malware Protection Center  Website | RSS Feed Prehistoric Virtual Machines  - 08-Oct-2010 Microsoft Security Response Center MSRC  Website | RSS Feed Advance Notification Service for October 2010 Security Bulletin  - 07-Oct-2010 Security Bulletins Comprehensive  Website | RSS Feed Microsoft Security Bulletin Advance Notification for October 2010  - 07-Oct-2010 Security Products Forefront   Forefront Product Suite  Website | RSS Feed Microsoft acquires [...]

Read the full story

ASP.NET Security Update Shipping Tuesday, Sept 28th An hour ago Microsoft released an advance notification security bulletin announcing that we are releasing an out-of-band security update to address the ASP.NET Security Vulnerability that Scott has blogged about this past week.  The security update is fully tested, and is scheduled for release tomorrow – Tuesday September [...]

Read the full story

Before I begin, I would like to say that, the actual reason behind the hue and cry about this vulnerability is the fact that the Microsoft Security Advisory 2416728 quoted that this vulnerability can be "further exploited to view data, such as the View State, which was encrypted by the target server, or even read [...]

Read the full story

The below post shows the exception event that shows signs of the attack in progress. Also, found some Dynamic IP Restriction module for IIS 7 that can be used to block this attack.   Exception event that this attack would triger:   What would an attack look like on the network or in my logs? [...]

Read the full story