Computer Security Articles

PC World – Millions of Google Buzz users were contacted Tuesday by Google regarding a class-action lawsuit settlement stemming from an online privacy debate sparked by the search giant.

View full post on Yahoo! News: Security News

PC World – A security company has developed a free Firefox add-on that warns when someone on the same network is using Firesheep, a tool that has raised alarm over how it simplifies an attack against a long-known weakness in Internet security.

View full post on Yahoo! News: Security News

PC World – It was only a matter of time before tinkerers had their way with the hackable Apple TV, with one hacker making a custom weather app. Now, someone else has come along and added Mac media center Plex to the set-top box.

View full post on Yahoo! News: Security News

PC World – A computer security researcher says he plans to release code Thursday that could be used to attack some versions of Google’s Android phones over the Internet.

View full post on Yahoo! News: Security News

PC World – Microsoft’s Kinect motion controller for Xbox 360 has been out in the wild for 24 hours and what a bumpy ride it’s been so far. Before most stores had even opened their doors Wednesday morning there were reports that Kinect was having problems with its facial recognition technology. Later, Microsoft got a little testy when someone put a $2000 hacker’s bounty on the device, worries about availability appear to be overblown, and Kinect was torn apart to reveal the $150 device’s innards. Here’s a look at Kinect’s first 24 hours.

View full post on Yahoo! News: Security News

PC World – Hackers might crack or steal your password, but can they type like you?

View full post on Yahoo! News: Security News

PC World – “Freedom” may not be a concept that’s historically associated with Russia, but as for technology, the federation will soon be far freer than many businesses can even imagine–free from Windows, that is, and its legacy of high costs, malware, and perpetual hardware upgrades.

View full post on Yahoo! News: Security News

PC World – Earlier this week, a hardware hacker going by Rossum posted descriptions and photos of the RBox, which is currently the World’s smallest gaming console. The itty bitty analog joystick (lower right in the above photo) on the top is powered by a lithium cell battery as is the mainboard on bottom, and the whole assembly is about the size of a Quarter.

View full post on Yahoo! News: Security News

PC World – Attempts by Dutch authorities to take down the massive Bredolab botnet captured headlines this week, with infected PCs downloading fake antivirus software at week’s end, and news surfacing that the suspected ringleader of the botnet was bringing in up to €100,000 (US$139,000) a month from his alleged illegal enterprise.

View full post on Yahoo! News: Security News

PC World – Dutch authorities say more arrests related to the Bredolab botnet may occur as investigators continue to examine the business arrangements behind the cybercrime operation.

View full post on Yahoo! News: Security News

PC World – A massive takedown operation conducted by Dutch police and security experts earlier this week does not appear to have completely dissolved the Bredolab botnet, but it is unlikely to recover.

View full post on Yahoo! News: Security News

PC World – Armenian authorities arrested a 27-year-old man on Tuesday on suspicion of running a large botnet that was dismantled after a unique take-down operation by Dutch law enforcement and computer security experts on Monday.

View full post on Yahoo! News: Security News

PC World – Russia has reportedly launched its first-ever criminal case related to spam against a man accused of running one of the world’s most prolific pharmaceutical spam operations, according to local news reports.

View full post on Yahoo! News: Security News

PC World – Some malware attacks are exceedingly clever and innovative, while others just rely on tried and true techniques that are fairly reliable no matter how much users are told to avoid them. AppRiver is reporting a new threat that falls into this latter category–a fake DHL shipping receipt designed with a malicious file attachment.

View full post on Yahoo! News: Security News

Learning to Speak

Imagine a world where people just learned to speak. The populace rejoyces from the sharing of stories and jokes. People exchange opinions and know-how in new and exciting ways. Who is unhappy about the development of vocalized words? The data guardians: information security personnel, corporate compliance officers and risk managers. It is just too hard to control access to sensitive materials when sound travels freely, they complain. Loose lips sink ships, the saying goes.

Learning to Write

Imagine a world where people just learned to write. Information flows at unprecedented rates, with written manuals codifying best practices and poems lauding the world and its people. Infosec and their colleagues are concerned. Its too easy to leak data now. What about compliance with confidentiality agreements and regulations? How will we keep auditors at bay? Written words are for nerds, they proclaim, hoping to rein in the written menace.

Learning to Internet

Imagine a world where people across the world share thoughts instantaneously and cheaply. Ideas flow regardless of geographic boundaries. Keeping in touch with friends is as easy as glancing at a mobile device in the palm of your hand. That is the world of Internet social media and social networking. We’re living in it now. Information security professionals are, of course, concerned. On-line sharing makes enterprises weary.

Making Sense of the New World

Of course, I am unfairly vilifying infosec individuals, among whose ranks I work and play. We operate as part of an IT risk management ecosystem and are paid to be cautious. It is natural for us to worry about data controls. This is especially true when the technological and cultural forces that encourage data sharing are ahead of information protection tools and processes.

Yet, people are social creatures who will continue to interact with each other in novel ways despite corporate policies. Infosec can join the conversation and understand the new communication media. Together with our colleagues we can find a way to exchange data in innovative yet responsible ways. Collaboration is our salvation. Cliché, I know.

— Lenny Zeltser

View full post on Lenny Zeltser on Information Security

By now, Web sites related to "Canadian Pharmacy" are well-known to email users around the globe, many of whom have had the "pleasure" of receiving spam messages offering a way to buy cheap medications.

Recently, Websense Security Labs™ ThreatSeeker™ Network came across what looks like a newer variant: "World Pharmacy".

What's interesting about this campaign is that it uses links to compromised Web sites, which in turn redirect to the World Pharmacy affiliate site. So far, it seems that the compromised pages contain only a simple redirect, but there's no guarantee that the campaign will remain this benign. The wide variety of compromised sites (Web Hosting, Nepal Government office site, English school, and more), suggests that the spammers want to use the good reputation of legitimate sites to get their message across.

Websense customers are proactively protected against this spam by our Advanced Classification Engine -  ACE.

This particular variant arrives through email with various subject lines, like:

More energy for affairs
Your powerful uprise will excite women
Prevent ero-failures
Show her your potential
Stop ruining yourself
Buy macho-doping online
Make her joy stronger
Dreaming of being number one for her?
Huge success in male augmentation
Magnesium oxide replenishment to your organism.
Secret of lasting acts of love
Secret of male victories

The email tries to endear itself to the recipient by addressing the reader as Dear <user name from the recipient's email address>,

After such a personal opening, who can resist clicking on the link text, which ranges from male enhancement offers to a generic registration confirmation, or "Would you believe that?" and similar ploys.
To get around mail content filters, the text doesn't use explicit product names or overly objectionable expressions.

To add another bit of legitimacy, the footer clearly states that the senders are committed to your privacy, and that you can unsubscribe at any time. Of course, all the links in the footer point to the same compromised page with different parameters.

The compromised pages contain a simple redirect, as mentioned above, to a Web site registered to one "Vladislav Petrenko" from Moscow, who seems to have an affinity for the registration of spam domains…

In this case, Websense customers are protected by multiple layers: Websense messaging products recognize patterns in the messages and links; the Hosted products also identify abnormal network activity; and real-time Web protection prevents the user from accessing the links in the mail, thus avoiding the final redirection target.

As always, be careful of links in unexpected emails. They often lead to spam, malware, or other unwanted content.

View full post on Security Labs

PC World – Get productive with our picks for powerhouse software, including Microsoft Office 2010, PC Tools Internet Security 2011, and Adobe Creative Suite 5.

View full post on Yahoo! News: Security News

PC World – Ever find yourself deleting some files to make room for your overgrown media collection? Thanks to a new hack from a Russian PC enthusiast you should have plenty of room for your MP3 collection, along with the collections of everybody else you know. The hack consists of an array of 60 hard drives and the whole thing holds a whopping 70 terabytes of data.

View full post on Yahoo! News: Security News

PC World – Microsoft Security Essentials is fake. Well, it is and it isn’t. Microsoft Security Essentials is a free antimalware protection program from Microsoft, but a new malware threat identified by security software vendor F-Secure is also masquerading as Microsoft Security Essentials. You want to avoid that one.

View full post on Yahoo! News: Security News

PC World – IBM has developed a new rootkit-detection system designed to make it easier to detect malicious attacks on virtualized data centers.

View full post on Yahoo! News: Security News

PC World – New adware companies are increasingly targeting Facebook, Twitter, and other popular social networking sites as a means of distribution. The share-friendly environment of such sites is ideal for spreading adware and trackware through third-party applications, which often hide their true intent.

View full post on Yahoo! News: Security News

Learning to Speak

Imagine a world where people just learned to speak. The populace rejoyces from the sharing of stories and jokes. People exchange opinions and know-how in new and exciting ways. Who is unhappy about the development of vocalized words? The data guardians: information security personnel, corporate compliance officers and risk managers. It is just too hard to control access to sensitive materials, they complain. Lose lips sink ships, the saying goes.

Learning to Write

Imagine a world where people just learned to write. Information flows at unprecedented rates, with written manuals codifying best practices and poems lauding the world and its people. Infosec and their colleagues are concerned. Its too easy to leak data now. What about compliance with confidentiality agreements and regulations? How will we keep auditors at bay? Written words are for nerds, they proclaim, hoping to rein in the written menace.

Learning to Internet

Imagine a world where people across the world share thoughts instantaneously and cheaply. Ideas flow regardless of geographic boundaries. Keeping in touch with friends is as easy as glancing on a mobile device in the palm of your hand. That is the world of Internet social media and social networking. We’re living it now. Information security professionals are, of course, concerned. Internet sharing makes enterprises weary.

Making Sense of the New World

Of course, I am unfairly vilifying infosec individuals, among whose ranks I work and play. We operate as part of an IT risk management ecosystem and are paid to be cautious. It is natural for us to worry about data controls. This is especially true when the technological and cultural forces that encourage data sharing are ahead of information protection tools and processes.

Yet, people are social creatures who will continue to interact with each other in novel ways despite corporate policies. Infosec can join the conversation and understand the new communication media. Together with our colleagues we can find a way to exchange data in innovative yet responsible ways. Collaboration is our salvation. Cliché, I know.

— Lenny Zeltser

View full post on Lenny Zeltser on Information Security

PC World – Two weeks after law enforcement broke up one of the criminal gangs behind the Zeus malware, Microsoft has taken steps to make it harder for criminals to install the software on PCs.

View full post on Yahoo! News: Security News

PC World – The ZeuS “crimeware toolkit” has made recent headlines lately by garnering attention of the FBI, and for the new components that allow hackers to break into BlackBerry and Symbian phones.

View full post on Yahoo! News: Security News