Privacy, Security Archive

"The most active day for threat-related traffic worldwide is Tuesday, with Monday a close second, according to a report by SonicWALL. This pattern holds true for the U.S., China, India, Mexico, South Africa, Taiwan, Turkey, and several European countries. The most active time for threat-related traffic in the United States is between the hours of 10:00 a.m. and 11:00 a.m., Pacific Time. China and Taiwan top the list as the most heavily hit countries for worldwide threat-related traffic. Taiwan, New Zealand and South Africa are the countries most heavily hit with malware."

In the last year there have been a number of organisations offering rewards, or 'bounty' programs, for discovering and reporting bugs in applications. Mozilla currently offers up to $3,000 for crucial or high bug identification, Google pays out $1,337 for flaws in its software and Deutsche Post is currently sifting through applications from 'ethical' hackers to approve teams who will go head to head and compete for its Security Cup in October. The winning team can hold aloft the trophy if they find vulnerabilities in its new online secure messaging service – that's comforting to current users. So, are these incentives the best way to make sure your applications are secure?

Hacktivism and more profit-oriented malware, social engineering and malicious codes with the ability to adapt to avoid detection will be the main threats in the coming year, according to PandaLabs. There will also be an increase in the threats to Mac users, new efforts to attack 64-bit systems and zero-day exploits.

"As browser-based exploits and specifically JavaScript malware have shouldered their way to the top of the list of threats, browser vendors have been scrambling to find effective defenses to protect users. Few have been forthcoming, but Microsoft Research has developed a new tool called Zozzle that can be deployed in the browser and can detect JavaScript-based malware at a very high effectiveness rate."

Firesheep is a Firefox extension that makes it easier to steal logins and take over social media and email accounts after users log in from a WiFi hotspot or even their own unprotected network. Zscaler researchers have created, and are now offering to every consumer, a free Firefox plugin called BlackSheep, which serves as a counter-measure. BlackSheep combats Firesheep by monitoring traffic and then alerting users if Firesheep is being used on the network. BlackSheep does this by dropping ‘fake’ session ID information on the wire and then monitors traffic to see if it has been hijacked.

Well, this was to be expected: an anti-virus company complaining that Microsoft's Security Essentials - by far the best anti-virus tool for Windows - is anti-competitive. Microsoft recently began offering MSE as an optional download via the optional Microsoft Update service (which is not Windows Update), and Trend Micro (a patent troll) is going into boo-hoo mode over it.

A new version of the Zeus financial malware has added sophisticated new mechanisms to commit online fraud and remain the Trojan of choice for criminals. Zeus has not only improved its business logic but also its ability to avoid detection and automatic analysis by antivirus vendors. Just like commercial application developers, the creators of Zeus run an R&D program to ensure it can avoid detection and side-step the growing number of IT security mechanisms designed to detect, block and eliminate it.

Microsoft has released a free tool to help programmers test their regular expressions for vulnerability to denial of service attacks. The JSDL Regex Fuzzer, released by the software giant earlier this week, is designed to test programmers' regular expressions - a ubiquitous formal language for matching strings of text - for clauses that execute in exponential time and which stand the chance of being exploited for nefarious means.

In this video recorded at Black Hat USA 2010, Patrick Thomas, a vulnerability researcher at Qualys, discusses the open source web application fingerprinting engine BlindElephant he created. BlindElephant is a tool that helps security professionals and systems administrators identify everything running on their servers, including any web applications users may have downloaded. It doesn't check for vulnerabilities or vulnerability to a particular exploit, but rather what version of applications are running on their site. For each application that the tool will support, BlindElephant consumes a number of version directories. All files and directories are processed, and a hash is computed for each file. This hash is stored in a temporary table, along with the path and version of the application it came from. Accuracy of the tool was demonstrated by a large-scale survey on Internet-visible hosts.

An emergency out-of-band update for patching the critical LNK vulnerability has been released by Microsoft. "The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file," it says in the security bulletin.

Microsoft has released a free tool to bring newer security protections to older platforms and applications. The enhanced mitigation experience tookit (EMET) was announced at the BlackHat USA 2010 security conference in Las Vegas. EMET will be available from August and is designed to help block targeted attacks against unpatched vulnerabilities in platforms such as Windows XP and Windows Server 2003.

Personal details of 100m Facebook users have been harvested and published on the net by a security consultant.The list, which has been shared as a downloadable file, contains the URL of every searchable Facebook user's profile, their name and unique ID.BBC News

Microsoft confirmed the existence of a critical vulnerability in all supported versions of Windows. The new zero-day vulnerability is easily exploitable via USB storage devices, network shares or remote WebDAV shares. All that is required for exploitation is for the contents of the USB device to be viewed in Windows Explorer. Specially crafted shortcut (.lnk) files are allowed to execute code when the shortcut's icon is loaded to the GUI. An exploit targeting this vulnerability is currently in limited use and additional exploits are very likely in the coming weeks.

The most vulnerable and exploitable operating system ever!