By now most savvy Internet users have seen popups and other advertising warning that their computer is infected with a worm or a virus, but for a small fee and a quick download, that problem can be cleared right up! Unsurprisingly, these “scareware” offers are scams, hoping to dupe unwitting users into turning over money for what’s (at best) useless software. At worst, users may be literally paying to install software that compromises the security of their computer or even lets remote attackers take over the machine.
Tag Archive: security
iPhone Vulnerability, Mac OS X Rootkit Debut at Black Hat
The annual Black Hat security conference has gotten underway in Las Vegas, and, as promised, security researchers have detailed a technique that, in theory, could enable attackers to take over Apple’s popular iPhone using nothing by SMS messages which would be invisible to the iPhone’s owner. Apple has also took another hit on the chin with the demonstration of a proof-of-concept rootkit for Apple’s Mac OS X operating system, which—if exploited—could begin exposing the Macintosh to the kinds of malware nightmares Windows users have been enjoying for years.
New Chrome Version Fixes Bugs
With all the talk of Chrome OS, it’s easy to forget that Google also has a browser of the same name. Now it’s released a new version, 2.0.172.37, to the Beta and Stable channels, that fixes several minor bugs, including an update of the V8 Javascript engine.
More importantly, the new version plugs a pair of major security holes. One that had been found by the Google security team, allowed malicious code exploitation within the Chrome tab sandbox, and the other, a memory corruption in the browser tab process, could have been used by an attack to execute arbitrary code causing a crash of the browser tabs, which in turn would create another security hole for attacker to run code with the logged-on user privileges.
Mac Security Expert Identifies iPhone SMS Vulnerability
At the SyScan security conference being held in Singapore this week, Macintosh security expert Charlie Miller has outlined an SMS-based vulnerability in the Apple iPhone that could let attackers listen in on calls, access the GPS unit to locate the phone, execute arbitrary programs, and even let the phone participate in distributed denial-of-service (DDOS) attacks against other Internet sites via the Internet.
Miller didn’t go into significant detail on the exploit, although he planned to discuss the possible attack in greater detail at the Black Hat security conference later this month in Las Vegas, Nevada. Apple is expected to offer a patch for the vulnerability before then.
Microsoft Prepares to Test Free Antivirus and Security Tool
Microsoft is (by far) the dominant player in the computer operating systems market, but it’s always been a laggard in the computer security and antivirus arena. The company’s most recent foray into computer security—Windows Live OneCare—was greeted with little enthusiasm by the Windows security community—in fact, one antivirus evaluator decided to stop evaluating it altogether because it lagged so far behind the industry. Microsoft defended OneCare and continued its development, but the service failed to attract significant numbers of users and, eventually, Microsoft threw in the towel, announcing late last year it would stop selling OneCare subscriptions on June 30, 2009 and begin offering a free security and antivirus tool dubbed “Morro” around the same time.
Cybersecurity? Get A Former Hacker
If you want to catch the bad guys, employ someone who used to be one. That seems to be the thinking of the Obama administration. It’s employed Jeff Moss, aka Dark Tangent, on the Department of Homeland Security’s (DHS) Homeland Security Advisory Council (HSAC).
Moss started out as an illegal hacker in high school before going legit, and now works as a corporate security adviser. He initiated the set up the Black Hat and DEFCON computer conferences, and now he’s been pulled into government work, an indication that the current administration is taking cybercrime very seriously.
10 Updates For Patch Tuesday
There will be a total of 10 security updates tomorrow for Microsoft’s monthly Patch Tuesday, the company has said in its security bulletin.
Three vulnerabilities in Windows (affecting Windows 2000, XP, XP Professional edition, Vista, Server 2003 and Server 2008, Office 2000, 2003, 2007 and XP, and Microsoft Office 2004 and 2008 for the Mac) could let attackers elevate privileges, while another moderate vulnerability in Windows could enable information disclosure.
Other patches cover Office Excel Viewer; Office Word Viewer; Office Compatibility Pack for Word, Excel and PowerPoint 2007 File Formats; Works 8.5 and 9.0; and Office SharePoint Server.
Twelve Million Zombie Computers Since January
A new report from security company McAfee says that since January an estimated 12 million computers have been infected with malware and turned into zombies, making them part of botnets, and that these zombie numbers have increased by 50% since last year.
At 18%, the US hosts the largest number of infected machines, followed by China with 13%.
Jeff Green, senior vice-president of McAfee, said:
“The massive expansion of these botnets provides cyber-criminals with the infrastructure they need to flood the web with malware."
"Essentially, this is cyber-crime enablement."
Microsoft Delays Sterling Security Suite
Stirling, the integrated security suite that will bring together a number of elements, now won’t be available until the fourth quarter of this year, Microsoft has admitted.
In a blog posting, Microsoft’s Identity and Security team – the group behind Stirling – said that some components (Forefront Server Security for Exchange and Threat Management Gateway) would be available by year’s end, but that the Stirling management console, Forefront Client Security 2.0 and Forefront Security for SharePoint won’t be available until the first half of next year.
New Bill Would Increase U.S. Cybersecurity
A new bill has been presented to Congress aimed at setting computer security standards not only for government departments, but also for those private companies that control infrastructure, such as power or telephone communication.
Sponsored by Senators John D. Rockefeller IV and Olympia J. Snowe, the bill proposes the creation of a National Cybersecurity Advisor (NCA) who would have direct access to the president and the power to shut down any part of the infrastructure in the event of an attack.
