Join the God Side, Jesus is Coming…….

Archive for December, 2008

Scammers Evade Spam Filters by ‘From’ Fields

Source: TrendLabs

Scam messages that purport to be from banks, government institutions, or even from certain individuals circulate the Web. Email messages where recipients are told that they have won a prize or are asked for donations would already be familiar to most Web users. Scammers, however, show no signs of slowing down using this technique.

The Trend Micro Smart Protection Network already blocks these spammed messages, protecting users from this threat. Non-Trend Micro users are advised to not trust unsolicited email messages. Rewards and cash prizes that seem too good to be true probably are.

Advertisements

Firefox Security Flaws Patched

Source: efluxMedia

Tuesday, Mozilla fixed several security flaws in their Firefox web browser, including six that were deemed as having been critical because they enabled hackers to hijack the browser’s users while they were surfing the Internet.

Firefox 3.0.5, the latest version Mozilla released, fixed numerous bugs that could have allowed hackers to run malware and thus shut down systems or steal information from an affected computer.

Another one of the critical flaws reported by Mozilla was related to the XBL binding and could have enabled attackers to violate the same origin policy and then run arbitrary JavaScript when the binding was attached to an Internet page yet to be loaded.

Along with the critical bugs, the 3.0.5 update also fixed a deemed by Mozilla as important vulnerability, which hackers could have exploited to redirect users to a malicious site in order for the former to conduct data-theft.

In addition, the Firefox version released Tuesday fixed a number of 10 errors in Firefox 2, updating the latter to version 2.0.0.19.

Mozilla announced that the release was the final one before officially pulling the plug on Firefox 2.0, adding that the Phishing Protection service protecting the browser’s users from malicious attacks would no longer be available for the older version of Firefox.

First “spyware” for iPhone

Source: Forbes

Careful, iPhone users: Your smart phone may be smarter than you think.

On Thursday researchers at Finnish cybersecurity firm F-Secure said they have spotted the first known instance of iPhone “spyware” called Mobile Spy, a piece of commercial software that sells for $99 a year.

Mobile Spy developer Retina-X Studios says the software can invisibly track the call logs, text messages and even the GPS data of any iPhone it’s installed on, allowing the eavesdropper to track the user’s whereabouts on a Web site that hosts the stolen data.  More…

Passwords a little easier but strong & effective

Source: Security Focus

Let’s be honest, passwords are annoying. These days, we need a password or PIN everywhere. We have so many that we can’t keep track of them all. We forget to update them; and when we do, it’s difficult to come up with effective ones that we can still remember, so we procrastinate changing them for months, even years. We all know this is bad, but the alternative – the painful, irritating password creation and memorization process – is sometimes more than we can tolerate. There is hope! Passwords don’t have to be complex cryptograms. A few simple methods can help make living with passwords a little easier.

Do NOT use when choosing passwords

1. Dictionary Words

2. Proper Nouns, or Foreign Words

3. Personal Information

A strong, effective password requires a necessary degree of complexity. Three factors can help users to develop this complexity: length, width & depth. Length means that the longer a password, the more difficult it is to crack. Simply put, longer is better. Probability dictates that the longer a password the more difficult it will be to crack. It is generally recommended that passwords be between six and nine characters. Greater length is acceptable, as long as the operating system allows for it and the user can remember the password. However, shorter passwords should be avoided.

Width is a way of describing the different types of characters that are used. Don’t just consider the alphabet. There are also numbers and special characters like ‘%’, and in most operating systems, upper and lower case letters are also known as different characters. Windows, for example, is not always case sensitive. (This means it doesn’t know the difference between ‘A’ and ‘a’.) Some operating systems allow control characters, alt characters, and spaces to be used in passwords. As a general rule the following character sets should all be included in every password:

  • uppercase letters such as A, B, C;
  • lowercase letters such as a, b,c;
  • numerals such as 1, 2, 3;
  • special characters such as $, ?, &; and
  • alt characters such as µ, £, Æ. (Cliff)

Depth refers to choosing a password with a challenging meaning – something not easily guessable. Stop thinking in terms of passwords and start thinking in terms of phrases. “A good password is easy to remember, but hard to guess.” (Armstrong) The purpose of a mnemonic phrase is to allow the creation of a complex password that will not need to be written down. Examples of a mnemonic phrase may include a phrase spelled phonetically, such as ‘ImuKat!’ (instead of ‘I’m a cat!’) or the first letters of a memorable phrase such as ‘qbfjold*’ = “quick brown fox jumped over lazy dog.”

In order to ensure their ongoing effectiveness, passwords should be changed on a regular basis.

Dumb Things IT Pros Do That Can Mess Up Their Networks

1: Don’t have a comprehensive backup and disaster recovery plan

2: Ignore warning signs

3: Never document changes

4: Don’t waste space on logging

5: Take your time about installing critical updates

6: Save time and money by putting off upgrades

7: Manage passwords sloppily

8: Try to please all the people all of the time

9: Don’t try to please any of the people any of the time

10: Make yourself indispensable by not training anyone else to do your job

Source: Global Knowledge

Hackers using antivirus to get into Computers

Source: Times of India

If you are using AVG, F-Secure (F-Prot), Sophos, ClamAV, BitDefender, Avast or any such easy-to-download antivirus software for your PC, it’s time you sat up and took notice. An information security company set up by IIT Kharagpur engineers has found hackers using these antiviruses to break into the system.

“An attacker first crafts an email with malicious payload and sends it to the target user. When the email is scanned by the vulnerable antivirus software it either crashes the antivirus software or executes arbitrary code resulting in complete security bypass and remote system compromise,” said iViZ vice-president (head of product management & marketing) Bala Girisaballa.

Home PCs

Fake email message “Mcdonalds wishes you Merry Christmas!”

Source: Help Net Security

PandaLabs report looks at the BankerFox banker Trojan, the Azero.B virus and the P2PShared.U worm, distributed through a fake McDonald’s email message.

Banker.LAX is designed to steal bank details.

Azero.B is a virus designed to infect executable files by inserting malicious code at the beginning of their code.

Tag Cloud