Join the God Side, Jesus is Coming…….

Archive for March, 2009

Discovered an XSS Bug in Twitter

Source: Spam Fighter

Eric Wastl and Lance James, Security Researchers at Secure Sciences Corporation (located at San Diego, US), have identified an XSS (Cross-Site Scripting) vulnerability in Twitter, influencing this widely used micro-blogging service.

The researchers state that anyone clicking on a maliciously designed web link on Twitter could enable an attacker to compromise the user’s account. Apart from an attack code, an attacker could take over the person’s PC by exploiting the XSS vulnerability.

Providing further details, the researchers said that the Cross-Site Scripting loaded page commonly offers a choice to those users following the link whether they want to be infected or not. Thus, the attack begins its operation only when it gets the acceptance signal from the user. A point of concern is that a sinister attacker could use this flaw to do even worse things. For instance, he could rearrange the attack in such a way that no alert windows surface, while the person could display sensational messages worthy of getting the user to click.

Download your free copy of SPAMfighter

– An Spam Filter for Outlook, Outlook Express and Windows Mail

Advertisements

iPhone OS 3.0 allows Skype over 3G

Source: Slash Gear

While an official Skype client for the iPhone was a welcome announcement, the news that carriers’ and Apple’s Terms of Service prevented VoIP calls being made over 3G connections put a dampener on things. Now it seems that Skype running on handsets using iPhone OS 3.0 is able to use a 3G link for voice calls, in addition to WiFi.

As standard, only WiFi connections should be available for Skype calls. It’s unclear what in OS 3.0 is confusing the software, but right now people aren’t complaining.

Video demo after the cut

Conficker Worm Targets Microsoft Windows Systems

Source:US-CERT

Public reports indicating a widespread infection of the Conficker/Downadup worm, which can infect a Microsoft Windows system from a thumb drive, a network share, or directly across a corporate network, if the network servers are not patched with the MS08-067 patch from Microsoft.

Solution

Instructions, support and more information on how to manually
remove a Conficker/Downadup infection from a system have been
published by major security vendors.  Please see below for a few of
those sites. Each of these vendors offers free tools that can
verify the presence of a Conficker/Downadup infection and remove
the worm:

Symantec:
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99

Microsoft:
http://support.microsoft.com/kb/962007

http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx

References

* Microsoft Windows Does Not Disable AutoRun Properly –
<http://www.us-cert.gov/cas/techalerts/TA09-020A.html>

* Virus alert about the Win32/Conficker.B worm –
<http://support.microsoft.com/kb/962007>

* Microsoft Security Bulletin MS08-067 – Critical –
<http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx>

* MS08-067: Vulnerability in Server service could allow remote code
execution –
<http://support.microsoft.com/kb/958644>

* The Conficker Worm –
<http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm>

* W32/Conficker.worm –
<http://us.mcafee.com/root/campaign.asp?cid=54857>

* W32.Downadup Removal Tool –
<http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99>

Tire of searching for a new job

Source: C-Net News

There are very few ways to view job openings, book a vacation, or find that perfect home without plowing through multiple websites and advertisements. Alertpedia is a useful website that saves you time by performing filtered searches based on what you’re looking for. The search results are delivered in the form of a daily, weekly, or immediate email. The best part? No sign-up required.

Let Alertpedia helps you.

Questions for Pwn2Own hacker Charlie Miller

VANCOUVER, BC — At the CanSecWest security conference here, I got a chance to sit down with Charlie Miller, the researcher who broke into a fully patched MacBook machine using a Safari code execution vulnerability.

We discuss the state of Web browser security, the vulnerability marketplace and the need for anti-exploit mitigations on modern operating systems.

More about it

Review about  pwn2own mac hack

Apple Mac Trojan caught on film

Source: timesonline

Another day, another virus warning, but this time it affects Macs as well as Windows machines.

It seems that the same band of Chinese hackers who’ve been churning out Trojans for Windows for years has now expanded its expertise to the Mac.

They do this by encouraging users to download desirable software. Installation, as ever, requires a user to input their system password. Bingo! The RSPlug-F Mac OS X Trojan is in your hard drive.

Watch the video

Panda Releases Free Conficker Vaccine

Source: Securitypronews

Earlier iterations of the Conficker worm were effectively shut down, but researchers have discovered that a new variant is set to launch April 1. Conficker’s signature attack is via USB drives, and Panda Security has released a free “vaccine” to immunize computers from infection.

Panda’s Conficker vaccine can be downloaded at the company’s website.

Tag Cloud