23:22 CSRF vulnerability allows Twitter follow abuseLast week, TechCrunch’s Jason Kincaid wrote about an obvious Twitter vulnerability that allowed a user called “johng77536″ to game the popular micro-blogging service to add thousands of followers (subscribers) in a short period of time.
The “johng77536″ account has since been disabled but a security researcher tracking Twitter security flaws and weaknesses has discovered a new [...] >>>
22:40 Security World: Findings of the E-threats landscape reportEighty percent of malware distributed worldwide consisted of Trojans according to the "E-Threats Landscape Report," the first in a series of comprehensive security threat studies published by BitDefen... >>>
Miscreants are actively exploiting a gaping hole in the internet's address lookup system that can cause millions of web surfers to receive counterfeit pages when they try to access online banking services and other types of websites.
20:01 Virus Center: Fake JetBlue eTickets come with malwareThe most common way a user gets infected these days is through drive-by downloads and while the prevalence of malicious email attachments definately has gone down, this trend is still seen on a daily ... >>>
The Storm Worm-ers seem to be lacking their usual creativity in respect to the usual social engineering attacks taking advantage of the momentum we're used to seeing. These days they're not piggybacking on real news items, they're starting to come up with new ones.
Storm's latest "FBI vs Facebook" campaign is an example of very badly executed one, lacking their usual fast-flux, any kind of social engineering common sense, as well as client side exploits next to centralizing all the participating domains on a single nameserver.
Strangely, the domain has been registered using an email hosted on a known Storm fast-flux node used in the recent 4th of July campaign and the U.S's invasion of Iran :
Administrative Contact:
Lee Chung lee@likethisone1.com
+13205897845 fax:
1743, 34
Los-Angeles CA 321458
us
This Storm Worm sample is also "phoning back home" over HTTP next to the P2P traffic, and trying to obtain the rootkit from the now down, policy-studies.cn /getbackup.php using already known Storm nameservers :
09:57 Security World: Forensics on the fly with ArcSight Logger ArcSight announced a new release of ArcSight that provides "forensics on the fly." This capability, now available across the entire ArcSight SIEM platform, enables IT and forensics teams to quickly c... >>>
09:00 Spam evolution: April – June 2008In the second quarter of 2008, the percentage of spam in mail traffic averaged 82.5%. By comparison, in the first quarter spam accounted for 88% of all emails. A high of 93.9% was recorded on April 9, with a low of 64.2% on May 3. >>>
Usenix Politically motivated computer attacks like the one last year that crippled network traffic in Estonia for weeks are likely to increase, and there's not much victims can do to stop them, a security researcher says.
This is an engaging and fascinating video presentation by Professor James Duane of the Regent University School of Law, explaining why -- in a criminal matter -- you should never, ever, ever talk to the police or any other government agent. It doesn't matter if you're guilty or innocent, if you have an alibi or not -- it isn't possible for anything you say to help you, and it's very possible that innocuous things you say will hurt you.
Definitely worth half an hour of your time.
And this is a video of Virginia Beach Police Department Officer George Bruch, who basically says that Duane is right.
Usenix When it comes to elections, California Secretary of State Debra Bowen opts for blander, more traditional technologies, and that preference is helping her sleep better at night.
00:57 Oh oh, I use AT&TNot that I’m surprised, but it appears that a DNS server at AT&T has been the first high profile targets of the DNS vulnerability discovered by Dan Kaminsky. I’ve been testing my internet connection every once in a while since I called out AT&T to patch last week and as of Monday it appeared [...] >>>
