archives
April 2010

Protecting Against Password Reset Attacks

As I previously blogged today, the hacker who broke into Sarah Palin’s Yahoo account was convicted on two charges. The way that David Kernall gained access to Palin’s email account was by trying to log into  her account, saying “I forgot my password” and then he correctly answered the password reset questions. Some of the

Sarah Palin’s Email Hacker Convicted.

A jury handed down a mixed verdict in the case of David Kernall, who hacked into Sarah Palin’s Yahoo email account. Kernall used a password reset attack to break into Palin’s Yahoo account, something that wouldn’t have happened if either Yahoo had been using reasonable security practices at the time, or if Palin would have

Monthly ThreatSense Report: What Do You Think?

In March 2010 we changed the format of this document, as we found that some people thought it was just a list of the top ten threats, which hasn’t been the case for a long while. Of course, those data are still included, but we’ve moved them to the end of the document. As you’ll

Apple may or may not equal security

iPad and iPhone development and security issues are across the blogosphere and traditional media today. Starting with some interesting antivirus industry news concerning the iPad… Apple iPad users are being offered a security program to scan their new device for vulnerabilities and rogue software should such things emerge as threats. Hailing it as the first

Geek with an edge: Gordon Snow, Asst. Dir. FBI Cyber Division

it’s anyone’s guess whether 24’s Jack Bauer would win in a faceoff against the new FBI Cyber Crimes Top Cop, Gordon Snow. Give this guy the data from the malware and he’s sharp enough to take the information and form a counterintelligence strategy and also reach into the black bag for which snake-eating team he

Privacy: Lawsuit Alleges School Used Webcams to Lurk in Students’ Homes

Wow. File this under ‘how stupid thoughtless can any one person in a position of absolute power be…’ One school official abuses the built-in webcam access used with anti-theft software [legal malware] which they had packaged onto school laptops… to their own detriment. What sparked the discovery was Assistant Principal Lindy Matsko's assertion in early November that

Privacy: Can’t We All Just Get Along?

My assessment is that this could be a strong leap forward in support of Community Driven Open Source Privacy. Another assessment is that if corporate decision makers aren’t incentivized either internally by a supportive Corporate Culture or externally by regulation, getting the entire grip on cybersecurity is going to be difficult if not impossible. One final assessment is that this gap is crying out for a Cybersecurity / Personal Data Security BBB-type organization’s seal of approval to provide comfort to those who frequent the business. The hard question comes into how scalable this could be.

European Cybercriminal Gangs Target Middle America SMBs

 Better get your CFO to review UCC Article 4A and realign protocols with your business bank – The clear and present danger to our banking through malware hits at the heart of our economy: the SMB. Stealthy malware-based theft of funds start the clock ticking much quicker than most SMB owners realize and without action

FBI Cyber Division Warns About Social Networking

In response to questions I heard this weekend from friends of mine about the ‘big picture’ relevance of the 1.5 million Facebook accounts compromised, I referred back to last month’s FBI speech from Dep. Asst. Dir. Chabinsky: “Don't be surprised if a criminal compromises your or one of your colleague's personal social networking accounts to

Facebook checked out, 1.5 million accounts overdue for password changes?

The Internet is abuzz with the announcement from Verisign’s iDefense Labs that a criminal hacker on a Russian forum who goes by the nom-de-plume "Kirllos" (Carlos?) is selling the credentials for 1.5 million Facebook accounts in batches of a thousand for between $8 and $30, depending upon their quality (which, in this case, means dates

Community Driven Privacy and Facebook: PC / Mac / iPhone Dependent?

Is online privacy with Facebook technologically agnostic or can different rules apply if you post with your iPhone or other Smartphone? Are early adopters somehow compromised with their mobile device usage? Can a social media company make money while adopting user-driven privacy which impacts their revenue potential and shareholder value?

McAfee FP news misused for more SEO poisoning

We're now seeing a fiercely concentrated Blackhat SEO campaigns exploiting the McAfee False Positive (FP) problem. Juraj Malcho, our Head of Lab in Bratislava, reports that in a Google search like the one I've screendumped above, he got three malicious hits in the top ten (the same ones captured here: of course, the malicious domain

McAfee and SEO poisoning: there but for the grace…

ESET is not going to try to capitalize on McAfee's unfortunate false positive problem (and nor, I'm sure, is any other reputable vendor). Such problems can arise for any AV vendor: it's an inevitable risk when you're trying to walk the line between the best possible detection of threats and avoidance of false detections (someone please

Top 10 signs your computer may be part of a Botnet

There are few signs that indicate your computer is part of a botnet that might not be indicating something else. Any malware can cause almost all of the same symptoms that a bot can. Sometimes conflicts between programs or corrupted files can cause the same symptoms as well, but still, there are some signs that

The IRS Has a Message for You

Well, assuming you are a US taxpayer, and don’t expect to see the message in an email. Tax day is past and now it is time for the fake IRS emails and scams. What of you didn’t pay enough taxes or are owed a refund? The IRS isn’t going to send you an email about

Another Look at Koobface: How It Infects Facebook Users

Earlier this month, we reported on the massive new Koobface campaign making the rounds through Facebook and how it tricked users into downloading and running it through that tenet of social engineering, the fake codec. We now have a video showing how the Koobface worm tricks users into running it: NOTE: The audio is not

Kinetic Warfare vs. Cyberwarfare

Coaches in competitive sports often play to their team’s strengths in order to win. Does this apply to warfare, specifically cyberwar versus traditional war, or kinetic warfare? In a well articulated article Terry Zink talks about the current Cyberwarfare debate on the Hill:   The rules of engagement for offensive counter strikes [in cyberwarfare] are

There’s Nothing of Value on My Computer

From time to time I hear people who don’t use antivirus software claim that it doesn’t matter, there isn’t anything of value on their computer. To begin with, just controlling your computer is of value to some criminals. If I can control your computer I can get paid to send spam from it, to install

Google Hack: No Comment

UPDATE: Kurt Wismer has just reminded me of a very apposite blog he posted in 2007: http://anti-virus-rants.blogspot.com/search/label/single%20sign-on.] A little more information further to my earlier blog. The H (Heise) gives us a number of links to its earlier stories about the Google compromise and tells us that Google have declined to comment on the New

Cybercrime and Cyberwarfare: Warnings Unheeded?

Last week Al Quaeda cyberterrorism attack information was declassified and made public. Today’s New York Times had an applicable editorial to whether cybersecurity issues are over-blown or under-believed: Predictions of disaster have always been ignored — that is why there is a Cassandra myth — but it is hard to think of a time when

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

1 article related to:
Hot Topic

2FA

30 Apr 2010
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.