Timing is everything, and from a cybercriminal's perspective, a new school year means segmenting their email databases to launch a targeted attack welcoming everyone back online. According to MessageLabs Intelligence :"Starting in early September, MessageLabs intercepted a targeted, email-borne malware attack on US schools and government organizations, a majority of which are located in New Mexico, Virginia, Illinois and Hawaii.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
It looks like the Sarah Palin Yahoo mailbox attack mentioned by Ryan Naraine and Chris Wysopal is real. Assuming that you are a high-value target, let's talk briefly about how you can prevent this from happening:Connect to your mailbox only from computers you trust.
On the heels of media reports that Republican vice presidential candidate Sarah Palin was using a private Yahoo e-mail account (gov.palin@yahoo.
If you have a Macintosh you have likely received notice of the 10.5.
In a recent Q&A with Google's Brian Rakowski, Philipp Lenssen asked him a question in regard to Chrome's carpet-bombing flaw. Not surprising, considering that Apple refused to admit Safari's carpet-bombing flaw at the first place, Google is too, downplaying it :"Lenssen: There are ways to make Chrome automatically download a file without the user confirming this (at least using Chrome’s default options).
Apple has shipped another mega-update to address security vulnerabilities affecting Mac OS X users, warning that the most serious issues could lead to arbitrary code execution attacks.The update, available for Tiger and Leopard, addresses a total of 34 documented vulnerabilities, some in third-party components like ClamAV, BIND, OpenSSH and Ruby.
With Facebook persistently under attacks from phishers and malware authors, looking for creative ways to efficiently exploit its users base, Facebook's security team has silently introduced a new "security warning feature" alerting its users on the potential maliciousness of the third-party site they are about to visit. Is the newly introduced featured a PR move, and how applicable is this approach during an ongoing attack?
If you haven't applied Microsoft's MS08-053 security update, now might be a good time to hit that patch button.Proof-of-concept exploit code for the vulnerability, which allows remote code execution attacks via the Web, has been posted online, raising the likelihood that we'll soon see in-the-wild exploitation.
Malicious hackers have broken into several sections of BusinessWeek.com and are now using the popular site to redirect visitors to malware-laden servers.
Throttling is a fundamental technique that finds numerous applications in information security. It helps buy time for a security team to decide the proper course of action for remediating a problem.