Despite EstDomains persistent press releases during the last couple of days, next to the domain registrar's delayed response to the security community, on Thursday the ICANN has sent a notice of termination of their registrar accreditation agreement with EstDomains, following obtained court records stating that EstDomains president Vladimir Tsastsin has been convicted of credit card fraud, money laundering and document forgery on 6 February 2008. The end of EstDomains?
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
OpenOffice.org has shipped a new version of the open-source desktop productivity suite to patch a pair of highly-critical vulnerabilities that could expose users to arbitrary code execution attacks.
The dynamics of the underground marketplace are pretty similar to that of the legitimate marketplace, with cybercriminals demanding and supplying, consolidating and start to work together, and coming up with new monetization approaches in order to continue enjoying the high profit margins of their goods and services.
If you have not yet upgraded to Firefox 3, keep in mind that Mozilla is very close to pulling the plug on support for older versions of the browser.Support for Firefox 2, which includes security and stability patches, is scheduled to end six months after Firefox 3 shipped (June 17, 2008), which puts the end-of-life date in the mid-December range.
Everyone was discussing the MS08-067 vulnerability and its out-of-cycle patchlast week. My post on the topic elicited several comments from our readers, including the following by frgough: If this had been Apple, the article slant would have been all aboutpoor security models, inherently flawed structure with lots ofadjectives like massive, dangerous, overconfident, etc.
Reliable exploit code for the remote code execution vulnerability patched with Microsoft's MS08-067 update has been posted to the Internet, prompting a new "patch immediately" advisory from the Redmond software maker.The exploit, which has been added to the freely available Metasploit point-and-click attack tool, provides a roadmap for code execution on Windows 2000, Windows XP, and Windows Server 2003.
The Facebook worm that has been squirming its way through the popular social network now has a new friend -- Google Reader.According to researchers at Fortinet, the worm's creators are wrapping Google's RSS reader around fake video downloads as part of a strategy to strengthen the social engineering component of the attack.
(See update below for statement from Yahoo).Malicious hackers are exploiting a cross-site scripting flaw on Yahoo's HotJobs site to phish for Yahoo credentials, according to a warning from Netcraft.
My colleague at Kaspersky Lab Roel Schouwenberg (see disclosure) has written a very interesting piece on the banker malware landscape, warning that attacks against financial institutions will get much more targeted and sophisticated.Schouwenberg's Attacks on Banks paper takes a close look at how malicious programs targeting financial institutions are designed to evade anti-malware and examines how phishing and money mules serve as the hub for global identity theft attacks.
The Google Android operating system is vulnerable to a serious security vulnerability that allows malicious hackers to launch drive-by browser attacks, according to alert from a security research outfit.Technical details of the vulnerability, which occurs because Google Android uses an unpatched open-source software package, is being kept under wraps until a patch is available.