'gauntlet of crapware'
QR code-related security risks
Java plugin vulnerability
the illusion of trust (2)
the illusion of trust
How honest is your ISP?
Don't do that!
'easy hacking'
scary stuff
December 2011
November 2011
October 2011
September 2011
August 2011
July 2011
June 2011
May 2011
April 2011
March 2011
February 2011
January 2011
December 2010
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
daily pointers
AORTAL - the anti-portal,
here's today's daily pointers:
02/04/12
Without Many Feathers «
» » 0100101110101101
» » Eclectica Magazine
(RSS)
[daily pointers archive]
Some rights reserved.
Java plugin vulnerability
Attack against TLS-protected communications(more info: Transport Layer Security)
the illusion of trust
Fraudulent *.google.com Certificate at Mozilla Security BlogMozilla was informed today about the issuance of at least one fraudulent SSL certificate for public websites belonging to Google, Inc.
Related:
Falsely issued Google SSL certificate in the wild for more than 5 weeks | Naked Security
Google Online Security Blog: An update on attempted man-in-the-middle attacks
'In the meantime...'
How to avoid or remove Mac Defender malwareNote: Though somewhat incomplete on the 'how to avoid' side, this information (provided by Apple) may be helpful in identifying and/or removing the malware from your system if you've downloaded it.
Topical: Internet Security
The Security Skeptic – "about all matters related to Internet Security, from domain name and network security to phishing and malware"49 flaws addressed!
Microsoft issues its biggest-ever security fixMicrosoft said four of the new patches – software updates that write over glitches – were of the highest priority and should be deployed immediately to protect users from potential criminal attacks on the Windows operating systems.
'sophisticated and dangerous'
New trojan virus Zeus v3 empties online bank accountsHow to protect yourself from trojans when banking online
- Make sure your anti-virus software is up to date.
- Keep firewalls set to the highest level.
- Never open an e-mail attachment from someone you don't know.
- Never double-click on an e-mail attachment that ends in .exe. It is an 'executable' file and can do what it likes in your system.
- If you think your machine has already been infected, contact your bank immediately. If the bank thinks you are a genuine victim of fraud it will reimburse you.
common sense...
Top 8 Things You Shouldn't Give Social Networking SitesRelated: Social Networking Privacy: How to be Safe, Secure and Social
don't trust the bunny
Energizer DUO USB battery charger software allows unauthorized remote system accessIs your data safe? (2)
- Official Google Blog: A new approach to China
Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google.
- Official Google Enterprise Blog: Keeping your data safe
This attack may understandably raise some questions, so we wanted to take this opportunity to share some additional information and assure you that Google is introducing additional security measures to help ensure the safety of your data.
- Google's half-truths and a plea for perspective
Coordinated enough to get at GMail’s internal data store, if only the one with e-mail headers. If that doesn’t scare you, it should. What Google does with their .cn site is relatively minor news.
banking/e-commerce at risk
Creating a rogue CA certificateThis successful proof of concept shows that the certificate validation performed by browsers can be subverted and malicious attackers might be able to monitor or tamper with data sent to secure websites. Banking and e-commerce sites are particularly at risk because of the high value of the information secured with HTTPS on those sites. With a rogue CA certificate, attackers would be able to execute practically undetectable phishing attacks against such sites.
'jail-break' with care
Worm attack bites at Apple iPhoneThe worm, known as ikee, only affects "jail-broken" phones, where a user has removed Apple's protection mechanisms to allow the phone to run any software.
Is your data safe?
Facebook and MySpace security: backdoor wide open, millions of accounts exploitableFacebook and MySpace fixed this quickly after being notified...
'notorious rogue'
FTC Shuts Down Notorious Rogue Internet Service Provider, 3FN Service Specializes in Hosting Spam-Spewing Botnets, Phishing Web sites, Child Pornography, and Other Illegal, Malicious Web ContentRelated: US cuts off 'criminal' net firm
an echo in here...
[Yet another] Serious security flaw found in IE[!]Related (12/17/08): Microsoft plans quick fix for IE
don't click
Facebook users hit by virus – "The virus tricks users by telling them they're in a video..."the scum never sleeps
Spammers announce World War IIIYet another reminder to "never follow links in unsolicited email messages." (and beware of intrusive/annoying ad tactics if you visit the news site's home page)
beware of 'fake E-shops'
Cybersquatting Security Vendors for Fraudulent PurposesDon't be cheap, if you're to buy any kind of software, do so through the official site, and cut the fraudulent intermediaries like the ones in this case.
no privacy here, thank you
Security Lapse Exposes Facebook PhotosBeware of links to other news sites with heavy and/or intrusive advertising.
here's your proof...
Clarkson stung after bank prankTV presenter Jeremy Clarkson has lost money after publishing his bank details in his newspaper column.The Top Gear host revealed his account numbers after rubbishing the furore over the loss of 25 million people's personal details on two computer discs. He wanted to prove the story was a fuss about nothing...
fixed in Firefox 2.0.0.7
Mozilla Foundation Security Advisory 2007-28: Code execution via QuickTime Media-link files (upgrade)'unacceptable intrusion'
German spyware plans trigger row – "German government plans to spy on terror suspects by deploying malicious e-mails have drawn sharp criticism."how secure?
Bloggers battered by viral stormGoogle's Blogger site is being used by malicious hackers who are posting fake entries to some blogs.
The fake entries contain weblinks that lead to booby-trapped downloads that could infect a Windows PC.
company denies security breach
Monster attack steals user dataUS job website Monster.com has suffered an online attack with the personal data of hundreds of thousands of users stolen...
'open to attack'
Users warned on Windows cursors – "Animated cursors could prove risky for Windows users, Microsoft has warned...."good to know...
Debit card versus credit card – "Your federal debit card legal rights are weaker than your credit card rights."simple advice worth repeating...
Security Response Weblog:To protect yourself against these threats, do not trust unsolicited files or documents about “interesting” topics. Do not open attachments unless they are expected and come from a known and trusted source.
security warning - don't click!
Beware you morbid types...It hasn't been long since reports surfaced that videos of Saddam Hussein’s execution are available for download on the Internet. It’s no surprise that enterprising malware creators have latched on to this latest news in an attempt to spread their wares...
caution: plugin vulnerability
When PDFs Attack!We have received reports of a significant problem relating to Adobe Acrobat files and Cross Site Scripting (XSS). A weakness was discovered in the way that the Adobe Reader browser plugin can be made to execute JavaScript code on the client side...See article for details.
You can avoid this problem by implementing a work around in your browser so that it does not use the Acrobat Reader plugin.
Update (1/5/07): A supposedly more secure, new version of Adobe Reader is available. Beware of optional additional software installation, which is checked by default. [BBC]