Security Corner:

Security


October 29, 2008  3:04 PM

Opera Zero-day Vulnerability



Posted by: Ken Harthun
Browsers, Opera, Remote Code Execution, Security bulletin, Zero-day exploit, Zero-day vulnerability

Just as Opera completed patches for critical vulnerabilities in its browser, researchers discovered another remote code execution bug. In its recent article, "Opera scrambles to quash zero-day bug in...

Bookmark and Share     0 Comments     RSS Feed     Email a friend

October 27, 2008  9:29 PM

Software for Secure Computing: Firefox & NoScript



Posted by: Ken Harthun
Browsers, Clickjacking, Firefox, Internet Explorer, Microsoft Windows, Secure Computing, Security

Everyone agrees that it just isn't safe out there on the Wild, Wild, Web and while Microsoft has made huge strides in securing Internet Explorer, the fact that IE continues to use ActiveX scripting technology makes it the least secure browser. I often recommend that people not use IE unless they...


October 23, 2008  8:29 PM

Microsoft Releases Out-of-Band Security Bulletin MS08-067



Posted by: Ken Harthun
Critical update, Malware, Microsoft Windows, Remote Code Execution, Security, Security bulletin, Vulnerabilities

Microsoft just released a critical update for a "privately reported" vulnerability in the server service:

This security update resolves a privately reported vulnerability in the Server service. The...


October 21, 2008  5:00 PM

The Four D’s of Cyber Security: Deny, Discriminate, Detect, & Destroy



Posted by: Ken Harthun
Instrusion prevention, Intrusion detection, Password, Security, Security management

This is an interesting and sensible approach to security.  I would call these the "Logics of Cyber Security" because they're so basic they could well be the principles upon which all cyber security can be based. The paper's authors call them "first principles," defining such as "...a basic...


October 17, 2008  1:26 AM

Beware of E-Mail Scam Targeting Microsoft Customers



Posted by: Ken Harthun
E-mail scam, email, Email security, Security, spam, Trojan

The latest e-mail scam targeting Microsoft customers delivers the Backdoor:Win32/Haxdoor trojan as an attachment. The email looks like this:

Dear Microsoft...


October 8, 2008  12:26 AM

TCP Vulnerable To Low-bandwidth DoS Attack



Posted by: Ken Harthun
Denial of Service, Networking, Security, Vulnerabilities

There's already a frenzy of speculation, analysis and, probably, development of malware surrounding the announcement of SockStress--the proof-of-concept program developed by two Dutch...


October 2, 2008  8:12 PM

Beware Google AdWords Phishing Attack



Posted by: Ken Harthun
Cybercrime, Malware, Phishing, Rootkit, Security

Criminals are targeting Google AdWords customers with phony emails requesting the victim download a 128-bit SSL certificate. A client received this version (there are quite a few variations):


September 28, 2008  4:39 PM

Clickjacking: The Latest Criminal Tactic



Posted by: Ken Harthun
Browsers, Clickjacking, Cybercrime, Firefox, Internet Explorer, Phishing, Security, Vulnerabilities

According to US-CERT's latest alert, "Multiple Web Browsers Affected by Clickjacking," there's a new cross-browser exploit technique called "Clickjacking." One


September 24, 2008  1:12 AM

Software for Secure Computing: Trend Micro’s RUBotted



Posted by: Ken Harthun
Anti-malware, Botnet, IRC bot, Secure Computing, spam, Virus

I stumbled across this nifty free tool when running an online scan at Trend Micro's HouseCall site. Botnets are a big problem, accounting for most of the spam on the...


September 21, 2008  5:10 PM

Beware of the Fake Video Codec Malware Trick



Posted by: Ken Harthun
Cybercrime, Malware, Security, Social Engineering, Trojan

A variant of Win32/Zlob is being spread by cybercriminals via the fake video codec trick. Through misdirection or outright deception (including social engineering), users are sent to a site that has...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: