Print

Welcome to Smokey's Security Forums.

Guests have only limited access to the board and it's features, please consider registering to gain full access!

Registration is free and it only takes a few moments to complete.

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Quizmaster]

Chinese firms behind 'Sexy Space' Trojan
22 July 2009, 6:42 pm

F-Secure has identified three China-based companies as the creators of the "Sexy Space" Trojan, which was identified last week to have passed through Symbian Foundation's digital-signing process.

XiaMen Jinlonghuatian Technology, ShenZhen ChenGuangWuXian Technology, and XinZhongLi TianJin cloaked the malware, also known as Yxe, and submitted it to the Symbian ...



Source: CNET News - Security

[Quizmaster]

Chrome security in limelight with Google OS plan
22 July 2009, 1:00 pm

(Credit: Google)

The techniques Google uses to protect Chrome users from browser-based attacks have taken on new importance with the company's plan to make the software the centerpiece of a Netbook operating system.

Two weeks ago, Google announced plans for the open-source Chrome OS designed for people who spend ...

Originally posted at InSecurity Complex



Source: CNET News - Security

[Quizmaster]

Firefox 3.0.12 patches five critical problems
22 July 2009, 5:26 am



Mozilla on Tuesday released Firefox 3.0.12, an update to the open-source browser that fixes five critical security vulnerabilities and fixes a handful of other bugs.

"We strongly recommend that all Firefox 3.0.x users upgrade to this latest release," Mozilla said on its developer blog. "If you ...



Source: CNET News - Security

[Quizmaster]

LA officials question Google Apps plan
21 July 2009, 7:50 pm



A Los Angeles councilman and the head of a police group are questioning the city's plan to move government e-mail and other records onto Google's hosted Web service Google Apps.

"Anytime you go to a Web-based system, that puts you just a little further out than you were ...



Source: CNET News - Security

[Quizmaster]

Linux exploit gets around security barrier
20 July 2009, 8:48 pm

A security researcher has released zero-day code for a flaw in the Linux kernel, saying that it bypasses security protections in the operating system.

The source code for the exploit was made available last week by researcher Brad Spengler on the Dailydave mailing list. According to the researcher, the code ...



Source: CNET News - Security

[Quizmaster]

Symbian admits Trojan slip-up
18 July 2009, 9:41 pm

The Symbian Foundation has acknowledged that its process for keeping malicious applications off Symbian OS-based phones needs improvement, after a Trojan horse program passed a security test.

The botnet-building Trojan, which calls itself "Sexy Space," passed through the group's digital-signing process, Symbian's chief security technologist Craig Heath said ...



Source: CNET News - Security

[Quizmaster]

Google fixes flaws in Chrome
17 July 2009, 9:52 pm



New versions of Google Chrome are out, fixing bugs and patching security holes in both the stable build and the beta build.

Two serious security flaws have been plugged. One had allowed for malicious code exploitation within the Chrome tab sandbox. Found by the Google security team, the threat was ...

Originally posted at The Download Blog



Source: CNET News - Security

[Quizmaster]

Mozilla closes security hole with Firefox 3.5.1
17 July 2009, 5:14 am



Mozilla updated Firefox to version 3.5.1 for Windows, Mac, and Linux on Thursday, fixing a security problem, improving stability, and speeding launch time on some Windows systems, according to the release notes.

"We strongly recommend that all Firefox 3.5 users upgrade to this latest release," browser director ...



Source: CNET News - Security

[Quizmaster]

Norton Internet Security 2010 beta in pictures
17 July 2009, 2:36 am



Norton Internet Security 2010 beta in pictures







Norton Internet Security 2010 won't be available for a few more months, but the beta version is available now. In it, Symantec continues to build on the rejiggering it did last year. Built upon the dramatic performance improvements are deeper integration with other security tools like OnlineFamily. Norton, and ...

Originally posted at The Download Blog



Source: CNET News - Security

[Silvey]

CEOs, other execs disagree on security
16 July 2009, 5:56 pm

CEOs and their senior executives don't see eye to eye on key security issues, according to a new survey.

Many CEOs don't consider their own companies vulnerable to security attacks and are confident in their ability to combat those attacks, says a survey released Wednesday. However, those findings ...



Source: CNET News - Security

[Silvey]

Lessons from Twitter's security breach
15 July 2009, 9:45 pm



Twitter's latest security hole has less to do with its users than it does with its staff, but lessons can be learned on both sides.

In the case of Jason Goldman, who is currently Twitter's director of product management, the simplicity of Yahoo's password recovery system was enough to let a hacker get in and gain information from a number of other sites, including access to other Twitter staff's personal accounts.

The aftermath of the hack, which took place in May, is just now coming to fruition. Documents that a hacker by the alias of Hacker Croll recovered from Goldman's account and others (including Twitter co-founder Evan Williams) could be a treasure trove of inside information about the company and its plans.

While Croll was planning to release the entire batch publicly (and at once), tech blog TechCrunch posted news late Tuesday that it had received them and was considering posting the details of at least some of them.

Although it seems that Twitter has been thrust into this situation a bit unfairly, a hack along these lines could have happened to the executives of more Web companies than anybody would like to admit. What it really highlights is the extreme interconnectedness of the social Web: with the likes of e-mail contact importing and data-portability services like Facebook Connect now commonplace, a savvy hacker can have access to multiple accounts simply by accessing one.

A post Wednesday on Twitter's official blog highlights just how far-reaching this can be.

"About a month ago, an administrative employee here at Twitter was targeted and her personal email account was hacked," the post from co-founder Biz Stone read. "From the personal account, we believe the hacker was able to gain information which allowed access to this employee's Google Apps account which contained Docs, Calendars, and other Google Apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company."

Following that attack, Twitter conducted a security audit, and Stone's post says that there was not a security vulnerability in Google Apps and that Twitter continues to use the suite internally. A separate hack targeted the account of CEO Evan Williams' wife, and from that some of Williams' personal accounts were accessed as well, Stone explained.

But Twitter is front and center in the news these days, and is now talked about as a communications protocol as much as a Web start-up. Not only does that make it a particularly appealing target, but also... Originally posted at Webware



Source: CNET News - Security

[Silvey]

Survey: Why do people respond to spam?
15 July 2009, 8:04 pm

Most people may think they're smart enough not to answer an obvious spam message. But is that really the case?

Almost one third of consumers questioned admitted answering e-mails they suspected were spam, says a survey released Wednesday by the Messaging Anti-Abuse Working Group (MAAWG).

Among those who responded ...



Source: CNET News - Security

[Silvey]

Zero-day flaw found in Firefox 3.5
15 July 2009, 6:08 pm

There is a critical JavaScript vulnerability in the Firefox 3.5 Web browser, Mozilla has warned.

The zero-day flaw lies in Firefox 3.5's Just-in-time (JIT) JavaScript compiler. Proof-of-concept code to exploit the vulnerability has been posted online by a security research group, Mozilla said in a post on its security blog ...



Source: CNET News - Security

[Silvey]

Microsoft plugs critical DirectShow, Video ActiveX holes
14 July 2009, 8:38 pm



Microsoft on Tuesday issued patches to fix critical vulnerabilities in DirectShow and Video ActiveX that have been targeted in attacks, as well as fixes for holes in Embedded OpenType Font Engine and Microsoft Publisher that could allow someone to remotely take control of the PC.

Overall, the six "Patch Tuesday" ...

Originally posted at InSecurity Complex



Source: CNET News - Security

[Silvey]

Cisco: Text message scams on the rise
14 July 2009, 5:53 pm



Cyber scammers are banking on the notion that many people who might not fall for a phishing scam via e-mail may still be easy targets through their mobile phone, according to security report released Tuesday from Cisco Systems.



Text message scams are on the rise, particularly fake messages that appear ...

Originally posted at InSecurity Complex



Source: CNET News - Security