Print

Welcome to Smokey's Security Forums.

Guests have only limited access to the board and it's features, please consider registering to gain full access!

Registration is free and it only takes a few moments to complete.

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[MaB69]

Adobe Vulnerable to XSS Because of Buggy Flash Files
14 May 2009, 10:30 am

Vulnerable Flash files, which facilitate cross-site scripting attacks, still affect hundreds of thousands of websites today. Adobe's own Web page has been recently found vulnerable, even though this flaw was discovered and reported back in December 2007.

Dimitris Pagkalos, co-founder of the XSSed project, warns that a bug in cert... (read more)

Source: Softpedia News - Security

[MaB69]

BitDefender Total Security 2010 Out Today
13 May 2009, 3:35 pm

2009 is just about to start presenting the security suites from the various vendors around the world. With just a couple of months prior to launching the final product, BitDefender will offer later today a public beta of their system protecting suite, BitDefender Total Security 2010. This is the first beta and from what we learned the second one will be... (read more)

Source: Softpedia News - Security

[MaB69]

Ransomware Becoming the Next Step in Scareware Evolution
13 May 2009, 2:27 pm

Security researchers from antivirus vendor McAfee are warning that an older scareware application has recently mutated into ransomware and is now asking for money to unblock access to legit applications on victim computers.

Looking to increase their illegal monetary gains, the creators of "System Security 2009," a fake antivi... (read more)

Source: Softpedia News - Security

[MaB69]

PayPal Registration Page XSSed
13 May 2009, 12:11 pm

Dangerous cross-site scripting vulnerabilities have been discovered in several PayPal websites, potentially facilitating phishing and other attacks. One of the proof-of-concept attacks demonstrates how an arbitrary IFrame can be injected into the PayPal merchant account registration form, over SSL.

The vulnerabilities were reported by Methodman, a gre... (read more)

Source: Softpedia News - Security

[MaB69]

Universal Google Cross-Site Scripting Flaw Discovered
13 May 2009, 10:18 am

A self-confessed web security researcher going by the online handle "Inferno" has published details of a serious XSS vulnerability in Google’s Support Python Script, which could have facilitated a wide variety of attacks, including session hijacking. Because of the widespread use of the vulnerable script on Google's pages, it took the ... (read more)

Source: Softpedia News - Security

[MaB69]

Brazilian Ransomware Blocks Access to Documents
12 May 2009, 2:13 pm

Trend Micro researchers warn of a new fake antivirus program, which specifically targets Brazilian users. The application displays ransomware behavior, as it locks access to multiple types of documents and asks victims to acquire a... (read more)

Source: Softpedia News - Security

[MaB69]

Church of Scientology DDoSer Pleads Guilty
12 May 2009, 11:52 am

Dmitriy Guzner, 19, of Verona, New Jersey, who was charged back in October 2008 for launching denial of service attacks against online services used by the Church of Scientology, has pleaded guilty... (read more)

Source: Softpedia News - Security

[MaB69]

Fake Western Union E-mails in Circulation
12 May 2009, 10:07 am

Security researchers warn of a new attack targeting Western Union customers. Fake e-mails claim to be notices of failed transfers warranting a refund. The invoice file attached is, actually, a computer trojan.

In these hard times, economically wise, few people are bound to refuse the chance of cashing in some free money. Unfortunately, malw... (read more)

Source: Softpedia News - Security

[MaB69]

Virginia Department of Health Professions Refutes Hacker's Claim
11 May 2009, 3:07 pm

Following a security incident on the website of the Prescription Monitoring Program, after which an unknown hacker allegedly held sensitive data for ransom, the Virginia Department... (read more)

Source: Softpedia News - Security

[MaB69]

Multiple Antivirus Websites XSSed in One Hit
11 May 2009, 12:26 pm

Websites belonging to no less than six antivirus vendors have been found to suffer from cross-site scripting weaknesses that could facilitate phishing attacks. Most of these companies were faced with similar flaws affecting their online resources in the past.

A grey-hat hacker, going by the name of Methodman, who seems to have specialize... (read more)

Source: Softpedia News - Security

[MaB69]

Searching for Rihanna's Leaked Pics Leads to Malware
11 May 2009, 10:40 am

Security researchers warn that cyber-criminals are trying to profit from the public interest raised by the recently leaked photos allegedly featuring pop singer Rihanna in compromising postures. By hosting malicious content on heavily trafficked social networking websites, they successfully forced their Rihanna-themed pages to appear high... (read more)

Source: Softpedia News - Security

[Peaches]

UC Berkeley Student Personal Information Pilfered by Hackers
9 May 2009, 12:54 pm

The University of California, Berkeley, is in the process of notifying 160,000 current and past students, as well as some of their parents, spouses and other people, that their personal and medical information was stolen by hackers. The data breach incident occurred between October 2008 and April this year.

Unknown attackers... (read more)

Source: Softpedia News - Security

[Peaches]

WorldPay Customers Targeted by Malware Distributors
9 May 2009, 10:58 am

Security researchers warn of a new e-mail malware distribution campaign targeting WorldPay customers. The fake messages claim to be the confirmation of a successful Amazon transaction, with the attached invoice being actually a computer Trojan installer.

"Thank you! Your transaction has been processed by WorldPay, on behalf of Amazo... (read more)

Source: Softpedia News - Security

[Peaches]

New Open Proxy DNSBL Up and Running
8 May 2009, 2:42 pm

A new service that will help administrators block open and anonymous proxies has been set up at proxybl.org. The system is fully automated and re-confirms IPs found to run open proxies at a predefined interval.

Proxy servers allow users access to services over HTTP or other protocols. Because they connect through them when accessing a resourc... (read more)

Source: Softpedia News - Security

[Peaches]

Air Traffic Control Systems Vulnerable to Cyber-Attacks
8 May 2009, 12:05 pm

The Office of Inspector General (OIG) has released a report (PDF) on the review of Web application security and intrusion detection in Air Traffic Control (ATC) systems operated by the Federal Aviation Adminis... (read more)

Source: Softpedia News - Security