Facebook teste des outils permettant d'uniformiser la gestion de la confidentialité et le contrôle de la diffusion des information de ses membres.

add to del.icio.us. look up in del.icio.us.   add to furl

No surprises here, a new Waled campaign with the US Independence Day theme. When the user clicks on the YouTube video link, it offers to download an .exe file on the user’s computer instead of displaying a video. Funny thing is that they say on the webpage “The largest firework happened this Saturday”, and this campaign [...]
add to del.icio.us. look up in del.icio.us.   add to furl

When AV attacks

IT admins across the globe are letting out a collective groan after servers and PCs running McAfee VirusScan attacked core system files, in some cases causing the machines to display the dreaded blue screen of death.…

Case Study: WhatsUp keeps Legoland turnstyles ringing

add to del.icio.us. look up in del.icio.us.   add to furl

Le tribunal correctionnel de Nanterre inflige une lourde amende Ă  Entreparticuliers.com. Et son P-DG Ă©cope d'une peine de prison avec sursis.

add to del.icio.us. look up in del.icio.us.   add to furl

SFR reste encore loin du score d'Orange en termes de ventes d'iPhone. La bataille sera plus serrée avec le nouveau modèle iPhone 3G S

add to del.icio.us. look up in del.icio.us.   add to furl

Mercredi matin, les forces de l´ordre française auraient sonné chez de nouveaux administrateurs et uploaders du site Wawa Mania.
add to del.icio.us. look up in del.icio.us.   add to furl

Blue grass county hit by Trojan-fueled cybercrime

A gang of cybercrooks has made off with $415,000 from the coffers of Bullitt County, Kentucky following the conclusion of an elaborate phishing scam, The Washington Post reports.…

add to del.icio.us. look up in del.icio.us.   add to furl

La bataille fait rage entre Google et Microsoft pour exploiter le service Twitter pour leur propre compte.

add to del.icio.us. look up in del.icio.us.   add to furl

L'ouvrage à succès What Would Google Do ? de l'auteur américain Jeff Jarvis est adapté en français. L'art de revisiter les marchés traditionnels sous l'angle de la Méthode Google.

add to del.icio.us. look up in del.icio.us.   add to furl

Part twenty two of the diverse portfolio of fake security software series will summarize the typosquatted scareware serving domains currently in circulation, pushed through the usual distribution channels, but will also emphasize on the "money trail", namely the payment processing gateways used in the scareware campaigns.

In this particular case the scareware front-ends ultimately leading to ChronoPay, which Germany-based Pandora Software has been abusing since 2008 under its countless number of aliases such as Meyrocorp for instance.

The scareware domains are as follows:
atomscan6 .info - 38.105.19.27 - Email: donboset@gmail.com
listscan6 .com - Email: loiskiltz@gmail.com
goscanedge .com - Email: subtenda@gmail.com
goscanfine. com - Email: chirelqas@gmail.com
in6ch .com - Email: relgetn@gmail.com
goscanrich .com - Email: pathstals@gmail.com
goscanrank .com - Email: alcnafuch@gmail.com
ina6sk .com - Email: equatelepi@gmail.com
in6sk .com - Email: thomas.truby@gmail.com
goscanslim .com - Email: chinrfi@gmail.com
gowidescan .com - Email: alcnafuch@gmail.com
goedgescan .com - Email: subtenda@gmail.com
gofinescan .com - Email: alcnafuch@gmail.com
goelitescan .com - Email: funully@gmail.com
gorichscan .com - Email: pathstals@gmail.com
goslimscan .com - Email: chinrfi@gmail.com
gosoonscan .com - Email: aloxier@gmail.com
goironscan .com - Email: aloxier@gmail.com
goflexscan .com - Email: alcnafuch@gmail.com
gomanyscan .com - Email: alcnafuch@gmail.com
goscaniron .com - Email: aloxier@gmail.com
ina6co .com - Email: equatelepi@gmail.com
in6co .com - Email: thomas.truby@gmail.com
goscantop .com - Email: funully@gmail.com
ina6iq .com - Email: equatelepi@gmail.com
goscanstar .com - Email: stgeyman@gmail.com
goscanflex .com - Email: chirelqas@gmail.com
goscanmany .com - Email: chirelqas@gmail.com
scantrue6 .info - Email: jokinzer@gmail.com
scantool6 .info - Email: jokinzer@gmail.com
scanzoom6 .info - Email: jokinzer@gmail.com
litescan6 .info - Email: litescan6.info
truescan6 .info - Email: jokinzer@gmail.com
toolscan6 .info - Email: jokinzer@gmail.com

atomscan6 .info - Email: donboset@gmail.com
genscan6 .info - Email: imendegal@gmail.com
luxscan6 .info - Email: donboset@gmail.com
wayscan6 .info - Email: jokinzer@gmail.com
scanuser6 .info - Email: jokinzer@gmail.com
scanway6 .info - Email: jokinzer@gmail.com
scan6line .info - Email: jokinzer@gmail.com
scan6note .info - Email: jokinzer@gmail.com
scan6true .info - Email: jokinzer@gmail.com
scan6tool .info - Email: jokinzer@gmail.com
true6scan .info - Email: jokinzer@gmail.com
tool6scan .info - Email: jokinzer@gmail.com
top6scan .info - Email: jokinzer@gmail.com
user6scan .info - Email: jokinzer@gmail.com
list6scan .info - Email: jokinzer@gmail.com
way6scan .info - Email: jokinzer@gmail.com
scan6user .info - Email: jokinzer@gmail.com
scan6list .info - Email: jokinzer@gmail.com
scan6fix .info - Email: jokinzer@gmail.com
scan6way .info - Email: jokinzer@gmail.com

It's pretty obvious case demonstrating the dynamics of the underground ecosystem. A thousand bogus accounts purchased for $10 used in a bulk registration of scareware serving domains on a revenue sharing affiliate model ends up in a win-win-win situation for the cybercriminals involved in these processes. The practice is becoming rather popular not only due to their interest in less centralization of the domain control under a single email address -- cross checking reveals the entire portfolio managed under it -- but due to the availability of the service.

clean-pc-now .net -  94.75.233.162 - Email: robertsimonkroon@gmail.com
fast-spyware-cleaner .org - Email: robertsimonkroon@gmail.com
spyware-scaner .com - Email: robertsimonkroon@gmail.com
scan-pc-now .com - Email: robertsimonkroon@gmail.com
free-tube-porn .biz - Email: robertsimonkroon@gmail.com
spyware-killer .biz - Email: robertsimonkroon@gmail.com

softportal-extrafiles .com - 64.20.38.172
exe-profile .com - Email: kimwerner92@yahoo.com
extrafiles-softportal .com - Email: opipkl@googlemail.com
softportal-files .com - Email: kimwerner92@yahoo.com
softportal-extrafiles .com
load-exe-soft .com - Email: kimwerner92@yahoo.com
exe-box .com - Email: normtroup@yahoo.com
hot-exe-area .net - Email: josepetie@gmail.com

spywarecomputerscanv2 .com - 69.10.59.35 - Email: huang@bark.edu.hk
1live-antimalware-pro-scan .com - Email: hongkong@campusparis.org
1live-antimalware-scanner .com - Email: hongkong@campusparis.org
folderantispywarescanner .com - Email: xinhuawuhan@yahoo.com
antivirushelpscanner .com - Email: info@brandturkey.com
fastfolderscanner .com - Email: info@brandturkey.com
mycomputerscanner .com - Email: vanmullem@yahoo.com

restricteddomainhelp .com - 83.133.124.81 - Email: franklinnig@yahoo.com
msncoreupdate .com - Email: jen@parallelslive.cn
world-payment-system .com - Email: info@yashitaindian.com
liveinternetupdates .com - Email: kuzya77@freebbmail.com
onlineantivirusmarket .com Email: podbisb@hotmail.com

threats-scanner .com - 69.4.230.204 - Email: vanmullem@yahoo.com
securitypcscanner2 .com - Email: office@actionaidinusa.org
anti-virussecurity3 .com - Email:  office@actionaidinusa.org
private-online-scan .com - Email: info@kianah.org
liveantivirusproscan .com - Email: second@freebbmail.com
no1virusscan .com - Email: info@kianah.org
my-private-protection .com - Email: info@kianah.org
scanmyfolders .com - Email: info@kianah.org
scanmycomputerforvirus .com - Email: vanmullem@yahoo.com

onlinescan-ultraantivirus2009  .com - 206.53.61.76
relevantwebsearches .com
virussweeper-scanvirus .com
guardincorp  .info
mainsecsys .info - Email: andrew.fbecket@gmail.com
guardsecurity .info - Email: poljaykop@gmail.com
virusalarm-scanvirus .net

best-protect .info - 174.142.113.205 - Email: chainadmin@gmail.com
best-protect-av1 .info - Email: chainadmin@gmail.com
best-antivirus-pc   .info - Email: chainadmin@gmail.com
best-av1-protect .info - Email: chainadmin@gmail.com
av1-protect .info - Email: chainadmin@gmail.com
av1-best-protect .info - Email: chainadmin@gmail.com
best-protect .info - Email: chainadmin@gmail.com
best-av .info - Email: chainadmin@gmail.com

pay-virusshield .cn - 64.213.140.70 - Email: unitedisystems@gmail.com
shieldinc .info
systemprotectinc .info
ironshield .info
myofficeguard .info
protectionurl .info
my-protection .info
antivirus09  .net
fast-antivirus.net

virusshieldpro  .com - 64.86.16.127 - Email: unitedisystems@gmail.com
prestotuneup .com - Email: hycderxvur@whoisservices.cn
virussweeper-scanvirus .com
virusmelt .com - Email: nuhuarrczq@whoisservices.cn
systemsec .info
shieldinc .info
myofficeguard .info
protect-online .info
protectionlol .info
protectionurl .info
virussweeper-scan .net

advanced-virus-remover2009 .com - 92.241.176.188 - Email: masle@masle.kz
trucount3005 .com - Email: chen.poon1732646@yahoo.com
antivirus-scan-2009 .com - Email: cheng2009@yahoo.com
antivirusxppro-2009 .com - Email: u@sochi.ru
advanced-virusremover2009 .com - Email: giogr@ua.fm
bestscanpc .com
trucountme .com - Email: valentin@gergiea.kz
vs-codec-pro .com - Email:  bhtjnjhggn@googlemail.com
vscodec-pro .com - Email: cyber38462@hotmail.com
antivirus-2009-ppro .com - Email: cheng2009@yahoo.com
onlinescanxppro .com - Email: chen.poon1732646@yahoo.com
downloadavr .com - Email: gorbun@ua.fm
bestscanpc .net

activation-antivirus-software .com - 208.43.124.83 - Email: matlee@fsuk.edu
fxantispy .com - Email: TycoonMichael@googlemail.com
my-protection .info - 64.213.140.70 - Email: hop.davis@gmail.com
protectonline .info - 64.86.17.47 - Email: hop.davis@gmail.com
safetywwwtools .com - 209.44.126.36 - Email: martin.s.johnson@spambob.com
defenderupdates2 .com - 89.248.168.46 - Email: china@seban.se
securitytoolsdirect .com - 209.44.126.22 - Email: RuthMMarcotte@text2re.com
best-antivirus-security .com - 84.16.237.52 - Email: valentinyermolaev@gmail.com
malwaresdestructor .com - 206.53.61.74
suprotect .com - 89.149.212.218 - uuuuu@ua.fm
threatpcscanner .com - 63.223.110.177 ; 78.47.132.216 ; 78.47.172.66 - Email: vanmullem@yahoo.com
antimalwareliveproscannerv3 .com - Email: vanmullem@yahoo.com
antivirus-online-pro-scan .com - Email: vanmullem@yahoo.com
avpro-labs .com - 213.182.197.229
avprotectionstat .com - 74.50.99.236
explorerfilescan .com - 63.223.110.178; 78.47.132.221; 78.47.172.68 Email: xinhuawuhan@yahoo.com
antivirushelpscanner .com  A  83.133.125.116; 69.10.59.35; 83.133.125.116 - Email: info@brandturkey.com
fastfolderscanner .com - Email: info@brandturkey.com
mycomputerscanner .com - Email: info@brandturkey.com
mal-warexls .net - 72.9.108.26 - Email: joehugardo@ya.ru
internetware-safe .com - Email: candikeller@ya.ru

scanonlinesite .info - 66.148.74.126
scanonlineblog .info
scanonlineshop .info
scanonlinenow .info

youravprotection .com - 74.50.98.162 - Email: armandgregory3@gmail.com
registerantivirus .com Email: ed.areyra@gmail.com
avprotectionstat .com

avagent-pro .com - 83.133.126.46 - Email: dwrdcardenas95@gmail.com
downloads-123 .com - Email: dwrdcardenas95@gmail.com
soft-process .com - Email: dwrdcardenas95@gmail.com
download-123 .cn - Email: dwrdcardenas95@gmail.com
actupdate .net - Email: dwrdcardenas95@gmail.com

Now the emphasis on the payment gateways, currently active and processing the scareware transactions:
softwaresecuredbilling .com - 209.8.45.122 - TemchenkoViktor@googlemail.com
softsales-discount .com - Email: daunrwwciq@whoisservices.cn
best-internet-payments  .com - 209.8.45.148 - Email: specsupport@gmail.com
adioro .com - 213.174.152.32 - Email: xyhsbjlrl@whoisprivacyprotect.com
secure-plus-payments .com - 209.8.25.204 - Email: sparck000@mail.com
secure.pnm-software .com - 209.8.45.124 - Email: pnm-software.com@liveinternetmarketingltd.com
soft-process .com - 83.133.126.46 - Email: XtPbtP@privacypost.com
privatesecuredpayments .com - 78.46.216.238 - Email: TemchenkoViktor@googlemail.com

These payment processing gateways are sometimes front-end to the original and often legitimate payment processors. In this particular case, the the legitimate processor is Netherlands-based ChronoPay, which is known to have been used in the past by affiliates in the scareware affiliate model in the past, with several complaints for repeated credit card billing, which in reality is included in the scareware's Terms of Service.

Upon a successful purchase - the customer is told that "This charge will appear on your card statement as CHRPay.com/ducforceide". Interestingly, Pandora Software has also been using the following ChronoPay accounts for over an year - Chrpay.com/meyrocorp; CHrpay.com/pnra using disconnected numbers, CallerID's of scareware operations, desperate attempts to contact the alias for the front-end payment processor, ultimately resulting in several hundred ChronoPay related complaints.

Next to scareware, ChronoPay (Pavel Vrublevsky acting as CEO) is also known to have been used in a mobile application scam dissected here, as well as being a victim of a DDoS attack in 2008, which is pretty logical since if ChronoPay is the payment processor of choice for the hundreds of thousands of scareware generated revenues on daily basis, the commissions ChronoPay takes from cybercriminals would be more than welcome in the competing payment processor's network.

Related posts:
Dissecting a Swine Flu Black SEO Campaign
Massive Blackhat SEO Campaign Serving Scareware
From Ukrainian Blackhat SEO Gang With Love
From Ukrainian Blackhat SEO Gang With Love - Part Two
From Ukraine with Scareware Serving Tweets, Bogus LinkedIn/Scribd Accounts, and Blackhat SEO Farms
Fake Web Hosting Provider - Front-end to Scareware Blackhat SEO Campaign at Blogspot

A Diverse Portfolio of Fake Security Software - Part Twenty One
A Diverse Portfolio of Fake Security Software - Part Twenty
A Diverse Portfolio of Fake Security Software - Part Nineteen
A Diverse Portfolio of Fake Security Software - Part Eighteen
A Diverse Portfolio of Fake Security Software - Part Seventeen
A Diverse Portfolio of Fake Security Software - Part Sixteen
A Diverse Portfolio of Fake Security Software - Part Fifteen
A Diverse Portfolio of Fake Security Software - Part Fourteen
A Diverse Portfolio of Fake Security Software - Part Thirteen
A Diverse Portfolio of Fake Security Software - Part Twelve
A Diverse Portfolio of Fake Security Software - Part Eleven
A Diverse Portfolio of Fake Security Software - Part Ten
A Diverse Portfolio of Fake Security Software - Part Nine
A Diverse Portfolio of Fake Security Software - Part Eight
A Diverse Portfolio of Fake Security Software - Part Seven
A Diverse Portfolio of Fake Security Software - Part Six
A Diverse Portfolio of Fake Security Software - Part Five
A Diverse Portfolio of Fake Security Software - Part Four
A Diverse Portfolio of Fake Security Software - Part Three
A Diverse Portfolio of Fake Security Software - Part Two
Diverse Portfolio of Fake Security Software

This post has been reproduced from Dancho Danchev's blog.
add to del.icio.us. look up in del.icio.us.   add to furl

¡Ay, Caramba!

Hackers have invaded the Best Buy website to plant exploit code targeted at South and central American surfers.…

add to del.icio.us. look up in del.icio.us.   add to furl

CNN.com carried a recent news article about the city of Bozeman, Montana, USA, which has been pressured into removing an item in its background-check waiver form requesting all applicants for to disclose their account names and passwords for social networking websites such as Facebook, MySpace and Youtube.

The change in policy is attributed to a furore that arose after one applicant contacted the Montana's News Station expressing concern about that particular aspect of the background check.

The city justified the login details request as just another part of an extensive background check they perform on all employees. The precautions were meant to ensure that those holding positions where they'd be handling the city's funds or operations will be reputable and honest. And presumably smart enough not to post details of any objectionable activity they might engage in online.

The Bozeman Daily Chronicle also mentioned that elected city commissioner's weren't affected by the policy, only city employees.

What's actually rather interesting to consider is that the policy has apparently been in force for about three years and according to city attorney Greg Sullivan, "No one has ever removed his or her name from consideration for a job due to the request". Rather begs the question, did they really give up their login details? Provide fake ones? Or just ignore the request?

And yes, legally, the policy does appear to be on some seriously shaky ground. Unlike some states – or countries – Montana's state constitution explicitly guarantees a citizen's right to privacy.

The request for login details was quickly removed last week. Still, it appears the city is still keen on checking applicants' online behavior, as "officials are looking at ways to alter the policy so that they might view an applicant's online information without asking for log-in codes".

On 24/06/09 At 01:53 AM

add to del.icio.us. look up in del.icio.us.   add to furl

Our Q2 Security Threat Summary is available from: http://www.f-secure.com/2009/



Video is available via our Video Channel, and also the Lab's YouTube Channel.

On 30/06/09 At 11:57 AM

add to del.icio.us. look up in del.icio.us.   add to furl

Rogue Antivirus A.K.A. scareware continues to be a pervasive threat against consumers.

Byron Acohido recently posted an excellent article on the topic.

The related posts on the business of scareware and rogues are also well worth reading.



Check them out.

On 22/06/09 At 12:29 PM

add to del.icio.us. look up in del.icio.us.   add to furl

The "King of Pop", Michael Jackson, died last night after suffering a cardiac arrest. The news is currently spreading through a lot of different media outlets and they are being printed worldwide.

Another recent death, Farrah Fawcett, is also making headlines.

The subjects themselves are not related to information security, but how long do you think it will take until the bad guys pick up the news as well and start using it? Usually it has taken a few days at most.

So remember, if or more likely when you start receiving e-mails on these subjects, please be extra careful when opening any links as they might be taking you in for a rough ride.

On 26/06/09 At 11:44 AM

add to del.icio.us. look up in del.icio.us.   add to furl

Charlie Miller, a well-known security researcher who specializes in Mac and iPhone security, yesterday revealed information about a new vulnerability in iPhone that allows remote code execution via SMS. Not a lot is known about the vulnerability, which was announced at the SyScan conference in Singapore, except that Charlie is working with Apple to get it fixed as soon as possible.


(picture from apple.com)

This is about as bad as it gets as the vulnerability seems to allow unsigned code to run which circumvents a core part of iPhone's security model. It's usually only able to run signed code, i.e. Apps that have been approved by Apple. No user-interaction is required which is unlike current mobile malware. InfoWorld has the original story here.

Charlie plans to reveal more information at BlackHat USA.

PS. I'm shift manager for one of our three daily response shifts this week and I'm tweeting about what we're doing on the shift over at http://twitter.com/patrikrunald.

—————

Updated to add: Dan Goodin has more at The Register.

---

On 02/07/09 At 06:30 PM

add to del.icio.us. look up in del.icio.us.   add to furl

Firefox 3.5 was released yesterday. I've been waiting to try out the Private Browsing Mode, so I installed it today.

Here are the privacy settings from my installation of Firefox 3.0.1.



And when I installed Firefox 3.5 the Private Browsing option was disabled. What?



Seems that the installation recognized my 3.0.1 settings as the equivalent of Private Browsing and preconfigured 3.5 to "Automatically start Firefox in a private browsing session".

Very nice work.



So, nothing changed at all. Except now I have easy options to reconfigure por… paranoi… err, Private Browsing if I opt to do so.

Time to experiment.

Signing off,
Sean

---

On 01/07/09 At 03:46 PM

add to del.icio.us. look up in del.icio.us.   add to furl

There has been a couple of malware attacks that have tried to use the news coverage of the death of Michael Jackson as the lure to get people infected.

Last night we saw this one: a file called Michael-www.google.com.exe. This file was distributed through a site called photos-google.com and possibly also through photo-msn.org, facebook-photo.net and orkut-images.com. Do not visit these sites.

When executed, Michael-www.google.com.exe drops files called reptile.exe and winudp.exe. These are IRC bots with backdoor capability. The file also shows this fake error message:



We detect the dropper and the backdoors as Trojan.Win32.Buzus.bjyo.

On 29/06/09 At 08:36 AM

add to del.icio.us. look up in del.icio.us.   add to furl

We've been focused on testing our ISTP and almost failed to notice that our Mac Protection beta was updated last week.



Signature updates are now in the database channel. You can try it from here.

On 17/06/09 At 04:29 PM

add to del.icio.us. look up in del.icio.us.   add to furl

With all the talk of Michael Jackson spam and Michael Jackson malware going on, it was mildly interesting today when a Fellow in our KUL Lab received an SMS – with link – that mentioned the King of Pop as well:



The IP address appears to be registered in Malaysia but fortunately the link doesn't seem to work.

On 01/07/09 At 02:10 AM

add to del.icio.us. look up in del.icio.us.   add to furl

Our Internet Security Technology Preview has been updated and it is looking and performing great.

Here's a short video demo via our YouTube channel.



You can download it from here.

On 18/06/09 At 01:47 PM

add to del.icio.us. look up in del.icio.us.   add to furl

The collision of politics and technology is often interesting and the recent Iranian presidential election has seen a great deal of both.

From the New York Times: Web Pries Lid of Iranian Censorship.

And while the Internet is a source of information for political activists, there is also something else more questionable taking place… DDoS attacks against government servers in Iran.

A Twitter search for Iran and DDoS yields numerous results. Some folks are urging against DDoS attacks, but not in principle, rather because they might affect the bandwidth of political protesters. What are those concerned for the protesters promoting instead?

Targeted hacking.

We saw this earlier today on Twitter: "Please, use SURGICAL hacking only".

Our recommendation? No one should hack servers. It's a crime. Period.

Private citizens can participate in organized peaceful protests. Organizing surgical strikes against someone else's servers is virtual violence.

And violence begets violence.

Vigilante cyberwar is not a productive path upon which to proceed.

On 23/06/09 At 03:56 PM

add to del.icio.us. look up in del.icio.us.   add to furl

U.S. Secretary of Defense Robert Gates recently confirmed the creation of a U.S. Cyber Command aimed at dealing with cyberthreats to military resources. A previously announced White House "cybersecurity coordinator" is already in the works to deal with similar threats to critical government infrastructures.

On the whole, that's good news. It would be great however to hear of similar efforts in protecting a particular commercial resource thatÂ’s definitely "critical infrastructure" – civil aviation electronic systems.

Earlier this year, the U.S. Department of Transportation released an audit report (streaming PDF here, Open rather than Save) in which it determined the national air traffic control systems administered by the Federal Aviation Administration (FAA) had significant weaknesses and vulnerabilities, potentially allowing an unauthorized party to access and control vital services and systems.

This isnÂ’t the first time the FAA has been criticized for the weaknesses in civil aviation electronic system security, with the first such criticisms coming as early as 1998.

The report cites incidences that took place in 2006, 2008 and 2009 as supporting evidence that the administrative and operational systems can be breached. The FAA contends this claim.

Not cited in the report, but of possible interest, is a 1998 incident in which a teenager successfully disabled vital airport control tower services at a regional Massachusetts airport (CNet article here).

Hopefully, with the current government enthusiasm for improving computer security, the current civil aviation systems get some attention too.

On 25/06/09 At 02:25 AM

add to del.icio.us. look up in del.icio.us.   add to furl

The Wall Street Journal reports that Beijing has delayed its mandate to have Green Dam Youth Escort filtering software installed on all new Windows computers sold in China. The deadline was originally July 1st.



PC World's take is that implementation of Green Dam is only a matter of time.

Our take?

If China wants to require anti-pornography filtering software that's China's business, not ours.

But the same software on EVERY computer sold in China? That's monoculture.

And as we've noted before, monocultures are subject to catastrophic failure in the event of a successful attack.

—————

More: China's Web filtering starts in the West

On 02/07/09 At 01:22 PM

add to del.icio.us. look up in del.icio.us.   add to furl

It's always interesting to browse through the bait document files used in targeted attacks. These are files that have been used to infect specific individuals in different organizations in order to gain access to their computer.

All the documents shown below contained exploits that installed backdoors. Targets of these attacks are not known.















This is just a quick sampling; we get a lot of these.

On 03/07/09 At 09:50 AM

add to del.icio.us. look up in del.icio.us.   add to furl

Two papers for smaller businesses

Typically, vendor white papers are written with the ITDM or senior ITDM at a large company, in mind. [ITDM is industry jargon for "IT decision maker", since you ask.] People working at smaller companies are rather less well served, in quantity and quality. So today we focus our Reg Library selection on a couple of good papers aimed at small and medium-sized businesses.…

Case Study: WhatsUp keeps Legoland turnstyles ringing

add to del.icio.us. look up in del.icio.us.   add to furl

Drive-by download attack hits multiple hosts

Hackers are running a mass compromise against sites running vulnerable ColdFusion application server installations.…

add to del.icio.us. look up in del.icio.us.   add to furl

Exclu : Une page dédié à la banque Halifax cachée à l´insu du plein grès du Comité d'Entreprise du fabricant de pneu GoodYear, à Amiens.
add to del.icio.us. look up in del.icio.us.   add to furl

Une panne de courant plonge plusieurs centaines de sites Internet Français dans le noir dont Dailymotion, le portail vidéo.
add to del.icio.us. look up in del.icio.us.   add to furl

250 postes sur 1600 seraient affectés au niveau de la branche française d'Oracle. Le plan viserait un millier de collaborateurs à l'échelle européenne.

add to del.icio.us. look up in del.icio.us.   add to furl

Le site de vente en ligne RueDuCommerce rachète Alapage.com à France Telecom. Le groupe télécoms lui avait déjà cédé cet hiver les sites TopAchat.com et Clust.com.

add to del.icio.us. look up in del.icio.us.   add to furl

Quelques jours après son lancement officiel, le navigateur Firefox 3.5 a déjà rencontré plusieurs bugs. La Fondation Mozilla délivrera à la mi-juillet une mise à jour les corrigeant.

add to del.icio.us. look up in del.icio.us.   add to furl

Making a hashtag of Web 2.0 security

The Month Of Twitter Bugs has begun with the publication of a flaw in a URL shortening service often used in conjunction with the microblogging service.…

Case Study: WhatsUp keeps Legoland turnstyles ringing

add to del.icio.us. look up in del.icio.us.   add to furl

Eve Online banker does a runner

As if high-profile investment scandals and the economic downturn weren't bad enough here on Earth, now folks have to deal with it outside our galaxy. Virtually, at least.…

add to del.icio.us. look up in del.icio.us.   add to furl