Security

A recently discovered botnet packing approximately 60 gigabytes (GB) of passwords and other stolen data has been opened up by security researchers. The crack was made in spite of the botnet's difficult-to-detect, self-cloaking ability. Known as ... Mumba, the botnet intercepted and amassed data from 55,000 PCs when it was first investigated, says security firm AVG. It's believed well-known data thieves "Avalanche Group" were responsible for the botnet. According to a report earlier in 2010, Avalanche was responsible for about two in every three phishing attacks during the last six ... (view more)

Microsoft has changed the its guidelines for reporting security flaws. It's a move that could bring Adobe into an industry-wide collaboration to share information about security risks. From now on, Microsoft will no longer urge security researchers ... to follow a "responsible disclosure" policy, in which it asked those who discovered flaws to keep them completely under wraps until a full fix had been found, tested and readied for distribution. Many security experts have claimed such a policy delayed Microsoft's response to security threats. They also felt not being able to talk about bugs made ... (view more)

Hackers have now started using what is being referred to as "indestructible" cloud computing -based phishing attacks . In short, a phishing attack is a "criminally fraudulent process of attempting to acquire user names, passwords, and credit card ... details by masquerading as a trustworthy website." (Source: wikipedia.org ) For example, you may have received a dubious email asking you to "update" your banking information or to "change your online banking password." These are typical phishing scams whereby the information you input is stolen by fake ... (view more)

A white hat hacker has demonstrated an ingenious way of intercepting cellphone calls. The homemade do-it-yourself (DIY) kit uses $1,500 worth of equipment to help impersonate a cellphone relay tower. Chris Paget demonstrated the technique on phones ... belonging to audience members at the DEF CON security conference in Las Vegas. He said it involved a flaw in the GSM cellphone technology used by AT ... (view more)

Dell has agreed to replace computer equipment that shipped with a data-stealing virus. The company is hoping to deal with the issue before any users suffer at the hand of criminals. Unlike most hacking attempts, which rely on accessing a victim's ... machine through an Internet connection, this incident brought up the possibility of whether or not malicious software was in fact being physically installed on machines at the factory. The issue only involves replacement parts for servers, however. These replacement parts are for computers that are primarily used to host websites and, in business ... (view more)

Microsoft has unveiled an updated edition of its free security software, dubbed Microsoft Security Essentials. The new edition of Security Essentials is currently in beta edition and offers several new features. Debuting in September 2009, Microsoft ... Security Essentials replaces Windows Live OneCare which was based on a paid subscription model. At the time, OneCare was seen as a potential threat to the commercial cyber security market. (Source: pcworld.com ) Although there's no evidence yet of a significant effect on sales of premium security products, most reviews of Microsoft Security ... (view more)

Dell has now taken a new approach to combating online malware, focusing not on its prevention but on effective measures needed to trap it when infection occurs. The Dell KACE Secure Browser provides a virtualized version of Mozilla's Firefox onto a ... machine and has the ability to keep malware locked into a browser, rather than having it spill over and infect the entire PC, including the operating system. In techy speak, this is referred as a virtualized sandbox, or " sandboxing " for short. As one Dell spokesperson said, "Any changes resulting from [unwanted] browser activity ... (view more)

Two security researchers say they've managed to prove a long-standing theory about how hackers breach online security. It involves taking advantage of a split-second quirk in the verification of online processing. The exploit could affect millions ... of online users, as it involves two login schemes which have been widely adopted by large corporate sites. (Source: computerworld.com ) Timing Attack is Key to Exploit The technique in question is known as a timing attack. It works on the basis that some password-protected systems will automatically reject an incorrect password as soon as it finds a ... (view more)

A security researcher says hackers could take control of millions of routers. Craig Heffner, of security firm Seismic, says half of the models he tested were vulnerable to a recently discovered hack. Routers, which allow an Internet connection to be ... shared among multiple computers, are extremely common -- especially for those of us who use high-speed Internet. Even if you own only one computer and don't share your connection with others in your household or office, chances are you're using a router of some kind. In short, the router acts as a gateway to the Internet and directs traffic back ... (view more)

It's often argued that restaurants are the most likely place for people to suffer credit card fraud. But a new report claims hotels are actually the most at-risk locations. The restaurant theory is based on the fact that people are more likely to ... hand over cards and let them out of their sight as they are taken away for processing. But security firm Trustwave believes the real danger isn't dishonest staff or venues, but rather criminals attempting to intercept data transmissions. 38% Of Fraud Cases Involved Hotels Trustwave recently evaluated credit card hacking reports for 2009 and found ... (view more)