A Russian network of spam and malware affiliates known as “Partnerka” are beginning to aggressively focus on Apple Mac platform offering $.43 for each Mac machine infected.  Dmitry Samosseikko from Sophos Labs provided a stunning presentation at VB Conference 2009. 

As I discussed in the previous post about the Army taking up the Apple Mac platform that the common thought that Macs are immune to malware and have very few security issues was mostly bunk.  In fact, on a monthly basis the Apple Mac platform has more vulnerablities than Microsoft Windows OS.

As with most affiliate programs, the site was offering promotional material in the form of MacOS video  players and other trojanware.  DNS Changer trojans embedded in promises of porn videos was a popular stunt to infect Mac machines.

Author: Christopher

(2 votes, average: 3.00 out of 5)

 Loading ...

Another recent large scale breach has been identified as University of North Carolina at Chapel Hill notified around 163,000 women that there is a potential compromise that may result in the leak of personal information as well as their social security numbers.  This potential leak is due to a hacker breaching a system containing this data.

Although the breached server at UNC School of Medicine contained information on 236,000 women, only 163,000 contained social security information.   Matt Mauro, chairman of the university’s Department of Radiology said the breach was originally discovered in July but the intrusion may have taken place as long as two years ago.  Mauro said “We think we found some viruses that date back to 2007″.

The server was taken offline since July when the breach was detected and the sites sending information to UNC have temporarily stopped.  Forensic teams required time to piece together the extent of the damage and potential leaked information and is the main reason given for the delayed annoucement.  They do not believe the information was downloaded or modified in anyway at this point.

Author: Christopher

(1 votes, average: 5.00 out of 5)

 Loading ...

James Slater found a cross-site-scripting vulnerability on Twitter.com which Twitter claims is now fixed.  According to James, it is not fixed.  The vulnerability allows malicious JavaScript to be embedded with user tweets.   This can result in user accounts being compromised and the owner can loose control of their account.

The vulnerability comes down to Twitter’s application programming interface (API) that allows developers to interface with Twitter through their own software.  Popular software packages like Twirl, TweekDeck, and HootSuite use this API to create and read posts on behalf of the user.  The API does not filter the url of the applications using Twitter, allowing malicious JavaScript to be sent along with the URL.

This threat is almost impossible for the average user to protect against, as just seeing the tweet is enough to have your account taken over.  Twitter’s response to this vulnerability was to filter out space characters from the address box in the application, but this only makes it slightly more difficult.

More information about this vulnerability can be found on David Naylor’s site.  David Naylor is a well known search marketing consultant who broke the news to Twitter.

Author: Christopher

(No Ratings Yet)

 Loading ...

Another update to the open source WordPress blogging platform has been released.  This update is primarily a security update for a password reset flaw that was introduced with version 2.8.3.  It is recommended all WordPress blog admins update their copy of WordPress to 2.8.4 immediately.  If you do  not use subversion to control your updates, we highly recommend you look into it as it can dramatically speed up and simplify the process of updating your blog(s).

This flaw can compromise WordPress and WordPress MU installations using a simple browser based exploit.  More detail on the problem can best be explained by Swa Frantzen at SANS Internet Storm Center:

Wordpress unauthenticated administrator password reset

Author: Christopher

(No Ratings Yet)

 Loading ...

Twitter has been down since 6am PST.  They changed the IP of their website and it has been confirmed this is an on-going Distributed Denial of Service Attack (DDOS).  [...] Continue Reading…

Author: Christopher

(No Ratings Yet)

 Loading ...

Mozilla released Firefox 3.52. today that patches two vulnerabilities related to how the browser uses SSL certificates.  Updating to this version via the auto update should protect against man-in-the-middle [...] Continue Reading…

Author: Christopher

(No Ratings Yet)

 Loading ...