Rodney Campbell's Blog

Archive for November, 2006

2006.11.20 Daily Security Reading

by on Nov.20, 2006, under Security

PCI cards the next haven for rootkits? [pdf]

An interesting article about a paper published on the possibility of hiding a rootkit in different PCI cards and have the rootkit survive a reboot or cleansing of the hard disk. It seems though that the author of the article doesn’t think this would be abused.

A New Vulnerability In RSA Cryptography

Branch Prediction Analysis is a recent attack vector against RSA public-key cryptography on personal computers that relies on timing measurements.

Cracked it!

Three million Britons have been issued with the new hi-tech passport… So why did Steve Boggan and a friendly computer expert find it so easy to break the security codes?

Honeypot Mirroring .edu domains under .eu / Active Threat

What is appears, for the moment, is that this machine is running a honeypot to capture passwords for people who typo .edu as .eu

Malware goes to the movies

Online attackers have started to experiment with embedding malicious code or links to such code in different video formats.

Deconstructing a Pump-and-Dump Spam Botnet

Shows the inner working of a massive botnet that is responsible for the recent surge of ‘pump and dump’ spam. It’s a detailed picture of how these sleazy operations work and why they’re so hard to shut down. Sobering numbers: 70,000 infected machines capable of pumping out a billion messages a day, virtually all of them for penis enlargement and stock scams. Excellent graphics, too, including one chart that shows that Windows XP Service Pack 2 is hosting nearly half the attacked machines.

Comments Off on 2006.11.20 Daily Security Reading more...

2006.11.16 Daily Security Reading

by on Nov.16, 2006, under Security

IronPort stops 98% of image spam

IronPort has announced significant progress in the war against image spam.

Microsoft Security Bulletin Summary for November, 2006

Virtualization and security

It’s a pity that discussions on the subject of security vulnerabilities associated with virtual servers tend to focus on Windows: If a virtual machine is running as a guest on a Windows host, an exploit on the guest VM can climb up to the Windows host, and then all hell can break loose. There’s more to securing virtual servers than not running VMs as guests of a Windows host.

SANS – Human error top security worry

Targeted attacks focus on humans, and they often work… even after hours of computer security instruction, 90% of freshmen cadets still clicked on the link.

Kevin Mitnick’s Security Advice

Protecting yourself is very challenging in the hostile environment of the internet. Imagine a global environment where an unscrupulous person from the other side of the planet can probe your computer for weaknesses, and exploit them to gain access to your most sensitive secrets. Here’s my Top 10 list of steps you should take to protect your information and your computing resources from the bad boys and girls of cyberspace.

Symantec delivers Mac OS X security report [pdf]

Security vendor Symantec has issued a detailed report on current Apple Mac OS X threats, covering a wide range of security issues that affect the platform today.

SpamThru Statistics

Working with the anti-spam group SpamHaus and the ISP, we were able to receive access to files from the SpamThru control server. We have analyzed the files, and in this report we will look at some of the statistics and interesting finds.

The A to Z of security

Got the Love Bug? Scared of spyware? Read all about what’s keeping techies awake at night…

Comments Off on 2006.11.16 Daily Security Reading more...

2006.11.15 Daily Security Reading

by on Nov.15, 2006, under Security

Microsoft unleashes improved Firefox

The open source community is in a state of shock this morning at the news that Microsoft has released a version (or here) of popular browser Firefox. Download it here, but, check the minimum requirements first :).

Meet the world’s most prolific spammers

Rogues’ gallery Spamhaus has published a revised list of the world’s 10 worst spammers. According to the anti-spam organisation, 200 professional spam gangs are responsible for 80 per of the high volume of junk mail pumped onto the internet every day.

Report – Firefox 2.0 Trumps IE7 In Phish-Fighting

Firefox blocked 243 phishing sites that IE7 overlooked, while IE7 blocked 117 sites that Firefox did not.

Comments Off on 2006.11.15 Daily Security Reading more...

2006.11.14 Daily Security Reading

by on Nov.14, 2006, under Security

Password-cracking contest results

Are long, noncomplex passwords harder to crack than short, complex passwords? These results lean toward yes.

Policy and Compliance in The Workplace

Compliance. Regulation. Security. These are the reasons why organisations write policies. But how can you be sure that staff have read, understood, and agreed to policy? And how can you demonstrate policy compliance to auditors and regulators? Posting policies on the intranet, or relying on emails or staff handbooks leaves policies ignored, and impossible to track.

Comments Off on 2006.11.14 Daily Security Reading more...

2006.11.10 Daily Security Reading

by on Nov.10, 2006, under Security

Microsoft to release six Windows security updates

Microsoft Corp. will release six groups of security patches next Tuesday. The updates will be released as part of Microsoft’s regularly scheduled monthly patch release, and will fix critical flaws in Windows and the company’s XML (Extensible Markup Language) parser

Windows Vista Security Guide Now Available

This guide provides instructions and recommendations to help strengthen the security of desktop and laptop computers running Windows Vista in a domain with the Active Directory directory service.

Google Accidentally Sends Out Kama Sutra Worm

Google accidentally sent out e-mail containing a mass mailing worm to about 50,000 members of an e-mail discussion list focused on its Google Video Blog, the company said Tuesday.

What’s With All This Spam?

October was a spammy month. The assumption is this spike in spam levels is a result of a new generation of viruses and zombies that can infect PCs more quickly and are harder to get rid of. In its October report, messaging security vendor MessageLabs says the spike is largely due to two Trojan programs, Warezov and SpamThru. Others say a new breed of spam messages called image spam — messages with text embedded in an image file that evade spam filters, which can’t recognize the words inside the image — is responsible.

Comments Off on 2006.11.10 Daily Security Reading more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Copyright © 2015 Rodney Campbell

Images contained on this web site may not be used or reproduced in any way without prior permission.