2006.12.21 Daily Security Reading

Keep Your Identity Safe This Christmas

Identity thieves love Christmas too, and with many of us traveling abroad or visiting family and friends, it’s the perfect time for them to steal your identity. Even airline boarding pass stubs can, in some cases, contain enough information for identity fraudsters to steal your identity.

Skype Worm in the Wild

Internet security firm Websense has discovered a worm that uses Skype to propagate.

Data theft using JavaScript

The Windows clipboard is used for everyday copy-and-paste operations. When copying sensitive information such as credit-card numbers and passwords, the data is stored in an unencrypted form on the clipboard and is accessible from any web site with simple JavaScript code.

Month of Apple bugs coming

Two security researchers have made an early New Year’s resolution, promising to release information on a security bug in Apple’s software every day for a month, most likely January.

2006.12.19 Daily Security Reading

Corporate protection against fraud

The main problem for users in 2007 will be Internet fraud. The most well-known is the classic phishing. If gullible users receive an email from their bank, they will go where they are told to and leave enough data to seriously compromise their checking account without thinking twice. But there are fewer and fewer users of this kind, as the information is slowly getting through to Internet users.

An Ominous Milestone: 100 Million Data Leaks

Rapid-fire announcements this week by U.C.L.A. (800,000 records) and Aetna (130,000) moved the total to the threshold, when Boeing revealed the other day that a laptop recently stolen from an employee’s car contained names, Social Security numbers and other data on 382,000 current and former employees of the aerospace giant – bringing the total to a grim 100,152,801 records.

PHP security under scrutiny

Web applications written in PHP likely account for 43 percent of the security issues found so far in 2006.

2006.12.18 Daily Security Reading

Non-OS-dependant malware

All too often people talk about the disadvantages of the Windows operating system: it has too many security flaws, it is not properly patched, it is not security oriented… Until the much talked about Vista system finally reaches our computers, there will still be plenty of time to protest.

Microsoft speeds up phishing shield for IE 7

When you use Windows Internet Explorer 7 to visit a Web page, the computer may respond very slowly as the Phishing Filter evaluates Web page contents.

The hole trick – How Skype & Co. get round firewalls

In order to be able to exchange packets with their counterpart as directly as possible they use subtle tricks to punch holes in firewalls.

Hackers Selling Vista Zero-Day Exploit

Underground hackers are hawking zero-day exploits for Microsoft’s new Windows Vista operating system at USD$50000 a pop, according to computer security researchers at Trend Micro. The Windows Vista exploit – which has not been independently verified – was just one of many zero-days available for sale at an auction-style marketplace.

2006.12.14 Daily Security Reading

Gartner: 75% of networks will have undetected malware

By the end of 2007, 75% of enterprises will be infected with undetected, financially motivated malware that evaded their traditional perimeter and host defenses, according to a new Gartner report.

Backframe – JavaScript attack console

Backframe attack console is a full featured attack console for exploiting web browsers, web users and remote applications. The console is based on a client-server interaction.

The Ten Most Important Security Trends of the Coming Year

SANS Experts Predict the Future.

2006.12.13 Daily Security Reading

You might consider running a spyware scanner if…

Ajax Worm: Proof-of-Concept

One of the core ingredients of Web 2.0 applications is Ajax encompassed by JavaScript. There is no inherent security weakness in Ajax, but in combination with cross-site-scripting vulnerabilities it can be very dangerous.

Forensic Discovery

by Dan Farmer and Wietse Venema is now online for free.

Password Management Concerns with IE and Firefox, part two

This article presents an analysis of the security mechanisms, risks, attacks, and defenses of the two most commonly used password management systems: those found in Internet Explorer and Firefox. The article specifically addresses IE 6 and 7 and Firefox 1.5 and 2.0.

Kaspersky predicts Vista security holes

Antivirus experts from Kaspersky Labs have predicted that 90 percent of current malware will run on Microsoft’s latest operating system, Windows Vista. Although at the moment Vista appears to be more secure than previous Windows operating systems, Kaspersky researchers warned last week that as Vista becomes more popular, it will increasingly become a target for hackers.