Rodney Campbell's Blog

Thinking fast-flux: New bait for advanced phishing tactics

Years ago, attackers would often have one or two really important machines that were the centerpiece of their criminal money-making schemes. The bad guys, thus, often faced one or more single points of failure in their criminal infrastructures. So, how have today’s enterprising bot-herders, making millions of dollars from their criminal empires, responded to the single points of failure? Two words: fast flux.

Eavesdropping on Bluetooth headsets

Few users realize that Bluetooth headsets can be exploited granting a remote attacker the ability to record and inject audio through the headset while the device is not in an active call.

New iPhone Trojan Spreading

Seen more as a prank than an actual threat, a Trojan horse for the Apple iPhone, has already come and gone. Still, users should be on the look out for a package called “iPhone firmware 1.1.3 prep,” described as something you need to install before updating to the new 1.1.3 firmware.

Master Boot Record rootkit

Matt Richard from Verisign’s iDefense sent us some information regarding the Master Boot Record (MBR) rookit that’s been found in the wild in the past weeks.

Oak Ridge National Labs hit with targeted attacks

Oak Ridge National Laboratory (ORNL) announced last week that more than a dozen employees fell prey to a “a sophisticated cyber attack”, exposing a database containing visitors’ personal information.

Ask.com enables anonymous web search

Web search site Ask.com has launched a feature that allows users to delete data on their search queries.

Media player users beware – more vulns ahead

Attack code has already been released… codec used by older versions of Windows Media Player, made by Microsoft, and in AOL’s Winamp.

DNS attack could signal Phishing 2.0

Open-recursive’ DNS servers could redirect users to phishing sites, researchers say.

The ‘Malware Economy’ Evolves

Over the years, the criminal elements, the ones who are making money, making millions out of all this online crime, are just getting stronger and stronger. I don’t think we are really winning this war.

MPAA Hit By DMCA Takedown

Developer Matthew Garrett succeeded in getting the MPAA to remove their ‘University Toolkit’ after claims it violated the GNU GPL. After several unsuccessful attempts to contact the MPAA directly, Garrett eventually emailed the group’s ISP and the violating software was taken down.

Google disables Gmail accounts by mistake

Google this week mistakenly disabled the Gmail accounts of an undetermined number of users due to an apparently overzealous attempt by the company to combat spammers.

Hackers Launch Major Attack on US Military Labs

Hackers have succeeded in breaking into the computer systems of two of the U.S.’ most important science labs, the Oak Ridge National Laboratory and Los Alamos National Laboratory.

Software maker releases the hounds on security vuln reporter

Legal attack dogs for enterprise search provider Autonomy have threatened action against Secunia after the vulnerability publisher asked for information relating to a serious bug in an Autonomy product.

Apple’s rising popularity attracts hackers

Over the past two years, we had found one or two pieces of malware targeting Macs, said Patrik Runald, an F-Secure security researcher. Since October, we’ve found 100-150 variants.

Is security software becoming a security risk?

Due to bugs in antivirus software, the security suite becomes a risk by itself, and adding multiple pieces of security software makes the problem worse, not better.

Zero-Day Exploit for Apple QuickTime Vulnerability

Proof of concept exploit code for a newly discovered vulnerability in Apple’s QuickTime player has been made available to the public today. The vulnerability (Apple QuickTime RTSP Response Header Content-Length Remote Buffer Overflow Vulnerability) was first reported on November 23rd by Polish security researcher Krystian Kloskowski.

Russian Business Network Study (pdf)

This document brings some enlightenment on RBN activities and tries to detail how it works. Indeed RBN has many constituents and it’s hard to have a precise idea on the goal of some of them and the way they’re linked with other constituents.

Windows XP outshines Vista in benchmarking test

New tests have revealed that XP with the beta Service Pack 3 has twice the performance of Vista, even with its long-awaited Service Pack 1.

Researchers study open-proxy attacks

Advertising and click-through fraud top the list of malicious activities funnelled through open proxy servers.

Adding Math to List of Security Threats

One of the world’s most prominent cryptographers issued a warning on Friday about a hypothetical incident in which a math error in a widely used computing chip places the security of the global electronic commerce system at risk.

Hackers Use Banner Ads on Major Sites to Hijack Your PC

The worst-case scenario used to be that online ads are pesky, memory-draining distractions. But a new batch of banner ads is much more sinister: They hijack personal computers and bully users until they agree to buy antivirus software.

90% of IT Professionals Don’t Want Vista

A survey by King Research has found that Ninety percent of IT professionals have concerns using Vista, with compatibility, stability and cost being their key reasons. Interestingly, forty four percent of companies surveyed are considering switching to non-Windows operating systems, and nine percent of those have already started moving to their selected alternative.

Know Your Enemy – Behind the Scenes of Malicious Web Servers (pdf)

In this paper we will give a brief functional overview of several web exploitation kits, then delve into answering the questions above through analysis of these kits and malicious web servers that use it. The web exploitation kits that we will examine are Webattacker, MPack and Icepack. We conclude with implications of our discoveries on client honeypot technology and future studies on malicious web servers.

Using Google To Crack MD5 Passwords

A security researcher at Cambridge was trying to figure out the password used by somebody who had hacked his Web site. He tried running a dictionary through the encryption hash function; no dice. Then he pasted the hacker’s encrypted password into Google, and voila — there was his answer. Conclusion? Use no password that any other human being has ever used, or is ever likely to use, for any purpose. I think.