For several years now I’ve used a neat tool at Gibson Research to test a clients firewall quick and easy from the web browser. They have a tool called Shields Up that does a limited port scan to determine of network ports are open, closed or “stealth”.
Category: Security
-
WordPress 1.5.1.3 Security Vulnerability
According to the entry for WordPress 1.x at Secunia.com, there is a “Highly critical” WordPress vulnerability announced August 10th that affects all 1.x versions including 1.5.1.3 The details are in this advisory. There is not yet an updated version of WordPress to address the issue, but there is a possible workaround.
-
Exploits in the wild and other news
After perusing the Sans.org handlers diary, there are a few things brewing that should be known. Exploits are in the wild for some of the vulnerabilities addressed by this weeks Microsoft patchfest. There is a Veritas Backup Exec vulnerability and it appears that the Beta of Vista has a network service that might be nice to switch off before you hook up to the internet.
-
Phishing Phax ????
The Register is reporting that a new phishing email is taking a different twist. Instead of directing you to a website, they instruct you to fax your information to a number in the email. (I wonder if phone numbers are harder to track than web servers?)
-
Identity theft
So, you don’t click on “phishy” links, keep your pc free from spyware, only bank at secure websites, do all the good things a cautious computer user is supposed to do to keep from having your identity stolen. Your safe right? Not entirely. I just found this in the Security Fix… Verizon Wireless Fixes leaky website.
-
Sunbeltblog has more info on the identity theft keylogger and will offer removal tool
There another two fascinating posts in the saga of the massive identity theft that was reported in the Sunbelt blog. For starters they detail the beast here. It sounds truly devious, MAY still be related to coolwebsearch after all. It turns off Windows firewall and runs through Internet Explorer (thereby bypassing any other software firewall.)
(more…) -
Anti-phishing tool
I had run across a link that netcraft was trying to combat phishing schemes and I didn’t have time for a detailed look at the time. I’ve since revisited and found their Netcraft toolbar. I’m impressed, it installs in either Internet Explorer (under Windows), or Mozilla Firefox (all platforms.)
-
Brian Krebs talks to the FBI on cybercrime
Just found this interesting post at the Security Fix. It seems Brian has had a chance to ask a question of the FBI director Robert Mueller and to speak with the assistant director in the Cyber Division. There are some interesting answers to his questions.
-
Summary of the windows patches
Over at the Sans Institute (incidents.org), they have a round up of yesterdays windows updates a summary of their severity and some details about some of the problems (one had an invalid signature and had to be re-posted.)
-
Raft of Microsoft updates out – time to get updating
The promised batch of windows updates for today are now out and it turns out there were 3 critical updates out of the 6 released. It looks as though the biggy is an RPC problem with the plug and play system (Plug and play needing a remote procedure call?) This is one that could likely be quickly exloited. There is a workaround on this of having port 139 and 445 firewalled (many places do that by default now, last I checked my ISP does.) Don’t take that as a tool for complacence though. Patch it anyway!