By way of Sunbelt blog… The Phishtank at Internet Defence has a realtime archive of phishing emails as well as real time information on the status of their host sites. On their phishing site monitor it says…
Category: Security
-
Wireless Driver Vulnerabilities
There are a couple notes to pass along with regards to some pretty serious vulnerabilities in various wireless network adapter drivers. First, Sans has information on some Intel Centrino updates that resolve some vulnerabilities that would affect the Windows Centrino driver and the ProSet management software. F-secure chimes in on this noting that the download is a whopping 129MB.
-
Time for Apple Mac OS X updates again
From the look of it Apple has released a bunch of updates for OS X. A number of security issues are detailed. As always, SANS has some good details and links to more info on each of the ~13 issues. Many of them are legacy bugs if you will from older *nix-based systems. This is as good a time as any for the now familiar lesson – NO operating system is invulnerable, you must keep any software install updated with current security patches.
-
More reason to be cautious with Firefox plugins
Again…. this article referring to an exploit related to the cross platform plugin capability in firefox, is a GOOD reminder to be cautious when looking at potential plugins to install for mozilla firefox. In fact, the advice is usually do NOT install software (including plugins) from untrusted sources. By all means, please investigate any piece of software before downloading and installing. (And please don’t take just the software makers word for it…. ie. “my toolbar is really cool and makes firefox work better” does not equal something you can now trust and install.)
-
Banks and Web security
George Ou has a good post on Banks cheating their way to meet web security guidelines. Many of the observations that he notes come from the Between the Lines column here and are SPOT ON. The biggest I see is related to “multifactor authentication”….
-
Security Tip a day for August
SANS has an answer to last months browser vulnerability a day blog… for August they’ll present a security tip a day. So, if you haven’t visited the handlers diary, this may be a good time to “tune in”. The first one has to do with strong passwords (I think they decided they may as well get that out of the way up front….)
-
Fun way to mess with wireless freeloaders….
Some people spend a lot of time finding ways to block the freeloaders from their wireless internet. Others find fun ways to mess with them…. They start off by settup up dhcpd.conf to carve out two subnets a “good” one with known mac addresses and an untrusted…. then the fun begins with some proxy side image manipulation. Either upside down images, blurry images, etc. I wonder why you don’t just take it a step further…. block images entirely and replace with a jpg of your choice. IF you have a very BUSY accesspoint with freeloaders – maybe you could even sell an ad…. or do a captive portal for the untrusted crowd that redirects through a page that says…. “Uploading personal data…. Please wait…. Credit Card info transfered…. browsing history transfered….. email history transfered…. My Documents in progress…” Of course, it would be actually doing this…
-
Firefox 1.5.0.5 out and be cautious with extensions…
Well, let’s start with the extensions first. Like ANY software, you should be cautious installing something from an untrusted source. If you think an extension looks neat and cool – look for reviews and third party information before installing it. That much said…. never install an extension that comes attached as an unexpected email…. Apparently, just that has been happening a password stealing trojan has been showing up as an email attachment that appears to be a firefox extension. OK – quick review – what’s the weakest link in computer security (grab mirror and look….) Now… Mozilla has also released some security updates for Firefox….
-
Internet Explorer 7 as High Priority update and the ability to prevent it’s auto-download
The news has come that Internet Explorer 7 will come out as a high priority security update when it’s released later this year. This should mean good things for the folks that are still using IE6 as it will bring quite a few security enhancements. (On a side note, my test of Vista with IE7 failed to display averyjparker.com … other sites hosted on the same server worked, but I got a page not found for that domain. More testing there to come.) Microsoft has noted that not everyone will want all their pcs to automatically update to IE7 and so… They’ll issue a tool to block that update if one chooses.
-
Microsoft Issues advisory on Powerpoint flaw
Here’s the link to Microsoft’s advisory. The main workaround seems to be…. Don’t open or save powerpoint attachments that you receive from untrusted sources, OR that you receive unexpectedly from trusted sources…. So, the only real workaround is what SHOULD be common practice. Whether or not there is a vulnerability in the news you should always be cautious with receiving file attachments. ANYTHING unexpected, even from a trusted source, should be verified “out of channel”.