recent posts

Web Fraud 2.0: Distributing Your Malware
Opera Update Plugs Multiple Security Holes
Web Fraud 2.0: Digital Forgeries
Web Fraud 2.0: Validating Your Stolen Goods
Web Fraud 2.0: Cloaking Connections

Stories by Category

Stories By Date

related links

The Archives
Security Fix Live: Web Chats
About This Blog
Password Primer
7 Security Tips
Technology Section

syndicate

About This Blog   |   Archives   |   RSS Feeds RSS Feed   (What's RSS?)

Archive: July 2006

Faulty Update Stymies Norton Users

A Security Fix reader wrote in on Sunday to complain that his copy of Norton Anti-Virus 2006 had gone haywire, and a little digging turned up a number of similar complaints from other Norton users. Dan from Bethesda wrote in...

By Brian Krebs | July 30, 2006; 11:11 PM ET | Comments (0)

Bot-Slaying ISP Hall of Fame

"Botnets" -- large armies of hijacked personal computers that bad guys use for everything from spamming to knocking Web sites offline -- are a constant security threat to business and home users alike. Disabling the online communications channels that cyber...

By Brian Krebs | July 28, 2006; 3:25 PM ET | Comments (5)

Microsoft to Push Out IE7 as High Priority Update

Microsoft is apparently planning to ship Internet Explorer 7 out to Windows XP users as a "high priority" security update later this year, according to a company spokesperson. While the new browser version will be pushed out through Windows' Automatic...

By Brian Krebs | July 27, 2006; 12:52 PM ET | Comments (17)

Mozilla Issues Security Updates for Firefox

Mozilla has pushed out a new version of Firefox that cleans up a dozen security flaws, more than half of which could be used by malicious Web sites or attackers to hijack the browser or the user's computer. The new...

By Brian Krebs | July 27, 2006; 9:56 AM ET | Comments (0)

Password-Stealing Trojan Disguised as Firefox Extension

A spam e-mail making its rounds with a file attachment disguised as an "extension" or add-on for the Mozilla Firefox browser is actually a Trojan horse program, which allows attackers to install programs that intercept Web traffic from a victim's...

By Brian Krebs | July 26, 2006; 3:03 PM ET | Comments (0)

FBI Charges HOPE Speaker with Witness Tampering, Obstructing Justice

Security Fix obtained a copy of the complaint against "Steven Rambam" the private investigator arrested Saturday at the Hope Number Six hacker conference in New York City. The government document says Rambam is an alias, and that his real name...

By Brian Krebs | July 24, 2006; 1:07 PM ET | Comments (0)

HOPE Speaker Arrested by the Feds

Security Fix just learned that Steven Rambam, the owner and CEO of Pallorium Inc., a company that bills itself as the largest privately held online investigative service in the United States, was arrested this afternoon by FBI agents just moments...

By Brian Krebs | July 22, 2006; 6:11 PM ET | Comments (0)

Hacking Windows and Hucking Throwies at HOPE

Here at the Hope Number Six conference in New York City, hacking windows is a popular pastime. But hackers who didn't bring their needle-nose pliers to the Hotel Pennsylvania may have had a harder time of it. You see, the...

By Brian Krebs | July 22, 2006; 3:17 PM ET | Comments (0)

Greetings From HOPE

I am blogging from downtown New York City, where the HOPE Number Six hacker conference is just about to get under way. The "HOPE" part stands for "Hackers on Planet Earth," a biennial conference in the heart of the Big...

By Brian Krebs | July 21, 2006; 1:10 PM ET | Comments (1)

Point and Click DDoS Attacks

Seems like the Internet's bad guys have automated all their attacks these days. A good friend of mine pointed me to a blog post by security blogger and anti-spyware ninja Chris Boyd -- a.k.a "Paperghost" -- about adware from Zango...

By Brian Krebs | July 20, 2006; 1:40 PM ET | Comments (0)

Hacked Ad Seen on MySpace Served Spyware to a Million

An online banner advertisement that ran on MySpace.com and other sites over the past week used a Windows security flaw to infect more than a million users with spyware when people merely browsed the sites with unpatched versions of Windows,...

By Brian Krebs | July 19, 2006; 12:37 PM ET | Comments (117)

MySpace Attacked by Flash Worm

A number of personal pages on the social networking site MySpace.com were attacked over the weekend using a security flaw in Macromedia Flash -- a flaw that Adobe released a patch to fix just last week. The worm spreads each...

By Brian Krebs | July 18, 2006; 9:19 AM ET | Comments (0)

EBay Fixes Serious Security Hole in Picture Tool

EBay sellers who use the auction giant's Enhanced Picture Services tool to upload photos to auction pages may be prompted to update the software plug-in the next time they use it, as security experts have discovered a flaw that could...

By Brian Krebs | July 14, 2006; 12:37 PM ET | Comments (0)

Unpatched Powerpoint Flaw Exploited

Online criminals are taking advantage of an unpatched security hole in Microsoft's Office products again. Security experts say they've spotted a flaw in the Powerpoint slide-presentation program being exploited in the wild. This undocumented flaw does not appear to have...

By Brian Krebs | July 14, 2006; 10:55 AM ET | Comments (10)

Microsoft Stabs at Blogspam, Pokes Google

Microsoft today released new research on the epidemic of spam blogs -- or "splogs" -- as well as the "comment spam" that dodgy marketers splatter all over blogs in a bid to improve their sites' search-engine rankings. Redmond's research team...

By Brian Krebs | July 13, 2006; 12:20 PM ET | Comments (12)

Adobe Issues Security Update

Adobe on Monday issued a new version of Acrobat to fix what it called a "critical" security vulnerability in the program that hackers could use to hijack machines running the software just by convincing people to open a specially crafted...

By Brian Krebs | July 12, 2006; 10:45 AM ET | Comments (16)

Microsoft Patches 18 Security Flaws in Windows, Office

Microsoft Corp. today released seven security updates to address 18 separate flaws in its Windows operating systems and Office software, including 13 problems that earned a "critical" severity rating, the company's most dire. Microsoft labels a security hole as "critical"...

By Brian Krebs | July 11, 2006; 4:00 PM ET | Comments (10)

Windows 98/ME-Friendly Security Tools

Last week, I blogged about Microsoft's plans this month to end support and security patches for Windows 98 and Windows ME. Given what I heard from a number of users who said they planned to keep using those systems indefinitely,...

By Brian Krebs | July 11, 2006; 10:22 AM ET | Comments (40)

Citibank Phish Spoofs 2-Factor Authentication

Security experts have long touted the need for financial Web sites to move beyond mere passwords and implement so-called "two-factor authentication" -- the second factor being something the user has in their physical possession like an access card -- as...

By Brian Krebs | July 10, 2006; 4:24 PM ET | Comments (71)

Macromedia Flash Update Prompts an SF Rant

A newly released version of Adobe's Macromedia Flash Player fixes at least two security flaws in the program that more than 200 million people have installed on their computers. Security vendor Fortinet released two advisories calling attention to the vulnerabilities,...

By Brian Krebs | July 7, 2006; 11:35 AM ET | Comments (29)

Seven Security Updates From Microsoft Next Week

Next Tuesday is shaping up to be another busy one for computer and network administrators responsible for keeping hordes of machines updated with the latest Windows security patches from Microsoft. Redmond said today it plans to issue at least seven...

By Brian Krebs | July 6, 2006; 2:02 PM ET | Comments (1)

Microsoft to End Patches for Windows 98 & WinME

The Washington Post on Saturday ran a story I wrote about Microsoft ending support for Windows 98, Windows 98 Second Edition (SE), and Windows Millennium (ME), pointing out that after July 11, Microsoft will no longer ship software security patches...

By Brian Krebs | July 4, 2006; 3:38 PM ET | Comments (39)

 

©  The Washington Post Company