recent posts

Web Fraud 2.0: Distributing Your Malware
Opera Update Plugs Multiple Security Holes
Web Fraud 2.0: Digital Forgeries
Web Fraud 2.0: Validating Your Stolen Goods
Web Fraud 2.0: Cloaking Connections

Stories by Category

Stories By Date

related links

The Archives
Security Fix Live: Web Chats
About This Blog
Password Primer
7 Security Tips
Technology Section

syndicate

About This Blog   |   Archives   |   RSS Feeds RSS Feed   (What's RSS?)

Archive: August 2006

Using Images to Fight Phishing

So-called "phishing" Web sites set up by scammers to mimic financial institutions and swindle unwitting consumes often "inlink" or borrow logos and other images directly from the targeted institution's Web sites as a way of making their scam pages look...

By Brian Krebs | August 31, 2006; 10:45 AM ET | Comments (20)

Anti-Virus Testing and Consumer Reports

Consumer Reports recently came under heavy fire from some in the anti-virus industry for creating some 5,500 new virus variants to see how well a dozen leading products fared in detecting the new nasties. More than 100 security experts and...

By Brian Krebs | August 29, 2006; 7:11 PM ET | Comments (29)

Sun Acknowledges Security Hole in Patch Process

I have always dreaded security updates from Sun Microsystems to fix problems in their Java software. For one thing, the updates typically are huge and time consuming, the instructions for downloading and installing the fixes labrynthine, and when all is...

By Brian Krebs | August 29, 2006; 10:44 AM ET | Comments (33)

Botnet Operator Sentenced to 37 Months in Prison

A California man whose online criminal ring hacked into hundreds of thousands of computers and disrupted operations at a U.S. hospital and several military installations was sentenced Friday to 37 months in prison for his crimes. Christopher Maxwell, 21, of...

By Brian Krebs | August 28, 2006; 3:52 PM ET | Comments (11)

Paris Hilton Accused of Phone Phreakiness

You may have read the story from a while back about how hackers broke into socialite Paris Hilton's cell phone account and posted online racy pictures of the hotel heiress stolen from her mobile device (turns out the perpetrators were...

By Brian Krebs | August 25, 2006; 9:05 AM ET | Comments (12)

Microsoft Re-Releases Internet Explorer Patch

Microsoft today re-released a patch it originally issued earlier this month to plug security holes in its Internet Explorer Web browser. Redmond had planned to re-release the patch earlier this week, which has caused periodic crashes for IE installations on...

By Brian Krebs | August 24, 2006; 3:05 PM ET | Comments (0)

Update on the Apple Macbook Claims

Apple today issued a statement strongly refuting claims put forth by researchers at SecureWorks that Apple's Macbook computer contains a wireless-security flaw that could let attackers hijack the machines remotely. That claim was made by SecureWorks researcher David Maynor at...

By Brian Krebs | August 18, 2006; 4:01 PM ET | Comments (74)

When Online Crooks Advertise

Last week at the DefCon hacker conference in Las Vegas, I mentioned a fantastic short video showed by speaker and FBI agent Thomas X. Grasso, who talked about how online criminals have gotten so organized that they are now creating...

By Brian Krebs | August 16, 2006; 4:51 PM ET | Comments (5)

Cross-Site Scripting Flaws Abound

Security Fix has dedicated quite a bit of "ink" lately to covering the dangers of cross-site scripting flaws -- programming errors commonly found on commercial Web sites that phishers and online scam artists can use to trick users into giving...

By Brian Krebs | August 15, 2006; 2:41 PM ET | Comments (4)

The Black Hat Wireless Exploit Interview, Verbatim

I've received an overwhelming amount of hate mail from Mac enthusiasts over two previous posts on a wireless-device-driver presentation at the Black Hat hacker conference, with people accusing me of all kinds of nasty things. Rather than respond to every...

By Brian Krebs | August 15, 2006; 1:33 PM ET | Comments (45)

Spammers Exploiting Newly Detailed Windows Flaw

Organized criminals already are taking advantage of a newly detailed security hole to hijack computers running Windows software and turn them into relays that spammers can use to send junk e-mail anonymously. In an unusual move, the Department of Homeland...

By Brian Krebs | August 13, 2006; 5:27 PM ET | Comments (8)

Defcon 14 Wrapup, at Long Last

Security Fix is just now getting around to blogging about some of the other highlights from the Defcon hacker conference I attended this week in Las Vegas. (I had to recharge my batteries after sleeping fewer than four hours between...

By Brian Krebs | August 11, 2006; 2:41 AM ET | Comments (8)

Defcon Speakers Team Up to Fight 'Queen Bots'

Imagine for a moment that our central defense against bank robbers was a technology that recognized criminals based largely upon their physical appearance. Now imagine that the bad guys had figured out a way to rapidly and automatically change not...

By Brian Krebs | August 9, 2006; 5:25 PM ET | Comments (8)

Apple Mac Pro Users Urged to Apply Security Updates

Apple today issued two additional security patches for users who recently bought a new Mac Pro. On Aug. 1, Apple pushed out fixes to plug 26 security holes in different versions of the Mac OS X operating system. Turns out...

By Brian Krebs | August 9, 2006; 4:50 PM ET | Comments (1)

Microsoft Fixes 23 Security Flaws

Microsoft Corp. today released free software updates to fix nearly two dozen security holes in its Windows operating system and Microsoft Office products. At least 17 of the 23 flaws could be exploited by attackers to hijack vulnerable systems or...

By Brian Krebs | August 8, 2006; 3:08 PM ET | Comments (26)

DefCon Delays Can't Stop the Madness

LAS VEGAS, Aug. 4 -- DefCon, the nation's largest annual hacker conference, is well underway here at the Riveria Hotel and Casino, and as usual there is just far too much to see and do to really take it all...

By Brian Krebs | August 5, 2006; 5:52 AM ET | Comments (7)

Google to Warn of 'Badware' Sites

Google said today that it has started warning Web surfers when they click on search results that may lead to sites that try to install spyware or adware on their computers. If you do a Google search for "Asta-Killer," for...

By Brian Krebs | August 4, 2006; 4:36 PM ET | Comments (7)

At Least 12 Patches from Microsoft Next Week

Microsoft said today that it plans to issue at least 12 security updates to fix vulnerabilities in its Windows and Office products. Redmond says 10 of the updates will address flaws -- some of them "critical" -- in Windows. No...

By Brian Krebs | August 3, 2006; 6:08 PM ET | Comments (3)

Javascript Attacks on Steroids

LAS VEGAS -- Just sat through a rather disturbing presentation here at Black Hat on how bad guys can use Javascript to circumvent hardware and software firewalls and wreak havoc on a target's internal network. Jeremiah Grossman and T.C. Niedzialkowski,...

By Brian Krebs | August 3, 2006; 4:20 PM ET | Comments (2)

Intel Issues Patches to Fix Wireless Flaws

Intel has released updates to fix at least seven separate security flaws in the low-level software that powers its Centrino wireless devices. The flaws reside in Intel's wireless "device drivers," and are present at such a fundamental level of the...

By Brian Krebs | August 3, 2006; 12:25 PM ET | Comments (3)

Follow-up to the Macbook Post

I'd like to respond to the people who commented on yesterday's post about the video's depiction of the use of a third-party wireless card on the Macbook. I spent more than an hour with Dave Maynor watching this exploit in...

By washingtonpost.com Editors | August 3, 2006; 9:00 AM ET | Comments (115)

Hijacking a Macbook in 60 Seconds or Less

UPDATE, 6:45 p.m. ET: Watch the video of the Ellch/Maynor presentation on a new method they discovered for remotely circumventing the security of an Apple Macbook computer to seize total control over the machine. For background and details, see...

By Brian Krebs | August 2, 2006; 6:45 PM ET | Comments (0)

'Spamford' Spins Disks at Black Hat

LAS VEGAS, Aug. 2 -- One of the most notorious and successful spammers of all time -- Sanford Wallace (a.k.a. "Spamford") -- is set to DJ at the OPM club here at Caesar's Palace Hotel where Black Hat 2006 is...

By Brian Krebs | August 2, 2006; 6:23 PM ET | Comments (0)

Talking With the Dark Tangent

LAS VEGAS, Aug. 1 -- Security Fix recently caught up with Jeff Moss -- a.ka. "Dark Tangent" -- the founder of Defcon and Black Hat, the two enormous hacker conventions that take place in Las Vegas each summer. Jeff Moss...

By washingtonpost.com Editors | August 1, 2006; 7:35 PM ET | Comments (0)

Apple Issues Bundle of Security Updates

Apple today released a bundle of software updates to fix more than two-dozen security weaknesses in computers powered by its Mac OS X operating system. Apple issued updates to address 26 distinct security issues, by my count anyway. The patches...

By Brian Krebs | August 1, 2006; 6:37 PM ET | Comments (0)

Black Hat and Defcon 2006: Security Fix Heads to Vegas

Security Fix is headed to Las Vegas for the better part of the next week to cover two back-to-back hacker conferences. The first is Black Hat USA 2006, which runs Wednesday and Thursday and caters to security professionals and...

By Brian Krebs | August 1, 2006; 9:40 AM ET | Comments (0)

 

©  The Washington Post Company