Information Filled Under ‘Web Service Security’ Category
I was reviewing the most recent SANS @RISK Consensus Security Vulnerability Alert and it reminded me of how easy it is to get caught up in the big stuff and overlook the seemingly innocuous when performing Web security assessments. The @RISK alert lists 69 unique Web-related flaws across numerous platforms
Read this article:
Web security oversights: Don’t overlook the “small” stuff
After two years, I continue to be amazed as the number of Conficker infections that remain. There are no new reported variants, instead the older ones continue to exist and even thrive due to poor security practices by individuals or even companies
View post:
Conficker worm exploits MS08-067 – Infections are high with sharp spike in June
MSE and Forefront users should update their virus scanning engines as prompted next week. New Antimalware Engine is planned for release on 15 July 2010 http://blogs.technet.com/b/enginenotifications/archive/2010/07/09/antimalware-engine-release-for-july-2010.aspx QUOTE : As part of regular update of our Antimalware technology to address the latest in the threat landscape, the Microsoft Antimalware Team is planning to release a new antimalware engine on 15 July 2010.
Continue reading here:
Microsoft Security Essentials – New Engine release on July 15th
IE8 is the safest browser Microsoft has released and below are best practices that can improve privacy and security. Internet Explorer 8 – Eight Safety Tips for online shopping http://www.microsoft.com/windows/internet-explorer/tips-and-tricks/safer-online-shopping.aspx QUOTE : Online threats today come in the form of attacks on you and attacks on your computer. Here are eight ways for you to have a safer online shopping experience: 1
More:
Internet Explorer 8 – Eight Safety Tips for online shopping
Earlier this month, Adobe addressed a vulnerability issue that affects three products: Flash Player, Reader and Acrobat. While the Flash Player issue was fixed rather quickly, refer to Adobe Flash Player 10.1.53.64 Security Update , the latter two products did not receive similar love as their updates were only promised to be available at a later date, on June 29, 2010.
Continued here:
Security Updates for Adobe Reader and Acrobat
Our Internet Security 2011 Beta is now available for download . Beta testers receive a six month subscription and the opportunity to influence the final release. The biggest new feature from the lab’s point of view is our “DeepGuard 3″ technology which utilizes cloud based reputation systems, prevalence, source, age, et cetera.
See the rest here:
F-Secure Internet Security 2011 Beta is Available
credit: Shutterstock Poor PC freelance users, we never get the love we deserve! So to help rectify that, I took some time to round up the best 50 PC apps that freelancers can use in their business, in no particular order. Everything from time tracking apps and online storage apps, to anti-virus apps and instant messaging apps, well-known favorites to new-comers in beta, we got a comprehensive list of PC applications to help you organize your digital workflow. 1.
Read more here:
Cool PC Apps: The Top 50 PC Applications for Freelancers
On the 4th of July 2010 YouTube users began complaining that their videos had been hijacked, the comments section of their videos seemed to be most severely affected, many complained that old comments vanished and new comments could not be added. Others reported that offensive messages were popping up on their screen or scrolling horizontally in large fonts and striking colors.
Read more from the original source:
Dangerous XSS vulnerability found on YouTube – the vulnerability explained
The following is a brief summary of all of my posts at ZDNet’s Zero Day for June, 2010. You can also go through previous summaries, as well as subscribe to my personal RSS feed, Zero Day’s main feed, or follow me on Twitter: Recommended reading: The security and privacy ramifications of AT&T’s iLeak The EFF releases new HTTPS Everywhere Firefox extension Researchers find
See the original post:
Summarizing Zero Day’s Posts for June
Search engine optimisation (SEO) techniques have received a fair amount of attention recently, thanks mostly to their use in fake AV distribution. In this blog, I will describe an interesting piece of JavaScript I came across whilst investigating some SEO pages.
View original post here:
Don’t move – or I’ll redirect!
Remember all those long distance phone calls we made? No, me neither – so if you see an email asking you that same question, don’t open it. The spam messages have a subject of “phone calls” and look like this: Hey man.
Read more:
PDF spam phones home to Sality
Regular SophosLabs blog readers may have read previous posts about attacks that have poisoned ads content in order to inject malicious code into legitimate web sites. This is a nasty form of attack which can reach a potentially huge audience
Go here to read the rest:
More attacks using compromised OpenX ad-servers
Acune tix Web Vulnerability Scanner placed first in a paper released by Adam Doup´e, Marco Cova, and Giovanni Vigna from the University of California, Santa Barbara. In the paper “Why Johnny Can’t Pentest: An Analysis of Black-box Web Vulnerability Scanners”, the authors compared the capalities of eleven black box web security scanners (both commercial and open source) against a realistic test web application called WackoPicko.
Read more:
Acunetix WVS takes first place in black box web vulnerability scanners comparison
I was prompted this morning to move to Microsoft Security Essentials Version 1.0.1963.0 and encourage all users to do so when prompted. I also pressed the UPDATE NOW button after updating to ensure the latest signatures were pulled in
See original here:
Microsoft Security Essentials – New Version 1.0.1963.0
Today, a Security Bulletin has been posted in regards to this quarter’s security updates for Adobe Reader and Acrobat. The updates address critical security issues in the products, including CVE-2010-1297 referenced in Security Advisory APSA10-01 .
Read more:
Security updates released for Adobe Reader and Acrobat
40 posts remaining… Just a quick thought for a Friday afternoon. For a while I did informal questionnaires to friends and family and people in general who aren’t hardcore security people about what they type in when they’re going to their bank. The following are the kinds of answers I’d get: “I type in www.bank.com.” “I type ‘bank’ and hit ctrl-enter” “I type in http://www.bank.com” “I type in bank.com and hit enter” But almost never (twice out of dozens of people) I’d hear someone say, “I type in https://www.bank.com” with the “s”.
Read more:
Places to MITM
This article in Le Monde caught my eye today: Australie : pas d’antivirus, pas de connexion à Internet . It concerns a report, published on June 21st by the Australian Standing Committee on Communications, in which the following recommendation is proposed: “… la coupure de l’accès à Internet si l’usager dispose d’un ordinateur infecté par un programme malveillant, ou si la base de données de son antivirus ou son pare-feu n’est pas à jour” For the benefit of any non-Francophones reading, this translates as “the disconnection of internet access if the user has a computer infected with malware, or if his antivirus software is either switched-off or out of date” The suggestion appears to be that the ISP will be tasked with the responsibility of, effectively, running anti-malware health checks on the client’s computer and imposing a kind of “Three Strikes And You’re Offline” rule. It sounds like a good idea - I am all for systems to protect the innocent cyber-surfer - but it must surely involve the installation on the client’s computer of “un logiciel espion” , spyware, which may not be acceptable to everyone
Read more:
Pas d’antivirus, pas de connexion à Internet
A Security Advisory has been posted in regards to the upcoming Adobe Reader and Acrobat updates scheduled for June 29, 2010. The updates will address critical security issues in the products, including CVE-2010-1297 referenced in Security Advisory APSA10-01 . These security updates will be made available for Windows, Macintosh and UNIX.
Visit link:
Pre-Notification – Quarterly Security Updates for Adobe Reader and Acrobat
Troj/BHO-QP is a rogue Browser Helper Object (BHO) which masquerades as a Flash Player extension from Microsoft, when in fact the BHO is a backdoor agent installed alongside QQ game automation freeware. The BHO has been seen installed as a file named directdbres.dll
See the article here:
“Who’s your Verisign?” — Malware faking digital signatures
Yesterday, I found a sample of Symbian malware while I was working on generic stuff. This kind of malware is quite difficult to spot, so today we are going to analyze this sample, which targets Symbian based smartphones
The rest is here:
Anatomy of a Symbian Malware