Category: News

ScanSafe detected 34 percent more malware last month than it did in all of 2007, according to the report.

Meanwhile, WhiteHat’s report had some good news: For the first time, most of its customers had fixed Website vulnerabilities that had been spotted — 66 percent of vulnerabilities on those sites had been remediated, according to the report.

There’s an average of five open vulnerabilities in each Website.

Meanwhile, WhiteHat’s top 10 Website vulnerabilities list now officially includes the potentially lethal cross-site request forgery (CSRF), which Grossman and his team long have been predicting would become an attractive method for attackers. The list — which rates Web vulnerabilities by their likelihood of being in a Website — has XSS still holding at No. 1 (67 percent), followed by information leakage (41 percent), content spoofing (21 percent), insufficient authorization (18 percent), SQL injection (17 percent), predictable source location (16 percent), insufficient authentication (12 percent), HTTP response splitting (9 percent), abuse of functionality (8 percent), and CSRF (8 percent).

http://www.darkreading.com/document.asp?doc_id=162515&f_src=darkreading_section_296

Frethog is just a drop in the ocean of malware we’re seeing coming out of China nowadays, many of which are targeting online games. Frethog had proved to be as prevalent as we expected too, with detections on over 200,000 distinct machines.

I know that it is in Microsoft’s interests to carry out Windows Genuine Advantage checks for some downloads to make sure they are not going to pirates, but I think that a periodic scan with the MSRT would be far more beneficial to the wider computing community.

There are a lot of people out there who don’t have the first clue about how to keep their PCs safe, and only some of these people are going to be regularly downloading patches, so it would be good for Microsoft to come up with ways that exposes a greater number of systems to the MSRT.

http://blogs.zdnet.com/hardware/?p=2122

The manual includes an overview of the Mac OS X’s security architecture and advice on hardening the operating system against external attackers as well as locking down the system to protect against unauthorized access by people with physical access to the system.

“Certain instructions in the guides are complex, and deviation could result in serious adverse effects on the computer and its security,” Apple said in an introduction to the Security Configuration Guides.

http://www.securityfocus.com/brief/747?ref=rss

“Attackers often use sophisticated obfuscation techniques or inject malicious payloads only under certain conditions,” Provos wrote in the Google security blog.

This new resource should help website owners in cleaning and securing their sites faster, which will help protect even more internet users,” Stopbadware.org’s Erica George wrote in the organization’s blog yesterday.

Provos says the diagnostics page provides the current listing status of a site, as well as whether the site or some of its pages had been listed by Google in the past as dangerous.

http://www.darkreading.com/document.asp?doc_id=154607&f_src=darkreading_section_296

The primary goal of the third version of Microsoft SCP, called SCPcert, is to provide customers with the best protection possible by making necessary information available for CERTs to respond to computer security incidents.

http://www.net-security.org/secworld.php?id=6151

It was built by Shawn Embleton and Sherri Sparks, who run an Oviedo, Florida, security company called Clear Hat Consulting.

The proof-of-concept software will be demonstrated publicly for the first time at the Black Hat security conference in Las Vegas this August.

The rootkits used by cyber crooks today are sneaky programs designed to cover up their tracks while they run in order to avoid detection. Rootkits hit the mainstream in late 2005 when Sony BMG Music used rootkit techniques to hide its copy protection software. For example, two years ago researcher Joanna Rutkowska introduced a rootkit called Blue Pill, which used AMD’s chip-level virtualization technology to hide itself.

“Rootkits are going more and more toward the hardware,” said Sparks, who wrote another rootkit three years ago called Shadow Walker.

SMM dates back to Intel’s 386 processors, where it was added as a way to help hardware vendors fix bugs in their products using software. The technology is also used to help manage the computer’s power management, taking it into sleep mode, for example. In 2006, researcher Loic Duflot demonstrated how SMM malware would work. In addition to a debugger, Sparks and Embleton had to write driver code in hard-to-use assembly language to make their rootkit work.

Being divorced from the operating system makes the SMM rootkit stealthy, but it also means that hackers have to write this driver code expressly for the system they are attacking.

http://www.pcworld.com/businesscenter/article/145703/hackers_find_a_new_place_to_hide_rootkits.html