Articles about Security

Mac malware poses as popular freeware PDF viewer

Foxit Reader, a free, lightweight PDF viewer and printer popular in our FileForum, has an evil twin.

Today, the Foxit Corporation warned that a malware claiming to be Foxit Reader for Macintosh has been perpetrating attacks on users thinking they were downloading an official version of the free PDF reader. The thing is, there is no Foxit Reader for OS X. The software is available for Windows, Windows Mobile, Embedded Linux, Desktop Linux, and U3.

Continue reading

Facebook phishing app plague may be getting out of control

In the Internet equivalent of the old "whack-a-mole" game, Trend Micro researcher Rik Ferguson -- who helped call attention to the Conficker worm early on -- has this week been calling attention to rogue Facebook applications whose main purpose appears to be to collect users' passwords. Using the usual attention-grabbing headings to grab users (repeating the word "sex" is apparently still effective), these apps redirect users to what looks like a legitimate login page, making users believe they need to log into Facebook again.

The innocuous names lead users to think they point to real Facebook functions like "inbox," rather than third-party apps. When a user clicks on one of them thinking he's using a part of Facebook, the malicious app takes the user to a Facebook login screen, while in the meantime collecting the user's password.

Continue reading

Sky not falling after the latest Firefox 3.5.2 dust-up with .NET plug-in

Mozilla Firefox users awoke this morning to the news in their RSS feeds that the organization had dared to send push notes to its users urging them to upgrade to a Web browser version that was, as the report put it, ".NET incompatible." Hopefully, Firefox veterans knew what was really going on.

Users who upgrade their Firefox versions a few times per month anyway have seen this all before, and have long since discovered there's no need to panic: Microsoft's .NET Framework Assistant add-on has a habit of showing up in users' Firefox plug-ins list without them even asking for it. Its purpose is not to make Firefox compatible with .NET -- anyone who's installed Silverlight 3 in Firefox knows that. What it does is give .NET apps designed to be run through the browser a kind of hook to the .NET runtime -- a hook that Internet Explorer includes by design -- so that these apps can check their servers and update themselves.

Continue reading

Former Secret Service informant named in 'largest credit card data breach ever'

Today, the US Department of Justice announced that a 28-year-old hacker and former Secret Service informant named Albert Gonzales is being indicted for the third and, by far, the largest crime of his short career: participation in the theft of more than 130 million credit and debit card mag-strip data dumps, in attacks between 2006 and 2008.

Gonzales was already in federal custody for several major data breaches. He faces trial in New York next month for the first, which involved hacking restaurant Dave and Busters' payment system. Then the second case will be heard in Boston in 2010 for Gonzales' involvement in the theft of data off of more than 40 million credit card mag-strips from OfficeMax, Barnes & Noble, BJ's Wholesale Club, and many more.

Continue reading

ICANN: 'Domain tasting' practice declined to near-zero in April

Perhaps you've noticed this yourself: Whenever you mis-type a URL with a name that's maybe one letter off from the proper one, you no longer get directed to a site with a zillion ads that masquerades as the real one that you've never seen before, and that you may never see again. While the practice of cybersquatting hasn't necessarily subsided, the Web had been suffering from a plague of domain tasters -- sites that set up shop on sound-alike URLs for five days at a time, or even less, knowing they could revoke their URL registrations within that "add grace period" (AGP) without paying a fee.

In the meantime, these domain testers could reap the rewards of serving up dozens of cheap pop-under ads, and maybe even planting a few bots in the process. It was getting so bad that the number of misappropriated URLs cancelled within ICANN's five-day AGP, for one month in early 2007, approached 50 million. And as few as ten registrants were responsible for the lion's share of those one-off names.

Continue reading

Safari 4.0.3 speed gains hobbled by unexplained poor AJAX performance

Download Apple Safari for Windows 4.0.3 from Fileforum now.

The latest security update to Apple's Safari 4 browser for Windows includes impressive speed gains in many departments, including page rendering -- gains the one-time speed champion desperately needs to remain competitive against Google Chrome 3. But a surprisingly poor performance score in one department -- declarations of AJAX objects on one of the tests in Betanews' benchmark suite -- is preventing the latest production version of Apple's browser from decidedly overpowering the latest production edition of Google's.

Continue reading

Twittered off: Time to grow up

Last week's monumentally scaled denial-of-service attacks -- more recently attributed to a massive attack on a Georgian professor and part of the ongoing dispute between Russia and Georgia -- once again showed just how soft Twitter's soft underbelly is. And for a service used by 44 million people last month, getting hauled to its knees by a bunch of political/cultural enemies intent on opening up a new front in a simmering regional conflict isn't exactly a sign that all's well on the security front.

If Twitter were a bank, the angry mobs would have already descended on Capitol Hill, pitchforks in hand, calling for someone's head. But since Twitter's just an itty-bitty message service, and since it's free, it gets a pass. It shouldn't.

Continue reading

Twitter goes down in apparent denial of service attack

Twitter, the popular and ubiquitous (as long as you're over 25) microblogging service was down for several hours on Thursday.

"Attacks such as this are malicious efforts orchestrated to disrupt and make unavailable services such as online banks, credit card payment gateways, and in this case, Twitter for intended customers or users. We are defending against this attack now and will continue to update our status blog as we continue to defend and later investigate," Twitter co-founder Biz Stone wrote in the site's official blog today.

Continue reading

Testers claim discovery of serious CHKDSK bug in Windows 7 RTM build

A contributor to the online forum TheHotfix.net has provided visual evidence of what appears to be a serious memory leak caused by the CHKDSK hard disk integrity checking utility included with a build of Windows 7 that has been tagged for RTM. The bug appears to occur during phase 4 of the disk check, and can push resource usage to the 96% level.

Tester Jordan M. Jacob provides a picture of the memory leak in progress, as depicted in Windows Task Manager, a portion of which is excerpted here. (It doesn't bode well for the integrity of the test that Apple's iTunes drivers also appear to be running.) Jacob goes on to warn that the leak is capable of sending the OS into the dreaded blue screen of death (BSOD).

Continue reading

Data breach forces Mozilla to shut down online store

The Mozilla store has been shut down since yesterday after a security breach was discovered at GatewayCDI, the St. Louis-based third party vendor that runs the back end of the Mozilla Store.

"Mozilla immediately reached out to GatewayCDI and encouraged them to quickly inform individuals whose data had been compromised," The company said in its blog. "GatewayCDI is currently investigating their systems and determining the cause and extent of the breach.  Mozilla Store customers who are affected will be contacted directly by GatewayCDI."

Continue reading

Obama's cybersecurity chief resigns, signals disarray

The White House acknowledged this afternoon that Melissa Hathaway -- chosen by the President last February to lead the nation's cybersecurity review, and the person seen as most likely to be appointed to the "Cybersecurity czar" post -- will instead resign her appointment on August 21, letting someone else fill the post.

In an e-mail obtained yesterday by Federal Computer Week, White House spokesperson Nick Shapiro credited Hathaway for her contribution to the federal cybersecurity effort, including spearheading the 60-day review of the nation's security status ordered by President Obama. Hathaway, previously a Bush administration appointee, had been reporting to the Director of National Intelligence, though she was expected to be elevated to a "czar" style post (the term having originally been coined by then-Senator Joe Biden) that would report to Mr. Obama, by way of both the National Security Council and the National Economic Council.

Continue reading

Mozilla releases second round of Firefox 3.5 bug fixes

Download Mozilla Firefox 3.5.2 for Windows from Fileforum now.

Perhaps the Mozilla organization's most valuable contributor to its Web browser's integrity is the tester who goes by the handle moz_bug_r_a4. On multiple occasions now, this developer has located and privately reported to Mozilla extremely serious issues, including a potential page hijacking exploit last December.

Continue reading

After Tenenbaum, who will take back the music industry from the RIAA?

Because the Joel Tenenbaum trial hasn't been maddening enough, Engadget yesterday had a little item on how the RIAA is claiming that customers ought to just suck it up and accept that DRMed tracks will go poof even if they've been paid for, since no other products or service providers are expected to "provide consumers with perpetual access to creative works." That's interesting coming from a group that claims that alone of all industries, copyright holders somehow deserve to get paid in perpetuity for their output. I guess forever looks a lot longer when it includes server-maintenance duties.

If anyone's got a more enlightened response than "oy" to the Tenenbaum trial's result, I'm all ears. I respect Professor Nesson's legal acumen, and having fair use taken off the table just hours before the trial was probably not a setback from which any legal team could have recovered, but looking over the past year's proceedings -- the defense's push to make its processes open and transparent, the sustained effort to get the trial shown live on the Web, all that -- I wonder if we'd all have have been better off if both Tenenbaum, and Jammie Thomas before him, had simply rolled over.

Continue reading

Adobe fixes major Flash Player vulnerability

On Friday, Adobe issued an out-of-cycle security update to Flash Player, Adobe Reader and Acrobat that fixes several critical cross-platform vulnerabilities, one of which is related to Microsoft's Active Template Library (ATL) vulnerability announced earlier this week.

The software affected in today's update is:

Continue reading

Apple patches iPhone SMS vulnerability

Apple today issued the iPhone 3.0.1 software update in response to a well-known vulnerability which could let a remote user hijack any iPhone with a simple series of SMS text messages.

This patch was actually expected to come before the Black Hat 2009 conference, where security researcher and co-author of The Mac Hacker's Handbook Charlie Miller exposed the methods of executing this hack.

Continue reading

© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.