http://www.windowsecurity.com/articles/WEVTUTIL-Manage-Event-Logs.html
Spam doesn't pay: man faces 26 year sentence for spamming
A spammer who is already on the hook for millions of dollars in unpaid judgments to Microsoft and an Oklahoma ISP is now facing a couple of decades in prison after pleading guilty to three charges relating to his spam operations.
March 16, 2008 - 11:01PM CT - by Eric Bangeman
Google adds a new layer of security to Google Apps
Security and authentication company Arcot Systems announced today that it will be partnering with Google to offer two-factor authentication for Google Apps Premier Edition subscribers.
March 14, 2008 - 01:01PM CT - by Joel Hruska
Retail Vista SP1 and final XP SP3 expected this week
Spam gets ZippedMarch 12, 2008Spammers resort to Zip attachments in their efforts to defeat spam filters
Videos Of Tibetan Protest Get YouTube Banned In China
from the onto-the-list-it-goes dept
We can now add China to the axis of NoTube as it has blocked all of YouTube after videos from news reports concerning the protests in Tibet began to show up on the video hosting site. What's interesting is that this comes just a few months after new rules went into place in China, demanding that all video hosting sites be approved by the government (and also be state-owned or controlled). However, given the uproar from a number of local video hosting sites, the government decided to ignore its own rules for the time being. However, given the itchy trigger finger on taking down any site or content that the government deems questionable, it's no surprise that this has happened again.
8 Comments Leave a Comment..
Craigslist Isn't Liable For Illegal Ads, Court Rules
CHICAGO (CN) - Craigslist won a free-speech victory with a 7th Circuit ruling that granted immunity to the online classified advertising site, dismissing a discrimination claim brought two years ago by the Chicago Lawyers' Committee for Civil Rights Under Law.
By JOE HARRIS
ST. LOUIS - Poor communication with a deaf pilot caused a Cessna airplane to crash, and a field engineer hurt in the crash claims in Federal Court that his injuries ended his career. Deaf pilots can only fly in good visibility and must use airports without control towers so radio communication is not required.
LOS ANGELES (CN) - Federal prosecutors demand that Valueclick, Hi-Speed Media and E-Babylon stop sending deceptive commercial emails that falsely tell the recipients they have won prizes. The defendants operate out of one address in Westlake Village and use their deceptive scheme to hawk credit cards and loans, and the victims don't really win prizes even if they buy stuff the defendants are pushing, Uncle Sam says.
Follow Up To Yesterday’s Mass Hack Attack
Thursday March 13, 2008 at 2:04 pm CSTPosted by Craig Schmugar
9 Comments;Permanent Link
Yesterday we uncovered a newer mass hack affecting over 10,000 web pages. That number has since doubled. Today, I took a look at another recent mass attack, which was similar to those reported by Dancho Danchev, but reference a JS file rather than an IFRAME.
The attack seems to have started more than a week ago, and nearly 200,000 web pages have been found to be compromised, most of which are running phpBB. This contrasts yesterday’s attack in that the vast majority of those were active server pages (.ASP). The ASP attacks are different than the phpBB ones in that the payload and method are quite different. Various exploits are used in the ASP attacks, where the phpBB ones rely on social engineering. phpBB mass hacks have occurred in the past, including those done by the Perl/Santy.worm back in 2004.
Click-fraud trojan targeting Yahoo, Google: Symantec
Jim Carr March 14, 2008
Security researchers at Symantec have uncovered a click-fraud trojan targeted to the online advertising networks of Google, Yahoo and Baidu.com, China's largest independent internet search engine.
Identifying Manipulated Images
By Erica NaoneMonday, March 17, 2008
New tools that analyze the lighting in images help spot tampering.
Botnet scams are exploding USATODAY.com - Mon Mar 17, 7:06 AM ET
SEATTLE - Largely unnoticed by the public, botnets have come to inundate the Internet. On a typical day, 40% of the 800 million computers connected to the Internet are bots engaged in distributing e-mail spam, stealing sensitive data typed at banking and shopping websites, bombarding websites as part of extortionist denial-of-service attacks, and spreading fresh infections, says Rick Wesson, CEO of Support Intelligence, a San Francisco-based company that tracks and sells threat data.
The Anatomy of a Vishing Scam
A series of well-orchestrated wireless phone-based phishing attacks against several financial institutions last week illustrates how scam artists are growing more adept at fleecing consumers by exploiting security holes in seemingly unrelated Internet technologies.
The scams in this case took the form of a type of phishing known as "vishing," wherein cell-phone users receive a text message warning that their bank account has been closed due to suspicious activity, and that they need to call a provided phone number to reactivate the account. Victims who called the number reached an automated voice mail box that prompted callers to key in their credit card number, expiration date and PIN to verify their information (the voice mail systems involved in these sorts of scams usually are run off of free or low-cost Internet-based phone networks that are difficult to trace and shut down).
http://blogs.washingtonpost.com/securityfix/
Phone "swatter" gets 30 monthsNews Brief, 2008-03-14A federal judge in Texas sentences a Washington man for using spoofed telephone numbers and social engineering to convince police SWAT teams to show up at victims' doors.
The Other iframe attack
Published: 2008-03-15,Last Updated: 2008-03-15 21:37:08 UTCby Kevin Liston (Version: 2)
A lot of readers are sending in this link from Dancho Danchev's fabulous blog thinking it's linked to the 2117966.net campaign: http://ddanchev.blogspot.com/2008/03/more-cnet-sites-under-iframe-attack.html
We're also getting this sent in from McAfee's Avert Labs blog: http://www.avertlabs.com/research/blog/index.php/2008/03/13/follow-up-to-yesterdays-mass-hack-attack/
The 2117966.net campaign affected approximately 13,800 ASP pages. No php pages.
This other attack is reported to have affected around 200,000 phpBB pages.
It's a bigger attack and very important, you should read Dancho's blog, it has IP addresses and domains to look for in your logs as well as what traffic an infected system will generate.
If you're a website administrator, also take a close read of his 04-MAR-2008 entry: http://ddanchev.blogspot.com/2008/03/zdnet-asia-and-torrentreactor-iframe-ed.html
Pay particular attention to how they're inserting the code into the site (from Dancho's Blog):
"(The sites) themselves aren't compromised, their SEO practices of locally caching any search queries submitted are abused. Basically, whenever the malicious attacker is feeding the search engine with popular quaries, the sites are caching the search results, so when the malicious party is also searching for the IFRAME in an "loadable state" next to the keyword, it loads. Therefore, relying on the high page ranks of both sites, the probability to have the cached pages with the popular key words easy to find on the major search engines, with the now "creative" combination of the embedded IFRAME, becomes a reality if you even take a modest sample, mostly names."
This is important. It's not obvious to me how to fix the problem-- I'm hoping that someone can explain this better.
Government Audit to Reveal Continued FBI Privacy Abuses
The FBI improperly obtained personal information about Americans as part of terrorism investigations in 2006, but steps were taken by the agency to prevent future privacy abuses, an upcoming Justice Department report says. The long-anticipated audit, to be released Thursday, is expected to show a fourth consecutive year of privacy breaches by FBI agents using so-called national security letters to gain access to telephone, e-mail, and financial records of Americans and foreigners without a judge's approval.
Audit to Cite FBI Privacy Abuses, Associated Press, March 13, 2008.
Posted by EPIC on March 13, 2008.Permanent link to this item.
Hacking Vista's Smart Cards - 3/14/2008 5:45:00 PM Former Microsoft security team member will demonstrate how his new fuzzer hacks smart card plug-in
No comments:
Post a Comment