Microsoft slates seven fixes for next week
Stolen laptop teaches Stanford a lesson on need for encryption
Security firm asks for help cracking ransomware key
Posted at 09:30 AM ET, 06/ 9/2008
Ransomware Encrypts Victim Files With 1,028-Bit Key
Now more than ever, it's important that Windows users ensure their machines are safe from hackers. A dangerous new strain of malicious software that holds the victim's computers files for ransom has been unleashed, and Kaspersky Lab is warning that security researchers have yet to crack the encryption key.
The malware in this case is the latest version of Gpcode (Kaspersky calls it Gpcode.ak), a nasty piece of "ransomware" that scrambles all of the victim's data files with an encryption key known only to the attacker(s). Victims are told via a pop-up message that they need to purchase a special decryption program to regain access to their data.
Kaspersky and other anti-virus companies have previously unraveled the secret encryption key for all previous versions of Gpcode, but this time, the malware author apparently has learned from his previous mistakes. Now, the Gpcode author is encrypting victim files with an extremely strong 1,028-bit RSA encryption key.
"We estimate it would take around 15 million modern computers, running for about a year, to crack such a key," writes Aleks Gostev, senior virus analyst at Kaspersky, on the company's blog.Continue reading this post »»
Posted by Brian Krebs Permalink Comments (3)
Groups call for investigation of ISP ad targeting
Spear-phishing attacks have hooked 15,000, says VeriSign
Symantec tool cleans up XP SP3 registry corruption
Update: Amazon Web site slowly returning after shutdown
June 6, 2008 (Computerworld) The Web site of Amazon.com Inc. was shut down for at least two hours today and was slowing coming back online, the online retailer said.
An Amazon spokesman said the site went down at 10:25 a.m. Pacific time.
"We're bringing the site back up," said Craig Berman, a spokesman for Seattle-based Amazon, in an e-mail statement at 2:09 p.m. Pacific time. "Amazon's systems are very complex and on rare occasions, despite our best efforts, they may experience problems. We work to minimize any disruption and to get the site back as quickly as possible. Amazon's Web services were not affected nor were our international sites."
At 1:49 p.m. Pacific time, Amazon updated the posting on its sellers' forum. The company said it was currently investigating an issue that had impacted the availability of the Amazon.com Web site.
"As a part of this resolution, some customers may experience error messages that indicate that their access to the Amazon Web site has been blocked for various reasons. These reasons may not be directly related to the customer's account. Access to the Web site will return when this technical issue is resolved."
June 09, 2008 Stark warning as UK faces cybercrime boom
http://www.crime-research.org/news/09.06.2008/3404/
The Onion on Airport Security and Voting
"Reporters Expose Airport Security Lapses By Blowing Up Plane" and "Diebold Accidentally Leaks Results Of 2008 Election Early".
Linux Kernel ASN.1 BER Decoding Vulnerability
- Moderately critical - From local network
Issued 8 hours ago.
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
Microsoft apologizes
Mary Jo Foley: Microsoft has pulled from its CodePlex site its Sandcastle project for failure to comply with the terms and conditions required in order to be qualify as bona-fide open source.
Expensive Patent Attorneys Know How To Cut & Paste, But Not Search & Replace
from the get-your-money's-worth dept
Well, it's a mistake plenty of folks are bound to make eventually, but that doesn't make it any less amusing. Joe Mullin has a short post about a big time patent law firm that has launched two recent patent lawsuits over the same basic patents held by a patent holding firm. The only problem? In filing the second lawsuit, it appears that the patent attorneys used cut & paste from the first lawsuit, but didn't use search & replace to get rid of the name of the original defendant. Hopefully, the patent holder didn't pay too much for the cost of filing that second lawsuit.
Sweden Considering Law To Let The Government Monitor All Forms Of Communications
Antigua Doesn't See Settlement With US Over WTO Plan To Let It Ignore US Copyrights
Why there won't be a security update for WkImgSrv.dll
Recently, there was a public post in milw0rm (http://www.milw0rm.com/exploits/5530), talking about an issue in the ActiveX control of Microsoft Works 7 WkImgSrv.dll. The PoC claims that it would achieve remote code execution. McAfee Avert Labs Blog also had a post about this (http://www.avertlabs.com/research/blog/index.php/2008/04/17/potential-microsoft-works-activex-0-day-surfaces/).
At first glance the issue sounds serious, right? Upon further investigation, there is no useful attack vector.
More Laws, Collaboration Required for Online Safety PC World - Thu Jun 5, 3:50 PM ET
Experts discussed ways to improve online safety and better prevent cybercrime at a security conference in Seattle.
Opera Browser and Haute Secure Partner To Prevent Drive By Downloads Of Malware From Compromised Websites
By Grey McKenzie Today
National Economies Threatened by Cybercrime By Grey McKenzie Today
Surge In Bank Account Hijacking Via Keyloggers & Phishing Says UK Threat Assessment By Grey McKenzie Today
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment