Out of the top five search engines, Yahoo returns the riskiest sites for users, according to security vendor McAfee. In research published on Monday by McAfee SiteAdvisor, 5.4 percent of Yahoo searches returned links to “risky” internet sites. AOL was found to be the safest of the top five, with 2.9 percent of sites. According to McAfee SiteAdvisor, Yahoo returned the most results rated “red” or “yellow”. “Red” rated sites failed McAfee SiteAdvisor’s safety tests. “Examples are sites that distribute adware, send a high volume of spam, or make unauthorised changes to a user’s computer,” said the report. Examples of “Yellow” rated sites are those which send a high volume of “non-spammy” email, display many pop-up ads, or prompt a user to change browser settings.
Read more…
An email apparently sent by Marks & Spencer, offering ÂŁ100-worth of vouchers if you forward it on to friends, is a hoax. The email asks you to send it on to at least eight other people, while copying in a legitimate email address from Persimmon Homes, which it also says is involved with the offer. Both Marks & Spencer and Persimmon Homes have denied any involvement but there is a worry that people who benefited from a Threshers voucher, which circulated mistakenly before Christmas last year, will believe it to be genuine and pass it on.
Read more…
Security company eEye Digital Security, which found the bugs, gave them its highest security threat rating because they enable remote code execution.Yahoo is working on a patch for critical Yahoo Messenger vulnerabilities that could enable a remote hacker to take control of a user’s system. Researchers at eEye Digital Security found the bugs within the last few weeks and reported them to Yahoo on Wednesday, according to Marc Maiffret, co-founder and CTO of the security company. eEye’s researchers say there actually are multiple flaws in version 8 of Yahoo’s instant messenger client software.
Read more…
MICROSOFT IS showing all comers how to hack into its Internet Information Server and is not giving any hints how to work around the problem. The Vole says an exploit, which was discovered on December 15, 2006, and made public at the end of May, is actually a feature. Apparently versions 5.x allow bypass of basic authentication by using the “hit highlight” feature. The hit-highlighting feature can be used by an unauthorised user to nick documents.
Read more…
One of the most popular mail solutions on the Internet, Google’s Gmail, was again affected by a vulnerability that can permit an attacker to view or delete some of the messages stored into an account. The Mountain View company’s employees were quite quick in fixing the flaw and managed to repair it in a few hours since it was reported. Basically, the vulnerability could be exploited through a malicious page that provided the attacker the access to the Gmail account. As The Hacker Webzine reports, it is extremely dangerous because the giant Google keeps all its web-based services such as Calendar, AdWords and Gmail on the same sign-on technology. Using a simple vulnerability discovered in the mail solution, the hacker would be able to access all these services.
Read more…
Today we talk about Cross Site Request Forgery (also known as XSRF) abbreviated in CSRF, from which pronounce has come the friendly name “Sea Surf” 
Following the previous papers on Cross Site Scripting written by me, i thought it was an obvious step to deal with this theme: here i am then! This kind of vulnerability, which is very common and understimated, permits to make a victim user to send any kind of HTTP request to a website in which he is logged in and trusted in some way.
Read more…
Security researchers have warned of new vulnerabilities in Mozilla’s Firefox and Microsoft’s Internet Explorer. In a posting to the Full Disclosure mailing list, security researcher Michal Zalewski outlined two vulnerabilities in each of the popular browsers. The vulnerabilities could allow attackers to overwrite the URL bar, or steal user data and remotely download and execute code.
Read more…
The rapidly expanding ranks of people banking online has raised questions over whether consumers are armed to deal with the growing threat from cyber pirates.
Read more…
The latest malware spam run is using gripping news headlines as email subjects to hook in unsuspecting victims. And while this is not something new, the use of actual news headlines can make it more difficult to distinguish it as malicious.
Read more…
Commonly grouped along with external mobile threats, mobile viruses have become common throughout todayâs mobile community. The fleeting question on the mind of so many mobile owners is why. To understand todayâs mobile virus, one must look back at the evolution of computer viruses. Viruses donât typically enter a medium such as mobile communication as malicious attacks rather they start with software developers pushing the limits of modern coding. Initial developments in computer viruses would often remove or otherwise alter a strategic kernel or other file type in effort of achieving a desired result. Mobile viruses began with much of the same innocence. The early mobile viruses would merely drain the battery of a mobile handset while todayâs mobile viruses can practically render a cell phone useless.To understand why mobile viruses have become so destructive one must understand that as a hacker the more malicious your virus is the better it is. As a group, hackers are scientist that in my humble opinion, fuel the development of technology. Generally hackers get a bad wrap, but it is their persistence in exploring the edge of technology that makes them extremely interesting. The reason mobile viruses are so fascinating to me is that dissecting them really is â this is the former U.S. Marine about to come through â like dismantling daisy chain explosives. In case youâre not the military type, daisy chain explosives are any variety of bombs that are interlinked to cause a chain of explosions that to the naked eye looks like a single blast.
Read more…