Skype said it has blocked a bug that created a means for hackers to attack vulnerable Windows PCs using malicious video files. The cross-zone scripting vulnerability involves the interaction between Skype and video-sharing sites such as DailyMotion, which allows users to download video clips and add them to their Skype VoIP client. The vulnerability had the potential to affect users of Skype 3.5 and 3.6 for Windows who used Skypeâs video gallery to access booby-trapped DailyMotion videos. The flaw, said to affect online video site MetaCafe as well as DailyMotion, came to light in a post by security researcher Miroslav Lucinskij to a full-disclosure mailing list on Thursday. For example, the security bug makes it possible to inject a malicious script to the “Add video to chat” dialogue using the title field of DailyMotion movie clips.
Read more…
HACKERS are targeting users of social networking website MySpace using techniques popular with phishing scams. Mass emails sent to MySpace members would contain invitations to add the sender as a friend. When a link in the email is accessed, what seems to be an official MySpace page appears. The user is then asked to download and install the latest version of Adobeâs Flash Player software, which is required to run many of the applications on MySpace. However, the whole exercise is actually a scam, security experts say. Once the program is installed it would allow hackers to remotely take control of the computer, and use to victims PC to distribute more spam.
Read more…
Cyber-security experts have long warned of the vulnerability of critical infrastructure like power, transportation and water systems to malicious hackers. Friday, those warnings quietly became a reality: Tom Donahue, a CIA official, revealed at the SANS security trade conference in New Orleans that hackers have penetrated power systems in several regions outside the U.S., and “in at least one case, caused a power outage affecting multiple cities.” “We do not know who executed these attacks or why, but all involved intrusions through the Internet,” Donahue said in a statement. “We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge.”
Read more…
An aggressive, non-stop campaign by China to penetrate key government and industry databases in the United States already has succeeded and the United States urgently needs to monitor all internet traffic to critical government and private-sector networks âto find the enemy within,â SANS Institute Director of Research Alan Paller told SCMagazineUS.com. âThey are already in and we have to find them,â Paller said. Paller said that empirical evidence analyzed by researchers leaves little doubt that the Chinese government has mounted a non-stop, well-financed attack to breach key national security and industry databases, adding that it is likely that this effort is making use of personnel provided by China’s People’s Liberation Army.
Read more…
Mozilla’s Firefox web browser is vulnerable to spoofing attacks, according to an Israeli security researcher. Aviv Raff reported on his blog on Wednesday that Mozilla Firefox v2.0.0.11 allows information presented in a basic authentication dialogue box to be spoofed, opening up the possibility of users being redirected to a malicious website. Earlier versions of the browser may also be affected.
Read more…
Its immense popularity may turn the iPhone into a painful experience for Apple, if predictions that the mobile device will be a major security target in 2008 are realised. IT security company Arbor Networks released a statement on Tuesday declaring that the iPhone will be a big target amongst cybercriminals next year.
Read more…
The latest rootkit in the wild hides on your hard driveâs boot sector and is starting to infect Windows PCs, according to security researchers. And the real kicker: The rootkit canât be detected by most antivirus applications. Symantec has been tracking the latest rootkitâTrojan.Mebrootâand provides a good overview of master boot record (MBR) rootkits. In general, an MBR is the first sector of a storage device, say a hard drive, and is used for booting the operating system. Control the MBR and control the OS.
Read more…
In-flight entertainment has come a long way since passengers craned their necks to catch a glimpse of the flickering films shown in 1980s aircraft.Today’s passengers expect on-demand video systems, telephones and even broadband Internet access. Unfortunately, that’s not all they can do. The technology used by the new generation of aircraft is now so advanced that aviation officials fear that terrorists could use it to fly the plane.
Read more…
A US federal grand jury in Detroit has indicted a Michigan man dubbed the “spam king” and 10 others in an international illegal bulk emailing and stock fraud scheme, the US Justice Department said on Thursday. The 41-count indictment charges Alan Ralsky, 52, of West Bloomfield, Michigan, his son-in-law, and nine others with operating a spamming operation that focused on running a stock “pump and dump” scheme.
Read more…
Google’s AdSense earnings are threatened by a Trojan that replaces the search giant’s paid-for adverts with its own, in order to hijack advertising revenue. Launched in 2005, Google AdSense allows third-party websites or publishers to generate revenue from Google’s text advertisers. AdSense acts as a middleman between an advertiser and a publisher. By crawling the content of publishers’ web pages, AdSense determines the relevance of a text ad to page content and then places the ad within the page if there is a match.
Read more…