Windows Vista may be Microsoft’s most secure operating system to date, but researchers are still finding some glaring loopholes for hackers to exploit. Here is the latest: all you need is a Vista Install DVD to get admin level access to a hard drive. The loophole arises because the Command Prompt tool in Vista’s System Recovery Options fails to request user name or passwords before handing over access to PCs running the operating system. The hack, discovered by security researcher Kimmo Rousku, only works locally. Physical access to a target PC is a must. Even so, the potential for mischief (such as deleting directories or copying files on targeted PCs) is enormous. Hackers don’t even necessarily need to run a DVD. “Itâs easy to create a bootable USB flash memory that works in a similar way,” Rousku notes.
Read more…
Google has the worst privacy record of all the major internet companies, according to a new study. The research, conducted by the campaigning group Privacy International, found that the online giant had a âhostile approach to privacyâ and a comprehensive view to consumer surveillance. The six-month investigation, which assessed and ranked the internet service firms by how they handle personal data, showed Google does not consider visited IP addresses as personal information and does not believe that it collects sensitive data.
Read more…
Hackers have spread child pornography by infecting online message boards, experts claim. The legitimate websites have been hijacked by cybercriminals who are exploiting the forums to promote graphic child abuse content. The affected sites contain posts that attempt to entice the readers to various child pornography websites, according to experts at Sophos. The majority of pages are on legitimate web pages and one is even on a site designed for children. The posts are all found on message boards within these sites and contain offensive words and hidden links to the illegal sites, the anti-virus software company said.
Read more…
Apple is becoming a favorite target of security researchers these days. In April, there was the US$10,000 CanSecWest hack a Mac contest, and on Monday there was the Safari Web browser. Or the public beta of Safari for Windows, anyway. Just hours after Apple released its first Windows beta of Safari researcher Aviv Raff said he’d found a bug. In an interview, Raff said that it took about three minutes of fuzzing to find the bug and that he hadn’t tested the issue on Mac OS X. So he couldn’t say whether or not it affected Safari on Windows only. The bug causes the browser to crash and “might be exploitable,” according to Raff, meaning it could possibly be used to run malware on the PC.
Read more…
Websense has discovered a new crimeware technique on the YouTube video clips website. When viewed, clips on the site activate a Trojan Horse via a file called âYouTube04567â, which is then downloaded onto the userâs PC. The payload code is an information stealing Trojan Horse which is designed to grab information from the userâs PC. It then uploads any sensitive information from the userâs PC to an undisclosed remote location.
Read more…
Hackers have broken into the capital city of the State of Nevadaâs general fund bank account and stolen $450,000. Investigators believe the hackers obtained the Carson City account log-in details after successfully uploading spyware to a city-owned computer. City treasurer Karen Avilla said she and her staff acted quickly after discovering the theft and, as a result, the bank was able to freeze 90% of the funds, although officials are still looking for the remaining $45,000. While she was investigating the first transfer, Avilla said she discovered a second unauthorised transfer worth $358,500, but that transfer was blocked at source.
Read more…
From a PIRT submission just a couple of days ago, we have three new brands that are being phished (never before seen in PIRT), Elsa State Bank & Trust, Premier America Credit Union, and Tyndall Federal Credit Union. Customers of these banks/credit unions should be on alert. The IP address that these phish reside on (compromised 219.248.62.85) comes back to AS9318, HANARO-AS Hanaro Telecom Inc. As you can see in the report link above, we have already sent out emails to all respective parties. If you have fallen victim to any of these phish we suggest you contact authorities immediately.
GLOBAL – Microsoft has unveiled a partnership with Linux vendor Xandros that mimics the controversial Novell deal. The Redmond giant will provide Xandros users with a patent covenant that protects users from intellectual property claims. Microsoft will provide the patent licence directly to the end user, which allows it to circumvent patent licensing requirements in the General Public Licence (GPL) which governs Linux. Both companies said that they will collaborate to improve interoperability between Xandros and Microsoft software for servers and systems management.
Read more…
Singapore – Companies in Singapore sending e-mail advertisements will have to tag their messages with an “ADV” label and allow e-mail users to unsubscribe from the messages starting next Friday. Under the new law aimed at curtailing unsolicited commercial electronic messages, those who continue to send spam to people who have opted out will face penalties of 25 Singapore dollars (16 US dollars) for each message, up to a total of 1 million Singapore dollars (658,000 US dollars).
Read more…
NEW YORK – In Cambridge, Mass., not too far from the Charles River, which cuts near Harvard and M.I.T., David Pearson is attempting to build an un-hackable network. Pearson is a division scientist at BBN Technologies, a private research company in Cambridge, Mass., which is most famous for building, in 1969, the first few nodes of a computer network connecting its headquarters to Harvard University and Boston University that over time would evolve into the Internet. Now the firm has built a network it says is impervious to hackers.
Read more…