IT Security Top Headlines » Uncategorized

Conficker did not cause chaos on April Fool’s Day 2009

pinolobu — Wed, 01 Apr 2009 17:19:50 +0000

There was concern something big would happen.

It didn’t, but as the guy at Symantec said, “we will be on high alert for a long time“.

Clickjacking / UI redress vulnerability: the biggest IT security problem ever?

pinolobu — Fri, 10 Oct 2008 09:21:28 +0000

For now, from what I read, there’s no “elegant” solution to any browser yet.

Apparently, the only sure way to protect yourself is disabling JavaScript, plugins/ActiveX and iFRAMEs, but I think that would severely affect usability.

The most elegant solution available is for Firefox, ie to install the NoScript add-on but even that is not perfect (not foolproof), because at the end, it’s still up to the user i.e. “users can decide for themselves whether to continue clicking, or free up the mouse from the underlying — and potentially exploitive — content.”

Get NoScript add on here:
https://addons.mozilla.org/en-US/firefox/addon/722

I cannot find any details on how to deal with clickjacking for IE from Microsoft’s website, the best step-by-step info I could get is here:

http://hackademix.net/2008/09/29/clickjacking-and-other-browsers-ie-safari-chrome-opera/

Researchers See Privacy Pitfalls in No-Swipe Credit Cards

pinolobu — Mon, 23 Oct 2006 12:51:00 +0000

The New York Times reports on 23rd Oct that university researchers found that next generation RFID based cards info are not encrypted and easily culled:

"They could skim and store the information from a card with a device the size of a couple of paperback books, which they cobbled together from readily available computer and radio components for $150. They say they could probably make another one even smaller and cheaper: about the size of a pack of gum for less than $50. And because the cards can be read even through a wallet or an item of clothing, the security of the information, the researchers say, is startlingly weak. ‘Would you be comfortable wearing your name, your credit card number and your card expiration date on your T-shirt?’ Mr. Heydt-Benjamin, a graduate student, asked."

/. source

Tags: RFID, credit cards

The Devil’s Guide to Google

pinolobu — Sun, 25 Jun 2006 13:03:38 +0000

There’s an interesting list at Google Blogoscoped that lists several ways in which to be a "totally evil, worm-like creature with Google’s array of services in under a month". Why would you want to do that? To get money comes to mind.

Number 4 suggests an (of course illegal) way to get money via Adsense:

Pay a 12-men army of Russian click-workers to click on your AdSense. Tell them how to switch proxies so they won’t show the same IP to Google. Cash in the check.

Another 9 is suggested in the list.

ref

Google Blogoscoped