Chase throws data on 2.6 million customers in landfill

September 11th, 2006

Chase Card services mistakenly threw out backup tapes that contained the card information of around 2.6 million customers (according to the article Circuit City card holders (former and current.)) 5 data tapes were mistakenly trashed in July. Fortunately, they think the tapes were destroyed at the landfill, and are 1)notifying the affect, 2)working with authorities. So, it may be that no data in this case was actually leaked… it does underscore one thing….

Read the rest of this entry »

Beware with video codec downloads….

September 11th, 2006

Some time back I remember an article I had on vcodec not being a legitimate video codec. At the time there was some malware claiming to be vcodec and “required” to view some content…. well, posing as a codec download is a good way to trick people into downloading it seems and there are more out there that use the same trick. Sunbeltblog brings not one, but two fake codec sites to watch for today.

Read the rest of this entry »

Beware visiting Samsung’s site

September 8th, 2006

Betanews is reporting that Samsung’s site has been hacked and is currently serving up malware in some areas. user intervention is required for it to run on the users pc, but be cautious. Samsung has been notified, but as of Friday morning (according to the report) the trojan horse is still there. I really wonder if it hasn’t occured to them to pull the whole thing offline to clean things up?

   Send article as PDF   

Sharing contacts between Outlook and Outlook Express

September 8th, 2006

Not too long ago I was installing a fax machine for someone that supported Outlook Express’ addressbook, but not Outlook’s default addressbook. My first thought was to get Outlook (2002)/Outlook Express using the same contact format and then we’d be in business… But…, they had an exchange server so, Outlook was installed in Corporate/Workgroup mode, which means, officially “you can’t get there from here.” But…. there is still a way. Details from slipstick.com, it turns out there is a registry edit that can get you around the Corporate/Workgroup “limitation”. This may not work for all installs, and is not guaranteed or supported, but…

Read the rest of this entry »

Being cautious with web links

September 8th, 2006

Once upon a time the bad payload of a malicious email was it’s attachment, that still happens, but in many cases the links are the real lure – like a worm dangled in the water in front of a hungry fish…. the links though hide a danger on the other side…. the hook in our analogy. Brian Krebs writes about a utility called linkscanner that scans a given link to see if it’s hosting up malware. It’s from a place called Exploit Prevention Labs. I don’t know that I’d trust it completely as a safety net, but it might be worthwhile as another level in the defences.

   Send article as PDF   

ICQ client and toolbar vulnerabilities

September 8th, 2006

Sans brings this from AOL, advising of vulnerabilities in the ICQ client and the ICQ toolbar for IE. The latest version of ICQ client is 5.1 and is claimed to not be vulnerable. (Toolbar version 1.3 is said to be vulnerable as well. No more recent version of that is available – you might consider disabling the toolbar.)

   Send article as PDF   

Another Debian server security breach

September 8th, 2006

According to this story, there has been another compromise of a debian project server. (Is this the third in the last year?)… the Alioth webserver was offline most of the 5th of September…

It was simply stopped because we discovered that some script kiddies were running an IRC proxy. After thorough investigation, we discovered that they exploited a pmwiki security hole[1] to deface some web pages, to install some malicious php pages which in turn were used to setup the IRC proxy.

Read the rest of this entry »

Firefox code under the microscope

September 8th, 2006

So, the stories are out of the analysis of the code for Mozilla Firefox. It seems there were a large number of potential flaws found (71 potential security vulnerabilities) according to the article. This was done using an automated tool and many say, that in order to evaluate the true severity of the flaws, you have to be familiar with the code. Some, I’m sure will pounce on this with the “I thought open source software was supposed to be more secure…. I’m going back…” but it’s time to stop and think about things a moment. Open Source software…. anyone can access the source, anyone can analyze it for problems, anyone can run an automated tool to test it…..

Read the rest of this entry »

Microsoft’s priorities…

September 8th, 2006

I didn’t really think of this in context, but George Ou points out that Microsoft issued an “out of cycle” patch for their DRM software in response to the FairUse4WM software that stripped DRM protections from Windows Media Files. It took a mere 3 days from being made aware of the issue to releasing a patch. In context, we have seen numerous instances in the last year of “zero-day” vulnerabilities becoming known just after a monthly patch day, and Microsoft waiting until the next patch day to release a fix. So why the different response?

Read the rest of this entry »

Google puts historical articles online, searchable

September 6th, 2006

Wow, this is nice – and frankly, something I could probably spend hours with. Search Engine Watch tells us that Google will debut a searchable news archive that takes us back through around 200 years worth of news stories. Yes, folks, google is putting the last 200 years of history online. I remember the newsgroups being google-ized was a big deal and that just took us back to the beginnings of the modern internet…. Well, in actuality the articles aren’t hosted at google, but at either the content providers or their aggregation services….

Read the rest of this entry »