Sometime during the beginning of the year, we have encountered a surge in Fareit spams. Fareit is a downloader used to deliver Zeus and Cryptowall. Lately, we have been noticing yet another downloader being spammed. It seems that the spammer for this downloader has spent more effort to trick the user into believing that it’s […]more…
CVE-2014-4115 Analysis: Malicious USB Disks Allow For Possible Whole System Control
One of the bulletins that was part of the October 2014 Patch Tuesday cycle was MS14-063 which fixed a vulnerability in the FAT32 disk partition driver that could allow for an attacker to gain administrator rights on affected systems, with only a USB disk with a specially modified file system. This vulnerability as also designated […]more…
Twitter’s MoPub ad exchange grabs Verizon tracking cookies, and more may follow
Earlier this week we told you privacy and security critics were concerned about how Verizon inserts unblockable cookies into HTTP requests sent via the company’s wireless network. One of the major concerns was that other companies might use this identifier, called a UIDH, and potentially build a dossier on a user’s web usage. Well, it […]more…
Swedish hacker finds ‘serious’ vulnerability in OS X Yosemite
A white-hat hacker from Sweden says he’s found a serious security hole in Apple’s Yosemite OS X that could allow an attacker to take control of your computer. Emil Kvarnhammar, a hacker at Swedish security firm Truesec, calls the vulnerability “rootpipe” and has explained how he found it and how you can protect against it. […]more…
Court rules cops can demand fingerprints, not passcodes, to unlock smartphones
If police suspect that you’ve committed a crime, the odds are pretty good that they’ll want to search your smartphone for evidence. Whether they can actually search your phone depends on the security method you’ve picked—if any—to protect the device. Use Touch ID? Turn over those fingerprints. Have a passcode? You’re home-free. A Virginia Circuit […]more…
Production AIS IdS Service Degradation – November 3
On Monday, November 3, 2014, at 10:59pm the following production Administrative Information Services (AIS) and Identity Services (IdS) services may experience a short outage (lasting up to 2 seconds) while the AIS Networking Team switches over to redundant systems due to a large network infrastructure relocation project (as described in ITS Alert #3218, http://alerts.its.psu.edu/alert-3218): chat.psu.edu […]more…
Raising cryptography’s standards
Calculating encryption schemes’ theoretical security guarantees eases comparison, improvement, experts say. Most modern cryptographic schemes rely on computational complexity for their security. In principle, they can be cracked, but that would take a prohibitively long time, even with enormous computational resources.more…
Teacher’s ex accused of hacking email, sending nude pics to students
The ex-lover of a Pasadena teacher has been arrested and bailed, accused of breaking into his school email account and using it to send out “sexually explicit” photos of said teacher to students and fellow staff.more…
Pirate Bay co-founder sentenced to 3.5 years imprisonment in Denmark
Pirate Bay co-founder Gottfrid Svartholm Warg was sentenced Friday by the Court of Frederiksberg in Denmark to three and a half years in jail for hacking and serious vandalism. Svartholm Warg immediately appealed the judgment and is still in custody, said Judge Kari Sørensen, who presided over the case, adding that he will stay in […]more…
Microsoft endorses workaround for botched Windows patch KB 3000061
This month’s Black Tuesday crop of patches held more than a few surprises. True to form, my choice for the “most likely to splat,” the KB 3000061 kernel mode driver patch, repeatedly fails to install on many machines. Although the Knowledge Base article hasn’t been updated, Microsoft support engineer joscon confirmed a workaround for the […]more…
Google to kill off SSL 3.0 in Chrome 40
Google plans to remove support for the aging Secure Sockets Layer (SSL) version 3.0 protocol in Google Chrome 40, which is expected to ship in about two months. The decision comes after Google security researchers recently discovered a dangerous design flaw in SSL 3.0. Dubbed “POODLE,” the vulnerability allows a man-in-the-middle attacker to recover sensitive, […]more…
Where to find security certifications
Security certifications The debate rages on whether gaining security certifications means much. Regardless of whether you think they aren’t even worth the paper they are printed on, there are others who believe certifications prove the individual knows what they are doing. With that, here are a group of vendors who offer security certifications. To read […]more…
Facebook sets up shop on the Tor anonymity network
Facebook has made its site directly available on Tor to prevent access problems for people using the anonymity network and to provide an alternative method of accessing the social network securely. People who have a Tor-enabled browser will be able to access Facebook via https://facebookcorewwwi.onion/, Facebook software engineer Alec Muffett said in a post to […]more…
Forget trick-or-treating – Kill a Zombie this Halloween
The crooks can’t have a botnet without the bots to join it. So let’s take their bots away! Killing computer zombies is the perfect sort of altruism: you help the global internet community simply by helping yourself.more…
Don’t wear your Google Glass or other wearables when watching a movie
Two trade groups have officially adopted a zero-tolerance policy against all wearable recording devices being on during showtime.more…
How bots and zombies work, and why you should care
You probably have a firewall that blocks inbound network connections by default. So how come cybercrooks can send commands to your computer if it’s infected with a bot or zombie?more…