A university student who discovered vulnerabilities in his school’s computer network, investigated them and then sent a full report of how to fix them to the administrators is currently awaiting trial on computer intrusion charges.
The 20-year old student from Ottawa, Ontario will hopefully have a shining career as a security expert some day. What he did could easily be labelled “penetration testing”, only in this case the university got the professional services for free instead of having to fork up $550 per hour.
Security Focus has more details.
A malicious Firefox extension called FirestarterFox is being installed by some of the latest malware variants. This extension hijacks all search requests through Google, Yahoo and Microsoft Live search and redirects them through the Russian site thebestwebsearch.net. This is done with the intention of showing ads on the search results page which presumably make money for the creator of this piece of malware.
Luckily the extension can’t be silently installed since Firefox alerts users to all new extensions. So if you ever start Firefox and get the message that a new extension called FirestarterFox has been installed you will immediately know that you have malware on your system and should take steps to remove it or reformat your system.
In the following video entry Didier Stevens shows how to remove malware from a system using F-Secure Rescue CD. A nice video and I would also highly recommend Didier’s blog for your daily computer security fix.
Removing Malware with F-Secure Rescue CD
Online attackers have found a way to inject IFRAME redirects into the search results of major sites, including tech news site ZDNet Asia and bittorrent tracker TorrentReactor, researchers discovered on Tuesday.
By abusing the way that the sites cache search queries to optimize their rankings in other search engines — most notably, Google — fraudsters have been able to inject iframe redirects into the cached results. The redirects send unwary users to servers affiliated with the Russian Business Network that attempts to install a fake antivirus product, known as XP Antivirus, according to Dancho Danchev, an independent security researcher based in the Netherlands.
SecurityFocus has the full story.
We recently released Internet Password Manager and are currently running a time-limited promotion where you can get it for only $14.95 (that’s 40% of the standard price of $24.95). Hurry up and buy your copy now - it includes free minor version upgrade (i.e. you’ll get all version 1.x upgrades free of charge).
Download Internet Password Manager
More information on Internet Password Manager
New Zealand security researcher Adam Boileau has released a program that allows an attacker to log into a password-protected Windows machine via the computer’s Firewire port.
Interviewed in ITRadio’s Risky Business podcast, Boileau said the tool, released to the public today, could “unlock locked Windows machines or login without a password … merely by plugging in your Firewire cable and running a command”.
Boileau, a consultant with Immunity Inc., said he did not release the tool publicly in 2006 because “Microsoft was a little cagey about exactly whether Firewire memory access was a real security issue or not and we didn’t want to cause any real trouble”.
But now that a couple of years have passed and the issue has not resolved, Boileau decided to release the tool on his website.
The Age has the full story.
Internet Password Manager 1.0 has been released.
Internet Password Manager securely stores all your web site passwords using government-grade 256-bit Advanced Encryption Standard.
The program has been designed to be simple - there are no complicated options and adding a new password entry is a task that you accomplish with only two mouse clicks.
The free version stores up to 15 password entries and the full version stores an unlimited number of entries. As an introductory offer you can buy the full version for only $14.95 for a limited time (http://www.misec.net/order/)
ThreatExpert looking good today !
In comes a new virus undetected by everything on VirusTotal. Just had a quick look and immediately thought it looks like a VIRUT .. this is the only detection
Note the automated analysis thinks certain system files are deleted, this is another sign that they were infected by the virus or hidden by the rootkit, or both.
Please note: While TrojanHunter doesn’t deal with viruses in most cases, detection for the sample will be added very shortly since it was scanning 100% clean and analysis will take some time. The computer systems analysing the malware took over 3 minutes, an eternity when talking trillions of operations a second.
An interesting new spam, slight twist on the usual social engineering:
Mrs. Clause Is Out Tonight!
I know you hate these kind of emails but this one is different. Hey what
can 1 min from your day hurt. You wont regret it for sure. ;-)
<malicious URL removed>
Obviously, users should avoid such emails and immediately delete them. If you can’t spot this sort of email as being a spammed virus, give us an email with any questions!
A Washington District Court ruling has adware maker Zango’s suit against Kaspersky Lab Inc thrown out, ruling that has Kaspersky has immunity from liability under the Communications Decency Act:
“No provider or user of an interactive computer service shall be held liable on account of … any action taken to enable or make available … the technical means to restrict access to the material described [i.e. material that the provider or user considers to be obscene, lewd, lascivious, ... or otherwise objectionable].”
I agree with Alex Eckelberry at Sunbelt’s Blog when he says “This is very big news folks. Big news. This decision may have far-reaching consequences for security companies in the inclusion of malicious and/or potentially unwanted software in their software.”