Wednesday, January 20, 2010
Hack up an unprotected XP
Bookmark this post:
blogger widgets
Social Bookmarking Blogger Widget
|
Tuesday, January 19, 2010
New IE flaw exploited for attack on US firms
Attackers targeting Google and a host of other U.S. companies recently used software that exploits a new hole in Internet Explorer, Microsoft said on Thursday.
The flaw exists as an invalid pointer reference within IE and it could allow an attacker to take control of a computer if the target were duped into clicking on a link in an e-mail or an instant message that led to a Web site hosting malware, Microsoft said. "It could also be possible to display specially crafted Web content using banner advertisements or other methods to deliver Web content to affected systems," Microsoft said in the statement.
Microsoft is working on a fix but could not say whether it would address the issue as part of its next Patch Tuesday scheduled for February 9 or before.
Keeping the IE Internet zone security setting on "high" will protect users from the vulnerability by prompting before running ActiveX Controls and Active Scripting, Microsoft said. Customers should also enable Data Execution Prevention (DEP), which helps mitigate online attacks, the company said. DEP is enabled by default in IE 8 but must be manually turned on in earlier versions.
McAfee CTO George Kurtz detailed the vulnerability in a blog post.
"As with most targeted attacks, the intruders gained access to an organization by sending a tailored attack to one or a few targeted individuals. We suspect these individuals were targeted because they likely had access to valuable intellectual property," Kurtz wrote. "These attacks will look like they come from a trusted source, leading the target to fall for the trap and clicking a link or file. That's when the exploitation takes place, using the vulnerability in Microsoft's Internet Explorer."
Once it is downloaded and installed, the malware opens a back door that allows the attacker to gain complete control over the compromised system and "perform reconnaissance," Kurtz said. "The attacker can now identify high value targets and start to siphon off valuable data from the company," he wrote.
Via [zdnetasia]
(Read more inside ..)
Bookmark this post:
blogger widgets
Social Bookmarking Blogger Widget
|
Monday, January 18, 2010
Everybody should be aware of Social Engineering
Online criminals can use sophisticated technology to try to gain access to your computer, or they can use something simpler and more insidious: social engineering.
Social engineering is a way for criminals to gain access to your computer. The purpose of social engineering is usually to secretly install spyware or other malicious software or to trick you into handing over your passwords or other sensitive financial or personal information.
Types of social engineering
- Phishing
- Spear Phishing
- E-mail hoaxes
Phishing: Fraudulent e-mail messages and Web sites
The most common form of social engineering is the phishing scam. Phishing scams employ fraudulent e-mail messages or Web sites that try to fool you into divulging personal information.
For example, you might receive an e-mail message that appears to come from your bank or other financial institution that asks you to update your account information. The e-mail message provides a link that appears to go to a legitimate site, but really takes you to a spoofed or fake Web site.
If you enter your login, password, or other sensitive information, a criminal could use it to steal your identity.
Phishing e-mail messages often include misspellings, poor use of grammar, threats, and exaggerations. For more information about phishing, see Recognize phishing scams and fraudulent e-mails.
If you think you might already be a victim, see What to do if you've responded to a phishing scam.
Spear phishing: Focused attacks that seem to come from people you know
Spear phishing is any highly targeted e-mail scam; but they usually are employed in a business environment.
Spear phishers send e-mail messages that appears genuine to all the employees or members within a certain company, government agency, organization, or group.
The message might look like it comes from your employer, or from a colleague who might send an e-mail message to everyone in the company, such as the head of human resources or IT. It might include requests for user names or passwords or might contain malicious software, like a trojan or a virus.
Spear phishing is a more sophisticated type of social engineering than phishing, but the techniques you can use to avoid being fooled are the same.
E-mail hoaxes: Look out for easy money promises
E-mail hoaxes come in many different forms, ranging from a scam that requests your help getting money out of a foreign country (often Nigeria) to a promise that you've won a lottery.
The common element is that you're usually promised a large sum of money for little or no effort on your part.
The scammer tries to get you to send money or reveal financial information that they can use to steal your money or your identity, or both.
Via [Microsoft ] (Read more inside ..)
Bookmark this post:
blogger widgets
Social Bookmarking Blogger Widget
|
Dell Inspiron Zino HD mini desktop computer
The new Inspiron Zino HD mini desktop computer is available in Indian markets. Cost starting from Rs. 20,900. You’ll be amazed by how many powerful features are inside such a perfectly small square, 7.8" by 7.8" to be exact.
Features:
- Personalize with 10 optional interchangeable colors and designs
- Its small form factor conveniently fits just about anywhere
- Make the most of your movies with HDMI and optional Blu-ray Disc
- Optional discrete graphics, up to 8GB memory and up to 640GB hard drive for amazing performance
Via [Dell ] (Read more inside ..)
Bookmark this post:
blogger widgets
Social Bookmarking Blogger Widget
|
LG releasing Windows Mobile 7 phone in September and Android 2.1 in April
First LG flat-out says on public record that Windows Mobile 7 is bound for 2010, and now we've gotten apparent word that the company has narrowed said release window to September of this year -- at least as far as its own devices are concerned.
That comes via high-profile French tech blogger Eric of Presse Citron, who while attending a LG Design Lab tweeted (both in French and immediately after in English) that LG Mobile will release a Windows Mobile 7 device in September and an Android 2.1 device in April, first in the US and then Europe just after. The tweets are now gone, but WMPoweruser managed to catch both via Google cache, while we have corroborated just the French one by similar means. So, misheard claims from the company or accidental slip-up of NDA'd secrets? MWC is starting to look more and more interesting.
Via [WMPoweruser]
(Read more inside ..)
Bookmark this post:
blogger widgets
Social Bookmarking Blogger Widget
|