Archive for September, 2010

Twitter Exploited

Posted Sep.22, 2010 under Social Media

The Twitter website was yesterday widely exploited by users who have stumbled across a flaw which allows messages to pop-up and third-party websites to open in your browser just by moving your mouse over a link.

In a worrying development, messages was also spreading virally exploiting the cross-site-scripting (XSS) vulnerability without the consent of users.

Thousands of Twitter accounts have posted messages exploiting the flaw. Victims include Sarah Brown, wife of the former British Prime Minister.

Source: Sophos

According to Twitter Status the XSS security issue is now identified and patched.

Tags:
Leave a Comment

Nigerian advance-fee scammer gets 12 years

Posted Sep.08, 2010 under Security News


“A Nigerian man has been sentenced to 12 years in prison for sending out fraudulent e-mails offering victims big bucks in exchange for moving cash to the United States. Okpako Mike Diamreyan, 31, was sentenced to 151 months of prison Wednesday by United States District Judge Janet Hall in Bridgeport, Connecticut. Diamreyan made more than US$1….”
Source: Team Cymru Internet Security News

Leave a Comment

Twitter bug creates account hijacking peril

Posted Sep.08, 2010 under Security News


“Twitter has been bitten by a hard-to-kill web-application bug that’s being actively exploited to steal users’ authentication credentials, a security expert said Tuesday. A link that exploits the XSS, or cross-site scripting, vulnerability was included in tweets that sent users’ session cookies to two servers under the control of attackers, according to Stefan Tanase, a security researcher for Russian anti-virus provider Kaspersky. The tweets, written in Brazilian Portuguese, claimed a popular band suffered a tragic accident and offered additional information….”
Source: Team Cymru Internet Security News

Leave a Comment

How not to become a FRAUD victim

Posted Sep.08, 2010 under Security News


“At a seminar Wednesday attended mostly by seniors, District Attorney Mike Ramsey reminded them that older generations are often targeted by frauds and scams because they have more disposable income, are more trusting, and are likely to be more polite to scammers over the phone. Among simple things people can do to protect themselves from Internet fraud is to create a password made up of letters and numbers, rather than using something personal, like a birth date or anniversary. The men also said using your mother’s maiden name is a no-no, but said the biggest mistake most victims make is giving out their Social Security numbers….”
Source: Team Cymru Internet Security News

Leave a Comment

Microsoft Releases Warning On New Windows Browser Threats

Posted Sep.08, 2010 under Security News


“Microsoft has released a warning about a new kind of browser-based attack. The attack mimics genuine pages generated by browsers, such as Internet Explorer, Firefox and Chrome, and tricks users into installing a fake anti-virus software. When users visit a compromised website running a malicious code, a genuine looking pop-up surfaces on their web browser, alerting them that their security defences are down and they need to install the an anti-virus software to contain the virus….”
Source: Team Cymru Internet Security News

Leave a Comment

New Mass Injection Attack Forces Thousands of Websites to Distribute Scareware

Posted Sep.08, 2010 under Security News


“A new mass injection attack has compromised tens of thousands of websites with code that directs visitors to rogue antivirus programs. The new attack was detected and reported by security researchers from Websense, a provider of Web and email security solutions. During last week the number of affected sites varied from 22,000 to almost 39,000 depending on the day, with BlueHost being the most affected hosting company….”
Source: Team Cymru Internet Security News

Leave a Comment

Don’t Talk To Strangers

Posted Sep.01, 2010 under Facebook Security, Phishing, Social Media

I received an invitiation from this girl(?) today. I declined.

Malware City just published a very interesting experiment. Creating a 20-year old girl persona they contacted and befriended 2,000 people.

The study focuses on how easily social network users make new virtual acquaintances by accepting friend requests sent out by perfect strangers, and on what kind of information they disclose to these recent friends.

Malware City doesn’t reveal which social network they have used for the study but they reveal “First, a social network was chosen. The choice was based on the fact that the network was large enough to make it possible for the “friends” sample to meet the representativeness criterion.” Taking into consideration the size and the possibilities of communication, my guess is Facebook was used for the study.

Second, a test-profile was created in order to analyze a so-called “friendship rate” as a function of sex, age and interests. This test-profile was that of a fair-haired woman, aged 21, acting as a very, very naïve interlocutor.

In my opinion it’s a very interesting study. I am quoting one of the most striking results here:

“…after a 2 hour conversation, 73% revealed what appears to be confidential information from their work place, such as future strategies, plans, and unreleased technologies/software.”

Read about the study at Malware City

Leave a Comment