Security

Spammers will do just about anything to get their e-mail through corporate and desktop filters. According to MessageLabs, they're now using Google Docs, a perfectly legitimate way to publish to the Web. Only what they're publishing is the same old wares--this time, it's enhancement pills. This week I talked with Matt Sergeant, senior anti-spam technologist with MessageLabs, who told me how they they've tracking one Google Doc since May 8, 2008.

Later in the conversation, Sergeant talks about the resurgence of Storm. Only a few weeks ago, MessageLabs reported a notable decrease in computers infected with the Storm botnet. … Read more

On Thursday, Zero Day Initiative announced four flaws affecting two instant-messaging applications, three affecting Cerulean Studios Trillian Pro, and one affecting IBM Lotus Sametime. Zero Day Initiative is a part of TippingPoint and is controversial in that it pays researchers for finding flaws.

The first flaw in Trillian affects the header parsing code for the msn protocol and could allow remote attackers to execute arbitrary code. The advisory states "when processing the X-MMS-IM-FORMAT header, certain attributes are copied into a buffer located on the stack without any length verification which can eventually lead to code execution with the privileges … Read more

On Wednesday, Cisco Systems issued three patches for critical vulnerabilities affecting Cisco Internetwork Operating System (IOS). The most serious of these affects the Cisco Voice Portal and the Secure Shell server (SSH) implementations.

Cisco says the first patch covers a vulnerability that exists in the Cisco Unified Customer Voice Portal (CVP) , which provides customer voice and video self-service integration. If the vulnerability is exploited, an authenticated user can create, modify, or delete a superuser account. In other words, successful exploitation may result in full control of the system.

The second patch covers the Secure Shell server (SSH) implementation in Cisco … Read more

I can't say for certain that ISPs, online advertising networks, and other big Web companies are already tracking our Web use and sending us ads and other information based on conclusions they draw from our unique browsing history.

But it wouldn't surprise me one bit if they were. And if they aren't already, I know it's only a matter of time.

Web sites have been using persistent cookies to remember you from session to session for a long time. Usually, sites know only the site you arrived from and the site you go to when you … Read more

On Wednesday, Core Security announced three vulnerabilities within iCal, the personal calendar application that ships with the Mac operating system. The vulnerabilities affect iCal version 3.0.1 on MacOS X 10.5.1.

ZDNet's Ryan Naraine quotes an as-yet unpublished Core Security announcement as saying: "The vulnerabilities are caused due to iCal not properly sanitizing certain fields on iCal calendar files (.ics). This can be possibly exploited to crash iCal (first two bugs) or possibly execute arbitrary code (third bug) via malicious calendar updates or by importing a specially crafted calendar file."

Apple was rumored to … Read more

We've seen banks, even eBay and PayPal, all targeted by phishers. Now they've turned their attention to iTunes, creating a bogus site that reportedly looks like an iTunes billing page asking for current credit card information.

"We've never seen Apple as the target," Proofpoint's Andrew Lochart told Computerworld on Tuesday. "It's probably indicative that the bad guys see Apple's online presence as large enough to be a target."

In addition to asking for credit card information, the phony iTunes page also asks for one's social security number and mother'… Read more

I used to think the last thing I needed was another browser toolbar. But now I gladly sacrifice a little screen real estate to find out who owns the sites I visit, where they're located, and whether they pass muster with the security checkers.

That's what you get with CallingID, an add-on for Internet Explorer and Firefox that adds a multi-hued toolbar to the browsers. Along with use of green, yellow, and red to signify the site's safety, the toolbar shows the owner and location of the site.

Whenever you attempt to enter a name and password … Read more

One year ago, the Estonian government moved a war memorial honoring Russian-Estonians who died fighting the Nazis, a move that may have triggered what some believe is the first instance of a sustained, international cyberwar.

Now, Gadi Evron, a former Israeli Government CERT manager who was in Estonia at the time of the attacks, has revisited the events with an article in the Georgetown Journal of International Affairs and reprinted here online (PDF).

Evron said what could be described as a "flash mob" created the disturbances in the Estonian Internet during May 2007. "Not only did the … Read more

For years, biometric finger scanners have been used in ATMs and at the cash register. But there are problems with finger scanners. Researchers have demonstrated how a flat photograph or molded fingertip can easily fool these devices into giving a false approval. And while face recognition is improving, especially 3D facial mapping, these devices aren't yet in wide use today.

Fujitsu PalmSecure is another option. Already in use in hospitals and government offices, the device reads the hand's vein pattern using near-infrared light. On this week's Security Bites podcast, I spoke with Joel Hagberg, vice president of … Read more