At least two sets of exploit code have been posted on the Internet for the security flaws in Yahoo Messenger 8 first disclosed on Wednesday by the security vendor eEye on Tuesday. The two exploits were posted on the Full Disclosure mailing list on Wednesday. One set of code shows how to cause buffer overflow in the Webcam ActiveX component. Another causes a buffer overflow in the viewer ywcvwr.dll. Both exploits were written by Danny.
These days, criminal enterprises don't just want to steal your Outlook contact list, they want to own your computer, and they will download a remote-access Trojan horse at the first available opportunity. Within the last six months, Symantec has seen the number of these "bot" infections increase 29 percent over the previous six months. That's why Symantec is rushing to market a new application they're calling Norton AntiBot.
While most antivirus applications today provide adequate protection against spyware and malware, once these are removed, your machine is vulnerable to new and different variations of the … Read more
After finishing dead last in a comparative antivirus test, Microsoft Windows Live OneCare recently garnered some positive press. The latest tests performed by AV-Comparatives.org seem to show an improvement, with OneCare moving up two places. While OneCare is certified by West Coast Labs and ICSA, it is the competitive independent antivirus testing results that mean more in terms of how well a product performs in the real world against real malware. Thus, some might argue that things are looking up for the nascent Redmond antimalware team.
That's until you look closer at the tests. AV-Comparatives performed two different … Read more
A number of highly critical security flaws have been found in the latest version of Yahoo Messenger, which could allow attackers to gain remote access to users systems, according to a security advisory issued by eEye Digital Security.
The vulnerabilities affect Yahoo Messenger versions 8.1 and 8.0, running on Windows, eEye stated in its "upcoming advisories."
Although eEye does not disclose extensive details about vulnerabilities until the respective vendor develops a patch, the security researcher did note the Yahoo IM flaws requires little user interaction for an attacker to exploit the vulnerabilities.
"It's the … Read more
It is common knowledge that IT security is made up of isolated security islands that don't talk to each other and must be managed on a one-off basis.
Why is this? Best I can figure is that it is a historical combination of budget and behavior. Security budgets are notoriously tight, so tools tend to be brought in on an as-needed basis. As for behavior, security professionals grew up with a "best of breed" mindset. If security widgets 1 and 2 are deemed to be the best products available, they buy them. Security benefits tend to trump … Read more
In the wrong hands, could Google Earth become a weapon of mass destruction?That question has been floated in the aftermath of last week's FBI apprehension of four suspects charged with attempting to explode oil pipelines at New York's John F. Kennedy airport.
At a press conference announcing three of the the arrests, FBI officials said one of the plotters, Abdul Kadir, directed his associates to consult Google aerial images of Kennedy Airport as they went about their planning. Inevitably, this raised questions about whether the various online mapping services offered by the likes of Google, Yahoo and … Read more
Security researcher Robert Hansen, aka RSnake, has published details of a new attack on Google Desktop. Basically, Hansen found a man-in-the-middle attack, this time placing an attacker between Google and someone launching a desktop search query. From this position, the attacker is able to manipulate the search results and possibly take control of other programs on the desktop.
Criminal hackers are flying well below the radar these days with a new technique that, according to security vendor Finjan, marks a new level of sophistication among criminal hackers. Documenting this trend in its latest Web Security Trends Report, Finjan calls these "evasive attacks" because of their stealth-like quality. First, criminal hackers use a cross-site scripting attack to place an IFrame that calls down malicious code on a popular Web site. That part is not new. What is new is the fact that the end-user is hit with the malicious code only once, making it hard for network … Read more
One of the four terror suspects in an alleged plot to blow up fuel tanks and a gas pipeline at New York City's John F. Kennedy International Airport recommended Google Earth as a way to obtain detailed aerial photographs, according to a court complaint obtained by The Smoking Gun.
The "JFK plot" made headlines on Saturday when U.S. officials announced that they had charged four men, one of whom remains at large, in a nascent plot to target fuel tanks and a gas pipeline at the high-traffic airport. The court document in question describes a May … Read more