WiFi + Airport = Lost password

As most travelers know, many airports and VIP lounges offer Wi-Fi connectivity but, unfortunately, these connection are rarely encrypted.   Here’s an example: All data sent and received travels in clear text, which means anyone could intercept the data for malicious purposes.  This unencrypted data could include passwords, logins, financial information like PIN codes, etc.Many people also know that it’s always better to use a VPN connection.  However, in many cases,  VPN connection are filtered out and blocked by rules on the network firewall. I tried two different protocols and both were blocked.  Mostly network administrators don’t allow using VPNs from Public WiFi access points only because they want to make...

Read more »

iPhone passwords succumb to researchers' attack

Researchers at the Fraunhofer Institute for Secure Information Technology in Darmstadt, Germany, have found a way to steal passwords found in the Apple iPhone's keychain services within six minutes. In order to steal passwords, the researchers said, the attacker must have have the actual, physical iPhone in hand--this isn't a remote maneuver. First, the attacker has to jailbreak the iPhone, and from there then must install an SSH server on the smartphone to be able to run unrestricted programs. The researchers also created a "keychain access script" that they then copied to the iPhone. After executing that script, they found that they were able to decrypt and see some passwords saved in the keychain. Over the past year, several iPhone...

Read more »

Data theft attacks besiege oil industry, McAfee says

A McAfee diagram of how the Night Dragon attacks proceeded.(Credit: McAfee) For years, companies in the oil and energy industry have been the victims of attempts to steal e-mail and other sensitive information from hackers believed to be in China, according to a new report from McAfee. The attacks, to which McAfee gave the sinister name "Night Dragon," penetrated company networks through Web servers, compromised desktop computers, bypassed safeguards by misusing administrative credentials, and used remote administration tools to obtain the information, the security firm said late yesterday. McAfee and other security companies now have identified the method and can provide a defense. "Well-coordinated, targeted attacks such as Night Dragon,...

Read more »

Sandboxing to come in Avast 6

Free security suites have long been offering protection for Windows computers that has ranged from adequate to excellent. After using the Avast 6 beta for the past week, it looks like Avast 6 will land far closer to the high end of the spectrum thanks to its new WebRep browser add-on and sandbox environment, unique in the free antivirus marketplace.  Avast 6 Free will come with a sandbox feature to isolate risky programs while they run.(Credit: Screenshot by Seth Rosenblatt)  The security suite is available in three forms: Free Antivirus, which replicates the features available in the upcoming Avast 6 Free; Pro Antivirus, which offers a 30-day trial for checking out Avast's first level of paid security; and Internet Security,...

Read more »

Firefox beta to Web: 'Do Not Track'

Firefox 4 beta 11 has landed a useful security feature for people who are sick of "stalkertizements," those cookie-based ads that use your browsing history to target ads at your perceived tastes. The new "Do Not Track" feature in Firefox 4 beta 11 for Windows, Mac, and Linux sends out a header that tells Web sites that you want to opt out of behavioral tracking, though Mozilla cautions in a blog post that it will take some time for sites and advertisers to respond to the header.  This diagram shows how Firefox's new 'Do Not Track' feature works.(Credit: Mozilla)  The feature can be toggled via a check box in the Advanced tab of Firefox's Options window.  Mozilla privacy lead Alex Fowler said that the engineers decided...

Read more »

McAfee: Mobile threats on the rise

Mobile threats are spreading and spam continues to be a thorn in the average person's side, according to a new McAfee report about the fourth quarter. Mobile malware threats increased by 46 percent last year as criminals continued to embrace new opportunities on smartphones and tablets, the security firm said today.  "One of the most important threats of the quarter" among mobile devices was the Android-based Geinimi Trojan that Zeus botnet creators unleashed. It was flanked by several other malware threats, like the Symbian OS-focused Zitmo.A, McAfee said."Cybercriminals are keeping tabs on what's popular, and what will have the biggest impact from the smallest effort," Vincent Weafer, senior vice president of McAfee Labs, said...

Read more »

Microsoft patches Windows, IE

Microsoft today issued three "critical" security bulletins as part of its monthly Patch Tuesday program. Together with nine other alerts, which the company rated as "important," the bulletins address 22 vulnerabilities spanning Microsoft products from Windows and Internet Explorer to Office and Internet Information Services.  On the top of the list is MS11-003, which is a cumulative update for Internet Explorer that resolves four vulnerabilities. Included is a fix for the nasty CSS bug outlined in Security Advisory 2488013, a bug that could give attackers control of people's computers.  In a podcast about the patches, Jerry Bryant, the group manager of response communications for Microsoft's Trustworthy Computing Group,...

Read more »

Did Sony add a rootkit to PS3 firmware update?

Gamers on a forum accuse Sony of adding a rootkit to its latest version of PlayStation 3 firmware. Rootkits, in general, have a bad reputation. Security watchers often associate them with malware. In this case specifically, though, the alleged rootkit would allow Sony to peer into users' system files without their knowledge. A user dubbed N.A., who first mentioned the alleged rootkit last week on the Neogaf forum and cited work performed by developer Mathieulh, alleged that a rootkit in firmware version 3.56 allows Sony to "remotely execute code on the PS3" when users connect to the PlayStation Network. Mathieulh informed people over Internet Relay Chat that the alleged rootkit can be used by Sony for "verifying system files...

Read more »

Microsoft to seal 22 security holes this month

Microsoft today said it will address 22 vulnerabilities as part of next week's Patch Tuesday, three of which are critical. Three of the 12 bulletin items released by Microsoft earlier today are classified as critical, and affect Microsoft's Windows operating system, with one affecting Microsoft's Internet Explorer browser as well. The rest are classified as "important." In a post on Microsoft's Security Response Center blog, the company said it will be making fixes for vulnerabilities in the Windows Graphics Rendering Engine, as well as CSS exploit in Internet Explorer that could allow an attacker to gain remote code execution. Along with the fixes for the rendering engine and the CSS exploit, Microsoft says it will be addressing...

Read more »

Report: Hackers penetrated Nasdaq computers

Federal authorities are investigating repeated intrusions into the computer network that runs the Nasdaq stock exchange, according to a Wall Street Journal report that cited people familiar with the matter. The intrusions did not compromise the tech-heavy exchange's trading platform, which executes investors' trades, but it was unknown which other sections of the network were accessed, according to the report. "So far, [the perpetrators] appear to have just been looking around," one person involved in the Nasdaq matter told the Journal. The Secret Service reportedly initiated an investigation involving New York-based Nasdaq OMX Group last year, and the Federal Bureau of Investigation has launched a probe as well. Investigators are...

Read more »