UPnP-enabled routers allow attacks on LANs
http://www.h-online.com/security/news/item/UPnP-enabled-routers-allow-attacks-on-LANs-1329727.html
Yale oversight exposes 43,000 Social Security numbers
http://news.cnet.com/8301-27080_3-20096355-245/yale-oversight-exposes-43000-social-security-numbers/
http://www.yaledailynews.com/news/2011/aug/17/yale-affiliates-ssns-were-searchable-google/
Apache HTTPD Security ADVISORY
http://article.gmane.org/gmane.comp.apache.announce/58
Windows Remote Desktop worm āMortoā spreading
http://www.f-secure.com/weblog/archives/00002227.html
http://isc.sans.edu/diary/Increased%2BTraffic%2Bon%2BPort%2B3389/11452
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FMorto.A
Hacker steals user data from Nokia developer forum
http://www.h-online.com/security/news/item/Hacker-steals-user-data-from-Nokia-developer-forum-1332867.html
Fraudulent certificate triggers blocking from software companies
https://www.eff.org/deeplinks/2011/08/iranian-man-middle-attack-against-google
http://www.microsoft.com/technet/security/advisory/2607712.mspx
http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/
http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert
http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html
"Google Chrome users were protected from this attack because Chrome was able to detect the fraudulent certificate. "
Thanks Asyn.
For Firefox users, take an action! Itās not just about reading!
- NP Tech.
- Fully agreeā¦! (I already did so.)
Fake Google certificate is the result of a hack
http://www.h-online.com/open/news/item/Fake-Google-certificate-is-the-result-of-a-hack-1333728.html
http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx
Fake Anti-Virus, Social Network Scams On The Rise
... researchers found that the rising tide of fake anti-virus during the first half of 2011 includes a new variant consisting of fake desktop utilities, propelled by SpyEye and Zeus Trojan spam.ā¦ the report found that security threats from social media continue to rise as social networking sites such as Facebook and Twitter are increasingly used in the workplace.
ā¦ rogue apps that impersonate online games in order to distribute malware.ā¦ mobile security threats for the Android platform experienced a big upward spike, proliferated with the growth of the Android Market.
Apple Gives Internship To JailbreakMe Creator
Sometimes, if you canāt beat them, employ them. Nicholas Allegra, a 19-year-old hacker and creator of the Jailbreakme.com site, responsible for a series of jaibreaking iOS hacks, has officially been hired as an intern at Apple
Xpaj Botnet Intercepts 87 Million Web Searches In Click-Fraud Scheme
... researchers said Friday they recently uncovered the file-infector W32.Xpaj.B botnet, also known simply as Xpaj, by digging up command and control servers containing encrypted binary data, encryption keys, databases and Web applications used in conjunction with a widespread click-fraud scheme over the last several months.
Skype Cross-Site Scripting Flaw Enables Phone Session Attacks
A gaping cross-site scripting flaw in the latest version of Skype enables attackers to inject malicious code into a userās phone sessions. The cross-site scripting vulnerability occurs in Skype 5.5.1.113, affecting Windows XP, Vista and 7, and stems from a persistent code injection vulnerability due to a validation input error that prevents the VoIP client from properly inspecting phone numbers sourced from usersā home, office and mobile Skype accounts, according to researcher Levent Kayan.
More Info
http://www.h-online.com/security/news/item/Updated-Chrome-and-Firefox-for-fraudulent-Google-certificate-available-1333898.html
http://my.opera.com/securitygroup/blog/2011/08/30/when-certificate-authorities-are-hacked-2
http://www.f-secure.com/weblog/archives/00002228.html
http://nakedsecurity.sophos.com/2011/08/31/google-blacklists-247-certificates-is-it-related-to-diginotar-hacking-incident
Et al,
Just thought Iād post this for other users and viewers to peruse at their leisure.
re: Spoofed and Invalid CA certificates.
I come here every week or so to see what is out there as far as malware trends are going. Looks like the latest and greatest (sadly) is the one currently known as āEnhanced Protection Virusā. I wish Essexboy all the best in finding a successful resolution for the two users whom currently have this rogue program on their machines.
If we have known spoofed CAās, then is this not a part of the problem with Google Re-direct, since we donāt really know for sure where the browser is ending up at? ??? ???
Note, too, the link provided for the program called āCovergenceā, at the bottom of the blog, which is said to analyze for certificate revocations, that does not work on my machine. When the add-on is run in FF 6.0, it says it is not compatible.
As always, I run my browser in a sandbox to test before installing anything like this. Could this affect proper operation? Why would it say āincompatibleā if it is supposed to run on FF?
Just a question, if anyone cares to explain possible reasons.
I sure some have seen this blog, but just want to make sure everyone here at this forum knows about it.
mchain
XP Home Edition SP 3 P4 2 GB RAM Avast! Free Edition v. 6.0.1203
Security breach on kernel.org
http://kernel.org/#news
http://linux-foundation.org/weblogs/lwf/2011/08/31/the-cracking-of-kernelorg/
http://git-blame.blogspot.com/2011/08/how-to-inject-malicious-commit-to-git.html
The DigiNotar Debacle, and what you should do about it
https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it
@Asyn,
Clicking on the link in your last post brings up the following:
http://my.jetscreenshot.com/2701/m_20110902-g9jm-49kb.jpg
Strange, the only thing I had blocked in openDNS was Adult content and randomized ispās.
I donāt see any here and yet the site was blocked.
Iāve removed the filer.
Sorry Bob, canāt help you, I just tried it again and it still works hereā¦!
Do you use OpenDNSā¦?? The alert seems related to it.