tag:blogger.com,1999:blog-60127583178471458772024-03-13T09:58:45.197+11:00HACKING AUSTRALIAIT Security is a dynamic environment, every company/person need to guarantee their assess in order to achieve their goals. This blog focus on that and other topics of security manners, like: Information Security, Ethical Hacking, Vulnerability among others.Anonymoushttp://www.blogger.com/profile/08298128264948784456noreply@blogger.comBlogger141125tag:blogger.com,1999:blog-6012758317847145877.post-68291401985467835362015-02-16T17:24:00.001+11:002015-02-16T17:25:48.650+11:00The Daily Beast: Hacking Ring Steals Up To $1B From Banks.<p dir="ltr">An international hacking ring that's been active since at least the end of 2013 has stolen up to $1 billion from banks around the world, according to a cybersecurity firm report released Monday. </p>
<p dir="ltr">The group has breached more than 100 banks in 30 countries through methods including programming ATMs to release money at certain times and transferring money to fake accounts, according to Russian security company Kaspersky Lab. The hackers become familiar with banks' systems through phishing, taking screen shots as well as filming employees using work computers, the report said. </p>
<p dir="ltr">The theft targets banks instead of customers, which means the hackers are focused on stealing money rather than information, according to Kaspersky principal security researcher Vicente Diaz. </p>
<p dir="ltr">Financial institutions in the U.S., Russia, Germany, China and Ukraine have been targeted, but the hackers may be casting a bigger net to include banks in Africa and Europe. </p>
<p dir="ltr">Source: http://google.com/newsstand/s/CBIw68zrvyA</p>
Anonymoushttp://www.blogger.com/profile/08298128264948784456noreply@blogger.comtag:blogger.com,1999:blog-6012758317847145877.post-24204708663529254482014-11-23T10:46:00.000+11:002014-11-23T10:46:48.114+11:00A deep look into the Brazilian underground cyber-market<table border="0" cellpadding="0" class="MsoNormalTable" style="text-align: justify;">
<tbody>
<tr>
<td style="padding: .75pt .75pt .75pt .75pt;">
<div class="MsoNormal">
<br /></div>
<h2>
<span style="font-family: "Calibri",sans-serif; mso-fareast-font-family: "Times New Roman";"><fb:like href="http://securityaffairs.co/wordpress/30350/cyber-crime/brazilian-underground-cyber-market.html" layout="button_count" share="false" show_faces="false" width="450"></fb:like>Trend
Micro has published a new study on black cyber-markets focusing on product
and services offered on the Brazilian underground.<o:p></o:p></span></h2>
<div style="text-align: justify;">
<span style="font-family: "Calibri",sans-serif;">Trend Micro has published a
new interesting report on the <a href="http://resources.infosecinstitute.com/pricing-policies-cyber-criminal-underground/" target="_blank" title="http://resources.infosecinstitute.com/pricing-policies-cyber-criminal-underground/">underground
cyber-markets</a>, this is a third study focused on the Brazilian
cyber-underground offer, the previous ones analyzed <a href="http://securityaffairs.co/wordpress/24440/cyber-crime/evolution-russian-underground.html" target="_blank" title="Evolution of the Russian underground offer">Russian</a>
and <a href="http://securityaffairs.co/wordpress/22797/cyber-crime/trend-micro-report-chinese-mobile-underground-market.html" target="_blank" title="Trend Micro report on Chinese Mobile Underground Market">Chinese
marketplaces</a>.<o:p></o:p></span></div>
<div style="text-align: justify;">
<span style="font-family: "Calibri",sans-serif;">The new study, exactly like
previous analysis, describes a thriving marketplace where cyber
criminals proposes their services and products to criminal crews that instead
of creating their own attack tools from scratch could benefit of
the competitive offer. The study reports the principal solution and
services proposed to the crooks in a model of sale known as <a href="http://securityaffairs.co/wordpress/16855/cyber-crime/the-rise-of-hacking-services.html" target="_blank" title="Cybercrime-as-a-Service, the rise of hacking services">crime-as-a-service</a> that
is able to attract new actors in the cyber arena.<o:p></o:p></span></div>
<div style="text-align: justify;">
<span style="font-family: "Calibri",sans-serif;">A first data that
immediately catches the attacention of the experts is decrease of prices
recently offered, this is a further element of attractive for criminals that
look to the cyber crime with increasing interest.<o:p></o:p></span></div>
<div style="text-align: justify;">
<em><span style="font-family: "Calibri",sans-serif;">“The barriers to
launching cybercrime have decreased. Toolkits are becoming more available and
cheaper; some are even offered free of charge. Prices are lower and features
are richer. Underground forums are thriving worldwide, particularly in
Russia, China, and Brazil. These have become popular means to sell products
and services to cybercriminals in the said countries. Cybercriminals are also
making use of the Deep Web to sell products and services outside the indexed
or searchable World Wide Web, making their online “shops” harder for law
enforcement to find and take down.” states the <a href="http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-brazilian-underground-market.pdf" target="_blank" title="http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-brazilian-underground-market.pdf">‘The
Brazilian Underground Market’ report</a>.</span></em><span style="font-family: "Calibri",sans-serif;"><o:p></o:p></span></div>
<div style="text-align: justify;">
<span style="font-family: "Calibri",sans-serif;">Another element of
distinction between the Brazilian underground and the Russian and
Chinese ones, is the availability of training services, for this reason
the Brazilian underground ecosystem is also considered as the market for
cybercriminal Wannabes.<o:p></o:p></span></div>
<div style="text-align: justify;">
<em><span style="font-family: "Calibri",sans-serif;">“What distinguishes the
Brazilian underground from others is the fact that it also offers training
services for cybercriminal wannabes,” according to the whitepaper.
“Cybercriminals in Brazil particularly offer FUD (fully undetectable) crypter
programming and fraud training by selling how-to videos and providing support
services via Skype. Anyone who is Internet savvy and has basic computing
knowledge and skill can avail of training services to become cybercriminals.
How-to videos and forums where they can exchange information with peers
abound underground. Several trainers offer services as well. They even offer
support when training ends.”</span></em><span style="font-family: "Calibri",sans-serif;"><o:p></o:p></span></div>
<div style="text-align: justify;">
<span style="font-family: "Calibri",sans-serif;">The Brasilian cyber
criminals seem to be more ruthless in the use of media platforms like
Facebook, <a href="http://securityaffairs.co/wordpress/22582/cyber-crime/youtube-ads-network-serving-caphaw-banking-trojan.html" target="_blank" title="YouTube ads network serving Caphaw Banking Trojan">YouTube</a>,
Twitter, <a href="http://securityaffairs.co/wordpress/13502/cyber-crime/how-cybercrime-uses-compromised-skype-account.html" target="_blank" title="How cybercrime uses a compromised Skype account">Skype</a>,
and <a href="http://securityaffairs.co/wordpress/26789/security/whatsapp-profile-picture-risky-feature.html" target="_blank" title="WhatsApp profile picture: a risky feature? In the mind of a hacker">WhatsApp</a>, differently
from Russian and Chinese players that “hide in the <a href="http://securityaffairs.co/wordpress/9409/security/the-deep-web-part-1-introduction-to-the-deep-web-and-how-to-wear-clothes-online.html" target="_blank" title="The Deep Web Part 1: Introduction to the Deep Web and how to wear clothes online!">Deep Web</a>
and use tools that ordinary users do not such as Internet Relay Chat
(IRC) channels”<o:p></o:p></span></div>
<br />
<div style="text-align: justify;">
<span style="font-family: Calibri, sans-serif;">For several years, Brazil
has been known for the offer of </span><a href="http://securityaffairs.co/wordpress/26359/cyber-crime/massive-boleto-fraud-brazil.html" style="font-family: Calibri, sans-serif;" target="_blank" title="Massive Boleto fraud in Brazil caused 3,75 USD billion losses">banking
Trojan</a><span style="font-family: Calibri, sans-serif;">s, many malware were designed by Brazilian which targeted internal
banking users and that implemented several techniques to steal victims’</span></div>
<span style="font-family: "Calibri",sans-serif;"><div style="text-align: justify;">
credentials. Brazil ranks second worldwide in terms of online
banking fraud and malware infection, on a global scale it accounts for
almost 9% of the total number of <a href="http://securityaffairs.co/wordpress/16207/malware/group-ib-new-android-banking-trojan-appeared-on-the-blackmarket.html" target="_blank" title="Group-IB: New Android banking trojan appeared on the blackmarket">online-banking
malicious code</a> that compromised</div>
<o:p></o:p></span><br />
<span style="font-family: "Calibri",sans-serif;"><a href="http://securityaffairs.co/wordpress/wp-content/uploads/2014/11/Brazilian-underground-banking-malware.png"><span style="text-decoration: none; text-underline: none;"><img alt="Brazilian underground banking malware" border="0" class="aligncenter wp-image-30354" height="350" id="_x0000_i1026" src="http://securityaffairs.co/wordpress/wp-content/uploads/2014/11/Brazilian-underground-banking-malware.png" title="A deep look into the Brazilian underground cyber market" width="480" /></span></a><o:p></o:p></span><br />
<div style="text-align: justify;">
<span style="font-family: "Calibri",sans-serif;">Banking Trojan
source codes are sold for around US$386 each, the offer allows buyers
to modify their codes according their needs, they
can obfuscate strings, customize the composition of
payloads and add crypters and other solution to evade the
detection. Another product very popular are <a href="http://securityaffairs.co/wordpress/26359/cyber-crime/massive-boleto-fraud-brazil.html" target="_blank" title="Massive Boleto fraud in Brazil caused 3,75 USD billion losses">Bolware</a>
kits and toolkits used to create bolware that are offered for around
US$155, the applications offered by cybercriminals are user-friendly and
implements an easy to use control panel for monitoring and managing
infections and malicious activities.<o:p></o:p></span></div>
<span style="font-family: "Calibri",sans-serif;"><a href="http://securityaffairs.co/wordpress/wp-content/uploads/2014/11/Brazilian-underground-banking-malware-prices.png"><span style="text-decoration: none; text-underline: none;"><img alt="Brazilian underground banking malware prices" border="0" class="aligncenter wp-image-30357" height="197" id="_x0000_i1027" src="http://securityaffairs.co/wordpress/wp-content/uploads/2014/11/Brazilian-underground-banking-malware-prices.png" title="A deep look into the Brazilian underground cyber market" width="480" /></span></a><o:p></o:p></span><br />
<div style="text-align: justify;">
<span style="font-family: "Calibri",sans-serif;">The Brazilian underground
also offers a bank fraud courses for aspiring
cyber-criminals, the courses are very articulated and propose detailed
information for beginners to the criminal activities. The courses starts
presenting the fraud workflow and tools necessary to arrange a cyber fraud.
Some coursed are arranged in modules that propose interesting information on
the illegal practices to cybercriminal wannabes that can acquire
also interactive guides and practical exercises (e.g., simulating
attacks). A 10-module corse for example is offered for US$468, the operators
also offer updates and a Skype contact service.<o:p></o:p></span></div>
<div style="text-align: justify;">
<span style="font-family: "Calibri",sans-serif;">According to the author of
the study on the Brazilian underground market, Trend Micro Senior Threat
Researcher Fernando Merces, several factors have contributed to the growth of
cyber-criminal activity in the country like limited resources assigned to law
enforcement and the existence of a flexible underground market.<o:p></o:p></span></div>
<div style="text-align: justify;">
<em><span style="font-family: "Calibri",sans-serif;">“For example, Brazil
has a lack of concrete laws and limited law enforcement agency resources that
address cybercrime in the country,” he noted. “Additionally, the
technological and consumer landscape in Brazil, which has a <a href="http://www.forbes.com/sites/ricardogeromel/2014/07/03/brazil-by-numbers-must-know-facts-about-the-host-of-the-fifa-world-cup/">50%
Internet penetration rate</a>, and a 69% credit card penetration rate,
has made the country all too appealing for cybercriminals. However, another
factor may have also contributed to Brazilian cybercrime: the existence of a
flexible underground market with different offerings, ranging from banking
Trojan development to online fraud training. The latter is highly notable as
this is the most unique item in the market, which may not be found in other
underground markets.” <a href="http://blog.trendmicro.com/trendlabs-security-intelligence/localized-tools-and-services-prominent-in-the-brazilian-underground/" target="_blank" title="http://blog.trendmicro.com/trendlabs-security-intelligence/localized-tools-and-services-prominent-in-the-brazilian-underground/">explained
Merces in a blog post</a>. </span></em><span style="font-family: "Calibri",sans-serif;"><o:p></o:p></span></div>
<div style="text-align: justify;">
<span style="font-family: "Calibri",sans-serif;">The report details prices
and products for many other products and services, including Credit card credentials
and number generators, SMS-spamming services and <a href="http://securityaffairs.co/wordpress/27935/cyber-crime/apwg-q2-2014-report.html">phishing</a> pages
for popular banks.<o:p></o:p></span></div>
<div style="text-align: justify;">
<span style="font-family: "Calibri",sans-serif;">Let me close the post with
a meaningful statement from the author of the study that explain how is
simple today to become a dangerous cyber criminals with limited resources.<o:p></o:p></span></div>
<div style="text-align: justify;">
<em><span style="font-family: "Calibri",sans-serif;">“In Brazil, it’s
possible to start a new career in cybercrime armed with only US$500,” Merces
blogged. “Would-be cybercriminals are supported and helped by tools, forums,
and experts from the dark side of the Internet. These bad guys do not fear
the authorities and their groups get bigger in a short span of time.”</span></em><span style="font-family: "Calibri",sans-serif;"><o:p></o:p></span></div>
<div style="text-align: justify;">
<span style="font-family: "Calibri",sans-serif;">Let me suggest you to read
the full <a href="http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-brazilian-underground-market.pdf">report</a> published
by Trend Micro, it is full of interesting data.<o:p></o:p></span></div>
<div style="text-align: justify;">
<span style="font-family: "Calibri",sans-serif;"><a href="http://www.linkedin.com/pub/pierluigi-paganini/b/742/559" target="_blank" title="http://www.linkedin.com/pub/pierluigi-paganini/b/742/559">Pierluigi Paganini</a><o:p></o:p></span></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><span style="font-family: "Calibri",sans-serif;">(</span></b><span style="font-family: "Calibri",sans-serif;"><a href="http://securityaffairs.co/wordpress/" target="_blank" title="http://securityaffairs.co/wordpress/">Security Affairs</a><b> –
Brazilian underground<strong>,
cybercrime</strong>)</b><o:p></o:p></span></div>
<div style="text-align: justify;">
<span style="font-family: "Calibri",sans-serif;">The post <a href="http://securityaffairs.co/wordpress/30350/cyber-crime/brazilian-underground-cyber-market.html">A
deep look into the Brazilian underground cyber-market</a> appeared first on <a href="http://securityaffairs.co/wordpress">Security Affairs</a>.<o:p></o:p></span></div>
</td>
</tr>
</tbody></table>
<br />
<br />
<div style="text-align: justify;">
<span style="font-family: Calibri, sans-serif;"><br /></span></div>
<span style="font-family: "Calibri",sans-serif;">
<a href="http://securityaffairs.co/wordpress/30350/cyber-crime/brazilian-underground-cyber-market.html">View
article...</a><o:p></o:p></span>Anonymoushttp://www.blogger.com/profile/08298128264948784456noreply@blogger.comtag:blogger.com,1999:blog-6012758317847145877.post-51015133052350156482014-11-06T21:28:00.001+11:002014-11-06T21:28:00.302+11:00New technique makes phishing sites easier to create, more difficult to
spot.<div><br></div><div><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">Posted on 05 November 2014.</span></div><div><br></div><div><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">Researchers have spotted a new technique used by phishers which could trick even more users into believing they are entering their information in a legitimate web form.<br><br>Instead of replicating as faithfully as possible a legitimate website - for example an e-commerce site - the attackers need only to set up a phishing page with a proxy program which will act as a relay to the legitimate site, and create a few fake pages for when users need to enter their personal and financial information.<br><br></span><center style="text-align: start;"><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);"><img src="http://www.net-security.org/images/articles/phish-05112014.jpg"></span></center><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);"><br>"So long as the would-be-victim is just browsing around the site, they see the same content as they would on the original site. It is only when any payment information is entered that modified pages are displayed to the user," Trend Micro Senior Threat Researcher Noriaki Hayashi <a href="http://blog.trendmicro.com/trendlabs-security-intelligence/new-phishing-technique-outfoxes-site-owners-operation-huyao/" target="_new">explains</a>.<br><br>"It does not matter what device (PC/laptop/smartphone/tablet) or browser is used, as the attacker proxies all parts of the victim’s HTTP request and all parts of the legitimate server’s response."<br><br>In the spotted attack, users are directed to the malicious site by clicking on a search result they got by entering a product's name. The attackers used a number of blackhat SEO techniques to make the URL appear in the results. But spam emails and messages can also be used to lure potential victims to the malicious site.<br><br>The actual attack begins when the user clicks on the “Add to Basket” button on the legitimate site - the attacker has re-written the function so that the user is redirected to a spoofed e-cart page that leads to more fake pages simulating the checkout process.<br><br>The first page asks the victims to enter their personal information (name, address, phone number) as well as their email address and password. The second one requests the entry of credit card information (including the card's security code). The third one asks for additional information that is sometimes required to authorize a transaction.<br><br>Once the victims have submitted all this information, they will receive a fake confirmation email for the purchase to the email address submitted - and the illusion is complete.<br><br>"So far, we have only identified this attack targeting one specific online store in Japan. However, if this attack becomes more prominent, it could become a very worrying development: this makes phishing harder to detect by end users, as the phishing sites will be nearly identical to the original sites," Hayashi noted.<br><br>This approach makes phishing websites much easier to set up, and very difficult for the owners of the legitimate websites to detect. <br><br>Undoubtedly, we'll be seeing more similar attacks in the future.<br><br><a href="mailto:zeljka.zorz(at)net-security.org"><img src="http://www.net-security.org/images/articles/zeljka.jpg" border="0" align="left"></a><br><br></span></div>Anonymoushttp://www.blogger.com/profile/08298128264948784456noreply@blogger.comtag:blogger.com,1999:blog-6012758317847145877.post-66672276180731073332014-10-12T20:55:00.001+11:002014-10-12T20:55:47.070+11:00How To Protect Yourself From Phishing Scams<h1 style="font-family: 'Helvetica Neue', Helvetica, Arial, 'Nimbus Sans L', sans-serif; color: rgb(33, 33, 33); font-size: 1.3em; line-height: 1.32692em; margin-top: 0em; margin-bottom: 0.35938em;">
</h1><h1 style="font-family: 'Helvetica Neue', Helvetica, Arial, 'Nimbus Sans L', sans-serif; color: rgb(33, 33, 33); font-size: 1.3em; line-height: 1.32692em; margin-top: 0em; margin-bottom: 0.35938em;"><br></h1>
<div>
</div>
<div style="font-size:0.75em;line-height:1.34167em;color:rgb(135, 135, 135);margin-bottom:1em;">
By: <a style="color: rgb(73, 82, 211); text-decoration: none;" href="https://community.norton.com/users/nadiakovacs">Nadia_Kovacs</a> Posted: 30-Sep-2014 | <a x-apple-data-detectors-result="1" x-apple-data-detectors="true" x-apple-data-detectors-type="calendar-event">10:16AM</a> </div><div style="font-size:0.75em;line-height:1.34167em;color:rgb(135, 135, 135);margin-bottom:1em;"><img width="600" x-evernote-mime="image/png" src="evernotecid://08AB2683-124D-455F-A18F-586529739075/ENResource/p1577" height="400" style="font-family: 'Helvetica Neue Light', HelveticaNeue-Light, helvetica, arial, sans-serif; font-size: 17px; line-height: normal;"></div><div style="margin:1.2em 0px 1.5em;"><div style="margin-top:1.2em;margin-bottom:1.2em;"><div>
<p style="margin:0.14375em 0px 0.8625em;">October is National Cyber Security Awareness month. Phishing is one of the oldest tricks in the Internet book that tries to trick you out of divulging your personal information. This is part 4 in a series of blog posts we will be publishing on various topics aimed at educating you on how to stay protected on today’s Internet landscape.</p>
<p style="margin:0.14375em 0px 0.8625em;">Phishing is essentially an online con game and phishers are nothing more than tech-savvy con artists and identity thieves. They use SPAM, malicious web sites, email messages and instant messages to trick people into divulging sensitive information, such as bank and credit card accounts, usernames and passwords.</p>
<p style="margin:0.14375em 0px 0.8625em;"><strong>How Do You Know It’s A Scam?</strong></p>
<p style="margin:0.14375em 0px 0.8625em;">There are different forms of phishing tactics. Criminals may try to trick you into giving away your personal information via emails, Social Media messages, IMs, text messages, and even Internet chat rooms. Sometimes criminals may try to fool you into installing a malicious program, known as spyware, which can track and record the information you enter into your computer. Below are some of the commonly used tactics and warning signs you should be on the lookout for:</p>
<ul style="margin:1.4375em 0px;padding:0px 0px 0px 1.4em;">
<li>Phishers, pretending to be legitimate companies, may use email to request personal information and direct recipients to respond through malicious websites. Phishers have been known to use real company logos, and will also use a spoofed email address, which is an email address that is similar to the actual company’s address. However, the address may be misspelled slightly or come from a spoofed domain.</li>
<li>Emails may come in the form of a help desk support ticket, a message from your bank, or from someone soliciting money via a <a rel="nofollow" style="color: rgb(73, 82, 211); text-decoration: none;" href="http://www.symantec.com/connect/blogs/beyond-nigerian-prince-modern-419-scams">419 scam</a>.</li>
<li>Phishers tend to use a call to action. You may get a notice that an account is being shut down and you need to log into it to avoid that from happening. They may also request personal information in order to verify your identity.</li>
<li>Phishing websites can look remarkably like legitimate sites because they tend to use the copyrighted images the original sites.</li>
<li>Fraudulent messages are often not personalized and will often have misspellings of words and company names.</li>
</ul>
<p style="margin:0.14375em 0px 0.8625em;"><strong>How Do You Know If You Have Spyware?</strong></p>
<p style="margin:0.14375em 0px 0.8625em;">Spyware can be downloaded from web sites, email messages, instant messages, and from direct file-sharing connections. Additionally, a user may unknowingly receive spyware by installing a software program, and the spyware piggybacks onto that installation as additional suggested software. Users may also be unaware that some browser add-ons contain spyware.</p>
<p style="margin:0.14375em 0px 0.8625em;">Spyware frequently attempts to remain unnoticed, either by actively hiding or by simply not making its presence on a system known to the user. However, sometimes there can be signs that you may be infected:</p>
<ul style="margin:1.4375em 0px;padding:0px 0px 0px 1.4em;">
<li>Your computer starts to run slower than usual.</li>
<li>You start to receive an unusual amount of pop up ads.</li>
<li>There are new toolbars on your browser that you did not install.</li>
<li>Your browser’s home page has changed to a page that you are unfamiliar with.</li>
<li>Your web searches become redirected to other spam sites.</li>
</ul>
<p style="margin:0.14375em 0px 0.8625em;"><strong>How Do I Avoid Spyware?</strong></p>
<ul style="margin:1.4375em 0px;padding:0px 0px 0px 1.4em;">
<li>Be selective about what you download to your computer.</li>
<li>Watch out for anti-spyware scams.</li>
<li>Beware of clickable ads.</li>
<li>Use <a rel="nofollow" style="color: rgb(73, 82, 211); text-decoration: none;" href="http://us.norton.com/norton-security-antivirus/">Norton Security</a> to provide anti-spyware protection and proactively protect from other security risks.</li>
<li>Do not accept or open suspicious error dialogs from within the browser.</li>
<li>Spyware may come as part of a "free deal" offer - do not accept free deals.</li>
<li>Keep software and security patches up to date.</li>
</ul>
<p style="margin:0.14375em 0px 0.8625em;"><strong>How Do I Protect My Privacy?</strong></p>
<p style="margin:0.14375em 0px 0.8625em;">If you happen to run across any of these red flags, here are some tips to keep yourself safe and protect your privacy:</p>
<ul style="margin:1.4375em 0px;padding:0px 0px 0px 1.4em;">
<li>Never give out any personal information via email, social media platforms, text messages or instant messages.</li>
<li>If the call to action is to click on a link and sign into the site with your username and password, never click on the link. Instead, go to your web browser and type in the website’s URL. Be sure to look for the verified https:/ at the beginning of the URL in the task bar.</li>
<li>Never download a program or file from a suspicious email. These may contain programs such as spyware and keyloggers.</li>
</ul>
<p style="margin:0.14375em 0px 0.8625em;"><strong>How Can You Help?</strong></p>
<p style="margin:0.14375em 0px 0.8625em;">Please contact the Symantec Security Response team if:</p>
<ul style="margin:1.4375em 0px;padding:0px 0px 0px 1.4em;">
<li><a rel="nofollow" style="color: rgb(73, 82, 211); text-decoration: none;" href="https://submit.symantec.com/antifraud/false_positive.cgi">A legitimate web page has been misidentified as a known or suspected phishing site.</a></li>
<li><a rel="nofollow" style="color: rgb(73, 82, 211); text-decoration: none;" href="https://submit.symantec.com/antifraud/phish.cgi">A phishing site has not been properly identified.</a></li>
</ul>
<p style="margin:0.14375em 0px 0.8625em;">This is part 4 of a series of blogs for <a style="color: rgb(73, 82, 211); text-decoration: none;" rel="nofollow" href="http://www.dhs.gov/national-cyber-security-awareness-month-2014">National Cyber Security Awareness Month<span style="background-image: url(https://community.norton.com/sites/all/modules/contrib/extlink/extlink_s.png); width: 10px; height: 10px; padding-right: 12px; background-position: 2px 50%; background-repeat: no-repeat no-repeat;"><span style="clip:rect(1px 1px 1px 1px);overflow:hidden;height:1px;position:absolute;"> (link is external)</span></span></a>.</p>
<p style="margin:0.14375em 0px 0.8625em;">For more information on various topics, check out:<br><a style="color: rgb(73, 82, 211); text-decoration: none;" rel="nofollow" href="https://community.norton.com/blogs/norton-protection-blog/5-ways-you-didnt-know-you-could-get-virus-malware-or-your-social">5 Ways You Didn't Know You Could Get a Virus, Malware, or Your Social Account Hacked</a><br><a style="color: rgb(73, 82, 211); text-decoration: none;" rel="nofollow" href="https://community.norton.com/blogs/norton-protection-blog/how-choose-secure-password">How To Choose a Secure Password</a><br><a style="color: rgb(73, 82, 211); text-decoration: none;" rel="nofollow" href="https://community.norton.com/blogs/norton-protection-blog/how-avoid-identity-theft-online">How To Avoid Identity Theft Online</a><br><a rel="nofollow" style="color: rgb(73, 82, 211); text-decoration: none;" href="https://community.norton.com/blogs/norton-protection-blog/how-protect-yourself-cyberstalkers">How To Protect Yourself From Cyberstalkers</a></p>
</div>
</div>
</div>Anonymoushttp://www.blogger.com/profile/08298128264948784456noreply@blogger.comMelbourne Melbourne-37.748587 144.913346tag:blogger.com,1999:blog-6012758317847145877.post-46363002252854638392014-07-30T16:50:00.000+10:002014-07-30T16:50:49.105+10:00Avoid using Instagram on public Wi-Fi...<div class="separator" style="clear: both; text-align: center;">
<a href="http://cdn.slashgear.com/wp-content/uploads/2013/07/Instagram-logo2.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://cdn.slashgear.com/wp-content/uploads/2013/07/Instagram-logo2.jpg" height="208" width="320" /></a></div>
A configuration problem in Facebook's popular Instagram application for Apple devices could allow a hacker to hijack a person's account if they're both on the same public Wi-Fi network.<br />
<br />
Stevie Graham, who describes himself as a "hacker at large" based in London, wrote on Twitter that Facebook won't pay him a reward for reporting the flaw, which he said he found years ago.<br />
<br />
Graham wrote he hopes to draw more attention to the issue by writing a tool that could quickly compromise many Instagram accounts. He cheekily calls the tool "Instasheep," a play onFiresheep, a Firefox extension that can compromise online accounts in certain circumstances.<br />
<br />
"I think this attack is extremely severe because it allows full session hijack and is easily automated," according to Graham's technical writeup. "I could go to the Apple Store tomorrow and reap thousands of accounts in one day, and then use them to post spam."<br />
<br />
Graham's finding is a long-known configuration problem that has prompted many Web companies to fully encrypt all connections made with their servers. The transition to full encryption, signified by "https" in a browser URL bar and by the padlock symbol, can be technically challenging.<br />
<br />
Instagram's API (application programming interface) makes unencrypted requests to some parts of its network, Graham wrote. That poses an opportunity for a hacker who is on the same Wi-Fi network that doesn't use encryption or uses the outdated WEP encryption, which can be easily cracked.<br />
<br />
Some of those Instagram API calls transmit an unencrypted session cookie, or a data file that lets Instagram know a user is still logged in. By collecting the network traffic, known as a man-in-the-middle attack, the session cookie can be stolen and used by an attacker to gain control of the victim's account.<br />
<br />
Facebook officials didn't have an immediate comment, but Instagram's co-founder, Mike Krieger, wrote on Ycombinator's Hacker News feed that Instagram has been "steadily increasing" use of full encryption.<br />
<br />
Its "Instagram Direct" service, which allows photos to be shared with only small groups of people, is fully encrypted, he wrote. For more latency-sensitive endpoints, such as Instagram's main feed, the service is trying to make sure the transition to https doesn't affect performance, he wrote.<br />
<br />
"This is a project we're hoping to complete soon, and we'll share our experiences in our [engineering] blog so other companies can learn from it as well," Krieger wrote.<br />
<br />
Google offered full encryption as an option for Gmail in 2008, but two years later made it the default. Facebook switched it on by default in January 2011<br />
<br />
<b><i><span style="font-size: x-small;">Jeremy Kirk (IDG News Service) on 29 July, 2014 15:47</span></i></b><br />
<br />
<span style="font-size: xx-small;"><i><b>Source</b>: http://www.computerworld.com.au/article/551120/using_instagram_public_wi-fi_poses_risk_an_account_hijack_researcher_says</i></span><br />
<div>
<br /></div>
Anonymoushttp://www.blogger.com/profile/08298128264948784456noreply@blogger.comtag:blogger.com,1999:blog-6012758317847145877.post-64550663392511505452014-07-14T15:44:00.002+10:002014-07-14T15:45:46.927+10:00¿Qué tienen en común un phishing y una imagen?<span style="font-family: "Calibri","sans-serif";">Recientemente hemos
recibido en el Laboratorio de Investigación de ESET Latinoamérica un <a href="http://www.welivesecurity.com/la-es/tag/phishing-la/"><em>phishing</em></a> del banco
BBVA, al cual se accedía desde un correo en Perú. Aunque ya hemos visto casos
parecidos <a href="http://www.welivesecurity.com/la-es/2013/03/01/usuarios-banco-argentino-afectados-phishing/">en
Argentina</a>, <a href="http://www.welivesecurity.com/la-es/2014/06/11/phishing-casi-perfecto-conocido-banco-espanol/" target="_blank" title="Phishing “casi perfecto” de un conocido banco español - We Live Security">España</a>
y también <a href="http://www.welivesecurity.com/la-es/2013/04/12/phishing-banco-chileno-intenta-vulnerar-doble-autenticacion/">en
Chile</a>, este nos llamó la atención y procederemos a describirlo en detalle,
porque estaba compuesto<strong>
pura y exclusivamente por imágenes.</strong> Esto significa que no
contenía archivos de programación HTML ni PHP; no tenía trabajo de programación
<em>web</em> alguno,
sino que sólo eran imágenes.<o:p></o:p></span><br />
<span style="font-family: "Calibri","sans-serif";"><br /></span>
<span style="font-family: "Calibri","sans-serif";">Antes que nada, debemos
aclarar que<strong> no hay una
vulnerabilidad en el sitio oficial, </strong>solo es una réplica exacta
creada con imágenes y pequeños programas que se encargan de<strong> robar la información</strong>.
Aquí cabe destacar que estas entidades financieras y demás servicios de
Internet intentan acabar con estos sitios de estafas para proteger a los usuarios,
por lo que estas campañas exceden a las empresas.<o:p></o:p></span><br />
<span style="font-family: "Calibri","sans-serif";"><br /></span>
<span style="font-family: "Calibri","sans-serif";">Por eso, queremos
mostrarles <strong>el
funcionamiento de este tipo de estafas, </strong>para que desde sus
hogares puedan<strong>
detectarlas sin la necesidad de conocimiento técnico</strong>.<o:p></o:p></span><br />
<span style="font-family: "Calibri","sans-serif";">La trampa que hoy
analizamos estaba destinada a <strong>robar
información de usuarios y empresas.</strong> A continuación mostramos
una captura del correo que recibía la víctima:<o:p></o:p></span><br />
<span style="font-family: "Calibri","sans-serif";"><br /></span>
<span style="font-family: "Calibri","sans-serif";"><a href="http://www.welivesecurity.com/wp-content/uploads/2014/07/correo.jpg"><span style="text-decoration: none; text-underline: none;"><img alt="correo" border="0" class=" wp-image-47653 aligncenter" src="http://www.welivesecurity.com/wp-content/uploads/2014/07/correo-1024x409.jpg" height="159" id="_x0000_i1025" width="400" /></span></a>Buscando en el cuerpo
del mensaje llegamos a ese recuadro gris donde se encuentra el cursor, donde se
encuentra el botón para acceder al enlace malicioso (por algún motivo no
aparece el botón pero sí permite acceder al enlace).<o:p></o:p></span><br />
<span style="font-family: "Calibri","sans-serif";"><br /></span>
<span style="font-family: "Calibri","sans-serif";">Una vez que se accede a ese
sitio fraudulento, la víctima se encontrará con el siguiente portal:<o:p></o:p></span><br />
<span style="font-family: "Calibri","sans-serif";"><br /></span>
<span style="font-family: "Calibri","sans-serif";"><a href="http://www.welivesecurity.com/wp-content/uploads/2014/07/011.jpg"><span style="text-decoration: none; text-underline: none;"><img alt="01" border="0" class=" wp-image-47654 aligncenter" src="http://www.welivesecurity.com/wp-content/uploads/2014/07/011-1024x397.jpg" height="155" id="_x0000_i1026" width="400" /></span></a><br />
Al hacer clic en la solapa “Persona” y luego en el botón de color verde (botón
llamativo a la derecha), el portal invita a la víctima a ingresar con su<strong> número de tarjeta y su clave
personal</strong>. En la siguiente captura se aprecia el modo de
ingreso:<o:p></o:p></span><br />
<span style="font-family: "Calibri","sans-serif";"><br /></span>
<span style="font-family: "Calibri","sans-serif";"><a href="http://www.welivesecurity.com/wp-content/uploads/2014/07/031.jpg"><span style="text-decoration: none; text-underline: none;"><img alt="03" border="0" class=" wp-image-47655 aligncenter" src="http://www.welivesecurity.com/wp-content/uploads/2014/07/031-1024x450.jpg" height="175" id="_x0000_i1027" width="400" /></span></a><br />
Debemos destacar que <strong>se
podía acceder ingresando cualquier número de tarjeta y cualquier contraseña</strong>,
mientras que <strong>una
entidad oficial verifica </strong>el número de tarjeta y comprueba la
contraseña; también cabe remarcar que después de algunos intentos fallidos de
ingreso, el usuario es bloqueado. Un detalle que se puede apreciar en la primer
pestaña: <strong>la letra “V”
de la entidad está compuesta por barra y contra barra</strong> (\/),
formando una V.<o:p></o:p></span><br />
<span style="font-family: "Calibri","sans-serif";"><br /></span>
<span style="font-family: "Calibri","sans-serif";">Una vez dentro de la
supuesta cuenta, el sitio comenzará a solicitar información personal sensible,
aparte de la información bancaria, tal como se observa en la siguiente captura:<o:p></o:p></span><br />
<span style="font-family: "Calibri","sans-serif";"><br /></span>
<span style="font-family: "Calibri","sans-serif";"><a href="http://www.welivesecurity.com/wp-content/uploads/2014/07/051.jpg"><span style="text-decoration: none; text-underline: none;"><img alt="05" border="0" class=" wp-image-47656 aligncenter" src="http://www.welivesecurity.com/wp-content/uploads/2014/07/051.jpg" height="255" id="_x0000_i1028" width="400" /></span></a><br />
Como puede verse en el ejemplo, solicita número de documento o identificación,
teléfono móvil, ciudad, dirección y también fecha de caducidad. Pero algo
interesante para prestar atención<strong>,
es el código ATM de 4 dígitos que solicita, es decir que también pide la
contraseña para acceder desde un terminal (cajero automático)</strong>.<o:p></o:p></span><br />
<span style="font-family: "Calibri","sans-serif";"><br /></span>
<span style="font-family: "Calibri","sans-serif";">Una vez completados los
datos solicitados (en este caso con datos al azar), se procede a hacer clic en
el botón “Continuar”, para procesar el formulario.<o:p></o:p></span><br />
<span style="font-family: "Calibri","sans-serif";"><br /></span>
<span style="font-family: "Calibri","sans-serif";">Como si todo esto no
bastara, el sitio no posee SSL, por lo que no vemos “HTTPS” en la barra de
direcciones. Esto significa que al capturar la comunicación entre el equipo de
la víctima y el sitio en cuestión, se puede ver cómo <strong>toda la información viaja sin
cifrar:</strong><o:p></o:p></span><br />
<span style="font-family: "Calibri","sans-serif";"><strong><br /></strong></span>
<span style="font-family: "Calibri","sans-serif";"><a href="http://www.welivesecurity.com/wp-content/uploads/2014/07/11.jpg"><span style="text-decoration: none; text-underline: none;"><img alt="11" border="0" class=" wp-image-47657 aligncenter" src="http://www.welivesecurity.com/wp-content/uploads/2014/07/11-1024x454.jpg" height="177" id="_x0000_i1029" width="400" /></span></a><br />
Como habrán visto, es necesario tener todos estos detalles en cuenta, los cuales
bastarán para prevenir este tipo de fraudes sin tener conocimientos técnicos.<o:p></o:p></span><br />
<span style="font-family: "Calibri","sans-serif";"><br /></span>
<span style="font-family: "Calibri","sans-serif";">Desde el Laboratorio de
Investigación de ESET Latinoamérica les recomendamos ser precavidos con este
tipo de correos electrónicos, <a href="http://www.welivesecurity.com/la-es/2013/03/01/2011/04/01/descubriendo-enlaces-enganosos/">estos
enlaces suelen ser engañosos</a> y prácticas como pasar por encima de un menú
sin que cambie el cursor, sin poder acceder a estos, puede ser un gran indicio
de que <strong>se está
simplemente frente a una imitación de la imagen de un sitio bancario y no tiene
nada que ver con el sitio oficial</strong>.<o:p></o:p></span><br />
<span style="font-family: "Calibri","sans-serif";"><br /></span>
<span style="font-family: "Calibri","sans-serif";">A la hora de hacer
consultas u operaciones de <em>home
banking</em> recomendamos acceder al sitio oficial a través de sitios
seguros con HTTPS. Afortunadamente, en el transcurso del análisis, el sitio fue
dado de baja en el servidor donde estaba alojado, por lo cual <strong>ya no afectará a más víctimas.</strong>
Pero no queríamos pasarlo por alto, para que vean lo simple que es detectar una
estafa a tiempo.<o:p></o:p></span><br />
<span style="font-family: "Calibri","sans-serif";"><br /></span>
<br />
<address>
<span style="font-family: "Calibri","sans-serif"; mso-fareast-font-family: "Times New Roman";">Créditos imagen: <a href="https://www.flickr.com/photos/62904109@N00/388659524/in/photostream/" target="_blank" title="Flickr">©palindrome6996/Flickr</a><o:p></o:p></span></address>
<address>
</address>
<address>
Autor Ignacio Pérez, ESET</address>
Anonymoushttp://www.blogger.com/profile/08298128264948784456noreply@blogger.comtag:blogger.com,1999:blog-6012758317847145877.post-33130731157750171292014-07-14T15:38:00.000+10:002014-07-14T15:38:22.450+10:00Boleto Malware: dos nuevas variantes descubiertas<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.welivesecurity.com/wp-content/uploads/2014/07/boleto-623x428.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://www.welivesecurity.com/wp-content/uploads/2014/07/boleto-623x428.jpg" height="273" width="400" /></a></div>
<span style="font-family: "Calibri","sans-serif";">Hace pocos días se dio a
conocer la existencia de <a href="http://www.welivesecurity.com/la-es/2014/07/03/bolware-miles-de-millones-de-dolares-robados-en-nueva-estafa/" target="_blank" title="Bolware: miles de millones de dólares robados en nueva estafa - We Live Security"><strong>Bolware</strong> o <strong>Boleto Malware</strong>, un
fraude sofisticado en Brasil</a> que involucra un ataque <a href="http://www.welivesecurity.com/la-es/2014/07/11/man-in-the-browser-como-pueden-interceptar-navegador/" target="_blank" title="Man In The Browser: ¿cómo pueden interceptar tu navegador? - We Live Security">MITB
(Man In The Browser)</a>, <strong>atacando
transacciones en línea y modificándolas del lado del cliente</strong>.
Ahora se han descubierto <strong>dos
nuevas familias</strong> que apuntan al sistema de pago oficial <strong>Boleto Bancario</strong> de
Brasil.<o:p></o:p></span><br />
<span style="font-family: "Calibri","sans-serif";"><br /></span>
<span style="font-family: "Calibri","sans-serif";">La compañía RSA,
responsable del descubrimiento inicial, dijo que la sumatoria de las
transacciones ilícitas con esta técnica <a href="https://blogs.rsa.com/rsa-uncovers-boleto-fraud-ring-brazil/" target="_blank" title="02Jul 2014 RSA Uncovers Boleto Fraud Ring in Brazil - RSA">habían
logrado robar </a><strong><a href="https://blogs.rsa.com/rsa-uncovers-boleto-fraud-ring-brazil/" target="_blank" title="02Jul 2014 RSA Uncovers Boleto Fraud Ring in Brazil - RSA">3,75 mil
millones de dólares</a>,</strong> pero luego el sitio <a href="http://www.linhadefensiva.com/2014/07/lies-damn-lies-and-media-the-largest-cybercrime-heist-that-wasnt" target="_blank" title="Lies, damn lies and media: the largest cybercrime heist that wasn’t">Linha
Defensiva</a> argumentó que era un cálculo inexacto y algo <strong>exagerado. </strong>De
cualquier manera, la importancia del caso reside en que los Boletos representan
alrededor del<strong> 30% de
todas las transacciones de pago en línea en Brasil.</strong><o:p></o:p></span><br />
<span style="font-family: "Calibri","sans-serif";"><strong><br /></strong></span>
<span style="font-family: "Calibri","sans-serif";">El <em>malware</em> en cuestion le
permite al atacante<strong>
interceptar las transacciones</strong> utilizando este sistema alterando
información financiera que se ingresa en los sitios afectados. Una de las
nuevas variantes es capaz de modificar el <em>Document
Object Model</em> (DOM) en diferentes versiones de <strong>Internet Explorer,</strong>
lo que le permite cambiar los datos internos de los sitios afectados.<o:p></o:p></span><br />
<span style="font-family: "Calibri","sans-serif";"><br /></span>
<span style="font-family: "Calibri","sans-serif";">La otra descarga e instala
extensiones maliciosas en <strong>Firefox</strong>
y <strong>Chrome,</strong>
luego de lo cual escanea sitios en busca de números de Boletos Bancarios, para
alterarlos y sustituirlos por otros números predefinidos, y<strong> desviar fondos desde cuentas de
clientes hacia cuentas “mula”. </strong>Investigadores de <a href="http://securityintelligence.com/boleto-malware-two-new-variants-discovered/#.U8BBbBBEk1w" target="_blank" title="Boleto Malware: Two New Variants Discovered - Trusteer">Trusteer,
una compañía de IBM</a>, encontraron que aproximadamente<strong> una de cada 900 computadoras en
Brasil está infectada con alguna forma de Bolware, </strong>lo cual no
nos sorprende si tenemos en cuenta que <a href="http://www.welivesecurity.com/la-es/2014/06/24/por-que-cibercriminales-brasilenos-diferentes/" target="_blank" title="¿Por qué los cibercriminales brasileños son diferentes al resto? - We Live Security">Brasil
es el líder en la propagación de troyanos bancarios</a>.<o:p></o:p></span><br />
<span style="font-family: "Calibri","sans-serif";"><br /></span>
<span style="font-family: "Calibri","sans-serif";">En términos de seguridad,
el único consejo válido aquí es la prevención: si el malware no es identificado
en el dispositivo, todos los métodos de prevención posteriores como
autenticación pueden ser salteados por el atacante. Por lo tanto, no está de
más recordar la importancia contar con una solución de seguridad.<o:p></o:p></span><br />
<span style="font-family: "Calibri","sans-serif";"><br /></span>
<address>
<span style="font-family: "Calibri","sans-serif"; mso-fareast-font-family: "Times New Roman";">Créditos imagen: <a href="https://www.flickr.com/photos/pedrojconcha/4398839563/in/photostream/" target="_blank" title="Flickr">©Pedro J. Concha/Flickr</a><o:p></o:p></span></address>
<address>
<span style="font-family: "Calibri","sans-serif"; mso-fareast-font-family: "Times New Roman";"> <o:p></o:p></span></address>
<span style="font-family: "Calibri","sans-serif"; font-size: 12.0pt; mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: Calibri; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-latin;">El post <a href="http://www.welivesecurity.com/la-es/2014/07/11/boleto-malware-dos-nuevas-variantes-descubiertas/">Boleto
Malware: dos nuevas variantes descubiertas</a> aparece primero en <a href="http://www.welivesecurity.com/la-es">We Live Security en Español</a>.</span><br />
<span style="font-family: "Calibri","sans-serif"; font-size: 12.0pt; mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: Calibri; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-latin;"><br /></span>
<span style="background-color: white; color: #333333; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px;">Autor </span><a href="http://www.welivesecurity.com/la-es/author/spagnotta/" style="background-color: white; color: #0084b6; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px; margin: 0px; outline: none; padding: 0px; text-decoration: none;" target="_blank" title="">Sabrina Pagnotta</a><span style="background-color: white; color: #333333; font-family: Arial, sans-serif; font-size: 14px; line-height: 20px;">, ESET</span>Anonymoushttp://www.blogger.com/profile/08298128264948784456noreply@blogger.comtag:blogger.com,1999:blog-6012758317847145877.post-44639733656516366292014-06-06T11:16:00.000+10:002014-06-06T11:16:33.859+10:00Tip Of The Day! - Don't enter your username and password on any computer you don't control.<h3 style="color: #436184; font-family: 'Diavlo Light', Arial, Helvetica, sans-serif; font-size: 24px; font-weight: normal; line-height: 1.2em; margin: 10px 0px 0px; padding: 0px;">
<a href="http://www.robertdstrong.com/wp-content/uploads/2013/12/tip.gif" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://www.robertdstrong.com/wp-content/uploads/2013/12/tip.gif" height="200" width="186" /></a></h3>
<div>
<div style="color: #555555; font-family: Arial, Helvetica, sans-serif; line-height: 17.33333396911621px; padding: 0px 2px 10px;">
Using public computers will always carry the risk of exposing your personal data. "Public" computers — as in college library computers. </div>
<div style="color: #555555; font-family: Arial, Helvetica, sans-serif; line-height: 17.33333396911621px; padding: 0px 2px 10px;">
A Kentucky college student has been charged with identity theft and unlawful access to a computer for allegedly breaking into other students' email accounts at the University of the Cumberlands, and using the access and information to blackmail them. </div>
<div style="color: #555555; font-family: Arial, Helvetica, sans-serif; line-height: 17.33333396911621px; padding: 0px 2px 10px;">
He did this by allegedly placing spyware on computers at the college library to harvest the information he needed to access the email accounts. Then he threatened to divulge the contents of certain messages unless the students complied with his demands.</div>
<div style="color: #555555; font-size: 12px; line-height: 17.33333396911621px; padding: 0px 2px 10px;">
<span style="font-family: Courier New, Courier, monospace;">For more information: <a href="http://blogs.techrepublic.com.com/10things/?p=322" style="color: #a23096; text-decoration: none;" target="_blank">http://blogs.techrepublic.com.com/10things/?p=322</a></span></div>
</div>
<br />Anonymoushttp://www.blogger.com/profile/08298128264948784456noreply@blogger.comtag:blogger.com,1999:blog-6012758317847145877.post-45683384656978122802014-06-04T16:12:00.001+10:002014-06-04T16:14:37.176+10:00Tip Of The Day! - Change the combination on opened laptop locks.<h3 style="color: #436184; font-family: 'Diavlo Light', Arial, Helvetica, sans-serif; font-size: 24px; font-weight: normal; line-height: 1.2em; margin: 10px 0px 0px; padding: 0px;">
</h3>
<h3 style="color: #436184; font-family: 'Diavlo Light', Arial, Helvetica, sans-serif; font-size: 24px; font-weight: normal; line-height: 1.2em; margin: 10px 0px 0px; padding: 0px;">
<a href="http://www.robertdstrong.com/wp-content/uploads/2013/12/tip.gif" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://www.robertdstrong.com/wp-content/uploads/2013/12/tip.gif" height="200" width="186" /></a></h3>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; line-height: 17.33333396911621px;">When people have cables with combination locks for securing their laptops at their workstation, they always remember to turn the tumblers when they secure the laptop. But what happens when they unsecure the laptop? </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; line-height: 17.33333396911621px;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; line-height: 17.33333396911621px;">Many people won't turn the tumblers on the opened lock because it is much easier to lock the laptop later if the combination is already set. About half a dozen laptops in our office disappeared one day. </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; line-height: 17.33333396911621px;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; line-height: 17.33333396911621px;">The laptops were stolen by someone who came by when the laptops were not there and noted the combination. They came back later when the laptops were there and used the combination they had noted earlier.</span></div>
<span style="font-family: Arial, Helvetica, sans-serif; line-height: 17.33333396911621px;"><br /></span>
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">Source: http://www.sans.org/tip_of_the_day.php#72</span>Anonymoushttp://www.blogger.com/profile/08298128264948784456noreply@blogger.comtag:blogger.com,1999:blog-6012758317847145877.post-20328652339908014952014-06-03T15:54:00.000+10:002014-06-04T16:15:46.025+10:00Tip Of The Day! - Prevent USB Drives from Spreading Viruses<h3 style="color: #436184; font-family: 'Diavlo Light', Arial, Helvetica, sans-serif; font-size: 24px; font-weight: normal; line-height: 1.2em; margin: 10px 0px 0px; padding: 0px;">
</h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.robertdstrong.com/wp-content/uploads/2013/12/tip.gif" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://www.robertdstrong.com/wp-content/uploads/2013/12/tip.gif" height="200" width="187" /></a></div>
<div>
<span style="line-height: 1.2em;"><br /></span></div>
<div style="font-family: 'Diavlo Light', Arial, Helvetica, sans-serif; font-weight: normal; line-height: 1.2em; margin: 10px 0px 0px; padding: 0px;">
<span style="font-family: Verdana, sans-serif; line-height: 17.33333396911621px;">When you stick a thumb drive infected with a worm like Conficker/Downadup into a clean system, the normally handy AutoPlay feature launches the worm and spreads the infection. </span></div>
<div style="font-family: 'Diavlo Light', Arial, Helvetica, sans-serif; font-weight: normal; line-height: 1.2em; margin: 10px 0px 0px; padding: 0px;">
<span style="font-family: Verdana, sans-serif; line-height: 17.33333396911621px;">You can prevent this by flipping the master switch.</span><span style="color: #436184; font-family: Verdana, sans-serif; font-size: large; line-height: 17.33333396911621px;"> </span></div>
<span style="line-height: 17.33333396911621px;"><span style="font-family: Verdana, sans-serif;"><br /></span></span>
<span style="line-height: 17.33333396911621px;"><span style="font-family: Verdana, sans-serif;">Here's how:</span></span><br />
<ol>
<li style="margin: 0px; padding: 0px; text-align: justify;"><span style="font-family: Verdana, sans-serif;">Click on the "Start" button and pick "Run."</span></li>
<li style="margin: 0px; padding: 0px; text-align: justify;"><span style="font-family: Verdana, sans-serif;">Enter the text GPEDIT.MSC and press Enter. After a moment, the Group Policy editor window will open.</span></li>
<li style="margin: 0px; padding: 0px; text-align: justify;"><span style="font-family: Verdana, sans-serif;">In the left panel, double-click on "Computer Configuration."</span></li>
<li style="margin: 0px; padding: 0px; text-align: justify;"><span style="font-family: Verdana, sans-serif;">Double-click on "Administrative Templates."</span></li>
<li style="margin: 0px; padding: 0px; text-align: justify;"><span style="font-family: Verdana, sans-serif;">Double-click on "System."</span></li>
<li style="margin: 0px; padding: 0px; text-align: justify;"><span style="font-family: Verdana, sans-serif;">In the right panel near the bottom of the list, double-click on "Turn off autoplay."/</span></li>
<li style="margin: 0px; padding: 0px; text-align: justify;"><span style="font-family: Verdana, sans-serif;">The default setting is the "Not configured." Put a bullet in "Enabled."</span></li>
<li style="margin: 0px; padding: 0px; text-align: justify;"><span style="font-family: Verdana, sans-serif;">Make sure "Turn off Autoplay on:" is set to "All drives."</span></li>
<li style="margin: 0px; padding: 0px; text-align: justify;"><span style="font-family: Verdana, sans-serif;">Click on "Apply," and then "OK".</span></li>
<li style="margin: 0px; padding: 0px; text-align: justify;"><span style="font-family: Verdana, sans-serif;">Close the Group Policy editor window.</span></li>
</ol>
<div style="text-align: justify;">
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><b>Source</b>: http://www.sans.org/tip_of_the_day.php#1257</span></div>
Anonymoushttp://www.blogger.com/profile/08298128264948784456noreply@blogger.comtag:blogger.com,1999:blog-6012758317847145877.post-27256407145157612642013-10-26T13:57:00.001+11:002013-10-26T13:57:31.973+11:00Ransomware: Why This New Malware is So Dangerous and How to Protect Yourself<p dir="ltr"> </p>
<p dir="ltr">Published on October 25th, 2013  |  Written by: Chris Hoffman</p>
<p dir="ltr">Ransomware is a type of malware that tries to extort money from you. One of the nastiest examples, CryptoLocker, takes your files hostage and holds them for ransom, forcing you to pay hundreds of dollars to regain access.Most malware is no longer created by bored teenagers looking to cause some chaos. Much of the current malware is now produced by organized crime for profit and is becoming increasingly sophisticated.</p>
<p dir="ltr">How Ransomware Works</p>
<p dir="ltr">Not all ransomware is identical. The key thing that makes a piece of malware “ransomware” is that it attempts to extort a direct payment from you.Some ransomware may be disguised. It may function as “scareware,” displaying a pop-up that says something like “Your computer is infected, purchase this product to fix the infection” or “Your computer has been used to download illegal files, pay a fine to continue using your computer.”In other situations, ransomware may be more up-front. It may hook deep into your system, displaying a message saying that it will only go away when you pay money to the ransomware’s creators. This type of malware could be bypassed via malware removal tools or just by reinstalling Windows.Unfortunately, Ransomware is becoming more and more sophisticated. One of the latest examples, CryptoLocker, starts encrypting your personal files as soon as it gains access to your system, preventing access to the files without knowing the encryption key. CryptoLocker then displays a message informing you that your files have been locked with encryption and that you have just a few days to pay up. If you pay them $300, they’ll hand you the encryption key and you can recover your files. CryptoLocker helpfully walks you through choosing a payment method and, after paying, the criminals seem to actually give you a key that you can use to restore your files.You can never be sure that the criminals will keep their end of the deal, of course. It’s not a good idea to pay up when you’re extorted by criminals. On the other hand, businesses that lose their only copy of business-critical data may be tempted to take the risk — and it’s hard to blame them.</p>
<p dir="ltr">Protecting Your Files From Ransomware</p>
<p dir="ltr">This type of malware is another good example of why backups are essential. You should regularly back up files to an external hard drive or a remote file storage server. If all your copies of your files are on your computer, malware that infects your computer could encrypt them all and restrict access — or even delete them entirely.RELATED ARTICLEWhat Files Should You Backup On Your Windows PC?Everybody always tells you to make sure that you are backing up your PC, but what does that really mean? And what files do you actually need to backup? Today we'll walk you through the basics of backing up your PC, what you should back up, and why. [Read Article]When backing up files, be sure to back up your personal filesto a location where they can’t be written to or erased. For example, place them on a removable hard drive or upload them to a remote backup service like CrashPlan that would allow you to revert to previous versions of files. Don’t just store your backups on an internal hard drive or network share you have write access to. The ransomware could encrypt the files on your connected backup drive or on your network share if you have full write access.Frequent backups are also important. You wouldn’t want to lose a week’s worth of work because you only back up your files every week. This is part of the reason why automated back-up solutions are so convenient.If your files do become locked by ransomware and you don’t have the appropriate backups, you can try recovering them with ShadowExplorer. This tool accesses “Shadow Copies,” which Windows uses for System Restore — they will often contain some personal files.</p>
<p dir="ltr">How to Avoid Ransomware</p>
<p dir="ltr">RELATED ARTICLE10 Important Computer Security Practices You Should FollowAntivirus programs aren’t perfect — especially Microsoft Security Essentials. If you’re relying on your antivirus alone to protect you, you’re... [Read Article]Aside from using a proper backup strategy, you can avoid ransomware in the same way you avoid other forms of malware. CryptoLocker has been verified to arrive through email attachments, via the Java plug-in, and installed on computers that are part of the Zeus botnet.Use a good antivirus product that will attempt to stop ransomware in its tracks. Antivirus programs are never perfect and you could be infected even if you run one, but it’s an important layer of defense.Avoid running suspicious files. Ransomware can arrive in .exe files attached to emails, from illicit websites containing pirated software, or anywhere else that malware comes from. Be alert and exercise caution over the files you download and run.Keep your software updated. Using an old version of your web browser, operating system, or a browser plugin can allow malware in through open security holes. If you have Java installed, you should probably uninstall it.For more tips, read our list of important security practices you should be following.Ransomware — CryptoLocker in particular — is brutally efficient and smart. It just wants to get down to business and take your money. Holding your files hostage is an effective way to prevent removal by antivirus programs after it’s taken root, but CryptoLocker is much less scary if you have good backups.This sort of malware demonstrates the importance of backups as well as proper security practices. Unfortunately, CryptoLocker is probably a sign of things to come — it’s the kind of malware we’ll likely be seeing more of in the future.</p>
Anonymoushttp://www.blogger.com/profile/08298128264948784456noreply@blogger.comtag:blogger.com,1999:blog-6012758317847145877.post-33291337316047804532013-10-08T17:30:00.000+11:002013-10-08T17:30:01.935+11:00SB13-280: Vulnerability Summary for the Week of September 30, 2013<div class="separator" style="clear: both; text-align: center;">
<a href="http://cdn.macworld.com.au/wp-content/uploads/2012/10/Google-Chrome-Pwnium-hacker-macworld-australia.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="145" src="http://cdn.macworld.com.au/wp-content/uploads/2012/10/Google-Chrome-Pwnium-hacker-macworld-australia.jpg" width="200" /></a></div>
<div style="background: white; line-height: 19.2pt; margin-bottom: 14.4pt; margin-left: 0cm; margin-right: 0cm; margin-top: 14.4pt; text-align: justify; vertical-align: baseline;">
<!--[if gte vml 1]><v:shapetype
id="_x0000_t75" coordsize="21600,21600" o:spt="75" o:preferrelative="t"
path="m@4@5l@4@11@9@11@9@5xe" filled="f" stroked="f">
<v:stroke joinstyle="miter"/>
<v:formulas>
<v:f eqn="if lineDrawn pixelLineWidth 0"/>
<v:f eqn="sum @0 1 0"/>
<v:f eqn="sum 0 0 @1"/>
<v:f eqn="prod @2 1 2"/>
<v:f eqn="prod @3 21600 pixelWidth"/>
<v:f eqn="prod @3 21600 pixelHeight"/>
<v:f eqn="sum @0 0 1"/>
<v:f eqn="prod @6 1 2"/>
<v:f eqn="prod @7 21600 pixelWidth"/>
<v:f eqn="sum @8 21600 0"/>
<v:f eqn="prod @7 21600 pixelHeight"/>
<v:f eqn="sum @10 21600 0"/>
</v:formulas>
<v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
<o:lock v:ext="edit" aspectratio="t"/>
</v:shapetype><v:shape id="Picture_x0020_1" o:spid="_x0000_s1026" type="#_x0000_t75"
alt="chrome_patch" style='position:absolute;left:0;text-align:left;
margin-left:1.5pt;margin-top:14.4pt;width:121.15pt;height:71.4pt;z-index:1;
visibility:visible;mso-wrap-style:square;mso-wrap-distance-left:9pt;
mso-wrap-distance-top:0;mso-wrap-distance-right:9pt;
mso-wrap-distance-bottom:0;mso-position-horizontal:absolute;
mso-position-horizontal-relative:text;mso-position-vertical:absolute;
mso-position-vertical-relative:text'>
<v:imagedata src="file:///C:\Users\ALFRED~1\AppData\Local\Temp\msohtmlclip1\01\clip_image001.jpg"
o:title="chrome_patch"/>
<w:wrap type="square"/>
</v:shape><![endif]--><!--[if !vml]--><!--[endif]--><span style="color: #444444; font-family: "Calibri","sans-serif"; font-size: 10.0pt; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: Arial; mso-hansi-theme-font: minor-latin;">There are 20 fresh security patches in Google Chrome, including
fixes for a number of high-severity vulnerabilities. Google regularly pushes
out new versions of its browser every few weeks, and sometimes will only have a
handful of security fixes. </span><u><span style="background-position: initial initial; background-repeat: initial initial; color: red; font-family: Calibri, sans-serif; font-size: 10pt;">Chrome users should update their browsers as soon
as possible to protect against attacks using these vulnerabilities.</span></u><span style="background-position: initial initial; background-repeat: initial initial; color: #444444; font-family: Calibri, sans-serif; font-size: 10pt;"><o:p></o:p></span></div>
<div style="background-color: white; background-position: initial initial; background-repeat: initial initial; text-align: justify;">
<span style="color: #222222; font-family: "Calibri","sans-serif"; font-size: 10.0pt; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: Arial; mso-hansi-theme-font: minor-latin;">The vulnerabilities are based on the<span class="apple-converted-space"> </span><a href="http://cve.mitre.org/" target="_blank"><span style="color: #1155cc;">CVE</span></a><span class="apple-converted-space"> </span>vulnerability naming standard and are
organized according to severity, determined by the<span class="apple-converted-space"> </span><a href="http://nvd.nist.gov/cvss.cfm" target="_blank"><span style="color: #1155cc;">Common Vulnerability Scoring System</span></a><span class="apple-converted-space"> </span>(CVSS) standard. The division of high,
medium, and low severities correspond to the following scores:<o:p></o:p></span></div>
<div style="background-color: white; background-position: initial initial; background-repeat: initial initial; text-align: justify;">
<span style="color: #222222; font-family: "Calibri","sans-serif"; font-size: 10.0pt; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: Arial; mso-hansi-theme-font: minor-latin;"><br /></span></div>
<div style="background-color: white; background-position: initial initial; background-repeat: initial initial; margin-left: 44.65pt; text-align: justify; text-indent: -18pt;">
<!--[if !supportLists]--><span style="color: #444444; font-family: Symbol; font-size: 10.0pt; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol; mso-fareast-language: EN-US;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">
</span></span><!--[endif]--><b><span style="background-position: initial initial; background-repeat: initial initial; color: red; font-family: Calibri, sans-serif; font-size: 10pt;"><a href="https://mail.google.com/mail/ca/u/0/#14192a864ef63043_high"><span style="color: red; mso-bidi-font-weight: normal; text-decoration: none; text-underline: none;">High</span></a></span></b><span style="background-position: initial initial; background-repeat: initial initial; color: #444444; font-family: Calibri, sans-serif; font-size: 10pt;"> </span><span style="background-position: initial initial; background-repeat: initial initial; color: #444444; font-family: Calibri, sans-serif; font-size: 10pt;">- Vulnerabilities will be labeled High severity if they have a CVSS base
score of 7.0 - 10.0<o:p></o:p></span></div>
<div style="background-color: white; background-position: initial initial; background-repeat: initial initial; margin-left: 44.65pt; text-align: justify; text-indent: -18pt;">
<!--[if !supportLists]--><span style="color: #444444; font-family: Symbol; font-size: 10.0pt; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol; mso-fareast-language: EN-US;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">
</span></span><!--[endif]--><b><span style="background-position: initial initial; background-repeat: initial initial; color: #f79646; font-family: Calibri, sans-serif; font-size: 10pt;"><a href="https://mail.google.com/mail/ca/u/0/#14192a864ef63043_medium"><span style="color: #f79646; mso-bidi-font-weight: normal; mso-themecolor: accent6; text-decoration: none; text-underline: none;">Medium</span></a></span></b><span style="background-position: initial initial; background-repeat: initial initial; color: #444444; font-family: Calibri, sans-serif; font-size: 10pt;"> </span><span style="background-position: initial initial; background-repeat: initial initial; color: #444444; font-family: Calibri, sans-serif; font-size: 10pt;">- Vulnerabilities
will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9<o:p></o:p></span></div>
<div style="background-color: white; background-position: initial initial; background-repeat: initial initial; margin-left: 44.65pt; text-align: justify; text-indent: -18pt;">
<!--[if !supportLists]--><span style="color: #444444; font-family: Symbol; font-size: 10.0pt; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol; mso-fareast-language: EN-US;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">
</span></span><!--[endif]--><b><span style="background-position: initial initial; background-repeat: initial initial; color: #0070c0; font-family: Calibri, sans-serif; font-size: 10pt;"><a href="https://mail.google.com/mail/ca/u/0/#14192a864ef63043_low"><span style="color: #0070c0; mso-bidi-font-weight: normal; text-decoration: none; text-underline: none;">Low</span></a></span></b><span style="background-position: initial initial; background-repeat: initial initial; color: #444444; font-family: Calibri, sans-serif; font-size: 10pt;"> </span><span style="background-position: initial initial; background-repeat: initial initial; color: #444444; font-family: Calibri, sans-serif; font-size: 10pt;">- Vulnerabilities will be labeled
Low severity if they have a CVSS base score of 0.0 - 3.9<o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="background: white; color: #444444; font-size: 10.0pt; line-height: 115%; mso-bidi-font-family: Arial;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="background: white; color: #444444; font-size: 10.0pt; line-height: 115%; mso-bidi-font-family: Arial;">Here
is the list:</span><o:p></o:p></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="background: white; color: #444444; font-size: 10.0pt; line-height: 115%; mso-bidi-font-family: Arial;"><br /></span></div>
<div class="MsoNormal" style="background-color: white; background-position: initial initial; background-repeat: initial initial;">
<b><span style="background-position: initial initial; background-repeat: initial initial; color: red;">High Vulnerabilities<o:p></o:p></span></b></div>
<div align="center">
<table border="1" cellpadding="0" class="MsoNormalTable" style="background: white; mso-cellspacing: 1.5pt; mso-table-layout-alt: fixed; mso-yfti-tbllook: 1184;">
<tbody>
<tr>
<td style="padding: .75pt .75pt .75pt .75pt; width: 71.65pt;" width="96">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center; word-break: break-all;">
<b><span style="font-size: xx-small;"><span style="color: #222222;">Primary</span> <o:p></o:p></span></b></div>
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center; word-break: break-all;">
<b><span style="color: #222222;"><span style="font-size: xx-small;">Vendor --
Product<o:p></o:p></span></span></b></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 211.1pt;" width="281">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<b><span style="color: #222222;"><span style="font-size: xx-small;">Description<o:p></o:p></span></span></b></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 62.3pt;" width="83">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<b><span style="color: #222222;"><span style="font-size: xx-small;">Published<o:p></o:p></span></span></b></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 41.05pt;" width="55">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<b><span style="color: #222222;"><span style="font-size: xx-small;">CVSS Score<o:p></o:p></span></span></b></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 62.2pt;" width="83">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<b><span style="color: #222222;"><span style="font-size: xx-small;">Source & <o:p></o:p></span></span></b></div>
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<b><span style="color: #222222;"><span style="font-size: xx-small;">Patch Info</span><span style="font-size: x-small;"><o:p></o:p></span></span></b></div>
</td>
</tr>
<tr>
<td style="padding: .75pt .75pt .75pt .75pt; width: 71.65pt;" width="96">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center; word-break: break-all;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">google -- chrome<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 211.1pt;" width="281">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Use-after-free vulnerability in Blink, as used in Google Chrome before
30.0.1599.66, allows remote attackers to cause a denial of service or
possibly have unspecified other impact via vectors related to inline-block
rendering for bidirectional Unicode text in an element isolated from its
siblings.<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 62.3pt;" width="83">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">2013-10-02<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 41.05pt;" width="55">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2013-2909&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank"><span style="color: #1155cc;">7.5</span></a><o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 62.2pt;" width="83">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2909" target="_blank"><span style="color: #1155cc;">CVE-2013-2909</span></a><o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="padding: .75pt .75pt .75pt .75pt; width: 71.65pt;" width="96">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center; word-break: break-all;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">google -- chrome<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 211.1pt;" width="281">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Use-after-free vulnerability in
modules/webaudio/AudioScheduledSourceNode.cpp in the Web Audio implementation
in Blink, as used in Google Chrome before 30.0.1599.66, allows remote
attackers to cause a denial of service or possibly have unspecified other
impact via unknown vectors.<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 62.3pt;" width="83">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">2013-10-02<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 41.05pt;" width="55">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2013-2910&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank"><span style="color: #1155cc;">7.5</span></a><o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 62.2pt;" width="83">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2910" target="_blank"><span style="color: #1155cc;">CVE-2013-2910</span></a><o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="padding: .75pt .75pt .75pt .75pt; width: 71.65pt;" width="96">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center; word-break: break-all;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">google -- chrome<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 211.1pt;" width="281">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Use-after-free vulnerability in the PepperInProcessRouter::SendToHost
function in content/renderer/pepper/pepper_in_process_router.cc in the Pepper
Plug-in API (PPAPI) in Google Chrome before 30.0.1599.66 allows remote
attackers to cause a denial of service or possibly have unspecified other
impact via vectors involving a resource-destruction message.<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 62.3pt;" width="83">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">2013-10-02<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 41.05pt;" width="55">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2013-2912&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank"><span style="color: #1155cc;">7.5</span></a><o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 62.2pt;" width="83">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2912" target="_blank"><span style="color: #1155cc;">CVE-2013-2912</span></a><o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="padding: .75pt .75pt .75pt .75pt; width: 71.65pt;" width="96">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center; word-break: break-all;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">google -- chrome<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 211.1pt;" width="281">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Use-after-free vulnerability in the
RenderBlock::collapseAnonymousBlockChild function in
core/rendering/RenderBlock.cpp in the DOM implementation in Blink, as used in
Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial
of service or possibly have unspecified other impact by leveraging incorrect
handling of parent-child relationships for anonymous blocks.<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 62.3pt;" width="83">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">2013-10-02<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 41.05pt;" width="55">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2013-2918&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank"><span style="color: #1155cc;">7.5</span></a><o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 62.2pt;" width="83">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2918" target="_blank"><span style="color: #1155cc;">CVE-2013-2918</span></a><o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="padding: .75pt .75pt .75pt .75pt; width: 71.65pt;" width="96">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center; word-break: break-all;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">google -- chrome<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 211.1pt;" width="281">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Google V8, as used in Google Chrome before 30.0.1599.66, allows remote
attackers to cause a denial of service (memory corruption) or possibly have
unspecified other impact via unknown vectors.<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 62.3pt;" width="83">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">2013-10-02<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 41.05pt;" width="55">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2013-2919&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank"><span style="color: #1155cc;">7.5</span></a><o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 62.2pt;" width="83">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2919" target="_blank"><span style="color: #1155cc;">CVE-2013-2919</span></a><o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="padding: .75pt .75pt .75pt .75pt; width: 71.65pt;" width="96">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center; word-break: break-all;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">google -- chrome<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 211.1pt;" width="281">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.66
allow attackers to cause a denial of service or possibly have other impact
via unknown vectors.<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 62.3pt;" width="83">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">2013-10-02<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 41.05pt;" width="55">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2013-2923&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank"><span style="color: #1155cc;">7.5</span></a><o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 62.2pt;" width="83">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2923" target="_blank"><span style="color: #1155cc;">CVE-2013-2923</span></a><o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="padding: .75pt .75pt .75pt .75pt; width: 71.65pt;" width="96">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center; word-break: break-all;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">google -- chrome<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 211.1pt;" width="281">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Use-after-free vulnerability in International Components for Unicode
(ICU), as used in Google Chrome before 30.0.1599.66 and other products,
allows remote attackers to cause a denial of service or possibly have
unspecified other impact via unknown vectors.<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 62.3pt;" width="83">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">2013-10-02<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 41.05pt;" width="55">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2013-2924&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P)" target="_blank"><span style="color: #1155cc;">7.5</span></a><o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 62.2pt;" width="83">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2924" target="_blank"><span style="color: #1155cc;">CVE-2013-2924</span></a><o:p></o:p></span></div>
</td>
</tr>
</tbody></table>
</div>
<div class="MsoNormal" style="background: white; line-height: 15.6pt; margin-bottom: .0001pt; margin-bottom: 0cm; margin-left: 0cm; margin-right: 5.75pt; margin-top: 0cm; vertical-align: baseline;">
<br /></div>
<div class="MsoNormal" style="background-color: white; background-position: initial initial; background-repeat: initial initial;">
<b><span style="background-position: initial initial; background-repeat: initial initial; color: #f79646; font-size: 10pt;">Medium Vulnerabilities<o:p></o:p></span></b></div>
<div align="center">
<table border="1" cellpadding="0" class="MsoNormalTable" style="background: white; mso-cellspacing: 1.5pt; mso-yfti-tbllook: 1184; width: 100%px;">
<tbody>
<tr>
<td style="padding: .75pt .75pt .75pt .75pt; width: 15.66%;" width="15%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt; word-break: break-all;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">google -- chrome<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 46.18%;" width="46%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Multiple
race conditions in the Web Audio implementation in Blink, as used in Google
Chrome before 30.0.1599.66, allow remote attackers to cause a denial of
service or possibly have unspecified other impact via vectors related to
threading in core/html/HTMLMediaElement.cpp,
core/platform/audio/AudioDSPKernelProcessor.cpp,
core/platform/audio/HRTFElevation.cpp, and modules/webaudio/ConvolverNode.cpp.<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 13.62%;" width="13%">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">2013-10-02<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 8.98%;" width="8%">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2013-2906&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank"><span style="color: #1155cc;">6.8</span></a><o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 13.6%;" width="13%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2906" target="_blank"><span style="color: #1155cc;">CVE-2013-2906</span></a><o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="padding: .75pt .75pt .75pt .75pt; width: 15.66%;" width="15%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt; word-break: break-all;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">google -- chrome<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 46.18%;" width="46%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">The
Window.prototype object implementation in Google Chrome before 30.0.1599.66
allows remote attackers to cause a denial of service (out-of-bounds read) via
unspecified vectors.<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 13.62%;" width="13%">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">2013-10-02<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 8.98%;" width="8%">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2013-2907&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)" target="_blank"><span style="color: #1155cc;">5.0</span></a><o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 13.6%;" width="13%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2907" target="_blank"><span style="color: #1155cc;">CVE-2013-2907</span></a><o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="padding: .75pt .75pt .75pt .75pt; width: 15.66%;" width="15%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt; word-break: break-all;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">google -- chrome<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 46.18%;" width="46%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Google
Chrome before 30.0.1599.66 uses incorrect function calls to determine the
values of NavigationEntry objects, which allows remote attackers to spoof the
address bar via vectors involving a response with a 204 (aka No Content)
status code.<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 13.62%;" width="13%">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">2013-10-02<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 8.98%;" width="8%">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2013-2908&vector=(AV:N/AC:L/Au:N/C:N/I:P/A:N)" target="_blank"><span style="color: #1155cc;">5.0</span></a><o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 13.6%;" width="13%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2908" target="_blank"><span style="color: #1155cc;">CVE-2013-2908</span></a><o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="padding: .75pt .75pt .75pt .75pt; width: 15.66%;" width="15%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt; word-break: break-all;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">google -- chrome<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 46.18%;" width="46%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Use-after-free
vulnerability in the XSLStyleSheet::compileStyleSheet function in
core/xml/XSLStyleSheetLibxslt.cpp in Blink, as used in Google Chrome before
30.0.1599.66, allows remote attackers to cause a denial of service or
possibly have unspecified other impact by leveraging improper handling of
post-failure recompilation in unspecified libxslt versions.<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 13.62%;" width="13%">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">2013-10-02<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 8.98%;" width="8%">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2013-2911&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank"><span style="color: #1155cc;">6.8</span></a><o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 13.6%;" width="13%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2911" target="_blank"><span style="color: #1155cc;">CVE-2013-2911</span></a><o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="padding: .75pt .75pt .75pt .75pt; width: 15.66%;" width="15%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt; word-break: break-all;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">google -- chrome<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 46.18%;" width="46%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Use-after-free
vulnerability in the XMLDocumentParser::append function in
core/xml/parser/XMLDocumentParser.cpp in Blink, as used in Google Chrome before
30.0.1599.66, allows remote attackers to cause a denial of service or
possibly have unspecified other impact via vectors involving an XML document.<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 13.62%;" width="13%">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">2013-10-02<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 8.98%;" width="8%">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2013-2913&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank"><span style="color: #1155cc;">6.8</span></a><o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 13.6%;" width="13%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2913" target="_blank"><span style="color: #1155cc;">CVE-2013-2913</span></a><o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="padding: .75pt .75pt .75pt .75pt; width: 15.66%;" width="15%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt; word-break: break-all;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">google -- chrome<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 46.18%;" width="46%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Use-after-free
vulnerability in the color-chooser dialog in Google Chrome before
30.0.1599.66 on Windows allows remote attackers to cause a denial of service
or possibly have unspecified other impact via vectors related to
color_chooser_dialog.cc and color_chooser_win.cc in browser/ui/views/.<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 13.62%;" width="13%">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">2013-10-02<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 8.98%;" width="8%">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2013-2914&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank"><span style="color: #1155cc;">6.8</span></a><o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 13.6%;" width="13%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2914" target="_blank"><span style="color: #1155cc;">CVE-2013-2914</span></a><o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="padding: .75pt .75pt .75pt .75pt; width: 15.66%;" width="15%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt; word-break: break-all;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">google -- chrome<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 46.18%;" width="46%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Google
Chrome before 30.0.1599.66 preserves pending NavigationEntry objects in
certain invalid circumstances, which allows remote attackers to spoof the
address bar via a URL with a malformed scheme, as demonstrated by a
nonexistent:12121 URL.<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 13.62%;" width="13%">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">2013-10-02<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 8.98%;" width="8%">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2013-2915&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank"><span style="color: #1155cc;">4.3</span></a><o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 13.6%;" width="13%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2915" target="_blank"><span style="color: #1155cc;">CVE-2013-2915</span></a><o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="padding: .75pt .75pt .75pt .75pt; width: 15.66%;" width="15%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt; word-break: break-all;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">google -- chrome<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 46.18%;" width="46%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Blink,
as used in Google Chrome before 30.0.1599.66, allows remote attackers to
spoof the address bar via vectors involving a response with a 204 (aka No
Content) status code, in conjunction with a delay in notifying the user of an
attempted spoof.<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 13.62%;" width="13%">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">2013-10-02<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 8.98%;" width="8%">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2013-2916&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N)" target="_blank"><span style="color: #1155cc;">4.3</span></a><o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 13.6%;" width="13%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2916" target="_blank"><span style="color: #1155cc;">CVE-2013-2916</span></a><o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="padding: .75pt .75pt .75pt .75pt; width: 15.66%;" width="15%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt; word-break: break-all;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">google -- chrome<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 46.18%;" width="46%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">The
ReverbConvolverStage::ReverbConvolverStage function in
core/platform/audio/ReverbConvolverStage.cpp in the Web Audio implementation
in Blink, as used in Google Chrome before 30.0.1599.66, allows remote
attackers to cause a denial of service (out-of-bounds read) via vectors
related to the impulseResponse array.<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 13.62%;" width="13%">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">2013-10-02<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 8.98%;" width="8%">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2013-2917&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)" target="_blank"><span style="color: #1155cc;">5.0</span></a><o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 13.6%;" width="13%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2917" target="_blank"><span style="color: #1155cc;">CVE-2013-2917</span></a><o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="padding: .75pt .75pt .75pt .75pt; width: 15.66%;" width="15%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt; word-break: break-all;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">google -- chrome<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 46.18%;" width="46%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">The
DoResolveRelativeHost function in url/url_canon_relative.cc in Google Chrome
before 30.0.1599.66 allows remote attackers to cause a denial of service
(out-of-bounds read) via a relative URL containing a hostname, as
demonstrated by a protocol-relative URL beginning with a //<a href="http://www.google.com/" target="_blank"><span style="color: #1155cc;">www.google.com/</span></a>substring.<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 13.62%;" width="13%">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">2013-10-02<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 8.98%;" width="8%">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2013-2920&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P)" target="_blank"><span style="color: #1155cc;">5.0</span></a><o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 13.6%;" width="13%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2920" target="_blank"><span style="color: #1155cc;">CVE-2013-2920</span></a><o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="padding: .75pt .75pt .75pt .75pt; width: 15.66%;" width="15%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt; word-break: break-all;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">google -- chrome<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 46.18%;" width="46%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Double
free vulnerability in the ResourceFetcher::didLoadResource function in
core/fetch/ResourceFetcher.cpp in the resource loader in Blink, as used in Google
Chrome before 30.0.1599.66, allows remote attackers to cause a denial of
service or possibly have unspecified other impact by triggering certain
callback processing during the reporting of a resource entry.<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 13.62%;" width="13%">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">2013-10-02<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 8.98%;" width="8%">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2013-2921&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank"><span style="color: #1155cc;">6.8</span></a><o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 13.6%;" width="13%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2921" target="_blank"><span style="color: #1155cc;">CVE-2013-2921</span></a><o:p></o:p></span></div>
</td>
</tr>
<tr>
<td style="padding: .75pt .75pt .75pt .75pt; width: 15.66%;" width="15%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt; word-break: break-all;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">google -- chrome<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 46.18%;" width="46%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">Use-after-free
vulnerability in core/html/HTMLTemplateElement.cpp in Blink, as used in
Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial
of service or possibly have unspecified other impact via crafted JavaScript
code that operates on a TEMPLATE element.<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 13.62%;" width="13%">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;">2013-10-02<o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 8.98%;" width="8%">
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2013-2922&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P)" target="_blank"><span style="color: #1155cc;">6.8</span></a><o:p></o:p></span></div>
</td>
<td style="padding: .75pt .75pt .75pt .75pt; width: 13.6%;" width="13%">
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #222222; font-size: 9.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-AU;"><a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2922" target="_blank"><span style="color: #1155cc;">CVE-2013-2922</span></a><o:p></o:p></span></div>
</td>
</tr>
</tbody></table>
</div>
<div class="MsoNormal" style="background: white; line-height: 15.6pt; margin-bottom: .0001pt; margin-bottom: 0cm; margin-left: 0cm; margin-right: 5.75pt; margin-top: 0cm; vertical-align: baseline;">
<br /></div>
<div class="MsoNormal" style="background: white; line-height: 15.6pt; margin-bottom: .0001pt; margin-bottom: 0cm; margin-left: 0cm; margin-right: 5.75pt; margin-top: 0cm; vertical-align: baseline;">
<br /></div>
<br />
<div class="MsoNormal" style="background: white; line-height: 15.6pt; margin-bottom: .0001pt; margin-bottom: 0cm; margin-left: 0cm; margin-right: 5.75pt; margin-top: 0cm; vertical-align: baseline;">
<br /></div>
Anonymoushttp://www.blogger.com/profile/08298128264948784456noreply@blogger.comtag:blogger.com,1999:blog-6012758317847145877.post-2861069267050129842013-07-27T16:16:00.001+10:002013-07-27T16:19:09.145+10:00¿Podemos fiarnos de TrueCrypt?<p dir="ltr">Nadie discute que hoy día el estándar de facto para cifrar discos duros / datos en un HD es TrueCrypt.</p>
<p dir="ltr">Funciona bien, es un software muy estable, y está disponible para múltiples plataformas.</p>
<p dir="ltr">Pero ¿Nos podemos fiar de TrueCrypt? ¿Es realmente un software libre de toda sospecha? ¿Podría ser un 'honeypot' de la CIA?</p>
<p dir="ltr">Hace tiempo encontré un post en el que se apuntaban ciertas partes oscuras con respecto a TrueCrypt y sobre quién está tras el proyecto. Todo lo que se expone es muy 'conspiranoico' pero es cierto que proyecta sombras sobre el proyecto. No obstante, después de Stuxnet, Flame y amigos, la capacidad de asombro y de negación ha quedado muy mermada.</p>
<p dir="ltr">El artículo original plantea las siguientes cuestiones (mis comentarios personales sin negrita):</p>
<p dir="ltr">El dominio truecrypt.org se registró con una dirección falsa, en concreto 'NAVAS Station, Antarctica'. Esto, per se, a mi no me parece nada sospechoso, mucha gente lo hace.</p>
<p dir="ltr">Nadie sabe quienes son los desarrolladores de TrueCrypt (su identidad, se desconoce). Esto SI me parece algo a tener muy en cuenta, me parece genial que en ciertos foros donde se liberan herramientas más 'ofensivas', estas herramientas sean firmadas por pseudos o nicks, pero todo lo que tenga que ver con criptografía debe ser totalmente transparente.</p>
<p dir="ltr">Los creadores de TrueCrypt trabajan gratis. Aseveración un poco discutible en mi opinión. Mucha gente trabaja 'gratis' en proyectos opensource, escribe blogs, etc etc.</p>
<p dir="ltr">Compilar TrueCrypt es complicado. Lo que apuntan en el post original es que, la mejor forma de incentivar la descarga de binarios pre-compilados por el equipo de TrueCrypt es hacer complicada la compilación del software. Tiene lógica<br>
La licencia de TrueCrypt no es realmente OpenSource. Bueno, tampoco indica nada en especial, es cierto que TrueCrypt ha sido rechazado de muchas distribuciones Linux (en el post citan a Fedora), pero eso no lo tiene porque hacer necesariamente sospechoso<br>
El código de TrueCrypt nunca ha sido auditado. El autor del post se queja de que nadie ha publicado un estudio sobre el código de TrueCrypt, en parte tiene razón, pero resulta muy aventurado decir que nadie lo ha hecho. Lo que si está claro es que si alguien realiza esa auditoría y encuentra algo, es su pasaporte a la fama. Cuesta creer que nadie haya puesto sus ojos en el tema.</p>
<p dir="ltr">Existe censura en los foros de TrueCrypt. Parece que en los foros de TrueCrypt no se puede hablar de otras soluciones de cifrado ni de herramientas para atacar a TrueCrypt.</p>
<p dir="ltr">No seré yo quien desacredite un producto como TrueCrypt que tantas alabanzas ha cosechado, pero del post original, tengo que decir que hay varios puntos que sí me preocupan bastante.</p>
<p dir="ltr">Lo de la identidad desconocida es bastante grave, ¿usarías un algoritmo de cifrado del que desconozcas su autoría? probablemente no, como decía más arriba, criptografía = transparencia como axioma</p>
<p dir="ltr">Respecto a introducir un backdoor en el software, es técnicamente posible, y voy mas allá: de estar ahí, puede ser REALMENTE complicado encontrarlo. Y si no, que se lo digan a Theo</p>
<p dir="ltr">Que cada cual saque sus propias conclusiones.</p>
<p dir="ltr">Source:<br>
http://t.co/0CR23MDubN</p>
Anonymoushttp://www.blogger.com/profile/08298128264948784456noreply@blogger.comtag:blogger.com,1999:blog-6012758317847145877.post-91784098708153170962012-07-11T10:37:00.001+10:002012-07-11T10:37:34.733+10:00OFFTOPIC: DC SHOES: KEN BLOCK'S GYMKHANA FIVE: ULTIMATE URBAN PLAYGROUND; SAN FRAN...<iframe allowfullscreen="" frameborder="0" height="270" src="http://www.youtube.com/embed/LuDN2bCIyus?fs=1" width="480"></iframe>Anonymoushttp://www.blogger.com/profile/08298128264948784456noreply@blogger.comtag:blogger.com,1999:blog-6012758317847145877.post-2749502038298747122012-03-22T07:30:00.000+11:002012-03-22T07:30:00.450+11:00Did you know that tagcloud.swf allows CrossSite Scripting?<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.roytanck.com/wp-content/uploads/2008/03/wp-cumulus.gif" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="200" src="http://www.roytanck.com/wp-content/uploads/2008/03/wp-cumulus.gif" width="200" /></a></div>
<div style="text-align: justify;">
<span name="Document"><span class="fixed">I would like to warn you about security vulnerabilities in plugin WP-Cumulus for
WordPress.
These are Full path disclosure and Cross-Site Scripting vulnerabilities.
Which is a </span></span>web-application vulnerabilities which
allow attackers to bypass client-side security mechanisms normally
imposed on web content by modern <a href="http://en.wikipedia.org/wiki/Web_browser" title="Web browser">web browsers</a>.
By finding ways of injecting malicious scripts into web pages, an
attacker can gain elevated access-privileges to sensitive page content,
session cookies, and a variety of other information maintained by the
browser on behalf of the user. <br /><span name="Document"><span class="fixed">
<br /><u><b>Full path disclosure:
</b></u><br />
<br />http://site/wp-content/plugins/wp-cumulus/wp-cumulus.php
<br />
<br /><b><u>XSS:
</u></b><br />
<span style="font-family: Verdana,sans-serif; font-size: small;"><br />http://site/wp-content/plugins/wp-cumulus/tagcloud.<br />swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href='javascript:<br />alert(document.cookie)'+style='font-size:<br />+40pt'%3EClick%20me%3C/a%3E%3C/tags%3E
<br /><br />Code will execute after click. It's strictly social XSS.
</span><span style="font-family: Verdana,sans-serif;">
</span><span style="font-family: Verdana,sans-serif; font-size: small;">There are a lot of vulnerable tagcloud.swf file in Internet (according to Google): </span></span></span></div>
<div style="text-align: justify;">
<span name="Document"><span class="fixed"><span style="font-family: Verdana,sans-serif; font-size: small;"><br /></span></span></span></div>
<div style="text-align: justify;">
<span name="Document"><span class="fixed"><span style="font-family: Verdana,sans-serif; font-size: small;">http://www.google.com.au/search?q=filetype:swf+inurl:tagcloud.swf</span></span></span></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span name="Document"><span class="fixed"><span style="font-family: Verdana,sans-serif; font-size: small;">So to all flash developers, I recommend you to attend to security of their flash files. And for the owners of sites, with vulnerables flashes like tagcloud.swf, fix them or turn over to your development team to fix it.</span></span></span><code> </code></div>
<div style="text-align: justify;">
<code> </code></div>
<div style="text-align: justify;">
<code></code><span name="Document"><span class="fixed"><span style="font-family: Verdana,sans-serif; font-size: small;">Kind Regards,</span></span></span></div>
<div style="text-align: justify;">
<code> </code></div>
<pre><code>Alfredo Cedeno</code></pre>
<pre><code>IT Security Analyst & Advisor
http://ajcborges.blogspot.com </code></pre>Anonymoushttp://www.blogger.com/profile/08298128264948784456noreply@blogger.comPort Melbourne VIC, Australia-37.836926 144.94455-37.8620065 144.905068 -37.8118455 144.98403199999998tag:blogger.com,1999:blog-6012758317847145877.post-67143985658876252072012-03-21T07:30:00.000+11:002012-03-21T07:30:01.217+11:00Phishing gang steals victim's life savings of $1.6M<b><span style="font-size: xx-small;"><span class="byline">By
<a href="http://www.zdnet.co.uk/member-profile/2000331828/" rel="author"><span> Tom Espiner</span></a>,
ZDNet UK, <a href="http://www.zdnet.co.uk/2012/03/15/"><span>15 March, 2012 16:09</span></a></span></span></b><br />
<br />
<a href="http://www.zdnet.co.uk/i/z5/illo/nw/story_graphics/11sept/police-policeman-back-300.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="http://www.zdnet.co.uk/i/z5/illo/nw/story_graphics/11sept/police-policeman-back-300.jpg" /></a>The 12 men and two women were <a href="http://www.zdnet.co.uk/blogs/security-bullet-in-10000166/police-swoop-on-1m-uk-phishing-suspects-10025635/" target="" title="">detained on Thursday morning</a>
in raids in London and the West Midlands. More arrests may follow in
the coming days, according to Metropolitan Police Central eCrime Unit
(PCeU) head <a href="http://www.zdnet.co.uk/news/security-threats/2011/09/30/police-take-down-illegal-drug-websites-40094075/">Charlie McMurdie</a>.<br />
<br />
<br />
"These were dawn raids," McMurdie told ZDNet UK. "Enquiries are still ongoing regarding potential further arrests."<br />
<br />
The <a href="http://www.zdnet.co.uk/news/security-threats/2012/01/16/facebook-scammers-go-phishing-in-chat-sessions-40094822/">phishing</a>
gang sent out unsolicited emails with links to a fake banking website.
It used a series of bank accounts assigned to individual 'money mules'
to launder £1m siphoned from the life-savings account of one woman who
had divulged her details. The cash was transferred via the internet, the
Metropolitan Police said in a statement.<br />
<br />
"The stolen money was spent over a three-day period, after suspects
embarked on a spending spree during the Christmas sales," the Met said.
"The victim, a UK citizen currently living abroad after relocating to
care for an ill relative, saw her savings disappear overnight after her
bank account details were illegally obtained and unauthorised access to
the account was gained."<br />
<br />
The suspected 'money mule' launderers received between £9,000 and
£75,000 each from the account. All of the 14 suspects were in custody at
the time of writing, according to the Met.<br />
<br />
Around 150 police officers were involved in the operation. They included
members of the PCeU, 50 special constables, and police from <a href="http://www.zdnet.co.uk/news/security/2012/02/09/police-set-to-launch-three-30m-e-crime-hubs-40095008/">three regional e-crime hubs</a> in the East Midlands, York and Humber, and the North West.<br />
<br />
"We wanted to make the best use of resources in relation to where the suspects were located," McMurdie said.<br />
<br />
The
police said the "sophisticated" phishing operation highlighted the need
for people to take care when doing banking online, warning the public
not to click on links in unsolicited emails.<br />
<br />
<br />
"This is an example of how cybercrime creates real victims
through the indiscriminate actions of the criminals involved," Detective
Inspector Stewart Garrick said in the PCeU's statement.<br />
<br />
<b><span style="font-size: x-small;"><span class="copyright" rel="item-license license"><em>Article Source.</em></span></span></b><br />
<span style="font-size: x-small;"><span class="copyright" rel="item-license license"><em>Dawn raids net 14 suspects in £1m phishing thef </em></span></span><br />
<span style="font-size: x-small;"><span class="copyright" rel="item-license license"><em>Security Threats | ZDNet UK http://goo.gl/MYzKu</em></span></span>Anonymoushttp://www.blogger.com/profile/08298128264948784456noreply@blogger.com0Port Melbourne VIC, Australia-37.836926 144.94455-37.862013999999995 144.905068 -37.811838 144.98403199999998tag:blogger.com,1999:blog-6012758317847145877.post-88431250246446385132012-02-15T07:30:00.000+11:002012-02-15T07:30:01.095+11:00Identify a Phishing Message in Five Steps<div style="font-family: Verdana,sans-serif; text-align: justify;">
<span style="font-size: xx-small;"><strong>From IT Business Edge</strong></span><span style="font-size: small;"><span style="font-size: xx-small;"> </span></span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://img.itbe.com/itd/inline/94615.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="169" src="http://img.itbe.com/itd/inline/94615.jpg" width="200" /></a></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<span style="font-size: small;">Spear phishing, a type of email spoof, targets individuals or
departments within organizations and attempts to elicits a desired
action that could install malware, compromise login names and passwords
and steal data. Use Paul Mah's simple checklist to spot potential
phishing messages.</span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<span style="font-size: small;">From the network breach at RSA to theft of intellectual property in
Operation Aurora, it is no secret that some of the most visible hacking
involves the use of spear phishing. A targeted form of phishing that is
custom-made for a specific organization, a spear phishing email message
seeks to elicit a desired action that could result in a Trojan being
loaded, or the unintended leaking of confidential or privileged data.</span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<span style="font-size: small;">As
Paul Mah has written in the past, defending against spear phishing is a
challenging task that mandates some amount of user training. To assist
organizations on this front, Paul has come up with a simple checklist to
help identify a potential phishing message.</span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<span style="font-size: small;">To have access to </span><span style="font-size: small;">Paul's </span><span style="font-size: small;">checklist visit the following URL:</span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<span style="font-size: small;">http://goo.gl/lmpZR</span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<span style="font-size: small;"><br /></span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<span style="font-size: small;"><br /></span></div>Anonymoushttp://www.blogger.com/profile/08298128264948784456noreply@blogger.comMelbourne VIC, Australia-37.8131869 144.9629796-37.8382759 144.92349760000002 -37.7880979 145.0024616tag:blogger.com,1999:blog-6012758317847145877.post-13528844663566637182012-02-14T07:30:00.000+11:002012-02-14T07:30:01.099+11:00This February 14 be a Valentine not a Victim<div style="font-family: Verdana,sans-serif; text-align: justify;">
As Valentine’s Day approaches, Better Business Bureau of Southern
Arizona warns that Cupid’s arrow may be aimed directly at consumers’
wallets. Those who find themselves awash in love’s emotion should
remember that con artists thrive on the fact that emotion can trump
logic.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
There are three categories of scams that we all should be aware of at this romantic season as well as throughout the year.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<strong>Online Dating</strong></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
Their photo may be attractive and their story may sound compelling
but that person you met through an online dating site may turn out to be
the very opposite of your soul mate. Photos, profiles and stories can
be easily faked on dating sites. One common tactic is to claim to be a
successful overseas businessperson with no family.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
After what seems like sincere conversation in which many questions
are asked of you, the scammer can skillfully employ psychology to say
precisely what you want to hear.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
Once the ice is broken and a comfort level has been reached on your
part, the heart of the matter is arrived at: they need financial
assistance. They may want you to cash a check for them or otherwise help
them out of a financial difficulty. It could be travel expenses,
medical expenses or some other type of debt. At any rate it is your
money less than your heart that they are after. MoneyGram, one of the
major global money transfer companies, has estimated that romance scams
defraud victims of over $10,000 for each occurrence. For those so
victimized, whatever the amount, a website called romancescams.org can
be helpful.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<strong>Online Florists</strong></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
When love is in bloom many rely on the traditional symbol of
thoughtfulness, the bouquet, to convey their feelings for that special
person. But be aware that online florists are not always reliable. If
the flowers that are actually received by your loved one are inferior
arrangements from those ordered, or even not delivered at all, it can be
a wilting experience.<span id="more-766"></span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
Scammers may send you emails saying that the flowers you ordered
cannot be delivered unless you log in to their site and re-enter your
credit card information. These emails are sent out in large numbers
hoping to eventually find the inboxes of someone who has really sent
flowers to their sweetheart. They are playing on consumers emotions by
planting the fear that the bouquet may not reach the intended and that
person will feel forgotten on Valentine’s Day. If you think the message
may be legitimate, go to the florist’s website or give them a phone
call, using the original site from which you ordered rather than the
link on the email.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
The best way to assure that flowers reach your beloved just as you
ordered them is to rely on a local florist. A website devoted to
uncovering florist scammers can be found at floristdetective.com.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<strong>E-card Scams</strong></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
Phishing attempts abound around the e-card industry. A frequently
used technique is to email a message saying you have a card waiting to
be viewed. You are then directed to a fake website that resembles a
popular site like Hallmark or American Greetings.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
Once you are there a prompt tells you to download the latest version
of Flash Player in order to view the e-card. Click that link and a virus
is quickly downloaded and attacks your computer. Instead of having your
loved one steal your heart, a scammer has stolen your identity.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
Consumers should always exercise care in opening emails, links or
attachments from those you do not know. Especially suspicious are
unsolicited messages with subject lines saying “Someone just sent you an
e-card” or “Send your loved one a Valentines Card today.”</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
Avoid becoming victimized by scammers who rely on the old adage that
“love is blind.” Keep a clear head and open eyes this Valentine’s Day.
Contact BBB by calling (520)888-5353 with questions or concerns if you
think someone is going less for your heart and more for your wallet.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<span style="font-size: small;"></span><span style="font-size: x-small;">Source Article: http://goo.gl/zaSED </span><span style="font-size: x-small;">by <a href="http://tucsoncitizen.com/bbbconsumeralert/author/bbbconsumeralert/" rel="author" title="Posts by bbbconsumeralert">bbbconsumeralert</a> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>Anonymoushttp://www.blogger.com/profile/08298128264948784456noreply@blogger.comMelbourne VIC, Australia-37.8131869 144.9629796-37.8382759 144.92349760000002 -37.7880979 145.0024616tag:blogger.com,1999:blog-6012758317847145877.post-46116566864195058722012-02-13T07:30:00.000+11:002012-02-13T07:30:00.753+11:00Hackers Ask 'Will You Be My Valentine?'<div style="font-family: Verdana,sans-serif; text-align: justify;">
<span style="font-size: xx-small;"><a href="http://www.cso.com.au/author/685856492/tony-bradley/articles">by Tony Bradley</a> (PC World (US online))</span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
With Valentine's Day around the corner, cyber criminals are ramping up
spam, phishing, and other attacks targeting the lover's holiday.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div id="article_body" style="font-family: Verdana,sans-serif; text-align: justify;">
<div class="storybody" style="text-align: justify;">
There are only five days to Valentine's Day. Those
of you who are shocked by that revelation are prime targets for
Valentine's Day related spam and phishing attacks as hackers hope to
catch you with your guard down for this day of romance.</div>
<div class="storybody" style="text-align: justify;">
<br /></div>
<div class="storybody" style="text-align: justify;">
Messages targeting Valentine's Day are expected to quadruple globally in the coming days -- in part because <a href="http://www.pcworld.com/businesscenter/article/245093/fighting_malware_and_cybercrime_with_old_school_criminology.html" target="_blank">cyber criminals are adept</a>
at targeting holidays and current events as bait for attacks. An offer
for a dozen roses for $5 might get some traction any time of the year,
but with the clock quickly counting down to Valentine's Day it has much
higher odds of duping frantic lovers in search of a last minute gift.</div>
<div class="storybody" style="text-align: justify;">
<br /></div>
<div class="storybody" style="text-align: justify;">
A <a href="https://blogs.mcafee.com/consumer/consumer-threat-notices/love-and-cyber-scams" target="_blank">blog post from McAfee</a>
warns, "Many consumers look for a little romance on Valentine's Day,
whether it is a thoughtful gift, a romantic getaway, or a heartfelt
e-card, but if you're looking for these things online, beware."</div>
<div class="storybody" style="text-align: justify;">
McAfee points out a number of types of Valentine's Day themed threats you should be aware of:</div>
<div class="storybody" style="text-align: justify;">
Phishing Scams</div>
<div class="storybody" style="text-align: justify;">
<br /></div>
<div class="storybody" style="text-align: justify;">
Attackers
will send out spam promoting bargains for flowers, romantic dinners,
jewelry, or other Valentine's Day gift related themes. Clicking on the
offer might <a href="http://www.pcworld.com/businesscenter/article/247370/45000_facebook_accounts_compromised_what_to_know.html" target="_blank">take you to a malicious site</a>
that could compromise a vulnerable PC, or it could take you to a site
that looks legitimate, and asks for your credit card, and other personal
information to "complete the order".</div>
<div class="storybody" style="text-align: justify;">
Malicious eCards</div>
<div class="storybody" style="text-align: justify;">
<br /></div>
<div class="storybody" style="text-align: justify;">
Any
holiday that traditionally involves giving and receiving cards is a
prime target for cyber criminals. Everyone loves to receive a
personalized greeting card -- especially if it seems to be from someone
that may be romantically interested.</div>
<div class="storybody" style="text-align: justify;">
Seriously, though, what are the odds that someone you don't know decided to <a href="http://www.pcworld.com/businesscenter/article/244816/fake_itunes_gift_certificate_could_ruin_your_black_friday.html" target="_blank">send you an ecard</a> for Valentine's Day out of the blue? Right.</div>
<div class="storybody" style="text-align: justify;">
<br /></div>
<div class="storybody" style="text-align: justify;">
Mr. (or Mrs.) Wrong</div>
<div class="storybody" style="text-align: justify;">
<br /></div>
<div class="storybody" style="text-align: justify;">
Another
scam to watch out for are fake profiles on online dating sites. Cyber
criminals create online dating profiles designed to be as attractive as
possible to lure unsuspecting love seekers. The idea is to make
connections, and establish trust as a means to further criminal
activity.</div>
<div class="storybody" style="text-align: justify;">
<br /></div>
<div class="storybody" style="text-align: justify;">
McAfee outlines some additional
threats to watch out for in its blog post. To steer clear of Valentine's
Day cyber threats, follow the <a href="http://www.pcworld.com/businesscenter/article/245566/warning_tips_for_secure_mobile_holiday_shopping.html" target="_blank">basic principles of online common sense</a>.
Don't open emails or file attachments, or click on links from people or
sources you are not familiar with -- and even if you do know the
sender, think twice about whether that person would really send you a
Valentine's Day email.</div>
<div class="storybody" style="text-align: justify;">
<br /></div>
<div class="storybody" style="text-align: justify;">
Another basic rule is
that if it sounds too good to be true, it probably is. Don't fall for
unbelievable last minute Valentine's Day gift ideas no matter how
desperate you are for a gift.</div>
<div class="storybody" style="text-align: justify;">
<br /></div>
<div class="storybody" style="text-align: justify;">
Protect your wallet, your identity, and your heart by avoiding Valentine's Day cyber scams. </div>
<div class="storybody" style="text-align: justify;">
<br /></div>
<div class="storybody" style="text-align: justify;">
<span style="font-size: x-small;"><b>Source Article:</b> http://goo.gl/NEVuU</span></div>
<div class="storybody" style="text-align: justify;">
<br /></div>
</div>Anonymoushttp://www.blogger.com/profile/08298128264948784456noreply@blogger.comMelbourne VIC, Australia-37.8131869 144.9629796-37.8382759 144.92349760000002 -37.7880979 145.0024616tag:blogger.com,1999:blog-6012758317847145877.post-43487159409477943832012-02-10T07:30:00.000+11:002012-02-10T07:30:01.265+11:00Free Email Providers Launch DMARC.org To Prevent Phishing Scams<div class="separator" style="clear: both; text-align: center;">
<a href="http://cbsdetroit.files.wordpress.com/2012/02/90247152.jpg?w=300" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="135" src="http://cbsdetroit.files.wordpress.com/2012/02/90247152.jpg?w=300" width="200" /></a></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<strong></strong>Leading free email providers like
Google, Microsoft and Yahoo are teaming up in an effort to prevent
“phishing” scams. As WWJ’s Rob Sanford reports, the unprecedented effort
was announced this week.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;">
</span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
The companies have created a working group – <a href="http://dmarc.org/" target="_blank">DMARC.org</a> – to promote a standard set of email technologies that they say will lead to more secure email.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;">
</span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
According to its website, DMARC, which stands for “Domain-based
Message Authentication, Reporting & Conformance,” standardizes how
email receivers perform email authentication. This means that senders
will experience consistent authentication results for their messages at
AOL, Gmail, Hotmail, Yahoo! and any other email receiver implementing
DMARC.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div class="entry-injected-ad narrow" style="font-family: Verdana,sans-serif; text-align: justify;">
</div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;">
</span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
With the rise of the social internet and e-commerce, spammers have a
tremendous financial incentive to compromise user accounts, enabling
theft of passwords, bank accounts, credit cards and more. Email is easy
to manipulate and criminals have found spoofing to be a proven way to
exploit user trust of well-known brands. Simply inserting the logo of a
well-known brand into an email gives it instant legitimacy with many
users.</div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;">
</span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
CNET executive editor Molly Wood said phishing is threatening the legitimacy of email.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;">
</span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
“I think it’s hard sometimes for these companies to work together.
They don’t always think it’s in their best interest to come together,
but I think it’s gotten to the point now where phishing scams are so
prevalent, that all of these companies are worried that their customers
are going to stop trusting their legitimate email,” said Wood.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;">
</span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
The arrangement will not stop all spam or phishing but will stop what
they call a “significant chunk” of malicious messages sent.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;">
</span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
DMARC helps email senders and receivers work together to better
secure emails, protecting users and brands from painfully costly abuse.
Find more information at <a href="http://dmarc.org/" target="_blank">DMARC.org</a>.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<span style="font-size: xx-small;"><b>Source: </b>http://cbsloc.al/zhdnzo </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>Anonymoushttp://www.blogger.com/profile/08298128264948784456noreply@blogger.comMelbourne VIC, Australia-37.8131869 144.9629796-37.8382759 144.92349760000002 -37.7880979 145.0024616tag:blogger.com,1999:blog-6012758317847145877.post-57065955444647556742012-02-09T07:30:00.000+11:002012-02-09T07:30:01.896+11:00I will NEVER ask for your password<div style="font-family: Verdana,sans-serif; text-align: justify;">
<span style="font-size: xx-small;"><a class="internal-link view-user-profile" href="http://windowsteamblog.com/members/Dick-Craddock/default.aspx">by Dick Craddock</a></span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
There are a lot of bad things on the Internet, and few are worse than
phishing scams. But there is a certain class of phishing scam that has
earned a special level of disdain and disgust, at least from me. I’m
talking about the phishing scams that target Hotmail customers using <u>my</u> name, <u>my</u> picture, and even <u>my</u> signature. Grrrr.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
Let me clear something up right off the bat: I will <u>never</u> ask for your password. No one from <a href="http://explore.live.com/windows-live-hotmail" target="_blank">Hotmail</a> or Microsoft will ever ask for your password. In fact, <u>no</u> legitimate service will ever ask for your password. If you ever get an email asking for <u>any</u> password to <u>any</u>
service, you can be sure, without a shadow of a doubt, that the email
is a phishing scam. Just junk it. (Or, in Hotmail, mark it as a phishing
scam using the “Mark As” menu.)</div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<h3 style="font-family: Verdana,sans-serif; text-align: justify;">
Phishing scams</h3>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
Spammers want to send spam. That’s what they do. As I said in my <a href="http://windowsteamblog.com/windows_live/b/windowslive/archive/2011/08/03/90-less-spam-in-hotmail-15-less-spam-on-the-internet.aspx" target="_blank">last post</a>,
we’ve made it hard for them to send spam with new accounts due to the
effectiveness of our account reputation work. So, spammers have turned
to hijacking customer accounts in order to send more spam. </div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
Phishing
scams are one of the simplest ways that spammers use to gain control of
your account. The spammer sends an email that asks for your password,
usually with a threat that your account is about to be closed. You
reply, providing your password, and, Voila! Your account (and
reputation) is hacked.</div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
Spammers do this on all networks and all
services – Hotmail, Gmail, Yahoo!, Facebook, AOL – spammers do not
discriminate, and no service is immune. </div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<h3 style="font-family: Verdana,sans-serif; text-align: justify;">
How my picture got out there</h3>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
Hotmail
sends email to our customers fairly regularly to update people on
various things, such as the availability of new software or features, or
even to remind people about security measures, like creating a strong
password or adding your mobile phone number to your account.</div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
About
a year ago, we decided that we would make these messages more personal
by including my name, my picture, and my signature. </div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
That decision has really come back to haunt me.</div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<h3 style="font-family: Verdana,sans-serif; text-align: justify;">
A gift to spammers</h3>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
Almost
immediately, the spammers copied that email, including my picture, name
and signature, and modified the content so that it said something like
“Your account is about to be shut down unless you reply to this email
with your account name and password.”</div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
This is a classic example of a phishing scam, and one of the most common ways that accounts get compromised. Here’s an example:</div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<a href="http://windowsteamblog.com/cfs-file.ashx/__key/CommunityServer-Blogs-Components-WeblogFiles/00-00-00-53-82-metablogapi/2438.An_2D00_example_2D00_of_2D00_a_2D00_phishing_2D00_scam_5F00_73CD6C72.png" target="_blank"><img alt="An example of a phishing scam" border="0" height="363" src="http://windowsteamblog.com/cfs-file.ashx/__key/CommunityServer-Blogs-Components-WeblogFiles/00-00-00-53-82-metablogapi/3288.An_2D00_example_2D00_of_2D00_a_2D00_phishing_2D00_scam_5F00_thumb_5F00_7B08E085.png" style="background-image: none; border-bottom: 0px; border-left: 0px; border-right: 0px; border-top: 0px; display: inline; padding-left: 0px; padding-right: 0px; padding-top: 0px;" title="An example of a phishing scam" width="530" /></a></div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
The bottom of that same email looks like this:</div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<a href="http://windowsteamblog.com/cfs-file.ashx/__key/CommunityServer-Blogs-Components-WeblogFiles/00-00-00-53-82-metablogapi/8372.Phishing_2D00_scams_2D00_use_2D00_Dick_2D00_Craddocks_2D00_name_2D00_and_2D00_picture_5F00_05D59C01.png" target="_blank"><img alt="Phishing scams use Dick Craddock's name and picture" border="0" height="315" src="http://windowsteamblog.com/cfs-file.ashx/__key/CommunityServer-Blogs-Components-WeblogFiles/00-00-00-53-82-metablogapi/8666.Phishing_2D00_scams_2D00_use_2D00_Dick_2D00_Craddocks_2D00_name_2D00_and_2D00_picture_5F00_thumb_5F00_35B03DC2.png" style="background-image: none; border-bottom: 0px; border-left: 0px; border-right: 0px; border-top: 0px; display: inline; padding-left: 0px; padding-right: 0px; padding-top: 0px;" title="Phishing scams use Dick Craddock's name and picture" width="235" /></a></div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
Yep. That’s me, all right. But that email is definitely <u>not</u> from me.</div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<h3 style="font-family: Verdana,sans-serif; text-align: justify;">
Even smart people fall for it</h3>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
Phishing
messages can look very real and convincing, so even smart, tech-savvy
people fall for them. I get asked about this quite a bit. </div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
Here’s
a conversation that took place on my public Facebook page. The first
person asks, “I got this message, is it really you?” In response, our
Development Manager, Eliot, displayed both his penchant for pithiness
and his mastery of high school French:</div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<a href="http://windowsteamblog.com/cfs-file.ashx/__key/CommunityServer-Blogs-Components-WeblogFiles/00-00-00-53-82-metablogapi/2350.Facebook_2D00_messages_5F00_36E4B0D4.png" target="_blank"><img alt="Facebook messages" border="0" height="329" src="http://windowsteamblog.com/cfs-file.ashx/__key/CommunityServer-Blogs-Components-WeblogFiles/00-00-00-53-82-metablogapi/5226.Facebook_2D00_messages_5F00_thumb_5F00_41C1921C.png" style="background-image: none; border-bottom: 0px; border-left: 0px; border-right: 0px; border-top: 0px; display: inline; padding-left: 0px; padding-right: 0px; padding-top: 0px;" title="Facebook messages" width="470" /></a></div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
Phishing
scammers know that they’ll get better response rates by using my
pictures and my signature to produce email messages that look
legitimate. They even translate their scams into multiple languages to
broaden their reach.</div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<h3 style="font-family: Verdana,sans-serif; text-align: justify;">
The telltale signs of a phishing message</h3>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
As I’ve said, <u>any</u>
email that asks for your password is a phishing scam and shouldn’t be
trusted. You don’t need to look any further to know the message is a
fake. Nonetheless, it’s interesting to see how “creative” the scammers
can get. Here are some tactics scammers use to get people to provide
their account info:</div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<b>They copy Hotmail’s marketing images.</b> These phishing messages usually contain the latest image from Hotmail’s own marketing campaigns, like this one:</div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<a href="http://windowsteamblog.com/cfs-file.ashx/__key/CommunityServer-Blogs-Components-WeblogFiles/00-00-00-53-82-metablogapi/2018.Hotmail_2D00_header_5F00_100674C7.png" target="_blank"><img alt="Hotmail header" border="0" height="157" src="http://windowsteamblog.com/cfs-file.ashx/__key/CommunityServer-Blogs-Components-WeblogFiles/00-00-00-53-82-metablogapi/7573.Hotmail_2D00_header_5F00_thumb_5F00_0B604440.png" style="background-image: none; border-bottom: 0px; border-left: 0px; border-right: 0px; border-top: 0px; display: inline; padding-left: 0px; padding-right: 0px; padding-top: 0px;" title="Hotmail header" width="530" /></a></div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<b>They provide a bogus reason for needing your password.</b>
The messages usually contain an introduction that offers a false
explanation about why they need your password. Some of my favorites
include:</div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<ul style="font-family: Verdana,sans-serif; text-align: justify;">
<li><i>“We are currently upgrading our data base and e-mail account center.”</i></li>
<li><i>“We are deleting all unused accounts to create more space for new accounts.”</i></li>
<li><i>“We
encountered a problem with our database and a lot of records were lost,
we are restoring our database to enable us serve you better.”</i></li>
<li><i>“We are having too many congested email due to the anonymous registration of Hotmail Msn-Live Accounts in our database system.”</i></li>
</ul>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
Rest assured: NONE of these will EVER be a legitimate reason to ask for your password. </div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<b>They design a subject line to scare you.</b> The subject lines call for your immediate attention and are often intended to be scary. Here are a few common examples:</div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<ul style="font-family: Verdana,sans-serif; text-align: justify;">
<li>Some variation of “Account Alert!!!”, or “Account upgrade alert,” or “Email account alert.”</li>
<li>Some variation of “Account renewal process,” or “Verify your account details.”</li>
<li>Some variation of “Email Warning!!!”, or “Verify your email now to avoid being closed!!!!!”</li>
</ul>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
(Scammers really like to use exclamation points!!!! A lot!!!)</div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<b>They send the email from a bad “From” address.</b>
The “From” address in the email is often a dead giveaway. At a glance,
it might look like you’ve gotten mail from the Hotmail Team. But if you
look at the actual email address, it’s almost always something fishy
(phishy?). Typically, scammers just use the name of a Hotmail customer
account. </div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<h3 style="font-family: Verdana,sans-serif; text-align: justify;">
Get educated, educate others</h3>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
In a perfect
world, no one would ever give out their password, and the phishing scams
would be ineffective, and would just stop. You’ve already taken a step
to helping us get there by reading this post, and now you can help pay
it forward by educating others.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<u>Any</u> email that asks for
your password is a phishing scam. If anyone ever asks you, “Hey, is this
email legit?” just say, “If it asks you for your password, then it is
absolutely, definitely, without question <u>a scam</u>! Report it as junk!”</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
As a final note, some of you might be wondering, <i>Why can’t Hotmail detect these scams?</i>
We can detect these scams and do detect many of them. But it’s just a
numbers game, and spammers are capable of producing a huge volume of
phishing scams, with enough variation in the text and images to fool our
filters a small percentage of the time. In addition, it’s important for
us to keep the false positives low – meaning that we don’t want to
mistakenly identify a legitimate email sent from a good user as spam.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
So,
until we get to that perfect world without spammers, we’ll be here
building better and better systems to battle the bad guys. Thanks for
reading, and thanks for using Hotmail.</div>Anonymoushttp://www.blogger.com/profile/08298128264948784456noreply@blogger.comMelbourne VIC, Australia-37.8131869 144.9629796-37.8382759 144.92349760000002 -37.7880979 145.0024616tag:blogger.com,1999:blog-6012758317847145877.post-33775816873462384232012-02-08T07:30:00.000+11:002012-02-08T07:30:00.200+11:00Sir Spamalot and Lady Phishing<div style="font-family: Verdana,sans-serif; text-align: justify;">
<span style="font-size: xx-small;">By <a href="http://www.securityweek.com/authors/jon-louis-heimerl">Jon-Louis Heimerl</a> </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<span style="font-size: small;">I am a millionaire. Actually, I’m a
multi-millionaire. Or rather I could be if I helped the honorable Mr.
Nagumba get his money out of Nigeria, or helped Barbara get her money
out of Brazil, or picked up my unclaimed lottery winnings, or helped
another half dozen people in the last month. </span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
I have won $1500 several times a day for the last few months. I have
won a new car. I have important packages waiting to pick up from FedEx
and UPS. I am being audited by the IRS and they sent me an attachment
that included an executable notice with instructions. I won a 15 day
cruise if I qualified – they only needed a credit card number to confirm
my identity and that I am over 18. I can get my teeth whitened or Lasik
eye surgery for 80% off. I have qualified for a special deal on a new
BMW 335 with experimental pricing, and can get in a brand new one for
under $15,000. Two of my credit cards have been compromised so I needed
to log onto the included website to verify and change my account
information. As a matter of fact, another credit card that I don’t even
have was also compromised, and I needed to log on there too. One of my
bank accounts appears to have some out-of-date information associated
with it. I can get really cheap Viagra (sic) cheap online, Heather
thinks I’m hot, and there seems to be way too many people interested in
my manhood.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<img alt="Analyzing Spam" height="223" src="http://www.securityweek.com/sites/default/files/SPAMALOT.jpg" style="float: right; margin: 5px;" title="Spam" width="175" /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
My personal spam folder is pretty thin. I try to trim spam
aggressively. Just in the last 24 hours I have received 42 emails. Three
from family, 21 advertisements from retailers (it’s beyond me why I
need a daily reminder from a retailer telling me that they are still
open and selling the same stuff they’ve been selling for the last five
years), and 18 spam. Now, I have no idea how much spam my ISP trims
before it even gets to me, but I assume it is a lot. A quick search
shows unofficial estimates that spam is somewhere between 60 and 97% of
all email sent. By the best accounts I can find, that means around 40
billion spam emails every day (give or take a few billion). The numbers
are down slightly from 2010 partially because three botnets (Rustock,
Lethic, and Xarvester) have been somewhat throttled. The closure of spam
specialist Spamit helped as well. But, as we all know, spam has not
gone away.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
Unfortunately, spam means money. Spam brings with it a variety of
issues, but it also delivers chunks of money and other opportunities to
those who generate it. Pay-per-click sites still exist, and if you send
100 million spam messages and get 1% of recipients to click through –
ka-ching! Say you send 50 million spam messages that contain a link for a
free virus scan, and you can get .5% of those recipients to follow
through with a fake purchase for ONLY $29.99 – that’s $7.5million –
ka-ching! Credit card information is not worth what it used to be, but
if you can send 100 million fake “change your password” notices to
BigBlueBank customers, and 1% of them go through your fake link and
update their password – ka-ching! And even if they can’t get something
from you, maybe they can compromise some low percentage of recipients
with a Trojan or sniffer. The numbers add up quickly because of volume.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
But spam and phishing emails are not always obvious, are they? Well,
some of them are. If the email subject line includes things like
“Cialis” or “Replica Handbags” I think the chances it is spam is
probably something around 100%. But do we always know? I included an
example of a recent phishing email I received (names have been changed).
It looks pretty good at a glance, but there is a lot wrong with it if
you pay attention.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
Let’s look through it in detail.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<img alt="Spam Example" height="506" src="http://www.securityweek.com/sites/default/files/Spam-Examples.jpg" style="margin: 5px;" title="Spam Example" width="500" /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
Let’s work on the premise that the logo and all the colors are
correct, and that at a glance, this looks authentic – it appears to be
an email from BigBlueBank, where you have an account registered with
online access. What is wrong with the email?</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
</div>
<div style="font-family: Verdana,sans-serif; padding-left: 30px; text-align: justify;">
1. BigBlueBank Online may be the correct
name, but the chances that return email address is correct is low (read
“low”, think “nonexistent”). Notice that it is @onlinesvc.com. If this
was really from BigBlueBank chances are pretty good that it would be
@BigBlueBank.com. If the return address just shows as BigBlueBank
Online, hold your cursor over the name. The actual associated email
address should show in a mouse-over or in the lower left corner of your
browser.</div>
<div style="font-family: Verdana,sans-serif; padding-left: 30px; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
</div>
<div style="font-family: Verdana,sans-serif; padding-left: 30px; text-align: justify;">
2. “To: undisclosed-recipients” - If this
was genuine, it would actually be to your specific email address, and
NOT show as a bulk email with hidden addressees. Check what you bank
emails you now – they are all to your real email address.</div>
<div style="font-family: Verdana,sans-serif; padding-left: 30px; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
</div>
<div style="font-family: Verdana,sans-serif; padding-left: 30px; text-align: justify;">
3. “UPDATE YOUR INFORMATION!” – This
pushes an immediate sense of urgency. Not necessarily a blazing orange
flag, but it should raise your skepticism when you get an email so
obviously trying to raise your personal sense of alarm.</div>
<div style="font-family: Verdana,sans-serif; padding-left: 30px; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
</div>
<div style="font-family: Verdana,sans-serif; padding-left: 30px; text-align: justify;">
4. “This message is a critical one…” This
is obviously a person to whom English is not their primary language.
Normal English phrasing would be “This is a critical message…”. If
BigBlueBank is based in South Carolina this should get your attention.
If they are based in Germany, it probably still should, but not quite as
much.</div>
<div style="font-family: Verdana,sans-serif; padding-left: 30px; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
</div>
<div style="font-family: Verdana,sans-serif; padding-left: 30px; text-align: justify;">
5. “It has come to our attentions,” “This
require” - The extra “s” on attention and the missing “s” are perfect
examples of disagreement in tense, and errors. These are strong
indicators that the writer is not a natural English speaker, and that
whoever sent the email did not spend enough time proof reading and
editing the content. If BigBlueBank is a top 10 bank in the Americas,
what are the chances that they would not have a proof reader check
everything that went out (Hint: the answer is 0%).</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
</div>
<div style="font-family: Verdana,sans-serif; padding-left: 30px; text-align: justify;">
6. “Your Account information” and “The
Account update…” – What is with the random capitalization of “Account”?
Errors like this should be blazing a hole in your brain by now.</div>
<div style="font-family: Verdana,sans-serif; padding-left: 30px; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
</div>
<div style="font-family: Verdana,sans-serif; padding-left: 30px; text-align: justify;">
7. “Is also a new BigBlueBank” – This is
just an awkward sentence. Read the whole sentence from the email.
Perhaps “the account update also includes” or something similar, but
again, it is an error in grammatical construction that should tell you
this is not a professional email.</div>
<div style="font-family: Verdana,sans-serif; padding-left: 30px; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
</div>
<div style="font-family: Verdana,sans-serif; padding-left: 30px; text-align: justify;">
8. “Services security statement…” – Again with the random capitalization of “Services”? Brain. Hole. Burning.</div>
<div style="font-family: Verdana,sans-serif; padding-left: 30px; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
</div>
<div style="font-family: Verdana,sans-serif; padding-left: 30px; text-align: justify;">
9. “Goes according” – Perhaps if it read
“is in accordance” this would not raise alarms, but the misuse of the
“ing” is a common error for a non-natural English speaker.</div>
<div style="font-family: Verdana,sans-serif; padding-left: 30px; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
</div>
<div style="font-family: Verdana,sans-serif; padding-left: 30px; text-align: justify;">
10. “On our terms of service” – “in” our
terms of service would be appropriate for an English speaker, and even
more appropriate in a professionally prepared communication.</div>
<div style="font-family: Verdana,sans-serif; padding-left: 30px; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
</div>
<div style="font-family: Verdana,sans-serif; padding-left: 30px; text-align: justify;">
11. 5:55 AM 20/01/2012 – This is actually
the first thing I saw in the email that made me say “fake”. The date is
shown as day/month/year, which is predominantly European or other
international convention. Standard in the United States would be
01/20/2012. I know the other way sorts better, but it is aberrant
construction in the U.S. If you are not from the U.S., this probably
does not bother you as much as it did me.</div>
<div style="font-family: Verdana,sans-serif; padding-left: 30px; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
</div>
<div style="font-family: Verdana,sans-serif; padding-left: 30px; text-align: justify;">
12. “May result on a suspension of your
account” – “on” is again wrong. A natural English speaker would say
“in”. This also implies a threat designed to increase your sense of
urgency and decrease your vigilance.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
</div>
<div style="font-family: Verdana,sans-serif; padding-left: 30px; text-align: justify;">
13. BigBlueBank Upgrade Home – Look at
that. How convenient it was of them to include a link back to
Bigbluebank for you. Just hold your mouse over the hyperlink (don’t
bother; it won’t work on the example, since the hyperlink has been
removed). By now you realize the chances that the link actually has
anything to do with bigbluebank is exactly 0%. In the example of this
email, it actually linked to something like the following – the fact
that bigbluebank is not the domain should be an obvious clue:
http//generalupdates.gh.ost.de/bigbluebank/account_update/index.php.</div>
<div style="font-family: Verdana,sans-serif; padding-left: 30px; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
</div>
<div style="font-family: Verdana,sans-serif; padding-left: 30px; text-align: justify;">
14. 1-888-XXX-XXXX – Very nice to have an
included phone number. It really does help make the whole thing look
better. Especially if you dial the number and someone in a call center
answers it “Big Blue Bank – Customer Service, how can I help you?” First
of all, check the provided number against the customer service number
on your bank statements or against the number provided on Bigbluebank’s
real website. It may be close but it will not match. Your second clue is
that someone actually answered the phone and you did not have to go
through a Voice Response system – when was the last time that happened?</div>
<div style="font-family: Verdana,sans-serif; padding-left: 30px; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
</div>
<div style="font-family: Verdana,sans-serif; padding-left: 30px; text-align: justify;">
15. “Will be helping” – there is that
“ing” again. “This will help us” would not raise alarm, but the improper
English should have your spinal column on fire by now. You should
almost expect it say to “will to be helping us” like some alien speaking
through an electronic translator.</div>
<div style="font-family: Verdana,sans-serif; padding-left: 30px; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
If in doubt, bring up the genuine bigbluebank.com website by typing
it into your browser yourself (completely ignoring their link, if you
please), and check for information there. Locate their contact
information to email, or call them to ask if they sent the information.
Chances are that bigbluebank has its own security group that is
interested in abuse and phishing emails. They may want you to forward a
copy of the email to them for their own review if you feel like going
that far.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
Perhaps this was not the best example because this email was chock
full o’ clues. But these are exactly the types of indicators you will
see in many phishing emails. The fact that you even got this email
should immediately raise your level of awareness, so everything else
should follow.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>Anonymoushttp://www.blogger.com/profile/08298128264948784456noreply@blogger.comMelbourne VIC, Australia-37.8131869 144.9629796-37.8382759 144.92349760000002 -37.7880979 145.0024616tag:blogger.com,1999:blog-6012758317847145877.post-33186388229475085782012-02-07T07:30:00.000+11:002012-02-07T07:30:00.757+11:00Social Engineering Yourself A BotNet<div style="font-family: Verdana,sans-serif; text-align: justify;">
Not too long ago the announcement about an
Internet Sponsorship Law, SOPA, basically caused the Internet to blow up
with people voting, supporting,
and showing how much they disliked this proposed bill. The way the
“Internet Community” came together is a lesson in mass influence itself,
but we are going to focus on a different aspect of this drama.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;">
</span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<a href="http://www.social-engineer.org/social-engineering/social-engineering-yourself-a-botnet/attachment/botnet/" rel="attachment wp-att-2500" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img alt="BotNet Social Engineering Yourself A BotNet" class="alignleft wp-image-2500" height="260" src="http://www.social-engineer.org/wp-content/uploads/2012/01/BotNet.jpg" style="border: 2px solid black; margin: 2px;" title="BotNet" width="378" /></a>The hacktivist group Anonymous reared its head in this debate to show
it’s disdain for any law that would censor or prohibit the use of the
Internet, and they do so using a form of social engineering.</div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;">
</span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
One of the less influence based forms of social engineering involves
drawing people to a website that is either loaded with malicious
software/code or has downloads that are dangerous or infected.
Apparently, Anonymous used this form of social engineering to create, in
essence, one of the world’s largest botnets full of unsuspecting
participants.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<span id="more-2499"></span><br />
<strong>How?</strong><br />
Anonymous used its legions of faithful supporters to spread shortened
links that drew interested parties to certain links. Since a user can’t
possibly know what to expect when they load a URL, Anonymous capitalized
on this to create it’s botnet.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;">
</span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
As users went to the list of URL’s, their browsers were hijacked and
then some code was executed. Once executed it causes the users browser
to make a massive amount of requests to the targets websites (in this
case DOJ and FBI). When you get hundreds or thousands or even more
people hitting these malicious URL’s so much traffic is sent that it
DDoS’ the sites in question.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;">
</span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
What are the implications of this type of attack? This form of social
engineering is pretty malicious. Even simple curiosity can make the
site visitor an unwilling participant in an act that could be considered
terrorism. This, of course, is a very serious matter as traffic from
home or work users becomes inundated with this malicious traffic.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;">
</span></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
In the age of shortened URL’s, this kind of a story just makes it
ever more clear that the user needs to take responsibility before
clicking a link. These types of attacks are how people’s computers get
hacked and how accounts are compromised. Now, it’s how massive botnets
are created.</div>
<div style="text-align: justify;">
<div style="text-align: justify;">
<span style="font-family: Verdana,sans-serif;"> </span><br style="font-family: Verdana,sans-serif;" /><br style="font-family: Verdana,sans-serif;" /><span style="font-family: Verdana,sans-serif;">
<span style="font-size: xx-small;">Posted in </span></span><span style="font-size: xx-small;"><a href="http://www.social-engineer.org/category/social-engineering/" rel="category tag" style="font-family: Verdana,sans-serif;" title="View all posts in Social Engineering">Social Engineering</a></span></div>
</div>Anonymoushttp://www.blogger.com/profile/08298128264948784456noreply@blogger.comMelbourne VIC, Australia-37.8131869 144.9629796-37.8382759 144.92349760000002 -37.7880979 145.0024616tag:blogger.com,1999:blog-6012758317847145877.post-11848481558142899362012-02-06T07:30:00.000+11:002012-02-06T07:30:00.340+11:00Be on the Lookout for Phishing Emails<div style="font-family: Verdana,sans-serif;">
<span style="font-size: xx-small;">Posted on: February 2, 2012 in Industry Issues by Chris Williams</span></div>
<div style="font-family: Verdana,sans-serif;">
</div>
<div style="font-family: Verdana,sans-serif;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
If you keep up with tech news, you might have seen <a href="http://thenextweb.com/google/2012/01/30/google-microsoft-facebook-and-more-team-up-to-tackle-email-spam-and-phishing/" target="_blank">the story recently about a new technology standard developed by Microsoft, Yahoo, Google, and Facebook</a>
to cut down on spam emails and phishing attempts. It’s an exciting new
technology that will help protect users by increasing checks and
reporting on sent emails.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
However, even with stricter standards for spam filtering, the
occasional phishing email might still find its way to your inbox.
Phishing emails are standard emails from people trying to convince you
to give them information like passwords, usernames, credit card numbers,
social security numbers, or other secure data. Every email user needs
to know how to spot phishing emails so they can be deleted.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
Here are five easy things to look for that you can use to spot phishing emails before you respond with sensitive information.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
Emails from companies or people asking for information they should already have, such as accounts and passwords – <strong>a company will never ask you for your password.</strong></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
Emails asking for personal identity information – your date of
birth, bank account information, social security number, or other
personal information. <strong>There’s no reason to ever give personal information via email. </strong></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
Emails with weird formatting, spelling mistakes, or bad grammar – <strong>most phishing attempts come from overseas, so they often contain mistakes a native English speaker wouldn’t make.</strong> Others are hurriedly prepared, so they may contain mistakes as well.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
Links or attachments you didn’t request – <strong>never click on a link in an email, or open an attachment, if you didn’t request for a link or attachment to be sent to you.</strong></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
Unknown senders or strange domain names – <strong>if the domain name
of the sender looks strange, or the sender is unknown to you, learn more
about the sender or company before you take action</strong>. If it looks strange, delete or report the email.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
Here’s an example of a phishing email:</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<a href="http://blog.iowanetworkservices.com/wp-content/uploads/2012/02/spam_email.png"><img alt="" class="aligncenter size-full wp-image-4871" height="441" src="http://blog.iowanetworkservices.com/wp-content/uploads/2012/02/spam_email.png" title="spam_email" width="536" /></a></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
For more information on spotting a phishing email, <a href="http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx" target="_blank">check Microsoft’s support page</a>. If you’re a Google user and receive phishing emails, <a href="http://consumerscams.org/scam_safety_tips/how_to_report_phishing_scam" target="_blank">you can learn how to report them to Google here</a>.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
Remember the first step is staying vigilant. Don’t provide personal
or sensitive information through email if you can avoid it, especially
to people you don’t know.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
<br /></div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
...don't forget to leave a comment... thanks.</div>
<div style="font-family: Verdana,sans-serif; text-align: justify;">
</div>Anonymoushttp://www.blogger.com/profile/08298128264948784456noreply@blogger.comMelbourne VIC, Australia-37.8131869 144.9629796-37.8382759 144.92349760000002 -37.7880979 145.0024616tag:blogger.com,1999:blog-6012758317847145877.post-78489566772793834822012-02-03T07:30:00.000+11:002012-02-03T07:30:00.979+11:009 Reasons to Enforce Web Security within the Organization<div style="font-family: Verdana,sans-serif;">
<span class="byline"><em></em></span></div>
<div style="font-family: Verdana,sans-serif;">
Considering the wide range of malicious content threatening your
users, implementing strong web security within the organization is a
crucial part of any defense-in-depth strategy. Web security doesn’t have
to mean blocking your users’ access to the Internet, but it does mean
protecting them from the types of threats they will encounter every day.
Here’s a rundown of the top nine threats that are there to help you
understand the importance of strong web security. Some of these are
threats to your users; others are threats to their productivity. All are
things web security can help you protect against.</div>
<div style="font-family: Verdana,sans-serif;">
<br /></div>
<div style="font-family: Verdana,sans-serif;">
<b>1.Compromised sites hosting malware</b><br />
Every day you can read about sites that have been compromised by
attackers. Hacked sites hosting malware are a common way to spread the
damage to hundreds or thousands of others very quickly. Strong web
security can protect your users by blocking access to compromised sites,
and by scanning any downloads for malware.</div>
<div style="font-family: Verdana,sans-serif;">
<br /></div>
<div style="font-family: Verdana,sans-serif;">
<b>2.Cross-site scripting attacks</b><br />
Cross-site scripting can steal credentials, direct users to sites
specifically hosting malware, and worse. Web security can detect when an
XSS is attempted and protect users from the effects.</div>
<div style="font-family: Verdana,sans-serif;">
<br /></div>
<div style="font-family: Verdana,sans-serif;">
<b>3.Typo-squatters</b><br />
It’s common for people to register domains that are either misspelled,
or simple one-offs from other sites to try to get traffic from users’
typos. Sometimes these sites simply have aggressive sales content; other
times they are set up to look like the real site to fool users. Either
way, web security can prevent this all too common mistake from doing
damage.</div>
<div style="font-family: Verdana,sans-serif;">
<br /></div>
<div style="font-family: Verdana,sans-serif;">
<b>4.Phishing sites</b><br /> Phishing emails almost always include
links to sites, where the real damage can be done. Web security can
block access to these phishing sites.</div>
<div style="font-family: Verdana,sans-serif;">
<br /></div>
<div style="font-family: Verdana,sans-serif;">
<b>5.Adult content</b><br /> The last
thing you need is an HR issue to deal with because someone clicked the
wrong link in some search results. Web security can enforce the
acceptable use policy, preventing both the intentional and accidental
violations from occurring.</div>
<div style="font-family: Verdana,sans-serif;">
<br /></div>
<div style="font-family: Verdana,sans-serif;">
<b>6.Controversial content</b><br /> Adult
content is not the only risk; political and religious sites may not be
appropriate for users to access while at work and web security can
ensure that Internet access is business appropriate.</div>
<div style="font-family: Verdana,sans-serif;">
<br /></div>
<div style="font-family: Verdana,sans-serif;">
<b>7.Time sinks</b><br />
If you have ever surfed the web, you have probably experienced the time
loss that comes from a planned 30 second check-in that becomes a 30
minute catch up with what else is going on. “Just one more click…” can
cost your company hours of lost productivity. Web security doesn’t have
to block all personal Internet access; it can permit that within
reasonable time limits.</div>
<div style="font-family: Verdana,sans-serif;">
<br /></div>
<div style="font-family: Verdana,sans-serif;">
<b>8.Bandwidth hogs</b><br /> One Internet audio
stream may seem like it uses an insignificant amount of bandwidth, but
with everyone streaming music, your pipe can quickly become clogged. Web
security can monitor and identify the major bandwidth users, or block
access to streaming media completely to save that bandwidth for
important things, like customer orders.</div>
<div style="font-family: Verdana,sans-serif;">
<br /></div>
<div style="font-family: Verdana,sans-serif;">
<b>9.Copyright violations</b><br />
If a user downloads a pirated movie from your network, you could face
liability. Web security can block access to these download sites, and
block torrents and peer-to-peer sharing so you don’t worry about C&D
letters or lawsuits.</div>
<div style="font-family: Verdana,sans-serif;">
<br /></div>
<div style="font-family: Verdana,sans-serif;">
With strong web security protection
technology in place, you protect your users, your infrastructure, your
data and, ultimately, your company. Look at web security as a critical
component of your information security strategy.</div>
<div style="font-family: Verdana,sans-serif;">
<br /></div>
<span style="font-family: Verdana,sans-serif;">This post was provided by Casper Manes on behalf of GFI Software Ltd.</span>Anonymoushttp://www.blogger.com/profile/08298128264948784456noreply@blogger.comMelbourne VIC, Australia-37.8131869 144.9629796-37.8382669 144.92349760000002 -37.788106899999995 145.0024616