“ChapCrack and CloudCracker reveal sensitive corporate communications — including passwords — protected by the popular PPTP encryption protocol, which is based on an algorithm from Microsoft, a researcher says at Defcon.“

The post Tools boast easy cracking of Microsoft crypto for businesses appeared first on Security Wandering.

“

CNET News

HomeReviews News Download CNET TV How To Marketplace Log In | Join

CNET News Security & Privacy Flame malware: So big, so overlooked The most ‘complex malware ever found’ — Flame — has taken the information security world by surprise. Given that it is said to have been around for years, how did everyone miss it?

by Michael Lee May 29, 2012 4:53 AM PDT 8 CommentsFacebook24Twitter71Linked In19More

The most ‘complex malware ever found’ — Flame — has taken the information security world by surprise. Given that it is said to have been around for years, how did everyone miss it? Several security research firms, including Symantec, Kaspersky, and McAfee, have been hard at work analyzing a specific piece of malware in the past few days after the Iranian Computer Emergency Response Team posted an alert about malicious code designed to steal and exfiltrate information from infected computers back to a network of at least 10 command and control servers. However, as Budape”

The post Flame malware: So big, so overlooked | Security & Privacy – CNET News appeared first on Security Wandering.

<<< Tuesday, May 8, 2012 >>>   Java Drive-by Generator Posted by Karmina @ 15:27 GMT | Comments Ran across quite an interesting infection today. I visited a site that prompted me with a security warning about a ‘Microsoft’ application from an unknown publisher. The site is actually pretending to be a Gmail Attachment Viewer. Microsoft+Gmail? Fail.

After allowing the application to run, it redirects to a Cisco Foundation invitation while downloading a malware binary in the background.

The message also contains a malicious link that downloads the same malware. Perhaps to make sure that you really get infected.

Anyway, this infection is generated using iJava Drive-by Generator, which apparently has been around f”

The post Java Drive-by Generator – F-Secure Weblog : News from the Lab appeared first on Security Wandering.

“

CNET News

HomeReviews News Download CNET TV How To Marketplace Log In | Join

Breaking news Oracle v. Google jury returns partial verdict, favoring OracleShare: CNET News Security & Privacy New malware strain locks up computers unless ransom is paid A type of ‘ransomware’ hitting users across Europe demands payment for alleged copyright violations, according to a Swiss security blog.

by Lance Whitney May 7, 2012 8:50 AM PDT 20 CommentsFacebook54Twitter71Linked In23More (Credit: abuse.ch) A campaign of ‘ransomware’ is locking people out of their computers unless they pony up the right amount of money. Spotted by security blog abuse.ch, the malware taps into an exploit kit known as ‘Blackhole.’ Sold underground, Blackhole is used by criminals to infect computers through security holes in the browser or third-party plug-ins, such as Java and Adobe Reader. If the version of Java, for example, is not up to date with the latest patches, the downloaded file will exploit the software'”

The post New malware strain locks up computers unless ransom is paid | Security & Privacy – CNET News appeared first on Security Wandering.

“Skip the navigation

Computerworld White Papers Webcasts Newsletters Solution Centers Events Magazine Twitter Facebook RSS

Topics News In Depth Reviews Blogs Opinion Shark Tank IT Jobs More IT Verticals Security App Security|Business Continuity|Cybercrime and Hacking|DRM and Legal Issues|Data Security|Malware and Vulnerabilities|Privacy|Security Hardware and Software

74  

3   1 Submit 6 Email

Home > Security > Malware and Vulnerabilities News Microsoft detects new malware targeting Apple computers Apple users should be sure their Mac version of Office has up-to-date patches

By Jeremy Kirk May 2, 2012 12:18 AM ET2 Comments . What’s this? IDG News Service – Microsoft has detected a new piece of malware targeting Apple OS X computers that exploits a vulnerability in the Office productivity suite patched nearly three years ago.

The malware is not widespread, wrote Jeong Wook Oh of Microsoft’s Malware Protection Center. But it does show that hackers pay attention if it’s found pe”

The post Microsoft detects new malware targeting Apple computers – Computerworld appeared first on Security Wandering.

” <<< Sunday, August 28, 2011 >>>   Windows Remote Desktop worm “Morto” spreading Posted by Mikko @ 13:23 GMT | Comments We don’t see that many internet worms these days. It’s mostly just bots and trojans. But we just found a new internet worm, and it’s spreading in the wild.

 

The worm is called Morto and it infects Windows workstations and servers. It uses a new spreading vector that we haven’t seen before: RDP.

RDP stands for Remote Desktop Protocol. Windows has built-in support for this protocol via Windows Remote Desktop Connection. Once you enable a computer for remote use, you can use any other computer to access it.

When you connect to another computer with this tool, you can remotely use the computer, just like you’d use a local computer.

Once a machine gets infected, the Morto worm starts scanning the local network for machines that have Remote Desktop Connection enabled. This creates a lot of traffic for port 3389/TCP, which is the RDP port.

When Morto finds a Remote Desktop server, it tries logging in as Administrator and tries a series of passwords:

admin  password  server  test  user  pass  letmein  1234qwer  1q2w3e  1qaz2wsx  aaa  abc123  abcd1234″

The post Windows Remote Desktop worm “Morto” spreading – F-Secure Weblog : News from the Lab appeared first on Security Wandering.

“The iframes silently redirect visitors to malicious files located on willysy.com and exero.eu. Those domain names, in turn redirect visitors to a series of intermediate websites that ultimately try to exploit several Windows vulnerabilities.”

The post Malware attack spreads to 5 million pages (and counting) • The Register appeared first on Security Wandering.

Over on the post “Zero day bug threatens many WordPress sites • The Register” contains this text:

TimThumb developer pwned by own creation By Dan Goodin in San Francisco • Get more from this author

Posted in Security, 2nd August 2011 18:44 GMT Free whitepaper – The Different Types of UPS Systems Attackers are exploiting a widely used extension for the WordPress publishing platform to take control of vulnerable websites, one of the victims has warned.

The vulnerability affects virtually all websites that have an image-resizing utility called TimThumb running with WordPress, Mark Maunder, CEO of Seattle-based Feedjit, wrote in a post published Monday. The extension is “inherently insecure” because it makes it easy for hackers to execute malicious code on websites that use it. At least two websites have already been compromised, he reporte”

The post Zero day bug threatens many WordPress sites • The Register appeared first on Security Wandering.

“Security Experts Warn of Microsoft Bluetooth Vulnerability By Jennifer LeClaire July 13, 2011 1:07PM

There’s danger on the wireless front, in the form of a Bluetooth stack vulnerability. Amid an otherwise mild Patch Tuesday for Microsoft, security researchers said the Bluetooth problem could be used to launch a targeted attack by sending specific malicious data to the targeted computer while establishing a Bluetooth connection.   Related Topics Microsoft Patch Tuesday Bluetooth Symantec Wireless Security Latest News Pentagon To Publish Cyberwar Rules Israeli App Merges Facebook, Google+ Microsoft Bluetooth Vulnerability Seen Rupert Murdoch Drops Bid for BSkyB Julian Assange Fighting Extradition

 

After a heavy June release, Microsoft on Tuesday issued a mere four security bulletins to address 22 vulnerabilities. Only one is rated critical. Still, security researchers agree there is an element of danger present on the wireless front. “An attacker could use the Bluetooth stack vulnerability to launch a targeted attack,” said Joshua Talbot, security intelligence manager at Symantec Security Response. “However, it’s unlikely it could be used in a widespread attack because an attacker would have to be within Bluetooth range to exploit it. A specific target would likely already have to be identified and that person’s whereabouts known to the attacker.””

The post Enterprise Security Today | Security Experts Warn of Microsoft Bluetooth Vulnerability appeared first on Security Wandering.

bout airplane tickest a while ago…..great price
Day before try to get 2 seats together  online at check in….

That did not happen, normal not a big deal.
but this time the wife is in a walking boot for her ankle and the kid always flys next to the wife.

Security at the airport was a breeze for everyone including the wife in her ankle boot contraption.
security made sure that the kid did not go wondering off well mom got scanned.
I get to deal with the 10 little gray bins and getting them thru the xray thing
as odd as it sounds it was like they wanted to help….got to love that.

Get to the gate wait for the gate folks to get there.
Now the gate folks had always been very helpful  for me

So I know they could easily fix the seating issue for me…..

WRONG
“the flight is full figure it out yourself when you get on the plane” 
The message from the gate folks

it was like they were more concerned about themselves then helping me an mine.
no even an earl boarding invite….wife in a walking boot for her ankle injure and 7 year old boy….

so we wait and yet more self involved airline folks come and go.

they open the plane for boarding…

final yet another group of airline folks…
about half way thu boarding we get invited to board after the wife hobbles around in the waiting line.

I new face from airline….who had just helped a 13 year old traveling alone… was the yes please go bored voice of reason

we go down the empty gate ramp took like 5 minutes down hill walking slow….
get on the plane and there are people sitting in all of our seats….
kid starts crying… have i mentioned yet that the wife “does not like to fly “motion sickens””

get the tickets from the wife…
kick an old couple out of my seat and the 13 year old seat….
then the 13 year old says I’ll change with you..

So the the wife and the kids get 2 seats together…..finally
the 13 year old stranger gets a window seat beind me…

Oh yeah forgot to mention the flight crew losing it because we had stopped anyone from boarding  the plane.
that kind of happens on the small jets  when you are in row 3 waiting for some folks to move out of your seats….

longer story short..

flight was great 20 minutes early kind of great.

moral of the story you should always call the airplane phone support folks to fix seating issues and wait on hold for an hour to talk to 
SAM “shrewas”  who think that the yankees are a florida baseball team……

The post what happens when airlines merge…or why no ones cares once they get your cash appeared first on Security Wandering.