Wednesday, 31 December 2008

Boffins bust web authentication with game consoles

Source: The Register

Researchers using a modest cluster of PS3 game consoles running Linux have demonstrated the ability to generate domain names which hash to arbitrary MD5 digests. This allows them to get the MD5 hash signed by a legitimate digital certificate supplier, then use it as though it were a credential for the domain name with which it shares an MD5 digest.

Friday, 19 December 2008

Hundreds of Stolen Data Dumps Found

Source: Security Fix

Researchers using honeynets have gained access to a significant number of data drop sites used by various keyloggers and other data-gathering trojans. The resultant data is estimated at being worth several hundred to several thousand dollars per day when sold on the black market.

Friday, 12 December 2008

Retail Fraud Rates Plummeted the Night McColo Went Offline

Source: Security Fix

Spam wasn't the only Internet nuisance which ebbed somewhat with the disconnection of McColo: according to Ori Eisen, founder of 41st Parameter (a fraud detection and prevention service), "close to a quarter of a million dollars worth of fraudulent charges that his customers battle every day came to a halt" at the same time.

Tuesday, 9 December 2008

Malware now including DHCP server functionality

Source: Security Fix

The latest version of the DNSChanger malware (which alters local DNS resolver settings to point at a hostile DNS server) also includes DHCP server functionality. This potentially allows it to pass on the bad DNS settings to any host on the local network which is requesting configuration via DHCP. This could be particularly effective at public WiFi spots unless appropriate countermeasures are taken.

Sunday, 7 December 2008

Online payment site hijacked by notorious crime gang

Source: The Register

The Register breaks the news that the domain Mycheckfree.com, an online bill payment service, was hijacked and redirected to a phishing site on Tuesday, 2nd December. Brian Krebs at Security Fix has a deeper analysis which suggests that the phishers had the correct credentials to authorise the DNS change at Network Solutions, the registrar through which the domain name is published.