Source: The Register
Researchers using a modest cluster of PS3 game consoles running Linux have demonstrated the ability to generate domain names which hash to arbitrary MD5 digests. This allows them to get the MD5 hash signed by a legitimate digital certificate supplier, then use it as though it were a credential for the domain name with which it shares an MD5 digest.
Wednesday, 31 December 2008
Friday, 19 December 2008
Hundreds of Stolen Data Dumps Found
Source: Security Fix
Researchers using honeynets have gained access to a significant number of data drop sites used by various keyloggers and other data-gathering trojans. The resultant data is estimated at being worth several hundred to several thousand dollars per day when sold on the black market.
Researchers using honeynets have gained access to a significant number of data drop sites used by various keyloggers and other data-gathering trojans. The resultant data is estimated at being worth several hundred to several thousand dollars per day when sold on the black market.
Friday, 12 December 2008
Retail Fraud Rates Plummeted the Night McColo Went Offline
Source: Security Fix
Spam wasn't the only Internet nuisance which ebbed somewhat with the disconnection of McColo: according to Ori Eisen, founder of 41st Parameter (a fraud detection and prevention service), "close to a quarter of a million dollars worth of fraudulent charges that his customers battle every day came to a halt" at the same time.
Spam wasn't the only Internet nuisance which ebbed somewhat with the disconnection of McColo: according to Ori Eisen, founder of 41st Parameter (a fraud detection and prevention service), "close to a quarter of a million dollars worth of fraudulent charges that his customers battle every day came to a halt" at the same time.
Tuesday, 9 December 2008
Malware now including DHCP server functionality
Source: Security Fix
The latest version of the DNSChanger malware (which alters local DNS resolver settings to point at a hostile DNS server) also includes DHCP server functionality. This potentially allows it to pass on the bad DNS settings to any host on the local network which is requesting configuration via DHCP. This could be particularly effective at public WiFi spots unless appropriate countermeasures are taken.
The latest version of the DNSChanger malware (which alters local DNS resolver settings to point at a hostile DNS server) also includes DHCP server functionality. This potentially allows it to pass on the bad DNS settings to any host on the local network which is requesting configuration via DHCP. This could be particularly effective at public WiFi spots unless appropriate countermeasures are taken.
Sunday, 7 December 2008
Online payment site hijacked by notorious crime gang
Source: The Register
The Register breaks the news that the domain Mycheckfree.com, an online bill payment service, was hijacked and redirected to a phishing site on Tuesday, 2nd December. Brian Krebs at Security Fix has a deeper analysis which suggests that the phishers had the correct credentials to authorise the DNS change at Network Solutions, the registrar through which the domain name is published.
The Register breaks the news that the domain Mycheckfree.com, an online bill payment service, was hijacked and redirected to a phishing site on Tuesday, 2nd December. Brian Krebs at Security Fix has a deeper analysis which suggests that the phishers had the correct credentials to authorise the DNS change at Network Solutions, the registrar through which the domain name is published.
Subscribe to:
Posts (Atom)
