kakroo's blog

Imperva uncovered a new, automated, cloud-based phishing kit.  Our Application Defense Center found this kit on a hacker forum.

Unlike previous phishing kits that have been available for years, this new approach lives in the cloud and relies on hackers exploiting other hackers.  And with the new cloud-based approach the infrastructure for this phishing kit never goes away.  Why?  In traditional schemes when you take down a server you take down not only the web page but also the back end data collection capability. In this cloud version, data collection is hosted separately from the phishing web sites which means hackers only need to repost the web front end in a new location to be back in business.  (It's like whackamole).

Dell said human error was to blame for mistakes which led it to ship a number of replacement server motherboards to customers pre-loaded with spyware.

The company declined to say whether it was running anti-virus software at its factory but said it had taken 16 steps to improve processes.

The infection hit replacement PowerEdge 310, 410, 510 and T410 boards. The direct seller said less than one per cent of boards were affected and complete new server systems were quite safe.

Dell is still not admitting how the W32.Spybot worm got into its systems and onto its hardware.

A Dell spokesman said the problem was worldwide but all infected motherboards had now been removed from the supply chain and it was already shipping clean boards.

Read More.

Facebook  has revamped the way its users share information with third-party applications and Web sites in an effort to make the process easier, the company said Wednesday.

With the changes, a new permissions box will pop up whenever a Facebook user installs a new application or first logs into an external Web site through their Facebook account, wrote Bret Taylor, the social-networking site's CTO, in a blog post.

About 550,000 applications work within Facebook and about 1 million Web sites are integrated with the site, Facebook said.

"In order for these applications and Web sites to provide social and customized experiences, they need to know a little bit about you," Taylor wrote. "We understand, however, that it's important you also have control over what you're sharing."

Nearly a month after a Google engineer released details of a new Windows XP flaw, criminals have dramatically ramped up online attacks that leverage the bug.

Microsoft reported Wednesday that it has now logged more than 10,000 attacks. "At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged," Microsoft said in a blog posting.

"Those initial exploits were targeted and fairly limited. In the past week, however, attacks have picked up."

The attacks, which are being launched from malicious Web pages, are concentrated in the U.S., Russia, Portugal, Germany and Brazil, Microsoft said.

PCs based in Russia and Portugal, in particular, are seeing a very high concentration of these attacks, Microsoft said.

Google's encrypted search engine, launched in May, has moved to a new Web address that isn't as convenient as its original one but that gives organizations the option to block the site for their users without locking them out of other Google services.

Originally offered at google.com, the encrypted search engine has been relocated to encrypted.google.com, a move prompted primarily by the requirement of schools and universities to block encrypted search engines for their students.

Educational institutions often ban encrypted search engines because students can use them to bypass the Web content filters of their schools and universities.

However, blocking google.com also interferes with other encrypted Google products, like the hosted Apps communication and collaboration suite, which many educational institutions offer for their staff and students.

The Kraken botnet, believed by many to be the single biggest zombie network until it was dismantled last year, is staging a comeback that has claimed almost 320,000 PCs, a security researcher said.

Since April, this son-of-Kraken botnet has infected an estimated 318,058 machines - about half as big as the original Kraken was at its height in the middle of 2008, according to Paul Royal, a research scientist at the Georgia Tech Information Security Center.

Like its predecessor, the new botnet is a prodigious generator of spam, with a single machine with average bandwidth able to send more than 600,000 junk mails per day.

Microsoft's creaking Internet Explorer 6 is more secure and popular than either Google's Chrome or Opera US banking giant Chase has determined.

The bank's therefore decided its online baking services will continue to support aging the IE 6 but drop support for Chrome and Opera.

IE 6 is nine years old and even Microsoft is now desperately speaking out against the browser, to get individuals and businesses to move on to IE 8.

Micosoft's Australian business unit recently equated using IE 6 to being as risky as drinking - or maybe, eating - a carton of nine-year-old milk as it lacked up-to-date cross-site scripting and anti-malware protection among other defenses.

The Software

Blackberry ER an application by PocketMac was primarily designed to locate a stolen BlackBerry handset. The application is designed to send a text message to the registered phone number in case the SIM is changed. It goes a step further by including the GPS location in the text.

The owner may use this information and with the help of local authorities, recover his stolen Blackberry.

VeriSign and one of its partners have come under fire for publicly exposing webpages used to process customer security certificates, a practice a competitor claims puts some of the biggest names on the web at risk of serious targeted attacks.

According to Melih Abdulhayoglu, CEO of internet security firm Comodo, publicly accessible pages such as those here and here needlessly disclose sensitive internal information about VeriSign customers Bank of America and the Commonwealth of Massachusetts respectively. By exposing the email address of the organizations' security certificate managers and providing a comprehensive list of web addresses that use secure sockets layer protection, VeriSign puts them at risk of targeted phishing attacks, he said.

I once read a book that said, among other things, “You can never truly give money away.” The point it was making was that the act of giving has a certain responsibility – if you hand a large wad of cash to a charity, for example, you will want to know that the money is being spent wisely.

A good theory perhaps, but it doesn’t fit very well with the golden rule of IT security – that the things we dislike, or don’t know how to deal with, can quickly be categorised as somebody else’s problem. In business as in daily life, people will – in principle – pay to have certain problems dealt with by others, with a flick of the hand and a cry of “make it go away”.

Just how much does this principle apply in security today? Well, like all good researchers, we thought we would ask the Reg audience in the form of a mini-poll.