Posted by chris on Tuesday, December 30, 2008 – 1:52 PM
You may have noticed when you go to certain websites, you’ll get a signed certificate that is supposed to prove that you are at that actual website. I say supposed to because there was demonstration at the Chaos Computer Congress on how to spoof (fake) a MD5 certificate of authentication. There are a couple kinds of certificates and it appears that only the MD5 CA has been spoofed. This is an older type of certificate but is still used by many websites. There has been a warning about this concept for sometime, however, it was just demonstrated . So it’s no longer a concept because there is proof it can be, and has been done.
You can read all about it here http://www.win.tue.nl/hashclash/rogue-ca/
Microsoft has also issued a security bulletin about it here http://www.microsoft.com/technet/security/advisory/961509.mspx
The guys who figured out how to do this will not release all the details of how it was done for a couple of months, to give time for a fix to be developed.
I’ll post more details as they become available.
Posted by chris on Wednesday, December 17, 2008 – 1:59 PM
Filed under virus, Windows
In case you’ve missed it on the news, there is a big security hole in Internet Explorer. Usually Microsoft puts out updates on the first Tuesday of the month and for them to release a security update at any other time, indicates how bad it is. If you haven’t already run Windows Update today, I highly recommend you do so ASAP. Be sure to reboot your computer after the update so it finishes the install. You can also head over to Microsoft and read more about it by clicking here.
Posted by chris on Wednesday, July 2, 2008 – 3:38 AM
Looks like the phishermen are at it again. There must be plenty of phish in the internet sea. However, you don’t have to be one of the phish attracted by their lures.
Phishing is what they call those e-mails that attempt to trick you into giving up personal information, usually financial, which is then used to steal your identity and rape your bank account and or credit cards.
The latest one, I have seen, is using some old tricks but with new bait. The e-mail appears to come from Google’s Adsense program. It warns you that you will not receive any more payments, unless you update your information. Which you can do with the link provided in said e-mail.
To the average user, everything might look ok at first glance. However, if you try to reply to the e-mail, it will bounce back. If you click on the Google AdSense link that is provided, you will most likely end up at a domain that has google and adsense in it. But on closer inspection you will see there is more to the domain, like a .tw or other domain. Don’t be fooled by how the page looks like the real thing.
So if you get one of these e-mails, don’t click on it. And if you do have a Google Adsense or any other account, that you have received an e-mail informing you that it needs updating, never click on the link in the e-mail. It’s very easy to forge a link in any e-mail and is common in phishing scams. Type the address directly into your browser, or use google or some other search engine to find it for you.
Stay tuned for an article on how to spot phishing scams.
Posted by chris on Monday, December 10, 2007 – 9:54 PM
New details have been released about the New Zealand teen who is one of the most recent, and youngest, snared by the FBI in an operation dubbed Bot Roast II. Multiple arrests and convictions have come from this FBI sting.
Owen Walker, an 18 year old from Whitianga, New Zealand, is suspected of creating malicious software that took control of over a million computers. The FBI also believes AKILL, Walker’s online handle or nick name, is “the ringleader of an elite international botnet coding group” and has caused “more than $25 million in economic loss”. If evidence is found that warrants charges, Walker could be charged either in New Zealand or extradited and charged in the United States.
So far eight others, here in the U.S., have been charged in relation to the FBI’s investigation of Walker’s software. Three of them have been sentenced with jail terms of 12 to 47 months.
Botnets are comprised of computers which have been infected with malicious software. These computers are also known as “zombies” and can be used to for various illegal activities. Some “zombies” are used for phishing scams, identify theft, spam, network attacks, and scanning for vulnerable computers and websites which they can then install the botnet software on. People who contol these botnets are known as bot herders. Some bot herders have control of millions of computers. Currently it is estimated that there are approximately 150 million botnet infected computers.
