Mindblown: a blog about philosophy.
-
Vulnerability turns McAfee’s anti-malware solution into open relay
Flaw allows for spam to be sent through customers’ PCs. A vulnerability discovered in McAfee ‘s SaaS for Total Protection , the company’s hosted anti-malware solution, effectively turns a customer’s machine into an open relay, allowing others to send spam through it. Open relays allow anyone to send mail through a machine to any recipient…
-
AV-Test releases latest results
Business and consumer products achieve high pass rate. Independent testing lab AV-Test.org has released its latest batch of test results, with 23 consumer products and eight business solutions covered in two separate reports. All but one of the products taking part did well enough to earn certified status. The testing system covers a wide range…
-
Sykipot trojan used to target smart cards
Defence companies among small number of targets. Researchers at Alienvault have discovered a version of the ‘Sykipot’ trojan that is being used to target organisations that make use of smartcards to control the access of both physical and information systems. The malware is installed onto the victim’s machine via a zero-day vulnerability in Adobe software,…
-
Spammers link to site containing QR code
Curious users may scan URL and end up on pharma websites. Researchers at Websense have discovered spam containing links to a site containing a QR code in which the spam’s target URL is encoded. A QR code is a two-dimensional variant of a barcode – which can thus contain more information than a barcode. QR…
-
Spammers using Google open redirect
Vulnerability ‘not worthy of bug bounty program’. Researchers at Solera Labs have discovered spammers using an open redirect at Google to hide the final destination of their link from both users and filters. Open redirects on a domain allow for the creation of redirects to arbitrary third-party sites. They are usually enabled by a site’s…
-
Compromised websites used to mine bitcoins
In-the-browser botnet turns victims’ CPU cycles into cash for the attackers. Researchers have discovered a compromised website where a piece of JavaScript has been included that is used to mine bitcoins for the attacker. Bitcoins are a digital currency whose popularity and value have increased significantly in recent years. Bitcoins can be used to make…
-
‘Nitro attacks’ continue
PoisonIvy trojan sent attached to email warning about the same trojan. Researchers at Symantec report that the ‘ Nitro attacks ‘, which target a number of large companies, many of which are active in the chemical industry, are continuing, using the same methods as before. In the most recent part of this attack, employees of…
-
Recently discovered Java vulnerability being added to exploit kit
Kit ‘patched’ to include latest exploit; users urged to patch their software too. Security researcher and journalist Brian Krebs has found evidence that a recently discovered vulnerability in Java is being added to the ‘BlackHole’ exploit kit. The vulnerability was discovered a few weeks ago and makes use of the Rhino Script Engine to run…
-
SMS trojan targets Android users in eight western countries
Will another piece of mobile malware convince Google manager of the seriousness of the threat? Researchers at Kaspersky have discovered an SMS trojan for Android phones that targets users in eight western countries. This trojan, which masquerades as an SMS monitoring app, gives an error message upon being launched, suggesting that it is incompatible with…
-
IETF expedites publication of RFC describing feedback loop recommendations
Document fast-tracked to be published shortly before the sad passing of its author J.D. Falk. The Internet Engineering Task Force (IETF) has published an RFC detailing current practices of running email feedback loops. Feedback loops are essential for entities that send emails, such as ISPs and ESPs. Not only do they help them to detect…
Got any book recommendations?