Search
Archives
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- August 2006
- July 2006
- June 2006
- May 2006
- March 2006
- February 2006
- January 2006
Partners
Monthly Archives: April 2008
Advertising Practices Endanger Internet Users
Several major ISPs are substituting ad pages for the error messages normally displayed when users navigate to non-existing subdomains. Ryan Singel “writes in Wired”:http://blog.wired.com/27bstroke6/2008/04/isps-error-page.html that: bq. “The rub comes when a user is asking for a nonexistent subdomain of a … Continue reading
Tagged isp, security, stopbadware, subdomain
Comments Off
Outrageous EULA – from a botnet vendor
The “Symantec Security Response blog”:http://www.symantec.com/enterprise/security_response/weblog/2008/04/copyright_violations_in_the_un.html today features a bizarre end user license agreement (EULA) – not for a legitimate piece of software, but for a bot builder sold in the criminal black market. Many of the restrictions the bot vendor … Continue reading
Important WordPress security update
From the official “WordPress.org blog”:http://wordpress.org/development/2008/04/wordpress-251/: bq. Version 2.5.1 of WordPress is now available. It includes a number of bug fixes, performance enhancements, and one very important security fix. We recommend everyone update immediately, particularly if your blog has open registration. … Continue reading
Two Interesting Security Challenges
Two noteworthy exploits have surfaced recently. This blog post will cover: _first_ a server-based attack-tool and _second_ the discovery of a now-patched vulnerability in Flash. *First:* Tornado, a web-based exploit tool, can exploit more than a dozen browser vulnerabilities. ITNews … Continue reading
Microsoft: Web attacks on the rise
Robert McMillan over at ComputerWorld “reports”:http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9079558&intsrc=hm_listx that Microsoft has found a significant increase in web-based attacks in the past year: bq. Criminals changed tactics in the last six months of 2007, dropping malicious e-mail in favor of Web-based attacks, according … Continue reading
Tagged malware, microsoft, stopbadware
Comments Off
Rock Phish Adds a Trojan to Arsenal
Earlier this week, “RSA”:http://www.rsa.com/ issued a warning that Rock Phish has updated their “attack methods”:http://www.darkreading.com/document.asp?doc_id=151558&WT.svl=wire_2. Dark Reading “writes”:http://www.darkreading.com/document.asp?doc_id=151558&WT.svl=wire_2 “Rock Phish attacks are estimated to account for more than 50% of phishing attacks world-wide and to be responsible for the theft … Continue reading
Tagged phishing, security, stopbadware, trojan
Comments Off
Spam Targets a Wide Field of Users
The Internet Storm Center (ISC) “reports”:http://isc.sans.org/diary.html?storyid=4289 that CEOs have been receiving faux federal subpoenas via email. While there is an “online component”:http://en.wikipedia.org/wiki/CM/ECF to some case filings, ISC points out that initial contact is *always* made the old fashioned way, via … Continue reading
Tagged social_engineering, spam
Comments Off
Apple Responds to Community Concerns
A few weeks ago, the blogosphere raised concerns about the Windows version of Apple Software Update for offering new software installations (e.g., Safari) disguised as product updates. At the time, we “blogged about it”:http://blogs.stopbadware.org/articles/2008/03/24/apple-updates-raise-eyebrows and said we were looking into … Continue reading
Tagged apple, itunes, stopbadware
Comments Off
Symantec Security Report Examines Second Half of 2007
Last week “Symantec Corp”:http://www.symantec.com/index.jsp released a security report summarizing findings from the last six months of 2007. Similar to findings in StopBadware’s “Trends in Badware 2007″:http://www.stopbadware.org/home/reports report, Symantec finds that badware, malware, spyware, and bots develop rapidly in the current … Continue reading
Social Networking Sites are Rewarding for Badware Producers
Social networking sites are fun. I’ve spent unknown hours procrastinating with them and my experiences have generally been favorable. Logging onto my account recently, I found multiple private and public messages from a contact, a high-school friend, who was trying … Continue reading
Tagged by, drive, socialengineering
Comments Off
