Security & Privacy

Opera belts out critical security update

Opera on Tuesday released a critical security update, designed to fix vulnerabilities in its browser that could allow malicious attackers to use an altered JPEG to take control of a user's system.

The update for Opera version 9.64 is designed to address security vulnerabilities in earlier versions of Opera 9.

The vulnerabilities were found in Opera's plug-ins, which when exploited via a maliciously crafted JPEG image could cause Opera to corrupt memory and crash, potentially resulting in execution of arbitrary code and cross-site scripting, Opera noted in its advisory.

Security software company Secunia rates the vulnerabilities as &… Read more

Symantec demos Project Guru at Demo 09

Are you sick of trying to diagnose your friends' computer problems over the phone?

Symantec is showing a demo on Tuesday at the Demo 2009 conference in Palm Desert, Calif., of a Web-based tool that allows tech savvy people to provide remote support to friends and family having computer problems.

Project Guru allows a user to connect remotely to another computer to troubleshoot and correct problems, with the connection secured using encryption and authentication. The tool offers diagnostic tools for network monitoring and identifying software installed on the remote computer.

The software uses that same internally developed technology as Symantec'… Read more

Conficker worm targets Southwest Airlines site

The Conficker worm, also known as Downadup, is targeting the Web site of Southwest Airlines and could disrupt online flight check-in and other services on March 13 as a result, security firm Sophos warned on Monday.

Mike Wood of SophosLabs Canada did some digging and found that the millions of computers infected with Conficker are programmed to contact wnsux.com, which redirects visitors to the main Southwest.com site, on March 13 to get instructions. That would cause a denial of service, shutting the site down temporarily, he wrote in a blog entry.

The worm is targeting about 7,750 … Read more

Facebook fights new Koobface worm, another rogue app

Like flies to cow dung, rogue apps are swarming to Facebook.

The popular social-networking site has been hit by what's believed to be the fourth rogue app in a week or so and is investigating the spread of a new variant of the Koobface worm, according to security firm Trend Micro.

The Koobface worm spreads via a message from a Facebook friend that includes a link to what looks like a video, Rik Ferguson wrote on the Trend Micro blog.

The landing page displays the name and photo of the friend. Clicking the "install" button redirects to … Read more

New antivirus software looks at behaviors, not signatures

It could be argued that security vendors are losing the battle with online scammers whose programs sneak onto computers and drop malicious programs, opening the computers up to remote attacks and turning them into zombies in botnet armies.

The problem is that most computers today rely on antivirus software that blocks malware by checking the code in a file against a database of signatures of known viruses. With thousands of new viruses arriving each day, many of them encrypted in part or otherwise disguised with modification, the signature lists require frequent updates and many new viruses slip through undetected.

As … Read more

Data about Obama's helicopter breached via P2P?

An Internet security company claims that Iran has taken advantage of a computer security breach to obtain engineering and communications information about Marine One, President Barack Obama's helicopter, according to a report by WPXI, NBC's affiliate in Pittsburgh.

Tiversa, headquartered in Cranberry Township, Pa., reportedly discovered a security breach that led to the transfer of military information to an Iranian IP address, according to WPXI. The information is said to include planned engineering upgrades, avionic schematics, and computer network information.

The channel quoted the company's CEO, Bob Boback, who said Tiversa found a file containing the entire … Read more

Facebook halts rogue app, MySpace plugs hole

Just in time for the weekend, social networks Facebook and MySpace were dealing with several new security issues on Friday that could expose personal information and communications from friends.

Facebook said it had removed a new rogue application that was spamming users and exposing their information. Before it was halted, the application sent messages claiming that a friend had reported the recipient for violating Facebook's terms of service and offered a link to click to find out more information.

Users who clicked on the link were providing the app access to their profile and personal information as well as … Read more

ID theft up, and 20-somethings suffer most

Update at 9:30 a.m. PST: A new chart has been added to the end of the article.

This was originally published in ZDNet's Between the Lines.

Identity theft cases surged in 2008, according to the Federal Trade Commission.

Last year, ID theft was by far the biggest complaint to the FTC, representing 26 percent of total problems reported. The next biggest one--third-party and creditor debt collection scams--represented only 9 percent of complaints.

The FTC's annual Consumer Sentinel Network report (PDF), released Thursday, details that ID theft complaints totaled nearly 314,000 in 2008, up from about … Read more

NASA hacker McKinnon moves closer to extradition

The Crown Prosecution Service has decided it will not prosecute self-confessed NASA hacker Gary McKinnon in the U.K., edging him closer to extradition to the U.S.

McKinnon's diagnosis with Asperger's Syndrome, a condition on the autistic spectrum, had not been taken into account in the decision, a Crown Prosecution Service (CPS) spokesperson told ZDNet UK on Thursday.

U.S. authorities last year won the extradition of McKinnon to face charges of breaking into 97 military and NASA computers. In December, McKinnon's legal team sent a letter to the CPS in which he confessed to offenses … Read more