funsec mailing list archives
today in the news
From: Paul Vixie <paul () vix com>
Date: Mon, 28 Aug 2006 23:06:55 +0000
http://www.mg.co.za/articlePage.aspx?articleid=275381&area=/insight/insight_tech/ A chain is only as strong as its weakest link. That's doubly true when it comes to protecting computers that are connected to the internet. Anyone who thinks that a virtual firewall is enough to protect a PC from the dangers of the internet -- such as hacker attacks and unwanted contact with damaging programs -- is making a mistake. --- http://stopbadware.org/reports/reportdisplay?reportname=aol082706 In our preliminary findings, we find that AOL 9.0 (free version) is currently badware because it installs additional software without telling the user, it forces the user to take certain actions, it adds various components to Internet Explorer and the taskbar without disclosure, it may automatically update without the user's consent, and it fails to uninstall completely. We currently recommend that users do not install the version of AOL software that we tested, unless the user is comfortable with the level of risk we identify or until the application is updated consistent with the recommendations in this report. --- http://www.osnews.com/story.php?news_id=15646 A landmark study on Department of Justice network crime prosecutions reveals most attacks used stolen IDs and passwords, resulting in far greater damages to affected organizations than previously thought: up to USD 10 million per occurrence and on average more than USD 1.5 million per occurrence. The report, "Network Attacks: Analysis of Department of Justice Prosecutions 1999-2006", concludes that 84% of attacks could have been prevented if, in addition to checking the user ID and password, the organization had verified the identity of the computer connecting to their networks and accounts. --- http://www.betanews.com/article/Yahoo_Adds_Login_Phishing_Protection/1156354790 In an effort to curb the influx of phishing scams that attempt to fool users into logging onto a illegitimate Web site, Yahoo is now enabling its users to customize their sign in box with a personal seal. The idea is that users would spot the graphic and know they are truly on Yahoo and not some malicious site. A number of banks including Bank of America have taken a similar approach with their authentication methods. Yahoo users can either upload an image or select a line of text that would appear only to them. However, because the feature utilizes cookies, it does not work on public computers and deleting the cookie would reset the login box to normal. --- http://www.betanews.com/article/Firefox_Extension_Promises_Private_P2P/1156452762 AllPeers released a beta Thursday of what it called the most ambitious Firefox extension to date, a peer-to-peer application that would allow friends and family to share files and content between one another in a private setting. Unlike the major P2P networks, AllPeers allows the sharing of files securely and privately. --- _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- today in the news Paul Vixie (Jul 24)
- Re: today in the news Dude VanWinkle (Jul 25)
- RE: today in the news Larry Seltzer (Jul 25)
- Re: today in the news Florian Weimer (Jul 25)
- Re: today in the news Drsolly (Jul 25)
- Re: today in the news David Lodge (Jul 25)
- <Possible follow-ups>
- today in the news Paul Vixie (Aug 28)
- RE: today in the news Richard M. Smith (Aug 28)
- Re: today in the news Dude VanWinkle (Jul 25)