ZDNet's ZeroDay security blog reports that software engineering and reverse engineering expert and author Kris Kapersky is ready to prove that bugs in Intel CPUs can be exploited by various types of attacks. Kapersky will be speaking at the 2008 Hack in the Box Security Conference in Kuala Lumpur, Maylasia, in October.
To find out how Kapersky plans to prove his theory, read on after the jump.
A surge in the volume of stolen data has caused the price of hacked bank and credit card details to fall sharply, Reuters reports. According to researchers for Finjan, a Web security firm, account details with PIN codes that once sold for $100 or more might now only bring in $10 to $20. Taking its place are new types of stolen data, such as patient healthcare information that can be used to commit insurance fraud or to acquire prescription medication to sell on the black market. Other data commanding a high price now includes business information, company personnel files, and intercepted commercial emails.
Click the jump to see what new types of data are commanding a bigger premium, an why your banking institution might not always have your back.
You've seen the commercial and already know what brown can do for you, but you'll be red with rage if you fall for a new scam based on an old trick. On its website, UPS has posted a bulletin alerting customers that a fraudulent email claiming to be from UPS is making the rounds. The email implores recipients to open an attachment reportedly containing a waybill for the shipment to be picked up, but the only thing being picked up by doing so is a nasty virus.
Maximum PC readers know full well to leave attachments alone, but if you're a frequent UPS customer, these types of scams can catch you off guard, particularly since UPS does, on occasion, send out official notifications that may include attachments. If in doubt, UPS is asking its customers to contact customerservice at ups dot com.
Attackers are exploiting the threat using specially designed websites that hideously download malicious code. Since the ActiveX control bears Microsoft's digital signature, those users who have rated MS to be a trustworthy software publisher in their IE settings might very quietly have their systems compromised
Microsoft hasn’t come up with a fix for this bug yet. Though Microsoft says that attacks are targeted and not widespread, you are advised to breeze through the terse list of suggested actions posted by Microsoft and mitigate the risk.
Investor's Business Dailysays "Hackers always are on the lookout for the most vulnerable spot on your personal computers. These days, that weakest link might be your flash thumb drive." They're easy to exploit by malware and easy to lose. How do you cope with the security risks and potential data loss of the humble thumbdrive? Are you encrypting your thumbdrives?
For a closer look at thumbdrive security, and a chance to give us your tips, see us after the jump.
Ladies and gentlemen, please remember to fasten your Laptops every time you leave home for the airport. A fresh survey by the Ponemon Institute has corroborated a pretty obvious observation, that tons of laptops are lost in the twisty terminals of airports. In fact, the number of laptops lost at U.S airports annually is a truly stupefying 637,000 – about 12,000 laptops a week, according to the survey that encompassed 106 U.S airports.
But despite all the important information that might rest in displaced hard drives, 65% of the hapless travellers who misplace their notebooks don’t report the loss (out of shame, perhaps?). And apparently it is considered ignominious to loose a laptop in corporate circles, as only 1% of those polled admitted to having lost their laptop compared to the 84% people who claim to "know someone" who has. The survey was conducted at Dell’s behest to coincide with the launch of its new Laptop tracking and theft prevention service, Dell Mobility.
Those of you who have lost a laptop – or laptops – can commiserate in the comments section. And those of you haven’t lost one can discuss effective ways to maintain your impeccable track record.
Windows Update will itself be updated, starting in late July, according to Windows Update product manager Michelle Haven, in a recent TechNet post. This update changes both the WU clients used by Windows XP and Vista-based machines as well as the back-end infrastructure, and as a result, scans for updates and update installations are faster. That's the good news. But, will the update cause problems for Windows XP users who need to perform a repair installation? And, what about users who don't want Microsoft making any changes to their system?
For more light on these questions, join me after the break.
This holiday weekend many of you will be kicking back with a cold one, firing up the grill, spectating your local fireworks display, and perhaps catching up on a videogame or two when the festivities all come to an end. But while you're busy unwinding, hackers continue to look for ways to distribute malicious code and exploit vulnerabilities. Don't let what's supposed to be a relaxing weekend turn into a hair-pulling experience because you were caught off guard.
Update to Opera 9.5.1
Opera Software unveiled version 9.5 of its flagship browser less than a month ago, and the first major update is now available. Patching Opera to version 9.5.1 addresses several bugs and stability issues, and at least one "highly critical" vulnerability that could be used to execute arbitrary code. And it's not just Windows users that should install the update, but Mac OS X and Linux lovers too. Areas addressed in the update include:
Display and Scripting
View the 9.5.1 changelog for a detailed list of changes, and then hit the jump to see why you should be extra cautious about using the VLC Media Player.
With over a trillion-quantillion subscribers, World of Warcraft players are finding themselves increasingly popular targets for hackers, and nothing stings worse than logging in to Azeroth only to find your character standing in nothing but his scivvies and all his belongs wiped out. All that time spent acquiring digital doodads and neglecting your family, friends, pets, hygiene, job, and other real-life obligations down the drain.
Such scenarios are becoming far too common, and Blizzards offering WoW residents another way to beat back the bad guys, and it won't cost you any mana. Instead, for $6.50 (that's USD, a form of paper and coin currency used in non-virtual landscapes) you can protect your account with Blizzard's Authenticator dongle. Once linked to your account, the dongle generates a one-time six-digit passcode at the press of button to supplement your regular account password. And because the dongle stays separate from your PC, it's impervious to keyloggers and other similar malware.
Framed web pages are everywhere - but IE isn't ready to handle iFrame hijacking. ZDNet's Zero Day blog repots that exploit code is now available online to demonstrate how to perform malicious attacks against IE7 as well as IE6 and even IE8 beta 1. Even if your version of IE is fully patched, it's not ready to handle this vulnerability.
To find out how the threat works, join us after the break.