Several weeks ago we wrote about the leaked DNS exploit that had fallen into hackers’ hands. Tuesday August 5th at the Black Hat 2008 security conference in Las Vegas, the exploit’s discoverer, Dan Kaminsky, explained that it is much worse than initially thought.

In fact, it seems that the DNS exploit can be used to attack almost anything on the web.

“The entire scope of the attack is even yet to be fully realized. This affects every single person on the Internet,” said OpenDNS CEO David Ulevitch. Kaminsky estimates that only 42% (120,000,000) of worldwide internet users are currently protected from the exploit. 85% of Fortune 500 companies have patched their systems, though.

Continue Reading »

Widgets or gadgets, as they have come to be known for PCs, have become an easy and quick way for Web sites to attract traffic, but their rise has been accompanied with a new form of Internet spyware. Malicious widgets capitalize on the user’s assumption that all Google widgets are moderated, and some argue they are not. At the Black Hat Hacker conference in Las Vegas, consultants from SecTheory and Cenzic security companies demonstrated how a simple looking gadget could access personal information through an Internet web browser. Sites that encourage users to jazz up their pages appear to be the prime targets for such malicious gadgets.

But it doesn’t stop there. SecTheory and Cenzic believe that there are malicious widgets that steal information from other non-malicious widgets. Google discounts the SecTheory and Cenzic criticism. In a statement, Google retorts that the gadgets they distribute are regulated, and malicious gadgets are rarely found. When they are, the malicious widget is immediately blacklisted.

Continue Reading »

Coming soon to an airport near you, less time spent in security lines? That’s the hope for frequent fliers as Registered Traveler’s Clear security program (www.flyclear.com) is now cleared to be used in airports across the U.S.

“Clear members are pre-screened and provided with a high-tech card which allows them to access designated airport security fast lanes nationwide. Clear members pass through airport security faster, with more predictability and less hassle,” says Clear’s website.

Continue Reading »

Terry Childs, the 43-ear-old disgruntled San Francisco network administrator who hijacked the city’s network by withholding the its pass codes, has given them to San Francisco’s mayor, Gavin Newsom, after having refused to reveal them for more than a week. Without the codes, city administrators would have had to reconfigure the network, a time-consuming and costly process.

The codes gave Childs exclusive access to the City’s FiberWAN network, which carries around 60 percent of the government’s network, including the law enforcement, payroll, officials’ e-mails, and jail-booking records; the network could still run, but only Childs could configure it. He also apparently “booby trapped” the system, so that key files would have been destroyed had the system been shut down or lost power. A system shutdown had been scheduled for Saturday, July 19, for routine maintenance.

Continue Reading »

The internet security website Matasano accidentally posted on Monday details of a potentially dangerous internet flaw; it was quickly taken down, but not before being found and circulated by hackers, who believe that writing an exploit to attack the bug will be easy and are ready to benefit from it. According to Wired Magazine’s security and privacy blog “Threat Level,” “[h]ackers are furiously working on an exploit to attack the vulnerability. HD Moore, creator of the Metasploit hacking tool, says one should be available by the end of the day.”

The flaw is in the DNS, Domain Name Service, often called the “internet phone book,” which translates URLs from text-based (www.atelier-us.com, for example) into numerical IP addresses. The exploit makes tying malicious IP addresses to legitimate URLs much easier. Attacks could potentially hijack users to create sites that imitate legit ones, which will download malware to users’ computers or steal information entered into a dummy site. This has been called “phishing without email.”

Continue Reading »

A new Trojan virus has found vulnerability in Microsoft’s Word software, and although the attacks are very recent and limited, Symantec [SYMC] and Microsoft [MSFT] have warned users about the bug and potential problems.

On its Web site, Symantec issued a warning, saying that they have “discovered active exploitation of a possibly undisclosed vulnerability affecting Microsoft Word.” They identified the virus as a Trojan horse bug called Backdoor.Darkmoon.

Microsoft has responded to such reports by issuing a statement saying that the vulnerability affects the Microsoft Office 2002 Service Pack 3 suite of software.

Continue Reading »