About This Blog   |   Archives   |   RSS Feeds RSS Feed   (What's RSS?)

Archive: October 2007

Anti-Virus On A Mac?

Every other week, I host a Security Fix Live chat with readers, and almost invariably, one of the questions that comes up is: "Hi. I'm a Mac user. Should I be using anti-virus software?" I usually answer that while there...

By Brian Krebs | October 31, 2007; 6:00 PM ET | Comments (37)

'Net Governance Body Punts On WHOIS Privacy

The nonprofit organization that manages the Internet's domain-name system has voted to punt on a proposed change to the global WHOIS database of Web site name registrants. The changes would have given Web site owners the ability to shield their...

By Brian Krebs | October 31, 2007; 4:20 PM ET | Comments (14)

Hiding In Plain Sight

Security Fix pop quiz, here. Is the document pictured in the image to the right the depiction of a text document, or is it an executable malicious program disguised as a harmless text file? It's actually an executable file (one...

By Brian Krebs | October 31, 2007; 11:42 AM ET | Comments (0)

Spammers Tempt Surfers to Help Solve Captchas

Call it an online game of strip poker, only spammers are the ones walking away with all the winnings. The latest innovation in malicious software takes the form of shapely "Melissa," an alluring, scantily clad blond who requests the victim's...

By Brian Krebs | October 30, 2007; 10:20 AM ET | Comments (0)

Simplifying Long-Distance Tech Support

When you're the de facto tech support guy for most of your family and friends, you quickly find yourself making a lot of house calls. But if you're not being summoned to help install memory or a new hard drive,...

By Brian Krebs | October 29, 2007; 9:37 AM ET | Comments (0)

Equifax Details Credit Freeze Plans

Big three credit reporting bureau Equifax on Wednesday detailed its plan to offer certain consumers the ability to freeze their credit files as a means of preventing identity theft. The offering provides a clearer picture of how the credit bureaus...

By Brian Krebs | October 25, 2007; 4:00 PM ET | Comments (13)

Firefox Update Plugs 8 Security Holes

Mozilla has shipped an update to its Firefox Web browser that corrects at least eight separate security flaws, including two that Mozilla flagged as especially serious. Firefox users should have already received an update that brings the browser to version...

By Brian Krebs | October 25, 2007; 9:38 AM ET | Comments (23)

TJX Breach Was Twice as Bad as First Reported

The largest digital data theft ever recorded was bigger than originally thought. TJX, the Massachusetts retail giant that earlier this year disclosed that a series of network and computer intrusions had compromised more than 45 million credit- and debit-card numbers,...

By Brian Krebs | October 24, 2007; 11:37 AM ET | Comments (7)

Adobe Fixes Reader, Acrobat Vulnerabilities

Adobe is offering a software update to fix a security flaw in its Adobe Acrobat and Adobe Reader products -- the latter being free software that many people use to view PDF documents. The update, which brings the latest versions...

By Brian Krebs | October 23, 2007; 9:44 AM ET | Comments (17)

RealPlayer Patch Plugs In-the-Wild Security Exploit

RealNetworks, the maker of the RealPlayer and RealOne media player software, has issued a security update to fix a flaw that hackers are actively exploiting to break into vulnerable computers. The stand-alone patch, available here, remedies a flaw in RealPlayer...

By Brian Krebs | October 22, 2007; 4:27 PM ET | Comments (6)

Should E-Mail Addresses Be Considered Private Data?

A database of e-mail addresses and other contact information stolen from business software provider Salesforce.com is being used in an ongoing series of targeted e-mail attacks against customers of several Salesforce.com business clients, including SunTrust and Automatic Data Processing Inc....

By Brian Krebs | October 19, 2007; 6:00 PM ET | Comments (0)

Stock Spammers Pump It Up With MP3 Files

Spammers involved in pump-and-dump scams touting penny stocks now are using MP3 music files to lure investors, a switch security experts say is the latest tactic designed to sneak the messages past spam filters. According to e-mail security provider MessageLabs,...

By Brian Krebs | October 18, 2007; 1:48 PM ET | Comments (5)

The Carrot & Stick Approach to Internet Pollution

Lawmakers on Capitol Hill are once again debating whether to extend a soon-to-expire ban on taxing consumer access to the Internet. Proponents of such a ban say they want to keep the Internet free from the shackles of regulation, and...

By Brian Krebs | October 18, 2007; 10:20 AM ET | Comments (5)

The Russian Business Network Responds

An individual claiming to represent the Russian Business Network has denied media reports (including a Washington Post story I wrote that ran last week) the company provides Web hosting services to numerous cyber criminal operations. Experts quoted in my story...

By Brian Krebs | October 16, 2007; 3:45 PM ET | Comments (6)

Schwarzenegger Vetoes Retail Data Security Bill

California Gov. Arnold Schwarzenegger (R) on Friday vetoed a bill that would have forced retailers to foot more of the bill in cleaning up after customer data spills. The bill was unanimously approved by the Assembly, with the state Senate...

By Brian Krebs | October 16, 2007; 8:27 AM ET | Comments (9)

Mapping the Russian Business Network

Today's Washington Post carries my story about the the Russian Business Network, an entity based in St. Petersburg that provides Web hosting services that cater exclusively to cyber criminals. From the story: "The Russian Business Network sells Web site hosting...

By Brian Krebs | October 13, 2007; 12:02 AM ET | Comments (26)

Taking on the Russian Business Network

The text below was originally included as part of the story The Washington Post ran today on the Russian Business Network. The content below was cut for space reasons, but I thought the anecdote was interesting and timely enough to...

By Brian Krebs | October 13, 2007; 12:01 AM ET | Comments (13)

Microsoft Changes Tune on IE7 Vulnerability

Reversing its initial assessment, Microsoft on Wednesday acknowledged that it needs to fix a vulnerability in its Internet Explorer 7 Web browser that could allow malicious Web sites to install unwanted software on Windows XP and Windows Server 2003 machines....

By Brian Krebs | October 11, 2007; 10:43 AM ET | Comments (14)

Microsoft Plugs Nine Security Holes

Microsoft today released a set of seven security updates to fix at least nine separate security holes in its PCs powered by its Windows operating and other software. Windows users can fetch the patches from the Microsoft Update Web site...

By Brian Krebs | October 9, 2007; 5:21 PM ET | Comments (14)

A Year's Worth of Phish Facts

Phishtank.com, a volunteer effort to identify phishing e-mails and associated Web sites, released its first annual report today, providing one of the most comprehensive data sets ever published on the subject and offering fascinating insights on the scope and increasing...

By Brian Krebs | October 9, 2007; 7:54 AM ET | Comments (7)

Java Update Plugs Multiple Security Holes

Sun Microsystems is pushing out an important security update to various versions of its Java Runtime Environment (JRE) software, along with a couple of changes designed to make patching the program more predictable and manageable for companies running custom versions...

By Brian Krebs | October 8, 2007; 1:28 PM ET | Comments (8)

VOIP Mix-Up Exposes Customer Call Data

Bill Adler was relieved to get his old phone number back. The Washington-area resident's digits were marooned shortly after his former Internet-based phone service provider -- Sunrocket -- abruptly closed its doors in mid-July. Relieved, that is, until he received...

By Brian Krebs | October 8, 2007; 11:10 AM ET | Comments (0)

First the Campaign Ads, Then the Phishing...

It's bad enough that most of us have to deal with the daily flood of scam e-mails trying to steal our precious personal and financial data. But with next year's crop of presidential candidates now raising millions of dollars online,...

By Brian Krebs | October 5, 2007; 5:58 PM ET | Comments (0)

QuickTime Security Update for Windows

Apple has pushed out a security update for its QuickTime media player for Windows users. It might be a good idea not to let too much grass grow beneath your feet before installing this update: The vulnerability appears to be...

By Brian Krebs | October 5, 2007; 3:23 PM ET | Comments (5)

A Notable Step in the Fight Against Phishing

Yahoo! e-mail users should soon start noticing the disappearance of scam e-mails that try to steal PayPal and eBay account information. eBay and Yahoo! announced a partnership today that involves a technology developed by Yahoo! called "DomainKeys" to filter out...

By Brian Krebs | October 4, 2007; 4:51 PM ET | Comments (8)

Second Credit Bureau Offers File Freeze

Consumer credit reporting bureau Experian today announced that it would allow consumers in all 50 states to freeze their credit histories, becoming the second of the three national credit bureaus to offer the freeze option. The service, which will be...

By Brian Krebs | October 4, 2007; 9:32 AM ET | Comments (15)

iPhone (in)Security

This blog often takes software and hardware vendors to task when they use security updates as a means of enforcing product loyalty. Media player software makers are some of the biggest culprits here, so perhaps it's fitting that the 800-pound...

By Brian Krebs | October 2, 2007; 11:12 AM ET | Comments (40)

Just How Bad Is the Storm Worm?

The Storm worm has earned its share of superlatives, but security experts disagree over just how many computers running Microsoft Windows have been compromised by the e-mail worm. Some new figures released from Microsoft and estimates obtained by Security Fix...

By Brian Krebs | October 1, 2007; 10:31 AM ET | Comments (11)

 

©  The Washington Post Company