There is a growing Black Market demand not only for computers, but for swapped out internal parts, like chips, drivers, memory, etc.. Many universities, corporations, and government facilities are reporting losses of hundreds of thousands of dollars every year. Others are reporting millions of dollars of losses. The most disturbing aspect is that only 5%-15% is due to forcible entry, while 85% to 95% is due to internal theft.
Because most theft is internal, conventional alarm systems and card access systems are not effective. You need to find a computer security product that can protect equipment 7 days a week, 24 hours a day.
For more details logon to : http://www.worldsecuritycorp.com/crime.htm
Monday, February 4, 2008
IE plus Firefox equals 'critical' security risk
Firefox combined with Internet Explorer on the same desktop opens up a zero-day vulnerability that is highly critical, according to security researchers.
Users could face a "highly critical" risk if they have both IE and Firefox version 2.0, or later, loaded on their computer. The trouble begins when browsing a malicious site while using IE and it registers a "firefoxurl://" URI (uniform resource identifier) handler, which allows the browser to interact with specific resources on the Web. As a result, users may find their systems remotely compromised.
Earlier Tuesday, security researcher Thor Larholm, who discovered the IE flaw, and security research giant Symantec put much of the blame on IE, while Secunia's chief technology officer, Thomas Kristensen, attributed the problem to Firefox versions 2.0 or later.
"It's a little bit of both," said Oliver Friedrichs, director of Symantec's Security Response Center. "You have two very complex applications that are not playing well together and leading to a security issue. The components themselves are secure as stand-alone products but not together."
"Firefox is the current attack vector, but Internet Explorer is to blame for not escaping ... characters when passing on the input to the command line," said Larholm, in response to a reader's comments. "I agree that Firefox could have registered its URL handler with pure DDE (dynamic data exchange, the protocol for information exchange) instead and thereby have avoided the possibility of a command-line argument injection, but IE should still be able to safely launch external applications."
Friedrichs noted that while Firefox, which released version 2 last year, has gained in popularity, most Firefox users will also have IE loaded on their computers, since it comes with the Windows operating system.
The number of people who may be at risk could be substantial, he added.
Meanwhile, Kristensen of Secunia said: "A new URI handler was registered on Windows systems to allow Web sites to force launching Firefox if the 'firefoxurl://' URI was called, like ftp://, http://, or similar would call other applications."
But because of the way the URI handler was registered by Firefox, it causes any parameter -- which activates a program to perform a particular task -- to be passed from Microsoft's Internet Explorer, or another application, to Firefox, when firefoxurl:// is activated.
An attacker may use "chrome" context -- the interface elements of a browser that create the frame around its page displays -- to inject code on a user's system that would be executed within Firefox, Kristensen said.
"Registering the URI handler must be done with care, since Windows does not have any proper way of knowing what kind of input potentially could be dangerous for an application," said Kristensen. "For example, how should Windows know that the string 'chrome' could be dangerous for Firefox."
Other than avoiding malicious Web sites, system administrators could unregister, or remove, the "Firefox URL" URI handler, as well as change the way Firefox accepts the chrome input, Kristensen said.
Source : http://www.zdnet.com.au
Users could face a "highly critical" risk if they have both IE and Firefox version 2.0, or later, loaded on their computer. The trouble begins when browsing a malicious site while using IE and it registers a "firefoxurl://" URI (uniform resource identifier) handler, which allows the browser to interact with specific resources on the Web. As a result, users may find their systems remotely compromised.
Earlier Tuesday, security researcher Thor Larholm, who discovered the IE flaw, and security research giant Symantec put much of the blame on IE, while Secunia's chief technology officer, Thomas Kristensen, attributed the problem to Firefox versions 2.0 or later.
"It's a little bit of both," said Oliver Friedrichs, director of Symantec's Security Response Center. "You have two very complex applications that are not playing well together and leading to a security issue. The components themselves are secure as stand-alone products but not together."
"Firefox is the current attack vector, but Internet Explorer is to blame for not escaping ... characters when passing on the input to the command line," said Larholm, in response to a reader's comments. "I agree that Firefox could have registered its URL handler with pure DDE (dynamic data exchange, the protocol for information exchange) instead and thereby have avoided the possibility of a command-line argument injection, but IE should still be able to safely launch external applications."
Friedrichs noted that while Firefox, which released version 2 last year, has gained in popularity, most Firefox users will also have IE loaded on their computers, since it comes with the Windows operating system.
The number of people who may be at risk could be substantial, he added.
Meanwhile, Kristensen of Secunia said: "A new URI handler was registered on Windows systems to allow Web sites to force launching Firefox if the 'firefoxurl://' URI was called, like ftp://, http://, or similar would call other applications."
But because of the way the URI handler was registered by Firefox, it causes any parameter -- which activates a program to perform a particular task -- to be passed from Microsoft's Internet Explorer, or another application, to Firefox, when firefoxurl:// is activated.
An attacker may use "chrome" context -- the interface elements of a browser that create the frame around its page displays -- to inject code on a user's system that would be executed within Firefox, Kristensen said.
"Registering the URI handler must be done with care, since Windows does not have any proper way of knowing what kind of input potentially could be dangerous for an application," said Kristensen. "For example, how should Windows know that the string 'chrome' could be dangerous for Firefox."
Other than avoiding malicious Web sites, system administrators could unregister, or remove, the "Firefox URL" URI handler, as well as change the way Firefox accepts the chrome input, Kristensen said.
Source : http://www.zdnet.com.au
What is Phishing?
Phishing is an email fraud method in which criminals send out legitimate-looking email requesting personal and financial details from unsuspecting people. The messages normally appear to come from well-known and trustworthy Web sites. Web sites that are often used in phishing attacks include eBay, PayPal, Yahoo, MSN, and America Online as well as the sites of a lot of big banks and retailers.
Typically, the fraudulent emails direct victims to counterfeit Web pages that look identical to the companies' sites in order to fool you into submitting personal, financial, or password data. Phishing emails will almost always tell you to click a link that takes you to a site where your personal information is requested. Legitimate organizations would probably never request this sort of information via email.
Typically, the fraudulent emails direct victims to counterfeit Web pages that look identical to the companies' sites in order to fool you into submitting personal, financial, or password data. Phishing emails will almost always tell you to click a link that takes you to a site where your personal information is requested. Legitimate organizations would probably never request this sort of information via email.
Current threat Caller-ID Spoofing
In public telephone networks, it has for a long while been possible to find out who is calling you by looking at the Caller ID information that is transmitted with the call. There are technologies that transmit this information on landlines, on cellphones and also with VoIP. Unfortunately, there are now technologies (especially associated with VoIP) that allow callers to lie about their identity, and present false names and numbers, which could of course be used as a tool to defraud or harass. Because there are services and gateways that interconnect VoIP with other public phone networks, these false Caller IDs can be transmitted to any phone on the planet, which makes the whole Caller ID information now next to useless. Due to the distributed geographic nature of the Internet, VoIP calls can be generated in a different country to the receiver, which means that it is very difficult to have a legal framework to control those who would use fake Caller IDs as part of a scam.
Thanks to Bhuvaneshwari ...
Thanks to Bhuvaneshwari ...
Saturday, February 2, 2008
List of Some Free Antivirus Software
- AntiVir PersonalEdition Classic
- AOL Active Virus Shield (no longer available via AOL)
- AVG Anti-Virus Free
- Avast! Home
- Avira
- BitDefender Free Edition
- Comodo AntiVirus
- PC Tools AntiVirus
Subscribe to:
Posts (Atom)
Posts
