OpenVAS – Open Vulnerability Assessment System

As you all probably known since version 3 Nessus turned to a proprietary model and started charging for the latest plugins locking most of us out. Now we finally have a new, properly organised forked development with the name of OpenVAS – at last a decent and free Vulnerability Scanner!

OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user front-end. The core component is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications.

OpenVAS products are Free Software under GNU GPL and a fork of Nessus.

Source:
http://www.darknet.org.uk/2008/08/openvas-open-vulnerability-assessment-system-nessus-is-back/

Posted in Internet, Networking, Privacy, Security, Software | No Comments

Clipboards hijacked in web attack

Computer security firms are warning about an attack that hijacks the clipboard where copied text is stored.

The attack puts a hard-to-delete weblink into the clipboard that, if followed, leads people to a website selling fake security software.

The code that inserts the link has been found in flash-based adverts seen on many legitimate websites.

The attack on the clipboard has hit both Windows and Mac users of the Firefox web browser.

Source:
http://news.bbc.co.uk/2/hi/technology/7567889.stm

Posted in Internet, Privacy, Security | No Comments

Black Hat 2008: Dan Kaminsky

http://www.youtube.com/watch?v=R-SSVxsH7vw

Source:
http://www.youtube.com/watch?v=R-SSVxsH7vw

Posted in Internet, Networking, Security | No Comments

Fake MSNBC news alerts used in latest malicious spam campaign

IT security and control firm Sophos is reminding computer users to exercise diligence when checking their email in the wake of a new widespread wave of dangerous spam messages that claim to be breaking news alerts from MSNBC.

Samples intercepted at SophosLabs, Sophos’s global network of virus, spyware and spam analysis centres, have revealed that rather than containing a link to the story on MSNBC, unsuspecting users that click on the URL in the email will be redirected to a malicious webpage which will then attempt to infect computers with a Trojan Horse.

Source:
http://www.sophos.com/pressoffice/news/articles/2008/08/msnbc.html?_log_from=rss

Posted in Internet, Privacy, Security | No Comments

New Gpcode (encryption) ransomware speading via botnet

There are confirmed reports on a new version of the Gpcode ransomware being spread via a botnet.

According to Vitaly Kamluk of Kaspersky Lab (my employer), the Trojan encrypts files on an infected machine (AES-256) and leaves a text file named crypted.txt with a ransom note demanding $10 to decrypt the files. It also changes the desktop wallpaper with a skull/crossbones image that contains a URL, an ICQ number and an e-mail address to contact the author.

Source:
http://blogs.zdnet.com/security/?p=1689

Posted in General BS, Internet, Networking, Privacy, Security, Windows | No Comments