Phishers Mimic Google Adwords

Google Adwords account holders are being targeted by criminals out to trick them into handing over credit card information using a clever URL spoof that has gained popularity in recent weeks.

On the face of it, the scam follows a traditional attack route involving the sending of spam e-mail to random Internet addresses in the hope of finding users who have purchased Adwords. The e-mail claims that the user’s account payment has failed and asks them to “update payment information”, again a transparent ploy by today’s standards.

As obvious as this might sound, the unwary might easily be tricked by the convincing http://adwords.google.com/select/login link embedded in the e-mail, a perfect copy of the correct Google login address. This one, however, actually leads to http://www.adwords.google.com.XXXX.cn/select/Login [address altered], an obfuscated address that directs to a site associated with IPs in Germany, Romania, and the Czech Republic.

The site is a good copy of the real Google Adword site, and appears to let users login using their real account details — any account details will work, in fact. Entering payment details results in that information being posted using an SSL link to a remote server after which the account will ripped off.

The attack has been publicized by security software company Trend Micro, but the disarmingly simple scam is widespread enough to have been received by ordinary users in recent days.

Google Adwords exploits are not uncommon, some involving serving exploits directly, others involving the much more basic social engineering techniques used in the latest attack. Indeed, the latest phishing attack bears a strong resemblance to a near-identical campaign launched a few weeks back by Chinese criminals.

As common as ‘account update’ attacks have become, the spoofed — in other words, convincing — URL is still the key to reeling in victims. Criminals seem to have realized that users are paying more attention to such details, and that phishing success bar has been raised by this.

Source: PC World

Posted in Internet, Privacy, Security | No Comments

Glowing video tape USB hub

Nowadays, usb hubs are getting smaller and smaller (and then, they fall behind your desk because the cable is heavier than the hub an then you have to crouch behind your computer to recover it)

So I needed something better (of course, i could have simply glued it in place )
I got some old videotapes to throw away, and suddenly an idea hit me: I like the look of these old tapes, needed an usb hub that won’t slide behind the desk, why not build an videotape usb hub?
And some LEDs could be added to nearly everything, and an videotape forms no exception i think..

So save an old tape off the landfills and give it a new, fancy life…

Read the rest of the story…

Posted in Hardware, Networking | No Comments

IronKey Unveils 8GB Version of Secure USB Drive

IronKey Inc., maker of the world’s most secure flash drive, announced today availability of the
8GB-capacity of its IronKey secure USB devices. IronKey brings unprecedented mobile data convenience and security to individuals and organizations with its rugged, waterproof and tamper resistant USB drives that include always-on hardware encryption, strong authentication, portable applications and ultra-fast memory. IronKey’s cross platform capability and remote policy enforcement enable IT to rapidly deploy in heterogeneous environments with complete control.

The 8GB model is the latest version in the IronKey product line that currently includes 1GB, 2GB and 4GB options. All IronKey devices are easy to use, and there is no need to install software or drivers. All user data on an IronKey is encrypted with high-speed military-grade hardware encryption. Unlike software-based encryption, this always-on protection cannot be disabled, and is protected against cold-boot and brute force attacks. If a thief tries to break into an IronKey and exceeds a policy-determined number of failed login attempts, the IronKey Cryptochip will lock out the encryption functions and securely erase all the encrypted data with its patent-pending Flash Trash technology.

“Our virtual desktop customers have been eagerly awaiting IronKey 8GB drives because they are deploying large Windows desktops which rapidly wear out ordinary flash drives and most importantly need to be secured,” said John Jefferies, vice president of product marketing at IronKey. “Running virtual desktops from flash drives demands high performance with superior reliability which is why customers are choosing to deliver mobile desktops and business continuity solutions on IronKey.”

IronKey devices offer a suite of applications and services, including portable Firefox, IronKey Password Manager, RSA SecurID and a Secure Sessions service. Policy settings allow IronKey administrators to turn these applications off or on as desired. The combination of security applications and services along with hardware-based encryption on the IronKey deliver unmatched security for the drives, and protection of the data stored on them.

The 8GB version is available now for $299. For more information or to purchase, visit http://www.ironkey.com

Press Release

Posted in Hardware, Privacy, Security | No Comments

PHP 5.2.6 plugs security holes

The developers of the PHP scripting language have issued Version 5.2.6, which fixes numerous bugs and plugs some security holes. The changes are comprehensive, including bug fixes to modules that link to third-party products. PHP 5.2.6 also rectifies several flaws that could have caused a crash.

The developers have eliminated errors in the FastCGI programming interface that could cause stack-based buffer overflows. An integer overflow in printf() has been fixed, and a previously unknown security leak, number CVE-2008-0599 in the Common Vulnerabilties and Exposures (CVE) database, is said to have been eliminated from PHP 5.2.6. A hole in cURL that attackers could have exploited in order to bypass safe_mode and a defective patch that was supposed to rectify an endless loop in zlib have also been corrected.

The accompanying version of the Perl-compatible regular expressions library (PCRE) has now been updated to Version 7.6, which in turn plugs some security holes in that library. A workaround has been included for an error in libcurl 7.16.2 that might have caused a crash.

The new version has not yet appeared on the download page of the PHP Project, but is already available as a direct download. The change log has not been updated past PHP 5.2.5 either, but the changes are shown in the NEWS file in the source code archive.

Administrators should update to the current version of PHP as soon as possible, because some of the errors it eliminates allow the injection of malicious code. Further tips on safeguarding a PHP-based web server are given in a background article at heise Security, Server peace – Individual security measures for PHP applications.

See also:

• change log for PHP 5 by the developers of PHP
• download of the PHP 5.2.6 source code
• download of PHP 5.2.6 for Windows

Source: Heise Security

Posted in Coding, Internet, PHP, Security | No Comments

Keep Vista’s User Account Control on guard duty

Well, Microsoft has finally come clean about the real motivation behind Vista’s User Account Control feature. As Tom Espiner’s reports from the recent RSA Conference in San Francisco, Microsoft UAC Program Manager David Cross admits that UAC was designed to annoy users.

Espiner quotes Cross telling the security-conference audience that negative user reaction was the only way to coax independent software vendors to update their applications for Vista. As fewer programs violated Vista’s rules, users would have to click through fewer UAC prompts.

I’d feel worse about being manipulated by the biggest corporation in the world if UAC weren’t such a good idea, though less-than-perfectly implemented. It’s true that disabling the feature may allow a balky application or process to work, but too many important Vista features rely on UAC.

Read the rest of this story…

Posted in Security, Windows | No Comments