Information Armor » infosec

Microsoft Internet Explorer Vulnerability

root — Wed, 07 Apr 2010 15:50:19 +0000

New Exploit Code for Microsoft Internet Explorer Vulnerability
Exploit code has surfaced for one of the vulnerabilities in MS10-018, the out-of-cycle bulletin released by Microsoft on March 30. This bulletin addresses multiple vulnerabilities in Internet Explorer including a 0-day vulnerability that was being exploited earlier this month. This most recent exploit code which has been released targets a different vulnerability covered by this same update. Customers that have not done so already should apply this cumulative update.
http://www.microsoft.com/technet/security/bulletin/ms10-018.mspx

http://www.metasploit.com/redmine/projects/framework/repository/revisions/9018/entry/modules/exploits/windows/browser/ms10_018_ie_tabular_activex.rb

Blackhat SEO

root — Tue, 09 Mar 2010 22:13:16 +0000

Recent assessments have discussed many of the Search Engine Optimization (SEO) scams currently in circulation. In a blog post published on Friday, X-Force analysts note how scammers are not only exploiting real news events, but they are also creating their own news to gain profits through affiliate programs. Our researchers warn, “you can’t always trust the hosts that search engines point to.” We encourage our customers to ensure their anti-virus software is up-to-date and to enable blacklisting on browsers that support it, such as the ‘Block reported attack sites’ setting in Firefox.
http://blogs.iss.net/archive/CreatingNewsForBlack.html

Some News

root — Mon, 11 Jan 2010 15:47:24 +0000

Security Risks at Fake ATM Machines
Fake ATM machines are not new, but awareness of them is. Have you ever gone into a locally owned gas station that has a small ATM sitting in the corner near the chocolate bars? Not all of them are real. They read card information, allow the person to enter their PIN, display a dummy message saying that the transaction cannot be completed at this time. All the while, it’s harvesting all the cards information to be used at a later time. Some fake ATM machines even have a camera to capture a photo to associate with the card information. We need to pass this information along among ourselves, our families, our friends and our customers. Captured information can be used to recreate a complete identity along with a bank account with funds in it.

Some good news … Albert Gonzalez, the Miami man who stole and resold 170 million cards and ATM numbers, has pleaded guilty and is awaiting sentencing in March.

Increases in Phishing Attacks
Identity theft is expected to increase again this year. With the bad economy in 2009 came a huge reduction in the workforce. Many of those who were unemployed invested in starting online businesses to make ends meet. These unskilled “webmasters” may have great ideas, but many are uneducated in privacy and security leaving identifiable information out there for criminal minds with access to the Internet. Names, addresses, phone numbers, notes on prospective clients all are jumping off points for spear phishing attacks.

There were many phishing attacks against financial institutions in 2009, about a 600-percent increase over phishing attacks in 2008. Spear phishing is becoming more popular as hackers target businesses where an attacker can access business accounts and initiate money transfers via wires or ACH to steal large sums of money at once or over time.

What is Information Security?

root — Wed, 06 Jan 2010 17:48:31 +0000

Information Security is a methodology and process of protecting information systems and their contents from unauthorized access, use, disclosure, disruption, modification, and destruction.

Information Security to businesses means protecting information about business’ customers, finances, new products or face lost business, law suits and even bankruptcy.

Information Security to individuals usually relates to privacy which can be viewed differently by culture.

How do businesses keep secure? How do individuals keep secure? The answer for each question is defined by how much their information is valued or cherished.

From a business perspective, and this depends on where the business is located, there are some things that are identified by the Government that the business must hold securely and for how long. I’ll definitely get into this later.

From an individual perspective, this really depends on level of income and ethics. A homeless person probably doesn’t care if his or her identity is stolen, or if someone is using their social security number. Nor does a famous movie star who is plastered over every source of media. I would find it hard to walk into a Jaguar dealership and claim I’m a famous movie star. Even if I had all their personal information.