Published on December 19, 2005
in Security.
The Malaysian web site of Minolta at
minolta.com.my has apparently been taken over by the Turkish hackers group TÜRKİYE. The entire site has been defaced and the following message was left on the homepage:
Please kindly note that we have no allegation and no showing of any strength in these internet area.
Above all we do not have any advertisement.
Our team is always in ourselves right mind.
Our duties are to show our GLORIOUS TURKISH FLAG the sites which are wrong publication against
to Turkey and attacker, looking small, offending to assume and attitude to Turkish Web Pages,
We do not deal with hatred, conservatism and antagonism.
We are always with sites which is agreeable to right mission.But we know how we penalize
someone who is holder of a wrong!!!
No further information about the attack is available and it has not been recorded at zone-h.org.
Thanks to Disposable Hero for the pointer.
Continue reading ‘Minolta.com.my - hacked!’
Google today launched two new extensions for the Mozilla Firefox browser. The Google Safe Browsing extension aims to notify the users of Firefox whenever they visit a phishing site. This is very much similar to the Netcraft Anti-phishing toolbar and anti-phishing feature that Microsoft is going to incorporate in IE7.
Another extension is the Blogger Web Comments. Once installed, the extension searches the Google Blogsearch and find whether other bloggers have any comment on the page you are currently viewing. You can use it to post to your own blog too.
Continue reading ‘Google unveils 2 new extensions for Firefox’
A bug that exists in Firefox 1.5 has been discovered and made available to public. The exploid code takes advantage of a bug of Firefox in handling history of visited sites, and could cause denial of service to the victim. When the topic of a page is crafted to be long enough, it will crash Firefox each time it is started.
Currently there is no any official fix from Mozilla. The only workarounds are either to erase the history.dat file manually, or to disable history feature of Firefox 1.5 (Tools -> Options -> Privacy -> History -> Set the number of days to save pages at 0).
Continue reading ‘Firefox 1.5 exploit discovered and made public’
Published on October 21, 2005
in Security.
Users of Internet Explorer now do not have to wait for IE7 to ship to get the phishing filter, which helps to alert users when they are tricked into visiting a known phishing scam site.
The feature is embedded into IE7, and is now available as an add-in for users of MSN Search Toolbar Beta.
Continue reading ‘Microsoft Phishing Filter now for IE6′
According to security expert Secunia, Microsoft is still leaving its Internet Explorer 6.x insecure with 20 unpatched bugs.
Of the 20 vulnerabilities identified so far, most of them are moderately or less critical, with some exceptions like the highly critical vulnerability found in a Microsoft ActiveX plugin called MCIWNDX.OCX which could allow malicious HTML documents to execute arbitrary code on a vulnerable system (info). Microsoft has also failed to completely fixed the multiple vulnerabilities which are classified as extremely critical (info).
On the other hand, Firefox 1.x has 3 out of 25 Secunia advisories that are marked as “Unpatched”, and a partially patched bug. Opera 8.x so far is free from any vulnerabilities.
You can check the Secunia vulnerability reports for Microsoft Internet Explorer 6.x, Mozilla Firefox 1.x and Opera.
Google has fixed a security hole found on its AdWords advertising program and a customer training site.
The bug was found and reported to Google by security company Finjan Software late last month.
The bug is a cross-site scripting vulnerability and is said to allow attackers to hijack Google accounts, launch phishing scams or even download malicious code onto users’ computers.
Continue reading ‘Google fixes security hole’
Just 3 months after Spreadfirefox.com got hacked due to a flaw in XMLRPC library used by its Drupal contact management system, it was recently brought down again by hackers.
This time, it’s not Drupal nor the popular xmlrpc to be blamed, but TWiki, a popular wiki software that isn’t part of Spreadfirefox.
According to the email sent to the Spreadfirefox members, they have started to implement security procedures to patch their software (Drupal and PHP) to the latest version as soon as they are made available. They have overlooked installation of the TWiki software since it is not used by the main Spread Firefox site.
Read more at techdigger.com.
Mozilla has recently announced a temporary fix to a flaw found in Firefox by security expert Tom Ferris. The flaw is caused by the way Firefox and Mozilla browsers handle International Domain Names, and it allows attackers to secretly run malicious software on users’ PCs. Tom has demonstrated that Firefox can be put to death easily with a link like this:
<A HREF=https:———————————— >
You may try it here (Warning: Clicking this link will crash your unpatched Firefox).
A temporary patch as an .xpi file is immediately available at ftp.mozilla.org/pub/mozilla.org/firefox/releases/1.0.6/patches/307259.xpi.
Strange though, as of this time of writing, I still don’t see any public announcement of this fix on mozilla.org.
The next time you buy a gadget, ignore the reminder that you should install the driver before plugging it into your computer. You should instead scan for virus first. Creative Technology, the company that makes Sound Blaster and Zen MP3 players has just announced that 4,000 of its Zen Neon portable music players are shipped with a Windows worm - Wullik.b.Worm.
The players sent to Japan in an allotment during late July are infected with the Wullik.b worm, a mass-mailed worm code. The Neon’s file system includes an infected file, but the worm won’t infect a connected PC unless the user browses the device’s file list and clicks on the infected file.
Ok, so scanning the drivers for viruses doesn’t help. Just how easy can life be?
Source.
Zotob.A is a worm targeting Windows 2000-based systems which takes advantage of a security issue that was addressed by Microsoft Security Bulletin MS05-039. Many computers running Windows 2000 around United States were hit, including those at CNN, NBC and the New York Times.
Links:
Screenshot of worm hitting CNN.
Removal instruction from Symantec.
Microsoft’s what you should know about Zotob.
Latest Comments