Monthly Archives: March 2011

Firefox joins Chrome in supporting HTTP Strict Transport Security (HSTS)

Firefox175

The second and third most popular browsers on the internet now support an enhanced security feature called HSTS. Read on to learn what HSTS is and how it provides an additional layer of security.

TripAdvisor admits to database security breach

TripAdvisor admits to database security breach

Popular travel website TripAdvisor is the latest well-known brand to 'fess up to a security breach.

This one isn't a "red alert", since only email addresses were stolen, but it's an embarrassing thing to have to admit to.

Apple's XProtect updated in OS X 10.6.7

happymac

When Apple released their most recent patch for OS X, 10.6.7, they slipped in a little extra feature. This time they have updated XProtect, their basic anti-virus component, to detect one more unwanted Mac application.

Major cyber attack hits EU Commission and EEAS days before Brussels summit meeting

EU flags in wind

A "serious cyber attack", similar to those we saw against France's finance ministry earlier this month, has hit the EU Commission and European External Action Service (EEAS).

Italian law firm knowingly serves up infected web pages

code law firm

If you got a call from a legitimate security source informing you that your website was infected, would you take action? I certainly would, which is why I am rather frustrated when we take time to reach out to an organisation about a web infection, and they deliberately choose to do nothing about it.

One week later: Rustock and Pharmacy Express still flatlined

PharmacyExpressTitle-245x175

One week after the much publicized Rustock botnet command and control take down, and subsequent drop in spam volumes, SophosLabs can confirm Rustock has not come back from the dead.

Fraudulent certificates issued by Comodo, is it time to rethink who we trust?

IE9CSR-2

Today, Microsoft issued a Security Advisory warning that fraudulent digital certificates were issued by the Comodo Certificate Authority. This could allow malicious spoofing of high profile websites, including Google, Yahoo! and Windows Live.

Should you need approval before posting and tagging a person's photo on Facebook?

Laptop with caution tape

A mother loses custody of her child based on evidence of, among other things, Facebook photos showing her drinking. The problem was that she had received mental health advice that she abstain due to her medication regime. To make matters worse, she did not post the pictures or give consent for them to be broadcast for the world to see. Is this fair?

Firefox 4.0 is launched

firefox logo

Nipping at the heels of Microsoft's Internet Explorer 9.0 launch just last week, we now welcome Mozilla's Firefox 4.0 into the fold. The new browser packs in a number of new features to improve browsing, security, and the ability to sync bookmarks, passwords and browsing history between computers and devices.

Adobe issues critical zero-day patch for Reader and Acrobat

adobe logo

Adobe have just released an out-of-cycle patch to address a critical vulnerability (CVE-2011-0609) in Adobe Reader and Acrobat for Windows and Mac. Naked Security recommends that all users update now.

Coin Lock, an end to MMOG account hacking?

rift175

Theft of virtual currency has increased since many virtual items can be sold for real money. Learn more about how online gaming companies are trying to protect your virtual "ass"ets.

Two years in jail for Zynga poker hacker

zynga poker

29-year-old Ashley Mitchell has received two years in a UK slammer after being found guilty of stealing 400 billion poker chips from Zynga, makers of popular social networking games such as zyngapoker, FarmVille and MafiaWars.

SophosLabs gives lecture at the University of Birmingham

university-of-birmingham

Yesterday, I had the pleasure of being invited to lecture Masters' students from the University of Birmingham as part of the Network Security module. The University has its very own train station, so my journey from Oxford was very smooth. Read more…

Data loss at Play.com

play.com logo

Large online retailer Play.com has emailed its customers yesterday admitting to a security breach in its marketing communications. Names and emails may have been compromised. Play.com claims the breach happened outside its walls, so presumably they use a third party marketing consultancy to manage part or all of its marketing activities.

SSCC 53 - RSA advice, RIM advises on JavaScript and Chrome patches Flash before Adobe

Sophos Security Chet Chat 41

This week's Chet Chat discusses the recent breach of RSA Security, advice from RIM on securing your BlackBerries post Pwn2Own and Google's speedy security updates to their Chrome web browser. Settle in for 10 minutes and keep up on the latest security news,

Apple OS X vulnerabilities - Snow Leopard patches more security holes

ApplePatch250

Apple has released version 10.6.7 of their OS X operating system for Macintosh computers. This update includes many security fixes, so if you are a Mac user, update now!

Chip and PIN compatibility leads to insecurity

CC250

At last week's CanSecWest security conference in Vancouver Canada researchers showed methods they could use to compromise chip and PIN credit cards. Is backward compatibility creating security holes that reduce the security of your card?

French commission fines Google €100,000

Privacy defined image

Google has been fined €100,000 for using unauthorised data captured from unencrypted WiFi networks, according to French authority CNIL. The data captured is reported to include sensitive information such as usernames, passwords and even email exchanges revealing sensitive information about sexual orientation or health.

CSIS expert lists worst cyber security breaches since January 2010

Picture of an open lock

According to Bank Info Security, testimony on the major security breaches of the last 15 months was given before the House Homeland Security Committee by James Lewis, senior fellow at the CSIS.

New teacher from behind Facebook likejacking attack leads to survey scam

TeacherBehind250

Thousands of Facebook users are still falling victim to likejacking attacks on the social networking service. Considering how successful these scams are, is it time for Facebook to take more aggressive action to shut these down?