Monthly Archives: April 2011

SSCC 58 - Coreflood, DSLReports, Sony, Stars and Ars Technica

Sophos Security Chet Chat 41

Sophos Security Chet Chat 58 features Paul Ducklin and Chester Wisniewski discussing the week's most pertinent security topics. This week: the Coreflood take-down; password loss at DSLReports; Sony's big data breach; Iran claims a "Stars" virus attack; and Facebook shuts down Ars Technica.

Facebook comment-jacking? OMG! I Can't believe JUSTIN Bieber did THIS to a girl


A new technique for spams and scams is making the rounds on Facebook. This particular one tricks users into making a comment on a URL to spread it to their friends, making it far more difficult to track and shutdown.

Firefox 4 gets its first security update


Five weeks after shipping Firefox 4, the Mozilla project has published the new browser's first-ever security update.

The Firefox version number bumps up to 4.0.1.

The New York Yankees and responsible for 30,000 more data loss victims


The New York Yankees accidentally emailed personal details on 21,000 customers to their affiliates. Around the same time DSLReports disclosed they had been hacked through a SQL injection attack that disclosed the plain text passwords of thousands of members.

Compromised ads leading to TDSS rootkit infections

HackingTheWeb series logo

Hacking ad servers is a effective way of injecting malicious code into multiple third party web sites, potentially exposing huge numbers of users to the attack. Find out more about this latest attack being used to infect victims with TDSS.

Data thefts far more common than just Sony and Epsilon


While we are all interested when millions of records are stolen from well known companies, these attacks are a small part of the problem.

Why you shouldn't reveal your Royal Wedding Guest name

Why you shouldn't reveal your Royal Wedding Guest name

Facebook users put themselves at risk by revealing the name they would use if they had an invitation to the Royal Wedding.

Banned Lady Gaga video attack spreads on Twitter via rogue app

Lady Gaga. Image courtesy of s_bukley/Shutterstock.

Watch out for tweets about a banned Lady Gaga video, currently spreading across the Twitter network.

Is it possible Lady Gaga herself fell for this scam?

Sony says credit card details *were* encrypted, but questions still remain

Sony: Credit card details *were* encrypted

Sony confirms that credit card details which could have been stolen in the recent hack of the PlayStation Network were encrypted, but doesn't reassure customers regarding the strength of encryption.

Free anti-virus for Mac named Best Anti-Malware solution at SC Awards

Free anti-virus for Mac wins awards

Who would have thought it? A free anti-virus program for Apple Macs being named best anti-malware solution ahead of those security products for boring old Windows.

FBI takes on Coreflood botnet - but is this a step too far?


Two weeks ago, the FBI kicked off an anti-cybercrime operation of a sort which had never been authorised before in America, taking remote remediation action against infected PCs.

Things went so well the Feds want to do more.

Sony PlayStation data breach fiasco: what bugs me about it


Just how could user accounts, potentially including credit card details, of a whopping 70 million users not be encrypted? It baffles the mind.

PlayStation Network hacked: Personal data of up to 70 million people stolen

PlayStation network hacked: Personal information of up to 70 million people stolen

Users of Sony's PlayStation Network are at risk of identity theft after hackers broke into the system, and accessed the personal information of videogame players.

I LOVE YOU - Virus-inspired movie trailer and world premiere


The Love Bug, one the most infamous viruses of all time, has inspired a movie. Will you go to see it?

Memories of the Chernobyl virus

Memories of the Chernobyl virus

The CIH virus, also known as Chernobyl, quickly became one of the most commonly encountered viruses in the wild. Graham Cluley takes a look back in time.

Is Kian Egan leaving Westlife or has he been Twitter hacked?

Is Kian Egan leaving Westlife or has he been Twitter hacked?

Kian Egan, a singer with the Irish boyband Westlife, has been forced to deny that he is leaving the chart-topping pop group after statements were posted on his Twitter account.

PlayStation Network hacked: five days and counting..

PlayStation Network hacked: five days and counting..

The Sony PlayStation Network has been offline since 20th April, following what the company calls an "external intrusion".

Stars virus: Iran claims to intercept second cyberwarfare attack

Stars virus: Iran claims to intercept second cyberwarfare attack

Iranian officials today claimed to have intercepted a cyberwarfare attack, involving malware designed to spy upon government systems.

Easter Egg locations remain safe, says Bunny spokesperson


Reports surfaced today that the Easter Bunny was involved in a minor accident and lost a netbook containing the locations he had hidden Easter eggs and baskets around the world.

SSCC 57 - Infosec Europe 2011, Facebook privacy

Sophos Security Chet Chat 41

Chester Wisniewski and Paul Ducklin, Head of Technology, Asia Pacific discuss the open letter Naked Security published to Facebook and all the latest from Infosec Europe 2011.