A university student who discovered vulnerabilities in his school’s computer network, investigated them and then sent a full report of how to fix them to the administrators is currently awaiting trial on computer intrusion charges.
The 20-year old student from Ottawa, Ontario will hopefully have a shining career as a security expert some day. What he did could easily be labelled “penetration testing”, only in this case the university got the professional services for free instead of having to fork up $550 per hour.
Security Focus has more details.
A malicious Firefox extension called FirestarterFox is being installed by some of the latest malware variants. This extension hijacks all search requests through Google, Yahoo and Microsoft Live search and redirects them through the Russian site thebestwebsearch.net. This is done with the intention of showing ads on the search results page which presumably make money for the creator of this piece of malware.
Luckily the extension can’t be silently installed since Firefox alerts users to all new extensions. So if you ever start Firefox and get the message that a new extension called FirestarterFox has been installed you will immediately know that you have malware on your system and should take steps to remove it or reformat your system.
In the following video entry Didier Stevens shows how to remove malware from a system using F-Secure Rescue CD. A nice video and I would also highly recommend Didier’s blog for your daily computer security fix.
Removing Malware with F-Secure Rescue CD
Online attackers have found a way to inject IFRAME redirects into the search results of major sites, including tech news site ZDNet Asia and bittorrent tracker TorrentReactor, researchers discovered on Tuesday.
By abusing the way that the sites cache search queries to optimize their rankings in other search engines — most notably, Google — fraudsters have been able to inject iframe redirects into the cached results. The redirects send unwary users to servers affiliated with the Russian Business Network that attempts to install a fake antivirus product, known as XP Antivirus, according to Dancho Danchev, an independent security researcher based in the Netherlands.
SecurityFocus has the full story.
We recently released Internet Password Manager and are currently running a time-limited promotion where you can get it for only $14.95 (that’s 40% of the standard price of $24.95). Hurry up and buy your copy now – it includes free minor version upgrade (i.e. you’ll get all version 1.x upgrades free of charge).
Download Internet Password Manager
More information on Internet Password Manager
New Zealand security researcher Adam Boileau has released a program that allows an attacker to log into a password-protected Windows machine via the computer’s Firewire port.
Interviewed in ITRadio’s Risky Business podcast, Boileau said the tool, released to the public today, could “unlock locked Windows machines or login without a password … merely by plugging in your Firewire cable and running a command”.
Boileau, a consultant with Immunity Inc., said he did not release the tool publicly in 2006 because “Microsoft was a little cagey about exactly whether Firewire memory access was a real security issue or not and we didn’t want to cause any real trouble”.
But now that a couple of years have passed and the issue has not resolved, Boileau decided to release the tool on his website.
The Age has the full story.
Internet Password Manager 1.0 has been released.
Internet Password Manager securely stores all your web site passwords using government-grade 256-bit Advanced Encryption Standard.
The program has been designed to be simple – there are no complicated options and adding a new password entry is a task that you accomplish with only two mouse clicks.
The free version stores up to 15 password entries and the full version stores an unlimited number of entries. As an introductory offer you can buy the full version for only $14.95 for a limited time (http://www.misec.net/order/)