Another interesting post on the McAfee Avert Labs Blog discusses the relative importance of password complexity versus password length. They used the Cain & Abel utility to work out the time required to break various passwords and came to the conclusion that password length trumps complexity.
Archive for the 'Security' Category
The McAfee Computer Security Research blog has an interesting article on how malicious web sites can defeat the “captcha” codes that appear on many sites. The “Completely Automated Public Turing test to tell Computers and Humans Apart” or CAPTCHA are the challenge-response mechanisms that display distorted text or numbers that can be read by humans but not [...]
Microsoft released their third edition of the Security Intelligence Report last month which summarises the findings of their Malicious Software Removal tool, Windows Defender and OneCare service. This edition reports on the software vulnerabilities, exploits and malicious software discovered between January and June 2007. During this period the report claims that over 3,400 new vulnerabilities [...]
Supercomputer for rent?
27Sep07VeriSign, the company that administers the .com top level domain, has warned that botnets are growing at such a rate that there is an increasing risk of a Distributed Denial of Service (DDoS) attack against them effectively shutting down the Internet. They state in a report on ZDNet that they are currently fending off DoS attacks launched from BotNets by increasing [...]
Just days after possible security vulnerabilities were reported in the iPhone, researchers at Independent Security Evaluators in Baltimore have reported that a vulnerability in the Safari browser, used in the iPhone, could be exploited by rogue websites to gain full access to the phone. This could potentially provide full administrative access to the phone allowing access [...]
Staying on the Microsoft theme, MSDN have published guidelines for sidebar gadget developers in order to avoid Cross Site Scripting (XSS) vulnerabilities. As gadgets are built from HTML, JavaScript, and potentially ActiveX controls, they are a prime candidate for XSS vulnerabilities. Bare this in mind before installing the latest gadget you have found on the [...]
iPhone Web Vulnerabilities
18Jul07The Help Net Security site details some security vulnerabilities that exist in the current iPhone email and web client software. These include the email client not showing the URL of an embedded link, making phishing attacks easier, and the ability to get the phone to dial from a web link or Java script - although [...]
Following the launch of Microsoft’s Windows Defender and Forefront Client Security products, Microsoft have launched a Malware Protection Centre which details the top email, desktop and adware threats, as well as a Malware Encyclopedia covering the various types of malware and their use.
Microsoft Technet has also released a Malware Removal Starter Kit which details the steps [...]
ComputerWeekly reports some statitiscs from the aniti-virus vendor Sophos that web pages on ligitimate sites are being infected by malware at the rate of almost 30,000 a day. Sophos research shows the top ten web-based malware as:
Mal/Iframe 64.0%
Mal/ObfJS 10.1%
Troj/Psyme 3.8%
Troj/Fujif 3.1%
Troj/Decdec 2.7%
VBS/Redlof 2.5%
Mal/Packer 1.1%
Troj/Ifradv 1.0%
VBS/Haptime 1.0%
Mal/Zlob 0.9%
Others 9.8%
I know what you did last logon
30Jun07This is another interesting Microsoft document which was originally presented to the 2006 Virus Bulletin Conference in Montreal in October 2006. It discusses botnets, key loggers and the US legal aspects of monitoring computer use.
Click here to download the document.
