-for your unpatched Windows PC to be compromised by hackers.
That's the estimate reported late last month from the SANS Institutes Internet Storm Center. While "survival time" measurements of computers connected to the Internet vary and are debated by some, there's no doubt that patching your PC is imperative in staying secure online.
We can't say we're surprised that the Storm Worm is sending a new squall of spam through our inboxes. In fact, Storm has shifted spam campaigns numerous times in the past few weeks alone.
If you follow security news, you may be familiar with the Domain Name System (DNS) security issue, discovered by researcher Dan Kaminsky, that was disclosed earlier this month. DNS is responsible for translating host names to IP addresses. The vulnerability allows hackers and phishers to redirect DNS queries; if a server is compromised, attackers could potentially redirect the traffic from that server to malicious websites.
How safe are your kids as they navigate the Net? According to a new study, while parents are trying to talk to young family members about computer safety, many kids are still engaging in risky online behavior, like posting personal information about themselves on social networking sites.
From a PCMag.com article on the study -
Today, we learned truly tragic news about the founder of Webroot, the company behind Spy Sweeper anti-spyware software. According to reports, the body of Steven Thomas, who had been missing in Hawaii since June 30, has now been found.
From all of us at Lavasoft, our hearts go out to Thomas' friends and family at this time and we send our sincere condolences.
Last week, we saw two legitimate sites hit by SQL injection attacks: Sony PlayStation and the Association of Tennis Professionals. SQL injection attacks are an emerging tactic that is becoming increasingly popular among hackers.
A U.S. district judge has ordered Google, the Search Engine, to release information about users that use their YouTube service. The major entertainment corporation Viacom won the legal battle against Google, resulting in access for Viacom to information about YouTube users and their "tubing" behavior, i.e. which videos they watch on the YouTube site. The verdict will also give Viacom access to the login-names and IP-addresses of the YouTube users, even though Viacom says that they will not use the information to frame individuals.
The FRA, Swedish National Defense Radio Establishment, that recently was approved to start their extended surveillance activity targeting wire-based Internet traffic and traffic in the mobile networks, may intercept personal e-mails between local Danish vicars and Danish people in their search for a cure of the souls. How is this possible, you ask? The e-mail of the Danish church is handled via servers placed in Sweden, and FRA is allowed to intercept communications as they pass the Swedish border, according to the newly adopted FRA law.
We are disappointed to announce that the FRA-law that we discussed in yesterday's blog was actually accepted as law by the Swedish Riksdag (national government) yesterday. The number of delegates voting for the new law was 143 and the number of delegates voting against the law was 138. The number of delegates that were absent, and therefore did not vote, was 67. Only one delegate refused to vote on the matter. Apparently, there was "no time" to wait for a proper investigation of the entire proposal and the addendum, and the decision was to accept the law quickly and then wait for an extra addendum proposal this autumn. The fast process was highly criticized but the directive was to come to a resolution before the summer holidays.
There is an ongoing debate about whether FRA, the Swedish National Defense Radio Establishment, should be allowed to extend their surveillance activities to include the surveillance of wire-based Internet traffic and phone conversations that pass the Swedish borders.
The proposed law was first discussed in 2007, and a decision was tabled during this past year. The proposal has resurfaced with the same vague wording as in the original proposal presented a year ago, and there are few clear rules for when such extended surveillance activities should or should not be allowed. There is also a big question mark regarding the authorization of the wire-based surveillance activities as well as the storage and the destruction of sensitive surveillance data.
Many in the security industry have called for consensus anti-spyware legislation in the U.S. to fully hold spyware distributors accountable for their actions, and to deter spyware vendors from violating consumers privacy.
In an attempt to bolster the number of drones in their botnet the Storm Gang has started sending out more spam email.
YOU SHOULD KNOW...
CATEGORIES
- Beta Testing (29)
- Comment (9)
- Definition File Updates (2)
- Developer Comments (15)
- Everyday Life at Lavasoft (92)
- How to (17)
- Industry and Security News (558)
- Lavasoft Products (141)
- Law Enforcement and Legal Action (49)
- News about Lavasoft (109)
- Phishing (1)
- Researcher Comments (39)
- Riff Raff (25)
- Rogues (76)
- Security Alert (93)
- Security Alerts (72)
- Security Tips (260)
- Website News (11)
