CSRF Tidbits
Sep
30
30 September 2008, RedNeck @ 8:43 am

Well it has been awhile since CSRF has made the headlines. But here we go again. There was a paper publish by Ed Felten and Billy Zeller within the past few days that describes CSRF attacks in 4 major web sites, ING Direct, Youtube, Meta Filter, and New York Times. The wost of the attacks, ING Direct, would allow an attacker to tranfer funds out of a users account or open additional accounts on behalf a user.

Source: http://www.freedom-to-tinker.com/blog/wzeller/popular-websites-vulnerable-cross-site-request-forgery-attacks
White Paper: http://www.freedom-to-tinker.com/sites/default/files/csrf.pdf

Filed under: Protecting Your Finances,Security Awareness,System Security,Web App Sec | No Comments »
When is Antivirus not Antivirus
Sep
10
10 September 2008, RedNeck @ 7:18 am

Over the past few months we have noticed a rash of Fake Antivirus running around the internet. This stuff is typically called XP Antivirus 200(8)(9) etc..

Personally I have cleaned around 15 systems from this infection and it is not easy. Once infected it is easier to just wipe the system than it is to clean it. This virus typically downloads other malware such as Keylogger’s, Browser toolbars, etc..

The writers are putting out new variants of this malware every couple of weeks, so what we have here is a virus that the real antivirus companies are having trouble keeping up with.

You can read more about the new variant here and here. Do not download and run the malware unless you know what you are doing.

Filed under: Mal-Ware,Security Awareness | No Comments »
    
RedNeck Hacker is based on WordPress platform, RSS tech , RSS comments design by Gx3.