Home

Main Menu

Login Form
Forgot your password?
Forgot your username?
No Account Yet?
Create an account

Witch one ?

Wich OS do you use ??
 

Resources

Welcome to the Frontpage
Image spam up, flu keywords take off PDF Print E-mail
Written by Administrator   
Monday, 04 May 2009 07:01

Spam levels continued to rise in April, reaching the highest level in 19 months as image spam made a comeback and keywords related to the outbreak of swine flu became more common, according to security firms.

Unsolicited e-mail accounted for more than 85 percent of all e-mail messages sent in April, a leap of nearly 10 percent since March, according to the latest spam report (pdf) from e-mail security firm MessageLabs, which — like SecurityFocus — is part of Symantec. The jump continued a resurgence in junk e-mail following a severe drop in spam that accompanied the takedown of hosting provider McColo in November. Many researchers had maintained that McColo hosted spam networks and botnet command-and-control servers, and the drop in spam supported those assertions.

However, the volume of junk e-mail quickly resumed its climb. In addition, spammers appear to be able to maintain sustained operations, a change from previous years, said Paul Wood, a senior analyst with MessageLabs.

"In the past, if you had a big burst of spam, it would take a few hours and then die back down," he said. "But now we are seeing more frequent runs lasting a lot longer."

Image spam, which used to be used by fraudsters to dodge anti-spam defenses, has been resurrected, Wood said. Yet, rather than being included as an e-mail attachment, the images are typically hosted on a compromised servers, he said.

In an almost-inevitable trend, spammers have joined the rest of the world in their interest in the latest influenza epidemic. The occurrence of the words "swine flu" in the subject lines of junk e-mail messages has skyrocketed, McAfee's security and communications manager David Marcus said in a blog post.

"Many people may not realize that the words “swine” and “flu” had really not been seen in spam before this past weekend and almost certainly not together in the same subject line," Marcus said.

MessageLabs confirmed that flu-related spam had risen recently, but oddly, the spam has dropped off in the last day, researcher Wood said.

"They have almost gone away today," he said. "Whether the spammers have gone on a hiatus or not, the (flu) spam has almost gone away."

If you have tips or insights on this topic, please This e-mail address is being protected from spambots. You need JavaScript enabled to view it .
 
U.S. wiretaps fall for first time in five years PDF Print E-mail
Written by Administrator   
Monday, 04 May 2009 07:00

The number of warrants issued by courts for oral, wire and electronic communications, and completed in 2008, fell last year fell to 1,891 and involved only two incidents of encrypted data, according to an annual report released this week by the Administrative Offices of the United States Courts.

Almost all of the wiretaps — 97 percent — involved eavesdropping on telephone communications, including cellular phones, the report stated. Combined wiretaps, which are used for surveilling a cellular or mobile phone with another type of eavesdropping, were used in 2 percent of the cases. The cases only include those warrants requested by law enforcement and not surveillance requested by intelligence agencies, such as the National Security Agency, whose broad wiretapping has raised the concern of civil-liberties advocates.

In only two cases did law enforcement encounter encryption, but — interestingly — "neither instance prevented officials from obtaining the plain text of the communications," the report stated.

For the most part, in almost 1,600 cases, the wiretaps resulted in drug charges against the targets. An average of 92 people's conversations were captured by each wiretap.

While the number of warrants issued to federal law enforcement for wiretapping has dropped every year since 2004, this is the first year that state agencies requested fewer warrants for wiretaps.

Agencies are only required to report wiretap warrants in the year they are completed. Some surveillance requests may not be reported if they are not yet completed or if the investigation continues.

If you have tips or insights on this topic, please This e-mail address is being protected from spambots. You need JavaScript enabled to view it .
 
JavaScript flaw reported in Adobe Reader PDF Print E-mail
Written by BoogY   
Thursday, 30 April 2009 10:59

The United States' Computer Emergency Readiness Team (US-CERT) warned users of the ubiquitous Adobe Reader to disable the program's use of Javascript after Adobe warned on Monday that a possible flaw had been found.

In a post to its product security blog, the company said it was investigating reports of a serious flaw in Adobe Reader. While initial reports only stated that a flaw had been found in the Linux version of Adobe Reader, the company updated the post on Tuesday to include Windows and Mac OS X versions as well.

"Adobe plans to provide updates for all affected versions for all platforms — Windows, Macintosh and Unix — to resolve this issue," the company stated on its blog. "We are working on a development schedule for these updates and will post a timeline as soon as possible. We are currently not aware of any reports of exploits in the wild for this issue."

The warnings appear similar to those that forced Adobe to issue a security advisory in February, and a patch the following month, urging users to beware of Reader attacks. Because of their ubiquity, Adobe's Acrobat and Flash software have become popular targets of security researchers, who try to find vulnerabilities to help secure software, and online criminals, who try to exploit the vulnerabilities. The repeated vulnerabilities and the lure of such a large user base have caused at least one security company, F-Secure, to recommend that people use alternate applications.

As a workaround for the problem, the US-CERT recommended that people turn off Javascript.

"US-CERT encourages users and administrators to disable JavaScript in Adobe Reader to help mitigate the risk," the response group warned in an advisory on Tuesday.

The vulnerability in Adobe Reader was first disclosed through SecurityFocus's Bugtraq database.

If you have tips or insights on this topic, please This e-mail address is being protected from spambots. You need JavaScript enabled to view it .