Microsoft vulnerability

In this bulletin from Microsoft, they publicly address a vulnerability that could possibly allow a program to open another program. If you save a file such as .txt, .rtf, .doc, and open it, then under certain conditions, the file will be open other files and run it. This exploitation could allow attackers to gain access to the users information because if there happened to be a corrupted file on your hard drive, one of the files that could be potentially ran is the corrupted file.

Because most users have automatic updates through Microsoft, this takes care of most of the problems. However, those who do not have automatic updates need to check for the updates.

This vulnerability is completely preposterous. How incompetent are Microsoft’s programmers that they are not able to catch something like this before the final program is released to the public? Opening something as simple as a text file should never, under any circumstances, be a vulnerability.

http://technet.microsoft.com/en-us/security/bulletin/ms11-071

Hackers Wanted

Back in February the Defense Advanced Research Projects Agency (DARPA) launched a program called ‘Cyber Fast Track’ to help build its cyber security efforts. Each year the program is expected to fund almost a hundred cyber security and software research projects. By funding programs like these, the government hopes to build relations with the hacker community in order to build a stronger defense system.

According to the article, DARPA researchers found that an everyday hacker could create a code consisting of 125 lines that could crack 10 million lines of code. So, a hacker could be really useful in strengthening the security efforts for the government.

It’s about time that the government is on the same side as the hacker community, but this also brings to question. Are hackers willing to be on the same side for a simple paycheck? Or are they better off on their own and getting access to information more valuable than that paycheck? It’s really up to the hackers if they want to do good to get the goods or be bad to get better goods.

Hackers Wanted for Cyber Fast Track

South Korea admits to packet tapping Gmail

The National Intelligence Service (NIS) in South Korea has admitted to packet tapping Gmail, even through the HTTPS protocol. Packet tapping is a method of viewing a user’s transmitted data in real time. Gmail originally switched to HTTPS in 2010 after China was found packet tapping their unsecured HTTP protocol. If the claims are true, it will be the first time that someone has broken HTTPS, which was previously thought to be nearly impossible.

http://english.hani.co.kr/arti/english_edition/e_national/496473.html

The Ultimate Online Virus/Malware Scanners

Nowadays there are so many ways to help protect yourself from viruses and malware. One way that many people may not have heard about are sites like virustotal.com and virusscan.jotti.org

  

These sites allow you to send a file either through the website or via email and have it scanned quickly by many different anti-virus products, including the best ones out on the market today. Virustotal.com uses 44 different antivirus products. The best part of it is that it is free to use and the results usually come back quick.

Here are the different anti-virus products used by Jotti:

ArcaVir Avast! antivirus Grisoft AVG Anti-Virus Avira AntiVir Softwin BitDefender ClamAV CPsecure Dr.Web Emsisoft Anti-Malware Frisk F-Prot Antivirus F-Secure Anti-Virus G DATA Ikarus Kaspersky Anti-Virus ESET NOD32 Panda Antivirus Quick Heal Sophos VirusBlokAda VBA32 VirusBuster

The only drawback though is you can only scan submitted files. Obviously though you’ll be hard pressed to find a more comprehensive antivirus scanner. If you haven’t tried these sites before I suggest you guys try it out. Let me know what you guys think.

Cybercrime Epidemic

Cyber crimes are being committed across the web every minute of everyday. The extraordinary fact is that these attacks are not only effecting everyday citizens but also giants in the cyber security field.

“48 hours after releasing a policy paper on cybersecurity, the top trade association for intelligence contractors got a first-hand lesson on the subject: they discovered that their website was hacked.” – The daily beast

Financial services are getting hacked and stolen from in mass proportions along side the FBI, the CIA and many more big and important organizations.. The situation is so embarrassing and the smartest and the brightest minds in cyber security are getting owned everyday.

What is the problem and what is the solution? Why do hackers even do what they do? It’s possibly the sensation of achievement or the money that can be made. Maybe both!