Lisa Vaas

A section of Monster.com was bumped offline by an iFrame injection attack late on Nov. 19. The attack has reportedly been linked to the Russian Business Network. The attack affected a slew of companies represented on Monsters Company Boulevard, including Eddie Bauer, GMAC Mortgage, BestBuy, Toyota Financial and Tri Counties Bank. The Monster Company Boulevard […]

A Trojan is introducing malware into thousands of computer systems worldwide, and the number is growing by the hour. The malware is being introduced by MSN Messenger files posing as pictures, mostly seeming to come from known acquaintances. The files are a new type of Trojan that has snared several thousand PCs for a bot […]

A security problem in Apple Mail that got fixed in March 2006 has popped up again in Leopard, according to Heise Security. In a Nov. 20 posting, the security firm said that it had found that users can inadvertently start a potentially malicious executable by double-clicking an e-mail attachment injected with disguised code that looks […]

Mozilla is working to fix a flaw in the JAR URL handler that could leave Firefox users open to cross-site scripting attacks that are impossible for anti-virus programs to prevent. It turns out that the vulnerability, first reported in February by Jesse Ruderman, is far more serious than first realized. In fact, it turns out […]

Apple’s Nov. 15 update to the Leopard firewall is good news, with security researchers happy that Apple didn’t take the easy way out and simply rename the “Block all incoming connections” option. Instead, Apple “significantly” changed the way the firewall works, fixing most of the issues raised by Heise Security’s Jürgen Schmidt. “Every process that […]

Regardless of how much bottled water or tubes of lipstick air travelers have had to surrender, airport security is porous enough that government investigators have managed to smuggle liquid explosives and detonators concealed in their carry-on luggage and on their persons past security checkpoints, according to a report released from the Government Accountability Office on […]

Apple issued an enormous set of patches on Nov. 14, with 41 fixes for Mac OS X and Safari vulnerabilities that attackers can exploit to hijack systems, trigger denial-of-service and jack up their privileges. If thats not enough, Apple capped it off on Nov. 15 with three fixes to Leopards firewall, to solve the issue […]

A Sunbelt researcher, who shall go unnamed for what will soon be obvious reasons, has come up with a novel method of testing firewalls—novel, and completely unsanctioned by his employer, Sunbelt President Alex Eckelberry hastened to add when he told me about it earlier this week. The method: give yourself a handle like “TheHebrewHacker” and […]

After checking 1,160,000 random IP addresses, a security firm found nearly half a million database servers on the Internet not protected by firewalls—most of them were running Microsoft SQL Server, but a healthy portion of them were Oracle databases. Next Generation Security Software released on Nov. 12 a report saying the company found 368,000 Microsoft […]

Nov. 12 was just another busy day in the life of an advertising manager for a well-regarded online publisher. Well call her “Laurie Smith,” but it doesnt matter who she is or who the publisher is, because her experience is typical in an industry that is now enduring a plague of malware infiltration that its […]