Power Pwn Outlet Strip Doubles as Stealth Hacking Tool

Normally if you find a rogue outlet strip, or a user happens to bring his or her own surge protector to use you might not think much of it. Thanks to a new device called the Power Pwn, though, it might soon be cause for concern.

A company called Pwnie Express is taking pre-orders for the device. According to the company’s website, “Pwnie Express specializes in innovative, rapid-deployment cyber security products for the IT security professional.”

This working AC power strip might also be covertly spying on your network.
The idea of a power source that doubles as hacking or penetration-testing toolkit isn’t new to Pwnie Express. It also offers a smaller unit that simply plugs into an outlet. However, the Pwn Plug Mini may draw more attention than the Power Pwn, which by all outward appearances is simply a run-of-the-mill surge protector outlet strip.

Read more »


What You Should Know About Grum and the Botnet Takedown

Grum--the third largest botnet in existence, and the source of nearly twenty percent of all spam traffic online--has been taken offline by authorities. In some ways the takedown is significant, but it may not change much in the grand scheme of things. Let’s take a closer look at the botnet, and what the takedown means for all of us.

Perhaps you’ve heard Grum. I’ll be honest, I hadn’t. But, when a single botnet is responsible for one-fifth of all spam traffic it gets the attention of security researchers and law enforcement agencies. The cooperative, collaborative effort involved in this multi-national sting is impressive in its own right, but don’t expect spam to suddenly stop.

The Grum servers are shut down, but many PCs are still infected with the malware.
Adam Wosotowsky, messaging data architect at McAfee Labs, doesn’t consider the Grum takedown to be all that significant in the overall history of botnets, however, he still believes the effort is worthy of praise. “I'm not trying to take anything away from it, but I think that this is just one more step in the right direction and that there were many steps to get here and there will be many steps to go. It shows that the "red line" where botnet behaviors trigger a coordinated international response that takes the botnet down is getting more and more aggressive.”

Read more »


Five Cyber Risks to Avoid to Enjoy London Olympics Safely

A week from today all eyes will be on London and the opening ceremonies of the 2012 Summer Olympics. More than any prior Olympic games, the 2012 London Olympics will be watched and followed over the Internet and on mobile devices from around the world.

Of course, the cyber criminals know this as well, and cyber criminals tend to be adept at capitalizing on breaking news and major events as bait for unsuspecting victims. ThreatMetrix published a list of the top threats users should be aware of. If you want to enjoy the London Olympics safely from your PC or mobile device, avoid these five security risks:

This infographic from ThreatMetrix illustrates the Olympics cybersecurity risks.
1. Shady Apps

Read more »


Three Steps to Avoid Getting Hacked Like Yahoo

By now you’ve probably heard that hackers were able to breach a Yahoo server and expose more than 450,000 account passwords. No server or network is impervious, but Yahoo’s negligence or incompetence made this attack possible.

It may seem like a wake-up call for protecting servers better, and improving network security, but the reality is that it’s just a reminder that common sense and basic security practices could probably prevent this—and most other—attacks.

Where did Yahoo go wrong? Well, according to Jason Rhykerd, an IT security expert with SystemExperts, Yahoo made three serious mistakes.

Read more »


Microsoft Patches XML Flaw Under Attack and 15 More Vulnerabilities

It’s the second Tuesday in July, and you know what that means: it’s Microsoft Patch Tuesday. Today, Microsoft released nine new security bulletins as predicted in the advance notice last week. Some updates are more urgent than others, though, so we turn to security experts for insight and analysis to help guide your patching efforts.

Of the nine security bulletins, three are rated as Critical while the remaining six are ranked as merely Important. Of course, Important still suggests a sense of urgency that shouldn’t be ignored.

Two of the three Critical security bulletins also affect the upcoming Windows 8 OS.
The three Critical bulletins address the vulnerability in Windows XML core services, and flaws in Internet Explorer 9 and Microsoft Data Access Components (MDAC). The Important updates fix a range of issues affecting Windows, Office, Office for Mac, and SharePoint.

Read more »


There Is No Excuse for Still Being Infected with DNSChanger

The FBI estimates that as many as 275,000 PCs are still at risk of losing access to the Web on Monday when it pulls the plug on the DNS servers it has maintained to redirect PCs compromised with the DNSChanger malware to legitimate websites. Seriously? How much warning do people need?

Imagine you’re driving down a highway, and you see a sign on the side of the road that announced the road is closed in 10 miles, and directs you to exit onto an alternate route. Then, that same sign pops up at nine miles, eight miles, seven, six, and five miles. Then, for those who still don’t get it the sign appears every hundred yards for the remaining five miles. It’s hard to muster any sympathy for the vehicles that ignore all the signs and end up crashing when they get to the end of the road.

There's no excuse for still being compromised by DNSChanger at this point.
For starters, this is not a new threat. The DNSChanger malware itself dates back to 2007. It has been eight months since the FBI rounded up the cybercriminals behind the malware, and redirected traffic from compromised machines using surrogate DNS servers. It’s been more than two months since the FBI--and virtually every media outlet in the world--stepped up the campaign to warn people that the DNSChanger servers will be shut down on July 9.

Read more »


Patch Tuesday Includes Shocking Update for IE9

Time flies. More than half of 2012 has already passed, and now—with the Independence Day festivities behind us—we turn our attention to the seventh Patch Tuesday of the year. There are nine new security bulletins expected from Microsoft next week, including a critical update for Internet Explorer 9.

Only three of the nine security bulletins are ranked Critical, while the remaining six are rated as Important. The fixes and updates address vulnerabilities across a broad range of Microsoft platforms and software—Windows, SharePoint, Office (and Office for Mac), and Internet Explorer to name a few.

Patch Tuesday includes a Critical update that applies only to IE9.
Andrew Storms, director of security operations for nCircle, points out, “Usually, Microsoft patches IE every other month, and we just got a cumulative update in June. That's why it's so surprising to see that IE9, the 'most secure' version of IE, will be patched next week. It's pretty safe to say this bulletin will patch something pretty serious.”

Read more »