Normally if you find a rogue outlet strip, or a user happens to bring his or her own surge protector to use you might not think much of it. Thanks to a new device called the Power Pwn, though, it might soon be cause for concern.
A company called Pwnie Express is taking pre-orders for the device. According to the company’s website, “Pwnie Express specializes in innovative, rapid-deployment cyber security products for the IT security professional.”
The idea of a power source that doubles as hacking or penetration-testing toolkit isn’t new to Pwnie Express. It also offers a smaller unit that simply plugs into an outlet. However, the Pwn Plug Mini may draw more attention than the Power Pwn, which by all outward appearances is simply a run-of-the-mill surge protector outlet strip.
Grum--the third largest botnet in existence, and the source of nearly twenty percent of all spam traffic online--has been taken offline by authorities. In some ways the takedown is significant, but it may not change much in the grand scheme of things. Let’s take a closer look at the botnet, and what the takedown means for all of us.
Perhaps you’ve heard Grum. I’ll be honest, I hadn’t. But, when a single botnet is responsible for one-fifth of all spam traffic it gets the attention of security researchers and law enforcement agencies. The cooperative, collaborative effort involved in this multi-national sting is impressive in its own right, but don’t expect spam to suddenly stop.
Adam Wosotowsky, messaging data architect at McAfee Labs, doesn’t consider the Grum takedown to be all that significant in the overall history of botnets, however, he still believes the effort is worthy of praise. “I'm not trying to take anything away from it, but I think that this is just one more step in the right direction and that there were many steps to get here and there will be many steps to go. It shows that the "red line" where botnet behaviors trigger a coordinated international response that takes the botnet down is getting more and more aggressive.”
A week from today all eyes will be on London and the opening ceremonies of the 2012 Summer Olympics. More than any prior Olympic games, the 2012 London Olympics will be watched and followed over the Internet and on mobile devices from around the world.
Of course, the cyber criminals know this as well, and cyber criminals tend to be adept at capitalizing on breaking news and major events as bait for unsuspecting victims. ThreatMetrix published a list of the top threats users should be aware of. If you want to enjoy the London Olympics safely from your PC or mobile device, avoid these five security risks:
By now you’ve probably heard that hackers were able to breach a Yahoo server and expose more than 450,000 account passwords. No server or network is impervious, but Yahoo’s negligence or incompetence made this attack possible.
It may seem like a wake-up call for protecting servers better, and improving network security, but the reality is that it’s just a reminder that common sense and basic security practices could probably prevent this—and most other—attacks.
Where did Yahoo go wrong? Well, according to Jason Rhykerd, an IT security expert with SystemExperts, Yahoo made three serious mistakes.
It’s the second Tuesday in July, and you know what that means: it’s Microsoft Patch Tuesday. Today, Microsoft released nine new security bulletins as predicted in the advance notice last week. Some updates are more urgent than others, though, so we turn to security experts for insight and analysis to help guide your patching efforts.
Of the nine security bulletins, three are rated as Critical while the remaining six are ranked as merely Important. Of course, Important still suggests a sense of urgency that shouldn’t be ignored.
The three Critical bulletins address the vulnerability in Windows XML core services, and flaws in Internet Explorer 9 and Microsoft Data Access Components (MDAC). The Important updates fix a range of issues affecting Windows, Office, Office for Mac, and SharePoint.
The FBI estimates that as many as 275,000 PCs are still at risk of losing access to the Web on Monday when it pulls the plug on the DNS servers it has maintained to redirect PCs compromised with the DNSChanger malware to legitimate websites. Seriously? How much warning do people need?
Imagine you’re driving down a highway, and you see a sign on the side of the road that announced the road is closed in 10 miles, and directs you to exit onto an alternate route. Then, that same sign pops up at nine miles, eight miles, seven, six, and five miles. Then, for those who still don’t get it the sign appears every hundred yards for the remaining five miles. It’s hard to muster any sympathy for the vehicles that ignore all the signs and end up crashing when they get to the end of the road.
For starters, this is not a new threat. The DNSChanger malware itself dates back to 2007. It has been eight months since the FBI rounded up the cybercriminals behind the malware, and redirected traffic from compromised machines using surrogate DNS servers. It’s been more than two months since the FBI--and virtually every media outlet in the world--stepped up the campaign to warn people that the DNSChanger servers will be shut down on July 9.
Time flies. More than half of 2012 has already passed, and now—with the Independence Day festivities behind us—we turn our attention to the seventh Patch Tuesday of the year. There are nine new security bulletins expected from Microsoft next week, including a critical update for Internet Explorer 9.
Only three of the nine security bulletins are ranked Critical, while the remaining six are rated as Important. The fixes and updates address vulnerabilities across a broad range of Microsoft platforms and software—Windows, SharePoint, Office (and Office for Mac), and Internet Explorer to name a few.
Andrew Storms, director of security operations for nCircle, points out, “Usually, Microsoft patches IE every other month, and we just got a cumulative update in June. That's why it's so surprising to see that IE9, the 'most secure' version of IE, will be patched next week. It's pretty safe to say this bulletin will patch something pretty serious.”