Friday 25 January 2008

Drive By Pharming is here...

The first case of "drive-by pharming" has apparently been observed in the wild:
http://www.networkworld.com/news/2008/012208-drive-by-pharming.html

Friday 18 January 2008

Personal data found on roundabout...

What is going on in the U.K.?
http://news.bbc.co.uk/1/hi/england/devon/7197048.stm
Is it that incidents like these are being reported more openly or that they are occuring more often?

Is there something in the air in the UK?

To quote the article:
"West Midlands police are investigating the theft of a laptop from a Royal Navy officer which held personal details of 600,000 people, it has been confirmed."

However, it is really not much to worry about; there were only a few NI numbers, passport and a few bank details for good measure.

All of that on a laptop kept in a car overnight??
http://news.bbc.co.uk/1/hi/uk/7197045.stm

Monday 14 January 2008

Only 5% of Windows PCs are fully patched?!

Surprising! However Double D cannot help but wonder if:
1. Windows users still have not turned on automatic update or notification,
2. The users who are "generous" enough to submit their personal machine to a scan from a website (not doubting secunia's reputation in any way, but I would not do it...) are probably not going to be patched and "security" aware anyway?!
http://www.theregister.co.uk/2008/01/09/secunia_insecurity_survey/print.html

Tuesday 8 January 2008

Firefox dialog box authentication spoofing

It looks like it is possible to craft a dialog box with a realm value appearing to be from a "trusted" web site:
http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx

Dear Jeremy Clarkson...

This one shows Jeremy really is in top gear:
http://news.bbc.co.uk/1/hi/entertainment/7174760.stm
The Double D says Jeremy you're a prat!

Is this the 80's? - Deja Vu at its finest!

Holly crap 2008! And this sounds like a considerable amount of fun. http://www2.gmer.net/mbr/
Basically, hack the MBR on any NT based machine hide you code in a few sectors of disk (really hard to delete something that is not a file), execute code before passing control to ntldr, patch the kernel and then you are done pretty much. And all this from the fun park that is userland. I think!

This is straight out of the DOS days. MBR virus' and attacks. Have OS developers learned nothing since the 80's. Get a grip MS people and sort this out!

Cool site tho. Will have to take a look at GMER and let all you wonderfull people know what the double D thinks. I like the way the site actually goes into assembly, it appeals to my inner (and outer) geek.

DD