From the category archives:

Internet Security

Twitter moves to OAuth

by certifiedbug on September 1, 2010

in Internet Security

Twitter Blog

If you are like most Twitter users, you have used use a third-party Twitter application to read or send Tweets. As of August 31, Twitter applications will all use OAuth, an authentication method that lets you use apps without them storing your password.

What does this mean for me?
The move to OAuth will mean increased security and a better experience. Applications won’t store your username and password, and if you change your password, applications will continue to work.

With OAuth, you still individually approve each application before using it, and you can revoke access at any time. To see which applications you have authorized or to revoke access, just go to the Connections section under Settings.

One thing to note – to continue to use your favorite applications, you should make sure you are running the latest version of the app. Otherwise, you may soon find that it doesn’t work anymore.

Some are already calling it “OAuthcalypse”

Tell me more about OAuth
In order for Twitter applications to access your account, developers have been able to choose one of two authentication methods: Basic Authentication or OAuth. Both require your permission, but there is an important difference. With Basic Auth, you provide your username and password for the app to access Twitter, and the application has to store and send this information over the Internet each time you use the app. With OAuth, this isn’t the case. Instead, you approve an application to access Twitter, and the application doesn’t store your password.

http://blog.twitter.com/2010/08/twitter-applications-and-oauth.html

{ 2 comments }

Fake TweetDeck Update On Twitter TDSS Malware

by certifiedbug on August 31, 2010

in Internet Security

TweetDeck Support

We are seeing a number of updates on Twitter urging users to download a file called “tweetdeck-08302010-update.exe” from a URL beginning with http://alturl.com/.

These tweets are from hacked accounts and this file does not come from us. Do not download it.

Official updates are exclusively available at: http://www.tweetdeck.com/desktop/ To ensure your safety TweetDeck files should only be downloaded from this location. Links to all the main official downloads are shown in the right-hand sidebar of our support site http://support.tweetdeck.com. If in doubt, only download from here or http://www.tweetdeck.com itself.

http://support.tweetdeck.com/home

{ 0 comments }

Tracking command and control servers

August 28, 2010

FireEye Malware Intelligence Lab FE Malware Researcher Atif Mushtaq Chasing CnC Servers – Part 1 The purpose of this series is to discuss limitations and challenges involved in using black lists (DNS & IP) for network based anomaly detections. I will focus more on the problems of tracking botnets using their control server identities alone. [...]

Read the full article →

Alureon Botnet Evolves

August 28, 2010

Microsoft Malware Protection Center In terms of detections by operating system, Windows XP continues to be the most common target, chalking up over three quarters of the detections across all platforms. Windows Vista and Windows 7 are relatively unchanged from the May report. However, the authors of these attacks have not been resting. Just under [...]

Read the full article →

White House Meeting to address on-line counterfeit prescription medications

August 28, 2010

“Krebs on Security” Blog The Obama administration is inviting leaders of the top Internet domain name registrars and registries to attend a three-hour meeting at the White House next month about voluntary ways to crack down on Web sites that are selling counterfeit prescription medications. “The purpose of this meeting is to discuss illegal activity [...]

Read the full article →

Researchers cripple Pushdo Botnet

August 28, 2010

LastLine Inc We identified a total of 30 servers used as part of the Pushdo/Cutwail infrastructure, located at eight different hosting providers all over the world. The information about the activity was extracted from Anubis reports, which contain details about the system and network activities, including a pcap file that contains the network traffic we [...]

Read the full article →

TDL3 rootkit targets x64

August 28, 2010

“A new era has officially dawned; the era of x64 rootkits,” “The infection is spreading on the Web, by using both porn Web sites and exploit kits,” said Prevx researcher Marco Giuliani in a post to the company’s blog August 26th. A previous version of the rootkit “Alureon/TDL3/TDSS” caused serious problems earlier this year after [...]

Read the full article →

DLL preloading attacks

August 26, 2010

Microsoft Security Advisory (2269637) Insecure Library Loading Could Allow Remote Code Execution Published: August 23, 2010 Executive Summary Microsoft is aware that research has been published detailing a remote attack vector for a class of vulnerabilities that affects how applications load external libraries. This issue is caused by specific insecure programming practices that allow so-called [...]

Read the full article →

MSRT August

August 22, 2010

Microsoft Malware Protection Center This month’s Malicious Software Removal Tool (MSRT) release added new detection and cleaning for several malware threats that incorporate the use of the CVE-2010-2568 vulnerability (which was fixed by the MS10-046 security bulletin released in August). This includes the Win32/Stuxnet family and several variants of Win32/Vobfus and W32/Sality. From a global [...]

Read the full article →

Adobe Reader and Acrobat out-of-cycle Security updates available

August 22, 2010

August 19, 2010 All Platforms Critical vulnerabilities have been identified in Adobe Reader 9.3.3 (and earlier versions) for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.3 (and earlier versions) for Windows and Macintosh, and Adobe Reader 8.2.3 (and earlier versions) and Adobe Acrobat 8.2.3 (and earlier versions) for Windows and Macintosh. These vulnerabilities could cause the [...]

Read the full article →

← Previous Entries