More on the nasty WMF exploit

Word on this nasty new exploit is getting around. Our friends at F-Secure (who are enjoying a wonderful warm Helsinki winter) also posted on this nasty new exploit.  Link here.  Secunia also writes here. eWeek also wrote about it, here. And for some humorous side color: I noticed this amazing quote in the eWeek article […]

Continue reading

More than 50 WMF variants in the wild using zero day exploit

Sunbelt researches have come across more than 50 new variants of the Windows Metafiles (WMF) using the new zero day exploit. Most of these new variants are coming from Iframeurl [dot] biz but here is a list of other websites using this exploit you should block from your network ASAP. m.cpa4 [dot] org008k [dot] commscracks […]

Continue reading

New exploit blows by fully patched Windows XP systems

We saw a new nasty exploit yesterday around 5:00 PM. This is a totally new exploit and is not the same one posted by FrSIRT back on 11/30/05. We have a number of sites that we have found with this exploit. Different sites download different spyware. We only had a handful of websites using this […]

Continue reading

Why is the White House not allowing search engines to download content?

Webmasters who want to tell search engines what they can or can’t download simply place a a file called robots.txt after their domain name with instructions for the search engine (explanation here). Something interesting was reported today by Richard Smith on funsec. Why is the White House using such a large robots.txt file to disallow […]

Continue reading

Divorced mother of five takes on the RIAA — alone.

Patricia Santangelo, a divorced mother of five who can’t afford to pay her lawyer, is taking on the RIAA alone.  “It’s a moral issue,” she said. “I can’t sign something that says I agree to stop doing something I never did.” If the downloading was done on her computer, Santangelo thinks it may have been […]

Continue reading

Google fills the vacuum on the AOL deal

With the recent Google deal with AOL, there was lots of false information.  Google veep Marissa Mayer whacks the rumors:  – Biased results? No way. Providing great search is the core of what we do. Business partnerships will never compromise the integrity or objectivity of our search results. If a partner’s page ranks high, it’s […]

Continue reading

RSS to be part of Outlook

I am a loyal fan of RSS Popper, which puts RSS feeds into Outlook.  Well, looks like Microsoft is on going to go the same way.   From Michael Affronti’s blog (the program manager for Outlook): RSS Aggregation in Outlook is aimed at providing the user with a consistent look, feel, and experience while interacting with RSS […]

Continue reading

UK Government to track every vehicle

Gulp. Britain is to become the first country in the world where the movements of all vehicles on the roads are recorded. A new national surveillance system will hold the records for at least two years. Using a network of cameras that can automatically read every passing number plate, the plan is to build a […]

Continue reading

Seen in the wild: An example of a compromised site used for phishing

Sad but an example of how phishers can back-door into a site and use it to setup a phishing operation: An educational institution site that has been compromised. The school district is closed so the phisher is having a field day.   We have been in touch with the school administration and the phishing site has […]

Continue reading

Responsible disclosure

Yesterday, Yair Amit of Watchfire Corporation gave details on an exploit that was found in Google.   Now, here’s what I like about this story:  Yair found it and reported it to Google.  On the same day, Google responded back to him.  Then, they fixed it.  He never told the world about it until it was absolutely […]

Continue reading