Lisa Vaas

A complex attack that in June was discovered to be turning MySpace.com users sites into bots to serve phishing scams and viruses is just one example of fast-flux: a new way of hiding phishing and malware delivery sites behind ever-shifting networks of proxy servers that are next to impossible to track down, security experts have […]

Lacking something to read at the beach this summer? Problem solved: There are 1,138 pages detailing FBI activity that need to be pored over by good citizens so as to ferret out abuse of power. The Electronic Frontier Foundation has requested that people “dive into the docs,” all of which are freely downloadable, with searchable […]

The Mozilla Foundation is dealing with yet another URL-handling issue—and this time, researchers have posted a non-malicious proof of concept that shows how the flaw can be used for remote command execution on machines running Mozillas Firefox browser. Mozillas URL-handling hassles began earlier in July, when security researcher Thor Larholm found a zero-day vulnerability that […]

Before it plunges into the world of third-party advertising with the $6 billion purchase of aQuantive, Microsoft is getting its privacy ducks in a row. On July 23, the company called on the industry and the privacy community to work together on a common set of global privacy practices for data collection, use and protection […]

Fox News Web site over the weekend exposed a password that granted inappropriate access to images from its news stories and to a headline feed from its content syndication partner and eWEEK publisher, Ziff Davis Media. The file directory exposure was regrettable, Fox News told eWEEK, but it was far less dramatic than the sensational […]

A security firm has run the first remote exploits on Apples iPhone, proving that the widely popular smart phone is vulnerable not only to data theft but also to being turned into a remote snooping device. A trio of researchers from Independent Security Evaluators—Charlie Miller, Jake Honoroff and Joshua Mason—have created an exploit for the […]

A security firm has uncovered an easy-to-use, affordable tool for making a variety of customized Trojans—from downloaders to password stealers—on sale at several online forums. The tool, discovered by PandaLabs, is called Pinch, a tool that allows cybercriminals to specify what type of password they want their Trojans to steal—be it for e-mail or system […]

The publisher of J.K. Rowlings “Harry Potter” series is suing over the final installment having been leaked ahead of the July 21 publication date. Thus far in the plot-spoilage plot, text files for “Harry Potter and the Deathly Hallows” were allegedly stolen from systems belonging to the publishing companys employees through a phishing scam. The […]

Googles security team is home-brewing a powerful combination scanner and fuzzing tool that experts say will be unique outside of the commercial domain. In a posting on the Google security teams blog, Srinath Anantharaju said on July 16 that the security team has been working on a black-box fuzzing tool called Lemon, in the spirit […]

The same troll who claimed to have intercepted and reverse-engineered Dino Dai Zovis QuickTime exploit from the Mac Pwn-to-Own contest at CanSecWest said over the weekend that he or she now has a Mac OS X worm loaded and ready to go. Infosecsellout said on his or her blog that an unspecified mDNSResponder bug lets […]