“Mendacious machines controlled by hackers that reroute Internet traffic from infected computers to fraudulent Web sites are increasingly being used to launch attacks, according to a paper published this week by researchers with the Georgia Institute of Technology and Google Inc.

The paper estimates roughly 68,000 servers on the Internet are returning malicious Domain Name System results, which means people with compromised computers are sometimes being directed to the wrong Web sites — and often have no idea.

The peer-reviewed paper, which offers one of the broadest measurements yet of the number of rogue DNS servers, was presented at the Internet Society’s Network and Distributed System Security Symposium in San Diego.

The fraud works like this: When a user with an affected computer tries to go to, for example, Google’s Web site, they are redirected to a spoof site loaded with malicious code or to a wall of ads whose profits flow back to the hackers.

The hackers who hijack DNS queries are looking to steal personal information, from e-mail login credentials to credit data, and take over infected machines.

The spoof sites run the gamut. Some are stunningly convincing, others amusingly bogus with spelling errors and typos.”

Source

Posted in Hacks, Info, Threats, Web Security No Comments »

The FBI called for new legislation that allows the federal police to keep close look at internet activity to track down illegal activities. This seem to go beyond a current plan to monitor traffic on federal-government networks, and that the bureau should have a broad “omnibus” authority to conduct monitoring and surveillance of private-sector networks as well. This could violate the Fourth Amendment’s guarantee of freedom from unreasonable searches and seizures. In general, courts have ruled that police need search warrants to obtain the content of communication

Source

Posted in Info, Network Security, Threats, Web Security No Comments »

Suspecting a spyware in your system? Here are some tips on how you could get rid of spyware in your computer:

1. Get, install and periodically run Ad-aware and Spybot Search & Destroy.
2. To prevent reinfection by Aureate/Radiate – search for advert.dll on your system. If it’s there and if you can, delete it (Ad-aware will do this for you). Then create an empty text file, name it advert.dll, make it read-only and save it in your Windows/System directory. Then configure Ad-aware (version 5 or later) to ignore advert.dll.

Posted in Hacks, Info, Network Security, Prevention, Threats, Tips, Web Security No Comments »

Web Security begins and ends with the user, for they are the ones that anti-virus companies can never control nor solve with an engineering formula:

The investigation, conducted by McAfee(R) SiteAdvisor(TM), studied the five major U.S. search engines (Google, Yahoo!, MSN, AOL, Ask) and found that the overall chance of clicking through to a risky site declined by 12.0%. Still, McAfee estimates that consumers click through to risky sites more than 268 million times each month.

“It’s good to see that clicking on search engine results has gotten modestly safer,” said Chris Dixon, director of strategy, McAfee SiteAdvisor. “But when almost one of 12 sponsored links still clicks through to a risky site, there remains significant room for continued improvement.”

Hopefully the number goes down even further next year due to additional internet knowledge and ensure that internet security goes higher.

Source

Posted in Info No Comments »

Image source:www.youtubeic.com
Remember what your computer teachers or anyone good enough, told you not to tell your “secret words” (Meaning, not just your passwords) to anyone? Well, some hackers send malicious softwares or malwares to capture your keystrokes, copy your precious data, or even control your computer to hack another person. Okay, maybe you know about that too, and even the “hackers use websites for these purposes” thing. But! Did you know that Youtube is not that different from these sites? That’s right. Youtube has these links, and you might just open these things since these links looks trust worthy, and your “friend” sent this link. In short, Youtube is not different from Myspace now. Well, to save yourself from these hackers, just use the search engine in Youtube, or if the link is not in youtube, copy the link and paste it to yahoo or google, and their protection might show the true face of that page. But if you think that its such a hassle, then just don’t open it.

Posted in Hacks, Info, Information, Network Security, Prevention No Comments »

Top Ten Reasons why Websites Get Hacked

Experts say most Web applications can be hacked. Here are the top ten vulnerabilities that could put your Web site at risk.

1. Cross site scripting
2. Injection flaws
3. Malicious file execution
4. Insecure direct object reference
5. Cross site request forgery
6. Information leakage and improper error handling
7. Broken authentication and session management
8. Insecure cryptographic storage
9. Insecure communications
10. Failure to restrict URL access

SOURCE: OWASP (the Open Web Application Security Project)

Related Links For added reading : NetworkWorld.com

Posted in Hacks, Info, Threats, Web Security No Comments »

A spyware is computer software that is classified as privacy-invasive. This is installed covertly on a personal computer. Once installed, it can monitor the user’s behavior, collect personal information like surfing habits and sites that visited. It can interfere with user control of the computer such as installing additional software, redirecting Web browser activity, accessing websites blindly that will cause more harmful viruses, or diverting advertising revenue to a third party. It can change computer settings, resulting in slow connection speeds, different home pages, and loss of Internet or other programs.

Posted in Hacks, Info, Network Security, Threats, Web Security No Comments »

“The Scrapkut worm uses active code injection to spread between victims and their friends on Orkut. The malicious code appears on a victim’s scrapbook, containing a link to a supposed YouTube video.

People who click on the link are redirected to an external site hosting malware that’s disguised as a Flash upgrade. Users duped into installing the software get malicious Javascript code injected into their next active Orkut web session. This malicious scrapbook entry is then sent to all the victims’ friends, recommencing the infection cycle.

Source

Posted in Hacks, Info, Web Security No Comments »

1. Use Cases
1. Web intrusion detection and prevention
2. Continuous Security Assessment
3. Virtual (or just-in-time) patching
4. HTTP traffic logging and monitoring
5. Network building blocks
6. Web application hardening
2. Deployment models
1. Inline
2. Out of line
3. Embedded
3. Data Model
1. Model construction
2. Persisting information across requests
3. Distinguishing sessions
4. Distinguishing users
4. Analysis Model
1. Negative security
2. Positive security
3. Anomaly scoring
4. Learning
5. Evasion
6. Impedance mismatch
5. Traffic logging
6. Special protection techniques
1. Cookie protection
2. Cross-Site Request Forgery
3. Brute force attacks
4. Denial of Service attacks
5. PDF UXSS protection

Posted in Info, Web Security No Comments »

QOS

Represents the level of consistent download capacity provided by your Broadband or DSL providor. The higher QOS percentage, the higher the overall quality of the internet connection. High quality plus internet speed provides better connections for VoIP (voice over IP), Citrix and other high traffic applications.

This figure should come in around 80 or higher yet. This does not mean that you won’t find success at lower speeds, but on average, the speed test should report >= 80.

RTT

The Round Trip Time (RTT) reports the total time in milliseconds (ms) to send a small data packet in our internet speed test and obtain a reply back. The faster (smaller) the RTT, the better broadband speed you’ll have.

For Voice over IP, round trip delays can occur when results exceed 250 mSec or 150 mSec one way which is also considered the maximum desired one-way latency to achieve high-quality voice.

Max Pause

Max Pause is the longest pause recorded during the Broadband Speed Test data download. This should be a very small number. If not, it could indicate Internet speed congestion or a bad broadband connection.

Posted in Info, Tips No Comments »