Alert

There’s a new Facebook worm out there. However, it doesn’t seem to be doing anything else than posting a message to people’s Facebook walls. The message that the worm posts is “try not to laugh xD http://www.fbhole. com/omg/allow.php?s=a&r=[random number]“ If you follow the link, you end up to a page looking like this: The page shows a fake error message. If you click anywhere on the page, you will trigger a script that will try to post the same message to your Facebook wall. This is done with an invisible iframe that follows your mouse around – causing you to click on an invisible “publish” button. In addition of the wall message post, nothing else happens. ...

You might avoid looking for photos of Miss USA Rima Fakih for a while. There is a controversy about a certain pole-dancing incident in her past that is stirring up the talk show circuits and the adolescent inside every male on the planet. It also has stirred up a massive number of SEO poisoned links to photos. In 2007, Fakih won a “Stripper 101” contest sponsored by a Detroit radio show “Mojo in the Morning.” And, of course, she was no sooner crowned Miss USA than somebody resurrected the “Stripper 101” video. And, of course, everybody is searching for “Rima Fakih pole dancing.” ...

A variety of sources are reporting that blog hosting sites with WordPress-created sites and php-based management systems such as Zen Care eCommerce are being infected with malicious scripts. Websites hosted by ISP DreamHost, GoDaddy, Bluehost and Media Temple have been found with the malcode, according to H-Online.com. The malicious scripts download malcode and block Google’s Safe Browsing API from alerting users. Story here: “Large-scale attack on WordPress” The Sucuri Security blog has offered clean-up instructions for those with infected pages here.

When consumer electronics shopping site Retrevo prepared for Mother’s Day by conducting a survey of parents’ social media practices, it found that nearly half (48%) of parents add their children as friends on Facebook. Parents admitted that “it can be awkward at times” when they follow their kids’ Facebook updates, but think that it’s probably worth it to keep tabs on them. Of course, savvy teens could easily exclude their parents from seeing potentially incriminating updates using Facebook’s advanced privacy features. ...

PayPal users are at risk of getting their credentials stolen if they follow instructions given in a scam email. “We have reason to believe that your account was accessed by a third party…. PayPal will verify it with your bank records for your own protection. If you provide a wrong PIN your account will be suspended or limited for unauthorized account access.” ” Please visit the Resolution Center and complete the steps to remove limitations.” ...

When I was a child, I was fascinated by ATM machines. I had a savings account which my mother would deposit money regularly and I waited for the day that I could raid the account with the ATM card for frivolous spending on console games and fast food. Nigerians have developed a cunning method to transfer millions of dollars to lucky winners worldwide. Yes, it is indeed the humble ATM card. ...

Spam emails such as the one below have been doing the rounds on the Internet hoping to lure recipients into downloading a Facebook toolbar. If you download the file by clicking on “Download Here”, you’ll see a file with the icon shown below: If you take a closer look at the icon, “darkSector” is shown inside of it. How strange. Is this actually a Facebook toolbar? Let’s take a look at the property of the file since the file looks a bit fishy. In the file properties, you’ll see the following in the Details tab. ...

The Telegraph, one of the biggest newspapers in the UK, hasn’t had a good time of it lately where their website is concerned. There were vulnerabilities found in relation to the site back in March involving database access, and it seems a hacking group has gone in and defaced two subdomains. These are the two subdomains in question: shortbreaks(dot)telegraph.co.uk wine-and-dine(dot)telegraph.co.uk/site/index.php They appear to have been compromised by “R.N.S. – Romanian National Security”. Here’s a screenshot, both defacements are identical: ...

In an excellent blog, the people from Apache did a very good job analyzing and documenting how a security breach happened–going through all the stages of the attack and drawing conclusions. Should you ever become the unfortunate victim of an attack, this blog offers an example of how to document it! I quote:”If you are a user of the Apache-hosted JIRA, Bugzilla, or Confluence, a hashed copy of your password has been compromised.” So if you are a user, please act accordingly after reading this blog 😉 ...

On April 9th, Tavis Ormandy published a proof of concept about how to use the latest version of Java to compromise a pc. You can read about it here. He notified Sun, but they weren’t concerned enough to break their patch cycle, so he published the code. The problem is that when Sun released Java 6, update 10 in April 2008, they introduced a new feature (it’s not a bug, it’s a feature folks) called Java Web Start. In order to make it easier for developers to install software, they created a method to execute a program from a website. ...