The disclosure of a back door allowing bad guys to repeatedly guess Gmail passwords should remind us all to protect our accounts with long and strong character strings.
There’s a straightforward way to protect your online accounts use signin phrases that are easy for you to remember but hard for others to guess.
The latest vulnerability affecting Gmail accounts was recently revealed by security researcher Vicente Aguilera Díaz in a posting on the Full Disclosure security list. (Aguilera previously revealed a Gmail flaw known as session-riding, which Google subsequently fixed, as reported by WS contributing editor Scott Spanbauer)
According to Aguilera’s new security alert, Google allows anyone with a Gmail account to guess another Gmail user’s password 100 times every two hours, or 1,200 times per day. No “captcha” keeps hacker bots from guessing passwords in this way. Worst of all: If a hacker controls, say, 100 Gmail accounts, 120,000 guesses can be made per day. Because Gmail accounts are free, many hackers control far more than 100 accounts, of course. More »
Microsoft issued a warning related to the detection of new examples of malicious code in attacks attempting to exploit a vulnerability affecting various Windows client and server releases. In October, the Redmond giant put out an out-of-band security patch designed to plug a vulnerability residing in the Server Service on Windows systems. According to the company, a successful exploit of the security flaw would lead to remote code execution. The patch was released on October 23, 2008, and will render attacks useless.
“We have seen some new pieces of malware attempting to exploit this vulnerability this week. And while so far, none of these attacks are the broad, fast-moving, self-replicating attacks people usually think of when they hear the word ‘worm,’ they do underscore the importance of deploying this update if you haven’t already,” revealed Security Response Communications Lead, Christopher Budd.
Budd indicated that Microsoft was seeing consistent deployments of the MS08-067 patch, and urged customers that had failed to update so far to do so as soon as possible. At the same time, Microsoft provided a list of malware built to exploit the Server Service vulnerability, including: More »
The Windows functions are always under attack because disabling a vital function of the operating system automatically means an open door for the hacker, who would be able to infiltrate into the computer and conduct his malicious activities. Today, a new worm has been spotted in the wild and, according to security company Trend Micro, it affects most flavors of the operating system produced by Microsoft, including Windows 98, ME, NT, 2000, XP and Server 2003.
But what’s worse is that WORM_SILLYFDC.CY has a high damage potential and a high distribution potential, two elements that underline the worm’s capability to reach your computer and harm the data stored on it. In case you’re curios about how can you get infected, the process is pretty simple: all you need to do is to visit an infected page. However, the worm may also be dropped by another piece of malware, Trend Micro explains. More »
Windows Live Messenger accounts for the largest community for any IM client worldwide. At the end of 2007, in November, as Microsoft was unveiling Windows Live 2.0, the next generation of its suite of software and services in the cloud, the company estimated that Windows Live Messenger had an install base of approximately 300 million users. In this context, it failed to come as a surprise the fact that Windows Live messenger was the most attacked instant messaging platform in 2007, according to statistics provided by FaceTime Communications. And with such a high profile, it is bound that the trend will continue into 2008. More »