Usually, it could be something really low-tech, but very clever. One way that has been reported recently, has been this: a hacker designs for good virus, loads it on a pen drive, and silk screens the company logo on the face of the drive. He then leaves it somewhere conspicuous, on the company’s premises, as in the parking lot or an ATM. The hacker hopes that a company employee will discover it, plug it into his company laptop to find out who it belongs to, and by doing this, will activate a virus inside that will steal all the company passwords stored on the laptop. It will then phone home, with its cache of stolen passwords. Most firewalls and other defenses do not count on having a company employee personally bring something in like this.

The Google attacks in China were a twist on the traditional phishing tactic. They were called spear-phishing attacks. They send counterfeit e-mails to people, taking the trouble to design the e-mails with official-looking emblems and stationery, but they aim for a specific person in the organization, and they mention a well-known friend in the from-address section too. It is all about getting past an employee, and having him invite the virus inside by his own actions. They don’t just need anti virus software anymore. They need anti-gullibility behavioral training for their employees.

Cell phones are not such targets for now with hackers so far, because there are so many models and so many different operating systems. But with a very popular model like the iPhone, things could start happening, that would turn the smart phone into a surveillance device that records pictures and audio. They can even tap into an iPhone, to learn exactly where the owner is, with GPS.

In a high-tech world, low-tech is often the way infiltrations take place these days.Often, we are just looking at hoof prints and thinking exotic zebras, when we should be thinking donkeys. We need to think low-tech once again today.

A well-publicised case of Scareware recently visited visitors to the technology blog Gizmodo. Apparently, >malware programmers bought advertising space on the website, posing to be a well-known company. When visitors clicked on the advertisement though, they ended up downloading malware. >A similar attack occurred on the website of the New York Times publication last month too. Perhaps the best answer to these hit-and-run attacks is to use premium antivirus software: that way you would not ever be tempted to check out substandard antivirus findings on websites and would be protected from them if you still were.

This new version will help webmasters to get rid of an XSS vulnerability that was identified by a site admin. The XSS vulnerability will allow hackers to access the admin page by inserting certain code in a form. The previous version of WordPress 2.8.1 was released just two weeks ago.

Anyone running WordPress 2.8 or 2.8.1 can upgrade to this latest version right away. The latest major version is faster than ever. Don’t delay! WordPress 2.8.2 is available for download here. Development on 2.9 is already underway, with a bunch of feature list. Hope the WordPress team will release it soon.

It is found that the security flaw lies in the Firefox’s Just-In-Time (JIT) Javascript compiler. Due to the vulnerability, the JIT compiler could become corrupt when a user lands on a tainted web page and paves way for an attacker to insert a malicious code on the user’s computer.

Initially, Firefox advised its users to turn off Javascript or use Noscript add-on. Another simple solution was to set “javascript.options.jit.content” to false in the configuration page which can be opened by typing about:config in the address bar.

Finally, Mozilla has come up with a permanent solution by releasing a new version of Firefox 3.5.1 which fixes the critical security vulnerability. Just upgrade your browser to the newer version to safeguard it from Javascript vulnerability. Don’t forget to enable your Javascript after updating your browser to the 3.5.1 version. Another issue that was making Firefox take a long time to load some Windows systems was fixed in the new version.

It seems to be evident that a group like “Rogue Facebook Apps Early Warning Group” appears as a dangerous threat, even more when one knows that they spread unsafe information. But nevertheless, appearances could be misleading. Actually this group was created to warn its members about attacks happening on the social network and the risky information was divulged by mistake. But the Facebook team disabled the account of the group’s administrator. This decision appears like an unfair punishment.

The red line between knowing to attack and to protect isn’t often easy to determine.
In fact the real stake of “protecting Facebook” is not really to care for the application, but to protect the personal information and data of its numerous members who trust it and its security. We know that Facebook is not just a network of private life but also a job network. Therefore the dangers and stakes are greater.

So is it really a shame to form a group which can help adherents to be sure of their privacy and confidentiality? Having to opt between the network system’s survival and our own information, the choice should be quick!

“The stolen FTP credentials are then used to further compromise any Websites owned or operated by the victim,” Mary Landesman, senior security researcher at ScanSafe, told eWEEK. “As a result, there is exponential growth of these compromises—as more victims are infected by encountering a compromised site, the number of compromised sites also increases and thus more visitors are exposed.”

Landesman told SCMagazineUS.com, “Gumblar attacks have jumped nearly 188 percent over the first week of May.” The report also says that more than 1,500 Websites including Tennis.com, Variety.com and Coldwellbanker.com have been attacked in the first week of May.

The goal of the malware is to siphon dollars from Google’s highly profitable advertising franchises, by replacing links in the Google’s search results page with those of the attacker’s choice.

The attacker has made exploit code unique for every website, so it has become hard to identify a compromised site until it is surfed. Actually, the malware embeds malicious Javascript deep into a website’s source code that exploits the bug in a visitor’s Adobe Flash and Reader programs and makes the victim join a botnet that manipulates their Google search results. So users are advised to make sure their patches from Adobe Systems are up-to-date.

A Google spokesman told SCMagazineUS.com that some compromised sites associated with this exploit may include a warning, saying “this site may harm your computer” associated with their search results listing.

It has become a must for every online user to be aware of cyber crimes and the safety measures to be adopted get rid of them. Here we have listed some of the common threats that are faced by most online users with solutions to avoid them.

The main focus of an internet fraudster is to find out personal details of online users, and use those details to gain access to bank accounts, run up bills, create false documents such as passports or birth certificates and carry out benefit fraud.

Generally, hackers send email messages in the name of a legitimate organization such as a bank, demanding the user to update their personal details for security. Remember, that a bank will not ask you to reveal your personal details on email. So don’t pay heed to such emails.

Many hi-tech criminals attract people by sending emails on current affairs or other attractive subjects with an attachment. The attachment could be a booby trap with a malicious program through which they can collect users’ personal details. Install an anti-virus program in your system and update it daily before opening your mail box to get rid of such viruses.

Sometimes, when you open a website, a popup window will appear and say that ‘you have just won a million dollars’ or ‘your computer is affected by a virus’. The message will ask you to click on the window which you should never do. If you click on the message, you will be taken to a website and asked to download a software likely spyware. Simply don’t respond to such popup windows. It is better to enable a plug-in to block unwanted popup windows.

Install a trusted anti-spyware program to safeguard your computer from spyware. As Microsoft’s Windows lacks security, security firms advice online users using Microsoft software to update it as soon as security fixes are available. Online users are advised to use non-Microsoft programs for web browsing.