Those of you who use the McAfee SiteAdvisor plugin for Firefox, will be aware of how McAfee are helping to protect users from malicious sites. The plugin notifies users with a simple colour coding that allows users to visually work out if a website has been reported for malware or spyware attacks. The plugin works with community support – reports being fed to McAfee from users with comments posted on the site’s page detailing the problems they faced.

Well now, McAfee have teamed up with Yahoo, to do a very similar thing on their search results. When you search for a term using Yahoo’s engine, there will be an indication next to the site that identifies it as malware/spyware, if it’s been reported that the website has been up to no good. This should hopefully prevent people from clicking on the link, or at least, make them find out why the site has gained such a reputation. If you already have McAfee’s SiteAdvisor plugin installed, all search engine results are automatically checked anyway, so you won’t gain much. And you have the added advantage of being notified of a malicious site when you’re browsing it. At least the Yahoo deal is a step in the right direction. Read the Yahoo! press release.

Even though, apparently, this virus has been "wild" for a year now, it appears that the recent study of it’s activities is getting a lot of attention. I’ll summarise what makes this virus different from others before it. The full article can be found at the end of this post:

For one reason, the virus is covert and only goes about it’s business when it’s pretty sure it won’t be detected. So it doesn’t gobble up all of your system resources, or all of your bandwidth – it just uses what it can get away with.

For another, it’s job isn’t defined explicitly. Different copies can do different things (Schneier likened it to an "ant colony.") I guess by the same token, if a copy of the virus which was working to spread itself is detected and immunised, another virus on a different PC will pick up the task and switch duties.

Then there’s the infection method. Using clever language in email bodies that is convincing and doesn’t read like it’s been written by a 4 year old means they use clever social engineering and psychological tricks to get people to click the link.

Finally there are the methods to avoid the closing down of the bot-net that this virus has created. The virus uses clever DNS and P2P techniques to make sure it’s always one step ahead.

Read the full article to find out more and why people are getting a little itchy about the potential threat in the future with this virus. [SHOW ME]

It has been revealed that a hacking kit, written by a russian hacking group, has been sold for hackers to create their own malicious code, has been implicated in 10,000 website infections.

The kit which costs $1,000 has been used by hackers to infect legitimate websites, which if the latest patches are not installed in your web browser, results in the download of trojans to the user’s computer. It is thought to have resulted in 160,000 infections on PCs. [SHOW ME]

Just say that you were part of a Private Investigation company.. And also suppose that you decided to create a different branch to your business.. And let’s just say that this new company used social engineering techniques and trojans on emails to get information from people! What would you call it? Of course you would choose a name that attracts the most attention to your wrongdoings – Hackers Are Us – apparently the perfect name according to “Active Investigation Services.” If they use the same amount of acumen to solve cases it’s surprising they have any clients at all! [SHOW ME]

See? Apple aren’t “hacker proof” as many mac users will have you believe. Being an IT professional, I’m not dumb enough to assume an OS is free from holes and security flaws, I guess it’s just a shame that Mac fan-boys don’t see the potential problem of their blind trust. Back on topic, a flaw has been revealed in quicktime (affecting both OSX and Windows) that allows a hacker to gain control of the machine it’s running on.

A quote on C|net News (the source of this article) details that an apple spokeswoman stated “Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users,”. Does that mean they’re good at supporting their product, or just good at not telling people about the bugs? Hmm, interesting spin.

Also, the security hole means that people with Macs and safari (or firefox) are more likely to be subject to the hack than windows users because quicktime is pre-installed with the OS. This is what happens when your OS becomes popular – the idea of it being targeted by hackers becomes more attractive. This in turn creates more publicity to find security holes, that weren’t known of before because of the lack of enthusiasm to find them. Oh it’s all too obvious… [SHOW ME]

This is probably one of the neatest and smallest contained security computers I’ve seen ever. Not only does it look really cool, but does everything you would need to keep the internet safe. Included with this miniture computer is a Firewall, Anti-spam/phishing, Virus scan, Spyware and all sorts of other things.

Being an IT professional I know the sort of grey area that’s created when you give members of staff laptops to use whilst on the move. On the one hand, they need the flexibility and freedom a laptop provides, but the downside is off-site support for the laptops (which is always going to be difficult) and the huge security hole that’s opened up. When they’re at home or elsewhere, using their laptop on the internet, god knows what they’ll bring back into the office!

This is where the Yoggie comes in (although it’s pretty apparent this is not it’s only job.) You connect it between your laptop and the network point, which ensures no nasties creep into the system for re-distribution on the LAN when you return to base. Being that the Yoggie uses RJ-45 it would be no good for a USB modem, however, but still a great piece of kit for the home LAN or the roaming employee.

The device contains a specialised CPU which runs within a security hardened version of linux (distro not specified.) What is also pretty clever, is the OS is stored on flash memory which is read-only. When the device boots, it copies the OS into second flash memory unit which is read-write. This ensures that if the device is ever compromised, or hackers find a way to get in, a simple reboot will wipe it back to it’s original status. It’s a brilliant idea, but what’s stopping them doing it a second time after the reboot? The hacker knows what device they’re hacking, so would also know it’s possible a reboot would happen any moment and probably be prepared for it..! I guess it’s only a secondary security measure they put in place.

[link]

OK, I stumbled upon this the other day (not to be confused with [stumbleupon.com]) and decided to download to give it a trial.

Anything that’s free and will help you avoid those god-damn phising assholes deserves my attention (and hopefully yours!)

I’ve just given it a quick trial, and I’m pretty sure that’s all that’s required to test the plugin.

Once installed, an icon appears in the bottom right of firefox’s windows. If the site is good you get an icon like this:

However, if it’s bad, you get an icon like this:

Simple, just how we like it! If there isn’t any information about the particular site you’re visiting then the icon will be white. Another really nice feature is SiteAdvisor’s ability to flag any search returns from Google, Yahoo! or MSN with a green tick or red cross, depending on how McAfee rank the site.

And as a final note, have you noticed how many dodgy websites have a black background, whilst the safe ones have white? It’s like an old 1950’s western for God’s sake… =)[link]