You are currently browsing the archives for posts under the Security category.

CAPTCHA Scripts Get Hacked - Affects Google, MS Live, gMail, Hotmail

Posted: 21 May 2008
My past opinion was that Google, Yahoo and Microsoft had sufficient resources to protect my computer when I connected to one of their properties. That may not be true!

I use both Yahoo mail and gMail to handle most of my email communications since I thought their platforms were well protected by industrial grade spam and virus protection. After all, these are the “big guys” with vast resources.

It appears as though spammers have found a way around Google’s CAPTCHA routines on Blogger after having hit gMail and Hotmail.

Websense Security Labs ThreatSeeker™ technology has discovered that spammers, in their recent tactics, have targeted Google’s well-known blog publishing system “Blogger” aka “Blogspot”, following the streamlined Microsoft’s Live Mail Anti-CAPTCHA, Google’s Gmail Anti-CAPTCHA and Microsoft’s Live Hotmail Anti-CAPTCHA operations.

The big problem now is the new danger of going to a blogspot.com web site which may be set up by a spammer. The site may redirect you to the spammer’s web site or another web site that they want to advertise.

This little detour might also give the spammer the ability to drop some nasty software or spy bot on your system (depending on your security settings.) Since Blogger and gMail are usually considered safe spots by most anti-virus software, it’s possible that the AV software will not perform its most thorough security checks for traffic coming from either location.

The highlighted article is a little techie, but it shows the lengths to which spammers will go to “make their buck.”

Cyberattacks May Have Blacked Out Cities CIA Admits

Posted: 21 Jan 2008

The disclosure was made at a New Orleans security conference Friday attended by international government officials, engineers, and security managers. Article Source: Thomas Claburn, InformationWeek, January 18, 2008 06:15 PM .

It’s a scary thought, but not all that unusual. Think about all the tunnels and bridges in the US that are monitored by each State’s Department of Transportation. These systems use the internet to connect to remote devices that monitor things like fire, smoke andcarbon monoxide detection. Some of the systems also can sense pavement temperatures, traffic flow and speed, air temperature and moisture. They are usually refered to as a SCADA system. These systems provide input for other systems that control general lighting, signal lights, exhaust fans, etc, and if compromised, could be used to foul up traffic, cause accidents, or black out cities.

This has become such an issue that the Federal Energy Regulatory Commission (FERC) approved eight new mandatory critical infrastructure protection (CIP) reliability standards to protect the nation’s bulk power system against potential disruptions from cyber security breaches.

From their press release: FERC approves new reliability standards for cyber security, News Release: January 17, 2008 Docket No: RM06-22-000

“Today we achieve a milestone by adopting the first mandatory and enforceable reliability standards that address cyber security concerns on the bulk power system in the United States,” FERC Chairman Joseph T. Kelliher said. “The electric industry now can move on to the implementation of the standards in conjunction with improvement of these standards in order to increase the security and reliability of the bulk power system.”

And if that’s not a wake-up call,
watch “The New Face of Cybercrime”