Firefox users should take a moment to reevaluate which of the extensions they use they can do without. Security consultants have determined that some extensions represent security risks insofar as their vulnerabilities can put entire systems in jeopardy. Security Problems Found With Firefox Extensions According to a Help Net Security article, Roberto Suggi Liverani and Nick Freeman, who work for Security-Assessment.com, noted at a recent conference that “Mozilla doesn’t have a security model for extensions and Firefox fully trusts the code of the extensions.” Furthermore, “There are no security boundaries between extensions and, to make things even worse, an extension can silently modify another extension.” So Firefox users probably shouldn’t go around trying interesting-sounding extensions willy-nilly. They may also want to take special care to avoid InfoRSS 1.1.4.2, Sage 1.4.3, and Yoono 6.1.1 (along with all previous versions of each extension), since those were singled out by researchers for being vulnerable. On the bright side, it looks like Mozilla’s aware of problems like this, since Firefox 3.6 is supposed to introduce a lockdown feature for add-ons. And since extensions’ vulnerabilities shouldn’t give hackers access to lots of people, perhaps they’ll be left alone until some permanent fixes are in place.

See the original post here: 
Security Problems Found With Firefox Extensions

Black Friday is, according to most retailers and sales-tracking organizations, the busiest shopping day of the year; a whole lot of money changes hands as people begin their holiday gift-gathering. Just be careful, because scammers also become extra-active on this occasion. Beware Of Scams On Black Friday Lou Venezia, the CEO of Adeptra, observed in a statement, “Credit and debit fraud is more prevalent than ever - and as fraudsters look to take advantage of the volume of transactions over this busy shopping period, consumers expect peace of mind as their banks and credit issuers do all they can to stay a step ahead of fraudsters.” Adeptra specializes in call center technology, so it took a look at how consumers like to receive notifications about iffy transactions. It turns out that Americans and Brits both prefer to get cell phone calls, which is a sign that consumers should ensure their banks and credit card companies have up-to-date numbers. Then there were some hints that certain individuals should take more interest in their accounts’ activity. Adeptra reported, “One in 10 (10%) British consumers admitted they never check their statements and 67% stated they only check their statements monthly, compared to more diligent responses from the American consumers with 11% stating they checked their balance daily and 53% checking every week.” So if you live in the UK, try to step it up a notch. And even if you already perform a weekly check, consider keeping a closer eye on things on Black Friday and over the weekend.

Originally posted here: 
Beware Of Scams On Black Friday

Alan Ralsky, a 64-year-old who’s better known in certain circles as the “Godfather of Spam,” isn’t going to bother anyone again for quite some time. Yesterday, Ralsky was sentenced to 51 months in prison and five years of supervision following his release, and he’ll also have to forfeit $250,000. Godfather Of Spam Receives 51-Month Sentence Ralsky received his sentence for crimes related to wire fraud, mail fraud, and violating the CAN-SPAM Act. Assistant Attorney General Lanny A. Breuer shared a few more details - and talked about the potential results of this development - in a formal statement. “Today’s sentencing sends a powerful message to spammers whose goal is to manipulate financial transactions and the stock market through illegal e-mail advertisements,” he said. “People who use fraudulent e-mails to drive up stock prices and reap illicit profits will be prosecuted, and they will face significant prison time.” And in fact, it looks like they’ll be prosecuted on all sorts of fronts, since the FBI, IRS, and Postal Inspection Service deserve credit for bringing Ralsky to justice. Ralsky’s accomplices Scott Bradley, How Wai John Hui, and John S. Brown were also sentenced on Monday (to mostly similar jail terms and fines), and two more people who were indicted with him still have their cases pending.

Read the rest here: 
Godfather Of Spam Receives 51-Month Sentence

Hacks happen; they’re sort of a fact of modern life. And while the way in which any given company tries to prevent them is important, so is how it handles the aftermath. So, heading into the holiday/heavy hacking season, a new guide gives both businesses and consumers some ideas about best practices. Chris Drake, the founder and CEO of FireHost, outlined his ideas in an article for VentureBeat . Step one, he believes, is announcing the problem and assessing the impact. Businesses should do this within the first 12 hours following a breach (the sooner the better). It’s best not to let customers wonder what’s happened or let someone spin the incident in an unfavorable light. Next, they should conduct a full investigation. Then notify the appropriate authorities if any personally identifiable information’s been compromised, patch up the site, change all of the passwords, and relaunch. And communicate with their customers again about everything that’s taken place. Finally, businesses should think about putting even more security measures into effect, and also prepare to deal with all sorts of fines if credit card information has been leaked. If you’re in charge of a company, having a plan like this in place could save you valuable time in the event of a hack. If you’re on the other end of the equation, knowing about these things could at least help you decide whether to do business with a firm following a hack.

See original here:
Strategies For Handling A Hack Discussed

Computer users all over the world may owe a “thank you” to the Metropolitan Police’s e-crimes unit. Officers based there have tracked down and arrested two individuals whom they believe are connected to the ZeuS or Zbot trojan. Two Arrested Over ZeuS/Zbot Trojan This particular type of malware tries to collect financial details from people - think bank account numbers and passwords, credit cards info, and so on - and so has the potential to cause quite a bit more damage than some viruses. An individual might lose his savings, not just have his computer slow down or die. The ZeuS trojan is a bit aggressive in that it spreads through social networks like Facebook, too, and not just through sites and email attachments. As for the suspects who were taken into custody in connection with the trojan, Adam Fresco and Murad Ahmed reported, “Officers at the Metropolitan Police’s e-crime unit arrested the man and woman, both aged 20, in Manchester at the beginning of the month but the details of the investigation have just been released. Both are British and were found at the same address.” The pair then continued, “Detective Superintendent Charlie McMurdie, who heads the unit, said the suspects were the first people in Europe to be arrested in connection with the scam.” It’s possible that this development represents a breakthrough that’ll lead to other takedowns, then. Or at the least, it may make a few hackers think twice about messing around. For better or for worse, we should note that the suspects aren’t being treated like enemies of the state, though. They were both released on bail sometime after their arrest.

Read more from the original source: 
Two Arrested Over ZeuS/Zbot Trojan

Web application security provider, Cenzic, has released its report detailing the most common types of Web application vulnerabilities for the first half of 2009. Vulnerability Of Web Applications Increases The report identified over 3,100 total vulnerabilities, which is a 10 percent increase in Web application vulnerabilities compared to the second half of 2008. Popular vendors including Sun, IBM, and Apache continue to be among the top 10 most vulnerable Web applications named. The most common published exploits on commercial applications were SQL Injection and Cross Site Scripting (XSS) vulnerabilities, which account for 25 percent and 17 percent of all Web attacks, respectively. Among Web browsers, Mozilla Firefox had the largest percentage of Web vulnerabilities, followed by Apple Safari, whose browser showed a vast increase in exploits, due to vulnerabilities reported in the Safari iPhone browser. Key findings of the report include: 78 percent of the total reported vulnerabilities affected Web technologies, such as Web servers, applications, Web browsers, Plugins and ActiveX, which is a significant increase from last year. Of Web browser vulnerabilities, Firefox had the largest percentage, at 44 percent. Safari vulnerabilities came in at 35 percent, significantly higher than even Internet Explorer. Sun Java, PHP, and Apache continue to be among the Top 10 vendors having the most severe vulnerabilities for the first half of 2009. “The fact that hackers can have direct access to your data using such common outlets is staggering,” said Mandeep Khera, chief marketing officer at Cenzic . “The worst part is that once they get in, it’s a free for all. Nothing is safe because there is no such thing as a minor data breach. The average data breach can cost more than $500,000, which can also put a business’ livelihood and reputation on the line.

See the rest here: 
Vulnerability Of Web Applications Increases