Thursday, March 23, 2006

Internet Security Bad Day

The Internet Storm Center went to level yellow today based on a number of fairly serious exploits, vulnerabilities, and worms roaming around the internet. This includes:
  • Internet Explorer exploit on the loose (what's new?) that allows for arbitrary code execution (not good). Microsoft's original response was to disable active scripting and only surf to safe sites (to their defense, they have put out an advisory), which is not the easiest advice.
  • Sendmail has put out a patch and is strongly urging users to patch their mail systems.
  • Mambo/Joomla software has a worm out created to take advantages in the 1.0.7 version (the 1.0.8 patch resolves this and has been out for 3 weeks).

Windows users - keep a real eye on this. Today's proof of concept is fairly benign, but can be morphed to a more vicious exploit.

Saturday, March 11, 2006

Citibank uncovers debit card fraud

Chicago Tribune | Citibank uncovers debit card fraud

Looks like Citibank has had many fraudulent losses due to lax security at some PIN based retailer or processing company. The fraudulent debit cards are being used in U.K., Canada, and Russia.

This really is not an unusual location for the transactions to occur. There is a great deal of fraud, stolen credit cards, and debit cards where either the cards get located in Eastern Europe or Central Asia.