Cnet’s download.com discover to package malware with certain downloads.
Sources:
http://insecure.org/news/download-com-fiasco.html
http://seclists.org/nmap-hackers/2011/5
Cnet.com has been a resource I have used countless times myself. Their download.com website is owned by CBS and is in the top percentile of resources for open source software. They claim many of their offerings to be free of malware and spyware however in august of 2011 began offering an update program and toolbar with many of their applications. Acceptance of the update tool would force a new homepage on the user as well as cause search redirections, a sign of malicious programming. At first this toolbar had no decline options and was forced on anyone installing certain packages, the users assuming the application as part of the installer package. Since then CNET has implements a DECLINE option for installing the toolbar and updater. Some vendors have pulled their software offering because of this breach in trust. Some are also pursing legal action for copyright infringement.
Google Chrome Names most Secure Web browser
Sources: http://www.pcworld.com/businesscenter/article/245856/chrome_is_most_secure_of_the_top_three_browsers_study_finds.html
http://www.accuvant.com/capability/accuvant-labs/security-research/browser-security-comparison-quantitative-approach
http://www.pcworld.com/article/221809/googles_chrome_untouched_at_pwn2own_hack_event.html
Accuvent, a security firm, performed research on the top three browsers on the web, Mozilla Firefox, Google Chrome, and Internet Explorer. Google chrome was found to be the most secure because of its state of the art anti-exploitation technology followed closely by Internet Explorer. Mozilla fell far behind in terms of security ratings because it does not employ any method of sandboxing or JIT hardening
Sandboxing: a sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers, untrusted users and untrusted websites.
JIT Hardening: Just-In-Time hardening is a method of protecting from the flaws of JIT Programming which has become prevalent in today’s applications. JIT allows for code from a front end compiler to produce machine code and execute it on the fly making application more effective. To read more about JIT, it’s benefits and security risks you can read this 34 page white paper: http://www.matasano.com/research/Attacking_Clientside_JIT_Compilers_Paper.pdf
Government Surveillance still going strong
Back in October we talked about governments and malicious surveillance companies and malware. This practice of purchasing malware to spread amongst potential threats to monitor and intercept communications is still strong this year and often a favored tactic for oppressing regimes such as the riots cause a few months ago in Egypt. The wall Street journal has a nice write up of documents on the rise of off the shelf surveillance technology.
http://online.wsj.com/article/SB10001424052970203611404577044192607407780.html
Microsoft Capitalizing on Android Malware issues
Microsoft has decided in an effort to further the use of their windows 7 phones to give 5 handsets out to users with the 5 worst android malware stories. Certain versions of several popular applications such as Angry Birds and others. These compromised version were only in Europe and do not effect North America. While Androids do get fraudulent applications, so do all other user operated devices.
http://www.pcworld.com/article/246204/microsoft_uses_android_malware_hysteria_to_offer_free_windows_phones.html
http://www.pcworld.com/businesscenter/article/246201/sms_fraud_is_not_unique_to_android.html |
