Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response

Showing posts tagged with Endpoint Protection (AntiVirus) remove filter
Showing posts by Yazan Gable remove filter
Network Processing Units – The Next Big Botnet Housing Boom?
Yazan Gable | 01 Jul 2008 | 0 comments

Network processing units (NPUs) are likely the next biggest thing in computer networking. NPUs are computer processors specifically designed to handle network-related functions. These little processors are typically found on embedded systems, but recently there have been moves to bring them into the realm of personal computers (PCs). One notable example is a network card (called KillerNIC) that's designed to make gaming over the Internet faster. It's specifically designed to handle user datagram protocol (UDP) communications that are most often deployed in highly interactive computer games. Given that computer games were a large driver in video card technology, it is reasonable to assume that NPU network cards will become common in the near future.

But what are the security implications of deploying NPUs on PCs? Each network card would need to have embedded software to run it; so basically, your...

Read more
Broken CAPTCHAs Likely to Spawn Spam Increase
Yazan Gable | 13 May 2008 | 0 comments

CAPTCHAs (completely automated public Turing tests to tell computers and humans apart) are common these days. In case you aren’t familiar with the terminology, they are those images with obscured letters that you need to transcribe into a text box whenever you sign up for a new Web mail or forum account, for example. They may be annoying, and sometimes a bit difficult to puzzle through, but they have likely saved the world from a lot of spam.

When they were introduced, their goal was to make it impossible for automated processes to create email or forum accounts, making it difficult for spammers to use these free Web mail accounts to post or send spam. However, that was almost ten years ago, and the times seem to be changing.

This year, the CAPTCHA algorithms of three major Web mail services were cracked (see references below). Also,...

Read more
A look back at Code Red, Nimda, and Slammer
Yazan Gable | 21 Aug 2007 | 0 comments

Code Red, Nimda, and Slammer (also known as SQL Slammer) are three of the most well known computer worms in the relatively short history of computers. Well known not because of their creatively selected names, but because of the massive impact they had on a widely used Internet. They weren’t the first worms to threaten the fabric of the Internet, but they hit at a time when the Internet was becoming very popular. It was a time when it was beginning to be widely used not only by governments and educational institutions, but also by people, corporations and non-profit organizations alike for communications and business.

Everyone who commonly used a computer when these malicious worms hit the Internet will remember them. Not only did they take down a number of government, corporate, and educational networks, but some of those not directly affected voluntarily shut down their networks as a precaution. But how were these things so effective and wide-ranging? How...

Read more
Scammers make friends with charities
Yazan Gable | 05 Jul 2007 | 0 comments

Symantec has observed an interesting trendin the world of Internet-based credit card fraud: fraudsters aredonating money to charity. How could this happen? In the world ofcarding, where stolen credit card information is bought and sold,carders need to know if the credit cards they are buying or selling canactually be used. It is sometimes difficult for them to verify thiswithout raising any alarm bells and risking that their cards will beidentified as stolen and disabled. As a consequence, a new trend isappearing.

Carders attempting to verify that a stolen credit card is legitimateand active have begun donating money to charity. By attempting to paysmall amounts of money to various charities, including well knowncharities such as the Red Cross, carders can determine if a stolencredit card is valid depending on the success or failure of thetransaction.

There are likely a number of reasons that this method may bebecoming more popular. For instance,...

Read more
Yahoo Exploit in the Wild
Yazan Gable | 07 Jun 2007 | 0 comments

A couple of extremely critical vulnerabilities were discovered anddisclosed in Yahoo! Messenger two days ago, on June 6th. Late lastnight and early this morning, exploits were released to take advantageof these issues. At the time of the release, Yahoo had not yet patchedthe issues, so Yahoo! Messenger users were at significant risk of beingattacked.

The two vulnerabilities are both buffer overflows in the ActiveXcontrol that handles Yahoo’s Webcam functionality [1][2]. Due to theexploits being released publicly, anyone can carry out an attack bypersuading a user into following a link to a malicious file.

Fortunately, Yahoo has released an update to their Yahoo! Messengerproduct to resolve this issue. The latest version of the software,version 8.1, is reportedly not vulnerable. Users should update as soonas possible to reduce their exposure to potential attacks.

[1] http://www.securityfocus.com/...

Read more
Your Data is Leaking
Yazan Gable | 20 May 2007 | 0 comments

Skimming is quite the threat to your credit card security. But everyday some of your personal information is leaked out to potentiallymalicious people without the help of skimmers. This personalinformation may be used to aid in identity theft attacks. Where doesthis information come from, and how is it leaking? Every bit ofpersonal information that we give out is stored in a databasesomewhere.

Have you ever been asked for your zip or postal code when shoppingat your favorite retail store? Have you ever registered as a regularshopper at your favorite Webstore? I know I have, and it’s little bitsof information like that, often asked for on a whim, stored in a widerange of databases, which could add up to identity theft. Not onlythat, but many of these organizations store bank and credit cardinformation, names, birth dates, and even drivers license numbers aswell.

All of the information collected about us is stored in databases.Hundreds of potentially insecure databases...

Read more
Big Corporations and Bots, a Match Made in Heaven?
Yazan Gable | 08 May 2007 | 0 comments

In a recent article published at Baseline Security,a number of large corporations were identified to be hostingbot-infected computers. Although this created some waves of surprise,it really shouldn’t have. Sure, bot network owners tend to target homeusers but it isn’t because home users are their preferred target;they’re just an easy target. Home users’ computers are limited in theirmalicious usefulness. They tend to have low bandwidth capabilities thatlimit their ability to send spam and carry out denial of serviceattacks. Also, they are often monitored and regulated by their Internetservice providers.

Computers in large corporations, on the other hand, have a greaterrange of possibilities. These computers may be more difficult tocompromise, assuming they are behind firewalls, protected by intrusionprevention systems, and regularly updated....

Read more
Have You Been Skimmed?
Yazan Gable | 07 May 2007 | 0 comments

Or rather, has your debit or credit card been skimmed? Have you everbeen the victim of debit card or credit card fraud? Have you everwondered how fraudsters got your information in the first place? Youwere sure that you never let your debit card or credit card out of yoursight. You had made sure that the only online shopping you did was atsecure Websites when you used your credit card or bank account topurchase anything online. So how did they get your info?

There are a few ways that your information can leak through thecracks and into the hands of malicious fraudsters. But one of the mostpopular ways is skimming. Skimming is the process of recording the dataon the magnetic strip of a credit or debit card so that it can be usedlater in a fraudulent way. It isn’t the easiest way, but it producesthe most viable data for fraudsters to sell.

So how do they do it? Typically they use a card reader similar tothe ones that the bank or retail outlets use to process your...

Read more
Payment Service Companies Cash in on Identity Fraud
Yazan Gable | 01 May 2007 | 0 comments

Big money is being made through buying and selling stolen creditcard information. There’s an entire market thriving in shady chat roomson public Internet relay chat (IRC) servers. Carders vie for the bestdeals, having to wade through the thousands of lines of advertisements.Large collections of credit card numbers, identities, credit carddumps, bank account credentials and online payment accounts are amongthe many things that are traded by the minute. But it isn’t only thecarders who make money from the sale of this information.

Payment service companies make their commissions on these sales aswell. Every deal involving stolen credit card information has to bepaid for, and payment service companies provide the carders with theability to transfer their money.

But what makes any particular payment service popular amongstcarders? There are a number of factors. Firstly, anonymity isimportant. A carder wants to provide as little personal information aspossible. They don’t...

Read more
ID Theft Down in the Dumps
Yazan Gable | 30 Apr 2007 | 0 comments

Did you ever wonder how your credit card information is bought, soldor transferred? Have you ever wondered how someone uses your creditcard information after it is stolen to commit fraud? There are a numberof ways, but the preferred method is through using dumps. A dump is afile containing the data that is stored on a credit card’s magneticstrip. Dumps are the favorite currency of credit card fraud these days.

Carders, the people who deal in stolen credit card information andlaundering, pay premium prices for dumps. Premium is around $8.00 US,while simple credit card numbers, names and expiration dates are around$1.00 – 2.00 US. Sure, having a credit card number, name and expirydate work pretty well for on-line purchases, but the difficulty is ingetting the goods. Where should they be shipped to?

Dumps, on the other hand, allow the carder to dump the data ontopretty much any magnetic card. This includes hotel room keys, discountcards, gift cards, and other credit...

Read more

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,915