What is it about politicians that make them absolutely freak out about things that they really shouldn’t be wroried about? The latest is that the EU internet security agency ENISA is calling for all sorts of new laws to be put in place concerning social networks. It sounds like most of the proposed laws will take care of really minor “problems” that might occur at the expense of annoying just about everyone. For example, it wants laws to be put in place saying that you cannot post someone’s photo online without their consent. You can understand the extreme case they’re looking to prevent (someone putting up embarrassing photos), but that’s rare, and the trouble it will cause for normal folks just taking snapshots will be immense. ENISA is apparently also really worried about the fact that (I kid you not) people don’t realize that you can befriend people via a social network that you don’t really know (gasp!). The thing is, social conventions seem to take care of most of these problems without the need for any sort of special legislation, but if you’re a gov’t agency, I guess it’s only natural to think in terms of what laws can you add.
Source
Uncategorized
Another mass compromise through (yet again) another SQL injection attack. The yet again’s and another’s keep coming, right? This time, unlike its predecessors that use relatively old and known (and patched) exploits, the attack introduces a new kid on the block: in the form of what looks like a zero-day exploit taking advantage of an unknown vulnerability in Adobe Flash Player, allowing malicious users to install info-stealers on affected PCs.
Well, this one already has a lot of history in it. Mass compromises are the month of May’s major stories. TrendLabs discovered them happening to Web sites everywhere from a huge portion of the Asian region (see here and here) to those in the Italian language. We have seen these mass compromises happening just mere days between each other (beside the links above, more information can be read in our blog).
Certain legitimate sites were found to have been injected with scripts that lead browsers silently to sites hosting exploits for the Flash vulnerability/ies. Upon meeting certain system conditions that allow the exploitation to commence, PCs download and execute info-stealers (like TSPY_UPACK.D) or droppers (like TROJ_DROPPER.NAK).
TrendLabs detects the .SWF files as SWF_DLOADER.YVM and SWF_DLOADER.YVN. Remarkably, the related domains in this attack spoof the domain name of legitimate and known phone company Nokia, as well as that of the popular online game Defense of the Ancients (DotA). Other domains are lkjrc and woai117 (both belonging to-surprise, surprise-.cn).
TrendLabs has already blocked the malicious domains involved in this attack, and also detected the following malware which are installed in systems:
- HTML_DLDR.BF
- TSPY_UPACK.D
- TROJ_DROPPER.NAK
- HTML_DLDR.BF
- TSPY_UPACK.D
- TROJ_DROPPER.NAK
This unspecified remote code execution vulnerability in certain versions of Adobe Flash Player is the one referred to here.
Uncategorized
GameStop leaked the existence of the $100 Rock Band Stage Kit back in January, and it’s updated the listing with the first pictures we’ve seen of the included smoke machine and strobe light. The smoke machine looks fairly ordinary, but the light features controls so Rock Band vocalists can apparently blind themselves while making selections. The kit’s listed with a ship date of August 15, but who knows if that’s accurate — and considering you can pick up a real fogger and strobe light sufficient to glam out your living room for all of $50, we’re not exactly waiting on pins and needles.
[Via Xbox 360 Fanboy]
Uncategorized
