VeriSign Acquires, Declares War on ‘Splogs’

VeriSign has acquired, the primary weblog "ping" service tracking how often weblogs are updated. The deal capped a wild Thursday in the blogosphere, which started with the announcement that America Online has bought Weblogs Inc., one of the most prominent blogging networks.

While the AOL-Weblogs Inc. deal is focused on content, VeriSign's purchase of from founder Dave Winer is all about infrastructure. "For a long time, ping servers could be stood up as a single box running on a fast business DSL connection," noted VeriSign's Mike Graves on the company's Infrablog. "Those days have passed at least for the popular ping servers; pings are well on their way to requiring serious infrastructure. That’s where VeriSign comes in."

Continue reading

Scams Targeting Online Games: Old Phish With Fresh Bait

Are phishing crews paying more attention to virtual worlds? Phishing attacks on massively multiplayer online role-playing games (MMORPGs) have been around since at least 2002, and perhaps earlier. But some observers of online games say the growing market for virtual currency and player accounts may be attracting fresh attention from phishing scams, which are mass-mailing "bait" e-mails seeking to capture gamers' account logins.

Phishing attacks most commonly target banks, credit card companies and payment sites such as Paypal. This year phishers have expanded their target list to include smaller regional banks and credit unions. While phishing attacks on online games aren't new, they may represent a logical area of expansion for these scams, given the growing value of player accounts, the youthful demographics of online gaming, and a recent influx of new players due to the popularity of World of Warcraft.

A recent phishing attack targeting users of EVE Online was reported by Terra Nova, a blog that follows trends in virtual worlds. The bait email purports to be from the game's security team, investigating unusual account activity and sending victims to a spoof site at a server in Spain.

Continue reading

Report: Cisco Flaw Could Allow Router Worm

Security researchers say they have found weaknesses in Cisco's Internet Operating System (IOS) which may enable an Internet worm to spread between Cisco routers. But Arhont Ltd. denied reports that such a worm had actually been developed.

In a post to the Bugtraq mailing list, Arhont's Andrei Mikhailovsky said his firm had discovered weaknesses in the way IOS uses the Enhanced Interior Gateway Routing Protocol (EIGRP), which handles information exchange between routers. "Among the discovered issues are multiple vulnerabilities in EIGRP implementation," Mikhailovsky wrote. "Also, authors have addressed the _theoretical_ aspects of an algorithm for a cross-platform worm that could spread in IOS based devices." EIGRP supports the AppleTalk and IPX (Novell Netware) networking protocols in addition to IP, allowing cross-platform routing. Arhont offered no additional details, but said it is preparing an advisory for Cisco's Product Security Incident Response Team (PSIRT).

Continue reading

New Vulnerability in Firefox Browser

A vulnerability has been reported in Firefox which could allow malicious sites to compromise computers running the browser. The security hole, which is rated highly critical by Secunia, affects all versions, including Firefox 1.0.6 and earlier and the just-released beta version of Firefox 1.5. An attack can be created using a specially-crafted URL, which will cause a buffer overflow in Firefox that results in a denial of service and, in some cases, remote code execution.

The flaw was discovered by researcher Tom Ferris of Security Protocols, who found an error in the way Firefox handles URLs (see description here). The vulnerability has been reported to the Mozilla Foundation, which is preparing a fix. There have been 86 million downloads of the Firefox browser, with recent estimates placing its market share at about 9 percent of Internet users.

Banks Shifting Logins to Non-SSL Pages

After years of training customers to trust only SSL-enabled sites, banks are shifting their online banking logins to the unencrypted home pages of their websites. Although the data is encrypted once the user hits the "Sign In" button, the practice runs counter to years of customer conditioning, as well as the goals of the browser makers. Three of the five largest U.S. banks now display login forms on non-SSL home pages, including Bank of America, Wachovia and Chase, as well as financial services giant American Express.

Web sites are generally reluctant to use "https" on busy home pages, since SSL involves a tradeoff: improved security, but slower response time. Consumers, meanwhile, prefer easy to-remember URLs for their online banking. In placing login screens on non-SSL home pages, banks are trying to have it both ways: fast page loading without the SSL-related performance hit. The login form's "action" URL points to an SSL-enabled https URL.

Continue reading

Cisco Intrusion Detection Products May Allow Intrusion

A Cisco security flaw may allow attackers to hack into systems through the intrusion detection system (IDS), Cisco warned Monday in an advisory. An SSL certificate-checking flaw in two Cisco products - CiscoWorks Management Center for IDS Sensors (IDSMC) and Monitoring Center for Security (Secmon) - could allow an attacker to spoof an IDS system and gain access to sensitive data. SSL certificates are used to authenticate Cisco devices and services as they interact with one another.

A successful attacker "may be able to gather login credentials, submit false data to IDSMC and Secmon or filter legitimate data from IDSMC and Secmon, thus impacting the integrity of the device and the reporting capabilities of it," Cisco said. A free software update that corrects the flaw is available from Cisco.

Continue reading