Friday, 23 January 2009

New Trojan for Mac

Mac was away from malware for quite a few days. But to increase the necessity for security of Mac (or to increase the security market for mac) new mac trojan was reported. The Trojan was first reported by Intego. The Trojan was found in pirated apple iWork 09 (equivalent of microsoft windows office). This version of iWork 09 is said to contain Trojanized package called iWorkServices.pkg which is installed alongside iwork software. This package runs itself as a service and attempts to connect to a remote server. Mac users are alerted not to download this version and to update their antivirus softwares with latest virus definitions.

Saturday, 17 January 2009

"Conficker" Latest Worm in the cyber town

By the time i was writing this blog ,Conficker worm also known as 'Downadup' is spreading across very fast. According to security firm F-Secure blog post it is said to have infected 8.9 million machines.
This worm is said to exploit Microsoft windows server service vulnerability.
According to this article the worm also tries to spread by searching shared computers with weak passwords, removable drives and computers without latest security updates.
It has caused havoc to the cyber business after storm worm.The worm is said to have infected many banks and popular IT firms across the world. The AV vendors are still working hard to find disinfection and cleanup to this worm. The firms and users are advised to update themselves with latest security udpates and patches.

Friday, 2 January 2009

Forged SSL certificates

Researchers Molnar, Appelbaum, and Sotirov were able to successfully create a rogue CA (certificate authority). They picked the CA's which are still using crappy MD5 for their certificate. They were able to forge the legitimate certificate with their rogue one's as the MD5 hash values of both the certificates were same ( flaw in MD5 due to collisions).
Though this can be used by malware authors to create fake digital certificates, which is seen in recent malware attacks. They can impersonate bank websites and fool users in phishing attacks.
The solution to this problem is to use SHA instead of MD5.
Though this is a very good research work, this is not great security threat as SSL is at the browser end is only certification and there are so many legitimate websites with bad certificates. Normally people ignore those warnings displayed by the browsers.

As we know that data is often stored at endpoints rather than network, creating a rogue CA certificate is not off great security risk.
At least in 2009 we should stop using MD5 and switch to SHA....

Happy New year to all, Wishing for a secure and safe web :-)