Bot and spiders have traditionally attempted to guess password - they use "brute force" attacks of dictionary words, with and without common numeric combinations to attempt to "guess" your password.

This method requires not much more than a moderately powered computer and some fairly easy to write software. The first part of the equation is to find a potentially valid username - if your username is FRED - it's not long before someone will begin attempting to brute force (BF) your account.

So how do you prevent this kind of attack?

Posted by Greg Hewitt-Long in Adware, Spyware and Trojans at 13:23

By Tony Bradley, PC World

Social networking services like Facebook and Twitter foster a false sense of security and lead users to share information which can be used by cybercriminals and social engineers. The very concept of social networking is based on connecting and sharing, but with who?

A recent study found that many users simply accept requests to connect even if they do not know the person they are connecting with. The actual numbers found that 13% of Facebook users and a whopping 92% of Twitter users simply connect with anyone who asks.

Users share too much information and often vent on social networking services. Little tidbits of information about being out on vacation, or complaints about the new desktop operating system, or announcing an upcoming business trip to meet with a foreign competitor all offer tiny sparks of information which can be combined with other sparks to form a light that exposes more than should be shared.

Posted by Nancy Pursley in Virus & AntiVirus News at 08:57

Erik Larkin

A new version of Google Chrome currently pushing out via auto-update closes high-risk security holes in how the browser handles Javascript and XML.

The first fix for the browser's Javascript engine heads off a problem that could allow malicious Javascript on a poisoned Web site to steal data or "run arbitrary code," which usually translates to "install malware." Google says a (currently unavailable) post with more info on the bug will be made public "once a majority of users are up to date with the fix."

Posted by Nancy Pursley at 08:23

An automated attack using SQL injection has compromised tens of thousands of Web pages with code that tries to upload a data-stealing Trojan horse program to visitors' computers, security firm ScanSafe said last week.

The attack, which had inserted iframe scripts into as many as 130,000 Web pages as of Tuesday, uses the compromised pages to attempt to infect visitors with a backdoor Trojan horse that includes keylogging and download functionality, Mary Landesman, senior security researcher for ScanSafe, said in an e-mail interview on Tuesday. The initial Web site compromises appear to have been accomplished through an automated database injection attack, which matches with a trend seen by Landesman and others.

"SQL injection attacks are the most commonly observed compromise vector," Landesman stated. "Web attacks have been growing at the rate of 1 percent per day over the past year, with over half of all observed attacks the result of SQL injection."

Posted by Nancy Pursley in Adware, Spyware and Trojans at 09:21