Xanda's Blog !~!

Please Upgrade to Firefox 3.0.15 or 3.5.4

Oct
28

Have you update your Firefox? Kindly tell me if you haven’t 😉

Naahh.. Just kidding.. Updates are available now.. Patch.. Patch.. and Patch.. Before its too late

Read more here:

[credit: IMG source]

Microsoft Announcing the Release of the Enhanced Mitigation Evaluation Toolkit (EMET)

Oct
28

Even as you read this, people around the world are hunting for vulnerabilities in software applications.  Odds are some of them will be successful.  Depending on their motives and what they find, your software and systems may be put at risk.  So how do you protect your software from unknown vulnerabilities that may or may not exist?  One option is to use security mitigations.

Microsoft offers a number of different mitigation technologies that are designed to make it more difficult for an attacker to exploit vulnerabilities in a given piece of software.  Take a look at Michael Howard’s article “Protecting Your Code with Visual C++ Defenses” (http://msdn.microsoft.com/en-us/magazine/cc337897.aspx) for a brief overview of some of these technologies.

Supported mitigations include:

  • SEHOP
  • Dynamic DEP
  • NULL page allocation
  • Heap spray allocation

[Read more: HERE]

Cyber Security is Evil! F-Secure is Evil!

Oct
27

*still waiting for my advisory to be approved.. will post some links soon*

Hahaha.. Dont get me wrong.. I didn’t mean the companies are bad.. Its the rogue security software 😉

Rogue security software is a form of computer malware that deceives or misleads users into paying for the fake or simulated removal of malware. Rogue security software, in recent years, has become a growing and serious security threat in desktop computing

[source: wikipedia]

Lets see some screeny:


Yo! Cyber Security in da haus!


Google search lead to rogueware


Captain Obvious to the rescue! I’m in Linux and don’t have Windows installed 😉

Moral of the story:

  • do not simply trust free stuffs
  • keep your AV up to date
  • it is worth it to have antispyware installed (Malwarebyte’s Anti-Malware is not bad)
  • find anything suspicious? keep a copy of it.. share the sample with me 😛

*still waiting for my advisory to be approved.. will post some links soon*

McAfee Saw Balloons, I Saw Nothing

Oct
23

McAfee Lab Blog in their latest entry said that they saw Balloon Boy spam and what I saw is NOTHING.. 😛

Anyway, both Ballons and NOTHING leading to the same fake “Canadian” pharmacy sites

New SSL Spam Trying to Spread Malware

Oct
20

Here is my short writeup on the latest ZBot malware..

Nothing much with the malware, but nice trick on the way of spreading it

Link: Honeynet Blog