Archive for Denver Post

Data Security Podcast Episode 59 – June 29 2009

Posted in Breach, Court Cases, darkweb, Podcast, Vulnerabilities, web server security with tags , , , on June 29, 2009 by datasecurityblog

30 minutes each week on data security, privacy, and the law…. (plus or minus five)

On this week’s program:

  • Web drive-by download attacks have hit the users of the DenverPost.com .  Attacks in progress.
  • Drive-by downloads are the fastest growing area of cyber attacks. A new tool alerts you before you get hit.

–>NEW! Stream This Week’s Show with our Built-In Flash Player:

This week’s show is 23 minutes long

–> Stream, subscribe or download Episode 59 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–>  A simple way to listen to the show from with stricter firewalls:  Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

This week’s show is sponsored in part by Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software.  If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com . Also sponsored by  DeviceLock Removable Media Security Software.

Show Notes for Episode 59 of the Data Security Podcast

  • Tales From The Dark Web:  Ira has a conversation with Yuval Ben-Yizthak, CTO of security company Finjan about a browser tool that can alert you to drive-by downloads before they strike.  Check out http://securebrowsing.finjan.com to get the tool.
  • From The News:  The owner of TJMaxx stores, TJX entered into a settlement with 40 states and the District of Columbia as a result of a massive data security breach in 2007.  The nearly $10million settlement is far reaching. Read the entire settlement here,  thanks to the Office of the Attorney General of Washington State.
  • From The News:  Adobe Shockwave critical security update. Be sure to UNINSTALL the older versions of Shockwave and then install the new version, if you are on Windows. Mac users just need to do an update.
  • From The News:  According to multiple online scanning sources, The Denver Post web site, DenverPost.com, has been breached members of the Dark Web. The site appears to be attacking visitors to select pages of the site, and attempts to download malware onto the computers of readers of the site.  See screen shots from the Google malware blacklist below. More details on the show.

Google Malware Alert

Google's Denver Post Malware Alert - Click on image for larger view

Firefoxs Denver Post Malware Alert - Click on image for larger view

Firefox's Denver Post Malware Alert - Click on image for larger view

Yuval Ben-Yitzak, CTO of Finjan

Advertisements

BREAKING: DenverPost.com’s Site Blacklisted Due to Suspicious Web Drive-by Malware

Posted in Breach, darkweb, Vulnerabilities, web server security with tags , , , on June 27, 2009 by datasecurityblog

Web Blacklisting reports are coming in that late Saturday night, Pacific Time, that parts of the Denver Post newspaper site is getting blacklisted due to web-based drive-by downloads.

Web anti-malware company Dasient is reported that extras.denverpost.com (WARNING: MAY NOT BE SAFE…DO NOT GO TO THIS SITE WITHOUT STRONG LAYERS OF SECURITY) has 26 pages infected pages. Dasient also is reporting that the site is blacklisted by Google/Chrome and Mozilla Firefox.

Over at Google, the Google  Safe Browsing Diagnostic site is reporting:

“Site is listed as suspicious – visiting this web site may harm your computer….

Of the 137 pages we tested on the site over the past 90 days, 44 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-06-25, and the last time suspicious content was found on this site was on 2009-06-25.

Malicious software includes 46 scripting exploit(s).

Malicious software is hosted on 3 domain(s), including gumblar.cn/, bigtopmanagement.cn/, findbigbrother.cn/.

This site was hosted on 8 network(s) including AS20940 (AKAMAI), AS21399 (AS), AS2914 (NTT).”

It has been widely discussed in data security circles that web drive-by downloads are the fastest growing area of cyber attacks.  There were over 4000 new web application vulnerabilities reported last year. Members of the Dark Web seek out these web based vulnerabilities on legitimate sites.  Members of the Dark Web use these vulnerabilities to steal confidential data from web site visitors, and to steal confidential data from web site owners.

Security experts,  and the PCI (Payment Card Industry) standard, prescribe web application scanning and web application firewalls for web site owners to mitigate these attacks.

Web users can use browser sandboxing applications and browser-based plug-ins to mitigate these attacks. Many of these attacks are cross-platform, so using Mac OS X or Linux will not protect you from many of these web drive-by malware attacks.

We will have more coverage of this attack,  including an interview with the CTO of Finjan about tools to fight these attacks on the Data Security Podcast that will post on Sunday night June 28th.