The Seriousness of the Twitter Vulnerability?

twitter_110 The main question is how much do you want to know about this?  Yes I am talking about a Vulnerability that could risk your twitter account or even yet inject malious software into the computer.

[ad#cricket-right-ez]We’ve seen that there have been [intlink id=”2650″ type=”post”]twitter phishing[/intlink] in the past, and [intlink id=”3008″ type=”post”]Facebook phishing[/intlink] have made people wonder out much do we depend on Twitter.

Lance James and Eric Wastl have provide Proof of Concept for this vulnerability, according to Information Weekly:

James cautions that XSS vulnerabilities should be taken seriously because they can reach beyond Web pages. “A lot of people think XSS is limited to the Web,” he said. If there’s another vulnerability in the victim’s browser, the Twitter flaw could be used to launch additional malicious code, he explained.

As you can see there is more to this problem then meets the eye.  For one using the [intlink id=”2980″ type=”post”]URL redirects[/intlink] could be one way this could be used.  No telling what other vulnerabilities lay for the client side twitter programs.   Twitter has a long way to go to be security minded, and yet Twitter hasn’t said what they will do to fix this problem.

I for one would like to see this problem fixed just as quickly as possible due to the security risk involved to me, the consumer.  Twitter needs to jump on this and fix it to prevent any more attacks against there twitter audience. Although it doesn’t hurt to have [intlink id=”2205″ type=”page”]Anti-virus And a good firewall[/intlink], it all depends on End user to prevent this for the time being.

Come on Twitter, Fix this problem.

New spam Campaign — Casino Anyone?

Looks like there is a new Campaign going on with regards to having VIP access.

geocitiesspam

So I go to the site:

geocitiesspam1

[ad#cricket-right-ez]

I decide to have a little fun and download the file.  The Filename is “Smartdownload.exe“.  Now you shouldn’t install any software or programs from sites you don’t know about or have any idea of what changes are going to be made.  I use CWSandbox to better understand this file.  Here are a few thinks I’ve found:

  • This program connects to three different IP’s [Your broadband Modem,200.122.168.237, and 212.201.100.136]
  • It also Changes your Autoexec.bat file.  (Not good)
  • Changes access flags on several different program (not good either)
  • It also tries to be Anonymous.  If you checks the logs out your self you will find it very interesting.
  • It looks like it connects to the servers every time you boot up!! (Not good either)

I don’t know what it is trying to do but everything I see about this file makes me think this is trying to avoid virus detection.  I ran Kasperky and Avast file check, it came up clean.   I think what happens is you download the virus after you install this software.  I wouldn’t download this or install it, even though it advertise you 800% free that has to be scam or just a flat lie to get you to install software.  Everything about this program doesn’t make me want to to install this software, although it doesn’t seem to be a virus.  It however does make me want to delete the file.  Remember to use[intlink id=”2205″ type=”page”] Anti-virus and Firewalls[/intlink], that is your first line of defense.

Onlive? Could that be the downfall of Unlimited Internet?

onlivewebsiteAs most of read from Engadget, Cnet, and IGN, this is the the beginning to the end for unlimited internet access.  As you know [ad#cricket-right-ez]according to Wikipedia, there is 8.9 Million at least having XBOX 360 and according to Engadget there are 71% have DSL speeds, so that would be a possible 5.6 million I am guessing. Just on one Console, I could go through each console and see but I know it is a big number. It could out sell all these other consoles really quickly.

Now we have had console wars for some time and this might or might not work depending on the streaming of Onlive and also the FPS(Frames Per Second).  If they don’t do it right, this will never catch on and if they do it right which they might I see there will become a scenario where the ISP will want to regulate bandwidth.  Time Warner has been looking into for some time.  IF enough people buy this and use the service then all the ISP will have more reasons to regulate bandwidth.  So is this the downfall of Unlimited Internet Access?  All these kids wanting to play the most recent games, who knows how this will work out but this will be a bandwidth issue in the coming months as we see who wants to use this.  If Onlive sells these for $99 then I see it becoming the winner, I’d also like to see unlimited subscriptions like Netflix but We will have to wait and see!!

Apple get scammed out of 9,000 Ipods

This is an unusual report, Apple return policy seems to be flawed.

[ad#cricket-right-ez]

Apple replaces faulty iPods automatically once the serial number of the device has been given. If the customer does not return the faulty device then the company charges their credit card for the replacement cost.

[Via VNUNET]

It seems even Apple didn’t even notice the high amount of returns from a single user.  It just proves that there are more and more.  Some things Apple will like do is change the return policy and come up with more stricter return policies.  Although if this doesn’t show how scammers are trying to make money because of the recession.  Apple has a long road ahead of it to be security minded.

Are You and Your Friends Fine — Virus Spam

Logged into my Google Email and was checking my spam to see what I see and this one draws my attention:

virusspam

I think I know where this is leading me but I click the link and this website with the Reuters logo pops up:

fakesvideo

Now as you can tell this looks authentic but when I did go to this site, AVG detected some trojan.  It blocked it, but  the file that it is downloaded called “save.exe” and I have talked about [intlink id=”2991″ type=”post” target=”_blank”]flash player fake updates[/intlink].  I have seen other blogs talking about dirty bomb news report leads to malware.  I don’t know about you but if I wanted to update my flash player, I go to the source and not use any links.  It is wise not to download any programs or files and run them without properly checking them out for viruses and Trojans.  You should have a fiewall and anti-virus running at all times and that will help but it is your actions that help your prevent from getting viruses or Trojans.