November 27th, 2008

more

December 04th, 2008

more

more

more

more

more

more

more

more

more

more

more

more

more

August 27th, 2008

When to Worry About Security Holes--and When Not To

One of the best things you can do to help keep your PC and your private data safe is to stay abreast of the latest security alerts. But security news stories often contain techie jargon that can make your eyes glaze over faster than a congressional session on C-SPAN.

To help you determine whether a particular alert is worthy of Chicken Little or is truly dangerous, here are translations for some of the most common threat terms.

Drive-by download: A big one. If a program or operating system bug allows drive-by contamination, your PC can become infected with malware if you simply view a malicious Web site. You don't have to download anything or click any links on the poisoned page.

User interaction required: You might think that you'd have to download a file or open an attachment to get hit by an attack described in this way. But experts often apply the term to simply clicking a link that will deliver you to a page containing a drive-by download.

Zero-day: Potentially major, but not always. This term most commonly refers to a flaw (and perhaps an attack exploiting it) that surfaces before a fix is available. If the attack is ongoing (see "in the wild"), watch out. But many alerts or stories play up zero-day flaws that aren't being hit and may never be; see the next entry.

Proof-of-concept: A flaw or attack that researchers have discovered but that bad guys have yet to exploit. If the alert says something like "proof-of-concept code has been released," crooks are very likely to create a real attack with that sample. But many evil-sounding proof-of-concept attacks never get weaponized.

In the wild: The opposite of proof-of-concept. When an exploit or malware is in the wild, digital desperados are actively using it. If the term is being used to describe attacks against a software flaw, make sure that you have installed the application's latest patches.

Remote code execution: This kind of flaw allows an attacker to run any command on the victim's computer--such as installing remote-control software that can effectively take over a PC. Holes of this type are dangerous, so take notice when you hear of one.

Denial of service: Not so bad. This term usually describes an attack that can crash a vulnerable program or computer (thereby denying you its service) but can't install malware. Occasionally, however, crooks figure out how to transform a denial-of-service flaw into a concerted attack that allows remote code execution.

Of course, your best bet is to apply security patches as they're released, whether to fix a proof-of-concept denial-of-service flaw (yawn) or to address an urgent zero-day drive-by download threat.

---

DONATION: Keylogger.org is an independent research project supported by a team of enthusiasts. If you find this project useful or would like to help foster its continued development please consider making a donation using PayPal`s online secure payment service.

A PayPal account is not required. All major credit cards are accepted (MasterCard/Eurocard, Visa/Delta/Electron, American Express, Switch/Maestro, Solo). Simply click the button below.

Any amount would be useful and appreciated!

Thanks in advance for your support!