Security Watch

Beware the MSE Spoof

Since the advent of Microsoft Security Essentials, the folks up in Redmond have aimed to convince users that the free security solution is the the safest solution because it was made for Windows products and services.
 
So far that seems to be true. Naturally, hackers are counting on that appeal.
 
Security shop F-Secure issued a warning late last week that a mischievous and malicious spoofing bug has been designed to lure MSE users into clicking on yet another fake security warning. But click on it and you'll have more than a warning:
 
"Not only does this fake tool steal Microsoft's brand, it also features a bizarre matrix display of 32 antivirus products, offering to locate you a tool that would be capable of fixing your machine as 'Microsoft Security Essentials' can't clean the malware it found," F-Secure said.
 
After the user clicks in, a multi-colored display window then lists several alternative security software programs that can clean your new "infection."
 
Among these trusty products are AntiSpySafeguard, Major Defense Kit, Peak Protection, Pest Detector and Red Cross.
 
Except for the last one, which is actually an international aid organization, the rest of these programs have one thing in common: They're faker than a three-dollar coin.
 
F-Secure offers up this comment: "Hopefully Microsoft's lawyers will find the clown behind this one. They would have a field day with him."
 
Firefox in Sheep's Clothing
A new add-on for Firefox from open source collective Mozilla, which has been increasingly competing with Internet Explorer for share in the browser segment, lets "pretty much anyone" scan a wifi network and hijack others' access to Facebook and Twitter.

Created by Eric Butler, an independent Web application developer and security researcher based out of Seattle, the add-on was unveiled, which he calls "Firesheep," this past weekend at the ToorCon Security Conference in San Diego

"This is a widely known problem that has been talked about to death, yet very popular Web sites continue to fail at protecting their users," Butler wrote in his blog, adding that although encrypted user logons are common, traffic isn't encrypted, leaving "the cookies, and the user, vulnerable."

In essence what Firesheep does is exposes unencrypted Web traffic and cookies that anyone can use to eavesdrop on browser sessions used at public wifi hot spots.
 
Firesheep works with Windows and Mac OS X versions.
 
The thinking here is that the proverbial hacker "fox" can be exposed when trying to attack the user "sheep" who are, well, using Firefox.
 
Config Debugger Free Until Halloween
Athena Security, the makers of Athena FirePAC, an enterprise firewall audit and operations tool, announced that it will make the company's Configuration Debugger, a software-based solution that network engineers can use for offline troubleshooting of service availability issues on Cisco, Check Point and Netscreen firewalls, available for a free download until Halloween.
 
Athena believes the product is necessary at a time when network administrators can typically spend many hours troubleshooting a buggy firewall in the typical enterprise IT production environment. If a network has more than one firewall, messy configurations can be a costly and time-consuming quandary to untangle and a security threat, to boot.

"The Athena Configuration Debugger is a far more convenient alternative to Cisco's Packet Tracer for applying virtual packets to troubleshoot dropped services," according to David Hurst, CTO, Athena Security in an e-mailed statement. "Firewall engineers can use this tool to quickly get to the heart of the rules that cause great confusion."

The product is available for free download until Halloween. After that, you'll have to scare up some dough to get it.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

  • How To Automate Tasks in Azure SQL Database

    Knowing how to automate tasks in the cloud will make you a more productive DBA. Here are the key concepts to understand about cloud scripting and a rundown of the best tools for automating code in Azure.

  • Microsoft Open License To End Next Year for Government and Education Groups

    Microsoft's "Open License program" will end on Jan. 1, 2022, and not just for commercial customers, but also for government, education and nonprofit organizations.

comments powered by Disqus