Security Watch

Beware the MSE Spoof

Since the advent of Microsoft Security Essentials, the folks up in Redmond have aimed to convince users that the free security solution is the the safest solution because it was made for Windows products and services.
 
So far that seems to be true. Naturally, hackers are counting on that appeal.
 
Security shop F-Secure issued a warning late last week that a mischievous and malicious spoofing bug has been designed to lure MSE users into clicking on yet another fake security warning. But click on it and you'll have more than a warning:
 
"Not only does this fake tool steal Microsoft's brand, it also features a bizarre matrix display of 32 antivirus products, offering to locate you a tool that would be capable of fixing your machine as 'Microsoft Security Essentials' can't clean the malware it found," F-Secure said.
 
After the user clicks in, a multi-colored display window then lists several alternative security software programs that can clean your new "infection."
 
Among these trusty products are AntiSpySafeguard, Major Defense Kit, Peak Protection, Pest Detector and Red Cross.
 
Except for the last one, which is actually an international aid organization, the rest of these programs have one thing in common: They're faker than a three-dollar coin.
 
F-Secure offers up this comment: "Hopefully Microsoft's lawyers will find the clown behind this one. They would have a field day with him."
 
Firefox in Sheep's Clothing
A new add-on for Firefox from open source collective Mozilla, which has been increasingly competing with Internet Explorer for share in the browser segment, lets "pretty much anyone" scan a wifi network and hijack others' access to Facebook and Twitter.

Created by Eric Butler, an independent Web application developer and security researcher based out of Seattle, the add-on was unveiled, which he calls "Firesheep," this past weekend at the ToorCon Security Conference in San Diego

"This is a widely known problem that has been talked about to death, yet very popular Web sites continue to fail at protecting their users," Butler wrote in his blog, adding that although encrypted user logons are common, traffic isn't encrypted, leaving "the cookies, and the user, vulnerable."

In essence what Firesheep does is exposes unencrypted Web traffic and cookies that anyone can use to eavesdrop on browser sessions used at public wifi hot spots.
 
Firesheep works with Windows and Mac OS X versions.
 
The thinking here is that the proverbial hacker "fox" can be exposed when trying to attack the user "sheep" who are, well, using Firefox.
 
Config Debugger Free Until Halloween
Athena Security, the makers of Athena FirePAC, an enterprise firewall audit and operations tool, announced that it will make the company's Configuration Debugger, a software-based solution that network engineers can use for offline troubleshooting of service availability issues on Cisco, Check Point and Netscreen firewalls, available for a free download until Halloween.
 
Athena believes the product is necessary at a time when network administrators can typically spend many hours troubleshooting a buggy firewall in the typical enterprise IT production environment. If a network has more than one firewall, messy configurations can be a costly and time-consuming quandary to untangle and a security threat, to boot.

"The Athena Configuration Debugger is a far more convenient alternative to Cisco's Packet Tracer for applying virtual packets to troubleshoot dropped services," according to David Hurst, CTO, Athena Security in an e-mailed statement. "Firewall engineers can use this tool to quickly get to the heart of the rules that cause great confusion."

The product is available for free download until Halloween. After that, you'll have to scare up some dough to get it.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Populating a SharePoint Document Library by E-Mail, Part 1

    While Microsoft doesn't allow you to build a SharePoint Online document library using e-mail, there is a roundabout way of getting the job done using the tools that are included with Office 365. Brien shows you how.

  • Microsoft Previews New App Reporting and Consent Tools in Azure AD

    Microsoft last week described a few Azure Active Directory improvements for organizations wanting to connect their applications to Microsoft's identity and access service.

  • Free Software Foundation Asks Microsoft To Release Windows 7 Code

    The Free Software Foundation this week announced that it has established a petition demanding that Microsoft release its proprietary Windows 7 code as free software.

  • Managing Multiple Remote Connections in One Place with mRemoteNG

    If you're juggling multiple remote connections daily, this is the utility for you. Brien walks through the steps to use mRemoteNG, from installation to deployment.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.