ZDNet is warning that very soon virus writers, phishers, and hackers are uniting their efforts and creating ways to exchange information that could be cross-used for faster and more efficient attacks. ZDNet is warning that in the near future we should expect this to lead to very quick exploits of newly discovered vulnerabilities. The exchange of information among the “malware” writers is likely to decrease the time needed to create and distribute an exploit.
Virus writers are combining their efforts with hackers and spammers to
launch Swiss Army knife-like malware attacks on users, Kaspersky Labs
warned this week.
Swiss Army knife-like attack? Not sure exactly how this would work in reality, but the possibilities of collaboration between the attackers are scary.
Secunia (a cyber security firm) reports of a new cross-browser vulnerability that allows hackers (usuallly phishers) to hijack a pop-up window that was legitimately opened by you on a site that you usually would trust.
The vulnerability can be exploited by a malicious web site to “hi-jack”
a named browser window, regardless of which web site is the true
“owner” of the window.
The vulnerability is described by Secunia, and they even provide a nice graph of how it works. Finally, you can test whether your browser is affected by this vulnerability. This has the possibility to take the phishing attacks to a whole new level. Because of the high percentage of browsers affected and because the pop-up that is hijacked comes from a trusted site, many users are likely to be affected and tricked into entering personal information.
Not much can be done other than patch your browser, and be on the lookout for suspicious pop-up windows that may change their contents during page load.
Microsoft and its chairman are apparently trying to steer the security focus in a different direction - the passwords. Bill Gates has recently argued that weak passwords are one of the main security threats and that biometric or smart-card authentication should be adopted more and more widely.
Moving to biometric and smart cards is a wave that is coming, and we see our leading customers doing this,” Gates told attendees at the IT Forum in Denmark last month. “In time, we will completely replace passwords.
While Gates is probably on the right track [again] as it comes to vision, I am not sure that at this day of extreme server and client application insecurity, we need to shift our focus elsewhere. I believe that while we should seek and adopt alternative ways to authenticate users, especially the ones who use ‘password’ as their password, but I believe the focus should still be on creating harder to penetrate operating systems, routers, and server applications. Although passwords are a very weak link in the chain of security, they are arguably not the weakest.