In an effort to show how well it is already doing to fend off daily attacks from an infinite swarm of hackers, Microsoft now wants its users to know that has a brand new way of protecting them. Unlike the previous updates which fixed and patched security vulnerabilities in the software of the system, this new method of security protects against the human aspect of computer security, or in other words, finally helps fight the human exploits that usually gets most users in trouble.

Read More →

fake-pay-pal-screen-shotA resourceful hacker was able to create a fake PayPal account to gather sensitive financial information that bypassed Microsoft Internet Explorer, Apple Safari, and Google Chrome security. The hack was designed to pop up a PayPal page with an artificial SSL certificate prompting users to submit sensitive information to the hacker without warning.

Noticeably missing from the list is Mozilla Firefox, which does not seem to be affected by the hack. Dan Gooden of The Register stated that “Even though the certificate is demonstrably forged, it can be used with a previously available hacking tool called SSL Sniff to cause all three browsers to display a spoofed page with no warnings, even when its address begins with ‘http.'”

To make matters worse, Microsoft apparently knew about this problem back in June when a hacker attending the Black Hat Security Convention exploited the weakness. A spokesman from Microsoft stated “Microsoft is investigating a vulnerability in SSL in Windows presented during Black Hat, Once we’re done investigating, we will take appropriate actions to protect customers.” Until the issue is resolved experts recommend that anyone using PayPal go to the site directly rather than risk getting duped into putting your information of a fake web page.

(Via Seattle Pi)

Read More →