The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015

Chinese authorities use Skype to spy on users

Chinese authorities use Skype to spy on users

According to Bloomberg Businessweek, University of New Mexico graduate student Jeffrey Knockel, 27, studied the Chinese version of Skype. During the research he found out that the program contains a built-in keylogger that checks if the typed words are being banned and sends the data to the security agencies of China.

Skype service, with about 96 million users, is known as TOM-Skype, a joint firm with majority owner Tom Online.

Knockel discovered thousands of terms, monitored by Chinese authorities, related to such forbidden topics as pornography and drugs, as well as the political sphere: “International Amnesty”, Tiananmen (a term related to the protest actions and revolution), Reporters Without Borders, BBC News etc.

The researcher stated that the database is continually enlarging. Despite the fact that the data is encrypted, Knockel managed to allocate finite sequences of symbols corresponding to certain word combinations by successive division of the file into two and monitoring the network activity when the words are being typed.

According to the research data, China’s government is not only recording correspondence within the state, but also tracking messages sent to accounts abroad.

Knockel said that the results of the conducted study demonstrate the existing conflict between Microsofts propaganda of privacy and the companys role in supervision and monitoring.

I would like to get a statement out of them on their social policy regarding whether they approve of what TOM-Skype is doing on surveillance, - said Jeffrey.

(c) Naked Security


Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015