Lost+Found: Mac spyware, Wi-Fi adware

Too short for news, too good to lose; Lost+Found is a round up of useful security information. Today: Mac trojan gets serious, Microsoft improves SQL injection protection, dumb fuzzing framework for Linux and researchers develop a new adware concept

• Things are slowly getting serious for Apple users – Trend Micro has not only found OpinionSpy, a recently reported piece of Mac spyware, on download sites such as Softpedia, but also on Apple's own download pages. OpinionSpy offers functionality for spying on instant messaging and the real time messaging protocol (RTMP).

• Microsoft has released version 3.1 of its anti-cross site scripting library for web servers. There is a new Security Runtime Engine HTTP module (SRE) which should also protect servers from SQL injection attacks.

• Giving dumbness a chance – Carnegie Mellon University CERT has released its Basic Fuzzing Framework (BFF) which can be used to test applications on a prepared Linux system for bugs. BFF utilises dumb fuzzing, where the tool simply sends erroneous packets or data to an application without considering data structure.

• A group of researchers have dreamt up an unusual form of adware. It infects laptops, which it transforms into WLAN routers. In public places these can, for example, reroute other users' Wi-Fi connections to a hotspot through themselves and insert adware into HTML pages, or even additional video sequences into streaming YouTube videos. This allows them to spread ads without having to infect large numbers of computers. Thanks!

(trk)