Friday, May 30, 2008

Friday News Feed 5/30/08

Bank loses tapes with data on 4.5M clients A New York bank confirmed that it lost a box of data storage tapes containing the unencrypted personal information of 4.5 million people during transit to an off-site facility. Read more...






Researchers breach Microsoft's CardSpace ID technology





Apple patches 40 Mac OS X security bugs







Keeping security relevant in the free-content era
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9084988
Kelly goes on to explain eight "generatives," things that can't be copied and so still hold value on the Internet: Immediacy, Personalization, Interpretation, Authenticity, Accessibility, Embodiment, Patronage, and Findability.





Man charged with using cartoon names to defraud brokerages





Microsoft beta-tests free online diagnostic tools for Windows





Stanford Medical School's Rx: Anomaly Detection - 5/30/2008 1:24:00 PM Appliance helps minimize bot, malware infections






Gartner Forecasts the Next Big Threats - 5/29/2008 5:05:00 PM A peek at some of the types of attacks on the horizon that Gartner will reveal at next week's Security Summit






May 30, 2008 Police say banks not reporting cybercrime in effort to protect image
http://www.crime-research.org/news/30.05.2008/3394/






Symantec backs off claim, says current Flash Player safe from attack





Will proposed treaty make border agents copyright cops?

A Little Sunshine Brings Out Rapid And Well Deserved Anger Towards ACTA Treaty
from the spreading-the-word dept
Last week, I wrote a post highlighting the faulty premises behind a secretly negotiated treaty between the US and many other countries, the so-called Anti-Counterfeiting Trade Agreement (ACTA). Since then a bunch of news articles have been written about ACTA, with most of the focus on how it will have border guards going through your iPod and computers to see if you have any infringing content. A bunch of folks have been submitting stories on this all week, despite the fact that we wrote about it last week. However, what's most interesting to me is how quickly this turned from a little story -- first posted to Wikileaks and a few blogs, into something that's been in major newspapers (oddly, mostly focused in Canada). Even more interesting, however, is how this has so quickly turned into activism, with some newspapers already already calling for people to stand up against ACTA to protect our privacy rights. Think about that for a second. This was a treaty on the "boring" topic of copyright, that was basically pitched by the entertainment industry to politicians who wrote it up in secret. It leaked out to a single website, and within a week there were major newspaper editorials calling for people to stand up against it, and thousands, if not millions, of people informed about the potential harm this treaty could cause. So much for slipping it under the radar. This is really the culmination of a few different factors, including the entertainment industry's misguided and rapidly backfiring battle against consumers, that has catapulted copyright from a boring "wonkish" issue into one that people recognize effects so many aspects of their daily lives. Combined with the wonderful communications ability of the internet, it makes it harder for the entertainment industry to simply pull one over on people like this. Of course, as we've noted, the industry keeps on trying, and they love sneaking through legislation and treaties before anyone recognizes it -- but the rapid response to ACTA (which is far from over, of course) suggests that some of the industry's advantages are slipping away. Hopefully, this issue will continue to receive the attention it deserves so that there's a real debate on whether or not such a treaty is needed (it's not).
13 Comments Leave a Comment..





Comcast Hackers Say They Warned the Company First
blog.wired.com — The computer attackers who took down Comcast's homepage and webmail service for over five hours Thursday say they didn't know what they were getting themselves into. In an hour-long telephone conference call with Threat Level, the hackers known as "Defiant" and "EBK" expressed astonishment over the attention their DNS hijacking has garnered.More… (Tech Industry News)







Web 2.0 Sites a Thriving Marketplace for Malware
Malicious software makers are using social networks, video sites, and blogs to peddle their wares to other online criminals. 29-May-2008






Good reference chart:
http://isc.sans.org/presentations/iscflyer.pdf







Electronic Crime Scene Investigation Handbook
Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition, National Institute of Justice, U.S. Department of Justice, April 2008.







Hired gun blamed for business outage Robert Lemos, 2008-05-30 Video-content firm Revision3 accuses anti-piracy company MediaDefender -- known for its aggressive tactics against file sharers -- of attacking its servers over the weekend.






Barracuda hungry for OSS security developer Sourcefire
Security appliance maker Barracuda Networks has proposed a deal to acquire Sourcefire, the company behind the popular open source Snort and ClamAV security software. Barracuda is currently defending ClamAV from patent litigation and has a long history of contributing to open source security software projects.
May 30, 2008 - 09:09AM CT - by Ryan Paul








China hackers behind U.S. blackouts?
Larry Dignan: Chinese cyber-militia may have been behind power blackouts in Florida and the Northeast, according to a report in the National Journal.






Richard Koman: Did Chinese copy unattended U.S. laptop?






Reputation Is A Scarce Good... As Metallica Is Learning







Microsoft: It's Not The Broadcast Flag, It's A Different Flag
from the well,-that-makes...-um...-no-difference-at-all dept
After certain NBC TV shows wouldn't record on Microsoft's Vista Media Center a few weeks ago, Microsoft admitted that Media Center includes broadcast flag technology, while NBC Universal admitted that it accidentally set the flag. However, now Microsoft is trying to clarify, claiming that it's not actually the broadcast flag that it included, but an entirely different flag, called CGMS-A. NBC Universal concurs, saying that the mistake it made was in setting the CGMS-A flag. Of course... the real question is why does this matter at all? If the impact is identical (Microsoft willing to let TV networks declare a show un-recordable), then what does it matter which annoying copy protection scheme is used?
21 Comments Leave a Comment..








What CSOs Can Learn From Estonia
Security researcher Gadi Evron reviews lessons of the Estonian cyber attacks he helped to investigate last year.
» full story

Wednesday, May 28, 2008

Wednesday News Feed 5/28/08

Hackers exploiting Flash Player zero-day bug Attackers are already exploiting an unpatched bug in the latest version of Adobe's popular Flash Player, security researchers said today. Read more...

The bug, which is in the most up-to-date version of Flash, was reported by researchers at the SANS Institute's Internet Storm Center and by others from Symantec Corp.

"Adobe Flash Player is prone to an unspecified remote code-execution vulnerability," Symantec said in a warning posted to its SecurityFocus site. "An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

"Symantec has observed that this issue is being actively exploited in the wild," the company added.






Followup to Flash/swf stories

We've received quite a bit of mail about our stories yesterday about the malicious SWF files attempting to exploit older versions of the Adobe Flash player. So, here are a few of the things that have come out of our discussions.

Our friends over at shadowserver.org (thanx, Steven) have a nice writeup that includes a bunch of domains they've noted that have the malicious SWF files.

If you aren't sure which version of the flash player you are using, Adobe provides this page where you can check for yourself.

On closer examination, this does not appear to be a "0-day exploit". Symantec has updated their threatcon info, as well.

It appears that this exploit may be included in the Chinese version of the MPack exploit toolkit (among others).

In case we weren't clear about it earlier, it appears that the infected web sites check which browser you are using in addition to the flash player version to determine which exploit to deliver.

There are several ways to protect yourself even if you have a vulnerable version of the Flash player.

In Firefox, you can use either of the following add-ons, NoScript (one of our favorites, found here or here) or FlashBlock (here or here).
In IE, see here for how to set the "killbit", the CLSID is BD96C556-65A3-11D0-983A-00C04FC29E36.








Symantec tells users: Disable protection before XP SP3 upgrade
"We have determined that the SymProtect feature is involved, though this issue is not exclusive to Symantec customers. To help prevent this issue from occurring, you should disable SymProtect prior to installing the Windows XP SP3 upgrade."






TJX staffer sacked after talking about security problems







U.S. convicts 15th in largest music piracy case
Gitarts, who used the alias Dextro, was the 15th member of the group to be convicted on piracy charges. All were charged in early 2004 when law enforcement agents around the world acted on search warrants aimed at several online piracy groups.

The other 14 members of the Apocalypse Production Crew who were charged have pleaded guilty.







Cisco Security Advisory: Cisco IOS Secure Shell Denial of Service Vulnerabilities
http://www.cisco.com/warp/public/707/cisco-sa-20080521-ssh.shtml

Summary
The Secure Shell server (SSH) implementation in Cisco IOS contains multiple vulnerabilities that allow unauthenticated users the ability to generate a spurious memory access error or, in certain cases, reload the device.







Shape Shifting Malware Threat Reported by Swiss Cybercrime Operation
http://www.crime-research.org/news/27.05.2008/3387/
"Self changing code designed to dynamically evade recognition is a fact of life, it automatically adapts to the anti-spam and anti-malware engines that it encounters. Unfortunately the knowhow and construction kits used to create this shape shifting threat are now readily available and are unleashing a wave of shape shifting malware based on social engineering techniques. Highly targeted emails containing personalised information and shape shifting trojan attachments are the latest development and each positive infection increases the 'hit rate' for the next wave of emails sent out by the self learning automated engines used by sophisticated attackers", continued Sweeney.







Deutsche Telecom Spied on Employees, Journalists - 5/27/2008 5:45:00 PM Major German service provider violated privacy laws by analyzing phone records in an attempt to stop leaks to the press.






New Smart Phone Hack Could Expose Cell Network - 5/27/2008 3:35:00 PM Researchers to release hacking tool that gathers information about the cellular network to which a smart phone is connected






Tracking People with their Mobile Phones
Not that we didn't think it was possible:
The surveillance mechanism works by monitoring the signals produced by mobile handsets and then locating the phone by triangulation ­ measuring the phone’s distance from three receivers.
[....]
The Information Commissioner's Office (ICO) expressed cautious approval of the technology, which does not identify the owner of the phone but rather the handset's IMEI code -- a unique number given to every device so that the network can recognise it.







Adobe Flash Player Unspecified Vulnerability - Extremely critical - From remote
Issued 6 hours ago.
A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.






EMC AlphaStor Multiple Vulnerabilities - Moderately critical - From local network
Issued 8 hours ago.
Some vulnerabilities have been reported in EMC AlphaStor, which can be exploited by malicious people to compromise a vulnerable system.







Samba "receive_smb_raw()" Buffer Overflow Vulnerability - Highly critical - From remote
Issued 6 hours ago.
Secunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system.







Microsoft: Kraken nearly Storm's sizeNews Brief, 2008-05-27Early data from the software giant's anti-malware service indicates that the Kraken botnet is only about 20 percent smaller than Storm.







TJX completes Mastercard breach settlement







BobJacobsen writes "FCW has an article about a NASA employee that was suspended for blogging on government time. Seems the unnamed employee's "politically partisan" blog entries were a violation of the Hatch Act. The article ends with a chilling quote from the government's Special Counsel in the case: 'Today, modern office technology multiplies the opportunities for employees to abuse their positions and — as in this serious case — to be penalized, even removed from their job, with just a few clicks of a mouse'" Thing is, he was soliciting campaign donations and writing partisan stuff.







"Tickets to the Olympic opening and closing ceremonies will contain a microchip with information about the ticket holder, including a photograph, passport details, addresses, e-mail, and telephone numbers. The stated intent is to keep troublemakers out of the 91,000-seat National Statdium so that they cannot cause disruptions while China is on world-wide television, but it brings up serious concerns for privacy and identity theft."







Cram this: a firsthand account of my recent cramming
When my phone and Internet bill mysteriously doubled in a single month, I found myself on the wrong side of a good "cramming." Semi-shocking true story inside.
May 27, 2008 - 11:35PM CT - by Nate Anderson

...The ESBI firms all let slip bits of information about whoever had allegedly signed me up for these services, but it was ILD's operator who filled in the picture. Through her, I finally assembled the complete name and address that had been entered into an online form, and I finally got the address of the form in question: usprizedraw.com.






UK theme park bans PDAs, mandates family fun time
A UK theme park is experimenting with banning PDAs this week. The policy could be made permanent if successful, signaling an increased willingness to make people in public stop and smell the roses.
May 27, 2008 - 10:10AM CT - by David Chartier








Microsoft is hellbent on touch
Larry Dignan: Windows 7 will rely heavily on touch and it's really easy to be skeptical about Microsoft's latest plans. But this time could be different.
Mary Jo Foley: See the demo of Windows 7 multi-touch
Mary Jo Foley: Microsoft readies new 'don't blame Windows' tool
Windows 7: Now a late 2009 deliverable (again)







You got malware… with bugs included!!








Latest phishing schemes target Apple
Sue Marquette Poremba May 27, 2008
Apple's increasing popularity is leading to the company's users being targeted by phishing schemes.








Cisco IOS Rootkit Demonstrated
While rootkits for common operating systems, like Windows, are well known, they haven't been a security issue for Cisco's IOS until now.
http://www.informationweek.com/news/security/management/showArticle.jhtml?articleID=208400389







Hackers Blast Russian Nuclear Power Websites Offline By Grey McKenzie Today






China Launches Cyber Attack Against Tibetan Dissident By Grey McKenzie Today






European Union's Cyber Security Agency Calls For More Funding By Grey McKenzie Today

Monday, May 26, 2008

Memorial Day Feed 5/26/08

Facebook security snafu could compromise accounts
Facebook vulnerable to critical XSS, could lead to malware attacks





Freedom of the Cyberseas
How lessons from the U.S. government's response to pirates in the early 1800s can help the next president of the United States improve information security.





Speed is of essence for next-generation Symantec products





Symantec pins blame for XP SP3 registry corruption on Microsoft

Blame XP SP3 problems on Microsoft, Symantec says
Jim Carr May 23, 2008
Security researchers at Symantec have placed the blame for a variety of problems users are experiencing with Microsoft's Windows XP Service Pack 3 squarely on Microsoft.





Thieves troll for execs with new Tax Court phish scam






Virtualization growth brings demand for specialized skills







Cybercrime, the ne plus ultra of black globalization
Date: May 26, 2008
Source: Blog.wired.com
By: Bruce Sterling
Police in the US and Romania have charged 38 members of a suspected phishing gang.The group reportedly organised the theft of online banking credentials using both email and text message lures. One phase of the attack involved the distribution of 1.3m fraudulent text messages that posed as communiques from a prospective mark's bank, according to the US Department of Justice.Data entered by unwary users into a fraudulent website was used to create counterfeit bank cards, which were then used to siphon money from compromised accounts. A percentage of the proceeds were allegedly sent onto Romania while the rest was kept by their US accomplices. Fraudulent transactions were made in Canada, Pakistan, Portugal and Romania.Customers of financial institutions including Citibank, Capital One, JPMorgan Chase, Comerica Bank, Wells Fargo, eBay and PayPal were targeted by the attack. A complaint over a fraudulent email ostensibly from Connecticut-based People’s Bank prompted an investigation that dismantled the alleged cybercrime ring. It's unclear how much the gang made through the scam.More than half of those charged are Romanian, while the others are US residents originally from South East Asia. Most of the suspects have been arrested in a series of raids over the last few months while some of the Romanian suspects remain unidentified.Seuong Wook Lee, a cashier operating at the US end of the scam, pleaded guilty to racketeering, conspiracy, bank fraud, access device fraud and computer hacking offences on 15 May, at a hearing in the US District Court in Los Angeles.







The Kind of Cybercrime Interpol Expects at the Summer Olympics
With cybercrime now a global phenomenon, perhaps it will take a global police organization to keep it in check. 30-Apr-2008






Cisco's Response to Rootkit presentation
Published: 2008-05-25,Last Updated: 2008-05-25 18:44:37 UTCby Stephen Hall (Version: 1)

Although I'm still waiting to see a copy of the presentation online, CISCO evidently have and they have posted a response.

You can see Mike Poor's evaluation of the issue here, and then jump straight across to CISCO's quite lengthy response on their site. CISCO have in fact produced what could become the enterprise de-facto process for good practice when deploying hardware and firmware. I can certainly see it being used by some internal auditors to keep us on our toes.





SANS says reverse engineering of Cisco patches possible
Greg Masters May 23, 2008
Three vulnerabilities in Cisco products are open to exploitation, warned the SANS Internet Storm Center.




How to Sell Security
It's a truism in sales that it's easier to sell someone something he wants than something he wants to avoid. People are reluctant to buy insurance, or home security devices, or computer security anything. It's not they don't ever buy these things, but it's an uphill struggle.
The reason is psychological. And it's the same dynamic when it's a security vendor trying to sell its products or services, a CIO trying to convince senior management to invest in security or a security officer trying to implement a security policy with her company's employees.
http://www.schneier.com/blog/








IBM Lotus Sametime Community Services Multiplexer Buffer Overflow - Highly critical - From remoteIssued 5 days ago. A vulnerability has been reported in IBM Lotus Sametime, which can be exploited by malicious people to compromise a vulnerable system.







"This past week, President Bush signed the Genetic Information Nondiscrimination Act, which would protect people from being discriminated against by health insurers or employers on the basis of their genetic information. 'the Genetic Information Nondiscrimination Act (GINA). GINA is the first and only federal legislation that will provide protections against discrimination based on an individual's genetic information in health insurance coverage and employment settings.'"








Open source software security improving








Inside Craigslist's Increasingly Complicated Battle Against Spammers
from the spam-fight dept
John Nagle writes in with a fascinating dissection of the ongoing battle between Craigslist and spammers. The back and forth nature of this battle is fascinating -- and somewhat disturbing when you realize the lengths to which spammers will go to get spam onto Craigslist, and the extent to which an entire ecosystem of scammers and software providers seems to have been built up around this effort:







The Strange Case of ‘Mr. Spilberg’
When analyzing malware, it is not uncommon to stumble across interesting situations. Recently, I have been analyzing a variant of a FakeAlert BHO. This threat isn’t notable; it displays “alert” pop-ups when correctly installed, and prompts users to download a fake anti-spyware product.

However, when analyzing it, I noticed that this BHO was trying to access a file named “f***youspilberg.bat” located in the root folder of my research machine. Of course, with such a name, I immediately got interested and started to dig deeper to see what was going on.









State officials try to determine scope of bank breach
Dan Kaplan May 23, 2008
The Connecticut governor has now issued four subpoenas as her office seeks to learn more about the Bank of New York Mellon data breach.






A Smarter Supercomputer
By Kate Greene 05/14/2008 1 Comments
A new design could run ultrahigh-resolution climate models.







Lawmakers See Cyber Threats to Electrical Grid PC World - Wed May 21, 4:50 PM ET
Lawmakers and an auditor's report raise concerns about cybersecurity among U.S. electric utilities.






Japan cracks down on virus with copyright law AP - Wed May 21, 4:05 PM ET
TOKYO - A student who allegedly spread a computer virus was convicted Friday of copyright infringement in a case that has highlighted the lack of laws in Japan to police cyberspace.







Experts warn of cyberterrorism threat AP - Wed May 21, 3:52 PM ET
KUALA LUMPUR, Malaysia - Officials from around the world agree they must cooperate better to fight the threat of cyberterrorism at facilities such as nuclear power plants.







British Telecom Denies Claims Millions Of It's Internet Customers Could Be At Risk From Hackers By Grey McKenzie Today







Switzerland's Cyber Crime Unit Says Goverment Employees Focus Of Cyber Criminals By Grey McKenzie 05/23/2008

Friday, May 23, 2008

Friday News Feed 5/23/08

Cisco Security Advisory: Cisco IOS Secure Shell Denial of Service Vulnerabilities 21-May-200816:00 GMT

It seems like hte Cisco alerts may stem from this alert:
Debian/Ubuntu OpenSSL Random Number Generator VulnerabilityMay 16, 2008







Facebook security snafu could compromise accounts






Speed is of essence for next-generation Symantec products








Symantec pins blame for XP SP3 registry corruption on Microsoft








Thieves troll for execs with new Tax Court phish scam
From http://www.ustaxcourt.gov/:
"NOTICE: The United States Tax Court has received many telephone calls regarding an e-mail which purports to originate from the Court being sent by a member of the Tax Court's practitioner bar. This message is an example of "Spear Phishing", which is an e-mail spoofing attempt that targets a specific organization. The Tax Court is not disseminating any e-mail notice to anyone who currently has a case before this Court. If you receive an e-mail with a subject line that includes the text, "Notice of Deficiency #" followed by a series of numbers or "US Tax Petition", along with a malformed docket number following the format #000-000, and a sender address of noreply@ustaxcourt.org, complaints@ustaxcourt.org, or notice@ustaxcourt.org, please ignore/delete the e-mail and do not click any link within the e-mail message."







ID fraud-prevention firm LifeLock hit with customer lawsuits







Not news per se, but good background info:
Data Breach Notification Laws, State By State







FBI Seeks Access to Mobile Phone locationsFBI Seeks Access to Mobile Phone locations, New York Times, July 17, 1998 (registration required).
Posted by EPIC on May 18, 2008.Permanent link to this item.






http://blog.siteadvisor.com/
May 20, 2008
Hey. How come Yahoo! search looks different today?
Posted by Shane Keats at 10:04 AM

For millions of Yahoo! users, their search experience is now a little different. Alongside their regular Yahoo! search results, they may encounter a new piece of information – the site’s risk rating!

We recently announced that McAfee and Yahoo! have partnered to launch Yahoo! SearchScan Beta Powered by McAfee, the Web’s first search engine to incorporate such site safety ratings.







Surveillance in China
Great article from Rolling Stone.
Posted on May 22, 2008 at 06:35 AM20 Comments
View Blog Reactions
...
Now, as China prepares to showcase its economic advances during the upcoming Olympics in Beijing, Shenzhen is once again serving as a laboratory, a testing ground for the next phase of this vast social experiment. Over the past two years, some 200,000 surveillance cameras have been installed throughout the city. Many are in public spaces, disguised as lampposts. The closed-circuit TV cameras will soon be connected to a single, nationwide network, an all-seeing system that will be capable of tracking and identifying anyone who comes within its range — a project driven in part by U.S. technology and investment. Over the next three years, Chinese security executives predict they will install as many as 2 million CCTVs in Shenzhen, which would make it the most watched city in the world. (Security-crazy London boasts only half a million surveillance cameras.)








BlackBerry Giving Encryption Keys to Indian Government
RIM encrypts e-mail between BlackBerry devices and the server the server with 256-bit AES encryption. The Indian government doesn't like this at all; they want to snoop on the data. RIM's response was basically: That's not possible. The Indian government's counter was: Then we'll ban BlackBerries. After months of threats, it looks like RIM is giving in to Indian demands and handing over the encryption keys.
Posted on May 21, 2008 at 02:09 PM33 Comments
View Blog Reactions








Trillian Multiple Vulnerabilities - Highly critical - From remoteIssued 1 day ago. Some vulnerabilities have been reported in Trillian, which can be exploited by malicious people to compromise a user's system.







International effort breaks up card-fraud ring News Brief, 2008-05-22U.S. law enforcement cooperates with authorities in Romania and other countries to charge 33 people with creating counterfeit debit and credit cards using information phished from victims.







Gov't shows slow progress on system securityNews Brief, 2008-05-21Federal agencies score a 'C' in complying with information-security rules, a slight increase, but nine of twenty-four agencies are failing.






With the US and other G8 countries trying to outlaw The Pirate Bay and its ilk, an anonymous reader suggests that a solution may have emerged out of Cornell University. A new open-source project called Cubit is an Azureus plugin that provides decentralized approximate keyword search of torrents in the network.







Big Brother is watching: companies snoop e-mail to combat leaks
A survey conducted by Forrester Research indicates that a large number of businesses fear e-mail leaks and responding by instituting systematic snooping.
May 22, 2008 - 09:55PM CT - by Ryan Paul








New Microsoft virus scanning patent likely to be challenged
Microsoft has been granted a patent it filed for back in 2004 that describes the function of a particular type of proactive antivirus scanner. The question of prior art, however, is definitely an issue here, as Norton and McAfee had similar products on the market in 2003.
May 22, 2008 - 01:31PM CT - by Joel Hruska







Microsoft ODF support pledge met with optimism, skepticism
Yesterday's announcement from Microsoft that it would implement native ODF support in Office 2007 early next year sparked mixed reactions from Microsoft-watchers. The European Commission said that it would investigate Microsoft's plans but remained optimistic, while the ODF Alliance was a bit more skeptical.
May 22, 2008 - 11:11AM CT - by Jacqui Cheng








Mac OS X users at risk
Ryan Naraine: Heads up to Mac OS X users: It appears Apple will be shipping high-priority security patches soon. In the meantime, watch out for strange links and e-mails with requests to add/open calendar (.ics) files.








Malware-infected USB drives distributed at security conference
According to a SearchSecurity report, the malicious file was of the “autorun” variety, programmed to be run automatically when removable drives are inserted into a computer. According to estimates, about one-tenth all malware is designed to use portable storage media, such as removable USB drives, as an attack and spread vector.







Google introducing Safe Browsing diagnostic to help owners of compromised sites







Abusing Our Sympathies: Sichuan Earthquake Trojan








Countering cyber terrorism in third-world countries
Chuck Miller May 22, 2008
A joint project with the International Multilateral Partnership Against Cyber-Terrorism is hoped to increase the cyberdefense capacity of developing countries.







Bank of New York Mellon loses data on 4.5 million
Dan Kaplan May 22, 2008
Three months after an unencrypted backup tape goes missing, 4.5 million The Bank of New York Mellon customers are notified their identities may be at risk.







Alarming Open-Source Security Holes
By Simson GarfinkelTuesday, May 20, 2008
How a programming error introduced profound security vulnerabilities in millions of computer systems.






Deadly Earthquake Doesn't Shake China's Internet Censors






Lawmakers See Cyber Threats to Electrical Grid PC World - Wed May 21, 4:50 PM ET
Lawmakers and an auditor's report raise concerns about cybersecurity among U.S. electric utilities.







Incident Detection, Response, and Forensics: The Basics
How to build an effective cyberincident detection and response mechanism in your organization.
» full story








'Hack-and-Pier' Phishing on the Rise - 5/21/2008 5:00:00 PM More and more phishers are hacking legitimate Websites, reports say








SQL Injection Attack Helps Hack OS - 5/20/2008 5:35:00 PM Multi-step hack using SQL injection provides interactive, GUI access to OS

Tuesday, May 20, 2008

Tuesday News Feed 5/20/08

FYI - Hi5 is a legitimate social networking site. Google searching shows that there are many bots you can put on your computer that will spam millions of other computers asking them to join you. There also seem to be many pieces of malicious software that try to load their software onto your machine in order to use you as a sender of this crud.

Several sites have banner ads for their software 'bot' like this:
HI5 FRIEND ADDER BOT SNAPSHOT
Send Millions of Friend requests or Messages

I hate this kind of crud. I wish more people relized what a threat social networking sites are to keeping their identity information.

Monday, May 19, 2008

Monday News Feed 5/19/08

Data Breach Notification Laws, State By State





Californians are clueless about privacy laws:
http://www.darkreading.com/document.asp?doc_id=154134






Perimeter eSecurity Pushes Into Storage Services - 5/16/2008 5:00:00 PM Managed services specialist is taking aim at EMC with its remote backup offering






XP SP3 issue blog:
http://msinfluentials.com/blogs/jesper/archive/2008/05/08/does-your-amd-based-computer-boot-after-installing-xp-sp3.aspx






Microsoft Word Two Code Execution Vulnerabilities - Highly critical - From remoteIssued 6 days ago. Updated 5 days ago. Two vulnerabilities have been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system.







"Responding to questions about why some users of Windows Vista Media Center were prevented from recording the NBC Universal TV shows 'American Gladiator' and 'Medium,' Microsoft has acknowledged that Windows Media Centers will block users from recording TV shows at the request of a broadcaster. 'Microsoft included technologies in Windows based on rules set forth by the (Federal Communications Commission),' wrote a Microsoft spokeswoman, apparently referring to an FCC proposal that the courts struck down in 2005. 'Microsoft has put the requirements of broadcasters above what consumers want,' said the EFF's Danny O'Brien. 'They've imposed restrictions way beyond what the law requires. Customers need to know who Microsoft is listening to and how that affects their equipment. Right now, the only way customers know what Microsoft has agreed to is when the technology they've bought suddenly stops working. Microsoft needs to come clean and tell its customers what deals it has made.'"







MySpace spammers given largest fine in CAN-SPAM history
Two individuals responsible for using MySpace accounts to spam other users failed to show up in court this week to fight the CAN-SPAM charges. The result was a default judgment of $234 million against the dynamic duo—the largest judgment so far in CAN-SPAM history.
May 16, 2008 - 11:40AM CT - by Jacqui Cheng







Fast-Fluxing SQL injection attacks executed from the Asprox botnet
The botnet masters behind the Asprox botnet have recently started SQL injecting fast-fluxed malicious domains in order to enjoy a decent tactical advantage in an attempt to increase the survivability of the malicious campaign.

“As of yesterday, we observed the Asprox botnet pushing an update to the infected systems, a binary with the filename msscntr32.exe. The executable is installed as a system service with the name “Microsoft Security Center Extension”, but in reality it is a SQL-injection attack tool. When launched, the attack tool will search Google for .asp pages which contain various terms, and will then launch SQL injection attacks against the websites returned by the search. The attack is designed to inject an iframe into the website source which will force visitors to download a javascript file from the domain direct84.com. This file in turn redirects to another site, where additional malicious javascript can be found. Currently the secondary site appears to be down, however it is likely that when successful, the site attempts to exploit the visitor’s web browser in order to install additional copies of either Danmec, Asprox and/or the SQL attack tool.”






Redmond Magazine Successfully SQL Injected by Chinese Hacktivists






McAfee's HackerSafe: "Um... we go in like a super hacker"






Mass Hacks Likely to Hang Around for a While
Friday May 16, 2008 at 2:42 pm CSTPosted by Craig Schmugar

In March I blogged about a round of mass Web site compromises. Since then there have been several other instances discovered, as well as a couple of smoking guns. The net net is that the bad guys are using automated tools to find and attack Web applications that are vulnerable to SQL-injection attacks. Many of these applications are homegrown and thus there is no patch or hotfix for administrators to install. This means that simply removing the injected malicious code won’t last long.

Just now I was reviewing the latest batch of hacked sites, and I noticed pages that were previously compromised and “repaired,” only to be compromised again. The entry point for these attacks must be closed in order to thwart future attacks. This means that underlying code must be audited and improper input validation must be corrected. And given that many Web administrators install out-of-support freeware and shareware applications, we can expect many sites to remain vulnerable for a very long time.

McAfee’s Foundstone Hackme Shipping Tool can be a useful resource for those in need of a better understanding of how common Web application attacks occur and how to properly code against them.







Mass SQL Injection Attack Targets Chinese Web SitesPC World - Mon May 19, 6:00 AM ET
Web sites across China and Taiwan are being hit by a mass SQL injection attack that has implanted malware in thousands of Web...







NSA's website outage due to lack of topological "diversity"'
Jim Carr May 16, 2008
An easy-to-fix -- but often overlooked -- problem most likely took the National Security Agency's website and its mail services down for six or seven hours on Thursday.






OLPC Laptop Gets Windows
By David TalbotFriday, May 16, 2008
One Laptop per Child inks a deal with Microsoft to put Windows on the "100-dollar" machine.







A Faster, More Energy-Efficient GPS
By Kate GreeneFriday, May 16, 2008
New software could help make location-aware devices ubiquitous.







Secret Data in FBI Wiretapping Audit Revealed with Ctrl-C






Chinese Red Cross Website Hacked to Steal Earthquake Relief Donations






Air Force Cyber Warfare Cyber Command Center Location Coveted By 18 States By Grey McKenzie Today







Power Plant Software Suitelink Can Be Hacked Easily Says Core Security By Grey McKenzie Today








I spy your PC: Researchers find new ways to steal data
May 19, 2008 (IDG News Service) Researchers have developed two new techniques for stealing data from computers that use some unlikely hacking tools: cameras and telescopes.







Non-tech criminals can now 'rent a botnet'

Friday, May 16, 2008

Friday News Feed 5/16/08

Here is an abbreviated feed. Regular feed will resume Monday.





May 2008 Monthly Release
Posted Tuesday, May 13, 2008 9:20 AM by MSRCTEAM
This is Tami Gallupe, MSRC Release Manager, and I want to let you know that we just posted our May 2008 Bulletins. We released four bulletins today, which include three bulletins with severity rating of critical and one with the severity rating of moderate. We also re-released MS06-069 to add XP SP3 as an affected version.

Here is a summary of what we released:

MS08-026 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution
MS08-027 Vulnerability in Microsoft Publisher Could Allow Remote Code Execution
MS08-028 Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution
MS08-029 Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service

I think it is also worth noting that MS08-026 includes additional security mitigations against attacks as identified in Microsoft Security Advisory 950627. We recommend that customers install the updates provided in both MS08-026 and MS08-028 for the most up to date protection against these types of attacks.

Our Security Vulnerability Research & Defense blog this month discusses MS08-026. You can find a post discussing built-in functionality to turn off the vulnerable parsing code for one of the fixed vulnerabilities at http://blogs.technet.com/swi/archive/2008/05/13/file-block-and-ms08-026.aspx






The FBI says:
Read about our top ten news stories of the week, including the multi-million dollar settlement paid by Lockheed Martin to the U.S., the cyberstalking indictment of a Missouri man, and the indictments of a California mother and son on charges of sex trafficking of a minor.
This information has recently been updated, and is available at http://www.fbi.gov/pressrel/pressrel08/topten_051608.htm.






Five IRS employees charged with snooping at tax records Five employees in a California office of the Internal Revenue service have been charged with illegally accessing files of taxpayers. Read more...







Microsoft ballyhoos Vista's lower patch count







Nation States' Espionage and Counterespionage
An overview of the 2007 Global Economic Espionage Landscape
»
full story






NATO to set up cyberwarfare center
Seven NATO countries have signed a deal to create a research center to protect the alliance against cyber crime. The center will be based in the Estonian capital of Tallinn.It will carry out research into computer warfare, and help NATO members respond to any cyber attacks against their networks. The agreement involves the three Baltic nations - Lithuania, Latvia and Estonia - plus Germany, Italy, Spain and Slovakia. The United States will join as an observer.The NATO deal reflects concern across the EU that attacks on the Internet could paralyze civilian and military networks worldwide. Computer specialists from the seven NATO countries involved in the research center will be spending the summer in Estonia preparing to launch the project.The center is due be operational in August, with a formal opening planned for 2009.






Incident Detection, Response, and Forensics: The Basics
How to build an effective cyberincident detection and response mechanism in your organization.
» full story






Non-tech criminals can now 'rent a botnet'






Oklahoma State breach points to ongoing higher-ed security challenges





Oregon man admits selling pirated software on eBay





Study shows software piracy declining in many countries





Study: Comcast, Cox slowing P2P traffic around the clock






Tools circulate that crack Debian, Ubuntu keys







Papa Gino’s Goes Biometric - 5/16/2008 1:50:00 PM Password nightmares led fast food chain to convert to Trusted Computing fingerprint scans






Hackers Sniff Their Way Into Data From Restaurant Chain - 5/14/2008 6:00:00 PM Thieves collected 5,000 credit cards – and hundreds of thousands of dollars – from 11 Dave & Buster's locations







Domestic Spying by US Far Outpaces Actual Terrorism Prosecutions
The number of Americans being secretly wiretapped or having their financial and other records reviewed by the government has continued to increase as officials aggressively use powers approved after the Sept. 11 attacks. But the number of terrorism prosecutions ending up in court -- one measure of the effectiveness of such sleuthing -- has continued to decline, in some cases precipitously. The trends, visible in new government data and a private analysis of Justice Department records, are worrisome to civil liberties groups and some legal scholars. They say it is further evidence that the government has compromised the privacy rights of ordinary citizens without much to show for it. The emphasis on spy programs also is starting to give pause to some members of Congress who fear the government is investing too much in anti-terrorism programs at the expense of traditional crime-fighting. Other lawmakers are raising questions about how well the FBI is performing its counter-terrorism mission.
Domestic spying far outpaces terrorism prosecutions, Los Angeles Times, May 12, 2008.
Posted by EPIC on May 12, 2008.Permanent link to this item. --> -->






Hacker Reveals 6M Chileans' Data
A hacker broke into Chile's government sites mining data from six million people which he then posted on the Internet on two popular servers for several hours, the El Mercurio daily have said. The personal data included names, street and email addresses, telephone numbers, social and educational background, and was taken from Education Ministry, Electoral Service and state-run telephone companies' websites from late Saturday to early Sunday.
Hacker splashes data from six million Chileans on Internet: report, Agence France Presse, May 11, 2008.
Posted by EPIC on May 12, 2008.Permanent link to this item.






http://blogs.washingtonpost.com/securityfix/
Posted at 03:50 PM ET, 05/15/2008
Gov't Secrecy and the Mysterious Cyber Initative
The secrecy surrounding the Bush administration's updated National Cyber Security Initiative -- designed to improve the government's digital defenses and put forth an offensive information warfare doctrine -- is endangering the deterrent value of the project and appears to be aimed chiefly at supporting spying operations abroad, a key U.S. Senate committee concludes in a new report.
The Senate Armed Services Committee said a major thrust of the initiative was to inform our adversaries as to the range of potential consequences of a cyber attack on U.S. strategic or national assets. But so far only three of the 18 goals spelled out in the cyber initiative have been discussed publicly; the rest remain classified.







Legal experts wary of MySpace hacking charges Robert Lemos, 2008-05-16 Federal prosecutors charge the parent who allegedly badgered a girl to suicide with three counts of computer crime, but law experts worry about a dangerous precedent.







MySpace spammers given largest fine in CAN-SPAM history
Two individuals responsible for using MySpace accounts to spam other users failed to show up in court this week to fight the CAN-SPAM charges. The result was a default judgment of $234 million against the dynamic duo—the largest judgment so far in CAN-SPAM history.
May 16, 2008 - 11:40AM CT - by Jacqui Cheng









Safari 'Carpet Bomb' attack information released
Nate McFeters: Nitesh Dhanjani released research potential flaws on the Safari Web browser, and interestingly enough, Apple has decided NOT to fix some of the issues he presented.






Latest Study Confirms Cox Traffic Shaping; Comcast Misleading Again









SQL Injection AttacksMay 7, 2008A mass SQL injection attack has left malicious JavaScript embedded in over 6000 websites.

more







Are You Relaying NDR Spam?
NDR Spam a.k.a. Backscatter has been around for years but has only recently hit the radar as a major spam issue mainly due to the rise of the botnet and spammers desperation to get messages through to the end user.







Microsoft investigates new Internet Explorer zero-day
Dan Kaplan May 16, 2008
A security researcher said he has located a zero-day vulnerability in a printing feature on Internet Explorer that could allow remote attackers to execute malicious code.








Can Charter Broadband Customers Really Opt-Out of Spying? Maybe Not

Wednesday, May 14, 2008

Excuses, excuses...

I am out for training. I will resume these collections as soon as I return on Friday.

- Eric

Friday, May 9, 2008

Friday News Feed 5/9/08

May 2008 Advance NotificationPosted Thursday, May 08, 2008 9:51 AM by MSRCTEAM
Hello, Bill here.
I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, May 13, 2008 around 10 a.m. Pacific Standard Time.
It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.
As part of our regularly scheduled bulletin release, we’re currently planning to release:

· Three Microsoft Security Bulletins rated Critical and one that is rated as Moderate. These updates may require a restart and will be detectable using the newly released version of the Microsoft Baseline Security Analyzer.

As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated.

Finally, we are planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS). For additional information, please see the Other Information section of the Advanced Notification.







Hacker's Choice: Top Six Database Attacks - 5/8/2008 6:20:00 PM It doesn't take a database expert to break into one






Ex-Feds Start Up ID Theft Protection Service - 5/7/2008 6:00:00 PM iSekurity promises to find out who stole your identity – or pay you $11,000






Free 'AxBan' Tool Kills Bad ActiveX Controls - 5/7/2008 5:55:00 PM Errata Security offers freebie ActiveX 'killbit' tool for users








Ireland: Data Protection Complaints Soared in 2007
According to the Office of the Data Protection Commissioner's annual report, which was published this morning, 1,037 new complaint investigations were initiated last year, up from 658 in 2006. The Data Protection Commissioner Billy Hawkes attributed the substantial increase in cases to a rise in complaints in relation to unsolicited text (SMS) messages. A total of 390 complaints about unsolicited text messages were received in 2007, equivalent to 38 per cent of all complaints received.
Data protection complaints rise in 2007, Irish Times, May 8, 2008.
Posted by EPIC on May 08, 2008.Permanent link to this item.







Mozilla Distributes Virus-Infected Language Pack
http://blogs.washingtonpost.com/securityfix/






Also at http://blogs.washingtonpost.com/securityfix/
Robotraff: A Hacker's Go-To For Clicks
Anyone who doubts that Internet click fraud has become a big money maker should take a look at a Russian Web site called Robotraff.com, which bills itself as "the first stock exchange of Web traffic."
Set up a free account at Robotraff and you're ready to buy or sell Web traffic. Got 30,000 hacked personal computers under your thumb? Super! Now you can use those systems to generate a steady income just by pointing them at Web sites requested by a buyer.
...






Proposed cybersecurity bill to pressure DHSNews Brief, 2008-05-09The legislation would hold the Department of Homeland Security responsible for investigating cyber attacks and shore up the agency's network security.







India, Belgium warn of Chinese attacksNews Brief, 2008-05-08Two more countries join the growing list of nations concerned with attacks from China that target their systems over the Internet.





Google turns Postini into Google Web Security for Enterprise
Google has been steadily adding corporate features to Google Apps for some time now, and the company's Google Web Security for Enterprise service that debuts today is no exception. Google Web Security is meant to give corporate users working from remote locations a safe portal from which to access the 'Net, without requiring that they log into a corporate network.
May 08, 2008 - 05:25PM CT - by Joel Hruska








China refuses to guarantee open Internet during Olympics
Just over a month after the International Olympic Committee "insisted" with China that the Internet must be open during the Games, officials have said that it won't be entirely open, because it must screen out "unhealthy web sites."
May 08, 2008 - 10:46AM CT - by Jacqui Cheng








Google Earth – Updated Images of MyanmarBy now, most of you have noticed the "Support victims" link featured on the... [read >>]






Office 2007 SP1 has a date
Mary Jo Foley: Systems administrators: Mark your calendars. Microsoft is going to start pushing the first service packs for Office 2007 and SharePoint 2007 next month.







Sometimes the old tricks work the best.May 9, 2008Beware of the scammer warning you of an impostor registering variants of your domain name in China, Hong Kong and the like.








The Happy Birthday Copyright Saga: Generating Millions On A Copyright That May Not Exist
from the but-would-anyone-test-it-in-court? dept
In the past we've joked about the (supposed) fact that the song "Happy Birthday" remains under copyright, due to a copyright originally held by sisters Mildred and Patti Hill, the claimed original authors of the song. However, William Patry points us to a fascinatingly detailed research paper into questions surrounding the copyright. What comes out of it is pretty strong evidence that the copyright is not valid -- but it's never gotten far enough in court to have a decision rendered. Plus, it sounds like many aspects of the "history" of the song really appear to be close to a myth. The sisters in question may have written the melody, but they almost definitely did not write the lyrics (their original copyright was on a different set of lyrics, "Good Morning to All"). As for the melody, there's plenty of evidence to suggest that it was actually taken from a series of extremely similar songs. So, there's a good chance they wrote neither the melody nor the lyrics. Also, there are numerous questions concerning whether or not the copyright holders correctly followed the various rules required of copyright holders at the time, suggesting that even if there were a legal copyright at some point, it's long since expired. And, of course, there's even some evidence to suggest less-than-legal tactics involved with transferring around some of the interest in the song. Amazingly, however, the legitimacy of the copyright has never been determined in court, and it now generates over $2 million per year. Over 1% of the money that ASCAP distributes to songwriters is for this one song, even though it may not be legitimate. Somehow, I doubt this is what the Founding Fathers intended when they wrote the Constitution.
4 Comments Leave a Comment..







IP Lawyer Explains Why Uploading Files May Not Be Distribution For Copyright
from the forget-making-available... dept








EA To Use Controversial Internet-Required DRM On New Games
from the pissing-off-your-customers dept
SteveD writes "PC Gamers are in an uproar over a new copy projection system announced by Electronic Arts for use on their upcoming titles. The PC-port of the successful Xbox title Mass Effect, and the eagerly awaited Will Wright title Spore will be two of the higher profile games to use this new system. The new system is the latest iteration of the SecuROM protection, which has caused problems in the past over technical issues with several popular titles. The version of SecuROM that shipped with Bioshock was even accused (but never proven) of installing a root-kit on users PCs.









Phone Marketer Stiffed Inmates, Prison Says
By KARINA BROWN
LOS ANGELES (CN) - Infomercial marketer Robert Klayman stiffed federal inmates for five months of work, Federal Prison Industries claims in a federal complaint.








You have to pay for quality
Wednesday May 7, 2008 at 10:01 am CSTPosted by Francois Paget
2 Comments;
The media frequently speaks about the underground economy and quote price ranges for various private goods available for sale. I recently read the trends were bearish, but let there be no misunderstanding about that, if the quality is here, the price will still be high. It is just like the price of food, you have the hard-discount and the luxury stores!!

With this post, I wish to be more precise regarding the data regarding the prices of some cybercriminal groups around the globe.

Last Friday morning in France...








Rare SCADA vulnerability discovered
Dan Kaplan May 08, 2008
Exploiting a rare and recently disclosed vulnerability in control system software - used to run industrial plants - could lead to service disruptions.








Report: FBI Investigates Epilepsy Forum Attackers
The AP follows up today on my March story about an assault on a popular epilepsy support forum, in which internet griefers used JavaScript code and flashing computer animation to trigger migraine headaches and seizures in some users.

There's really only one bit of new information in the report. Apparently the FBI is now investigating the attack.









Windows Vista More Vulnerable To Malware Than Windows 2000TechWeb - Thu May 8, 7:20 PM ET
InformationWeek - Vista let 639 threats per thousand computers through, compared with 586 for Windows 2000, 478 for Windows 2003, and 1,021 for Windows XP, security vendor PC Tools said.







http://www.guardian.co.uk/science/2008/may/07/starsgalaxiesandplanets.spaceexploration
Closer encounter: Nasa plans landing on 40m-wide asteroid travelling at 28,000mph








Blog entry by Scott McPherson, CIO for the Florida House of Representatives.
McPherson condemns the state of data sharing and data mining in law enforcement, saying that the US causes itself a great deal of trouble by focusing more on "antiterror armor and nuke-sniffing devices" than a useful information distribution network. He discusses a few such projects, and how they could have directly affected the events of 9/11. Quoting: "One of those ingenious things that actually worked, Seisint founder Hank Asher's brilliant MATRIX system, remains mired in controversy and politics. Hank showed me MATRIX just a few short weeks after the 9/11 attacks. Using law enforcement data and commercial data, all of the commercial data available in the public domain, Asher's query produced [hijacker Mohamed] Atta's photo -- and about 80 others, many of them fellow 9/11 hijackers, many of them associates of the 9/11 hijackers. It was simple data mining and algorithms, and none of the information was obtained illegally."







0-day treasure hunt: Researcher hides IE attack on Web
...The bug, which affects Internet Explorer 7 and IE 8, could allow an attacker to run unauthorized software on a victim's computer. Raff informed Microsoft of the flaw on Tuesday and the software vendor has not yet patched it, Raff said.








British banks are becoming increasingly reluctant to help victims of Internet fraud as new rules added to the Banking Code signal less willingness to cover losses.The updated code, which covers the banks' treatment of customers, says The Times, came into effect last month and states that victims of online fraud must have up-to-date antivirus and antispyware software installed, plus a personal firewall, to claim redress from their banks. If you fail to have the correct protection in place, the banks are increasingly likely to refuse any claim for a refund. The more hardline stance has been introduced as figures reveal that cases of fraudsters trying to steal bank details using bogus e-mails has tripled over the past year. Watchdogs say that there were 10 235 reported cases of phishing in the first three months of the year, against 3 394 in the first quarter of last year. Original article