Monday, August 11, 2008

Monday News Feed 8/11/08

Confirmation: "real" war includes cyber-war.

Cyberattacks knock out Georgia's Internet presence Hackers have attacked and hijacked Web sites belonging to Georgia, the former Soviet republic now in the fourth day of war with Russia, a security researcher claimed on Sunday. Read more...

"...Later on Saturday, Armin added that network administrators in Germany had been able to temporarily reroute some Georgian Internet traffic directly to servers run by Deutsche Telekom AG. Within hours, however, the traffic had been again diverted to Russian servers, this time to ones based in Moscow.

The attacks are reminiscent of other coordinated campaigns against Estonian government Web sites in April and May 2007 and against about 300 Lithuanian sites on July 1. Like Georgia, both countries are former republics in the Soviet Union. "





DOJ Fingers Global Ring in Alleged Data Thefts





IT Security Oversight May Have Enabled Data Breach
A former employee accused of stealing customer data from Countrywide Financial Corp. may have been able to download the information to a thumb drive because of an oversight by the home mortgage lender's IT department.

Rene Rebollo, a former financial analyst at Countrywide, was arrested Aug. 1 in Pasadena, Calif., for allegedly stealing and selling the data, which included names, Social Security numbers and contact information.





Microsoft to Rate Exploit Potential
Microsoft Corp. will soon edge into the crystal-ball business in its security bulletins by predicting how likely it is that software flaws will be exploited.

Starting in October, Microsoft will add an "Exploitability Index" that gives bugs one of three ratings, based on the likelihood that attackers will be able to develop code to take advantage of the flaws.

Microsoft will also give technical info about new vulnerabilities to select security vendors before it issues patches, to give them a head start in crafting exploit-detection signatures.





Covert operation floats network-sniffing balloon
August 10, 2008 (IDG News Service) Rick Hill won't say where he launched his "wardriving" balloon on Friday, but he will tell you that it got a pretty good look at about 370 wireless networks while scanning up and down the Las Vegas Strip.

Hidden in the back of a 22-foot moving truck, Hill and his team of about a dozen volunteers launched the balloon Friday morning, sending it 150 feet into the air for about 20 minutes to use special antennas and scanning software to scope out the Las Vegas skyline for unsecured wireless networks, an activity Hill called "warballooning."





New exploit poisons patched DNS servers, claims researcher
August 10, 2008 (Computerworld)
Patches meant to fix a flaw in the Internet's Domain Name System (DNS) don't completely protect the Web's traffic cop from attack, a Russian research claimed on Friday.

The head of the nonprofit group that maintains the most commonly used DNS software, however, said there was little to worry about.





Update: Fake CNN spam mutates as attacks continue
August 8, 2008 (Computerworld)
The massive attack that has infected PCs by tricking users into clicking links in fake messages from CNN.com shows little sign of ending soon, security researchers said on Friday.





Researcher: Intel fixed two critical flaws in its chips
Kris Kaspersky, an IT consultant and the author of Hacker Disassembling Uncovered and Data Recovery: Tips and Solutions, is booked to make the demo at the Hack In The Box Security Conference in October in Kuala Lumpur, Malaysia. Kaspersky said he can use the flaws in Intel CPUs to launch a remote attack against a computer -- regardless of what software platform it runs.






Cisco Security Advisory: Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks
08-July-200818:00 GMT
29-July-200817:00 GMT
DNS Best Practices, Network Protections, and Attack Identification






Researchers: There's Gold in Them Thar Hacks - 8/8/2008 5:45:00 PM
Black Hat presentation shows some simple methods hackers have used to get rich or die trying





New Microsoft Program Helps Fix Third-Party Vulnerabilities - 8/8/2008 10:55:00 AM Microsoft to officially share with Windows third-party app vendors flaws it finds in their software





'Bringing Sexy Back' to Hacking - 8/7/2008 5:30:00 PM
DefCon session will feature iPhones running WiFi scans and sophisticated spear-phishing tricks





Feds: Foreign Attackers 'Knocking on Our Door Every Day' - 8/7/2008 4:30:00 PM
Attacks on US government systems are frequent and serious, top officials say





Does Your Generation Pose an Office Security Risk?
From Baby Boom to Echo Boom: Why your birthday could mean your boss needs to watch out for you.
Read more






August 2008 Advance Notification






Sophos Warns of Facebook Malware Attack Fake Google video link takes Facebook users to a malicious site, infecting computers.






New Tool to Automate Cookie Stealing from Gmail, Others
LAS VEGAS, NEV. -- If you use Gmail and haven't yet taken advantage of a feature Google 
unveiled last week to prevent hackers from hijacking your inbox, now would be an excellent time to do that.
Permalink






Researchers race to zero in record time Robert Lemos, 2008-08-09
On the first day, three teams of security professional finished the Race to Zero contest, successfully modifying nine well-known viruses and exploits to escape detection by major antivirus engines.






"Engadget reports Apple has readied a blacklisting system which allows the company to remotely disable applications on your device. It seems the new 2.x firmware contains a URL which points to a page containing a list of 'unauthorized' apps — a move which suggests that the device makes occasional contact with Apple's servers to see if anything is amiss on your phone. Jonathan Zdziarski, the man who discovered this, explains, 'This suggests that the iPhone calls home once in a while to find out what applications it should turn off. At the moment, no apps have been blacklisted, but by all appearances, this has been added to disable applications that the user has already downloaded and paid for, if Apple so chooses to shut them down. I discovered this doing a forensic examination of an iPhone 3G. It appears to be tucked away in a configuration file deep inside CoreLocation.'"

Update: 08/11 13:07 GMT by T : Reader gadgetopia writes with a small story at IT Wire, citing an interview in the Wall Street Journal, in which this remote kill-switch is "confirmed by Steve Jobs himself."






Smartphones continue march, BlackBerry boosts market share
Research in Motion is helping to lead the smartphone surge across the US. Sales are up, and so is the competition.
August 11, 2008 - 11:03AM CT - by David Chartier





The sky isn't falling: a look at a new Vista security bypass
Last week, researchers described ways to bypass the buffer-overflow security features in Vista. Some analysts are calling the exploits proof that Vista's security is worthless; we explain why it isn't.
August 11, 2008 - 07:30AM CT - by Peter Bright






Boston Subway System Stops Defcon Talk; But Paints Security Target On Its Back
from the yeah,-that'll-work dept
You would think after years and years of it backfiring every time some scared organization tries to shut down a talk concerning their security vulnerabilities, that people wouldn't even bother any more. But never underestimate the short-sightedness of some execs. The Massachusetts Bay Transportation Authority uses a magnetic strip card system to access the subway system in Boston. That system is not particularly secure, and some enterprising MIT students planned to demonstrate just how weak the security was on the system this weekend at the Defcon conference... until the MBTA convinced a judge to ban the presentation and demand that all copies of the presentation not be released -- which is problematic since all attendees at the conference already obtained CDs with a copy of the presentation. Also, somewhat ironically, a copy of the presentation was entered in as evidence in the case, and that copy is now publicly available as part of the court records system. Oops.

No comments: