Monday, August 31, 2009
Monday 08/31/09
Here at TechCrunch there’s a daily argument in the office, on Yammer and even on the blog about the supremacy of the iPhone versus the Google-Voice-goodness of Android phones. I chalked it up to the usual get-off-my-lawn-style ranting of Michael Arrington, and assumed the average techie was still like MG Siegler– a total Mac-head who will love the iPhone no matter how bad the reception, how bad the battery life and how many times it breaks and he has to get a new one.
But some reporters– long harassed by Mac fan boys when they’ve dared to criticize the company (read: do their jobs) — are saying a sea change is occurring in Apple fan boy nation. Witness Jon Fortt of Fortune’s recent blog post where he says the Valley owes Microsoft an apology and compares Apple to Napoleon the pig in Animal Farm.
----------
Skype spy Trojan escapes into wild
Only days after Swiss programmer Ruben Unteregger released the source code for a Trojan he wrote...
----------
Prepare for the new upcoming 2010 AV products.
Many major security companies are about to release their new retail product for 2010. Expect some comparative reviews in the next months, check what you need and stay protected.
Some ‘2010’ products are already out on the web, but unfortunately most of them are FakeAlert
Trojans or Scareware.
Once downloaded, you see pop up windows alerting you about a malware found on your machine and asking you to buy the product. The actual problem is the software you just executed.
We have been reporting about FakeAlert Trojans before – you may remember some products named:
- “Virus Remover 2007”
- “Win AntiSpyware 2008”
- “AntiVirus VIP”
- “AntiSpyware Pro2009”
----------
Is Apple Opening a Can of Worms?
It has now been widely reported that Apple’s latest operating system, Snow Leopard contains the ability to identify two families of Mac malware–OSX/Puper and OSX/IWService–when the infectious DMG files are downloaded and mounted as part of the infection process.
There are a number of ramifications of such a move that could be discussed, but the intention of this post is to call out the possibility of this being a catalyst for more Mac malware to be created.
----------
Attorneys Are Not 'Creditors,'American Bar Association Tells FTC
By JANET MCMAHON
WASHINGTON (CN) - The American Bar Association sued the Federal Trade Commission in Federal Court, challenging its "Red Flags Rule" that includes attorneys in the Fair and Accurate Credit Transactions Act's category of "creditors." As creditors, lawyers will be required to create written identity-theft prevention programs, under an FTC final ruling whose enforcement has been repeatedly delayed.
----------
Woman Who Killed Husband Wants Benefits
By BRIDGET FREELAND
DETROIT (CN) - A woman who killed her husband demands survivor benefits through his retirement plan. Fayette Nale claims that Ford Motor Co. unfairly denied her claim because of her conviction for "voluntary manslaughter under heat of passion."
----------
UK Parliament Website Hacked
A hacker broke into the database of the UK Parliament website by exploiting an SQL injec...
----------
"Several British news sources have recently reported on the growing campaign that calls for an apology to Alan Turing for his persecution by the British government. The petition to the Prime Minister was started by John Graham-Cumming, who has also written to the Queen requesting a Knighthood for Turing, but admits that a pardon is 'unlikely,' saying, 'The most important thing to me is that people hear about Alan Turing and realize his incredible impact on the modern world, and how terrible the impact of prejudice was on him.'"
----------
On London's Surveillance Cameras
A recent report has concluded that the London's surveillance cameras have solved one crime per thousand cameras per year.
David Davis MP, the former shadow home secretary, said: "It should provoke a long overdue rethink on where the crime prevention budget is being spent."
----------
Business Software Alliance wants in on three-strikes action
August 31, 2:06 a.m. UTC - by Nate Anderson Posted in: Law & Disorder
The Business Software Alliance calls graduated response its preferred plan for dealing with online software piracy, but it wants Internet disconnections to be overseen by a judge and feature due process and a chance to appeal. Well, sort of.
Read more
----------
Colombia Says President Has Swine Flu
washingtonpost.com — Colombian President Alvaro Uribe has contracted the H1N1 swine flu virus and is being treated by doctors while continuing to work from his residence, government spokesman Cesar Velasquez said on Sunday. More…
----------
Microsoft Names Top Ten Windows Malware
PC Magazine – Fri Aug 28, 10:27 am ET
A new list of malware just came out from Microsoft based on their MSRT, or Malicious Software Removal Tool.
----------
Aug 30, 10:48 am
Facebook Users Forefeit their Security, Poll Shows
Only a third of social networkers apply the security safeguards they've been given, a security firm finds.
----------
Court ruling limits electronic searches
A federal appeals court this week ruled that government investigators cannot retain incriminating information found in electronic searches unless it is within the scope of a search warrant.
The U.S. Circuit Court of Appeals for the Ninth Circuit, in a 9-2 vote, rejected arguments by the U.S. Justice Department that it be allowed to retain and use all of the data that it seized in 2004 as part of a federal investigation into the use of illegal substances use by Major League Baseball players.
----------
Friday, August 28, 2009
Friday 08/28/09
Try googling for this phrase including the double-quotes:
"c:\Program Files\Belarc\Advisor"
People upload the inventory of their machines, including license codes. Ugh.
----------
Like this is news...
Attack Of The Tweets: Major Twitter Flaw Exposed
Aug 27,2009
U.K. researcher says vulnerability in Twitter API lets an attacker take over a victim's account -- with a tweet
----------
New IEEE Printer Security Standard Calls For Encryption, Authentication, Electronic "Shredding"
Aug 26,2009
Printers finally getting security attention, but locking them down depends on actual implementation, configuration, experts say
Networked printers are the oft-forgotten weak links in an organization, but a new IEEE security standard for the devices could help change that.
The so-called 2600 Profile, which includes specifications for building secure printers and a checklist for evaluating printer security using ISO's Common Criteria framework for evaluating security requirements, calls for vendors to build printers that include password protection, hard drive encryption, electronic "shredding," security logs, and separate connections for fax and network communications.
While security researchers during the past few years have poked major holes in networked printers, these devices have been a low priority for most organizations already inundated with locking down imminent threats to their servers, client machines, and Web applications. Many never even bothered to update their printer software.
----------
WPA with TKIP done
In a paper titled "A Practical Message Falsi cation Attack on WPA" researchers in Japan describe how to perform the Beck-Tews style attack against any WPA-TKIP implementation, in under a minute. The paper and upcoming presentation have already been covered in the mainstream media. Thanks to all who wrote in.
If your hardware supports it, time to consider moving to WPA with AES or WPA2.
----------
SQL Injection Attacks Across Globe Appear Linked
Three significant waves of SQL injection attacks appear to be under the control of the same source, according to one security researcher.
----------
U.K. launches privacy initiative
Recently I've been talking about identity-related initiatives from both the U.S. and Canadian...
----------
Security test prompts federal fraud alert
A sanctioned security test of a bank's computer systems had some unexpected consequences this week
----------
China game boss sniped rivals, took down Internet
An attack by a Chinese online game provider meant to cripple the servers of its rivals ballooned to...
----------
Swiss coder publicises government spy Trojan
A software engineer who created Trojans for the Swiss authorities to intercept Voice-over-IP (VoIP)...
----------
New Chinese Ministry of National Defense website suffers hacker attacks
According to the chief editor of the newly launched Chinese Ministry of National Defense website, since its opening on 20 Aug 09, the site has been under assault from a variety of different types of hacker attacks. The report notes that the attacks have not affected website operation.
----------
Verizon Wireless Phantom $1.99 Data Usage Fee
The Cleveland Plain Dealer has been doing an excellent job this week highlighting a $1.99 "data usage fee" Verizon's been imposing on wireless customers who, well, aren't using any data. An August 14 column first brought the issue some attention, when Teresa Dixon Murray noted that Verizon has been charging customers $1.99 for doing absolutely nothing.
----------
Spy Son Rats Out Mole Father
The son of a disgraced CIA agent convicted of funneling classified information to the Russians has pleaded guilty to charges of helping his imprisoned father collect overdue bills for his dad’s nefarious activities.
----------
Skype snooping trojan detected
Angela Moscaritolo August 28, 2009
Source code for a trojan, called Peskyspy, has the ability to record audio from Skype calls, convert the audio to an MP3 file, encrypt it and send it back to the attacker, according to Symantec researchers.
----------
Credit union agency warns of fake CD-ROMs
Dan Kaplan August 27, 2009
Forget the inbox: Cybercrooks also are turning to traditional mail to spread malware.
----------
Facebook to modify privacy practices after investigation
Dan Kaplan August 28, 2009
Facebook plans to refine its privacy safeguards in response to concerns by Canada's privacy commissioner.
----------
ACLU Demands Info on DHS Laptop Searches
By BARBARA LEONARD
MANHATTAN (CN) - The ACLU demands information on the Department of Homeland Security's policy on searching laptop computers at international borders. The DHS' Customs and Border Protection office announced in July that it can search electronic devices and any printed material carried by travelers regardless of whether they are suspected of anything - a statement one senator called "truly alarming."
----------
The Security Risks of Accepting Free Laptops
Weird:
The U.S. Federal Bureau of Investigation is trying to figure out who is sending laptop computers to state governors across the U.S., including West Virginia Governor Joe Mahchin and Wyoming Governor Dave Freudenthal. Some state officials are worried that they may contain malicious software.
----------
Swedish Regulators Ban Word "Bank" In Domain Names For Non-Banks
----------
Fla. man in credit card data theft accepts plea AP – 25 mins ago
MIAMI - A computer hacker accused of masterminding one of the largest cases of identity theft in U.S. history agreed Friday to plead guilty and serve up to 25 years in federal prison for his crimes.
----------
Snow Leopard Malware Protection a Growing Pain for Mac OS X
PC World – Thu Aug 27, 8:00 pm ET
Mac users have long relished the fact that malware is nearly a foreign concept to them. Yet, in a tacit acknowledgment of the growing threat of malware on the Mac platform, Apple has added some rudimentary malware protection into Snow Leopard.
----------
Wednesday, August 26, 2009
Wednesday 08/26/09
Permalink
Microsoft expanded its anti-piracy program this week, shipping a new software update that checks whether Office users are running a licensed or pirated version of the productivity suite.
----------
Businesses Reluctant to Report Online Banking Fraud
Permalink
A confidential alert sent on Friday by a banking industry association to its members warns that Eastern European cyber gangs are stealing millions of dollars from small to mid-sizes businesses through online banking fraud. Unfortunately, many victimized companies are reluctant to come forward out of fear of retribution by their bank.
...
In many cases, the advisory warned, the scammers infiltrate companies in a similar fashion: They send a targeted e-mail to the company's controller or treasurer, a message that contains either a virus-laden attachment or a link that -- when opened -- surreptitiously installs malicious software designed to steal passwords. Armed with those credentials, the crooks then initiate a series of wire transfers, usually in increments of less than $10,000 to avoid banks' anti-money-laundering reporting requirements.
----------
Manipulating Breathalyzers
Interesting video demonstrating how a policeman can manipulate the results of a Breathalyzer.
----------
"TrendWatch, the malware research arm of TrendMicro, has posted a white paper titled 'A Cybercrime Hub' (PDF, summary here) describing the activities of an Estonian ISP acting as a cover-up for a large cybercrime network. It's involved with malware distribution and DNS hijacking, which leads to credit card fraud. The story's interesting, and a typical internet user would be exposed in such a situation. What security measures should be taken to prevent normal users from falling victim to such malicious bodies? Note that they are represented legitimately and are offering real services like any other internet company."
----------
Snow Leopard Has Built-In Antivirus
Originating on the Intego blog, a new Snow Leopard find may indicate Macs are not so immune to malware. In fact, Apple itself seems to be taking security issues more seriously with the latest version of Mac OS X, something that doesn’t quite fall well with its latest Get a Mac ads. In its latest TV commercials, Apple continues to bash PCs for being highly unreliable and prone to getting infected by viruses, whereas the Mac is downright immune to these threats. However, the people at Intego (security compan...
----------
Newly Discovered Vulnerability Could Threaten Cisco Wireless LANs
Aug 24,2009
Flaw in Cisco Over-The-Air-Provisioning could allow attackers to gain control of wireless access points, AirMagnet researchers say
----------
IDC Report: Most Insider Leaks Happen By Accident
Aug 25,2009
Unintentional leaks may cause more damage than internal fraud, research study says
----------
Arterial, crowdsourced traffic info comes to Google Maps
August 25, 8:01 p.m. UTC - by Jacqui Cheng Posted in: The Web
You already know how to find the status of traffic on the highway, but what about regular roads? Google has added arterial road information to Google Maps in select cities and has begun using crowdsourced data to provide more live updates.
Read more
----------
Pirate Bay ISP Victim of Sabotage After Shutdown
UPDATE: Black Internet, the ISP that on Monday turned off the access to file-sharing site The Pirate Bay, says it has become the victim of sabotage.
----------
Jessica Biel Could Give You a (PC) Virus
McAfee finds that searching for the actress's name is likely to lead you to spyware, adware, malware, and more.
----------
Personal Spy Gear: Is It Ethical? Is It Legal?
From disguised video security cams to GPS tracking loggers, personal security is going high-tech. But these gadgets bring up a host of sticky ethical and legal issues.
----------
DHS report: IT sector is resilient against serious cyberattacks
A U.S. Department of Homeland Security presents scenarios in which well-chosen attacks against key IT infrastructure elements could cause disruptions on a national scale. The document also offers a surprisingly sunny assessment of the resilience and redundancies within the IT sector to mitigate the risk of such disruptions. Read more...
----------
Hackers rest over summer, pounce during Christmas
Chuck Miller August 25, 2009
Much like average American workers, hackers tend to take off during the summer -- and weekends -- but come Christmas and New Year's, they are out in full force.
----------
More Mac DNS changing malware uncovered
Dan Kaplan August 24, 2009
Despite conventional wisdom, Mac malware remains alive and well.
----------
Federal Reserve Chairman Hit By High-Tech Pickpocket Ring
Identify theft isn’t just for the little people.
Federal Reserve Board chairman Ben Bernanke and his wife are among the victims of the tech-savvy pickpocket and ID theft ring Cannon to the Wiz, Newsweek reported Tuesday.
Threat Level readers will remember that Wiz is a national ring of some 200 light-fingered scammers that kept police around the country on their toes for at least two years. The group was led by Clyde Austin Gray, Jr., 52, of Waldorf, Maryland, who went by the names “Big Head” and “Poochie.” Gray pleaded guilty in July to conspiracy to commit bank fraud in a scheme that resulted in losses of at least $2.1 million from 10 financial institutions. Nine other co-conspirators have been charged to date.
----------
New FCC Boss: We'll Defend Net Neutrality
Though vague positions and vague neutrality principles remain problematic...
----------
Brazilian Malware Writers Stumble Again
I like to pick on malware writers, especially the dumb ones as you can see here. Sometimes they’re just too big a target to ignore.
The latest round is with Brazilian malware writers again. As you are aware, some days ago the Delphi virus was discovered; we detect it as W32/Induc. So today I got a Brazilian PWS-banker malware that was infected with–guess what?–the W32/Induc delphi virus! What an irony.
Back in 2007, I wrote about something quite similar here. And, surprise, it was another Brazilian PWS-banker malware.
So, please, malware writers, repeat after me: “I must install anti-virus software. I must install anti-virus software.”
Today, you can buy a customized Brazilian PWS-banker malware for about US$50. That may explain why it is so cheaply made.
----------
Twitter Weight Loss Spam
Hundreds of Twitter accounts have been hacked and used to send spam.
----------
Monday, August 24, 2009
Monday 08/24/09
It is apparent that there is still a bit of confusion around the Active Template Library (ATL) issue and how current updates relate to work we have already done to provide mitigations, protections and guidance to customers. To try and provide some clarity:
Security Advisory 972890: This advisory was released in response to active attacks against the Microsoft Video ActiveX Control in order to provide guidance and mitigations (including a Microsoft Fix it solution) to customers while we worked towards an update for the underlying issue.
MS09-032 – Cumulative Update of ActiveX Kill Bits (973346): This bulletin provided an official kill bit update to replace the Microsoft Fix it solution provided by Security Advisory 972890. The update addresses additional kill bits and is also available through Microsoft update technologies such as Windows Update, Microsoft Update, and Windows Software Update Services (WSUS). This kill bit blocked the ability to instantiate the Microsoft Video ActiveX Control in Internet Explorer to mitigate against known attacks.
MS09-034 – Cumulative Security Update for Internet Explorer (972260): This bulletin provided a defense-in-depth update that helps mitigate known attack vectors within Internet Explorer. To be clear, Internet Explorer is not vulnerable to these attacks but the vulnerable components can be reached through Internet Explorer. Installing this update mitigates that threat.
MS09-035 – Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706): This update is specifically geared towards developers of components and controls who use ATL. The update addresses the underlying issue in our Visual Studio development tools. Developers who use ATL should install this update and recompile their components and controls following the guidance in this MSDN article.
MS09-037 – Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908): This bulletin provides updates for vulnerable components and controls that shipped with Windows products. These are Microsoft components and controls were built using ATL. Among the updates in this bulletin is a binary level update that addresses the vulnerability in the Microsoft Video ActiveX Control that has seen some active attacks. So we previously released a kill bit update to provide immediate protection for customers and are addressing the underlying vulnerability with this update.
Security Advisory 973882: This advisory provides information on our ongoing investigation in to the ATL issue and serves as a single source for all related information.
To be even clearer, not every ActiveX control is vulnerable and we have an ongoing investigation into this issue. We will continue to provide updates via Security Advisory 973882 and Security Bulletins as necessary.
----------
Malware Writers: Will That Be OS X, or W?
Permalink
Security researchers increasingly are finding that sites designed to trick the visitor into installing malicious software will serve different malware depending on whether the visitor arrives at the page using a Microsoft Windows PC or a Mac.
Trend Micro researcher Ivan Macalintal recently found a new variant of the dreaded DNS changer Trojan that checks to see which operating system the visitor's Web browser appears to be riding on, and then offers the appropriate Windows- or Mac-based installer. The malware was masquerading as a pirated version of Foxit Reader and several anti-virus applications.
This follows a similar finding last month by McAfee, which spotted the same tactic being used at sites that try to trick the user into installing a browser plug-in supposedly needed to view online videos: The bogus plug-in was offered as a ".exe" file for Windows visitors, and a ".dmg" installer file for those who browsed the site with a Mac.
Meanwhile, Symantec warned last week that it had detected several blogs that were advertising free, streaming online copies of movies that were just released in the theaters. The lure is once again a fake video plug-in, followed by either a Mac- or Windows-based version of the DNS Changer Trojan.
----------
Virus infects development environment
Anti-virus software vendor Kaspersky has discovered a new type of virus which infects and compromises systems running the Delphi development environment more…
----------
Radisson Hotels report significant data breach
Ryan Naraine: In an open letter to guests, Radisson chief operating officer Fredrik Korallus said the hotel chain's computer system was hacked between November 2008 and May 2009 and customer data, including credit and debit card numbers, was stolen.
----------
Swedish Court Get The Pirate Bay Taken Down
When the original ruling came out against The Pirate Bay's founders, one odd part was that there was no injunction forcing the site to stop doing anything. The entertainment industry quickly filed for one -- which seemed a bit odd, considering that the case was under appeal. The latest, however, is that a judge has ordered one of the main ISPs servicing The Pirate Bay to stop, making the site largely inaccessible. In the meantime, the gov't agency that was responsible for getting the founders to pay up has basically found that they can't find any money to collect, which aligns with what the four guys have been saying all along (that they don't own the site and don't make money from it).
----------
Just wondering who represents these guys:
Retired Football Players FileClass Action Against NFL
By TIM HULL
(CN) - Retired NFL players filed a federal class action against the league in Minneapolis, saying the NFL profits from the reputations they made before the era of multimillion-dollar salaries, while paying nothing to the retirees, many of whom are permanently injured. The six named plaintiffs include Hall-of-Famer Elvin Bethea and quarterback Dan Pastorini.
----------
Researcher details Facebook CSRF flaw
Dan Kaplan August 21, 2009
Facebook has closed a hole that enabled an attacker to retrieve personal information of users without their interacting with the site.
----------
Identity fraud ring busted in New York
Chuck Miller August 24, 2009
Members of an alleged fraud ring have been arraigned in New York, charged with stealing identities and obtaining $22 million of wireless phone equipment and services.
----------
Swiss privacy commissioner says "nein" to Google Street View
August 24, 4:04 a.m. UTC - by Eric Bangeman Posted in: Law & Disorder
Google launched Street View in Switzerland last week, and the Swiss Privacy Commissioner isn't satisfied that it will safeguard the privacy of Swiss citizens.
----------
Is Your PC Bot-Infested? Here's How to Tell As fireworks boomed on the Fourth of July, thousands of compromised computers attacked U.S. government Web sites. A botnet of more than 200,000 computers, infected with a strain of 2004's MyDoom virus, attempted to deny legitimate access to sites such as those of the Federal Trade Commission and the White House. The assault was a bold reminder that botnets continue to be a massive problem. Read more...
----------
The Art of Creating Strong Passwords
----------
U.S. Says SQL Injection Caused Major Breaches
----------
Court shuts down sites promising free government grants
----------
Lawsuit seeks to pry information from banks on account breaches
----------
Could Google be tricked into talking to botnets?
----------
Friday, August 21, 2009
Friday 08/21/09
----------
ERIC SAYS - LOTS OF GOOD INFO IN THIS ARTICLE:
One-in-four hackers runs Opera to ward off other criminals
Hackers using multi-exploit attack "toolkits" take defensive measures of their own against other criminals, a security researcher said today.
"Exploit kit operators do use mainstream browsers, but they're much more likely to use Opera than the average user, because they know that the browser isn't targeted by other hackers," said Paul Royal, a principal security researcher with Atlanta-based Purewire.
While the most generous Web measurements peg Opera, a browser made by Norwegian company Opera Software, at a 2% share of the global market, 26% of the hackers who Purewire identified use the far-from-popular application.
Because of its small market share, few hackers bother to unleash exploits for Opera vulnerabilities, said Royal.
Purewire obtained this insight, and others, by infiltrating hackers' systems using a bug in the analytics software included with a pair of hacker toolkits, notably one dubbed "LuckySploit," said Royal. "We forged a 'refer' field and put in a little JavaScript," he explained, "and that revealed the hackers to us via their IP addresses."
----------
Judge: Defunct airport fast pass company can't sell customer data
----------
Swine flu battle moves to cyberspace AFP – Wed Aug 19, 4:10 pm ET
AFP
THE HAGUE (AFP) - The clock is ticking, people are dying and a flu virus is sweeping the globe -- that is the scenario of a new computer game designed to make people think about how to respond to the swine flu pandemic.
----------
Your Web Browser Knows Where You Are
Firefox and Safari on the iPhone can now report your physical location. But who are they telling?
----------
Eight Indicted For $22M Identity Theft Scam Against AT&T, T-Mobile
Aug 20,2009
Defendants allegedly hijacked customers' identities to steal millions of dollars in wireless gear
----------
Tech Insight: SQL Injection Demystified
Aug 21,2009
Attackers are using the old standby SQL injection en masse -- a look at the attack and how to protect your applications from it
----------
Botmaster: It's All About Infecting, Selling Big Batches of Bots
Aug 20,2009
Undercover Cisco researcher told the going rate for a single bot is 10- to 25 cents
----------
Rare Malware A Hint Of Threats To Come
Aug 19,2009
Researchers are spotting new forms of malware features that could signal a new generation of harder-to-kill badware
----------
Uncouth Facebook postings closing doors for job candidates
August 20, 8:07 p.m. UTC - by Jacqui Cheng Posted in: The Web
More employers than ever are researching job candidates on sites like Facebook, MySpace, and Twitter in order to find out more about their activities and character. And, it turns out, many candidates are doing a great job of showing their potential bosses poor communication skills, inappropriate pictures, and even how many workplace secrets they can leak.
Read more
----------
VMware patches holes in its products
A hole in the libpng allows crafted images to infiltrate and execute code in VMware products more…
----------
Gartner Tells Reporter: You're Not Allowed To Mention Gartner Research Without Our Permission
Rich Kulawiec alerts us to the news that Gartner (which absolutely should know better) sent a legal nastygram to a Network World blogger, Larry Chaffin, for the mortal sin of mentioning Gartner without Gartner's permission. Specifically, Gartner is claiming full control over its research reports, and saying that a reporter cannot quote them. Gartner is almost certainly wrong about this. If the information is newsworthy (and it sounds like it was), then a reporter absolutely has the right to post it. Also, Gartner seems confused about how all of this works. It first claims that posting such info was a violation of its own policy... but it's a policy that Chaffin had not agreed to.
----------
The PhilosophyOf Dogs
By ROBERT KAHN
Dogs are better philosophers than humans, of course. Dogs know how to be happy. Show me a happy philosopher.
----------
"Dirtiest" websites host average 18,000 threats
Angela Moscaritolo August 20, 2009
The most dangerous websites on the web propagate an average of 18,000 different pieces of malware.
----------
Malware designed to steal IDs increased 600 percent
Greg Masters August 20, 2009
The number of users victimized by malware specifically intended to rob personally identifiable information leapt 600 percent this year.
----------
Phishing apps found on Facebook
Chuck Miller August 20, 2009
A new round of rogue Facebook applications sends notifications that lead users to phishing sites.
----------
Former Chinese nationalist hacker causes international incident
An international controversy has broken out over an article he published on one of his websites called, the China International Strategy Net. In the article, Kang suggests that India can be removed as a competitor by intentionally encouraging separatists to bring about the collapse of the state. The statements caused such an uproar that the Indian government was forced to issue a statement saying that the relationship between China and India was peaceful.
----------
Wednesday, August 19, 2009
Wednesday 08/19/09
A government informant who helped put away nearly 30 fellow hackers five years ago is considered by U.S. law enforcement officials to be the kingpin of the biggest data breaches in U.S. history.
Albert Gonzalez, 28, of Miami was indicted yesterday for the third time in connection with the data breaches. Two Russian citizens were indicted along with Gonzalez by a grand jury in New Jersey yesterday on charges of running an international scheme to steal more than 130 million credit and debit card numbers as well as personally identifying information from five companies, including Heartland Payment Systems Inc., 7-Eleven Inc. and Hannaford Bros. Co.
----------
Miami man indicted for massive credit hack
A 28-year-old Miami man was indicted Monday for the largest credit and debit card theft ever prosecuted in the U.S., with data from more than 130 million credit and debit cards stolen, the U.S. Department of Justice (DOJ) said.
Albert Gonzales, also know as segvec, soupnazi and j4guar17, was charged, along with two unnamed co-conspirators, with using SQL injection attacks to steal credit and debit card information. Among the corporate victims named in the two-count indictment are Heartland Payment Systems, a New Jersey card payment processor; 7-Eleven, the Texas-based convenience store chain; and Hannaford Brothers, a Maine-based supermarket chain.
----------
Nominum to offer DNS 'blacklist' capability
Nominum's Trusted Response and Universal Enforcement (TRUE) architecture is already in use by several ISPs supporting a combined 100 million broadband households. Nominum wouldn't identify these ISPs, but its Web site says its carrier customers include Verizon, Sprint, NTT Communications and other major industry players.
----------
Security start-up Rohati extending access-control gear to the cloud
Rohati plans to extend its on-premises capabilities to an off-premise environment to support application access control and user entitlements in cloud-based computing, says Prashant Gandhi, CEO and president of Rohati.
"It could be applied to either a public or a private cloud," said Gandhi about Rohati's strategy. "Our vision moving forward is to use our technology for trusted cloud-bursting."
----------
Bomb Threat Procedures
These are the detailed bomb threat procedures for a U.S.-based non-profit organization that promotes environmental activism and causes. A bomb threat procedure was drafted in 2000 after the organization received a threat
----------
Workplace Violence Prevention Policy Template
----------
MS09-039 exploit in the wild?
TCP port 42 is used for WINS replication. It's also interesting that the number of sources isn't that high as well.
----------
Sysinternals Procdump Updated
Sysinternals has released v1.4 that fixes a bug that was introduced in v1.3. This update fixes the compatibility problem with Windows XP and Windows Server 2003.
technet.microsoft.com/en-us/sysinternals/dd996900.aspx
----------
Forensics: Mounting partitions from full-disk 'dd' images
----------
Cisco Security Advisory: Cisco IOS XR Software Border Gateway Protocol Vulnerability
----------
Woman arrested for juicy craigslist ad targeting teen girl
August 19, 1:18 p.m. UTC - by Chris Foresman Posted in: Law & Disorder
Missouri was the first state to enact anti-cyberbullying legislation after MySpace harassment led a 13-year-old to commit suicide. Now a woman faces felony cyberbullying charges after posting a fake Craigslist ad with photos and contact information for a 17-year-old girl.
Read more
----------
Court offers guidelines on when to unmask anonymous posters
August 18, 10:35 p.m. UTC - by John Timmer Posted in: Law & Disorder
A company that was accused of software piracy has turned around and sued the anonymous tipster that first leveled the accusation, accusing the John Doe of defamation. An appeals court has ruled the case may go forward, with firm guidelines on determining whether or not to unmask the tipster.
Read more
----------
CSI Fraud: researchers craft fake DNA evidence
August 18, 7:24 p.m. UTC - by John Timmer Posted in: Nobel Intent
Researchers have demonstrated it's possible to remove all the DNA from samples like blood and saliva, and replace it with genetic material from a different individual—even when the only source of this material is a used cigarette butt. Their methodology was good enough to fool a lab that does crime-scene DNA testing.
Read more
----------
P2P Banned In Antarctica?
We know that there's been an ongoing effort by entertainment industry lobbyists to convince politicians (and others) that file sharing and P2P apps are somehow to blame for stupid government staffers accidentally leaking files via those programs. Apparently the propaganda campaign has worked in at least one area: employees of the United States Antarctic Program (USAP) were sent an alert that they need to stop using all P2P programs. The "scenarios" described in the note are the same ones that entertainment industry lobbying group Arts+Labs has been spewing for a few years now. However, rather than assume that the real lesson is that users should actually understand the software they're using on their computer, and make sure not to use it in a dumb way (such as exposing sensitive documents), the director of IT simply told everyone that while on Antarctica, they must disable any P2P apps on their computer. Hope no one there uses Skype to keep in touch with family...
----------
Ex-Secret Service Agent Loses Security Clearance
By NICK DIVITO
(CN) - A former Secret Service agent has no legal recourse to force the agency to reinstate her Top Secret security clearance after she passed counterfeit money, the Federal Circuit ruled.
----------
Facebook accused of violating privacy laws
Chuck Miller August 18, 2009
Facebook has been accused of violating California privacy laws and seeking to "disseminate private information to third-parties for commercial purposes."
----------
WSJ: AT&T Is Dying
Baby bell doesn't have many friends these days...
09:13AM Wednesday Aug 19 2009 by Karl Bode
The Wall Street Journal gives AT&T a solid one-two punch this morning, insisting that the baby bell is "dying," then proclaiming th at AT&T is "dragging down the rest of us by overcharging us for voice calls and stifling innovation in a mobile data market critical to the U.S. economy...
----------
Chinese hacker schools growing bolder
In the last few days, there have been several articles covering China’s domestic hackers and their schools. In the past, this type of recruiting activity was confined to the online world and kept out of view of the general public. Now it is popping up all over the street.
----------
Under Agreement, UBS to Give Up Over 4,000 Names
By LYNNLEY BROWNING 9 minutes ago
U.S. regulators will receive the names as part of an investigation of Americans avoiding taxes through the use of offshore accounts.
----------
Which Windows is more secure?
Ed Bott: Over the past couple years, I've been regularly checking in to measure whether Windows Vista is living up to its promise of being more secure than its predecessor, Windows XP. Now Windows 7 is added to the mix.
21 months later, Vista is still more secure than XP
Windows 7's Achilles' heel - XP Mode
Special Report: Windows 7
----------
Monday, August 17, 2009
Monday 08/17/09
A 28-year-old Miami man was indicted Monday for the largest credit and debit card theft ever prosecuted in the U.S., with data from more than 130 million credit and debit cards stolen, the U.S. Department of Justice said.
----------
Opinion: It's the money, stupid: Why nobody wants to be the cybersecurity czar (and why they should be happy to take the job)
Candidates should consider the benefits not of the job itself but of the prestige that comes with having held the title.
----------
Heartland CEO on Data Breach: QSAs Let Us Down
For Heartland Payment Systems Inc. CEO Robert Carr, the year did not start off well, to say the least.
Heartland CEO Must Accept Responsibility
I just read Bill Brenner's interview with Heartland Payment Systems' CEO Bob Carr [ Heartland CEO on Data breach: QSAs Let Us Down] and truthfully, my blood is boiling.
----------
Bored bureaucrat pleads guilty to passport snooping
A fifth person who has worked for the U.S. Department of State has pleaded guilty to illegally accessing passport application files stored in a computer database, the U.S. Department of Justice announced.
Kevin M. Young, 42, of Temple Mills, Md., pleaded guilty today in U.S. District Court for the District of Columbia to one count of unauthorized computer access. He is scheduled to be sentenced Dec. 9.
----------
Three indicted for hack attacks on Heartland, Hannaford
A Miami man and two Russians today were indicted by a grand jury in New Jersey on charges of conspiring to commit some of the largest data breaches in U.S. history.
Albert Gonzalez, 28, and the two still-unnamed Russian citizens are charged with running an international scheme to steal more than 130 million credit and debit card numbers along with personally identifying information from five companies, including Heartland Payment Systems Inc., 7-Eleven Inc. and Hannaford Brothers Co. The two other companies were not named in the indictment because their breaches have not yet been made public.
----------
Microsoft planned to bury XML developer, says federal judge
Microsoft knew of the patent held by i4i as early as 2001 but nevertheless set out to make the Canadian developer's software "obsolete" by adding a feature to Word, according to court documents.
The patent infringement case brought by Toronto-based i4i resulted in a $290 million judgment against Microsoft and an injunction that bars Microsoft from selling Word 2003, Word 2007 and Word for Mac 2008 in their current forms.
In a 65-page summary opinion dated Aug. 11, U.S. District Court Judge Leonard Davis said that evidence presented during the May 2009 jury trial showed Microsoft had met with i4i executives as far back as 2001, knew of the firm's patent for XML editing, and yet did nothing to guarantee that its implementation of "custom" XML would not infringe the i4i patent.
----------
Court fines man $210,000 for selling software copies
A U.S. judge has ordered a Delaware man who sold copies of software packages on an Internet auction site to pay $210,563 in damages and court costs, the Business Software Alliance (BSA) announced today.
----------
Hackers put social networks such as Twitter in crosshairs
Web sites such as Twitter are becoming increasingly favored by hackers as places to plant malicious software in order to infect computers, according to a new study covering Web application security vulnerabilities.
----------
Georgia cyberattacks linked to Russian organized crime
The cyberattacks against Georgia a year ago were conducted in close connection with Russian criminal gangs, and the attackers likely were tipped off about Russia's intent to invade the country, according to a new technical analysis, much of which remains secret.
----------
Flash Cookies Track Even Privacy-conscious Surfers, Study Finds
A new study on local shared objects, aka Flash cookes, found that they can be used to re-create deleted http cookies to track visitors.
----------
Study Touts Internet Explorer 8 As Worlds Most Secure Browser
A recent report claims that Microsoft's Internet Explorer 8 is the world's most secure browser.
----------
US tests censorship circumvention tool; Chinese shrug
August 17, 1:09 p.m. UTC - by Jacqui Cheng Posted in: The Web
A US agency is working on a system that will allow people to get around government Internet censors by using e-mail. The tool will be tested in China and Iran, where it should offer yet another option for those stuck behind the filters.
Read more
----------
Houston Starts Whole Body Imaging
The Transportation Security Administration (TSA) has announced that it will begin testing two types of advanced imaging technology at George Bush Intercontinental Airport, Houston. Millimeter wave and backscatter imaging technologies are designed to capture, record, and store detailed images of individuals undressed. Previously, the Privacy Coalition had asked that the use of the devices should be suspended pending an investigation. The House of Representatives recently passed legislation that would establish clear privacy safeguards for the devices. See also EPIC's page on Whole Body Imaging.
TSA to begin testing imaging technology at Houston airport, PR Newswire US, August 14, 2009.
EPIC on August 14, 2009 3:46 PM
Permanent link to this item.
----------
Linux kernel vulnerability fixes
Kernel developers and some Linux distributors have released fixes for the critical vulnerability in the Linux kernel disclosed last week more…
----------
Police Sue Bosses to ProtectTheir Confidential Sources
By JOE HARRIS
ST. LOUIS (CN) - The St. Louis Police Officers' Association seeks an injunction to stop the Police Department from forcing officers to reveal their sources. The union says law enforcement will suffer if officers can't promise anonymity to informants, but two officers were ordered to identity confidential informants or face discipline and possible termination.
----------
TJX Hacker Charged with Heartland, Hannaford Breaches
The constellation of hacks connected to the TJX hacker is growing.
Albert “Segvec” Gonzalez has been indicted by a federal grand jury in New Jersey — along with two unnamed Russian conspirators — on charges of hacking into Heartland Payment Systems, the New Jersey-based card processing company, as well as Hannaford Brothers, 7-Eleven and two unnamed national retailers, according to the indictment unsealed Monday. Gonzalez, a former Secret Service informant, is already awaiting trial over his involvement in the TJX hack.
Prosecutors say they’re investigating other breaches and have not ruled out Gonzalez’s involvement in even more intrusions.
----------
Scammers Love Your Money
Monday August 17, 2009 at 9:28 am CST
... I searched the French Skyrock social networking platform and discovered the photos and videos from their exploits. Each crook has his own blog entries and is attached to a gang web page were each member is listed in a friends list. They are plenty boastful. Among the group names, we have:
les banquiers arabes (the Arab bankers)
la banque africaine (the African bank)
les boucantiers de la Cote d’Ivoire (The Ivory Cost boucantiers)
les plus riches (the richest)
----------
Wednesday, August 12, 2009
Wednesday 08/12/09
Go ahead and clean up the coffee you just spit all over your keyboard. We’ll wait. Back? OK. A judge in Texas ruled that Microsoft Word’s XML systems violate patents by Toronoto-based i4i Inc. Word uses XML in reading and writing XML, DOCX, and DOCM files.
The lawsuit alleges that MS violated i4i’s 1998 XML patent #5,787,449. The injunction will go into effect in 60 days and prevent Microsoft from selling or demonstrating Microsoft Word. MS will have to pay i4i about $290 million in damages.
----------
Back in March of 2008, Comcast's Gerard Kunkel proclaimed that Comcast was experimenting with embedding cameras in your DVR or cable box, allowing the company to know exactly who is watching what, at what time. Once a privacy backlash fired up Kunkel quickly backpedaled, but the idea of a nosy DVR may not be that far off. Light Reading explores how several cable companies are interested in a technology by Prime Sense that uses "3D-sensing" cameras to identify which users are in a room using thermal identification technology. While MSOs would probably love tailored ads based on who's in the room, early uses for this technology involve improved cable GUI and program interactivity.
----------
Google Privacy Opt Out Announced Via The Onion
by Michael Arrington on August 12, 2009
The Onion strikes again, announcing Google Opt Out today, a product that lets people opt out of Google’s information gathering activities by having their home destroyed and moving to a covered villiage complex at an undisclosed location. As always, they nail it. Video is below.
----------
When Debian developer Joey Hess started tinkering with webOS, he noticed that it was sending something to Palm once a day. Surely, Palm wasn’t sending anything too potentially incriminating without making it blatantly obvious to the user, right? Wrong.
----------
Texas Judge Rules Microsoft Can’t Sell Word Anymore
Go ahead and clean up the coffee you just spit all over your keyboard. We’ll wait. Back? OK. A judge in Texas ruled that Microsoft Word’s XML systems violate patents by Toronoto-based i4i Inc. Word uses XML in reading and writing XML, DOCX, and DOCM files.
The lawsuit alleges that MS violated i4i’s 1998 XML patent #5,787,449. The injunction will go into effect in 60 days and prevent Microsoft from selling or demonstrating Microsoft Word. MS will have to pay i4i about $290 million in damages.
Read More
----------
Another Court Deals Major Blow to DVD Copying
A California appeals court on Wednesday overturned a lower court ruling that had paved the way for a $10,000 DVD copying system called Kaleidescape and other products from the company with the same name.
The 6th District Court of Appeal in San Jose, California, was the second court in two days to rule that companies are bound (.pdf) by the entire Content Scramble System licensing regime, which prevents duplicating DVDs.
A San Francisco federal judge ruled late Tuesday that RealNetworks’ DVD-copying software was a breach of the Content Scramble System license, which is required for DVDs and computers to play DVDs. The license allows DVD players to descramble the encrypted code on a DVD, but the license prohibits the duplication of a DVD. Both RealNetworks and Kaleidescape claimed a loophole in the CSS license allowed the copying of DVDs.
In both cases, Kaleidescape of Sunnyvale, California, and RealNetworks, of Seattle, claim that the CSS license issued by a partner of the motion picture studios — the DVD Copy Control Association — did not require, as the studios alleged, that a DVD be in the machine to play back the movie. Hence, a copy could be made, they claimed.
----------
Diebold Quietly Patches Security Flaw in Vote Counting Software
Premier Election Solutions, formerly Diebold, has patched a serious security weakness in its election tabulation software used in the majority of states, according to a lab that tested the new version and a federal commission that certified it.
The flaw in the tabulation software was discovered by Wired.com earlier this year, and involved the program’s auditing logs. The logs failed to record significant events occurring on a computer running the software, including the act of someone deleting votes during or after an election. The logs also failed to record who performed an action on the system, and listed some events with the wrong date and timestamps.
----------
Small businesses largely not PCI compliant
Angela Moscaritolo August 12, 2009
Though 83 percent of small businesses are familiar with the PCI DSS, just 62 are compliant, according to a recent survey.
----------
Microsoft pushes out ATL, ActiveX fixes
Dan Kaplan August 11, 2009
The software giant on Tuesday cleaned up its flawed Active Template Library, in addition to issuing a host of other patches.
----------
Top websites using Flash cookies to track user behavior
Angela Moscaritolo August 11, 2009
Little-known Adobe Flash cookies are being used by some websites to get around users' attempts to avoid being tracked by advertising networks, according to research from University of California, Berkeley.
----------
eBay mandates developer password change
Chuck Miller August 11, 2009
The giant web marketplace site eBay has warned developers of a security vulnerability, and is requiring that they change their credentials immediately.
----------
US-CERT director resigns, plans to work for RSA
The director of the Department of Homeland Security's U.S. Computer Emergency Readiness Team (US-CERT) has resigned.
Mischel Kwon has headed up US-CERT, an arm of the DHS's National Cybersecurity Division, since June 2008.
----------
19 security vulnerabilities fixed in Windows components and applications
WINS, Telnet and the Active Template Library (once more) are among the vulnerable components. The updates also eliminate critical vulnerabilities in Microsoft Office Web Components, and a DoS vulnerability in ASP.NET that cripples applications using IIS more…
----------
Lockpicking and the Internet
Physical locks aren't very good. They keep the honest out, but any burglar worth his salt can pick the common door lock pretty quickly.
It used to be that most people didn't know this. Sure, we all watched television criminals and private detectives pick locks with an ease only found on television and thought it realistic, but somehow we still held onto the belief that our own locks kept us safe from intruders.
The Internet changed that.
First was the MIT Guide to Lockpicking, written by the late Bob ("Ted the Tool") Baldwin. Then came Matt Blaze's 2003 paper on breaking master key systems. After that, came a flood of lock picking information on the Net: opening a bicycle lock with a Bic pen, key bumping, and more. Many of these techniques were already known in both the criminal and locksmith community. The locksmiths tried to suppress the knowledge, believing their guildlike secrecy was better than openness. But they've lost: Never has there been more public information about lock picking -- or safecracking, for that matter.
Lock companies have responded with more complicated locks, and more complicated disinformation campaigns.
There seems to be a limit to how secure you can make a wholly mechanical lock, as well as a limit to how large and unwieldy a key the public will accept. As a result, there is increasing interest in other lock technologies.
----------
Microsoft Knew About Bugs Two Years Ago
According to the security firm that alerted Microsoft of the flaws, Redmond was first alerted about them in 2007.
----------
Android security chief: Mobile-phone attacks coming
As smartphones become more popular, they're going to get some unwanted attention from criminals, Google Inc.'s head of Android security said today.
"The smartphone OS will become a major security target," said Android Security Leader Rich Cannings, speaking at the Usenix Security Symposium. Attackers can already hit millions of victims with a smartphone attack, and soon that number will be even larger. "Personally I think this will become an epiphany to malware authors," he said.
----------
Monday, August 10, 2009
Monday 08/10/09
----------
Hathaway Resigns From Cybersecurity Czar Post
A former Bush administration aide, she was working as cybercoordination executive for the Office of the Director of National Intelligence when she was appointed to her new role by President Obama in February. At the time, she was directed to conduct a 60-day review of cybersecurity preparedness across the federal government.
Hathaway's highly anticipated review was finished in May and called on government officials to take several steps to bolster cybersecurity. One of the main recommendations was to establish a cybersecurity office within the executive offices of the president to oversee and enforce the development and implementation of a national
----------
Security experts scramble to decipher Twitter attack
Security analysts Thursday scrambled to find a motive behind the distributed denial-of-service attacks that brought down Twitter for several hours, and also hit Facebook, Google and LiveJournal.
With little information to go on, researchers ended up speculating on who launched the attacks and why, although several agreed that Twitter's infrastructure needed immediate strengthening.
"If you monitor the hacking forums, it's clear they're pissed at Twitter," said Richard Stiennon, founder of IT-Harvest, a security research firm. "Twitter came out of nowhere. Hackers hated that. They'd been using forums and IRC to communicate, and all of a sudden, the rest of the world has their own thing in Twitter."
----------
Adobe Reader's security woes a boon for up-and-coming rival Foxit
...
Facing criticism, Adobe is aiming to release security patches more quickly.
But it's not fast enough for many companies, says one anonymous security researcher at the Black Hat conference, who told CNET this week: "As a result of the number of zero-day attacks on PDFs this year, large banks hate Adobe."
----------
Pro-Georgian blogger target of Internet attacks AFP – Fri Aug 7, 9:59 pm ET
AFP/File
SAN FRANCISCO (AFP) - Cyber assaults that temporarily derailed the websites Twitter, Facebook and LiveJournal were aimed at a pro-Georgian blogger, according to Internet security company F-Secure.
----------
Cyber Attackers Empty Business Accounts in Minutes PC World – Thu Aug 6, 3:10 pm ET
The criminals knew what they were doing when they hit the Western Beaver County School District.
----------
The Case of the Impossible Address
An IP address of 0.0.0.0 just doesn't make sense. So how did traffic for that destination get delivered to the network?
----------
Kepler telescope makes quick discovery
cnn.com — NASA scientists who put the telescope through a 10-day test after its March 6 launch said this week that Kepler is working well. Its ability to detect minute changes in light has enabled scientists to determine that a planet orbiting a distant star has an atmosphere, shows only one side to its sun and is so hot it glows. More…
----------
$60, at-home night vision gets cheaper, better
August 10, 2:56 p.m. UTC - by Ben Kuchera Posted in: Gear & Gadgets
Ars Technica takes a look at the next-generation of night-vision, in a toy. JAKKS Pacific has taken a second pass at its night vision design, making it easier to use and adding a larger screen that now takes advantage of both eyes. It's time to go ninja hunting.
Read more
----------
Facing Five Years In Prison For Posting A Photo On MySpace Wearing Gang Colors
----------
Washington Post Says Economy Is Bad... No, Good... No, Bad For Nigerian 419 Scammers
There's a fascinating article in the Washington Post about the impact of the worldwide financial crisis on Nigerian 419 scammers.
----------
Malaysia Wants To Filter The Internet, But Swears It Won't Be Used To Stop Political Dissent
Malaysia's government has had something of a love-hate affair with citizens and opposing politicians using blogs and other social media to protest the government -- and has even sent opposition bloggers they don't like to jail. So, you can imagine the concern when the government announced plans to install widespread internet filters modeled on China's fault "Green Dam" software. Not surprisingly, the government officials back the plan insist it won't be used against political targets, but just obscene material. Opponents find that hard to believe. Even if (and it's a big "if") that's the intent of the government, having it be so easy to "accidentally" start blocking opposition sites is probably too tempting for many.
----------
Group of ISPs issue tips for dealing with bots
Angela Moscaritolo August 07, 2009
One industry group is trying to help network operators help respond to bot infections.
----------
Who Needs Spy Satellites? Google Earth Pinpoints Where Missile Targeted Taliban
by Erick Schonfeld on August 10, 2009
The leader of Pakistan’s Taliban, Baitullah Mehsud, may or may not be dead after a CIA missile hits his father-in-law’s home in the remote “Zangarha area” of the country. But now we can see exactly where that missile hit, and we don’t even need access to a spy satellite. Thanks to Google Earth, we get the image above.
----------