Monday, September 28, 2009

Monday 09/28/09

Ass Bomber
Nobody tell the TSA, but last month someone tried to assassinate a Saudi prince by exploding a bomb stuffed in his rectum. He pretended to be a repentant militant, when in fact he was a Trojan horse:

The resulting explosion ripped al-Asiri to shreds but only lightly injured the shocked prince -- the target of al-Asiri's unsuccessful assassination attempt.
...
Lewis Page, an "improvised-device disposal operator tasked in support of the UK mainland police from 2001-2004," pointed out that this isn't much of a threat for three reasons: 1) you can't stuff a lot of explosives into a body cavity, 2) detonation is, um, problematic, and 3) the human body can stifle an explosion pretty effectively (think of someone throwing himself on a grenade to save his friends).

----------

A Stick Figure Guide to AES
Nice.

----------

Ants vs. worms
Since ants are pretty good at locating and defending against enemies in the real world, a team of researchers decided to try reproducing an ant-type model on computer networks. Initial tests proved to be a success more…

----------

Internet Explorer supports free certificates
With its last update, Microsoft has added StartCom to the pre-installed root certificates in its operating system. As a result, Microsoft products (such as Internet Explorer) now accept certificates issued by StartCom without prompting the user or requiring any special configurations for the certificates. Third-party programs that use the operating system's certificate memory will also accept the certificates without asking further questions.

StartCom offers free certificates for the signing of e-mails (S/MIME) and for SSL server access, such as HTTPS. Unfortunately, with these "Class 1 certificates", the applicant's email address is generally the only thing tested.

While StartCom has been in the certificate store of Mozilla programs like Firefox and Thunderbird for some time, other issuers who offer free server certificates (such as CACert) are not currently included in the Root CA lists of commonly used programs. Users therefore have to inspect and confirm each server certificate or add the root certificate of such issuers to their certificate store.

The root certificate update is available as an option via Windows Update.

----------

Reddit Attacked by XSS Exploit
An XSS hole allowed comments to be booby-trapped with JavaScript code which posted multiple comments into the social news aggregator. The script was triggered by logged in users merely hovering the cursor over a comment. more…

----------

Belgian Government Workers Ordered to Drop Firefox and Return to IE6
The government of the Walloon Region has ordered its local administrations to ban the use of Firefox on their networks...

----------

Windows 7 reliability scorecard
Adrian Kingsley-Hughes: Since December Windows 7 has been my default OS on several systems that are in daily use. During that time I've captured a lot of real-world reliability data for the OS.
...
So, how reliable is Windows 7?

In a word, very.

...looking at a small number of shutdown issues <== ERIC SEES THESE TOO!

----------

Rampant brute-force attack against Yahoo Mail
A widespread brute-force attack against Yahoo email users aims to obtain login credentials and then use the hijacked accounts for spamming, a researcher at Breach Security disclosed last week.

Yahoo Mail's main login page utilizes a number of security mechanisms to protect against brute force attacks -- when crooks try every possible combination of username/password until they can break in -- including providing a generic "error" page that does not reveal whether it was the username or password that the user got wrong. Also, Yahoo tracks the number of failed login attempts and requires that users solve a CAPTCHA if they have exceeded a certain number of incorrect tries.

----------

Judge Orders Gmail Account Deactivated After Bank Screws Up
By Kim Zetter
September 25, 2009

A California federal judge has ordered Google to temporarily de-activate a Gmail account after a bank mistakenly sent sensitive data to the account.

U.S. District Judge James Ware also ordered Google to disclose the identity of the Gmail account holder.

----------

AT&T Cleverly Flips Google Voice Fight On Its Head
... it wasn't too surprising to see AT&T flip the Google Voice fiasco on its head by sending a letter to the FCC late last week accusing Google of anti-competitive behavior for blocking user access to FreeConferenceCall.com. In AT&T's letter, the carrier suggests this violates a looming fifth neutrality principle

----------

Phishing fraud hits two year high
Phishing attacks reached a record high during the second quarter of 2009, with 151,000 unique attacks, according to a study by brand reputation firm MarkMonitor.

----------

Computer hacker may have tapped personal data on 236,000 women in UNC mammography study By News Room Today

----------

Drudge, other sites flooded with malicious ads
Criminals flooded several online ad networks with malicious advertisements over the weekend,...

----------

http://www.nytimes.com/2009/09/27/weekinreview/27shane.html?_r=1
... those news reports masked a surprising and perhaps heartening long-term trend: Many students of terrorism believe that in important ways, Al Qaeda and its ideology of global jihad are in a pronounced decline — with its central leadership thrown off balance as operatives are increasingly picked off by missiles and manhunts and, more important, with its tactics discredited in public opinion across the Muslim world.

“Al Qaeda is losing its moral argument about the killing of innocent civilians,” said Emile A. Nakhleh, who headed the Central Intelligence Agency’s strategic analysis program on political Islam until 2006. “They’re finding it harder to recruit. They’re finding it harder to raise money.”

----------

Blast from the past: Fresh wave of targeted attacks using PowerPoint
The use of social engineering to grab attention of recipients and to deliver malware is not something novel. The latest trend in spreading malware is to manipulate a happening celebrity story, disaster or other high profile news event. The threat could be delivered as emails or poisoned search engine results which leads to malware. In the past, we have come across innumerable incidents like Michael Jackson demise or Benazir Bhutto assassination used as an arena to spread malware. Lately, we have observed an increase in the number of OLE files being used as targeted attacks against various high profile users.

----------

Microsoft buys Interactive Supercomputing, kills top product: Microsoft has purchased the assets of Interactive Supercomputing (ISC), maker of the desktop parallel computing platform Star-P. Redmond plans to discontinue Star-P but to integrate ISC's technologies into its own solutions.

----------

Google v Microsoft: Giants War Over $7.25M Deal for LA Email
latimes.comThe two tech giants are clashing over a $7.25-million contract to replace Los Angeles' outdated e-mail system. City officials have been told that Microsoft Chief Exec Steve Ballmer and Google CEO Eric Schmidt "would be more than happy to come and visit with you." More…

----------

http://www.neatorama.com/2007/01/04/the-5-smallest-countries-in-the-world/
The official languages of the Vatican City are Latin and Italian. In fact, its ATMs are the only ones in the world that offer services in Latin! And here you thought that Latin is a dead language…

----------

Cyber Security Awareness Month OCTOBER

----------

Organized Crime and Retail Theft: Facts and Myths
Small, loosely connected gangs illustrate the challenge of stopping organized retail theft.

----------

Organized Cybercrime Revealed
The shadow economy for stolen identity and account information continues to evolve.

----------

Sep 26, 10:42 am
Security Software Sales Expected to Climb
The market for security software will grow 8% in 2009, Gartner analysts predict.

----------

IRS Scam Now World's Biggest E-mail Virus Problem PC World – Fri Sep 25, 6:40 pm ET
Criminals are waging a nasty online campaign right now, hoping that their victims' fears of the tax collecter will lead them to inadvertently install malicious software.

----------

Med students' tweets, posts expose patient info
Future doctors are too frequently putting inappropriate postings and sometimes confidential patient information on social sites like Facebook and Twitter, according to a study published in the Journal of the American Medical Association.

In a survey of medical colleges, 60% reported incidents of medical students' posting unprofessional content online. Thirteen percent reported that students had violated patient confidentiality in postings on social networking sites.

The survey also showed that 39% of colleges found medical students posting pictures of themselves in which they were intoxicated, and 38% reported medical students posting sexually suggestive material. The study, published this week, surveyed deans or their counterparts at 78 U.S. medical colleges.

----------

Microsoft's Server Message Block (SMB) has been a vulnerability for years, so they introduced a new version (SMB 2). Now they recommend turning off SMB2 due to too many vulnerabilities...
http://blogs.technet.com/srd/

----------

Friday, September 25, 2009

Friday 09/25/09

An analysis piece:
Categories of Common Malware Traits

----------

Mass Data Breach Law In The Crosshairs
Podcast: At the (ISC)2 Secure Boston event, a panel of legal and security experts examine the most problematic parts of Mass. 201 CMR 17 and offer a strategy for achieving both compliance and true security. (Part 1 of 2)

----------

Spammers Love Idaho the Most
September 24, 2009 — IDG News Service — No one is quite sure why, but Idaho now gets spammed a little more heavily than any other state in the U.S.

"Looking at the e-mail traffic that's being sent to business users in that particular state, 93.8 percent of all their e-mail traffic will be spam," said Paul Wood, a senior analyst with Symantec's MessageLabs group, which released research on the topic Thursday. "That's actually higher than the global spam average."

----------

Businesses Pandemic-Ready? (Survey: No.)
SEE ALSO: A Swine Flu (H1N1) Business Continuity Planning Guide

----------

China Clamps Down on Net Before 60th Anniv.
September 25, 2009 — IDG News Service — Security forces with black masks and machine guns on the streets of China's capital are just the more visible side of a security clampdown in the country this month: there is also its secretive battle to control the Internet.

The heightened security comes ahead of a massive military parade Beijing will hold in the heart of the city next week to celebrate China's 60th anniversary of communist rule, an event the government hopes will showcase the country's development and go untarnished by security threats or shows of dissent. China's newest nuclear missiles will be included in the arsenal of weapons and equipment shown off in the parade, according to state-run media.

Security measures have included a crackdown this month on online tools that help users circumvent the "Great Firewall," the set of technical measures China uses to filter the Internet, according to providers of the tools.

----------

Fingerprints Not Enough for Gov. Systems
...
Under what’s called the Next-Generation Identification (NGI) program, the FBI is looking toward replacing its current Integrated Automated Fingerprint Identification System (IAFIS) for a totally revamped biometrics system that over the years will not only be a repository for individuals’ fingerprints, but also store additional biometrics expected to include iris scans, 2D-to-3D facial imaging, palm prints, voice and DNA.
...

----------

Texas Instruments Signing Keys Broken
Texas Instruments' calculators use RSA digital signatures to authenticate any updates to their operating system. Unfortunately, their signing keys are too short: 512-bits. Earlier this month, a collaborative effort factored the moduli and published the private keys. Texas Instruments responded by threatening websites that published the keys with the DMCA, but it's too late.

So far, we have the operating-system signing keys for the TI-92+, TI-73, TI-89, TI-83+/TI-83+ Silver Edition, Voyage 200, TI-89 Titanium, and the TI-84+/TI-84 Silver Edition, and the date-stamp signing key for the TI-73, Explorer, TI-83 Plus, TI-83 Silver Edition, TI-84 Plus, TI-84 Silver Edition, TI-89, TI-89 Titanium, TI-92 Plus, and the Voyage 200.

Moral: Don't assume that if your application is obscure, or if there's no obvious financial incentive for doing so, that your cryptography won't be broken if you use too-short keys.

----------

Sears Spies on its Customers
It's not just hackers who steal financial and medical information:

Between April 2007 and January 2008, visitors to the Kmart and Sears web sites were invited to join an "online community" for which they would be paid $10 with the idea they would be helping the company learn more about their customers. It turned out they learned a lot more than participants realized or that the feds thought was reasonable.

To join the "My SHC Community," users downloaded software that ended up grabbing some members' prescription information, emails, bank account data and purchases on other sites.

Reminds me of the 2005 Sony rootkit, which -- oddly enough -- is in the news again too:

----------

After purchasing an Anastacia CD, the plaintiff played it in his computer but his anti-virus software set off an alert saying the disc was infected with a rootkit. He went on to test the CD on three other computers. As a result, the plaintiff ended up losing valuable data.

Claiming for his losses, the plaintiff demanded 200 euros for 20 hours wasted dealing with the virus alerts and another 100 euros for 10 hours spent restoring lost data. Since the plaintiff was self-employed, he also claimed for loss of profits and in addition claimed 800 euros which he paid to a computer expert to repair his network after the infection. Added to this was 185 euros in legal costs making a total claim of around 1,500 euros.

The judge's assessment was that the CD sold to the plaintiff was faulty, since he should be able to expect that the CD could play on his system without interfering with it.

The court ordered the retailer of the CD to pay damages of 1,200 euros.

----------

Flood of patches from Cisco
Cisco has published eleven security advisories concerning its IOS router operating system and the Unified Communications Manager. Attackers can reboot routers or hack into systems more…

----------

TechDirt is running a piece on Corona, CA, where officials are considering ignoring a California law that authorizes red-light cameras — cutting the state and the county out of their portion of the take — in order to increase the city's revenue. The story was first reported a week ago. The majority of tickets are being (automatically) issued for "California stops" before a right turn on red, which studies have shown rarely contribute to an accident. TechDirt notes the apparent unconstitutionality of what Corona proposes to do:

"The problem here is that Corona is shredding the Sixth Amendment of the US Constitution, the right to a trial by jury. By reclassifying a moving violation... to an administrative violation... Corona is doing something really nefarious. In order to appeal an administrative citation you have to admit guilt, pay the full fine, and then apply for a hearing in front of an administrative official, not a judge in a court. The city could simply deny all hearings for administrative violations or schedule them far out in advance knowing full well that they have your money, which you had to pay before you could appeal."

----------

: New Phoenix BIOS Starts Windows 7 Boot In 1 Second
"Phoenix is showing off a few interesting things at IDF, but the real standout is their new Instant Boot BIOS [video here], a highly optimized UEFI implementation that can start loading an OS in just under a second. Combined with Windows 7's optimized startup procedure, that means you're looking at incredibly short boot times — we saw a retrofitted Dell Adamo hit the Windows desktop in 20 seconds, while a Lenovo T400s with a fast SSD got there in under 10."

----------

Hackers pay 43 cents per hijacked Mac
A network of Russian malware writers and spammers paid hackers 43 cents for each Mac machine they...

----------

Drudge, other sites flooded with malicious ads
Criminals flooded several online ad networks with malicious advertisements over the weekend,...

----------

Russian cybergangs make the Web a dangerous place
Russian cybergangs have established a robust system for promoting Web sites that sell fake...

----------

Firefox Aims to Unplug Scripting Attacks
By Robert Lemos 06/29/2009 1 Comment
How websites can block code from unknown sources.

Sites that rely on user-created content can unwittingly be employed to attack their own users via JavaScript and other common forms of Web code. This security issue, known as cross-site scripting (XSS), can, for example, allow an attacker to access a victim's account and steal personal data.

Now the makers of the Firefox Web browser plan to adopt a strategy to help block the attacks. The technology, called Content Security Policy (CSP), will let a website's owner specify what Internet domains are allowed to host the scripts that run on its pages.

----------

Online Conspiracy Theorists Latch Onto Census GPS Units
By Kevin Poulsen
September 24, 2009

The hanging death of a Kentucky census worker is likely to raise tensions among counters in the 2010 census, who have already been the focus of emotionally charged online rhetoric this year because they use GPS.

----------

House subcommittee passes cybersecurity R&D bill
Angela Moscaritolo September 25, 2009
The Cybersecurity Research and Development Amendments Act of 2009 would require federal agencies to develop cybersecurity research-and-development plans, as well as authorize grant funding and establish a scholarship program.

----------

Wanna feel paranoid?

Up To 9 Percent Of Machines In An Enterprise Are Bot-Infected
Sep 24,2009
Most are members of tiny, unknown botnets built for targeting victim organizations

----------

Wednesday, September 23, 2009

Wednesday 09/23/09

Cisco releases massive wave of advisories for their IOS:
http://www.cisco.com/en/US/products/products_security_advisories_listing.html

----------

September 23, 2009 12:13 PM PDT
Twitter phishing scam spreads via direct messages

----------

PCI survey finds some merchants don't use antivirus software http://cwflyris.computerworld.com/t/5740684/6339517/222172/0/

----------

First porn star apps OK'd for iPhone
You might not be able to view the Kama Sutra via your iPhone, but now you can keep tabs on a pair of adult entertainers. Read full story

----------

Microsoft to release free security software soon

----------

7 Ways Security Pros DON'T Practice What They Preach
IT security pros spend oodles of time trying to hammer best practices into the heads of fellow employees. But in an informal poll conducted by CSOonline, many admitted they don't always follow their own advice.

----------

Most Businesses READY for Flu Pandemic?
Results of a survey from the Pandemic Prevention Council finds continuity plans include H1N1 considerations in most organizations.

----------

MIT Experiement Reveals Sexual Orientation of Social Network Users
A student research project conducted in 2007 is said to reveal sexual orientation of Internet users based on social network contacts. The research project was produced as part of a course assignment that students based upon a principle that people of like interests will form relationships. There is an effort underway to publish the research findings in a scientific journal. Analysis of social networking service users is an ongoing part of the research done by Internet service providers to place meaning and context to the behavior of users for commercial purposes and to enhance the experience of users. The lack of transparency on what is being collected about users and how that information will be used is a critical part of the privacy debate.

Project 'Gaydar', Carolyn Y. Johnson, Boston Globe, September 20, 2009

----------

Maine Firm Sues Bank After $588,000 Cyber Heist
A construction firm in Maine is suing a local bank after cyber thieves stole more than a half million dollars from the company in a sophisticated online bank heist.

On Friday, Sanford, Maine based Patco Construction Co. filed suit in York County Superior Court against Ocean Bank, a division of Bridgeport, Conn. based People's United Bank. The lawsuit alleges that Ocean Bank did not do enough to prevent cyber crooks from transferring approximately $588,000 to dozens of co-conspirators throughout the United States over an eight-day period in May.
...
The complaint says the company has recovered or blocked $243,406 of the fraudulent transfers, but that it is still missing at least $345,000 in stolen funds. In addition, because Patco's available funds in its account were less than the total fraudulent withdrawals, the bank drew $223,237.83 on Patco's line of credit to cover the bogus transfers. Patco claims it has been paying interest on that amount in order to avoid being declared in default on its loans, and as a result, it is seeking recovery of interest paid to date on that line of credit.

Permalink

----------

Monopoly Sets for WWII POWs: More Information
I already blogged about this; there's more information in this new article:
Included in the items the German army allowed humanitarian groups to distribute in care packages to imprisoned soldiers, the game was too innocent to raise suspicion. But it was the ideal size for a top-secret escape kit that could help spring British POWs from German war camps.
The British secret service conspired with the U.K. manufacturer to stuff a compass, small metal tools, such as files, and, most importantly, a map, into cut-out compartments in the Monopoly board itself.

----------

Eliminating Externalities in Financial Security
This is a good thing:
An Illinois district court has allowed a couple to sue their bank on the novel grounds that it may have failed to sufficiently secure their account, after an unidentified hacker obtained a $26,500 loan on the account using the customers' user name and password.

----------

Windows 7 Bests Snow Leopard Says Mac Hacker
Charlie Miller, of Baltimore-based Independent Security Evaluators, who managed to hack Mac OS X Leopard in record time in the past, indicated that the security Apple built into Snow Leopard is inferior not only to Windows 7, but also to Windows Vista, a three-year old operating system released at the end of January 2007.
...
The difference Miller argues, according to TechWorld, is made by Address Space Layout Randomization (ASLR), a feature underdeveloped in Snow Leopard. “ASLR moves images into random locations when a system boots and thus makes it harder for shell code to operate successfully. For a component to support ASLR, all components that it loads must also support ASLR. For example, if A.EXE consumes B.DLL and C.DLL, all three must support ASLR. By default, Windows Vista will randomize system DLLs and EXEs, but DLLs and EXEs created by ISVs must opt in to support ASLR,” Microsoft reveals, and the same is valid not just for Vista, but also for Windows.

The security researcher indicated that Apple failed to introduce a fully fledged and fully functional, for that matter, ASLR in Snow Leopard. The largest problem related to ASLR according to Miller was the fact that Apple did nothing to improve the technology from Leopard to Snow Leopard. The latest versions of Mac OS X feature an ASLR that continues to ignore key components of the platform when it comes to randomization. Miller pointed out that the Snow Leopard ASLR fails to randomize the heap, the stack and the dynamic linker, delivering a wider attack surface than the ASLR in Windows Vista or in Windows 7.

----------

Windows 8 already? Early clues
Mary Jo Foley: Even though Windows 7 isn't out in the public, planning sessions were well underway for Windows 8. And of the 12 working groups created, "eight or nine revolve around management."
Special Report: Windows 7

----------

The lucrative MS08-067 flaw
Ryan Naraine: From Gimmiv to Conficker: The critical MS08-067 vulnerability used by the Conficker worm to build a powerful botnet continues to be a lucrative security hole for cyber criminals.

----------

How to save the PC
Jason Hiner: There's a simple way to avoid losing user data during an OS failure - the world's primary OS developers, Microsoft and Apple, must adopt a little trick that IT pros have been using for over a decade.

----------

IRS Scam Still Ongoing
September 22, 2009
A malicious IRS campaign has been continuing for several weeks.

----------

AV Tests Find That Reputation Really Does Count
PC World – Mon Sep 21, 6:50 pm ET
New reputation-based antivirus systems are doing a better job of blocking malicious software than did their predecessors.

----------

Time For A Quick Lesson In Why The DMCA Safe Harbors Are Important And Make Sense

----------

Survey: Most organizations struggling to secure data
Angela Moscaritolo September 23, 2009
Sixty percent of IT security professionals polled in a recent study said their organization does not have sufficient resources to become PCI compliant.

----------

Rogue AV scam targets Google users
Chuck Miller September 22, 2009
An ongoing attack on Google users is sending victims to rogue AV software sites, according to researchers at eSoft's Threat Prevention Team.

----------

Comcast Launches New DNS Health Portal
ISPs starting to fight back against OpenDNS?

In an apparent bid to lure back those customers who've made the switch to OpenDNS (along with those users' DNS redirection ad dollars), Comcast this month announced in our forums that they've launched a new portal for tracking DNS server uptime. "The new DNS cache query tool will allow customers to run queries against not only our National Domain Helper cache servers but also the No Redirect caching servers as well," says a Comcast employee. "You can also run a custom query against other third party DNS servers," they note.

----------

Monday, September 21, 2009

Monday 09/21/09

Microsoft warns of support changes to Windows Server

It will retire Windows 2000 Server, end service packs for Server 2003, next July
By Gregg Keizer , Computerworld , 09/16/2009

http://www.networkworld.com/news/2009/091609-microsoft-warns-of-support-changes.html



On that same date, Windows Server 2003 and Windows Server 2003 R2 will exit mainstream support and drop into extended. To continue to receive non-security fixes, customers must enroll in Extended Hotfix Support (EHS); only customers who already have Premier Support or Software Assurance contracts are eligible. Customers on a Premier Support plan must buy into EHS within 90 days of July 13, 2010.



----------



Canada debates tech future after Nortel sale

The Canadian government will allow the sale of Nortel's business and wireless units to foreign competitors, ending the reign of one of the country's largest high-tech firms. Some analysts expressed worry the deal signals a downturn in Canada's technology industry as investments and local ownership dwindles. The Wall Street Journal (9/21)



----------



As Windows 7 approaches, PC sales get a boostDespite past trends, reports of increasing demand suggest consumers aren't waiting for the upcoming release of Windows 7 to make PC purchases. Analysts say strong marketing and upgrade offers have helped boost sales ahead of the operating system's debut in October. Computerworld/IDG News Service (9/18)



----------



Trojan outwits single-use-password securityHackers were able to steal $447,000 from the bank account of a California construction firm, even though the company was using a one-time password system. Updated Trojan malware programs allow hackers to conduct transactions in real time while the account holder is still online. Experts say security systems should have multiple components, since no one measure is perfect. MIT Technology Review (9/18)



----------



Bank of America sees steady future for IBM mainframe staff

Computerworld (9/18)



No story here, just thought I'd throw this in for Bob!



----------



FCC to issue Internet-neutrality proposal

The chairman of the Federal Communications Commission is expected to unveil a "Net neutrality" proposal today that would prevent Internet service providers from impeding certain types of traffic. Yahoo!/The Associated Press (9/20)



----------



Skype, SIPfoundry announce interoperability
Following on the heels of a similar interoperability announcement we reported on last week, Skype and SIPfoundry have announced that sipXecs has been certified as interoperable with Skype for Session Initiation Protocol. As was the case with ShoreTel, SIPfoundry is using a beta version of the Skype software. SIPfoundry is a nonprofit open source community, and the sipXecs IP PBX is free and can be downloaded by anyone. Read full story



----------



Breaking news: Dell to acquire Perot Systems for almost $4 billion
Dell Inc. announced today that the computer giant is buying Perot Systems Inc. in a transaction valued at approximately $3.9 billion. The merger is expected to close in Dell’s November-January fiscal quarter.



----------


September 18, The Register – (International) World’s nastiest trojan fools AV software.

One of the world’s nastiest password-stealing trojans evades detection by the majority PCs running anti-virus (AV) programs, according to a study that examined 10,000 machines. Zeus, a stealthy piece of malware that sits on a PC and waits for users to log in to bank websites, is detected just 23 per cent of time by AV programs, according to the study released by security firm Trusteer. Even AV programs with up-to-date malware signatures were unable to identify the infection a majority of the time, the authors said. Zeus, which also goes by the name Zbot and PRG, escapes detection using sophisticated techniques such as root-kit technology, the Trusteer report said. The company is able to detect it by examining the fingerprint Zeus leaves when it penetrates an infected PC’s browser process. A recent report estimated that Zeus is the No. 1 trojan, with 3.6 million infections in the US alone, or about 1 per cent of the installed base of PCs. Trusteer’s study, which found Zeus accounted for 44 percent of the banking malware infections, was consistent with that finding. After sneaking onto a PC, it sits quietly in the background until a user logs on to a financial website. It then sends the login credentials to a remote server in real time, sometimes by use of instant messaging programs. Of Zeus-infected machines, about 31 per cent do not run AV at all and 14 percent run AV that is out of date. The remaining 55 percent had AV programs that were up to date. Source: http://www.theregister.co.uk/2009/09/18/zeus_evades_detection/



----------

Microsoft to ship free security software soon Microsoft has told beta testers of its free antivirus software, Microsoft Security Essentials, that it will release the final version to the public soon.

In an e-mail Sunday, Microsoft thanked beta testers for their help and said that the polished edition of Microsoft Security Essentials would ship "in the coming weeks." Microsoft also urged beta testers to upgrade to the newest version of the test software to make the transition to the final as smooth as possible.

Read more...

----------

OpenID implementation works on mobile platforms
Swedish company Accumulate has implemented a version of the OpenID standard for mobile phones.

OpenID is a Web-based, single sign-on platform that lets users log in to many different sites using a user name and password via a third party. Currently it works at more than 50,000 Web sites, according to Accumulate. The new Mobile OpenID client works with devices based on Android, Nokia Series 40 and 60, Windows Mobile, BlackBerry devices and phones that support Java. There is also a browser-based client for the iPhone, and Accumulate is currently working on a native client for the Apple's smartphone.

----------

Sticker shock over data-loss prevention products could be short-lived
Data-loss prevention products can potentially save organizations a bundle by preventing the escape of sensitive information. But the six-figure starting price for a typical enterprise deployment of host and gateway-based DLP is tough for many to swallow.

The good news is that prices are expected to fall heading into next year as more vendors enter the fray and more choices for how to roll out DLP emerge.

"If you're dealing with a couple thousand seats for DLP, expect $250,000 to half a million," says Forrester Research analyst Andrew Jacquith. "But we will see price erosion because of competition."

----------

Microsoft Releases A "Fix it" Workaround For SMBv2 Vulnerability
As pointed out by several folks writing in to the ISC Handlers group, Microsoft has updated its Security Advisory 975497 - Vulnerabilities in SMB Could Allow Remote Code Execution - to include a "Fix it" workaround that makes it rather easy to disable SMBv2.

The "Fix it" links can be found in two locations:

- Microsoft Knowledge Base Article 975497

(and my personal favorite)

- The Microsoft Security Research & Defense Blog

----------

Corporate impersonation:
http://www.theyesmen.org/blog/screwed
Early this morning, nearly a million New Yorkers were stunned by the appearance of a "special edition" New York Post blaring headlines that their city could face deadly heat waves, extreme flooding, and other lethal effects of global warming within the next few decades. The most alarming thing about it: the news came from an official City report.

----------

Update on the SMB vulnerability situation

We’d like to give everyone an update on the situation surrounding the new Microsoft Server Message Block Version 2 (SMBv2) vulnerability affecting Windows Vista and Windows Server 2008.

  • Easy way to disable SMBv2
  • First exploit for code execution released to small number of companies
  • Mitigations that help prevent attacks
  • Status of fixes
----------

Friday, September 18, 2009

Friday 09/18/09

HHS guts health-care breach notification law, groups warn
Privacy and civil rights advocates accused the U.S. Department of Health and Human Services of trying to neuter a landmark data breach notification law for health care organizations that is scheduled to go into effect next week.

The law would require any organization covered under the Health Insurance Portability and Accountability Act (HIPAA) to notify patients of a data breach involving their personal health information. Companies that used encryption and data destruction methodologies to render sensitive health information unusable and unreadable to unauthorized individuals were exempt from the breach notification requirement.

----------

Man gets 15 months for E-Trade skimming scam
A California man was sentenced to 15 months in prison Thursday after pleading guilty to opening tens of thousands of bogus online brokerage accounts and then pocketing the tiny test deposits made by companies like E-Trade Financial and Charles Schwab.

Michael Largent, 22, of Plumas Lake, California, pleaded guilty to two computer fraud charges in May. He had been facing a possible five-year prison sentence.

He will also pay $200,000 US in restitution to the banks and will be restricted from using computers and the Internet for three years following his release.

----------

Sophisticated botnet causing a surge in click fraud
A new botnet has caused a sharp spike in click fraud because it is skirting the most sophisticated filters of search engines, Web publishers and ad networks, according to Click Forensics.

The company, which provides services to monitor ad campaigns for click fraud and reports on click fraud incidence every quarter, said on Thursday that the botnet's architects have figured out a way to mask it particularly well as legitimate search ad traffic.

Click Forensics is calling this the "Bahama botnet" because it was initially redirecting traffic through 200,000 parked domains in the Bahamas, although it is now using sites in Amsterdam, the U.K. and Silicon Valley.

----------

Microsoft sues scareware scammers
Microsoft filed lawsuits against five companies Thursday, accusing them of using malicious advertisements to trick victims into installing software on their computers.

The company is suing DirectAd Solutions, Soft Solutions, qiweroqw.com, ote2008.info and ITmeter, saying that these companies have used ads to "distribute malicious software or present deceptive websites that peddled scareware to unsuspecting Internet users," according to a blog posting by Tim Cranton, associate general counsel with Microsoft.

----------

Software company fined for trading with the enemy
A Colorado software vendor has been fined of $14,500 on a charge of trading with the enemy for selling oil- and gas-exploration software to a company drilling in Cuba, the U.S. Department of Justice and U.S. Immigrations and Customs Enforcement announced.

In addition, Jay Leonard, president of Platte River Associates, will serve 12 months of supervised probation for unauthorized access of a protected computer in an unrelated case, the DOJ said.

----------

Misdirected spyware infects Ohio hospital
A 38-year-old Avon Lake, Ohio, man is set to plead guilty to federal charges after spyware he allegedly meant to install on the computer of a woman he'd had a relationship with ended up infecting computers at Akron Children's Hospital.

In late February 2008, Scott Graham shelled out $115 for a spyware program called SpyAgent and sent it to the woman, according to a plea agreement filed in the U.S. District Court for the Northeastern District of Ohio.

He allegedly sent the spyware to the woman's Yahoo e-mail address, hoping that it would give him a way to monitor what she was doing on her PC. But instead, she opened the spyware on a computer in the hospital's pediatric cardiac surgery department, creating a regulatory nightmare for the hospital.

----------

Firefox's Flash check drives 10M to Adobe's download
Mozilla said yesterday that Firefox's check for outdated editions of Adobe's Flash Player convinced 10 million users to go to Adobe's Web site and grab the latest software.

About a third of the Firefox users who were warned last week that they were running an old, and vulnerable, version of Flash followed the link to update the Adobe software, said Mitchell Baker, the former CEO of Mozilla and current chairman of the Mozilla Foundation.

"This is a very high response rate," said Baker in a post to her blog. "A typical response rate for this [landing] page is around 5%."

"Those results have been nothing short of awesome," echoed Johnathan Nightingale, of Mozilla's security team, in an entry on the company's security blog yesterday.

----------

Sep 17, 2:59 pm
Vista, Windows 7 Are More Secure than Snow Leopard
A prominent security researcher claims that released Snow Leopard is less secure than either Vista or Windows 7.

----------

An Amazing Laptop Recovery Story
Using remote access software, a Miami man helps cops track down and recover his two stolen laptops.

----------

Can You Catch Spam from Chat Rooms?
Spam and malware dominate comment sections of blogs and message boards, study shows.

----------

DNS Cloud Security Services Arrive
Sep 14,2009
OpenDNS offers new subscription-based secure DNS service; other vendors' DNS services to follow

----------

Why is Rogue/Fake AV so successful?
Rogue AV programs have become increasingly common in last two years. We at the SANS Internet Storm Center get messages from our readers about new rogue AV sites daily.

It is obvious that the bad guys are making (serious?) money with this scamming scheme. There are couple of things interesting about rogue AV programs...

----------

Microsoft Rushes Out Office Web Apps Preview
Today Microsoft launched a limited beta test of its Office Web Apps, the company's first public unveiling of its rival for Google's Web applications. Dubbed a 'technical preview' by Microsoft to denote that it's by invitation only, Office Web Apps will be available on the company's Windows Live site via a special 'Documents' tab. 'Tens of thousands have been invited to participate in the Technical Preview,' said a spokeswoman in a reply to questions. An analyst with Directions on Microsoft is quoted: 'This is earlier than I expected. I thought we wouldn't see this until the SharePoint conference at the end of October. Maybe the recent Google moves had some bearing on Microsoft's timing.' The reference was to Google's announcement Tuesday that it will offer online services next year, including Google Web Apps, that are specially designed for US government agencies.

----------

Standard offers best practices for ISPs to fight botnets
Chuck Miller September 17, 2009
A group charged with developing and promoting internet standards has published a new draft standard calling for measures that internet service providers can use to defeat botnets.

----------

Security considerations critical in the cloud
Angela Moscaritolo September 17, 2009
IT departments are increasingly realizing the benefits of cloud security, but businesses must ask themselves a few questions before handing over control to a third-party.

----------

Search-Engine Manipulation Evolves as Trust Abuse Grows
I revisited the topic of search-engine manipulation (a.k.a. blackhat SEO) in two recent posts. Something caught my eye while investigating cases of search-result poisoning–a shift away from tactics used by the attackers earlier in the year.

Previously, attackers mostly registered free websites to pull off their attacks. They would create a bunch of new sites, cross-link them, and use other tricks to get their pages indexed and ranked high on relevant search result pages (again, largely targeting the most popular search terms of the day, such as those found on Google Trends.) I blogged earlier in the year about how the user forum on democrats.org was leveraged to link a high-ranking site with newly created malicious sites.

It seems now that attackers are combing various elements of different attacks to achieve blackhat SEO.

----------

High-tech adoption happening faster, driving economic growth
about 17 hours ago - by John Timmer Posted in: Law & Disorder
Some economists have attempted to measure the spread of technology within various nations, and discovered it's not just our imagination: newer tech is being adopted faster, and appears to account for some of the differences in GDP growth.

----------

Songwriters want to get paid for 30-second song previews
about 19 hours ago - by Chris Foresman Posted in: Infinite Loop
Songwriters, composers, and music publishers are lobbying Congress to legislate the payment of performance fees into downloaded music. If music publishers get their way, they'll be able to extract additional licensing fees from music downloads, movies, and TV shows containing their music, and even 30-second previews.

----------

Remote exploit released for Windows Vista SMB2 worm hole
Ryan Naraine: Security researchers at penetration testing firm Immunity have created a reliable remote exploit capable of spawning a worm through an unpatched security hole in Microsoft's dominant Windows operating system.

----------

Win 7 upgrade deal: $30 for students
Mary Jo Foley: For a limited promotional period, students may purchase one copy of either Windows 7 Home Premium or Windows 7 Professional at $30 each. Bet there are more students today than yesterday.

ERIC SAYS: Any students out there that can help me grab two copies of Home Premium?

----------

Pushdo delivers downloader trojan
September 17, 2009
The downloader trojan Bredolab is being heavily spammed by the Pushdo botnet using the usual social engineering tricks.

----------

Swine Flu Near You? IPhone App Will Let You Know
Apple's increasingly popular App Store has been flooded with a wide number of applications related to Swine Flu since the initial H1N1 outbreak in March, but very few of the apps were actually useful.

----------

The History of Hacking
http://www.focus.com/fyi/it-security/history-hacking/

----------

Is It Too Much To Expect Judges In Tech Related Cases To Understand Tech?
Eric Goldman highlights yet another case where basic technology illiteracy leads a judge to make very questionable statements. In this particular case, a judge declared that because a specific phrase ("spoiled brats") was not found in the metatags of a website, someone who searched on that phrase "would likely not encounter" the page in question. Yes, the actual terms did appear on the page itself -- just not in the metatags. As Goldman notes: ...

----------

Wednesday, September 16, 2009

Wednesday 09/16/09

Cloud security through control vs.ownership Cloud computing makes auditors cringe. It's something we hear consistently from enterprise customers: it was hard enough to make virtualization "palatable" to auditors; cloud is going to be even harder. By breaking the links between hardware and software, virtualization liberates workloads from the physical constraints of a single machine. Cloud takes that a step further making the physical location irrelevant and even obscure. Read more...

----------

Web server attacks, poor app patching make for nasty mix
In a groundbreaking study that matched attack trends with patching cycle data, some conclusions came as a shock, said Rohit Dhamankar, the director of security research at 3Com TippingPoint, which contributed real-world attack information -- acquired from its intrusion detection systems -- to the report.

"The sheer number of attacks against Web servers was surprising," said Dhamankar. "In terms of attack volume, they were almost 60% of all so far this year. Hackers are after a foothold in the corporate network, to conduct client-side attacks against visitors of the site, but also once they have that foothold, to gain much higher privileges and use those to also steal data."

----------

Company hosting Joe Wilson fundraising site recovers from DDoS attack
The attack on Piryx began Friday afternoon and lasted into the early hours of Saturday morning, temporarily disrupting a Wilson fundraising effort that was under way at that time, Piryx CEO Tom Serres said. It also knocked out services for about 150 other Piryx clients, he said.

----------

Failing to buy Emulex, Broadcom sues
Broadcom filed a patent infringement suit against networking company Emulex on Monday, just months after abandoning a nearly year-long effort to buy the company.

Broadcom on Monday filed suit in the U.S. District Court for the Central District of California alleging Emulex infringed 10 patents covering a broad range of high speed data and storage networking technologies.

----------

DHS to review report on vulnerability in West Coast power grid
The U.S. Department of Homeland Security is looking at a report by a research scientist in China that shows how a well-placed attack against a small power subnetwork could trigger a cascading failure of the entire West Coast power grid.

Jian-Wei Wang, a network analyst at China's Dalian University of Technology, used publicly available information to model how the West Coast power grid and its component subnetworks are connected. Wang and another colleague then investigated how a major outage in one subnetwork would affect adjacent subnetworks, according to an article in New Scientist.

----------

Microsoft issues XP, Vista anti-worm updates
Microsoft responded by changing Windows 7 so that the AutoPlay dialog no longer let users run programs, except when the device was a nonremovable optical drive, like a CD or DVD drive. After the change, a flash drive connected to a Windows 7 system only let users open a folder to browser a list of files.
...
Microsoft issued the updates almost three weeks ago, on Aug. 25, but did not push them to users automatically via Windows Update, or the corporate patch service Windows Server Update Services (WSUS). Instead, users must steer to Microsoft's download site, then download and install the appropriate update manually. Links to the download are included in a document posted on the company's support site.

The Windows XP update weighs in at 3MB, while the one for Vista is about 7MB.

----------

Heartland CEO: Credit card encryption needed
Credit card numbers are not now required in payment card industry guidelines to be encrypted in transit between retailers, payment processors and card issuers, Robert Carr, chairman and CEO of Heartland Payment Systems, told a U.S. Senate committee. Heartland in January announced the discovery of a data breach that left tens of millions of credit card numbers exposed to a gang of hackers.

"I now know that this industry needs to, and can, do more to better protect it against the ever-more-sophisticated methods used by these cybercriminals," Carr told the Senate Homeland Security and Governmental Affairs Committee. "I believe it is critical to implement new technology, not just at Heartland, but industrywide." The purpose of the committee hearing was, in part, to determine whether new legislation is needed to fight cybercrime.

----------

Microsoft: No TCP/IP patches for you, XP
The news adds Windows XP Service Pack 2 (SP2) and SP3 to the no-patch list that previously included only Windows 2000 Server SP4.

"We're talking about code that is 12 to 15 years old in its origin, so backporting that level of code is essentially not feasible," said security program manager Adrian Stone during Microsoft's monthly post-patch Webcast, referring to Windows 2000 and XP.

"An update for Windows XP will not be made available," Stone and fellow program manager Jerry Bryant said during the Q&A portion of the Webcast (transcript here).

----------

Unpatched Applications Are #1 Cyber Security Risk PC World – Wed Sep 16, 9:06 am ET
Unpatched client software and vulnerable Internet-facing web sites are the most serious cyber security risks for business. Lesser threats include operating system holes and a rising number of zero-day vulnerabilities, according to a new study.

----------

Internet Scammers Leap on Patrick Swayze's Death
Malware ghouls took just a few hours to begin preying on the death of actor Patrick Swayze with a new version of a familiar phony anti-virus scam.

----------

Microsoft Gives Away Free Fuzzer, Secure Development Tool
Sep 16,2009
More Security Development Lifecycle tools, ROI paper released

----------

News Flash: Data Debauchery That Happens in Vegas Doesn't Stay There
Digital ID World 2009: Organizations collect as much data as possible on people to verify their trustworthiness as a potential employee or customer. Here's why the practice isn't working.

----------

A Swine Flu (H1N1) Business Continuity Planning Guide
Concerned about the coming flu season and the impact H1N1 will have on the workforce? Here's a fear-free roundup of articles, columns and podcasts to help you keep improving your preparedness plan.

----------

Monday, September 14, 2009 10:00 AM
OffVis updated, Office file format training video created
In July, we released a beta Office file format viewer application called OffVis as a downloadable tool. We are pleased today to announce an updated version of OffVis and a 30 minute training video to help you understand the legacy Office binary file format.

----------

Data Breach Highlights Role Of 'Money Mules'
On Friday, Brunswick, Maine-based heating and hardware firm Downeast Energy & Building Supply sent a letter notifying at least 850 customers that the company had suffered a data breach. Downeast sent the notice after discovering that hackers had broken in and stolen more than $200,000 from the company's online bank account.

This type of crime is impossible without the cooperation of so-called "money mules," willing or unwitting individuals typically hired via Internet job search Web sites to act as "local agents" or "financial agents" responsible for moving money on behalf of a generic-sounding international corporation, legal experts say.The mules are then instructed to withdraw the cash and wire it via Western Union or Moneygram to fraud gangs overseas, typically in Eastern Europe.

It is not uncommon for a single cyber robbery to depend on the help of dozens of money mules:

-In mid-July, computer crooks stole $447,000 from Ferma Corp., a Santa Maria, Calif.-based demolition company by initiating a large batch of transfers from Ferma's online bank account to 39 money mules.

-Also in July, attackers stole $415,000 from Bullitt County, Ky. by sending bogus payroll deposits to more than two dozen mules.

-In May, a Texas company was robbed of $1.2 million with the assistance of nearly 40 money mules.

While essential, money mules also are frequently the weakest link in any organized cyber crime ring. Indeed, Peters said the first indications of fraud came when his chief financial officer received a phone call from a bank in Texas, asking whether the company had approved a suspicious transfer to a local resident in the amount of $9,800.
...
Ms. Durastanti said when Kenneth went to wire the money via Western Union to individuals in Ukraine, he made a small but important error.

"He put the money wire in his name and to his own name, and so the transfer came back to him. He ended up giving the money back to the bank," she said. "Thank goodness, I think his stupidity saved him."

Permalink

----------

Skein News
Skein is one of the 14 SHA-3 candidates chosen by NIST to advance to the second round. As part of the process, NIST allowed the algorithm designers to implement small "tweaks" to their algorithms. We've tweaked the rotation constants of Skein. This change does not affect Skein's performance in any way.

The revised Skein paper contains the new rotation constants, as well as information about how we chose them and why we changed them, the results of some new cryptanalysis, plus new IVs and test vectors. Revised source code is here.

The latest information on Skein is always here.

----------

Security disaster averted by financial firm's quick actions
While most of the IT world has been spared a devasting security attack like Blaster and Sasser for...

----------

Monday, September 14, 2009

Monday 09/14/09

Apple missed security boat with Snow Leopard, says researcher Apple missed a golden opportunity to lock down when it again failed to fully implement security technology that Microsoft perfected nearly three years ago in Windows Vista, a noted Mac researcher said today. Read more...

----------

Windows Bug Enables PC Hijacking, Microsoft Warns
Microsoft Corp. last week confirmed that a bug in Windows Vista, Windows Server 2008, and the release candidates of Windows 7 and Windows Server 2008 R2 could be used to hijack PCs.
The vulnerability in the Server Message Block (SMB) 2 network file- and print-sharing protocol that ships with those versions of the Windows operating system was first disclosed late last Monday, when a researcher posted exploit code.

The next day, Microsoft issued a security advisory confirming the bug and the fact that it could be used to "take complete control of an affected system."

----------

NY Times warns of rogue antivirus on Web site
Online scammers have apparently found a new way to reach their marks: They've started running ads on the Web site of The New York Times.

The newspaper warned readers Sunday that so-called rogue antivirus sellers had been spotted on its Web site, NYTimes.com. Their products, often promoted by Eastern European criminal organizations, are either ineffective or actually end up infecting the computers of people who purchase them.

----------

Researchers slam fickle iPhone anti-fraud feature
The iPhone's new defense -- meant to prevent users from reaching phishing sites -- is inconsistent at best, a security researcher said today, with some users getting warnings about dangerous links, while others are allowed to blithely surf to criminal URLs.

----------

Steganography meets VoIP in hacker world
Researchers and hackers are developing tools to execute a new data-leak threat: sneaking proprietary information out of networks by hiding it within Voice-over-IP (VoIP) traffic.

----------

Apple fixes Flash snafu in Snow Leopard, patches 33 bugs in Leopard
Less than two weeks after Apple launched Snow Leopard, the company today issued the new operating system's first security update. In a separate upgrade, Apple patched 33 vulnerabilities in 2007's Leopard, and about half as many in the even older Tiger.

Today's updates were the third and fourth from Apple in the last two days.

----------

Cyber criminals targeting small businesses AP – 2 hrs 5 mins ago
WASHINGTON - Cyber criminals are increasingly targeting small and medium-sized businesses that don't have the resources to keep updating their computer security, according to federal authorities. Full Story »

----------

Trojan Hides Its Brain in Google Groups PC World – Fri Sep 11, 4:40 pm ET
Virus writers keep getting sneakier. In an effort to evade detection, they've begun hiding their command and control instructions in legitimate Web 2.0 sites such as Google Groups and Twitter.

----------

Patience Grasshopper: Wait to Update Your Jailbroken iPhone to 3.1 If you have a jailbroken iPhone and were wondering if you should update to 3.1 via iTunes, do yourself a favor and just wait a few more days.

----------

Windows autoplay behavior updated (improved)
Published: 2009-09-13

Microsoft has delivered on their promise to backport the improved autoplay behavior in Win7 to older versions of Windows. This is definitely a good thing and I for one am going to be implementing this on every system I have any sort of control over. I'd encourage y'all to do the same.
http://support.microsoft.com/kb/971029

----------

Robert Sawyer's Alibis
Back in 2002, science fiction author Robert J. Sawyer wrote an essay about the trade-off between privacy and security, and came out in favor of less privacy. I disagree with most of what he said, and have written pretty much the opposite essay -- and others on the value of privacy and the future of privacy -- several times since then.

The point of this blog entry isn't really to debate the topic, though. It's to reprint the opening paragraph of Sawyer's essay, which I've never forgotten:

Whenever I visit a tourist attraction that has a guest register, I always sign it. After all, you
never know when you'll need an alibi.

Since I read that, whenever I see a tourist attraction with a guest register, I do the same thing. I sign "Robert J. Sawyer, Toronto, ON" -- because you never know when he'll need an alibi.
Posted on September 14, 2009 at 7:24 AM

----------

Botnet discovered on Linux servers
The servers in question register with dynamic DNS services to distribute malware more…

----------

"It's frequent that we hear of a country or city or company switching from Windows to Linux, but it's rare that we hear of one third of a million employees being told to use Lotus Symphony (IBM's OO.o variant) over MS Office, and also to use the Open Document Format when saving files. The change has been mandated to take place in the next 10 days. Of course, they are doing this to illustrate that they actually offer a full-fledged alternative to Microsoft. With i4i stirring stuff up against MS Office and absolving OO.o from litigation, are we on the verge of a potential break from Microsoft's dominant document suite? Hopefully IBM supports OO.o past Sun's acquisition by Oracle instead of concentrating on Lotus Symphony."

----------

Microsoft pushes Win 7 upgrades - now
Mary Jo Foley: Windows 7's consumer launch is just over a month away. But there's no reason business users should delay their Windows 7 deployment plans, according to the company.

----------

802.11n ratified ... finally
There’s no official announcement from the IEEE yet, but confirmation of ratification has been sent to WiFi chip manufacturers.

----------

Red Light Camera Vendor Not Doing So Well With Public Opposition Driving Down Its Revenue

There's been significant growing opposition to red light camera programs, which have a long history of showing absolutely no safety benefit, and are often run for-profit by local governments in combination with private companies. That opposition is leading more and more cities and towns to dump the red light cameras -- while some operators are getting caught illegally decreasing the time of the yellow or amber lights to try to issue more fines.

Jeff Nolan alerts us to the news that one of the biggest players in the space, Redflex, has announced that public opposition to its cameras has created a real drain on revenue, and its profits were down significantly. This would be the same Redflex that just so happened to fail to live up to its contract in Denver to deliver data that could be used to determine whether or not the cameras were really effective.

----------

Steven Hoy alerts us to a story of a couple who are suing their bank, after someone masquerading as them accessed their account and transferred $26,000 to Austria. The details of the case are a bit complex, but basically, the couple claims that the bank did not live up to basic standards in authentication, and cite the Federal Financial Institutions Examination Council's claim that notes that "single-factor authentication is inadequate and calls on banks to implement two-factor systems." Thus, the argument goes, the fault was the bank's security, and thus, the bank should be liable. The judge found that to be convincing:

"In light of Citizens' apparent delay in complying with FFIEC security standards, a reasonable finder of fact could conclude that the bank breached its duty to protect Plaintiffs' account against fraudulent access.... If this duty not to disclose customer information is to have any weight in the age of online banking, then banks must certainly employ sufficient security measures to protect their customers' online accounts."

Chalk one up for those who believe "identity theft" is actually a "bank robbery."

----------

How registrars tackle domain name abuse
Some rogue registrars are happy to turn a blind eye to domain-name abuse; others are fighting back.

----------

FTC forces Sears, Kmart out of the spyware business
about 17 hours ago - by Nate Anderson Posted in: Law & Disorder
When Sears and Kmart offered visitors the chance to earn $10 by participating in some research, few realized that they would be sending even secure session browsing information to the big retailers. Now, the government has put the kibosh on this "blue light special."

----------

Cyber Crooks Target Public & Private Schools
A gang of organized cyber criminals that has stolen millions from businesses across the United States over the past month appears to have turned its sights on public schools and universities.

On the morning of Aug. 17, hackers who had broken into computers at the Sanford School District in tiny Sanford, Colorado initiated a batch of bogus transfers out of the school's payroll account. Each of the transfers was kept just below $10,000 to avoid banks' anti-money laundering reporting requirements, and went out to at least 17 different accomplices or "money mules" that the attackers had hired via work-at-home job scams.

A school employee spotted the bogus payments on the morning of the 19th, when the school district learned that $117,000 had been siphoned from its coffers by cyber crooks.

Sanford Superintendent Kevin Edgar said the school successfully reversed two of the transfers totaling $18,000, but that rest of the stolen money remains in limbo.

"We've been told that if we do get any more of these reversed, it may take 30 to 45 days to get that money back," Edgar said. Meanwhile, the school district's bank is playing hardball, insisting that the school is at fault for the unauthorized transfers.

Permalink

----------

Friday, September 11, 2009

Friday 09/11/09

Twitter Tweaks Terms Of Service, “Your Tweets Belong To You”
Twitter co-founder Biz Stone just posted news on an update on changes to Twitter’s Terms of Service, “leaving the door open” for advertising opportunities, clearing the air on ownership of Tweets, and updating guidelines around Twitter’s API. Stone also mentioned that the new Terms of Service address spam and abusive behavior on Twitter.

The privacy clause about Tweets is big, considering this was a significant issue for Facebook. Twitter has deflected talk of advertising on on the platform in the past, but it seems pretty clear that they’re looking into it now as a real source of income as they strive for revenues. Stone addressed the issue of Twitter’s revenue recently, which is a complex issue.

----------

New Version of McAfee FileInsight
Thursday September 10, 2009 at 6:52 am CST

Today we released the new version 2.1 of McAfee FileInsight. You can download your free copy from the Avert Tools site. FileInsight is a handy integrated tool environment for web site and file analysis. Hex editing, syntax highlighting, and it comes with several built-in decoders, built-in calculator, a disassembler, JavaScript scripting support, a Python-based plugin system and many more.

Let’s go through some stages of an exemplary malware attack to highlight some of its analysis features – but don’t try this stunt at home, unless you know what you’re doing; a safe, isolated lab environment is absolutely mandatory for any such research work.

----------

Chinese Pharmacy Spam and Our Monthly Spam Report
Thursday September 10, 2009 at 4:58 am CST

The recent onslaught of “Chinese pharmacy” spam and the DDoS attacks that took down Twitter, Facebook, and others have caused a frenzy of speculation about the Chinese government’s involvement in spam generation and acts of cyberterrorism. McAfee’s September 2009 Spam Report debunks these rumors and gets to the root of the cause.

----------

Disney Sued For Selling The Pixar Lamp... And The Lawsuit Makes Sense

We usually focus on trademark lawsuits that make no sense at all... but effective trademark law exists to prevent confusion among consumers (i.e., it's really more of a consumer protection law, rather than an "intellectual property" law) and thus there are plenty of reasonable trademark infringement lawsuits out there. This appears to be one of them. Lamp maker Luxo is apparently suing Disney for selling real versions of Pixar's iconic computer animated lamp.

----------

A Look At The RIAA's Copyright Propaganda For Schools

It's back to school time, and our friends over at the RIAA have a blog post up excitedly talking up its special "curriculum" for teachers. But, of course, that "curriculum" is laughably biased and at times outright wrong. And it makes me wonder: why would any educational institution accept a one-sided curriculum written by the industry that's clearly designed to promote that industry's own business? Do schools use science curricula provided by Exxon or Monsanto? As for the actual content included in the curriculum (which, by the way, the RIAA links to incorrectly twice), it's almost a joke. Check out the RIAA propaganda. Fair use doesn't exist -- at all. Reading through the main document, I find not a single mention of it. But what does exist is all sorts of bogeymen about how evil file sharing is, how it exposes your hard drive to viruses and reveals your tax return info.

Oh, but the best part, is that the RIAA is pushing for a new totally made up term called "songlifting" which is the central theme of every single lesson. Sounds like "shoplifting," right? That's the idea -- though the RIAA cleverly tries to pretend that it didn't make up the word. In fact, it presents it as if it's a common term. Of course, the curriculum doesn't happen to mention the Supreme Court's Dowling decision, where the court specifically talked about how very different infringement is from "stealing." Of course, the RIAA also mentions the Grokster ruling -- but is misleading there as well, claiming that the law is clear that parents could be found liable for their kids sharing unauthorized files.

----------

Got That New iPod Nano? You Might Risk Arrest In Massachusetts

You may have heard that the new iPod Nano that was just released happens to include a voice recorder among other new features. But if you get one, you might want to be careful how you use it -- especially in certain states, such as Massachusetts. Slashdot points us to a story about a guy who was arrested in a dispute-gone-wrong with a car repair shop, but the really odd part is that beyond disorderly conduct and resisting arrest, the guy was charged with both "unlawful wiretapping and possessing a device for wiretapping." Wiretapping? In a dispute involving a mechanic? Apparently the guy had a simple Olympus digital voice recorder in his pocket, which was on during his argument with the repair shop. And Massachusetts is one of twelve states with a law that forbids taping conversations without the approval of everyone involved.

----------

Class Says AT&T Profits From Phone Thefts
By TRACEY DALZELL WALSH
BIRMINGHAM, Ala. (CN) - AT&T refuses to disable or track down stolen cell phones and allows the thieves to re-register them in a new name, a class action claims in Federal Court. The class claims AT&T aids and abets the conversion of stolen phones, profits again by making victims buy replacements, and profits again when the thieves pay fees for service after reregistering the phones.

----------

Firefox updated for security flaws
Chuck Miller September 10, 2009
The Firefox browser has been updated for four security flaws, three of which were rated as "critical."

----------

Hot or not: ActiveX vulnerabilities
Amol Sawarte, manager, Vulnerabilities Research Lab, Qualys September 11, 2009
ActiveX vulnerabilities have posed a security challenge for some time, and they're likely to be a challenge for quite some time to come.

----------

Adobe, Oracle delay quarterly patches
Adobe, which was scheduled to release the latest installment of its quarterly patches on Tuesday, instead has held off until Oct. 13. The company was set back a month after it released an out-of-cycle patch on July 31 for "critical" vulnerabilities in Reader and Acrobat. Meanwhile, Oracle announced last week that it was delaying the release of its next round of quarterly fixes from Oct. 13 to Oct. 20 to accommodate attendees of the Oracle OpenWorld conference, which runs from Oct. 11 to 15. — DK

----------

Net Hoax Convinces Germany of Fake U.S. Suicide Bombing Attempt

FRANKFURT — All of Germany was bamboozled Thursday by a bizarre scheme that tricked the country’s main wire service into reporting an attempted suicide bombing in a California town — an attack supposedly perpetrated by a non-existent rap group called the “Berlin Boys.”

The work of German filmmakers peddling a satirical movie called Short Cut to Hollywood, the elaborate hoax involved at least two faked websites, a faked Wikipedia entry and California phone numbers for “public safety” officials that actually being answered by hoaxsters in Germany using Skype.

----------

Attorneys Can See Classified Info in Coffee Table Spy Suit
By Kim Zetter
September 11, 2009

A federal judge in Washington has ordered the government to grant security clearances to lawyers on both sides of a lawsuit claiming illegal spying against a DEA agent, in a ruling that challenges the government’s long-held claim that the executive branch alone has the authority to determine who can access classified material.

----------

T-Mobile: 21 Mbps In 2010As carrier launches the first Motorola Android phone09:03AM Friday Sep 11 2009 by Karl Bode
Earlier this week we noted how T-Mobile's quickly playing catch up with 3G network coverage after a late start. The carrier this week also announced Motorola's first Android Phone (The Cliq) during which, T-Mobile's Chief Technology Officer Cole Brodman detailed further 3G rollout plans for 2009 and 2010. By the end of 2009, T-Mobile is not only planning to match ATT's 7.2mbps HSDPA rollout with its own, but intends on overtaking ATT with a 21mbps HSDPA rollout beginning in 2010. It's not clear when T-Mobile plans to officially make the jump to LTE, which AT&T says they'll start deploying in 2011. Combined with news that T-Mobile's European parent company Deutsche Telekom is planning on massive investments in the U.S., it appears that T-Mobile's suiting up for battle.

----------

Microsoft patches gaping worm holes
Ryan Naraine: Microsoft today released a peck of patches to cover at least seven documented worm holes in the Windows operating system.

----------

Cloud ready? Most pros work from 3 or more PCs
Jason Hiner: IT workers are often some of cloud computing's biggest detractors, mostly because of their skepticism of the security and privacy implications of the cloud.

----------

Researchers slam fickle iPhone anti-fraud feature
The iPhone's newest defense -- aimed at preventing users from reaching phishing sites -- is...

----------

Hacker Hits RBS WorldPay Systems Database
Sep 11,2009
Romanian hacker says he discovered a SQL injection flaw on a WorldPay application, but RBS says no merchant or cardholder data was compromised

----------

DuPont Alleges Second Insider Breach In Two Years
Sep 09,2009
Chemical giant claims former employee was headed to China with company secrets

----------

Oops, There Goes Another DLP Vendor
In the latest sign of data-loss prevention (DLP) market consolidation, Trustwave announced it has acquired Vericept for an undisclosed amount.

----------

Spanish security firm detects 'swine flu' computer virus AFP – Fri Sep 11, 12:34 pm ET
AFP/File
MADRID (AFP) - Cyber criminals are taking advantage of swine flu fears with e-mails promising news on the illness which then infect computers with a virus, a Spanish computer security firm warned Friday.

----------