Public Musings on Information Security (InfoSec)

Corona Art Teacher

2010-08-27T23:03:00.001-07:00

Linda Cooper is a great Art Teacher for kids and adults. She can now be found at http://coronaart.wordpress.com Please look her up in SW Riverside County.

Monday 01/11/10

2010-01-11T12:13:00.000-08:00

When PDFs And Flash Files Attack Posted by John H. Sawyer
It's getting harder to protect our users from threats coming at them from seemingly trusted places. The Websites they've been using for years are suddenly the source of attacks through malicious advertisements being pushed to the "trusted" site by a third-party advertising service. File format attacks against Adobe's Flash and Acrobat are becoming the exploit du jour for attackers.

----------

Adobe Reader's Patch Tuesday Posted by Wolfgang Kandek
Next Tuesday, Jan. 12, is Microsoft Patch Tuesday. Beyond the usual patches from Microsoft, we will also get a critical update for a piece of software that increasingly plays a role in exploiting desktop systems -- the Adobe Reader from Adobe Systems.

----------

Facebook Security:
http://digg.com/security/Facebook_s_Zuckerberg_I_know_that_people_don_t_want_privacy

----------

Chrome sets browser security standard, says expert
Wow, a browser from an advertising company?!?
---
Chrome has included sandboxing since its September 2008 debut. And while Dai Zovi considers it easily the leader in security because of that, other browser have, or will, make their own stabs at reducing users' risks.

For example, Microsoft's Internet Explorer 7 (IE7) and IE8 on Vista and Windows 7 include a feature dubbed "Protected Mode," which reduces the privileges of the application so that it's difficult for attackers to write, alter or destroy data on the machine, or to install malware. But it's not a true sandbox as far as Dai Zovi is concerned.
...

----------

White House calls for IT boost to fight terrorism
... In listing the various causes for this failure (underwear bomber), the report noted that information technology within the counter-terrorism community "did not sufficiently enable the correlation of data that would have enabled analysts to highlight the relevant threat information."

----------

More flash drive firms warn of security flaw; NIST investigates

http://www.kingston.com/driveupdate/
Kingston's Secure USB Drive Information PageIt has recently been brought to our attention that a skilled person with the proper tools and physical access to the drives may be able to gain unauthorized access to data contained on the following Kingston Secure USB drives:
DataTraveler BlackBox (DTBB)
DataTraveler Secure – Privacy Edition (DTSP)
DataTraveler Elite – Privacy Edition (DTEP)

It is important to note that the following Kingston Secure USB drives are NOT AFFECTED:
DataTraveler Locker (DTL)
DataTraveler Locker+ (DTL+)
DataTraveler Vault (DTV)
DataTraveler Vault – Privacy Edition (DTVP)
DataTraveler Elite (DTE)
DataTraveler Secure (DTS)

----------

Heartland to pay up to $60M to Visa over breach

----------

Fake Android Application
Somehow I missed that "First Tech Credit Union" warned its users late in December about a fake Android application which pilfers user's passwords [1].

This is a somewhat expected event. Malware is frequently willingly installed by users. As users move to new platform like mobile devices, malware is going to follow them. This particular application, "Droid09" has since been removed from the Android Market Place. But it is probably just a matter of time for the next application to show up. It is probably possible for a similar application to sneak past the iTunes store approval process as well. In each case, the more managed software delivery environment limits the expose time but doesn't eliminate it.

[1] http://www.firsttechcu.com/home/security/fraud/security_fraud.html

----------

Survey: 54 Percent Of Organizations Plan To Add Smartphone Antivirus This Year In anticipation of increased mobile threats in the next year, 40 percent of organizations worldwide plan to recruit mobile security staff

----------

GREAT analysis of Airport Security Theater by Bruce Schneier:
Post-Underwear-Bomber Airport Security

----------

Hidden admin access on D-Link routers
A flawed implementation of the Home Network Administration Protocol (HNAP) reportedly allows attackers to gain unauthorised admin access to numerous D-Link router models more…

----------

Not Security related, but very cool:
http://content.zdnet.com/2346-13615_22-382181.html?tag=col1;post-11005

----------

Airport Scanners Can Store, Transmit Images
By Kim Zetter
January 11, 2010
Categories: Surveillance
Contrary to public statements made by the Transportation Security Administration, full-body airport scanners do have the ability to store and transmit images, according to documents obtained by the American Civil Liberties Union.

----------

L.A. Apple Store shoppers targeted by thieves
The L.A. Times Blog reports about an ongoing series of thefts targeting more than 100 Los...

----------

McAfee Labs’ January Spam Report
Angelina Jolie and Barack Obama are the #1 celeb subjects of choice for spammers, according to our January Spam Report.

----------

Spiceworks Is Becoming The Facebook For IT Managers; Raises $16 Million Series C
by Leena Rao on January 11, 2010

Spiceworks, a startup that develops Web-connected social IT management software, has raised $16 million in Series C funding round led by Institutional Venture Partners with Austin Ventures and Shasta Ventures participating. This brings the startup’s total funding to $29 million.

Spiceworks develops a desktop software suite that helps a company’s IT staff collaborate with each other and manage “everything IT.” The IT management software, which is free and ad-supported, is currently being used by 850,000 IT professionals at small to medium businesses in 196 countries to inventory, monitor, troubleshoot, report on and run a help desk for their IT networks. Currently more than 25 percent of all businesses with greater than 100 employees rely on Spiceworks to manage part of their IT operations.

----------

More Researchers Going On The Offensive To Kill Botnets
Jan 11,2010
Another botnet bites the dust, as more researchers looking at more aggressive ways to beat cybercriminals

----------

Researcher Rates Mac OS X Vulnerability 'High'
Jan 08,2010
Flaw in versions 10.5 and 10.6 can be exploited by a remote attacker, says SecurityReason

----------

Monday 01/04/10

2010-01-04T12:36:00.000-08:00

TSA Gaffe Shows Pitfalls of Redaction
The inadvertent exposure of a sensitive Transportation Security Administration security manual last month serves as a sobering reminder about the pitfalls of trying to redact, or hide, electronic text.

The lapse occurred when a contract employee posted the improperly redacted security manual -- which described TSA airport screening methods that are designed to thwart terrorists -- on a public Web site for federal procurements.

Other organizations, such as HSBC Bank and Facebook Inc., have also had embarrassing incidents in which text in electronic documents that they thought was unreadable was revealed.

----------

Google Chrome OS may be security hot spot in 2010
Chrome OS will be targeted by attackers, probably even before it's officially released, said Sam Masiello, the director of threat management at antivirus vendor McAfee Inc.

"It'll be the new kid on the block, that's one of the primary drivers why we think cybercriminals will target Chrome OS," said Masiello. "The same thing happened to Windows Vista and Windows 7, even before they were finished. Since Chrome OS is new, it's going to be of interest to security researchers, and it's going to be poked by cybercriminals as well."

----------

Hacker Pleads Guilty in Massive Fraud Case PC World – Wed Dec 30, 1:20 am ET
A hacker from Miami pled guilty to conspiracy to hack into computer networks at major U.S. retail and financial groups, and to steal data on tens of millions of credit cards and debit cards on Tuesday.

----------

Top 10 Security Nightmares of the Decade PC World – Tue Dec 29, 9:00 pm ET
Blame the Internet for the latest decade of security lessons. Without it, you probably wouldn't even recognize the terms phishing, cybercrime, data breach, or botnet. Let's revisit the top security horrors of the past ten years, and try to remember what we learned from each. Full Story »

----------

Target Co was victim of hacker Albert Gonzalez Reuters – Tue Dec 29, 7:03 pm ET
BOSTON/NEW YORK (Reuters) - Target Co said it was among the victims of computer hacker Albert Gonzalez, mastermind of the biggest identity theft in U.S. history.

----------

Hackers Show It's Easy to Snoop on a GSM Call PC World – Mon Dec 28, 9:40 pm ET
Computer security researchers say that the GSM phones used by the majority of the world's mobile-phone users can be listened in on with just a few thousand dollars worth of hardware and some free open-source tools.

----------

Good Guys Bring Down the Mega-D Botnet PC World – Sun Dec 27, 9:00 pm ET
For two years as a researcher with security company FireEye, Atif Mushtaq worked to keep Mega-D bot malware from infecting clients' networks. In the process, he learned how its controllers operated it. Last June, he began publishing his findings online. In November, he suddenly switched from defense to offense. And Mega-D--a powerful, resilient botnet that had forced 250,000 PCs to do its bidding--went down.

----------

FBI probing cyber theft at Citibank: WSJ AFP – Tue Dec 22, 1:10 pm ET
AFP/File
WASHINGTON (AFP) - The US Federal Bureau of Investigation is probing an attack by suspected Russian computer hackers on Citigroup Inc. that resulted in the theft of tens of millions of dollars, The Wall Street Journal reported Tuesday.

----------

Sophisticated, targeted malicious PDF documents exploiting CVE-2009-4324
Couple of days ago one of our readers, Ric, submitted a suspicious PDF document to us. As you know, malicious PDF documents are not rare these days, especially when the exploit for a yet unpatched vulnerability is wide spread.

Quick analysis of the document confirmed that it is exploiting this vulnerability (CVE-2009-4324 – the doc.media.newPlayer vulnerability). This can be easily seen in the included JavaScript in the PDF document, despite horrible detection (only 6 out of 40 AV vendors detected this when I initially submitted it here).

----------

FTC: Orgs Liable for Employee Statements on Facebook, Twitter?
Michael Overly looks at FTC regulations that went into effect in December.

New FTC guidelines (http://www.ftc.gov/os/2009/10/091005revisedendorsementguides.pdf) that went into effect on December 1, 2009, may impose liability on businesses for statements their employees make on social networking sites like Facebook, Twitter, LinkedIn, MySpace, personal blogs, and other sites – even if the company had no actual knowledge those statements were being made. Specifically, if an employee makes comments about the business’ products and services and that employee fails to disclose their employment relationship with the business, the business may be subject to an enforcement action for deceptive endorsements.

----------

NIST-certified USB Flash drives with hardware encryption cracked
Security firm SySS has found that supposedly secure NIST certified USB Flash drives from three of the top vendors can be cracked with relative ease more…
...
When notified by SySS about this worst case security scenario, the respective vendors responded quite differently. Kingston started a recall of the affected products; SanDisk and Verbatim issued woolly security bulletins about a "potential vulnerability in the access control application" and provided a software update. When asked by heise Security, Verbatim Europe said that none of the affected drives have been sold in Europe – and that none will be shipped before the hole has been closed.

----------

Adobe working on new automatic updater
Ryan Naraine: In the wake of a dramatic surge in malware attacks against Adobe's Reader, Acrobat, and Flash Player, the company plans to ship a new automatic updater mechanism that will silently patch security holes without any user action.

----------

Waldec spreading through fake New Year's e-cards
Angela Moscaritolo December 31, 2009
The Waledac botnet is spreading spam messages that contain the subject line "Happy New Year 2010" and provide a link for what the email claims to be a New Year's greeting card.

----------

How to Automate Windows 7 Backups
(Video) How to set up and automate backups in Windows 7.

----------

Monday 12/21/09

2009-12-21T08:44:00.000-08:00

Deconstructing Facebook's New Privacy Settings
Forrester Research analyst Chenxi Wang picks apart Facebook's new privacy settings so the rest of us can figure out how to navigate and even benefit from them.

----------

Check Your Friends! Facebook IMs May Lead To Trouble
Monday December 21, 2009 at 7:27 am CST
I ran into a few strange IMs over the weekend. When I was not shoveling out my driveway from the 15 inches of snow that covered it I was logged into Facebook telling people about it…. It was then that I started receiving some VERY interesting IMs from a friend extolling the virtues of a clean colon (yep – you read that right)...

----------

Cisco Regains Top Spot in IPS Market by Jamey Heary
Cisco Snatches Q3 Security Market Share from its Competitors

----------

Federal Government to streamline online authentication
The Federal Government has moved to streamline the use of authentication tools among departments...

----------

Ford Pushes For Wi-Fi Enabled Vehicles
New SYNC vehicles will take USB 3G modems

----------

Are you ready for 4k sector drives?
Robin Harris: Western Digital has started shipping drives that drop the ancient 512 byte disk sector for a 4096 byte - 4k - sector. What's in it for you? And what will it do to you?

...

Gotchas?
If you are in either of these 2 groups:

Windows XP users
Windows users who clone disks with software like Norton Ghost

there are a couple of gotchas if you want to use a 4k drive. Since most drives aren’t 4k and won’t be for another year or more, this may not affect you either. Vista and W7 users are cool except for cloning.

1) Windows XP does not automatically align writes on 4k boundaries, which hurts performance. WD has software - the Advanced Format Align Utility for their drives. I assume other vendors will too when they start shipping.
XP users need to run this utility once to use a 4k drive with a clean install, cloning software or a do-it-yourself USB drive. WD-branded 4k USB drives are already aligned so it isn’t needed for those drives.

2) Windows clone software vendors have yet to implement 4k support. If you clone an XP, Vista or W7 drive you should run the align utility. The cloning vendors need to get on board Real Soon Now. Vendors are welcome to comment on their plans.

----------

David Pogue Weighs In On Ebook DRM: Non-DRM'd Ebook Increased His Sales
Pogue relates his own experience in running a test with his publisher (which is O'Reilly) in putting out a non-DRM'd ebook, and he found that sales increased...

----------

Heartland settles with American Express over breach
Dan Kaplan December 18, 2009
Heartland Payment Systems has settled its first lawsuit with a card brand over the 2008 data breach.

----------

Thief steals U.S. Army laptop from employee's home
Angela Moscaritolo December 17, 2009
A laptop containing the personal information of tens of thousands of U.S. Army soldiers, family members and U.S. Department of Defense employees was recently stolen.

----------

Judge grants TJX hacker sentencing delay over health
Angela Moscaritolo December 17, 2009
A psychiatric evaluation has determined that Albert Gonzalez's actions were consistent with the behaviors of someone who suffers from Asperger's syndrome, and his sentencing has been delayed until March.

----------

Facebook sues three over alleged spam, phishing
Dan Kaplan December 17, 2009
Fresh off a $711 million spam judgment in its favor, Facebook this week sued three more individuals that it contends assaulted its members with spam.

----------

Cisco WebEx WRF Player Vulnerabilities
Cisco today released details of a set of buffer overflow vulnerabilities and fixes for their WebEx WRF player. The exploits describe multiple buffer overflows caused by a maliciously crafted WRF file (generally posted on a website), or by attending a WebEx meeting with an attacker attending. The results of the exploit can result in execution of arbitrary code on the target system.

http://www.cisco.com/warp/public/707/cisco-sa-20091216-webex.shtml

----------

Is Netflix "borking" lesbians with subscriber data releases?

2 days ago - by Nate Anderson Posted in: Law & Disorder
An Ohio lesbian doesn't want to be outed by her Netflix recommendations, and she is part of a new class-action lawsuit against the movie rental company.

----------

Suspected NKoreans hack war plan for SKorea AFP – Thu Dec 17, 11:27 pm ET
AFP/File
SEOUL (AFP) - Computer hackers who may be from North Korea have gained access to a secret US-South Korean plan to defend the peninsula in case of war, the defence ministry said Friday.

----------

Cybercrooks Target File-Sharing Networks
Security experts at Kaspersky Labs warn that cybercriminals are shifting their focus from worms and spams to file-sharing services.

----------

Twitter's DNS Provider Denies Hack
Rerouting was managed from within Twitter's own account, says the microblogging site's domain manager.

----------

Italian Police Arrest Hacker Sought for Fraud
Italian police have arrested an alleged hacker who is accused of defrauding banks and mobile phone operators out of several million dollars.

----------

Adobe explains PDF patch delay
Unless users apply one of the workarounds that Adobe's suggested, the decision will leave systems open to attack until Jan. 12, when the patch is released. According to several security firms, the flaw has been in use by criminals since at least Nov. 20. Adobe only found out Monday that the vulnerability in its Reader and Acrobat applications was being actively exploited.

----------

Drone incident serves up data encryption lesson

In a story that's receiving widespread attention, the Wall Street Journal yesterday reported that Iranian-backed groups in Iraq and Afghanistan were tapping into live feeds from Predator drones using a $26 software tool called SkyGrabber from Russian company SkySoftware.

The hitherto largely unknown software product doesn't require Internet connectivity and is designed to intercept music, photos, video and TV satellite programming for free. Insurgents in Iraq, however, were able to use SkyGrabber to grab live video feeds from unmanned Predator drones because the transmissions were being sent unencrypted to ground control stations.

----------

Monday 12/14/09

2009-12-14T12:44:00.000-08:00

Rather than patch, Microsoft blocks buggy code
http://www.computerworld.com/s/article/9142140/Rather_than_patch_Microsoft_blocks_buggy_code?taxonomyId=17
Microsoft has decided to disable a 17-year-old video codec in older versions of Windows rather than patch multiple vulnerabilities, according to the company's security team.

----------

Top Five Reasons For Security FAIL
Adi Ruppin admits the Internet security industry has seen every type of product fail. The good news, he says, is that there's much to learn from such failures. Here are five such lessons.

The weakest link
Industry standard vs. proprietary
The right solution to the wrong problem
The human factor
Usability

----------

DHS: Counterfeit Goods Still Rampant in U.S.
Phony products seizures fell slightly, but counterfeiting continues to be big business

----------

Not Security but...
Britain's First 140mph Train Service Begins

----------

Secret Copyright Treaty Timeline Shows Global DMCA
Michael Geist, a leading critic of the ACTA secret copyright treaty, has produced a new interactive timeline that traces its development. The timeline includes links to leaked documents, videos, and public interest group letters that should generate increasing concern with a deal that could lead to a global three-strikes and you're out policy.

----------

Building a Global Cyber Police Force
One of the biggest obstacles to fighting hackers and cyber-criminals is that many operate in the safe harbors of their home countries, insulated from prosecution by authorities in foreign countries where their targets reside. As Larry Walsh writes in his blog, several security vendors and a growing number of countries are now beginning to consider the creation of a global police force that would have trans-border jurisdiction to investigate and arrest suspected hackers.

----------

Supreme Court Takes Texting Case
http://www.nytimes.com/2009/12/15/us/15scotus.html?_r=1&hp
WASHINGTON — The Supreme Court agreed on Monday to decide whether a police department violated the constitutional privacy rights of an employee when it inspected personal text messages sent and received on a government pager.

The case opens “a new frontier in Fourth Amendment jurisprudence,” according to a three-judge panel of an appeals court that ruled in favor of the employee, a police sergeant on the Ontario, Calif., SWAT team.

----------

National data breach notification bill passed in U.S. House
Angela Moscaritolo December 10, 2009
The Data Accountability and Trust Act would require any organization that experiences a breach of electronic data containing personal information to notify all affected U.S. residents.

----------

Report finds enterprises failing to protect sensitive data
Angela Moscaritolo December 09, 2009
Just 40 percent of respondents in a recent survey said all of their organizations sensitive data is adequately secured.

----------

The Machine SID Duplication Myth
by Mark Russinovich

----------

Plastic Surgery Allows Exploit of Biometric ID System
Now what you are born with may not be as secure as biometric ID systems are purported to be. Lin Rong is accused by Japanese authorities of having her fingerprints surgically altered to enter the country illegally. She is reported to have had surgery to switch the finger tips of her right and left hand. The ruse was discovered by Japanese authorities after she was arrest for an unrelated offense.
'Fake fingerprint' Chinese woman fools Japan controls , BBC, December 7, 2009

----------

Full Disk Encryption: What It Can And Can't Do For Your Data
Dec 14,2009
Protection depends on how implementation -- and user know-how
Warning: disk is unlocked when it is on (duh!)

----------

FBI: Rogue Antivirus Scammers Have Made $150M
PC World – Fri Dec 11, 2:50 pm ET
They're the scourge of the Internet right now and the U.S. Federal Bureau of Investigation says they've also raked in more than US$150 million for scammers. Security experts call them rogue antivirus programs.

----------

Amazon's data center outage reads like a thriller

----------

Monday 12/07/09

2009-12-07T16:09:00.000-08:00

December 2009 Bulletin Release Advance Notification
"we will be addressing the vulnerability discussed in Security Advisory 977981 in the IE bulletin on Tuesday" - Not the SSL/TLS bug!

----------

Great research paper on security and user education:
http://research.microsoft.com/en-us/um/people/cormac/papers/2009/SoLongAndNoThanks.pdf

----------

Louisiana firm sues Capital One after losing thousands in online bank fraud

An electronics testing firm in Louisiana is suing its bank, Capital One, alleging that the financial institution was negligent when it failed to stop hackers from transferring nearly $100,000 out of its account earlier this year.

In August, Security Fix wrote about the plight of Baton Rouge-based JM Test Systems, an electronics testing firm that in February lost more than $97,000 from two separate unauthorized bank transfers a week apart.

According to JM Test, Capital One has denied any responsibility for the losses. On Friday, JM Test filed suit in a Louisiana district court, alleging breach of contract and negligence by the bank. The firm says it is still out a total of $89,000, and that it has spent roughly $70,00
0 investigating and responding to the breaches.

"Capital One was not willing to make good on our losses or attempt any type of settlement," said Happy McKnight, JM Test's controller. "The banks are clearly taking a 'Hey, don't look at me!' stance. It is so sad to wonder how many business failures this type of fraud has caused."
Permalink

----------

Sprint Provides U.S. Law Enforcement with Cell Phone Customer Location Data
Feds ‘Pinged’ Sprint GPS Data 8 Million Times Over a Year

----------

Phishing losses add up
Although the number of banking customers who fall victim to phishing attacks is small, it all adds up to a lucrative business for cyber criminals. It's estimated that every US banking institute loses more than $9 million per million customers more…

----------

Wall Street Journal Website Hacked
A Romanian grey hat hacker has disclosed a serious SQL injection vulnerability on the Wa...

----------

Dell releases BIOS updates
Adrian Kingsley-Hughes: "Throttlegate": Some owners of Dell notebooks were experiencing severe underperformance and overthrottling, so much so that performance was being cut to a fraction of what it should be.

----------

Can You Copyright An SQL Query?
... the district had contracted out the process to a guy who charged them $500 per year, to basically write and then run an SQL query that exported the data. Each year, all he had to do was change the date, but he still charged them $500.

----------

Former Partner Blasts Seyfarth Shaw
By TIM HULL
LOS ANGELES (CN) - An attorney with Seyfarth Shaw says the firm's managing partners forced him to take the fall for Tae Boe creator Billy Blanks' $30 million legal malpractice suit, and turned the office into a place where "the pursuit and collection of money" from clients - referred to as "bozos on the bus" - became "the primary directive" for attorneys and "the chief preoccupation" of the managers.

----------

NASA sites hacked via SQL injection
Angela Moscaritolo December 07, 2009
Two of NASA's sites were accessed by an individual, apparently claiming to demonstrate they were susceptible to SQL injection.

----------

Adobe plans Flash update, investigates Illustrator flaw
Dan Kaplan December 04, 2009
An Adobe Flash Player update is due out on Tuesday to close a number of security holes.

----------

Microsoft slates six fixes for year's final Patch Tuesday
Dan Kaplan December 03, 2009
Microsoft's planned patches for Tuesday include a fix for a null pointer reference vulnerability in Internet Explorer, for which proof-of-concept code has been published.

----------

TSA Leaks Sensitive Airport Screening Manual
Government workers preparing the release of a Transportation Security Administration manual that details airport screening procedures badly bungled their redaction of the .pdf file. Result: The full text of a document considered “sensitive security information” was inadvertently leaked.

Anyone who’s interested can read about which passengers are more likely to be targeted for secondary screening, who is exempt from screening, TSA procedures for screening foreign dignitaries and CIA-escorted passengers, and extensive instructions for calibrating Siemens walk-through metal detectors.

The 93-page document also includes sample images of DHS, CIA (see above) and congressional identification cards, with instructions on what to look for to verify an authentic pass.

----------

Ex-KGB Officers May Be Behind the Hacked Climate Emails
treehugger.com — The computer hack, said a senior member of the Inter-governmental Panel on Climate Change, was not an amateur job, but a highly sophisticated, politically motivated operation. And others went further. The guiding hand behind the leaks, the allegation went, was that of the Russian secret services.

----------

The Fruit of the Poisoned Tree
Should we hire criminal hackers as security experts? This is the second of a two-part attack on the idea from a 1995 debate in which I participated.

----------

Mapping the Mal Web: McAfee’s 3rd Annual Report
For the first time combining data from McAfee’s SiteAdvisor and TrustedSource, the report is even more comprehensive than last year’s, naming Cameroon (.cm) as the riskiest place to surf with a whopping 36.7 percent of the domains posing a security risk.

----------

Microsoft Warns Of Malware-Laced Counterfeit Software
Dec 07,2009
Complaints about counterfeit software infected with malware doubled in past two weeks

----------

Thanksgiving Webcam Promo Leads to Malware PC World – Thu Dec 3, 8:20 pm ET
The US$10 webcam that Anna Giesman bought her daughter at Office Depot over the Thanksgiving weekend sounds like one of those deals that's too good to be true. And for her, it was.

----------

Update: Judge affirms $675k verdict in RIAA music piracy case

----------

Monday 11/30/09

2009-11-30T12:51:00.000-08:00

Transport Layer Security Renegotiation Remote Man-in-the-Middle Attack Vulnerability
Still hot, still waiting for fixes...

----------

Microsoft Internet Explorer Cascading Style Sheets Remote Code Execution Vulnerability

----------

Virgin Media Starts Snooping In User Packets
Using deep packet inspection to measure copyright infringement

UK Cable provider Virgin Media says they're experimenting with a new deep packet inspection solution that will snoop into customer packets to determine if they're trading copyrighted files. The trial will cover 40% of the company's customers, though no action will be taken against users (nor will they be informed of the snooping).

----------

ICANN Slams DNS Redirection Calls such efforts a 'destabilizing practice'
ICANN (Internet Corporation for Assigned Names and Numbers) on Tuesday condemned the practice of redirecting Internet users to a third-party portal when they mistype, or enter a nonexistent URL. You'll recall that the practice gained international attention when Verisign implemented their heavily-loathed Sitefinder initiative in 2003.

----------

Telecommunications Act changes backed by forensics expert
A call for intercepted data to be destroyed "as soon as it is no longer required" has been...

----------

Profitable 'Pay Us Or We'll Sue You For File Sharing' Scheme About To Send 30,000 More Letters

Remember ACS:Law? The shakedown organization that appears to have taken over where Davenport Lyons left off (including using some of the identical documents), and who has "partnered" with DigiProtect, the company that gleefully admits that it purposely puts files on file sharing networks just to collect the IP addresses of anyone who downloads, is asking for the identifying info on 30,000 UK users. To put that in perspective, in the years long campaign by the RIAA to sue people for file sharing, they apparently requested info on about 35,000 IP addresses. Of course, when spreading such a big net, it's no surprise that tons of innocent people get caught in it. But that's really of little concern, since no real lawsuits have been filed. They're just hoping a bunch of people feel that it's easier to pay up. It's not about stopping piracy or getting people to buy -- it's about shaking people down for as much money as possible.

----------

Credit-Card Scammers Drilled Dentists
MANHATTAN (CN) - A man was sentenced to nearly 10 years in prison for leading a credit-card fraud ring that stole the identities of 176 dentists. Michael A. Roseboro and his crew stole $1.75 million from dentists around the country by claiming to be an investigator with Visa or Bank of America who was looking into potentially fraudulent charges on the dentists' credit cards.

----------

Spam magnate Ralsky sentenced to more than four years
Dan Kaplan November 24, 2009
Alan Ralsky, mastermind of a fraud campaign that delivered tens of thousands of junk mail messages designed to inflate stock prices, was sentenced Monday to 51 months in prison.

----------

iPhone Virus-Writer’s New Job: Building iPhone Apps
An Australian youth who created a worm that attacked iPhone users has been hired by a company that creates applications for the iPhone.

----------

The Psychology of Being Scammed
This is a very interesting paper: Understanding scam victims: seven principles for systems security, by Frank Stajano and Paul Wilson. Paul Wilson produces and stars in the British television show The Real Hustle, which does hidden camera demonstrations of con games.

----------

Ransomware blocks Net access
Ryan Naraine: Security researchers have stumbled upon a new piece of ransomware that blocks an infected computer from accessing the Internet until a fee is paid via text message.
New LoroBot ransomware encrypts files, demands $100 for decryption

----------

I Was Wrong: There Probably Will Be an Electronic Pearl Harbor
Ira Winkler says the emerging smart grid makes doomsayers' unlikely predictions more likely

----------

Checklist: 11 Security Tips for Black Friday, Cyber Monday
This holiday shopping season, IT and physical security practitioners have the tough task of protecting customer data and preventing shoplifting. Here are 11 tips to bring sanity to the process.

----------

I Was Wrong: There Probably Will Be an Electronic Pearl Harbor

New Banking Trojan Horses Gain Polish

Race on Between Hackers, Microsoft Over IE Zero-Day

Hacks of Chinese Temple Were Online Kung Fu, Abbot Says

----------

Monday 11/23/09

2009-11-23T09:26:00.000-08:00

http://www.ietf.org/id/draft-ietf-tls-renegotiation-00.txt
http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml
http://securitytracker.com/id?1023148
http://www.unleashnetworks.com/blog/?p=134
http://extendedsubset.com/

SSL/TLS Renegotiation bug. Many patches coming.

----------

REASON TO UPGRADE TO IE8:

http://www.csoonline.com/article/508525/New_Attack_Fells_Internet_Explorer
The code was posted Friday to the Bugtraq mailing list by an unidentified hacker. According to security vendor Symantec, the code does not always work properly, but it could be used to install unauthorized software on a victim's computer.

"Symantec has conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7," the company wrote on its Web site Saturday. "We expect that a fully-functional reliable exploit will be available in the near future."

Security consultancy Vupen Security has also confirmed that the attack works, saying it worked on a Windows XP Service Pack 3 system running IE 6 or IE7. Neither company was able to confirm that the attack worked on Microsoft's latest browser, IE 8.

----------

Cisco's Free IPhone App Grabs Security Feeds

----------

NSA Helped with Windows 7 Development
The National Security Agency (NSA) worked with Microsoft on the development of Windows 7, an agency official acknowledged yesterday during testimony before Congress.

----------

New Olive Planting Method Prompts California Oil Boom
An oil boom is under way in California's agricultural heartland, as evolving tastes and a trend toward healthy fare have transformed a profession as old as civilization: olive production for the extra virgin market....

----------

Latest jailbroken iPhone worm tries filching bank passwords
41 minutes ago - by Jacqui Cheng Posted in: Infinite Loop
Users who have jailbroken their iPhones just can't catch a break—another malicious worm is making its way around the Internet and tries to steal bank passwords for users in the Netherlands, Portugal, Hungary, and Australia. Users with locked-down iPhones are still safe.

----------

Creepy insurance company pulls coverage due to Facebook pics
about 14 hours ago - by Jacqui Cheng Posted in: The Web
Can people diagnosed with depression go to a party and look like they're having fun? Most of us would say yes, but one insurance company thinks not. A woman in Canada got her sick leave coverage pulled after she posted photos of her birthday party to her private, locked-down Facebook account.

----------

Queen: We sank the Armada, we can sink some P2P pirates!
3 days ago - by Nate Anderson Posted in: Law & Disorder
The Queen opened the UK parliamentary session yesterday and announced that an Internet disconnection bill would be coming soon. But will it actually be legal?

----------

Nation's School Districts are Failing to Protect Children's Privacy
A Fordham Law School study found that state educational databases across the country ignore key privacy protections for the nation’s school children.
Permanent link to this item.

----------

Al Qaeda Secret Code Broken
I would sure like to know more about this:

Top code-breakers at the Government Communications Headquarters in the United Kingdom have succeeded in breaking the secret language that has allowed imprisoned leaders of al-Qaida to keep in touch with other extremists in U.K. jails as well as 10,000 "sleeper agents" across the islands....
...
The code the terrorists devised consists of words chosen from no fewer than 20 dialects from Afghanistan, Iran, Pakistan, Yemen and Sudan.

----------

Fedora 12 allows users install privilege - Update 2
Fedora 12 has changed its security policy to allow unprivileged users to install software without requiring the root password more…

----------

Report: Cyberattacks against the U.S. "rising sharply"
Angela Moscaritolo November 20, 2009
During just the first half 2009, there were 43, 785 cyberattack incidents against the DoD, a new report states. If this volume is maintained for the rest of the year, it will represent a 60 percent increase over 2008.

----------

Prosecutors Ending Lawsuit Against Lori Drew

----------

Thousands of web sites redirected
Dancho Danchev: Security researchers have detected a massive blackhat SEO campaign consisting of over 200,000 compromised web sites, all redirecting to fake security software.

----------

Microsoft: 'TaterF' Worm Top Malware Threat So Far This Month
Nov 23,2009
Software giant reveals November stats from Malicious Software Removal Tool

----------

Monday 11/09/09

2009-11-09T12:23:00.000-08:00

Advisory ID: cisco-sa-20091109-tls
http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml
Revision 1.0
For Public Release 2009 November 9 1600 UTC (GMT)

An industry-wide vulnerability exists in the Transport Layer Security (TLS) protocol that could impact any Cisco product that uses any version of TLS and SSL. The vulnerability exists in how the protocol handles session renegotiation and exposes users to a potential man-in-the-middle attack.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml.

----------

Worm 'Rick Rolls' iPhones
First IPhone Worm Spreads Rick Astley Wallpaper
The first worm written for Apple's iPhone has been unleashed and is infecting phones in Australia.

----------

Gumblar Malware's Home Domain Active Again
ScanSafe researchers are seeing renewed activity regarding Gumblar, a multifunctional piece of malware that spreads by attacking PCs visiting hacked Web pages.

----------

Yahoo Now on China's Porn Offense List
A Chinese government watchdog has ordered Yahoo China to clean pornographic content from a photo-sharing site it hosted, a reminder of the regulatory challenges often faced by foreign Internet companies in China.

----------

CDC Tracking H1N1 in Near Real Time
The Centers for Disease Control have settled on a private, nationwide database with the electronic medical records of 14 million people run by General Electric in order to track potential outbreaks of the H1N1 virus.

----------

Study: Security Certs are IT's Hottest
The survey of more than 1,500 IT workers found that 37 percent intend to pursue a security certification over the next five years. Another 18 percent of IT workers said they will seek ethical hacking certifications during the same time period, while 13 percent identified forensics as their next certification target. The results are included in the CompTIA study 'IT Training and Certification: Insights and Opportunities.'

----------

Bardin: What DLP Companies Don't Tell You
What you are not told during the sales pitch is the Pandora’s Box you not only are about to open but completely unhinge. What you really need to understand is how deep does the business want you to go?

----------

Data breach notifications one step closer to law... again
about 2 hours ago - by Jacqui Cheng Posted in: Law & Disorder
It's frustrating to be a consumer these days, especially knowing that your personal information could be exposed anytime there's a major data breach. Two new Senate bills aim to improve notification to customers when their information is exposed to thieves and, despite their shortfalls, experts are still holding out hope.

----------

The ACTA Internet provisions: DMCA goes worldwide
about 16 hours ago - by Nate Anderson Posted in: Law & Disorder
New details about the Internet section of the Anti-Counterfeiting Trade Agreement (ACTA) have leaked, and critics are already claiming that they mandate "three strikes" policies and will put an end to Flickr and YouTube. The reality is less sensational but just as important: ACTA is really about taking the DMCA global.

----------

Worker Lost Her Job Over Error by FBI's NCIC Database

In July 2009, a woman lost a $58,000 a year accounting job with Corporate Mailing Services of Arbutus after a background check reported a non-existent criminal record. Her employer won a contact with the Social Security Administration (SSA), which required that the company submit all employees to a criminal background check. The FBI's National Crime Information Center database reported in error that the employee had a criminal record. The Social Security Administration reported back to her employer within 2 weeks acknowledging the mistake and stated that the account could in fact work on the project. The company has not reinstated the dismissed worker. There are long running issues regarding the accuracy of NCIC database. In 2003 the DOJ exempted the FBI, which manages the NCIC, from Federal Privacy Act obligations for data accuracy. The administration is moving forward with a plan to require all federal government contractors submit E-verify checks conducted by the Department of Homeland Security to determine whether they can be employed. There are questions about accuracy of this system and the potential for inaccurate reporting. Accuracy requirements for information held in databases is critical to the protection of privacy rights.

Fired due to error in background check, Carroll woman still jobless, Scott Calvert, Baltimore Sun, October 28, 2009

----------

Microsoft to release six updates next Patch Tuesday
Microsoft has announced that it will release four updates for Windows and two updates for Office on the next Patch Tuesday, the 10th of November more…

----------

Microsoft to deliver six patches covering 15 flaws
Dan Kaplan November 05, 2009
November's security update from Microsoft comes with six patches for 15 vulnerabilities -- nearly 20 fewer than last month.

----------

Former Employees Face Five-Year Sentence After Allegedly Hacking Company Database
Nov 05,2009
System access was still possible for almost two years using old passwords, indictment says

----------

New Security Certification On The Horizon For Cloud Services
Nov 04,2009
Cloud security cert would go beyond existing SAS 70, ISO 27001 standards

There's no official security certification for cloud security service providers today: some use the SAS 70 or the ISO 27001 standards as their security certifications, neither of which is sufficient for providing potential cloud customers with assurances that the provider has deployed the proper security or that their data is sufficiently locked down, experts say.

"There needs to be a certification that is specifically for cloud providers," says Jim Reavis, co-founder and executive director of the Cloud Security Alliance. The Cloud Security Alliance is working with other key players in cloud security and auditing to determine which organizations should provide the certification, as well as what such a certification should include.

"This is going to be a shared thing," he says, noting that the certification is likely to be managed by multiple bodies. He says to expect a statement of direction for a cloud security certification around the first quarter of 2010.

----------

Malware breaks Win 7 UAC defenses
Dancho Danchev: A recently conducted test by malware researchers reveals that eight out of ten malware samples used in the test, successfully bypassed Windows 7's default UAC (user access control) settings.

----------

Lawsuit claims iPhone games stole phone numbers
Browse the App Store for developer Storm8's many popular iPhone games, and you'll encounter the...

----------

AP IMPACT: Framed for child porn — by a PC virus AP – Mon Nov 9, 12:10 am ET
AP
Of all the sinister things that Internet viruses do, this might be the worst: They can make you an unsuspecting collector of child pornography.

----------

Monday 11/02/09

2009-11-03T12:30:00.000-08:00

Trade talks hone in on Internet abuse, ISP liability
ISPs around the world may be forced to snoop on their subscribers and cut them off if they are found to have shared copyright-protected music on the Internet, under an international agreement being promoted by the U.S.

----------

Catbird tunes security software for virtual environments
Catbird has announced a new version of its security software for virtual environments that is tweaked to perform vulnerability monitoring of resources running in Amazon's EC2 cloud.

----------

Software shields online banking on infected PCs
Cybercriminals are developing increasingly sophisticated software that, in what is known as man-in-the-middle or man-in-the-browser attacks, can intercept online banking transactions while in progress and transfer funds with the user believing nothing is awry.

SafeOnline installs its own kernel-level driver on Windows PCs. During a secure browsing session, all information from the keyboard is routed through that driver, which defeats attempts to record keystrokes or other interference, said Mel Morris, Prevx's CEO and CTO.

----------

Password rules: Change them every 25 years
There are four basic ways for a bad guy to get your password:
(a) Ask for it. So-called "Phishing" and "Social Engineering" attacks still work, and always will
(b) Try dictionary words at the login prompt in the hope to get lucky ("Brute Force")
(c) Obtain the encryped/hashed password somehow, and crack it
(d) Leech the password off your computer with keylogger malware

None of these four scenarios becomes less likely if you change your password every 90 days. If the bad guy can't break the password hash (c) within a couple days, he'll likely just look for an easier target. Attack (b) is also out for quick wins - either it works within the first couple dozen passwords tried, or the bad guy moves on to easier prey. If (b) or (c) are successful, or the attacker already has the password through (a) or (d), 45 days on average is more than enough to empty out your bank account or use your email address for a big spam run.

The concept of password expiry remained the same for the last 25 years or so. Infosec professionals, auditors, PCI, ISO27002, COBIT, etc all keep requiring it, unchanged, even though the threats have changed quite a bit. Forcing a user who had a weak password to change it will just make him pick another weak one. Forcing a user who had a very strong password to change it will eventually annoy the user into using simpler passwords.

So what gives? There is one practical benefit. If someone has your password, and all they want is to read your email and remain undetected, they can do so forever, unless you eventually change your sign-in secret. Thus, regularly changing the password doesn't help much against someone breaking in and making it off with your goods, but it DOES give you a chance to shake off any stalkers or snoopers you might have accessing your account. Yes, this is good. But whether this benefit alone is worth the hassle and mentioned disadvantages of forcing users to change their password every 90 days, I have my doubts.

Infosec risk management is about identifying threats and vulnerabilities, and then picking a countermeasure. But if the chosen countermeasure doesn't in fact make the identified threats less likely, all we do is play security theater, and the countermeasure is one that we don't need.

Unless, of course, "best practice standards" and audits force us to have it.

----------

Nation's School Districts are Failing to Protect Children's Privacy
A Fordham Law School study found that state educational databases across the country ignore key privacy protections for the nation’s school children. The study reports that at least 32% of states warehouse children’s social security numbers; at least 22% of states record student pregnancies; and at least 46% of the states track mental health, illness, and jail sentences as part of the children’s educational records. Some states outsource the data processing without any restrictions on use or confidentiality for children’s information. Access to this information and the disclosure of personal data may occur for decades and follow children well into their adult lives. These findings come as Congress is considering the Student Aid and Financial Responsibility Act, which would expand and integrate the 43 existing state databases without taking into account the critical privacy failures in the states’ electronic warehouses of children’s information. For more information on children’s privacy issues see Children’s Online Privacy Protection Act.

----------

Cable modem hacker busted by feds
According to the U.S. Department of Justice (DOJ), Ryan Harris, 26, ran a San Diego company called TCNISO that sold customizable cable modems and software that could be used to get free Internet service or a speed boost for paying subscribers.

Harris, also known as DerEngel, was charged on Aug. 16, but the grand jury indictment was not unsealed until Monday, several days after his Oct. 23 arrest. He faces a maximum sentence of 20 years in prison and a $250,000 fine, the DOJ said. The six-count indictment charges him with conspiracy, computer intrusion and wire fraud. He was charged in U.S. District Court for the District of Massachusetts.
...

----------

Microsoft links malware rates to pirated Windows
"There is a direct correlation between piracy and the malware infection rate," said Jeff Williams, the principal group program manager for the Microsoft Malware Protection Center. Williams was touting the newest edition of his company's biannual security intelligence report.

----------

Swedish Government Promises Citizens 100MB Broadband

by TechCrunch Europe on November 3, 2009
[Sweden] The Swedish government is following in the footsteps of the Finns (well almost), as their IT-ministry is now promising that 90 percent of all Swedish homes will have access to a 100 mbit/s broadband connection before 2020.

----------

US cyber center opens to battle computer attacks AP – Fri Oct 30, 7:38 pm ET
WASHINGTON - The United States is well behind the curve in the fight against computer criminals, Sen. Joe Lieberman said Friday, as Homeland Security officials opened a $9 million operations center to better coordinate the government's response to cyberattacks.

----------

Researchers Create Hypervisor-Based Tool For Blocking Rootkits Nov 03,2009 New technology 'patches' the operating system kernel, protects it from rootkits

----------

Delayed Again: Red Flags Rule Deadline Now June 1, 2010
Bowing to Congressional pressure, the FTC is delaying enforcement of the Red Flags Rule until June 1, 2010, for financial institutions and creditors. Here, IT security pros weigh in on what the rule means for them.

The FTC made the announcement Friday, the same day the U.S. District Court for the District of Columbia ruled that the commission can't apply the rule to attorneys.

The Red Flags Rule was instituted under the Fair and Accurate Credit Transactions Act, where Congress ordered the FTC and other agencies to make regulations forcing creditors and financial institutions to address security holes that could lead to identity theft. The rule requires all such entities that have covered accounts to develop and implement written identity theft prevention programs to help identify, detect, and respond to patterns, practices, or specific activities -- known as red flags -- that could indicate identity theft.

----------

Congress locks radio stations, record labels into boardroom
by Nate Anderson Posted in: Law & Disorder
Radio doesn't want to pay more to play music; music labels don't want radio to keep free-riding. How to settle this blood feud? Congress has ordered both sides into a Capitol Hill conference room for two weeks, and it will vote on whatever emerges.

----------

...
But the Wisconsin men won. They won big. They won $1.26 billion dollars.

How did they win? By default judgment. PepsiCo’s lawyers never responded to the complaint, and the judge awarded the Wisconsin plaintiffs a default judgment.

Why did the Pepsi people never respond? Meet PepsiCo legal secretary, Kathy Henry.
Continue reading "Legal Secretary of the Day: Pepsi’s $1.26 Billion Mistake"

----------

Jailbroken iPhones held for $5 ransom
Dancho Danchev: A message popped up on the screens of a large number of automatically exploited Dutch iPhone users, demanding $4.95 for instructions on how to secure their iPhones and remove the message from appearing at startup.

----------

COMPUTER AGE LITIGATION. There may be hope for old forms of communication after all. An extremely odd dispute in Arizona may bring hope to the makers of pen and paper. The tale is told in an Arizona Supreme Court opinion called Lake v. City of Phoenix in which the city insisted that even though it had to turn over a public record, it didn't have to turn over the public record's "metadata." Really. The city's lawyers were arguing that the code showing the history of a document wasn't actually part of the public record even though the document was. And this dispute went all the way to the state supreme court. Apparently no one was too concerned that this really looked like someone was trying to cover something up. The court thought this was silly, ruled against the city, and then offered an out for future coverups that old media lovers should appreciate: "That a public record currently exists in an electronic format, and is subject to disclosure in that format, does not itself determine whether there is a statutory obligation to preserve it electronically." A lot of agencies and companies will be going back to pencils and erasers.

----------

Mossad Hacked Syrian Official’s Computer Before Bombing Mysterious Facility
The intelligence agents planted a Trojan horse on the official’s computer in late 2006 while he was staying at a hotel in the Kensington district of London, the German newspaper reported Monday in an extensive account of the bombing attack.

The official reportedly left his computer in his hotel room when he went out, making it easy for agents to install the malware that siphoned files from the laptop. The files contained construction plans for the Al Kabir complex in eastern Syria — said to be an illicit nuclear facility — as well as letters and hundreds of detailed photos showing the complex at various stages of construction.

----------

First Test for Election Cryptography
By Erica NaoneMonday, November 02, 2009
Novel voting technology will be used in a local government election.

----------

Monday 10/26/09

2009-10-26T15:25:00.000-07:00

Swine flu national emergency should spur businesses to action President Obama's declaration of a national swine flu emergency should send up a red flag to businesses that are still unprepared for a pandemic. Read more...

President Barack Obama declared the H1N1 flu outbreak a national emergency this past weekend, giving health-care systems the ability to bypass some federal regulatory requirements in order to quickly implement disaster plans should they become overwhelmed.

Similar to declaring a hurricane emergency as a storm approaches landfall, the national emergency declaration gives authority to health-care facilities to submit waivers to establish alternate care sites, and modified patient triage protocols, patient transfer procedures and other actions that occur when they fully implement disaster operations plans.

----------

Bugs and Fixes: Stymie Malicious Media, Attacks
Essential OS fixes are big this month. And fans of free software need to update their Firefox and OpenOffice copies.

----------

U.S. gov't cybersecurity spending to grow significantly, study says
U.S. government spending on cybersecurity will grow at a compound rate of 8.1 percent a year between 2009 and 2014, outpacing general IT spending, according to the government analyst firm Input.

Spending on vendor-supplied information security products and services will increase from $7.9 billion in 2009 to $11.7 billion in 2014, Input predicted. General IT spending by the U.S. government will increase by 3.5% a year during the same time frame, said Kevin Plexico, Input's senior vice president of research and analysis.

----------

Virginia man to serve prison term for selling counterfeit software
Gregory William Fair, of Falls Church, was sentenced Thursday in U.S. District Court for the District of Columbia. In addition to the prison term, Judge R.W. Roberts ordered Fair to pay $743,098 in restitution.

Fair also forfeited $144,000 seized from a safety deposit box and residence, a BMW 525i, a Hummer H2, a Mercedes CL600 and a 1969 Pontiac GTO. All the cars were purchased using funds from his counterfeit software operation, the DOJ said.

----------

China ready for cyberwar, espionage, report says
Looking to gain the upper hand in any future cyber conflicts, China is probably spying on U.S. companies and government, according to a report commissioned by a Congressional advisory panel monitoring the security implications of trade with China.

The report outlines the state of China's hacking and cyber warfare capabilities, concluding that "China is likely using its maturing computer network exploitation capability to support intelligence collection against the U.S. government and industry by conducting a long term, sophisticated computer network exploitation campaign."

Published Thursday, the report was written by Northrop Grumman analysts commissioned by the U.S.-China Economic and Security Review Commission.

----------

Botnets contributing more than ever to click fraud
For the third quarter of the year, 42.6% of fraudulent clicks came from botnet-infected computers, according to Click Forensics, a company that produces tools to detect and filter out fraudulent clicks. The figure is the highest in four years, when Click Forensics began producing reports. For the same quarter a year ago, botnets accounted for 27.5% of bad clicks.

----------

DHS to get big boost in cybersecurity spending in 2010
The U.S. Senate yesterday passed legislation approving a budget of nearly $43 billion for the DHS for fiscal 2010. Of that, about $397 million is supposed to go toward improving cybersecurity within the agency. That's $84 million, or about 27%, more than the $313 million that was allocated for information security in fiscal 2009.

----------

Swiss foreign ministry hit by computer attack
AFP – 2 hrs 35 mins ago
GENEVA (AFP) - Unidentified hackers have penetrated the Swiss foreign ministry's computer system to seize data, forcing parts of it to be shut down for several days, the ministry revealed Monday.

----------

Nigeria's anti graft police shuts 800 scam websites
AFP – Thu Oct 22, 1:02 pm ET
LAGOS (AFP) - Nigeria's anti-corruption police said Friday they had shut down some 800 scam websites and busted 18 syndicates of email fraudsters in a drive to curb cyber-crime the country is notorious for.

----------

How Victims Encourage Cybercrime
Security firm Kaspersky notes that anonymity of users can mask cyber threats and make them tougher to prevent.

----------

Cybersecurity Quiz: Know Your Threats
Separate cybersecurity fact from fiction in this survey of the threats posed by cyberattacks.

----------

ERIC TOTALLY DISAGREES:
From Security Perspective, Windows 7 Off To A Rocky Start
Oct 22,2009
Experts express consternation over early vulnerabilities, UAC configuration issues

----------

Major Secure Email Products And Services Miss Spear-Phishing Attack
Oct 22,2009
Experiment successfully slips fake LinkedIn invite from 'Bill Gates' into inboxes

----------

Metasploit Project Sold To Rapid7
Oct 21,2009
Open-source Metasploit penetration testing tool creator HD Moore joins Rapid7, commercial Metasploit products to come

----------

The Internet is set to undergo one of the biggest changes in its four-decade history with the expected approval this week of international domain names — or addresses — that can be written in languages other than English, an official said Monday.

----------

Microsoft to open up Outlook .PST data format

----------

Google Oops! User Voice Mails Disclosed in Search Engine
Reported flaw in Google's voice mail service said to expose users' messages to search engine users. The messages are reported to include the audio file and transcript of the call, but also included the callers name and phone number.
Random users Google Voice mail is searchable by anyone?, Michael Bettiol, Boygeniusreport.com, October 19, 2009

----------

Answers to Windows 7 upgrade questions
Ed Bott: My compatriots in the Windows blogosphere aren't always discriminating in giving out advice. I read a staggering number of rumors, many of them promulgated by people who should have known better.

----------

OFF TOPIC:

Groups Challenge SoCal Desalination Project
By SONYA ANGELICA DIEHN
VISTA, Calif. (CN) - Environmentalists are challenging the City of Carlsbad over a $300 million desalination plant planned for drought-stricken Southern California. Two groups say Carlsbad and Poseidon Resources' enormous project has undergone too many changes for a 2006 environmental impact report to still apply.

----------

BAD NEWS:
LifeLock settles with Experian to not set fraud alerts
Dan Kaplan October 23, 2009
A lawsuit settlement affirms that third parties are not permitted to set fraud alerts with the major credit bureaus.

----------

Blogger: Time Warner Routers Still Hackable Despite Company Assurance
A blogger who stumbled across a vulnerability in more than 65,000 Time Warner Cable customer routers says the routers are still vulnerable to remote attack, despite claims by the company last week that it patched the routers.

Last Tuesday, David Chen, an internet startup-founder, published information about the vulnerability in Time Warner’s SMC8014 series cable modem/Wi-Fi router combo, made by SMC. The problem would allow a hacker to remotely access the device’s administrative menu over the internet and potentially change the settings to intercept traffic, making possible all sorts of nefarious activity.

----------

Monday 10/19/09

2009-10-19T15:25:00.000-07:00

Mozilla unblocks one sneaky Microsoft plug-in
... Late on Friday, Mozilla added .Net Framework Assistant and the accompanying Windows Presentation Foundation plug-in to its rarely-used blocking list, which then threw up a warning to users notifying them that the pair was being barred from Firefox.

----------

Microsoft issues first Windows 7 patches
Windows 7 was affected by nine of the 34 vulnerabilities, or 26% of the total.
Windows Vista, meanwhile, was impacted by 19 of the 34 vulnerabilities -- 56% of the total.
Windows XP was affected by the most vulnerabilities of all: 24 out of 34, or 71% of the total.

----------

Phishers Reveal Poor Passwords

----------

Medical Records: Stored in the Cloud, Sold on the Open Market
... unknown to patients, an increasing number of outside vendors that manage electronic health records also have access to that data, and are reselling the information as a commodity.
http://www.patientprivacyrights.org/site/DocServer/Zones_of_Privacy.pdf?docID=881

----------

ASCII Art spam is back
The ASCII art spam is not limited to only non-word characters. It can be numbers, alphabets and combinations of all, which can make things even worse for certain spam filters:

d""b8 88 db 88 88 dP"Y8
dP 88 dPYb 88 88 `bo
Yb 88 dP__Yb 88 88 `Y8b
boodP 88 dP""""Yb 88ood8 88 8bodP'

----------

How hackers find your weak spots
While there are an infinite number of social engineering exploits, typical ones include the...

----------

SECURITY: RISK AND REWARD
New secure password rules
Most companies have some form of policy on passwords. The rules go back more than a decade and are repeated...

----------

Hiring hackers: A rebuttal (part 2)
The original articles on hiring hackers and criminal hackers into IT groups as programmers, network...

----------

38 Oracle security patches coming next week

----------

Scareware earns cybercriminals £850,000 a year
Cybercriminals are earning as much as £858,000 a year out of scareware, says Symantec.

----------

A Guide to Windows 7 Security
Until now, Windows Vista was the most secure version of the Windows operating system. Windows 7...

----------

"Google Voice Mails have been discovered in Google's search engine, providing audio files, names, and phone number as if you were logged in and checking your own voice mail. Some appear to be test messages, while others are clearly not. Google has since disabled indexing of voice mails outside your own website."

----------

Helpful Hint for Fugitives: Don't Update Your Location on Facebook
"Fugitive caught after updating his status on Facebook."

----------

Microsoft's Free AV Got 1.5 Million Downloads in First Week PC World – Fri Oct 16, 3:10 pm ET
Microsoft registered more than 1.5 million downloads of its free antivirus software in the week after it shipped.

----------

Monday 10/12/09

2009-10-12T13:29:00.000-07:00

Researchers advise cyber self defense in the cloud

Security researchers are warning that Web-based applications are increasing the risk of identity theft or losing personal data more than ever before.

The best defense against data theft, malware and viruses in the cloud is self defense, researchers at the Hack In The Box (HITB) security conference said. But getting people to change how they use the Internet, such as what personal data they make public, won't be easy.

----------

Expert provides more proof hackers hijacked Hotmail accounts
It's almost certain that hackers obtained the Hotmail passwords that leaked to the Internet through a botnet-based attack, a researcher said today as she provided more proof that Microsoft's explanation was probably off-base. Read more...

----------

Sidekick users livid over Microsoft server failure
On Saturday, Microsoft announced that users' data stored on its servers "almost certainly has been lost as a result of a server failure at Microsoft/Danger," referring to Danger Inc., the Microsoft subsidiary that provides data services for Sidekick phones sold by T-Mobile.

...

"I just spoke to a lawyer and explain[ed] the entire situation," said a user tagged as "Calsmail" last Thursday. "He informed me he would be happy to start a class-action suit against T-Mobile. He said he could not only get us out of our contracts but can more than likely get $50 per contact lost."

----------

UC Berkeley tightens personal data security with data-masking tool

----------

No Facebook at work in most US companies
By News Room Yesterday

----------

What's replacing P2P, BitTorrent as pirate hangouts?

----------

EU High Court Amassing Strength & Reach
By NICK WILSON

As the European Court of Justice continues a dramatic rise in power and volume of cases, a comparison is inevitably made with the U.S. Supreme Court where an initially weak political body grew into an enormously powerful interpreter of the law in a vast region of wealth and population. But there are also key differences between the two high courts, based on the greater power held in the U.S. Constitution and the less competitive relationship between the courts of the European nations and the EU's high court.

----------

Google patches DoS vulnerabilities in Android
Researchers at the Open Source Computer Emergency Response Team (oCERT) disclosed two denial-of-service vulnerabilities in Google Inc.'s Android 1.5 mobile phone platform, both of which have already been patched by the vendor.

----------

Hackers exploit this year's fourth PDF zero-day

The bug in the popular Reader PDF viewer and the Acrobat PDF maker is being exploited in "limited targeted attacks," Adobe said yesterday. That phrasing generally means hackers are sending the rigged PDF documents to a short list of users, oftentimes company executives or others whose PCs contain a treasure trove of confidential information.

Adobe promised to patch the vulnerability on Tuesday, Oct. 13, the same day that Microsoft plans to issue its biggest-ever collection of security updates.

----------

McAfee Labs’ October Spam Report
Monday October 12, 2009 at 8:36 am CSTPosted by David Marcus

Cybercriminals are taking advantage of American concerns about healthcare by flooding the internet with spam. According to our October Spam Report, 70 percent of global spam is now “Canadian” pharmacy spam that takes advantage of fears of Swine Flu and rising costs of Medicare and pharmaceuticals.

Spammers generate more than 150 billion spam messages daily; that’s enough to send everyone in the world more than 30 emails every day (including people without computers). Nearly 19 out of every 20 emails are spam, and cybercriminals are growing more sophisticated with their attacks. No brands seem to be safe, and this month’s report analyzes how spammers are abusing the brands of Monopoly, The Hollywood Reporter and even the Jewish organization Chabad to distribute malware.

The report can be downloaded here.

----------

Posted at 2:00 PM ET, 10/12/2009
Avoid Windows Malware: Bank on a Live CD

http://blogs.washingtonpost.com/securityfix/

The simplest, most cost-effective answer I know of? Don't use Microsoft Windows when accessing your bank account online.

----------

Monday 10/05/09

2009-10-05T17:03:00.001-07:00

Let's start today with a bit of 'bright-and-shiny':

Microsoft Demos Prototype Multi-Touch Mice
The other day, I went on a short tour of some of Microsoft’s Labs, where they do everything from rapid prototypes of new products to acoustic testing in anechoic chambers. Most of my time was spent in the Applied Sciences group’s labs, where they are working on some seriously interesting devices.

And they’re not just into mice; in fact, the lab’s specialty seemed to be anything to do with optics and/or input. This lab worked on Project Natal, and also on the pressure-sensitive keyboard I wrote about a while back.

They were kind enough to show me all these crazy multi-touch mice, and, when I was too inept to demo even one of them solo, offered to go through them with me on video.

----------

Malware and standards – is it possible?

I am excited to be involved in the joint industry effort of defining an XML format which will allow for the rapid exchange of information between security companies. This work was done by the “Malware Working Group” operating as part of the “Industry Connections Security Group” (ICSG) and under the umbrella of the IEEE. If you Google for “IEEE” and “ICSG” you should have the link at the top of the list – IEEE ICSG .

There were about 20 people from multiple security companies who contributed to the development of the proposal for the standard and I am very pleased with the results. It is a simple, flexible and powerful format that is already being used by 4 anti-malware companies to transmit meta-data about the prevalence of malware in the field. Wider adoption of this meta-data sharing will replace the trivial malware sample exchange of the past with a real-time exchange of threat intelligence data. Communicating the relationships between malware samples, domains, IPs will open endless possibilities for improving the security of all Internet users.

For example, it will allow us to describe the whole history of domains/IPs that were used by a specific malware writing group, which malware they hosted and even how the malware got installed onto users’ computers. And this can be expressed in an unambiguous way suitable for rapid automated analysis. In a word – it’s powerful!

----------

Testing email with encryption
It can be very useful to be able to talk directly with your SMTP or IMAP server for diagnostic purposes. Things get a bit more complicated when encryption rears its ugly head, but with the right tools, it doesn't have to be a black art more…

----------

Plug-in service to protect Mozilla browser
Mozilla's Plug-in Finder Server checks the versions of installed Firefox plug-ins to warn users of security holes more…

----------

Gmail Login Gets CSRF Protection
Google has silently implemented cross-site request forgery protection for Gmail authentication. The new feature comes in the form of a unique token stored in a browser cookie and checked when the login request is submitted.

----------

Hotmail hacked: Thousands of account details published online
Zack Whittaker: Microsoft admits that several thousand Windows Live Hotmail customers' credentials were exposed on a third-party site due to a phishing scheme.

----------

DRAM error rates: Nightmare on DIMM street
Robin Harris: A two-and-a-half year study of DRAM on 10s of thousands Google servers found DIMM error rates are hundreds to thousands of times higher than thought - a mean of 3,751 correctable errors per DIMM per year.

----------

Attorney Admits to Trading Settlement Money
By NICK MCCANN
(CN) - An Orange County lawyer has agreed to plead guilty to losing virtually all of a multimillion-dollar class-action settlement through high-risk day trading, the Justice Department announced.

----------

Visa creates guidance for merchants wanting to encrypt
Dan Kaplan October 05, 2009
Visa has taken a leading role in establishing best practices for end-to-end encryption implementation.

----------

Credit Card Skimming Survey: What’s Your Magstripe Worth?
Ever wonder how much the data on the back of your credit card is worth to a corrupt food service worker? The answer, it turns out, depends on which restaurants you frequent in Florida.

For some reason, the Sunshine State is a hotbed of federal prosecutions for “skimming”, in which a retail or service worker with a criminal bent swipes your credit card through a pocket-sized magstripe reader when you’re not looking — capturing your name, card number, expiration date and other information.

In the online black market, wholesalers peddle this data to credit card counterfeiters for as much as $50 for a corporate Visa or Mastercard. (Asian and European cards go for even more.) But how much does the poor food service worker get for putting his job on the line in the first place?

----------

Hackers plan to clobber the cloud, spy on Blackberries
A new era of computing is on the rise and viruses, spies and malware developers are tagging along...

----------

60% of Brits store personal data on their phone
Over 60 percent of Brits keep sensitive personal data on their smartphone, says The Carphone...

----------

Cyber Security Awareness Month - Day 5 port 31337
Backdoors and malware and trojans oh my!

----------

Monday 09/28/09

2009-09-28T07:52:00.000-07:00

Ass Bomber
Nobody tell the TSA, but last month someone tried to assassinate a Saudi prince by exploding a bomb stuffed in his rectum. He pretended to be a repentant militant, when in fact he was a Trojan horse:

The resulting explosion ripped al-Asiri to shreds but only lightly injured the shocked prince -- the target of al-Asiri's unsuccessful assassination attempt.
...
Lewis Page, an "improvised-device disposal operator tasked in support of the UK mainland police from 2001-2004," pointed out that this isn't much of a threat for three reasons: 1) you can't stuff a lot of explosives into a body cavity, 2) detonation is, um, problematic, and 3) the human body can stifle an explosion pretty effectively (think of someone throwing himself on a grenade to save his friends).

----------

A Stick Figure Guide to AES
Nice.

----------

Ants vs. worms
Since ants are pretty good at locating and defending against enemies in the real world, a team of researchers decided to try reproducing an ant-type model on computer networks. Initial tests proved to be a success more…

----------

Internet Explorer supports free certificates
With its last update, Microsoft has added StartCom to the pre-installed root certificates in its operating system. As a result, Microsoft products (such as Internet Explorer) now accept certificates issued by StartCom without prompting the user or requiring any special configurations for the certificates. Third-party programs that use the operating system's certificate memory will also accept the certificates without asking further questions.

StartCom offers free certificates for the signing of e-mails (S/MIME) and for SSL server access, such as HTTPS. Unfortunately, with these "Class 1 certificates", the applicant's email address is generally the only thing tested.

While StartCom has been in the certificate store of Mozilla programs like Firefox and Thunderbird for some time, other issuers who offer free server certificates (such as CACert) are not currently included in the Root CA lists of commonly used programs. Users therefore have to inspect and confirm each server certificate or add the root certificate of such issuers to their certificate store.

The root certificate update is available as an option via Windows Update.

----------

Reddit Attacked by XSS Exploit
An XSS hole allowed comments to be booby-trapped with JavaScript code which posted multiple comments into the social news aggregator. The script was triggered by logged in users merely hovering the cursor over a comment. more…

----------

Belgian Government Workers Ordered to Drop Firefox and Return to IE6
The government of the Walloon Region has ordered its local administrations to ban the use of Firefox on their networks...

----------

Windows 7 reliability scorecard
Adrian Kingsley-Hughes: Since December Windows 7 has been my default OS on several systems that are in daily use. During that time I've captured a lot of real-world reliability data for the OS.
...
So, how reliable is Windows 7?

In a word, very.

...looking at a small number of shutdown issues <== ERIC SEES THESE TOO!

----------

Rampant brute-force attack against Yahoo Mail
A widespread brute-force attack against Yahoo email users aims to obtain login credentials and then use the hijacked accounts for spamming, a researcher at Breach Security disclosed last week.

Yahoo Mail's main login page utilizes a number of security mechanisms to protect against brute force attacks -- when crooks try every possible combination of username/password until they can break in -- including providing a generic "error" page that does not reveal whether it was the username or password that the user got wrong. Also, Yahoo tracks the number of failed login attempts and requires that users solve a CAPTCHA if they have exceeded a certain number of incorrect tries.

----------

Judge Orders Gmail Account Deactivated After Bank Screws Up
By Kim Zetter
September 25, 2009

A California federal judge has ordered Google to temporarily de-activate a Gmail account after a bank mistakenly sent sensitive data to the account.

U.S. District Judge James Ware also ordered Google to disclose the identity of the Gmail account holder.

----------

AT&T Cleverly Flips Google Voice Fight On Its Head
... it wasn't too surprising to see AT&T flip the Google Voice fiasco on its head by sending a letter to the FCC late last week accusing Google of anti-competitive behavior for blocking user access to FreeConferenceCall.com. In AT&T's letter, the carrier suggests this violates a looming fifth neutrality principle

----------

Phishing fraud hits two year high
Phishing attacks reached a record high during the second quarter of 2009, with 151,000 unique attacks, according to a study by brand reputation firm MarkMonitor.

----------

Computer hacker may have tapped personal data on 236,000 women in UNC mammography study By News Room Today

----------

Drudge, other sites flooded with malicious ads
Criminals flooded several online ad networks with malicious advertisements over the weekend,...

----------

http://www.nytimes.com/2009/09/27/weekinreview/27shane.html?_r=1
... those news reports masked a surprising and perhaps heartening long-term trend: Many students of terrorism believe that in important ways, Al Qaeda and its ideology of global jihad are in a pronounced decline — with its central leadership thrown off balance as operatives are increasingly picked off by missiles and manhunts and, more important, with its tactics discredited in public opinion across the Muslim world.

“Al Qaeda is losing its moral argument about the killing of innocent civilians,” said Emile A. Nakhleh, who headed the Central Intelligence Agency’s strategic analysis program on political Islam until 2006. “They’re finding it harder to recruit. They’re finding it harder to raise money.”

----------

Blast from the past: Fresh wave of targeted attacks using PowerPoint
The use of social engineering to grab attention of recipients and to deliver malware is not something novel. The latest trend in spreading malware is to manipulate a happening celebrity story, disaster or other high profile news event. The threat could be delivered as emails or poisoned search engine results which leads to malware. In the past, we have come across innumerable incidents like Michael Jackson demise or Benazir Bhutto assassination used as an arena to spread malware. Lately, we have observed an increase in the number of OLE files being used as targeted attacks against various high profile users.

----------

Microsoft buys Interactive Supercomputing, kills top product: Microsoft has purchased the assets of Interactive Supercomputing (ISC), maker of the desktop parallel computing platform Star-P. Redmond plans to discontinue Star-P but to integrate ISC's technologies into its own solutions.

----------

Google v Microsoft: Giants War Over $7.25M Deal for LA Email
latimes.com — The two tech giants are clashing over a $7.25-million contract to replace Los Angeles' outdated e-mail system. City officials have been told that Microsoft Chief Exec Steve Ballmer and Google CEO Eric Schmidt "would be more than happy to come and visit with you." More…

----------

http://www.neatorama.com/2007/01/04/the-5-smallest-countries-in-the-world/
The official languages of the Vatican City are Latin and Italian. In fact, its ATMs are the only ones in the world that offer services in Latin! And here you thought that Latin is a dead language…

----------

Cyber Security Awareness Month OCTOBER

----------

Organized Crime and Retail Theft: Facts and Myths
Small, loosely connected gangs illustrate the challenge of stopping organized retail theft.

----------

Organized Cybercrime Revealed
The shadow economy for stolen identity and account information continues to evolve.

----------

Sep 26, 10:42 am
Security Software Sales Expected to Climb
The market for security software will grow 8% in 2009, Gartner analysts predict.

----------

IRS Scam Now World's Biggest E-mail Virus Problem PC World – Fri Sep 25, 6:40 pm ET
Criminals are waging a nasty online campaign right now, hoping that their victims' fears of the tax collecter will lead them to inadvertently install malicious software.

----------

Med students' tweets, posts expose patient info
Future doctors are too frequently putting inappropriate postings and sometimes confidential patient information on social sites like Facebook and Twitter, according to a study published in the Journal of the American Medical Association.

In a survey of medical colleges, 60% reported incidents of medical students' posting unprofessional content online. Thirteen percent reported that students had violated patient confidentiality in postings on social networking sites.

The survey also showed that 39% of colleges found medical students posting pictures of themselves in which they were intoxicated, and 38% reported medical students posting sexually suggestive material. The study, published this week, surveyed deans or their counterparts at 78 U.S. medical colleges.

----------

Microsoft's Server Message Block (SMB) has been a vulnerability for years, so they introduced a new version (SMB 2). Now they recommend turning off SMB2 due to too many vulnerabilities...
http://blogs.technet.com/srd/

----------

Friday 09/25/09

2009-09-25T11:50:00.000-07:00

An analysis piece:
Categories of Common Malware Traits

----------

Mass Data Breach Law In The Crosshairs
Podcast: At the (ISC)2 Secure Boston event, a panel of legal and security experts examine the most problematic parts of Mass. 201 CMR 17 and offer a strategy for achieving both compliance and true security. (Part 1 of 2)

----------

Spammers Love Idaho the Most
September 24, 2009 — IDG News Service — No one is quite sure why, but Idaho now gets spammed a little more heavily than any other state in the U.S.

"Looking at the e-mail traffic that's being sent to business users in that particular state, 93.8 percent of all their e-mail traffic will be spam," said Paul Wood, a senior analyst with Symantec's MessageLabs group, which released research on the topic Thursday. "That's actually higher than the global spam average."

----------

Businesses Pandemic-Ready? (Survey: No.)
SEE ALSO: A Swine Flu (H1N1) Business Continuity Planning Guide

----------

China Clamps Down on Net Before 60th Anniv.
September 25, 2009 — IDG News Service — Security forces with black masks and machine guns on the streets of China's capital are just the more visible side of a security clampdown in the country this month: there is also its secretive battle to control the Internet.

The heightened security comes ahead of a massive military parade Beijing will hold in the heart of the city next week to celebrate China's 60th anniversary of communist rule, an event the government hopes will showcase the country's development and go untarnished by security threats or shows of dissent. China's newest nuclear missiles will be included in the arsenal of weapons and equipment shown off in the parade, according to state-run media.

Security measures have included a crackdown this month on online tools that help users circumvent the "Great Firewall," the set of technical measures China uses to filter the Internet, according to providers of the tools.

----------

Fingerprints Not Enough for Gov. Systems
...
Under what’s called the Next-Generation Identification (NGI) program, the FBI is looking toward replacing its current Integrated Automated Fingerprint Identification System (IAFIS) for a totally revamped biometrics system that over the years will not only be a repository for individuals’ fingerprints, but also store additional biometrics expected to include iris scans, 2D-to-3D facial imaging, palm prints, voice and DNA.
...

----------

Texas Instruments Signing Keys Broken
Texas Instruments' calculators use RSA digital signatures to authenticate any updates to their operating system. Unfortunately, their signing keys are too short: 512-bits. Earlier this month, a collaborative effort factored the moduli and published the private keys. Texas Instruments responded by threatening websites that published the keys with the DMCA, but it's too late.

So far, we have the operating-system signing keys for the TI-92+, TI-73, TI-89, TI-83+/TI-83+ Silver Edition, Voyage 200, TI-89 Titanium, and the TI-84+/TI-84 Silver Edition, and the date-stamp signing key for the TI-73, Explorer, TI-83 Plus, TI-83 Silver Edition, TI-84 Plus, TI-84 Silver Edition, TI-89, TI-89 Titanium, TI-92 Plus, and the Voyage 200.

Moral: Don't assume that if your application is obscure, or if there's no obvious financial incentive for doing so, that your cryptography won't be broken if you use too-short keys.

----------

Sears Spies on its Customers
It's not just hackers who steal financial and medical information:

Between April 2007 and January 2008, visitors to the Kmart and Sears web sites were invited to join an "online community" for which they would be paid $10 with the idea they would be helping the company learn more about their customers. It turned out they learned a lot more than participants realized or that the feds thought was reasonable.

To join the "My SHC Community," users downloaded software that ended up grabbing some members' prescription information, emails, bank account data and purchases on other sites.

Reminds me of the 2005 Sony rootkit, which -- oddly enough -- is in the news again too:

----------

After purchasing an Anastacia CD, the plaintiff played it in his computer but his anti-virus software set off an alert saying the disc was infected with a rootkit. He went on to test the CD on three other computers. As a result, the plaintiff ended up losing valuable data.

Claiming for his losses, the plaintiff demanded 200 euros for 20 hours wasted dealing with the virus alerts and another 100 euros for 10 hours spent restoring lost data. Since the plaintiff was self-employed, he also claimed for loss of profits and in addition claimed 800 euros which he paid to a computer expert to repair his network after the infection. Added to this was 185 euros in legal costs making a total claim of around 1,500 euros.

The judge's assessment was that the CD sold to the plaintiff was faulty, since he should be able to expect that the CD could play on his system without interfering with it.

The court ordered the retailer of the CD to pay damages of 1,200 euros.

----------

Flood of patches from Cisco
Cisco has published eleven security advisories concerning its IOS router operating system and the Unified Communications Manager. Attackers can reboot routers or hack into systems more…

----------

TechDirt is running a piece on Corona, CA, where officials are considering ignoring a California law that authorizes red-light cameras — cutting the state and the county out of their portion of the take — in order to increase the city's revenue. The story was first reported a week ago. The majority of tickets are being (automatically) issued for "California stops" before a right turn on red, which studies have shown rarely contribute to an accident. TechDirt notes the apparent unconstitutionality of what Corona proposes to do:

"The problem here is that Corona is shredding the Sixth Amendment of the US Constitution, the right to a trial by jury. By reclassifying a moving violation... to an administrative violation... Corona is doing something really nefarious. In order to appeal an administrative citation you have to admit guilt, pay the full fine, and then apply for a hearing in front of an administrative official, not a judge in a court. The city could simply deny all hearings for administrative violations or schedule them far out in advance knowing full well that they have your money, which you had to pay before you could appeal."

----------

Hardware: New Phoenix BIOS Starts Windows 7 Boot In 1 Second
"Phoenix is showing off a few interesting things at IDF, but the real standout is their new Instant Boot BIOS [video here], a highly optimized UEFI implementation that can start loading an OS in just under a second. Combined with Windows 7's optimized startup procedure, that means you're looking at incredibly short boot times — we saw a retrofitted Dell Adamo hit the Windows desktop in 20 seconds, while a Lenovo T400s with a fast SSD got there in under 10."

----------

Hackers pay 43 cents per hijacked Mac
A network of Russian malware writers and spammers paid hackers 43 cents for each Mac machine they...

----------

Drudge, other sites flooded with malicious ads
Criminals flooded several online ad networks with malicious advertisements over the weekend,...

----------

Russian cybergangs make the Web a dangerous place
Russian cybergangs have established a robust system for promoting Web sites that sell fake...

----------

Firefox Aims to Unplug Scripting Attacks
By Robert Lemos 06/29/2009 1 Comment
How websites can block code from unknown sources.

Sites that rely on user-created content can unwittingly be employed to attack their own users via JavaScript and other common forms of Web code. This security issue, known as cross-site scripting (XSS), can, for example, allow an attacker to access a victim's account and steal personal data.

Now the makers of the Firefox Web browser plan to adopt a strategy to help block the attacks. The technology, called Content Security Policy (CSP), will let a website's owner specify what Internet domains are allowed to host the scripts that run on its pages.

----------

Online Conspiracy Theorists Latch Onto Census GPS Units
By Kevin Poulsen
September 24, 2009

The hanging death of a Kentucky census worker is likely to raise tensions among counters in the 2010 census, who have already been the focus of emotionally charged online rhetoric this year because they use GPS.

----------

House subcommittee passes cybersecurity R&D bill
Angela Moscaritolo September 25, 2009
The Cybersecurity Research and Development Amendments Act of 2009 would require federal agencies to develop cybersecurity research-and-development plans, as well as authorize grant funding and establish a scholarship program.

----------

Wanna feel paranoid?

Up To 9 Percent Of Machines In An Enterprise Are Bot-Infected
Sep 24,2009
Most are members of tiny, unknown botnets built for targeting victim organizations

----------

Wednesday 09/23/09

2009-09-23T13:27:00.000-07:00

Cisco releases massive wave of advisories for their IOS:
http://www.cisco.com/en/US/products/products_security_advisories_listing.html

----------

September 23, 2009 12:13 PM PDT
Twitter phishing scam spreads via direct messages

----------

PCI survey finds some merchants don't use antivirus software http://cwflyris.computerworld.com/t/5740684/6339517/222172/0/

----------

First porn star apps OK'd for iPhone
You might not be able to view the Kama Sutra via your iPhone, but now you can keep tabs on a pair of adult entertainers. Read full story

----------

Microsoft to release free security software soon

----------

7 Ways Security Pros DON'T Practice What They Preach
IT security pros spend oodles of time trying to hammer best practices into the heads of fellow employees. But in an informal poll conducted by CSOonline, many admitted they don't always follow their own advice.

----------

Most Businesses READY for Flu Pandemic?
Results of a survey from the Pandemic Prevention Council finds continuity plans include H1N1 considerations in most organizations.

----------

MIT Experiement Reveals Sexual Orientation of Social Network Users
A student research project conducted in 2007 is said to reveal sexual orientation of Internet users based on social network contacts. The research project was produced as part of a course assignment that students based upon a principle that people of like interests will form relationships. There is an effort underway to publish the research findings in a scientific journal. Analysis of social networking service users is an ongoing part of the research done by Internet service providers to place meaning and context to the behavior of users for commercial purposes and to enhance the experience of users. The lack of transparency on what is being collected about users and how that information will be used is a critical part of the privacy debate.

Project 'Gaydar', Carolyn Y. Johnson, Boston Globe, September 20, 2009

----------

Maine Firm Sues Bank After $588,000 Cyber Heist
A construction firm in Maine is suing a local bank after cyber thieves stole more than a half million dollars from the company in a sophisticated online bank heist.

On Friday, Sanford, Maine based Patco Construction Co. filed suit in York County Superior Court against Ocean Bank, a division of Bridgeport, Conn. based People's United Bank. The lawsuit alleges that Ocean Bank did not do enough to prevent cyber crooks from transferring approximately $588,000 to dozens of co-conspirators throughout the United States over an eight-day period in May.
...
The complaint says the company has recovered or blocked $243,406 of the fraudulent transfers, but that it is still missing at least $345,000 in stolen funds. In addition, because Patco's available funds in its account were less than the total fraudulent withdrawals, the bank drew $223,237.83 on Patco's line of credit to cover the bogus transfers. Patco claims it has been paying interest on that amount in order to avoid being declared in default on its loans, and as a result, it is seeking recovery of interest paid to date on that line of credit.

Permalink

----------

Monopoly Sets for WWII POWs: More Information
I already blogged about this; there's more information in this new article:
Included in the items the German army allowed humanitarian groups to distribute in care packages to imprisoned soldiers, the game was too innocent to raise suspicion. But it was the ideal size for a top-secret escape kit that could help spring British POWs from German war camps.
The British secret service conspired with the U.K. manufacturer to stuff a compass, small metal tools, such as files, and, most importantly, a map, into cut-out compartments in the Monopoly board itself.

----------

Eliminating Externalities in Financial Security
This is a good thing:
An Illinois district court has allowed a couple to sue their bank on the novel grounds that it may have failed to sufficiently secure their account, after an unidentified hacker obtained a $26,500 loan on the account using the customers' user name and password.

----------

Windows 7 Bests Snow Leopard Says Mac Hacker
Charlie Miller, of Baltimore-based Independent Security Evaluators, who managed to hack Mac OS X Leopard in record time in the past, indicated that the security Apple built into Snow Leopard is inferior not only to Windows 7, but also to Windows Vista, a three-year old operating system released at the end of January 2007.
...
The difference Miller argues, according to TechWorld, is made by Address Space Layout Randomization (ASLR), a feature underdeveloped in Snow Leopard. “ASLR moves images into random locations when a system boots and thus makes it harder for shell code to operate successfully. For a component to support ASLR, all components that it loads must also support ASLR. For example, if A.EXE consumes B.DLL and C.DLL, all three must support ASLR. By default, Windows Vista will randomize system DLLs and EXEs, but DLLs and EXEs created by ISVs must opt in to support ASLR,” Microsoft reveals, and the same is valid not just for Vista, but also for Windows.

The security researcher indicated that Apple failed to introduce a fully fledged and fully functional, for that matter, ASLR in Snow Leopard. The largest problem related to ASLR according to Miller was the fact that Apple did nothing to improve the technology from Leopard to Snow Leopard. The latest versions of Mac OS X feature an ASLR that continues to ignore key components of the platform when it comes to randomization. Miller pointed out that the Snow Leopard ASLR fails to randomize the heap, the stack and the dynamic linker, delivering a wider attack surface than the ASLR in Windows Vista or in Windows 7.

----------

Windows 8 already? Early clues
Mary Jo Foley: Even though Windows 7 isn't out in the public, planning sessions were well underway for Windows 8. And of the 12 working groups created, "eight or nine revolve around management."
Special Report: Windows 7

----------

The lucrative MS08-067 flaw
Ryan Naraine: From Gimmiv to Conficker: The critical MS08-067 vulnerability used by the Conficker worm to build a powerful botnet continues to be a lucrative security hole for cyber criminals.

----------

How to save the PC
Jason Hiner: There's a simple way to avoid losing user data during an OS failure - the world's primary OS developers, Microsoft and Apple, must adopt a little trick that IT pros have been using for over a decade.

----------

IRS Scam Still Ongoing
September 22, 2009
A malicious IRS campaign has been continuing for several weeks.

----------

AV Tests Find That Reputation Really Does Count
PC World – Mon Sep 21, 6:50 pm ET
New reputation-based antivirus systems are doing a better job of blocking malicious software than did their predecessors.

----------

Time For A Quick Lesson In Why The DMCA Safe Harbors Are Important And Make Sense

----------

Survey: Most organizations struggling to secure data
Angela Moscaritolo September 23, 2009
Sixty percent of IT security professionals polled in a recent study said their organization does not have sufficient resources to become PCI compliant.

----------

Rogue AV scam targets Google users
Chuck Miller September 22, 2009
An ongoing attack on Google users is sending victims to rogue AV software sites, according to researchers at eSoft's Threat Prevention Team.

----------

Comcast Launches New DNS Health Portal
ISPs starting to fight back against OpenDNS?

In an apparent bid to lure back those customers who've made the switch to OpenDNS (along with those users' DNS redirection ad dollars), Comcast this month announced in our forums that they've launched a new portal for tracking DNS server uptime. "The new DNS cache query tool will allow customers to run queries against not only our National Domain Helper cache servers but also the No Redirect caching servers as well," says a Comcast employee. "You can also run a custom query against other third party DNS servers," they note.

----------

Monday 09/21/09

2009-09-21T09:22:00.000-07:00

Microsoft warns of support changes to Windows Server

It will retire Windows 2000 Server, end service packs for Server 2003, next July
By Gregg Keizer , Computerworld , 09/16/2009

http://www.networkworld.com/news/2009/091609-microsoft-warns-of-support-changes.html

On that same date, Windows Server 2003 and Windows Server 2003 R2 will exit mainstream support and drop into extended. To continue to receive non-security fixes, customers must enroll in Extended Hotfix Support (EHS); only customers who already have Premier Support or Software Assurance contracts are eligible. Customers on a Premier Support plan must buy into EHS within 90 days of July 13, 2010.

----------

Canada debates tech future after Nortel sale

The Canadian government will allow the sale of Nortel's business and wireless units to foreign competitors, ending the reign of one of the country's largest high-tech firms. Some analysts expressed worry the deal signals a downturn in Canada's technology industry as investments and local ownership dwindles. The Wall Street Journal (9/21)

----------

As Windows 7 approaches, PC sales get a boostDespite past trends, reports of increasing demand suggest consumers aren't waiting for the upcoming release of Windows 7 to make PC purchases. Analysts say strong marketing and upgrade offers have helped boost sales ahead of the operating system's debut in October. Computerworld/IDG News Service (9/18)

----------

Trojan outwits single-use-password securityHackers were able to steal $447,000 from the bank account of a California construction firm, even though the company was using a one-time password system. Updated Trojan malware programs allow hackers to conduct transactions in real time while the account holder is still online. Experts say security systems should have multiple components, since no one measure is perfect. MIT Technology Review (9/18)

----------

Bank of America sees steady future for IBM mainframe staff

Computerworld (9/18)

No story here, just thought I'd throw this in for Bob!

----------

FCC to issue Internet-neutrality proposal

The chairman of the Federal Communications Commission is expected to unveil a "Net neutrality" proposal today that would prevent Internet service providers from impeding certain types of traffic. Yahoo!/The Associated Press (9/20)

----------

Skype, SIPfoundry announce interoperability
Following on the heels of a similar interoperability announcement we reported on last week, Skype and SIPfoundry have announced that sipXecs has been certified as interoperable with Skype for Session Initiation Protocol. As was the case with ShoreTel, SIPfoundry is using a beta version of the Skype software. SIPfoundry is a nonprofit open source community, and the sipXecs IP PBX is free and can be downloaded by anyone. Read full story

----------

Breaking news: Dell to acquire Perot Systems for almost $4 billion
Dell Inc. announced today that the computer giant is buying Perot Systems Inc. in a transaction valued at approximately $3.9 billion. The merger is expected to close in Dell’s November-January fiscal quarter.

----------

September 18, The Register – (International) World’s nastiest trojan fools AV software.

One of the world’s nastiest password-stealing trojans evades detection by the majority PCs running anti-virus (AV) programs, according to a study that examined 10,000 machines. Zeus, a stealthy piece of malware that sits on a PC and waits for users to log in to bank websites, is detected just 23 per cent of time by AV programs, according to the study released by security firm Trusteer. Even AV programs with up-to-date malware signatures were unable to identify the infection a majority of the time, the authors said. Zeus, which also goes by the name Zbot and PRG, escapes detection using sophisticated techniques such as root-kit technology, the Trusteer report said. The company is able to detect it by examining the fingerprint Zeus leaves when it penetrates an infected PC’s browser process. A recent report estimated that Zeus is the No. 1 trojan, with 3.6 million infections in the US alone, or about 1 per cent of the installed base of PCs. Trusteer’s study, which found Zeus accounted for 44 percent of the banking malware infections, was consistent with that finding. After sneaking onto a PC, it sits quietly in the background until a user logs on to a financial website. It then sends the login credentials to a remote server in real time, sometimes by use of instant messaging programs. Of Zeus-infected machines, about 31 per cent do not run AV at all and 14 percent run AV that is out of date. The remaining 55 percent had AV programs that were up to date. Source: http://www.theregister.co.uk/2009/09/18/zeus_evades_detection/

----------

Microsoft to ship free security software soon Microsoft has told beta testers of its free antivirus software, Microsoft Security Essentials, that it will release the final version to the public soon.

In an e-mail Sunday, Microsoft thanked beta testers for their help and said that the polished edition of Microsoft Security Essentials would ship "in the coming weeks." Microsoft also urged beta testers to upgrade to the newest version of the test software to make the transition to the final as smooth as possible.

Read more...

----------

OpenID implementation works on mobile platforms
Swedish company Accumulate has implemented a version of the OpenID standard for mobile phones.

OpenID is a Web-based, single sign-on platform that lets users log in to many different sites using a user name and password via a third party. Currently it works at more than 50,000 Web sites, according to Accumulate. The new Mobile OpenID client works with devices based on Android, Nokia Series 40 and 60, Windows Mobile, BlackBerry devices and phones that support Java. There is also a browser-based client for the iPhone, and Accumulate is currently working on a native client for the Apple's smartphone.

----------

Sticker shock over data-loss prevention products could be short-lived
Data-loss prevention products can potentially save organizations a bundle by preventing the escape of sensitive information. But the six-figure starting price for a typical enterprise deployment of host and gateway-based DLP is tough for many to swallow.

The good news is that prices are expected to fall heading into next year as more vendors enter the fray and more choices for how to roll out DLP emerge.

"If you're dealing with a couple thousand seats for DLP, expect $250,000 to half a million," says Forrester Research analyst Andrew Jacquith. "But we will see price erosion because of competition."

----------

Microsoft Releases A "Fix it" Workaround For SMBv2 Vulnerability
As pointed out by several folks writing in to the ISC Handlers group, Microsoft has updated its Security Advisory 975497 - Vulnerabilities in SMB Could Allow Remote Code Execution - to include a "Fix it" workaround that makes it rather easy to disable SMBv2.

The "Fix it" links can be found in two locations:

- Microsoft Knowledge Base Article 975497

(and my personal favorite)

- The Microsoft Security Research & Defense Blog

----------

Corporate impersonation:
http://www.theyesmen.org/blog/screwed
Early this morning, nearly a million New Yorkers were stunned by the appearance of a "special edition" New York Post blaring headlines that their city could face deadly heat waves, extreme flooding, and other lethal effects of global warming within the next few decades. The most alarming thing about it: the news came from an official City report.

----------

Update on the SMB vulnerability situation

We’d like to give everyone an update on the situation surrounding the new Microsoft Server Message Block Version 2 (SMBv2) vulnerability affecting Windows Vista and Windows Server 2008.

Easy way to disable SMBv2
First exploit for code execution released to small number of companies
Mitigations that help prevent attacks
Status of fixes

----------

Friday 09/18/09

2009-09-18T13:27:00.000-07:00

HHS guts health-care breach notification law, groups warn
Privacy and civil rights advocates accused the U.S. Department of Health and Human Services of trying to neuter a landmark data breach notification law for health care organizations that is scheduled to go into effect next week.

The law would require any organization covered under the Health Insurance Portability and Accountability Act (HIPAA) to notify patients of a data breach involving their personal health information. Companies that used encryption and data destruction methodologies to render sensitive health information unusable and unreadable to unauthorized individuals were exempt from the breach notification requirement.

----------

Man gets 15 months for E-Trade skimming scam
A California man was sentenced to 15 months in prison Thursday after pleading guilty to opening tens of thousands of bogus online brokerage accounts and then pocketing the tiny test deposits made by companies like E-Trade Financial and Charles Schwab.

Michael Largent, 22, of Plumas Lake, California, pleaded guilty to two computer fraud charges in May. He had been facing a possible five-year prison sentence.

He will also pay $200,000 US in restitution to the banks and will be restricted from using computers and the Internet for three years following his release.

----------

Sophisticated botnet causing a surge in click fraud
A new botnet has caused a sharp spike in click fraud because it is skirting the most sophisticated filters of search engines, Web publishers and ad networks, according to Click Forensics.

The company, which provides services to monitor ad campaigns for click fraud and reports on click fraud incidence every quarter, said on Thursday that the botnet's architects have figured out a way to mask it particularly well as legitimate search ad traffic.

Click Forensics is calling this the "Bahama botnet" because it was initially redirecting traffic through 200,000 parked domains in the Bahamas, although it is now using sites in Amsterdam, the U.K. and Silicon Valley.

----------

Microsoft sues scareware scammers
Microsoft filed lawsuits against five companies Thursday, accusing them of using malicious advertisements to trick victims into installing software on their computers.

The company is suing DirectAd Solutions, Soft Solutions, qiweroqw.com, ote2008.info and ITmeter, saying that these companies have used ads to "distribute malicious software or present deceptive websites that peddled scareware to unsuspecting Internet users," according to a blog posting by Tim Cranton, associate general counsel with Microsoft.

----------

Software company fined for trading with the enemy
A Colorado software vendor has been fined of $14,500 on a charge of trading with the enemy for selling oil- and gas-exploration software to a company drilling in Cuba, the U.S. Department of Justice and U.S. Immigrations and Customs Enforcement announced.

In addition, Jay Leonard, president of Platte River Associates, will serve 12 months of supervised probation for unauthorized access of a protected computer in an unrelated case, the DOJ said.

----------

Misdirected spyware infects Ohio hospital
A 38-year-old Avon Lake, Ohio, man is set to plead guilty to federal charges after spyware he allegedly meant to install on the computer of a woman he'd had a relationship with ended up infecting computers at Akron Children's Hospital.

In late February 2008, Scott Graham shelled out $115 for a spyware program called SpyAgent and sent it to the woman, according to a plea agreement filed in the U.S. District Court for the Northeastern District of Ohio.

He allegedly sent the spyware to the woman's Yahoo e-mail address, hoping that it would give him a way to monitor what she was doing on her PC. But instead, she opened the spyware on a computer in the hospital's pediatric cardiac surgery department, creating a regulatory nightmare for the hospital.

----------

Firefox's Flash check drives 10M to Adobe's download
Mozilla said yesterday that Firefox's check for outdated editions of Adobe's Flash Player convinced 10 million users to go to Adobe's Web site and grab the latest software.

About a third of the Firefox users who were warned last week that they were running an old, and vulnerable, version of Flash followed the link to update the Adobe software, said Mitchell Baker, the former CEO of Mozilla and current chairman of the Mozilla Foundation.

"This is a very high response rate," said Baker in a post to her blog. "A typical response rate for this [landing] page is around 5%."

"Those results have been nothing short of awesome," echoed Johnathan Nightingale, of Mozilla's security team, in an entry on the company's security blog yesterday.

----------

Sep 17, 2:59 pm
Vista, Windows 7 Are More Secure than Snow Leopard
A prominent security researcher claims that released Snow Leopard is less secure than either Vista or Windows 7.

----------

An Amazing Laptop Recovery Story
Using remote access software, a Miami man helps cops track down and recover his two stolen laptops.

----------

Can You Catch Spam from Chat Rooms?
Spam and malware dominate comment sections of blogs and message boards, study shows.

----------

DNS Cloud Security Services Arrive
Sep 14,2009
OpenDNS offers new subscription-based secure DNS service; other vendors' DNS services to follow

----------

Why is Rogue/Fake AV so successful?
Rogue AV programs have become increasingly common in last two years. We at the SANS Internet Storm Center get messages from our readers about new rogue AV sites daily.

It is obvious that the bad guys are making (serious?) money with this scamming scheme. There are couple of things interesting about rogue AV programs...

----------

Microsoft Rushes Out Office Web Apps Preview
Today Microsoft launched a limited beta test of its Office Web Apps, the company's first public unveiling of its rival for Google's Web applications. Dubbed a 'technical preview' by Microsoft to denote that it's by invitation only, Office Web Apps will be available on the company's Windows Live site via a special 'Documents' tab. 'Tens of thousands have been invited to participate in the Technical Preview,' said a spokeswoman in a reply to questions. An analyst with Directions on Microsoft is quoted: 'This is earlier than I expected. I thought we wouldn't see this until the SharePoint conference at the end of October. Maybe the recent Google moves had some bearing on Microsoft's timing.' The reference was to Google's announcement Tuesday that it will offer online services next year, including Google Web Apps, that are specially designed for US government agencies.

----------

Standard offers best practices for ISPs to fight botnets
Chuck Miller September 17, 2009
A group charged with developing and promoting internet standards has published a new draft standard calling for measures that internet service providers can use to defeat botnets.

----------

Security considerations critical in the cloud
Angela Moscaritolo September 17, 2009
IT departments are increasingly realizing the benefits of cloud security, but businesses must ask themselves a few questions before handing over control to a third-party.

----------

Search-Engine Manipulation Evolves as Trust Abuse Grows
I revisited the topic of search-engine manipulation (a.k.a. blackhat SEO) in two recent posts. Something caught my eye while investigating cases of search-result poisoning–a shift away from tactics used by the attackers earlier in the year.

Previously, attackers mostly registered free websites to pull off their attacks. They would create a bunch of new sites, cross-link them, and use other tricks to get their pages indexed and ranked high on relevant search result pages (again, largely targeting the most popular search terms of the day, such as those found on Google Trends.) I blogged earlier in the year about how the user forum on democrats.org was leveraged to link a high-ranking site with newly created malicious sites.

It seems now that attackers are combing various elements of different attacks to achieve blackhat SEO.

----------

High-tech adoption happening faster, driving economic growth
about 17 hours ago - by John Timmer Posted in: Law & Disorder
Some economists have attempted to measure the spread of technology within various nations, and discovered it's not just our imagination: newer tech is being adopted faster, and appears to account for some of the differences in GDP growth.

----------

Songwriters want to get paid for 30-second song previews
about 19 hours ago - by Chris Foresman Posted in: Infinite Loop
Songwriters, composers, and music publishers are lobbying Congress to legislate the payment of performance fees into downloaded music. If music publishers get their way, they'll be able to extract additional licensing fees from music downloads, movies, and TV shows containing their music, and even 30-second previews.

----------

Remote exploit released for Windows Vista SMB2 worm hole
Ryan Naraine: Security researchers at penetration testing firm Immunity have created a reliable remote exploit capable of spawning a worm through an unpatched security hole in Microsoft's dominant Windows operating system.

----------

Win 7 upgrade deal: $30 for students
Mary Jo Foley: For a limited promotional period, students may purchase one copy of either Windows 7 Home Premium or Windows 7 Professional at $30 each. Bet there are more students today than yesterday.

ERIC SAYS: Any students out there that can help me grab two copies of Home Premium?

----------

Pushdo delivers downloader trojan
September 17, 2009
The downloader trojan Bredolab is being heavily spammed by the Pushdo botnet using the usual social engineering tricks.

----------

Swine Flu Near You? IPhone App Will Let You Know
Apple's increasingly popular App Store has been flooded with a wide number of applications related to Swine Flu since the initial H1N1 outbreak in March, but very few of the apps were actually useful.

----------

The History of Hacking
http://www.focus.com/fyi/it-security/history-hacking/

----------

Is It Too Much To Expect Judges In Tech Related Cases To Understand Tech?
Eric Goldman highlights yet another case where basic technology illiteracy leads a judge to make very questionable statements. In this particular case, a judge declared that because a specific phrase ("spoiled brats") was not found in the metatags of a website, someone who searched on that phrase "would likely not encounter" the page in question. Yes, the actual terms did appear on the page itself -- just not in the metatags. As Goldman notes: ...

----------

Wednesday 09/16/09

2009-09-16T11:06:00.000-07:00

Cloud security through control vs.ownership Cloud computing makes auditors cringe. It's something we hear consistently from enterprise customers: it was hard enough to make virtualization "palatable" to auditors; cloud is going to be even harder. By breaking the links between hardware and software, virtualization liberates workloads from the physical constraints of a single machine. Cloud takes that a step further making the physical location irrelevant and even obscure. Read more...

----------

Web server attacks, poor app patching make for nasty mix
In a groundbreaking study that matched attack trends with patching cycle data, some conclusions came as a shock, said Rohit Dhamankar, the director of security research at 3Com TippingPoint, which contributed real-world attack information -- acquired from its intrusion detection systems -- to the report.

"The sheer number of attacks against Web servers was surprising," said Dhamankar. "In terms of attack volume, they were almost 60% of all so far this year. Hackers are after a foothold in the corporate network, to conduct client-side attacks against visitors of the site, but also once they have that foothold, to gain much higher privileges and use those to also steal data."

----------

Company hosting Joe Wilson fundraising site recovers from DDoS attack
The attack on Piryx began Friday afternoon and lasted into the early hours of Saturday morning, temporarily disrupting a Wilson fundraising effort that was under way at that time, Piryx CEO Tom Serres said. It also knocked out services for about 150 other Piryx clients, he said.

----------

Failing to buy Emulex, Broadcom sues
Broadcom filed a patent infringement suit against networking company Emulex on Monday, just months after abandoning a nearly year-long effort to buy the company.

Broadcom on Monday filed suit in the U.S. District Court for the Central District of California alleging Emulex infringed 10 patents covering a broad range of high speed data and storage networking technologies.

----------

DHS to review report on vulnerability in West Coast power grid
The U.S. Department of Homeland Security is looking at a report by a research scientist in China that shows how a well-placed attack against a small power subnetwork could trigger a cascading failure of the entire West Coast power grid.

Jian-Wei Wang, a network analyst at China's Dalian University of Technology, used publicly available information to model how the West Coast power grid and its component subnetworks are connected. Wang and another colleague then investigated how a major outage in one subnetwork would affect adjacent subnetworks, according to an article in New Scientist.

----------

Microsoft issues XP, Vista anti-worm updates
Microsoft responded by changing Windows 7 so that the AutoPlay dialog no longer let users run programs, except when the device was a nonremovable optical drive, like a CD or DVD drive. After the change, a flash drive connected to a Windows 7 system only let users open a folder to browser a list of files.
...
Microsoft issued the updates almost three weeks ago, on Aug. 25, but did not push them to users automatically via Windows Update, or the corporate patch service Windows Server Update Services (WSUS). Instead, users must steer to Microsoft's download site, then download and install the appropriate update manually. Links to the download are included in a document posted on the company's support site.

The Windows XP update weighs in at 3MB, while the one for Vista is about 7MB.

----------

Heartland CEO: Credit card encryption needed
Credit card numbers are not now required in payment card industry guidelines to be encrypted in transit between retailers, payment processors and card issuers, Robert Carr, chairman and CEO of Heartland Payment Systems, told a U.S. Senate committee. Heartland in January announced the discovery of a data breach that left tens of millions of credit card numbers exposed to a gang of hackers.

"I now know that this industry needs to, and can, do more to better protect it against the ever-more-sophisticated methods used by these cybercriminals," Carr told the Senate Homeland Security and Governmental Affairs Committee. "I believe it is critical to implement new technology, not just at Heartland, but industrywide." The purpose of the committee hearing was, in part, to determine whether new legislation is needed to fight cybercrime.

----------

Microsoft: No TCP/IP patches for you, XP
The news adds Windows XP Service Pack 2 (SP2) and SP3 to the no-patch list that previously included only Windows 2000 Server SP4.

"We're talking about code that is 12 to 15 years old in its origin, so backporting that level of code is essentially not feasible," said security program manager Adrian Stone during Microsoft's monthly post-patch Webcast, referring to Windows 2000 and XP.

"An update for Windows XP will not be made available," Stone and fellow program manager Jerry Bryant said during the Q&A portion of the Webcast (transcript here).

----------

Unpatched Applications Are #1 Cyber Security Risk PC World – Wed Sep 16, 9:06 am ET
Unpatched client software and vulnerable Internet-facing web sites are the most serious cyber security risks for business. Lesser threats include operating system holes and a rising number of zero-day vulnerabilities, according to a new study.

----------

Internet Scammers Leap on Patrick Swayze's Death
Malware ghouls took just a few hours to begin preying on the death of actor Patrick Swayze with a new version of a familiar phony anti-virus scam.

----------

Microsoft Gives Away Free Fuzzer, Secure Development Tool
Sep 16,2009
More Security Development Lifecycle tools, ROI paper released

----------

News Flash: Data Debauchery That Happens in Vegas Doesn't Stay There
Digital ID World 2009: Organizations collect as much data as possible on people to verify their trustworthiness as a potential employee or customer. Here's why the practice isn't working.

----------

A Swine Flu (H1N1) Business Continuity Planning Guide
Concerned about the coming flu season and the impact H1N1 will have on the workforce? Here's a fear-free roundup of articles, columns and podcasts to help you keep improving your preparedness plan.

----------

Monday, September 14, 2009 10:00 AM
OffVis updated, Office file format training video created
In July, we released a beta Office file format viewer application called OffVis as a downloadable tool. We are pleased today to announce an updated version of OffVis and a 30 minute training video to help you understand the legacy Office binary file format.

----------

Data Breach Highlights Role Of 'Money Mules'
On Friday, Brunswick, Maine-based heating and hardware firm Downeast Energy & Building Supply sent a letter notifying at least 850 customers that the company had suffered a data breach. Downeast sent the notice after discovering that hackers had broken in and stolen more than $200,000 from the company's online bank account.

This type of crime is impossible without the cooperation of so-called "money mules," willing or unwitting individuals typically hired via Internet job search Web sites to act as "local agents" or "financial agents" responsible for moving money on behalf of a generic-sounding international corporation, legal experts say.The mules are then instructed to withdraw the cash and wire it via Western Union or Moneygram to fraud gangs overseas, typically in Eastern Europe.

It is not uncommon for a single cyber robbery to depend on the help of dozens of money mules:

-In mid-July, computer crooks stole $447,000 from Ferma Corp., a Santa Maria, Calif.-based demolition company by initiating a large batch of transfers from Ferma's online bank account to 39 money mules.

-Also in July, attackers stole $415,000 from Bullitt County, Ky. by sending bogus payroll deposits to more than two dozen mules.

-In May, a Texas company was robbed of $1.2 million with the assistance of nearly 40 money mules.

While essential, money mules also are frequently the weakest link in any organized cyber crime ring. Indeed, Peters said the first indications of fraud came when his chief financial officer received a phone call from a bank in Texas, asking whether the company had approved a suspicious transfer to a local resident in the amount of $9,800.
...
Ms. Durastanti said when Kenneth went to wire the money via Western Union to individuals in Ukraine, he made a small but important error.

"He put the money wire in his name and to his own name, and so the transfer came back to him. He ended up giving the money back to the bank," she said. "Thank goodness, I think his stupidity saved him."

Permalink

----------

Skein News
Skein is one of the 14 SHA-3 candidates chosen by NIST to advance to the second round. As part of the process, NIST allowed the algorithm designers to implement small "tweaks" to their algorithms. We've tweaked the rotation constants of Skein. This change does not affect Skein's performance in any way.

The revised Skein paper contains the new rotation constants, as well as information about how we chose them and why we changed them, the results of some new cryptanalysis, plus new IVs and test vectors. Revised source code is here.

The latest information on Skein is always here.

----------

Security disaster averted by financial firm's quick actions
While most of the IT world has been spared a devasting security attack like Blaster and Sasser for...

----------

Monday 09/14/09

2009-09-14T09:19:00.000-07:00

Apple missed security boat with Snow Leopard, says researcher Apple missed a golden opportunity to lock down when it again failed to fully implement security technology that Microsoft perfected nearly three years ago in Windows Vista, a noted Mac researcher said today. Read more...

----------

Windows Bug Enables PC Hijacking, Microsoft Warns
Microsoft Corp. last week confirmed that a bug in Windows Vista, Windows Server 2008, and the release candidates of Windows 7 and Windows Server 2008 R2 could be used to hijack PCs.
The vulnerability in the Server Message Block (SMB) 2 network file- and print-sharing protocol that ships with those versions of the Windows operating system was first disclosed late last Monday, when a researcher posted exploit code.

The next day, Microsoft issued a security advisory confirming the bug and the fact that it could be used to "take complete control of an affected system."

----------

NY Times warns of rogue antivirus on Web site
Online scammers have apparently found a new way to reach their marks: They've started running ads on the Web site of The New York Times.

The newspaper warned readers Sunday that so-called rogue antivirus sellers had been spotted on its Web site, NYTimes.com. Their products, often promoted by Eastern European criminal organizations, are either ineffective or actually end up infecting the computers of people who purchase them.

----------

Researchers slam fickle iPhone anti-fraud feature
The iPhone's new defense -- meant to prevent users from reaching phishing sites -- is inconsistent at best, a security researcher said today, with some users getting warnings about dangerous links, while others are allowed to blithely surf to criminal URLs.

----------

Steganography meets VoIP in hacker world
Researchers and hackers are developing tools to execute a new data-leak threat: sneaking proprietary information out of networks by hiding it within Voice-over-IP (VoIP) traffic.

----------

Apple fixes Flash snafu in Snow Leopard, patches 33 bugs in Leopard
Less than two weeks after Apple launched Snow Leopard, the company today issued the new operating system's first security update. In a separate upgrade, Apple patched 33 vulnerabilities in 2007's Leopard, and about half as many in the even older Tiger.

Today's updates were the third and fourth from Apple in the last two days.

----------

Cyber criminals targeting small businesses AP – 2 hrs 5 mins ago
WASHINGTON - Cyber criminals are increasingly targeting small and medium-sized businesses that don't have the resources to keep updating their computer security, according to federal authorities. Full Story »

----------

Trojan Hides Its Brain in Google Groups PC World – Fri Sep 11, 4:40 pm ET
Virus writers keep getting sneakier. In an effort to evade detection, they've begun hiding their command and control instructions in legitimate Web 2.0 sites such as Google Groups and Twitter.

----------

Patience Grasshopper: Wait to Update Your Jailbroken iPhone to 3.1 If you have a jailbroken iPhone and were wondering if you should update to 3.1 via iTunes, do yourself a favor and just wait a few more days.

----------

Windows autoplay behavior updated (improved)
Published: 2009-09-13

Microsoft has delivered on their promise to backport the improved autoplay behavior in Win7 to older versions of Windows. This is definitely a good thing and I for one am going to be implementing this on every system I have any sort of control over. I'd encourage y'all to do the same.
http://support.microsoft.com/kb/971029

----------

Robert Sawyer's Alibis
Back in 2002, science fiction author Robert J. Sawyer wrote an essay about the trade-off between privacy and security, and came out in favor of less privacy. I disagree with most of what he said, and have written pretty much the opposite essay -- and others on the value of privacy and the future of privacy -- several times since then.

The point of this blog entry isn't really to debate the topic, though. It's to reprint the opening paragraph of Sawyer's essay, which I've never forgotten:

Whenever I visit a tourist attraction that has a guest register, I always sign it. After all, you
never know when you'll need an alibi.

Since I read that, whenever I see a tourist attraction with a guest register, I do the same thing. I sign "Robert J. Sawyer, Toronto, ON" -- because you never know when he'll need an alibi.
Posted on September 14, 2009 at 7:24 AM

----------

Botnet discovered on Linux servers
The servers in question register with dynamic DNS services to distribute malware more…

----------

"It's frequent that we hear of a country or city or company switching from Windows to Linux, but it's rare that we hear of one third of a million employees being told to use Lotus Symphony (IBM's OO.o variant) over MS Office, and also to use the Open Document Format when saving files. The change has been mandated to take place in the next 10 days. Of course, they are doing this to illustrate that they actually offer a full-fledged alternative to Microsoft. With i4i stirring stuff up against MS Office and absolving OO.o from litigation, are we on the verge of a potential break from Microsoft's dominant document suite? Hopefully IBM supports OO.o past Sun's acquisition by Oracle instead of concentrating on Lotus Symphony."

----------

Microsoft pushes Win 7 upgrades - now
Mary Jo Foley: Windows 7's consumer launch is just over a month away. But there's no reason business users should delay their Windows 7 deployment plans, according to the company.

----------

802.11n ratified ... finally
There’s no official announcement from the IEEE yet, but confirmation of ratification has been sent to WiFi chip manufacturers.

----------

Red Light Camera Vendor Not Doing So Well With Public Opposition Driving Down Its Revenue

There's been significant growing opposition to red light camera programs, which have a long history of showing absolutely no safety benefit, and are often run for-profit by local governments in combination with private companies. That opposition is leading more and more cities and towns to dump the red light cameras -- while some operators are getting caught illegally decreasing the time of the yellow or amber lights to try to issue more fines.

Jeff Nolan alerts us to the news that one of the biggest players in the space, Redflex, has announced that public opposition to its cameras has created a real drain on revenue, and its profits were down significantly. This would be the same Redflex that just so happened to fail to live up to its contract in Denver to deliver data that could be used to determine whether or not the cameras were really effective.

----------

Steven Hoy alerts us to a story of a couple who are suing their bank, after someone masquerading as them accessed their account and transferred $26,000 to Austria. The details of the case are a bit complex, but basically, the couple claims that the bank did not live up to basic standards in authentication, and cite the Federal Financial Institutions Examination Council's claim that notes that "single-factor authentication is inadequate and calls on banks to implement two-factor systems." Thus, the argument goes, the fault was the bank's security, and thus, the bank should be liable. The judge found that to be convincing:

"In light of Citizens' apparent delay in complying with FFIEC security standards, a reasonable finder of fact could conclude that the bank breached its duty to protect Plaintiffs' account against fraudulent access.... If this duty not to disclose customer information is to have any weight in the age of online banking, then banks must certainly employ sufficient security measures to protect their customers' online accounts."

Chalk one up for those who believe "identity theft" is actually a "bank robbery."

----------

How registrars tackle domain name abuse
Some rogue registrars are happy to turn a blind eye to domain-name abuse; others are fighting back.

----------

FTC forces Sears, Kmart out of the spyware business
about 17 hours ago - by Nate Anderson Posted in: Law & Disorder
When Sears and Kmart offered visitors the chance to earn $10 by participating in some research, few realized that they would be sending even secure session browsing information to the big retailers. Now, the government has put the kibosh on this "blue light special."

----------

Cyber Crooks Target Public & Private Schools
A gang of organized cyber criminals that has stolen millions from businesses across the United States over the past month appears to have turned its sights on public schools and universities.

On the morning of Aug. 17, hackers who had broken into computers at the Sanford School District in tiny Sanford, Colorado initiated a batch of bogus transfers out of the school's payroll account. Each of the transfers was kept just below $10,000 to avoid banks' anti-money laundering reporting requirements, and went out to at least 17 different accomplices or "money mules" that the attackers had hired via work-at-home job scams.

A school employee spotted the bogus payments on the morning of the 19th, when the school district learned that $117,000 had been siphoned from its coffers by cyber crooks.

Sanford Superintendent Kevin Edgar said the school successfully reversed two of the transfers totaling $18,000, but that rest of the stolen money remains in limbo.

"We've been told that if we do get any more of these reversed, it may take 30 to 45 days to get that money back," Edgar said. Meanwhile, the school district's bank is playing hardball, insisting that the school is at fault for the unauthorized transfers.

Permalink

----------

Friday 09/11/09

2009-09-11T16:05:00.000-07:00

Twitter Tweaks Terms Of Service, “Your Tweets Belong To You”
Twitter co-founder Biz Stone just posted news on an update on changes to Twitter’s Terms of Service, “leaving the door open” for advertising opportunities, clearing the air on ownership of Tweets, and updating guidelines around Twitter’s API. Stone also mentioned that the new Terms of Service address spam and abusive behavior on Twitter.

The privacy clause about Tweets is big, considering this was a significant issue for Facebook. Twitter has deflected talk of advertising on on the platform in the past, but it seems pretty clear that they’re looking into it now as a real source of income as they strive for revenues. Stone addressed the issue of Twitter’s revenue recently, which is a complex issue.

----------

New Version of McAfee FileInsight
Thursday September 10, 2009 at 6:52 am CST

Today we released the new version 2.1 of McAfee FileInsight. You can download your free copy from the Avert Tools site. FileInsight is a handy integrated tool environment for web site and file analysis. Hex editing, syntax highlighting, and it comes with several built-in decoders, built-in calculator, a disassembler, JavaScript scripting support, a Python-based plugin system and many more.

Let’s go through some stages of an exemplary malware attack to highlight some of its analysis features – but don’t try this stunt at home, unless you know what you’re doing; a safe, isolated lab environment is absolutely mandatory for any such research work.

----------

Chinese Pharmacy Spam and Our Monthly Spam Report
Thursday September 10, 2009 at 4:58 am CST

The recent onslaught of “Chinese pharmacy” spam and the DDoS attacks that took down Twitter, Facebook, and others have caused a frenzy of speculation about the Chinese government’s involvement in spam generation and acts of cyberterrorism. McAfee’s September 2009 Spam Report debunks these rumors and gets to the root of the cause.

----------

Disney Sued For Selling The Pixar Lamp... And The Lawsuit Makes Sense

We usually focus on trademark lawsuits that make no sense at all... but effective trademark law exists to prevent confusion among consumers (i.e., it's really more of a consumer protection law, rather than an "intellectual property" law) and thus there are plenty of reasonable trademark infringement lawsuits out there. This appears to be one of them. Lamp maker Luxo is apparently suing Disney for selling real versions of Pixar's iconic computer animated lamp.

----------

A Look At The RIAA's Copyright Propaganda For Schools

It's back to school time, and our friends over at the RIAA have a blog post up excitedly talking up its special "curriculum" for teachers. But, of course, that "curriculum" is laughably biased and at times outright wrong. And it makes me wonder: why would any educational institution accept a one-sided curriculum written by the industry that's clearly designed to promote that industry's own business? Do schools use science curricula provided by Exxon or Monsanto? As for the actual content included in the curriculum (which, by the way, the RIAA links to incorrectly twice), it's almost a joke. Check out the RIAA propaganda. Fair use doesn't exist -- at all. Reading through the main document, I find not a single mention of it. But what does exist is all sorts of bogeymen about how evil file sharing is, how it exposes your hard drive to viruses and reveals your tax return info.

Oh, but the best part, is that the RIAA is pushing for a new totally made up term called "songlifting" which is the central theme of every single lesson. Sounds like "shoplifting," right? That's the idea -- though the RIAA cleverly tries to pretend that it didn't make up the word. In fact, it presents it as if it's a common term. Of course, the curriculum doesn't happen to mention the Supreme Court's Dowling decision, where the court specifically talked about how very different infringement is from "stealing." Of course, the RIAA also mentions the Grokster ruling -- but is misleading there as well, claiming that the law is clear that parents could be found liable for their kids sharing unauthorized files.

----------

Got That New iPod Nano? You Might Risk Arrest In Massachusetts

You may have heard that the new iPod Nano that was just released happens to include a voice recorder among other new features. But if you get one, you might want to be careful how you use it -- especially in certain states, such as Massachusetts. Slashdot points us to a story about a guy who was arrested in a dispute-gone-wrong with a car repair shop, but the really odd part is that beyond disorderly conduct and resisting arrest, the guy was charged with both "unlawful wiretapping and possessing a device for wiretapping." Wiretapping? In a dispute involving a mechanic? Apparently the guy had a simple Olympus digital voice recorder in his pocket, which was on during his argument with the repair shop. And Massachusetts is one of twelve states with a law that forbids taping conversations without the approval of everyone involved.

----------

Class Says AT&T Profits From Phone Thefts
By TRACEY DALZELL WALSH
BIRMINGHAM, Ala. (CN) - AT&T refuses to disable or track down stolen cell phones and allows the thieves to re-register them in a new name, a class action claims in Federal Court. The class claims AT&T aids and abets the conversion of stolen phones, profits again by making victims buy replacements, and profits again when the thieves pay fees for service after reregistering the phones.

----------

Firefox updated for security flaws
Chuck Miller September 10, 2009
The Firefox browser has been updated for four security flaws, three of which were rated as "critical."

----------

Hot or not: ActiveX vulnerabilities
Amol Sawarte, manager, Vulnerabilities Research Lab, Qualys September 11, 2009
ActiveX vulnerabilities have posed a security challenge for some time, and they're likely to be a challenge for quite some time to come.

----------

Adobe, Oracle delay quarterly patches
Adobe, which was scheduled to release the latest installment of its quarterly patches on Tuesday, instead has held off until Oct. 13. The company was set back a month after it released an out-of-cycle patch on July 31 for "critical" vulnerabilities in Reader and Acrobat. Meanwhile, Oracle announced last week that it was delaying the release of its next round of quarterly fixes from Oct. 13 to Oct. 20 to accommodate attendees of the Oracle OpenWorld conference, which runs from Oct. 11 to 15. — DK

----------

Net Hoax Convinces Germany of Fake U.S. Suicide Bombing Attempt

FRANKFURT — All of Germany was bamboozled Thursday by a bizarre scheme that tricked the country’s main wire service into reporting an attempted suicide bombing in a California town — an attack supposedly perpetrated by a non-existent rap group called the “Berlin Boys.”

The work of German filmmakers peddling a satirical movie called Short Cut to Hollywood, the elaborate hoax involved at least two faked websites, a faked Wikipedia entry and California phone numbers for “public safety” officials that actually being answered by hoaxsters in Germany using Skype.

----------

Attorneys Can See Classified Info in Coffee Table Spy Suit
By Kim Zetter
September 11, 2009

A federal judge in Washington has ordered the government to grant security clearances to lawyers on both sides of a lawsuit claiming illegal spying against a DEA agent, in a ruling that challenges the government’s long-held claim that the executive branch alone has the authority to determine who can access classified material.

----------

T-Mobile: 21 Mbps In 2010 As carrier launches the first Motorola Android phone09:03AM Friday Sep 11 2009 by Karl Bode
Earlier this week we noted how T-Mobile's quickly playing catch up with 3G network coverage after a late start. The carrier this week also announced Motorola's first Android Phone (The Cliq) during which, T-Mobile's Chief Technology Officer Cole Brodman detailed further 3G rollout plans for 2009 and 2010. By the end of 2009, T-Mobile is not only planning to match ATT's 7.2mbps HSDPA rollout with its own, but intends on overtaking ATT with a 21mbps HSDPA rollout beginning in 2010. It's not clear when T-Mobile plans to officially make the jump to LTE, which AT&T says they'll start deploying in 2011. Combined with news that T-Mobile's European parent company Deutsche Telekom is planning on massive investments in the U.S., it appears that T-Mobile's suiting up for battle.

----------

Microsoft patches gaping worm holes
Ryan Naraine: Microsoft today released a peck of patches to cover at least seven documented worm holes in the Windows operating system.

----------

Cloud ready? Most pros work from 3 or more PCs
Jason Hiner: IT workers are often some of cloud computing's biggest detractors, mostly because of their skepticism of the security and privacy implications of the cloud.

----------

Researchers slam fickle iPhone anti-fraud feature
The iPhone's newest defense -- aimed at preventing users from reaching phishing sites -- is...

----------

Hacker Hits RBS WorldPay Systems Database
Sep 11,2009
Romanian hacker says he discovered a SQL injection flaw on a WorldPay application, but RBS says no merchant or cardholder data was compromised

----------

DuPont Alleges Second Insider Breach In Two Years
Sep 09,2009
Chemical giant claims former employee was headed to China with company secrets

----------

Oops, There Goes Another DLP Vendor
In the latest sign of data-loss prevention (DLP) market consolidation, Trustwave announced it has acquired Vericept for an undisclosed amount.

----------

Spanish security firm detects 'swine flu' computer virus AFP – Fri Sep 11, 12:34 pm ET
AFP/File
MADRID (AFP) - Cyber criminals are taking advantage of swine flu fears with e-mails promising news on the illness which then infect computers with a virus, a Spanish computer security firm warned Friday.

----------

Wednesday 09/09/09

2009-09-09T11:02:00.000-07:00

7 Reasons Websites Are No Longer Safe
Many of the sites you visit regularly and think are secure are laden with data-stealing malware. Here are seven reasons why, and advice on how to protect your systems.
Read more

----------

Data Breaches: Patterns and Their Implications
What can we learn from statistical analysis of data breaches? Luther Martin digs in.
Read more

----------

Don't Worry, I Backed Up My Phone to the Cloud
Now Forrester's Robert Whitely can nuke his own phone remotely! Umm, is that good?
Read more

----------

Unpatched Microsoft Bugs Raise Red Flags
September 09, 2009 — IDG News Service —

Microsoft has released its security updates for the month of September, but a couple of unpatched flaws have some security experts wondering if the software company will be forced to release an emergency patch sometime in the month ahead.

Security researchers believe that an unpatched flaw in the SMB (Server Message Block) 2 software that ships with Windows Vista and Windows Server 2008 could turn into a major headache.

Proof of concept code showing how the bug could be leveraged to crash a Windows machine was posted Monday to the Full Disclosure mailing list by Laurent Gaffie.

----------

Microsoft Security Advisory 975497 Released
Posted Tuesday, September 08, 2009 4:35 PM by MSRCTEAM
We’ve just released Microsoft released Security Advisory 975497 that provides information about a new, irresponsibly reported vulnerability in SMB 2.0. Our investigation has shown that Windows Vista, Windows Server 2008 and Windows 7 RC are affected by this vulnerability. Windows 7 RTM, Windows Server 2008 R2, Windows XP and Windows 2000 are not affected by this vulnerability.

The Security Advisory outlines steps that Windows Vista and Windows Server 2008 customers can take to help protect themselves while we work on a security update for this issue.

----------

Assessing the risk of the September Critical security bulletins
Tuesday, September 08, 2009 9:57 AM
This morning we released five security bulletins, all of them having a bulletin maximum severity rating of Critical and two having a bulletin maximum exploitability index rating of "1" (Consistent exploit code likely). We wanted to just say a few words about each bulletin to help you prioritize your deployment this month.

----------

"Today vendors are finally releasing patches for the TCP vulnerabilities first publicized nearly a year ago that affect a huge range of networking products, including any device running a version of Cisco's IOS software, and a number of Microsoft server and desktop operating systems. Both Microsoft and Cisco released fixes for the vulnerabilities today. The Microsoft Patch Tuesday release included the fix for the TCP flaw, which affects Windows Server 2003 and 2008, as well as Windows Vista, both the 32-bit and 64-bit editions, and Windows 2000 SP4, for which no fix is coming. The TCP flaws were identified several years ago and were made public last year by two researchers at Outpost24, Jack C. Louis and Robert E. Lee. Louis, who has since died, developed a tool called Sockstress that tested for the flaw and was able to maintain extremely long-term TCP connections with remote machines using very little bandwidth."

----------

Microsoft: Patching Windows 2000 'infeasible'

----------

Future Firefox to Nag Users on Insecure Plug-ins

Mozilla says that the next version of Firefox will warn users if they are running insecure, outdated versions of the Adobe Flash Player, as part of a nascent effort to work with vendors of the most popular browser plug-ins to ensure users aren't falling behind on important security updates.

Beginning with Firefox 3.5.3 and Firefox 3.0.14, Mozilla will warn users if their Flash plugin is out-of-date. Mozilla said it is starting with Flash because if its ubiquity, but also in response to recent studies showing as much as 80 percent of users are running old versions of Flash.

----------

Demonstration of a Liquid Explosive
The BBC has a video demonstration of a 16-ounce bottle of liquid blowing a hole in the side of a plane.

----------

"Microsoft wants the engineers in its labs to manage their servers remotely, and is moving development servers from a bevy of computer rooms in labs to a new green data center about 8 miles from its Redmond campus. "I see today as a real transition point in our culture," said Rob Bernard, chief environmental strategist at Microsoft, who acknowledged that the change will be an adjustment for veteran developers but will save money and energy use. Microsoft expects its customers will run their apps remotely in data centers, and clearly expects the same of its employees."

----------

"Beijing is drawing up plans to prohibit or restrict exports of rare earth metals that are produced only in China and play a vital role in cutting edge technology, from hybrid cars and catalytic converters, to superconductors, and precision-guided weapons. A draft report by China's Ministry of Industry and Information Technology has called for a total ban on foreign shipments of terbium, dysprosium, yttrium, thulium, and lutetium. Other metals such as neodymium, europium, cerium, and lanthanum will be restricted to a combined export quota of 35,000 tonnes a year, far below global needs."

----------

US Government To Embrace OpenID, Courtesy Of Google, Yahoo, PayPal Et Al.
During the video interview with OpenID evangelist Chris Messina I recorded earlier this year at a German conference about the state of OpenID, he expressed his wish that the Obama administration would soon start to embrace the decentralized, single sign-on method as a way for citizens to engage with the U.S. government online. Four months later, it looks like his dreams are becoming reality.

Later this morning at the Gov 2.0 Summit, Federal Government CIO Vivek Kundra will talk about data.gov and other governmental transparency initiatives, and will also be making an announcement regarding the launch of a open identity initiative featuring the use of both OpenID and InfoCards in a special pilot program.

Make no mistake about it: this has the potential to change the way citizens participate in and communicate with the U.S. government.

----------

DNSSEC Secures Another Domain
Sep 08,2009
The .edu domain will adopt DNSSEC next March amid more concern over Domain Name System security

----------

Wednesday 09/02/09

2009-09-02T09:54:00.000-07:00

Five indicted in long-running cybercrime operation New York prosecutors indicted five Eastern European men in an extensive credit-card fraud operation that netted the defendants at least $4 million from some 95,000 stolen card numbers. Read more...

----------

Microsoft Security Advisory 975191 Released

New vulnerability in IIS5 and IIS6

After code released, Microsoft to patch IIS bug
One day after a security researcher published attack code for a flaw in Microsoft's IIS server software, Microsoft said it plans to patch the issue.

Microsoft also released a security advisory describing the problem and detailing technical workarounds that system administrators can implement while they're waiting for a patch. "We’re currently investigating the issue... and working to develop a security update," Microsoft said in a note on its Web site. " This update will be released once it reaches an appropriate level of quality for broad distribution."

----------

EMC to acquire e-discovery vendor Kazeon
EMC Corp. today announced it has signed an agreement to acquire privately held Kazeon Systems Inc., a provider of electronic discovery software. The deal is estimated to be valued at around $75 million.

"Becoming part of EMC is the right strategic move for us -- giving us the resources of a world-class leader in information management to effectively take our market vision to the next level. We are excited about this acquisition," Sudhakar Muddu, founder and CEO of Kazeon, said in a statement.

----------

Web hosters ordered to pay $32M for contributing to trademark infringement
In what's being called a landmark decision, a federal jury in California has found two Web hosting companies and their owner liable for contributing to trademark and copyright infringement for hosting sites selling counterfeit Louis Vuitton goods.

----------

Privacy, consumer groups want news laws to protect Web users
A coalition of 10 U.S. privacy and consumer groups has called for new federal privacy protections for Web users, including a requirement that Web sites and advertising networks get opt-in permission from individuals within 24 hours of collecting personal data and tracking online habits.

----------

VMware publishes its virtualization security guidelines
As it kicks off the second day of its VMworld conference, VMware is sharing newly published security and compliance recommendations for virtual environments. The vendor's guidelines focus primarily on optimizing use of management and security tools available from VMware parent company EMC and EMC's RSA security division.

----------

Instant messaging speeds up data theft danger
According to security company RSA, the Zeus Trojan -- blamed for enabling countless online bank account heists -- now uses an instant messaging component that alerts hackers immediately when they've captured someone's authentication credentials. That can enable fast use of time-sensitive information, such as one-time passwords now often employed in online banking.

----------

Judge won't lower $5M bail for SF IT administrator
A Bay Area man who has spent nearly 14 months in jail after refusing to hand over administrative passwords to San Francisco's city network is likely to remain incarcerated after a county judge denied his motion for reduced bail on Monday.

----------

Privacy Office approves laptop searches without suspicion at U.S. borders
The Department of Homeland Security's Privacy Office has approved the controversial searches, copying and retention of laptops, PDAs, and other digital devices without cause at U.S. borders.

Travelers could soon start seeing notices from the Privacy Office, which last week released a report supporting the right of customs agents to conduct such searches.

The 51-page Privacy Impact Assessment also supported the right of U.S. Immigration and Customs Enforcement agents to copy, download, retain or seize any content from these devices, or the devices themselves, without assigning any specific reason for doing so.

----------

Users abandon XP for Vista, Windows 7
Windows 7, increased by 0.3 of a percentage point to close the month at 1.2%

Together, all versions of Windows accounted for approximately 93% of the operating systems running machines that connected to the Internet last month.

Apple's Mac OS X, on the other hand, remained stalled -- it gained a mere 0.01 point -- to end August as it did July, with a 4.9% share.

----------

Happy Birthday, Internet!
It all started 40 years ago today, when a couple of computers were connected by a long gray cable in order to pass some data. The experiment was funded by the Advanced Projects Research Agency (ARPA) and the project was called the ARPANET. By the end of the year, four sites were connected. Today it's hundreds of millions of computers and we call it the Internet. National Geographic has a story and some video here. Wikipedia has a nice timeline for the ARPANET here.

----------

2 September 2009
Mandatory update for Microsoft Live Messenger
All users are to be updated to new versions, because Live Messenger also uses the vulnerable ATL libraries more…

----------

Court Dismisses Case Against Yahoo From Woman Upset How She Appeared In Results
Earlier this year, we wrote about a woman named Beverly Stayart, who had sued Yahoo over what she found when she did a search on her name. Her complaint was that some of the links advertised porn sites and possibly contained malware, and that this was a violation of her trademark and privacy rights.

----------

Ruling Reverses MySpace Suicide Conviction
By BILL GIRDNER
(CN) - A jury's conviction of a Missouri woman who helped create a fake MySpace account that caused a young girl's suicide has been overturned by a federal judge who found that criminalizing the MySpace terms of use would allow prosecutors much too great a latitude in putting people behind bars.

----------

Task Manager Still Working? Can You Change Your Windows Password?
We’ve heard about malware that reduce a computer’s state of security. These malware might, for instance, disable your access to the registry, lower Internet Explorer’s security configuration, delete system files, or manipulate the system’s DNS settings. Each of these steps exposes the victim to graver malware infections or system compromise.

Yesterday we ran into a Trojan that weakens the victim system’s security by making registry changes. The malware disables Task Manager, Windows Update, and toolbars in Internet Explorer. Further, it does not let you lock your machine or change your password.

----------

Is US-CERT Ready for a Cyber Attack? by Jon Oltsik
According to GAO, US-CERT may not be capable of fulfilling its mission. Yikes!

----------

Health privacy undermined: Worst breaches of 2009
Hospitals, pharmacies and health insurance companies are among the hardest hit when it comes to...

----------

Security vendor Marshal8e6: Call us M86 Security
Web and messaging security products provider Marshal8e6 this week announced a name change to M86...

----------

Microsoft vs. Chinese hacker hero
More on Tomato Garden and the arrest of Hong Lei, the author of the pirated software. Online polls show massive support for Hong Lei as a nationalist hero:

The Chinese IT community is abuzz with news of the arrest of Hong Lei, distributor of the popular “Tomato Garden” pirate version of Windows XP, which means the popular unlocked version of the Microsoft software will no longer be available.

According to Sina.com, more than 90 percent of users they surveyed are or were users of Tomato Garden pirate editions. And 79 percent said they were on Tomato Garden’s side. Less than 5 percent said they supported Microsoft.

The Wall Street Journal has some interesting interviews with people inside China concerning the case and the drivers behind the software theft.

----------

Despite Winning $675,000, RIAA Fears Defendant is File Sharing
The Recording Industry Association of America took the offensive Tuesday against a college student whom a jury concluded in July must pay $675,000 for file sharing 30 songs.

----------

Monday 08/31/09

2009-08-31T08:30:00.000-07:00

Is the Tyranny of the Mac Fan Boy Waning?
Here at TechCrunch there’s a daily argument in the office, on Yammer and even on the blog about the supremacy of the iPhone versus the Google-Voice-goodness of Android phones. I chalked it up to the usual get-off-my-lawn-style ranting of Michael Arrington, and assumed the average techie was still like MG Siegler– a total Mac-head who will love the iPhone no matter how bad the reception, how bad the battery life and how many times it breaks and he has to get a new one.

But some reporters– long harassed by Mac fan boys when they’ve dared to criticize the company (read: do their jobs) — are saying a sea change is occurring in Apple fan boy nation. Witness Jon Fortt of Fortune’s recent blog post where he says the Valley owes Microsoft an apology and compares Apple to Napoleon the pig in Animal Farm.

----------

Skype spy Trojan escapes into wild
Only days after Swiss programmer Ruben Unteregger released the source code for a Trojan he wrote...

----------

Prepare for the new upcoming 2010 AV products.
Many major security companies are about to release their new retail product for 2010. Expect some comparative reviews in the next months, check what you need and stay protected.

Some ‘2010’ products are already out on the web, but unfortunately most of them are FakeAlert
Trojans or Scareware.

Once downloaded, you see pop up windows alerting you about a malware found on your machine and asking you to buy the product. The actual problem is the software you just executed.

We have been reporting about FakeAlert Trojans before – you may remember some products named:

- “Virus Remover 2007”
- “Win AntiSpyware 2008”
- “AntiVirus VIP”
- “AntiSpyware Pro2009”

----------

Is Apple Opening a Can of Worms?
It has now been widely reported that Apple’s latest operating system, Snow Leopard contains the ability to identify two families of Mac malware–OSX/Puper and OSX/IWService–when the infectious DMG files are downloaded and mounted as part of the infection process.

There are a number of ramifications of such a move that could be discussed, but the intention of this post is to call out the possibility of this being a catalyst for more Mac malware to be created.

----------

Attorneys Are Not 'Creditors,'American Bar Association Tells FTC
By JANET MCMAHON
WASHINGTON (CN) - The American Bar Association sued the Federal Trade Commission in Federal Court, challenging its "Red Flags Rule" that includes attorneys in the Fair and Accurate Credit Transactions Act's category of "creditors." As creditors, lawyers will be required to create written identity-theft prevention programs, under an FTC final ruling whose enforcement has been repeatedly delayed.

----------

Woman Who Killed Husband Wants Benefits
By BRIDGET FREELAND
DETROIT (CN) - A woman who killed her husband demands survivor benefits through his retirement plan. Fayette Nale claims that Ford Motor Co. unfairly denied her claim because of her conviction for "voluntary manslaughter under heat of passion."

----------

UK Parliament Website Hacked
A hacker broke into the database of the UK Parliament website by exploiting an SQL injec...

----------

"Several British news sources have recently reported on the growing campaign that calls for an apology to Alan Turing for his persecution by the British government. The petition to the Prime Minister was started by John Graham-Cumming, who has also written to the Queen requesting a Knighthood for Turing, but admits that a pardon is 'unlikely,' saying, 'The most important thing to me is that people hear about Alan Turing and realize his incredible impact on the modern world, and how terrible the impact of prejudice was on him.'"

----------

On London's Surveillance Cameras
A recent report has concluded that the London's surveillance cameras have solved one crime per thousand cameras per year.

David Davis MP, the former shadow home secretary, said: "It should provoke a long overdue rethink on where the crime prevention budget is being spent."

----------

Business Software Alliance wants in on three-strikes action
August 31, 2:06 a.m. UTC - by Nate Anderson Posted in: Law & Disorder
The Business Software Alliance calls graduated response its preferred plan for dealing with online software piracy, but it wants Internet disconnections to be overseen by a judge and feature due process and a chance to appeal. Well, sort of.
Read more

----------

Colombia Says President Has Swine Flu
washingtonpost.com — Colombian President Alvaro Uribe has contracted the H1N1 swine flu virus and is being treated by doctors while continuing to work from his residence, government spokesman Cesar Velasquez said on Sunday. More…

----------

Microsoft Names Top Ten Windows Malware
PC Magazine – Fri Aug 28, 10:27 am ET
A new list of malware just came out from Microsoft based on their MSRT, or Malicious Software Removal Tool.

----------

Aug 30, 10:48 am
Facebook Users Forefeit their Security, Poll Shows
Only a third of social networkers apply the security safeguards they've been given, a security firm finds.

----------

Court ruling limits electronic searches

A federal appeals court this week ruled that government investigators cannot retain incriminating information found in electronic searches unless it is within the scope of a search warrant.

The U.S. Circuit Court of Appeals for the Ninth Circuit, in a 9-2 vote, rejected arguments by the U.S. Justice Department that it be allowed to retain and use all of the data that it seized in 2004 as part of a federal investigation into the use of illegal substances use by Major League Baseball players.

----------

Friday 08/28/09

2009-08-28T10:40:00.000-07:00

Hacker Tip #467:
Try googling for this phrase including the double-quotes:
"c:\Program Files\Belarc\Advisor"

People upload the inventory of their machines, including license codes. Ugh.

----------

Like this is news...

Attack Of The Tweets: Major Twitter Flaw Exposed
Aug 27,2009
U.K. researcher says vulnerability in Twitter API lets an attacker take over a victim's account -- with a tweet

----------

New IEEE Printer Security Standard Calls For Encryption, Authentication, Electronic "Shredding"
Aug 26,2009
Printers finally getting security attention, but locking them down depends on actual implementation, configuration, experts say

Networked printers are the oft-forgotten weak links in an organization, but a new IEEE security standard for the devices could help change that.

The so-called 2600 Profile, which includes specifications for building secure printers and a checklist for evaluating printer security using ISO's Common Criteria framework for evaluating security requirements, calls for vendors to build printers that include password protection, hard drive encryption, electronic "shredding," security logs, and separate connections for fax and network communications.

While security researchers during the past few years have poked major holes in networked printers, these devices have been a low priority for most organizations already inundated with locking down imminent threats to their servers, client machines, and Web applications. Many never even bothered to update their printer software.

----------

WPA with TKIP done
In a paper titled "A Practical Message Falsi cation Attack on WPA" researchers in Japan describe how to perform the Beck-Tews style attack against any WPA-TKIP implementation, in under a minute. The paper and upcoming presentation have already been covered in the mainstream media. Thanks to all who wrote in.

If your hardware supports it, time to consider moving to WPA with AES or WPA2.

----------

SQL Injection Attacks Across Globe Appear Linked
Three significant waves of SQL injection attacks appear to be under the control of the same source, according to one security researcher.

----------

U.K. launches privacy initiative
Recently I've been talking about identity-related initiatives from both the U.S. and Canadian...

----------

Security test prompts federal fraud alert
A sanctioned security test of a bank's computer systems had some unexpected consequences this week

----------

China game boss sniped rivals, took down Internet
An attack by a Chinese online game provider meant to cripple the servers of its rivals ballooned to...

----------

Swiss coder publicises government spy Trojan
A software engineer who created Trojans for the Swiss authorities to intercept Voice-over-IP (VoIP)...

----------

New Chinese Ministry of National Defense website suffers hacker attacks
According to the chief editor of the newly launched Chinese Ministry of National Defense website, since its opening on 20 Aug 09, the site has been under assault from a variety of different types of hacker attacks. The report notes that the attacks have not affected website operation.

----------

Verizon Wireless Phantom $1.99 Data Usage Fee
The Cleveland Plain Dealer has been doing an excellent job this week highlighting a $1.99 "data usage fee" Verizon's been imposing on wireless customers who, well, aren't using any data. An August 14 column first brought the issue some attention, when Teresa Dixon Murray noted that Verizon has been charging customers $1.99 for doing absolutely nothing.

----------

Spy Son Rats Out Mole Father
The son of a disgraced CIA agent convicted of funneling classified information to the Russians has pleaded guilty to charges of helping his imprisoned father collect overdue bills for his dad’s nefarious activities.

----------

Skype snooping trojan detected
Angela Moscaritolo August 28, 2009
Source code for a trojan, called Peskyspy, has the ability to record audio from Skype calls, convert the audio to an MP3 file, encrypt it and send it back to the attacker, according to Symantec researchers.

----------

Credit union agency warns of fake CD-ROMs
Dan Kaplan August 27, 2009
Forget the inbox: Cybercrooks also are turning to traditional mail to spread malware.

----------

Facebook to modify privacy practices after investigation
Dan Kaplan August 28, 2009
Facebook plans to refine its privacy safeguards in response to concerns by Canada's privacy commissioner.

----------

ACLU Demands Info on DHS Laptop Searches
By BARBARA LEONARD
MANHATTAN (CN) - The ACLU demands information on the Department of Homeland Security's policy on searching laptop computers at international borders. The DHS' Customs and Border Protection office announced in July that it can search electronic devices and any printed material carried by travelers regardless of whether they are suspected of anything - a statement one senator called "truly alarming."

----------

The Security Risks of Accepting Free Laptops
Weird:
The U.S. Federal Bureau of Investigation is trying to figure out who is sending laptop computers to state governors across the U.S., including West Virginia Governor Joe Mahchin and Wyoming Governor Dave Freudenthal. Some state officials are worried that they may contain malicious software.

----------

Swedish Regulators Ban Word "Bank" In Domain Names For Non-Banks

----------

Fla. man in credit card data theft accepts plea AP – 25 mins ago
MIAMI - A computer hacker accused of masterminding one of the largest cases of identity theft in U.S. history agreed Friday to plead guilty and serve up to 25 years in federal prison for his crimes.

----------

Snow Leopard Malware Protection a Growing Pain for Mac OS X
PC World – Thu Aug 27, 8:00 pm ET
Mac users have long relished the fact that malware is nearly a foreign concept to them. Yet, in a tacit acknowledgment of the growing threat of malware on the Mac platform, Apple has added some rudimentary malware protection into Snow Leopard.

----------

Wednesday 08/26/09

2009-08-26T11:40:00.000-07:00

Microsoft Expands Office Anti-Piracy Program
Permalink
Microsoft expanded its anti-piracy program this week, shipping a new software update that checks whether Office users are running a licensed or pirated version of the productivity suite.

----------

Businesses Reluctant to Report Online Banking Fraud
Permalink
A confidential alert sent on Friday by a banking industry association to its members warns that Eastern European cyber gangs are stealing millions of dollars from small to mid-sizes businesses through online banking fraud. Unfortunately, many victimized companies are reluctant to come forward out of fear of retribution by their bank.
...
In many cases, the advisory warned, the scammers infiltrate companies in a similar fashion: They send a targeted e-mail to the company's controller or treasurer, a message that contains either a virus-laden attachment or a link that -- when opened -- surreptitiously installs malicious software designed to steal passwords. Armed with those credentials, the crooks then initiate a series of wire transfers, usually in increments of less than $10,000 to avoid banks' anti-money-laundering reporting requirements.

----------

Manipulating Breathalyzers
Interesting video demonstrating how a policeman can manipulate the results of a Breathalyzer.

----------

"TrendWatch, the malware research arm of TrendMicro, has posted a white paper titled 'A Cybercrime Hub' (PDF, summary here) describing the activities of an Estonian ISP acting as a cover-up for a large cybercrime network. It's involved with malware distribution and DNS hijacking, which leads to credit card fraud. The story's interesting, and a typical internet user would be exposed in such a situation. What security measures should be taken to prevent normal users from falling victim to such malicious bodies? Note that they are represented legitimately and are offering real services like any other internet company."

----------

Snow Leopard Has Built-In Antivirus
Originating on the Intego blog, a new Snow Leopard find may indicate Macs are not so immune to malware. In fact, Apple itself seems to be taking security issues more seriously with the latest version of Mac OS X, something that doesn’t quite fall well with its latest Get a Mac ads. In its latest TV commercials, Apple continues to bash PCs for being highly unreliable and prone to getting infected by viruses, whereas the Mac is downright immune to these threats. However, the people at Intego (security compan...

----------

Newly Discovered Vulnerability Could Threaten Cisco Wireless LANs
Aug 24,2009
Flaw in Cisco Over-The-Air-Provisioning could allow attackers to gain control of wireless access points, AirMagnet researchers say

----------

IDC Report: Most Insider Leaks Happen By Accident
Aug 25,2009
Unintentional leaks may cause more damage than internal fraud, research study says

----------

Arterial, crowdsourced traffic info comes to Google Maps
August 25, 8:01 p.m. UTC - by Jacqui Cheng Posted in: The Web
You already know how to find the status of traffic on the highway, but what about regular roads? Google has added arterial road information to Google Maps in select cities and has begun using crowdsourced data to provide more live updates.
Read more

----------

Pirate Bay ISP Victim of Sabotage After Shutdown
UPDATE: Black Internet, the ISP that on Monday turned off the access to file-sharing site The Pirate Bay, says it has become the victim of sabotage.

----------

Jessica Biel Could Give You a (PC) Virus
McAfee finds that searching for the actress's name is likely to lead you to spyware, adware, malware, and more.

----------

Personal Spy Gear: Is It Ethical? Is It Legal?
From disguised video security cams to GPS tracking loggers, personal security is going high-tech. But these gadgets bring up a host of sticky ethical and legal issues.

----------

DHS report: IT sector is resilient against serious cyberattacks
A U.S. Department of Homeland Security presents scenarios in which well-chosen attacks against key IT infrastructure elements could cause disruptions on a national scale. The document also offers a surprisingly sunny assessment of the resilience and redundancies within the IT sector to mitigate the risk of such disruptions. Read more...

----------

Hackers rest over summer, pounce during Christmas
Chuck Miller August 25, 2009
Much like average American workers, hackers tend to take off during the summer -- and weekends -- but come Christmas and New Year's, they are out in full force.

----------

More Mac DNS changing malware uncovered
Dan Kaplan August 24, 2009
Despite conventional wisdom, Mac malware remains alive and well.

----------

Federal Reserve Chairman Hit By High-Tech Pickpocket Ring
Identify theft isn’t just for the little people.

Federal Reserve Board chairman Ben Bernanke and his wife are among the victims of the tech-savvy pickpocket and ID theft ring Cannon to the Wiz, Newsweek reported Tuesday.

Threat Level readers will remember that Wiz is a national ring of some 200 light-fingered scammers that kept police around the country on their toes for at least two years. The group was led by Clyde Austin Gray, Jr., 52, of Waldorf, Maryland, who went by the names “Big Head” and “Poochie.” Gray pleaded guilty in July to conspiracy to commit bank fraud in a scheme that resulted in losses of at least $2.1 million from 10 financial institutions. Nine other co-conspirators have been charged to date.

----------

New FCC Boss: We'll Defend Net Neutrality
Though vague positions and vague neutrality principles remain problematic...

----------

Brazilian Malware Writers Stumble Again
I like to pick on malware writers, especially the dumb ones as you can see here. Sometimes they’re just too big a target to ignore.

The latest round is with Brazilian malware writers again. As you are aware, some days ago the Delphi virus was discovered; we detect it as W32/Induc. So today I got a Brazilian PWS-banker malware that was infected with–guess what?–the W32/Induc delphi virus! What an irony.

Back in 2007, I wrote about something quite similar here. And, surprise, it was another Brazilian PWS-banker malware.

So, please, malware writers, repeat after me: “I must install anti-virus software. I must install anti-virus software.”

Today, you can buy a customized Brazilian PWS-banker malware for about US$50. That may explain why it is so cheaply made.

----------

Twitter Weight Loss Spam
Hundreds of Twitter accounts have been hacked and used to send spam.

----------

Monday 08/24/09

2009-08-24T11:47:00.000-07:00

August 2009 Security Bulletin Webcast Video and Customer Q and A

It is apparent that there is still a bit of confusion around the Active Template Library (ATL) issue and how current updates relate to work we have already done to provide mitigations, protections and guidance to customers. To try and provide some clarity:

Security Advisory 972890: This advisory was released in response to active attacks against the Microsoft Video ActiveX Control in order to provide guidance and mitigations (including a Microsoft Fix it solution) to customers while we worked towards an update for the underlying issue.

MS09-032 – Cumulative Update of ActiveX Kill Bits (973346): This bulletin provided an official kill bit update to replace the Microsoft Fix it solution provided by Security Advisory 972890. The update addresses additional kill bits and is also available through Microsoft update technologies such as Windows Update, Microsoft Update, and Windows Software Update Services (WSUS). This kill bit blocked the ability to instantiate the Microsoft Video ActiveX Control in Internet Explorer to mitigate against known attacks.

MS09-034 – Cumulative Security Update for Internet Explorer (972260): This bulletin provided a defense-in-depth update that helps mitigate known attack vectors within Internet Explorer. To be clear, Internet Explorer is not vulnerable to these attacks but the vulnerable components can be reached through Internet Explorer. Installing this update mitigates that threat.

MS09-035 – Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706): This update is specifically geared towards developers of components and controls who use ATL. The update addresses the underlying issue in our Visual Studio development tools. Developers who use ATL should install this update and recompile their components and controls following the guidance in this MSDN article.

MS09-037 – Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908): This bulletin provides updates for vulnerable components and controls that shipped with Windows products. These are Microsoft components and controls were built using ATL. Among the updates in this bulletin is a binary level update that addresses the vulnerability in the Microsoft Video ActiveX Control that has seen some active attacks. So we previously released a kill bit update to provide immediate protection for customers and are addressing the underlying vulnerability with this update.

Security Advisory 973882: This advisory provides information on our ongoing investigation in to the ATL issue and serves as a single source for all related information.

To be even clearer, not every ActiveX control is vulnerable and we have an ongoing investigation into this issue. We will continue to provide updates via Security Advisory 973882 and Security Bulletins as necessary.

----------

Malware Writers: Will That Be OS X, or W?
Permalink
Security researchers increasingly are finding that sites designed to trick the visitor into installing malicious software will serve different malware depending on whether the visitor arrives at the page using a Microsoft Windows PC or a Mac.

Trend Micro researcher Ivan Macalintal recently found a new variant of the dreaded DNS changer Trojan that checks to see which operating system the visitor's Web browser appears to be riding on, and then offers the appropriate Windows- or Mac-based installer. The malware was masquerading as a pirated version of Foxit Reader and several anti-virus applications.

This follows a similar finding last month by McAfee, which spotted the same tactic being used at sites that try to trick the user into installing a browser plug-in supposedly needed to view online videos: The bogus plug-in was offered as a ".exe" file for Windows visitors, and a ".dmg" installer file for those who browsed the site with a Mac.

Meanwhile, Symantec warned last week that it had detected several blogs that were advertising free, streaming online copies of movies that were just released in the theaters. The lure is once again a fake video plug-in, followed by either a Mac- or Windows-based version of the DNS Changer Trojan.

----------

Virus infects development environment
Anti-virus software vendor Kaspersky has discovered a new type of virus which infects and compromises systems running the Delphi development environment more…

----------

Radisson Hotels report significant data breach
Ryan Naraine: In an open letter to guests, Radisson chief operating officer Fredrik Korallus said the hotel chain's computer system was hacked between November 2008 and May 2009 and customer data, including credit and debit card numbers, was stolen.

----------

Swedish Court Get The Pirate Bay Taken Down
When the original ruling came out against The Pirate Bay's founders, one odd part was that there was no injunction forcing the site to stop doing anything. The entertainment industry quickly filed for one -- which seemed a bit odd, considering that the case was under appeal. The latest, however, is that a judge has ordered one of the main ISPs servicing The Pirate Bay to stop, making the site largely inaccessible. In the meantime, the gov't agency that was responsible for getting the founders to pay up has basically found that they can't find any money to collect, which aligns with what the four guys have been saying all along (that they don't own the site and don't make money from it).

----------

Just wondering who represents these guys:

Retired Football Players FileClass Action Against NFL
By TIM HULL
(CN) - Retired NFL players filed a federal class action against the league in Minneapolis, saying the NFL profits from the reputations they made before the era of multimillion-dollar salaries, while paying nothing to the retirees, many of whom are permanently injured. The six named plaintiffs include Hall-of-Famer Elvin Bethea and quarterback Dan Pastorini.

----------

Researcher details Facebook CSRF flaw
Dan Kaplan August 21, 2009
Facebook has closed a hole that enabled an attacker to retrieve personal information of users without their interacting with the site.

----------

Identity fraud ring busted in New York
Chuck Miller August 24, 2009
Members of an alleged fraud ring have been arraigned in New York, charged with stealing identities and obtaining $22 million of wireless phone equipment and services.

----------

Swiss privacy commissioner says "nein" to Google Street View
August 24, 4:04 a.m. UTC - by Eric Bangeman Posted in: Law & Disorder
Google launched Street View in Switzerland last week, and the Swiss Privacy Commissioner isn't satisfied that it will safeguard the privacy of Swiss citizens.

----------

Is Your PC Bot-Infested? Here's How to Tell As fireworks boomed on the Fourth of July, thousands of compromised computers attacked U.S. government Web sites. A botnet of more than 200,000 computers, infected with a strain of 2004's MyDoom virus, attempted to deny legitimate access to sites such as those of the Federal Trade Commission and the White House. The assault was a bold reminder that botnets continue to be a massive problem. Read more...

----------

The Art of Creating Strong Passwords

----------

U.S. Says SQL Injection Caused Major Breaches

----------

Court shuts down sites promising free government grants

----------

Lawsuit seeks to pry information from banks on account breaches

----------

Could Google be tricked into talking to botnets?

----------

Friday 08/21/09

2009-08-21T10:30:00.000-07:00

Chinese Windows XP software pirates get jail terms A Chinese court has sentenced four people to jail for pirating Microsoft's Windows XP operating system, China's state-owned media reported on Friday. Read more...

----------

ERIC SAYS - LOTS OF GOOD INFO IN THIS ARTICLE:
One-in-four hackers runs Opera to ward off other criminals
Hackers using multi-exploit attack "toolkits" take defensive measures of their own against other criminals, a security researcher said today.

"Exploit kit operators do use mainstream browsers, but they're much more likely to use Opera than the average user, because they know that the browser isn't targeted by other hackers," said Paul Royal, a principal security researcher with Atlanta-based Purewire.
While the most generous Web measurements peg Opera, a browser made by Norwegian company Opera Software, at a 2% share of the global market, 26% of the hackers who Purewire identified use the far-from-popular application.

Because of its small market share, few hackers bother to unleash exploits for Opera vulnerabilities, said Royal.

Purewire obtained this insight, and others, by infiltrating hackers' systems using a bug in the analytics software included with a pair of hacker toolkits, notably one dubbed "LuckySploit," said Royal. "We forged a 'refer' field and put in a little JavaScript," he explained, "and that revealed the hackers to us via their IP addresses."

----------

Judge: Defunct airport fast pass company can't sell customer data

----------

Swine flu battle moves to cyberspace AFP – Wed Aug 19, 4:10 pm ET
AFP
THE HAGUE (AFP) - The clock is ticking, people are dying and a flu virus is sweeping the globe -- that is the scenario of a new computer game designed to make people think about how to respond to the swine flu pandemic.

----------

Your Web Browser Knows Where You Are
Firefox and Safari on the iPhone can now report your physical location. But who are they telling?

----------

Eight Indicted For $22M Identity Theft Scam Against AT&T, T-Mobile
Aug 20,2009
Defendants allegedly hijacked customers' identities to steal millions of dollars in wireless gear

----------

Tech Insight: SQL Injection Demystified
Aug 21,2009
Attackers are using the old standby SQL injection en masse -- a look at the attack and how to protect your applications from it

----------

Botmaster: It's All About Infecting, Selling Big Batches of Bots
Aug 20,2009
Undercover Cisco researcher told the going rate for a single bot is 10- to 25 cents

----------

Rare Malware A Hint Of Threats To Come
Aug 19,2009
Researchers are spotting new forms of malware features that could signal a new generation of harder-to-kill badware

----------

Uncouth Facebook postings closing doors for job candidates
August 20, 8:07 p.m. UTC - by Jacqui Cheng Posted in: The Web
More employers than ever are researching job candidates on sites like Facebook, MySpace, and Twitter in order to find out more about their activities and character. And, it turns out, many candidates are doing a great job of showing their potential bosses poor communication skills, inappropriate pictures, and even how many workplace secrets they can leak.
Read more

----------

VMware patches holes in its products
A hole in the libpng allows crafted images to infiltrate and execute code in VMware products more…

----------

Gartner Tells Reporter: You're Not Allowed To Mention Gartner Research Without Our Permission
Rich Kulawiec alerts us to the news that Gartner (which absolutely should know better) sent a legal nastygram to a Network World blogger, Larry Chaffin, for the mortal sin of mentioning Gartner without Gartner's permission. Specifically, Gartner is claiming full control over its research reports, and saying that a reporter cannot quote them. Gartner is almost certainly wrong about this. If the information is newsworthy (and it sounds like it was), then a reporter absolutely has the right to post it. Also, Gartner seems confused about how all of this works. It first claims that posting such info was a violation of its own policy... but it's a policy that Chaffin had not agreed to.

----------

The PhilosophyOf Dogs
By ROBERT KAHN
Dogs are better philosophers than humans, of course. Dogs know how to be happy. Show me a happy philosopher.

----------

"Dirtiest" websites host average 18,000 threats
Angela Moscaritolo August 20, 2009
The most dangerous websites on the web propagate an average of 18,000 different pieces of malware.

----------

Malware designed to steal IDs increased 600 percent
Greg Masters August 20, 2009
The number of users victimized by malware specifically intended to rob personally identifiable information leapt 600 percent this year.

----------

Phishing apps found on Facebook
Chuck Miller August 20, 2009
A new round of rogue Facebook applications sends notifications that lead users to phishing sites.

----------

Former Chinese nationalist hacker causes international incident
An international controversy has broken out over an article he published on one of his websites called, the China International Strategy Net. In the article, Kang suggests that India can be removed as a competitor by intentionally encouraging separatists to bring about the collapse of the state. The statements caused such an uproar that the Indian government was forced to issue a statement saying that the relationship between China and India was peaceful.

----------

Wednesday 08/19/09

2009-08-19T08:27:00.000-07:00

Government informant is called kingpin of largest U.S. data breaches
A government informant who helped put away nearly 30 fellow hackers five years ago is considered by U.S. law enforcement officials to be the kingpin of the biggest data breaches in U.S. history.

Albert Gonzalez, 28, of Miami was indicted yesterday for the third time in connection with the data breaches. Two Russian citizens were indicted along with Gonzalez by a grand jury in New Jersey yesterday on charges of running an international scheme to steal more than 130 million credit and debit card numbers as well as personally identifying information from five companies, including Heartland Payment Systems Inc., 7-Eleven Inc. and Hannaford Bros. Co.

----------

Miami man indicted for massive credit hack
A 28-year-old Miami man was indicted Monday for the largest credit and debit card theft ever prosecuted in the U.S., with data from more than 130 million credit and debit cards stolen, the U.S. Department of Justice (DOJ) said.

Albert Gonzales, also know as segvec, soupnazi and j4guar17, was charged, along with two unnamed co-conspirators, with using SQL injection attacks to steal credit and debit card information. Among the corporate victims named in the two-count indictment are Heartland Payment Systems, a New Jersey card payment processor; 7-Eleven, the Texas-based convenience store chain; and Hannaford Brothers, a Maine-based supermarket chain.

----------

Nominum to offer DNS 'blacklist' capability
Nominum's Trusted Response and Universal Enforcement (TRUE) architecture is already in use by several ISPs supporting a combined 100 million broadband households. Nominum wouldn't identify these ISPs, but its Web site says its carrier customers include Verizon, Sprint, NTT Communications and other major industry players.

----------

Security start-up Rohati extending access-control gear to the cloud
Rohati plans to extend its on-premises capabilities to an off-premise environment to support application access control and user entitlements in cloud-based computing, says Prashant Gandhi, CEO and president of Rohati.

"It could be applied to either a public or a private cloud," said Gandhi about Rohati's strategy. "Our vision moving forward is to use our technology for trusted cloud-bursting."

----------

Bomb Threat Procedures
These are the detailed bomb threat procedures for a U.S.-based non-profit organization that promotes environmental activism and causes. A bomb threat procedure was drafted in 2000 after the organization received a threat

----------

Workplace Violence Prevention Policy Template

----------

MS09-039 exploit in the wild?
TCP port 42 is used for WINS replication. It's also interesting that the number of sources isn't that high as well.

----------

Sysinternals Procdump Updated
Sysinternals has released v1.4 that fixes a bug that was introduced in v1.3. This update fixes the compatibility problem with Windows XP and Windows Server 2003.
technet.microsoft.com/en-us/sysinternals/dd996900.aspx

----------

Forensics: Mounting partitions from full-disk 'dd' images

----------

Cisco Security Advisory: Cisco IOS XR Software Border Gateway Protocol Vulnerability

----------

Woman arrested for juicy craigslist ad targeting teen girl
August 19, 1:18 p.m. UTC - by Chris Foresman Posted in: Law & Disorder
Missouri was the first state to enact anti-cyberbullying legislation after MySpace harassment led a 13-year-old to commit suicide. Now a woman faces felony cyberbullying charges after posting a fake Craigslist ad with photos and contact information for a 17-year-old girl.
Read more

----------

Court offers guidelines on when to unmask anonymous posters
August 18, 10:35 p.m. UTC - by John Timmer Posted in: Law & Disorder
A company that was accused of software piracy has turned around and sued the anonymous tipster that first leveled the accusation, accusing the John Doe of defamation. An appeals court has ruled the case may go forward, with firm guidelines on determining whether or not to unmask the tipster.
Read more

----------

CSI Fraud: researchers craft fake DNA evidence
August 18, 7:24 p.m. UTC - by John Timmer Posted in: Nobel Intent
Researchers have demonstrated it's possible to remove all the DNA from samples like blood and saliva, and replace it with genetic material from a different individual—even when the only source of this material is a used cigarette butt. Their methodology was good enough to fool a lab that does crime-scene DNA testing.
Read more

----------

P2P Banned In Antarctica?
We know that there's been an ongoing effort by entertainment industry lobbyists to convince politicians (and others) that file sharing and P2P apps are somehow to blame for stupid government staffers accidentally leaking files via those programs. Apparently the propaganda campaign has worked in at least one area: employees of the United States Antarctic Program (USAP) were sent an alert that they need to stop using all P2P programs. The "scenarios" described in the note are the same ones that entertainment industry lobbying group Arts+Labs has been spewing for a few years now. However, rather than assume that the real lesson is that users should actually understand the software they're using on their computer, and make sure not to use it in a dumb way (such as exposing sensitive documents), the director of IT simply told everyone that while on Antarctica, they must disable any P2P apps on their computer. Hope no one there uses Skype to keep in touch with family...

----------

Ex-Secret Service Agent Loses Security Clearance
By NICK DIVITO
(CN) - A former Secret Service agent has no legal recourse to force the agency to reinstate her Top Secret security clearance after she passed counterfeit money, the Federal Circuit ruled.

----------

Facebook accused of violating privacy laws
Chuck Miller August 18, 2009
Facebook has been accused of violating California privacy laws and seeking to "disseminate private information to third-parties for commercial purposes."

----------

WSJ: AT&T Is Dying
Baby bell doesn't have many friends these days...
09:13AM Wednesday Aug 19 2009 by Karl Bode
The Wall Street Journal gives AT&T a solid one-two punch this morning, insisting that the baby bell is "dying," then proclaiming th at AT&T is "dragging down the rest of us by overcharging us for voice calls and stifling innovation in a mobile data market critical to the U.S. economy...

----------

Chinese hacker schools growing bolder
In the last few days, there have been several articles covering China’s domestic hackers and their schools. In the past, this type of recruiting activity was confined to the online world and kept out of view of the general public. Now it is popping up all over the street.

----------

Under Agreement, UBS to Give Up Over 4,000 Names
By LYNNLEY BROWNING 9 minutes ago
U.S. regulators will receive the names as part of an investigation of Americans avoiding taxes through the use of offshore accounts.

----------

Which Windows is more secure?
Ed Bott: Over the past couple years, I've been regularly checking in to measure whether Windows Vista is living up to its promise of being more secure than its predecessor, Windows XP. Now Windows 7 is added to the mix.
21 months later, Vista is still more secure than XP
Windows 7's Achilles' heel - XP Mode
Special Report: Windows 7

----------

Monday 08/17/09

2009-08-17T14:24:00.000-07:00

Miami man indicted for massive credit hack
A 28-year-old Miami man was indicted Monday for the largest credit and debit card theft ever prosecuted in the U.S., with data from more than 130 million credit and debit cards stolen, the U.S. Department of Justice said.

----------

Opinion: It's the money, stupid: Why nobody wants to be the cybersecurity czar (and why they should be happy to take the job)
Candidates should consider the benefits not of the job itself but of the prestige that comes with having held the title.

----------

Heartland CEO on Data Breach: QSAs Let Us Down
For Heartland Payment Systems Inc. CEO Robert Carr, the year did not start off well, to say the least.

Heartland CEO Must Accept Responsibility
I just read Bill Brenner's interview with Heartland Payment Systems' CEO Bob Carr [ Heartland CEO on Data breach: QSAs Let Us Down] and truthfully, my blood is boiling.

----------

Bored bureaucrat pleads guilty to passport snooping
A fifth person who has worked for the U.S. Department of State has pleaded guilty to illegally accessing passport application files stored in a computer database, the U.S. Department of Justice announced.

Kevin M. Young, 42, of Temple Mills, Md., pleaded guilty today in U.S. District Court for the District of Columbia to one count of unauthorized computer access. He is scheduled to be sentenced Dec. 9.

----------

Three indicted for hack attacks on Heartland, Hannaford
A Miami man and two Russians today were indicted by a grand jury in New Jersey on charges of conspiring to commit some of the largest data breaches in U.S. history.

Albert Gonzalez, 28, and the two still-unnamed Russian citizens are charged with running an international scheme to steal more than 130 million credit and debit card numbers along with personally identifying information from five companies, including Heartland Payment Systems Inc., 7-Eleven Inc. and Hannaford Brothers Co. The two other companies were not named in the indictment because their breaches have not yet been made public.

----------

Microsoft planned to bury XML developer, says federal judge
Microsoft knew of the patent held by i4i as early as 2001 but nevertheless set out to make the Canadian developer's software "obsolete" by adding a feature to Word, according to court documents.

The patent infringement case brought by Toronto-based i4i resulted in a $290 million judgment against Microsoft and an injunction that bars Microsoft from selling Word 2003, Word 2007 and Word for Mac 2008 in their current forms.

In a 65-page summary opinion dated Aug. 11, U.S. District Court Judge Leonard Davis said that evidence presented during the May 2009 jury trial showed Microsoft had met with i4i executives as far back as 2001, knew of the firm's patent for XML editing, and yet did nothing to guarantee that its implementation of "custom" XML would not infringe the i4i patent.

----------

Court fines man $210,000 for selling software copies
A U.S. judge has ordered a Delaware man who sold copies of software packages on an Internet auction site to pay $210,563 in damages and court costs, the Business Software Alliance (BSA) announced today.

----------

Hackers put social networks such as Twitter in crosshairs
Web sites such as Twitter are becoming increasingly favored by hackers as places to plant malicious software in order to infect computers, according to a new study covering Web application security vulnerabilities.

----------

Georgia cyberattacks linked to Russian organized crime
The cyberattacks against Georgia a year ago were conducted in close connection with Russian criminal gangs, and the attackers likely were tipped off about Russia's intent to invade the country, according to a new technical analysis, much of which remains secret.

----------

Flash Cookies Track Even Privacy-conscious Surfers, Study Finds
A new study on local shared objects, aka Flash cookes, found that they can be used to re-create deleted http cookies to track visitors.

----------

Study Touts Internet Explorer 8 As Worlds Most Secure Browser
A recent report claims that Microsoft's Internet Explorer 8 is the world's most secure browser.

----------

US tests censorship circumvention tool; Chinese shrug
August 17, 1:09 p.m. UTC - by Jacqui Cheng Posted in: The Web
A US agency is working on a system that will allow people to get around government Internet censors by using e-mail. The tool will be tested in China and Iran, where it should offer yet another option for those stuck behind the filters.
Read more

----------

Houston Starts Whole Body Imaging
The Transportation Security Administration (TSA) has announced that it will begin testing two types of advanced imaging technology at George Bush Intercontinental Airport, Houston. Millimeter wave and backscatter imaging technologies are designed to capture, record, and store detailed images of individuals undressed. Previously, the Privacy Coalition had asked that the use of the devices should be suspended pending an investigation. The House of Representatives recently passed legislation that would establish clear privacy safeguards for the devices. See also EPIC's page on Whole Body Imaging.

TSA to begin testing imaging technology at Houston airport, PR Newswire US, August 14, 2009.
EPIC on August 14, 2009 3:46 PM
Permanent link to this item.

----------

Linux kernel vulnerability fixes
Kernel developers and some Linux distributors have released fixes for the critical vulnerability in the Linux kernel disclosed last week more…

----------

Police Sue Bosses to ProtectTheir Confidential Sources
By JOE HARRIS
ST. LOUIS (CN) - The St. Louis Police Officers' Association seeks an injunction to stop the Police Department from forcing officers to reveal their sources. The union says law enforcement will suffer if officers can't promise anonymity to informants, but two officers were ordered to identity confidential informants or face discipline and possible termination.

----------

TJX Hacker Charged with Heartland, Hannaford Breaches
The constellation of hacks connected to the TJX hacker is growing.

Albert “Segvec” Gonzalez has been indicted by a federal grand jury in New Jersey — along with two unnamed Russian conspirators — on charges of hacking into Heartland Payment Systems, the New Jersey-based card processing company, as well as Hannaford Brothers, 7-Eleven and two unnamed national retailers, according to the indictment unsealed Monday. Gonzalez, a former Secret Service informant, is already awaiting trial over his involvement in the TJX hack.

Prosecutors say they’re investigating other breaches and have not ruled out Gonzalez’s involvement in even more intrusions.

----------

Scammers Love Your Money
Monday August 17, 2009 at 9:28 am CST

... I searched the French Skyrock social networking platform and discovered the photos and videos from their exploits. Each crook has his own blog entries and is attached to a gang web page were each member is listed in a friends list. They are plenty boastful. Among the group names, we have:

les banquiers arabes (the Arab bankers)
la banque africaine (the African bank)
les boucantiers de la Cote d’Ivoire (The Ivory Cost boucantiers)
les plus riches (the richest)

----------

Wednesday 08/12/09

2009-08-12T12:09:00.000-07:00

Texas Judge Rules Microsoft Can’t Sell Word Anymore

Go ahead and clean up the coffee you just spit all over your keyboard. We’ll wait. Back? OK. A judge in Texas ruled that Microsoft Word’s XML systems violate patents by Toronoto-based i4i Inc. Word uses XML in reading and writing XML, DOCX, and DOCM files.

The lawsuit alleges that MS violated i4i’s 1998 XML patent #5,787,449. The injunction will go into effect in 60 days and prevent Microsoft from selling or demonstrating Microsoft Word. MS will have to pay i4i about $290 million in damages.

----------

Your DVR Is Watching You

Back in March of 2008, Comcast's Gerard Kunkel proclaimed that Comcast was experimenting with embedding cameras in your DVR or cable box, allowing the company to know exactly who is watching what, at what time. Once a privacy backlash fired up Kunkel quickly backpedaled, but the idea of a nosy DVR may not be that far off. Light Reading explores how several cable companies are interested in a technology by Prime Sense that uses "3D-sensing" cameras to identify which users are in a room using thermal identification technology. While MSOs would probably love tailored ads based on who's in the room, early uses for this technology involve improved cable GUI and program interactivity.

----------

Google Privacy Opt Out Announced Via The Onion
by Michael Arrington on August 12, 2009
The Onion strikes again, announcing Google Opt Out today, a product that lets people opt out of Google’s information gathering activities by having their home destroyed and moving to a covered villiage complex at an undisclosed location. As always, they nail it. Video is below.

----------

Oh, By The Way: The Palm Pre Phones Home With Your Location
When Debian developer Joey Hess started tinkering with webOS, he noticed that it was sending something to Palm once a day. Surely, Palm wasn’t sending anything too potentially incriminating without making it blatantly obvious to the user, right? Wrong.

----------

Texas Judge Rules Microsoft Can’t Sell Word Anymore

Go ahead and clean up the coffee you just spit all over your keyboard. We’ll wait. Back? OK. A judge in Texas ruled that Microsoft Word’s XML systems violate patents by Toronoto-based i4i Inc. Word uses XML in reading and writing XML, DOCX, and DOCM files.

The lawsuit alleges that MS violated i4i’s 1998 XML patent #5,787,449. The injunction will go into effect in 60 days and prevent Microsoft from selling or demonstrating Microsoft Word. MS will have to pay i4i about $290 million in damages.
Read More

----------

Another Court Deals Major Blow to DVD Copying
A California appeals court on Wednesday overturned a lower court ruling that had paved the way for a $10,000 DVD copying system called Kaleidescape and other products from the company with the same name.

The 6th District Court of Appeal in San Jose, California, was the second court in two days to rule that companies are bound (.pdf) by the entire Content Scramble System licensing regime, which prevents duplicating DVDs.

A San Francisco federal judge ruled late Tuesday that RealNetworks’ DVD-copying software was a breach of the Content Scramble System license, which is required for DVDs and computers to play DVDs. The license allows DVD players to descramble the encrypted code on a DVD, but the license prohibits the duplication of a DVD. Both RealNetworks and Kaleidescape claimed a loophole in the CSS license allowed the copying of DVDs.

In both cases, Kaleidescape of Sunnyvale, California, and RealNetworks, of Seattle, claim that the CSS license issued by a partner of the motion picture studios — the DVD Copy Control Association — did not require, as the studios alleged, that a DVD be in the machine to play back the movie. Hence, a copy could be made, they claimed.

----------

Diebold Quietly Patches Security Flaw in Vote Counting Software
Premier Election Solutions, formerly Diebold, has patched a serious security weakness in its election tabulation software used in the majority of states, according to a lab that tested the new version and a federal commission that certified it.

The flaw in the tabulation software was discovered by Wired.com earlier this year, and involved the program’s auditing logs. The logs failed to record significant events occurring on a computer running the software, including the act of someone deleting votes during or after an election. The logs also failed to record who performed an action on the system, and listed some events with the wrong date and timestamps.

----------

Small businesses largely not PCI compliant
Angela Moscaritolo August 12, 2009
Though 83 percent of small businesses are familiar with the PCI DSS, just 62 are compliant, according to a recent survey.

----------

Microsoft pushes out ATL, ActiveX fixes
Dan Kaplan August 11, 2009
The software giant on Tuesday cleaned up its flawed Active Template Library, in addition to issuing a host of other patches.

----------

Top websites using Flash cookies to track user behavior
Angela Moscaritolo August 11, 2009
Little-known Adobe Flash cookies are being used by some websites to get around users' attempts to avoid being tracked by advertising networks, according to research from University of California, Berkeley.

----------

eBay mandates developer password change
Chuck Miller August 11, 2009
The giant web marketplace site eBay has warned developers of a security vulnerability, and is requiring that they change their credentials immediately.

----------

US-CERT director resigns, plans to work for RSA
The director of the Department of Homeland Security's U.S. Computer Emergency Readiness Team (US-CERT) has resigned.

Mischel Kwon has headed up US-CERT, an arm of the DHS's National Cybersecurity Division, since June 2008.

----------

19 security vulnerabilities fixed in Windows components and applications
WINS, Telnet and the Active Template Library (once more) are among the vulnerable components. The updates also eliminate critical vulnerabilities in Microsoft Office Web Components, and a DoS vulnerability in ASP.NET that cripples applications using IIS more…

----------

Lockpicking and the Internet
Physical locks aren't very good. They keep the honest out, but any burglar worth his salt can pick the common door lock pretty quickly.

It used to be that most people didn't know this. Sure, we all watched television criminals and private detectives pick locks with an ease only found on television and thought it realistic, but somehow we still held onto the belief that our own locks kept us safe from intruders.

The Internet changed that.

First was the MIT Guide to Lockpicking, written by the late Bob ("Ted the Tool") Baldwin. Then came Matt Blaze's 2003 paper on breaking master key systems. After that, came a flood of lock picking information on the Net: opening a bicycle lock with a Bic pen, key bumping, and more. Many of these techniques were already known in both the criminal and locksmith community. The locksmiths tried to suppress the knowledge, believing their guildlike secrecy was better than openness. But they've lost: Never has there been more public information about lock picking -- or safecracking, for that matter.

Lock companies have responded with more complicated locks, and more complicated disinformation campaigns.

There seems to be a limit to how secure you can make a wholly mechanical lock, as well as a limit to how large and unwieldy a key the public will accept. As a result, there is increasing interest in other lock technologies.

----------

Microsoft Knew About Bugs Two Years Ago
According to the security firm that alerted Microsoft of the flaws, Redmond was first alerted about them in 2007.

----------

Android security chief: Mobile-phone attacks coming
As smartphones become more popular, they're going to get some unwanted attention from criminals, Google Inc.'s head of Android security said today.

"The smartphone OS will become a major security target," said Android Security Leader Rich Cannings, speaking at the Usenix Security Symposium. Attackers can already hit millions of victims with a smartphone attack, and soon that number will be even larger. "Personally I think this will become an epiphany to malware authors," he said.

----------

Monday 08/10/09

2009-08-10T08:45:00.000-07:00

Code Library Bug Is Likely Patch Tuesday Target This month's Patch Tuesday release will include nine security updates, five of them "critical" and all but one affecting Windows. Read more...

----------

Hathaway Resigns From Cybersecurity Czar Post
A former Bush administration aide, she was working as cybercoordination executive for the Office of the Director of National Intelligence when she was appointed to her new role by President Obama in February. At the time, she was directed to conduct a 60-day review of cybersecurity preparedness across the federal government.

Hathaway's highly anticipated review was finished in May and called on government officials to take several steps to bolster cybersecurity. One of the main recommendations was to establish a cybersecurity office within the executive offices of the president to oversee and enforce the development and implementation of a national

----------

Security experts scramble to decipher Twitter attack
Security analysts Thursday scrambled to find a motive behind the distributed denial-of-service attacks that brought down Twitter for several hours, and also hit Facebook, Google and LiveJournal.

With little information to go on, researchers ended up speculating on who launched the attacks and why, although several agreed that Twitter's infrastructure needed immediate strengthening.

"If you monitor the hacking forums, it's clear they're pissed at Twitter," said Richard Stiennon, founder of IT-Harvest, a security research firm. "Twitter came out of nowhere. Hackers hated that. They'd been using forums and IRC to communicate, and all of a sudden, the rest of the world has their own thing in Twitter."

----------

Adobe Reader's security woes a boon for up-and-coming rival Foxit
...
Facing criticism, Adobe is aiming to release security patches more quickly.

But it's not fast enough for many companies, says one anonymous security researcher at the Black Hat conference, who told CNET this week: "As a result of the number of zero-day attacks on PDFs this year, large banks hate Adobe."

----------

Pro-Georgian blogger target of Internet attacks AFP – Fri Aug 7, 9:59 pm ET
AFP/File
SAN FRANCISCO (AFP) - Cyber assaults that temporarily derailed the websites Twitter, Facebook and LiveJournal were aimed at a pro-Georgian blogger, according to Internet security company F-Secure.

----------

Cyber Attackers Empty Business Accounts in Minutes PC World – Thu Aug 6, 3:10 pm ET
The criminals knew what they were doing when they hit the Western Beaver County School District.

----------

The Case of the Impossible Address
An IP address of 0.0.0.0 just doesn't make sense. So how did traffic for that destination get delivered to the network?

----------

Kepler telescope makes quick discovery
cnn.com — NASA scientists who put the telescope through a 10-day test after its March 6 launch said this week that Kepler is working well. Its ability to detect minute changes in light has enabled scientists to determine that a planet orbiting a distant star has an atmosphere, shows only one side to its sun and is so hot it glows. More…

----------

$60, at-home night vision gets cheaper, better
August 10, 2:56 p.m. UTC - by Ben Kuchera Posted in: Gear & Gadgets
Ars Technica takes a look at the next-generation of night-vision, in a toy. JAKKS Pacific has taken a second pass at its night vision design, making it easier to use and adding a larger screen that now takes advantage of both eyes. It's time to go ninja hunting.
Read more

----------

Facing Five Years In Prison For Posting A Photo On MySpace Wearing Gang Colors

----------

Washington Post Says Economy Is Bad... No, Good... No, Bad For Nigerian 419 Scammers

There's a fascinating article in the Washington Post about the impact of the worldwide financial crisis on Nigerian 419 scammers.

----------

Malaysia Wants To Filter The Internet, But Swears It Won't Be Used To Stop Political Dissent

Malaysia's government has had something of a love-hate affair with citizens and opposing politicians using blogs and other social media to protest the government -- and has even sent opposition bloggers they don't like to jail. So, you can imagine the concern when the government announced plans to install widespread internet filters modeled on China's fault "Green Dam" software. Not surprisingly, the government officials back the plan insist it won't be used against political targets, but just obscene material. Opponents find that hard to believe. Even if (and it's a big "if") that's the intent of the government, having it be so easy to "accidentally" start blocking opposition sites is probably too tempting for many.

----------

Group of ISPs issue tips for dealing with bots
Angela Moscaritolo August 07, 2009
One industry group is trying to help network operators help respond to bot infections.

----------

Who Needs Spy Satellites? Google Earth Pinpoints Where Missile Targeted Taliban
by Erick Schonfeld on August 10, 2009

The leader of Pakistan’s Taliban, Baitullah Mehsud, may or may not be dead after a CIA missile hits his father-in-law’s home in the remote “Zangarha area” of the country. But now we can see exactly where that missile hit, and we don’t even need access to a spy satellite. Thanks to Google Earth, we get the image above.

----------

Friday 08/07/09

2009-08-07T13:05:00.000-07:00

Microsoft to Deliver 9 Security Updates on Tuesday
Advance notice offers clues Microsoft will update software hit by deep dev bug.

----------

Critical Bug in Win7 RTM
The bug is a memory leak involving the chkdsk.exe utility. It appears when you attempt to run the program against a secondary drive using the "/r" (read and verify all file data) parameter. Windows division president Steven Sinofsky claims it is far from being a show stopper and joked about the blogosphere blowing things out of proportion. Here is his comment: http://www.wservernews.com/9VWNR1/090810-Comment

----------

--Weak Passwords Allow Congressional Web Site Defacements (August 6, 2009)

A rash of digital graffiti on the websites of at least 18 US Representatives has been blamed on weak administrative passwords established by a third party vendor. The defacements have been cleaned up and no real damage was done to the sites; some have established stronger passwords as a result of the incident. The attacks occurred during the first week of August. The House's Chief Administrative Officer Dan Beard has called for a review of the relationship with the Alexandria, Va.-based vendor, GovTrends.
http://voices.washingtonpost.com/securityfix/2009/08/hackers_target_housegov_sites.html
[Editor's Note (Weatherford): All this proves is that our jobs are never done. We've been preaching about strong passwords for years and it's a part of almost every talk I give yet people still don't get it and still believe "it can't happen to me."]

----------

--Blue Screen of Death Scareware
(August 4 & 5, 2009)
A new scareware variant exploits the pit-of-the-stomach feeling that accompanies the Windows Blue Screen of Death. The malware displays what appears to be the blue screen indicative of a Windows system crash along with an alert window urging users to download software to fix the alleged problem. The phony antivirus package is called SystemSecurity.
http://blogs.zdnet.com/security/?p=3912
http://www.theregister.co.uk/2009/08/04/bsod_scareware/

----------

Cyber attackers empty business accounts in minutes
http://cwflyris.computerworld.com/t/5618759/6339517/209987/0/

----------

What brought Twitter down
Twitter was ground to a halt Thursday by a distributed denial-of-service attack, which, Dan Fletcher explains, is one of the oldest tricks among hackers. TIME

----------

ISPs Team In Bot Cleanup
ISP group issues guidelines for how to clean up bot-infected consumers

----------

Weaponizing Apple's iPod Touch
Security expert converts popular music/movie player and browsing device into a penetration testing, hacking tool

----------

'FOCA' And The Power Of Metadata Analysis From Evil Bytes
Metadata is an interesting -- and often unrealized -- problem for anyone who uses office applications, like Microsoft Office, OpenOffice, and Adobe Acrobat.

----------

Nine U.K. Workers Fired For Tapping Into National Identity Database
Thirty-four U.K. government employees accessed Customer Information System for personal reasons, report says

----------

Adobe Reader affected by Flash Player vulnerability

In order to offer enhanced active content in PDF files, the Adobe Reader now includes the Adobe Flash Player, thus it is now necessary to update both Adobe Reader and all the individual Flash Player plugins for each browser when Adobe releases security updates for Flash.

For more information, refer to:
http://secunia.com/advisories/35948/
http://secunia.com/advisories/35949/

----------

Researcher: Microsoft may launch 'month of ATL' patches on Tuesday
http://cwflyris.computerworld.com/t/5615852/6339517/209670/0/

----------

DDoS attack that downed Twitter also hit Facebook

----------

White House Still Seeking Cybersecurity Czar PC Magazine – Wed Aug 5, 12:50 pm ET
President Barack Obama is still searching for the right person to lead the fight against an epidemic of cybercrime, the White House said on Tuesday as it came under fire following the resignation of a top cybersecurity adviser.

----------

Inside Job: 8 Companies That Got Burned by Rogue IT Workers
Many call them rogue IT staffers, others might consider them IT heroes, and some are still innocent until proven guilty. But whatever the name or intention, these tech-savvy employees wreaked havoc at their organizations — and paid a price.

----------

Recruiters Post Fake Jobs, Sell Your Resume
Analysis: There is a nice cottage industry going on now in this area — see what happens when we make up three resumes of fake people.

----------

Kevin Mitnick Seeks Refuge From Hackers
FRAMINGHAM - Kevin Mitnick, the ex-hacker turned security consultant, is such a high-profile target himself that the Web-hosting firm he was using finally told him it wouldn't host Web pages for him anymore.

"They kicked me off," Mitnick says, noting he doesn't begrudge Hostedhere.net, which he used for five years. But after a number of break-ins that targeted the former hacker, "they decided it wasn't cost-effective to keep me around," Mitnick says, adding, "I'm a target," mostly for those who want to play "king of the hill" by hacking someone once known as a notorious hacker.

----------

Storing text docs in XML may run afoul of Microsoft patent
August 7, 6:08 p.m. UTC - by John Timmer Posted in: One Microsoft Way
At the same time that Microsoft was pushing for the adoption of an XML-based file format for documents, it had a patent pending that would cover most uses of XML for word processing files.
Read more

----------

August 2009 Advance NotificationPosted Thursday, August 06, 2009 10:07 AM by MSRCTEAM

Advance Notification for the August 2009 Security Bulletin Release
In this month’s Advance Notification we are making customers aware that next Tuesday August 11th we plan to release 9 security bulletins at approximately 10:00 a.m. PDT (UTC -8). Those bulletins consist of:

· 8 bulletins affecting Windows five of which are rated critical and three are rated as important.
o One of the critical Windows bulletins also affects Client for Mac.
o One of the important Windows bulletins also affects the .NET Framework.
· One critical bulletin affecting Microsoft Office, Microsoft Visual Studio, Microsoft ISA Server and Microsoft BizTalk Server. This update addresses the issue discussed in security advisory 973472.

Concerning restart requirements, all of the updates for Windows will require a restart except one (this is the update also affecting the .NET Framework). The Office related bulletin may require a restart if the binaries being updated are in use. To reduce your chances of requiring a restart, please see Knowledge Base article 887012.

----------

Russia-Georgia Conflict Blamed for Twitter, Facebook Outages
The theories behind who and what attacked Twitter and Facebook yesterday -- causing intermittent outages at each -- are flying like so many tweets across the Internet. The prevailing theory suggests that the outage was due to a cyber skirmish stemming from simmering tensions between Russia and Georgia.

CNet and CNN place blame for the incident on an elaborate, politically motivated vendetta timed to coincide with the one year anniversary of the Russia-Georgia war, a brief but costly skirmish in August 2008 accompanied by cyber attacks on Georgian government Web sites. In short: the outage at Twitter (and to a lesser extent Facebook & LiveJournal) was due to an effort to silence an anti-Russian blogger from Tbilisi who has been calling attention to a recent resurgence of tensions in the region.

Continue reading this post »

----------

Naming trick opens mail servers
Spammers with access to an exploited host's DNS configuration can smuggle their junk ads through badly configured mail servers simply by using the name "localhost" more…

----------

Wednesday 08/05/09

2009-08-05T08:40:00.000-07:00

DEFCON: Danger from automatic updates Security experts Itzik Kotler and Tomer Bitto have presented a new tool known as Ippon at hacker conference DEFCON. They plan to make the tool available as a download in the near future. Ippon compromises the automatic update mechanisms used by many different applications. It fools applications, such as Adobe Reader, Alcohol 120, Notepad++ and Skype into thinking that an update is available. In an attack scenario, rather than containing an update, the file passed to the relevant application contains a trojan or rootkit. http://www.h-online.com/security/DEFCON-Danger-from-automatic-updates--/news/113911

----------

Malware, oversharing lead Marines to ban social networks
August 4, 4:10 p.m. UTC - by Jacqui Cheng Posted in: The Web
IT managers frequently voice their concerns about people's careless behavior online, but the US Marine Corps have taken it a step further by completely blocking Facebook and its ilk from its network.
Read more

----------

Accused domain thief faces jail time for "stealing" P2P.com
August 4, 12:17 a.m. UTC - by Chris Foresman Posted in: The Web
Domain name thieves have, until now, generally gotten away with their crimes. But the arrest of a domain name thief in New Jersey could set a precedent for future criminal prosecution of domain thieves.
Read more

----------

China starting to worry about its own hackers
The picture seen above is an advertisement for a Chinese hacker training course. Now I know many of you are struggling to process this information; something seems wrong with the picture. The reason your brain is having trouble with the image, is that it is located in a place called, the “outdoors”. Like me, many of you spend way too much time online and this poster is horribly out of place.

----------

Hacking the DefCon 17 Badges

----------

Feds at DefCon Alarmed After RFIDs Scanned
Kevin Manson, a former senior instructor at the Federal Law Enforcement Training Center in Florida, was sitting on the “Meet the Fed” panel when a DefCon staffer known as “Priest,” who prefers not to be identified by his real name, entered the room and told panelists about the reader.

----------

Benchmarks: Windows 7 RTM versus Vista, XP
ZDNet Germany put Microsoft's newest operating system to the test and found that the change from Vista to Windows 7 is like releasing a car's handbrake. The early signs are that Windows 7 will enjoy a much better take-up than Vista.

----------

Update: Mozilla patches six Firefox vulnerabilities

ERIC: We need to discuss updating Firefox inside the boundaries.

----------

Report rips Microsoft over Bing's sponsored online drug ads Microsoft profits by selling online ads on its search engine to criminal gangs running pharmaceutical Web sites that offer medication to people without a proper prescription, according to a new study. Read more...

----------

Apple keyboard firmware vulnerability demonstrated Macworld.com – 2 hrs 35 mins ago
Apple may have rolled out a security patch for the iPhone SMS vulnerability demonstrated at last week’s Black Hat security conference, but it wasn’t the only Apple device under attack. One hacker demonstrated a way that a keylogging application—a piece of malware that keeps track of what you type—could be installed in the firmware of Apple’s keyboards.

----------

After Links to Cybercrime, Latvian ISP Is Cut off PC World – Wed Aug 5, 2:40 am ET
A Latvian ISP linked to online criminal activity has been cut off from the Internet, following complaints from Internet security researchers.

----------

White House still seeking cybersecurity czar

----------

Web Surfers Forced to Choose Security or Anonymity
Practicing "safe surfing" can derail attempts to cruise the Internet anonymously.

----------

Switch hardening on your network
So here are some of the things we did to start with on the switches:

Default passwords - change the default passwords on the device, all of them, not just the one on the account being used. A number of switches have multiple built in accounts, some of which are easily forgotten.

SNMP v3 - if the device supports it used it, otherwise use a nice long comunity string, just be aware that it will be compromised and at least read access to the device will be gained.

Logging - Use centralised logging of switch activities.

AAA - Create a management group in AD, place those that need access to the devices in the group and then use Radius to authenticate users. This does make access as good as the password used by staff, but you can also use tokens to authenticate. Shouldn't be much of a problem as people generally don't need to log into switches anyway.

Backup userid/password - if using AAA authentication make sure you have a local userid or password that can be used in case the radius servers aren't available.

Management VLAN - Many switches support a management VLAN so configure it and then use ACL to control access to this VLAN. This just takes the management function of the main network and makes life harder for the pentester.

Network Segmentation - Set up VLANs to segregate your network segments, then use ACLs to control traffic flows between them (Note: use with care as this is easy to get wrong). Also for network segments of different security requirements such as a DMZ, use a different physical switch, don't just VLAN them off.

Labeling of Ports - Not really a security measure as such, but many switches allow you to name ports. This means that with a simple show command you can see which port is your uplink, downlink, etc. Comes in handy when the diagram is missing or out of date. Of course this does mean that if someone compromises the device they know what to target.

SSH /Telnet - Use SSH v2, disable telnet.

Web interface - If you need it use SSL, otherwise disable it. Unfortunately many switches still need you to mange the device using multiple interface as not all the functionality is available from every interface.

TFTP - well if you really, really need it, but at least configure the location that is valid.
Management IPs - Many switches allow you to configure the management IP addresses for the device. Configure these and you make life harder for attackers.

Couple of updates:

Port Security - 802.1x port security may be a bit much for you, but you can still do a few things on most switches, such as preventing ports from learning more than 1 mac address, assigning mac addresses to ports.

Dynamic VLAN - Allocate the VLAN dynamically and if the user doesn't match place them on a holding VLAN.

NTP - I had logging and in my head that included time synchronisation, but someone pointed out that it would be better to spell it out

Monitoring - Ports that receive 10x the usual traffic may need a closer look

----------

How to Evaluate, Compare and Implement Enterprise Antivirus
Performance counts, but CISOs and analysts say it's not by any means the only point for comparison
Read more

----------

Researchers: XML Security Flaws are Pervasive
Permalink
"XML is being used in so many different things we're doing on the Web today," Schmidt said. "So it's a big deal when something goes wrong with something that's Internet-facing that so many people depend upon."

----------

HD DVD returns and kicks Blu-ray
Robin Harris: Toshiba has licensed its HD DVD to China and it will be the unit world leader in HD optical technology in just 12 months. One reason is that the CBHD disks cost a quarter of Blu-ray.

----------

Monday 08/03/09

2009-08-03T12:08:00.000-07:00

New features can open up Cisco IOS to hackers
New features embedded in Cisco IOS like VoIP and Web services -- which could be enabled by default -- can present an opportunity for hackers, according to this story in SearchSecurity.com. A security researcher at this week's Black Hat conference in Las Vegas delivered a presentation in which he outlined ways hackers can infiltrate Cisco routers through these new IOS features.

----------

Some IT skills hot, even in down economy
Foote Partners’ latest analysis shows that pay for 28 IT skills and certifications is on the rise, while 46 skills and certifications saw a decrease in pay in Q2.

----------

Recession no reason to neglect IT workforce, Gartner says
Gartner survey shows companies continue to put hiring and staff development on hold, despite specific skills being in demand.

----------

IT cost management must: Chargeback
Forrester Research report details why IT chargeback practices and technologies will become mandatory for most IT organizations.

----------

'MonkeyFist' Launches Dynamic CSRF Web Attacks
Researchers release tool that automates cross-site request forgery attacks

----------

Researcher Uncovers Massive, Sophisticated Trojan Targeting Top Businesses
Trojan may already have infected hundreds of thousands of PCs, botnet expert says

----------

Metasploit Meterpreter For Mac Coming Soon From Evil Bytes
Meterpreter is by far one of the most powerful and most advanced payloads included in the Metasploit Framework. It's been the joy of penetration testers and the bane of incident responders and until now, it's only been a payload targeted at Windows systems, while Mac users have dodged a bullet. But that won't be the case for much longer...

----------

McAfee Buys Cloud Security Provider MX Logic For $140 Million
Acquisition expands McAfee's security software-as-a-service offerings

----------

· Ban on peer-to-peer software for contractors, government in the works
Rep. Edolphus Towns (D-N.Y.) said he plans to introduce a bill that would ban the use of peer-to-peer software on all government and contractor computers and networks.

Towns, chairman of the Oversight and Government Reform Committee, held a hearing July 30 about the security issues associated with peer-to-peer software.

Possible information leaks about the electronics for the president’s Marine One helicopters and financial information belonging to Supreme Court Justice Stephen Breyer onto the peer-to-peer network LimeWire make such a ban necessary, Towns said. “LimeWire does not deny those reports but claims that recent changes to the software prevent inadvertent file sharing,” Towns said.

----------

Microsoft kills Windows 7E, puts IE back in upcoming OS http://cwflyris.computerworld.com/t/5597713/6339517/208277/0/

----------

Remote BIND 9 DoS Vulnerability Patched
A new, remotely exploitable denial-of-service (DoS) vulnerability affecting BIND Version 9 was reported by ISC on July 28. It’s also reported that exploits have been seen in the wild. Because BIND is widely used, these attacks can affect many critical infrastructures. Here’s a little description of the problem.

The vulnerability exists in the DNS dynamic-update request message. Dynamic update (RFC 2136) was implemented in DNS to deal with constantly updating DNS records in various DNS servers. The individual DNS servers can send update messages back to the DNS zone master so that the master record can remain current. Each update message should contain at least a zone record, a prerequisite record, and an update record. The zone record specifies which zone the update message is for. Only the zone master can update the record for itself. The prerequisite record specifies the condition in which the server should check before updating, and the update record contains the updated record.

----------

Security analyst: Las Vegas ATMs may have malware
The U.S. Secret Service said on Monday it is investigating a group of ATM machines in Las Vegas...

----------

Report: Chinese hackers deface Melbourne film festival site
The organizer of 2009 Melbourne International Film Festival shuts down online ticket sales after...

----------

Fast-Food FAIL: Drive-Thru Displays Point-of-Sale LAN Info
Rick Lawhorn went to a local fast-food chain one recent evening and found a potential security...

----------

Black Hat 2009: How to hack a parking meter
How to hack a San Francisco parking meter: This is how a San Francisco parking meter should look; a...

----------

Times Takes Aim At 15-Second Voicemail Cash Cow
David Pogue of the New York Times last week raised a simple but interesting point about the short messages carriers tack on to the end of your voicemail greeting. In most instances, after your pre-recorded greeting, the alerts tell a caller to your voicemail inane things like "at the tone, please record your message" (Verizon) or "when you are finished, you may hang up" (AT&T). Pogue notes these aren't just there for convenience, but --and this may surprise you about the wireless industry -- to milk consumers out of money:

These little 15-second waits add up–bigtime. If Verizon’s 70 million customers leave or check messages twice a weekday, Verizon rakes in about $620 million a year...In 2007, I spoke at an international cellular conference in Italy. The big buzzword was ARPU–Average Revenue Per User. The seminars all had titles like, “Maximizing ARPU In a Digital Age.” And yes, several attendees (cell executives) admitted to me, point-blank, that the voicemail instructions exist primarily to make you use up airtime, thereby maximizing ARPU.

----------

Apple patches iPhone text message vulnerability
Dan Kaplan August 03, 2009
A much hyped SMS vulnerability in the Apple iPhone has been fixed -- one day after details of the bug were presented at the Black Hat conference in Las Vegas.

----------

College Says It Owns Global Disease Monitor
By BARBARA LEONARD
WASHINGTON (CN) - Georgetown College sued two former employees who refuse to give up their patent rights to inventions for "Project Argus," a federally funded project for "technology capable of supporting a worldwide biosurveillance system" that can detect outbreaks of disease before they become pandemics.

----------

Spammer Discovers His Insurance Policy Doesn't Cover $6 Million Spam Fines

Scott Richter was a bigtime spammer, who was so proud of being a spammer, at one point he planned to release his own line of "Spamking" clothing (seriously). In 2005, though, he filed for bankruptcy (even though it appeared his spamming operations were still rolling in cash. That same year, there were reports that Richter had actually gone legit and he was actually removed from the infamous ROKSO list of known spammers (not an easy list to get removed from). Except... sometimes it's just difficult to stay away. MySpace sued Richter in 2007 and won a $6 million award against him (though, Richter claimed victory since MySpace wanted much more).

Now, Michael Scott alerts us to the news that Richter tried to have his insurance company pay the fines, but a court has now said that these fines were excluded from the policies, and thus Richter is on the hook for the fines instead. That seems like a good thing. It would be pretty troubling if spammers were able to buy insurance against getting fined.

----------

Announcing OffVis 1.0 Beta
We’ve gotten questions from security researchers and malware protection vendors about the binary file format used by Microsoft Word, PowerPoint, and Excel. The format specification is open and we have spoken at several conferences (1, 2, 3) about detecting malicious docs but we wanted to do more to help defenders. So earlier this year we started working on an Office Visualization Tool called “OffVis”. We first shared the tool with our MAPP partners in May and have now released it as a no-charge download from the Microsoft Download Center for everyone to benefit from this work. We have also recorded a 30-minute training video that describes the file format. We will announce the video here on the blog when it is ready to be released.

OffVis displays an OLESS-based binary files in two ways. It shows a hex view of the raw file contents on the left side of the window and the tree of objects built up from parsing those raw file contents on the right side of the window.
...

----------

Hidden gay slur, search terms, get campaign site blacklisted
August 3, 5:23 p.m. UTC - by Nate Anderson Posted in: Law & Disorder
US Senator Kay Bailey Hutchison is running for governor of Texas, but her new campaign website has already managed to get itself blocked from Yahoo and Google. Stuffing a site with 2,000+ hidden search terms, including "rick perry gay," is a good way to get the wrong kind of attention.
Read more

----------

Friday 07/31/09

2009-07-31T11:15:00.000-07:00

Interesting Security program for iPhone:
http://www.phoenixfreeze.com/
Uses Bluetooth on your iPhone or Blackberry & on your laptop to login or lock the console, depending on your range from the computer.

----------

Cisco Security Advisory: Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities

----------

Symantec's Strategy: Are Customers Getting What They Need?
CSO Senior Editor Bill Brenner talks to Symantec VP Francis deSouza about the vendor's latest strategy to address customer concerns over compliance, DLP and cloud security (podcast).
Read more

----------

First Family Safe House Details Leak Via P2P
Details about a U.S. Secret Service safe house for the First Family -- to be used in a national emergency -- were found to have leaked out on a LimeWire file-sharing network recently, members of the House Oversight and Government Reform Committee were told this morning.

Also unearthed on LimeWire networks in recent days were presidential motorcade routes and a sensitive but unclassified document listing details on every nuclear facility in the country, Robert Boback, CEO of Tiversa Inc. told committee members.

The disclosures prompted the chairman of the committee, Rep. Edolphus Towns, (D-N.Y.), to call for a ban on the use of peer-to-peer (P2P) software on all government and contractor computers and networks. "For our sensitive government information, the risk is simply too great to ignore," said Towns who plans to introduce a bill to enforce just such a P2P ban.

----------

Black Hat 2009: More Holes in Web's SSL Security Protocol
Security researchers have found some serious flaws in software that uses the SSL (Secure Sockets Layer) encryption protocol used to secure communications on the Internet.

At the Black Hat conference in Las Vegas on Thursday, researchers unveiled a number of attacks that could be used to compromise secure traffic travelling between Web sites and browsers.

----------

Wired: Military may ban Twitter, Facebook

----------

eBay told it can't use core Skype tech, attempts workaround
July 31, 3:59 p.m. UTC - by Jacqui Cheng Posted in: Software
Technology from Joltid currently powers Skype's P2P connections, but perhaps not for long. Skype has revealed that it's working on an alternative to Joltid's software thanks to a licensing dispute between the two companies, but notes that such a switch could still be detrimental to the service.
Read more

----------

Over 1 billion served: Firefox passes download milestone

----------

Windows 7 Family Pack and Anytime Upgrade pricing unveiled
Microsoft today announced that the Family Pack for Windows 7, which allows you to upgrade three PCs to Windows 7 Home Premium, will cost $149.99 in the US ($199.99 in Canada), which is a savings of about $200 for the three upgrade licenses. A Microsoft spokesperson told Ars the company didn't have pricing details for any country other than the US and Canada. The Windows 7 Family Pack will be available on October 22, 2009, the day of general availability date of Windows 7, until supplies in the US and other select markets.

----------

DeKalb GA Police Officers Suspended After President Obama Background Check

Officers Ryan White and C.M. Route have been suspended following their use of a police computer to run a background check on President Obama. The computer, inside of a police car, was used to access the National Crime Information Center database managed by the FBI. Databases that are engineered to support data-mining present significant challenges to privacy rights because of the potential for their abuse and misuse. The NCIC has also faced challenges from privacy and civil liberties advocates because Federal Privacy Act requirements of accuracy do not apply.
Officers Run Background Check On Obama; Placed on Leave, WSBTV, July 29, 2009

----------

Cheerleader Sues Coach Over Accessing Personal Facebook Account

A high school cheerleader claims that her coach demanded that she provide access information to a personal Facebook account. The coach is said to have used that access to logon and then shared content from the account with other school officials. The student was punished by school officials due to what the student claimed was information found on her Facebook account. The student is suing the school, and teacher for violations of her Constitutional rights of privacy, free speech, and association.

Cheerleader sues school, coach after illicit Facebook log-in

----------

Following the Money: Rogue Anti-virus Software
By its very nature, the architecture and limited rules governing the Web make it difficult to track individuals who might be involved in improper activity. Cyber-sleuths often must navigate through a maze of dead-end records, pseudonyms or anonymous corporations, usually based overseas. The success rate is fairly low.

Even if you manage to trace one link in the chain -- such as a payment processor or Web host -- the business or person involved claims that he or she was merely providing a legal service to an unknown client who turns out to be a scammer.

But every so often, subtle links between the various layers suggest a more visible role by various parties involved. This was what I found recently, when I began investigating a Web site name called innovagest2000.com.

Permalink

----------

More information about Microsoft's ATL problems
Following the release of two emergency patches last Tuesday, more background information about the critical holes in the Active Template Library (ATL) has come to light more…

----------

Landlord-Tenant Battle Takes Tweet Libel Twist
By MATTHEW HELLER
A first-of-its-kind defamation lawsuit over a Chicago apartment renter's 16-word Twitter post appears to be the poisonous fruit of a tenant-friendly housing ordinance that landlords say punishes them unfairly for petty violations. more

----------

Researchers simulate a botnet of 1 million zombies
Angela Moscaritolo July 31, 2009
Computer scientists working for the U.S. Department of Energy announced this week that they have been able to create a simulated botnet consisting of more than one million machines.

----------

Adobe updates Flash Player for 10 vulnerabilities
Angela Moscaritolo July 30, 2009
Adobe on Thursday issued a security update for Flash Player and AIR to address a number of critical vulnerabilities which could potentially allow an attacker to take control of the affected system.

----------

Black Hat: Clampi banking trojan spreading rapidly
Dan Kaplan July 30, 2009
A newly revealed banking trojan is considered one of the biggest threats on the internet because of the way it can quickly spread.

----------

Security Camera Hack Conceals Heists Behind Dummy Video
LAS VEGAS — Technology has caught up with Hollywood heist films in a new hack being demonstrated at DefCon Friday, which involves hijacking IP video streams and seamlessly replacing them with new content.

In its simplest form, the hack — conducted with two free tools developed by researchers at Sipera Systems’ Viper Lab — allows someone to intercept and copy video from IP surveillance cameras to spy on the secured premises. But it would also allow the hacker to replace a legitimate video stream with a bogus stream, permitting a thief or corporate spy to enter an office while the security guard sees only a still-image of an empty room on his monitor.

“There are tools that can prevent this outright, but when you don’t have security in place, you can run these types of attacks,” said Jason Ostrom, director of Viper Lab. “Most of the enterprises we see don’t have the security controls in place.”

----------

Anti-theft software could create security hole
AP – Thu Jul 30, 7:50 pm ET
LAS VEGAS - A piece of anti-theft software built into many laptops at the factory opens a serious security hole, according to research presented Thursday.

The "Computrace" software, made by Vancouver-based Absolute Software Corp., is part of a subscription service that's used to find lost or stolen computers. Many people don't know it's on their machines, but it's included in computers from the biggest PC makers.

----------

'MonkeyFist' Launches Dynamic CSRF Web Attacks
Jul 30,2009
Researchers release tool that automates cross-site request forgery attacks

----------

Overview of the out-of-band release
Today we released Security Advisory 973882 and with it, two out-of-band security bulletins. These updates are MS09-034 (an Internet Explorer update) and MS09-035 (a Visual Studio update). At this time for customers who have applied MS09-032 we are not aware of any “in the wild” exploits that leverage the vulnerabilities documented in 973882 and MS09-035. However, MS09-034 and MS09-035 work together to build further defenses against the known vulnerabilities in ATL.

...

----------

Windows 7 Ultimate on sale for $1
Oh my, Chinese hackers may have cracked Windows 7. No need to connect to Microsoft activation server...

According to other articles, this cert has been revoked.

----------

Crisis communications: A primer for teams (Part 1)
When problems strike, organizations need clear lines of communications that have been established through careful functional analysis, documented thoroughly, tested in multiple realistic trials, and improved repeatedly to reflect reality. In my white paper on "Computer Security Incident Response Team Management," which was integrated into Michael Miora's chapter on that subject in the Computer Security Handbook, 5th Edition (Wiley, 2009; Bosworth, Kabay & Whyne, eds), I wrote, "The CSIRT should include members from every sector of the organization; key members include operations, facilities, legal staff, public relations, information technology, and at least one respected and experienced manager with a direct line to top management."

...

----------