Irish Data Theft Affects 31,500
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=317778&taxonomyId=17&intsrc=kc_top
DUBLIN — The Bank of Ireland last week admitted that the unencrypted personal details of 31,500 customers — three times as many as it first disclosed — went missing with the theft of four laptops last year.
ISPs, Web sites must tackle piracy, says Viacom chief
Article on "metal theft". Electric companies' wires, cell phone towers, any kind of metal left unattended is being stolen and scrapped for the raw metal recycling cost:
http://www2.csoonline.com/article/221225
Who Killed My Hard Drive? - 5/6/2008 5:45:00 PM University study examines the causes and costs of hard drive failure
New Spam Attack Exploits Edunet Servers - 5/5/2008 5:35:00 PM Exploit demonstrates creativity, but little damage caused so far, BitDefender says
Hackers in the House - 5/5/2008 5:15:00 PM New social network for hackers lets white hats share and job-hunt
U.S. special counsel's office raided
Who watches the watchers, indeed!
Investigators: Missouri Governor Accused of Trying to Destroy Evidence
Independent investigators on Monday alleged that Gov. Matt Blunt or his top aides ordered state computer technicians to destroy copies of e-mail messages that might have been politically damaging. The accusations came in a 26-page lawsuit (pdf) filed in Cole County Circuit Court by Mel Fisher, the former head of the Missouri Highway Patrol, who is leading the investigation into the Blunt administration’s handling of public records.
Investigators accuse Blunt administration of trying to delete backup computer tapes to avoid disclosure of office e-mails, Kansas City Star, May 5, 2008.
Posted by EPIC on May 06, 2008.Permanent link to this item.
digg_url = 'http://isc.sans.org/diary.html?storyid=4397&rss';
More on automated exploit generation
SQL Injection Worm on the Loose (UPDATED x2)
State Department Loses Hundreds of Laptops
Oops:
As many as 400 of the unaccounted for laptops belong to the department’s Anti-Terrorism Assistance Program, according to officials familiar with the findings.
Bet you anything those laptops weren't encrypted.
Posted on May 06, 2008 at 12:21 PM • 27 Comments •
View Blog Reactions
Microsoft today finally released Service Pack 3 for Windows XP users. The update should now be offered via both Windows Update or Automatic Updates. The company was expected to release it last week, but pulled the plug at the last minute due to a compatibility problem with an obscure product they offer.
Senate quizzes gov't on cybersecurity initiativeNews Brief, 2008-05-07In a bipartisan letter to the Department of Homeland Security, a Senate committee asks administration officials to clarify the nature of Bush's cybersecurity initiative.
Study: Security pros look to wireless, biometricsNews Brief, 2008-05-06Companies plan to invest in wireless security and biometric technologies over the next year and increasingly view continuing education as a necessity, a survey finds.
"David Roberson, general manager of Hewlett-Packard's StorageWorks division, predicts that by 2013 the storage industry will be shipping a yottabyte (a billion gigabytes) of storage capacity annually. Roberson made the comment in conjunction with HP introducing a new rack system that clusters together four blade servers and three storage arrays with 820TB of capacity. Many vendors are moving toward this kind of platform, including IBM, with its recent acquisition of Israeli startup XIV, according to Enterprise Strategy Group analyst Mark Peters."
"The first telemarketers charged with transmitting false Caller IDs... to consumers were fined and barred from continuing their schemes by a New Jersey District Court judge.... [T]wo individuals and one corporate defendant have been barred from violating the agency's Telemarketing Sales Rule and its Do Not Call requirements... They were also found liable for $530,000 in damages... [T]he case was the first brought by the Commission alleging the transmission of phony caller ID information or none at all."
Presto Vivace sends news of a server found by security firm Finjin that contained a 1.4-GB cache of stolen data, accumulated over a period of less than a month from compromised PCs around the world. The "crimeserver," as Finjin dubs it, "provided command and control functions for malware attacks in addition to being a drop site for data harvested from compromised computers... The stolen data consisted of 5,388 unique log files including 1,037 from Turkey, 621 from Germany, 571 from the United States, 322 from France, 308 from India and 232 from Britain." Oddly enough, the data was stored in the open, with not even basic auth to protect it. Finjin notes in their press release that this huge trove of data gathered over a short period of time indicates that the crimeware problem is far larger than most observers have been assuming.
"Web servers hosting musician Peter Gabriel's web site have gone missing from their data center. "Our servers were stolen from our ISP's data centre on Sunday night — Monday morning," reads a notice at PeterGabriel.com. The incident is the latest in a series of high-profile equipment thefts in the past year, including armed robberies in data centers in Chicago and London. How secure is your data center?"
VeriSign gets patent for DNS redirect it can't use itself
VeriSign has been awarded a patent that describes a system that would resolve unregistered domains to a parked page related to the domain in question. Unfortunately for VeriSign, it has already agreed not to use the technology back in 2003—but it can use the patent to try and collect royalties from other companies.
May 06, 2008 - 09:49PM CT - by Jacqui Cheng
Yahoo plays catchup with Google with new SearchScan warnings
Yahoo has partnered with McAfee to develop new technology that flags potentially dangerous links before users click on them.
May 06, 2008 - 01:20PM CT - by Joel Hruska
A recap of Microsoft Blue Hat v7
Nate McFeters: I was fortunate enough to be invited to attend Microsoft Blue Hat v 7 to share my findings with Microsoft's product security teams.
Gallery: Microsoft Blue Hat v7
Yet Even More Fake Media Files
Earlier we blogged about Fake MP3s Running Rampant, mostly on P2P networks, such as Limewire. I took some time to create a video clip showing what the infection process looks like. In doing so, hundreds of additional media files were uncovered. Most leading to the aforementioned site, freemp3player.com, but others leads to different sites distributing adware and others still pose as codec installers that when run, display fake error messages and download and silently install tons of files, including many different adware packages, such as:
Adware-BB
Adware-Beginto
Adware-Isearch
Adware-Mirar
Adware-SrchExplorer
Adware-Zeno
Domains linked to from the media files include:
mediaprovider . info
missing-codecs . com
seonomad . com
vidscentral . net
While this demo below shows that user’s must accept a EULA before proceeding, others contain no EULA.
Trojan Adware Hiding in MP3s, McAfee SaysPC World - Tue May 6, 8:10 PM ET
Adware pushers have found a new way to trick you into downloading their annoying products: fake MP3 files.
Cyberwar: PRC vs. India?
Russia Practices Cyber Warfare With A Flurry of Cyber Attacks Against Estonia By Grey McKenzie Today
Wednesday, May 7, 2008
Monday, May 5, 2008
Monday News Feed 5/5/08
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9082178&taxonomyId=17&intsrc=kc_top
May 2, 2008 (Computerworld) Escalating her efforts to get a California court to break the links to online documents that allegedly contain sensitive personal data, Virginia-based privacy advocate Betty "BJ" Ostergren today posted links on her Web site to legal filings containing what she says are the Social Security numbers of the mayor of Riverside, Calif., as well as other city officials.
Ostergren, whose site is called The Virginia Watchdog, claims that potentially tens of thousands of documents containing Social Security numbers, medical histories, tax records and bank account data have been posted on the Web site of the Superior Court in California's Riverside County as part of civil case records.
The Bank of Ireland said data from 31,500 customers was contained on four stolen laptops; and a parliament committee criticizes the British government's Web strategy. Read more...
Google takes down open-source project after DMCA complaint
DDoS attacks knock Radio Free Europe off the Web
Military computer contractor pleads guilty to ID theft
cbc.ca — The Tories (Canada's GOP) said they raised the age, in part, to deal with internet predators. The new law puts Canada's age of consent in line with those in Britain, Australia and most of the United States.This is the first time it has been raised since 1892.More…
Windows Vista Update Causing Loss of Audio on Some Systems
Published: 2008-05-03,Last Updated: 2008-05-03 23:26:07 UTC
by Deborah Hale (Version: 1)
According to an article at Channel Web a recent update offered for a driver update for IDT (Formerly Sigmatel)'s high definition sound is causing problems for Dell Users that have installed it.
"Should you see this update appear, *do not* install it," warned 'Chris B', a Dell (NSDQ:Dell) Digital Life Liason, in a Thursday forum post.
The update is called IDT High Def Codec and was reported to be one of the drivers that held up the release of SP1 for Vista back in February. If you have a Dell computer and have not yet installed Vista SP1, you may want to take a look at the full article.
www.crn.com/software/207500472
PHP Multiple Vulnerabilities - Moderately critical - From remoteIssued 3 days ago. Some vulnerabilities have been reported in PHP, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions, and potentially by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
Stepped Up Cyber Role for Spy Agencies
Read Brian Krebs's latest story on washingtonpost.com: "White House Plans Proactive Cyber-Security Role for Spy Agencies."
America's spy agencies for the first time would be tasked with gathering intelligence on threats to the nation's computer networks under a policy set to be detailed by the White House next week, a senior administration official said Wednesday.
Speaking at a security conference in Washington, the official said the Bush administration wants to harness the intelligence community's offensive capabilities in defense of government and civilian computer systems. Continue reading...
"China's cyber warfare army is marching on, and India is suffering silently. Over the past one and a half years, officials said, China has mounted almost daily attacks on Indian computer networks, both government and private, showing its intent and capability."
"The Chinese government is demanding that US-owned hotels there filter Internet service during the upcoming Olympic Games in Beijing, US Senator Sam Brownback has alleged. The Chinese government is requiring US-owned hotels to install Internet filters to 'monitor and restrict information coming in and out of China,' Brownback said Thursday. 'This is an insult to the spirit of the games and an affront to American businesses,' he said. 'I call on China to immediately rescind this demand.' US State Department spokesman Tom Casey said he wasn't aware of those specific requests from the Chinese government, but Brownback said he got the information on Internet filtering from 'two different reliable but confidential sources.' The State Department is apparently continuing dialog with China about freedom of expression."
Government wiretaps—the ones we know about—up 20% for 2007
Data released this week on 2007 wiretaps shows that nearly all intercepts are for "portable devices" and 80 percent of all taps target drug criminals. Secret FISA warrants are also up, and no one knows what's happening with warrantless surveillance at the NSA.
May 04, 2008 - 08:15PM CT - by Nate Anderson
Pentagon fears trojans, kill switches in foreign-made CPUs
Worried about the possibility of kill-switches and backdoors in mission-critical integrated circuits, the Department of Defense has launched the "Trust in IC" program to root out foreign tweaks to common chips.
May 02, 2008 - 11:45AM CT - by Jon Stokes
Spambot hides behind pictureMay 5, 2008A spamming run over the weekend offers pictures, and installs a hidden spambot.
And from Bob:
http://www.informationweek.com/news/hardware/virtual/showArticle.jhtml?articleID=207404029
Desktop Virtualization Drives Security, Not Just Dollar Savings
30th Anniversary of spam
"Byzantine" botnet uses military, education servers for spam
Jim Carr May 02, 2008
Researchers at an Eastern European security company have uncovered a spam-sending scheme of "Byzantine complexity" that attempts to use military and university email servers to send junk email
What's Up with the Secret Cybersecurity Plans, Senators Ask DHS
http://blog.wired.com/27bstroke6/2008/05/senate-panel-qu.html
May 05, 2008 Russian Business Network was also heavily linked to distribution of malicious code
http://www.crime-research.org/news/05.05.2008/3348/
Symantec claims over 700,000 new viruses were identified in 2007, an increase of almost 500% over the number identified last year.
http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xiii_04-2008.en-us.pdf
May 2, 2008 (Computerworld) Escalating her efforts to get a California court to break the links to online documents that allegedly contain sensitive personal data, Virginia-based privacy advocate Betty "BJ" Ostergren today posted links on her Web site to legal filings containing what she says are the Social Security numbers of the mayor of Riverside, Calif., as well as other city officials.
Ostergren, whose site is called The Virginia Watchdog, claims that potentially tens of thousands of documents containing Social Security numbers, medical histories, tax records and bank account data have been posted on the Web site of the Superior Court in California's Riverside County as part of civil case records.
The Bank of Ireland said data from 31,500 customers was contained on four stolen laptops; and a parliament committee criticizes the British government's Web strategy. Read more...
Google takes down open-source project after DMCA complaint
DDoS attacks knock Radio Free Europe off the Web
Military computer contractor pleads guilty to ID theft
cbc.ca — The Tories (Canada's GOP) said they raised the age, in part, to deal with internet predators. The new law puts Canada's age of consent in line with those in Britain, Australia and most of the United States.This is the first time it has been raised since 1892.More…
Windows Vista Update Causing Loss of Audio on Some Systems
Published: 2008-05-03,Last Updated: 2008-05-03 23:26:07 UTC
by Deborah Hale (Version: 1)
According to an article at Channel Web a recent update offered for a driver update for IDT (Formerly Sigmatel)'s high definition sound is causing problems for Dell Users that have installed it.
"Should you see this update appear, *do not* install it," warned 'Chris B', a Dell (NSDQ:Dell) Digital Life Liason, in a Thursday forum post.
The update is called IDT High Def Codec and was reported to be one of the drivers that held up the release of SP1 for Vista back in February. If you have a Dell computer and have not yet installed Vista SP1, you may want to take a look at the full article.
www.crn.com/software/207500472
PHP Multiple Vulnerabilities - Moderately critical - From remoteIssued 3 days ago. Some vulnerabilities have been reported in PHP, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions, and potentially by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
Stepped Up Cyber Role for Spy Agencies
Read Brian Krebs's latest story on washingtonpost.com: "White House Plans Proactive Cyber-Security Role for Spy Agencies."
America's spy agencies for the first time would be tasked with gathering intelligence on threats to the nation's computer networks under a policy set to be detailed by the White House next week, a senior administration official said Wednesday.
Speaking at a security conference in Washington, the official said the Bush administration wants to harness the intelligence community's offensive capabilities in defense of government and civilian computer systems. Continue reading...
"China's cyber warfare army is marching on, and India is suffering silently. Over the past one and a half years, officials said, China has mounted almost daily attacks on Indian computer networks, both government and private, showing its intent and capability."
"The Chinese government is demanding that US-owned hotels there filter Internet service during the upcoming Olympic Games in Beijing, US Senator Sam Brownback has alleged. The Chinese government is requiring US-owned hotels to install Internet filters to 'monitor and restrict information coming in and out of China,' Brownback said Thursday. 'This is an insult to the spirit of the games and an affront to American businesses,' he said. 'I call on China to immediately rescind this demand.' US State Department spokesman Tom Casey said he wasn't aware of those specific requests from the Chinese government, but Brownback said he got the information on Internet filtering from 'two different reliable but confidential sources.' The State Department is apparently continuing dialog with China about freedom of expression."
Government wiretaps—the ones we know about—up 20% for 2007
Data released this week on 2007 wiretaps shows that nearly all intercepts are for "portable devices" and 80 percent of all taps target drug criminals. Secret FISA warrants are also up, and no one knows what's happening with warrantless surveillance at the NSA.
May 04, 2008 - 08:15PM CT - by Nate Anderson
Pentagon fears trojans, kill switches in foreign-made CPUs
Worried about the possibility of kill-switches and backdoors in mission-critical integrated circuits, the Department of Defense has launched the "Trust in IC" program to root out foreign tweaks to common chips.
May 02, 2008 - 11:45AM CT - by Jon Stokes
Spambot hides behind pictureMay 5, 2008A spamming run over the weekend offers pictures, and installs a hidden spambot.
And from Bob:
http://www.informationweek.com/news/hardware/virtual/showArticle.jhtml?articleID=207404029
Desktop Virtualization Drives Security, Not Just Dollar Savings
30th Anniversary of spam
"Byzantine" botnet uses military, education servers for spam
Jim Carr May 02, 2008
Researchers at an Eastern European security company have uncovered a spam-sending scheme of "Byzantine complexity" that attempts to use military and university email servers to send junk email
What's Up with the Secret Cybersecurity Plans, Senators Ask DHS
http://blog.wired.com/27bstroke6/2008/05/senate-panel-qu.html
May 05, 2008 Russian Business Network was also heavily linked to distribution of malicious code
http://www.crime-research.org/news/05.05.2008/3348/
Symantec claims over 700,000 new viruses were identified in 2007, an increase of almost 500% over the number identified last year.
http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xiii_04-2008.en-us.pdf
Sunday, May 4, 2008
Sunday News Feed 5/4/08
Early Sunday morning, a suspected pipe bomb exploded at the entrance of the Edward J. Schwartz Federal Courthouse at 940 Front Street in San Diego, California. The explosion shattered a glass door, damaged the lobby, and punched a hole in a building window across the street. No one was injured.
For more details, see: http://www.fbi.gov/page2/may08/sandiego_050408.html
Interesting use of PDAs:
SAP, RIM to let BlackBerry users access ERP apps http://cwflyris.computerworld.com/t/3210885/6339517/111888/2/
Windows XP SP3 still officially AWOL, but can be found on BitTorrent, Microsoft servers http://cwflyris.computerworld.com/t/3210885/6339517/111883/2/
--US Court Says Making Music Available is Not Copyright Infringement (April 29 & 30, 2008) A US District Court judge in Arizona has denied the Recording Industry Association of America's (RIAA) request for a summary judgment against Pamela and Jeffrey Howell for making music files on their computer available to filesharers. The Howells copied music files from CDs they owned onto their computer and downloaded peer-to-peer file sharing software onto the same machine. Judge Neil V. Wake said that merely making music files available is not tantamount to distribution or primary copyright infringement. Even if the Howells had placed the files in a shared folder, which they maintain they did not, they would be responsible only for contributing to copyright infringement if someone copied the file. The RIAA maintains the couple is guilty of piracy and offered screenshots that show the music files as publicly available. Jeffrey Howell said that Kazaa copied content from folders that were not public. The Electronic Frontier Foundation (EFF) has filed an amicus brief on behalf of the Howells. The suit will now go to trial.
http://www.informationweek.com/news/personal_tech/music/showArticle.jhtml;?articleID=207403664
http://www.news.com/8301-10784_3-9932004-7.html?part=rss&subj=news&tag=2547-1_3-0-20
[Editor's Note (Shpantzer): In a separate federal court decision, the songwriters and publishers are owed untold millions by online music streaming companies, including RealNetworks, Yahoo! and AOL in this recent case:
http://www.news.com/8301-10784_3-9933626-7.html?tag=nefd.top ]
--Court Ruling on Electronic Border Searches (April 23, 30 & May 1, 2008) The Association of Corporate Travel Executives (ACTE) is warning members "and all business travelers to limit proprietary information on laptop computers when crossing US borders." ACTE issued the warning after an April 21 federal appeals court decision that "gives customs officials the unfettered authority to examine, copy, and seize traveler's laptops
- - without reasonable suspicion." The decision covers a range of electronic devices; in addition to seizing data from laptops, US Customs and Border protection officials can seize data from cell pones, handheld computers, digital cameras and USB drives. The EFF, the American Civil Liberties Union (ACLU), and the Business Travel Coalition have written a letter asking that the House Committee on Homeland Security "consider legislation to prevent abusive search practices by border agents and protect all Americans against suspicionless digital border inspections."
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9081358&source=rss_topic17
http://www.acte.org/resources/press_release.php?id=284
http://www.theregister.co.uk/2008/05/01/electronic_searches_at_us_borders/print.html
[Editor's Note (Ranum): It's as if someone in the administration mistook his copy of "1984" for a road-map not a novel.
(Schultz): Customs officials' ability to seize any kind of property without reasonable suspicion lamentably once again shows the current level of disregard for individual rights in the United States. Big brother is not only watching; big brother is being totalitarian.
(Honan) A number of organisations outside the US have banned staff from travelling to the US with laptops or other electronic devices.]
--Man Draws 18-Month Sentence for Infecting NASA Employee's Computer (May 1, 2008) A Nigerian man has received an 18-month prison sentence for tricking a NASA employee into installing spyware on her computer. Posing as a man from Texas, Akeem Adejumo met the woman on an online dating site. He sent a phony photograph to the woman at her work email address; when she opened it, her computer was infected with spyware. While it did not spread to other NASA computers, it did capture her email, passwords, Social Security number (SSN) and other sensitive information, including 25,000 screen shots. Some NASA information was taken as well, but the woman did not have access to sensitive data. NASA IT security team sensors detected the screenshots being sent from the network and began an investigation. Through analysis of traffic logs, and email account information obtained through warrants and subpoenas, investigators determined the attacker's IP address and contacted law enforcement officials in Nigeria.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9081838&source=rss_topic17
[Editor's Note (Northcutt): A key point is that he did the online dating scam from Nigeria pretending to be in Texas and tried this on several hundred women with more than a few successes. According to the DOJ press release NASA Office of Inspector General worked pretty hard on this one.
But the big key is that NASA detected the information being sent out. A lot of organizations that blindly trust in their IPS would not detect the bad event:
http://www.usdoj.gov/usao/dc/Press_Releases/2008%20Archives/April/08-099.html ]
--Former UCLA Medical Center Employee Indicted For Allegedly Selling Celebrity Medical Info (April 30, 2008) A federal grand jury has indicted Lawanda Jackson for allegedly using her position as an administrative specialist at UCLA Medical Center to access celebrities' health records and selling the information to tabloids. Lawanda Jackson could receive a prison sentence of up to 10 years if she is convicted. Additional defendants may be charged in the case. Jackson allegedly accessed information about Farrah Fawcett, Maria Shriver, and 60 other well-known people, and allegedly leaked medical information about Fawcett to a tabloid. The charges against Jackson were brought under the Health Insurance Portability and Accountability Act (HIPAA). Jackson resigned from UCLA Medical Center last summer.
http://www.latimes.com/news/local/la-me-ucla30apr30,0,6169637,full.story
[Editor's Note (Ranum): Ultimately, all computer security problems resolve down to trust. The broader question is "why did an administrative specialist" have unfettered read access to a patient database?"
(Paller): Databases can lock down access as Marcus points out. The counter question is whether medical service will be substantively damaged by limiting access to information. This is one of a series of tough issues medical facilities are facing as organized crime groups increasingly target them for data theft/extortion schemes. ]
--Israeli PIs Sentenced for Using Trojan to Steal Data (April 28 & 29, 2008) Four Israeli private investigators have been sentenced for using Trojan horse programs to steal sensitive data. All four worked at the Modi'in Ezrahi private investigation firm. Three of the four were given jail terms of between nine and 18 months; the other was fined 250,000 Israeli shekels (US $72,565) and given 10 months of probation. Three other defendants were also fined and had their private investigator's licenses revoked. The malware used in the case was developed by Michael and Ruth Haephrati and sold to the agency; the Haephratis were sentenced to jail in 2006.
http://www.theregister.co.uk/2008/04/29/spyware-for-hire/print.html
http://www.jpost.com/servlet/Satellite?cid=1208870514347&pagename=JPost%2FJPArticle%2FShowFull
http://www.techworld.com/security/news/index.cfm?newsID=12121&pagtype=all
http://www.vnunet.com/vnunet/news/2215484/gumshoes-come-unstuck-trojan
For more details, see: http://www.fbi.gov/page2/may08/sandiego_050408.html
Interesting use of PDAs:
SAP, RIM to let BlackBerry users access ERP apps http://cwflyris.computerworld.com/t/3210885/6339517/111888/2/
Windows XP SP3 still officially AWOL, but can be found on BitTorrent, Microsoft servers http://cwflyris.computerworld.com/t/3210885/6339517/111883/2/
--US Court Says Making Music Available is Not Copyright Infringement (April 29 & 30, 2008) A US District Court judge in Arizona has denied the Recording Industry Association of America's (RIAA) request for a summary judgment against Pamela and Jeffrey Howell for making music files on their computer available to filesharers. The Howells copied music files from CDs they owned onto their computer and downloaded peer-to-peer file sharing software onto the same machine. Judge Neil V. Wake said that merely making music files available is not tantamount to distribution or primary copyright infringement. Even if the Howells had placed the files in a shared folder, which they maintain they did not, they would be responsible only for contributing to copyright infringement if someone copied the file. The RIAA maintains the couple is guilty of piracy and offered screenshots that show the music files as publicly available. Jeffrey Howell said that Kazaa copied content from folders that were not public. The Electronic Frontier Foundation (EFF) has filed an amicus brief on behalf of the Howells. The suit will now go to trial.
http://www.informationweek.com/news/personal_tech/music/showArticle.jhtml;?articleID=207403664
http://www.news.com/8301-10784_3-9932004-7.html?part=rss&subj=news&tag=2547-1_3-0-20
[Editor's Note (Shpantzer): In a separate federal court decision, the songwriters and publishers are owed untold millions by online music streaming companies, including RealNetworks, Yahoo! and AOL in this recent case:
http://www.news.com/8301-10784_3-9933626-7.html?tag=nefd.top ]
--Court Ruling on Electronic Border Searches (April 23, 30 & May 1, 2008) The Association of Corporate Travel Executives (ACTE) is warning members "and all business travelers to limit proprietary information on laptop computers when crossing US borders." ACTE issued the warning after an April 21 federal appeals court decision that "gives customs officials the unfettered authority to examine, copy, and seize traveler's laptops
- - without reasonable suspicion." The decision covers a range of electronic devices; in addition to seizing data from laptops, US Customs and Border protection officials can seize data from cell pones, handheld computers, digital cameras and USB drives. The EFF, the American Civil Liberties Union (ACLU), and the Business Travel Coalition have written a letter asking that the House Committee on Homeland Security "consider legislation to prevent abusive search practices by border agents and protect all Americans against suspicionless digital border inspections."
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9081358&source=rss_topic17
http://www.acte.org/resources/press_release.php?id=284
http://www.theregister.co.uk/2008/05/01/electronic_searches_at_us_borders/print.html
[Editor's Note (Ranum): It's as if someone in the administration mistook his copy of "1984" for a road-map not a novel.
(Schultz): Customs officials' ability to seize any kind of property without reasonable suspicion lamentably once again shows the current level of disregard for individual rights in the United States. Big brother is not only watching; big brother is being totalitarian.
(Honan) A number of organisations outside the US have banned staff from travelling to the US with laptops or other electronic devices.]
--Man Draws 18-Month Sentence for Infecting NASA Employee's Computer (May 1, 2008) A Nigerian man has received an 18-month prison sentence for tricking a NASA employee into installing spyware on her computer. Posing as a man from Texas, Akeem Adejumo met the woman on an online dating site. He sent a phony photograph to the woman at her work email address; when she opened it, her computer was infected with spyware. While it did not spread to other NASA computers, it did capture her email, passwords, Social Security number (SSN) and other sensitive information, including 25,000 screen shots. Some NASA information was taken as well, but the woman did not have access to sensitive data. NASA IT security team sensors detected the screenshots being sent from the network and began an investigation. Through analysis of traffic logs, and email account information obtained through warrants and subpoenas, investigators determined the attacker's IP address and contacted law enforcement officials in Nigeria.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9081838&source=rss_topic17
[Editor's Note (Northcutt): A key point is that he did the online dating scam from Nigeria pretending to be in Texas and tried this on several hundred women with more than a few successes. According to the DOJ press release NASA Office of Inspector General worked pretty hard on this one.
But the big key is that NASA detected the information being sent out. A lot of organizations that blindly trust in their IPS would not detect the bad event:
http://www.usdoj.gov/usao/dc/Press_Releases/2008%20Archives/April/08-099.html ]
--Former UCLA Medical Center Employee Indicted For Allegedly Selling Celebrity Medical Info (April 30, 2008) A federal grand jury has indicted Lawanda Jackson for allegedly using her position as an administrative specialist at UCLA Medical Center to access celebrities' health records and selling the information to tabloids. Lawanda Jackson could receive a prison sentence of up to 10 years if she is convicted. Additional defendants may be charged in the case. Jackson allegedly accessed information about Farrah Fawcett, Maria Shriver, and 60 other well-known people, and allegedly leaked medical information about Fawcett to a tabloid. The charges against Jackson were brought under the Health Insurance Portability and Accountability Act (HIPAA). Jackson resigned from UCLA Medical Center last summer.
http://www.latimes.com/news/local/la-me-ucla30apr30,0,6169637,full.story
[Editor's Note (Ranum): Ultimately, all computer security problems resolve down to trust. The broader question is "why did an administrative specialist" have unfettered read access to a patient database?"
(Paller): Databases can lock down access as Marcus points out. The counter question is whether medical service will be substantively damaged by limiting access to information. This is one of a series of tough issues medical facilities are facing as organized crime groups increasingly target them for data theft/extortion schemes. ]
--Israeli PIs Sentenced for Using Trojan to Steal Data (April 28 & 29, 2008) Four Israeli private investigators have been sentenced for using Trojan horse programs to steal sensitive data. All four worked at the Modi'in Ezrahi private investigation firm. Three of the four were given jail terms of between nine and 18 months; the other was fined 250,000 Israeli shekels (US $72,565) and given 10 months of probation. Three other defendants were also fined and had their private investigator's licenses revoked. The malware used in the case was developed by Michael and Ruth Haephrati and sold to the agency; the Haephratis were sentenced to jail in 2006.
http://www.theregister.co.uk/2008/04/29/spyware-for-hire/print.html
http://www.jpost.com/servlet/Satellite?cid=1208870514347&pagename=JPost%2FJPArticle%2FShowFull
http://www.techworld.com/security/news/index.cfm?newsID=12121&pagtype=all
http://www.vnunet.com/vnunet/news/2215484/gumshoes-come-unstuck-trojan
Friday, May 2, 2008
Friday News Feed 5/2/08
Protecting Yourself From Suspicionless Searches While Traveling
http://www.eff.org/deeplinks/2008/05/protecting-yourself-suspicionless-searches-while-t
"Law firms, corporations and other entities that routinely deal with confidential information are handing their business travelers forensically clean laptops loaded with only what the traveler needs for that particular business trip. Leaving unnecessary data, like five years of email, behind may be the best thing. Of course, if trade secrets or client information are the reason for the trip, this plan will not help. "
Same topic: Guilty until proven innocent...
http://tech.yahoo.com/blogs/null/90325
Microsoft device helps police pluck evidence from cyberscene of crime
http://seattletimes.nwsource.com/html/microsoft/2004379751_msftlaw29.html
California court posting SSNs and other personal data, privacy advocates charge
Mozy launches online backup tool for Apple Macs
This is great for home machines...
Nigerian gets 18 months for cyberattack on NASA employee
Q&A: Olympics cyberattack not a major threat, says Interpol official
XP change corrupts data, hamstrings SP3 rollout
Backing up Microsoft Exchange -- with Yahoo's rival Zimbra software
Conn. man gets 30 months in prison for 'warez' operation
Supermarket ATM/Card Reader Rigged With Illicit Scanner - 5/1/2008 5:55:00 PM
Shoppers' credit card, debit card information stolen and used in identity theft scheme in California
Some shoppers at a supermarket in Los Gatos, Calif., got more than they bargained for in the past week: Over 100 have become victims of identity theft after the debit- and credit-card reader at the checkout was rigged to siphon off their debit- and credit-card information.
The perpetrators used the card information and PIN numbers to churn out cloned cards, which then were used to withdraw cash from the victims’ accounts and to incur fraudulent charges on their credit cards. The customers of the Lunardi’s grocery store in Los Gatos have been reporting cases of identity theft to authorities since last Sunday evening, and reportedly have been losing an average of $1,000 from their bank accounts, according to a published report .
"The stolen card account incident at Lunardi’s follows a similar one in Los Altos in March at an Arco gas station’s payment machine."
DR's 10 Most Popular Stories Ever (Second Edition) - 5/1/2008 9:50:00 AM
A look at the top stories from our first two years, including coolest hacks, biggest botnets, and a thumb drive exploit that readers just can't put down
The 'Hard Disk Crusher' doesn't mess around
http://crave.cnet.com/8301-1_105-9934113-1.html?part=rss&tag=feed&subj=Crave
Indianapolis: Head Teller Sentenced for Embezzling Over $7 Million from Credit Union
Patricia H. Sherman was sentenced for embezzling funds from her employer, a credit union, which caused the credit union to be placed in conservatorship. Full Story
Not Security, but very interesting:
http://www.stateoftheair.org/2008/states/california/
Researchers Infiltrate Kraken Botnet, Could Clean It out
A group of security researchers today said they have infiltrated one of the world's biggest botnets and can snatch control. 30-Apr-2008
The Kind of Cybercrime Interpol Expects at the Summer Olympics
With cybercrime now a global phenomenon, perhaps it will take a global police organization to keep it in check. 30-Apr-2008
Washington D.C. Creating Massive Surveillance Network
The D.C. government is launching a system today that would tie together thousands of city-owned video cameras, but authorities don't yet have the money to complete the high-tech network or privacy rules in place to guide it. The system will feature round-the-clock monitoring of the closed-circuit video systems run by nine city agencies. In the first phase, about 4,500 cameras trained on schools, public housing, traffic and government buildings will feed into a central office at the D.C. Homeland Security and Emergency Management Agency. Hundreds more will be added this year. Civil libertarians and D.C. Council members say the network is being rushed into place without sufficient safeguards to protect privacy.
D.C. Forging Surveillance Network, Washington Post, May 1, 2008.
Posted by EPIC on May 01, 2008.Permanent link to this item.
Microsoft SteadyState:
http://www.microsoft.com/windows/products/winfamily/sharedaccess/whatis/default.mspx
This needs more research...
Akamai Download Manager Code Execution Vulnerability - Highly critical - From remoteIssued 1 day ago. Updated 8 hours ago. A vulnerability has been reported in Akamai Download Manager, which can be exploited by malicious people to compromise a user's system.
Radio Free Europe hit by DDoS attack Dan Goodin, The Register, 2008-05-01-->The radio service's Web sites falls under fierce cyber attack after it covers a rally protesting the lack of compensation to Chernobyl victims and the decision to build more nuclear reactors.
Patch paper redux: Move along pleaseNews Brief, 2008-04-30Security researchers find the recent paper on automated patch-based exploit generation interesting, but disagree with its conclusions.
According to Wired, universities in the US are experiencing a "20-fold increase" in the number of takedown notices from the RIAA in the last ten days. Indiana University reports 80 notices a day, but they say their traffic hasn't increased significantly over the same time period. It will be interesting to see if the affected schools join the legal battle against the RIAA, or cave under the increased pressure. "University of California at Berkeley's chief information officer Shel Waggener confirmed he'd heard of the spikes and suggested there was a political purpose driving them. 'Public universities are in a unique position since the industry puts pressure on us through state legislatures to try to impose what are widely considered to be draconian content monitoring measures and turn us into tech police forces in support of a specific industry,' Waggener said. The RIAA is also backing legislation in states such as Illinois and Tennessee that would require schools that get a certain number of notices to begin installing deep packet monitoring equipment on their internet and intranets, according to Luker."
Universities Baffled By Massive Surge In RIAA Copyright Notices
New York's "Amazon Tax" called "unconstitutional" by retailer
Amazon has filed a lawsuit to fight back against a newly-modified New York State tax statute that would require it to collect sales tax from New York residents despite having no physical presence there. The online retailer says that the law is unconstitutional because it was specifically created to target Amazon.
May 02, 2008 - 11:16AM CT - by Jacqui Cheng
A new way to think about data encryption: two-level keys
New work by a trio of computer science researchers looks at an entirely new way to think of data encryption. Storing access policies within the encryption keys, a far more robust system emerges.
May 02, 2008 - 10:10AM CT - by Matt Ford
Study: keyboards make excellent homes for nasty bacteria
Maintaining Moore's law with new memristor circuits
A group at HP Labs discovers a type of circuit predicted to exist in 1971, and in the process they may have pushed back the demise of Moore's law.
May 01, 2008 - 09:55AM CT - by Ethan Gutmann
Italy reveals all
Larry Dignan: Italy's tax department posted every Italian's declared earnings and tax contributions on a site that was quickly overwhelmed by onlookers.
Srizbi personalizes spamMay 1, 2008Lately Srizbi has been using more personal subject lines in spam to get users to open them.
Another Spammer Sent To Prison
Despite Winning The HD Format War, Blu-Ray Sales Dropped
today's announcement that Time Warner is selling off the cable business entirely
PCI Requirement 6.6 - Confusing the confused
Mobile phone malware launders money through an online game
IM malware attacks increase, report
Sue Marquette Poremba May 01, 2008
Malicious code attacks through instant messaging services have tripled between March and April.
From Interop: Be mindful of vendors' motives
Dan Kaplan April 30, 2008
IT security vendors' sole purpose is to generate revenue -- not offer complete security -- and they will only create solutions to stop dangerous threats when they are incentivized to do so, the principal security strategist for IBM Internet Security Systems said Wednesday at Interop in Las Vegas.
Court-Approved Wiretapping Rose 14% in '07
Criminals try to "copyright" malware AP - Wed Apr 30, 5:54 PM ET
SAN FRANCISCO - Even criminal hackers want to protect their intellectual property, and they've come up with a method akin to copyrighting — with an appropriate dash of Internet thuggery thrown in.
http://www.nytimes.com/2008/05/03/world/asia/03china.html?_r=1&hp&oref=slogin
BEIJING — A fast-spreading viral outbreak in eastern China has killed 22 children, sickened nearly 3,600 others and caused panic among parents in an impoverished corner of Anhui Province, government health officials said Friday.
...
Health officials in Fuyang say that more than 970 children remain hospitalized, 48 of them in critical condition. Health officials said that the disease had also spread to three adjacent provinces, with the bulk of them — 340 cases — in Hubei.
http://www.eff.org/deeplinks/2008/05/protecting-yourself-suspicionless-searches-while-t
"Law firms, corporations and other entities that routinely deal with confidential information are handing their business travelers forensically clean laptops loaded with only what the traveler needs for that particular business trip. Leaving unnecessary data, like five years of email, behind may be the best thing. Of course, if trade secrets or client information are the reason for the trip, this plan will not help. "
Same topic: Guilty until proven innocent...
http://tech.yahoo.com/blogs/null/90325
Microsoft device helps police pluck evidence from cyberscene of crime
http://seattletimes.nwsource.com/html/microsoft/2004379751_msftlaw29.html
California court posting SSNs and other personal data, privacy advocates charge
Mozy launches online backup tool for Apple Macs
This is great for home machines...
Nigerian gets 18 months for cyberattack on NASA employee
Q&A: Olympics cyberattack not a major threat, says Interpol official
XP change corrupts data, hamstrings SP3 rollout
Backing up Microsoft Exchange -- with Yahoo's rival Zimbra software
Conn. man gets 30 months in prison for 'warez' operation
Supermarket ATM/Card Reader Rigged With Illicit Scanner - 5/1/2008 5:55:00 PM
Shoppers' credit card, debit card information stolen and used in identity theft scheme in California
Some shoppers at a supermarket in Los Gatos, Calif., got more than they bargained for in the past week: Over 100 have become victims of identity theft after the debit- and credit-card reader at the checkout was rigged to siphon off their debit- and credit-card information.
The perpetrators used the card information and PIN numbers to churn out cloned cards, which then were used to withdraw cash from the victims’ accounts and to incur fraudulent charges on their credit cards. The customers of the Lunardi’s grocery store in Los Gatos have been reporting cases of identity theft to authorities since last Sunday evening, and reportedly have been losing an average of $1,000 from their bank accounts, according to a published report .
"The stolen card account incident at Lunardi’s follows a similar one in Los Altos in March at an Arco gas station’s payment machine."
DR's 10 Most Popular Stories Ever (Second Edition) - 5/1/2008 9:50:00 AM
A look at the top stories from our first two years, including coolest hacks, biggest botnets, and a thumb drive exploit that readers just can't put down
The 'Hard Disk Crusher' doesn't mess around
http://crave.cnet.com/8301-1_105-9934113-1.html?part=rss&tag=feed&subj=Crave
Indianapolis: Head Teller Sentenced for Embezzling Over $7 Million from Credit Union
Patricia H. Sherman was sentenced for embezzling funds from her employer, a credit union, which caused the credit union to be placed in conservatorship. Full Story
Not Security, but very interesting:
http://www.stateoftheair.org/2008/states/california/
Researchers Infiltrate Kraken Botnet, Could Clean It out
A group of security researchers today said they have infiltrated one of the world's biggest botnets and can snatch control. 30-Apr-2008
The Kind of Cybercrime Interpol Expects at the Summer Olympics
With cybercrime now a global phenomenon, perhaps it will take a global police organization to keep it in check. 30-Apr-2008
Washington D.C. Creating Massive Surveillance Network
The D.C. government is launching a system today that would tie together thousands of city-owned video cameras, but authorities don't yet have the money to complete the high-tech network or privacy rules in place to guide it. The system will feature round-the-clock monitoring of the closed-circuit video systems run by nine city agencies. In the first phase, about 4,500 cameras trained on schools, public housing, traffic and government buildings will feed into a central office at the D.C. Homeland Security and Emergency Management Agency. Hundreds more will be added this year. Civil libertarians and D.C. Council members say the network is being rushed into place without sufficient safeguards to protect privacy.
D.C. Forging Surveillance Network, Washington Post, May 1, 2008.
Posted by EPIC on May 01, 2008.Permanent link to this item.
Microsoft SteadyState:
http://www.microsoft.com/windows/products/winfamily/sharedaccess/whatis/default.mspx
This needs more research...
Akamai Download Manager Code Execution Vulnerability - Highly critical - From remoteIssued 1 day ago. Updated 8 hours ago. A vulnerability has been reported in Akamai Download Manager, which can be exploited by malicious people to compromise a user's system.
Radio Free Europe hit by DDoS attack Dan Goodin, The Register, 2008-05-01-->The radio service's Web sites falls under fierce cyber attack after it covers a rally protesting the lack of compensation to Chernobyl victims and the decision to build more nuclear reactors.
Patch paper redux: Move along pleaseNews Brief, 2008-04-30Security researchers find the recent paper on automated patch-based exploit generation interesting, but disagree with its conclusions.
According to Wired, universities in the US are experiencing a "20-fold increase" in the number of takedown notices from the RIAA in the last ten days. Indiana University reports 80 notices a day, but they say their traffic hasn't increased significantly over the same time period. It will be interesting to see if the affected schools join the legal battle against the RIAA, or cave under the increased pressure. "University of California at Berkeley's chief information officer Shel Waggener confirmed he'd heard of the spikes and suggested there was a political purpose driving them. 'Public universities are in a unique position since the industry puts pressure on us through state legislatures to try to impose what are widely considered to be draconian content monitoring measures and turn us into tech police forces in support of a specific industry,' Waggener said. The RIAA is also backing legislation in states such as Illinois and Tennessee that would require schools that get a certain number of notices to begin installing deep packet monitoring equipment on their internet and intranets, according to Luker."
Universities Baffled By Massive Surge In RIAA Copyright Notices
New York's "Amazon Tax" called "unconstitutional" by retailer
Amazon has filed a lawsuit to fight back against a newly-modified New York State tax statute that would require it to collect sales tax from New York residents despite having no physical presence there. The online retailer says that the law is unconstitutional because it was specifically created to target Amazon.
May 02, 2008 - 11:16AM CT - by Jacqui Cheng
A new way to think about data encryption: two-level keys
New work by a trio of computer science researchers looks at an entirely new way to think of data encryption. Storing access policies within the encryption keys, a far more robust system emerges.
May 02, 2008 - 10:10AM CT - by Matt Ford
Study: keyboards make excellent homes for nasty bacteria
Maintaining Moore's law with new memristor circuits
A group at HP Labs discovers a type of circuit predicted to exist in 1971, and in the process they may have pushed back the demise of Moore's law.
May 01, 2008 - 09:55AM CT - by Ethan Gutmann
Italy reveals all
Larry Dignan: Italy's tax department posted every Italian's declared earnings and tax contributions on a site that was quickly overwhelmed by onlookers.
Srizbi personalizes spamMay 1, 2008Lately Srizbi has been using more personal subject lines in spam to get users to open them.
Another Spammer Sent To Prison
Despite Winning The HD Format War, Blu-Ray Sales Dropped
today's announcement that Time Warner is selling off the cable business entirely
PCI Requirement 6.6 - Confusing the confused
Mobile phone malware launders money through an online game
IM malware attacks increase, report
Sue Marquette Poremba May 01, 2008
Malicious code attacks through instant messaging services have tripled between March and April.
From Interop: Be mindful of vendors' motives
Dan Kaplan April 30, 2008
IT security vendors' sole purpose is to generate revenue -- not offer complete security -- and they will only create solutions to stop dangerous threats when they are incentivized to do so, the principal security strategist for IBM Internet Security Systems said Wednesday at Interop in Las Vegas.
Court-Approved Wiretapping Rose 14% in '07
Criminals try to "copyright" malware AP - Wed Apr 30, 5:54 PM ET
SAN FRANCISCO - Even criminal hackers want to protect their intellectual property, and they've come up with a method akin to copyrighting — with an appropriate dash of Internet thuggery thrown in.
http://www.nytimes.com/2008/05/03/world/asia/03china.html?_r=1&hp&oref=slogin
BEIJING — A fast-spreading viral outbreak in eastern China has killed 22 children, sickened nearly 3,600 others and caused panic among parents in an impoverished corner of Anhui Province, government health officials said Friday.
...
Health officials in Fuyang say that more than 970 children remain hospitalized, 48 of them in critical condition. Health officials said that the disease had also spread to three adjacent provinces, with the bulk of them — 340 cases — in Hubei.
Wednesday, April 30, 2008
Wednesday News Feed 4/30/2008
Dream job at Microsoft turns out to be too good to be true A New York man faces four years in prison for posting fake job ads for companies such as Microsoft, PayPal and Yahoo. Read more...
Conn. man gets 30 months in prison for 'warez' operation A Woodbury, Conn., man is sentenced to 30 months in prison for his role in Web sites selling unauthorized copies of movies, music and software. Read more...
Microsoft botnet-hunting tool helps bust hackers
"Although Microsoft is reluctant to give out details on its botnet buster -- the company said that even revealing its name could give cybercriminals a clue on how to thwart it -- company executives discussed it at a closed-door conference held for law enforcement professionals Monday. The tool includes data and software that helps law enforcers get a better picture of the data being provided by Microsoft's users, said Tim Cranton, associate general counsel with Microsoft's World Wide Internet Safety Programs. "I think of it ... as botnet intelligence," he said."
Microsoft highlights efforts to police the Net
http://www.crime-research.org/news/28.04.2008/3337/
Cybercrime in the UK has dropped in the first quarter of 2008 by nearly 2 per cent, compared to the same period last year, a new report reveals.While studies show an increase in Web-based threats globally compared to 2007, the UK only hosts 1.1 per cent of Web-based malware, compared to 3 per cent in the same period last year.
However, the Security Threat Report by IT security and control firm Sophos shows a new infected website is found every five seconds, compared to with one every 14 seconds last year.The US in particular has experienced unprecedented growth, from hosting less than 25 per cent of all infected pages overall in 2007, to almost half in the first three months of 2008.China has demonstrated the biggest drop, from hosting more than half of all the infected pages in 2007, to just under a third in the first quarter of 2008.
The report reveals that data leakage continues to be a major concern for organisations. Several high profile cases of businesses losing sensitive customer information were reported during the first three months of 2008.
The largest reported data breach this year involved the credit card numbers of more than four million customers being stolen from US supermarket chain Hannaford Bros. The data, taken by cyber criminals using malware installed on servers at the chain’s branches, have already been used in approximately 1,800 fraud cases.
Microsoft: June 30 not end of Windows XP support
Researcher finds new flaw in QuickTime for Windows
"More and more hackers are turning to exploiting vulnerabilities in applications as a means of launching attacks, since it's becoming increasingly difficult to find problems in operating systems, Alan Paller, director of research for the SANS Institute, said last week at the Infosec conference in London."
Antivirus vendors slam Defcon virus contest
After Web defacement, university warns of data breach
'Long-Term' Phishing Attack Underway - 4/28/2008 5:15:00 PM New phishing exploit doesn't bother asking for passwords, and its stealthy malware hides out on victim's machine
"The latest tack is phishing emails posing as Comerica Bank and Colonial Bank that ask banking customers to renew their digital certificates. When they click on the link for more information on the phony renewal process, it downloads the nasty Trojan onto their desktops."
Court rejects RIAA's 'making available' piracy argument
news.com — In Atlantic v. Howell, Judge Neil V. Wake denied the labels' motion for summary judgment in a 17-page decision (PDF), allowing the suit to proceed to trial. The argument--that merely the act of making music files available for download constituted copyright infringement--has been the basis for the Recording Industry Association of America's legal bMore… (Political News)
US Supreme Court Upholds Indiana Voter ID Law
The Supreme Court on Monday upheld (pdf) Indiana’s voter-identification law, declaring that a requirement to produce photo identification is not unconstitutional and that the state has a “valid interest” in improving election procedures as well as deterring fraud. EPIC had submitted a brief (pdf) detailing problems with the law. "Not only has the state failed to establish the need for the voter identification law or to address the disparate impact of the law, the state's voter ID system is imperfect, and relies on a flawed federal identification system."
Supreme Court Upholds Voter Identification Law in Indiana, New York Times, April 29, 2008.
(Minor) evolution in Mac DNS changer malware
Published: 2008-04-30,Last Updated: 2008-04-30 09:27:16 UTC
by Bojan Zdrnja (Version: 1)
Back in November last year we published a diary about Mac DNS changer malware (http://isc.sans.org/diary.html?storyid=3595). The main idea about this was to let Mac users aware that the bad guys are not ignoring this platform any more.
While the malware itself was not anything spectacular (i.e. it did not exploit any vulnerabilities, but was based on social engineering), the way it was packed showed that the attackers meant real business.
All the malware did was change local DNS servers to couple of servers in a known bad network, and tell the command and control server that a new victim is ready.
The anti-virus coverage was especially disappointing. Only couple of anti-virus programs detected the original sample (a DMG file). This improved a bit over the time, so when I tested the sample again today on VirusTotal, 10 anti-virus programs detected it.
One of our readers, Matt, submitted a new sample today. I quickly analyzed it and the sample does exactly the same thing as the one from September – it changes the DNS servers and reports to a C&C server.
However, one thing I noticed was that the attackers started obfuscating the installation code. The obfuscation is very, very simple (they only use the tr command) but, unfortunately, it was enough to fool almost *all* anti-virus programs – according to VirusTotal, this new sample was detected by only 2 (!!) AV programs. Signature detection failure I would say …
...
SQL Injection Attacks Against Automatic License Plate Scanners
This picture is almost certainly Photoshopped, and a joke, but it's certainly a clever idea. As automatic license plate scanners become more common, why not get a SQL injection attack as a plate?
Reminds me of this xkcd cartoon.
Posted on April 29, 2008 at 03:21 PM • 26 Comments •
View Blog Reactions
Virtual Kidnapping
A real crime in Mexico:
"We've got your child," he says in rapid-fire Spanish, usually adding an expletive for effect and then rattling off a list of demands that might include cash or jewels dropped off at a certain street corner or a sizable deposit made to a local bank.
The twist is that little Pablo or Teresa is safe and sound at school, not duct-taped to a chair in a rundown flophouse somewhere or stuffed in the back of a pirate taxi. But when the cellphone call comes in, that is not at all clear.
[...]
But identifying the phone numbers — they are now listed on a government Web site — has done little to slow the extortion calls. Nearly all the calls are from cellphones, most of them stolen, authorities say.
On top of that, many extortionists are believed to be pulling off the scams from prisons.
Authorities say hundreds of different criminal gangs are engaged in various telephone scams. Besides the false kidnappings, callers falsely tell people they have won cars or money. Sometimes, people are told to turn off their cellphones for an hour so the service can be repaired; then, relatives are called and told that the cellphone’s owner has been kidnapped. Ransom demands have even been made by text message.
Posted on April 29, 2008 at 05:29 AM • 31 Comments •
View Blog Reactions
More Trouble With Ads on ISPs' Error Pages
http://blogs.washingtonpost.com/securityfix/
Posted at 06:00 AM ET, 04/30/2008
Last week, Security Fix examined new research suggesting that some major Internet service providers are exposing their customers to security flaws when they redirect wayward Web surfers to ad-filled pages. I'm revisiting this controversial practice because another major provider of these services (for one of the nation's largest ISPs) was found to be similarly vulnerable.
As noted here last week, Earthlink and a few other ISPs are using a service from a U.K. company called BareFruit, which helps ISPs redirect users to ad-filled pages when they either request a Web site that does not exist or when they mistype a real domain, e.g., ww.example.com (notice the missing "w"). Researcher Dan Kaminsky found that BareFruit's servers contained a security flaw that would have made it easy for hackers and scammers to trick the ISP's customers into visiting phishing sites or downloading malicious software.
...
German intel agency blasted for cyber espionageNews Brief, 2008-04-29Eight months after the nation's chancellor accused China of information attacks, Germany finds itself in the spotlight over planting programs to spy on other countries' officials.
Experts warn over SQL injection attacksNews Brief, 2008-04-28Attackers have exploited common vulnerabilities to leave behind code on thousands of sites, redirecting visitors to servers that host malicious downloads.
"We now know how the Whitehouse managed to lose about five million emails. It seems that they 'upgraded' their Lotus Notes system, which had an automatic retention and backup system, for Microsoft Exchange, which did not support the automatic system. So they changed it to a manual process, where aides would manually sort emails one by one into individual PST files, which they call a 'journaling' archive system. They're still building a replacement for the retention system. Right when they had one finished, the White House CIO complained that it made Microsoft Exchange too slow, so they hired yet another contractor to build another one, causing a senior IT official to quit in protest. So they still haven't completed the project after almost eight years, and rely on humans to sort millions of emails."
"The release of Wikiscanner last year brought much attention to white washing of controversial pages on the community generated encyclopedia. Apparently Wikipedia is very serious in fighting such behavior as they've temporarily blocked the US Department of Justice from editing pages for suspicious edits."
"As reported in the Washington Post's Security Fix blog, a substantial hunk of IP address space has apparently been taken over by notorious mass e-mailing company Media Breakaway, LLC, formerly known as OptInRealBig, via means that are at best questionable. The block in question is 134.17.0.0/16, which I documented in depth in an independent investigation. (Apparently, the President of Media Breakaway has now admitted to the Washington Post that his company has been occupying and using the 134.17.0.0/16 block and that front company JKS Media, which provides routing to the block, is actually owned by Media Breakaway.) Remarkably, the president of Media Breakaway, who happens to be an attorney, is trying to defend his company's apparent snatching of this block based upon his own rather novel legal theory that ARIN doesn't have jurisdiction over any IP address space that was handed out before ARIN was formed, in 1997."
Marvel Should Keep A Tighter Leash On Its Lawyers
from the yikes dept
On Tuesday, Mike Arrington of TechCrunch took a straw poll on Twitter and decided to set up a screening of the new movie Iron Man, based on the comic. By Wednesday morning the details were set. He had rented out the Metreon by calling the "Group Sales" phone number on the Iron Man website, and paid for 600 seats for the showing. He posted the info to his blog, and asked people to pay $1 per seat in order to hold the spot (and to avoid no-shows). All this was perfectly reasonable. And then... a lawyer from Marvel Comics sent Arrington a threatening cease-and-desist letter demanding that he pull down the information about the show, claiming that Arrington wasn't authorized to set up such a showing. Again, the whole thing was arranged by Arrington by calling the "Group Sales" line on the Iron Man website. All of the tickets were paid for. It's hard to see what Marvel can possibly be complaining about. Also, I know for a fact that Arrington's event is hardly the only such event... because I got invited to a different one (also tomorrow, though at a different time and location and organized by a different group) and have a ticket on my desk for the show.
As a guess, perhaps Marvel is upset that Arrington made his an open invite system. The other showings I'm aware of are all private invite-only showings. But, even if that's true, it's rather ridiculous for Marvel to be complaining, and this is giving the company a ton of totally unnecessary bad press for an event that was generating plenty of enthusiasm and excitement for the movie. It appears to be yet another case where a lawyer is complaining because he can, and not because it's a good business move. As of right now, AMC Theatres, which sold Arrington the tickets, is standing behind the showing, and hopefully someone higher up at Marvel is figuring out what a ridiculous move this is, and will apologize by morning.
How Do You Enforce An EULA On Malware?
"... Most EULAs are backed up via the power of copyright law, but that obviously doesn't work in this case. So how are the malware authors enforcing it? In typical organized crime fashion: with threats to destroy everything else you've got. Specifically, if it catches anyone violating the terms, it promises to send their botnet code to various antispyware companies -- effectively handing over the location of their secret hideout to the malware police..."
Mailbot.f (a.k.a “Kraken”) gets stealthier - Update
Tuesday April 29, 2008 at 10:26 am CST
Over the past week, Mailbot.f (a.k.a “Kraken”) was thoroughly studied and reverse engineered by various security researchers. As mentioned in my previous blog, we focused mainly towards the network behavior of the bot and observed a few interesting things.
After the bot installs on a victim machine, it attempts to contact mx.google.com via TCP destination port 25 (SMTP) 3 times. This looks to be a network connectivity test by the bot. If this test fails, the bot does not send out any spam at a later stage. (Note that the bot does not use mx.google.com to spam). Next, the bot downloads the front page of 3 different popular web sites (mostly news sites), such as nytimes.com, cbsnews.com, news.com, cnn.com, reuters.com, msn.com, google.com, etc. We have not observed the use of these web pages in the spam sent out by this bot, however.
Declassified NSA Document Reveals the Secret History of TEMPEST
Conn. man gets 30 months in prison for 'warez' operation A Woodbury, Conn., man is sentenced to 30 months in prison for his role in Web sites selling unauthorized copies of movies, music and software. Read more...
Microsoft botnet-hunting tool helps bust hackers
"Although Microsoft is reluctant to give out details on its botnet buster -- the company said that even revealing its name could give cybercriminals a clue on how to thwart it -- company executives discussed it at a closed-door conference held for law enforcement professionals Monday. The tool includes data and software that helps law enforcers get a better picture of the data being provided by Microsoft's users, said Tim Cranton, associate general counsel with Microsoft's World Wide Internet Safety Programs. "I think of it ... as botnet intelligence," he said."
Microsoft highlights efforts to police the Net
http://www.crime-research.org/news/28.04.2008/3337/
Cybercrime in the UK has dropped in the first quarter of 2008 by nearly 2 per cent, compared to the same period last year, a new report reveals.While studies show an increase in Web-based threats globally compared to 2007, the UK only hosts 1.1 per cent of Web-based malware, compared to 3 per cent in the same period last year.
However, the Security Threat Report by IT security and control firm Sophos shows a new infected website is found every five seconds, compared to with one every 14 seconds last year.The US in particular has experienced unprecedented growth, from hosting less than 25 per cent of all infected pages overall in 2007, to almost half in the first three months of 2008.China has demonstrated the biggest drop, from hosting more than half of all the infected pages in 2007, to just under a third in the first quarter of 2008.
The report reveals that data leakage continues to be a major concern for organisations. Several high profile cases of businesses losing sensitive customer information were reported during the first three months of 2008.
The largest reported data breach this year involved the credit card numbers of more than four million customers being stolen from US supermarket chain Hannaford Bros. The data, taken by cyber criminals using malware installed on servers at the chain’s branches, have already been used in approximately 1,800 fraud cases.
Microsoft: June 30 not end of Windows XP support
Researcher finds new flaw in QuickTime for Windows
"More and more hackers are turning to exploiting vulnerabilities in applications as a means of launching attacks, since it's becoming increasingly difficult to find problems in operating systems, Alan Paller, director of research for the SANS Institute, said last week at the Infosec conference in London."
Antivirus vendors slam Defcon virus contest
After Web defacement, university warns of data breach
'Long-Term' Phishing Attack Underway - 4/28/2008 5:15:00 PM New phishing exploit doesn't bother asking for passwords, and its stealthy malware hides out on victim's machine
"The latest tack is phishing emails posing as Comerica Bank and Colonial Bank that ask banking customers to renew their digital certificates. When they click on the link for more information on the phony renewal process, it downloads the nasty Trojan onto their desktops."
Court rejects RIAA's 'making available' piracy argument
news.com — In Atlantic v. Howell, Judge Neil V. Wake denied the labels' motion for summary judgment in a 17-page decision (PDF), allowing the suit to proceed to trial. The argument--that merely the act of making music files available for download constituted copyright infringement--has been the basis for the Recording Industry Association of America's legal bMore… (Political News)
US Supreme Court Upholds Indiana Voter ID Law
The Supreme Court on Monday upheld (pdf) Indiana’s voter-identification law, declaring that a requirement to produce photo identification is not unconstitutional and that the state has a “valid interest” in improving election procedures as well as deterring fraud. EPIC had submitted a brief (pdf) detailing problems with the law. "Not only has the state failed to establish the need for the voter identification law or to address the disparate impact of the law, the state's voter ID system is imperfect, and relies on a flawed federal identification system."
Supreme Court Upholds Voter Identification Law in Indiana, New York Times, April 29, 2008.
(Minor) evolution in Mac DNS changer malware
Published: 2008-04-30,Last Updated: 2008-04-30 09:27:16 UTC
by Bojan Zdrnja (Version: 1)
Back in November last year we published a diary about Mac DNS changer malware (http://isc.sans.org/diary.html?storyid=3595). The main idea about this was to let Mac users aware that the bad guys are not ignoring this platform any more.
While the malware itself was not anything spectacular (i.e. it did not exploit any vulnerabilities, but was based on social engineering), the way it was packed showed that the attackers meant real business.
All the malware did was change local DNS servers to couple of servers in a known bad network, and tell the command and control server that a new victim is ready.
The anti-virus coverage was especially disappointing. Only couple of anti-virus programs detected the original sample (a DMG file). This improved a bit over the time, so when I tested the sample again today on VirusTotal, 10 anti-virus programs detected it.
One of our readers, Matt, submitted a new sample today. I quickly analyzed it and the sample does exactly the same thing as the one from September – it changes the DNS servers and reports to a C&C server.
However, one thing I noticed was that the attackers started obfuscating the installation code. The obfuscation is very, very simple (they only use the tr command) but, unfortunately, it was enough to fool almost *all* anti-virus programs – according to VirusTotal, this new sample was detected by only 2 (!!) AV programs. Signature detection failure I would say …
...
SQL Injection Attacks Against Automatic License Plate Scanners
This picture is almost certainly Photoshopped, and a joke, but it's certainly a clever idea. As automatic license plate scanners become more common, why not get a SQL injection attack as a plate?
Reminds me of this xkcd cartoon.
Posted on April 29, 2008 at 03:21 PM • 26 Comments •
View Blog Reactions
Virtual Kidnapping
A real crime in Mexico:
"We've got your child," he says in rapid-fire Spanish, usually adding an expletive for effect and then rattling off a list of demands that might include cash or jewels dropped off at a certain street corner or a sizable deposit made to a local bank.
The twist is that little Pablo or Teresa is safe and sound at school, not duct-taped to a chair in a rundown flophouse somewhere or stuffed in the back of a pirate taxi. But when the cellphone call comes in, that is not at all clear.
[...]
But identifying the phone numbers — they are now listed on a government Web site — has done little to slow the extortion calls. Nearly all the calls are from cellphones, most of them stolen, authorities say.
On top of that, many extortionists are believed to be pulling off the scams from prisons.
Authorities say hundreds of different criminal gangs are engaged in various telephone scams. Besides the false kidnappings, callers falsely tell people they have won cars or money. Sometimes, people are told to turn off their cellphones for an hour so the service can be repaired; then, relatives are called and told that the cellphone’s owner has been kidnapped. Ransom demands have even been made by text message.
Posted on April 29, 2008 at 05:29 AM • 31 Comments •
View Blog Reactions
More Trouble With Ads on ISPs' Error Pages
http://blogs.washingtonpost.com/securityfix/
Posted at 06:00 AM ET, 04/30/2008
Last week, Security Fix examined new research suggesting that some major Internet service providers are exposing their customers to security flaws when they redirect wayward Web surfers to ad-filled pages. I'm revisiting this controversial practice because another major provider of these services (for one of the nation's largest ISPs) was found to be similarly vulnerable.
As noted here last week, Earthlink and a few other ISPs are using a service from a U.K. company called BareFruit, which helps ISPs redirect users to ad-filled pages when they either request a Web site that does not exist or when they mistype a real domain, e.g., ww.example.com (notice the missing "w"). Researcher Dan Kaminsky found that BareFruit's servers contained a security flaw that would have made it easy for hackers and scammers to trick the ISP's customers into visiting phishing sites or downloading malicious software.
...
German intel agency blasted for cyber espionageNews Brief, 2008-04-29Eight months after the nation's chancellor accused China of information attacks, Germany finds itself in the spotlight over planting programs to spy on other countries' officials.
Experts warn over SQL injection attacksNews Brief, 2008-04-28Attackers have exploited common vulnerabilities to leave behind code on thousands of sites, redirecting visitors to servers that host malicious downloads.
"We now know how the Whitehouse managed to lose about five million emails. It seems that they 'upgraded' their Lotus Notes system, which had an automatic retention and backup system, for Microsoft Exchange, which did not support the automatic system. So they changed it to a manual process, where aides would manually sort emails one by one into individual PST files, which they call a 'journaling' archive system. They're still building a replacement for the retention system. Right when they had one finished, the White House CIO complained that it made Microsoft Exchange too slow, so they hired yet another contractor to build another one, causing a senior IT official to quit in protest. So they still haven't completed the project after almost eight years, and rely on humans to sort millions of emails."
"The release of Wikiscanner last year brought much attention to white washing of controversial pages on the community generated encyclopedia. Apparently Wikipedia is very serious in fighting such behavior as they've temporarily blocked the US Department of Justice from editing pages for suspicious edits."
"As reported in the Washington Post's Security Fix blog, a substantial hunk of IP address space has apparently been taken over by notorious mass e-mailing company Media Breakaway, LLC, formerly known as OptInRealBig, via means that are at best questionable. The block in question is 134.17.0.0/16, which I documented in depth in an independent investigation. (Apparently, the President of Media Breakaway has now admitted to the Washington Post that his company has been occupying and using the 134.17.0.0/16 block and that front company JKS Media, which provides routing to the block, is actually owned by Media Breakaway.) Remarkably, the president of Media Breakaway, who happens to be an attorney, is trying to defend his company's apparent snatching of this block based upon his own rather novel legal theory that ARIN doesn't have jurisdiction over any IP address space that was handed out before ARIN was formed, in 1997."
Marvel Should Keep A Tighter Leash On Its Lawyers
from the yikes dept
On Tuesday, Mike Arrington of TechCrunch took a straw poll on Twitter and decided to set up a screening of the new movie Iron Man, based on the comic. By Wednesday morning the details were set. He had rented out the Metreon by calling the "Group Sales" phone number on the Iron Man website, and paid for 600 seats for the showing. He posted the info to his blog, and asked people to pay $1 per seat in order to hold the spot (and to avoid no-shows). All this was perfectly reasonable. And then... a lawyer from Marvel Comics sent Arrington a threatening cease-and-desist letter demanding that he pull down the information about the show, claiming that Arrington wasn't authorized to set up such a showing. Again, the whole thing was arranged by Arrington by calling the "Group Sales" line on the Iron Man website. All of the tickets were paid for. It's hard to see what Marvel can possibly be complaining about. Also, I know for a fact that Arrington's event is hardly the only such event... because I got invited to a different one (also tomorrow, though at a different time and location and organized by a different group) and have a ticket on my desk for the show.
As a guess, perhaps Marvel is upset that Arrington made his an open invite system. The other showings I'm aware of are all private invite-only showings. But, even if that's true, it's rather ridiculous for Marvel to be complaining, and this is giving the company a ton of totally unnecessary bad press for an event that was generating plenty of enthusiasm and excitement for the movie. It appears to be yet another case where a lawyer is complaining because he can, and not because it's a good business move. As of right now, AMC Theatres, which sold Arrington the tickets, is standing behind the showing, and hopefully someone higher up at Marvel is figuring out what a ridiculous move this is, and will apologize by morning.
How Do You Enforce An EULA On Malware?
"... Most EULAs are backed up via the power of copyright law, but that obviously doesn't work in this case. So how are the malware authors enforcing it? In typical organized crime fashion: with threats to destroy everything else you've got. Specifically, if it catches anyone violating the terms, it promises to send their botnet code to various antispyware companies -- effectively handing over the location of their secret hideout to the malware police..."
Mailbot.f (a.k.a “Kraken”) gets stealthier - Update
Tuesday April 29, 2008 at 10:26 am CST
Over the past week, Mailbot.f (a.k.a “Kraken”) was thoroughly studied and reverse engineered by various security researchers. As mentioned in my previous blog, we focused mainly towards the network behavior of the bot and observed a few interesting things.
After the bot installs on a victim machine, it attempts to contact mx.google.com via TCP destination port 25 (SMTP) 3 times. This looks to be a network connectivity test by the bot. If this test fails, the bot does not send out any spam at a later stage. (Note that the bot does not use mx.google.com to spam). Next, the bot downloads the front page of 3 different popular web sites (mostly news sites), such as nytimes.com, cbsnews.com, news.com, cnn.com, reuters.com, msn.com, google.com, etc. We have not observed the use of these web pages in the spam sent out by this bot, however.
Declassified NSA Document Reveals the Secret History of TEMPEST
Tuesday, April 29, 2008
Tuesday News Feed 4/29/08
I don't normally put these out on tuesdays or thursdays anymore, but I just found this little story about the FBI and their Regional Computer Forensics Laboratories (RCFL) interesting.
Solving cases by examining digital devices—that's what these high-tech computer labs are all about.
Read the story at: http://www.fbi.gov/page2/april08/rcfl_042908.html
Solving cases by examining digital devices—that's what these high-tech computer labs are all about.
Read the story at: http://www.fbi.gov/page2/april08/rcfl_042908.html
Monday, April 28, 2008
Monday News Feed 4/28/08
Huge Web hack attack infects 500,000 pages
Microsoft's IIS Web server may be to blame, says researcher
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9080580
Researcher finds new flaw in QuickTime for Windows A rather tricky vulnerability in QuickTime could be exploited remotely to attack Windows PCs running Vista SP1 or XP SP2. Read more...
With antivirus vendors already processing some 30,000 samples each day, there's no need for any more samples, said Roger Thompson, chief research officer at AVG Technologies. "It's hard to see an upside for encouraging people to write more viruses," he said via instant message. "It's a dumb idea."
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9080658&taxonomyId=17&intsrc=kc_top
Securing the Internet's DNS - 4/24/2008 5:30:00 PM Internet's .arpa, .org, and .uk domains soon to adopt DNSSEC
Researchers Infiltrate and 'Pollute' Storm Botnet - 4/23/2008 3:45:00 PM European botnet experts devise a method that disrupts stubborn peer-to-peer botnets like Storm
Companies May Be Held Liable for Deals With Terrorists, ID Thieves - 4/23/2008 5:25:00 PM New and little-known regulations could mean fines, or even jail time, for companies that do business with bad guys
Ten myths about Identity Fraud
http://www.darkreading.com/document.asp?doc_id=145823
Questions about Web Server Attacks
Posted Friday, April 25, 2008 9:44 PM by MSRCTEAM
Hi there this is Bill Sisk.
There have been conflicting public reports describing a recent rash of web server attacks. I want to bring some clarification about the reports and point you to the IIS blog for additional information.
To begin with, our investigation has shown that there are no new or unknown vulnerabilities being exploited. This wave is not a result of a vulnerability in Internet Information Services or Microsoft SQL Server. We have also determined that these attacks are in no way related to Microsoft Security Advisory (951306).
The attacks are facilitated by SQL injection exploits and are not issues related to IIS 6.0, ASP, ASP.Net or Microsoft SQL technologies. SQL injection attacks enable malicious users to execute commands in an application's database. To protect against SQL injection attacks the developer of the Web site or application must use industry best practices outlined here. Our counterparts over on the IIS blog have written a post with a wealth of information for web developers and IT Professionals can take to minimize their exposure to these types of attacks by minimizing the attack surface area in their code and server configurations. Additional information can be found here: http://blogs.iis.net/bills/archive/2008/04/25/sql-injection-attacks-on-iis-web-servers.aspx
FBI Director Wants Broad Power to Monitor Internet Activity
The FBI on Wednesday called for new legislation that would allow federal police to monitor the Internet for "illegal activity." The suggestion from FBI Director Robert Mueller, which came during a House of Representatives Judiciary Committee hearing, appears to go beyond a current plan to monitor traffic on federal-government networks. Mueller seemed to suggest that the bureau should have a broad "omnibus" authority to conduct monitoring and surveillance of private-sector networks as well. If any omnibus Internet-monitoring proposal became law, it could implicate the Fourth Amendment's guarantee of freedom from unreasonable searches and seizures. In general, courts have ruled that police need search warrants to obtain the content of communication.
FBI wants widespread monitoring of 'illegal' Internet activity, CNet News.com, April 23, 2008.
Posted by EPIC on April 24, 2008.Permanent link to this item.
Cyber Espionage
Interesting investigative article from Business Week on Chinese cyber espionage against the U.S. government, and the government's reaction.
When the deluge began in 2006, officials scurried to come up with software "patches," "wraps," and other bits of triage. The effort got serious last summer when top military brass discreetly summoned the chief executives or their representatives from the 20 largest U.S. defense contractors to the Pentagon for a "threat briefing." BusinessWeek has learned the U.S. government has launched a classified operation called Byzantine Foothold to detect, track, and disarm intrusions on the government's most critical networks. And President George W. Bush on Jan. 8 quietly signed an order known as the Cyber Initiative to overhaul U.S. cyber defenses, at an eventual cost in the tens of billions of dollars, and establishing 12 distinct goals, according to people briefed on its contents. One goal in particular illustrates the urgency and scope of the problem: By June all government agencies must cut the number of communication channels, or ports, through which their networks connect to the Internet from more than 4,000 to fewer than 100. On Apr. 8, Homeland Security Dept. Secretary Michael Chertoff called the President's order a cyber security "Manhattan Project."
It can only help for the U.S. government to get its own cybersecurity house in order.
Posted on April 28, 2008 at 06:45 AM • 9 Comments •
View Blog Reactions
WordPress PHP Code Execution and Cross-Site Scripting - Highly critical - From remoteIssued 4 hours ago. Two vulnerabilities have been reported in WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and to compromise a vulnerable system.
"The first naturally occurring superheavy element has been found. An international team of scientists found several nuclei of unbibium in a sample of the naturally occurring heavy metal thorium. Unbibium has an atomic number of 122 and an atomic weight of 292. In general, very heavy elements tend to be unstable but scientists have long predicted that even heavier nuclei would be stable. The group that found unbibium in thorium say it has a half life in excess of 100 million years and an abundance of about 10^(-12) relative to thorium, which itself is about as abundant as lead."
All the rage in Europe: Firefox market share climbs higher
Month by month, Firefox continues to make gains in Europe, where the browser approaches a 50 percent market share in some countries. Firefox also has stronger usage on weekends, when people get to use the browser of their choice.
April 27, 2008 - 06:58PM CT - by Ryan Paul
If Top Gov't Officials Need To Leave Blackberries Outside A Meeting, Shouldn't Someone Guard Them?
from the just-a-thought dept
Apparently a Mexican press attache at a meeting with White House officials in New Orleans saw an opportunity and swiped the Blackberries of a bunch of White House staffers. At many such meetings, it's required for attendees to leave their phones and mobile devices outside of the meeting room. You would think that with such high-powered government officials that someone would then be left to guard the devices, but apparently not. This guy grabbed a bunch of the devices and made a run for the airport, where he was caught by Secret Service officials, who promptly showed him the surveillance camera footage of him taking the devices. His response was that he thought the devices had been left behind, and he was merely picking them up to return them to their owners, which might be more believable if the folks weren't still in the meeting room when he grabbed all the devices. Who knows if it's true, but I'm still wondering why no one was guarding the Blackberries.
Google Analytics getting my passwords? NOT!
Friday April 25, 2008 at 8:15 am CSTPosted by Pedro Bueno
http://www.avertlabs.com/research/blog/index.php/2008/04/25/google-analytics-getting-my-passwords-not/
So, on a bright Friday morning here in Brazil, I was analyzing an interesting piece of malware. Well, this piece of malware was sending encoded data to gooqle-analytics.com…hmmmm maybe trying to get infection statistics?
We have seen this before…but something wasn’t quite clear… it seemed that this was all that the malware was doing… hmmmm ok… checking a little closer, I could see the traffic generated… it was encoded traffic… not common for Google Analytics…
A little more research revealed that there was a dll injected in the svchost process, and analyzing this packed dll revealed that its purpose was to steal information and send to gooqle-analytics… but what the heck? Is Google stealing my info? NOT!!! As some of you noticed reading this blog, I did not misspell the name… it was sending the info to gooqle-analytics.com, and not google-analytics.com…
This gooqle thing domain is hosted on a IP in Italy…yea…bad,bad gooQle…!
Hacker denies using tool to break into Dish Network security
Jim Carr April 25, 2008
A software engineer testified that he was hired by a unit of News Corp. to develop software that could reverse engineer code on satellite receiver smart cards, but denies hacking.
Another Apple QuickTime bug reported
Dan Kaplan April 24, 2008
US-CERT has issued an alert concerning a new zero-day vulnerability in the Apple QuickTime media player.
Which Gov Agency Should Be Your Computer's Firewall?
By Ryan Singel April 25, 2008 8:05:10 PMCategories: Cybarmageddon!, Spooks Gone Wild
First the NSA says it needs to examine every search and email on the internet to prevent an e-9/11 attack, then President Bush signs a secret cyber-security Presidential Directive to make that possible, while the Air Force has set up a cyber warfare division where cyber-security is played like a game of Space Invaders.
Not to be left out on the cybarmegeddon! action, the Department of Homeland Security plans to spearhead a "Manhattan Project" attempt to secure the internet. But there's no way FBI chief Robert Mueller is gonna let DHS honcho Michael Chertoff have all the bits, so this week he told a House committee that G-Men need to be living in the tubes, too.
The great thing about all of these agencies deciding that they need to be inspecting packets on the interweb is that soon you will no longer have to buy anti-virus or security software, you'll just have to choose which government agency you hand your computer password to.
But the question is, which one should you choose to protect your Win98 box?
Submit your favorite agency (with logo link if you have one) or vote up other choices here. Defend your vote in the comments, if you like.
Show agencies that are: hot new
The originator of “Red Heart China” gets his website hacked!! Europeans responsible?
Bluetooth Mobile Phone Hacked Right Before Your Eyes
Published 03/27/2008
Watch How Scammers Turn Bluetooth Technology Into Hard Cold Cash In The Below Video
http://www.nationalcybersecurity.com/blogs/626/Tornado-Hacking-Tool-For-Rent.html
Security researchers have discovered a new web-based attack tool which exploits up to 14 browser vulnerabilities and installs malware on the user's system.
Symantec researcher Liam O'Murchu said that 'Tornado' is commonly installed on a server by a single 'administrator', who then offers accounts on the server to other attackers.
The attackers then inject code into other web pages to redirect users to the Tornado server, where the exploit and malware installation is conducted.
Google Docs gets new features, templates soon
More URI handler issues to come
Nate McFeters: A new command injection flaw was discovered, this time in IBM's Lotus Expeditor. What's most interesting about this class of vulnerability is that it can be deployed quite simply
Microsoft's IIS Web server may be to blame, says researcher
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9080580
Researcher finds new flaw in QuickTime for Windows A rather tricky vulnerability in QuickTime could be exploited remotely to attack Windows PCs running Vista SP1 or XP SP2. Read more...
With antivirus vendors already processing some 30,000 samples each day, there's no need for any more samples, said Roger Thompson, chief research officer at AVG Technologies. "It's hard to see an upside for encouraging people to write more viruses," he said via instant message. "It's a dumb idea."
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9080658&taxonomyId=17&intsrc=kc_top
Securing the Internet's DNS - 4/24/2008 5:30:00 PM Internet's .arpa, .org, and .uk domains soon to adopt DNSSEC
Researchers Infiltrate and 'Pollute' Storm Botnet - 4/23/2008 3:45:00 PM European botnet experts devise a method that disrupts stubborn peer-to-peer botnets like Storm
Companies May Be Held Liable for Deals With Terrorists, ID Thieves - 4/23/2008 5:25:00 PM New and little-known regulations could mean fines, or even jail time, for companies that do business with bad guys
Ten myths about Identity Fraud
http://www.darkreading.com/document.asp?doc_id=145823
Questions about Web Server Attacks
Posted Friday, April 25, 2008 9:44 PM by MSRCTEAM
Hi there this is Bill Sisk.
There have been conflicting public reports describing a recent rash of web server attacks. I want to bring some clarification about the reports and point you to the IIS blog for additional information.
To begin with, our investigation has shown that there are no new or unknown vulnerabilities being exploited. This wave is not a result of a vulnerability in Internet Information Services or Microsoft SQL Server. We have also determined that these attacks are in no way related to Microsoft Security Advisory (951306).
The attacks are facilitated by SQL injection exploits and are not issues related to IIS 6.0, ASP, ASP.Net or Microsoft SQL technologies. SQL injection attacks enable malicious users to execute commands in an application's database. To protect against SQL injection attacks the developer of the Web site or application must use industry best practices outlined here. Our counterparts over on the IIS blog have written a post with a wealth of information for web developers and IT Professionals can take to minimize their exposure to these types of attacks by minimizing the attack surface area in their code and server configurations. Additional information can be found here: http://blogs.iis.net/bills/archive/2008/04/25/sql-injection-attacks-on-iis-web-servers.aspx
FBI Director Wants Broad Power to Monitor Internet Activity
The FBI on Wednesday called for new legislation that would allow federal police to monitor the Internet for "illegal activity." The suggestion from FBI Director Robert Mueller, which came during a House of Representatives Judiciary Committee hearing, appears to go beyond a current plan to monitor traffic on federal-government networks. Mueller seemed to suggest that the bureau should have a broad "omnibus" authority to conduct monitoring and surveillance of private-sector networks as well. If any omnibus Internet-monitoring proposal became law, it could implicate the Fourth Amendment's guarantee of freedom from unreasonable searches and seizures. In general, courts have ruled that police need search warrants to obtain the content of communication.
FBI wants widespread monitoring of 'illegal' Internet activity, CNet News.com, April 23, 2008.
Posted by EPIC on April 24, 2008.Permanent link to this item.
Cyber Espionage
Interesting investigative article from Business Week on Chinese cyber espionage against the U.S. government, and the government's reaction.
When the deluge began in 2006, officials scurried to come up with software "patches," "wraps," and other bits of triage. The effort got serious last summer when top military brass discreetly summoned the chief executives or their representatives from the 20 largest U.S. defense contractors to the Pentagon for a "threat briefing." BusinessWeek has learned the U.S. government has launched a classified operation called Byzantine Foothold to detect, track, and disarm intrusions on the government's most critical networks. And President George W. Bush on Jan. 8 quietly signed an order known as the Cyber Initiative to overhaul U.S. cyber defenses, at an eventual cost in the tens of billions of dollars, and establishing 12 distinct goals, according to people briefed on its contents. One goal in particular illustrates the urgency and scope of the problem: By June all government agencies must cut the number of communication channels, or ports, through which their networks connect to the Internet from more than 4,000 to fewer than 100. On Apr. 8, Homeland Security Dept. Secretary Michael Chertoff called the President's order a cyber security "Manhattan Project."
It can only help for the U.S. government to get its own cybersecurity house in order.
Posted on April 28, 2008 at 06:45 AM • 9 Comments •
View Blog Reactions
WordPress PHP Code Execution and Cross-Site Scripting - Highly critical - From remoteIssued 4 hours ago. Two vulnerabilities have been reported in WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and to compromise a vulnerable system.
"The first naturally occurring superheavy element has been found. An international team of scientists found several nuclei of unbibium in a sample of the naturally occurring heavy metal thorium. Unbibium has an atomic number of 122 and an atomic weight of 292. In general, very heavy elements tend to be unstable but scientists have long predicted that even heavier nuclei would be stable. The group that found unbibium in thorium say it has a half life in excess of 100 million years and an abundance of about 10^(-12) relative to thorium, which itself is about as abundant as lead."
All the rage in Europe: Firefox market share climbs higher
Month by month, Firefox continues to make gains in Europe, where the browser approaches a 50 percent market share in some countries. Firefox also has stronger usage on weekends, when people get to use the browser of their choice.
April 27, 2008 - 06:58PM CT - by Ryan Paul
Two more indicted on E-Rate fraud charges
After Web defacement, university warns of data breach
China worries hackers will strike during Beijing Olympics
Judge orders White House to resolve e-mail backup 'ambiguity'
Researcher finds new way to hack Oracle database
If Top Gov't Officials Need To Leave Blackberries Outside A Meeting, Shouldn't Someone Guard Them?
from the just-a-thought dept
Apparently a Mexican press attache at a meeting with White House officials in New Orleans saw an opportunity and swiped the Blackberries of a bunch of White House staffers. At many such meetings, it's required for attendees to leave their phones and mobile devices outside of the meeting room. You would think that with such high-powered government officials that someone would then be left to guard the devices, but apparently not. This guy grabbed a bunch of the devices and made a run for the airport, where he was caught by Secret Service officials, who promptly showed him the surveillance camera footage of him taking the devices. His response was that he thought the devices had been left behind, and he was merely picking them up to return them to their owners, which might be more believable if the folks weren't still in the meeting room when he grabbed all the devices. Who knows if it's true, but I'm still wondering why no one was guarding the Blackberries.
Google Analytics getting my passwords? NOT!
Friday April 25, 2008 at 8:15 am CSTPosted by Pedro Bueno
http://www.avertlabs.com/research/blog/index.php/2008/04/25/google-analytics-getting-my-passwords-not/
So, on a bright Friday morning here in Brazil, I was analyzing an interesting piece of malware. Well, this piece of malware was sending encoded data to gooqle-analytics.com…hmmmm maybe trying to get infection statistics?
We have seen this before…but something wasn’t quite clear… it seemed that this was all that the malware was doing… hmmmm ok… checking a little closer, I could see the traffic generated… it was encoded traffic… not common for Google Analytics…
A little more research revealed that there was a dll injected in the svchost process, and analyzing this packed dll revealed that its purpose was to steal information and send to gooqle-analytics… but what the heck? Is Google stealing my info? NOT!!! As some of you noticed reading this blog, I did not misspell the name… it was sending the info to gooqle-analytics.com, and not google-analytics.com…
This gooqle thing domain is hosted on a IP in Italy…yea…bad,bad gooQle…!
Hacker denies using tool to break into Dish Network security
Jim Carr April 25, 2008
A software engineer testified that he was hired by a unit of News Corp. to develop software that could reverse engineer code on satellite receiver smart cards, but denies hacking.
Another Apple QuickTime bug reported
Dan Kaplan April 24, 2008
US-CERT has issued an alert concerning a new zero-day vulnerability in the Apple QuickTime media player.
Which Gov Agency Should Be Your Computer's Firewall?
By Ryan Singel April 25, 2008 8:05:10 PMCategories: Cybarmageddon!, Spooks Gone Wild
First the NSA says it needs to examine every search and email on the internet to prevent an e-9/11 attack, then President Bush signs a secret cyber-security Presidential Directive to make that possible, while the Air Force has set up a cyber warfare division where cyber-security is played like a game of Space Invaders.
Not to be left out on the cybarmegeddon! action, the Department of Homeland Security plans to spearhead a "Manhattan Project" attempt to secure the internet. But there's no way FBI chief Robert Mueller is gonna let DHS honcho Michael Chertoff have all the bits, so this week he told a House committee that G-Men need to be living in the tubes, too.
The great thing about all of these agencies deciding that they need to be inspecting packets on the interweb is that soon you will no longer have to buy anti-virus or security software, you'll just have to choose which government agency you hand your computer password to.
But the question is, which one should you choose to protect your Win98 box?
Submit your favorite agency (with logo link if you have one) or vote up other choices here. Defend your vote in the comments, if you like.
Show agencies that are: hot new
The originator of “Red Heart China” gets his website hacked!! Europeans responsible?
Bluetooth Mobile Phone Hacked Right Before Your Eyes
Published 03/27/2008
Watch How Scammers Turn Bluetooth Technology Into Hard Cold Cash In The Below Video
http://www.nationalcybersecurity.com/blogs/626/Tornado-Hacking-Tool-For-Rent.html
Security researchers have discovered a new web-based attack tool which exploits up to 14 browser vulnerabilities and installs malware on the user's system.
Symantec researcher Liam O'Murchu said that 'Tornado' is commonly installed on a server by a single 'administrator', who then offers accounts on the server to other attackers.
The attackers then inject code into other web pages to redirect users to the Tornado server, where the exploit and malware installation is conducted.
Google Docs gets new features, templates soon
More URI handler issues to come
Nate McFeters: A new command injection flaw was discovered, this time in IBM's Lotus Expeditor. What's most interesting about this class of vulnerability is that it can be deployed quite simply
Subscribe to:
Comments (Atom)
