Sunday, December 20, 2009
"Microsoft, through a combination of efforts from the National Center for Missing and Exploited Children (NCMEC), their own dedicated Microsoft Research section and Dartmouth College, Hanover, a new next-generation technology is being launched with the aim of tacking online child abuse imagery.
"Using PhotoDNA, the system picks out images which are identical, even if they have been edited, resized, cropped and edited in other ways, and logs them. The system matches them through a technique which monochromes the image, breaks the image into smaller chunks and the intensity gradients are converted into a signature.
"The signatures, even through editing, will remain the same and allow the system to find copies of the original image. Some similarities could compare QR codes to this, allowing similar cells to match other images, allowing the system to recognise similar gradients and therefore image copies across massive sets of data."
More at ZDNet Blogs...
Thursday, December 17, 2009
"Adobe won't patch the newest critical vulnerability in its PDF viewing and editing software for another four weeks, even though attack code has been publicly released.
"Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations.
"Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes' systems. Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, according to a person familiar with reports on the matter.
"U.S. officials say there is no evidence that militants were able to take control of the drones or otherwise interfere with their flights. Still, the intercepts could give America's enemies battlefield advantages by removing the element of surprise from certain missions and making it easier for insurgents to determine which roads and buildings are under U.S. surveillance."
More at THE WALL STREET JOURNAL...
"Waikato District Health Board has been crippled by a computer worm which has seen every PC in the organisation shut down.
"While the main hospital in Hamilton and smaller outlying hospitals were continuing to function, spokeswoman Mary-Ann Gill said it was important people only came for treatment if it was absolutely necessary.
"Emergency care was still available but those arriving for routine appointments were being affected, as were GPs who often made referrals to hospitals via email.
"`We are asking GPs to only make urgent referrals,` she said.
"`We need to keep as many people out of hospitals as we can.`
"Ms Gill said DHB technicians were working on a computer upgrade overnight when things started to go awry.
"`About 2am they noticed there were some issues with the computers. By 4am they realised a computer virus had got into our whole system.
"`We brought in Microsoft and have been working with them through the night.`
"Conficker has been identified as the culprit."
More at nzherald.com...
Tuesday, December 15, 2009
"It’s no secret that most people use the same password over and over again for most of the services they sign up for. While it’s obviously convenient, this becomes a major problem if one of those services is compromised. And that looks to be the case with RockYou, the social network app maker.
"Over the weekend, the security firm Imperva issued a warning to RockYou that there was a serious SQL Injection flaw in their database. Such a flaw could grant hackers access to the the service’s entire list of user names and passwords in the database, they warned. Imperva said that after it notified RockYou about the flaw, it was apparently fixed over the weekend. But that’s not before at least one hacker gained access to what they claim is all of the 32 million accounts. 32,603,388 to be exact. The best part? The database included a full list of unprotected plain text passwords. And email addresses. Wow..."
More at TechCrunch...
Thursday, December 10, 2009
"Microsoft may not have hustled as fast as researchers thought when the company patched a zero-day bug in Internet Explorer (IE) just 18 days after exploit code went public.
"According to VeriSign iDefense, Microsoft had information about the browser bug nearly six months before the researcher dubbed "K4mr4n" posted attack code to the Bugtraq security mailing list on Nov. 20.
"iDefense's Zero Day Initiative (ZDI), one of the two best-known bug bounty programs, reported the vulnerability to Microsoft on June 9, 2009, iDefense noted in an advisory published Wednesday.
"IE6 and IE7, two versions of Microsoft's browser that collectively accounted for approximately 39% of all browsers used last month, were the only editions affected by the vulnerability. The ancient IE 5.01 and the new IE8 were immune from the threat."
More at ComputerWorld...
Wednesday, December 9, 2009
"Forget keyloggers and packet sniffers. In the wake of industry rules requiring credit card data to be encrypted, malware that siphons clear-text information from computer memory is all the rage among scammers, security researchers say.
"So-called RAM scrapers scour the random access memory of POS, or point-of-sale, terminals, where PINs and other credit card data must be stored in the clear so it can be processed. When valuable information passes through, it is uploaded to servers controlled by credit card thieves.
"While RAM scrapers have been around for a few years, they are a `fairly new` threat, according to a report released Wednesday that outlines the 15 most common attacks encountered by security experts at Verizon Business. They come in the wake of Payment Card Industry rules that require credit card data to be encrypted as it passes from merchants to the processing houses.
"`They are definitely a response to some of the external trends that have been going on in the cybercrime environment,` says Wade Baker, research and intelligence principal for Verizon Business. `Within a year, we've seen quite a few of them in the wild.`"
More at The Register...
Monday, December 7, 2009
"The FBI has some advice for law firms: Be careful.
"The agency recently issued a warning alerting firms that what may appear to be e-mails from clients or contacts could instead be from hackers trying to infiltrate law firm databases.
"The FBI says it has `high confidence` that hackers are targeting legal and public relations firms.
"`Opening a message will not directly compromise the system or network because the malicious payload lies in the attachment or linked domain,` the warning reads. `Infection occurs once someone opens the attachment or clicks the link, which launches a self-executing file and, through a variety of malicious processes, attempts to download another file.`
"... It’s no surprise that law firms are being targeted, said Rohyt Belani, co-founder of the New York-based Intrepidus Group, an information security consulting and software company. `If I can get on a senior partner’s machine or the system administrator’s machine, I’ll get access to the keys to the kingdom for the entire network. A law firm is a place where a lot of sensitive data for different [companies] is collected.`"
More at the Wisconsin Law Journal...
"Business analyst Gartner says proprietary office suites will continue to dominate over web-based office suites because there is a significant performance gap between full-function suites and web-based versions. Gartner points out that one of the biggest gaps is the lack of complete offline services.
"In a report titled `The State of Google Apps`, Gartner argues that Google Apps is not an adequate substitute for Microsoft Office.
"In the short term, Gartner says, few big enterprises would be likely to disrupt what they already have in place for Google's offerings. Changing even something such as the email system in the workplace could be costly and cause problems for security, training staff, service levels and technology."
More at smh.com.au...
Friday, December 4, 2009
"In research commissioned by The Daily Telegraph, which has shocked even top fraud squad police, almost half of users in their 20s agreed to a request from a rubber duck to be Facebook `friends`.
"A similar result occurred with a group of internet users in their 50s, with many agreeing to be Facebook friends with a photo of two cats.
"Many of the Facebook users in both age groups volunteered some of their most intimate details to both the rubber duck and the cats, including their full date of birth, workplace, email address and location. Some even volunteered full addresses and phone numbers without prompting.
"The study was conducted by leading internet security firm Sophos.
"It has raised serious questions about the wisdom of average internet users, given the friend requests were sent without any introduction."
More at The Daily Telegraph...
Thursday, December 3, 2009
Some Things Never Change
"AT&T got some bad news from Consumer Reports this week, as the magazine's latest survey shows that the carrier now has the lowest level of customer satisfaction in the U.S.
"AT&T got its lowest marks in the survey for its voice services, as it was the only wireless carrier in the United States to receive below-average marks for its voice quality. Verizon received above average marks for its voice service while T-Mobile and Sprint both received average marks. AT&T also received subpar remarks across the board for its customer service while receiving average marks for its text-messaging and data services."
Friday, November 27, 2009
"Former national cyber czar Andy Purdy launched Cybercrime.TV today, an online development site for producers, directors, writers, experts, and others joining him in launching a television network that focuses on cyber criminals and those who enable them.
"`Cybercrime.TV is an online network for television people and computer people to work together,` said Purdy.
"The website provides tools to develop new projects and showcase them for production financing through Purdy and his associates. Membership is free, and members can upload videos and proposals, create groups, create forums, publish papers and articles, announce events, and publicize their programs.
"Cybercrime.TV, as a television network, will focus on all aspects of cybercrime in the form of news and talk shows, specials, movies, and original series.
"Topics of greatest interest to Purdy include cybersecurity, cyber terrorism, cyberstalking, encryption, financial crime, financial espionage, hackers, identity theft, information assurance, information warfare, Internet fraud, Internet privacy, Internet safety, malware, money laundering, network security, online predators, phishing, pirated software, social engineering, spamming, spoofing, spyware, and viruses."
More at PRWeb...
Wednesday, November 25, 2009
"Some Facebook users have been infected with a worm after clicking on an image of a scantily clad woman, which then redirects the victims to a pornography site, according to security researchers.
"The worm posts an image on a victim's Facebook Wall with a photo of a woman in a bikini and the message `click 'da button, baby.` Wall posts are viewable by a Facebook user's friends.
"If a friend clicks on the image and is logged into Facebook, the image is then is posted to their own Wall. Their Web browser will then open a Web page with a larger version of the same image. A further click on "da button" redirects the friend to a pornography site, according to Roger Thompson chief research officer for antivirus vendor AVG Technologies. Thompson posted a video of the attack on his blog."
Friday, November 13, 2009
"Two computer programmers who worked for Bernard L. Madoff’s investment firm were accused Friday of helping to cover up the giant Ponzi scheme for more than 15 years.
"In a statement, the United States attorney’s office in Manhattan said the two programmers — Jerome O’Hara, 46, of Malverne, N.Y., and George Perez, 43, of East Brunswick, N.J. — were arrested Friday at their homes.
"The complaint accuses the two men of providing the technical support needed to produce false documents and trading records in defrauding investors in Bernard L. Madoff Investment Securities of billions of dollars.
"Jerome O’Hara and George Perez allegedly helped construct Bernie Madoff’s house of cards. The computer codes and random algorithms they allegedly designed served to deceive investors and regulators and concealed Madoff’s crimes,` Preet Bharara, the United States attorney for the Southern District of New York, said in a statement.
"In addition, Joseph M. Demarest Jr., the assistant director in charge of the F.B.I.’s New York office, said that when the two men told Mr. Madoff `they would no longer lie for him,` they were paid to keep the scheme quiet."
From The New York Times...
Saturday, November 7, 2009
"An unusual cloak-and-dagger operation being run by internet security experts has been exposed this week, after details of a flaw in the SSL protocol were made public.
"The problem with the Secure Sockets Layer standard that keeps e-commerce websites, mail servers and more safe from attack was first discovered in August by a phone-security firm called PhoneFactor.
"That company immediately set to work with the Industry Consortium for Advancement of Security on the Internet (ICASI) to fix the issue in secret so as not to alert hackers.
"However, an engineer working independent of ICASI found the flaw by himself this week and posted the details online in an effort to find a solution.
"Naturally, the buzz about SSL potentially failing spread like wildfire, prompting ICASI and PhoneFactor to go public immediately."
More at techradar.com...
Friday, November 6, 2009
"ScanSafe researchers are seeing renewed activity regarding Gumblar, a multifunctional piece of malware that spreads by attacking PCs visiting hacked Web pages.
"Gumblar can steal FTP credentials as well as hijack Google searches, replacing results on infected computers with links to other malicious sites.
"When the Gumblar malware was found in March, it looked for instructions on a server at gumblar.cn. That domain was taken offline at the time, but has been reactivated within the last 24 hours, wrote Mary Landesman, a senior security researcher with ScanSafe, on a company blog.
"Web sites that are infected with Gumblar contain an iframe, which is a way to bring content from one Web site into another. Malware writers usually make those iframes invisible. When a victim visits the site, the iframe will launch a series of exploits hosted on a remote computer to try and hack the visiting machine.
"Gumblar checks to see if the victim's PC is running unpatched versions of Adobe Systems' Reader and Acrobat programs. If so, the machine will be compromised by a so-called drive-by download."
More at ComputerWorld...
"Federal authorities on Wednesday filed intrusion charges against two men accused of accessing the computer systems of their former employer.
"Scott R. Burgess, 45, of Jasper, Indiana, and Walter D. Puckett, 39, of Williamstown, Kentucky, both worked as managers for Indiana-based Stens Corporation until taking jobs with a competing company in Ohio, according to an indictment filed in federal court. On at least 12 occasions, they used old passwords to access their former employer's computer and access proprietary information, prosecutors allege.
"Although the men left their jobs in 2004 and early 2005, they were able to use the outdated passwords successfully as late as September of 2006. On at least two occasions, administrators at Stens grew suspicious and terminated old passwords. The men simply tried different login credentials - and succeeded several times."
From The Register...
Thursday, November 5, 2009
"IT professionals are placing their bets on security as they plot their next career moves, according to a new study published earlier today.
"The survey of more than 1,500 IT workers, which was conducted by the IT trade association CompTIA, found that 37 percent intend to pursue a security certification over the next five years. Another 18 percent of IT workers said they will seek ethical hacking certifications during the same time period, while 13 percent identified forensics as their next certification target.
"`Given the growing reach of security, with threats becoming more pervasive and dangerous and with no business or industry immune to those threats, it makes sense that many IT professionals view this as a must-have for career advancement,` said Terry Erdle, senior vice president, skills certifications for CompTIA."
More at DarkReading...
Wednesday, October 28, 2009
"A 27-year-old Brooklyn man used his job as a computer technician to appropriate the identities of more than 150 employees at the Bank of New York Mellon and steal more than $1.1 million from a wide array of nonprofit groups and other institutions, officials announced on Wednesday.
"The technician, Adeniyi Adeyemi, 27, of Crown Heights, was charged with grand larceny, identity theft, money laundering, scheme to defraud, computer tampering and unlawful possession of personal identification information in a 149-count indictment.
"The fraud started in November 2001 and lasted through April of this year, according to the office of the Manhattan district attorney, Robert M. Morgenthau, which is prosecuting the case.
"Using his position as a contract employee in the information technology department at Bank of New York Mellon, Mr. Adeyemi stole personal identifying information from dozens of employees, using the information to more than 30 bank and brokerage accounts in their names at E*Trade, Fidelity, Citi, Wachovia and Washington Mutual, Mr. Morgenthau said."
From The New York Times...
Tuesday, October 27, 2009
"Remember when the global economic crisis was supposed to drive legions of desperate, unemployed computer programmers into cybercrime? It turns out the real threat comes from unemployed advertising agents.
"Scammers posing as the well known ad agency Spark-SMG tricked Gawker Media into running a fake Suzuki ad last week that served malicious code, according to a report in Silicon Alley Insider. A similar scam hit the New York Times in September, but unlike the newspaper, Gawker has released the e-mails it exchanged with the scammers, and the messages show just how confidently the perps navigated the ad-buy process..."
More at Wired...
Saturday, October 24, 2009
"By 2014, citizen developers will build at least 25 percent of new business applications, according to Gartner, Inc. Gartner said that this advance should both enable end users and free up IT resources. However, analysts warned that IT organizations that fail to capitalize on the opportunities that citizen development presents will find themselves unable to respond to rapidly changing market forces and customer preferences.
"Gartner defines a citizen developer as a user operating outside of the scope of enterprise IT and its governance who creates new business applications for consumption by others either from scratch or by composition.
"`Future citizen-developed applications will leverage IT investments below the surface, allowing IT to focus on deeper architectural concerns, while end users focus on wiring together services into business processes and workflows,` said Eric Knipp, senior research analyst at Gartner. `Furthermore, citizen development introduces the opportunity for end users to address projects that IT has never had time to get to — a vast expanse of departmental and situational projects that have lain beneath the surface.`"
Tuesday, October 20, 2009
"Cybercriminals are growing rich by franchising out scareware distribution operations.
"The trade in rogue anti-virus application can make top-tier distributors an estimated $1.2m a year, net security firm Symantec estimates. A study by Symantec into the psychology of the scam found that 93 per cent of users deliberately downloaded and installed scareware packages, albeit without realising what they were getting for their money.
"Scareware slingers use trickery to mimic the look and feel of legitimate security packages, tapping into users' fears in order to trick them into buying worthless software packages. Some malicious sites use legitimate online payment services to process credit card purchases, offering receipts and serial numbers.
"Marks ended up running scareware packages of little or no utility, at best. Some of these packages install malicious code or reduce the overall security of a client PC, while in other cases users' payment details are used to facilitate further forms of fraud.
"The comparatively low-risk, fast-growing form of cybercrime typically uses an affiliate-based sales model. Symantec’s study found that the top ten sales affiliates of scareware distribution site TrafficConverter.biz earned an average of $23,000 per week."
From The Register...
"Security researchers are seeing a resurgence of Gumblar, the name for a piece of malicious code that is spread by compromising legitimate but insecure Web sites.
"In May, thousands of Web sites were found to have been hacked to serve up an iframe, which is a way to bring content from one Web site into another. The iframe led to the `gumblar.cn` domain. Gumblar would then try to exploit the user's PC via software vulnerabilities in Adobe Systems products such as Flash or Reader and then deliver malicious code.
"Gumblar has also now changed its tactics. Rather than hosting the malicious payload on a remote server, the hackers are now putting that code on compromised Web sites, vendors IBM and ScanSafe say. It also appears Gumblar has been updated to use one of the more recent vulnerabilities in Adobe's Reader and Acrobat programs, according to IBM's Internet Security Systems Frequency X blog.
"The hackers know that it's only a matter of time before a malicious domain is shut down by an ISP. The new tactic, however, `gives them a decentralized and redundant attack vector, spread across thousands of legitimate websites around the world,` IBM said."
"Despite an improving economy, companies aren't moving quickly replace servers, PCs and printers, which will likely cause an increase in failure rates over the next two years, according to Gartner Inc.
"In round numbers, the scheduled replacement of some 3 million servers worldwide, or about 3% of all servers, has been delayed, Peter Sondergaard, Gartner's global head of research, said today at the research firm's Symposium/ITxpo 2009 conference here. He added that the number of delayed replacements should reach 10% of all servers by 2010.
"As a result, Sondergaard said, IT operations `are going to have to start to plan for the impact of increased equipment failure rates.`"
"When CIO Will Weider encouraged employees at Ministry Health Care and Affinity Health System in Wisconsin to use Facebook to spread the word about new programs and successful projects, he was surprised at the result: Few did so.
"`I went in there thinking, 'We've turned these people loose; we'll have 10,000 marketers out there,'` Weider says. But the Ministry Health workforce, it turned out, had been well trained to protect sensitive data, and without explicit guidance on what they could say, their first reaction was to share nothing.
"`We've stressed the importance of data security with our employees, particularly when it comes to patient privacy, and it's kept them from sharing all the great things about work on Facebook,` Weider says.
"That's a good problem to have. Many fear that the popularity of social networking -- among individuals as well as organizations -- will precipitate an increase in social engineering attacks that could result in security breaches that expose corporate data or damage a company's reputation."
More at NetworldWorld...
"When patients visit a physician or hospital, they know that anyone involved in providing their health care can lawfully see their medical records.
"But unknown to patients, an increasing number of outside vendors that manage electronic health records also have access to that data, and are reselling the information as a commodity.
"The revelation comes in a recent New York Times article about how so-called `scrubbed` patient data isn’t as anonymous as people think. The piece focuses primarily on how anonymized data can be cross-bred with other publicly available databases, such as voting records, which subverts the anonymity. Buried near the end of the article is the news that medical data is collected, anonymized and sold, not by insurance agencies and health care providers, but by third-party vendors who provide medical-record storage in the cloud."
More at Wired...
"The massive Zbot botnet that spreads the treacherous Zeus banking Trojan has been launching a wave of relatively convincing phishing attacks during the past few days -- the most recent of which is a phony warning of a mass Conficker infection from Microsoft that comes with a free "cleanup tool."
"The wave of attacks began early last week targeting corporations in the form of email messages that alerted victims of a `system upgrade.` Email is accompanied by poisoned attachments and links; in some cases it poses as a message from victims' IT departments, including their actual email domains, and alerts them about a "security upgrade" to their email accounts. The message then refers victims to a link to reset their mailbox accounts, and the link takes them to a site that looks a lot like an Outlook Web Access (OWA) page, but instead infects them with the Zeus Trojan.
"Today, researchers at F-Secure spotted the botnet spamming out malware-laden email that tries to trick recipients with a convincing lure messages that says, `On October 22, 2009 server upgrade will take place.`
"`What we're seeing is an evolving campaign of different lures to see which one works,` says Richard Wang, manager of Sophos Labs in the U.S.
"The Zbot botnet, which is made up of 3.6 million PCs in the U.S., or 1 percent of all PCs in the country, according to data from Damballa, spreads the deadly Zeus Trojan. Zeus, which steals users' online financial credentials, represents 44 percent of all financial malware infections today, according to Trusteer."
Friday, October 16, 2009
"An add-on that Microsoft silently slipped into Mozilla's Firefox last February leaves that browser open to attack, Microsoft's security engineers acknowledged earlier this week.
"One of the 13 security bulletins Microsoft released Tuesday affects not only Internet Explorer (IE), but also Firefox, thanks to a Microsoft-made plug-in pushed to Firefox users eight months ago in an update delivered via Windows Update.
"`While the vulnerability is in an IE component, there is an attack vector for Firefox users as well,` admitted Microsoft engineers in a post to the company's Security Research & Defense blog on Tuesday. `The reason is that .NET Framework 3.5 SP1 installs a 'Windows Presentation Foundation' plug-in in Firefox.`
"What was particularly galling to users was that once installed, the .NET add-on was virtually impossible to remove from Firefox..."
More at Computerworld...
Tuesday, October 13, 2009
"A man who died in a suspected murder-suicide in Mooresville recently lost his UNC Charlotte computer job to state budget cuts after more than a decade working at the university, according to a statement from the school.
"A law enforcement official said Monday evidence suggests one of the parents was involved in the quadruple shooting early Sunday and died from a self-inflicted gun shot wound. The shooting also left the couple's two adult sons in critical condition.
"Iredell Sheriff's Capt. Darren Campbell, the lead investigator, wouldn't say which parent was suspected, saying investigators would wait for initial autopsy reports this week before releasing details.
"He said `nothing stands out` in the family history that might readily explain the violence. The family members do not have criminal records in North Carolina, and police said they hadn't been summoned to the house before.
"Public records and interviews with neighbors indicate the four family members were living in the same home where the shooting occurred, at 130 Peninsula Drive, about a half-mile from Lake Norman.
"Douglas Alan Thomas Sr., 57, and his wife, Linda Malone Thomas, also 57, died in the shooting spree. The sons, Douglas Alan Thomas Jr., 28, and Christian Edward Thomas, 25, underwent emergency surgery Sunday at Carolinas Medical Center.
"UNCC Chancellor Phil Dubois didn't immediately respond to a request for comment Monday.
"But a UNCC spokesman said Monday that Douglas Thomas Sr. lost his job Aug. 31 as a networking specialist in the school's Department of Information & Technology Services. He was one of only 15 university employees laid off by budget cuts and departmental reorganizations.
"A state salary database from May showed he was earning an annual salary of $81,070."
From the Charlotte Observer...
Monday, October 12, 2009
"Integrated Surveillance System is a proposal for fully-integrated surveillance system which leverages Cisco network services on ISR and combines them in a new, smart way to build a security system. With this solution, existing IP phones can be turned on during non-working hours, to monitor any audio signals in the offices. If there are abnormal audio signal patterns, the application notifies external security services or devices such as cell phones, computers, video monitoring systems etc.
"It is a simple and cost effective means to enable a security solution in branch office by leveraging existing network infrastructure. This solution improves manageability of security systems by providing an integrated security framework."
"When Metzti Bryan tried to check Facebook at work a few months ago, the familiar white and blue layout of the social networking website didn’t load. Instead, she was taken to a page with a stern message: `This site is prohibited.`
"In the weeks that followed, other sites were added to the blocked list: Twitter, PerezHilton.com and even the Ontario Lottery and Gaming Corporation’s website.
"Her co-workers were not pleased.
"`There was a big uproar,` said Ms. Bryan, 27.
"But soon after, tempers cooled. It turned out that getting around the restrictions was easy..."
More at The Globe and Mail...
Friday, October 9, 2009
"A huge majority of user-generated comments to blogs and forums are malicious, while tools are largely ineffective.
"Websense's biannual `State of the Internet` report revealed that 95 per cent of user-generated comments to blogs, chat rooms and message boards are spam or malicious. Websense Security Labs also identified a 233 per cent growth in the number of malicious websites in the last six months and a 671 per cent growth during the last year.
"Looking at Web 2.0 security trends, the report found that the websites are increasingly being used to carry out a wide range of attacks, and claimed that `efforts to self-police these Web 2.0 properties have also been largely ineffective`.
"The report said: `Websense research during the period showed that community-driven security tools (asking users to report inappropriate content) on sites like YouTube and BlogSpot are 65 per cent to 75 per cent ineffective in protecting web users from objectionable content and security risks.`"
From SC Magazine...
"Attackers once again are targeting an unpatched vulnerability in Adobe Reader that allows them to take complete control of a user's computer, the software maker warned.
"Adobe said it planned to patch the critical security bug in Reader and Acrobat 9.1.3 for Windows, Mac and Unix on Tuesday, the date of the company's previously scheduled patch release for the PDF reader. According to Security Focus here, attackers can exploit the vulnerability by tricking a user into opening a booby-trapped PDF file.
"`Successful exploits may allow the attacker to execute arbitrary code in the context of a user running the affected application,` the security site warned. `Failed attempts will likely result in denial-of-service conditions.`
"The bug is presently being exploited in `limited targeted attacks,` Security Focus added, without elaborating. Adobe said only that the attacks target Reader and Adobe running on Windows operating systems."
More at The Register...
Thursday, October 8, 2009
"Avatars are creeping into business environments and will have far reaching implications for enterprises, from policy to dress code, behavior and computing platform requirements, according to Gartner, Inc. Gartner predicts that by year-end 2013, 70 percent of enterprises will have behavior guidelines and dress codes established for all employees who have avatars associated with the enterprise inside a virtual environment.
"Avatars are two- or-three dimensional objects that most often resemble a human and are often animated and controlled remotely by a person in a virtual or 3-D Internet environment. In a business setting they are used as visual representations of people.
"`As the use of virtual environments for business purposes grows, enterprises need to understand how employees are using avatars in ways that might affect the enterprise or the enterprise’s reputation,` said James Lundy, managing vice president at Gartner. `We advise establishing codes of behavior that apply in any circumstance when an employee is acting as a company representative, whether in a real or virtual environment. Addendums, specific to virtual environments can be added as required.`"
From Internet Ad Sales...
Wednesday, October 7, 2009
"A former Wachovia Bank executive who had handled insider fraud incidents says banks are in denial about just how massive the insider threat problem is within their institutions. Meanwhile, the economic crisis appears to be exacerbating the risk, with 70 percent of financial institutions saying they have experienced a case of data theft by one of their employees in the past 12 months, according to new survey data.
"Shirley Inscoe, who spent 21 years at Wachovia handling insider fraud investigations and fraud prevention, says banks don't want to talk about the insider fraud, and many aren't aware that it's an `epic problem.`
"`There needs to be more training around this issue,` says Inscoe, who co-authored a book about bank insider fraud called Insidious -- How Trusted Employees Steal Millions and Why It's So Hard for Banks to Stop Them, which publishes later this month. `We are seeing a huge increase in this country of organized crime rings threatening individuals who work in financial institutions and making them [commit fraud on their behalf],` she says."
More at dark reading...
Saturday, October 3, 2009
"The FBI is helping out the Steuben ARC after overseas hackers stole more than $40,000. Police say the hackers went through an employee's microsoft windows computer system. That worker had access to ARC's bank account.
"Authorities say the crooks were from Eastern Europe and used that information to steal the money. Since then, the Steuben ARC has limited their employee's internet access. They've also switched from a Microsoft operating system to Linux, which is said to be tougher to hack."
Wednesday, September 30, 2009
"New malware being used by cybercrooks does more than let hackers loot a bank account; it hides evidence of a victim’s dwindling balance by rewriting online bank statements on the fly, according to a new report.
"The sophisticated hack uses a Trojan horse program installed on the victim’s machine that alters html coding before it’s displayed in the user’s browser, to either erase evidence of a money transfer transaction entirely from a bank statement, or alter the amount of money transfers and balances.
"The ruse buys the crooks time before a victim discovers the fraud, though won’t work if a victim uses an uninfected machine to check his or her bank balance.
"The novel technique was employed in August by a gang who targeted customers of leading German banks and stole Euro 300,000 in three weeks, according to Yuval Ben-Itzhak, chief technology officer of computer security firm Finjan."
More at Wired...
"Social networks are rapidly becoming a primary channel to market for malware distributors and other cyber-criminals as the use of popular sites such as Twitter continues to take off, and the communications vehicles subsequently create new opportunities for attackers to hide their threats using features such as so-called link shorteners.
"Attackers have been working to infiltrate and abuse social networks for years, but the issue is becoming truly pervasive nowadays as they shift even more of their efforts away from more traditional electronic messaging systems and distribute a greater share of their nefarious content over so-called Web 2.0 sites, in particular Twitter, according to Symantec security researcher Ben Nahorney.
"The distribution of malware infection links over Twitter has become particularly problematic of late, Nahorney noted in a recent blog post. Since the 140 character limit for posts to made over micro-blogging platform has lead to widespread use of URL-shorteners obscure address details, and even savvy users of Twitter are likely taking bigger risks, the implication appears to be..."
More at eWeek...
Tuesday, September 29, 2009
"In a twist of Alanis Morrissettian irony, a man serving a six-year prison sentence for stealing millions of dollars through online credit card fraud recently succeeded in (surprise!) hacking into his prison's computer network, effectively paralyzing the entire system. The really incomprehensible part, though, is that officials at Ranby Prison, close to Retford, Nottinghamshire, England, gave him access to the computer.
"Apparently in dire need of an internal TV station at the facility, officers decided against hiring a third party (e.g., not a convicted hacker) to set up the system. They instead opted to keep the operation in (the Big) house, delegating the duty to one Douglas Havard. So, as convicted hackers are wont to do, Havard, left unguarded, worked his way into the prison's hard drive, and set up a labyrinth of passwords to lock everyone else out of the system....."
More at switched.com...
"Employee misconduct investigations, often involving workers accessing pornography from their government computers, grew sixfold last year inside the taxpayer-funded foundation that doles out billions of dollars of scientific research grants, according to budget documents and other records obtained by The Washington Times.
"The problems at the National Science Foundation (NSF) were so pervasive they swamped the agency's inspector general and forced the internal watchdog to cut back on its primary mission of investigating grant fraud and recovering misspent tax dollars.
"`To manage this dramatic increase without an increase in staff required us to significantly reduce our efforts to investigate grant fraud,` the inspector general recently told Congress in a budget request. `We anticipate a significant decline in investigative recoveries and prosecutions in coming years as a direct result.`"
More at The Washington Times...
Monday, September 28, 2009
"New research from Sophos underscores a growing interest in the Mac among cyber-criminals.
"In a presentation at Virus Bulletin's VB Conference, in Geneva, Sophos Labs researcher Dmitry Samosseiko revealed a malware affiliate network offering 43 cents per infected Mac computer. The offer was the work of a larger network of Russian spammers, malware authors and businesspeople pushing everything from phony watches to medications—an alliance he called the `Partnerka.`
"This goes to show that Apple Macs, which are targeted far less than Microsoft Windows PCs, are not without security threats..."
Thursday, September 24, 2009
New Low In Blaming The Victim
"UK cybercrime has rebounded to worrying levels, not seen since 2006, as a result of the recession and consumer complacency, according to Garlik's annual UK Cybercrime report.
"The report, which analyses publicly available data to build a comprehensive view of cybercrime in the UK, revealed that during 2008 cybercriminals adapted to the social and economic changes in the UK to exploit victims in new ways and commit over 3.6 million criminal acts online (that’s over one every 10 seconds). In addition, the researchers believe that there is a growing complacency amongst consumers demonstrating poor understanding of their responsibility to protect their personal information against fraud.
"One of the most significant changes in cybercrime has been the 207% increase in account takeover fraud indicating that criminals have now shifted their efforts from opening new accounts with stolen identities to accessing existing accounts. Savvy criminals have got round the drying up of available credit in the current economic climate to maintain their illegal activities.
"`We fear that account takeover fraud will continue to increase in 2009 due to the decline of available credit and tighter credit checking by the banks,` commented Tom Ilube, CEO, Garlik. `Consumers must be extra vigilant of all their online and financial accounts as well as avoiding increasingly convincing phishing scams.`"
Wednesday, September 23, 2009
"Microsoft has filed what are believed to be the first lawsuits designed to stop the growing practice of malvertising
"The company has filed five suits against unnamed individuals who it has accused of posting malicious and deceptive code through ads on its MSN advertising network.
"The suits allege that individuals using the business names Soft Solutions, Direct Ad, qiweroqw.com, ITmeter INC, and ote2008.info used malvertisements to distribute the malicious software or present deceptive websites that peddled scareware to unsuspecting online users.
"Associate general counsel Tim Cranton said that although Microsoft doesn't know the names of the specific individuals involved, by filing the civil suits in a US court it hoped to uncover the individuals responsible and prevent them from continuing to deploy malvertising.
"`We hope that today's filings will help deter malvertising in the future,` Cranton said in a blog post. The documents were filed in King County Superior Court in Seattle, Washington."
Wednesday, July 29, 2009
"On Thursday, two researchers plan to reveal an unpatched iPhone bug that could virally infect phones via SMS.
"If you receive a text message on your iPhone any time after Thursday afternoon containing only a single square character, Charlie Miller would suggest you turn the device off. Quickly.
"That small cipher will likely be your only warning that someone has taken advantage of a bug that Miller and his fellow cybersecurity researcher Collin Mulliner plan to publicize Thursday at the Black Hat cybersecurity conference in Las Vegas. Using a flaw they've found in the iPhone's handling of text messages, the researchers say they'll demonstrate how to send a series of mostly invisible SMS bursts that can give a hacker complete power over any of the smart phone's functions. That includes dialing the phone, visiting Web sites, turning on the device's camera and microphone and, most importantly, sending more text messages to further propagate a mass-gadget hijacking."
More at Forbes.com...
Tuesday, July 28, 2009
"Send more PoCs!""Microsoft has been forced to issue emergency patches for its Windows operating system after researchers discovered a way to bypass a critical security mechanism in the Internet Explorer browser.
"During a Wednesday talk at this week's Black Hat conference in Las Vegas, researchers Mark Dowd, Ryan Smith and David Dewey will show a way of bypassing the 'kill-bit' mechanism used to disable buggy ActiveX controls. A video demonstration posted by Smith shows how the researchers were able to bypass the mechanism, which checks for ActiveX controls that are not allowed to run on Windows. They were able to then exploit a buggy ActiveX control in order to run an unauthorized program on a victim's computer.
"Although the researchers have not revealed the technical details behind their work, this bug could be a big deal, giving hackers a way of exploiting ActiveX problems that were previously thought to have been mitigated via kill-bits."
More at PCWorld...
Monday, July 13, 2009
"A critical ActiveX vulnerability used by hackers to exploit Microsoft Corp.'s Internet Explorer browser is a prime candidate for another Conficker-scale attack, security experts said.
"On July 6, just hours after security companies reported that thousands of compromised sites were serving up exploits, Microsoft acknowledged the flaw in the ActiveX control that can be accessed using IE. The bug has been used by hackers since at least June 9.
"Microsoft said it will issue a patch for the flaw on July 14..."
More at ComputerWorld...
Thursday, July 9, 2009
"Denial-of-service attacks against government Web sites in this country and South Korea appear to have had little impact and are not particularly sophisticated, experts say.
"`It’s a very noisy attack,` said Rick Howard, intelligence director at VeriSign iDefense, which provides cybersecurity and intelligence services for private- and public-sector organizations. `Everyone in government says it didn’t affect them that much.`
"`It’s been more of a nuisance,` said Phil Neray, vice president of security Strategy at Guardium. `We have countermeasures for denial-of-service attacks.`
"Several security companies have obtained the malicious code used to carry out the attacks. Symantec Corp. identified it as W32.dozer and a variant of the MyDoom worm that has infected a large number of computers."
More at Federal Computer Week...
Wednesday, July 8, 2009
"The number of exploits being written to target specific software vulnerabilities could be at all-time highs, new threat figures have suggested.
"Fortinet's Threatscape report for June, which actually covers the period between 21 May and 20 June, reveals that of the 108 new vulnerabilities added to its firewall intrusion detection system in the period, 62 were being actively exploited.
"This is equivalent to a 57.4 percent exploit rate, a rise over previous months and in line with increasing percentages and absolute numbers for recent months. For comparison, April-May exploit rates stood at 46.4 percent, with March-April at 31.3 percent..."
Friday, June 26, 2009
"Security researchers have found a treasure chest of FTP passwords, some from high profile sites, on an open cybercrime server.
"Jacques Erasmus, CTO at security tools firm Prevx, stumbled across a site where a Trojan is uploading FTP login credentials captured from compromised machines. So far, Erasmus has found logins for ftp.bbc.co.uk, ftp.cisco.com, ftp.amazon.com, ftp.monster.com and, even security sites including ftp.mcafee.com and ftp.symantec.com along the extensive list of more than 68,000."
Wednesday, June 24, 2009
"A 29-year-old software engineer who was laid off four months back hanged himself last night, apparently fed up with his joblessness.
"Police said Sachin B. Khandewar, who hailed from Sholapur in Maharashtra and had been working in a city firm, hanged himself from the ceiling fan at his aunt’s house in the Kacheguda area.
"He left behind a suicide note addressed to the police saying his `unsuccessful career` had forced him to take the dire step, the police said.
"`I am bored of this meaningless and useless life. My unsuccessful career is the cause of my death. Nobody is responsible for it,` the note said."
Saturday, June 13, 2009
"One day last August, the Secret Service paid a visit to the new owners of Custom House Coffee off West Main Road.
"The news they brought was bad: Computer hackers, whereabouts unknown, had used sophisticated spy software to break into the store’s wireless network and steal the credit and debit card numbers of customers.
"In all, about 50 customers of Custom House Coffee had been victimized, as early as May 2008, according to Police Chief Lance Hebert. But it wasn’t until the victims got their bank or credit card statements and saw charges they didn’t recognize that they realized they had been robbed. As the police reports started to filter in, detectives began connecting the dots..."
More at projo.com...
Friday, June 12, 2009
"The Microsoft .NET Framework 3.5 Service Pack 1 update, pushed through the Windows Update service to all recent editions of Windows in February 2009, installs the Microsoft .NET Framework Assistant firefox extension without asking your permission.
"This update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for websites to easily and quietly install software on your PC. Since this design flaw is one of the reasons you may've originally choosen to abandon IE in favor of a safer browser like Firefox, you may wish to remove this extension with all due haste..."
More at annoyances.org...
Thursday, June 11, 2009
'Hackers hijacked the Church News Twitter account last weekend and Twitter staffers took down the site early today because the infiltrators had gained total control over the feed.
"Charlie Craine, director of interactive media for the Deseret News, said he realized Sunday night that the Church News account had been compromised.
"`We tried to get it back,` he said, but he soon realized that the hacker had even been able to change the password and lock him out.
"`I don't know how they got the password,` Craine said. `I'm very skeptical (of Twitter) now.` He expressed concern for other Twitter accounts the Deseret News operates."
From Deseret News...
"Every PC in China could be at risk of being taken over by malicious hackers because of flaws in compulsory government software.
"The potential faults were brought to light by Chinese computer experts who said the flaw could lead to a `large-scale disaster`.
"The Chinese government has mandated that all computers in the country must have the screening software installed.
"It is intended to filter out offensive material from the net."
More at BBC News...
Tuesday, June 9, 2009
"The boss of Indian software firm LxLabs was found dead in a suspected suicide on Monday.
"Reports of the death of K T Ligesh, 32, come in the wake of the exploitation of a critical vulnerability in HyperVM, a virtualization application made by LXLabs, to wipe out data on 100,000 sites hosted by the UK web hosting firm VAserv.
"The effect of his death on the development of updated software by LxLabs is unknown at time of writing.
"Ligesh was found hanged in his Bangalore house on Monday morning, after a late night drinking session. The Times of India reports that he was upset with the loss of a recent contract..."
More at The Register...
"Nearly 100,000 websites have been shut down after hackers attacked a UK based internet service provider (ISP).
"The hackers got into Vaserv through a zero-day vulnerability in its virtualisation application, the widely used HyperVM, created by LXLabs.
"Reports across the web have stated the attack happened on Sunday night and according to Vaserv’s website, it is still working to fix the problems."
More at IT Pro...
"Purewire, Inc., a SaaS-based secure web gateway vendor, announced the launch of TweetGrade. TweetGrade provides a quantitative assessment of a user’s reach and influence in the Twitter community, and it helps people understand a user’s online reputation, legitimacy and safety. TweetGrade evaluates Twitter users based on their interactions on Twitter. The analysis is centered on a variety of inputs such as frequency and content of tweets, number of followers, number of those following, and activity level. Users receive a simple letter grade that ranges from an 'A+' to an 'F' to verify their reputation on Twitter and are able to share their TweetGrade with the Twitter community with a simple push of a button."
Source: EContent Magazine...
Saturday, June 6, 2009
"Ethical hackers are claiming a $10,000 prize for successfully breaking into the webmail account of the chief exec of
"The US start-up was so confident of its claims that its Darren Berkovitz published his account name and password in laying down a $10K challenge to hackers to break into his account and find out his schedule for 26 June.
"The group of researchers maintain they played fair and used a cross-site scripting (XSS) vulnerability to access the target account after first registering an account of their own with the service..."
More at The Register...
Monday, May 25, 2009
"Law enforcement computers were struck by a Mystery computer virus Thursday, forcing the FBI and the U.S. Marshals to shut down part of their networks as a precaution.
"The U.S. Marshals confirmed it disconnected from the Justice Department's computers as a protective measure after being hit by the virus; an FBI official said only that that agency was experiencing similar issues and was working on the problem..."
More at Yahoo Tech...
Friday, May 22, 2009
"On the same day it was revealed that users of YouTube, the world's largest video-sharing site, were uploading more than 20 hours of video footage every minute, the site was hit by a porn scandal which threatened to bring the service into disrepute. Over the course of 24 hours, the site was flooded with a number of pornographic video clips rumoured to be in the tens of thousands.
"In what is believed to have been a coordinated attack carried out by the infamous 4Chan group of hackers, clips containing nudity and sexual scenes were made available to the sites tens of millions of users. To circumvent the site's normal moderation policy, they were uploaded with titles referencing such favourite children's entertainers as Hannah Montana and the famous American Christian pop boy band duo, the Jonas Brothers. It is believed YouTube's moderation team have been working around the clock since the attack to try and take down the offending items, though the process may take weeks or even months thanks to the site's laissez-faire approach to content uploading, which relies on users flagging content as offensive before it is viewed by official representatives of the company..."
More at The Independent...
"Twitter users who thought friends were directing them to a "funny blog" Thursday ended up experiencing something completely different: a phishing scam.
"Twitter was hit by two different rounds of phishing Thursday, as criminals tried to take control of user accounts and then use them as a springboard to attack others.
"Both Twitter and Facebook have been hit with phishing attacks in recent days. `The social networking attacks are becoming increasingly common,` said Jamie De Guerre, chief technology officer with antispam vendor Cloudmark. `Spammers are really moving to attack social networks because of the popularity of the social networks and also because they're not as well defended as most e-mail platforms.`"
Tuesday, May 19, 2009
"A new attack that peppers Google search results with malicious links is spreading quickly, the U.S. Computer Emergence Response Team warned on Monday.
"The attack, which has intensified in recent days, can be found on several thousand legitimate Web sites, according to security experts. It targets known flaws in Adobe's software and uses them to install a malicious program on victims' machines, CERT said.
"The program then steals FTP login credentials from victims and uses that information to spread further. It also hijacks the victim's browser, replacing Google search results with links chosen by the attackers..."
Monday, May 18, 2009
"IT analyst firm Gartner has told businesses to skip Vista and prepare to roll out Windows 7.
"Companies have traditionally been advised to wait until the first Service Pack of an operating system arrives before considering migration.
"However, Gartner is urging organisations that aren't already midway through Vista deployments to give the much-maligned operating system a miss.
"`Skip Vista and target Windows 7,` Gartner analysts Michael Silver and Stephen Kleynhans advise in a research paper. `Preparing for Vista will require the same amount of effort as preparing for Windows 7, so at this point, targeting Windows 7 would add less than six months to the schedule and would result in a plan that is more politically palatable, better for users, and results in greater longevity.`
"Even businesses that are midway through planning a Vista migration are urged to consider scrapping the deployment..."
More at PC Pro...
Monday, May 11, 2009
"A band of brazen thieves ripped off hundreds of New Yorkers by rigging ATMs to steal account and password information from bank customers.
"They used the pilfered info to swipe half a million dollars from their victims' bank accounts - the latest twist in increasingly aggressive identity-theft scams, police said.
"`This crew is sophisticated,` said Deputy Inspector Gregory Antonsen, head of the NYPD's special investigations division. `And they are coming up with new ways to steal your identity every day.`"
More at NY Daily News...
"It's a great deal, if you're a spammer.
"You pay US$700 to use a server in China that lets you send all the spam you like. It's called bulletproof hosting, and to the people who fight spam and cybercrime it's becoming a big problem.
"Cybercriminals use these services not just to host servers, but also to register Internet domain names that they use for spam and online attacks. In a three-month period this year, researchers at the University of Alabama at Birmingham traced more than 22,300 domains, all used to send online pharmaceutical spam, to just six bulletproof computers hosted in China..."
More at The Standard...
Thursday, April 30, 2009
"The Internet has become a great soapbox for ordinary citizens, but there is increasing controversy around the trend of anonymous political blogging. In 2006, it was estimated that 55 percent of American bloggers post under a pseudonym. But along with the explosion of anonymous blogs has come a whole host of problems. Some bloggers have used their anonymity to spread false information without ramifications. Others have used it to launch personal attacks against friend and foe alike.
"This has led to appeals from all over the political spectrum for regulation. Some blogging platform providers such as Tumblr are taking action on their own and shutting down anonymous blogs. The European Union entertained a proposal last fall to prohibit anonymous blogs. In the U.S., some have asked that the FCC categorize anonymous political blogs under campaign finance laws subject to regulation...
More at The American Spectator...
"Computer scammers are feeding off swine flu fears to entice people to download viruses or purchase bogus products.
"Emails titled `Are you worried about flu outbreak?` and `Global panic as swine flu spreads to Europe` are luring people into clicking on links or opening attachments that could be malicious, computer security company PC Tools said.
"PC Tools spokeswoman Magida Ezzat said cyber criminals were also using the celebrity angle, with email titles such as `Swine flu in Hollywood` and `Madonna caught swine flu`.
"`Hackers will play on any big event or celebrities and we've recently seen a lot of scams around the financial crisis as well as the inauguration of Barack Obama,` she said.
"The spam emails usually contain a link to a malicious website or what appears to be a PDF file, but is in fact a program that tries to steal user names and passwords."
Tuesday, April 28, 2009
"Tiny computers are everywhere—our cell phones, handheld gaming devices and set-top boxes, to name a few—so it should be no surprise that Marvell Technology in Santa Clara, Calif., one of the companies that makes the chips that go into such devices, managed to cram an entire home server into the SheevaPlug, a two-inch by four-inch (five- by 10-centimeter) box that plugs into any wall outlet and is almost indistinguishable from an oversize power supply.
"ScientificAmerican.com found some adventurous alpha geeks at the Massachusetts Institute of Technology's (M.I.T.) Computer Science and Artificial Intelligence Laboratory (CSAIL), Carnegie Mellon University, Intel and elsewhere and asked them what kind of uses they could come up with for the SheevaPlug. We came away with eight different ideas..."
More at ScientificAmerican.com...
"A magistrate has resigned from the bench following a complaint about his use of the Twitter network.
"IT consultant Steve Molyneux, from Telford, Shropshire, posted messages on the social networking site about cases at the town's magistrates' court.
"He said everything he reported on Twitter had already been said in open court and he had done nothing illegal.
"Mr Molyneux said he had been making use of the latest technology to bring `transparency` to the judicial system."
From the BBC...
Monday, April 27, 2009
"An IT administrator faces up to five years in prison after he tried to extort money from his former employers by threatening to crash the company’s servers.
"Viktor Savtyrev, 29, pleaded guilty to extortion after he threatened his former employers with computer crashes. He also threatened to enlist Eastern European hackers to launch attacks against his former employer, New York investment firm Third Avenue Management.
"`My comrades for a small fee are able to help me out with bridging the firewall security and carry out data destruction and virus outbreak,` Savtyrev wrote in an e-mail to the company, according to the complaint.
"`I located the names and e-mail addresses of the editors of Wall Street Journal, Newsweek and the Daily News and all of them should be very interested in getting an article about a mutual fund (losing) data because some 'Crazy Russian' (this is the name of the article which I wrote last night), was fired after 5 years of loyal service.`
"Savtyrev was laid off in November but was reportedly upset at the parsimonious nature of his severance package. He told his employers that he wanted more money, better medical coverage and `excellent references,` or he would take action.
"However, Savtyrev made a serious mistake in putting his demands down in an email to directors, who promptly handed it over to the FBI, who arrested him within days."
Wednesday, April 22, 2009
Baby Got Haxx
"The world's largest-ever malware network has been uncovered, affecting 1.9 million corporate, government and consumer computers.
"Finjan Inc's Malicious Code Research Center (MCRC) uncovered the network as part of research into command and control servers operated by cybercriminals.
"`It is the biggest ever - 600,000 was the largest last year,` a spokesman for Finjan told TG Daily. He declined to name the organisations affected, but said `I think you can assume that most large corporations and most western governments are affected.`"
More at TG Daily...
Tuesday, April 21, 2009
"Hackers broke into U.S. Department of Defense computers and downloaded terabytes of data containing design information about the Joint Strike Fighter, a US$300 billion stealth fighter currently under development, according to The Wall Street Journal.
"The stolen files all relate to the design of the Joint Strike Fighter and its electronic systems, the Wall Street Journal reported, saying they could be used to help defend against the jet...
"The reported attack raised more questions than it answered.
"For example, the report did not say how attackers managed to download terabytes of data before being discovered. A single terabyte can take up to several weeks to download over a relatively fast data connection, such as a DSL or cable modem..."
More at NetworkWorld...
Friday, April 17, 2009
"If you let yourself get tempted into installing the pirated versions of iWork or Photoshop CS4 that circulated on Bit Torrent earlier this year, you may have unwittingly turned your Mac into a zombie. Security researchers for Symantec have turned up evidence that these zombie machines are being used to create a Mac-based botnet.
"Botnets are used to perform DDoS attacks on systems, gather sensitive personal information, and send out a majority of the spam that clogs up the 'Net. While commonly made out of infected Windows computers, this is the first known attempt to create one from Macs..."
More at Ars Technica...
Wednesday, April 15, 2009
"PandaLabs has identified over a million spam links used to target Google searchers looking for information about automotive parts from Ford and Nissan especially. Panda calls it `a major Blackhat SEO attack` designed to dupe searchers into downloading spyware or purchasing phony security software.
"Searching for the keyphrase `Diagram Of A 1998 Nissan Pathfinder Blower Motor,` for example leads to a Google results page packed with spammy sites. A savvy user can identify them by their unusual URLs starting with an arbitrary number, followed by nonsensical combinations of letters and resolving to Polish domains..."
Tuesday, April 14, 2009
"SAN FRANCISCO (AP) - Proxy servers are an everyday part of Internet surfing. But using one in a crime could soon lead to more time in the clink.
"A key vote Wednesday on new federal sentencing guidelines would classify the use of proxies as evidence of `sophistication,` increasing sentences by about 25 percent _ which could mean years or even decades longer behind bars, depending on the crime. It's akin to judges handing down stiffer sentences when a gun is used in a robbery.
"Yet digital-rights advocates are worried. Although they aren't absolving criminals, they complain that the proposal is so broad, it could lead to unnecessarily harsh sentences for tech neophytes who didn't know they were using proxies in the first place or who were simply engaging in a practice often encouraged as a safer way of using the Internet..."
More at KTAR.com...
Thursday, April 9, 2009
"The Conficker worm is finally doing something--updating via peer-to-peer between infected computers and dropping a mystery payload on infected computers, Trend Micro said on Wednesday.
"Researchers were analyzing the code of the software that is being dropped onto infected computers but suspect that it is a keystroke logger or some other program designed to steal sensitive data off the machine, said David Perry, global director of security education at Trend Micro.
"The software appeared to be a .sys component hiding behind a rootkit, which is software that is designed to hide the fact that a computer has been compromised, according to Trend Micro. The software is heavily encrypted, which makes code analysis difficult, the researchers said."
"The hackers who reportedly planted malware on key parts of the U.S. electrical grid, perhaps with the intent to cripple the country's power infrastructure, most likely gained access like any other cybercriminal -- by exploiting a bug in software such as Windows or Office, a security researcher said today.
"`Any computer connected to the Internet is potentially vulnerable,` said Roger Thompson, chief research officer at AVG Technologies USA Inc. `Getting to the actual infrastructure devices directly -- that's always possible, but a whole lot less likely. In any industry, critical or not, there are always plenty of PCs that have been compromised.`"
Saturday, April 4, 2009
"BINGHAMTON, N.Y. (AP) — A gunman opened fire on a room where immigrants were taking a citizenship exam in downtown Binghamton on Friday, killing as many as 13 people before committing suicide, officials said.
"Gov. David Paterson said at a news conference that 12 or 13 people had been killed. The suspected gunman carried identification with the name of 42-year-old Jiverly Voong of nearby Johnson City, N.Y., a law enforcement official said.
"The suspect's body was found with a self-inflicted gunshot wound in an office of the American Civic Association building, said the official, who was not authorized to speak publicly and was talking on condition of anonymity.
"The gunman barricaded the rear door of the building with his car before entering through the front door, firing his weapon, the official said.
"The gunman had recently been let go from IBM in Johnson City, said Rep. Maurice Hinchey, whose district includes Binghamton. The gunman opened fire on a citizenship class, he said."
More at The Macomb Daily...
Friday, April 3, 2009
Texas Senate Bans Vista
"The Texas state Senate yesterday gave preliminary approval to a state budget that includes a provision forbidding government agencies from upgrading to Microsoft Corp.'s Windows Vista without written consent of the legislature.
"Sen. Juan Hinojosa, a Democrat from McAllen and vice chairman of the Finance Committee, proposed the rider because "of the many reports of problems with Vista."
"`We are not in any way, shape or form trying to pick on Microsoft, but the problems with this particular [operating] system are known nationwide,` Hinojosa said during a Senate session debating the rider Wednesday evening (starting at 4:42 of this RealMedia video stream). `And the XP operating system is working very well.`
"The rider requires state agencies to get the written approval of the Legislative Budget Board before purchasing Vista licenses, upgrades or even new PCs with Vista pre-installed on it."
Wednesday, April 1, 2009
"Yoann Guillot and myself have been assessing the security of instant communication applications for a couple of years.
"For quite some time now, we have both suspected that it was possible to conduct both stealth and massive attacks on popular chat clients such as MSN, AIM, Trillian or mIRC.
"Today, we have verified our intuition by creating an encoder that can make any shellcode look like a smiley. It is possible to encode malicious shellcodes in emoticons, leaving exploits indistinguishable from genuine chat messages.
"This would make massive attacks against instant messaging applications impossible to catch by anti-virus, IDS or similar signature based technologies. Moreover, it is possible to conduct attacks with plausible deniability."
More at blogspot...
Thursday, March 26, 2009
"Enterprises increasingly worry that their employees may be more willing to steal data or sell insider knowledge because of the poor economy, according to an annual security survey conducted by KPMG International.
"Sixty-six percent of respondents felt that out-of-work IT staffers would be tempted to join the criminal underground, driven in part by threats to bonuses, job losses and worthless stock options.
"The E-crime Survey 2009, presented at the E-Crime Congress in London on Tuesday, surveyed 307 private companies, government organizations and law enforcement agencies.
"In the survey, KPMG said that fraud committed by managers, employees and customers tripled last year in comparison with 2007, which indicates that the recession will likely only exacerbate those problems..."
More lies at ComputerWorld...
Tuesday, March 24, 2009
"As Twitter's popularity grows, firms are attempting to take advantage of its free social networking services to help cut recruitment costs during difficult economic times. But the value of Twitter as a platform for finding new employees remains unproven.
"U.K. mobile network operator, O2, recently released the results of research on Twitter adoption among small U.K. businesses, and found that 62 percent of the 500 small businesses it questioned viewed cost-cutting as one of the greatest benefits of the service. Respondents cited marketing and recruitment functions as the most common way to reduce overhead through the social network; 16 percent claimed to have saved over £1000 as a result.
"U.S. digital agency Organic even claims it has now shifted 75 percent of its recruitment efforts towards social networking platforms. The company finds Twitter to be especially appealing thanks to the tech-savvy audience it attracts and the free services it offers..."
More at ClickZ...
Posted by Hinky at 8:59 AM
Monday, March 23, 2009
No Surprise There"Security researchers are in the dark about what will happen next week when the newest variant of Conficker, 2009's biggest worm by a mile, begins trying to contact its controllers.
"`It's impossible to know until we see something that has a clear profit motive,` said Joe Stewart, director of malware research at SecureWorks Inc. and a noted botnet researcher.
"PCs infected with Conficker.c, the third version of the worm that first appeared late last year, will use a new communication scheme on April 1 to establish a link to the command-and-control servers operated by the hackers who seeded the malware. The date is hard-coded into the worm, which in turn polls any of a number of major Web sites, including Yahoo, for the date, said Stewart.
"That tactic is just one of several designed to make it tough for security researchers to figure out what Conficker's all about, and more importantly, what it might do..."
Friday, March 20, 2009
"More than a thousand hackers are using reconfigured cable modems to fraudulently access free high speed Virgin Media broadband, sources have revealed.
"The hack has been made possible by the recent launch of Virgin Media's 50Mbit/s `XXL` package. It relies on new equipment running the upgraded DOCSIS 3.0 data transmission standard.
"The launch has allowed hackers to apply the new configuration from Virgin Media's official up to 50Mbit/s home modem to legacy DOCSIS 1.0 hardware, to access the DOCSIS 1.0 platform at higher speeds. Our source said over a thousand lines have been seen obtaining about 30Mbit/s downstream.
"Virgin Media told The Register it was aware of the problem and was working to address it."
From The Register...
"Micro-blogging site Twitter suffers from a potentially devastating vulnerability that forces logged-in users to post messages of an attacker's choice simply by clicking on a link.
"The XSS, or cross-site scripting, error was discovered by Secure Sciences Corp researchers Lance James and Eric Wastl, who have fashioned [a] link to demonstrate their finding. Clicking on it while logged in to Twitter causes users to immediately broadcast an innocuous message to all of their followers...
"Of course, it would be just as easy to craft links that do considerably more damage. Tweets are limited to just 140 characters, making it almost mandatory to use shortened URLs that obscure their final destination. While it's possible to preview the link before visiting, many Twitter users have grown so accustomed to them they click on them directly."
From The Register...
"A defunct payment gateway has exposed as many as 19,000 credit card numbers...
"The discovery by a local IT industry worker was made by mistake and appears to be caused by a known issue with the Google search engine, in which the pages of defunct web sites containing sensitive directories remain cached and available to anyone."
More at iTnews...
Saturday, March 14, 2009
"Adobe has released their new AIR product with much fanfare about letting developers "use proven Web technologies to build rich Internet applications that deploy to the desktop and run across operating systems." The grand vision that's being promoted is that AIR is pioneering the application development model of the future, where cross-platform applications will be developed using a platform-independent tool such as AIR, and then deployed across the Web as downloadable gadgets that can be installed on any computer...
"The designers of AIR obviously wanted to play in the desktop application space, so AIR applications have full access to the machine they are running on. But it seems that the AIR designers were unwilling to give up on also being a platform for casually loaded Internet gadgets, even though they did not see fit to give AIR a sandbox for running untrusted applications...
"The resulting situation will be a bonanza for criminal hackers. AIR will become the first truly cross-platform tool for distributing malicious applications. Macintosh and Windows, home and business computers will all be equal-opportunity targets for Trojan horse attacks, keystroke loggers, etc., truly realizing the dream of `write once, hack everywhere!`"
More at AjaxWorld...
"If you're hoping to score tickets to Coldplay's Vancouver concerts when they go on sale Saturday, you could find yourself up against computer hackers who can order up hundreds and even thousands of tickets in the time it would take you to punch in a single order.
"Scalpers looking to jump the online queue can program a computer to circumvent Ticketmaster's website security and automatically order tickets at speeds far beyond ones the ordinary buyer could hope to match...
"`Maybe it takes you a minute-and-a-half to click through to buy a ticket, in that minute-and-a-half the hacker could have made 100,000 ticket requests," said Ryan Purita, a forensic examiner and security specialist with Sherlock Forensics. "You cannot beat a hacker script...`"
Source: Vancouver Sun...
Friday, March 13, 2009
"Bank officials are beginning to recover some of the $200,000 that computer hackers are suspected of transferring out of the Carl Junction school district's account.
"The Joplin Globe is reporting that the amount recovered totals at least $80,000.
"Superintendent Phil Cook says a computer virus that struck on Feb. 26. allowed someone to access the district's bank account.
"He says about $200,000 was transferred earlier this month from the district's account to a number of banks nationwide in increments of about $8,000.
"The bank noticed the problem March 6 and contacted the southwest Missouri school district.
"Cook says the FBI is investigating."
Posted by Hinky at 12:56 PM
[See also this post. Is the pot calling the kettle black or does it simply take one to know one? -Hinky]
"Federal law enforcement officials filed bribery charges today against the District of Columbia's acting chief security officer, along with a one-time D.C. government employee who owns an IT outsourcing company that runs offshore operations in India. Both were later arraigned in federal court.
"Arrested this morning was Yusuf Acar, who currently is the District of Columbia's acting chief security officer; police said they found $70,000 in cash in his Washington home. Acar's annual salary is $127,468, according to court documents.
"The second suspect arraigned on bribery charges is Sushil Bansal, CEO and founder of Advanced Integrated Technologies Corp. (AITC), a Washington-based outsourcing vendor that has won a number of contracts from the district's IT department.
"In what the government officials described as the `McAfee Software Scheme,` Bansal's firm submitted a purchase order for 2,000 units of McAfee Foundstone software, which is used to provide automated scanning and vulnerability assessments, for $104,166. McAfee generated a quote for AITC for the purchase of 500 units of the software at $36,845, but AITC, the provider in this case, charged the D.C. government for 2,000 licenses."
Full article at ComputerWorld...
Thursday, March 12, 2009
"FBI agents have arrested a District of Columbia government worker and another man while they search the offices of the city's chief technology officer.
"The head of that city office, Vivek Kundra, recently left to take a White House technology post.
"A law enforcement official, speaking on condition of anonymity because charges had not yet been unsealed, said worker Yusuf Acar was arrested Thursday. Another man, Sushil Bansal, was also arrested. A court appearance is expected later in the day.
"Katherine Schweit, spokeswoman for the FBI's Washington field office, said the search was being conducted as part of an ongoing investigation.
"Schweit declined to give the subject of the investigation, or comment further on the case."
Wednesday, March 11, 2009
"The behemoth of Redmond, Wash., is methodically rolling out business software that's sold as an online service. There's a very compelling reason: For Microsoft, selling software-as-a-service means more revenues, and eventually profits, out of each transaction.
"Microsoft Senior Vice President Chris Capossela puts it bluntly: `Customers will write us bigger checks.`"
Full article at Forbes...
"Wikileaks has released detailed lists of the controversial Republican Senator Norm Coleman's supporters and donors. Some 51,000 individuals are represented.
"Although politically interesting in their own right, the lists, which are part of an enourmous 4.3Gb database leak from the Coleman campaign, provide proof to the rumors that sensitive information--including thousands of supporter's credit card numbers--where put onto the Internet on January 28 as a result of sloppy handling by the campaign.
"Senator Coleman collected detailed information on every supporter and website visitor and retained unencrypted credit card information from donors, including their security codes. Although made aware of the leak in January, Senator Coleman kept the breach secret, failing to inform contributors, in violation of Minnesota Statute 325E.61."
Good reading at WikiLieaks...
"Like unhip adults late to adopt a fad, police departments and other law enforcement agencies are jumping on the social networking bandwagon. They hope to break down bureaucratic boundaries between departments and jurisdictions and further the fight against crime.
"A few companies in the field are developing promising businesses, and supporters have given the trend a slightly cringe-inducing name: Law Enforcement 2.0.
"As in so many other realms where the use of technology has expanded in what seems an eye-blink, this crime-fighting method promises great improvements over traditional ways of getting things done. But it also challenges existing privacy protections, like limitations on the information investigators can share about people they may suspect of committing crimes..."
More at The New York Times...