Hinky Links

Facebook Can Get You Killed

2010-07-09T10:18:00.002-04:00

"WHNT NEWS 19 is tracking down new details on a murder-suicide in South Huntsville including information that shows the shooter and victim were friends at one time.

"Alan Brown is the man police say shot and killed another man before taking his own life. A friend of Brown says he leaves behind two children, a teenage son and a young daughter.

"The murder-suicide happened at an apartment off South Memorial Parkway. Witnesses in the area say they heard the two men arguing before hearing gunfire.

"WHNT NEWS 19 has uncovered a string of internet activity that links Brown to Lowhorne. It's on the social networking site, Facebook. We found postings from April made by Brown on Lowhorne's business page on Facebook. The comments were in a joking nature indicating the two may have been friends.

"There is also a recent picture on Lowhorne's personal Facebook page showing him with Alan Brown's wife, Christine, atop Lookout Mountain. Other postings on the page point to Lowhorne and Christine Brown having a romantic relationship. The page also show just a matter of hours before his death, Lowhorne had just changed his status on Facebook to `in a relationship.`

"WHNT NEWS 19 spoke with one of Brown's friends. Adrienne Griggs said Alan Brown, Christine Brown, and Ben Lowhorne were indeed friends. She also says her friend never showed he had the ability to kill anyone. The same friend believes something set Brown off.

"`I just couldn't see him doing anything like this. He was an extremely nice person,` said Griggs."

From WHNT News...

Microsoft: Sleeping With The Enemy... Again

2010-07-09T10:15:00.001-04:00

"Microsoft has signed a deal to open its Windows 7 source code up to the Russian intelligence services.

"Russian publication Vedomosti reported on Wednesday that Microsoft had also given the Russian Federal Security Service (FSB) access to Microsoft Windows Server 2008 R2, Microsoft Office 2010 and Microsoft SQL Server source code, with hopes of improving Microsoft sales to the Russian state.

"The agreement will allow state bodies to study the source code and develop cryptography for the Microsoft products through the Science-Technical Centre 'Atlas', a government body controlled by the Ministry of Communications and Press, according to Vedomosti."

More at ZDNet UK...

IT Contractor Of The Month

2010-07-05T12:25:00.001-04:00

"A former IT worker for the Bank of New York has admitted to stealing personal information of 2,000 employees and using it to steal more than $1m from charity bank accounts, city prosecutors said.

"Adeniyi Adeyemi, 27, used his position as a contract computer technician at the bank's headquarters to steal the personal identifying information of 2,000 employees, most of whom worked in the IT department. Over an eight-year span, he used the information to set up dummy bank accounts in the employees' names and then transfer stolen funds from at least 11 charities throughout the world.

"Adeyemi used publicly available routing numbers for the charities to initiate wire transfers through financial sites such as ETrade and Fidelity and deposit them into the dummy accounts. To better cover his tracks, he then transferred the funds to a second layer of dummy accounts, according to a press release issued by the New York City District Attorney."

From The Register...

$30M ERP Clusterf*ck

2010-06-04T10:50:00.002-04:00

"California's Marin County has sued Deloitte Consulting LLP for $30 million over an allegedly botched SAP Enterprise Resource Planning (ERP) project.

"The lawsuit, filed in Marin County Superior Court last Friday, accuses Deloitte of misrepresenting its skills and capabilities when originally pitching for the project in 2004.

"The 38-page complaint alleges that Deloitte was lying when the company promised to assemble a team of its "best resources" for the project and when it claimed to have `deep SAP and public sector knowledge` when marketing itself to the county.

"Deloitte's misrepresentation of facts resulted in a defectively designed and deficiently implemented project that resulted in the county having to pay millions of dollars to remedy, the lawsuit alleged.

"Meanwhile, Deloitte is claiming that it fulfilled all of its obligations under the contract..."

More at ComputerWorld...

Google To Defenestrate Windows

2010-05-31T23:24:00.003-04:00

"Google is phasing out the internal use of Microsoft’s ubiquitous Windows operating system because of security concerns, according to several Google employees.

"The directive to move to other operating systems began in earnest in January, after Google’s Chinese operations were hacked, and could effectively end the use of Windows at Google, which employs more than 10,000 workers internationally.

"`We’re not doing any more Windows. It is a security effort,` said one Google employee.

"`Many people have been moved away from [Windows] PCs, mostly towards Mac OS, following the China hacking attacks,` said another.

"New hires are now given the option of using Apple’s Mac computers or PCs running the Linux operating system. `Linux is open source and we feel good about it,` said one employee. `Microsoft we don’t feel so good about.`"

More at FT.com...

Tax Dollars To Fund Government Time-Waster

2010-05-31T08:30:00.002-04:00

"Federal employees and managers will be able to meet, interact, train and learn together in a government-only online virtual world being created in the vGov project.

"The Agriculture and Homeland Security departments, Air Force and National Defense University iCollege have joined to create the vGov virtual world behind a secure firewall that can only be accessed by federal employees with authenticated identities.

"Paulette Robinson, assistant dean for teaching, learning and technology at the iCollege, said at the Gov 2.0 Expo today the project will use the three-dimensional immersive experience of virtual worlds to bring employees together from locations worldwide for real-time interactions. People will use avatars to appear in the virtual world, where they can chat with other avatars and interact with the environment."

More at Federal Computer Weekly...

Tech CEOs Play Fiddle While Rome Burns

2010-05-24T15:06:00.002-04:00

"Data security and breach prevention ranks low as a risk factor for most big technical companies, according to new research that identifies the most widespread concerns among the 100 largest U.S. public technology companies. The research, released by BDO, a professional services firm, examines the risk factors listed in the fiscal year 2009 10-K SEC filings of the companies; the factors were analyzed and ranked in order by frequency cited.

"Among security risks, natural disasters, wars, conflicts and terrorist attacks were cited by 55 percent of respondents as a risk concern and was 16th on the list, much higher than breaches of technology security, privacy and theft, which was mentioned by 44 percent of the companies, putting it at 23rd on the list..."

More at NetworkWorld...

Treasury Department Web Sites PWN3D

2010-05-05T09:36:00.002-04:00

"The Treasury Department has taken offline four public Web sites for the Bureau of Engraving and Printing after the discovery Monday of malicious code on a parent site.

"The bureau began using a third-party cloud service provider to host the sites last year, it said Tuesday in a statement about the incident. “The hosting company used by BEP had an intrusion and as a result of that intrusion, numerous websites (BEP and non-BEP) were affected,” the statement said. The Treasury Government Security Operations Center was alerted to the problem and notified the bureau, which responded by taking the sites offline."

More at Government Computer News...

Proxies Not Secure? duh.

2010-05-04T07:50:00.002-04:00

"A widely used proxy service thought to provide anonymous Web surfing and used to skirt network administrator bans on access to sites like Facebook frequently reveals sensitive information about its users, according to a Swiss security researcher.

"Glype is a small bit of PHP code that routes requests for Web pages through other Web pages running its software, said the researcher, who runs the Swiss Security Blog and the Zeus Tracker project. He prefers to remain anonymous.

"The Glype code allows someone to, for example, access Facebook at work even if that page is blocked, as it appears the traffic is coming from the Web page running the proxy. Many companies now block sites such as Facebook.

"Glype's code is free, and anyone can install it on their Web page. But Glype is frequently misconfigured, the researcher said. It allow someone running a Glype proxy to turn on a log, which shows the IP (Internet protocol) address of the user, what site they requested and the time.

"Many of those people running a Glype proxy have not turned that logging function off, and worse yet, made it Web facing, meaning that URLs can be manipulated to reveal full logs.

"The researcher checked about 20 Glype proxies, found 1,700 logs files and more than one million unique IP addresses. `There are dozens of such 'insecure' proxies out there,` he said via instant message on Friday..."

From TechWorld...

Blippy Now An Officially Fucked Company

2010-04-23T13:18:00.001-04:00

"One day after being profiled by the New York Times, the social buying site, Blippy, is finding out that being in the public eye cuts in both directions.

"The six-month-old site lets users link their credit cards and e-commerce accounts and share that information with friends and even strangers on their purchases. The venture capitalists seem to be intrigued. Blippy has raised $11.2 million in funding from August Capital and Charles River Ventures.

"But there are limits to sharing private data - especially when it's not done voluntarily. Some sleuths have found they can use Google to come up with the credit card numbers of Blippy users."

More at CBSNEWS...

Scammers Riding High On McAfee's FAIL

2010-04-23T09:56:00.003-04:00

"Scammers have quickly piggybacked onto news of a buggy McAfee antivirus update that clobbered thousands of computers, security researchers said today.

"Early Wednesday, McAfee released a flawed signature update that wrongly tagged a crucial system file in Windows XP Service Pack 3 (SP3) as malware. After the software quarantined the `svchost.exe` file, thousands of PCs, most of them in businesses, crashed and rebooted repeatedly.

"Firms are still dealing with the aftermath, with some companies forced to manually reconfigure hundreds or even thousands of systems.

"The debacle made news not just in the technical press, but in more mainstream outlets, including the New York Times and USA Today.

"And news is scammers' bread and butter. Using their now-traditional technique of poisoning results at majorsearch engines like Google and Bing, `scareware` makers have pushed links touting fake antivirus software to at or near the top of the results lists, said Graham Closely, senior technology consultant with Sophos.

"The links appear when users type search terms such as `McAfee update` and `McAfee 5958,` the latter a reference to the faulty update's designation, added Panda Security in a post to its company blog today..."

More at ComputerWorld...

McAfee Steps On Its Dick

2010-04-21T20:48:00.006-04:00

"PCs across the country rebooted continuously Wednesday, in a mass outbreak reminiscent of the widespread computer viruses from a decade ago. The cause this time wasn’t a virus, however, but a glitch on the part of a company that’s supposed to stop such malicious programs.

"Security company McAfee Wednesday morning issued a software update intended to give the computers that it’s contracted to protect a new list of malicious files to block and delete. Somehow a file that is part of Microsoft’s Windows operating system made it on to the list. And when McAfee’s software deleted this file, all hell broke loose.

"People all over the country reported that their computers stopped working. Among the victimized organization were a hospital in Rhode Island, police in Kentucky and the National Science Foundation, according to the AP.

"Jamal Mazhar, who runs LodgeXcode Inc., a consulting firm for hotels, says his computer and others in his office have been rebooting since morning. His tech staff downloaded a fix, but hasn’t yet been able to get the computers working again. `We’re down hard,` he says.

"McAfee said in a statement that the company was `not aware of significant impact on consumers.` In terms of numbers, it said the incident impacted less than `one half of one percent` of its consumer base and enterprise accounts globally."

More at The Wall Street Journal...

EDITORIAL COMMENT: I can't help but wonder if the McAfee employess who are going to get fired for this will turn to cybercrime.
- Hinky

Zeus Botnet Exploits PDF "Feature"

2010-04-16T09:12:00.003-04:00

"The Zeus botnet is now using an unpatched flaw in Adobe's PDF document format to infect users with malicious code, security researchers said today.

"The attacks come less than a week after other experts predicted that hackers would soon exploit the `/Launch` design flaw in PDF documents to install malware on unsuspecting users' computers.

"The just-spotted Zeus variant uses a malicious PDF file that embeds the attack code in the document, said Dan Hubbard, CTO of San Diego, Calif.-based security company Websense. When users open the rogue PDF, they're asked to save a PDF file called `Royal_Mail_Delivery_Notice.pdf.` That file, however, is actually a Windows executable that when it runs, hijacks the PC.

"Zeus is the first major botnet to exploit a PDF's /Launch feature, which is, strictly speaking, not a security vulnerability but actually a by-design function of Adobe's specification. Earlier this month, Belgium researcher Didier Stevens demonstrated how a multistage attack using /Launch could successfully exploit a fully-patched copy of Adobe Reader or Acrobat..."

From ComputerWorld...

Oracles Relents, Offers "Quick & Dirty" Patch

2010-04-15T07:59:00.001-04:00

"Oracle today patched a critical Java vulnerability that is being exploited by hackers to install malicious software.

"The security update to Java SE 6 Update 20 patches a bug disclosed last Friday by Google security researcher Tavis Ormandy, who spelled out how attackers could run unauthorized Java programs on a victim's machine by using a feature designed to let developers distribute their software. Only systems running Windows are at risk.

"Oracle's patch appears quick and dirty, Ormandy said. `They've completely removed the vulnerable feature, literally replaced with 'return 0,'` he said on Twitter...

"Other researchers noted Oracle's turnaround today. `So it turns out that Oracle can actually patch Java in less than a week! Funny how vendors only care to do this after full-disclosure,` said noted browser researcher Alexander Sotirov, also on Twitter..."

From ComputerWorld...

Oracle To Users: FUCK YOU

2010-04-15T07:56:00.001-04:00

"Just five days after a Google researcher published information of an unpatched Java bug, a compromised song lyrics site is sending users to a Russian attack server exploiting the flaw to install malware, an antivirus firm said today.

"Last Friday, Google's Tavis Ormandy posted details of the Java vulnerability to the Full Disclosure security mailing list, spelling out how attackers could run unauthorized Java programs on a victim's machine by using a feature designed to let developers distribute their software. According to Ormandy, all versions of Java for Windows since SE 6 update 10 -- which debuted two years ago -- are vulnerable. Other operating systems running Java are unaffected, he said...

"Although Ormandy reported the flaw to Sun -- now part of Oracle -- he said the company declined to rush out a patch. `They informed me they do not consider this vulnerability to be of high enough priority to break their quarterly patch cycle,` Ormandy wrote on the mailing list. `I explained [to them] that I did not agree, and intended to publish advice to temporarily disable the affected control until a solution is available.`

"Oracle patched Java last week; its next regularly-scheduled update is slated for July."

More at ComputerWorld...

Another Day, Another Facebook Hack

2010-04-13T08:27:00.002-04:00

"For all the credit Facebook has received for its privacy controls and user safety, the site still falls prey to an unsettling number of security issues and potential data breaches. Last month a botched code push accidentally revealed private user email addresses, and before that Facebook accidentally sent private messages to the wrong recipients. Today, security engineer Joey Tyson, AKA theharmonyguy, has detailed a major security hole in Facebook Platform — one that would allow a malicious website to silently access a user’s profile information, photos, and in some cases, messages and wall posts, with no action required on the user’s part..."

From TechCrunch...

McAfee: Partnering With Scumbags To Rip You Off

2010-04-13T08:21:00.004-04:00

"Two California women have sued security company McAfee, accusing it of duping customers into subscribing to third-party services and passing consumers' credit or debit card information to the service supplier without their permission.

"The lawsuit, which was filed by Melissa Ferrington and Cheryl Schmidt, asked a San Francisco federal court to grant the case class-action status, and demanded that McAfee be barred from continuing the practice. The pair also asked for compensatory and punitive damages, which would be decided at trial.

"When customers purchase McAfee security software online, but before the download beings, a pop-up with a large "Try It Now" button appears.

"`The pop-up, mimicking the look of the other pages on the McAfee site, thanks the customer for purchasing McAfee software, and prompts McAfee's customers to click a red button to 'Try it Now,'` the lawsuit alleged.

"`The pop-up contains no obvious visual cues or conspicuous text indicating that it is an advertisement for another product, or that clicking on 'Try it Now' will lead not to the delivery of the McAfee product but rather to the purchase of a completely different product. Instead, all the visual cues suggest that 'Try It Now' is a necessary step in downloading the McAfee software.`

"By clicking on the pop-up, users agree to a $4.95 per month fee charged by Arpu, a company that creates Web ads "enabling an advertised product or service to be obtained with a single click," according to the Washington D.C. firm's Web site.

"Arpu's site lists McAfee as one of its partners...

"`A single click on the deceptive pop-up causes the purchase of an unwanted product from Arpu, a sale made without the knowledge or authorization of customers, using credit/debit card billing information that they have entrusted solely to McAfee,` said the women's lawsuit."

More at ComputerWorld...

Chinese Fire Drill Borks The Interwebs

2010-04-09T10:54:00.002-04:00

"For the second time in two weeks, bad networking information spreading from China has disrupted the Internet.

"On Thursday morning, bad routing data from a small Chinese ISP called IDC China Telecommunication was re-transmitted by China's state-owned China Telecommunications, and then spread around the Internet, affecting Internet service providers such as AT&T, Level3, Deutsche Telekom, Qwest Communications and Telefonica.

"`There are a large number of ISPs who accepted these routes all over the world,` said Martin A. Brown, technical lead at Internet monitoring firm Renesys.

"According to Brown, the incident started just before 10 a.m. Eastern Time on Thursday and lasted about 20 minutes. During that time IDC China Telecommunication transmitted bad routing information for between 32,000 and 37,000 networks, redirecting them to IDC China Telecommunication instead of their rightful owners.

"These networks included about 8,000 U.S. networks including those operated by Dell, CNN, Starbucks and Apple. More than 8,500 Chinese networks,1,100 in Australia and 230 owned by France Telecom were also affected.

"The bad routes may have simply caused all Internet traffic to these networks to not get through, or they could have been used to redirect traffic to malicious computers in China.

"While the incident appears to have been an accident, it underscores the weakness of the Border Gateway Protocol (BGP), a critical, but obscure, protocol used to bind the Internet together."

More at NetworkWorld...

IT Worker Of The Month

2010-04-08T13:02:00.002-04:00

"A Bank of America computer specialist is set to plead guilty to charges that he hacked the bank's automated tellers to dispense cash without recording the activity.

"Rodney Reed Caverly, of Charlotte, North Carolina, is scheduled to plead guilty to a computer fraud charge next Tuesday in federal court in Charlotte, according to his lawyer Christopher Fialko, who declined to comment further on the case.

"Caverly was charged last week with one count of computer fraud for allegedly writing a malicious program that ran on Bank of America's computers and ATMs, according to court filings. The documents say Caverly made more than the statutory minimum of US$5,000 from the scam, but they do not spell out the bank's total losses. That number could come out when his plea is entered next week.

"He faces a maximum sentence of five years in prison."

More at ComputerWorld...

Microsoft's African Investments Start To Pay Off

2010-04-01T11:07:00.002-04:00

"Imagine a network of virus-driven computers so infectious that it could bring down the world's top 10 leading economies with just a few strokes. It would require about 100 million computers working together as one, a `botnet` -- the cybersecurity world's version of a WMD. But unlike its conventional weapons equivalent, this threat is the subject of no geopolitical row or diplomatic initiative. That's because no one sees it coming -- straight out of Africa.

"Cybercrime is growing at a faster rate in Africa than on any other continent in the world, according to statistics presented at a conference on the matter in Cote D'Ivoire in 2008. Cybersecurity experts estimate that 80 percent of PCs on the African continent are already infected with viruses and other malicious software. And while that may not have been too worrisome for the international economy a few years ago, the arrival of broadband service to Africa means that is about to change. The new undersea broadband Internet cables being installed today will make Africa no further away from New York than, say, Boston, in the virtual world.

"Broadband Internet access will allow Africa's virus and malware problems to go global. With more users able to access the Internet (and faster), larger amounts of data can be transferred both out and inward. More spam messages in your inbox from Africa's email fraudsters will be only the beginning..."

More at ForeignPolicy.com...

Big Players To Spy On IPv6-Enabled Users

2010-03-28T11:00:00.002-04:00

"Leading Web content providers -- including Google, Yahoo, Netflix and Microsoft -- are conducting early-stage conversations about creating a shared list of customers who can access their Web sites via IPv6, the long-anticipated upgrade to the Internet's main communications protocol.

"The DNS Whitelist for IPv6 would be a list of IP addresses that have functioning IPv6 connectivity. Content providers would use this shared DNS Whitelist to serve up content to these IP addresses via IPv6 rather than through IPv4, which is the current version of the Internet Protocol. Web site visitors not listed on the DNS Whitelist for IPv6 would receive IPv4-based content...

"Content providers say they need a DNS Whitelist for IPv6 because the Internet has so many broken IPv6 links due to problematic default behavior and incompatibilities in operating systems, home gateways and customer premises equipment. Without a whitelist to help sort out which customers can and cannot receive IPv6 content, Web developers say they will inadvertently block too many customers from accessing their content."

From NetworkWorld...

Tweeker Busted For High School Hack

2010-03-26T08:46:00.002-04:00

"A 21-year-old former Evergreen Public Schools student has pleaded guilty to criminal charges in connection with a computerized payroll security breach in November that put more than 5,000 past and current Vancouver Public Schools employees at risk of identity theft.

"Christopher Berge, a 2006 Mountain View High School graduate last known to live in Oregon City, Ore., was sentenced to 10 years in prison on Wednesday by Clark County Superior Court Judge Roger Bennett.

"Berge pleaded guilty to 31 counts, including 24 counts of second-degree identity theft, first-degree computer trespass, forgery and possession of methamphetamine."

More at The Columbian...

MS, Adobe, Apple Bitch-Slapped At Pwn2Own

2010-03-26T08:17:00.002-04:00

"The only researcher to `three-peat` at the Pwn2Own hacking contest said today that security is such a `broken record` that he won't hand over 20 vulnerabilities he's found in Apple's, Adobe's and Microsoft's software.

"Instead Charlie Miller will show the vendors how to find the bugs themselves.

"Miller, who yesterday exploited Safari on a MacBook Pro notebook running Snow Leopard to win $10,000 in the hacking challenge, said he's tired of the lack of progress in security. `We find a bug, they patch it,` said Miller. `We find another bug, they patch it. That doesn't improve the security of the product. True, [the software] gets incrementally better, but they actually need to make big improvements. But I can't make them do that.`"

From ComputerWorld...

Unemployed IT Worker Of The Month

2010-03-25T11:51:00.003-04:00

"A Frenchman who broke into Barack Obama and Britney Spears' Twitter feeds insisted Thursday he is no hacker but a `kind pirate` seeking to expose security weaknesses.

"`I did not act with a destructive aim ... I wanted to warn them, to show up the faults in the system,` said the 23-year-old, who was arrested Tuesday after an operation by French police and FBI agents.

"The curly-haired unemployed computer technician wore a pair of slippers adorned with smiley faces as he sat in his parents' home in central France and told of how he broke into the popular micro-blogging site.

"Francois C., who spoke to AFP on condition that his full surname not be used, is accused of breaking into Twitter and Google accounts, including ones used by US president Obama and pop star Spears..."

Full article at EXPATICA.com...

Hinky Dink Publishes Koobface Data

2010-03-22T15:03:00.002-04:00

"Mr. Hinky Dink, a Big Time Security Professional™ today released an analysis of the spread of the Koobface worm. Based on an exhaustive study of his database of over two and a half million open Web proxies collected over two years, Hinky’s findings demonstrate where the most vulnerable social networking users can be found.

"`With more losers piling into social networking sites this trend is very likely to continue,` said Hinky. `This study highlights the cities with the most gullible users on the Internet. This study will no doubt help cybercriminals, script kidz, and Cameroonian puppy scammers target their next online marketing campaigns.`"

Read the complete report here.

Can You Hack Me now?

2010-03-22T07:40:00.001-04:00

"Malware-tainted memory cards may have ended up on as many as 3,000 HTC Magic phones, a greater number than first suspected, Vodafone said today.

"The problem came to light earlier this month after an employee of Panda Security plugged a newly ordered phone into a Windows computer, where it triggered an alert from the antivirus software.

"Further inspection of the phone found the device's 8GB microSD memory card was infected with a client for the now-defunct Mariposa botnet, the Conficker worm and a password stealer for the Lineage game.

"Vodafone said it was an isolated incident, but an employee at Spanish security company S21sec discovered another phone with an infected card, which it sent to Panda. That phone was purchased directly from Vodafone's Web site in the same week as the first phone, according to Panda.

"It is unclear how the batch of memory cards became infected and an investigation is under way, said a spokesman for Vodafone in Spain."

More at ComputerWorld...

SAY IT AIN'T SO, MO!!!

2010-03-20T08:34:00.003-04:00

"Mozilla yesterday confirmed a critical vulnerability in the newest version of Firefox, and said it would plug the hole by the end of the month.

"Although the patch won't be added to Firefox before next week's Pwn2Own browser hacking challenge, researchers won't be allowed to use the flaw, according to the contest's organizer.

"`The vulnerability was determined to be critical and could result in remote code execution by an attacker,` Mozilla acknowledged in a post to its security blog late Thursday. `The vulnerability has been patched by developers and we are currently undergoing quality assurance testing for the fix.`

"Firefox 3.6, which Mozilla launched in January, is affected, Mozilla said, adding that it would be patched in version 3.6.2, currently slated to ship on March 30..."

From ComputerWorld...

Big Brother 2.0

2010-03-16T09:10:00.002-04:00

"The Feds are on Facebook. And MySpace, LinkedIn and Twitter, too.

"U.S. law enforcement agents are following the rest of the Internet world into popular social-networking services, going undercover with false online profiles to communicate with suspects and gather private information, according to an internal Justice Department document that offers a tantalizing glimpse of issues related to privacy and crime-fighting.

"Think you know who's behind that `friend` request? Think again. Your new `friend` just might be the FBI..."

More at laramieboomerang.com...

IE Users PWN3D By 0day... Again

2010-03-11T10:06:00.002-05:00

"Hackers are exploiting the just-disclosed unpatched bug in Internet Explorer (IE) to launch drive-by attacks from malicious Web sites, security researchers said today.

"`This attack appears to be rather targeted at the moment, but as with other unpatched vulnerabilities in the past, this has the potential to explode now that the word is getting out,` said Craig Schmugar, a threat researcher at McAfee, in a blog post today.

"Attacks are launched from Web sites in a classic drive-by fashion, said Schmugar and others. `Visiting the page is enough to get infected,` Schmugar said."

From ComputerWorld...

The First Rule Of Govt. Info Security...

2010-03-11T09:34:00.001-05:00

"Last week, Pennsylvania’s chief information security officer Robert Maley was at an information security conference in San Francisco talking about a hacking incident involving PennDOT’s computers. This week, Maley is gone.

"Gary Tuma, Gov. Ed Rendell’s press secretary, confirmed that Maley is no longer employed by the state, but he declined to comment further, saying it is a personnel matter.

"Attempts to contact Maley yesterday were unsuccessful.

"Danielle Klinger, a spokeswoman for the state Department of Transportation, said the agency is not aware of any hacking or breach that occurred involving scheduling system for its driving test. However, she said that a few weeks ago, `we did discover an anomaly and we have actually turned that over to [the state police] for further investigation. We’re not sure what that anomaly is, but it is being investigated. Unfortunately, I can’t provide any more details on it.`"

More at PennLive.com...

Energizer Bunny Arrested, Charged With Battery

2010-03-08T19:28:00.003-05:00

"A USB charger from Energizer uses software that contains a Trojan, according to US-CERT. The software was apparently developed outside the U.S. and may have been giving hackers access to PCs since 2007. An analyst said trust in the Energizer bunny may have led many consumers to install the DUO USB charger malware even with a warning.

"US-CERT researchers said Friday that the software that installs with the Energizer charger contains a Trojan horse that gives malicious hackers a back door into Windows machines.

"`An attacker is able to remotely control a system Relevant Products/Services, including the ability to list directories, send and receive files, and execute programs. The backdoor operates with the privileges of the logged-on user,` US-CERT said. `Removing the Energizer USB charger software will also remove the registry value that causes the backdoor to execute automatically when Windows starts.`"

More at NewsFactor.com...

Trust No One 2.0

2010-03-08T12:11:00.002-05:00

"Facebook founder Mark Zuckerberg has been accused of hacking into the email accounts of rivals and journalists.

"The CEO of the world's most successful social networking website was accused of at least two breaches of privacy in a series of articles run by BusinessInsider.com.
As part of a two-year investigation detailing the founding of Facebook, the magazine uncovered what it claimed was evidence of the hackings in 2004.

"In the first instance, it said that, when Zuckerberg discovered that Harvard's student newspaper The Crimson was planning on running an article on him in 2004, he used reporters' Facebook logins to hack into their accounts.

"In the second instance, the magazine claimed Zuckerberg hacked into the accounts of rivals at Harvard who accused him of stealing their idea for a social network. He then allegedly tried to sabotage the rival network they had set up..."

Read thw whole story here...

Insurance Companies Leverage Facebook To Raise Your Rates

2010-03-04T09:14:00.003-05:00

"Any town U.S.A. You walk into a store and notice someone you recognize, from Facebook. But you really don’t know the individual; only online have you “met” that person. You have shared a note, or played a game on Facebook, Myspace, or other media website. You can choose to say hello or ignore them. That choice is up to you.

"Sometime in the future, you wind up in a car accident and suffer physical injuries that you decide can be claimed in a lawsuit against the insurance company. Now your friends on Facebook may not have any choice of getting to know you up close and in person. You may not even be aware that they are being questioned.

"Insurance companies are beginning to demand access to information about you and they do not want your explicit consent. In a Globe and Mail report, the insurance industry wants to use sites such as Facebook to collect and use background information collected to contradict any evidence you have used in your claim for damages.

"The first thing the insurance lawyers will do in court is to ask plaintiffs if they have Facebook accounts and demand a court order to review those account — even if you have always had your privacy settings configured to be not searchable by Google or other services. And if somehow they find out that you are on Facebook and you said no, chances are your lawsuit against the insurance company may fail. And so the game begins. The lawyers will have access to everything about you; your friends are also now exposed and may be questioned about your online habits what you are doing online, personal messages are read and now your friend’s privacy is also vulnerable - even if you have never met them in person..."

Morre at ZDNet...

XP Users Helpless Against New Web Hack

2010-03-04T07:31:00.002-05:00

"Microsoft told Windows XP users today not to press the F1 key when prompted by a Web site, as part of its reaction to an unpatched vulnerability that hackers could exploit to hijack PCs running Internet Explorer (IE).

"In a security advisory issued late Monday, Microsoft confirmed the unpatched bug in VBScript that Polish researcher Maurycy Prodeus had revealed Friday, offered more information on the flaw and provided some advice on how to protect PCs until a patch shipped.

"`The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer,` read the advisory. `If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.`"

From ComputerWorld...

Chuck Norris Wants Your Router

2010-02-22T17:48:00.002-05:00

"If you haven't changed the default password on your home router, you may be in for an unwanted visit from Chuck Norris -- the Chuck Norris botnet, that is.

"Discovered by Czech researchers, the botnet has been spreading by taking advantage of poorly configured routers and DSL modems, according to Jan Vykopal, the head of the network security department with Masaryk University's Institute of Computer Science in Brno, Czech Republic.

"The malware got the Chuck Norris moniker from a programmer's Italian comment in its source code: `in nome di Chuck Norris,` which means `in the name of Chuck Norris.` Norris is a U.S. actor best known for his martial arts films such as `The Way of the Dragon` and `Missing in Action.`

"Security experts say that various types of botnets have infected millions of computers worldwide to date, but Chuck Norris is unusual in that it infects DSL modems and routers rather than PCs."

From PC World...

Massive Oracle PWN@G3 At Black Hat

2010-02-02T22:55:00.002-05:00

"In 2001, Larry Ellison brashly proclaimed in a keynote speech at the computing conference Comdex that his database software was "unbreakable." David Litchfield has devoted the last nine years to making the Oracle chief executive regret that marketing stunt.

"At the Black Hat security conference Tuesday afternoon, Litchfield unveiled a new bug in Oracle's 11G database software, a critical, unpatched vulnerability that would allow a hacker to take control of an Oracle database and access or modify information at any security level. `Anything that God can do on that database, you can do,` Litchfield [said] in an interview following his talk.

"The attack that Litchfield laid out for Black Hat's audience of hackers and cybersecurity researchers exploits a combination of flaws in Oracle's software. Two sections of code within the company's database application--one that allows data to be moved between servers and another that allows management of Oracle's implementation of java--are left open to any user, rather than only to privileged administrators. Those vulnerable subroutines each have their own simple flaws that allow the user to gain complete access to the database's contents.

"Litchfield says he warned Oracle about the flaws in November, but they haven't been patched. Oracle didn't immediately respond to a request for comment."

More at Forbes.com...

Hacking Twits For Fun And Profit

2010-02-01T11:05:00.002-05:00

"According to researchers at Kaspersky Lab, cybercriminals are trying to sell hacked Twitter user names and passwords on-line for hundreds of dollars.

"Since 2005, the bad guys have been developing new data-stealing malware that is now a growing problem on the Internet. Some of these programs look for banking passwords, others hunt for on-line gaming credentials. But the fastest-growing data stealers are generic spying programs that try to steal as much information as possible from their victims, said Kaspersky Researcher Dmitry Bestuzhev, speaking at a press event Friday.

"In 2009, Kaspersky identified about 70,000 of these programs -- twice as many as the year before, and close to three times the number of banking password stealing programs.

"They're popular because criminals are starting to realize that they can do better than simply swiping credit card numbers. Bestuzhev has seen Gmail accounts for sale on Russian hacker forums, (asking price 2,500 rubles, or $82) RapidShare accounts going for $5 per month, as well as Skype, instant messaging and Facebook credentials being offered.

"Asking prices can vary greatly, depending on the name of the account and the number of followers, but attackers are looking for an initial, trusted, stepping stone from which to send malicious Twitter messages and, ideally, infect more machines.

"Bestuzhev said that one Twitter account, with just over 320 followers, was offered at $1,000 in an underground hacker forum. The user's name was a simple three letter combination that Bestuzhev thought might make it more valuable to criminals. Compare that to an MSN account, which Bestuzhev has seen priced at €1 ($1.40). `The price for Twitter accounts is really high,` he said."

More at ComputerWorld...

Killer Robot In Custody

2010-01-31T00:30:00.001-05:00

"An 81-year-old Australian man has shot himself dead with an elaborate suicide robot built using plans he downloaded from the Internet.

"The Gold Coast man, who lived alone, left notes of his plans and thoughts as he struggled to come to terms with demands by interstate relatives that he move out his home and into care.

"He spent hours searching the Internet for a way to kill himself, downloaded what he needed and then built a complex machine that would remotely fire a gun.

"He set the device up in his driveway about 7 a.m. Wednesday, placed himself in front of it and set it in motion.

"His notes explained that he chose the driveway as he knew there were tradesmen working next door who would find his body. The plan worked as the workmen heard the gunshots and ran to investigate.

"The machine was attached to a .22 semi-automatic pistol loaded with four bullets.

"It was able to fire multiple shots into the man's head after he activated it."

From FOX News...

USA NUMBER ONE!!!!!

2010-01-29T12:15:00.002-05:00

"Insecurity outfit McAfee has named the US as the most likely source of cyber attacks, beating out the widely perceived favourites China and Russia.

"McAfee conducted a study that questioned 600 IT and security executives from various countries to discuss, rate and rank their biggest Internet security concerns. Most of the report just states the bleedin' obvious, except for the finding that the Americans are the most feared by the others.

"With the recent scuffles between Google and the Chinese government it comes as no surprise that almost 75 per cent of respondents believed that the Chinese government was involved in cyber attacks against their country. However, the figures for both the US and Russia were identical at 60 per cent. The UK government came in third from last with only 50 per cent or so believing that it was involved in naughty cyber aggression activities.

"Probably the most startling discovery was that it is the US, not China or Russia, that is feared the most. The majority of countries in the West listed the US ahead of China and Russia as the country `of most concern` when it came to attacks."

More at the Inquirer...

More Internet Explorer Fun

2010-01-26T09:00:00.001-05:00

"Microsoft's Internet Explorer (IE) could inadvertently allow a hacker to read files on a person's computer, another problem for the company just days after a serious vulnerability received an emergency patch.

"The problem was actually discovered as long as two years ago but has persisted despite two attempts by Microsoft to fix it, said Jorge Luis Alvarez Medina, a security consultant with Core Security Technologies. He is scheduled to give a presentation at the Black Hat conference in Washington, D.C., on Feb. 3.

"The issue could allow a hacker to read files on a person's computer but not install other code. Nonetheless, the problem represents a serious security issue, Medina said. It affects all of Microsoft's operating systems from Windows NT through Windows 7 and every version of IE, including the latest one, IE8."

More at ComputerWorld...

Google's Downfall: Social Networking

2010-01-26T08:38:00.002-05:00

"People behind the China-based online attacks of Google and other companies looked up key employees on social networks and contacted them pretending to be their friends to get the workers to click on links leading to malware, according to a published report on Monday.

"`The most significant discovery is that the attackers had selected employees at the companies with access to proprietary data, then learnt who their friends were,` the Financial Times reported. `The hackers compromised the social network accounts of those friends, hoping to enhance the probability that their final targets would click on the links they sent.`

"`We're seeing a lot more up-front reconnaissance, understanding who the players are at the company and how to reach them,` George Kurtz, chief technology officer at security firm McAfee, told the Financial Times. `Someone went to the trouble to backtrack: 'Let me look at their friends, who I can target as a secondary person.'`"

"The attackers used a popular instant-messaging program to distribute the malware link to target employees, Kurtz said. The malware exploited a hole in Internet Explorer that Microsoft patched just last week."

More at CNET...

AV Spending Seen As Pointless

2010-01-26T08:34:00.002-05:00

"Following the highly publicized and successful malware attacks on Google, Symantec, Adobe, Dow Chemical, and others, business and government executives are questioning the value of their AntiVirus subscriptions. Their unprecedented skepticism will grow even more intense as more executives learn that all of these successful attacks were easily preventable.

"`In almost every meeting I’ve had since the mainstream media started reporting on these highly visible failures, executives and IT personnel have criticized their AntiVirus computer protection. This Aurora/Hydra outbreak could spark a big change in 2010 enterprise IT security spending, a multi-billion dollar change`, predicts Mike Fumai, CEO of Blue Ridge Networks.

"There’s nothing particularly novel about the exploitable vulnerabilities in Internet Explorer this month, or those in Adobe Acrobat Reader last month. These are merely new entries in a formulaic story re-written almost monthly. Last week’s out-of-cycle security patch from Microsoft is just a less frequently seen plot twist. Until now, these recurring stories only served to increase spending on AntiVirus software from well-known security vendors. However, these targeted organizations with deep pockets and large IT security staffs were successfully attacked because their name-brand AntiVirus software did not have signatures to detect the malware attack code."

More at PRWeb...

ID Theft Ring Included City Employees

2010-01-22T09:24:00.003-05:00

"In a six-count indictment filed in U.S. District Court, federal prosecutors assert a Seattle Municipal Court employee passed account information into an identity theft ring in which four people are presently charged.

"Federal prosecutors claim Diamond Wendell Alexander Jr. and Crystal Loren Lee recruited others to copy credit card information from their places of employment and forward that information to them.

"Alexander and Lee would then use that credit card information to make purchases, chiefly Wal-Mart gift cards, according to prosecutors statements to the court. In total, they attempted to fraudulently charge more than $300,000 in gift cards and other merchandise using `skimmed` credit cards.

"Among those recruited for the scheme was a Seattle Municipal Court employee who handled payments, prosecutors allege. That employee would then pass on credit card numbers -- referred to by prosecutors as `access device information` -- to Alexander and Lee.

"Identified only by initials in court documents, the city employee is considered an unindicted co-conspirator in the scheme.

"`The Seattle Municipal Court employee would print access device information pertaining to people who used their cards to pay for traffic tickets and other transactions with the court,` according to a grand jury indictment filed Wednesday."

More at seattlepi.com...

Firefox, Opera Benefit From IE Schadenfreude

2010-01-21T08:02:00.002-05:00

"Mozilla yesterday reported a `huge increase` in downloads of Firefox in Germany after that country's computer security agency urged users of Microsoft's Internet Explorer (IE) to dump the browser and run a rival instead.

"German downloads of Firefox during a four-day stretch starting last Friday jumped by about 300,000 over normal, said Ken Kovash, Mozilla's director of analytics, on the company's `Blog of Metrics.` `Over the past few days there has been a huge increase in the number of Firefox downloads from IE users in Germany,` Kovash claimed.

"Norwegian browser maker Opera Software said that downloads in Germany of its desktop application were double the usual rate last weekend, and downloads in Australia were up 40% over normal.

"Mozilla and Opera cited recommendations by German, French and Australian authorities to stop using IE as the cause for the jump. Last Friday, Germany's Federal Office for Information Security, known by its German initials of BSI, and France's CERTA each called for users to stop running IE until Microsoft patches a critical vulnerability. `Pending a patch from the publisher, CERT recommends using an alternative browser,` a translation of the French advisory stated."

More at ComputerWorld...

Facebook Follies

2010-01-20T14:43:00.001-05:00

"Vanessa Palm and Alexander Rust, two 20-something Americans vacationing in the Bahamas last February, decided to catch and eat an iguana - a species protected under Bahamian law. Unfortunately for them, they also decided to post pictures on Facebook of their illicit meal.

"Bahamian authorities were alerted to the photos, and promptly proceeded to track down and arrest the two tourists for killing and eating a protected iguana.

"Perhaps they used the jail time to debate whether or not it tasted like chicken.

"Similarly, a 20-year-old employee of a Petland pet store in Ohio not only drowned rabbits from the store, she creepily bragged about it on her Facebook "wall." Someone from People for the Ethical Treatment of Animals (PETA) learned of this, and she was soon charged with two counts of animal cruelty.

"Meanwhile, it wasn't enough for 38-year-old Jacob Rehm of Morrisville, Vt., to steal a tour bus from his former employer, Lamoille Valley Transportation, and take it on a joyride. No, he had to go and make a four minute video of his little adventure (complete with a tour of the $500,000 bus itself) and post it on YouTube.

"After the bus was recovered in another town and Rehm was charged with the theft, the prosecutors found that video very helpful when they went to court."

More at The Southeast Texas Record...

Firefox Über Alles

2010-01-16T03:16:00.002-05:00

"In a statement issued today, the German Federal Office for Security in Information Technology (known as BSI) recommends that all Internet Explorer users switch to an alternative browser. They may resume using Explorer after a fix is issued by Microsoft for a critical vulnerability that has been implicated in the Chinese cyberattack against Google.

"According to the statement from BSI, even running Internet ExplorerInternet ExplorerInternet Explorer in “protected” mode is not enough to prevent a hacker from exploiting this security flaw.

"IE, while the world’s most popular browser, has been steadily losing marketshare over perceptions that it is slower and less secure than rival browsers, especially FirefoxFirefoxFirefox. This incident won’t help."

More at Mashable...

GARTNER SEZ: Get A REAL Job

2010-01-13T22:28:00.002-05:00

"Cloud computing will become so pervasive that by 2012, one out of five businesses will own no IT assets at all, the analyst firm Gartner is predicting.

"The shift toward cloud services hosted outside the enterprise's firewall will necessitate a major shift in the IT hardware markets, and shrink IT staff, Gartner said.

"`The need for computing hardware, either in a data center or on an employee's desk, will not go away,` Gartner said. `However, if the ownership of hardware shifts to third parties, then there will be major shifts throughout every facet of the IT hardware industry. For example, enterprise IT budgets will either be shrunk or reallocated to more-strategic projects; enterprise IT staff will either be reduced or reskilled to meet new requirements, and/or hardware distribution will have to change radically to meet the requirements of the new IT hardware buying points.`

"If Gartner is correct, the shift will have serious implications for IT professionals, but presumably many new jobs would be created in order to build the next wave of cloud services...."

From NetworkWorld...

Adobe Hoisted On Its Own Petard

2010-01-13T17:28:00.002-05:00

"Adobe today confirmed that the cyberattack that hit its corporate network earlier this month was connected to the large-scale attacks Google cited yesterday as one reason it might abandon China.

"Meanwhile, some researchers have hinted, and others have claimed, that the attacks against both Google and Adobe were based on malicious PDFs that exploited a just-patched vulnerability in Adobe's popular Reader software...

"Security researchers hinted earlier today that the attacks against Google, Adobe and dozens of other major firms were conducted using malicious PDFs that exploited one or more vulnerabilities in Adobe Reader. Analysts at Verisign's iDefense security group told Robert McMillan of IDGNews today that hackers had launched targeted attacks using a malicious document attached to e-mail messages."

More at ComputerWorld...

McAfee To Leverage "Captive Audience" Marketing

2010-01-13T09:48:00.002-05:00

"Facebook announced late Tuesday that it is offering free computer security software for six months to all of its 350 million members to head off increasing threats of hackers and computer viruses on the social network.

"Facebook has cut a deal with anti-virus maker McAfee Inc. of Santa Clara to provide the security software, available on McAffe's Facebook fan page.

"McAfee's Internet Security Software Suite will be free for six months and available for a "special discount subscription" afterwards, the companies said in a statement. The announcement did not detail how much the paid subscription would cost once the free period ends..."

More at SFGate...

$15M Cyberscam PWN3D

2010-01-09T10:09:00.002-05:00

"U.S. prosecutors indicted 19 people Friday – most in Dallas and Fort Worth – on charges related to a `massive cybercrime conspiracy` that they said defrauded local telecommunications companies and other merchants of $15 million worth of services and goods.

"The indictments follow raids by the FBI last year on two data hosting companies where computer servers were taken on suspicion of fraudulent activity. Friday's move expands a Sept. 2 indictment by U.S. Attorney James Jacks that targeted nine people.

"Several of those charged are believed to have fled the United States; one, Michael Faulkner of Southlake, is reported anonymously to have been killed trying to re-enter the U.S., Jacks' office said, though that has not been confirmed.

"The scheme went from 2003 to 2009 and involved the creation of shell companies through the data hosting companies run by Faulkner, according to the indictment."

More at dallasnews.com...

Crafty Packets PWN Juniper Routers

2010-01-08T07:55:00.004-05:00

"Juniper Networks is warning customers of a critical flaw in its gateway routers that allows attackers to crash the devices by sending them small amounts of easily-spoofed traffic.

"In an advisory sent Wednesday afternoon, the networking company said a variety of devices could be forced to reboot by sending them internet packets with maliciously formed TCP options. The flaw affects versions 3 through 10 of Junos, the operating system that powers devices at ISPs, backbones, and other large networks. Software releases built on or after January 28, 2009 have already fixed the issue.

"`The Junos kernel will crash (i.e. core) when a specifically crafted TCP option is received on a listening TCP port,` the bulletin, which was issued by Juniper's technical assistance center, stated. `The packet cannot be filtered with Junos's firewall filter. A router receiving this specific TCP packet will crash and reboot.`

"There are `no totally effective workarounds,` the bulletin added."

More at The Register...

School District Locks Barn Door

2010-01-06T08:02:00.001-05:00

"Over three days last month, about $3 million was drained by computer hackers from the bank account of the Duanesburg Central School District and deposited into overseas accounts. The cyber crime has prompted a joint probe into what banking and security officials say is a growing problem, underscoring the need for airtight internal controls.

"Duanesburg Superintendent Christine Crowley said during a news conference Tuesday at Duanesburg Elementary that the discovery of the unauthorized electronic transfers from the district coffers three days before Christmas left her in `total shock` and then `sheer anger.`

"...In response to the security breech, Crowley said Duanesburg school officials have closed all district bank accounts and established new ones with restricted online access."

More at timesunion.com...

Microsoft Getting Into Kiddie Porn Business

2009-12-20T16:50:00.001-05:00

"Microsoft, through a combination of efforts from the National Center for Missing and Exploited Children (NCMEC), their own dedicated Microsoft Research section and Dartmouth College, Hanover, a new next-generation technology is being launched with the aim of tacking online child abuse imagery.

"Using PhotoDNA, the system picks out images which are identical, even if they have been edited, resized, cropped and edited in other ways, and logs them. The system matches them through a technique which monochromes the image, breaks the image into smaller chunks and the intensity gradients are converted into a signature.

"The signatures, even through editing, will remain the same and allow the system to find copies of the original image. Some similarities could compare QR codes to this, allowing similar cells to match other images, allowing the system to recognise similar gradients and therefore image copies across massive sets of data."

More at ZDNet Blogs...

Adobe Says: "SUX 2B U"

2009-12-17T08:14:00.002-05:00

"Adobe won't patch the newest critical vulnerability in its PDF viewing and editing software for another four weeks, even though attack code has been publicly released.

"In an update yesterday to the security advisory it issued Tuesday, Adobe set the patch date as Jan. 12, 2010, which is also the next regularly-scheduled quarterly security update for Adobe Reader and Adobe Acrobat. Most of the advisory was dedicated to confirming the bug -- which the company had first disclosed late Monday -- and providing instructions for blacklisting the JavaScript API call that contains the flaw.

"Other security experts have urged users to disable JavaScript in Reader and Acrobat to protect themselves until Adobe ships a fix."

From COMPUTERWORLD...

There's An App For That

2009-12-17T08:04:00.001-05:00

"Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations.

"Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes' systems. Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, according to a person familiar with reports on the matter.

"U.S. officials say there is no evidence that militants were able to take control of the drones or otherwise interfere with their flights. Still, the intercepts could give America's enemies battlefield advantages by removing the element of surprise from certain missions and making it easier for insurgents to determine which roads and buildings are under U.S. surveillance."

More at THE WALL STREET JOURNAL...

Conficker Still The Shame Of The AV Industry

2009-12-17T07:55:00.002-05:00

"Waikato District Health Board has been crippled by a computer worm which has seen every PC in the organisation shut down.

"While the main hospital in Hamilton and smaller outlying hospitals were continuing to function, spokeswoman Mary-Ann Gill said it was important people only came for treatment if it was absolutely necessary.

"Emergency care was still available but those arriving for routine appointments were being affected, as were GPs who often made referrals to hospitals via email.

"`We are asking GPs to only make urgent referrals,` she said.

"`We need to keep as many people out of hospitals as we can.`

"Ms Gill said DHB technicians were working on a computer upgrade overnight when things started to go awry.

"`About 2am they noticed there were some issues with the computers. By 4am they realised a computer virus had got into our whole system.

"`We brought in Microsoft and have been working with them through the night.`

"Conficker has been identified as the culprit."

More at nzherald.com...

You Are So ROCKED

2009-12-15T07:50:00.002-05:00

"It’s no secret that most people use the same password over and over again for most of the services they sign up for. While it’s obviously convenient, this becomes a major problem if one of those services is compromised. And that looks to be the case with RockYou, the social network app maker.

"Over the weekend, the security firm Imperva issued a warning to RockYou that there was a serious SQL Injection flaw in their database. Such a flaw could grant hackers access to the the service’s entire list of user names and passwords in the database, they warned. Imperva said that after it notified RockYou about the flaw, it was apparently fixed over the weekend. But that’s not before at least one hacker gained access to what they claim is all of the 32 million accounts. 32,603,388 to be exact. The best part? The database included a full list of unprotected plain text passwords. And email addresses. Wow..."

More at TechCrunch...

Microsoft Sat On IE 0day For Months

2009-12-10T08:54:00.001-05:00

"Microsoft may not have hustled as fast as researchers thought when the company patched a zero-day bug in Internet Explorer (IE) just 18 days after exploit code went public.

"According to VeriSign iDefense, Microsoft had information about the browser bug nearly six months before the researcher dubbed "K4mr4n" posted attack code to the Bugtraq security mailing list on Nov. 20.

"iDefense's Zero Day Initiative (ZDI), one of the two best-known bug bounty programs, reported the vulnerability to Microsoft on June 9, 2009, iDefense noted in an advisory published Wednesday.

"IE6 and IE7, two versions of Microsoft's browser that collectively accounted for approximately 39% of all browsers used last month, were the only editions affected by the vulnerability. The ancient IE 5.01 and the new IE8 were immune from the threat."

More at ComputerWorld...

HAWT New Haxx: RAM Scrapers

2009-12-09T06:26:00.002-05:00

"Forget keyloggers and packet sniffers. In the wake of industry rules requiring credit card data to be encrypted, malware that siphons clear-text information from computer memory is all the rage among scammers, security researchers say.

"So-called RAM scrapers scour the random access memory of POS, or point-of-sale, terminals, where PINs and other credit card data must be stored in the clear so it can be processed. When valuable information passes through, it is uploaded to servers controlled by credit card thieves.

"While RAM scrapers have been around for a few years, they are a `fairly new` threat, according to a report released Wednesday that outlines the 15 most common attacks encountered by security experts at Verizon Business. They come in the wake of Payment Card Industry rules that require credit card data to be encrypted as it passes from merchants to the processing houses.

"`They are definitely a response to some of the external trends that have been going on in the cybercrime environment,` says Wade Baker, research and intelligence principal for Verizon Business. `Within a year, we've seen quite a few of them in the wild.`"

More at The Register...

First, We Hack All The Lawyers...

2009-12-07T13:27:00.002-05:00

"The FBI has some advice for law firms: Be careful.

"The agency recently issued a warning alerting firms that what may appear to be e-mails from clients or contacts could instead be from hackers trying to infiltrate law firm databases.

"The FBI says it has `high confidence` that hackers are targeting legal and public relations firms.

"`Opening a message will not directly compromise the system or network because the malicious payload lies in the attachment or linked domain,` the warning reads. `Infection occurs once someone opens the attachment or clicks the link, which launches a self-executing file and, through a variety of malicious processes, attempts to download another file.`

"... It’s no surprise that law firms are being targeted, said Rohyt Belani, co-founder of the New York-based Intrepidus Group, an information security consulting and software company. `If I can get on a senior partner’s machine or the system administrator’s machine, I’ll get access to the keys to the kingdom for the entire network. A law firm is a place where a lot of sensitive data for different [companies] is collected.`"

More at the Wisconsin Law Journal...

Microsoft Buys Some Gartner™ "Research"

2009-12-07T09:31:00.002-05:00

"Business analyst Gartner says proprietary office suites will continue to dominate over web-based office suites because there is a significant performance gap between full-function suites and web-based versions. Gartner points out that one of the biggest gaps is the lack of complete offline services.

"In a report titled `The State of Google Apps`, Gartner argues that Google Apps is not an adequate substitute for Microsoft Office.

"In the short term, Gartner says, few big enterprises would be likely to disrupt what they already have in place for Google's offerings. Changing even something such as the email system in the workplace could be costly and cause problems for security, training staff, service levels and technology."

More at smh.com.au...

Facebook Users PWN3D By Rubber Ducky, Cats

2009-12-04T15:36:00.002-05:00

"In research commissioned by The Daily Telegraph, which has shocked even top fraud squad police, almost half of users in their 20s agreed to a request from a rubber duck to be Facebook `friends`.

"A similar result occurred with a group of internet users in their 50s, with many agreeing to be Facebook friends with a photo of two cats.

"Many of the Facebook users in both age groups volunteered some of their most intimate details to both the rubber duck and the cats, including their full date of birth, workplace, email address and location. Some even volunteered full addresses and phone numbers without prompting.

"The study was conducted by leading internet security firm Sophos.

"It has raised serious questions about the wisdom of average internet users, given the friend requests were sent without any introduction."

More at The Daily Telegraph...

Believe It? You Will.

2009-12-03T08:01:00.002-05:00

Some Things Never Change

"AT&T got some bad news from Consumer Reports this week, as the magazine's latest survey shows that the carrier now has the lowest level of customer satisfaction in the U.S.

"AT&T got its lowest marks in the survey for its voice services, as it was the only wireless carrier in the United States to receive below-average marks for its voice quality. Verizon received above average marks for its voice service while T-Mobile and Sprint both received average marks. AT&T also received subpar remarks across the board for its customer service while receiving average marks for its text-messaging and data services."

From ComputerWorld...

Hinkyvision Coming SOON!

2009-11-27T07:40:00.000-05:00

"Former national cyber czar Andy Purdy launched Cybercrime.TV today, an online development site for producers, directors, writers, experts, and others joining him in launching a television network that focuses on cyber criminals and those who enable them.

"`Cybercrime.TV is an online network for television people and computer people to work together,` said Purdy.

"The website provides tools to develop new projects and showcase them for production financing through Purdy and his associates. Membership is free, and members can upload videos and proposals, create groups, create forums, publish papers and articles, announce events, and publicize their programs.

"Cybercrime.TV, as a television network, will focus on all aspects of cybercrime in the form of news and talk shows, specials, movies, and original series.

"Topics of greatest interest to Purdy include cybersecurity, cyber terrorism, cyberstalking, encryption, financial crime, financial espionage, hackers, identity theft, information assurance, information warfare, Internet fraud, Internet privacy, Internet safety, malware, money laundering, network security, online predators, phishing, pirated software, social engineering, spamming, spoofing, spyware, and viruses."

More at PRWeb...

Push "da button", Frank

2009-11-25T07:38:00.000-05:00

"Some Facebook users have been infected with a worm after clicking on an image of a scantily clad woman, which then redirects the victims to a pornography site, according to security researchers.

"The worm posts an image on a victim's Facebook Wall with a photo of a woman in a bikini and the message `click 'da button, baby.` Wall posts are viewable by a Facebook user's friends.

"If a friend clicks on the image and is logged into Facebook, the image is then is posted to their own Wall. Their Web browser will then open a Web page with a larger version of the same image. A further click on "da button" redirects the friend to a pornography site, according to Roger Thompson chief research officer for antivirus vendor AVG Technologies. Thompson posted a video of the attack on his blog."

From ComputerWorld...

Employed Programmers Can Be Crooks, Too

2009-11-13T17:43:00.002-05:00

"Two computer programmers who worked for Bernard L. Madoff’s investment firm were accused Friday of helping to cover up the giant Ponzi scheme for more than 15 years.

"In a statement, the United States attorney’s office in Manhattan said the two programmers — Jerome O’Hara, 46, of Malverne, N.Y., and George Perez, 43, of East Brunswick, N.J. — were arrested Friday at their homes.

"The complaint accuses the two men of providing the technical support needed to produce false documents and trading records in defrauding investors in Bernard L. Madoff Investment Securities of billions of dollars.

"Jerome O’Hara and George Perez allegedly helped construct Bernie Madoff’s house of cards. The computer codes and random algorithms they allegedly designed served to deceive investors and regulators and concealed Madoff’s crimes,` Preet Bharara, the United States attorney for the Southern District of New York, said in a statement.

"In addition, Joseph M. Demarest Jr., the assistant director in charge of the F.B.I.’s New York office, said that when the two men told Mr. Madoff `they would no longer lie for him,` they were paid to keep the scheme quiet."

From The New York Times...

Full Disclosure RULEZ!

2009-11-07T06:50:00.000-05:00

"An unusual cloak-and-dagger operation being run by internet security experts has been exposed this week, after details of a flaw in the SSL protocol were made public.

"The problem with the Secure Sockets Layer standard that keeps e-commerce websites, mail servers and more safe from attack was first discovered in August by a phone-security firm called PhoneFactor.

"That company immediately set to work with the Industry Consortium for Advancement of Security on the Internet (ICASI) to fix the issue in secret so as not to alert hackers.

"However, an engineer working independent of ICASI found the flaw by himself this week and posted the details online in an effort to find a solution.

"Naturally, the buzz about SSL potentially failing spread like wildfire, prompting ICASI and PhoneFactor to go public immediately."

More at techradar.com...

Gumblar Rides Again!

2009-11-06T08:25:00.000-05:00

"ScanSafe researchers are seeing renewed activity regarding Gumblar, a multifunctional piece of malware that spreads by attacking PCs visiting hacked Web pages.

"Gumblar can steal FTP credentials as well as hijack Google searches, replacing results on infected computers with links to other malicious sites.

"When the Gumblar malware was found in March, it looked for instructions on a server at gumblar.cn. That domain was taken offline at the time, but has been reactivated within the last 24 hours, wrote Mary Landesman, a senior security researcher with ScanSafe, on a company blog.

"Web sites that are infected with Gumblar contain an iframe, which is a way to bring content from one Web site into another. Malware writers usually make those iframes invisible. When a victim visits the site, the iframe will launch a series of exploits hosted on a remote computer to try and hack the visiting machine.

"Gumblar checks to see if the victim's PC is running unpatched versions of Adobe Systems' Reader and Acrobat programs. If so, the machine will be compromised by a so-called drive-by download."

More at ComputerWorld...

Old Passwords Never Die

2009-11-06T08:08:00.001-05:00

"Federal authorities on Wednesday filed intrusion charges against two men accused of accessing the computer systems of their former employer.

"Scott R. Burgess, 45, of Jasper, Indiana, and Walter D. Puckett, 39, of Williamstown, Kentucky, both worked as managers for Indiana-based Stens Corporation until taking jobs with a competing company in Ohio, according to an indictment filed in federal court. On at least 12 occasions, they used old passwords to access their former employer's computer and access proprietary information, prosecutors allege.

"Although the men left their jobs in 2004 and early 2005, they were able to use the outdated passwords successfully as late as September of 2006. On at least two occasions, administrators at Stens grew suspicious and terminated old passwords. The men simply tried different login credentials - and succeeded several times."

From The Register...

Surge In Security Newbs Predicted

2009-11-05T06:15:00.000-05:00

"IT professionals are placing their bets on security as they plot their next career moves, according to a new study published earlier today.

"The survey of more than 1,500 IT workers, which was conducted by the IT trade association CompTIA, found that 37 percent intend to pursue a security certification over the next five years. Another 18 percent of IT workers said they will seek ethical hacking certifications during the same time period, while 13 percent identified forensics as their next certification target.

"`Given the growing reach of security, with threats becoming more pervasive and dangerous and with no business or industry immune to those threats, it makes sense that many IT professionals view this as a must-have for career advancement,` said Terry Erdle, senior vice president, skills certifications for CompTIA."

More at DarkReading...

Contractor Of The Year

2009-10-28T17:16:00.000-04:00

"A 27-year-old Brooklyn man used his job as a computer technician to appropriate the identities of more than 150 employees at the Bank of New York Mellon and steal more than $1.1 million from a wide array of nonprofit groups and other institutions, officials announced on Wednesday.

"The technician, Adeniyi Adeyemi, 27, of Crown Heights, was charged with grand larceny, identity theft, money laundering, scheme to defraud, computer tampering and unlawful possession of personal identification information in a 149-count indictment.

"The fraud started in November 2001 and lasted through April of this year, according to the office of the Manhattan district attorney, Robert M. Morgenthau, which is prosecuting the case.

"Using his position as a contract employee in the information technology department at Bank of New York Mellon, Mr. Adeyemi stole personal identifying information from dozens of employees, using the information to more than 30 bank and brokerage accounts in their names at E*Trade, Fidelity, Citi, Wachovia and Washington Mutual, Mr. Morgenthau said."

From The New York Times...

The REAL Threat: Unemployed Advertising Agents

2009-10-27T14:44:00.000-04:00

"Remember when the global economic crisis was supposed to drive legions of desperate, unemployed computer programmers into cybercrime? It turns out the real threat comes from unemployed advertising agents.

"Scammers posing as the well known ad agency Spark-SMG tricked Gawker Media into running a fake Suzuki ad last week that served malicious code, according to a report in Silicon Alley Insider. A similar scam hit the New York Times in September, but unlike the newspaper, Gawker has released the e-mails it exchanged with the scammers, and the messages show just how confidently the perps navigated the ad-buy process..."

More at Wired...

Gartner: Newbz To Write 25% Of Business Apps

2009-10-24T05:47:00.000-04:00

"By 2014, citizen developers will build at least 25 percent of new business applications, according to Gartner, Inc. Gartner said that this advance should both enable end users and free up IT resources. However, analysts warned that IT organizations that fail to capitalize on the opportunities that citizen development presents will find themselves unable to respond to rapidly changing market forces and customer preferences.

"Gartner defines a citizen developer as a user operating outside of the scope of enterprise IT and its governance who creates new business applications for consumption by others either from scratch or by composition.

"`Future citizen-developed applications will leverage IT investments below the surface, allowing IT to focus on deeper architectural concerns, while end users focus on wiring together services into business processes and workflows,` said Eric Knipp, senior research analyst at Gartner. `Furthermore, citizen development introduces the opportunity for end users to address projects that IT has never had time to get to — a vast expanse of departmental and situational projects that have lain beneath the surface.`"

From Businesswire...

1. PWN 2. LULZ 3. PROFIT!!!!!

2009-10-20T12:38:00.000-04:00

"Cybercriminals are growing rich by franchising out scareware distribution operations.

"The trade in rogue anti-virus application can make top-tier distributors an estimated $1.2m a year, net security firm Symantec estimates. A study by Symantec into the psychology of the scam found that 93 per cent of users deliberately downloaded and installed scareware packages, albeit without realising what they were getting for their money.

"Scareware slingers use trickery to mimic the look and feel of legitimate security packages, tapping into users' fears in order to trick them into buying worthless software packages. Some malicious sites use legitimate online payment services to process credit card purchases, offering receipts and serial numbers.

"Marks ended up running scareware packages of little or no utility, at best. Some of these packages install malicious code or reduce the overall security of a client PC, while in other cases users' payment details are used to facilitate further forms of fraud.

"The comparatively low-risk, fast-growing form of cybercrime typically uses an affiliate-based sales model. Symantec’s study found that the top ten sales affiliates of scareware distribution site TrafficConverter.biz earned an average of $23,000 per week."

From The Register...

Gumblar Rides Again

2009-10-20T11:28:00.000-04:00

"Security researchers are seeing a resurgence of Gumblar, the name for a piece of malicious code that is spread by compromising legitimate but insecure Web sites.

"In May, thousands of Web sites were found to have been hacked to serve up an iframe, which is a way to bring content from one Web site into another. The iframe led to the `gumblar.cn` domain. Gumblar would then try to exploit the user's PC via software vulnerabilities in Adobe Systems products such as Flash or Reader and then deliver malicious code.

"Gumblar has also now changed its tactics. Rather than hosting the malicious payload on a remote server, the hackers are now putting that code on compromised Web sites, vendors IBM and ScanSafe say. It also appears Gumblar has been updated to use one of the more recent vulnerabilities in Adobe's Reader and Acrobat programs, according to IBM's Internet Security Systems Frequency X blog.

"The hackers know that it's only a matter of time before a malicious domain is shut down by an ISP. The new tactic, however, `gives them a decentralized and redundant attack vector, spread across thousands of legitimate websites around the world,` IBM said."

From PCWorld...

Gartner Tries To Inflate Server Sales With Dire Predicitons

2009-10-20T09:17:00.000-04:00

"Despite an improving economy, companies aren't moving quickly replace servers, PCs and printers, which will likely cause an increase in failure rates over the next two years, according to Gartner Inc.

"In round numbers, the scheduled replacement of some 3 million servers worldwide, or about 3% of all servers, has been delayed, Peter Sondergaard, Gartner's global head of research, said today at the research firm's Symposium/ITxpo 2009 conference here. He added that the number of delayed replacements should reach 10% of all servers by 2010.

"As a result, Sondergaard said, IT operations `are going to have to start to plan for the impact of increased equipment failure rates.`"

From ComputerWorld...

Savvy Workers Resist Facebook Fad

2009-10-20T09:09:00.000-04:00

"When CIO Will Weider encouraged employees at Ministry Health Care and Affinity Health System in Wisconsin to use Facebook to spread the word about new programs and successful projects, he was surprised at the result: Few did so.

"`I went in there thinking, 'We've turned these people loose; we'll have 10,000 marketers out there,'` Weider says. But the Ministry Health workforce, it turned out, had been well trained to protect sensitive data, and without explicit guidance on what they could say, their first reaction was to share nothing.

"`We've stressed the importance of data security with our employees, particularly when it comes to patient privacy, and it's kept them from sharing all the great things about work on Facebook,` Weider says.

"That's a good problem to have. Many fear that the popularity of social networking -- among individuals as well as organizations -- will precipitate an increase in social engineering attacks that could result in security breaches that expose corporate data or damage a company's reputation."

More at NetworldWorld...

IT Vendors Are EVIL

2009-10-20T09:04:00.001-04:00

"When patients visit a physician or hospital, they know that anyone involved in providing their health care can lawfully see their medical records.

"But unknown to patients, an increasing number of outside vendors that manage electronic health records also have access to that data, and are reselling the information as a commodity.

"The revelation comes in a recent New York Times article about how so-called `scrubbed` patient data isn’t as anonymous as people think. The piece focuses primarily on how anonymized data can be cross-bred with other publicly available databases, such as voting records, which subverts the anonymity. Buried near the end of the article is the news that medical data is collected, anonymized and sold, not by insurance agencies and health care providers, but by third-party vendors who provide medical-record storage in the cloud."

More at Wired...

Bank Botnet Bonanza

2009-10-20T09:00:00.000-04:00

"The massive Zbot botnet that spreads the treacherous Zeus banking Trojan has been launching a wave of relatively convincing phishing attacks during the past few days -- the most recent of which is a phony warning of a mass Conficker infection from Microsoft that comes with a free "cleanup tool."

"The wave of attacks began early last week targeting corporations in the form of email messages that alerted victims of a `system upgrade.` Email is accompanied by poisoned attachments and links; in some cases it poses as a message from victims' IT departments, including their actual email domains, and alerts them about a "security upgrade" to their email accounts. The message then refers victims to a link to reset their mailbox accounts, and the link takes them to a site that looks a lot like an Outlook Web Access (OWA) page, but instead infects them with the Zeus Trojan.

"Today, researchers at F-Secure spotted the botnet spamming out malware-laden email that tries to trick recipients with a convincing lure messages that says, `On October 22, 2009 server upgrade will take place.`

"`What we're seeing is an evolving campaign of different lures to see which one works,` says Richard Wang, manager of Sophos Labs in the U.S.

"The Zbot botnet, which is made up of 3.6 million PCs in the U.S., or 1 percent of all PCs in the country, according to data from Damballa, spreads the deadly Zeus Trojan. Zeus, which steals users' online financial credentials, represents 44 percent of all financial malware infections today, according to Trusteer."

From DarkReading...

Microsoft Hacks Firefox Users

2009-10-16T07:57:00.000-04:00

"An add-on that Microsoft silently slipped into Mozilla's Firefox last February leaves that browser open to attack, Microsoft's security engineers acknowledged earlier this week.

"One of the 13 security bulletins Microsoft released Tuesday affects not only Internet Explorer (IE), but also Firefox, thanks to a Microsoft-made plug-in pushed to Firefox users eight months ago in an update delivered via Windows Update.

"`While the vulnerability is in an IE component, there is an attack vector for Firefox users as well,` admitted Microsoft engineers in a post to the company's Security Research & Defense blog on Tuesday. `The reason is that .NET Framework 3.5 SP1 installs a 'Windows Presentation Foundation' plug-in in Firefox.`

"What was particularly galling to users was that once installed, the .NET add-on was virtually impossible to remove from Firefox..."

More at Computerworld...

Not All Unemployed IT Workers Turn To Cybercrime

2009-10-13T12:34:00.000-04:00

"A man who died in a suspected murder-suicide in Mooresville recently lost his UNC Charlotte computer job to state budget cuts after more than a decade working at the university, according to a statement from the school.

"A law enforcement official said Monday evidence suggests one of the parents was involved in the quadruple shooting early Sunday and died from a self-inflicted gun shot wound. The shooting also left the couple's two adult sons in critical condition.

"Iredell Sheriff's Capt. Darren Campbell, the lead investigator, wouldn't say which parent was suspected, saying investigators would wait for initial autopsy reports this week before releasing details.

"He said `nothing stands out` in the family history that might readily explain the violence. The family members do not have criminal records in North Carolina, and police said they hadn't been summoned to the house before.

"Public records and interviews with neighbors indicate the four family members were living in the same home where the shooting occurred, at 130 Peninsula Drive, about a half-mile from Lake Norman.

"Douglas Alan Thomas Sr., 57, and his wife, Linda Malone Thomas, also 57, died in the shooting spree. The sons, Douglas Alan Thomas Jr., 28, and Christian Edward Thomas, 25, underwent emergency surgery Sunday at Carolinas Medical Center.

"UNCC Chancellor Phil Dubois didn't immediately respond to a request for comment Monday.

"But a UNCC spokesman said Monday that Douglas Thomas Sr. lost his job Aug. 31 as a networking specialist in the school's Department of Information & Technology Services. He was one of only 15 university employees laid off by budget cuts and departmental reorganizations.

"A state salary database from May showed he was earning an annual salary of $81,070."

From the Charlotte Observer...

Cisco To Enter Big Brother Market

2009-10-12T21:29:00.000-04:00

"Integrated Surveillance System is a proposal for fully-integrated surveillance system which leverages Cisco network services on ISR and combines them in a new, smart way to build a security system. With this solution, existing IP phones can be turned on during non-working hours, to monitor any audio signals in the offices. If there are abnormal audio signal patterns, the application notifies external security services or devices such as cell phones, computers, video monitoring systems etc.

"It is a simple and cost effective means to enable a security solution in branch office by leveraging existing network infrastructure. This solution improves manageability of security systems by providing an integrated security framework."

From Cisco...

Network Nazis PWN3D!

2009-10-12T06:18:00.000-04:00

"When Metzti Bryan tried to check Facebook at work a few months ago, the familiar white and blue layout of the social networking website didn’t load. Instead, she was taken to a page with a stern message: `This site is prohibited.`

"In the weeks that followed, other sites were added to the blocked list: Twitter, PerezHilton.com and even the Ontario Lottery and Gaming Corporation’s website.

"Her co-workers were not pleased.

"`There was a big uproar,` said Ms. Bryan, 27.

"But soon after, tempers cooled. It turned out that getting around the restrictions was easy..."

More at The Globe and Mail...

No Comment

2009-10-09T08:54:00.000-04:00

"A huge majority of user-generated comments to blogs and forums are malicious, while tools are largely ineffective.

"Websense's biannual `State of the Internet` report revealed that 95 per cent of user-generated comments to blogs, chat rooms and message boards are spam or malicious. Websense Security Labs also identified a 233 per cent growth in the number of malicious websites in the last six months and a 671 per cent growth during the last year.

"Looking at Web 2.0 security trends, the report found that the websites are increasingly being used to carry out a wide range of attacks, and claimed that `efforts to self-police these Web 2.0 properties have also been largely ineffective`.

"The report said: `Websense research during the period showed that community-driven security tools (asking users to report inappropriate content) on sites like YouTube and BlogSpot are 65 per cent to 75 per cent ineffective in protecting web users from objectionable content and security risks.`"

From SC Magazine...

PDF Pwnage Continues Unabated

2009-10-09T08:51:00.000-04:00

"Attackers once again are targeting an unpatched vulnerability in Adobe Reader that allows them to take complete control of a user's computer, the software maker warned.

"Adobe said it planned to patch the critical security bug in Reader and Acrobat 9.1.3 for Windows, Mac and Unix on Tuesday, the date of the company's previously scheduled patch release for the PDF reader. According to Security Focus here, attackers can exploit the vulnerability by tricking a user into opening a booby-trapped PDF file.

"`Successful exploits may allow the attacker to execute arbitrary code in the context of a user running the affected application,` the security site warned. `Failed attempts will likely result in denial-of-service conditions.`

"The bug is presently being exploited in `limited targeted attacks,` Security Focus added, without elaborating. Adobe said only that the attacks target Reader and Adobe running on Windows operating systems."

More at The Register...

Gartner Smoking Crack Again

2009-10-08T12:03:00.000-04:00

"Avatars are creeping into business environments and will have far reaching implications for enterprises, from policy to dress code, behavior and computing platform requirements, according to Gartner, Inc. Gartner predicts that by year-end 2013, 70 percent of enterprises will have behavior guidelines and dress codes established for all employees who have avatars associated with the enterprise inside a virtual environment.
view counter

"Avatars are two- or-three dimensional objects that most often resemble a human and are often animated and controlled remotely by a person in a virtual or 3-D Internet environment. In a business setting they are used as visual representations of people.

"`As the use of virtual environments for business purposes grows, enterprises need to understand how employees are using avatars in ways that might affect the enterprise or the enterprise’s reputation,` said James Lundy, managing vice president at Gartner. `We advise establishing codes of behavior that apply in any circumstance when an employee is acting as a company representative, whether in a real or virtual environment. Addendums, specific to virtual environments can be added as required.`"

From Internet Ad Sales...

70% Of Banks Hacked From The Inside

2009-10-07T12:39:00.000-04:00

"A former Wachovia Bank executive who had handled insider fraud incidents says banks are in denial about just how massive the insider threat problem is within their institutions. Meanwhile, the economic crisis appears to be exacerbating the risk, with 70 percent of financial institutions saying they have experienced a case of data theft by one of their employees in the past 12 months, according to new survey data.

"Shirley Inscoe, who spent 21 years at Wachovia handling insider fraud investigations and fraud prevention, says banks don't want to talk about the insider fraud, and many aren't aware that it's an `epic problem.`

"`There needs to be more training around this issue,` says Inscoe, who co-authored a book about bank insider fraud called Insidious -- How Trusted Employees Steal Millions and Why It's So Hard for Banks to Stop Them, which publishes later this month. `We are seeing a huge increase in this country of organized crime rings threatening individuals who work in financial institutions and making them [commit fraud on their behalf],` she says."

More at dark reading...

Company Dumps Windows After $40K Hack

2009-10-03T09:00:00.002-04:00

"The FBI is helping out the Steuben ARC after overseas hackers stole more than $40,000. Police say the hackers went through an employee's microsoft windows computer system. That worker had access to ARC's bank account.

"Authorities say the crooks were from Eastern Europe and used that information to steal the money. Since then, the Steuben ARC has limited their employee's internet access. They've also switched from a Microsoft operating system to Linux, which is said to be tougher to hack."

From WETMTV.com...

New Trojan Balances Your Checkbook

2009-09-30T10:13:00.000-04:00

"New malware being used by cybercrooks does more than let hackers loot a bank account; it hides evidence of a victim’s dwindling balance by rewriting online bank statements on the fly, according to a new report.

"The sophisticated hack uses a Trojan horse program installed on the victim’s machine that alters html coding before it’s displayed in the user’s browser, to either erase evidence of a money transfer transaction entirely from a bank statement, or alter the amount of money transfers and balances.

"The ruse buys the crooks time before a victim discovers the fraud, though won’t work if a victim uses an uninfected machine to check his or her bank balance.

"The novel technique was employed in August by a gang who targeted customers of leading German banks and stole Euro 300,000 in three weeks, according to Yuval Ben-Itzhak, chief technology officer of computer security firm Finjan."

More at Wired...

Twit PWNAG3 "Rampant"

2009-09-30T10:01:00.000-04:00

"Social networks are rapidly becoming a primary channel to market for malware distributors and other cyber-criminals as the use of popular sites such as Twitter continues to take off, and the communications vehicles subsequently create new opportunities for attackers to hide their threats using features such as so-called link shorteners.

"Attackers have been working to infiltrate and abuse social networks for years, but the issue is becoming truly pervasive nowadays as they shift even more of their efforts away from more traditional electronic messaging systems and distribute a greater share of their nefarious content over so-called Web 2.0 sites, in particular Twitter, according to Symantec security researcher Ben Nahorney.

"The distribution of malware infection links over Twitter has become particularly problematic of late, Nahorney noted in a recent blog post. Since the 140 character limit for posts to made over micro-blogging platform has lead to widespread use of URL-shorteners obscure address details, and even savvy users of Twitter are likely taking bigger risks, the implication appears to be..."

More at eWeek...

IT Employee Of The Week

2009-09-29T15:50:00.000-04:00

"In a twist of Alanis Morrissettian irony, a man serving a six-year prison sentence for stealing millions of dollars through online credit card fraud recently succeeded in (surprise!) hacking into his prison's computer network, effectively paralyzing the entire system. The really incomprehensible part, though, is that officials at Ranby Prison, close to Retford, Nottinghamshire, England, gave him access to the computer.

"Apparently in dire need of an internal TV station at the facility, officers decided against hiring a third party (e.g., not a convicted hacker) to set up the system. They instead opted to keep the operation in (the Big) house, delegating the duty to one Douglas Havard. So, as convicted hackers are wont to do, Havard, left unguarded, worked his way into the prison's hard drive, and set up a labyrinth of passwords to lock everyone else out of the system....."

More at switched.com...

FED FAP FLAP

2009-09-29T09:16:00.000-04:00

"Employee misconduct investigations, often involving workers accessing pornography from their government computers, grew sixfold last year inside the taxpayer-funded foundation that doles out billions of dollars of scientific research grants, according to budget documents and other records obtained by The Washington Times.

"The problems at the National Science Foundation (NSF) were so pervasive they swamped the agency's inspector general and forced the internal watchdog to cut back on its primary mission of investigating grant fraud and recovering misspent tax dollars.

"`To manage this dramatic increase without an increase in staff required us to significantly reduce our efforts to investigate grant fraud,` the inspector general recently told Congress in a budget request. `We anticipate a significant decline in investigative recoveries and prosecutions in coming years as a direct result.`"

More at The Washington Times...

Finally, A Market For Macs

2009-09-28T05:25:00.001-04:00

"New research from Sophos underscores a growing interest in the Mac among cyber-criminals.

"In a presentation at Virus Bulletin's VB Conference, in Geneva, Sophos Labs researcher Dmitry Samosseiko revealed a malware affiliate network offering 43 cents per infected Mac computer. The offer was the work of a larger network of Russian spammers, malware authors and businesspeople pushing everything from phony watches to medications—an alliance he called the `Partnerka.`

"This goes to show that Apple Macs, which are targeted far less than Microsoft Windows PCs, are not without security threats..."

From eWeek...

Report: "Complacent Consumers" Responsible For Rise In Cybercrime

2009-09-24T07:44:00.000-04:00

New Low In Blaming The Victim

"UK cybercrime has rebounded to worrying levels, not seen since 2006, as a result of the recession and consumer complacency, according to Garlik's annual UK Cybercrime report.

"The report, which analyses publicly available data to build a comprehensive view of cybercrime in the UK, revealed that during 2008 cybercriminals adapted to the social and economic changes in the UK to exploit victims in new ways and commit over 3.6 million criminal acts online (that’s over one every 10 seconds). In addition, the researchers believe that there is a growing complacency amongst consumers demonstrating poor understanding of their responsibility to protect their personal information against fraud.

"One of the most significant changes in cybercrime has been the 207% increase in account takeover[1] fraud indicating that criminals have now shifted their efforts from opening new accounts with stolen identities to accessing existing accounts. Savvy criminals have got round the drying up of available credit in the current economic climate to maintain their illegal activities.

"`We fear that account takeover fraud will continue to increase in 2009 due to the decline of available credit and tighter credit checking by the banks,` commented Tom Ilube, CEO, Garlik. `Consumers must be extra vigilant of all their online and financial accounts as well as avoiding increasingly convincing phishing scams.`"

More...

If You Can't BEAT 'EM, SUE 'EM!

2009-09-23T07:31:00.001-04:00

"Microsoft has filed what are believed to be the first lawsuits designed to stop the growing practice of malvertising

"The company has filed five suits against unnamed individuals who it has accused of posting malicious and deceptive code through ads on its MSN advertising network.

"The suits allege that individuals using the business names Soft Solutions, Direct Ad, qiweroqw.com, ITmeter INC, and ote2008.info used malvertisements to distribute the malicious software or present deceptive websites that peddled scareware to unsuspecting online users.

"Associate general counsel Tim Cranton said that although Microsoft doesn't know the names of the specific individuals involved, by filing the civil suits in a US court it hoped to uncover the individuals responsible and prevent them from continuing to deploy malvertising.

"`We hope that today's filings will help deter malvertising in the future,` Cranton said in a blog post. The documents were filed in King County Superior Court in Seattle, Washington."

More...

iPwn3d

2009-07-29T07:42:00.001-04:00

"On Thursday, two researchers plan to reveal an unpatched iPhone bug that could virally infect phones via SMS.

"If you receive a text message on your iPhone any time after Thursday afternoon containing only a single square character, Charlie Miller would suggest you turn the device off. Quickly.

"That small cipher will likely be your only warning that someone has taken advantage of a bug that Miller and his fellow cybersecurity researcher Collin Mulliner plan to publicize Thursday at the Black Hat cybersecurity conference in Las Vegas. Using a flaw they've found in the iPhone's handling of text messages, the researchers say they'll demonstrate how to send a series of mostly invisible SMS bursts that can give a hacker complete power over any of the smart phone's functions. That includes dialing the phone, visiting Web sites, turning on the device's camera and microphone and, most importantly, sending more text messages to further propagate a mass-gadget hijacking."

More at Forbes.com...

Return Of The ActiveDead

2009-07-28T19:57:00.003-04:00

"Send more PoCs!"

"Microsoft has been forced to issue emergency patches for its Windows operating system after researchers discovered a way to bypass a critical security mechanism in the Internet Explorer browser.

"During a Wednesday talk at this week's Black Hat conference in Las Vegas, researchers Mark Dowd, Ryan Smith and David Dewey will show a way of bypassing the 'kill-bit' mechanism used to disable buggy ActiveX controls. A video demonstration posted by Smith shows how the researchers were able to bypass the mechanism, which checks for ActiveX controls that are not allowed to run on Windows. They were able to then exploit a buggy ActiveX control in order to run an unauthorized program on a victim's computer.

"Although the researchers have not revealed the technical details behind their work, this bug could be a big deal, giving hackers a way of exploiting ActiveX problems that were previously thought to have been mitigated via kill-bits."

More at PCWorld...

Patch Tuesday Brings 0day Relief

2009-07-13T08:14:00.001-04:00

"A critical ActiveX vulnerability used by hackers to exploit Microsoft Corp.'s Internet Explorer browser is a prime candidate for another Conficker-scale attack, security experts said.

"On July 6, just hours after security companies reported that thousands of compromised sites were serving up exploits, Microsoft acknowledged the flaw in the ActiveX control that can be accessed using IE. The bug has been used by hackers since at least June 9.

"Microsoft said it will issue a patch for the flaw on July 14..."

More at ComputerWorld...

Much Ado About Diddly Squat

2009-07-09T15:11:00.003-04:00

"Denial-of-service attacks against government Web sites in this country and South Korea appear to have had little impact and are not particularly sophisticated, experts say.

"`It’s a very noisy attack,` said Rick Howard, intelligence director at VeriSign iDefense, which provides cybersecurity and intelligence services for private- and public-sector organizations. `Everyone in government says it didn’t affect them that much.`

"`It’s been more of a nuisance,` said Phil Neray, vice president of security Strategy at Guardium. `We have countermeasures for denial-of-service attacks.`

"Several security companies have obtained the malicious code used to carry out the attacks. Symantec Corp. identified it as W32.dozer and a variant of the MyDoom worm that has infected a large number of computers."

More at Federal Computer Week...

REPORT: Exploits At All Time High

2009-07-08T08:45:00.001-04:00

"The number of exploits being written to target specific software vulnerabilities could be at all-time highs, new threat figures have suggested.

"Fortinet's Threatscape report for June, which actually covers the period between 21 May and 20 June, reveals that of the 108 new vulnerabilities added to its firewall intrusion detection system in the period, 62 were being actively exploited.

"This is equivalent to a 57.4 percent exploit rate, a rise over previous months and in line with increasing percentages and absolute numbers for recent months. For comparison, April-May exploit rates stood at 46.4 percent, with March-April at 31.3 percent..."

From TECHWORLD...