Treasury Department Web Sites PWN3D

"The Treasury Department has taken offline four public Web sites for the Bureau of Engraving and Printing after the discovery Monday of malicious code on a parent site.

"The bureau began using a third-party cloud service provider to host the sites last year, it said Tuesday in a statement about the incident. “The hosting company used by BEP had an intrusion and as a result of that intrusion, numerous websites (BEP and non-BEP) were affected,” the statement said. The Treasury Government Security Operations Center was alerted to the problem and notified the bureau, which responded by taking the sites offline."

More at Government Computer News...

Oracles Relents, Offers "Quick & Dirty" Patch

"Oracle today patched a critical Java vulnerability that is being exploited by hackers to install malicious software.

"The security update to Java SE 6 Update 20 patches a bug disclosed last Friday by Google security researcher Tavis Ormandy, who spelled out how attackers could run unauthorized Java programs on a victim's machine by using a feature designed to let developers distribute their software. Only systems running Windows are at risk.

"Oracle's patch appears quick and dirty, Ormandy said. `They've completely removed the vulnerable feature, literally replaced with 'return 0,'` he said on Twitter...

"Other researchers noted Oracle's turnaround today. `So it turns out that Oracle can actually patch Java in less than a week! Funny how vendors only care to do this after full-disclosure,` said noted browser researcher Alexander Sotirov, also on Twitter..."

From ComputerWorld...

Oracle To Users: FUCK YOU

"Just five days after a Google researcher published information of an unpatched Java bug, a compromised song lyrics site is sending users to a Russian attack server exploiting the flaw to install malware, an antivirus firm said today.

"Last Friday, Google's Tavis Ormandy posted details of the Java vulnerability to the Full Disclosure security mailing list, spelling out how attackers could run unauthorized Java programs on a victim's machine by using a feature designed to let developers distribute their software. According to Ormandy, all versions of Java for Windows since SE 6 update 10 -- which debuted two years ago -- are vulnerable. Other operating systems running Java are unaffected, he said...

"Although Ormandy reported the flaw to Sun -- now part of Oracle -- he said the company declined to rush out a patch. `They informed me they do not consider this vulnerability to be of high enough priority to break their quarterly patch cycle,` Ormandy wrote on the mailing list. `I explained [to them] that I did not agree, and intended to publish advice to temporarily disable the affected control until a solution is available.`

"Oracle patched Java last week; its next regularly-scheduled update is slated for July."

More at ComputerWorld...

IT Worker Of The Month

"A Bank of America computer specialist is set to plead guilty to charges that he hacked the bank's automated tellers to dispense cash without recording the activity.

"Rodney Reed Caverly, of Charlotte, North Carolina, is scheduled to plead guilty to a computer fraud charge next Tuesday in federal court in Charlotte, according to his lawyer Christopher Fialko, who declined to comment further on the case.

"Caverly was charged last week with one count of computer fraud for allegedly writing a malicious program that ran on Bank of America's computers and ATMs, according to court filings. The documents say Caverly made more than the statutory minimum of US$5,000 from the scam, but they do not spell out the bank's total losses. That number could come out when his plea is entered next week.

"He faces a maximum sentence of five years in prison."

More at ComputerWorld...

IE Users PWN3D By 0day... Again

"Hackers are exploiting the just-disclosed unpatched bug in Internet Explorer (IE) to launch drive-by attacks from malicious Web sites, security researchers said today.

"`This attack appears to be rather targeted at the moment, but as with other unpatched vulnerabilities in the past, this has the potential to explode now that the word is getting out,` said Craig Schmugar, a threat researcher at McAfee, in a blog post today.

"Attacks are launched from Web sites in a classic drive-by fashion, said Schmugar and others. `Visiting the page is enough to get infected,` Schmugar said."

From ComputerWorld...

Energizer Bunny Arrested, Charged With Battery

"A USB charger from Energizer uses software that contains a Trojan, according to US-CERT. The software was apparently developed outside the U.S. and may have been giving hackers access to PCs since 2007. An analyst said trust in the Energizer bunny may have led many consumers to install the DUO USB charger malware even with a warning.

"US-CERT researchers said Friday that the software that installs with the Energizer charger contains a Trojan horse that gives malicious hackers a back door into Windows machines.

"`An attacker is able to remotely control a system Relevant Products/Services, including the ability to list directories, send and receive files, and execute programs. The backdoor operates with the privileges of the logged-on user,` US-CERT said. `Removing the Energizer USB charger software will also remove the registry value that causes the backdoor to execute automatically when Windows starts.`"

More at NewsFactor.com...

Trust No One 2.0

"Facebook founder Mark Zuckerberg has been accused of hacking into the email accounts of rivals and journalists.

"The CEO of the world's most successful social networking website was accused of at least two breaches of privacy in a series of articles run by BusinessInsider.com.
As part of a two-year investigation detailing the founding of Facebook, the magazine uncovered what it claimed was evidence of the hackings in 2004.

"In the first instance, it said that, when Zuckerberg discovered that Harvard's student newspaper The Crimson was planning on running an article on him in 2004, he used reporters' Facebook logins to hack into their accounts.

"In the second instance, the magazine claimed Zuckerberg hacked into the accounts of rivals at Harvard who accused him of stealing their idea for a social network. He then allegedly tried to sabotage the rival network they had set up..."

Read thw whole story here...

XP Users Helpless Against New Web Hack

"Microsoft told Windows XP users today not to press the F1 key when prompted by a Web site, as part of its reaction to an unpatched vulnerability that hackers could exploit to hijack PCs running Internet Explorer (IE).

"In a security advisory issued late Monday, Microsoft confirmed the unpatched bug in VBScript that Polish researcher Maurycy Prodeus had revealed Friday, offered more information on the flaw and provided some advice on how to protect PCs until a patch shipped.

"`The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer,` read the advisory. `If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.`"

From ComputerWorld...

Chuck Norris Wants Your Router

"If you haven't changed the default password on your home router, you may be in for an unwanted visit from Chuck Norris -- the Chuck Norris botnet, that is.

"Discovered by Czech researchers, the botnet has been spreading by taking advantage of poorly configured routers and DSL modems, according to Jan Vykopal, the head of the network security department with Masaryk University's Institute of Computer Science in Brno, Czech Republic.

"The malware got the Chuck Norris moniker from a programmer's Italian comment in its source code: `in nome di Chuck Norris,` which means `in the name of Chuck Norris.` Norris is a U.S. actor best known for his martial arts films such as `The Way of the Dragon` and `Missing in Action.`

"Security experts say that various types of botnets have infected millions of computers worldwide to date, but Chuck Norris is unusual in that it infects DSL modems and routers rather than PCs."

From PC World...

USA NUMBER ONE!!!!!

"Insecurity outfit McAfee has named the US as the most likely source of cyber attacks, beating out the widely perceived favourites China and Russia.

"McAfee conducted a study that questioned 600 IT and security executives from various countries to discuss, rate and rank their biggest Internet security concerns. Most of the report just states the bleedin' obvious, except for the finding that the Americans are the most feared by the others.

"With the recent scuffles between Google and the Chinese government it comes as no surprise that almost 75 per cent of respondents believed that the Chinese government was involved in cyber attacks against their country. However, the figures for both the US and Russia were identical at 60 per cent. The UK government came in third from last with only 50 per cent or so believing that it was involved in naughty cyber aggression activities.

"Probably the most startling discovery was that it is the US, not China or Russia, that is feared the most. The majority of countries in the West listed the US ahead of China and Russia as the country `of most concern` when it came to attacks."

More at the Inquirer...

More Internet Explorer Fun

"Microsoft's Internet Explorer (IE) could inadvertently allow a hacker to read files on a person's computer, another problem for the company just days after a serious vulnerability received an emergency patch.

"The problem was actually discovered as long as two years ago but has persisted despite two attempts by Microsoft to fix it, said Jorge Luis Alvarez Medina, a security consultant with Core Security Technologies. He is scheduled to give a presentation at the Black Hat conference in Washington, D.C., on Feb. 3.

"The issue could allow a hacker to read files on a person's computer but not install other code. Nonetheless, the problem represents a serious security issue, Medina said. It affects all of Microsoft's operating systems from Windows NT through Windows 7 and every version of IE, including the latest one, IE8."

More at ComputerWorld...

Firefox, Opera Benefit From IE Schadenfreude

"Mozilla yesterday reported a `huge increase` in downloads of Firefox in Germany after that country's computer security agency urged users of Microsoft's Internet Explorer (IE) to dump the browser and run a rival instead.

"German downloads of Firefox during a four-day stretch starting last Friday jumped by about 300,000 over normal, said Ken Kovash, Mozilla's director of analytics, on the company's `Blog of Metrics.` `Over the past few days there has been a huge increase in the number of Firefox downloads from IE users in Germany,` Kovash claimed.

"Norwegian browser maker Opera Software said that downloads in Germany of its desktop application were double the usual rate last weekend, and downloads in Australia were up 40% over normal.

"Mozilla and Opera cited recommendations by German, French and Australian authorities to stop using IE as the cause for the jump. Last Friday, Germany's Federal Office for Information Security, known by its German initials of BSI, and France's CERTA each called for users to stop running IE until Microsoft patches a critical vulnerability. `Pending a patch from the publisher, CERT recommends using an alternative browser,` a translation of the French advisory stated."

More at ComputerWorld...

Firefox Über Alles

"In a statement issued today, the German Federal Office for Security in Information Technology (known as BSI) recommends that all Internet Explorer users switch to an alternative browser. They may resume using Explorer after a fix is issued by Microsoft for a critical vulnerability that has been implicated in the Chinese cyberattack against Google.

"According to the statement from BSI, even running Internet ExplorerInternet ExplorerInternet Explorer in “protected” mode is not enough to prevent a hacker from exploiting this security flaw.

"IE, while the world’s most popular browser, has been steadily losing marketshare over perceptions that it is slower and less secure than rival browsers, especially FirefoxFirefoxFirefox. This incident won’t help."

More at Mashable...

Adobe Hoisted On Its Own Petard

"Adobe today confirmed that the cyberattack that hit its corporate network earlier this month was connected to the large-scale attacks Google cited yesterday as one reason it might abandon China.

"Meanwhile, some researchers have hinted, and others have claimed, that the attacks against both Google and Adobe were based on malicious PDFs that exploited a just-patched vulnerability in Adobe's popular Reader software...

"Security researchers hinted earlier today that the attacks against Google, Adobe and dozens of other major firms were conducted using malicious PDFs that exploited one or more vulnerabilities in Adobe Reader. Analysts at Verisign's iDefense security group told Robert McMillan of IDGNews today that hackers had launched targeted attacks using a malicious document attached to e-mail messages."

More at ComputerWorld...

Crafty Packets PWN Juniper Routers

"Juniper Networks is warning customers of a critical flaw in its gateway routers that allows attackers to crash the devices by sending them small amounts of easily-spoofed traffic.

"In an advisory sent Wednesday afternoon, the networking company said a variety of devices could be forced to reboot by sending them internet packets with maliciously formed TCP options. The flaw affects versions 3 through 10 of Junos, the operating system that powers devices at ISPs, backbones, and other large networks. Software releases built on or after January 28, 2009 have already fixed the issue.

"`The Junos kernel will crash (i.e. core) when a specifically crafted TCP option is received on a listening TCP port,` the bulletin, which was issued by Juniper's technical assistance center, stated. `The packet cannot be filtered with Junos's firewall filter. A router receiving this specific TCP packet will crash and reboot.`

"There are `no totally effective workarounds,` the bulletin added."

More at The Register...

School District Locks Barn Door

"Over three days last month, about $3 million was drained by computer hackers from the bank account of the Duanesburg Central School District and deposited into overseas accounts. The cyber crime has prompted a joint probe into what banking and security officials say is a growing problem, underscoring the need for airtight internal controls.

"Duanesburg Superintendent Christine Crowley said during a news conference Tuesday at Duanesburg Elementary that the discovery of the unauthorized electronic transfers from the district coffers three days before Christmas left her in `total shock` and then `sheer anger.`

"...In response to the security breech, Crowley said Duanesburg school officials have closed all district bank accounts and established new ones with restricted online access."

More at timesunion.com...

Adobe Says: "SUX 2B U"

"Adobe won't patch the newest critical vulnerability in its PDF viewing and editing software for another four weeks, even though attack code has been publicly released.

"In an update yesterday to the security advisory it issued Tuesday, Adobe set the patch date as Jan. 12, 2010, which is also the next regularly-scheduled quarterly security update for Adobe Reader and Adobe Acrobat. Most of the advisory was dedicated to confirming the bug -- which the company had first disclosed late Monday -- and providing instructions for blacklisting the JavaScript API call that contains the flaw.

"Other security experts have urged users to disable JavaScript in Reader and Acrobat to protect themselves until Adobe ships a fix."

From COMPUTERWORLD...

There's An App For That

"Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations.

"Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes' systems. Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, according to a person familiar with reports on the matter.

"U.S. officials say there is no evidence that militants were able to take control of the drones or otherwise interfere with their flights. Still, the intercepts could give America's enemies battlefield advantages by removing the element of surprise from certain missions and making it easier for insurgents to determine which roads and buildings are under U.S. surveillance."

More at THE WALL STREET JOURNAL...

Conficker Still The Shame Of The AV Industry

"Waikato District Health Board has been crippled by a computer worm which has seen every PC in the organisation shut down.

"While the main hospital in Hamilton and smaller outlying hospitals were continuing to function, spokeswoman Mary-Ann Gill said it was important people only came for treatment if it was absolutely necessary.

"Emergency care was still available but those arriving for routine appointments were being affected, as were GPs who often made referrals to hospitals via email.

"`We are asking GPs to only make urgent referrals,` she said.

"`We need to keep as many people out of hospitals as we can.`

"Ms Gill said DHB technicians were working on a computer upgrade overnight when things started to go awry.

"`About 2am they noticed there were some issues with the computers. By 4am they realised a computer virus had got into our whole system.

"`We brought in Microsoft and have been working with them through the night.`

"Conficker has been identified as the culprit."

More at nzherald.com...

You Are So ROCKED

"It’s no secret that most people use the same password over and over again for most of the services they sign up for. While it’s obviously convenient, this becomes a major problem if one of those services is compromised. And that looks to be the case with RockYou, the social network app maker.

"Over the weekend, the security firm Imperva issued a warning to RockYou that there was a serious SQL Injection flaw in their database. Such a flaw could grant hackers access to the the service’s entire list of user names and passwords in the database, they warned. Imperva said that after it notified RockYou about the flaw, it was apparently fixed over the weekend. But that’s not before at least one hacker gained access to what they claim is all of the 32 million accounts. 32,603,388 to be exact. The best part? The database included a full list of unprotected plain text passwords. And email addresses. Wow..."

More at TechCrunch...