Lightthedarkfiber

Around The Horn vol.1,148

Posted in Uncategorized by lightthedarkfiber on September 9, 2009

MS09-049 – Critical: Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution (970710) – Version:1.0

Severity Rating: Critical – Revision Note: V1.0 (September 8, 2009): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Wireless LAN AutoConfig Service. The vulnerability could allow remote code execution if a client or server with a wireless network interface enabled receives specially crafted wireless frames. Systems without a wireless card enabled are not at risk from this vulnerability.

MS09-048 – Critical: Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723) – Version:1.0

Severity Rating: Critical – Revision Note: V1.0 (September 8, 2009): Bulletin published.Summary: This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

MS09-047 – Critical: Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812) – Version:1.0

Severity Rating: Critical – Revision Note: V1.0 (September 8, 2009): Bulletin published.Summary: This security update resolves two privately reported vulnerabilities in Windows Media Format. Either vulnerability could allow remote code execution if a user opened a specially crafted media file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-046 – Critical: Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844) – Version:1.0

Severity Rating: Critical – Revision Note: V1.0 (September 8, 2009): Bulletin published.Summary: This security update resolves a privately reported vulnerability in the DHTML Editing Component ActiveX control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-045 – Critical: Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961) – Version:1.0

Severity Rating: Critical – Revision Note: V1.0 (September 8, 2009): Bulletin published.Summary: This security update resolves a privately reported vulnerability in the JScript scripting engine that could allow remote code execution if a user opened a specially crafted file or visited a specially crafted Web site and invoked a malformed script. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

A parent’s quick guide to content blocking technologies

By ars@lasarletter.net (Matthew Lasar) on parental control devices

companion photo for A parent's quick guide to content blocking technologies

The Federal Communications Commission’s long awaited Report to Congress on Parental Control Technologies for Video or Audio Programming is finally out. The report compiles almost a year’s worth of comments from industry and public interest groups on the state of content filtering technology, and what does it conclude? By golly, the FCC says it needs to issue another study! The next one will be about why more parents don’t use the wide range of content filtering apps and gizmos that are currently available.

Read the rest of this article...

Learn how to protect yourself from identity theft

By jacqui@arstechnica.com (Jacqui Cheng) on trustedID

companion photo for Learn how to protect yourself from identity theft

Identity theft is big business, and it keeps getting bigger as more and more information about us floats around in an ever data-obsessed society. From every swipe of your credit card to every time you go to the doctor, doors are opened for thieves to snatch information and use it to their advantage. And, as the name implies, it’s not just about fraudulent charges showing up on your bank account, either. At worst, you could find that someone has been using your social security number for years to work various jobs or, as in one Chicago teenager’s recent experience, you could even get thrown in jail because a thief using your identity had a warrant out for his arrest. “Oops” doesn’t even begin to describe it.

Most Americans know the basic principle of checking their credit reports once a year. Every US citizen can now get a free report from the three major credit bureaus every year to ensure everything is right on their accounts. However, that’s the extent of most of our knowledge, and only addresses one facet of identity theft (financial institutions). It turns out there are a number of other preventative measures that can be taken, especially if you’re the paranoid type.

Read the rest of this article...

New flaw can crash Windows Vista and Server 2008 remotely (Updated)

By emil.protalinski@arstechnica.com (Emil Protalinski) on Windows Vista

companion photo for New flaw can crash Windows Vista and Server 2008 remotely (Updated)

Redmond is investigating reports that a newly discovered flaw in Microsoft’s implementation of the Server Message Block 2 (SMB2) protocol, an extension of the conventional server message block protocol, can be exploited to remotely crash and restart computers running Windows Vista or Windows 7. The attack does not require authentication, but port 445 of the target system must be open, and on Windows it is open by default. Laurent Gaffié, who discovered the vulnerability, has contacted Microsoft, noting that the only solution he can think of is to turn off the SMB feature and close port 445.

Read the rest of this article...

Ruby on Rails vulnerability affects Twitter; IE8 immune

By segphault@arstechnica.com (Ryan Paul) on security

companion photo for Ruby on Rails vulnerability affects Twitter; IE8 immune

A cross-site scripting (XSS) vulnerability that was patched on Thursday in Ruby on Rails affected several widely used Web services including the popular Twitter microblogging website and Basecamp, a project management tool created by 37Signals from which the Ruby on Rails framework originated.

Security researcher Brian Mastenbrook uncovered the bug when he was conducting a serendipitous test of unicode handling in Twitter. He discovered that he could circumvent the site’s string sanitization mechanism and inject a JavaScript payload. It falls into the category of a non-persistent or “type 1″ XSS vulnerability.

Read the rest of this article...

Securing the .edu top-level domain with DNSSEC

By nate@arstechnica.com (Nate Anderson) on DNSSEC

companion photo for Securing the .edu top-level domain with DNSSEC

DNS security continues its slow march to the root servers with today’s announcement that the educational top-level domain “.edu” will roll out the DNSSEC protocol for testing this month, with a full deployment to follow by March 2010.

The domain name system (DNS) resolves Internet addresses like arstechnica.com into a numerical IP address—but the ancient DNS protocol provides little to no security. Hackers have figured out ways to poison the DNS cache, redirecting users who think they’re visiting one site to another, quite different site. The insecurity of this fundamental piece of Internet architecture has been a boon for phishers and other miscreants, and the problems have been recognized for years.

Read the rest of this article...

Microsoft Patch Tuesday for September 2009: five bulletins

By emil.protalinski@arstechnica.com (Emil Protalinski) on Patch Tuesday

companion photo for Microsoft Patch Tuesday for September 2009: five bulletins

According to the Microsoft Security Response Center, Microsoft will issue five Security Bulletins on Tuesday, and it will host a webcast to address customer questions on the bulletin the following day (September 9 at 11:00am PST, if you’re interested). All five of the vulnerabilities are rated “Critical,” and they all earned their rating through a remote code execution impact, meaning a hacker could potentially gain control of an infected machine. At least two of the five patches will require a restart.

Read the rest of this article...

3.3% of PCs with ESET antivirus block a threat each day

By emil.protalinski@arstechnica.com (Emil Protalinski) on ESET

companion photo for 3.3% of PCs with ESET antivirus block a threat each day

ESET is known as the creator of one of the better security software solutions, and recently the organization has done more research into what its customers are seeing. The company’s virus lab receives over 100,000 new pieces of malware every day. The big conclusion? There are more malware authors than ever and their technologies to rapidly create new variants of malicious code are getting better.

While you stifle your yawn (since you’re not really surprised), here’s a statistic ESET discovered that you probably couldn’t have come up with yourself: 3.3 percent of the computers running ESET’s antivirus detect and block at least one threat every day. The calculation was made using the company’s ThreatSense.Net monitoring system, which gathers statistics on malicious activity on customer computers running ESET software.

Read the rest of this article...

Microsoft: IIS vulnerability under limited attacks (Updated x2)

By emil.protalinski@arstechnica.com (Emil Protalinski) on Internet Information Services

companion photo for Microsoft: IIS vulnerability under limited attacks (Updated x2)

A hacker has posted code on his Milw0rm website that could be used to attack a system running Microsoft Internet Information Services (IIS) server and install unauthorized software on it. The good news is that the attack appears to work only on older versions of IIS—versions 7.x are not affected. The flaw resides in the File Transfer Protocol (FTP) software used by IIS to transfer large files, meaning that FTP must be enabled for an attack to be succesful. The risk posed by this vulnerability isn’t completely clear yet, but Microsoft says it is looking into the issue.

Read the rest of this article...

MS09-048: Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution

By Robert A. on Vulns

Microsoft has just published a remote vulnerability in the windows TCP/IP stack. “This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening…

Apache.org Incident Report For 8/28/2009 Hack

By Robert A. on IndustryNews

From the report “Our initial running theory was correct–the server that hosted the apachecon.com (dv35.apachecon.com) website had been compromised. The machine was running CentOS, and we suspect they may have used the recent local root exploits patched in RHSA-2009-1222 to escalate their privileges on this machine. The attackers fully compromised this…

Cross-protocol XSS with non-standard service ports

By Robert A. on XSS

i8jesus has posted an entry on smuggling other protocol commands (such as ftp) in HTML forms, as well as edge case situations where running a tcp service (in this case ftp on a non standard port) can result in more XSS abuse cases. While not likely still worth a read. “Most…

Microsoft: Windows 7 not affected by latest flaw

By Ina Fried

Microsoft issued a formal security advisory late Tuesday on a reported zero-day flaw in Windows Vista and Windows Server 2008. However, the software maker also said that the flaw does not affect the final version of Windows 7, contrary to earlier reports.

“Microsoft is investigating new public reports of a …

Originally posted at Beyond Binary

Microsoft issues critical Windows patches

By Ina Fried

Microsoft on Tuesday issued five critical Windows-related updates as part of its monthly Patch Tuesday release.

While the issues affect different versions of Windows differently, Microsoft said none of the issues apply to the final version of Windows 7, which Microsoft wrapped up in July.

The five bulletins address eight …

Originally posted at Beyond Binary

Windows 7, Vista zero-day flaw reported

By Tom Espiner

Microsoft said on Tuesday that it is investigating reports of a zero-day vulnerability affecting Windows 7 and Vista.

The flaw in Windows 7 could allow an attack which would cause a critical system error, or “blue screen of death,” according to researcher Laurent Gaffie.

Gaffie wrote in his blog that …

Norton calls on Quorum for 2010

By Seth Rosenblatt

Symantec is betting heavily that program behavior is the future battlefront of security and is making a big push in its 2010 security program lineup with a behavioral engine called Quorum.

Debuting Wednesday, both the basic Norton AntiVirus 2010 and the more robust Norton Internet Security 2010 will use Quorum, …

Originally posted at The Download Blog

WordPress blogs falling prey to worm

By Jennifer Guevin

A worm is circulating that can post malware and spam to some WordPress blogs using outdated versions of the blogging software, according to a post by Matt Mullenweg, founding developer of WordPress.

The worm can be tough to catch, as Mullenweg explains: “it registers a user, uses a security bug (…

Microsoft reports attacks using IIS vulnerability

By Stephen Shankland

A vulnerability in Microsoft’s software for housing Web sites is now being used for “limited attacks” on the servers it’s running on, the company said Friday.

Microsoft disclosed the Internet Information Services (IIS) vulnerability on Monday and said Friday it’s still working on a security update to …

Originally posted at Deep Tech

Symantec: Posted code enables VoIP spying

By Larry Magid

Along with keyloggers that track what you type, now we have to worry about malicious software that listens in on our voice over Internet Protocol conversations.

Gerry Egan

(Credit: Joris Evers/CNET)

A Symantec security blog on Thursday disclosed a new Trojan horse, Tojan.Peskyspy “that records VoIP communications, specifically …

Originally posted at Safe and Secure

Microsoft issues advisory on server flaw

By Ina Fried

Microsoft on Tuesday issued a security advisory for a Web server flaw that was made public on Monday.

The flaw affects certain versions of Microsoft Internet Information Services product, but to be exploited it requires a user to have the FTP function enabled. The flaw could allow an attacker to

Originally posted at Beyond Binary

Microsoft investigating newly reported IIS flaw

By Ina Fried

Microsoft on Monday said it is looking into a report of a flaw in some versions of its Internet Information Services product that could allow an attacker to gain control of a system.

In a statement, a Microsoft representative said the company “is investigating new public claims of a possible …

Originally posted at Beyond Binary

Trend Micro launches new security tracking tool

By Sam Diaz

This was originally posted at ZDNet’s Between the Lines.

It used to be that an IT administrator could warn employees about opening attachments from unknown sources or clicking on links from unknown e-mail senders as the first line of defense against spam, malware, and other bad stuff on the …

ZoneAlarm’s 2010 suites include encryption

By Seth Rosenblatt

Best known for its ZoneAlarm firewall, Check Point Software has announced updates for ZoneAlarm’s more full-featured security suites. Available in two versions, ZoneAlarm Internet Security 2010 gives users a robust firewall, antivirus and antispyware, and parental control package for $50, while ZoneAlarm Extreme Security 2010 adds Web browsing protection, …

Originally posted at The Download Blog

What price your child’s safety?

By Rik Ferguson on web

  This is often thorny question for parents to consider. How intrusive should my monitoring of my children’s internet activity be? How can I be sure that I am helping them to stay safe online and still maintain their sense of independence and, perhaps more importantly, the privacy which is so important to kids as they are growing up? [...]

Cisco & Microsoft Patch TCP Stack DoS Exploit

By Darknet on vulnerability

A fairly serious flaw that was announced in October 2008 by Outpost24 (and apparently discovered way back in 2005), has finally been patched by the major players Cisco and Microsoft. So far Redhat has offered a workaround for the flaw and Juniper has responded that their equipment is not vulnerable. It could be that Juniper doesn’t [...]

SWFScan – Free Flash Application Security Scanner

By Darknet on web-application-security

HP SWFScan is a free tool developed by HP Web Security Research Group, which will automatically find security vulnerabilities in applications built on the Flash platform. HP is offering SWFScan because: Their research shows that developers and increasingly implementing applications built on the Adobe Flash platform without the required security expertise. As a result, they are seeing a [...]

UK Has The Worst Internet Security In Europe

By Darknet on uk internet security

Interesting story for our British readers, seems like back in Old Blighty people are a bit lax when it comes to keeping their security software up to date. Not only that, from the other aspects of the survey it seems UK is generally lacking in cybersecurity awareness and education with people not deleting dodgy files and [...]

MySqloit – SQL Injection Takeover Tool For LAMP

By Darknet on web-application-security

MySqloit is a SQL Injection takeover tool focused on LAMP (Linux, Apache, MySQL, PHP) and WAMP (Windows, Apache, MySQL, PHP) platforms. It has the ability to upload and execute metasploit shellcodes through the MySql SQL Injection vulnerabilities. Attackers performing SQL injection on a MySQL-PHP platform must deal with several limitations and constraints. For example, the lack [...]

Apache.org Hacked Using Remote SSH Key

By Darknet on vulnerabilities

Apache.org has been hacked quite a number of this times, last week it happened again and the whole infrastructure was down for a few hours while they sorted out what had happened and how to remedy it. Apparently one the remote SSH keys was compromised allowed attacked to upload code, the scary part is they could [...]

Graudit – Code Audit Tool Using Grep

By Darknet on programming security

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It’s comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible. Usage Graudit supports several options and tries to follow [...]

University Research Exposes Potential Vulnerabilities In Cloud Computing

“Cross-VM attacks” could threaten sensitive data in cloud computing environments, researchers say

DNSSEC Secures Another Domain

The .edu domain will adopt DNSSEC in March of next year amid more concern over Domain Name System security

Tech Insight: XSS Exposed

Pervasive Web application vulnerability is often misunderstood — with dangerous consequences

Jury Exacts $32M Penalty From ISPs For Supporting Criminal Websites

California jury exacts $32 million in damages from ISPs that purportedly supported Websites dealing in fraud

Social Networks Fight Back

How major social networks MySpace and Facebook are building up security — and where their weakest links remain

SQL Vulnerability Leaves Passwords In The Clear, Researchers Say

Researchers say vulnerability in Microsoft SQL Server could unnecessarily expose passwords to system administrators, hackers

Five Ways To Meet Compliance In A Virtualized Environment

RSA, VMware unite security compliance and virtualization in new best practices guidelines

Flaw In Sears Website Left Database Open To Attack

Business-logic flaw in Sears Web application vulnerable to brute-force attack

‘Freakshow’ Provides Inside Look At Real Malware Behind Big Breaches

Forensics specialists who investigated hacks of a hotel chain, casino, and restaurant share details on sophisticated malware used to successfully steal confidential data from those organizations

IT Pros Question Effectiveness of Anti-Malware

In Virus and Spyware

IT pros are worried about the ability of traditional defenses to stop attacks, according to a new study backed by advocates of applications whitelisting.

Symantec Goes Under the Hood of Waledac Botnet

In Spam

A Symantec researcher has released a new paper outlining the operations of the Waledac botnet, laying bare what has kept the botnet going strong.

Compromised Computers Host an Average of 3 Malware Families

In Trojan attacks

Research from security company ESET underscores the level of cooperation among attackers working to infect users. The presence of multiple malware families shows cyber-crooks are increasingly paying criminal networks to have their malware installed on compromised PCs.

Smartphone Users Ignoring Security Risks

In Spam

A new survey of 1,000 smartphone users conducted by Trend finds that people are not yet sensitive to matters of mobile security, while threats to handheld devices do appear to be on the rise.

Koobface Crew Keeps Foot to Floor

In Web 2.0

Koobface continues to spread its tentacles using the same old template and shows no signs of slowing down, security experts have observed.

New PowerPoint Attacks Hit Old Flaw

In Virus and Spyware

A new wave of attacks are taking aim at an old .PPT vulnerability, highlighting the inability of many users to keep up with vendor-issued security updates.

Zeus Trojan Purveyors Change Tactics

In Trojan attacks

New research from RSA into the Zeus Trojan shows that the malware has been surging of late as its purveyors continue to adopt new techniques.

Report: Government secrecy down slightly in 2008

An annual report says government secrecy decreased slightly in the last year of the Bush administration.

One appeal fails, another pending today for E-Verify

The U.S. Chamber of Commerce and other plaintiffs have filed another appeal in attempt to stop the E-Verify rule from going into effect today for federal contractors, according to a media report.

FCC buying emergency notification system

The FCC is buying an emergency notification system to keep in touch with responder agencies and taking other steps to improve its disaster communications capabilities, its chairman said today.

U.S. and Mexico talk safety across the fence

U.S. and Mexican officials announced an agreement to set up a cross-border network to enhance safety and law enforcement at the border.

Top 5 challenges for the cyber coordinator

President Barack Obama’s pledge to appoint a cybersecurity policy coordinator at the White House has drawn cheers, a few jeers and a long to-do list.

Experts disagree on effect of E-Verify’s expiration

The authorization for the E-Verify employment verification program expires three weeks after it is set to cover federal contractors.

Top 5 stories at the FCW.com watercooler

FCW.com readers, on the whole, might be more civil than most people who post comments on mainstream Web sites but they are no less passionate.

CMS considers contractors for identifier program

The Centers for Medicare and Medicaid Services is considering using contractors to operate a national system for assigning health providers unique identifying numbers.

Groups ask court to delay E-Verify despite ruling

The organizations trying to stop the E-Verify rule from covering federal contractors have filed for an injunction to delay enforcement from beginning Sept. 8.

Who is sending mysterious laptops to governors?

The FBI is investigating unsolicited laptop computers sent to several governors’ offices.

DHS needs to plug some cybersecurity holes, audit finds

The DHS Inspector General recommends improving the department’s coordination of cybersecurity for critical control systems.

Joint Forces Command to test new network encryption

Unisys’s Stealth technology is intended to allow separate secure virtual communities to coexist on a single network.

Court: Federal contractors covered by E-Verify rule

A judge upheld the Homeland Security Department’s E-Verify electronic employment verification rule for federal contractors starting Sept. 8.

Experts debate expansion of president’s cybersecurity powers

Existing laws already give the president broad discretion on how to respond to cyberattacks, despite language in a Senate bill that proposes giving the president specific powers during such events, expert says.

Health IT group to offer security certification to vendors

The Health Information Trust Alliance will certify security products against its Common Security Framework as the government moves to establish an infrastructure, national standards and privacy requirements for the handling of electronic health care records.

Indo-Israeli Cyber Warfare against Pakistani nuclear program

Posted by InfoSec News on Sep 9

http://www.asiantribune.com/news/2009/09/08/indo-israeli-cyber-warfare-against-pakistani-nuclear-program

By Farzana Shah
Asian Tribune
2009-09-09

After sea, land and air warfare, traditional arch rivals India and Pakistan are now facing each other in another arena. With evolution of…

How a Phishing Attack Exposed an Energy Company to Hackers

Posted by InfoSec News on Sep 9

http://www.eweek.com/c/a/Security/How-a-Phishing-Attack-Exposed-an-Energy-Company-to-Hackers-183328/

By Brian Prince
eWEEK.com
2009-09-08

In an interview with eWEEK, the Intrepidus Group reveals some of the details behind a malware attack that exposed critical systems at an energy…

University Research Exposes Potential Vulnerabilities In Cloud Computing

Posted by InfoSec News on Sep 9

http://www.darkreading.com/securityservices/security/management/showArticle.jhtml?articleID=219700098

By Tim Wilson
DarkReading
Sept 08, 2009

Users of cloud computing infrastructures should be aware that their sensitive data could be potentially leaked, a group of university researchers…

Unpatched Microsoft bugs raise red flags

Posted by InfoSec News on Sep 9

http://www.computerworld.com/s/article/9137731/Unpatched_Microsoft_bugs_raise_red_flags?taxonomyId=17

By Robert McMillan
September 8, 2009
IDG News Service

Microsoft has released its security updates for the month of September, but a couple of unpatched flaws have some security experts…

Website exposes sensitive details on military personnel

Posted by InfoSec News on Sep 9

http://www.theregister.co.uk/2009/09/08/ridematch_website_vulnerability/

By Dan Goodin in San Francisco
The Register
8th September 2009

Programming errors on a website that helps commuters carpool to work are exposing sensitive information of workers for hundreds of employers in…

ASIO officers met whistleblowers in pancake parlour

Posted by InfoSec News on Sep 8

http://www.theaustralian.news.com.au/story/0,25197,26029093-5001561,00.html

By Cameron Stewart
The Australian
September 05, 2009

A PANCAKE Parlour restaurant and a cafe in the Block Arcade in central Melbourne are unlikely places to discuss claims of Chinese espionage.

But these were…

Court Allows Woman to Sue Bank for Lax Security After 26, 000 Stolen by Hacker

Posted by InfoSec News on Sep 8

http://www.wired.com/threatlevel/2009/09/citizens-financial-sued/

By Kim Zetter
Threat Level
Wired.com
September 4, 2009

An Illinois district court has allowed a couple to sue their bank on the novel grounds that it may have failed to sufficiently secure their account, after an…

Wi-fi an easy target for terrorists?

Posted by InfoSec News on Sep 8

http://www.timesnow.tv/Wi-fi-an-easy-target-for-terrorists/articleshow/4326496.cms

5 Sep 2009

In a city like Bangalore, India’s Silicon Valley, the Internet has become indispensable with millions of e-mails sent daily, electronic transactions made and data transferred. But how secure is…

Experts: Hackers might view summit as a chance to make a statement

Posted by InfoSec News on Sep 8

http://www.pittsburghlive.com/x/pittsburghtrib/news/pittsburgh/s_641856.html

By Mike Cronin
TRIBUNE-REVIEW
September 6, 2009

Duquesne Light and Alcosan, two of Western Pennsylvania’s largest utilities, are working to ensure a potential attack to their computer systems during the G-20…

WordPress problem: Hackers break into Robert Scobles blog, delete posts

Posted by InfoSec News on Sep 8

http://venturebeat.com/2009/09/05/hackers-break-into-robert-scobles-blog-and-delete-older-posts/

By Dean Takahashi
Venture Beat
September 5, 2009

Uber blogger Robert Scoble said today that hackers broke into his blog and deleted about two months’ worth of postings — leang to findings…

Defense Security Command seeks approval to expand cybersecurity personnel

Posted by InfoSec News on Sep 8

http://english.hani.co.kr/arti/english_edition/e_national/374918.html

The Hankyoreh
Sept. 4, 2009

The Defense Security Command (DSC), the Ministry of National Defense’s (MND) counterintelligence arm, is proposing the creation of a cyberdefense organization under its command, and is…

Who is sending mysterious laptops to governors?

Posted by InfoSec News on Sep 4

http://www.fcw.com/Articles/2009/09/02/FBI-investigates-mysterious-laptops.aspx

By Doug Beizer
FCW.com
Sept 02, 2009

Who is sending unsolicited laptop computers to governors’ offices, and why?

The FBI is investigating the unexpected deliveries that were sent to governors’ offices in at…

Nations web access cut after Telstra outage

Posted by InfoSec News on Sep 4

http://www.smh.com.au/technology/technology-news/nations-web-access-cut-after-telstra-outage-20090903-f8uz.html

By Georgina Robinson
smh.com.au
September 3, 2009

Telstra’s national internet network went down for an hour today, the company says.

The outage affected all Telstra home and…

Government Develops Korean e-Government Model

Posted by InfoSec News on Sep 4

http://www.koreaittimes.com/story/4865/government-develops-korean-e-government-model

By Chung Myung-je
Korean IT
September 2nd, 2009

Cyber security has emerged as a matter of significant concern. The government is determined to drastically increase the portion of cyber security policies,…

Breaching Fort Apache.org – What went wrong?

Posted by InfoSec News on Sep 4

http://www.theregister.co.uk/2009/09/03/apache_website_breach_postmortem/

By Dan Goodin in San Francisco
The Register
3rd September 2009

Administrators at the Apache Software Foundation have pledged to restrict the use of Secure Shell keys for accessing servers over their network…

Prince William and Harrys mobile phones may have been hacked

Posted by InfoSec News on Sep 3

http://www.telegraph.co.uk/news/newstopics/theroyalfamily/6128186/Prince-William-and-Harrys-mobile-phones-may-have-been-hacked.html

By Chris Irvine
Telegraph.co.uk
02 Sept 2009

Detective Chief Superintendent Philip Williams, from the Metropolitan Police, raised the possibility at the…

Court allows suit against bank for lax security

Posted by InfoSec News on Sep 3

http://www.computerworld.com/s/article/9137451/Court_allows_suit_against_bank_for_lax_security?taxonomyId=17

By Jaikumar Vijayan
September 2, 2009
Computerworld

A couple whose bank account was breached can sue their bank for its alleged failure to implement the latest security measures…

DHS needs to plug some cybersecurity holes, audit finds

Posted by InfoSec News on Sep 3

http://fcw.com/articles/2009/09/02/dhs-needs-to-improve-cybersecurity-efforts-for-control-systems-ig-says.aspx

By Alice Lipowicz
FCW.com
Sept 02, 2009

The Homeland Security Department is should improve its cybersecurity programs for some major control systems, according to a new report…

How to Succeed in a Two-Faced IT Security Job Market

Posted by InfoSec News on Sep 3

http://www.csoonline.com/article/501117/How_to_Succeed_in_a_Two_Faced_IT_Security_Job_Market

By Bill Brenner
Senior Editor
CSO
September 01, 2009

More companies have hired CSOs and CISOs in response to an ever-increasing regulatory compliance load. They are spending less on outsourcing…

Raytheon to buy BBN, a firm that helped create Net

Posted by InfoSec News on Sep 2

http://www.boston.com/business/technology/articles/2009/09/02/raytheon_to_buy_bbn_a_firm_that_helped_create_net/

By Hiawatha Bray
The Boston Globe
September 2, 2009

Raytheon Co. has struck an agreement to buy BBN Technologies, a privately held Cambridge firm that played a vital role in…

UK Parliament website hack exposes shoddy passwords

Posted by InfoSec News on Sep 2

http://www.theregister.co.uk/2009/09/01/uk_parliament_hacked/

By Dan Goodin in San Francisco
The Register
1st September 2009

A vulnerability in the website of the UK Parliament appears to be exposing confidential information, including unencrypted login credentials, a Romanian hacker…

5 More Indicted in Probe of International Carding Ring

Posted by InfoSec News on Sep 2

http://www.wired.com/threatlevel/2009/09/westernexpress/

By Kim Zetter
Threat Level
Wired.com
September 1, 2009

Five eastern European men were indicted in New York on Monday as part of an international ring allegedly responsible for at least $4 million in credit card theft.

The ring,…

Bill would give president emergency control of Internet

Posted by InfoSec News on Aug 31

http://news.cnet.com/8301-13578_3-10320096-38.html

By Declan McCullagh
Politics and Law
CNET News
August 28, 2009

Internet companies and civil liberties groups were alarmed this spring when a U.S. Senate bill proposed handing the White House the power to disconnect private-sector…

Financial Crypto and Data Security 2010: speakers and workshops [deadline: September 15]

Posted by InfoSec News on Aug 31

Forwarded from: Radu Sion

Financial Cryptography and Data Security Tenerife, Canary Islands, Spain
25-28 January 2010

http://fc10.ifca.ai

Financial Cryptography and Data Security is a major international forum for research, advanced…

Indonesian Hackers Launch Independence Day Attack on Malaysian Web Sites

Posted by InfoSec News on Aug 31

http://thejakartaglobe.com/home/indonesian-hackers-launch-independence-day-attack-on-malaysian-web-sites/327111

The Jakarta Globe
31 August 2009

A ring of Indonesian hackers on Monday claimed to have attacked a list of more than 120 Web sites as retribution for Malaysia’s alleged theft…

Skype spy Trojan escapes into wild

Posted by InfoSec News on Aug 31

http://news.techworld.com/security/3200665/skype-spy-trojan-escapes-into-wild/

By John E. Dunn
Techworld UK
28 August 09

Only days after Swiss programmer Ruben Unteregger released the source code for a Trojan he wrote three years ago to hack Skype phone calls, the inevitable has…

ITL Bulletin for August 2009

Posted by InfoSec News on Aug 31

Fowarded from: “Lennon, Elizabeth B.”

ITL BULLETIN FOR AUGUST 2009 REVISED CATALOG OF SECURITY CONTROLS FOR FEDERAL INFORMATION SYSTEMS AND ORGANIZATIONS: FOR USE IN BOTH NATIONAL SECURITY AND NONNATIONAL SECURITY SYSTEMS  
Shirley…

Accused TJX Hacker Agrees to Guilty Plea — Faces 15 to 25 Years

Posted by InfoSec News on Aug 31

http://www.wired.com/threatlevel/2009/08/gonzalezguiltyplea/

By Kim Zetter
Threat Level
Wired.com
August 28, 2009

Accused TJX hacker, Albert Gonzalez, has accepted a plea agreement with prosecutors in Boston that will put an end to cases that authorities have described as one of the…

Game server admins arrested for Chinese DNS attacks

Posted by InfoSec News on Aug 31

http://arstechnica.com/web/news/2009/08/game-server-admins-arrested-for-chinese-dns-attacks.ars

By Jacqui Cheng
Ars Technica
August 28, 2009

A denial of service attack that took down Internet access in parts of China earlier this year has been attributed to an over-enthusiastic game…

Microsoft Fixes Eight Flaws, But Three Remain Open

By Thomas Claburn

The September patch set from Microsoft has fallen a bit short, leaving three zero-day vulnerabilities open to be exploited

Rolling Review Wrap-Up: Data Loss Prevention

By Randy George

From enterprise data discovery to stopping leaks on endpoints and the network, DLP tools are ready.

Rolling Review Wrap-Up: Data Loss Prevention

By Randy George

From enterprise data discovery to stopping leaks on endpoints and the network, DLP tools are ready.

Practical Analysis: Time For A New Way Of Thinking About IT Risk

By Greg Shipley

A colleague joked that a time capsule from 2000 would hold warnings against the hacking techniques Gonzalez used. His victims aren’t laughing.

CIO Profiles: Ken Silva, Senior VP And CTO Of VeriSign

This security pro sees huge potential for virtualization.

Microsoft Expands IIS Vulnerability Warning

By Thomas Claburn

Following up on a Security Advisory published earlier this week, Microsoft has added IIS 7.0 to the list of vulnerable configurations

FBI Investigates Laptops Sent To Governors

By Antone Gonsalves

State officials fear the unsolicited computers could contain malware meant to penetrate the security of state or federal networks.

FBI Investigates Laptops Sent To Governors

By Antone Gonsalves

State officials fear the unsolicited computers could contain malware meant to penetrate the security of state or federal networks.

Apple’s Snow Leopard Downgrades Flash Security

By Thomas Claburn

Users of Apple’s Snow Leopard Mac OS X operating system upgrade are being advised to install, or reinstall, the latest version of Adobe’s Flash player.

VMware CTO Details Future Of Virtualization

By Charles Babcock

Speaking at VMworld, Stephen Herrod foresees virtual data centers recovering from disaster before users realize a disaster has occurred. 

Privacy Group Coalition Urges Data Regulation

By Thomas Claburn

Ten consumer and privacy groups are urging Congress to limit the way online information can be used for advertising and profiling.

Microsoft IIS Zero-Day Vulnerability Reported

By Thomas Claburn

Exploit code affecting the FTP module for certain versions of Microsoft IIS has been posted online. US-CERT recommends taking countermeasures.

Wikipedia Considers Coloring Untested Text

By Thomas Claburn

Registered Wikipedia users may soon have access to software that colors text deemed untrustworthy.

Apple Snow Leopard Security Criticized

By Thomas Claburn

Mac users are getting new security features with the arrival of Apple’s Mac OS X 10.6, known as “Snow Leopard.” But security vendors see Apple’s security enhancements as lightweight.

5 Security Lessons From Real-World Data Breaches

We break the code of silence on data breaches to show how criminals operate — and how you can thwart them.

DDoS Response: Part 2

By Francois Paget on Vulnerability Research

In my post “DDoS Response: Part 1,” I started an analysis on combating distributed-denial-of-service attacks. In this post, Part 2, I shall examine solutions for private networks. To proactively prevent attacks on private networks, one solution is to hide the legitimate paths from attackers and to periodically change the topology of the network. Source-address filtering, secret [...]

DDoS Response: Part 1

By Francois Paget on Vulnerability Research

Distributed-denial-of-service (DDoS) attacks can be conducted in various ways (by SYN flood, UDP flood, Teardrop Attack, Ping of Death, Smurfing, Mail Bombing, etc.).  DDoS attacks can exploit vulnerabilities in software running on the victim’s machine or via sending a higher volume of traffic than the victim’s system can handle. The attacks can target resources (such [...]

Task Manager Still Working? Can You Change Your Windows Password?

By Karthik Raman on Malware Research

Update of September 3: Some detections of this Trojan were on a component of a commercial application. For this reason we’ve updated the detection type to “potentially unwanted program” (PUP). Customers who see files that exhibit the behavior discussed in the Threat Library for QTaskMgr-1 should submit the file to McAfee Avert Labs. In anti-virus research, [...]

Huawei hits back at spy claims

Networking vendor Huawei has released a public refutation of a recent media report that alleged it was being investigated by the Australian Security Intelligence Organisation (ASIO) for possible espionage.
Related Searches
on Ask.com

Verizon launches mobility services for large firms

Verizon Business today announced Managed Mobility Solutions, a new service for large multinational businesses that provides security for mobile devices and mobile expense management.

Microsoft Patches Critical MP3 Flaw

Today’s Patch Tuesday fixes from Microsoft include six critical bulletins that head off potential attacks involving poisoned media files and Web pages, along with wireless and TCP/IP security holes. An under-attack FTP flaw remains unfixed.

Microsoft: Patching Windows 2000 ‘infeasible’

Microsoft took the unusual step today and skipped patching one of the vulnerabilities addressed in its monthly security update, an omission that leaves users running Windows 2000 Server Service Pack 4 vulnerable to attack.

Seven Deadly Sins of Building Security

You’ve got a few security guards and your CCTV system is up to snuff. You’ve got your building security covered, right? Think again. While many organizations are taking the steps to ensure their building is secure, many are ignoring basic pieces of the puzzle that is physical security in and around a facility.

FanCheck developer defends app, says it’s not malware

The controversial and popular FanCheck application for Facebook carries no viruses and is completely safe and legitimate, according to its creator.

Unpatched Microsoft bugs raise red flags

Microsoft has released its security updates for the month of September, but a couple of unpatched flaws have some security experts wondering if the software company will be forced to release an emergency patch sometime in the month ahead.

Group of authors opposes Google book settlement

More than two dozen authors and publishers have filed an objection to a proposed settlement that would allow Google to digitize and sell millions of books, saying that the agreement ignores important privacy rights of readers and writers.

Sophos: Searches about Fan Check app can lead to malware

Malicious hackers are setting up malware-infested Web sites that falsely claim to remove a virus from a new Facebook application called Fan Check, security vendor Sophos is warning.

Symantec adds Quorum antimalware analysis to consumer security software

Symantec unveils the 2010 editions of its flagship antimalware consumer software, Norton AntiVirus and Norton Internet Security, adding a new type of malware detection and analysis it calls Quorum.

Close to Patch Tuesday, new flaw surfaces

As Microsoft prepares to release patches, researchers said they’ve seen exploit code for a new flaw that puts organizations using Vista and Windows 7 at great risk.

25% of all fraudulent online purchases made in County Durham

Nearly a quarter of all internet purchases made using a stolen credit cards last year took place in Shildon in Country Durham, says The 3rd Man.

Online travel takes off with EV SSL security

The image of organised crime rings running rampant across the Internet, creating legitimate-looking Web sites to lure cash from unsuspecting consumers, has many would-be customers scurrying back to the relative safety of the retail store environment.

‘Generation Y-pay?’ refuses to pay for downloads

Less than one in two 16 to 34 years olds believe they should pay to download TV and movies from the web, says The Industry Trust for IP Awareness (Itipa).

Small English town outpaces others in likely online fraud

A town in England with a modest population of 10,000 or so has chalked up the highest percentage of online transactions flagged as fraudulent by a U.K. security analyst.

European banks warned: brace for rise in cash machine fraud

Banks are likely to see cash-machine fraud rise unless steps are taken to improve their cash-machine infrastructure, the European Network and Information Security Agency (ENISA) has warned.

Vormetric’s agent-based approach provides strong key management across all apps

The Vormetric Data Security Expert Security Server is not a direct competitor to the Thales and Venafi systems. Rather than managing keys used by other certificate authorities or encryption solutions, it manages its own encryption solution across multiple systems.

Federal IT strategy, hope over reality

Well, that ugly, ill-conceived bill from Senator Rockefeller, now called the “Cybersecurity Act of 2009″, has reappeared and if it passes someone is going to get saddled with the job of making it happen. Who will be the lucky guy and can he succeed?

Microsoft Promises IIS Bug Patch

Microsoft said it is working on a patch for a bug in its popular Web server software, but experts say it’s unlikely that the company will field a fix fast enough to make this week’s regular Patch Tuesday release.

Firefox adds Flash plug-in update protection

Mozilla’s next update for Firefox, slated to ship Tuesday, will check for outdated versions of Flash Player, a frequent target of hackers, the company said on Friday.

Oracle delays security updates for user conference

Oracle database administrators who are worried they might have to skip Oracle’s user conference next month to fiddle with security updates can relax. Oracle is cutting them a break and releasing its next set of patches a week later than planned.

Old Flash for Snow Leopard, and Firefox Gets Fake Flash

Here’s a sneaky one for you. According to Sophos, a piece of spyware is masquerading as a Flash player plug-in for Firefox. Its installation screen looks legit (per examples in the Sophos post), and it will even show up thereafter in the list of Firefox extensions as “Adobe Flash Player 0.2.”

Microsoft: Cyber-crooks exploiting unpatched IIS bug

Microsoft says that cyber-criminals are starting to exploit an unpatched bug in its IIS server software that was made public earlier this week.

Patch scramble throws Adobe updates off schedule

July was a tough month for Adobe Systems’ security team. So tough, in fact, that the company’s second-ever quarterly patch release will arrive a month late, Adobe’s security chief said Thursday.

UK has the worst internet security in Europe

Brits are lax at updating their security software, compared to their European counterparts, says PC Tools.

Snow Leopard ‘downgrades’ Flash to vulnerable version

Apple shipped an out-of-date — and vulnerable — version of Adobe Flash Player with its newest OS, Snow Leopard, security companies have warned.

What is Antivirus 2010?

Lonerlady asked the Answer Line forum about this very insistent program that wants to download itself and protect her computer.

Microsoft to deliver five critical Windows patches next week

Microsoft today said it will deliver five security updates on Tuesday, all affecting Windows and all ranked “critical,” the company’s highest threat rating

Has your sensitive data leaked into the wild?

Most organizations have data security policies designed to keep sensitive information from becoming publicly available. Still, you’d be surprised at the kind of information that makes its way out into the open, either accidentally or intentionally. Financial records, customer account information, product plans and roadmaps. Do you know what information your company is exposing? New “data leak detection” (not prevention) technology from Exobox Technologies can tell you what is in the public eye, and where it is.

Apple ships vulnerable Flash version with new Mac OS

Mac users may be surprised that versions of Apple’s latest operating system, Snow Leopard, also installs an older version of Adobe System’s Flash player, potentially putting them at a higher security risk.

Half of Brits use same passwords online

Nearly half of all Brits use the same password to log in to their online banking account as their social networking account, says CPP.

‘Digital tatoos’ ignored by 33% of under 25s

A third of web users under 25 claim they don’t care about their ‘digital tattoo’ and the items they post online, says Symantec.

Brits are worst in Europe at online security

Brits are lax at updating their security software, compared to their European counterparts, says PC Tools.

Turn an Old Floppy Into a Password Safe

Think back. Wayyy back. Remember floppy disks? If you’re like me, you’ve probably got a box of them in a closet, serving absolutely no practical use. (When was the last time you owned, or even used, a computer with a floppy drive?)

Microsoft promises patch for critical Web server bug

Microsoft yesterday said it is working on a patch for a bug in its popular Web server software, but it’s unlikely the company will field a fix fast enough to make next week’s regular release, a security expert predicted.

Five indicted in long-running cybercrime operation

New York prosecutors indicted five Eastern European men on Monday in an extensive credit-card fraud operation that netted the defendants at least US$4 million from some 95,000 stolen card numbers.

Security vendor Marshal8e6: Call us M86 Security

Web and messaging security products provider Marshal8e6 this week announced a name change to M86 Security.

The Wacky World of WiFi

In honor of the 802.11n WiFi standard getting close to arriving after wandering through the desert for 40 years, let’s look at wireless. Our focus today is on helping you WiFi better, even if it means doing less WiFi.

Anti-phishing training adds attachments to mix

After launching an anti-phishing training system a year ago, Intrepidus Group has followed up with a new version that adds targeted email attacks using attachments to the model.

French Pirate Party will fight for parliamentary seat

The French Pirate Party will present a candidate in an upcoming interim election for a vacant seat in the National Assembly, it announced Tuesday.

BitDefender’s top 10 e-threats for August

Trojans total half of security vendor BitDefender’s top 10 e-threats for August.

Pseudonymous critic impugns integrity of all security professionals

In a recent response to an article on hiring hackers, a pseudonymous critic calling itself “Secure network…” posted a comment entitled “so called hacking and security professionals.” It started with the run-on sentence, “Of course someone calling them selves[sic] a ‘security Professional’ would be upset, it’s job security they’re losing….”

Is your health privacy at risk?

The year’s worst health information breaches, which compromised millions of patient records, show just how vulnerable health privacy is to hacker attacks.

After code released, Microsoft to patch IIS bug

One day after a security researcher published attack code for a flaw in Microsoft’s IIS server software, Microsoft said it plans to patch the issue.

Facebook agreement with Canada will impact everyone

If having an affect on 250 million users around the world weren’t enough, upcoming changes to Facebook Inc.’s privacy policies and practices are likely to spawn a chain reaction among all the other major social media sites, impact business marketing practices and address everyone who doesn’t have a Facebook account.,”

Privacy, consumer groups want news laws to protect Web users

A coalition of 10 U.S. privacy and consumer groups has called for new federal privacy protections for Web users, including a requirement that Web sites and advertising networks get opt-in permission from individuals within 24 hours of collecting personal data and tracking online habits.

How to Succeed in a Two-Faced IT Security Job Market

More companies have hired CSOs and CISOs in response to an ever-increasing regulatory compliance load. They are spending less on outsourcing as economic conditions prompt them to handle more security tasks in-house.

Instant messaging speeds up data theft danger

One of the more sophisticated pieces of malware in circulation has been given an upgrade that lets cybercriminals act even faster after they’ve stolen data from a PC.

Catbird reports whether cloud security meets compliance standards

Catbird is adding a feature to its security platform that gives cloud users a reading on how well their data use complies with specific regulatory requirements.

Symantec warning: Spam targeting your achy breaky heart

The information security gurus at Symantec Corporation have seen it fit to warn us all that spammers are now looking to con troubled lovers into parting with their personal information, at the very least, in return for a reversal of fortunes in their relationships. The company issued a five-point advisory for consumers to Computerworld Singapore on Tuesday, September 1, 2009:

RSA publishes virtualization security, compliance guidelines

RSA today published security and compliance recommendations for virtualization products. The guidelines focus primarily on optimizing use of management and security tools available from VMware parent company EMC and EMC’s RSA security division.

Privacy Office approves laptop searches without suspicion

Travelers arriving at U.S. borders may soon be confronted with their laptops, PDAs, and other digital devices being searched , copied and even held by customs agents — all without need to show suspicion for cause.

Judge won’t lower $5M bail for SF IT administrator

A Bay Area man who has spent nearly 14 months in jail after refusing to hand over administrative passwords to San Francisco’s city network is likely to remain incarcerated after a county judge denied his motion for reduced bail on Monday.

Unpatched flaw could take down Microsoft’s IIS server

A hacker has posted code that could be used to take over a system running Microsoft IIS (Internet Information Services) server.

3Com to blend security brains, enterprise brawn

3Com plans to integrate intrusion prevention technology from its TippingPoint subsidiary into networking gear from its H3C division as part of a strategy to deliver streamlined secure networks at less cost and power consumption than marquee vendors.

Microsoft: Upgrade Messenger or else

Microsoft will force an upgrade on users of its Windows Live Messenger instant messaging software in September to plug a hole the company introduced when a programmer added an extra character to a code library.

Skype spy Trojan escapes into wild

Only days after Swiss programmer Ruben Unteregger released the source code for a Trojan he wrote three years ago to hack Skype phone calls, the inevitable has happened – someone has released it as a compiled piece of ‘faux’ malware.

Companies put security on back burner in dash to virtualise

Companies are putting security on the back burner in the rush to virtualise their data centres. That’s according to applications delivery vendor F5 which conducted a survey of more than 100 decision makers about their virtualisation plans.

Crossing Borders with Laptops: Facts and Tips

Earlier this week, the U.S. Department of Homeland Security made it clear that border crossing officials could continue to search any device that can store electronic media without any suspicion of wrongdoing.

AJAX widget security enabled

In an upgrade to one of its core technologies, the OpenAjax Alliance, an industry group formed to boost interoperability in the AJAX space, on Monday is offering OpenAjax Hub 2.0, featuring capabilities for secure interaction between JavaScript widgets.

Skype Wiretapping Trojan Publicly Released

The Swiss creator of a Skype Trojan that can intercept calls made using the VoIP program has released the Trojan’s source code online in an attempt to allow for its widespread detection.

New cloud infrastructure service focuses on security

OpSource on Friday announced a new cloud computing infrastructure service that it says meets the security and management needs of enterprises more effectively than rival offerings.

Microsoft, Cisco issue patches for newfangled DoS exploit
Relief for industry-wide TCP attack

Microsoft and Cisco have issued updates that protect against a new class of attack that requires very little bandwidth and can leave servers and routers paralyzed even after a flood of malicious data has stopped.…

Website exposes sensitive details on military personnel
Required by law

Programming errors on a website that helps commuters carpool to work are exposing sensitive information of workers for hundreds of employers in Southern California, including at least one military installation.…

What US Homeland Security collects about you
Inside your terrorist score

Any time a person crosses the US border, the Department of Homeland Security assigns travelers with a “risk assessment” score to divine their likelihood of any involvement with a terrorist cell or criminal activity.…

Byrne’s naked shorting crusade outs Yahoo! security vuln
From Wikimadness to cross-site scripting

Patrick Byrne’s unrelenting crusade against naked short selling has uncovered a gaping security hole in Yahoo!’s ever-popular message boards.…

Adobe and Oracle postpone quarterly patches
Schtop! This security update isn’t ready yet

Adobe and Oracle are both planning to delay their quarterly patch releases, albeit for different reasons.…

UK.biz lax on web app security
SQL injection problems getting worse

Web application security among UK corporates is getting worse, according to audits carried out by CESG-accredited security consultancy NTA Monitor.…

Facebook Fan Check scareware begets malign ware-scares
How very meta

Searching for information about a supposed virus threat affecting Facebook might itself be hazardous.…

Worm wiggles through weary WordPress
Spam-friendly malware spanks Scoble blog

Hackers are exploiting older installations of WordPress to distribute blog comment spam and disguise links to malware-contaminated sites.…

EU urges wise-up to combat rampant ATM crime
Don’t stand so close to me

The rise in ATM-related crime has prompted a EU security agency to urge consumers to be more careful about withdrawing money from cash machines.…

Firefox to warn users of insecure Adobe Flash
By popular demand

Upcoming versions of Mozilla’s Firefox browser will automatically warn users running versions of Adobe’s Flash Media Player that contain known security bugs, according to a published report.…

New IIS attacks (greatly) expand number of vulnerable servers
Microsoft’s webserver even easier to exploit

Attackers have begun actively targeting an unpatched hole in Microsoft’s Internet Information Services webserver using new exploit code that greatly expands the number of systems that are vulnerable to the bug.…

Faux Facebook ‘friend’ takes US woman for $4,000
Crooks impersonate UK Immigration

A US woman has been stung for $4,000 via a fraudulent Facebook “friend in peril” scam.…

Conficker borks London council
Dirty USB shuts systems for days

Updated An Ealing council employee infected the UK local authority’s IT systems with the Conficker-D worm after he plugged an infected USB into a work computer, causing tens of thousands of pounds in damages in the process.…

Man arrested for £1m online tax fraud
London cybercrime network under investigation

Police investigating a complex online fraud which scammed more than a million pounds from taxpayers have arrested a man in London.…

MS fuels up five critical Windows fixes
Black Tuesday likely to skip relief for IIS zero-day

Microsoft plans to release five critical update bulletins next Tuesday, all critical, in the September edition of its regular Patch Tuesday update cycle.…

McAfee false alert snares innocent JavaScript files
I didn’t do it

Faulty virus definition updates from McAfee that flagged legitimate JavaScript files as potentially malign caused a headache for some sysadmins earlier this week.…

Month of Facebook flaws gets underway
Every day a different hole

A security researcher has vowed to reveal technical details of a series of cross-site scripting vulnerabilities involving Facebook applications during September.…

Apple security lags (again) with critical Java patches
A month late, an OS short

Comment Apple is once again playing security catch-up to the rest of the computing world, this time with an update for the Leopard version of its Mac operating system that patches critical holes in Java that were fixed on competing systems 29 days ago.…

Breaching Fort Apache.org – What went wrong?
Open-sourcers put locks on keys

Administrators at the Apache Software Foundation have pledged to restrict the use of Secure Shell keys for accessing servers over their network following a security breach on Monday that briefly forced the closure the popular open-source website.…

Anti-spam smackdown finds best junk filter
McAfee spanks all comers in early tests

McAfee has claimed the crown in a run-off of anti-spam products organised by Virus Bulletin, the independent security certification body.…

Snow Leopard forces silent Flash downgrade
Bundled insecurity bungle

Apple has bundled a vulnerable version of Flash with Snow Leopard.…

Yorkshire start-up aims to shake up telecoms security
Syphan leaps funding gap for Silicon Dale

UK-based security appliance firm Syphan aims to shake up telecoms security from an unlikely base in Skipton, North Yorkshire.…

Microsoft confirms IIS bug gives complete server control
But only if …

Microsoft has confirmed a vulnerability in its Internet Information Services webserver and spelled out the conditions under which it can be exploited to give an attacker complete control of the server on which it runs.…

Microsoft rejects call to fix SQL password-exposure risk
Unpatched and staying that way

Microsoft is butting heads with a company that provides software for database security over a weakness in SQL Server that can expose user passwords to anyone with administrative access to the program.…

Men far worse than women on password security
And Brits rubbish at updating software

Women are more password savvy than blokes, according to a new survey.…

Azerbaijani donkey bloggers face seven years’ jail
Trumped up charges are a pain in the ass

A pair of Azerbaijani bloggers, who posted a satirical YouTube vid featuring a donkey, face up to seven years’ jail on what human rights organisations are calling trumped-up charges.…

Four arrested in China over net-paralysing gaming spat
DDoS kerfuffle between rivals causes web chaos

Chinese police have arrested four gamers who allegedly launched denial of service attacks that disrupted internet communications across the country back in May.…

MS warns of forced Messenger update
More fallout from ATL snafu

Microsoft has outlined plans to push a mandatory Windows Live Messenger upgrade in order to plug a security hole related to a vulnerable code library.…

UK Parliament website hack exposes shoddy passwords
Lights on, no one home

Updated A vulnerability in the website of the UK Parliament appears to be exposing confidential information, including unencrypted login credentials, a Romanian hacker wrote on his blog.…

The power of collaboration within unified communications

Buggy home routers expose O2 customers to hijacking
O2 looking in to it

Updated If you get your internet service from O2, there’s a good chance Paul Mutton can remotely log in to your router and make configuration changes that surreptitiously allow him to access computers on your network.…

Spyware ad-on targets Firefox fans
Fake Flash bash

Miscreants have created an item of spyware targeted at Firefox users.…

5 men named in racket that netted $4m in stolen card data
All aboard the Western Express Cybercrime Group

Prosecutors in Manhattan have named five additional men from Eastern Europe in an alleged scheme that pilfered $4m using more than 95,000 stolen credit cards.…

Malware thrown on California bush fires
Scareware burns incautious surfers

California bush fires that have destroyed 50 homes and ten commercial buildings – and claimed the lives of two firefighters – have become the latest lure for malware scams.…

Microsoft says US is top malware target
The United States of infected PCs

Windows users based in the United States are the most likely to benefit from Microsoft’s malicious software removal tool, which has removed malware from nearly 2.2 million US machines, more than the other nine top countries combined.…

IIS bug gives attackers complete server control
Linux and Chrome flaws too

A hacker has uncovered a previously unknown bug in Microsoft’s Internet Information Services webserver that in some cases gives attackers complete control of vulnerable machines.…

US health-care debate clogged world’s inboxes
Pharma-spam cashes in

When the US debates health care reform, the world’s inboxes get clogged with health-related spam.…

Mac OS X Malware Analysis

Category: Forensics

Paper Added: September 8, 2009

Possible DDOS on gov.au sites starting tonight? , (Wed, Sep 9th)

The group anonymous, who were reported to be responsible for the attack on scientology sites now hav …(more)…

Bug Fixes in Sun SDK 5 and Java SE 6, (Tue, Sep 8th)

Sun released 17 bug fixes for JDK 5 Update 21. There are no new security vulnerabilities fixes part …(more)…

Microsoft September 2009 Black Tuesday Overview, (Tue, Sep 8th)

Overview of the September 2009 Microsoft patches and their status. # …(more)…

Cisco Security Advisory TCP DoS, (Tue, Sep 8th)

ISC reader Kurt reported that Cisco has released an advisory affecting TCP State Manipulation which …(more)…

Microsoft Security Advisory 975191 Revised, (Tue, Sep 8th)

We wrote about the new IIS FTP service vulnerabilities when the exploit code became public in diary …(more)…

Vista/2008/Windows 7 SMB2 BSOD 0Day, (Tue, Sep 8th)

We have received a report from Tyler that a vulnerability affecting Microsoft SMB2 can be remotely c …(more)…

Anybody recognize these packets?, (Tue, Sep 8th)

Ihave been looking at a packet trace sent in by a reader, and have reached a dead end. He has …(more)…

Seclists.org is finally back, (Mon, Sep 7th)

The 4 day outage at seclists.org/insecure …(more)…

Request for packets, (Mon, Sep 7th)

One of our loyal readers, Jon, sent an e-mail this morning that he was seeing some unusual traffic.& …(more)…

Encrypting Data, (Mon, Sep 7th)

One of the challenges that any security professional is sure to face revolves around encryption and …(more)…

Critical Infrastructure and dependencies, (Sat, Sep 5th)

Critical infrastructure is a term used by governments to describe assets that are essent …(more)…

SANS Network Security 2009 @Night Classes, (Sat, Sep 5th)

If you are coming to San Diego in a few days for SANS Network Security 2009, be sure to check out th …(more)…

SeaMonkey Security Update, (Fri, Sep 4th)

SeaMonkey is an ‘all-in-one’ Internet suite for users. SeaMonkey 1 …(more)…

So, you updated your Flash did you?, (Fri, Sep 4th)

Helpfully Snow Leopard downgrades it for you. If you had upgraded to Flash version 10 …(more)…

Vulnerabilities (plural) in MS IIS FTP Service 5.0, 5.1. 6.0, 7.0, (Fri, Sep 4th)

Microsoft has published an advisory on multiple vulnerabilities in the Microsoft FTP services bundle …(more)…

Fake anti-virus, (Fri, Sep 4th)

Matt wrote in with the following: It might be a good idea to make end users aware that the fa …(more)…

RealVNC Remote Auth Bypass?, (Thu, Sep 3rd)

We had an interesting submission from one of our readers today. He thinks there might be a pro …(more)…

seclists.org Outage, (Thu, Sep 3rd)

It appears that seclists.org is offline …(more)…

Telstra Outage, (Thu, Sep 3rd)

We had a couple of reports that Telstra (Australia) was down earlier today. Still not sure wha …(more)…

Incident Response Pre Planning Return On Investment, (Wed, Sep 2nd)

I had an interesting conversation the other day with a good friend regarding the merits of having sp …(more)…

Happy Birthday, Internet!, (Wed, Sep 2nd)

It all started 40 years ago today, when a couple of computers were connected by a long gray cable in …(more)…

Gmail Down, (Tue, Sep 1st)

We had several ISC readers reporting that Gmail is down. Gmail will be providing updates here under …(more)…

Opera 10 with Security Fixes, (Tue, Sep 1st)

Opera 10 for Windows has been released. It provides several new and improved features …(more)…

Microsoft IIS 5/6 FTP 0Day released, (Mon, Aug 31st)

We are aware of a new 0-day exploit that was posted on Milw0rm today. According the exploit …(more)…

How do I recover from…..?, (Sun, Aug 30th)

One of our readers, Scott F., yesterday submitted to the ISC that he had been notified in early July …(more)…

Judge Allows Couple to Sue Bank for Inadequate Data Security (September 2, 2009)

A District Court Judge in Illinois has ruled that an Indiana couple may sue Citizens Financial Bank for negligence…….

TJX Reaches Settlement with Banks Over Breach (September 2 & 3, 2009)

TJX Cos…….

Five Indicted in International Card Fraud Scheme (September 1 & 2, 2009)

Five men have been indicted in connection with the theft of more than US $4 million using nearly 100,000 stolen payment card numbers…….

Microsoft to Issue Five Bulletins on September 8 (September 3, 2009)

Microsoft will release five security bulletins on Tuesday, September 8…….

Snow Leopard Installs Older, Unsecure Version of Flash (September 3, 2009)

Apple’s recently released Mac OS X 10…….

UK ISP O2 Acknowledges and Provides Fix for Router Vulnerability (September 3, 2009)

A security flaw in routers provided to customers of UK Internet service provider (ISP) O2 could be exploited to gain access to these devices and make configuration changes that allow attackers access to computers on the network…….

Firefox Will Warn Users Running Out-of-Date Versions of Flash (September 3, 2009)

Firefox 3…….

Missing Navy Hospital Laptop Holds Personally Identifiable Information of 38,000 (September 2, 2009)

A missing US Navy laptop computer contains personally identifiable information of 38,000 individuals…….

Microsoft Acknowledges IIS Vulnerability (Update) (September 1 & 2, 2009)

Microsoft has investigated reports of a security flaw in its Internet Information Services (IIS) web server and has said it will release a fix for the remote code execution vulnerability as soon as it is ready…….

Eircom Will Block Access to The Pirate Bay; UPC Will Not (September 1, 2009)

Irish ISP Eircom has acknowledged that as of September 1, subscriber access to The Pirate Bay website and related IP addresses will be blocked…….

Spyware Aimed at Firefox Users (September 1, 2009)

Malware that purports to be an update for Adobe Flash Player is actually spyware that logs Firefox users’ Google queries…….

Judge Denies Bail Reduction for San Francisco City Network Admin (August 31, 2009)

A county judge in California has denied a request to reduce bail for a former network administrator being held on charges of locking users out of a city computer network…….

Revised Legislation Still Gives President Power to Shut Down Portions of the Internet (August 28 & 31, 2009)

Proposed legislation introduced in April gave the President the power to “declare a cybersecurity emergency and order the limitation or shutdown of internet traffic to and from a compromised federal government or critical infrastructure information system or network…….

Facebook Will Strengthen Privacy Practices (August 27 & 28, 2009)

In response to an investigation launched by Canada’s Office of the Privacy Commissioner, Facebook has agreed to give users more control about the information they share with third-party applications…….

Phishing Attacks Diminishing (Study) (August 27, 2009)

A report from IBM indicates that phishing attacks appear to be declining…….

Gonzalez Reaches Plea Agreement But Still Faces Additional Charges (August 29, 2009)

Albert Gonzalez has agreed to plead guilty to 19 counts of wire fraud, conspiracy, aggravated identity theft, and money laundering…….

Four Arrested in Connection with Chinese Internet Outage (August 28, 2009)

Police in Foshan, Guangdong Province (China) have arrested four people in connection with a denial-of-service attack that caused Internet outages in parts of the country earlier this year…….

Directives Clarify Some Laptop Border Search Policies (August 27 & 28, 2009)

Two new directives from the US Department of Homeland Security (DHS) regarding laptop border searches do not address the issue of whether laptop owners can be compelled to surrender passwords and encryption keys to allow authorities to examine the devices’ contents…….

Proof-of-Concept Code Published for IIS Vulnerability (August 31, 2009)

Proof-of-concept exploit code has been published for a vulnerability in Microsoft’s Internet Information Services (IIS) server…….

Microsoft to Push out Mandatory Live Messenger Upgrades (August 31, 2009)

In September, Microsoft plans to push out a mandatory upgrade for certain Windows Live Messenger users to fix a vulnerability in an Active Template Library (ATL)…….

Apache.org Offline Due to SSH Remote Administration Key Compromise (August 28, 2009)

The Apache…….

Social Engineering Pen Test Prompts National Warning (August 28, 2009)

A social engineering portion of a sanctioned penetration test of computer systems at an unnamed credit union prompted the National Credit Union Administration (NCUA) to issue a warning to all federally insured credit unions…….

Microsoft repairs Windows media, TCP/IP vulnerabilities

By Robert Westervelt

Microsoft released five critical updates fixing a serious flaw in the Windows Media Format Runtime engine and TCP/IP processing errors that could crash Web and mail servers.

Attackers target Microsoft IIS; new SMB flaw discovered

By Robert Westervelt

New exploit code targets a zero-day flaw in Microsoft Server Message Block, a protocol used by Windows to communicate messages to printers and other devices on a network.

Microsoft five critical updates won’t include IIS

By SearchSecurity.com Staff

A patch repairing a critical zero-day flaw in Microsoft’s IIS Web server will not be ready in time for Patch Tuesday, the software giant said.

Schneier-Ranum Face-Off: Is Perfect Access Control Possible?

By Bruce Schneier and Marcus Ranum

Security experts Bruce Schneier and Marcus Ranum debate whether perfect access control is possible.

Security threats to virtual environments less theoretical, more practical

By Michael S. Mimoso

The demonstration of a hacking tool at Black Hat that allows attackers to escape from virtual machines to attack their guest OS elevates the seriousness of security threats to virtualization.

Truth, lies and fiction about encryption

By Adrian Lane and Rich Mogull

Encryption solves some very straight-forward problems but implementation isn’t always easy. We’ll explain some of the common misperceptions so you’ll understand your options.

2009 Information Security magazine Readers’ Choice Awards

By Information Security magazine, SearchSecurity.com staff

For the fourth consecutive year, Information Security readers voted to determine the best security products. A record 1721 voters participated this year, rating products in 17 different categories.

Microsoft issues IIS FTP advisory, exploit code circulates

By SearchSecurity.com Staff

Exploit code is circulating for the FTP zero-day flaw in Microsoft IIS Web server.

At VMworld 2009, companies focus on virtual desktops for security

By Eric Ogren

While security is not a major theme at VMworld 2009, companies are turning attention to virtual desktop infrastructures to improve security and address remote employees.

Unpatched vulnerability discovered in Microsoft SQL Server

By Michael S. Mimoso

Database security vendor Sentrigo today released some detail about a flaw discovered a year ago in Microsoft SQL Server that exposes passwords stored in memory as cleartext. Microsoft is not planning to patch this flaw. Sentrigo released a free utility that will erase cleartext passwords from memory. Updated to include comments from Microsoft.

Security fundamentals remain focus of virtualization deployments

By Robert Westervelt

Companies are avoiding virtualization security technologies until the market matures and established security vendors address threat mitigation and compliance issues.

Skype Trojan records VoIP communications

By SearchSecurity.com Staff

Called the first wiretap Trojan, Peskyspy, targets Skype conversations by intercepting and recording audio between the Skype application and the victim’s audio device. 

VMware Frame Buffer Parameter Heap-Based Buffer Overflow Vulnerability

The VMware movie decoder contains the VMnc media codec that is required to play back movies recorded with VMware Workstation, VMware Player and VMware ACE, in any compatible media player. The movie decoder is installed as part of VMware Workstation, VMware Player and VMware ACE, or can be downloaded as a stand alone package.

yTNEF/Evolution TNEF Attachment Decoder Plugin Multiple Vulnerabilities

Transport Neutral Encapsulation Format (TNEF) is a proprietary e-mail attachment format used by Microsoft Outlook and Microsoft Exchange Server. A plugin for Evolution exists that provides basic support for TNEF encoded e-mails. This plugin uses the ytnef library (libytnef) for processing TNEF messages. It borrows code from the ytnef program, which is a program to work with procmail to decode TNEF streams (winmail.dat attachments). These applications share code and are, because of this, both affected by the issues described in this document. yTNEF & the Evolution TNEF Attachment decoder plugin are affected by several directory traversal and buffer overflow vulnerabilities. The directory traversal vulnerabilities allow attackers to overwrite or create local files with the privileges of the target user. Exploiting the buffer overflow vulnerabilities allows for arbitrary code execution with the privileges of the target user.

Asterisk IAX2 Call Number Resource Exhaustion

The IAX2 protocol uses a call number to associate messages with the call that they belong to. However, the protocol defines the call number field in messages as a fixed size 15 bit field. So, if all call numbers are in use, no additional sessions can be handled.

Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server

Dnsmasq is a lightweight DNS forwarder and DHCP server. A vulnerability has been found that may allow an attacker to execute arbitrary code on servers or home routers running dnsmasq[1] with the TFTP service enabled (‘–enable-tfp’).

OpenOffice.org Word Document Table Parsing Integer Underflow

OpenOffice.org 3 is the leading open-source office software suite for word processing, spreadsheets, presentations, graphics, databases and more. A vulnerability was discovered in OpenOffice.org, which can potentially compromise a user’s system.

JSFTemplating Mojarra Scales and GlassFish Application Server File Disclosure Vulnerability

The JSFTemplating FileStreamer functionality is vulnerable to file disclosure and also allows an attacker to retrieve directory listings of the whole server. Furthermore Mojarra Scales and the GlassFish Application Server Admin console are using vulnerable components too.

Microsoft ATL/MFC ActiveX Security Bypass Vulnerability

Microsoft’s Component Object Model (COM) was designed to allow interoperability between disjointed software components. Remote exploitation of a logic flaw vulnerability in Microsoft Corp.’s ATL/MFC ActiveX code, as included in various vendors’ ActiveX controls, could allow attackers to bypass ActiveX security mechanisms.

Microsoft ATL/MFC ActiveX Information Disclosure Vulnerability

Microsoft’s Component Object Model (COM) was designed to allow interoperability between disjointed software components. It is a standardized interface solution to the programming dilemmas involved in object oriented programming, distributed transactions, and inter-language communications. Remote exploitation of an information disclosure vulnerability in Microsoft’s ATL/MFC ActiveX template, as included in various vendor’s ActiveX controls, allows attackers to read memory contents within Internet Explorer.

Microsoft IIS FTP Server Stack Based Overrun Vulnerability

Microsoft IIS servers that allow anonymous write access to the FTP server are vulnerable to a stack based overrun. IIS5 and to some degree IIS6 are susceptable.

Xerox WorkCentre LPD daemon Denial of Service

The Xerox WorkCentre 7132 multifunction is the affordable transition to the next level of productivity for your office. One easy-to-use device offers powerful printing, copying, scanning, and faxing. During a brief assessment performed for Xerox WorkCentre 7132 it was discovered that LPD daemon implementation contains a weakness related to robustness of LPD protocol handling. Attacker can crash the whole device with a relatively simple attack. Recovering from the denial-of-service condition requires power cycling the device.

ProShow Gold Buffer Overflow Vulnerabilities

ProShow Gold allows you easily create photo and video slide shows on DVD, PC and Web. Vvulnerabilities in the software related to the processing of ProShow Slideshow s project files ( .psh ). This vulnerability permits hackers to execute malicious code on users systems.

Microsoft ATL/MFC ActiveX Type Confusion Vulnerability

Remote exploitation of a type confusion vulnerability in Microsoft Corp.’s ATL/MFC ActiveX code as included in various vendors’ ActiveX controls, could allow an attacker to execute arbitrary code within Internet Explorer (IE). Microsoft’s Component Object Model (COM) was designed to allow interoperability between disjointed software components. It is a standardized interface solution to the programming dilemmas involved in object oriented programming, distributed transactions, and inter-language communications. Microsoft’s Active Template Library (ATL) is a set of C++ templates that simplify developing COM objects.

Subdreamer CMS SQL Injection Vulnerabilities

Subdreamer is a content management system, which is written in PHP and uses MySQL as its database backend. There are vulnerabilities in two integration modules in Subdreamer. Both Invision Power Board 2 and phpBB3 integration modules have this vulnerability.

Oracle Database Server Resource Manager Buffer Overflow

To exploit this vulnerability it is required to have ALTER SYSTEM privilege. Exploitation of this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DoS (Denial of service) killing the Oracle server process.

Microsoft Fixes Critical Windows Vulnerabilities in Patch Tuesday Updates

Microsoft fixes several critical vulnerabilities in Microsoft Windows in September’s Patch Tuesday release. All five of the security bulletins are rated critical, including one that addresses a vulnerability in the JavaScript engine that affects several versions of Windows.
- Microsoft released five critical security bulletins Sept. 8 to cover issues in Microsoft Windows that company officials said could allow hackers to remotely execute code. None of the vulnerabilities are known to be under attack at this time. Still, two of the bulletins address vulnerabilities t…

How a Phishing Attack Exposed an Energy Company to Hackers

The Intrepidus Group reveals some details behind a malware attack that exposed critical systems at an energy company. Using a Microsoft zero-day vulnerability and a bit of social engineering, hackers compromised a workstation and threatened critical SCADA systems, the security vendor says.
- It began with an e-mail sent to an employee at an energy company, and ended with a security breach that exposed critical systems to outside control. This is an-all-too common scenario, and just one example of the types of threats targeting not only critical infrastructure but organizations ge…

Microsoft Warns IIS Vulnerability Is Under Attack

Microsoft reports that a zero-day vulnerability in Internet Information Services is now the subject of limited attacks. Exploit code for the IIS vulnerability is known to have been circulating publicly for the past several days.
- Microsoft officials are reporting limited attacks targeting a zero-day vulnerability in the FTP service in Internet Information Services. The IIS vulnerability warning follows the release of new exploit code that can be used to create a DoS (denial of service) condition on Windows XP and Windows…

Microsoft Readies 5 Critical Windows Updates for Patch Tuesday

Microsoft is preparing to release five critical security bulletins Sept. 8 for Patch Tuesday. The five bulletins target vulnerabilities in Microsoft Windows, and do not include a fix for a bug affecting Internet Information Services the company has warned about.
- Microsoft is prepping five critical security bulletins for the Patch Tuesday release Sept. 8. All five are classified as remote code execution vulnerabilities in Microsoft Windows. The bulletins cover various editions of the operating system, ranging from Windows 2000 to Windows Server 2008. T…

Apple Ships Vulnerable Adobe Flash with ‘Snow Leopard,’ Sophos Reports

Apple is silently downgrading users of Mac OS X 10.6, code-named Snow Leopard, to an old, vulnerable version of Adobe Flash Player. According to Sophos, users who upgrade to Snow Leopard are left with Adobe Flash Player Version 10.0.23.1, which is known to be susceptible to attacks.
- Apple is pushing out an older, vulnerable version of Adobe Flash Player with its quot;Snow Leopard quot; operating system upgrade, according to Sophos. Snow Leopard, aka Mac OS X 10.6, hit the streets Aug. 28 with much fanfare about promised performance improvements. Apple also generat…

Marshal8e6 Renamed M86 Security

Marshal8e6 changes its name to M86 Security as it pushes a Web and messaging security focus. The company announces the change along with plans for two upcoming products that bring together technology from recent mergers and acquisitions.
- Security vendor Marshal8e6 is sporting a new name and a new bag of integrated products bringing its technology together with technology from recently acquired Avinti. The new name M86 Security is meant to reflect the companys focus on Web and messaging security, and is the second name change fo…

Energy Sector in Danger of Cyberattack

A former Department of Homeland Security official is warning that the nations energy grid could be opening itself up to crippling cyberattacks. Greg Garcia, former Assistant Secretary of Cyber Security for Homeland Security, told Ziff-Davis Enterprise in an exclusive video interview that the energy industrys move to embrace so-called smart grid technology could allow hackers to disrupt our critical infrastructure in new and very dangerous ways.

Microsoft Downplays SQL Server Database Vulnerability

Microsoft is disputing the severity of a vulnerability found in its SQL Server database that security researchers say exposes administrative passwords. The vulnerability, uncovered by Sentrigo, can be exploited remotely in SQL Server 2000 and 2005.
- Microsoft is downplaying a SQL Server security flaw that could be exploited by someone with administrative privileges to see users’ unencrypted passwords. The vulnerability was discovered last year by database security vendor Sentrigo when one of their researchers noticed that the uniqu…

Virtualization Security in Spotlight During VMworld

With VMworld in full swing, virtualization security is at the tip of some people’s tongues. Based on a new paper from RSA and some user surveys, IT pros are advised to keep security high on their list of concerns when it comes to virtualized environments.
- In some ways, the virtualization security market may be in a good news, bad news situation. The good news: More tools are appearing that focus on securing virtual environments. The bad news: Many may not be making their way into the IT infrastructure. A survey by Nemertes Research found that onl…

Microsoft Investigates IIS Zero-Day Security Vulnerability

Microsoft is investigating reports of a vulnerability affecting Microsoft Internet Information Services’ FTP module after exploited code surfaced on the Web. The vulnerability could be leveraged by an attacker to execute arbitrary code, officials at US-CERT warn.
- Microsoft officials are investigating reports of a zero-day bug affecting Microsoft Internet Information Services in response to the appearance of exploit code on the Internet. The exploit, which targets a FTP server remote stack overflow, was published Aug. 31 on Milw0rm.com. According to US-C…

Revised Bill Still Gives Obama Unprecedented Cyber-security Powers

After receiving a hailstorm of criticism for his first version of the Cybersecurity Act of 2009, Sen. Jay Rockefeller revises the legislation to encounter even more criticism. In both versions, the controversy rests on the president’s ability to shut down private Internet networks in the case of a national emergency.
- Sen. Jay Rockefeller’s revised Cybersecurity Act of 2009 is creating as much controversy as his original effort in April did. Both versions give the president unprecedented authority to shut down private Internet networks in the case of a cyber-security emergency. The original draft bill gave …

Future Firefox to Nag Users on Insecure Plug-ins

In Safety Tips

Mozilla says that the next version of Firefox will warn users if they are running insecure, outdated versions of the Adobe Flash Player, as part of a nascent effort to work with vendors of the most popular browser plug-ins to ensure users aren’t falling behind on important security updates. Beginning with Firefox 3.5.3 and Firefox 3.0.14, Mozilla will warn users if their Flash plugin is out-of-date. Mozilla said it is starting with Flash because if its ubiquity, but also in response to recent studies showing as much as 80 percent of users are running old versions of Flash. “Mozilla will work with other plugin vendors to provide similar checks for their products in the future,” the company said on its Security Blog. “Keeping your software up to date remains one of the best things you can do to keep yourself safe online, and Mozilla will continue to look for ways

Microsoft Fixes Eight Security Flaws

In New Patches

Microsoft today pushed out software updates to plug at least eight critical security holes in computers powered by its various Windows operating systems. The patches are available through Windows Update or via Automatic Updates. The flaws were addressed in a bundle of five patches, each of which earned Microsoft’s most dire “critical” rating, meaning they are serious enough that attackers could break into systems without any help from users. One particularly dangerous flaw covered by this month’s patch batch is a problem with the way Windows handles Javascript. While this flaw stems from a faulty component of the Windows operating system, it would most likely be exploitable through Internet Explorer versions 6, 7 and 8, said Wolfgang Kandek, chief technology officer at software security provider Qualys. The flaw resides in every version of Windows except Windows 7. In fact, none of the vulnerabilities patched today affect Windows 7, Kandek said.

More Business Banking Victims Speak Out

In Web Fraud 2.0

Since our story about Eastern European cyber crooks targeting small to mid-sized U.S. businesses ran last week, I’ve heard from a few more victims. Eerie similarities in their descriptions of how they were robbed suggest the bulk of this crime may be the work of one or two gangs. David Johnston, owner of Sign Designs, Inc., a Modesto, Calif.-based company that makes and installs electric signs, said his company lost nearly $100,000 on July 23, when crooks used the company’s credentials to log in to its online banking account and initiate a series of transfers to 17 accomplices at seven banks around the country. “Our daily limit on these transactions was $100,000, and [the thieves] took just $47 short of that amount,” Johnston said. “What we’re looking at really is the bank robber of 2009. They don’t use a gun, they have lots of helpers, their [profits] are huge, and

Apple Updates Java, Backdates Flash

In New Patches

Apple Thursday shipped an update to plug a slew of critical security holes in its version of Java for Leopard systems (OS X 10.5). In other Apple patch news, it appears those who have updated to the latest version of OS X — 10.6/Snow Leopard — received an insecure version of the Adobe Flash player. The Java update brings Mac’s version of Java to 10.5 Update 5, and fixes at least 16 security flaws in the program. Users can grab the patch through Software Update or directly from Apple Software Downloads. Mac users who have upgraded to Snow Leopard should be aware that the current version of the installation disc comes with an outdated version of Flash — version 10.0.23.1. Snow Leopard users can upgrade to the latest version — 10.0.32.18 — by visiting the Flash Player Download Center.

What To Do When Scareware Strikes

In Safety Tips

Mrs. Krebs and I were enjoying a relaxing, quiet morning last Saturday in our living room — silently bonding with our respective laptops propped on our knees — when she nearly jumped off of the sofa, shouting, “Uh oh! It’s one of those fake virus things popping up! WhatdoIdo!?!?” It occurred to me as I reached for her computer that most people probably wouldn’t know what to do should they stumble across a hacked or malicious site that tries to frighten and corral visitors into downloading and purchasing some rogue anti-virus product (a.k.a. “scareware”). The misleading pop-ups and animations about supposed security and privacy threats are unnerving, to be sure, and can be awfully convincing to the unwary. Typically, they are the result of scripts stitched into legitimate, hacked Web sites, or into banner ads that scam artists stealthily submit to some online ad networks. It is tempting to try

Getting Friended By Koobface

In From the Bunker

You know you’ve attracted the attention of online troublemakers when they start using their malicious software to taunt you by name. Such is apparently the case with the latest version of Koobface, a worm that spreads on Facebook, Twitter and other Web 2.0 sites and turns infected systems into bots that can be used for a variety of improper and possibly criminal purposes. According to an analysis performed on the malware by researchers from the University of Alabama at Birmingham, the latest version references a domain that begins with an expletive and ends with …briankrebs.com (if you figure it out please DO NOT visit this Web site, as you could pick up a malicious program). I suppose I should be flattered, as I’m in good company: According to the researchers, this Koobface variant also forces infected systems to call out to another domain that drops an expletive in the middle

Brief: WordPress warns of wayward worm

WordPress warns of wayward worm

Brief: Snow Leopard users suffer Flash back

Snow Leopard users suffer Flash back

Brief: Microsoft warns of IIS flaw

Microsoft warns of IIS flaw

Brief: Judge dismisses everyone-a-hacker case

Judge dismisses everyone-a-hacker case

Brief: Security tools snarl Snow Leopard update

Security tools snarl Snow Leopard update

Extreme Asymmetry in Network Attack and Defense

By Richard Bejtlich

As usual, Gunter Ollmann posted a great story on the Damballa blog titled Want to rent an 80-120k DDoS Botnet? He writes:
[T]his particular operator is offering a botnet of between 80k and 120k hosts capable of launching DDoS attacks of 10-100Gbps – which is more than enough to take out practically any popular site on the Internet. The price for this service? $200 per 24 hours – oh, and there’s a 3 minute try-before-you-buy.
Someone please tell me how much it costs to provision equipment and services sufficient to sustain network operations during a 10-100 Gbps DDoS attack. I bet it is much more than $200 per day. This extreme level of asymmetry demonstrates another reason why intruders have the upper hand in network attack and defense.
Situations like this remind me that an insurance model might work. Insurance works when many contribute but few suffer simultaneous disasters. Perhaps organizations could buy insurance policies to cover losses due to DDoS, rather than provision for the disaster? Or do organizations already do that? I know some work with companies like Prolexic specifically to mitigate DDoS, but how about with insurers?

Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and http://www.taosecurity.com)

Securing Application Execution with Microsoft AppLocker

By (Chris Sanders)

A deep dive into AppLocker, Microsoft’s new feature for Windows 7 and Windows Server 2008 R2.

FanCheck Developer Defends App, Says It’s Not Malware (PC World)

In technology

PC World – The controversial and popular FanCheck application for Facebook carries no viruses and is completely safe and legitimate, according to its creator.

Sophos: Searches About Fan Check App Can Lead to Malware (PC World)

In technology

PC World – Malicious hackers are setting up malware-infested Web sites that falsely claim to remove a virus from a new Facebook application called Fan Check, security vendor Sophos is warning.

Close to Patch Tuesday, New Flaw Surfaces (PC World)

In technology

PC World – As Microsoft prepares to release patches, researchers said they’ve seen exploit code for a new flaw that puts organizations using Vista and Windows 7 at great risk.

Symantec Announces Norton 2010, ‘Quorum’ Tech (PC Magazine)

In technology

PC Magazine – Symantec has announced the new line of Norton 2010 security products, which promise to deliver a revolutionary approach to fighting cyber crime.

Privacy bill would set rules for online marketing (AP)

In technology

AP – Here is a look at some of the things that Rep. Rick Boucher, chairman of the House Energy and Commerce Subcommittee on Communications, Technology and the Internet, hopes to put in a bill governing Internet advertising.

Congress weighs landmark change in Web ad privacy (AP)

In technology

AP – The Web sites we visit, the online links we click, the search queries we conduct, the products we put in virtual shopping carts, the personal details we reveal on social networking pages — all of this can give companies insight into what Internet ads we might be interested in seeing.

Microsoft: Cyber-crooks Exploiting Unpatched IIS Bug (PC World)

In technology

PC World – Microsoft says that cyber-criminals are starting to exploit an unpatched bug in its IIS server software that was made public earlier this week.

Old Flash for Snow Leopard, and Firefox Gets Fake Flash (PC World)

In technology

PC World – Here’s a sneaky one for you. According to Sophos, a piece of spyware is masquerading as a Flash player plug-in for Firefox. Its installation screen looks legit (per examples in the Sophos post), and it will even show up thereafter in the list of Firefox extensions as “Adobe Flash Player 0.2.”

Virtual Detectives Stalk In-Game Spammers (PC Magazine)

In technology

PC Magazine – Gamers competing against rivals around the globe in online multiplayer games have a new force protecting them—teams of virtual detectives.

Virtual detectives stalk in-game spammers (Reuters)

In technology

Reuters – Gamers competing against rivals around the globe in online multiplayer games have a new force protecting them — teams of virtual detectives.

Wiretapping Skype calls: virus eavesdrops on VoIP (AP)

In technology

AP – Some computer viruses have a crude but scary ability to spy on people by logging every keystroke they type. Now hackers and potentially law enforcement have another weapon: a virus that can eavesdrop on voice conversations that go over computers instead of a regular phone line.

Five Indicted in Long-running Cybercrime Operation (PC World)

In technology

PC World – New York prosecutors indicted five Eastern European men on Monday in an extensive credit-card fraud operation that netted the defendants at least US$4 million from some 95,000 stolen card numbers.

Instant Messaging Speeds up Data Theft Danger (PC World)

In technology

PC World – One of the more sophisticated pieces of malware in circulation has been given an upgrade that lets cybercriminals act even faster after they’ve stolen data from a PC.

The Broadband Revolution = Webcam Exhibitionists (PC Magazine)

In technology

PC Magazine – They’re everywhere. If we can’t make the webcam girls go away, can we at least get them to stop spamming every single Web site?

Unpatched Flaw Could Take Down Microsoft’s IIS Server (PC World)

In technology

PC World – A hacker has posted code that could be used to take over a system running Microsoft IIS (Internet Information Services) server.

Making Sense of the Snow Leopard Security Debate (PC World)

In technology

PC World – Snow Leopard is out and users seem generally satisfied with the latest version of the Mac OS X operating system. The release hasn’t come without some controversy though, part of which has been the debate over the malware protection features Apple included in Snow Leopard.

Microsoft patches gaping Windows worm holes

By Ryan Naraine on Vulnerability research

Microsoft today released a peck of patches to cover at least seven documented worm holes in the Windows operating system. The most serious of the vulnerabilities addresses could lead to remote code execution complete system takeover attacks.

Firefox to run checks for Adobe Flash patch

By Ryan Naraine on Pen testing

Starting with the upcoming releases of Firefox 3.5.3 and Firefox 3.0.14, Mozilla will warn users if their version of the popular Adobe Flash Player plug-in is out of date

Microsoft FTP in IIS vulnerability now under attack

By Ryan Naraine on Zero-day attacks

Less than a week after the publication of exploit code for a critical vulnerability in the FTP Service in Microsoft Internet Information Services (IIS), attackers are now launching in-the-wild attacks against Windows users.

Scareware goes Green

By Dancho Danchev on Spyware and Adware

Malicious pseudo-environmentalists have come up with a new social engineering tactic aiming to improve the profit margins of their fake antivirus software releases – by promising to donate $2 from every purchase for saving the Amazonian green forests. The new scareware template branded as “Green-AV Premier Edition 3.0” is pitched as the “World’s First Antivirus Which [...]

Patch Tuesday heads-up: Five ‘critical’ bulletins on tap

By Ryan Naraine on Patch Watch

Microsoft’s September batch of security updates will include fixes for a multiple “critical” vulnerabilities affecting the Windows operating system.

Apple plugs 15 Java for Mac security holes

By Ryan Naraine on Patch Watch

Apple today released a new version of Java for Mac to plug a total of 15 documented security vulnerabilities that could lead to remote code execution attacks via rigged Web pages.

Opera browser (finally) gets an auto-updater

By Ryan Naraine on Patch Watch

The Opera Web browser has undergone a minor security makeover with one significant improvement — the ability to update itself when patches are released. The latest browser update will, by default, notify the user about available updates in very much the same way Mozilla Firefox handles automatic patching. From the changelog: Users can specify that snapshot build releases [...]

Snow Leopard ships with vulnerable Flash Player

By Ryan Naraine on Patch Watch

Apple’s new operating system comes with an outdated version of Flash Player that exposes Mac users to hacker attacks.

Microsoft confirms IIS zero-day flaw; Exploit code published

By Ryan Naraine on Windows Vista

Microsoft late Tuesday confirmed the publication of exploit code for a serious code execution vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0.

Firefox add-on spies on Google usage, search results

By Ryan Naraine on Patch Watch

Security researchers have intercepted a fake Flash Player update creating a Firefox add-on that spies on a target user’s Google search results.

Microsoft to push ‘mandatory’ Live Messenger security patch

By Ryan Naraine on Windows Vista

Microsoft plans to force a mandatory Windows Live Messenger upgrade later this month to fix a security vulnerability that exposes Windows users to remote code execution attacks.

Around The Horn vol.1,147

Posted in Uncategorized by lightthedarkfiber on September 9, 2009

Game server admins arrested for Chinese DNS attacks

By jacqui@arstechnica.com (Jacqui Cheng) on security

companion photo for Game server admins arrested for Chinese DNS attacks

A denial of service attack that took down Internet access in parts of China earlier this year has been attributed to an over-enthusiastic game provider trying to take down rivals. Police in Foshan, a city in Guangdong, have announced that they arrested four individuals for the attack, noting that they would go to trial sometime in the mysterious future.

The group was headed up by a 23-year-old factory worker with the surname Bing, according to the police announcement. Bing and his cohorts had set up a number of private servers for gamers to use, but weren’t making much money because rivals had been engaging in distributed denial of service (DDos) attacks against them, constantly taking down the service. Bing was apparently angered by this and decided to drop 280,000 yuan (roughly US$41,000) to rent even more servers for the sole purpose of retaliating against his own attackers.

Read the rest of this article...

Phishers cut bait, slip on trojans instead

By jacqui@arstechnica.com (Jacqui Cheng) on Symantec

companion photo for Phishers cut bait, slip on trojans instead

Phishing e-mails have dropped during the first half of 2009, indicating that cybercriminals are looking for other ways to scam unsuspecting users. Researchers from IBM’s Internet Security sector, X-Force, revealed in their Mid-year Trend and Risk Report that banking Trojans appear to be taking the place of phishing for financial info. This trend is reflected by other security firms, too, but not everyone agrees on whether this is a true shift or just a temporary dip.

The X-Force team described the drop as “dramatic,” noting that phishing only made up about 0.1 percent of all spam during the first six months of the year. Comparatively, phishing e-mails made up close to 1 percent of all spam during the same period in 2008, and an average of 0.5 percent during all of 2008. Of the phishing e-mails that are still floating around in the wild, the large majority of subject lines have to do with PayPal, with the remainder indicating that they are related to banking or other financial accounts.

Read the rest of this article...

Snow Leopard includes rudimentary malware protection (Updated)

By chris.foresman@arstechnica.com (Chris Foresman) on Snow Leopard

companion photo for Snow Leopard includes rudimentary malware protection (Updated)

The malware threat on Mac OS X is infinitesimally small, but it does exist. The biggest threat so far seems to come from trojans that attempt to disguise themselves as legitimate software updates or installers. Though it’s not mentioned anywhere in the extensive list of enhancements and refinements on Apple’s website, it turns out that Snow Leopard does have some level of protection against such malware.

Security firm Intego turned up the feature, which seems to be an enhancement of the usual “This file is from the Internet, are you sure you want to open it?” warning. If a disk image or installer package contains known malware, Snow Leopard will warn that it can damage your computer. If you don’t choose to open the installer anyway (and we recommend you don’t), the offending file will be automatically moved to the Trash. Intego hasn’t been able to identify exactly how the mechanism works, but several MacRumors forum members confirmed that it does identify known trojans.

Chances are this functionality won’t protect against unknown attacks, and it’s not clear exactly how Apple might protect against new trojans (yes, new malware definitions would come via Software Update, but when? how often?). The feature also doesn’t seem to be as extensive as third-party antivirus software, but we don’t know a lot of details at this point. Still, it is an extra safety net to keep you from being the victim of a social engineering hack.

UPDATE: I was pointed towards some information that sheds a little more light on how this feature works. According to Panic developer Cabel Sasser, the malware definitions are in the file /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist. From what’s been discovered so far, this file only identifies the iServices and RSPlug trojans. However, it should be fairly trivial for Apple to update this file with new information, though how often those updates would occur is still anyone’s guess—Apple has so far not responded to our request for comment. It should also be noted that only files downloaded via e-mail or the Web are scanned—it seems to work with Safari, Firefox, iChat, Entourage, Mail, and Thunderbird—checking external volumes and general file scanning are not implemented.

Botnet traffic bounds back 90% within 48 hours of ISP shutdown

By casey.l.johnston@gmail.com (Casey Johnston) on traffic

companion photo for Botnet traffic bounds back 90% within 48 hours of ISP shutdown

A common way of combating spam traffic is to shut down the service provider through which the traffic is being processed. With a new variety of botnets, though, this method is becoming increasingly ineffective. The August report from Message Labs indicates that the shutdown of a Latvian ISP, while initially effective, ultimately did little to quell the malicious activity of one botnet, whose traffic recovered in a matter of days.

Cutwail is one of the largest botnets running amuck on the Internet, and is estimated to be behind 15-20 percent of all spam, including malicious websites, phishing websites, and fake antivirus products. Message Labs noted that Cutwail was conducting a large portion of its dubious business through Real Host, an ISP based in Riga, Latvia. Real Host was allegedly involved with “command-and-control” servers allowing large-scale botnet infection.

Read the rest of this article...

Obsessions with Jessica Biel lead to a world of malware hurt

By jacqui@arstechnica.com (Jacqui Cheng) on virus

companion photo for Obsessions with Jessica Biel lead to a world of malware hurt

Admit it: every so often, you pop over to Google to search for a hot celebrity or two (or if you don’t, you know somebody who does). If Jessica Biel is at the top of your (or their) list, you might want to exercise a bit more caution, as security firm McAfee has rated the 7th Heaven star as the most likely to net you an infection or two—on your computer, that is.

McAfee performs an annual survey of sites that purport to have information and pictures of A-list celebrities. Paris Hilton and Brad Pitt have both been at the top of the list in the past, but Biel has passed Pitt to become the riskiest star to search for. According to McAfee, fans searching for downloads, wallpapers, screensavers, photos, and videos of Biel have a one-in-five chance of ending up at a site that hosts spyware, malware, viruses, adware, spam, or phishing scams. “Jessica Biel screensavers” in particular were very dangerous—almost half of the downloads coming from those sites were malicious.

Read the rest of this article...

Former Symantec exec launches cloud-based, social antivirus

By david@arstechnica.com (David Chartier) on security

companion photo for Former Symantec exec launches cloud-based, social antivirus

Considering that Microsoft feels the need to enter the antivirus market and 12 of the top 35 anti-malware makers failed Virus Bulletin’s August 2009 test, one could argue that antivirus products are not where they should be. Former Symantec executive Oliver Friedrichs thinks a different approach is necessary, so he built a new cloud-based, social antivirus product called Immunet Project.

Harnessing what Immunet calls “Collective Immunity,” Immunet Project claims to be able instantly fortify all of its users’ computers against new virus threats. “Immunet uses a global community to collect anonymous information on applications running across the Immunet population,” Friedrichs told Ars Technica. “We extract specific attributes from Windows PE files that are then coalesced in the cloud and classified as good or bad.” When Immunet finds a piece of malware on a user’s computer, it notifies the rest of the user network, supposedly in real time. Because of this approach, Immunet keeps most of its client infrastructure on its servers; the actual client install takes up less than 5MB of space.

Read the rest of this article...

Apache.org Compromised via stolen SSH keys

By Robert A. on IndustryNews

Netcraft is reporting that apache.org has been compromised. The apache blog posted the following message indicating an SSH key compromise. “This is a short overview of what happened on Friday August 28 2009 to the apache.org services. A more detailed post will come at a later time after we complete the…

Article: Bypassing DBMS_ASSERT in certain situations

By Robert A. on Vulns

David “I like to beat up on oracle” Litchfield has published a new paper outlining how DBMS_ASSERT can be misused in such a way that SQL Injection is possible. From the whitepaper “The DBMS_ASSERT builtin package can be used by PL/SQL developers to protect against SQL injection attacks[1]. In [2] Alex…

Flash Worm – SANS Analysis

By Robert A. on Interviews

Sans has write up about a recent flash worm. “A few days ago a lot of media wrote about a Flash worm. I managed to get hold of samples and analyzed it (thanks to Peter Kruse of CSIS for the samples). First of all, while the exploit code contains Flash, it…

WASC Distributed Open Proxy Honeypot Update – XSS in User-Agent Field

By Robert A. on XSS

“In case you missed it, the WASC Distributed Open Proxy Honeypot Project launched Phase III at the end of July. We have a few sensors online and as we start gathering data, we are starting our analysis. Our goal is to be able to release “events of interest” to the community…

AppSec DC 2009

By Robert A. on IndustryNews

“OWASP Announces International Application Security Conference for 2009 Speaker Agenda Released and Registration Open for 2009’s Largest Web Application Security Event Washington DC August 20th, 2009 — Following in the footsteps of the Open Web Application Security Project’s (OWASP, http://www.owasp.org ) immensely successful and popular conferences earlier this year in Australia,…

WASC Threat Classification v2 updates

By Robert A. on WASC

We’re nearing the completion of the WASC Threat Classification v2 (2 sections left!) and have added the following new sections since my last couple of posts. Null Byte Injection Integer Overflows We’ve also heavily updated the following sections Buffer Overflows (in depth discussion of heap vs stack vs integer overflows) SQL…

Accused mastermind of TJX hack to plead guilty

By Michelle Meyers

Albert Gonzalez, the alleged ringleader of one of the largest known identity theft cases in U.S. history, has agreed to plead guilty to all 19 counts of related charges against him, according to court documents filed Friday.

Gonzalez, 28, of Miami, was accused in August 2008 of helping steal …

Trend Micro’s 2010 suite is sharp at the top

By Seth Rosenblatt

Trend Micro released its 2010 security products earlier this week, with three programs offering varying levels of security and service. The comparatively barebones Trend Micro Antivirus + AntiSpyware clocks in at $40, with the basic suite Trend Micro Internet Security available for $10 more and $70 for the premium Trend Micro Internet Security Pro. …

Originally posted at The Download Blog

Beware fake Snow Leopard sites

By Elinor Mills

People eager to get a copy of the latest version of the Mac operating system, Snow Leopard, should be wary of sites offering free copies because they are likely to get some nasty malware instead, according to antivirus company Trend Micro.

Trend Micro said in a blog posting on Wednesday …

Originally posted at InSecurity Complex

Facebook ratchets up privacy controls (again)

By Caroline McCarthy

A recent simplification of Facebook’s user privacy controls wasn’t enough for some policymakers.

On Thursday, in conjunction with the Canadian Privacy Commissioner, Facebook announced a new set of modifications to its user privacy controls as well as its developer API, and the targets of these changes are the …

Originally posted at The Social

Researchers who hack the Mac OS

By Elinor Mills

Dino Dai Zovi

(Credit: Tehmina Beg)

It was summer 2005. Dino Dai Zovi walked into a Manhattan Starbucks, ordered a coffee, sat down, and opened up his laptop.

Before his coffee was cold he had found a local privilege escalation vulnerability in Mac OS …

Originally posted at InSecurity Complex

Snow Leopard could level security playing field

By Elinor Mills

Share of the Mac operating system is growing, and with it the number of malware threats targeting the platform.

(Credit: Net Applications)

Friday’s release of the new version of the Mac OS, dubbed Snow Leopard, could include some security features that would make …

Originally posted at InSecurity Complex

ACLU chapter flags Facebook app privacy

By Caroline McCarthy

The Northern California chapter of the American Civil Liberties Union has put out a campaign designed to raise awareness of the privacy implications of Facebook’s developer platform. It’s focusing specifically on the popular “quiz” applications, like “Which Cocktail Best Suits Your Personality?” and “Which Wes Anderson Movie Character …

Originally posted at The Social

Report: Antivirus feature for Snow Leopard?

By Tom Espiner

(Credit: Apple)

The next version of Apple’s OS X, which is due out Friday, may bundle antivirus capabilities.

Mac security firm Intego said that the latest version of the operating system, Mac OS X Snow Leopard, could have an antimalware feature, according to reports, in a blog post Tuesday. …

Originally posted at News – Apple

Symantec pulls Norton patch after error reports

By Elinor Mills

This is the error message on the Norton support Web site after users reported that the patch failed to install properly.

(Credit: Symantec)

Symantec is providing a fix for customers who got error messages after a patch deployment went awry for some Norton users, the company said on Tuesday.

The …

Originally posted at InSecurity Complex

Google patches severe Chrome vulnerabilities

By Stephen Shankland

Google has fixed two high-severity vulnerabilities in the stable version of its Chrome browser that could have let an attacker remotely take over a person’s computer.

With one attack on Google’s V8 JavaScript engine, malicious JavaScript on a Web site could let …

Originally posted at Deep Tech

Jessica Biel most ‘dangerous’ celeb in cyberspace

By Lance Whitney

Through no fault of her own, actress Jessica Biel is now the most hazardous celebrity on the Internet.

Jessica Biel

McAfee names Jessica Biel most dangerous celebrity online in 2009.

(Credit: Business Wire)

Fans searching online for Biel have a one-in-five chance of hitting a Web site with malware, according to McAfee’…

Cracking GSM phone crypto via distributed computing

By Elinor Mills

If you are using a GSM phone (AT&T or T-Mobile in the U.S.), you likely have a few more months before it will be easy for practically anyone to spy on your communications.

Security researcher Karsten Nohl is launching an open-source, distributed …

Originally posted at InSecurity Complex

Cisco wireless LANs at risk of attack, ‘skyjacking’

By Elinor Mills

Cisco Systems wireless local area network equipment used by many corporations around the world is at risk of being used in denial-of-service attacks and data theft, according to a company that offers protection for WLANs.

Researchers at AirMagnet, which makes intrusion-detection systems for WLANs, discovered the vulnerability, which affects all …

Originally posted at InSecurity Complex

Jailed SF network administrator faces fewer charges

By Steven Musil

A judge has dismissed most of the charges against a former San Francisco network administrator accused of hijacking the city’s computer network he designed and maintained.

San Francisco Superior Court Judge Kevin McCarthy on Friday tossed three tampering charges against Terry Childs, while preserving a lone charge of denying

Apache SSH Key compromised

By Rik Ferguson on web

UPDATE: A post regarding this incident from apache.org is available at https://blogs.apache.org/infra/entry/apache_org_downtime_initial_report ______________________________________________________________________________  As of this moment, Apache.org is reporting that SSH key associated with its US servers has been compromised and are shifting all traffic to their European mirror.   Details of the attack/compromise are few at the moment, as this is breaking news. It is worth remembering however [...]

Apple anti-malware? Snow joke!

By Rik Ferguson on malicious code

It looks, on one hand, as it Apple are now alive to the danger that malicious code represents to their users. Reports from beta testers indicate that in the newest version of MacOS Snow Leopard, due for release tomorrow, Apple have included anti-malware technology (although someone needs to tell their marketing department who as previously [...]

SMiShing Time, wish you were here!

By Rik Ferguson on telephone

Earlier this summer, CIFAS, the Fraud Prevention agency warned about a rise in the threat from SMiShing, this warning has recently been echoed by the Guardian Newspaper.   SMiShing reports date back to around 2006 when this threat started to become noticeable. Spoofed or otherwise faked SMS messages are used as bait to lure victims to responding via SMS [...]

Mac OS X Snow Leopard Bundled With Malware Detector

By Darknet on snow leopard security

Ah we saw this coming didn’t we, back in June we reported on Apple Struggling With Security & Malware and now they have shown they were paying attention. Even though they tried to do so quietly, they are slipping a ‘malware detector’ into the latest OS X update known as Snow Leopard. The problem is though, it [...]

Trafscrambler – Anti-sniffer/IDS Tool

By Darknet on trafscrambler

Trafscrambler is an anti-sniffer/IDS LKM(Network Kernel Extension) for OSX, licensed under BSD. Features Injection of packets with bogus data and with randomly selected bad TCP cksum or bad TCP sequences Userland binary(tsctrl) for controlling trafscrambler NKE SYN decoy – sends out number of SYN pkts before the original SYN pkt TCP reset attack – sends out RST/FIN pkt with bad [...]

TJX Hacker Albert “Segvec” Gonzalez Indicted By Federal Grand Jury

By Darknet on tjx hacker

We’ve been following the whole TJX saga for quite some time now since way back in September 2007 when the hack became public as the Largest Breach of Customer Data in U.S. History and in August 2008 when the TJX Credit Card Hackers Got Busted. The legal system has ticked along and now they have to [...]

Filtering Network Attacks With A ‘Netflix’ Method

University of California at Irvine researchers devise new model for blacklisting network attackers

Attack Of The Tweets: Major Twitter Flaw Exposed

UK researcher says vulnerability in Twitter API lets an attacker take over a victim’s account — with a tweet

New IEEE Printer Security Standard Calls For Encryption, Authentication, Electronic “Shredding”

Printers finally get security attention, but locking them down depends on actual implementation, configuration, experts say

IDC Report: Most Insider Leaks Happen By Accident

Unintentional leaks may cause more damage than internal fraud, IDC research study says

PCI Council Releases Recommendations For Preventing Card-Skimming Attacks

New best practices aimed at helping retailers — especially small merchants — but security experts say skimming risk runs deeper

Newly Discovered Vulnerability Could Threaten Cisco Wireless LANs

Cisco’s wireless LANs could be vulnerable to attack through over-the-air provisioning feature, researchers say

Hacker Ring Tied To Major Breaches Just Tip Of The Iceberg

TJX-Heartland attacker and cohorts also reportedly hacked ATM machines in 7-Elevens, but their wide net is likely just one of many

Symantec: Eavesdropping Trojan Targets Skype

In Web 2.0

Symantec has uncovered a Trojan that eavesdrops on conversations and sends the audio files to a server controlled by the attacker.

China Flooding Web with SQL Injection Attacks

In Virus and Spyware

SQL injection attacks remain a serious problem, with new waves of the threats being generated in China over the last month.

Google: Malware Sites on the Upswing

In Virus and Spyware

Google reports that it is seeing a rapid increase in the sheer volume of malware sites it encounters, while returning fewer infected URLs to search users.

IBM Report Examines Online Threats for First Half of 2009

In Vulnerability Research

IBM X-Force released a report Aug. 26 highlighting the most prevalent security risks of the first six months of 2009. The news was a mix of the good, the bad and the ugly.

Survey: Hackers on Vacation Before Q4 Saturation

In Virus and Spyware

Malicious hackers like to take off during Q3, much like their adversaries in IT security, before putting the hammer down over the holidays.

Latest AES Encryption Attack Not the End of the World

In Vulnerability Research

Although recent research on attacks targeting AES-256 encryption are an improvement over past attacks, they do not make the widely-used encryption scheme ineffective. Experts say AES remains secure.

Researchers Warn of Powerful New Data Theft “Cocktail”

In iframe

Researchers have discovered a powerful new blended data theft malware package spreading rapidly through legitimate Web sites.

Bill would give president power to disconnect private networks

A Senate bill proposes giving the president the power to shut down and disconnect any government or private computer network or system that is compromised by a cyberattack.

DHS sets new policy on computer searches at border

DHS issued two new directives that deal with searches of laptop computers and other devices at U.S. borders.

DHS, industry assess risks to IT sector

Government and private-sector experts identify risks to the country’s information technology sector’s key functions.

FISMA reporting must use automated tool

By Nov. 18, agencies must use a new automated reporting tool to meet their reporting requirements under the Federal Information Security Management Act.

DOD updates IPv6 Standard Profile

The updated IPv6 Standard Profile provides a technical and standards based definition of interoperability requirements for IPv6-capable products to be used in DOD networks.

Former cop, wife plead guilty to hacking

Posted by InfoSec News on Aug 28

http://chronicle.northcoastnow.com/2009/08/28/former-cop-wife-plead-guilty-to-hacking/

By Brad Dicken
Chronicle Online
August 28, 2009

ELYRIA – An Amherst police officer and his wife took a plea deal Thursday to misdemeanor charges for hacking into an Amherst police dispatcher’s personal…

NHS heals serious spoof email flaw

Posted by InfoSec News on Aug 28

http://www.theregister.co.uk/2009/08/27/nhs_spoof_email_xss_flaw/

By John Leyden
The Register
27th August 2009

Updated – Cross-site scripting (XSS) vulnerabilities on the National Health Service’s website created a means to send spoofed emails with dodgy medical advice. The…

QampA: DHS Cybersecurity Chiefs Speak Out

Posted by InfoSec News on Aug 28

http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=219500331

By J. Nicholas Hoover
InformationWeek
August 27, 2009

As the federal government continues to try to figure out ways to effectively manage cybersecurity, the Department of Homeland Security is…

Security test prompts federal fraud alert

Posted by InfoSec News on Aug 28

http://www.computerworld.com/s/article/9137215/Security_test_prompts_federal_fraud_alert?taxonomyId=17

By Robert McMillan
August 28, 2009
IDG News Service

A sanctioned security test of a bank’s computer systems had some unexpected consequences this week, leading the federal agency that…

Secunia Weekly Summary – Issue: 2009-35

Posted by InfoSec News on Aug 28

The Secunia Weekly Advisory Summary 2009-08-20 – 2009-08-27 This week: 77 advisories
========================================================================

Crowbar cracks SD cards and retrieves data without a trace

Posted by InfoSec News on Aug 28

http://gcn.com/articles/2009/08/24/gcn-lab-review-mantech-crowbar.aspx

By John Breeden II
GCN.com
Aug 21, 2009

Pros: Easy to use, can set up password crack groups for greater hacking speed Cons: Only works with MMC/SD cards
Performance: A
Ease Of Use: A
Features: C
Value: C
Price:…

New attack cracks common Wi-Fi encryption in a minute

Posted by InfoSec News on Aug 27

http://www.computerworld.com/s/article/9137177/New_attack_cracks_common_Wi_Fi_encryption_in_a_minute?taxonomyId=17

By Robert McMillan
August 27, 2009
IDG News Service

Computer scientists in Japan say they’ve developed a way to break the WPA encryption system used in wireless routers in…

The Longest Yard and a Half

Posted by InfoSec News on Aug 27

http://thedailywtf.com/Articles/The-Longest-Yard-and-a-Half.aspx

By Jake Vinson
in Feature Articles
2009-08-13

Owein R. knew that security at the government facility was going to be a big deal, but it wasn’t clear how big a deal it was going to be until he started his job.

To get…

Employees Fired After Reporting Security Breach

Posted by InfoSec News on Aug 27

http://www.wpbf.com/mostpopular/20552910/detail.html

WPBF.com
August 25, 2009

LAKE WORTH, Fla. — When Andres Reyes and Howard Jordan sit down at a table, they have more than 60 years of power grid experience between them.

So when the Lake Worth Utilities employees noticed an…

FISMA reporting must use automated tool

Posted by InfoSec News on Aug 27

http://fcw.com/articles/2009/08/25/web-fisma-automated-reporting-tool.aspx

By Ben Bain
FCW.com
Aug 25, 2009

Agencies must use an automated reporting tool to show their compliance with the Federal Information Security Management Act this year, Obama administration officials have said.

Event: Mangle-A-Thon Boston, September 19th, 2009

Posted by InfoSec News on Aug 26

Forwarded from: David Shettler

http://mangleathon.opensecurityfoundation.org/

Join OSF in Somerville, MA on September 19th, 2009 from 8am to midnight, and help us mangle vulnerabilities into the Open Source Vulnerability Database (OSVDB), and…

GSM network is not secure

Posted by InfoSec News on Aug 26

http://www.ftd.de/technik/it_telekommunikation/:GSM-Netz-nicht-sicher-Handys-bald-f%FCr-jedermann-abh%F6rbar/557540.html

(FYI: this is a Google Translation – WK)

By Maija Palmer (London)
Financial Times Germany
24.08.2009

Over the next six months could face a wave of eavesdropping on…

The Analyzer Pleads Guilty in 10 Million Bank-Hacking Case

Posted by InfoSec News on Aug 26

http://www.wired.com/threatlevel/2009/08/analyzer/

By Kim Zetter
Threat Level
Wired.com
August 25, 2009

Ehud Tenenbaum, aka “The Analyzer,” quietly pleaded guilty in New York last week to a single count of bank-card fraud for his role in a sophisticated computer-hacking scheme…

DHS official: Agencies must make high-risk cyber threats top priority

Posted by InfoSec News on Aug 26

http://www.nextgov.com/nextgov/ng_20090825_7424.php

By Jill R. Aitoro
Nextgov.com
08/25/2009

Federal agencies should prioritize their information security requirements to ensure mission-critical operations are protected first, and delineate between “that which is aggravating and…

Cyber crooks increasingly target small business accounts

Posted by InfoSec News on Aug 26

http://www.computerworld.com/s/article/9137112/Cyber_crooks_increasingly_target_small_business_accounts?taxonomyId=17

By Jaikumar Vijayan
August 25, 2009
Computerworld

An organization representing more than 15,000 financial institutions has issued a warning about a growing wave of…

Message From Hackers: Enjoy The Summer Break Because Winter Attacks Will Be Harsh

Posted by InfoSec News on Aug 26

http://www.darkreading.com/security/intrusion-prevention/showArticle.jhtml?articleID=219401410

By Kelly Jackson Higgins
DarkReading
Aug 25, 2009

In case you’re worried about taking that last-minute summer vacation and leaving your IT staff a little short, relax (for now, anyway): Most…

Newly Discovered Vulnerability Could Threaten Cisco Wireless LANs

Posted by InfoSec News on Aug 25

http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=219401274

By Tim Wilson
DarkReading
Aug 24, 2009

A flaw in the provisioning system used by Cisco wireless LANs could allow attackers to collect data about users’ wired networks or even gain access to…

Simple steps can prevent e-fraud: Specialist

Posted by InfoSec News on Aug 25

http://timesofindia.indiatimes.com/news/city/kolkata-/Simple-steps-can-prevent-e-fraud-Specialist/articleshow/4921062.cms

[Any guesses which classified international intelligence agency Ankit Fadia is working with? I’ll place my bets its listed below… …

Arrest Over Software Illuminates Wall St. Secret

Posted by InfoSec News on Aug 25

http://www.nytimes.com/2009/08/24/business/24trading.html

By Alex Berenson
The New York Times
August 23, 2009

Flying home to New Jersey from Chicago after the first two days at his new job, Sergey Aleynikov was prepared for the usual inconveniences: a bumpy ride, a late arrival.

He was…

Better security boosts agencies use of wireless devices

Posted by InfoSec News on Aug 25

http://gcn.com/articles/2009/08/24/mobile-wireless-security-government-agencies.aspx

By Rutrell Yasin
GCN.com
Aug 24, 2009

In what might have been a symbolic event in the development of mobile communications, President Barack Obama, for whom security is paramount, kept his BlackBerry…

Russian hackers vandalized BTC pipeline data servers

Posted by InfoSec News on Aug 25

http://news.am/en/news/2963.html

News.am
08/24/2009

Russian hackers through the agency of Russian Special Service vandalized servers of energy pipe, carrying gas from Azerbaijan to Europe bypassing Russia, 1news.az and Aviation Week report. According to the publication, Russian hackers…

Pair charged with BNP list breach

Posted by InfoSec News on Aug 24

http://www.theregister.co.uk/2009/08/21/bnp_list_charges/

By Chris Williams
The Register
21st August 2009

Two people have today been charged with offences under the Data Protection Act for leaking the BNP’s membership list last year.

The pair will appear before magistrates in Nottingham…

VA Reports Detail Misconduct By IT Officials

Posted by InfoSec News on Aug 24

http://www.informationweek.com/news/government/policy/showArticle.jhtml?articleID=219400889

By J. Nicholas Hoover
InformationWeek
August 21, 2009

Two reports issued by the inspector general of the Department of Veterans Affairs point to a range of misconduct in the agency’s IT…

Jailed SF network administrator faces fewer charges

Posted by InfoSec News on Aug 24

http://news.cnet.com/8301-1009_3-10315708-83.html

By Steven Musil
Security
CNet News
August 23, 2009

A judge has dismissed most of the charges against a former San Francisco network administrator accused of hijacking the city’s computer network he designed and maintained.

San…

Linux Advisory Watch – August 21st 2009

Posted by InfoSec News on Aug 24

+———————————————————————-+ | LinuxSecurity.com Weekly Newsletter | | August 21st, 2009 Volume 10, Number 34 | | | |…

Comelec urged to adopt cyber security amid hacking fears

Posted by InfoSec News on Aug 24

http://www.mb.com.ph/articles/217277/comelec-urged-adopt-cyber-security-amid-hacking-fears

By JEAMMA E. SABATE
mb.com.ph
August 23, 2009

A computer expert said Sunday that there is need for the Commission on Election (Comelec) to adopt cyber security amid fears of internet hacking as the…

5 Security Lessons From Real-World Data Breaches

We break the code of silence on data breaches to show how criminals operate — and how you can thwart them.

DHS Clarifies Laptop Border Searches

By Thomas Claburn

The new rules leave open the possibility that travelers may face penalties for refusing to provide passwords or encryption keys.

DHS Clarifies Laptop Border Searches

By Thomas Claburn

The new rules leave open the possibility that travelers may face penalties for refusing to provide passwords or encryption keys.

Identity Theft Ring Ensnared Fed Chairman Bernanke

By Thomas Claburn

Identity thieves may have drawn more attention that they wanted when they defrauded the nation’s top banker.

Facebook Promises Stronger Privacy Controls

By Thomas Claburn

Developers who create Facebook applications will have to get explicit permission to use personal information from Facebook users.

Social Networkers Risk More Than Privacy

By Antone Gonsalves

Facebook and Twitter users post personal information that could be used by professional home burglars looking for targets, says a U.K. study.

Q&A: DHS Cybersecurity Chiefs Speak Out

By J. Nicholas Hoover

The Department of Homeland Security aims to grow its cybersecurity workforce and technical capabilities, Phil Reitinger and Greg Schaffer say.

Apple’s Snow Leopard Brings Compatibility, Security Concerns

By Thomas Claburn

Adobe CS3 users are expressing dismay that Snow Leopard compatibility hasn’t been tested while hackers tempt Mac users with malware in Snow Leopard clothing.

Amazon Launches Private Cloud Service

By Mary Hayes Weier

Customers will create a VPN to bridge Amazon to their existing IT infrastructures and use their existing security systems to protect data.

Jessica Biel Searches Deemed Most Dangerous

By Thomas Claburn

Searching for celebrities may be one of the most effective ways to infect your computer.

White House Overhauls Cybersecurity Reporting

By J. Nicholas Hoover

Federal agencies will now be required to submit standardized cybersecurity reports via new software, rather than spreadsheets.

White House Overhauls Cybersecurity Reporting

By J. Nicholas Hoover

Federal agencies will now be required to submit standardized cybersecurity reports via new software, rather than spreadsheets.

Social Networks Leak Personal Information

Internet users are revealing information that identifies them through the use of social networking sites, a research study claims.

Google Fights Street View Ban In Switzerland

The Swiss data commissioner worries that Google Maps Street View reveals too much and may force Google to blur or remove even more of its images.

Federal Agencies Pursue Cybersecurity Common Ground

NIST is working with defense and intelligence agencies to develop cybersecurity specifications that could be applied across government.

Readers as patrons in the digital age

By Elinor Mills

Robin Sloan gives a video pitch for his book project on Kickstarter.

(Credit: Robin Sloan)

A few months ago someone sent me a link to a short story a friend of his had written and posted online. I made the mistake of glancing at it while at work and then …

Beware fake Snow Leopard sites

By Elinor Mills

People eager to get a copy of the latest version of the Mac operating system, Snow Leopard, should be wary of sites offering free copies because they are likely to get some nasty malware instead, according to antivirus company Trend Micro.

Trend Micro said in a blog posting on Wednesday …

Researchers who hack the Mac OS

By Elinor Mills

Dino Dai Zovi

(Credit: Tehmina Beg)

It was summer 2005. Dino Dai Zovi walked into a Manhattan Starbucks, ordered a coffee, sat down, and opened up his laptop.

Before his coffee was cold he had found a local privilege escalation vulnerability in Mac OS …

Snow Leopard could level security playing field

By Elinor Mills

Share of the Mac operating system is growing, and with it the number of malware threats targeting the platform.

(Credit: Net Applications)

Friday’s release of the new version of the Mac OS, dubbed Snow Leopard, could include some security features that would make …

Symantec pulls Norton patch after error reports

By Elinor Mills

This is the error message on the Norton support Web site after users reported that the patch failed to install properly.

(Credit: Symantec)

Symantec is providing a fix for customers who got error messages after a patch deployment went awry for some Norton users, the company said on Tuesday.

The …

Cracking GSM phone crypto via distributed computing

By Elinor Mills

If you are using a GSM phone (AT&T or T-Mobile in the U.S.), you likely have a few more months before it will be easy for practically anyone to spy on your communications.

Security researcher Karsten Nohl is launching an open-source, distributed …

Cisco wireless LANs at risk of attack, ‘skyjacking’

By Elinor Mills

Cisco Systems wireless local area network equipment used by many corporations around the world is at risk of being used in denial-of-service attacks and data theft, according to a company that offers protection for WLANs.

Researchers at AirMagnet, which makes intrusion-detection systems for WLANs, discovered the vulnerability, which affects all …

Confidence Scams

By Adam Wosotowsky on Web and Internet Safety

I always get a lot of questions about confidence scams.  These types of spam emails have been around almost as long as email has been available to the public.  Confidence scams are a child of phishing scams, and the annoying little brother of lonely girl scams, always showing up at the wrong time or hiding [...]

Prepare for the new upcoming 2010 AV products.

By Dirk Kollberg on Web and Internet Safety

Many major security companies are about to release their new retail product for 2010. Expect some comparative reviews in the next months, check what you need and stay protected. Some ‘2010’ products are already out on the web, but unfortunately most of them are FakeAlert Trojans or Scareware. Once downloaded, you see pop up windows alerting you [...]

Is Apple Opening a Can of Worms?

By Craig Schmugar on Malware Research

It has now been widely reported that Apple’s latest operating system, Snow Leopard contains the ability to identify two families of Mac malware–OSX/Puper and OSX/IWService–when the infectious DMG files are downloaded and mounted as part of the infection process. There are a number of ramifications of such a move that could be discussed, but the intention of this [...]

Brazilian Malware Writers Stumble Again

By Pedro Bueno on virus

I like to pick on malware writers, especially the dumb ones as you can see here. Sometimes they’re just too big a target to ignore. The latest round is with Brazilian malware writers again. As you are aware, some days ago the Delphi virus was discovered; we detect it as W32/Induc. So today I got a [...]

Journal: Emerging Standards, Technology Will Relieve Audit Fatigue

By David Marcus on Web and Internet Safety

There is a light at the end of the tunnel—risk and compliance technologies and standards are relieving auditors and businesses in this age of increased electronic accountability. On the heels of our integration of SolidCore’s technology, researchers from McAfee Avert Labs have laid out the compliance challenges facing organizations, and the new standards that can [...]

Spammers Broadcast It for FREE!

By Paras Gupta on Web and Internet Safety

“FREE” is by far the most commonly used term in spam mails. The word free is such a striking term that any layman, without the knowledge of these tricks of the trade, can get into the trap of cloaked mails sent by the spammers. Here are a couple of the most often used sentences in spam [...]

Privacy missing from Google Books settlement

If Google digitizes the world’s books, how will it keep track of what you read?

Apple: Exploding iPhones Not Our Fault

Apple says it’s not to blame for a series of exploding iPods and iPhones, according to a report published on Friday. The company has been under fire, so to speak, for devices overheating and shattering across Europe and the U.K.

Lawmakers strike new tone with proposed bill giving Obama power to shut down Internet

The second draft of a Senate cybersecurity bill appears to tone down language that would grant President Obama the power to shut down the Internet.

‘New’ travel search rules just won’t fly

The chorus of folks singing “meet the new boss, same as the old boss” just got a little bigger and louder yesterday, after the Obama Administration issued “new” rules for border laptop searches that bear an uncanny resemblance to the old rules.

Security test prompts federal fraud alert

A sanctioned security test of a bank’s computer systems had some unexpected consequences this week, leading the federal agency that oversees U.S. credit unions to issue a fraud alert.

China game boss sniped rivals, took down Internet

An attack by a Chinese online game provider meant to cripple the servers of its rivals ballooned to cause an Internet outage in much of the country in May, according to police.

Snow Leopard Malware Protection a Growing Pain for Mac OS

Mac users have long relished the fact that malware is nearly a foreign concept to them. Yet, in a tacit acknowledgment of the growing threat of malware on the Mac platform, Apple has added some rudimentary malware protection into Snow Leopard.

Swiss coder publicises government spy Trojan

A software engineer who created Trojans for the Swiss authorities to intercept Voice-over-IP (VoIP) phone calls has published the source code to his programs in order to draw attention to the surveillance threat posed by such software.

Researcher plots downfall of GSM phone security

A US-based researcher has published a new method of attacking the encryption used to secure GSM mobile phones that he believes will force networks to revise the current generation of call security.

Thanks, Canada: Facebook’s 4 Big Privacy Fixes

Pick on Canada all you want, but this week the country did good by muscling Facebook into making privacy changes. Our northern neighbors took the lead on scrutinizing Facebook’s privacy policy and required alterations in accordance with Canada’s privacy laws. Here are the four major privacy fixes we’ll be seeing from Facebook, plus a couple privacy concerns that remain:

Snow Leopard: Five Reasons to Upgrade Now

After a year of hype, Snow Leopard is finally here. But does it have claws? Apple’s newest Mac OS has been billed as an under-the-hood upgrade-a necessary evolution of the operating system. But it’s a little light on new features that Mac users can touch, see and feel (except, of course, for the mouse that responds to multiple finger gestures).

Web attacks across globe appear linked, security researcher says

Three significant waves of SQL injection attacks appear to be under the control of the same source, according to one security researcher.

Facebook and Twitter users failing on security

Just 27 percent of social networkers are protecting themselves against online threats, says AVG.

Snow Leopard Needs Better Anti-Malware, Should Be Free

Is the “malware protection” in Apple’s new Snow Leopard really lame or what? But, it’s on a par with other features of the OS “upgrade.”

Facebook to tighten privacy after Canadian investigation

Facebook will enhance its social-networking site’s privacy features over the next 12 months as a result of a set of recommendations from the Canadian government.

Pentagon reviews Stealth encryption prototype

The Stealth encryption prototype from Unisys has been accepted by the Pentagon for review in a technical-evaluation program as a required first step that could, if successful, make Stealth a candidate for future use in secure IP-based communications across the military.

ACLU sues for information on laptop searches at U.S. borders

The American Civil Liberties Union is suing the U.S. Department of Homeland Security (DHS)’s Customs and Border Protection (CBP) unit for information on its policies related to searches of laptops and other electronic devices at U.S. borders.

Apple adds basic anti-malware to Snow Leopard

Apple has expanded a download warning feature in Mac OS X 10.5 to create rudimentary anti-malware detection in the new Snow Leopard operating system due out Friday.

New attack cracks common Wi-Fi encryption in a minute

Computer scientists in Japan say they’ve developed a way to break the WPA encryption system used in wireless routers in about one minute.

Goodbye Liskula, Skanks of New York Is Over

Liskula Cohen, it was nice knowing you, but it’s time to move on. Rosemary, file your suit, or don’t. It’s over between us, too.

DHS report: IT sector is resilient against serious cyberattacks

A U.S. Department of Homeland Security presents scenarios in which well-chosen attacks against key IT infrastructure elements could cause disruptions on a national scale. The document also offers a surprisingly sunny assessment of the resilience and redundancies within the IT sector to mitigate the risk of such disruptions.

ACLU files lawsuit on border laptop searches

The American Civil Liberties Union (ACLU) has filed a lawsuit demanding that U.S. Customs and Border Protection (CBP) release details of its policy that allows the agency to search travelers’ laptops at U.S. borders without suspicion of wrongdoing.

Microsoft: Word patent ruling, injunction ‘miscarriage of justice’

Microsoft’s lawyers said the verdict that awarded a Canadian developer nearly $300 million in damages and resulted in an impending ban on sales of the company’s popular Word software was a “miscarriage of justice.

Sixth State Dept. worker pleads guilty to passport snooping

A sixth person who has worked for the U.S. Department of State has pleaded guilty to a charge related to illegally accessing electronic passport application files, the U.S. Department of Justice said.

New internet piracy measures get mixed reactions

New measures to tackle internet piracy that could cut illegal downloaders’ web access, have been applauded by Moneysupermarket.com.

Unmasking DLP: The Data Security Survival Guide

You’ve heard from all the vendors who claim to have just the thing for your DLP needs. But how do you know what’s best for your company’s particular security needs? In this series, CSOonline talks to IT security practitioners, vendors and analysts about what is and isn’t true DLP.

Report: Snow Leopard To Confront Mac Malware

Adding anti-malware to Snow Leopard is a Catch-22 for Apple: In solving a problem, Apple must first admit a problem actually exists. Which is hard when one of your major selling points is that you’re secure and your major competitor–Microsoft Windows–is not.

Symantec offers fix for buggy Norton patch

Symantec has posted a software fix after hundreds of users reported problems with a buggy update of the company’s flagship Norton AntiVirus software.

Trojan attacks up, phishing attacks down this year, IBM finds

Spam-based phishing attacks declined noticeably during the first half of the year, but cyber-criminals may simply be shifting to other technologies found to be more effective in stealing personal data, according to IBM in its semi-annual security threat report .

Identity theft resource center

Identity theft (IDT) continues to grow in the US and the world as electronic personally identifiable information (PII) about all of us increases in volume and dispersion. The Identity Theft Resource Center® (ITRC) provides excellent resources to help information assurance (IA) professionals and the public keep informed about current IDT developments and countermeasures.

Hackers like Christmas best of all

Most people may be busy with year-end gift buying and holiday parties at the end of December, but security professionals have an added obligation: keeping the hackers off their corporate networks.

Sun plans on-chip security boost for Ultrasparc

Sun Microsystems’ product plans are up in the air pending its acquisition by Oracle, but the company’s chip engineers continue to present new designs in the hope they’ll see the light of day.

Cyber crooks increasingly target small business accounts

The NACHA electronic payments association is warning its 15,000 member of increasing attacks by cyber criminals on small businesses using electronic payment networks.

Five Lessons from Microsoft on Cloud Security

While Google, Amazon and Salesforce have gotten the most attention as cloud service providers, Microsoft-with its 300 products and services delivered from its data centers-has a large cloud bank all its own.

Personal spy gear: Is it ethical? Is it legal?

From disguised video security cams to GPS tracking loggers, personal security is going high-tech. But these gadgets bring up a host of sticky ethical and legal questions.

Illegal downloaders face broadband ban

Aggressive efforts to cut off illegal file sharers from the internet, originally rejected in the government’s Digital Britain report, are back on with a new plan which effectively takes communications regulator Ofcom out of the loop as an online anti-piracy enforcer.

Jordan gossip puts web users at risk

Fans of glamour girl Jordan could be putting themselves at risk by searching for the latest gossip about her on the web, says McAfee.

Comodo Internet Security Antivirus Software

Comodo Internet Security has both a firewall and an antivirus utility in its free package. While we can’t speak for the firewall’s effectiveness (we didn’t test that feature), its antivirus component leaves much to be desired. In our rankings of free antivirus software, it landed at number six, last among the chart-makers.

Can You Trust Free Antivirus Software?

Free antivirus programs vary just as much as paid security programs do in the quality of their protection. And frugal computer users on the hunt for no-cost antivirus software–already faced with tons of options–will have even more to choose from when new free offerings from Microsoft and Panda join the programs currently available from Alwil (Avast), AVG, Avira, Comodo, and PC Tools.

Avira AntiVir Personal Free Antivirus Software

Avira AntiVir Personal’s excellent malware detection, disinfection, and scan speed earned it the top spot in our ranking of free antivirus software. Its interface could be better, though, and using the app means putting up with daily pop-up ads.

Alwil Avast Antivirus Home Edition

Avast Antivirus Home Edition, developed in the Czech Republic, offers capable malware detection and faster-than-average scan speed, both of which helped propel the app to the number two spot in our rankings of free antivirus software. Its clunky interface badly needs updating, however.

PC Tools Antivirus Free Edition Software

PC Tools Antivirus Free Edition does a remarkably poor job of keeping a PC safe, largely because it holds to a now-archaic distinction between spyware and other forms of malware. It came in at number five (out of six contenders) in our rankings of free antivirus software.

Clamwin Free Antivirus Software

ClamWin Free Antivirus stands apart from other free antivirus software because it’s open-source, with no proprietary or commercial aspects. But in the essential task of blocking malware, it doesn’t get the job done.

PC Tools Threatfire 4.5 Antivirus Software

Unlike most of the other pieces of free antivirus software that we tested recently, PC Tools Threatfire is not a stand-alone antivirus program. Instead, Threatfire supplements your existing security app with highly effective behavioral analysis that can stop malware based solely on what the file tries to do on your PC.

Cisco wireless LAN vulnerability could open ‘back door’

Some wireless access points from Cisco have a vulnerability that could allow a hacker to redirect traffic outside the enterprise or potentially gain access to an entire corporate network, a security company said.

Is Your PC Bot-Infested? Here’s How to Tell

As fireworks boomed on the Fourth of July, thousands of compromised computers attacked U.S. government Web sites. A botnet of more than 200,000 computers, infected with a strain of 2004’s MyDoom virus, attempted to deny legitimate access to sites such as those of the Federal Trade Commission and the White House. The assault was a bold reminder that botnets continue to be a massive problem.

Report: U.S. Hotel Security Varies Widely

Road warriors who travel frequently for business have likely seen a wide disparity when it comes to hotel quality. Soft sheets and accommodating staff may be the most noticeable factors, but what about safety and security? A new hotel management research study from Cornell’s Center for Hospitality Research finds that safety and security equipment in U.S. hotels varies dramatically by size, location, and overall hotel class (For more on hotel W-Fi security, check out Dan Lohrman’s blog post on the topic).

The ‘Skanks in NYC’ Soap Opera: Will Google Be Sued?

Soap opera fans, listen up: The Liskula Cohen “Skanks in NYC” debacle is turning into quite the saucy story. In one corner, we have the former Vogue cover girl who claims she’s been defamed by a blogger’s harsh words. In the other, we have the blogger — anonymous until a recent court order unmasked her — who now claims she’s the one who’s been wronged.

A6 promises a way to check up on public cloud security

What cloud services users need is a way to verify that the security they expect is being delivered, and there is an effort underway for an interface that would do just that.

A skank discussion: Privacy, anonymity, and misogyny

In response to last week’s post about former supermodel Liskula Cohen forcing Google to give up the identity of an anonymous blogger (“Skanks for nothing: Google must identify anonymous blogger”), I got a couple of e-mails that are worth exploring in a little more depth. So here goes.

The Art of Creating Strong Passwords

While security has never been more important than it is today, the fastest way for an IT professional to become the most despised person in the company is to start enforcing a strong password policy. A policy perceived as overbearing may cause people to write down their passwords on a sticky-note near their computers, circumventing its very purpose. Your policy will be ineffective if your users don’t know how to create strong passwords that are easy to remember.

Sony debuts HD security cameras

Sony has unveiled a new range of high definition pan tilt zoom (PTZ) security cameras designed for surveillance and applications such as identification and motion detection.

New virus spreads by attacking Borland compiler

An imaginative new virus that infects programs as they are being compiled has claimed its first scalps, infecting software sent out on a cover CD by a major German computer magazine and even other malware programs.

U.S. Says SQL Injection Caused Major Breaches

The huge data thefts at Heartland Payment Systems and other retailers resulted from SQL injection attacks and could finally push retailers to deal with Web application security flaws.

IA Policies Part 2

How do we resolve the issue of acknowledging (to ourselves) that some of our information assurance (IA) policies cannot, or should not, be strictly enforced, while at the same time conveying to staff the importance of always following IA policies?

Snow Leopard security – The good, the bad and the missing
Vista lessons not learned

Apple Engineers missed a key opportunity to implement an industry-standard technology in their latest operating system that would have made it more resistant to hacking attacks, three researchers have said.…

Accused TJX hacker faces 15 to 20
The largest (known) identity theft caper in US history

The hacker accused of orchestrating the largest-known identity theft in US history will serve between 15 to 25 years in prison under a plea deal filed Friday.…

US Dems fill inboxes with 419 scams
democrats.org co-opted

Scammers pumping out emails that try to trick recipients into parting with large sums of cash are getting a helping hand from the Democratic National Committee.…

Fed chairman hit by ID thieves
22 charges after hundreds are hit by pickpocket-allied fraudsters

The US Federal Reserve Board chairman has become the latest high-profile public figure to fall victim to identity theft.…

Mobile operators pooh-pooh universal phone-snooping plan
‘What, us worry?’

Mobile operators have struck back at organizers of an open-source project that plans to crack the encryption used to protect cell phone calls, saying they are a long way from devising a practical attack.…

Hackers scalp Apache
SSH hits the fan

The website of Apache was taken offline for several hours on Friday after the SSH remote administration key on one of its servers was compromised.…

Hackers serve up pre-release malware to Mac fanboys
Snow Leopard scuppered, f*cks it for Foxit

Virus slingers are taking advantage of the release of Apple’s Snow Leopard operating system by offering malware from sites touting operating system upgrades.…

WPA keys gone in 60 seconds
Time to move to WPA 2

Networking nerds claim to have devised a way of breaking Wi-Fi Protected Access (WPA) encryption within 60 seconds.…

Feds warn of malware in fake credit union advisory
Trojan goes postal

A government agency is warning all federally insured credit unions to be on the lookout for a bogus alert delivered through the US mail that includes two CDs containing malware.…

Trojan zaps banking credentials via IM
Instant gratification

No longer the province of teens and chat-obsessed netizens, instant messaging is being adopted by a growing number of banking malware applications, which zap pilfered credentials to thieves in real time.…

Phishing emails dry up as fraudsters switch tactic
Change up

Phishing email volumes fell during the first half of 2009, according to a variety of security reports out this week.…

UK banks ‘not doing enough’ on internet fraud
Which? lists security saints and sinners

Security offered by UK banks to online customers varies widely, according to a survey by Which? Computing.…

Mass web infection pinned on hardened crime gang
DIY exploit launch pads mushroom

A mass compromise that has hit tens of thousands of English-language webpages is probably part of a much larger wave of attacks that’s been under way since June by a sophisticated band of criminals, a security researcher said Wednesday.…

Twitter botches patch for nasty account-hijacking bug
All your tweets are belong to us

For the past 24 hours, Twitter engineers have been fighting a gaping hole that makes it easy for hackers to hijack the accounts of users who do nothing more than view a booby-trapped message.…

Google applies patch to nasty Chrome vulns
Heal thy bleeding sores

Google has pushed out a patch for two severe vulns found in its Chrome browser.…

MS phishing filter blacklists everything
You all look bloody shifty to me

A wide range of uk.com websites were misclassified as malign by anti-phishing technology built into the latest versions of Microsoft’s browser software on Wednesday.…

Notorious hacker Analyzer pleads guilty on credit card scam
$10m scam perp puts hands up

Notorious recidivist hacker Ehud Tenenbaum has pleaded guilty to credit card fraud as part of a plea bargaining agreement with US authorities in a multi-million dollar fraud case.…

Teen kidnapped over Sony PSP
When resale goes bad

Perhaps exchanging used video games for an eighth their value in store credit isn’t such a terrible idea after all. A 17-year-old lad from Utah discovered there’s worse things than getting jerked around by retail after getting kidnapped in a PSP sale gone bad.…

Apple sneaks malware protection into Snow Leopard
Coverage goes only so far

Apple is dipping yet another toe into the anti-malware pond with a feature in the latest beta version of its forthcoming Snow Leopard operating system.…

Incompetence a bigger IT security threat than malign insiders
You’d do better to worry about Mr Bean in accounts

Accidental security incidents involving workers happen more frequently and have the greater potential for negative impact than malicious insider attacks, according to new research from RSA.…

Cisco Wireless LANs at risk from ‘skyjacking’ flaw
Catchily named vuln is all talk so far

Security researchers have discovered a potential denial of service or information stealing flaw affecting Cisco’s wireless networking kit.…

Pink Floyd worm spreads on ‘Chinese Facebook’
Wish You Weren’t Here

Malware authors have developed a cross-site scripting worm that’s spreading across a Chinese social networking website.…

Shock jock blames Britain for hack attack
Savage site ravaged – entire population to blame

Controversial shock jock Michael Savage was hit by a hacking attack last weekend that forced his site offline for around an hour on Saturday.…

Mass infection turns websites into exploit launch pads
More than 57K pwned

Malicious hackers have managed to infect about 57,000 web pages with a potent exploit cocktail that targets a variety of vulnerable applications to surreptitiously install malware on visitor machines.…

4chan pwns Christians on Facebook
Unholy hack

The denizens of notorious imageboard 4chan are up to mischief again with an attack on Christians over the weekend.…

Scammers step up attacks on Warcraft players
‘Particularly nasty’ hole closed after four months

Out to steal online gold and other assets worth real money, scammers are stepping up attacks on World of Warcraft players, according to security researchers.…

Tearaways deface Tayside Police website
Wee security snafu down Dundee way

Tayside Police have restored their website following an embarrassing defacement late last week.…

London hospital recovers from Conficker outbreak
Whipps Cross worm-whipped

An east London hospital has confirmed its computer systems were infected by the Conficker worm earlier this month.…

USB – Ubiquitous Security Backdoor

Category: Threats/Vulnerabilities

Paper Added: August 25, 2009

Immunet Protect – Cloud and Community Malware Protection, (Sat, Aug 29th)

This past week I have been using Immunet Protect as an additional layer of protection with my anti …(more)…

WPA with TKIP done, (Fri, Aug 28th)

In a paper titled A Practical Message Falsification Attack on WPA researchers in Japan …(more)…

apache.org compromised, (Fri, Aug 28th)

apache.org was down this morning and reports are that one of their servers has been compromised due …(more)…

Malicious CD ROMs mailed to banks, (Wed, Aug 26th)

Update: We go an email and phone call from Brent Huston with Microsolved. This mailing was part of a …(more)…

Cisco over-the-air-provisioning skyjacking exploit, (Wed, Aug 26th)

Cisco issued a security advisory for its 1100 and 1200 Series access lightweight points. The a …(more)…

WSUS 3.0 SP2 released, (Wed, Aug 26th)

Microsoft released SP2 for it latest and greatest version of Windows Server Update Services (WSUS). …(more)…

Flash attack vectors (and worms), (Tue, Aug 25th)

A few days ago a lot of media wrote about a Flash worm. I managed to get hold of samples and analyze …(more)…

Twitter Issues, (Mon, Aug 24th)

We’ve received submissions from Chuck, Andrew and others about Twitter being unreachable. It h …(more)…

Appeals Court Says Plain View Doctrine Does Not Apply to Electronic Searches (August 27, 2009)

A federal appeals court has ruled that the so-called “plain view doctrine,” under which evidence may be seized if it is within plain view during a legitimate search, does not apply to electronic searches…….

Proposal Would Require UK ISPs to Suspend Internet Connections of Habitual Copyright Violators (August 25 & 26, 2009)

The UK government is considering establishing a policy that would require Internet service providers (ISPs) to suspend the Internet service of customers who are downloading copyrighted material in violation of copyright law…….

More Insider Security Incidents Are Accidental Than Deliberate (August 25 & 27, 2009)

According to research from RSA, more security incidents arise from incompetence than from malicious insider attacks…….

Pay for Cyber Security Certifications Exceed All Others; Certain Skills In High Demand (July 26, 2009)

While pay for all certifications fell by more than four percent in the second quarter of 2009, pay for security certifications rose two percent, according to the Foote Partners Quarterly IT Pay Update, which aggregates information provided by 84,000 IT professionals at 2,000 employers…….

Gonzalez Reportedly in Plea Talks with Government (August 27, 2009)

An unnamed source says that accused hacker Albert Gonzalez is in plea talks with the US government…….

Tenenbaum Pleads Guilty to Fraud (August 26 & 27, 2009)

Ehud Tenenbaum has pleaded guilty to one count of bank card fraud for his role in break-ins in which more than US $10 million was stolen…….

FBI Investigating Mysterious Laptop Deliveries (August 27, 2009)

The FBI is investigating the origin of five Hewlett-Packard laptops sent to West Virginia Governor Joe Manchin earlier this month…….

Lost USB Stick Contains Nearly Three Times as Many Records as First Reported (August 26 & 27, 2009)

The UK Home Office has acknowledged that there were more data on a lost USB stick than was previously declared…….

DHS to Conduct Cyber Storm III Drill in September 2010 (August 26, 2009)

The US Department of Homeland Security (DHS) plans to conduct a large-scale cyber security drill in September 2010 to test the Obama administration’s proposed national cyber response plan…….

Judge Orders Torrent Site to Remove Links to Copyrighted Material (August 26, 2009)

A Dutch court has ruled that Mininova, the self-proclaimed “largest torrent search engine and directory on the net,” must remove links to copyrighted material within three months or face a fine of as much as five million euros (US $7…….

Cross-Site Scripting Flaw in Twitter (August 26, 2009)

Twitter has been attempting to fix a cross-site scripting vulnerability that could be exploited to hijack users’ accounts or redirect users to malicious sites, but attempts thus far have not been successful…….

Google Addresses Serious Flaws in Chrome Update (August 26 & 27, 2009)

Google has released version 2…….

National Search for The Best Security Awareness Videos (October 28, 2009)

A national competition is being conducted to find the most powerful, timely, and effective video segments (delivered over the web) for educating users on current threats and what they need to know to protect themselves…….

Cyber Criminals Targeting Smaller US Firms; Get Millions (August 25, 2009)

Organized cyber-gangs in Eastern Europe are increasingly preying on small and mid-size companies in the United States, setting off a multimillion-dollar online crime wave that has begun to worry the nation’s largest financial institutions…….

Revealed Blogger Suing Google (August 24, 2009)

Rosemary Port, the blogger whose identity was revealed last week by a court order, says she will sue Google for failing to protect her privacy…….

ISP Drops The Pirate Bay to Avoid Fine (August 24, 2009)

Internet service provider (ISP) Black Internet has cut off service to The Pirate Bay website to avoid fines…….

Eight Indicted in AT&T/T-Mobile Goods and Services Theft (August 21, 2009)

Eight people have been indicted in connection with a scheme in which US $22 million worth of devices and services were stolen from AT&T and T-Mobile over four years…….

Judge Dismisses All But One of the Charges Against San Francisco City Network Administrator (August 23, 2009)

A San Francisco Superior Court Judge has dismissed all but one of the charges against former city network administrator Terry Childs…….

Agencies Must Now Submit FISMA Data Over Internet (August 20 & 24, 2009)

A memo from the Office of Management and Budget (OMB) requires all US government agencies to submit Federal Information Security Management Act (FISMA) compliance reports through an online tool…….

DHS Warns of Malicious Spoofed eMail (August 24, 2009)

The US Department of Homeland Security (DHS) has warned of malicious email messages that appear to be from the DHS Division of Intelligence…….

Former NIST Officials Concerned About Proposed IT Lab Reorganization (August 21, 2009)

Former National institute of Standards and Technology (NIST) officials have written a letter expressing their concern with NIST’s proposal to reorganize its IT Laboratory…….

ISP Gives Same Default Password to All Subscribers (August 24, 2009)

A European ISP has been assigning the same default password to all new subscribers every month…….

Microsoft Suspends Hotmail Attach-Photo Feature (August 21, 2009)

Microsoft has temporarily suspended the Attach-Photo feature in Hotmail because of security issues…….

Ameriprise Fixes Cross-Site Scripting Vulnerabilities (August 20, 2009)

A number of cross site scripting (XSS) flaws on the website of Ameriprise Financial could have been exploited to steal sensitive information from customers…….

Mozilla Fixes SSL Vulnerability in Thunderbird (August 21, 2009)

Mozilla has issued an update for its Thunderbird email client to address a flaw that could be exploited by phishers…….

Cisco Issues Update to Address Firewall Services Module Software Flaw (August 19, 21 & 22, 2009)

Cisco has issued a security update to address a vulnerability in a number of its routers and network switches…….

London Hospital Cleans Up Conficker Infection (August 21 & 24, 2009)

Whipps Cross University Hospital NHS Trust in London has acknowledged that about five percent of its computers were infected with Conficker earlier this month…….

FTC Rule Expands Health Data Breach Notification Responsibility to Web-Based Entities (August 18, 2009)

The US Federal Trade Commission has issued a final rule on health care breach notification…….

New Gonzalez Indictment Throws Wrench in Plea Agreement (August 17, 19 & 20, 2009)

Albert Gonzalez was on the verge of reaching a plea agreement with federal prosecutors regarding charges in a number of hacking cases when he was indicted again by federal prosecutors in New Jersey in connection with a number of high profile data security breaches, including those at Hannaford Bros…….

Dept. of Agriculture Agency Bans All Browsers but IE (August 19, 2009)

The US Department of Agriculture’s Cooperative State Research, Education and Extension Service (CSREES) has banned the use of all browsers but Internet Explorer (IE)…….

Google Ordered to Disclose Blogger’s Identity (August 20, 2009)

In a landmark case, a New York court ordered Google to provide information leading to the identity of a blogger who posted defamatory comments about Canadian model Liskula Cohen…….

Missouri Woman First to be Charged Under New Cyber Bullying Law (August 18, 2009)

A 40-year-old Missouri woman has been charged with felony cyber bullying for allegedly posting photographs and personal information of a teenager to the Casual Encounters section of Craigslist…….

Clear Ordered Not To Sell Traveler Data (August 19 & 20, 2009)

A federal court judge in Manhattan has ordered Clear not to sell, transfer, or disclose customer data it collected as part of its airport security expediting service…….

Police Investigating Leak of Unreleased Music Tracks (August 19 & 20, 2009)

The police have been called in to help record company Syco and the International Federation of the Phonographic Industry (IFPI) figure out who leaked three unreleased songs by Leona Lewis to the Internet…….

Radisson Breach (August 19, 2009)

Radisson Hotels and resorts has posted an open letter to its guests, informing them “that between November 2008 and May 2009, the computer systems of some Radisson hotels in the US and Canada were accessed without authorization…….

Spam Claims to be Recruiting Users to Participate in DDoS (August 19, 2009)

Spammers have started to exploit the heated opinions surrounding healthcare reform in the US…….

Employers Blocking Social Networking Sites More Often (August 19 & 20, 2009)

According to research from ScanSafe, companies are increasingly blocking social networking sites…….

Webhost and Mobile Carrier Drop Mitnick Due to Attacks on His Accounts (August 19, 2009)

AT&T has informed Kevin Mitnick that it no longer wants him as a customer; it seems that his status as a “celebrity hacker” makes his account an inviting target for script kiddies and the cellular provider no longer wants to direct its resources toward protecting his account from attacks…….

West African Undersea Cable Repaired; Six Others Near Taiwan Damaged By Storm (August 18 & 19, 2009)

A damaged section of the undersea SAT-3 cable that provides Internet service to portions of West Africa has been repaired…….

SSH key compromise shuts down Apache website

By Neil Roiter

Attackers forced Apache to shut down its website for several hours Friday morning, using a compromised SSH key to gain access to one of its servers.

Security expert’s PCI analysis misguided, says PCI Council GM

By Bob Russo, PCI Security Standards Council

The PCI Council asserts that everyone in the payment chain should play a role to keep payment information secure, says Bob Russo, general manager of the PCI SSC.

IBM finds sharp spike in malicious content on trusted sites

By Robert Westervelt

Latest midyear trend report finds users being bombarded with malicious Web links. Attackers target trusted search engines, blogs and mainstream news sites to pass malicious code.

Social network study finds identity link to cookies, raising privacy concerns

By Robert Westervelt

Researchers raise privacy concerns as a person’s browsing habits could be paired with their identity and passed to third-parties.

Social network privacy study finds identity link to cookies

By Robert Westervelt

Researchers raise privacy concerns as a person’s browsing habits could be paired with their identity and passed to third-parties.

DEFCON survey suggests hacker community on vacation

By Robert Westervelt

Hackers beat the heat prior to the lucrative holiday season, according to a survey given to attendees at the DEFCON hacker conference.

External attacks start with unintentional mistakes, survey finds

By Robert Westervelt

More control over user rights and access privileges could help mitigate the risk of employee errors that lead to costly data breaches.

Security technologies fail to address insider threat management

By Brian Sears

Detecting troubled employees before their activities lead to a data security breach could help mitigate the risk of insider threats.

Security Squad: Examining the Heartland breach

By Robert Westervelt

Editors discuss the recent debate over comments made by Heartland CEO Robert Carr blaming the PCI QSA for the breach, the federal cybersecurity coordinator and banning social networks.

WeBrute – Directory Brute Forcer

In Tools

Browsers’ FTP Client can be Used to Send Mail

In Security News

Both Internet Explorer and Konqueror can be tricked into sending mail through its FTP client without any more user interaction than loading a page.

Multiple Vulnerabilities in Moodle (view.php, file.php)

In Unix Focus

Moodle is a course management system (CMS) – a software package designed to help educators create quality online courses.”

Stack Overflow in AIFF Demultiplexer

In Unix Focus

A stack buffer overflow vulnerability in the AIFF demultiplexer has been found by Ariel Berkman and was reported to the xine team by D. J. Bernstein. This can be used for an exploit, leading to attacker-chosen code being executed with the permissions of the user running a xine-lib based media application.

Multiple WHM AutoPilot Vulnerabilities

In Unix Focus

“Started by a webhost looking for more out of a simple management script, Brandee Diggs (Owner of Spinn A Web Cafe, Founder of Benchmark Designs) setout to build an internal management system that could handle the day to day operations of a normal hosting company. The key was to remove the need to constantly watch your orders and manage the installs. Alas, WHM AutoPilot was born”.

kpdf Buffer Overflow Vulnerability

In Unix Focus

. We reported about xpdf’s buffer overflow in our previous article: Multiple Vendor xpdf PDF Viewer Buffer Overflow Vulnerability.

Microsoft Internet Explorer XP SP2 Fully Automated Remote Compromise

In Windows NT

Although hundreds of millions of dollars have been spent on securing SP2, perfection is impossible. Through the joint effort of Michael Evanchik and Paul from Greyhats Security, a very critical vulnerability has been developed that can compromise a user’s system without the need for user interaction besides visiting the malicious page. The vulnerability is not actually a vulnerability in itself, but rather it is uses multiple known holes in SP2 including Help ActiveX Control Related Topics Zone Security Bypass Vulnerability and Help ActiveX Control Related Topics Cross Site Scripting Vulnerability.

Netcat for Windows ‘-e’ Buffer Overflow

In Windows NT

Netcat for Windows has a buffer overflow vulnerability that allows remote execution of code. It is exposed when netcat is run using the -e option which execs a process and pipes the listening socket io to the stdio of the exec’d process.

PHP openlog() Buffer Overflow

In Exploit

PHP openlog() function has been found to be prone to a buffer overflow. Passing an overly long size to the function, caused it to overwrite arbitrary memory, resulting in a denial of service. This overflow can be futher extended to cause the program to execute arbitrary code. The exploit code found below can be used to test your system for the mentioned vulnerability.

Lycos Free Email Cross-Site Scripting Vulnerability

In Security News

Lycos’s Free Email service “allows users to have their own web based email account very much like Hotmail”. A cross site scripting vulnerability in Lycos’s Free Email service allows an attacker to steal a user’s cookie allowing him full access to his Lycos email account. Further, due to a flaw in the way Lycos handles cookies, even if the user being attacked changes his password, the attacker can still gain access to his account as the cookie will remain valid.

Scripting Vulnerabilities in Indian Email Providers

In Security News

The email services of several big Indian portals are susceptible to scripting attacks i.e., malicious code can be embedded by attackers into email messages, that, when received by unsuspecting users, can cause harmful effects. The services are Rediffmail.com, Indiatimes.com, Sify.com. The combined user base of these services runs into millions and all of these users are vulnerable. I’ve known about most of these vulnerabilities for years now and I am now releasing them because many are being massively exploited in the wild. All attempts to contact the vendors were unfruitful.

Microsoft Windows Kernel ANI File Parsing Crash and DOS Vulnerability

In Windows NT

Parsing a specially crafted ANI file causes the Windows kernel to crash or stop to work properly. An attacker can crash or freeze a target system if he sends a specially crafted ANI file within an HTML page or within an Email.

Microsoft Windows LoadImage API Integer Buffer Overflow

In Windows NT

An exploitable integer buffer overflow exists in the LoadImage API of the USER32 Lib. This function loads an icon, a cursor or a bitmap and then try to proceed the image. If an attacker sends a specially crafter bmp, cur, ico or ani file within an HTML page or in an Email, it is then possible to run arbitrary code on the affected system.

PHP Scripts Automated Arbitrary File Inclusion (Worm)

In Exploit

The following exploit/worm (PhpInclude.Worm) attacks any CGI it can find using Google and Yahoo and tries to cause them to include an arbitrary PHP file that is then executed becoming the sibling of the worm.

Snort Malformed TCP Options DoS

In Exploit

The following exploit code causes DoS on Snort by sending malformed TCP options to Snort box.

Multiple Vulnerabilities in Oracle Database (Trigger, Extproc, Wrapped Procedures, PL/SQL Injection)

In Security News

Multiple vulnerabilities were discovered in the Oracle database server. All the vulnerabilities are addressed in a new commulative patched issued by Oracle (Trigger, Extproc, Wrapped Procedures, PL/SQL Injection).

Multiple Vulnerabilities in Oracle Database (Character Conversion, Extproc, Password Disclosure, ISQLPlus,TNS Listener)

In Security News

Multiple vulnerabilities were discovered in the (Oracle database server Character Conversion, Extproc, Password Disclosure, ISQLPlus,TNS Listener). All the vulnerabilities are addressed in a new cummulative patched issued by Oracle.

Microsoft Windows winhlp32.exe Heap Overflow Vulnerability

In Windows NT

There is a vulnerability in Microsoft Windows .hlp file parsing program winhlp32.exe. The vulnerability is caused due to a decoding error within the windows .hlp header processing. This can be exploited to cause a heap-based buffer overflow.

IPFront – Windows 2000 and 2003 Hardening GUI

In Tools

Red Pill… Or How To Detect VMM Using (Almost) One CPU Instruction

In Security Reviews

The attached short (4 lines of code, that generate almost a single CPU instruction) exploit code can be used to detect whether the code is executed under a VMM or under a real environment. In addition to the exploit code, a detailed explanation of how this was found and why it works are also provided.

Exploiting Default Exception Handler to Increase Exploit Stability Under Win32

In Security Reviews

The below paper will try to explain how Windows based application’s exception handler can be used to increase the exploit’s stability in the case of a stack overflow.

HArPy – HTTP Constructor

In Tools

Security Deficiencies of Automated Windows Installations

In Security Reviews

In larger environments Windows workstations are usually installed in an automated manner using a so-called unattended setup. Serious weaknesses concerning the sources of these installations have frequently been identified by Compass Security during internal penetrations tests. Such weaknesses can enable an internal hacker to gain high-privileged (Domain Administrator) access in a short time. The aim of this article is to point out the problems in detail and to give suggestions in order to protect your installation sources properly.

Writing IA32 Restricted Instruction Set Shellcode Decoder Loops

In Security Reviews

Lately SkyLined has been playing with a few vulnerabilities that, when exploited, required a shellcode that would be able to pass through heavy filtering before being run. A lot of data like filenames, paths, urls, etc… gets checked for illegal characters before being processed by an application. Filters that remove non-printable characters or convert everything to uppercase make exploitation difficult but not impossible. rix [1] and obscou [2] have already proven that it is possible to write working alphanumeric and Unicode shellcode. SkyLined started working on a shellcode encoder that could encode any shellcode to alphanumeric shellcode, even 100% uppercase and/or Unicode-proof. While doing so, SkyLined had an idea for a more universal solution to the problem of working with a restricted instruction set.

AIRT – Advanced Incident Response Tool

In Tools

Multiple Collisions attack on MD5 and other Hashing Algorithms

In Security Reviews

Presented below are two papers discussing a Collision attack that affects several hash algorithms, including MD5. The collision allows an attacker to change a very small amount of data in file without changing its signature. This collision attack might someday introduce a weakness in MD5 as a hashing algorithm.

Absinthe – Blind SQL Injection Tool

In Tools

AIRT – Advanced Incident Response Tool

In Tools

VoIPong – VOIP Detector and Sniffer

In Tools

iWebNegar Configuration Nullification (DoS)

In Exploit

iWebNegar is “a farsi weblog software”. Due to improper protection done in the /admin/conf_edit.phpscript, it is possible for a remote attacker to cause the script to overwrite the configuration file with an empty file. The following exploit can be used to test your system for the mentioned vulnerability.

William LeFebvre “top” Format String Vulnerability

In Unix Focus

In October of 2000 ‘vort-fu’ aka Ben Bidner located and wrote a patch for a vulnerability in unixtop (also known as top). Somehow the original author William LeFebvre was never notified about the issue. Over four years later the vulnerability still remained in Williams code. Recently LeFebvre was notified about the bug and the issue has since been patched.

Remote DoS in GFI MailEssentials (Microsoft HTML Parser)

In Windows NT

GFI MailEssentials for Exchange/SMTP “offers SPAM protection and email management at server level. GFI MailEssentials offers a fast set-up and a high SPAM detection rate using Bayesian analysis and other methods – no configuration required, very low false positives through its automatic whitelist, and the ability to automatically adapt to your email environment to constantly tune and improve SPAM detection. GFI MailEssentials also adds email management tools to your mail server: disclaimers, mail archiving and monitoring, Internet mail reporting, list server, server-based auto replies and POP3 downloading”.

Multiple Vulnerabilities in FlatNuke

In Unix Focus

FlatNuke is “a CMS (Content Management System) which doesn’t use any DBMS, in favour of text files only (from this fact comes its name)”.

Internet Explorer FTP Client Directory Traversal

In Windows NT

Internet Explorer comes with a built-in FTP client. Internet Explorer’s FTP client has been found to contain a directory traversal vulnerability that can be used to cause a user to download a malicious executable to any directory the owner of the FTP server desires him to download the file to (without the user’s consent).

HTTP Response Splitting and Cross Site Scripting in ViewCVS

In Unix Focus

ViewCVS is “a browser interface for CVS and Subversion version control repositories. It generates templatized HTML to present navigable directory, revision, and change log listings”.

ArGoSoft FTP Server Reveals Valid Usernames and Allows Brute Forcing Attacks

In Windows NT

ArGoSoft FTP Server is “a lightweight FTP Server for Microsoft Windows platforms”. Two vulnerabilities exist in ArGoSoft, one allows enumerating the existing user database of the FTP program, the other allows executing a brute force attack without the server executing any type of defense against it.

GNUBoard Multiple Extensions Vulnerability

In Unix Focus

GNUBoard is “one of the most widely used web BBS applications in Korea”. An input validation flaw in GNUBoard allows a malicious attackers to run arbitrary commands with the privileges of the HTTPD process, which is typically run as the nobody user.

KorWeblog PHP Injection Vulnerability

In Unix Focus

KorWeblog is “one of more popular blog system in Korea”. The “lng” parameter found in the “/install/index.php” file isn’t properly verified, before it is used to include files.

NetDDE MS04-031 Exploit Code

In Exploit

As we reported in our previous article: Vulnerability in NetDDE Could Allow Remote Code Execution (MS04-031), a vulnerability in NetDDE allows a remote attacker to cause the NetDDE service to execute arbitrary code. The following exploit code can be used to test your system for the mentioned vulnerability.

WINS MS04-045 Exploit Code

In Exploit

As we reported in our previous article: Vulnerability in WINS Allows Remote Code Execution (MS04-045, Name Validation, Association Context), a vulnerability in WINS allows remote attacker to cause the WINS server to execue arbitrary code. The following exploit code can be used to test your system for the mentioned vulnerability.

Mozilla Browser NNTP Heap Overflow

In Unix Focus

A critical security vulnerability has been found in Mozilla Project code handling NNTP protocol.

vBulletin init.php SQL Injection (specialtemplates)

In Unix Focus

vBulletin is “a commonly used web forum system written in PHP. One of its key features is use of templates, which allow the board administrator to dynamically modify the look of the board”.

SQL Injection Vulnerability in IBProArcade (Arcade.php)

In Unix Focus

IbProArcade is an online scoreboard powered by Invision Board.

Adobe Flex 3.3 SDK DOM-Based XSS

Adobe Flex is a software development kit released by Adobe Systems for the development and deployment of cross-platform rich Internet applications based on the Adobe Flash platform. An instance of a DOM-based Cross Site Scripting (XSS) vulnerability was found in the default index.template.html of the SDK that is an HTML template used by FlexBuilder to generate the wrapper html for all the application files in your project. The XSS vulnerability appears to affect all user’s that download and utilize this HTML wrapper.

Open Auto Classifieds SQL Injection XSS and Filepath Disclosure

Open Auto Classifieds is a vehicle listings manager that is popular with car dealer websites. It’s written in PHP + MySQL.

Autonomy KeyView Excel File SST Parsing Integer Overflow Vulnerability

Autonomy KeyView SDK is a commercial SDK that provides many file format parsing libraries. It supports a large number of different document formats, one of which is the Microsoft Excel 97 (XLS) format. It is used by several popular vendors for processing documents. Remote exploitation of an integer overflow vulnerability in Autonomy’s KeyView SDK allows attackers to execute arbitrary code with the privileges of the targeted application.

Cisco Unified Communications Manager Denial of Service Vulnerabilities

Cisco Unified Communications Manager is the call processing component of the Cisco IP Telephony solution that extends enterprise telephony features and functions to packet telephony network devices, such as IP phones, media processing devices, VoIP gateways, and multimedia applications. Cisco Unified Communications Manager (formerly CallManager) contains multiple denial of service (DoS) vulnerabilities that if exploited could cause an interruption to voice services. The Session Initiation Protocol (SIP) and Skinny Client Control Protocol (SCCP) services are affected by these vulnerabilities.

Microsoft Office Web Components 2000 Buffer Overflow Vulnerability

Office Web Components is a group of ActiveX controls that can be used to view and edit Microsoft Office files such as spreadsheets and charts. It is commonly used to allow a user to edit a spreadsheet in the browser. The controls are installed with a default installation of Microsoft Office. More information can be found at the vendor’s website at the following address. Remote exploitation of a stack based buffer overflow vulnerability in Microsoft Corp.’s Office Web Components 2000 could allow an attacker to execute arbitrary code with the privileges of the logged on user.

Radvision Scopia Cross Site Scripting Vulnerabilities

Radvision’s Scopia provides a solution for voice and video collaborative communications. If the web-based interface is exposed to an XSS attack, the index.jsp page does not check the user’s input and it is possible to inject arbitrary code into the page parameters. It’s also possible to steal user’s cookie or other data by sending a maliciously crafted URL to authenticated user.

ScribeFire Firefox Extension Code Injection Vulnerability

The ScribeFire Firefox extension provides an interface for users to post to their blogs from any website. It allows users to drag images from a website into the editing pane, which publishes that image as part of their blog post.

Cisco Firewall Services Module Denial of Serevice Vulnerability

A vulnerability exists in the Cisco Firewall Services Module (FWSM) for the Catalyst 6500 Series Switches and Cisco 7600 Series Routers. The vulnerability may cause the FWSM to stop forwarding traffic and may be triggered while processing multiple, crafted ICMP messages. There are no known instances of intentional exploitation of this vulnerability. However, Cisco has observed data streams that appear to trigger this vulnerability unintentionally.

VMware libpng and Apache HTTP Server Arbitrary Code and DOS vulnerability

Several flaws were discovered in the way third party library libpng handled uninitialized pointers. An attacker could create a PNG image file in such a way, that when loaded by an application linked to libpng, it could cause the application to crash or execute arbitrary code at the privilege level of the user that runs the application.

Oracle Secure Backup Administration Server Multiple Command Injection Vulnerabilities

This vulnerability allows remote attackers to inject arbitrary commands on vulnerable installations of Oracle Secure Backup. User interaction is not required to exploit this vulnerability but an attacker must be authenticated.

Pidgin and Adium Libpurple msn_slplink_process_msg() Arbitrary Write Vulnerability

Adium and Pidgin (formerly named Gaim) are based on a library named libpurple. Libpurple has support for many commonly used instant messaging protocols, allowing the user to log into various different services from one application.

CA Host-Based Intrusion Prevention System Denial of Service

CA’s technical support is alerting customers to a security risk with CA Host-Based Intrusion Prevention System. A vulnerability exists that can allow a remote attacker to cause a denial of service. CA has issued a patch to address the vulnerability.

CA Internet Security Suite vetmonnt.sys Denial Of Service

CA’s technical support is alerting customers to a security risk with CA Internet Security Suite. A vulnerability exists that can allow a local attacker to cause a denial of service. CA has issued updates to address the vulnerability.

HP Network Node Manager Local Execution of Arbitrary Code and Denial of Service

JRun Management Console Directory Traversal vulnerability

Directory Traversal vulnerability found in script logviewer.jsp. Using Management Console authenticated attacker can read any file on server.

Vtiger CRM Multiple Vulnerabilities

Vtiger CRM is a free, full-featured, 100% Open Source CRM software ideal for small and medium businesses, with low-cost product support available to production users that need reliable support. Multiple Vulnerabilities exist in Vtiger CRM software.

Adobe Coldfusion 8 Multiple Linked XSS Vulnerabilies

Multiple Linked XSS and XSRF vulnerabilities have been found in Adobe Coldfusion Server 8. An attacker can create an ‘evil’ link and steal the administrators cookie

Piwigo SQL Injection Vulnerability

Piwigo is a photo gallery application written in PHP. The application suffers from a SQL injection vulnerability in comments.php, as it fails to validate data supplied in the “items_number” variable before being used in an SQL query.

Insight Control Suite For Linux (ICE-LX) Multiple Vulnerabilities

Potential security vulnerabilities have been identified with Insight Control Suite For Linux (ICE-LX). The vulnerabilities could be remotely exploited to allow Cross Site Request Forgery (CSRF) , Remote Execution of Arbitrary Code, Denial of Service (DoS) and other vulnerabilities.

Hacker Agrees to Guilty Plea in Massive Data Breach Case

Notorious hacker Albert Gonzalez agrees to plead guilty to having a role in the theft of data from millions of credit and debit cards. Gonzalez, who has been tied by authorities to a cyber-crimewave that hit companies from Heartland Payment Systems to Hannaford Bros., now faces up to 25 years in prison.
- Reputed hacker Albert Gonzalez, the Miami man tied by investigators to several major data breaches, has agreed to plead guilty to a variety of charges, according to reports. Under the plea agreement, Gonzalez, 28, will face a maximum of 25 years in prison. According to authorities, he is…

REVIEW: ‘Nehalem’-Based Sun Fire x4170 Is a Compelling 1U Server Choice

Providing stiff competition in its market space, Sun Microsystems’ Intel Nehalem -based Sun Fire x4170 packs generous amounts of compute power, local storage, network bandwidth and PCIe expansion capability into a small footprint.
- With support for the latest Intel quot;Nehalem quot; processors, Sun Microsystems’ Sun Fire x4170 server packs copious amounts of compute power, local storage, network bandwidth and PCIe expansion capability into a neatly engineered, 1U footprint. While there is uncertainty about the future of …

Snow Leopard Reveals Cracks in Apple`s Mac OS X Security Reputation

News Analysis: Although Mac OS X is considered by many to be the most secure operating system available to end users, it does suffer from security issues. Perhaps the new malware detector in Apple’s new Mac OS X Snow Leopard release will help prove that.
- Mac OS X is viewed by many as the most secure operating system on the market. It’s certainly considered far more secure than Microsoft’s Windows operating system. But with a report hitting the wire Wednesday claiming Apple’s new Mac OS X release, Snow Leopard, will feature a malware-detectio…

Apple Snow Leopard Used as Lure for Trojan

Trend Micro finds a malware campaign that ropes in victims by offering free copies of Mac OS X 10.6, aka Snow Leopard. What users really get is a DNS-changer Trojan.
- Apple plans to release Mac OS X 10.6, aka Snow Leopard, on Aug. 28, and cyber-criminals have taken notice. A number of rogue sites have popped up offering free copies of the latest version of Apple’s operating system. Researchers at Trend Micro are reporting that accessing these malicious sites …

Twitter XSS Vulnerability Still Wide Open, Developer Says

A cross-site scripting vulnerability affecting Twitter security is still open despite the microblogging service’s attempt at a fix, a software developer says. If exploited, the bug could enable an attacker to take over a victim’s Twitter account.
- A software developer is claiming Twitter’s fix for a critical cross-site scripting bug is no good, meaning users are still vulnerable to an attack that could allow an attacker to take over their accounts. The bug was first reported by techie James Slater. According to Slater, the vulnerability a…

BitTorrent Tracking Site Mininova Considers Appeal After Losing Court Case

Mininova, an alternative to BitTorrent tracking site The Pirate Bay, loses a key legal battle as a Dutch court rules that the Mininova site will face fines if it does not take action to remove links pointing to copyrighted material from its servers.
- As The Pirate Bay fights to stay online, one of its chief rivals has also fallen into the sights of the authorities. A civil court ordered Dutch Website Mininova to remove all files on its servers that point to copyrighted works within three months or face fines. Mininova rivals The Pirate Bay…

Apple Arms Snow Leopard with Mac Malware Detection, Reports Say

Apple has reportedly armed Snow Leopard, the newest version of its Mac OS X operating system, with a new feature to scan downloads for malware. The OS is slated to be released on Friday.
- It appears Apple has bolstered Snow Leopard with some new spots to enhance security. In this case, Apple has apparently added a new malware scanner to analyze downloads for malicious content. Apple did not return a request for comment on the feature, which has understandably caught the atte…

McAfee Names Jessica Biel, Beyonce Most Dangerous Celebrity Web Searches

In an annual report, McAfee lists the celebrities whose names are most likely to lead fans to malware via Web searches. At the top of the list are actress Jessica Biel, singer Beyonce and movie star Jennifer Aniston.
- Trying to find actress Jessica Biel can be dangerous on the Internet, anyway. For the third year in a row, McAfee has put out a list of the most dangerous celebrities when it comes to Internet search results. The list is home to more than a few well-known singers and movie stars, such as M…

Cisco WLAN Vulnerability Uncovered by Researchers

AirMagnet researchers uncover a way for attackers to take advantage of Cisco Systems’ Over-the-Air-Provisioning feature. Cisco responds with a security advisory giving some mitigations for the OTAP vulnerability.
- Researchers at AirMagnet have uncovered a serious flaw in a provisioning system used by Cisco Systems WLANs that could enable attackers to gain access to WLAN-attached systems. According to AirMagnet’s Intrusion Research Team, the vulnerability, announced Aug. 25, lies in Cisco’s OTAP (Over-the…

57,000 Websites Compromised in Mass Attack, ScanSafe Reports

ScanSafe has reported a massive compromise impacting 57,000 legitimate sites. When users visit the infected Web pages, they are greeted with a truckload of password stealers and other Trojans.
- Security firm ScanSafe has uncovered a campaign that has compromised more than 57,000 Websites in a bid to dump gallons of malware on users computers. According to ScanSafe, the sites are being infected with a malicious iFrame via SQL injection. The iFrame in turn loads what ScanSafe Senior…

Pirate Bay Hit as ISP Kills Service After Court Order

Well-known BitTorrent tracking site The Pirate Bay felt the heat when Internet service provider Black Internet terminated service after being threatened with court fines. There are reports that the site is working to restore service.
- A Swedish court has ordered an Internet service provider to shut down service to The Pirate Bay, a well-known site that tracked and indexed BitTorrent files. According to the Swedish newspaper SvD (Svenska Dagbladet), the CEO of ISP Black Internet said the company was told by the court t…

Snow Leopard’s Anti-Malware Feature

In Safety Tips

Apple has long maintained that Mac users don’t need to worry about viruses and other malicious software. So it’s hardly surprising that many media outlets have seized upon revelations that Snow Leopard, the newest version of Apple’s OS X operating system, detects and warns users about certain types of malicious software designed to attack Macs. Snow Leopard went on sale Friday and I haven’t had a chance to fiddle with it yet (I’m hoping to tackle this over the weekend). By most accounts this anti-malware feature is fairly limited, with the caveat that it could quite easily be expanded to accommodate future security threats to the Mac platform. A blog entry from computer security firm Sophos includes a clever video showing the performance of the Snow Leopard feature alongside the company’s own security software built for the Mac. Graham Cluley, a senior technology consultant at Sophos, said Snow Leopard’s ability

Phishing Attacks on the Wane

In Latest Warnings

Phishing attacks have fallen out of favor among cyber crooks who make a living stealing personal and financial information, according to a report released this week by IBM. Instead, attackers increasingly are using malicious Web links and password-stealing Trojan horse programs to filch information from victims, the company found. The analysis from X-Force, IBM’s security research and development division, notes that Trojan horse programs are taking the place of phishing attacks aimed at financial targets. The company found that throughout 2008, phishing volume was, on average, 0.5 percent of overall spam volume. In the first half of 2009, however, phishing attacks fell to an average of 0.1 percent of spam volume. The targets of phishing attacks also changed, IBM says: In the first half of 2009, 66 percent of phishing schemes targeted the financial industry, down from 90 percent in 2008. I looked at the number of phishing sites tagged

U.K. Govt: Spammers Before Downloaders?

In From the Bunker

The British government plans to suspend the Internet accounts of residents suspected of downloading pirated music and films, according to news reports. But the latest figures on the geographic location spam-spewing zombie PCs suggest the U.K. government might do better to start by disconnecting the nation’s most notorious uploaders. The Associated Press reports that plans announced Tuesday by the British Treasury Minister include blocking access to download sites, and temporarily suspending users’ Internet accounts. The story didn’t say how many of Britain’s estimated 48.7 million Internet users are suspected of being serial music and movie downloaders. But Security Fix reviewed the 8.8 million Internet addresses around the globe that are on Spamhaus.org’s composite block list — which tracks connections that show strong signs of being spam relays — and found that roughly 60,000 U.K. systems currently are blasting junk e-mail to the rest of the world on behalf of spammers.

Microsoft Expands Office Anti-Piracy Program

In New Patches

Microsoft expanded its anti-piracy program this week, shipping a new software update that checks whether Office users are running a licensed or pirated version of the productivity suite. Windows users who have Automatic Updates turned on probably have by now noticed at least one new update available from Redmond. The patch represents the next phase of the Office Genuine Advantage (OGA) anti-piracy pilot program Microsoft launched last year. Microsoft says the update is being gradually rolled out to different countries, so the update will not be available to everyone at the same time. The program checks against Office XP, Office 2003, and Office 2007 installations. Even users who have Automatic Updates set to download and install patches for them will need to approve a license agreement before the OGA patch will fully install. That’s a good thing, too, because according to Microsoft, this patch cannot be removed once it is

Businesses Reluctant to Report Online Banking Fraud

In Latest Warnings

A confidential alert sent on Friday by a banking industry association to its members warns that Eastern European cyber gangs are stealing millions of dollars from small to mid-sizes businesses through online banking fraud. Unfortunately, many victimized companies are reluctant to come forward out of fear of retribution by their bank. According to the alert, sent by the Financial Services Information Sharing and Analysis Center (FS-ISAC), the victims of this type of fraud tell different stories, but the basic elements are the same: Malicious software planted on a company’s Microsoft Windows PC allows the crooks to gain access to the victim’s corporate bank account online. The attackers wire chunks of money to unwitting and in some cases knowing accomplices in the United States who then wire the money to the fraudsters overseas. As grave as that sounds, the actual losses from this increasingly common type of online crime almost certainly

Tighter Security Urged for Businesses Banking Online

In Safety Tips

An industry group representing some of nation’s largest banks sent a private alert to its members last week warning about a surge in reported cybercrime targeting small to mid-sized business. The advisory, issued by the Financial Services Information Sharing and Analysis Center, recommends that commercial banking customers take some fairly rigorous steps to secure their online banking accounts. For example, the group recommends that commercial banking customers “carry out all online banking activity from a standalone, hardened, and locked-down computer from which e-mail and Web browsing is not possible.” Such a system might be a virgin install of Windows with all the proper updates, using something like Microsoft steady state. Even smarter would be a Mac, or some flavor of Linux, or even a Live CD distribution of Linux (after shutdown, all changes are erased). Why take such extreme precautions? The alert indicates that the sophistication, stealth, and sheer volume

Malware Writers: Will That Be OS X, or W?

In Latest Warnings

Security researchers increasingly are finding that sites designed to trick the visitor into installing malicious software will serve different malware depending on whether the visitor arrives at the page using a Microsoft Windows PC or a Mac. Trend Micro researcher Ivan Macalintal recently found a new variant of the dreaded DNS changer Trojan that checks to see which operating system the visitor’s Web browser appears to be riding on, and then offers the appropriate Windows- or Mac-based installer. The malware was masquerading as a pirated version of Foxit Reader and several anti-virus applications. This follows a similar finding last month by McAfee, which spotted the same tactic being used at sites that try to trick the user into installing a browser plug-in supposedly needed to view online videos: The bogus plug-in was offered as a “.exe” file for Windows visitors, and a “.dmg” installer file for those who browsed the

Brief: Apache investigates Web server attack

Apache investigates Web server attack

Brief: Federal agency warns of postal trojan

Federal agency warns of postal trojan

News: Apple sneaks anti-malware into Mac OS X

Apple sneaks anti-malware into Mac OS X

Mark Rasch: Lazy Workers May Be Deemed Hackers

Lazy Workers May Be Deemed Hackers

Brief: Auto SQL injection co-opts thousands of sites

Auto SQL injection co-opts thousands of sites

Draft Version of New Keeping FreeBSD Applications Up-To-Date

By Richard Bejtlich

This is a follow-up to my recent post Draft Version of New Keeping FreeBSD Up-To-Date. I updated the draft Keeping FreeBSD Up-To-Date document at http://www.taosecurity.com/kfbutd7.pdf to include new sections on building a kernel and userland on one system and installing on another, and upgrading from one major version of FreeBSD to another via binary upgrades (e.g., 7.1 to 8.0 BETA3, since that just became available).
I have also published another draft document titled Keeping FreeBSD Applications Up-To-Date at http://www.taosecurity.com/kfbautd7.pdf. That is a follow-up to my 2004 article of the same name that use FreeBSD 5.x for the examples.
The new document includes the following.


Sections:
---------
Introduction
FreeBSD Handbook
A Common Linux Experience
Simple Package Installation on FreeBSD
Checking for Vulnerable Packages with Portaudit
FreeBSD Package Repositories
Updating Packages by Deletion and Addition
Introducing the FreeBSD Ports Tree
Updatng the FreeBSD Ports Tree
Installing Portupgrade
Updating Packages Using Portupgrade
Removing Packages
Identifying and Removing Leaf Packages
Preparing to Build and Install Packages Using the Ports Tree
Building and Installing Packages Using the Ports Tree: A Simple Example
Building and Installing Packages Using the Ports Tree: A More Complicated Example
Install Packages Built on One System to Another System
Installing Screen Using a Remote FreeBSD Ports Tree
Reading /usr/ports/UPDATING
My Common Package Update Process
Conclusion

As with the last document, this one reflects my personal system administration habits. For example, I use Portupgrade, although others might prefer Portmaster or Portmanager or something else.

If you’d like to read this draft and provide any comments here, I would appreciate them.

On a related note, I’d like to point to the 2006 article The FreeBSD Ports System by Michel Talon. I found it interesting because it takes a deep look at the ports tree and make comparison to Debian systems.

Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and http://www.taosecurity.com)

Draft Version of New Keeping FreeBSD Up-To-Date

By Richard Bejtlich

Four years ago I wrote an article titled Keeping FreeBSD Up-To-Date. The goal was to document various ways that a FreeBSD 5.2 system could be updated and upgraded using tools from that time, in an example-drive way that complemented the FreeBSD Handbook.

I decided to write an updated version that starts with a FreeBSD 7.1 RELEASE system and ends by running FreeBSD 7.2-STABLE. Sections include:


Sections:
---------
Introduction
FreeBSD Handbook
The Short Answer
Understanding FreeBSD Versions
Learning About Security Issues
Starting with the Installation
Installing Gnupg and Importing Keys
Installing Source Code
Installing CVSup
Applying Kernel Patches Manually
Applying Userland Patches Manually
Using CVSup to Apply Patches
Using Csup to Apply Patches
FreeBSD Update to Upgrade FreeBSD within Versions
STABLE: The End of the Line for a Single Version
What Comes Next?
Conclusion

Looking at the sections, I noted that it might be good to add a section on using FreeBSD Update to upgrade to 8.0, assuming you’re starting with a non-7.2-STABLE system. From what I’ve read, that isn’t possible? (Anyone know for sure?)

It would also be nice to publish the final version once 8.0 is RELEASEd so I could incorporate that.

If you’d like to read the document and provide feedback, I’d appreciate constructive comments. The draft is available as a .pdf at http://www.taosecurity.com/kfbutd7.pdf. Thank you.

Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

WinINSTALL – Voted WindowSecurity.com Readers’ Choice Award Winner – Patch Management

By info@WindowSecurity.com (The Editor)

WinINSTALL was selected the winner in the Patch Management category of the WindowSecurity.com Readers’ Choice Awards. GFI Languard and Shavlik NetChk Protect were first runner-up and second runner-up respectively.

Restricting Specific Web Sites in Internet Explorer Using Group Policy

By (Derek Melber)

How to use Group Policy to restrict Web sites access and how to restrict different users from one another.

Fla. man in credit card data theft accepts plea (AP)

In technology

AP – A computer hacker accused of masterminding one of the largest cases of identity theft in U.S. history agreed Friday to plead guilty and serve up to 25 years in federal prison for his crimes.

Microsoft Names Top Ten Windows Malware (PC Magazine)

In technology

PC Magazine – A new list of malware just came out from Microsoft based on their MSRT, or Malicious Software Removal Tool.

Snow Leopard Malware Protection a Growing Pain for Mac OS X (PC World)

In technology

PC World – Mac users have long relished the fact that malware is nearly a foreign concept to them. Yet, in a tacit acknowledgment of the growing threat of malware on the Mac platform, Apple has added some rudimentary malware protection into Snow Leopard.

Man charged in record ID theft case in plea talks (AP)

In technology

AP – An accused computer hacker charged with stealing millions of credit and debit card numbers has been negotiating a plea deal with the federal government, people close to the case said Thursday.

Facebook, Twitter Provide Sensitive Information for Corporate Criminals (PC World)

In technology

PC World – Social networking services like Facebook and Twitter foster a false sense of security and lead users to share information which can be used by cybercriminals and social engineers. The very concept of social networking is based on connecting and sharing, but with who?

Snow Leopard Needs Better Anti-Malware, Should Be Free (PC World)

In technology

PC World – Is the “malware protection” in Apple’s new Snow Leopard really lame or what? But, it’s on a par with other features of the OS “upgrade.”

Apple Confirms Anti-Malware Added to ‘Snow Leopard’ (PC Magazine)

In technology

PC Magazine – On Wednesday, it was discovered that the latest version of Apple’s OS X 10.6, “Snow Leopard,” has clear built-in malware protection. Apple has since confirmed the addition.

Inside Snow Leopard’s hidden malware protection (Macworld.com)

In technology

Macworld.com – While malicious software has long been a near-daily annoyance for Windows PCs, Mac users have become accustomed to not worrying about malware. Threats arise from time to time-in January of this year, for example, a Trojan horse made the rounds in pirated copies of Apple’s iWork software-but most Mac users these days are probably running computers without antivirus software.

Report: Snow Leopard To Confront Mac Malware (PC World)

In technology

PC World – Adding anti-malware to Snow Leopard is a Catch-22 for Apple: In solving a problem, Apple must first admit a problem actually exists. Which is hard when one of your major selling points is that you’re secure and your major competitor–Microsoft Windows–is not.

Symantec Offers Fix for Buggy Norton Patch (PC World)

In technology

PC World – Symantec has posted a software fix after hundreds of users reported problems with a buggy update of the company’s flagship Norton AntiVirus software.

Cybercriminals Favor Jessica Biel as Malware Bait (NewsFactor)

In business

NewsFactor – Move over, Brad Pitt. Actress Jessica Biel has officially overtaken you as the most dangerous celebrity to search for in cyberspace, according to Internet security company McAfee. McAfee’s third annual research report into Hollywood stars and pop culture’s favored people offers insights into the riskiest celebrities on the Web.

Jessica Biel Could Give You a (PC) Virus (PC World)

In technology

PC World – Quick, someone tell Justin Timberlake that his girlfriend Jessica Biel is dangerous–in cyberspace.

Biel tops Pitt as ‘most dangerous’ celebrity on Web (AFP)

In us

An online search for actress Jessica Biel, seen here in May 2009, is the most likely to land a Web surfer on a site hosting spyware, a virus or other malware, Internet security firm McAfee warned on Tuesday.(AFP/Getty Images/File/Stephen Lovekin)AFP – An online search for actress Jessica Biel is the most likely to land a Web surfer on a site hosting spyware, a virus or other malware, Internet security firm McAfee warned on Tuesday.

Jessica Biel tops list as most risky star in cyberspace (Reuters)

In technology

Reuters – Actress Jessica Biel has overtaken Brad Pitt as the most dangerous celebrity to search in cyberspace, according to Internet security company McAfee Inc.

Trend Micro Unveils 2010 Consumer Security Line (PC Magazine)

In technology

PC Magazine – Trend Micro today unveiled new versions of its Trend Micro Internet Security and Trend Micro Internet Security Pro consumer security products, both optimized for Windows 7.

Apache.org hit by SSH key compromise

By Ryan Naraine on Uncategorized

The open-source Apache Software Foundation pulled its Apache.org Web site offline for about three hours today because of server hack caused by a compromised SSH key.

Snow Leopard’s malware protection only scans for two Trojans

By Dancho Danchev on Passwords

The much hyped built-in malware protection into Apple’s Snow Leopard upgrade appears to be nothing more than a XProtect.plist file containing five signatures for two of the most popular Mac OS X trojans – OSX.RSPlug and OSX.Iservice. Intego, the company that originally reported the new feature, has just released a comparative review of their (commercial) antivirus [...]

Source code for Skype eavesdropping trojan in the wild

By Dancho Danchev on Spyware and Adware

Earlier this week, Swiss programmer Ruben Unteregger who has been reportedly working for a Swiss company ERA IT Solutions responsible for coding government sponsored spyware, has released the source code of a trojan horse that injects code into the Skype process in order to convert the incoming and outgoing voice data into an encrypted MP3 [...]

The most dangerous celebrities to search for in 2009

By Dancho Danchev on Web 2.0

Searching for which celebrity has the highest probability of tricking you into visiting a malware-friendly web site? Last year it was Brad Pitt, but according to this year’s McAfee report “Riskiest Celebrities to Search on the Web“, it’s Jessica Biel related searches that have “one in five chance of landing at a Web site that’s tested [...]

Hackers mailing malware-infested CDs to banks

By Ryan Naraine on Viruses and Worms

Cybercriminals are currently mailing infected CDs to credit unions and smaller banks as part of a clever offline scheme to load malicious software into computers with valuable data.

High-risk vulnerabilities hit Google Chrome

By Ryan Naraine on Vulnerability research

Google has shipped a new version of its Chrome browser to fix multiple serious security flaws that expose users to code execution attacks.

Apple adds malware blocker in Snow Leopard

By Ryan Naraine on Patch Watch

Apple has quietly added a new Snow Leopard feature to scan software downloads for malware, a no-brainer move that coincides with a noticeable spike in malicious files embedded in pirated copies of Mac-specific software.

Research: 80% of Web users running unpatched versions of Flash/Acrobat

By Dancho Danchev on Research

According to a research published by Trusteer earlier this month, 79.5% of the 2.5 million users of their Rapport security service run a vulnerable version of Adobe Flash, with 83.5% also running a vulnerable version of Acrobat. The company has also criticized Adobe by insisting that their update mechanism “does not meet the requirements of a [...]

55,000 Web sites hacked to serve up malware cocktail

By Ryan Naraine on Vulnerability research

Security researchers are raising an alarm for a potent malware cocktail — backdoor Trojans and password stealers — being pushed to Windows users from about 55,000 hacked Web sites.

Around The Horn vol.1,146

Posted in Uncategorized by lightthedarkfiber on August 17, 2009

An Interview with Ron Gula from Tenable about the role of a vulnerability scanner in protecting sensitive information

Tenable’s Ron Gula gives us an update on Nessus which now performs many of the industry standard web application tests such as SQL injection and Cross Site Scripting analysis. This, combined with Tenable’s database, application and operating system configuration audits, can provide a much deeper form of analysis than pure black-box testing.

Three men indicted in largest U.S. data breach

By Elinor Mills

Two Russians and a Florida man were charged on Monday with hacking into Heartland Payment Systems, 7-Eleven, and the Hannaford Brothers supermarket chain, and stealing data related to more than 130 million credit and debit cards.

The indictment names 28-year-old Albert Gonzalez of Miami, who already has been charged with …

Georgian cyber attacks launched by Russian crime gangs
With help from Twitter, Facebook and Microsoft

Last year’s cyber attacks that brought internet traffic to a standstill in Georgia were carried out by civilians and Russian crime gangs, in some cases with the unwitting help of websites and software companies located in the US, according to researchers.…

YAMWD: Yet Another Mass Web Defacement, (Mon, Aug 17th)

Thousand of sites were mass defaced on yet another large web hoster (in this case servage.net) possi …(more)…

Microsoft-sponsored reports find IE8 most secure browser (Updated)

By emil.protalinski@arstechnica.com (Emil Protalinski) on Safari

During July 2009, a company called NSS Labs performed two separate browser security tests, which Amy Barzdukas, General Manager of Internet Explorer, told Ars that Microsoft had sponsored. Right off the bat, your suspicions have probably been raised, and rightly so. Internet Explorer 8 performed very well in all the tests and, while Microsoft insists that it had no impact on the results, we must still be cautious when examining the reports.

Researchers “hack the vote” in real-world e-voting attack

By segphault@arstechnica.com (Ryan Paul) on evoting

A group of security researchers has published a fascinating study that demonstrates how to hack a Sequoia AVC Advantage voting machine. We have already seen several electronic voting machines hacked by experts in controlled environments, but this study goes a step further and shows that it can be done in the wild without privileged access to source code or other specialized materials.

The study was conducted by a group of voting machine security experts led by Ed Felten, the director of Princeton’s Center for Information and Technology Policy. They used a technique called return-oriented programming to circumvent the built-in security mechanisms in an AVC Advantage voting machine and cause it to divert votes from one candidate to another in a simulated election.

New OS X Security Update (2009-004) patches DNS issue

By jacqui@arstechnica.com (Jacqui Cheng) on Software Update

What’s that, you say? You just updated to Mac OS X 10.5.8 last week with all of its security fixing goodness? That’s too bad, says Apple, because there’s a new security update out for OS X. Security Update 2009-004 is, as usual, recommended for all users of both Leopard and Tiger (PPC and Intel) and rolls all previous security fixes into this update.

According to Apple’s security page for the 2009-004 update, there’s only one major fix included in this package, and it has to do with BIND. “By sending a maliciously crafted update message to the BIND DNS server, a remote attacker may be able to interrupt the BIND service,” writes Apple. “The issue affects servers which are masters for one or more zones, regardless of whether they accept updates. BIND is included with Mac OS X and Mac OS X Server but it is not enabled by default. This update addresses the issue by properly rejecting messages with a record of type ‘ANY’ where an assertion would previously have been raised.”

Because BIND is not enabled by default, it’s unlikely that you need to go running for Software Update at this very second. However, it’s always a good idea to keep updated, so get to downloading already. Chop chop.

New trojan that hijacks your Mac’s DNS spotted in the wild

By chris.foresman@arstechnica.com (Chris Foresman) on trojan

A trojan disguising itself as a QuickTime player update has been identified in the wild. The trojan is related to similar previous trojans that disguised itself as a media player of some sort. However, this new version specifically attempts to hijack DNS requests, sending unsuspecting users to any website the trojan authors wish.

The latest version of this trojan, dubbed OSX_JAHLAV.D by Trend Micro, comes from a number of websites like comandtryx.com, simplexdoom.com, and sinisteer.com—all which originate from a server with the IP address 91.214.45.73. When clicking to play the videos on these sites (I can only assume it promises to be TEH BESTEST PR0N EVAR!!!), you’ll be prompted to install a QuickTime update or plug-in. If you agree, a file called QuickTimeUpdate.dmg will be downloaded.

Symantec, 11 others, fail Virus Bulletin’s August 2009 test (Updated)

By emil.protalinski@arstechnica.com (Emil Protalinski) on Virus Bulletin

Virus Bulletin (VB) conducted its latest test in July, posting the results this month. The security research company evaluated 35 anti-malware products for the 32-bit version of Windows Vista SP2 Business. The basic requirements for a product passing the test is detecting, both on demand and on access, in its default settings, all malware known to be “In the Wild” at the time of the review, and not detecting any false positives when scanning a set of clean files. The products were pitted against about 3,000 unique samples of malware that fall into four categories: WildList viruses, Worms and bots, Polymorphic viruses, and Trojans.

Three men indicted in largest U.S. data breach

By Elinor Mills

Two Russians and a Florida man were charged on Monday with hacking into Heartland Payment Systems, 7-Eleven, and the Hannaford Brothers supermarket chain, and stealing data related to more than 130 million credit and debit cards.

The indictment names 28-year-old Albert Gonzalez of Miami, who already has been charged with …

How 10 digits will end privacy as we know it

By Ari Juels

Editors’ note: This is a guest column. See Ari Juels’ bio below.

Internet denizens and urban dwellers alike need to recognize that an era of anonymity is ending.

The population of the world stands at about 7 billion. So it takes only 10 digits …

Researchers prove kernel is secure

By Tom Espiner

Australian researchers have demonstrated a way to prove core software for mission-critical systems is safe.

The researchers this week said they can prove mathematically that code they have developed, designed to govern the safety and security of systems in aircraft and motor vehicles, is free of many classes of error. …

Security firms discover botnet on Twitter

By Caroline McCarthy

A Twitter account can be used as the command center for harnessing a “botnet” of virus-infected computers, security firms Arbor Networks and Symantec reported. In a blog post Friday, Symantec analyst Peter Coogan wrote that researchers found an account, @upd4t3, which was tweeting out links to download a piece malware …

WSJ: China not requiring Green Dam software

By Lance Whitney

The Chinese government may be waving a white flag in response to all the criticism of its Green Dam filtering software.

Beijing won’t force the widespread installation of the Internet filtering program on PCs and other consumer products, China’s industry minister, Li Yizhong, said Thursday, according to a …

Office, Windows get critical patches

By Ina Fried

Microsoft on Tuesday released nine patches, five of them critical, to plug holes in Windows and other software products.

The nine patches actually relate to 19 separate vulnerabilities in Windows, the .Net Framework, Microsoft Office, Microsoft Visual Studio, Microsoft ISA Server, Microsoft BizTalk Server, and Remote Desktop Client for Mac…

Richard Dawkins forum compromised

By Rik Ferguson on web

The discussion forum at RichardDawkins.net appears to have been compromised   Richard Dawkins, the evolutionary biologist and popular science author, famed for his no-holds-barred approach to what he sees as the unsubstantiated claims made by religion, certainly has all the proof he needs to believe in the cybercriminal underground.   Members of the discussion forum over at RichardDawkins.net all [...]

Two more rogue Facebook apps linked to Fucabook scam

By Rik Ferguson on web

I have been continuing to look into the Facebook phishing/rogue application story that I blogged about yesterday, because it wasn’t at all clear to me how the application “sex sex sex and more sex!!!” was generating those messages pointing to the malicious web site.   My research has turned up two further Facebook applications which this time have quite clearly [...]

Rogue Facebook application leads to phishing

By Rik Ferguson on web

A rogue Facebook application appears to be sending notifications that lead users to a credential harvesting site.   Prospective marks receive a Facebook notification that a user has commented on one of their posts, as above. The notifications appear to come from an application called “sex sex sex and more sex!!!” which despite sounding shady and looking a bit of [...]

Spineless Twit

By Rik Ferguson on web

I returned from my two weeks of paternity leave, logged in to my various online accounts and started to get myself back up to speed this Sunday evening. When I logged into my Twitter account I noticed an incongruously malevolent sounding message that had been sent to me anonymously:   The message is designed to use the [...]

Twitter Being Used As Botnet Command Channel

By Darknet on worms

Ah Twitter in the news again, the bad guys sure do keep up with new trends. After being taken offline for a while by a Joejob DDoS attack Twitter is in the news again – this time it’s being used as the command channel for a Botnet. The normal method for controlling Botnets is via an [...]

sslsniff v0.6 Released – SSL MITM Tool

By Darknet on sslsniff

This tool was originally written to demonstrate and exploit IE’s vulnerability to a specific “basicConstraints” man-in-the-middle attack. While Microsoft has since fixed the vulnerability that allowed leaf certificates to act as signing certificates, this tool is still occasionally useful for other purposes. It is designed to MITM all SSL connections on a LAN and dynamically generates [...]

WordPress 2.8.3 Admin Reset Exploit

By Darknet on wordpress-vulnerability

Ah it’s WordPress again, sometimes I wonder how many holes there are in WordPress. I guess a dedicated attacker could find some serious ones with the complexity of the code base. It’s suspected some of the recent high profile breaches have come from WordPress exploits. The latest one to become public is a simple but effective flaw, [...]

Xplico – Network Forensic Analysis Tool

By Darknet on xplico

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic [...]

Twitter Used to Control Data-Stealing Botnet

In Web 2.0

Arbor Networks researcher Jose Nazario discovered a botnet using Twitter as a command and control. The tweets he found contained links to sites where bots could download new commands and executables.

Attack Variants Living Shorter Shelf-Lives

In Virus and Spyware

With over 50 percent of all new attacks living for less than 24 hours, it’s becoming impossible for AV companies to keep up using traditional methods.

eBay Calls for Stricter Passwords for Developers

In eBay

eBay is requiring developers to adopt stronger passwords to protect their information, as the company has identified a way for attackers to access data with authorization.

Criminal Prescription: Fake Pharmacies Haunt Bing

In Virus and Spyware

Ads for illegal pharmacy sites dominate the results for related keyword searches on Microsoft’s new Bing.com engine.

Open Source Web Anti-Malware Tool Released

In Web 2.0

Dasient launched a free open source iteration of its URL anti-infection software.

Trend Micro Uncovers DNS-Changing Mac Trojan

In Trojan attacks

Researchers at Trend Micro have published details of a new version of a DNS-changing Trojan targeting Macs.

True Love Never Dies

In Virus and Spyware

Attackers keep rolling back the clock on some old school techniques, and threats that attempt to tap into interest in matters of love are nearly as old as the popular concept of malware itself.

Spam Growing Upwards, Onwards

In Virus and Spyware

Spam seemingly only changes by returning to its roots, and ebbing its volumes ever upwards, no matter what we do about it.

Enterprises Crack Down on Web 2.0 Data Leaks

In Web 2.0

New research from Proofpoint shows that enterprises are increasingly dealing with data leaks on blogs, social networks and media sharing sites – and they are not taking it lightly. Many organizations are cracking down on employees for breaking data security policies surrounding blogs, Facebook and other Web 2.0 technology.

HHS walks a tightrope on health information exchange, advisory group says

HHS is walking a tightrope in trying to craft the right balance for health information exchanges, according to a federal advisory group’s report.

Social media dominates new DOD Web site

Social media is the prominent feature on the new Defense Department’s home page, which was launched today.

Passenger screening program to collect more data

U.S. airlines will begin collecting passengers’ dates of birth and gender when they make reservations under the Transportation Security Administration’s Secure Flight program.

Schliesske lured by ‘cool stuff’

After seeing the ‘cool stuff’ his twin brother and father were doing in the Army, Harold Schliesske left the private sector for government leadership — and he hasn’t looked back.

DHS plans cybersecurity wiki

The Homeland Security Department plans a new wiki that federal cybersecurity centers would use to coordinate efforts and improve situational awareness.

DHS expands global trusted traveler program

DHS’ international trusted traveler program is expanding to more airports this month.

Agencies told to keep up with ID management

A senior GSA executive gives an inside look at governmentwide identity management initiatives at Virtual FOSE.

Navy CIO says cybersecurity is an urgent national issue

The Navy’s CIO said today that cybersecurity must evolve rapidly to deal with the most serious economic and security challenge of the 21st century.

IG: Energy needs more protection for some data

The Energy Department’s inspector general says more action is needed to protect the department’s electronic information that is unclassified, but sensitive.

Virtual FOSE: Metrics, comparisons recommended for winning IT security support

Alan Paller, the director of research at the SANS Institute, recommends that IT security professionals without budget authority use reliable metrics, numbers and comparisons to win support from executives.

Navy’s network security roadmap to be explained at Virtual FOSE

Navy Department Chief Information Officer Robert Carey will be the keynote speaker at tomorrow’s Virtual FOSE conference.

Business groups want Congress to address E-Verify concerns

TechAmerica and others ask lawmakers to deal with their worries about E-Verify.

Government, industry create threat forum for power grid

EnergySec has grown to include 200 members from the electric power industry, security vendors and government regulators since its formation in December to provide an alternative to the more formal ISAC for rapid sharing of information.

IG fears risks to DHS stimulus money

The Homeland Security Department’s inspector general has said DHS should work to mitigate risks that may affect its capability to prudently spend, manage and report on $2.8 billion it got in stimulus money, including hundreds of millions for technology.

Security upgrades highlight DISA buying surge

The Defense Information Systems Agency plans to bolster security features embedded in its far-flung networks and data centers via several acquisition projects planned for the twilight of fiscal 2009.

US-CERT director resigns

Mischel Kwon, director of the Homeland Security Department’s operational cybersecurity team that handles cyber incident detection, warning and response activities for civilian agencies’ networks, has resigned. She will join RSA in early September.

Rising Star Beth Sherry Maloney

Maloney served as social-media evangelist and educator, both within Palladian and in the federal IT community at large. She also managed the transition of the Treasury Department’s HSPD-12 initiative to the General Services Administration’s USAccess shared-services program.

Rising Star Alma Ritter Cole

Cole led the response to the Adobe Reader JBIG2 vulnerability. His team identified and tracked multiple spear-phishing e-mail messages that attempted to exploit this vulnerability. His team also tackled other zero-day security threats — that is, flaws for which no fixes are available.

Rising Star Mary Beth Murphy

Murphy managed the transition of the Treasury Department’s HSPD-12 initiative to the General Services Administration’s USAccess shared services program.

Rising Star Richard J. Renomeron

Renomeron led a team of engineers that provides the Office of Management Budget with an array of systems for developing budgets, including the much-lauded Max Federal Community wiki.

Murphy leads Treasury’s HSPD-12 charge

Mary Beth Murphy shepherded Treasury’s employee ID card effort.

Government rethinks ban on tracking Web site visitors

The government could adopt consumer technology, but it would require policy changes.

Peer pressure: Congress plans file-sharing ban

Peer-to-peer software, used to easily share computer files, poses a security risk and has no place on government or contractor networks, according to some members of Congress who held a hearing about the technology recently.

Biometrics integral to modern combat

Biometrics are essential for modern warfare and can bridge organizational gaps, experts say.

DeepSec 2009 – Preliminary Schedule is online

Posted by InfoSec News on Aug 17

The third DeepSec conference is taking place between 17th and 20th November at the Imperial Riding School Renaissance Hotel.

The in-depth security conference will include two days of security talks during the conference and…

Heartland CEO gets a smackdown after his CSO interview

Posted by InfoSec News on Aug 17

http://blogs.computerworld.com/14539/heartland_ceo_gets_a_smackdown_after_his_cso_interview

By Michael R. Farnum
Hitting the Security Nerve
Computerworld Blogs
August 13, 2009

If you are reading this, you probably know about Heartland Payment Systems and the credit card system breach…

Physical Penetration Testing Tells All

Posted by InfoSec News on Aug 17

http://www.darkreading.com/blog/archives/2009/08/physical_penetr.html

By John Sawyer
Dark Reading
Aug 14, 2009

Rob Enderle had a great post here on Dark Reading on the discrepancies between physical and system security and what happens when they don’t match up. The problem is most…

US Cyber Challenge Training Hackers to Fight Criminals and Spies

Posted by InfoSec News on Aug 17

http://www.voanews.com/english/2009-08-14-voa54.cfm

By Meredith Hegg
Washington
VOA News
14 August 2009         

Computer security engineer Alan Paller recalls how the Soviet Union’s 1957 launch of Sputnik, the world’s first artificial satellite,…

Phone Hacking Threat Is Low, but it Exists

Posted by InfoSec News on Aug 17

http://gadgetwise.blogs.nytimes.com/2009/08/14/phone-hacking-threat-is-low-but-it-exists/

By Roy Furchgott
Gadget Wise
The New York Times
August 14, 2009

While the threat of bad guys hacking into your phone may remain minimal, it isn’t non-existent. In fact, one security expert created…

Security Cyber Czar Steps Down

Posted by InfoSec News on Aug 17

Expert Contributor?!?

http://www.glgroup.com/News/Security-Cyber-Czar-Steps-Down-42498.html

August 15, 2009
Analysis by: GLG Expert Contributor
Analysis of: Security Cyber Czar Steps Down Published at: online.wsj.com

Summary

Without a Cyber Security Czar in the federal government…

Cuba capable of waging a cyberwar

Posted by InfoSec News on Aug 14

http://www.miamiherald.com/opinion/other-views/story/1183690.html

By Manuel Cereijo
Miami Herald
08.13.09

During the last few weeks there have been thousands of cyber attacks on computers and computer networks in the U.S. government and private entities. The United States, because of its…

DHS plans cybersecurity wiki

Posted by InfoSec News on Aug 14

http://fcw.com/articles/2009/08/13/web-cyber-ops-wiki.aspx

By Ben Bain
FCW.com
Aug 13, 2009

The Homeland Security Department plans to develop a cyber ops wiki that agencies can use to improve collaboration on cyber security efforts, according to a notice from the department.

The…

Report: NISTs Cybersecurity Guidelines Arent Enough

Posted by InfoSec News on Aug 14

http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=219300112

By J. Nicholas Hoover
InformationWeek
August 13, 2009

A set of cybersecurity controls recently recommended by the National Institute of Standards and Technology for federal agencies doesn’t go…

Top Security Firm RSA Tries to Silence Blog

Posted by InfoSec News on Aug 14

http://www.wired.com/threatlevel/2009/08/rsa-tries-to-silence-blog/

By Kim Zetter
Threat Level
Wired.com
August 13, 2009

RSA security, one of the top security firms in the country, has sent takedown notices to a blogger and his hosting company in an effort to silence his discussion of a…

Twitter transformed into botnet command channel

Posted by InfoSec News on Aug 14

http://www.theregister.co.uk/2009/08/13/twitter_master_control_channel/

By Dan Goodin in San Francisco
The Register
13th August 2009

For the past couple weeks, Twitter has come under attacks that besieged it with more traffic than it could handle. Now comes evidence that the…

Cybersecurity resignations raise questions

Posted by InfoSec News on Aug 14

http://washingtontimes.com/news/2009/aug/13/key-cybersecurity-staff-quit/

By Shaun Waterman
THE WASHINGTON TIMES
August 13, 2009

The resignation last week of two of the government’s top cybersecurity officials has raised questions about President Obama’s much-touted effort to fix…

Reporting terrorism, affect your credit? (were doomed)

Posted by InfoSec News on Aug 13

Forwarded from: security curmudgeon

http://attrition.org/security/rant/fbi01.html

Reporting terrorism, affect your credit? (we’re doomed) Tue Aug 11 05:49:16 EDT 2009
security curmudgeon

Right as I am about to wind down for the night, ISN rolls in,…

Heartland CEO on Data Breach: QSAs Let Us Down

Posted by InfoSec News on Aug 13

http://www.csoonline.com/article/499527/Heartland_CEO_on_Data_Breach_QSAs_Let_Us_Down

By Bill Brenner
Senior Editor
CSO
August 12, 2009

For Heartland Payment Systems Inc. CEO Robert Carr, the year did not start off well, to say the least.

In January, the Princeton, N.J.-based…

NBA Star Warns Over Stolen Laptop

Posted by InfoSec News on Aug 13

http://www.thesmokinggun.com/archive/years/2009/0812091baron1.html

The Smoking Gun
August 12, 2009

A laptop containing “a variety of private images” of NBA star Baron Davis has been stolen and the athlete’s lawyers are threatening legal action if the material is published….

Google Helped Twitter Deal With Attacks (GOOG)

Posted by InfoSec News on Aug 13

http://www.businessinsider.com/twitter-cofounder-google-helped-us-thwart-attacks-2009-8

By Nicholas Carlson
Silicon Alley Insider
Aug. 12, 2009

Google and Twitter might be cozier than we thought.

With Facebook and FriendFeed getting together, people are starting to wonder if Twitter…

Android security chief: Mobile-phone attacks coming

Posted by InfoSec News on Aug 13

http://www.computerworld.com/s/article/9136593/Android_security_chief_Mobile_phone_attacks_coming?taxonomyId=17

By Robert McMillan
August 12, 2009
IDG News Service

As smartphones become more popular, they’re going to get some unwanted attention from criminals, Google Inc.’s head of…

Czar Prospect on Federal Cybersecurity

Posted by InfoSec News on Aug 13

http://www.govinfosecurity.com/articles.php?art_id=1697

By Eric Chabrow
Managing Editor
Gov Info Security
August 11, 2009

What’s most important about the job of presidential cybersecurity coordinator isn’t whether or not it reports to two bosses or how high on the White House…

UC Berkeley School of Journalism Server Hacked

Posted by InfoSec News on Aug 13

http://www.dailycal.org/article/106235/uc_berkeley_school_of_journalism_server_hacked

By Angelica Dongallo
Contributing Writer
The Daily Californian
August 10, 2009

Almost 500 applicants to the UC Berkeley Graduate School of Journalism were notified today that their Social Security…

FNA Managing Director Warns about Cyber War against Iran

Posted by InfoSec News on Aug 13

http://english.farsnews.com/newstext.php?nn=8805211171

13 Aug 2009

TEHRAN (FNA)- FNA managing Director Hamid Reza Moqaddamfar urged Iranian officials and people to keep vigilant against enemies’ hostile moves against Iran through cyber and satellite technologies, viewing them as parts of…

Network Solutions Breach Revives PCI Debate

Posted by InfoSec News on Aug 11

http://www.bankinfosecurity.com/articles.php?art_id=1691

By Linda McGlasson
Managing Editor
Bank Info Security
August 10, 2009

The recent data breach at Internet domain administrator and host Network Solutions compromised more than 573,000 credit and debit cardholders and begs the…

Sandia to boot behemoth botnet

Posted by InfoSec News on Aug 11

http://gcn.com/articles/2009/08/10/sandia-botnet.aspx

By Joab Jackson
GCN.com
Aug 10, 2009

Starting in October, a huge botnet will be run not by nefarious underground figures but by the Energy Department’s Sandia National Laboratories. The lab’s Thunderbird supercomputer will…

Georgian blogger calls for Twitter attack probe

Posted by InfoSec News on Aug 11

http://www.theregister.co.uk/2009/08/10/cyxymu_letter_to_medvedev/

By Dan Goodin in San Francisco
The Register
10th August 2009

The pro-Georgian blogger who was the target of attacks that shut down micro-blogging website Twitter last week has called on Russian President Dmitry Medvedev…

Hacker with Aspergers Sentenced to 55 Months for Trucking Scheme

Posted by InfoSec News on Aug 11

http://www.wired.com/threatlevel/2009/08/truckers/

By Kevin Poulsen
Threat Level
Wired.com
August 10, 2009

A Los Angeles hacker received a slightly reduced sentence Monday of 55 months in prison for participating in a multi-million computer fraud scheme, after a federal judge took into…

Report: Less Budget, More Data Leaks

Posted by InfoSec News on Aug 11

http://www.darkreading.com/insiderthreat/security/client/showArticle.jhtml?articleID=219100645

By Kelly Jackson Higgins
DarkReading
Aug 10, 2009

Half of all organizations say tighter budgets have hurt their ability to protect the leakage of sensitive or confidential information during the…

Cybersecurity Official Resigns

Posted by InfoSec News on Aug 10

http://www.washingtonpost.com/wp-dyn/content/article/2009/08/07/AR2009080702805.html

By Ellen Nakashima
Washington Post Staff Writer
August 8, 2009

A top operational official in charge of protecting civilian government computer networks has resigned, dealing another blow to the federal…

Computer hacker exposes MI5 security flaw

Posted by InfoSec News on Aug 10

http://technology.timesonline.co.uk/tol/news/tech_and_web/the_web/article6788694.ece

By Kevin Dowling
The Sunday Times
August 9, 2009

A COMPUTER hacker who breached MI5’s official website to reveal how criminals could spy on its users has criticised the agency’s security practices….

UK national ID card cloned in 12 minutes

Posted by InfoSec News on Aug 10

http://www.computerweekly.com/Articles/2009/08/06/237215/uk-national-id-card-cloned-in-12-minutes.htm

By Ian Grant
ComputerWeekly.com
06 Aug 2009

The prospective national ID card was broken and cloned in 12 minutes, the Daily Mail revealed this morning.

The newspaper hired computer…

IT admin charged in Xmas Eve rampage on charity

Posted by InfoSec News on Aug 10

http://www.theregister.co.uk/2009/08/07/it_admin_christmas_eve_rampage/

By Dan Goodin in San Francisco
The Register
7th August 2009

The former IT admin for a Florida-based charity stands accused of ransacking the organization’s servers and phone systems last Christmas eve, more than a…

Hacker Indicted For Stealing 130 Million Credit Cards

A Miami resident and two unnamed co-conspirators have been indicted for hacking major retailers and stealing credit card data.

Cyber Attack Against Georgia Blurred Civilian And Military

Last year’s cyber assault against Georgia represents a template for civilian involvement in military action.

Strategic Security: Server Virtualization

VMWare’s VMsafe program is bringing more security options to the world of server virtualization.

Feds To Use Wiki For Cybersecurity Collaboration

The Department of Homeland Security and other federal agencies will use the platform to share operational information on cybersecurity threats and best practices.

Homeland Security Expands Biometric Security Program

The program, which speeds international travelers through airport security, is expanding to 13 new airports, with wider expansion expected.

Report: NIST’s Cybersecurity Guidelines Aren’t Enough

The Cyber Secure Institute finds that NIST’s recently released cybersecurity recommendations may leave some federal systems inadequately protected.

Palm Addresses Pre Privacy Concerns

Developers were concerned after discovering the smartphone sends user location and application data to Palm daily.

Another U.S. Cybersecurity Official Resigns

The US Computer Emergency Readiness Team’s director calls it quits, while a national cybersecurity czar has yet to be named by the Obama administration.

‘Going Google’ Worries Los Angeles Police

The LAPD isn’t convinced that Google Apps is secure enough for its data. But Google says that its competitors are eager to see the deal delayed or derailed.

Twitter Attack Looks Politically Motivated

The denial of service attacks that hit Twitter, Blogger, Facebook and LiveJournal on Thursday appear to be an effort to silence a pro-Georgia blogger.

TSA OKs Biometric Security For Flight Crews

The stage is set for a Transportation Security Administration pilot program that accelerates flight crew security screening in airports.

NIST Lab Director Tackles Cybersecurity, Cloud Computing

Cita Furlani explains the nuts-and-bolts work of defining key government IT standards and the job of working with federal agencies on adoption and implementation.

Marine Corps Bans Social Media On Military Network

Wrestling with the changing nature of online communication and the need for operational security, the Marine Corps wants to formalize procedures for access to social sites on its network.

Mobile Data Startup Raises $9 Million

MobileIron’s enterprise mobility platform offers a window on employees’ smartphone use to increase security and cut costs.

Twitter Downed By Denial Of Service Attack

Following an denial of service attack on Thursday morning, Twitter is back online.

Apple Releases Mac OS X Leopard Update

The update, version 10.5.8, improves stability and security and includes many other improvements. Apple’s next big operating system update, Snow Leopard, is due next month.

Mozilla Store Security Breached

GatewayCDI, which operates the Mozilla Store, suffered a security breach affecting an undisclosed number of customers.

ID Management Remains Challenge For Federal Agencies

Some of the hurdles faced by the U.S. government include funding, organizational structure, and data protection.

Northrop Grumman Opens Security Center

Outsourcer will keep tabs on more than 100,000 customers and 10,000 servers in effort to eliminate cyber threats.

U.S. Cybersecurity Official Quits

The resignation of Melissa Hathaway comes as the Obama Administration continues its search for a top cybersecurity coordinator.

Software Updates Vulnerable To Hijacking

Public Wi-Fi networks present a risk to connected users even if they’re not surfing the Internet, thanks to applications that try to update themselves automatically.

Rolling Review: Symantec’s DLP-9

Symantec’s DLP software provides robust leak prevention for endpoints and on the network.

Hacker Gary McKinnon Loses Extradition Appeal

Fighting to avoid what he fears will be unfair treatment from U.S. courts, U.K. hacker Gary McKinnon lost another appeal in his attempt to avoid being extradited.

Apple Fixes iPhone SMS Vulnerability

Moving to close a hole revealed at the Black Hat security conference on Thursday, Apple has released iPhone OS 3.0.1.

Black Hat: Social Networks Reveal, Betray, Help Users

Researchers at security conference show how social networks can reveal more than users intend.

Black Hat: Mac OS X Rootkit Debuts

The development of a proof-of-concept rootkit for Mac OS X reinforces the fact that security concerns aren’t just for Windows users.

Black Hat: Android, iPhone SMS Flaws Revealed

Security researchers have identified several SMS vulnerabilities that can be used to deny service to mobile phones. They’re presenting on Thursday but their findings have been published.

Fake Security Software Steals $34 Million Monthly

Cybercriminals are making a fortune by preying on gullible computer users.

Apple Fears Jailbroken iPhones Could Kill Phone Networks

Fighting an attempt to win a copyright law exemption that would sanction the use of unauthorized iPhone software, Apple claims phone networks are at risk when it’s not in charge.

Black Hat: Smart Meter Worm Attack Planned

IOActive’s Mike Davis intends to unleash a worm on a smart meter at the Black Hat security conference on Thursday.

Google Hot Trends Dictate Malware Targeting

Popular search terms get more dangerous, a security report finds. And crossword puzzle players should be particularly vigilant.

Microsoft Issues Emergency Fixes For IE, Visual Studio

Outside of its normal patch cycle, Microsoft has released two security bulletins to fix critical flaws.

AT&T Says DoS Attack Prompted Block Of 4chan Site

The popular bulletin board site had been under a constant attack by hackers for three weeks before it was detected by the telecom company.

Security Worries Ratcheting Up; Spending Down

One in five IT managers expects to curtail investments in encryption, authentication, application security, and protection against DoS attacks this year, survey says.

Microsoft Plans Emergency Patch Tuesday

Two out-of-band security bulletins will be issued tomorrow to fix a critical flaw in Internet Explorer and a related issue in Visual Studio. Microsoft is withholding details until the patches are released.

Global CIO: An Open Letter To Cisco CEO John Chambers

In an open letter to Cisco CEO John Chambers, this column notes that Cisco is expanding beyond its traditional networking business with its Unified Computing System, telepresence, and other enterprise-level efforts. While this offers great potential, it also raises this question: What business is Cisco in today?

Microsoft Unveils Security Tools, Resources At Black Hat

Dealing with the changing threat landscape requires information sharing, Microsoft says, and it has developed software, guidelines, and programs to help make that happen.

Apple iPhone Security Weaknesses Exposed On YouTube

Deleted voice mail, e-mail, and other data on the iPhone 3GS is vulnerable to hackers, a security expert claims in two video tutorials.

The AP Plans ‘News Registry’ To Protect Content

The world’s oldest and largest news gathering organization aims to fight online theft of its content with digital tracking beacons.

Privacy Tool Makes Internet Postings Vanish

The open source tool called Vanish encrypts any text that’s entered into a browser and scatters it, in disappearing pieces, across a network.

Adobe Warns Of Critical Flash Vulnerability

Echoing security warnings issued earlier this year, Adobe is warning users of Flash Player, Reader, and Acrobat to exercise caution online due to a zero-day vulnerability that’s being actively exploited.

Rising Internet Fraud, Darknets On Agenda At Black Hat

The information-security community is set to converge for the industry’s premier conference as Black Hat comes to Las Vegas on July 25 – 30.

Researchers Bypass Secure Web Connections

EV SSL certificates are supposed to help people feel more secure online. But at Black Hat next week, two researchers plan to disclose a way around SSL protection.

HP Researchers Develop Browser-Based Darknet

HP security experts have developed a browser-based system for secure communications and plan to present their project at the upcoming Black Hat conference.

RIM Scrubs Spyware From UAE BlackBerrys

Users complained a firmware update — unauthorized by RIM — had led to decreased battery life and system crashes.

Google Apps Contract In LA Hits Security Headwind

The City of Los Angeles faces worries about privacy and security as it considers moving to Google Apps.

Adobe Offering Insecure Reader Software

Plagued by a series of vulnerabilities in its Reader software, Adobe has been tightening its security. Yet the company hasn’t gotten around to offering a secure version of Reader on its Web site.

Drivers Frown On Texting, Even As Practice Spreads

While 86% of study respondents support a ban on texting while driving, the incidence of drivers sending SMS messages increased by 40% in the past year.

Wal-Mart Unveils New Customer Privacy Policy

The retailer will more aggressively market through new channels, including text messages to mobile phones, and share more data with its partners.

Review: Firefox 3.5 Makes Browsing Better

Mozilla’s latest Web browser is a solid step forward, with features including private browsing, geolocation, and support for the latest audio, video, graphics, and HTML 5.

HTC Fixes Bluetooth Vulnerability In Smartphones

Security flaw allows attackers to gain access to all files on HTC’s Windows Mobile phones running the 6.0 or 6.1 versions.

Twitter Hack Tars Google’s Cloud

The distribution of internal Twitter documents by a hacker has revived doubts about the security of cloud computing. But Google wants everyone to know that security tools are available for those who want to use them.

Twitter Confidential Files Distributed By Hacker

The hacker who hijacked a Twitter admin account in May has been distributing sensitive files taken from the company, ostensibly to educate people about the risks of poor computer security.

Senate Mulls Jamming Cell Phone Signals In Prisons

Proposed legislation seeks to halt the use of illegal cell phones in prisons but is countered by public interest agency officials.

Firefox 3.5 Vulnerability Rated ‘Highly Critical’

Exploit code for a vulnerability in Firefox was posted online on Monday. Mozilla says it is working on a fix.

Microsoft Fixes Nine Vulnerabilities In July Patch

Two zero-day vulnerabilities are addressed in Microsoft’s July patch cycle, but a third flaw that was revealed on Monday remains.

Introducing the IEEE Industry Connections Security Group

By Jeff Green on Vulnerability Research

Agreement and collaboration have been two of the greatest challenges the security community has faced from the very beginning. In an effort to address this, The Industry Connections Security Group (ICSG), a new offering from the IEEE, allows like-minded companies to come together to solve industry or business problems that center on information security. Industry [...]

Pirate Party comes to the UK

A political party which aims to legalise file swapping for non-commercial reasons has been officially registered in the UK.

Lord Mandelson calls for internet piracy crackdown

Business Secretary Lord Mandelson is calling for tougher penalties for illegal downloaders, including fining the parents of children caught illegally file swapping.

IEEE program brings security vendors together

The IEEE standards group today announced an effort to bring security vendors together to collaborate on early-stage technologies.

Georgia cyberattacks linked to Russian organized crime

The cyberattacks against Georgia a year ago were conducted in close connection with Russian criminal gangs, and the attackers likely were tipped off about Russia’s intent to invade the country, according to a new technical analysis, much of which remains secret.

Hackers put social networks such as Twitter in crosshairs

Web sites such as Twitter are becoming increasingly favored by hackers as places to plant malicious software in order to infect computers, according to a new study covering Web application security vulnerabilities.

IE8 whips rivals in blocking malware sites

Microsoft’s Internet Explorer 8 again trounced rival browsers in a test of their malware-blocking abilities, catching 81% of attack code-infected sites, according to testing company NSS Labs.

Illinois outlaws sex offenders from using Facebook, MySpace

The state of Illinois made it a law this week banning convicted sex offenders from using social networking sites such as Facebook and MySpace.

IE 8 Beats Competition in Microsoft-sponsored Security Tests

Internet Explorer 8 blocked about four out of every five sites that attempt to trick visitors into downloading malicious software in browser security tests performed by NSS Labs.

Obama’s cookies may not go down so easy

It’s not some half-baked conspiracy theory whipped up by a TV demagogue, but the Obama Administration is planning changes that could impact the privacy of everyone who visits US Government Web sites.

Hackers clash over China’s rule in Muslim province

Pro-China and pro-Muslim hackers have clashed online in a series of attacks on Web sites triggered by deadly ethnic riots in China’s Muslim region last month.

Internet security threats last just 24 hours

Internet security threats such as worms and trojans last for just 24 hours, says Panda Security.

Should your credit report disqualify you for a job?

Employers are conducting job applicant and employee background checks and looking more frequently at credit records, criminal histories and other background information from a consumer reporting agencies lawsuits of this type are bound to grow exponentially.

UPS encrypts laptops and smart phones after data loss

Logistics giant UPS is encrypting all its laptops and smart phones, following the loss of payroll data last year.

Verizon brings IT security services to health care industry

Verizon Business is extending its Security Management Program capabilities and services to the health care industry to help providers maintain compliance with federal security guideline.

Government DNA database plans slammed again

Government plans to hold for 12 years the DNA data of people not found guilty of any crimes break human rights laws.

ICANN says new policy has killed ‘domain tasting’

The entity in charge of the Internet’s addressing system is declaring victory over an abusive trend in registering domain names.

Suspicious activities and my grandmother

Mark Gibbs is suspicious about a lot of acronyms, to wit, ISE’s NSIS that collects SARs that, at least in L.A., includes pictures or video footage “with no apparent esthetic value”. His grandmother’s words are brought to mind.

Palm Pre debacle highlights location privacy issues

Reports about Palm keeping track of Pre users have shown how location services can backfire, and the importance of making users aware of how information is used.

China will not enforce Green Dam porn filter plan

China said Thursday it will not force PC makers to bundle an Internet filtering program with computers sold in the country, backing down from a plan that stirred global controversy.

Security Update 2009-004 fixes BIND vulnerability

With the security content of all the updates Apple has been rolling out in the last few weeks, you might have thought the tides of darkness stemmed. But hackers never sleep–or so it seems–so neither can Apple. On Wednesday, the company released Security Update 2009-004, which is recommended for all Mac OS X users.

Voting machine hack costs less than $100,000

Why spend millions of dollars campaigning when you can hack an election for less than 100 grand?

Report: Your Palm Pre May be Spying on You

Is your Palm Pre spying on you and sending your GPS coordinates and more back to the Palm mothership on a daily basis? According to mobile application developer Joey Hess that’s exactly what is happening. He asserts on his personal blog that data on the location and app used on the Palm’s Pre smartphone is being sent to Palm.

Heartland CEO on Data Breach: QSAs Let Us Down

For Heartland Payment Systems Inc. CEO Robert Carr, the year did not start off well, to say the least.

Android security chief: Mobile-phone attacks coming

As smartphones become more popular, they’re going to get some unwanted attention from criminals, Google’s head of Android security said Wednesday.

Twitter withstands second DDoS attack in a week

Twitter was able to withstand a yesterday’s distributed denial-of-service attack far better than a similar attack last week.

Microsoft knew of critical Office ActiveX bug in ’07

Three of the critical vulnerabilities Microsoft patched Tuesday were first reported to the company two years ago, according to the security firm that alerted Microsoft of the flaws.

H-1B Visa Sponsors: Surprise! You’re Being Audited

Large U.S.-based technology companies and Indian IT outsourcing firms are paying close attention to proposed legislation aimed at tightening restrictions on and increasing oversight of the non-immigrant professional visas they use to place foreign professionals in roles stateside. But while the H-1B and L-1 Visa Reform Act, introduced by Senators Chuck Grassley (R-IA) and Dick Durbin (D-IL), remains in congressional committee, U.S. Citizenship & Immigration Services (USCIS), the agency that administers the H-1B and L-1 visa programs, has been increasing its anti-fraud enforcement efforts in response to reported abuse of the temporary worker programs.

Study: Air Cargo Security Seriously Lacking

There are serious security problems in international air cargo transportation and the controls around it, according to a report released this week by the International Transfer Center for Logistics and the Technische Universität of Berlin (See also: What New Air Cargo Security Rules Mean for Business).

Twitter users targeted by Koobface again

Hackers are continuing to use Twitter to exploit people’s PCs with the latest scam redirecting users to the malicious Koobface worm, according to PC Tools.

Apple patches 6 Safari security vulnerabilities

A month after it last patched Safari, Apple today plugged six security holes, four of them critical, in both the Mac and Windows versions of its Web browser.

Microsoft patches 19 bugs in sweeping security update

Microsoft today delivered nine security updates that patched 19 vulnerabilities in several crucial components of Windows, as well as in Windows Media Player, Outlook Express, IIS (Internet Information Server), Office and several other products.

ActiveX Overhaul in Microsoft Patch Batch

Microsoft’s nine security bulletins released today close a range of security holes involving ActiveX controls, Windows Media files and other software that affect the full array of Windows versions.

eBay requires developers to change their account passwords

Members of the eBay Developers Program must change their account passwords because the e-commerce company recently discovered a way in which account information could be accessed by malicious hackers.

Enterprises have false sense of data security

The lack of a data quality initiative in enterprises today can be driven by the perception that the cost associated with poor data quality is a mere cost of doing business, said one analyst.

Microsoft fixes 19 bugs in big patch smorgasbord

Microsoft today delivered nine security updates that patched 19 vulnerabilities in several crucial components of Windows, as well as in Media Player, Outlook Express, IIS, Office and several other products.

Study: Adobe Flash cookies pose vexing privacy questions

Adobe’s Flash program is being used on heavily trafficked Web sites to collect information on how people navigate those sites even if people believe they’ve restricted the data collection, according to a new study.

Phone calls & emails snooped on 500,000 times

The UK government has been accused of supporting a surveillance society akin to George Orwell’s 1984 after new figures revealed that police, councils and intelligence services made more than 500,000 requests to access citizens’ communications data in 2008.

Fortinet spies IPO as market bounces

After nine years of successful independence, security hardware vendor Fortinet has admitted it is plotting to turn itself into a public company.

Attacks on US, Korea Web sites leave a winding trail

The investigation into the attacks against high-profile Web sites in South Korea and the U.S. is a winding, twisty electronic goose chase that may not result in a definitive conclusion on the identity of the attackers.

61% of young adults illegal download music

Nearly two thirds of 14 to 24 year olds illegally download music over peer-to-peer (p2p) networks, says UK Music.

Police, councils spy on your calls, SMS and email

Official figures have revealed that in Britain each day last year, local authorities, police and the intelligence services had granted more than 1,500 requests to snoop on the public’s phonecalls, emails and text messages.

Windows Event Viewer phishing scam remains active

What do you get when you combine malware, IP telephony and an offshore call centre? A new breed of brazen phishing scam designed to target unwary Windows users.

Secunia PSI Points Out Dangerous Software Holes

One of the best ways to protect your PC is to keep all your software up-to-date. Patching over security holes blocks online attackers who like nothing more than exploiting old software flaws to surreptitiously install Trojans and other malware. The free Secunia Personal Software Inspector makes it easy to find and fix old programs–even those that lack automatic update features–on your PC. Secunia PSI scans your computer to find out what versions of what software you have installed, and it reports on which might contain known security holes.

Cybersecurity: Curiouser and curiouser

Gibbs is an aficionado of Carrol’s Alice and finds a curious parallel between the administration’s cybersecurity office and believing six impossible things.

Verizon Business to Offer Risk-Based Security Service

Verizon Business announced on Wednesday a new risk-based suite of security tools that include cloud-and-premises-based services. Verizon’s Next Generation Managed Security Services Platform is designed to compete with similar offerings from ArcSight and RSA.

Twitter Continues to Battle DDoS Attack

More than two days after experiencing a complete outage as a result of a distribute denial-of-service (DDoS) attack, Twitter and other social networking sites such as Facebook are still battling a surge in traffic related to the attack. Twitter has taken some steps to mitigate the spike in traffic and ensure that the site is not knocked offline again, but some of those steps are having an impact on third-party tools that link to Twitter through API’s (application programming interface).

Code Library Bug Is Likely Patch Tuesday Target

This month’s Patch Tuesday release will include nine security updates, five of them “critical” and all but one affecting Windows.

Hathaway Resigns From Cybersecurity Czar Post

Melissa Hathaway’s decision to step down as acting senior director for cyberspace at the National Security Council could increase pressure on the Obama administration to name a cybersecurity czar.

Twitter Breach Revives Cloud Security Fears

The breach of a hosted Google Apps application used by Twitter employees has heightened concerns over the security of cloud computing systems.

Twitter Attack Was Another Political DDoS

The distributed denial-of-service attack that hampered access to social networking and blogging sites all went after one pro-Georgia blogger, according to security company reports.

App developers stung by Twitter’s DOS woes

Developers who built applications for Twitter and generate money from them have been hard-hit by the micro-blogging service’s many hours of downtime in the past day, as hackers pummel Twitter with an ongoing denial-of-service attack.

Learning Lessons From the Twitter Outage

Unless you have been living in a cave or off the grid for the past 24 hours or so, you are probably aware that Twitter experienced a two-hour outage yesterday morning as a result of a distributed denial-of-service (DDoS) attack that overwhelmed its servers. The same attack was also targeted at other sites such as Facebook and Google, but Facebook only experienced performance issues and Google seems to have been relatively unaffected. What can Twitter learn from Facebook or Google to help it handle future attacks without a site outage?

Twitter still struggling to recover from DOS attack

The DOS (denial-of-service) attack that crippled Twitter on Thursday is still affecting the micro-blogging service on Friday, the company said in a blog post.

TJX suspect indicted in Heartland, Hannaford breaches
Networks pierced by garden-variety exploit

Federal authorities have charged a previously indicted hacker with breaching additional corporate computers and stealing data for at least 130 million credit and debit cards, the biggest identity theft case ever prosecuted in the United States.…

Researchers forge secure kernel from maths proofs
Machine verified micro-kernel

Aussie boffins have developed an operating system micro-kernel mathematically established as free of many types of errors. The development points the road toward “safety-critical software of unprecedented levels of reliability” for applications such as aircraft and cars.…

HSBC Trojan warning tracked down as false alarm
Kaspersky blushes abound after bank site misfire

Updated A false alert left users of Kaspersky’s internet security software fearing there was malware on HSBC’s website last weekend.…

Facebook phishers cast multiple lines
Scammers bait social networking site with hooky apps

Miscreants have recently begun peppering Facebook with a variety of new phishing scams with sex, sex, sex and more sex featuring prominently.…

Online betting mogul cops plea, coughs up $43m in gains
The slow demise of BetonSports’ Gary Kaplan

Gary S. Kaplan, the founder of online gambling empire BetonSports, pleaded guilty on Friday to multiple federal charges in an agreement that required him to forfeit more than $43m in criminal proceeds.…

Hacktivist vuln still plagues UN.org
Still lazy after all these years

The official website of the United Nations has yet to fix a vulnerability that more than two years ago allowed hacktivists to replace official content with their own activist messages.…

MS Zero-day security bug was two years in the making
Fix only followed exploit

A flaw in Office Web Components which Microsoft fixed on Tuesday was first reported to the software giant over two years ago, it has emerged.…

Labour MP exposes password credentials
‘Excuse me but your CMS is showing’

Web admins for Gisela Stuart MP inadvertently left password credentials for her site publically accessible up until Thursday.…

Dutch news agency goof leaks VIP phone numbers
Low security in the Low Countries

Security shortcomings by Dutch press agency GPD exposed the private telephone numbers of politicians and other public figures to prying eyes until earlier this week.…

Bug exposes eight years of Linux kernel
Passes it’s-not-crying-wolf test

Linux developers have issued a critical update for the open-source OS after researchers uncovered a vulnerability in its kernel that puts most versions built in the past eight years at risk of complete takeover.…

Twitter transformed into botnet command channel
Victim becomes enabler

For the past couple weeks, Twitter has come under attacks that besieged it with more traffic than it could handle. Now comes evidence that the microblogging website is being used to feed the very types of infected machines that took it out of commission.…

Autocad attacks return after four years in wilderness
The virus makes a comeback

Viruses attacking users of the Autocad computer assisted design application have recently resurfaced after taking a four-year hiatus, prompting a call from one security watcher for more to be done to done to prevent such outbreaks.…

Australian police charge banking Trojan suspect
Alleged perp also faces drug and botnet herding charges

Australian police have charged an as yet unnamed 20 year-old man on suspicion of creating a banking Trojan that infected an estimated 3,000 computers worldwide, as well as building up a 74,000 strong botnet of compromised machines.…

Virus arms race primes malware numbers surge
Half malware strains are junked after less than a day

Half (52 per cent) of new malware strains only stick around for 24 hours or less.…

Underground forum r00t-y0u.org gets pwned
S’kiddie defacement or law enforcement sting?

A notice on underground cybercrime forum r00t-y0u.org on Thursday suggested the site had become part of a law enforcement sting operation. However hacker hijinks and mischief making seem equally likely explanations for the incident, at the time of writing.…

Blaster anniversary recalls network worm heyday
Remembrance of flaws past

It’s six years since the infamous Blaster worm crippled Windows systems worldwide.…

Vuln exposes eBay developer accounts
Password changes ordered

eBay security officials are requiring members of its developer program to change their passwords following the discovery of a vulnerability that could allow attackers to intercept sensitive account details.…

Apple update patches serious DNS flaw in Mac OS X
In a BIND no more

Two weeks after internet overlords warned of a serious vulnerability in one of the most widely used programs for resolving domain names, Apple has updated its Mac OS X operating systems to fix the security bug.…

Man gets 3 years in prison for stealing IDs over LimeWire
Dodgy download redux

A Washington state man who admitted using the LimeWire file-sharing program to steal tax returns and other sensitive documents has been sentenced to more than three years in federal prison.…

CA auto-immune update trashes systems
eTrust security software quarantines self, MS apps

Updated A beserker update to CA eTrust anti-virus software created all sorts of confusion on Wednesday.…

Apple hunts down Win and Mac flavoured Safari flaws
Return of the Mac attack Trojan

Apple has patched six security holes in its Safari web browser software.…

Twitter briefly knocked offline by hackers (again)
Just when you thought it was safe to go back into Twitter…

Twitter suffered from yet more security jitters on Tuesday night, after another attack left the site briefly unavailable.…

Nine MS security bulletins create busy updates workload
Patches needed for almost everything – except IE

Microsoft released the expected nine patches – five critical – as part of a busy August Patch Tuesday update that focuses primarily on client-side vulnerabilities.…

Sequoia e-voting machine commandeered by clever attack
Return-oriented programming strikes again

Computer scientists have figured out to how trick a widely used electronic voting machine into altering tallies with a technique that bypasses measures that are supposed to prevent unauthorized code from running on the device.…

Websense yanks censorware from Yemen
Filter spat highlights repressive regime dilemma

Websense has blocked two ISPs in Yemen from receiving updates after it emerged that they were using its filtering technology in a government-mandated censorship scheme.…

Campaign Monitor reels from hack and spam attack
Australian mail marketing firm stumped

Australian email marketing application developers Campaign Monitor warned on Tuesday that it had been the victim of a hacking attack over the weekend.…

Autistic trucking scam hacker jailed for 55 months
Quality of mercy

A convicted hacker with Asperger’s Syndrome has been given a slightly reduced sentence of 55 months imprisonment over his involvement in a multi-million dollar trucking scam.…

Georgian blogger calls for Twitter attack probe
‘Dear Dmitry!’

The pro-Georgian blogger who was the target of attacks that shut down micro-blogging website Twitter last week has called on Russian President Dmitry Medvedev to track down the culprits.…

Fortinet plots rare IT security IPO
Under starter’s orders

All in one security appliance firm Fortinet has announced plans to go public on the stock exchange.…

Obama loses (another) cybersecurity bigwig
Oh, the bureaucracy

Updated Yet another high-ranking government official in charge of securing the country’s computer networks has resigned. This time, it’s the head of the US Department of Homeland Security’s Computer Emergency Readiness Team.…

Hotel prank call badboy tracked down to mum’s flat
Alleged PrankNET leader forced to cower inside

Online news mag The Smoking Gun (TSG) claims it to have tracked down the leader of prank call website PrankNET to the suburban flat in Windsor, Ontario he shares with his mum.…

Twitter hack spawns spam and scareware scams
DDoS campaign opens Pandora’s Box

Spam and scams have continued to flow from the fallout of last week’s DDoS against Twitter.…

MoD website outflanked by XSS flaws
Medic!

Hackers have discovered cross-site scripting (XSS) vulnerabilities on the UK’s Ministry of Defence website.…

US appeals court cans CAN-SPAM suit
A farewell to litigation factories

In a decision that could make it harder for internet users to take spammers to court, a federal appeals court has upheld the dismissal of a lawsuit against a company that sent a man more than 13,000 unsolicited emails.…

Tackling ISO 27001: A Project to Build an ISMS

Category: Management & Leadership

Paper Added: July 22, 2009

Protecting Against Insider Attacks

Category: Incident Handling

Paper Added: August 10, 2009

Surviving a third party onsite audit, (Sun, Aug 16th)

How serious are you about your company’s information security? You will get very serious quick …(more)…

Deja Vu – 2 Analysis Links, (Fri, Aug 14th)

…(more)…

Linux NULL pointer dereference due to incorrect proto_ops initializations (CVE-2009-2692) vulnerability, (Fri, Aug 14th)

Edward alerted us to a new Linux vulnerability coming from how Linux deals with unavailable operatio …(more)…

Tools for extracting files from pcaps, (Thu, Aug 13th)

Often in the course of investigating a compromised machine or when analyzing malware in a sandnet or …(more)…

New and updated cheat sheets, (Thu, Aug 13th)

A couple of things Inoticed on twitter today and thought you might be interested. Our fr …(more)…

CA eTrust update crashes systems, (Thu, Aug 13th)

It appears that the latest update to Computer Associates eTrust ant …(more)…

Apple Security Update Released for BIND DNS, (Wed, Aug 12th)

Apple released a security update today: APPLE-SA-2009-08-12-1 Security Update 200 …(more)…

Blocking those Secret, Stubborn Cookies, (Wed, Aug 12th)

Robert wrote in last night in response to a story in the latest SANSNewsBites newsletter that …(more)…

Safari 4.0.3, (Tue, Aug 11th)

Apple released today Safari 4.0 …(more)…

Microsoft August 2009 Black Tuesday Overview, (Tue, Aug 11th)

Overview of the August 2009 Microsoft patches and their status. # …(more)…

WordPress unauthenticated administrator password reset, (Tue, Aug 11th)

Juha-Matti pointed out multiple reports on a vulnerability in the widely used wordpress blog softwar …(more)…

Adobe Reader Patch available, (Mon, Aug 10th)

August must be the month for out of cycle patches. Following on the heels of https://isc …(more)…

XML Libraries Data Parsing Vulnerabilities, (Sat, Aug 8th)

We have received reports that several vulnerabilities have been discovered in XML library implementa …(more)…

Sun OpenSSO Enterprise/Sun Access Manager XML Vulnerabilities, (Sat, Aug 8th)

According to sun: Sun OpenSSO Enterprise (formerly Sun Access Manager and Sun Federation Manag …(more)…

Researchers Use Return-Oriented Programming to Manipulate eVoting Machine (August 12, 2009)

Researchers from the University of Michigan, the University of California, San Diego, and Princeton University have discovered that the Sequoia AVC Advantage electronic voting machine is vulnerable to an attack that can alter voting tallies…….

Quantcast Casts Out Flash Cookies in Wake of Report (August 12, 2009)

In the wake of research published about Flash cookies, online tracking company Quantcast has stopped its practice of recreating customers’ cookies with Flash after users deleted the regular cookies…….

Australian Man Charged in Data Theft Trojan and Botnet Case (August 13, 2009)

An Australian man has been charged with infecting 3,000 computers with a financial account-stealing Trojan horse program and creating a botnet of 74,000 computers around the world…….

Prison Sentence for Personal Data Theft Through LimeWire (August 12 & 13, 2009)

A Seattle man has been sentenced to 39 months in prison for using the LimeWire filesharing network to steal personal information, including tax returns and bank statements…….

UK Convicts Two for Refusing to Surrender Encryption Keys (August 11, 2009)

In the UK, two people have been convicted for refusing to surrender encryption keys…….

Judge Grants Preliminary Injunction Barring Sale of RealDVD (August 12, 2009)

A US District Court judge has granted a preliminary injunction that prohibits RealNetworks from selling its RealDVD software…….

Apple Issues OS X Updates to Fix BIND Vulnerability (August 13, 2009)

Apple has released a security update for Mac OS X 10…….

Microsoft Fixes 19 Vulnerabilities in Nine Security Bulletins (August 11 & 12, 2009)

On Tuesday August 11, Microsoft issued nine security bulletins to address a total of 19 vulnerabilities in Windows, the …….

Apple Releases Safari Update (August 12, 2009)

Apple has released an updated version of its Safari web browser…….

WordPress Password Reset Flaw Fixed (August 11 & 12, 2009)

WordPress blogging software has been updated to address a flaw that allowed attackers to reset administrator passwords…….

China Will Not Enforce Green Dam Mandate (August 13 & 14, 2009)

China has backed off from a mandate issued in May requiring that Internet filtering software known as Green Dam-Youth Escort be installed on or accompany all PCs sold in or shipped to that country…….

US-CERT Director Resigns (August 8 & 10, 2009)

The director of the Department of Homeland Security’s (DHS) US Computer Emergency Readiness Team (US-CERT) has resigned…….

Appeals Court Upholds Ruling Dismissing Suit Against Alleged Spammer. (August 8, 2009)

The Ninth Circuit Court of Appeals has upheld a lower court ruling that says individuals may not sue spammers under the CAN-SPAM Act if the plaintiffs do not meet the requirements of being an Internet service provider…….

Man Arrested and Indicted for Alleged Attack on Former Employer’s Systems (August 6, 7 & 8, 2009)

Luis Robert Altamarino has been arrested and indicted for allegedly breaking into his former employer’s computer network and causing damage that took days to remedy…….

UK Defence Department Allowing Use of Social Networking Media (August 7, 2009)

In contrast to recent news that the US military is considering restricting or even banning social networking media altogether, the UK’s Defense Ministry is encouraging its troops to make use of Twitter, Facebook, YouTube and other similar services…….

Citibank and Bank of America Issue New Cards to Massachusetts Customers (August 10, 2009)

Bank of America Corp…….

Secret, Stubborn Cookies (August 10, 2009)

Researchers from the University of California, Berkeley have reported that more than half of the Internet’s websites are using Adobe Flash cookies to track users’ behavior and interests, but these cookies are mentioned in just four privacy policies, though other suites mention the use of “tracking technology…….

ACLU Concerned About Proposed Increase of Cookie Use on Government Sites (August 10, 2009)

The American Civil Liberties Union (ACLU) is concerned about a proposal from the White House Office of Management and Budget (OMB) to allow broader use of cookies on government web sites…….

Microsoft to Issue Nine Bulletins on August 11 (August 7, 2009)

On Tuesday, August 11, Microsoft plans to release nine security bulletins to address vulnerabilities in Windows, Microsoft Office, Visual Studio, Microsoft ISA Server and Microsoft BizTalk Server…….

Attack on Twitter and Facebook Was a “JoeJob” (August 6, 7 & 10, 2009)

The denial-of-service attacks that hobbled Twitter and Facebook last week were not conducted through botnets, but instead were the result of a spam campaign aimed at a taking out accounts that belong to a pro-Republic of Georgia blogger…….

Compliance with NERC Standards No Guarantee of Security (August 7, 2009)

A survey of 100 information security specialists at US energy companies found that the majority believe that the cyber security standards established by the North American Electric Reliability Corp (NERC) are not adequate to protect the country’s electric power grid…….

Sketpics Refute Beck’s Allegation That Connecting To Cars.Gov Site Gives US Government The Right To Seize Computer (August 10, 2009)

Fox News commentator Glenn Beck has claimed that a policy statement on the Cars…….

Sandia to Launch Research Botnet (August 9 & 10, 2009)

Later this year, the US Department of Energy’s Sandia National Laboratories plans to launch a simulated botnet comprising one million virtual machines…….

Three indicted for Hannaford, Heartland data breaches

By SearchSecurity.com Staff

A grand jury has charged three men for their role in stealing more than 130 million credit and debit cards from Heartland Payment Systems and several other companies.

Marines pull about face on social networks with Twitter ban

By Eric Ogren

Young soldiers will cannot use communication tools in a surprising move that is an example of paranoia seeping into security decisions, according to columnist Eric Ogren.

Marine Corps’ Twitter ban example of security paranoia

By Eric Ogren

The Marine Corps’ move is an example of paranoia seeping into security decisions, according to columnist Eric Ogren. Browser security and training is the right approach.

Patch management study shows IT taking significant risks

By Eric Ogren

IT pros need to take patch management processes seriously and more dilligently understand the plethora of applications being used by end users.

Trusteer CEO criticizes Adobe, touts better patch deployments

By Robert Westervelt

Despite critical Flash and Adobe Reader updates July 30, only a fraction of Adobe users have installed them, Trusteer says. Trusteer’s CEO urges better patching mechanisms.

Microsoft fixes Office Web Components vulnerability, kill-bit bypass

By Robert Westervelt

Microsoft repaired critical vulnerabilities in Microsoft Office Web Components affecting Office Word, Excel and PowerPoint viewer as well as its ISA and BizTalk servers.

Data has become too distributed to secure, Forrester says

By Robert Westervelt

A Forrester Security Forum will address ways security pros can relax security policy and focus on mitigating the risks associated with employee use of Web-based tools and services.

Vulnerability mitigation study shows need for faster patching

By Robert Westervelt

Qualys CTO Wolfgang Kandek says vendors and administrators need to find ways to speed up the patching cycle.

Microsoft Security Essentials (MSE) shows no vision, expert says

By Eric Ogren

Microsoft’s launch of Microsoft Security Essentials (MSE) doesn’t give it a boost over competitive antivirus products, according to security columnist Eric Ogren.

SlideShowPro Director File Disclosure Vulnerability

SlideShowPro Director is vulnerable to a file disclosure flaw because it fails to perform proper validation and handling of input parameters. Attackers can exploit this vulnerability to read arbitrary files from the hosting web server. This issue exposes the confidentiality of any files residing on the same drive as the component including configuration files with system access credentials, the source code to application pages, and possibly customer data files.

Sun Java Pack200 Decoding Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Sun Java Runtime. User interaction is required in that a target must visit a malicious web page or open a malicious JNLP file.

Microsoft Internet Explorer Memory Corruption Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.

Fetchmail Improper SSL Certificate Subject Verification

Some Certificate Authorities sign certificates that contain embedded NUL characters in the Common Name or subjectAltName fields of ITU-T X.509 certificates. Applications that would treat such X.509 strings as NUL-terminated C strings (rather than strings that contain an explicit length field) would only check the part up to and excluding the NUL character, so that certificate names such as http://www.good.examplewww.bad.example.com would be mistaken as a certificate name for http://www.good.example. fetchmail also had this design and implementation flaw.

HP-UX Running IPFilter Remote Denial of Service

A potential security vulnerability has been identified with HP-UX running IPFilter. The vulnerability could be remotely exploited to create a Denial of Service (DoS).

Palm Pre WebOS Execution of Arbitrary Code

The Palm Pre WebOS version 1.0.4 and below allows a remote attacker to execute arbitrary HTML code on the phone via certain applications. The affected applications involve the native email client via the notifications system as well as the native calendar application.

Oracle Enterprise Manager SQL Injection Vulnerability

This vulnerability allow a Oracle Enterprise Manager user with VIEW (or more) privileges to execute a function call with the elevated privileges of the SYSMAN database user.

Indictments Hit for Largest U.S. Credit Card Breach

Charges pile up for Albert Gonzalez and two unnamed co-conspirators, who allegedly helped engineer SQL injection attacks on Heartland Payment Systems, 7-Eleven and Hannaford Brothers grocery store chain. Gonzales also faces different charges for hack on restaurant chain Dave Busters.
- Albert Gonzalez, a 28-year-old resident of the Miami, was indicted Aug. 17 for his participation in the largest alleged credit and debit card data breach ever charged in the United States. Gonzales’ corporate victims include Heartland Payment Systems, a New Jersey-based card payment processor; 7-…

IE 8 Tops Firefox, Google Chrome, Others in Browser Security Smackdown

NSS Labs tests put Microsoft Internet Explorer 8 out in front of Firefox, Safari, Opera and Chrome when it comes to blocking rogue sites. According to the findings, IE 8 blocks 83 percent of phishing sites, compared with 26 percent stopped by Google Chrome.

Patching Security Holes Lags as Vulnerabilities Increase

Data from Trusteer and Qualys puts the spotlight on trouble in the vulnerability management process. It still typically takes a month for a patch to be deployed to half of vulnerable systems, Qualys reports, while Trusteer says nearly 80 percent of the computers it scans are running vulnerable versions of Adobe Flash.

Apple Fixes DNS Vulnerability in Mac OS X

Apple issues an update to fix a bug affecting Mac OS X, including server editions. The patch comes shortly after Apple pushed out 18 fixes to users.

Researchers Boot Million Linux Kernels to Help Botnet Research

Scientists at Sandia National Laboratories have demonstrated the ability to run more than 1 million Linux kernels as virtual machines, an effort they say will ultimately help researchers analyzing massive botnets.

Apple Fixes Safari Browser Flaws

Apple plugged six security holes in its Safari browser recently, a number of which left users vulnerable to code execution by attackers. But the patches are not just limited to just Mac OS X users.

Twitter Attack Knocks Out Service Again

Twitter experiences another distributed-denial-of-service attack, knocking out the microblogging service for a time. The attack follows a security incident Aug. 6 when Twitter was one of several Websites affected by a DDoS attack targeting a pro-Georgian blogger.

Microsoft Patches Windows Vulnerabilities

Microsoft pushes out patches for 19 vulnerabilities for Patch Tuesday. The August fixes cover a number of products, including Windows and Office Web Components. The security bulletins also address vulnerabilities in Microsoft’s Active Template Library.

Nine Security Acquisitions We Would Love to See

Given the economy, maybe it is not surprising that there are security acquisitions going on, as it perhaps gives larger vendors an opportunity to buy smaller ones at somewhat cheaper price than in the best of times. The past few months have seen several acquisitions in the security space: IBM’s purchase of Ounce Labs, Trend Micro’s soon-to-be-closed acquisition of Third Brigade and McAfee’s plans for MX Logic, just to name a few. With this in mind, eWEEK has compiled a list of security acquisitions we would like to see. This list was written without regard to any acquisition rumors that may be floating around about any of these companies, but with an eye toward the product portfolios of various vendors and their competitors.

ACLU Blasts Proposed Federal Cookie Policy

The American Civil Liberties Union wants more information on a proposal by the Obama administration to reverse a nine-year ban on use of cookies on federal Websites. Federal CIO Vivek Kundra is backing the plan to change current policy on governmental Web tracking.

Afilias, Neustar Team with ISC on DNS Security

Afilias and Neustar are partnering with the Internet Systems Consortium to bring a more secure DNS closer to reality. Both Afilias and Neustar are providing secondary DNS service for the consortium’s DNSSEC Look-aside Validation zone.

Common PHP Security Mistakes and What You Can Do About Them

Researchers at Fortify Software have compiled a list of the most common vulnerabilities found in PHP code. Here is what they found, and some advice on what developers can do about it.

Twitter DDoS Attack Takes Twists and Turns

The fallout from the DDoS attack that hit Twitter, Facebook, YouTube and other Web 2.0 sites continued even after the attack had officially ended. Hacktivism or not, Web admins need to take precautions to protect against DDoS attacks.

TJX Hacker Indicted in Heartland, Hannaford Breaches

In Fraud

A federal grand jury has indicted three individuals for allegedly hacking into credit and debit card payment processing giant Heartland Payment Systems last year, as part of an investigation the Justice Department is calling the largest identity theft case ever prosecuted. According to indictments returned Monday in a New Jersey federal court, the government believes the same individuals were involved in a string of high-profile data breaches between October 2006 and May 2008, including intrusions at Hannaford Brothers Co., and 7-Eleven, Inc. In total, the government alleges the hackers stole data on more than 130 million credit and debit cards from Princeton, NJ-based Heartland. Read the full story, at this link here. A copy of the indictment is available here.

Security Patch Catchup: Java, Safari & OS X

In New Patches

Security Fix took a mini-vacation last week, but that’s all it takes to fall behind in important software security updates. Here’s a quick pointer to some recent updates that have recently happened. The last time I wrote about Java updates was at Update 13, but as several readers have pointed out, the latest version is now Update 16. Near as I could tell, Updates 14 and 16 did not include security updates. Indeed, Java maker Sun Microsystems says users who have Java SE 6 Update 15 have the latest security fixes and do not need to upgrade to version 16 to be current on security fixes. However, Update 15 shipped fixes for a number of serious security holes, so if you’ve got an earlier version of this program installed, take a few minutes to update. Don’t know whether you have Java or what version you may have? Visit this link.

Microsoft Fixes 19 Windows Security Flaws

In New Patches

Microsoft today issued a raft of software updates to plug at least 19 security holes in its various Windows operating systems and other software, 15 of which earned the company’s most dire “critical” rating. This month’s batch of patches fix some fairly dangerous flaws. Redmond labels a security flaw “critical” if attackers could use it to seize control over a vulnerable system without any help from the victim. What’s more, a dozen of the flaws earned the highest rating on Microsoft’s “exploitability index,” which is the software maker’s best estimation of the likelihood that criminals will soon develop reliable ways to exploit them to break into Windows-based machines. Patches are available for Windows 2000, XP, Vista, Windows Server 2003 and Windows Server 2008. Microsoft said none of the vulnerabilities affect Windows 7, its newest operating system. Windows users can download the updates from Windows Update or via Automatic Updates Many

Brief: Apple patches Safari, DNS software

Apple patches Safari, DNS software

Brief: Brazen botnet uses Twitter comm channel

Brazen botnet uses Twitter comm channel

News: Two convicted in U.K. for refusal to decrypt data

Two convicted in U.K. for refusal to decrypt data

Brief: Microsoft patches ActiveX, Office flaws

Microsoft patches ActiveX, Office flaws

Brief: Survey: More companies monitoring e-mail

Survey: More companies monitoring e-mail

GE Is Hiring in Michigan

By Richard Bejtlich

In June in this post I linked to a speech that GE’s CEO gave in Michigan. We’re hiring about 1,200 people over the next few years, and the jobs are already appearing at gecareers.com. One of the jobs posted requests an IT Project Manager – Information Technology (Security). This candidate would work in a sister unit to our GE-CIRT doing Identity and Access Management (IAM). If this job looks interesting, please check it out. As other roles in our Corporate security group appear — especially those in GE-CIRT — I will let you know.

Obama criticizes a Cold War approach to defense (AP)

In politics

AP – President Barack Obama chastised the defense industry and a freespending Congress on Monday for wasting tax dollars “with doctrine and weapons better suited to fight the Soviets on the plains of Europe than insurgents in the rugged terrain of Afghanistan.”

Georgia Cyberattacks Linked to Russian Organized Crime (PC World)

In technology

PC World – The cyberattacks against Georgia a year ago were conducted in close connection with Russian criminal gangs, and the attackers likely were tipped off about Russia’s intent to invade the country, according to a new technical analysis, much of which remains secret.

Hackers Put Social Networks Such as Twitter in Crosshairs (PC World)

In technology

PC World – Web sites such as Twitter are becoming increasingly favored by hackers as places to plant malicious software in order to infect computers, according to a new study covering Web application security vulnerabilities.

Cyber warriors trawl web for extremist threats (AFP)

In technology

AFP – Nur Azlin Mohamed Yasin spends several hours a day trawling the Internet, but she is not your typical young surfer, descending into a world of bomb-making, militancy and extremism.

Australian charged with infecting 3,000 computers (AP)

In technology

AP – A 20-year-old Australian man has been charged with infecting more than 3,000 computers around the world with a virus designed to capture banking and credit card data, police said Thursday.

Security Update 2009-004 fixes BIND vulnerability (Macworld.com)

In technology

Macworld.com – With the security content of all the updates Apple has been rolling out in the last few weeks, you might have thought the tides of darkness stemmed. But hackers never sleep-or so it seems-so neither can Apple. On Wednesday, the company released Security Update 2009-004, which is recommended for all Mac OS X users.

Sex, videos, friends, games hot with kids online: Norton (AFP)

In us

AFP – Children are searching online for videos, social networks, games and, yes, porn as they grow up in an Internet Age, according to computer security firm Symantec.

Pro-Georgian blogger target of Internet attacks (AFP)

In technology

AFP – Cyber assaults that temporarily derailed the websites Twitter, Facebook and LiveJournal were aimed at a pro-Georgian blogger, according to Internet security company F-Secure.

Brazilian ID thieves using Twitter as botnet command channel

By Ryan Naraine on Web Applications

Arbor Networks security researcher Jose Nazario has stumbled upon a crimeware botnet using Twitter as its command-and-control operation. The botnet, which is linked to identity thieves in Brazil, uses Twitter status messages to communicate with bots — sending new links for the infected computers to contact and new commands and executables to download and run. Here’s a [...]

Apple drops (another) Mac OS X security patch

By Ryan Naraine on Uncategorized

Less than a week after fixing 19 Mac OS X security vulnerabilities, Apple is on the patch treadmill again. The company released Security Update 2009-004 to fix a solitary BIND vulnerability that could lead to denial of service attacks.  Apple warns: A logic issue in the handling of dynamic DNS update messages may cause an assertion to [...]

Advanced Mac OS X rootkit tools released

By Ryan Naraine on Vulnerability research

Security researcher Dino Dai Zovi (of Pwn2Own fame) has released a suite of tools to demonstrate how to load an advanced rootkit on Mac OS X machines. The tools were first discussed at this year’s Black Hat security conference where Dai Zovi (right) presented techniques to manipulate the way the Mach micro-kernel uses RPC calls to [...]

eBay warns of developer password-theft flaw

By Ryan Naraine on eBay

If you are a member of the eBay Developer Program, you might want to change your password immediately. According to a warning from eBay’s Kumar Kandaswamy, a vulnerability in the service allows malicious hackers to gain information to developer accounts.  The company is strongly encouraging its user base to change passwords to the developer.ebay.com portal.   The [...]

Apple plugs code execution, phishing holes in Safari browser

By Ryan Naraine on Windows Vista

Apple has released Safari 4.0.3 to fix at least six security vulnerabilities that put Mac and Windows users at risk of hacker attacks. The update is considered highly-critical and should be immediately applied on both Windows and Mac systems because of the risk of information disclosure, phishing and remote code execution attacks. Here’s a snapshot of the [...]

New Mac OS X DNS changer spreads through social engineering

By Dancho Danchev on Passwords

TrendMicro is reporting on a newly discovered 4th member of the OSX_JAHLAV malware family. The latest variant is once again relying on social engineering, this time spreading under a QuickTime Player update (QuickTimeUpdate.dmg) with a DNS changer component enabling the malware authors to redirect and monitor the traffic of the victim. More info on OSX_JAHLAV.D: The Trojan contains [...]

Microsoft: Exploits likely for ‘critical’ Windows vulnerabilities

By Ryan Naraine on Windows Vista

Microsoft today dropped a mega patch bundle with fixes for several “critical” vulnerabilities affecting the Windows platform and warned that “consistent, reliable exploit code” was likely to be released within 30 days. The Redmond, Wash. software maker released nine bulletins — five rated critical — to provide cover for a total of 19 documented security vulnerabilities.   [...]

Campaign Monitor hacked, accounts used for spamming

By Dancho Danchev on Uncategorized

E-mail marketing software developer Campaign Monitor warned users today of a server compromise that took place during the weekend. The compromise allowed the attackers to gain access to customer accounts, which they abused by importing their own lists of harvested emails in order to launch spam campaigns using the clean IP reputation of their servers. No [...]

Password-reset flaw haunts WordPress admins

By Ryan Naraine on Web Applications

Researchers are sounding the alarm for a serious administrator password-reset vulnerability affecting the latest version of WordPress, the popular open-source blog publishing platform. The flaw, which can be exploited via the browser, gives an attacker a trivial way to compromise the admin account of any WordPress of WordPress MU (multiple user) installation. Proof-of-concept code demonstrating the problem [...]

Microsoft’s Bing invaded by pharmaceutical scammers

By Dancho Danchev on Uncategorized

Rogue online pharmacies have found a way to exploit Bing’s advertising program. According to a recently released report by KnujOn and LegitScript, 90% of the Bing sponsored pharmacy ads were rogue ones, shipping counterfeit prescription drugs, with the bogus companies participating part of larger affiliate networks like this one analyzed last year. The report also details a [...]

Browser flaws expose users to man-in-the-middle attacks

By Ryan Naraine on Vulnerability research

Security researchers at Microsoft have found a way to break the end-to-end security guarantees of HTTPS without breaking any cryptographic scheme. During a research project (.pdf) concluded earlier this year, the Microsoft Research team discovered a set of vulnerabilities exploitable by a malicious proxy targeting browsers’ rendering modules above the HTTP/HTTPS layer. Here’s the gist of the [...]

Patch Tuesday heads-up: 9 bulletins, 5 critical

By Ryan Naraine on Windows Vista

For Microsoft Windows users, next week’s Patch Tuesday will be somewhat hectic. The Redmond, Wash. software maker plans to release a total of nine bulletins to patch a wide range of serious vulnerabilities affecting Windows, Microsoft Office, Microsoft Visual Studio, Microsoft ISA Server, Microsoft BizTalk Server and the .Net Framework. Five of the bulletins will be rated [...]

Federal forms themed blackhat SEO campaign serving scareware

By Dancho Danchev on Malware

An ongoing blackhat SEO (search engine optimization) campaign is actively hijacking a variety of U.S Federal Forms keywords in an attempt to serve the Personal Antivirus (Trojan.Win32.FakeXPA) scareware. Due to the automated and sophisticated PageRank boosting tools cybercriminals use in these campaigns, the hijacked keywords are always popping-up within the first ten to twenty search results [...]

Twitter knocked offline by DDoS attack; Koobface returns with a twist

By Ryan Naraine on Web 2.0

Popular microblogging service Twitter was knocked offline for an extended period this morning by what appears to be a massive distributed denial-of-service attacks. Twitter confirmed the outage was linked to malicious attackers in a brief status message posted around 11:00 a.m EST. We are defending against a denial-of-service attack, and will update status again shortly. Update: the site [...]

Major security holes in popular XML libraries

By Ryan Naraine on Web Applications

A security research outfit has issued a warning for several critical vulnerabilities in popular XML libraries used by a wide range of software vendors. The flaws, discovered earlier this year by Codenomicon, affect a wide range of technology products, including servers and server applications, workstations and end user applications, network devices,  embedded systems and mobile devices. [...]

Absolute Software downplays BIOS rootkit claims

By Dancho Danchev on Rootkits

Following a flood of calls from customers, the company behind the LoJack anti-theft service which researchers from Core Security Technologies recently portrait as a security threat, issued a statement downplaying the researchers’ claims. According to the statement, LoJack is neither a rootkit, nor does it behave in such a way. Moreover, the company insists that the [...]

Apple warns of Mac attack risk via image files

By Ryan Naraine on Zero-day attacks

Apple today warned that opening or viewing image files could lead to remote code execution attacks against Mac OS X users. In an update that contains fixes for a total of 19 documented vulnerabilities, Apple said malicious hackers could rig PNG (Portable Network Graphics) and other images to take complete control of unpatched Mac systems. Here’s the [...]

Mozilla shuts online store after security breach

By Ryan Naraine on Web Applications

The Mozilla Foundation has shuttered its e-commerce store after confirming a security breach at GatewayCDI, the third-party vendor that handles the store’s backend operations. The open-source groups said it has asked Gateway CDI to quickly notify individuals who had their sensitive data compromised.  Mozilla did not elaborate on the extent of compromised customer data. Mozilla said it [...]

Plugins compromised in SquirrelMail’s web server hack

By Dancho Danchev on Uncategorized

According to a recently posted update by SquirrelMail’s Jonathan Angliss, the source code of three plugins was backdoored during the web server compromise of the popular web-based email application which took place last month. The compromised plugins were embedded with code that was forwarding accounting data to a server maintained by the people behind the hack, [...]

Microsoft Security Bulletin Summary for August 2009

Revision Note: Bulletin Summary published.Summary: This bulletin summary lists security bulletins released for August 2009.

MS09-044 – Critical: Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927) – Version:1.0

Severity Rating: Critical – Revision Note: Bulletin published.Summary: This security update resolves two privately reported vulnerabilities in Microsoft Remote Desktop Connection. The vulnerabilities could allow remote code execution if an attacker successfully convinced a user of Terminal Services to connect to a malicious

MS09-043 – Critical: Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638) – Version:1.1

Severity Rating: Critical – Revision Note: V1.1 (August 12, 2009): Corrected the restart requirement for Visual Studio .NET 2003; updated the tables in the Detection and Deployment Tools and Guidance section; updated the impact description of the workaround, “Prevent Office Web Components Library from running in Internet Explorer;” corrected the update installation switches for Internet Security and Acceleration Server 2004 and Internet Security and Acceleration Server 2006; and performed miscellaneous edits.Summary: This security update resolves several privately reported vulnerabilities in Microsoft Office Web Components that could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-042 – Important: Vulnerability in Telnet Could Allow Remote Code Execution (960859) – Version:1.1

Severity Rating: Important – Revision Note: Bulletin published.Summary: This security update resolves a publicly disclosed vulnerability in the Microsoft Telnet service. The vulnerability could allow an attacker to obtain credentials and then use them to log back into affected systems. The attacker would then acquire user rights on a system identical to the user rights of the logged-on user. This scenario could ultimately result in remote code execution on affected systems. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-041 – Important: Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657) – Version:1.0

Severity Rating: Important – Revision Note: V1.0 (August 11, 2009): Bulletin published.Summary: This security update resolves a privately reported vulnerability in the Windows Workstation Service. The vulnerability could allow elevation of privilege if an attacker created a specially crafted RPC message and sent the message to an affected system. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials to a vulnerable system in order to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.

MS09-040 – Important: Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032) – Version:1.0

Severity Rating: Important – Revision Note: V1.0 (August 11, 2009): Bulletin published.Summary: This security update resolves a privately reported vulnerability in the Windows Message Queuing Service (MSMQ). The vulnerability could allow elevation of privilege if a user received a specially crafted request to an affected MSMQ service. By default, the Message Queuing component is not installed on any affected operating system edition and can only be enabled by a user with administrative privileges. Only customers who manually install the Message Queuing component are likely to be vulnerable to this issue.

MS09-039 – Critical: Vulnerabilities in WINS Could Allow Remote Code Execution (969883) – Version:1.1

Severity Rating: Critical – Revision Note: V1.1 (August 12, 2009): Updated the Affected Software table to list KB961064 as the only KB replaced by this update in Microsoft Security Bulletin MS09-008Summary: This security update resolves two privately reported vulnerabilities in the Windows Internet Name Service (WINS). Either vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service. By default, WINS is not installed on any affected operating system version. Only customers who manually install this component are affected by this issue.

MS09-038 – Critical: Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557) – Version:1.0

Severity Rating: Critical – Revision Note: V1.0 (August 11, 2009): Bulletin published.Summary: This security update resolves two privately reported vulnerabilities in Windows Media file processing. Either vulnerability could allow remote code execution if a user opened a specially crafted AVI file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-037 – Critical: Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908) – Version:1.1

Severity Rating: Critical – Revision Note: V1.1 (August 12, 2009): Removed erroneous reference to known issues from the Frequently Asked Questions (FAQ) Related to This Security Update section; added new entries to the section, FAQ for Microsoft Video ActiveX Control Vulnerability – CVE-2008-0015, describing the relationship between this bulletin and Microsoft Security Bulletin MS09-032; corrected restart requirements throughout the bulletin; and performed miscellaneous edits.Summary: This security update resolves several privately reported vulnerabilities in Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control hosted on a malicious website. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-036 – Important: Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957) – Version:1.0

Severity Rating: Important – Revision Note: Bulletin published.Summary: This security update addresses a privately reported Denial of Service vulnerability in the Microsoft .NET Framework component of Microsoft Windows. This vulnerability can be exploited only when Internet Information Services (IIS) 7.0 is installed and ASP.

Microsoft Security Advisory (973811): Extended Protection for Authentication

Revision Note: Advisory published.Summary: Microsoft is announcing the availability of a new feature, Extended Protection for Authentication, on the Windows platform. This feature enhances the protection and handling of credentials when authenticating network connections using Integrated Windows Authentication (IWA).

MS09-044 – Critical: Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927)

Bulletin Severity Rating:Critical – This security update resolves two privately reported vulnerabilities in Microsoft Remote Desktop Connection. The vulnerabilities could allow remote code execution if an attacker successfully convinced a user of Terminal Services to connect to a malicious

MS09-043 – Critical: Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638)

Bulletin Severity Rating:Critical – This security update resolves several privately reported vulnerabilities in Microsoft Office Web Components that could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-042 – Important: Vulnerability in Telnet Could Allow Remote Code Execution (960859)

Bulletin Severity Rating:Important – This security update resolves a publicly disclosed vulnerability in the Microsoft Telnet service. The vulnerability could allow an attacker to obtain credentials and then use them to log back into affected systems. The attacker would then acquire user rig

MS09-041 – Important: Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657)

Bulletin Severity Rating:Important – This security update resolves a privately reported vulnerability in the Windows Workstation Service. The vulnerability could allow elevation of privilege if an attacker created a specially crafted RPC message and sent the message to an affected system. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials to a vulnerable system in order to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.

MS09-040 – Important: Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032)

Bulletin Severity Rating:Important – This security update resolves a privately reported vulnerability in the Windows Message Queuing Service (MSMQ). The vulnerability could allow elevation of privilege if a user received a specially crafted request to an affected MSMQ service. By default, the Message Queuing component is not installed on any affected operating system edition and can only be enabled by a user with administrative privileges. Only customers who manually install the Message Queuing component are likely to be vulnerable to this issue.

MS09-039 – Critical: Vulnerabilities in WINS Could Allow Remote Code Execution (969883)

Bulletin Severity Rating:Critical – This security update resolves two privately reported vulnerabilities in the Windows Internet Name Service (WINS). Either vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service. By default, WINS is not installed on any affected operating system version. Only customers who manually install this component are affected by this issue.

MS09-038 – Critical: Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557)

Bulletin Severity Rating:Critical – This security update resolves two privately reported vulnerabilities in Windows Media file processing. Either vulnerability could allow remote code execution if a user opened a specially crafted AVI file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-037 – Critical: Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)

Bulletin Severity Rating:Critical – This security update resolves several privately reported vulnerabilities in Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control hosted on a malicious website. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-036 – Important: Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957)

Bulletin Severity Rating:Important – This security update addresses a privately reported Denial of Service vulnerability in the Microsoft .NET Framework component of Microsoft Windows. This vulnerability can be exploited only when Internet Information Services (IIS) 7.0 is installed and ASP.

August 2009 Security Bulletin Webcast Video and Customer Q and A

By MSRCTEAM

As we do every month on the Wednesday following our standard second Tuesday security bulletin release, we conducted a live webcast where Adrian Stone and myself went through the bulletins in detail and then answered customer questions with the help of several subject matter experts (SMEs).

It is apparent that there is still a bit of confusion around the Active Template Library (ATL) issue and how current updates relate to work we have already done to provide mitigations, protections and guidance to customers. To try and provide some clarity:

  • Security Advisory 972890: This advisory was released in response to active attacks against the Microsoft Video ActiveX Control in order to provide guidance and mitigations (including a Microsoft Fix it solution) to customers while we worked towards an update for the underlying issue.
  • MS09-032 – Cumulative Update of ActiveX Kill Bits (973346): This bulletin provided an official kill bit update to replace the Microsoft Fix it solution provided by Security Advisory 972890. The update addresses additional kill bits and is also available through Microsoft update technologies such as Windows Update, Microsoft Update, and Windows Software Update Services (WSUS). This kill bit blocked the ability to instantiate the Microsoft Video ActiveX Control in Internet Explorer to mitigate against known attacks.
  • MS09-034 – Cumulative Security Update for Internet Explorer (972260): This bulletin provided a defense-in-depth update that helps mitigate known attack vectors within Internet Explorer. To be clear, Internet Explorer is not vulnerable to these attacks but the vulnerable components can be reached through Internet Explorer. Installing this update mitigates that threat.
  • MS09-035 – Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706): This update is specifically geared towards developers of components and controls who use ATL. The update addresses the underlying issue in our Visual Studio development tools. Developers who use ATL should install this update and recompile their components and controls following the guidance in this MSDN article.
  • MS09-037 – Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908): This bulletin provides updates for vulnerable components and controls that shipped with Windows products. These are Microsoft components and controls were built using ATL. Among the updates in this bulletin is a binary level update that addresses the vulnerability in the Microsoft Video ActiveX Control that has seen some active attacks. So we previously released a kill bit update to provide immediate protection for customers and are addressing the underlying vulnerability with this update.
  • Security Advisory 973882: This advisory provides information on our ongoing investigation in to the ATL issue and serves as a single source for all related information.

To be even clearer, not every ActiveX control is vulnerable and we have an ongoing investigation into this issue. We will continue to provide updates via Security Advisory 973882 and Security Bulletins as necessary.

Of course this is not the only issue we addressed this month and customers had quite a few questions during the webcast that we provided answers and guidance for. Please review the text version of the Q&A here>>.

Here is the video of the webcast that includes the bulletin by bulletin presentation and the complete Q&A session:

More viewing and listening options:

Please plan to join us for the next regularly scheduled webcast on September 9, 2009 at 11:00 a.m. (UTC-7) where we will again cover any new bulletins and address your questions in real time. Click here to register >>.

Finally, please visit our Security Research & Defense blog where you will find some great deep dive articles full of analysis and guidance on these and many other security issues. You may also find our new blog aggregator useful for getting a consolidated view of all of our Trustworthy Computing blogs.

Thanks,

Jerry Bryant

*This posting is provided “AS IS” with no warranties, and confers no rights*

August 2009 Bulletin Release

By MSRCTEAM on Risk Assessment

Summary of Microsoft’s Security Bulletin Release for August 2009

Hi everyone,

This month, we released nine security bulletins. Five of those are rated Critical and four have an aggregate severity rating of Important. Of the nine updates, eight affect Windows and the last one affects Office Web Components (OWC). It is also important to note that five of the six critical updates also have an Exploitability Index rating of “1” which means that we could expect there to be consistent, reliable code in the wild seeking to exploit one or more of these vulnerabilities within the first 30 days from release. The chart below shows the aggregate severity summary and exploitability index ratings for all nine bulletins. This overview chart should guide you in prioritizing this month’s updates in order to protect your systems efficiently and effectively.

Of particular note in this release is MS09-037 which is an update for Microsoft Active Template Library (ATL). Among the five updates in this bulletin is a binary level update for the Microsoft Video ActiveX Control. As you may recall, we originally released Security Advisory 972890 on July 6 in response to an active attack against this component and subsequently released Security Bulletin MS09-032 to supply an official kill bit update (rather than the temporary Microsoft Fix it supplied with the advisory). All of the included vulnerabilities were privately reported, have a critical severity and are rated “1” on our exploitability index. We encourage you to deploy this update as soon as possible. We will be updating Security Advisory 973882 to include a reference to this bulletin as it relates to ATL.

Another of the updates I would like to draw your attention to is MS09-043, which addresses the Office Web Components vulnerability discussed in Security Advisory 973472. We strongly encourage customers to review and deploy this bulletin if applicable given that we have seen exploitation in the wild. Even though this update addresses an ActiveX control issue, it is unrelated to the ATL issue we discuss in Security Advisory 973882.

If you are running a WINS server on either Windows 2000 or Windows Server 2003 then I would also call your attention to MS09-039 as this one has the potential for an un-authenticated, self-replicating attack across the network. Installing the update will protect your systems should any attacks be developed to exploit the vulnerabilities addressed in this update but at this time, we are not aware of any exploit code in the wild.

In the video below, Adrian Stone and I provide an overview of this month’s release and discuss the updates above in a little more detail. For even greater detail on all nine bulletins, please join us tomorrow, August 12 at 11:00 a.m. (UTC-7) for our monthly bulletin webcast where we will also address your questions concerning these updates. Click HERE to register >>

More viewing and listening options:

We are also re-releasing two bulletins this month:

  • MS09-029 to address a print spooler issue on various Windows platforms that could cause the print spooler to stop responding in certain scenarios. Please see Knowledge Base article 961371 for details.
  • MS09-035 to offer new updates for Visual Studio 2005 SP1, Visual Studio 2008 and Visual Studio 2008 SP1. The new security updates are for developers who use Visual Studio to create components and controls for mobile applications using ATL for Smart Devices. All Visual Studio developers should install these new updates so that they can use Visual Studio to create components and controls that are not vulnerable to the reported issues. For more information on this known issue, see Knowledge Base Article 969706.

To close this month’s blog post, I would encourage systems administrators and application developers to read through Security Advisory 973811 which was also released today. This is a non-security update that enables new protection technology that can be used to enhance the protection of credentials when authenticating network connections.

As always, please check the Security Research and Defense blog for additional technical information on these updates and we hope to see you at the webcast tomorrow.

Thanks,

Jerry Bryant

*This posting is provided “AS IS” with no warranties, and confers no rights*

Around The Horn vol.1,145

Posted in Uncategorized by lightthedarkfiber on August 7, 2009

Microsoft Patch Tuesday for August 2009: nine bulletins

By emil.protalinski@arstechnica.com (Emil Protalinski) on Patch Tuesday

According to the Microsoft Security Response Center, Microsoft will issue nine Security Bulletins on Tuesday, and it will host a webcast to address customer questions on the bulletin the following day (August 12 at 11:00am PST, if you’re interested). Five of the vulnerabilities are rated “Critical,” and the other four are marked as “Important.” All of the Critical vulnerabilities earned their rating through a remote code execution impact, meaning a hacker could potentially gain control of an infected machine. At least seven of the nine patches will require a restart.

Malware, oversharing lead Marines to ban social networks

By jacqui@arstechnica.com (Jacqui Cheng) on US Marine Corps

Marines who are fans of Twitter, Facebook, and MySpace will have to wait till they go home to get their social networking fix. The US Marine Corps has just instituted a ban on social networking sites (SNS) on the Marine Corps Enterprise Network (MCEN) due to malware concerns and “information exposure” to adversaries. The ban will be in effect for one year and effective immediately.

All publicly available social networks fall under the ban. According to the all-caps order (hey, let’s all be like Kanye), “THE VERY NATURE OF SNS CREATES A LARGER ATTACK AND EXPLOITATION WINDOW, EXPOSES UNNECESSARY INFORMATION TO ADVERSARIES AND PROVIDES AN EASY CONDUIT FOR INFORMATION LEAKAGE THAT PUTS OPSEC, COMSEC, PERSONNEL AND THE MCEN AT AN ELEVATED RISK OF COMPROMISE.” This includes, but is not limited to, Twitter, Facebook, and MySpace. “THESE INTERNET SITES IN GENERAL ARE A PROVEN HAVEN FOR MALICIOUS ACTORS AND CONTENT AND ARE PARTICULARLY HIGH RISK DUE TO INFORMATION EXPOSURE, USER GENERATED CONTENT AND TARGETING BY ADVERSARIES,” reads the order.

One In Two Security Pros Unhappy In Their Jobs?

By Robert A. on IndustryNews

Darkreading posted the following article on a infosec job survey that I found highly intriguing. “Kushner and Murray say they were surprised by security’s high number of unhappy campers — 52 percent of the around 900 security pros who participated in the survey are less than satisfied with their current jobs….

Hacking Short CSRF Tokens using CSS History Hack

By Robert A. on Research

Securethoughts has posted an entry on combining CSS history theft hacking to brute force short CSRF tokens and has created a POC demonstrating it. While not fast this is certainly achievable (assuming the token is still valid/hasn’t expired once identified) on short CSRF token values, and has the advantage in that…

Nmap 5.00 Released

By Robert A. on Tools

“Insecure.Org is pleased to announce the immediate, free availability of the Nmap Security Scanner version 5.00 from http://nmap.org/. This is the first stable release since 4.76 (last September), and the first major release since the 4.50 release in 2007. Dozens of development releases led up to this. Considering all the changes,…

Threat Classification v2 and the need for change

By Robert A. on XSS

As I recently posted the WASC Threat Classification v2 is currently in a public working state and there’s been a buzz on the mailing lists about it compared to other related projects. Vishal Garg posed a question I was expecting for awhile which is why does the TCv2 look so much…

Microsoft Security Bulletin Summary for July 2009

By Robert A. on IndustryNews

It is Microsoft patch Tuesday and the following issues have been addressed. MS09-029 Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371) This security update resolves two privately reported vulnerabilities in the Microsoft Windows component, Embedded OpenType (EOT) Font Engine. The vulnerabilities could allow remote code execution….

Firefox 3.5 0Day published

By Robert A. on Vulns

“The exploit portal Milw0rm has published an exploit for Firefox 3.5. The exploit demonstrates a security vulnerability by starting the Windows calculator. In testing by heise Security, the exploit crashed Firefox under Vista, but security service providers Secunia and VUPEN confirmed that attackers using prepared websites can infect PCs. The cause…

Static Analysis Tools and the SDL (Part Two)

By Robert A. on Security Tools

“Hi, Bryan here. Michael wrote last week on static analysis for native C/C++ code, and this week I’ll be following up by covering the tools we use for managed static analysis. The SDL requires teams writing managed code to use two static analysis tools: FxCop and CAT.NET. Both of these tools…

Static Analysis Tools and the SDL (Part One)

By Robert A. on Security Tools

“This is part one of a two part series of posts by myself and Bryan Sullivan; I will cover the static analysis tools we use at Microsoft (and make available publicly) for analyzing unmanaged (ie; Native) C and C++ code, and Bryan will cover managed code static analysis in a later…

Antisec hackers replace all imageshack images!

By Robert A. on IndustryNews

The hacking group/movement antisec has replaced every image on imageshack with a hacked image and has posted the following to the full disclosure mailing list.

FAQ: The ins and outs of DoS attacks

By Elinor Mills

Thursday’s denial-of-service attack that knocked Twitter offline for a few hours and affected Facebook, LiveJournal, and Google Sites and Blogger wasn’t your average attack.

Typically, someone who has a bone to pick with a specific Web site will round up some hijacked PCs and use them to try …

Twitter, Facebook attack targeted one user

By Elinor Mills

A Georgian blogger with accounts on Twitter, Facebook, LiveJournal and Google’s Blogger and YouTube was targeted in a denial of service attack that led to the site-wide outage at Twitter and problems at the other sites on Thursday, according to a Facebook executive….

Symantec: Phishing activity up in July

By Lance Whitney

Phishing attacks rose 52 percent in July while spam as a percentage of all e-mail stayed about the same compared with the previous month, according to the latest reports from Symantec that tracked spam and phishing activity for the month.

The State of Spam (PDF) and State of Phishing (PDF) …

Microsoft to fix critical Windows, Office holes

By Elinor Mills

Microsoft will issue fixes for five critical holes affecting Windows and a variety of other software on Patch Tuesday next week.

The critical holes, which could allow an attacker to remotely run code on a PC and take control of it, affect Windows 2000, Windows XP, Windows Vista, Windows Server …

Is Adobe the next (pre-2002) Microsoft?

By Elinor Mills

If you’re a criminal and you want to break into a network, a common attack method is to exploit a hole in software that exists on most computers, has its fair share of holes, and isn’t automatically updated.

In 2002, that would have been Windows. Today, it’s …

Apple fixes hole with Mac OS X image viewing

By Elinor Mills

Apple on Wednesday issued a security update that fixes 18 vulnerabilities including several that put computers running Mac OS X at risk of remote code execution if a maliciously crafted image is viewed.

In addition to fixing a problem with how PNG images are handled, Security Update 2009-003 fixes issues …

Denial-of-service attack downed Gawker Media

By Caroline McCarthy

Hackers launched a distributed denial-of-service (DDOS) attack that sporadically downed popular blog network Gawker Media over the weekend and on Monday, the company confirmed in a blog post early Tuesday morning.

FakeIKEd – Fake IKE Daemon Tool For MITM

By Darknet on mitm

FakeIKEd, or fiked for short, is a fake IKE daemon supporting just enough of the standards and Cisco extensions to attack commonly found insecure Cisco PSK+XAUTH VPN setups in what could be described as a semi MitM attack. Fiked can impersonate a VPN gateway’s IKE responder in order to capture XAUTH login credentials; it doesn’t [...]

New Cyber-Sec Institute Cuts on CAG

In Risk Management

The newly approved Consensus Audit Guidelines are a nice first step, but fall far short of the mark, according to one emerging government security watchdog.

Attackers Took Shots at Wi-Fi Network at Black Hat

In Vulnerability Research

Aruba Networks released statistics on how the Wi-Fi network it provided fared at the Black Hat security conference last week. The news was mixed.

DOD wrestles with Web 2.0

Policy review to tackle security, privacy concerns.

DOD to review use of social-media technology

Deputy Defense Secretary William Lynn orders a review to detail the threats and benefits from using social-networking tools such as Facebook and Twitter.

Airline crew members get fingerprint IDs

TSA has approved standards for a fingerprint identification program for pilots and other airline crew members.

Agencies told to target money for tech projects

Agencies should design their science and technology spending plans for fiscal 2011 around priorities reflected in the economic stimulus law and the fiscal 2010 budget, administration officials say.

Hathaway’s departure renews worries about cyberczar vacancy

The resignation of Melissa Hathaway, the Obama administration’s acting senior director for cyberspace, has brought renewed scrutiny on the administration’s effort to secure the online world.

Biometrics said vital for combat success

Biometrics said to give combat troops critical capabilities to carry out their missions.

Marines: Facebook is not for the few good men

The Marine Corps has banned using social-networking Web sites on the service’s networks because of security concerns.

Cops: Former Worker Hacked Casino Computers

Posted by InfoSec News on Aug 7

http://www.wnep.com/wnep-luz-hornbacker-hacked-casino-computer,0,6360932.story

By Sarah Buynovsky
WNEP.com
August 6, 2009

New information is coming to light about the case against a man from Luzerne County accused of hacking into a casino’s computer system to get revenge.

Latvian botnet host canned

Posted by InfoSec News on Aug 7

http://www.theinquirer.net/inquirer/news/1496304/latvian-botnet-host-canned

By Stewart Meagher
The Inquirer
5 August 2009

A LATVIAN HOSTING COMPANY that was thought to have harboured the world’s biggest phishing botnet has been forced to shut up shop by the Swedish telecoms outfit Telis…

Hackers Target House.gov Sites

Posted by InfoSec News on Aug 7

http://voices.washingtonpost.com/securityfix/2009/08/hackers_target_housegov_sites.html

By Brian Krebs
Security Fix
washingtonpost.com
August 6, 2009

Hackers broke into more than a dozen Web sites for members of the U.S. House of Representatives in the past week, replacing portions of…

Twitter, Facebook attack targeted one user

Posted by InfoSec News on Aug 7

http://news.cnet.com/8301-27080_3-10305200-245.html

By Elinor Mills
InSecurity Complex
CNet News
August 6, 2009

A Georgian blogger with accounts on Twitter, Facebook, LiveJournal and Google’s Blogger and YouTube was targeted in a denial of service attack that led to the site-wide outage…

Microsoft to Fix Windows, Office Bugs in Critical Updates

Posted by InfoSec News on Aug 7

http://www.eweek.com/c/a/Security/Microsoft-to-Fix-Windows-Office-Bugs-in-Critical-Updates-641093/

By Brian Prince
eWEEK.com
2009-08-06

Microsoft is releasing nine security bulletins for Patch Tuesday on Aug. 11. Among them is a patch for a vulnerability Microsoft warned in July

Dot-org zone offers lessons learned in implementing DNSSEC

Posted by InfoSec News on Aug 7

http://gcn.com/articles/2009/08/06/dnssec-lessons-from-.org-050609.aspx

By William Jackson
GCN.com
Aug 06, 2009

Federal agencies are working with the Internet community to develop a process for securing the Internet’s Domain Name System by implementing the DNS Security Extensions…

Gaming execs: Despite reports, hackers didnât touch ATMs

Posted by InfoSec News on Aug 6

http://www.lasvegassun.com/news/2009/aug/05/gaming-execs-despite-reports-hackers-didnt-touch-a/

By Steve Green
Las Vegas Sun
Aug. 5, 2009

Gaming executives Wednesday disputed reports that hackers in town for the annual DEFCON conference over the weekend perpetrated frauds involving…

Farcical security breach at Lavarack barracks

Posted by InfoSec News on Aug 6

http://www.news.com.au/couriermail/story/0,23739,25889112-953,00.html

By Peter Michael, David Earley and Stefanie Balogh Courier Mail
August 06, 2009

SECURITY at Queensland’s largest army base is so lax that would-be terrorists could drive through the front gate under the guise of playing…

Weaponizing Apples iPod Touch

Posted by InfoSec News on Aug 6

http://darkreading.com/security/attacks/showArticle.jhtml?articleID=219100135

By Kelly Jackson Higgins
DarkReading
Aug 05, 2009

It fits behind a coffee machine, inside a desk drawer, or in your pocket, and it doesn’t arouse suspicion if you walk into a bank or office tapping away on it…

Council workers sacked for snooping personal details

Posted by InfoSec News on Aug 6

http://www.computerweekly.com/Articles/2009/08/04/237162/council-workers-sacked-for-snooping-personal-details.htm

By Mark Ballard
ComputerWeekly.com
04 Aug 2009

Nine staff have been sacked from their local authority jobs for snooping on personal records of celebrities and personal…

Hathaways departure renews worries about cyberczar vacancy

Posted by InfoSec News on Aug 6

http://fcw.com/articles/2009/08/05/web-obama-cyber-coordinator.aspx

By Ben Bain
FCW.com
Aug 05, 2009

The resignation of Melissa Hathaway, the Obama administration’s acting senior director for cyberspace, has brought renewed scrutiny on the administration’s effort to secure the online…

Defence steps up computer theft probe

Posted by InfoSec News on Aug 5

http://news.ninemsn.com.au/world/846035/defence-steps-up-computer-theft-probe

By Ron Corben
9 News
Aug 4, 2009

Australia’s Defence Department has stepped up an investigation into the theft of a departmental notebook computer from the hotel room of an Australian naval officer attending a…

Feds at DefCon Alarmed After RFIDs Scanned

Posted by InfoSec News on Aug 5

http://www.wired.com/threatlevel/2009/08/fed-rfid/

By Kim Zetter
Threat Level
Wired.com
August 4, 2009

LAS VEGAS — It’s one of the most hostile hacker environments in the country — the DefCon hacker conference held every summer in Las Vegas.

But despite the fact that attendees…

Korean journalists booted from Defcon

Posted by InfoSec News on Aug 5

http://www.computerworld.com/s/article/9136182/Korean_journalists_booted_from_Defcon?taxonomyId=17

By Robert McMillan
IDG News Service
August 3, 2009

Four South Korean journalists were booted from the Defcon hacking conference this week after conference organizers decided their story…

Software Updates Vulnerable To Hijacking

Posted by InfoSec News on Aug 5

http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=219000172

By Thomas Claburn
InformationWeek
August 4, 2009

The security risks posed by the use public Wi-Fi networks have been known for years, but even cautious computer users may be vulnerable to…

Researchers Hack IP Video

Posted by InfoSec News on Aug 5

http://www.darkreading.com/insiderthreat/security/app-security/showArticle.jhtml?articleID=219000196

By Kelly Jackson Higgins
DarkReading
Aug 04, 2009

Researchers put a new spin on an old attack at Defcon last week, demonstrating how to execute man-in-the-middle attacks on IP video.

Hanging with hackers can make you paranoid

Posted by InfoSec News on Aug 5

http://news.cnet.com/8301-27080_3-10302236-245.html

By Elinor Mills
InSecurity Complex
CNet News
August 4, 2009

At a hacker conference no one is safe.

When I first went to Defcon in 1995, the halls were mobbed with teenagers and attendees seemed more concerned with freeing Kevin.

Secure Network Systems, LLC (SNS) Enters SBA 8(a) Program

Posted by InfoSec News on Aug 5

Secure Network Systems, LLC
phone 303.637.7617
toll free phone 888-CRITSEC
fax 303.833.3677
www. SecureNetworkSystems.com
info_at_SecureNetworkSystems.com

CTA Radio Hacker Says He Didnt Mean Any Harm

Posted by InfoSec News on Aug 5

http://www.wbbm780.com/pages/4929502.php?

WBBM780.com
03 August 2009

CHICAGO (CBS)  Could you have been in danger on the CTA? A young Chicago man is accused of hacking into their radio system hundreds of times. The Feds say he even gave fake directions to some buses and trains. CBS…

Marine Corps Bans Social Media On Military Network

Wrestling with the changing nature of online communication and the need for operational security, the Marine Corps wants to formalize procedures for access to social sites on its network.

Mobile Data Startup Raises $9 Million

MobileIron’s enterprise mobility platform offers a window on employees’ smartphone use to increase security and cut costs.

Twitter Downed By Denial Of Service Attack

Following an denial of service attack on Thursday morning, Twitter is back online.

Apple Releases Mac OS X Leopard Update

The update, version 10.5.8, improves stability and security and includes many other improvements. Apple’s next big operating system update, Snow Leopard, is due next month.

Apple Releases Mac OS X Leopard Update

The update, version 10.5.8, improves stability and security and includes many other improvements. Apple’s next big operating system update, Snow Leopard, is due next month.

Mozilla Store Security Breached

GatewayCDI, which operates the Mozilla Store, suffered a security breach affecting an undisclosed number of customers.

Mozilla Store Security Breached

GatewayCDI, which operates the Mozilla Store, suffered a security breach affecting an undisclosed number of customers.

ID Management Remains Challenge For Federal Agencies

Some of the hurdles faced by the U.S. government include funding, organizational structure, and data protection.

Northrop Grumman Opens Security Center

Outsourcer will keep tabs on more than 100,000 customers and 10,000 servers in effort to eliminate cyber threats.

U.S. Cybersecurity Official Quits

The resignation of Melissa Hathaway comes as the Obama Administration continues its search for a top cybersecurity coordinator.

U.S. Cybersecurity Official Quits

The resignation of Melissa Hathaway comes as the Obama Administration continues its search for a top cybersecurity coordinator.

Software Updates Vulnerable To Hijacking

Public Wi-Fi networks present a risk to connected users even if they’re not surfing the Internet, thanks to applications that try to update themselves automatically.

Rolling Review: Symantec’s DLP-9

Symantec’s DLP software provides robust leak prevention for endpoints and on the network.

FAQ: The ins and outs of DoS attacks

By Elinor Mills

Thursday’s denial-of-service attack that knocked Twitter offline for a few hours and affected Facebook, LiveJournal, and Google Sites and Blogger wasn’t your average attack.

Typically, someone who has a bone to pick with a specific Web site will round up some hijacked PCs and use them to try …

Twitter, Facebook attack targeted one user

By Elinor Mills

A Georgian blogger with accounts on Twitter, Facebook, LiveJournal and Google’s Blogger and YouTube was targeted in a denial of service attack that led to the site-wide outage at Twitter and problems at the other sites on Thursday, according to a Facebook executive….

Microsoft to fix critical Windows, Office holes

By Elinor Mills

Microsoft will issue fixes for five critical holes affecting Windows and a variety of other software on Patch Tuesday next week.

The critical holes, which could allow an attacker to remotely run code on a PC and take control of it, affect Windows 2000, Windows XP, Windows Vista, Windows Server …

Is Adobe the next (pre-2002) Microsoft?

By Elinor Mills

If you’re a criminal and you want to break into a network, a common attack method is to exploit a hole in software that exists on most computers, has its fair share of holes, and isn’t automatically updated.

Apple fixes hole with Mac OS X image viewing

By Elinor Mills

Apple on Wednesday issued a security update that fixes 18 vulnerabilities including several that put computers running Mac OS X at risk of remote code execution if a maliciously crafted image is viewed.

Collateral Damage

By Dmitri Alperovitch on Web and Internet Safety

Twitter, LiveJournal, FaceBook, Youtube, Fotki – what do they have in common? They all hosted an account of a pro-Georgian blogger who went under the nickname ‘cyxymu’ (taken after Sukhumi, the capital of Abkhazia, one of Georgia’s pro-Russian breakaway republics and the city he professed to flee from in 1993 during the republic’s war with [...]

Hardware Firewalls Bring Security to Small Businesses

Think your business is too small for a serious security appliance? The truth may surprise you. For less than $500, a simple unified gateway device can protect even tiny offices from the very real threats posed by malware and hackers.

Adobe Reader’s security woes a boon for up-and-coming rival Foxit

Foxit Reader, a free PDF-reading knockoff of Adobe Systems Inc.’s free Adobe Reader, has won what its maker estimates is 70 million users worldwide because of its speed and light weight.

Cyber attackers empty business accounts in minutes

The criminals knew what they were doing when they hit the Western Beaver County School District.

5 Lessons from Dark Side of Cloud Computing

While many companies are considering moving applications to the cloud, the security of the third-party services still leaves much to be desired, security experts warned attendees at last week’s Black Hat Security Conference.

Novell, CA Push to Secure Identity, Security in Cloud

Two major identity management companies are forging ahead with products designed to satisfy what a cloud-computing consortium calls one of the trickiest problems preventing secure and automated connections between internal IT infrastructures and external service providers: identity and authentication.

Facebook confirms DoS attack same day as Twitter

Popular social-networking site Facebook was hit with a DoS (denial-of-service) attack Thursday, but the attack did not appear to be as severe as one that crippled Twitter the same day.

Researcher: Microsoft may launch ‘month of ATL’ patches on Tuesday

Microsoft today said it would deliver nine security updates on Tuesday, all but one affecting Windows. One researcher thinks several of the updates may be related to a buggy Active Template Library.

DDoS attack that downed Twitter also hit Facebook

The same denial-of-service attack that took down Twitter this morning also slammed Facebook but with much less dramatic results.

Microsoft offers Office 2008 fix for Open XML documents

Microsoft on Thursday posted Office 2008 for Mac 12.2.1 update, an update to their office productivity software suite for the Macintosh. The new update is available for download from their Web site. Office also features an auto update mechanism that did not recognize this update as available as Macworld posted this article.

Apple patches 18 Mac vulnerabilities, ships OS X 10.5.8

Apple on Wednesday patched 18 vulnerabilities in Mac OS X, including half a dozen that could let hackers hijack machines, and released Mac OS X 10.5.8.

Expect hacker attacks on XML flaws, analyst warns

One day after reports of vulnerabilities in XML libraries, an analyst is warning companies not to ignore the danger of attacks that exploit those flaws.

Twitter taken down by denial-of-service attack

The Twitter micro-blogging and social networking service has been hit with a denial of service attack Thursday morning that has rendered the site unavailable for users.

The cybersecurity job no one really wants

Eight weeks after President Obama announced a White House cybersecurity office, no one has been named to lead the office yet, and some wonder if the delay is because there are few takers for the job as outlined.

EFF: Technology can help in absence of privacy laws

If you’re a developer and you’re worried about digital privacy issues, the Electronic Frontier Foundation has a job for you.

Has unified mobile management for business arrived?

Whether IT likes it or not, mobile devices such as the iPhone, BlackBerry, and Windows Mobile families are becoming part of IT’s job to manage. But the tools are uneven and scattered. Sure, iPhone 3.0, Palm Pre 1.1, and Windows Mobile 6.x devices support Exchange ActiveSync capabilities such as remote wipe and e-mail access for Exchange-based shops, and IBM’s intended adoption of ActiveSync for Lotus Notes will extend that reach to mobile Notes users. However, managing e-mail is just part of the issue.

Mozilla shuts Firefox e-store after security breach

Mozilla closed its online store late Tuesday after finding out that the firm it hired to run the backend operations of its e-tailing business had suffered a security breach.

New malware tests find poor detection rates

Many Windows Vista anti-virus programs struggle to detect new and unusual malware, Virus Bulletin’s state-of-the-art Reactive and Proactive (RAP) tests have found.

Microsoft slammed over Bing’s sponsored online drug ads

Microsoft profits by selling online ads on its search engine to criminal gangs running pharmaceutical Web sites that offer medication to people without a proper prescription, according to a new study.

WatchGuard buys BorderWare to change tack

Reborn security vendor WatchGuard has continued its corporate overhaul by acquiring BorderWare Technologies, a Canadian maker of single-function security boxes with a foothold in online reputation services.

Security job security

It’s a good time to work in the security field. Nemertes has completed it’s research benchmark for the first half of 2009, incorporating interviews with IT and security executives during a recession. The research participants told us that they consider security and compliance spending to be “recession proof”, third only to data network and voice/telecom spending.

InfoWorld confirms critical Windows 7 bug

InfoWorld’s tests of the final Windows 7 version (the RTM, or “release to manufacturing”) confirms a massive memory leak that occurs when the chkdsk.exe utility is run. Chkdsk.exe scans the PC’s hard drives looking for errors in the files and file structures. The memory leak — which can cause the PC to stop operating — occurs when chkdsk.exe is run on secondary disks, as opposed to the disk Windows is installed on.

After links to cybercrime, Latvian ISP is cut off

A Latvian ISP linked to online criminal activity has been cut off from the Internet, following complaints from Internet security researchers.

Case studies in working with law enforcement (Part 1)

Should we work with law enforcement when we encounter security breaches?

Firefox Update Fixes Serious SSL, Other Bugs

A Firefox update released today fixes a recently disclosed flaw in the way Firefox 3.0 and other programs handle SSL certificates, which are used for (theoretically) secure online communications.

Pressure on Obama to move fast on cybersecurity appointment

Melissa Hathaway’s decision to step down as acting senior director for cyberspace at the National Security Council could increase pressure on the Obama Administration to quickly find someone to serve as the White House cybersecurity coordinator.

Marines solidify ban on Facebook, Twitter

The U.S. Marine Corps made it official this week: Social networking sites such as Facebook and Twitter are banned from military networks.

LSN Password Safe Helps You Stow Your Secrets

The LSN Password Safe (free) helps you keep track of your plethora of passwords with a free encrypted ‘safe’ on your PC. Once you have it set up, it’s easy to add a new record to your safe, with entries such as login, password, URL or e-mail. But using it for the first time might leave you scratching your head. LSN offers an impressive–sometimes daunting–number of security features, including a virtual keyboard, multiple encryption options, and CAPTCHAs to help keep your data safe from spying software.

Verity shows off CD destruction box

IT staff worried about leaving confidential data on old disc media are being offered an alternative to just binning them and hoping for the best. Verity Systems has come up with a destruction system that literally grinds the data off the surface of a CD or DVD.

Twitter meltdown raises questions about site stability
Micro-blogging site knocked over by stiff burst of wind

The paralysing effect of an internet attack against Twitter has raised questions about the site’s apparent fragility.…

MS preps five critical fixes for busy Patch Tuesday
ATL clean-up

Microsoft is lining up nine updates – five critical – for the August edition of its regular Patch Tuesday update cycle.…

Researcher: Twitter attack targeted anti-Russian blogger
Joejobbing Cyxymu

As Twitter struggled to return to normal Wednesday evening, a trickle of details suggested that the outage that left 30 million users unable to use the micro-blogging service for several hours – at least in part – may have been the result of a spam campaign that targeted a single user who vocally supports the Republic of Georgia.

Feds seek $566m from man in online gambling case
File under ‘online crime pays’

Federal prosecutors have accused a Canadian man of laundering more than $350m for offshore internet gambling operations to skirt US laws prohibiting payments to American citizens trying to cash out their winnings.

Websense sharpens the axe as sales fall
Pink slips for one in 20

Web filtering firm Websense is reportedly planning to lay off 5 per cent of its workforce to cut costs.

Twitter goes titsup
Mystery hackers knock-over micro-blogging service

Updated Twitter was knocked offline on Thursday after the site became the victim of a distributed denial of service attack.

Dastardly DDoSers down Gawker
Consumerist.com drags everything else down with it

New York-based media news and gossip blog network Gawker is recovering from a debilitating denial of service attack.

Top vendors flunk Vista anti-virus tests
Outstandingly mediocre

Security vendors including CA and Symantec failed to secure Windows systems without fault in recent independent tests.

Apple fixes critical Mac holes triggered by image files
Attack of the killer PNGs

Apple on Wednesday patched 18 holes in its Mac OS X operating system, seven that could allow an attacker to remotely take over a machine when a user does nothing more than view a booby-trapped image.

XML flaws threaten ‘enormous’ array of apps
Java, Python, and Apache – for starters

Updated Security researchers have uncovered critical flaws in open-source software that implements the Extensible Markup Language in a staggering array of applications used by banks, e-commerce websites, and consumers.

Microsoft gets personal on Windows 7 “show stopper” bug
Memory leak smack down

Microsoft has gotten personal in responding to reports of a “show stopper” bug in Windows 7 capable of delaying the planned roll-out, which starts Thursday.

Plug pulled Latvian cybercrime hub
Bullet proof host taken down

Upstream providers have pulled the plug on Latvian ISP Real Host over allegations it maintained cybercrime servers linked to the Zeus botnet.

Mozilla Store shuttered after vendor security breach
No schwag for you

The Mozilla Foundation closed its online stores on Tuesday after a third-party company it uses to run one of the sites’ back-end operations suffered a security breach.

Image spam: the threat returns
Did it ever go away?

Off we trot to the Reg Library to select some popular whitepapers for review. This week we mainline on email security, or to be more precise, email insecurity.

Fraud groups ding Bing for illicit pharmacy promos
9 of 10 drug ads flout US law

Updated Microsoft’s new search engine Bing is a haven for criminal enterprises operating unlawful online pharmacies, according to a report that estimates almost 90 percent of sponsored links advertising prescription drugs on the site are violating federal and state laws.

Obama’s top cybersecurity director resigns
‘Dismayed’ and delayed

The top White House aide for cybersecurity said she will resign following months of delays by the Obama administration in appointing a permanent director to oversee the safety of the nation’s vital computer networks.

Scareware package mimics Windows Blue Screen of Death
A fatal credulity has occurred

Miscreants have developed a scareware package that mimics Windows’ infamous Blue Screen of Death.

Watchguard bags BorderWare to push content security
Small security firms have bigger phish to fry

Net security firm WatchGuard has acquired privately-held email and web security firm BorderWare Technologies, of Toronto, Canada.

Twitter DOS, (Thu, Aug 6th)

Due to the amount of people writing in, we thought it might be important to post something about Twi …(more)…

Security Update 2009-003 / Mac OS X v10.5.8, (Wed, Aug 5th)

Details of these will be posted here soon: http://support.apple

Java Security Update , (Tue, Aug 4th)

Sun has released a new version of Java (6u15). Thanks go out to TommyB and DavidF who wrote in to …(more)…

Firefox Updates, (Tue, Aug 4th)

Many of you have let us know that there is a new firefox version out that addresses a few issues. …(more)…

NIST Issues Final Version of SP 800-53; Enables Rapid Adoption of the Twenty Critical Controls (Consensus Audit Guidelines) (August 3, 2009)

The National Institute of Standards and Technology (NIST) has published the final version of SP 800-53, Revision 3, “Recommended Security Controls for Federal Information Systems and Organizations.

DoD Revisiting Social Media Policy (July 31 & August 3, 2009)

US Strategic Command is reviewing the safety of social media like Facebook, MySpace and Twitter to help reevaluate Defense Department (DoD) policy regarding their use.

Contractor Repays Government for Inadequate Security (July 25, 2009)

A US government contractor has repaid US $1…

Hathaway to Step Down (August 3, 2009)

Acting cyber security coordinator Melissa Hathaway has announced that she will step down from that position later this month for personal reasons…

Man Faces Felony Charges for Allegedly Stealing and Reselling Domain Name (August 3, 2009)

A New Jersey man has been arrested and charged with theft by unlawful taking or deception, identity theft and computer theft for allegedly stealing the domain name P2P…

Boston Univ. Student Fined US $675,000 for Filesharing (July 31 & August 3, 2009)

Boston University student Joel Tenenbaum has been fined US $675,000 for illegally downloading 30 songs and making them available to others…

Adobe Issues Critical Updates for Reader and Acrobat (August 3, 2009)

Adobe has released updates for Reader and Acrobat on Windows, Mac, and Unix to address critical flaws related to Flash content…

Apple Issues Fix for SMS Vulnerability (July 31, August 1 & 3, 2009)

Apple has fixed a vulnerability that affects iPhones and other devices just one day after it was disclosed at the Black Hat security conference…

Data Security Breach Compromised Personal Data of 27,000 US Commerce Dept. Employees (August 3, 2009)

According to a letter sent to employees of the US Commerce Department, a National Finance Center employee sent an unencrypted Excel spreadsheet containing employees’ personal information to a co-worker via email…

Twitter Filtering Some Malicious Links (August 3, 2009)

Twitter has begun notifying users when they post links to known malicious websites…

Suspicious ATMs at DefCon (August 2 & 3, 2009)

The US Secret Service is investigating several automatic teller machines (ATMs) discovered in Las Vegas at the DefCon security conference…

Twitter, Facebook hit by denial-of-service attacks

By Neil Roiter

Twitter was shut down for more than two hours and Facebook service slowed as the ubiquitous social networking websites were hit by denial-of-service attacks Thursday morning

Microsoft to address critical vulnerability in Office Web Components

By Neil Roiter

Microsoft will issue security updates for five critical vulnerabilities next week, including one that affects multiple software packages.

Report: Rogue pharmacies use Microsoft Bing to sell drugs illegally

By Carolyn E. Gibney

Rogue pharmacies are using Microsoft’s Bing search engine to illegally sell drugs, including addictive substances without prescriptions, according to a report

Burton Group warns of cloud computing risks

By Christina Torode

There are many benefits to the various cloud computing models. But for each benefit, such as cost savings, speed to market and scalability, there are just as many risks and gaps in the cloud computing model.

Q2 2009 data shows IT security certification pay still climbing

By Carolyn Gibney, Assistant Site Editor

Despite the economic turmoil, IT security certification pay is still on the rise, due not only to increased regulations, but to businesses’ greater focus on providing security to their customers as brand differentiation.

Mozilla shuts down online store after third-party security breach

By Staff, SearchSecurity.com

Mozilla took its e-store site, Mozilla Store, offline Tuesday after it learned that the vendor responsible for running it had suffered a security breach.

WatchGuard acquires email and Web security vendor BorderWare

By SearchSecurity.com Staff

Network security vendor WatchGuard bolsters its UTM offerings with acquisition of email and Web security firm.

Asterisk Open Source Crash Vulnerability in RTP stack

An attacker can cause Asterisk to crash remotely by sending malformed RTP text frames.

Adobe Flash Player Integer Overflow Code Execution

An integer overflow exists in the AVM2 abcFile parser code which handles the intrf_count value of the instance_info structure.

mChek 3.4 Information Disclosure

Credit card numbers and corresponding bank names are written in cleartext to mobile phone storage. Also, after a credit card is deleted from mCheck s user interface, the credit card number continues to exist in the phone file system.

Phorum Cross-Site Scripting Vulnerabilities

Phorum’s filtering engine insufficiently filters some BBcode arguments. Using the bbcode tags [color] and [size] it is possible to execute Javascript using expression CSS property.

Hacking CSRF Tokens using CSS History Hack

Until now, it was considered infeasible for an attacker to discover your CSRF token using Brute Force Attacks on the server. I am going to change this belief by showing you a technique to quicky find csrf tokens without generating alerts.

Microsoft to Fix Windows, Office Bugs in Critical Updates

Microsoft is releasing nine security bulletins for Patch Tuesday on Aug. 11. Among them is a patch for a vulnerability Microsoft warned in July was being exploited by attackers.

Mac OS X’s Reputation for Security Wearing Thin

News Analysis: After Apple announced 18 security fixes to Mac OS X on Aug. 5, the reputation of the operating system as a more secure personal computing platform is starting to wear thin. Is it finally time for the company to admit that its operating system is as susceptible to security issues as Windows? Apple would be doing a good service to Mac users if it started advising its customers to pay closer attention to security before hackers have a chance to prove just how vulnerable Mac OS X can be.

Twitter, Facebook Investigating Service Disruptions

Twitter co-founder Biz Stone confirmed in his blog that the social media site had been hit by a denial-of-service attack that knocked it offline for nearly two hours during the morning of Aug. 6. There were also online reports that Facebook was hit by a denial of service attack. However, Facebook officials would only say the company was investigating the reports and would update users as soon as possible. Both sites appeared to be operating normally by around noon EDT.

Apple Mac OS X Update Plugs 18 Security Vulnerabilities

Apple fixed 18 security flaws in the latest update to its Mac OS X operating system. Several of the bugs are tied to the handling of images.

Researchers Uncover Critical XML Library Flaws

Security researchers release details about vulnerabilities in XML libraries from Sun Microsystems, Python and Apache. Developers who use the libraries are advised to take action as soon as possible.

Microsoft Bing Benefits from Ads for Illegal Online Pharmacies, Report Charges

A report criticizes Microsoft’s handling of sponsored search results in its Bing search engine, some of which lead to illegal pharmacies, according to KnujOn and LegitScript. Nearly 90 percent of the sponsored pharmacy results lead to sites that engage in illegal activity, such as selling counterfeit medicine, the report says.

How to Ensure Your Company’s PCI DSS Compliance

Complying with the Payment Card Industry Data Security Standard ensures that your company can continue to do business with the Payment Card Industry, but it doesnt ensure that your company will be secure as well. Companies dont want to be in a position where they could have prevented a cybercrime if they had only gone beyond the minimal amount of work to truly become PCI-compliant. Here, Knowledge Center contributor John Linkous discusses seven requirements companies must meet to both improve security and ensure that they are compliant with the Payment Card Industry Data Security Standard.

Pentagon Orders Review of Social Networking

The Pentagon is reviewing its policy toward social networking sites amid security concerns. The order comes a day after the U.S. Marine Corps issued a ban on the use of Facebook, Twitter and MySpace.

Cyber-thief Sold Stolen Domain to NBA Player, Police Charge

A 25-year-old man is charged with stealing a company’s domain name and selling it to NBA player Mark Madsen for $111,000. New Jersey State Police say they believe the arrest marks the first time the state has charged someone with stealing a domain name.

Hackers Target House.gov Sites

In U.S. Government

Hackers broke into more than a dozen Web sites for members of the U.S. House of Representatives in the past week, replacing portions of their home pages with digital graffiti, according House officials. The landing pages at house.gov for Reps. Duncan Hunter (R-Calif.), Jesse L. Jackson, Jr. (D-Ill.), and Spencer Bachus (R-Ala.) were among at least 18 member pages that were defaced in a series of break-ins that apparently began earlier this month, according to zone-h.com, a site that archives evidence of Web site attacks. Adam Bozzi, a spokesman for Rep. Harry Mitchell (D-Ariz.), confirmed that Mitchell’s site was among those hacked. Bozzi said it appears the attackers broke in by guessing passwords used to administer the site. Bozzi said the messages that the hackers left behind had been erased, and that his office now has stronger passwords for the site.

Researchers: XML Security Flaws are Pervasive

In New Patches

Security researchers today unveiled details about a little-known but ubiquitous class of vulnerabilities that may reside in a range of Internet components, from Web applications to mobile and cloud computing platforms to documents, images and instant messaging products. At issue are problems with the way many hardware and software makers handle data from an open standard called XML. Short for “eXtensible Markup Language,” XML has been used for many years as a fast and efficient way to transport, store and structure information across a wide range of often disparate applications.

Twitter Tries to Tame Tainted Links

In From the Bunker

Faced with a recent surge in the number of malicious software programs using its micro-blogging service to spread, Twitter is making an effort to block users from posting links to known malicious Web sites. The initiative, first noted in a blog posting by Finnish anti-virus maker F-Secure Corp., involves the use of Google’s Safe Browsing program, which the search giant uses to prevent Internet users from visiting Web sites that Google’s bots have flagged for installing malicious software.

Security Updates for iPhone, Adobe Reader

In New Patches

Apple has issued a security update for the iPhone. The patch fixes a vulnerability demonstrated recently at a hacker conference in Las Vegas, where security researchers showed they could hijack an iPhone simply by sending it a series of booby-trapped text messages. Apple’s patch comes in response to research revealed at last week’s Black Hat security conference, by well-known Apple hacker Charlie Miller and co-presenter Collin Mulliner, a Ph.D. student in telecommunications security at the Technical University of Berlin. The two showed that a specially designed text-message barrage could allow attackers to hijack various iPhone core functions, such as making calls and turning on the device’s microphone and camera. The update is available only through iTunes, which should auto-detect that the update is available. If it doesn’t, or you don’t want to wait around for an auto-update notice (Apple says that process can take up to a week)

Brief: Twitter, Facebook fend off DoS attacks

Twitter, Facebook fend off DoS attacks

Brief: Top U.S. cybersecurity aide resigns, report says

Top U.S. cybersecurity aide resigns, report says

Brief: Apple patches iPhone SMS vulnerability

Apple patches iPhone SMS vulnerability

Collapse

Death of VPN

By deb@shinder.net (Deb Shinder)

Secure Remote Computing with DirectAccess.

You don’t know tech: The InfoWorld news quiz (InfoWorld)

In technology

InfoWorld – It’s Apple versus the world this week, as it squared off against Google, hackers, and makers of not-safe-for-kindergarten iPhone dictionaries.

Cyber Attackers Empty Business Accounts in Minutes (PC World)

In technology

PC World – The criminals knew what they were doing when they hit the Western Beaver County School District.

White House Still Seeking Cybersecurity Czar (PC Magazine)

In technology

PC Magazine – President Barack Obama is still searching for the right person to lead the fight against an epidemic of cybercrime, the White House said on Tuesday as it came under fire following the resignation of a top cybersecurity adviser.

Apple keyboard firmware vulnerability demonstrated (Macworld.com)

In technology

Macworld.com – Apple may have rolled out a security patch for the iPhone SMS vulnerability demonstrated at last week’s Black Hat security conference, but it wasn’t the only Apple device under attack. One hacker demonstrated a way that a keylogging application-a piece of malware that keeps track of what you type-could be installed in the firmware of Apple’s keyboards.

After Links to Cybercrime, Latvian ISP Is Cut off (PC World)

In technology

PC World – A Latvian ISP linked to online criminal activity has been cut off from the Internet, following complaints from Internet security researchers. 

White House still seeking cybersecurity czar (Reuters)

In technology

Reuters – President Barack Obama is still searching for the right person to lead the fight against an epidemic of cybercrime, the White House said on Tuesday as it came under fire following the resignation of a top cybersecurity adviser.

White House struggles to fill cyber czar post (AP)

In politics

AP – Nearly six months after the Obama administration turned its focus on computer security, the White House is still struggling to name a cyber coordinator, delaying efforts to better organize and manage the nation’s increasingly vulnerable digital defense.

Fake ‘Blue Screen of Death’ pushing scareware

By Ryan Naraine on Viruses and Worms

Hackers are using the infamous Windows Blue Screen of Death to trick computer users into downloading fake security software (scareware). According to a discovery by Sunbelt Software, a Windows users are being shown the recognizable blue screen that signifies an operating system crash with a bright red “Security Alert” notice. (click image below for full version) The [...]

U.S. Marines ban Facebook, MySpace, Twitter

By Ryan Naraine on Zero-day attacks

The U.S. Marine Corps has slapped an immediate ban on the use of social networking sites on its network, warning that sites like Facebook, MySpace and Twitter are a “proven haven for malicious hackers and content.” The ban, contained in an order issued Monday, will last for a year.  It specifically mentions Facebook, Twitter and MySpace [...]

TA09-218A: Apple Updates for Multiple Vulnerabilities

Apple Updates for Multiple Vulnerabilities

Microsoft Security Bulletin Advance Notification for August 2009

Revision Note: Advance Notification published.Summary: This advance notification lists security bulletins to be released for August 2009.

August 2009 Advance Notification

By MSRCTEAM

Advance Notification for the August 2009 Security Bulletin Release

In this month’s Advance Notification we are making customers aware that next Tuesday August 11th we plan to release 9 security bulletins at approximately 10:00 a.m. PDT (UTC -8). Those bulletins consist of:

· 8 bulletins affecting Windows five of which are rated critical and three are rated as important.

One of the critical Windows bulletins also affects Client for Mac.

One of the important Windows bulletins also affects the .NET Framework.

· One critical bulletin affecting Microsoft Office, Microsoft Visual Studio, Microsoft ISA Server and Microsoft BizTalk Server. This update addresses the issue discussed in security advisory 973472.

Concerning restart requirements, all of the updates for Windows will require a restart except one (this is the update also affecting the .NET Framework). The Office related bulletin may require a restart if the binaries being updated are in use. To reduce your chances of requiring a restart, please see Knowledge Base article 887012.

On release day, look for additional information on both this blog and the Security Research and Defense blog.  If you have questions or would like more information about this month’s release, please plan to attend our regularly scheduled security bulletin webcast on Wednesday, August 12, 2009, at 11:00 a.m. PDT (UTC –7). Click HERE to register.  

Thanks!

Jerry Bryant

*This posting is provided “AS IS” with no warranties, and confers no rights*

Oracle Security Alerts
Critical Patch Update – Julyl 2009

Vulnerabilities in Oracle mod_plsql and JSP in Oracle9i Application Server, v1.0.2.x

Alert #28, 06 February 2002, UPDATED 05 JULY 2002. Download the patch from MetaLink and follow the workarounds as described in the Alert.

Vulnerabilities in Oracle9iAS Webcache

Alert #27, 28 December 2001

DoS Against Oracle9iAS

Alert #26

Vulnerabilities in mod_plsql

Alert #25

Oracle Database Server DBSNMP Vulnerabilities

Alert #23, 29 November 2001

Security Implications of the Oracle9iAS Default SOAP Configuration

Alert #22, Updated 23 September 2002

Oracle Label Security Mandatory Security Patch

Alert #21, 18 October 2001

Oracle File Overwrite Security Vulnerability

Alert #20, 18 October 2001

Oracle Trace Collection Security Vulnerability

Alert #19, Updated 29 November 2001

Oracle9iAS Web Cache Overflow Vulnerability

Alert #18, 18 October 2001

Oracle Internet Directory Buffer Overflow

Oracle SQL*Net/Net8 Malformed Packet Denial of Service

Oracle SQL*Net/Net8 Denial of Service

Oracle SQL*Net/Net8 Redirect Denial of Service

Launch of Forms from Oracle e-business Suite

Execution of Oracle JSP Outside doc_root

Oracle JVM FilePermission Vulnerability

Oracle Internet Directory Buffer Overflows

Oracle Connection Manager Control SUID

Oracle XSQL Servlet Vulnerability

Oracle Internet Application Server

Oracle Enterprise Manager Backup and Recovery

Net8 Listener Vulnerability

Oracle Application Server: Remote Command Execution

Unintended Execution of Oracle JSP

The Smoking Gun exposes PrankNet as Internet badboys cower

By nate@arstechnica.com (Nate Anderson) on PrankNet

The Smoking Gun this week released the results of its lengthy investigation into PrankNet, an online community specializing in disturbing phone pranks. The operators operated under a veil of anonymity, covering their tracks and using Skype to place non-traceable phone calls. When TSG eventually exposed the ringleader as a young man living in Canada, however, the results were predictably pathetic.

On July 21, a pair of TSG reporters approached “Dex”‘s building at 1637 Assumption Street in Windsor, where he lives in the ground-floor ‘B’ apartment. Calling to his mother, who was standing near an open living room window, a reporter asked her to summon her son. The woman disappeared into “Dex”‘s adjoining bedroom, where the pair could be heard whispering. Despite repeated requests to come out and speak with TSG, “Dex” hid with his mother in his bedroom, the windows of which were covered with plastic shopping bags, a towel, and one black trash bag.

As the sun set and his room darkened, “Dex” did not reach to turn on a light. The notorious Internet Tough Guy, who has gleefully used the telephone to cause all kinds of havoc, was now himself panicking. He had been found. And, as a result, was barricaded in Pranknet World Headquarters with his mom, while two reporters loitered outside his window and curious neighbors wondered what was up. 

IT admin charged in Xmas Eve rampage on charity
Disunited Way

The former IT admin for a Florida-based charity stands accused of ransacking the organization’s servers and phone systems last Christmas eve, more than a year after his employment there ended.…

Booming scareware biz raking in $34m a month
Panda dissects rogue security software market

Fraudsters are making approximately $34m per month through scareware attacks, designed to trick surfers into purchasing rogue security packages supposedly needed to deal with non-existent threats.…

Pro-Georgian blogger target of massive Internet attacks (AFP)

In technology

AFP – A pro-Georgian blogger was the target of cyber attacks that disrupted Twitter and hampered services at Facebook and Livejournal, Internet security company F-Secure said on Friday.

Targeted Twitter user blames Russia

By Elinor Mills

The blogger behind the Cyxymu accounts is blaming Russia for the attacks.

The Georgian blogger whose Twitter, Facebook, and YouTube accounts were targeted in denial-of-service attacks on Thursday, says he thinks Russia’s federal security service is behind it.

Twitter & Facebook Taken Offline By DDoS Attacks

By Darknet on twitter ddos

Both Facebook and Twitter were hit with pretty severe DDoS attacks rendering them useless and unavailable to the majority of users. The thing is it seems like it wasn’t a traditional network based botnet style DDoS attack, but a ‘joejob‘ attack where spam is sent out containing a link and the users clicking on the link [...]

In cybersecurity, everyone’s a critic

After Melissa Hathaway’s departure, what’s next for the cybersecurity-coordinator position?

Recommended Reading: Michael Jackson, botnets and digital democracy

The 12 holy sites of IT; Measuring emotion in cyberspace; A toolkit for retooling democracy; Botnets: Be scared, very scared

Gov ID card program enters new phase

As most agencies get over the hump of issuing HSPD-12 computer identification cards to all employees and contractors, they must now tackle the next challenge of developing card-based security systems that will control access to government facilities and computer systems.

DOD health records project hinges on security

Electronic records could lead to a faster, more flexible and more cost-effective system.

Mobile data poses security risk

Multiple types of removable media and devices hold sensitive government information, and each presents its own security risks.

Twitter Attack Looks Politically Motivated

The denial of service attacks that hit Twitter, Blogger, Facebook and LiveJournal on Thursday appear to be an effort to silence a pro-Georgia blogger.

TSA OKs Biometric Security For Flight Crews

The stage is set for a Transportation Security Administration pilot program that accelerates flight crew security screening in airports.

NIST Lab Director Tackles Cybersecurity, Cloud Computing

Cita Furlani explains the nuts-and-bolts work of defining key government IT standards and the job of working with federal agencies on adoption and implementation.

Marine Corps Bans Social Media On Military Network

Wrestling with the changing nature of online communication and the need for operational security, the Marine Corps wants to formalize procedures for access to social sites on its network.

Targeted Twitter user blames Russia

By Elinor Mills

The blogger behind the Cyxymu accounts is blaming Russia for the attacks.

The Georgian blogger whose Twitter, Facebook, and YouTube accounts were targeted in denial-of-service attacks on Thursday, says he thinks Russia’s federal security service is behind it.

“This hackers was from Russian KGB,” the blogger, who …

Collateral Damage (continued)

By Francois Paget on Web and Internet Safety

While Dmitri Alperovitch wrote his blog entry about the recent DDoS attack against Twitter and some other platforms hosting accounts of a pro-Georgian blogger nicknamed cyxymu, I browsed the Internet, searching for malicious websites taking advantage of this topic. In second place in my google search request, I was attracted by a link proposing to add the blogger [...]

Security experts scramble to decipher Twitter attack

Security analysts scrambled to find a motive behind the distributed denial-of-service attacks that brought down Twitter for several hours, and also hit Facebook, Google and LiveJournal.

Twitter DDoS Attack Politically Motivated, says Report

The distributed denial of service attack on Thursday that targeted Twitter, Facebook, LiveJournal and several Google sites may have been politically motivated. The reported target of these attacks was a blogger named Cyxymu from the Eastern European country of Georgia who is an outspoken supporter of his country. Facebook’s chief security officer, Max Kelly has said the attack was coordinated to “keep his [Cxymu's] voice from being heard,” according to Cnet.

Twitter DDoS Attack Reminder for Safe Web Habits

Facebook, LiveJournal, and most visibly Twitter were sabotaged by a distributed denial of service (DDOS) attack. What’s not clear is exactly why these sites were targeted. Current speculation is that the Koobface worm, whose name is a Facebook anagram, may be responsible for the attacks. A fresh wave of infections from a new variant of the worm supports this possibility. Let this serve as a warning that we can never remind our users too often about safe surfing practices.

Twitter DOS attack targeted Georgian blogger

The denial of service (DOS) attacks which knocked Twitter offline and slowed down Facebook response times yesterday may have been designed to target just one individual.

Consortium proposes a way to secure DNS

A consortium of organisations have banded together to develop software aimed at making it easier for companies to deploy the DNS security standard DNSSEC. A team comprising Nominet, .SE, SIDN (respectively the Swedish and Dutch Internet registries) and various others have combined to produce OpenDNSSEC, software that the developers claim will reduce the pain of implementing DNSSEC.

Detecting “bot rot” using log management or SIEM

There are many kinds of tools that can help detect the presence of a bot. Log management and SIEM tools are helpful in detecting the communication that is a hallmark of a botnet. Experts provide their advice on how to use such tools to determine if a bot is at work on your network.

Man blames cat for child porn downloads
One kitty. One thousand pics

A Florida man accused of downloading more than 1,000 images of child pornography is blaming the offense on his cat, according to published reports.…

Weak Passwords Allow Congressional Web Site Defacements (August 6, 2009)

A rash of digital graffiti on the websites of at least 18 US Representatives has been blamed on weak administrative passwords established by a third party vendor…

US Marines Bans Social Networking Sites on its Networks (August 4, 2009)

An August 3 order bans US Marines from accessing social networking tools, including Facebook and Twitter, due to security concerns…

Twitter Downed by DDoS (August 6, 2009)

Twitter is recovering from a distributed denial-of-service (DDoS) that occurred on Thursday…

Jail Time for Internet Bank Fraud (August 5, 2009)

A woman in New Zealand has been sentenced to one year in jail for stealing more than NZ $110,000 (US $73,700)in an Internet banking fraud scheme…

National Cybersecurity Coordinator Role Watered Down (August 4 & 5, 2009)

Melissa Hathaway, the administration’s acting cyber security coordinator, told the Washington Post that she stepped down from the position and removed herself from consideration for the permanent role because she was “not empowered …

Stolen Laptop Holds Army National Guard Data (August 4 & 5, 2009)

A laptop computer belonging to an Army National Guard contractor was stolen on July 27; the computer holds personally identifiable information of approximately 131,000 current and former Army National Guard members…

XML Library Flaws Affect Numerous Applications (August 6, 2009)

Researchers have uncovered a significant number of flaws in Extensible Markup Language (XML) libraries that could be exploited to crash machines and execute malicious code…

Apple Releases Mac OS X Update (August 6, 2009)

Apple has released Mac OS X version 10…

Mozilla Issues Firefox Update (August 4, 2009)

On Monday, August 3, Mozilla issued an update for Firefox to address a number of critical security flaws…

Mozilla Closes Online Store After Third-Party Intrusion (August 5, 2009)

Mozilla shut down its online store after learning that a third-party company it had hired to run the site’s back-end operations had experienced a breach…

Latvian ISP Cut Off Over Allegations of Hosting Botnet Command and Control Servers (August 4 & 5, 2009)

Latvian Internet service provider (ISP) Real Host has been disconnected from the Internet after its upstream provider, Junik, cut off service…

Blue Screen of Death Scareware (August 4 & 5, 2009)

A new scareware variant exploits the pit-of-the-stomach feeling that accompanies the Windows Blue Screen of Death…

Russia-Georgia Conflict Blamed for Twitter, Facebook Outages

In Misc.

The theories behind who and what attacked Twitter and Facebook yesterday — causing intermittent outages at each — are flying like so many tweets across the Internet. The prevailing theory suggests that the outage was due to a cyber skirmish stemming from simmering tensions between Russia and Georgia. CNet and CNN place blame for the incident on an elaborate, politically motivated vendetta timed to coincide with the one year anniversary of the Russia-Georgia war, a brief but costly skirmish in August 2008 accompanied by cyber attacks on Georgian government Web sites. In short: the outage at Twitter (and to a lesser extent Facebook & LiveJournal) was due to an effort to silence an anti-Russian blogger from Tbilisi who has been calling attention to a recent resurgence of tensions in the region. CNet cites Facebook’s Chief Security Officer Max Kelly saying that a political blogger using the online name “Cyxymu”

Around The Horn vol.1,144

Posted in Uncategorized by lightthedarkfiber on August 7, 2009

Exploit allows Apple keyboard ownage through firmware

By jeff.smykil@gmail.com (Jeff Smykil) on security

One of the Apple-related talks given at this year’s Black Hat security conference dealt with keyboard firmware. Given by “KChen,” the talk discussed “Reversing and Exploiting an Apple Firmware Update.” While it may not seem like much on the surface, the truth quickly becomes apparent: if someone gains access to your keyboard’s firmware, there are a multitude of ways in which they can further compromise your machine.

There are two ways in which this exploit can be perpetrated. The first is if someone has physical access to your computer and your administrative password, and the second is if someone has already gained access to a machine remotely through a rootkit hack. Why would an attacker want anything to do with a keyboard when he already has free reign on a system? The answer, as KChen pointed out, is that an affected user can patch the rootkit exploit and even reformat the drive, but the attacker could still have access to the keyboard.

Twitter warms up malware filter

By Vivian Yeo

Twitter’s new malware filter is a sign the social media site is stepping up efforts to stem attacks, but the measure has its shortcomings, say security experts.

Twitter’s filtering mechanism was highlighted by Mikko Hypponen, chief research officer of F-Secure, in a blog post Monday. When a user …

Hanging with hackers can make you paranoid

By Elinor Mills

At a hacker conference no one is safe.

When I first went to Defcon in 1995, the halls were mobbed with teenagers and attendees seemed more concerned with freeing Kevin Mitnick …

Defcon: What to leave at home and other do’s and don’ts

By Elinor Mills

Attending Defcon and Black Hat can make you feel a bit like a deer in a forest full of hunters.

New Firefox patches authentication security holes

By Stephen Shankland

Mozilla on Monday released two new versions of Firefox, 3.5.2 and 3.0.13, to patch two critical security holes.

“We strongly recommend that all Firefox users upgrade to this latest release,” Mozilla said in a blog posting about the security issue.

The first vulnerability could let an …

Report: White House acting cyberspace chief resigns

By Michelle Meyers

Melissa Hathaway, acting cyberspace director for the White House’s National Security and Homeland Security councils, has resigned from her post, citing personal …

Using software updates to spread malware

By Elinor Mills

LAS VEGAS–Two researchers from Israeli security firm Radware have figured out a way to trick computers into downloading malware or take over a computer by hijacking the communications during the update process for Skype and other applications.

Normal service will be resumed

By Rik Ferguson on Opinion

Just a quick note to let regular readers know that I may go a little quiet over the next week or so.   I was lucky enough to become a dad again this weekend, so I’ll be spending some time with the family, normal service will be resumed very shortly, never fear.

Dan Kaminsky & Kevin Mitnick Hacked

By Darknet on ~el8

If any of you follow the mailings lists or the ’scene’ as it’s known, you’d be familiar with PHC, Phrack, Gobbles, ~el8, Silvio, gayh1tler and the whole Whitehat Holocaust AKA pr0j3kt m4yh3m. (Back when it went public). The war against whitehats has started up again more vehemently recently with zine known as zero for owned or [...]

Researchers To Release Tool That Silently Hijacks EV SSL Sessions

Black Hat USA session will demonstrate new man-in-the middle attacks on Extended Validation SSL

Tech Insight: It’s About DAM Time

Given today’s threats to data from targeted attacks and unsavory insiders, it’s no longer a question of whether or not to adopt database activity monitoring

DEFCON Attendees Uncover ATM Scams

In Vulnerability Research

Attendees of the DEFCON 17 conference uncovered two malicious ATMs at Las Vegas casinos. It is unclear how long the machines had been there or how many people had been victimized.

Report: White House acting cyberspace chief resigns

Posted by InfoSec News on Aug 4

http://news.cnet.com/8301-13578_3-10302297-38.html

By Michelle Meyers
Politics and Law
CNet News
August 3, 2009

Melissa Hathaway, acting cyberspace director for the White House’s National Security and Homeland Security councils, has resigned from her post, citing personal reasons,…

The Best (and Worst) Hacks of Defcon Computer Security Conference 2009

Posted by InfoSec News on Aug 4

http://www.fastcompany.com/blog/kit-eaton/technomix/defcon-computer-security-conference-scary-all-sorts-reasons

By Kit Eaton
Fast Company
August 3, 2009

Computer security is a famously murky world that tends to generate alarmist headlines–like the ones about Apple’s vulnerabilities from…

Cyber Terrorism Measures regarding 7.7 DDoS Attack

Posted by InfoSec News on Aug 4

http://www.koreaittimes.com/story/4348/cyber-terrorism-measures-regarding-77-ddos-attack

By Yeon Choul-woong
Korea IT Times
August 3, 2009

According to government sources, the Korean government will work out comprehensive anti-cyber terrorism measures this month to respond to acts like…

Halted 03 Iraq Plan Illustrates U.S. Fear of Cyberwar Risk

Posted by InfoSec News on Aug 4

http://www.nytimes.com/2009/08/02/us/politics/02cyber.html

By JOHN MARKOFF and THOM SHANKER
The New York Times
August 1, 2009

It would have been the most far-reaching case of computer sabotage in history. In 2003, the Pentagon and American intelligence agencies made plans for a…

BKIS plans to sue network security agency for defamation

Posted by InfoSec News on Aug 4

http://www.thanhniennews.com/society/?catid=3&newsid=51281

By Truong Son
Thanh Nien News
31 July, 2009

The Vietnam Computer Emergency Response Team (VNCERT) said in a letter that Hanoi-based Bach Khoa Internetwork Security, known as BKIS, had violated international law by…

Security lapse makes GPAs visible

Posted by InfoSec News on Aug 4

http://www.dailyemerald.com/news/security-lapse-makes-gpas-visible-1.236115

By Alex Tomchak Scott
News Editor
Oregon Daily Emerald
August 3, 2009

The University has fixed a security breach in its DuckWeb system after a student used it to look at three other students degree audits.

Desperately seeking cyber skills

Posted by InfoSec News on Aug 4

http://fcw.com/articles/2009/08/03/buzz-cybersecurity-shortage-and-challenge.aspx

By Michael Hardy
FCW.com
July 31, 2009

These days, not all new recruits to national defense need to drop and do a hundred one-armed push-ups on the command of some sadistic drill sergeant. Computer security…

Malicious ATM Catches Hackers

Posted by InfoSec News on Aug 3

http://www.wired.com/threatlevel/2009/08/malicious-atm-catches-hackers/

By Kim Zetter
Threat Level
Wired.com
August 2, 2009

LAS VEGAS  There’s no honor among thieves, nor apparently among hackers.

A malicious ATM kiosk was positioned in the conference center of the Riviera Hotel…

Apple Fixes iPhone SMS Vulnerability Highlighted at Black Hat

Posted by InfoSec News on Aug 3

http://www.eweek.com/c/a/Security/Apple-Fixes-iPhone-SMS-Vulnerability-Highlighted-at-Black-Hat-690423/

By Brian Prince
eWeek.com
2009-07-31

Apple has swatted a bug in the iPhone that security researchers Charlie Miller and Collin Mulliner spotlighted at the Black Hat security conference…

In French Inquiry, a Glimpse at Corporate Spying

Posted by InfoSec News on Aug 3

http://www.nytimes.com/2009/08/01/business/global/01iht-spy.html

By DAVID JOLLY
The New York Times
July 31, 2009

PARIS — The story has the elements of a corporate thriller: a cast of characters that includes former French spies and military men, an American cycling champion, Greenpeace…

Identity theft hackers attack MI5 website

Posted by InfoSec News on Jul 30

http://www.telegraph.co.uk/technology/news/5937833/Identity-theft-hackers-attack-MI5-website.html

By Alastair Jamieson
Telegraph.co.uk
30 July 2009

The security breach could also have enabled the hackers to download viruses onto the machines of anyone using the organisation’s website,…

Details on presidential motorcades, safe house for First Family, leak via P2P

Posted by InfoSec News on Jul 30

http://www.computerworld.com/s/article/9136053/Details_on_presidential_motorcades_safe_house_for_First_Family_leak_via_P2P?taxonomyId=17

By Jaikumar Vijayan
July 29, 2009
Computerworld

Details about a U.S. Secret Service safe house for the First Family — to be used in a national…

Real Black Hats Hack Security Experts on Eve of Conference

Posted by InfoSec News on Jul 30

http://www.wired.com/threatlevel/2009/07/kaminsky-hacked/

By Kim Zetter
Threat Level
Wired.com
July 29, 2009

LAS VEGAS – Two noted security professionals were targeted this week by hackers who broke into their web pages, stole personal data and posted it online on the eve of the Black…

Black Hat: Android, iPhone SMS Flaws Revealed

Posted by InfoSec News on Jul 30

http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=218800192

By Thomas Claburn
InformationWeek
July 29, 2009 07:08 PM

In a presentation at the Black Hat security conference in Las Vegas on Thursday, security researchers Charlie Miller and Collin…

New tool could help computer forensics move off the disk and into memory

Posted by InfoSec News on Jul 30

http://gcn.com/articles/2009/07/29/black-hat-briefings-memory-forensics.aspx

By William Jackson
GCN.com
July 29, 2009

LAS VEGAS – Tools such as Metasploit’s meterpreter for the automated delivery of stealthy payloads are making it more difficult for researchers to find out after the…

Researchers offer tools for eavesdropping and video hijacking

By Elinor Mills

LAS VEGAS–Showing off technology that James Bond would love, two researchers at Defcon on Friday demonstrated tools that allow people to eavesdrop on video conference calls and intercept surveillance camera video.

An attacker needs to be in the same building as the victims to carry out the man-in-the-middle attacks over …

Clampi Trojan stealing online bank data from consumers and businesses

By Elinor Mills

LAS VEGAS–Hundreds of thousands of Windows computers are believed to be infected with a Trojan called “Clampi” that has been stealing banking and other …

Report finds fake antivirus on the rise

By Elinor Mills

Malware posing as antivirus software is spreading fast with tens of millions of computers infected each month, according to a report to be released on Wednesday from PandaLabs.

PandaLabs found 1,000 samples of fake antivirus software in the first quarter of 2008. In a year, that number had grown …

Microsoft offers patches to ward off ActiveX attacks

By Elinor Mills

Microsoft released an emergency patch on Tuesday to protect Internet Explorer users from a hole in technology used to build ActiveX controls and other Web application components that has been targeted in attacks.

A critical patch for all versions of IE will protect consumers, while a security update for Visual …

Mozilla patches three public Firefox bugs

Mozilla today patched Firefox 3.5 and Firefox 3.0 to quash three security vulnerabilities, including a pair unveiled last week at Black Hat, and a third Mozilla itself revealed last month.

Security analyst: Las Vegas ATMs may have malware

The U.S. Secret Service said on Monday it is investigating a group of ATM machines in Las Vegas that are debiting people’s accounts but not dispensing cash.

Govt pilots anti-cyber bullying project

The Federal Government has announced a new pilot project aimed at curbing cyber bullying in Australian schools.

Vegas ATM Malware Demonstrates Banking Security Woes

Fake ATM machines have taken up residence around Las Vegas.

Report: Chinese hackers deface Melbourne film festival site

The organizer of 2009 Melbourne International Film Festival shuts down online ticket sales after recent attacks from what are alleged to be Chinese hackers after World Uyghur Congress president and Nobel Peace Price nominee Rebiya Kadeer were invited to attend the event, according to a report on Monday from The Standard, one of Hong Kong’s English dailies.

Fast-Food FAIL: Drive-Thru Displays Point-of-Sale LAN Info

Rick Lawhorn went to a local fast-food chain one recent evening and found a potential security threat to go with his burger and fries.

Is Your Linksys or Netgear Router Open to Attack?

If you have a Linksys model WRT160N or Netgear RP614v4 router, it may be time to worry a little. At least according to a report out of Defcon from The Register. The vulnerability is based on CSRF, or cross-site request forgery, an issue with the cPanel web-based control software used to administrate the devices.

Twitter now blocking bad URLs, but imperfectly

Hoping to deal with a growing problem, Twitter has quietly introduced a feature to prevent users from posting links to malicious Web sites. But security experts say that it can be easily circumvented.

Kevin Mitnick seeks refuge from hackers

Kevin Mitnick, the ex-hacker turned security consultant, is such a high-profile target himself that the Web-hosting firm he was using finally told him it wouldn’t host Web pages for him anymore.

Korean ‘journalists’ booted from Defcon

Four South Korean journalists were booted from the Defcon hacking conference this week after conference organizers decided their story didn’t quite add up.

Fake ATM doesn’t last long at hacker meet

Criminals running an ATM card-skimming scam made a big mistake this week: They tried to hit the Defcon hacker conference in Las Vegas.

Defense Department eyes hacker con for new recruits

The U.S. Air Force has found an unlikely source of new recruits: The yearly Defcon hacking conference, which runs Thursday through Sunday in Las Vegas.

MI5 website reportedly hacked

MI5’s official website has been hacked in a bid to steal the identities of visitors to the site, according to media reports.

‘Ear prints’ will stop iPod and iPhone theft

Forget finger prints, scientists have found a way of using the “acoustic fingerprint” of a person’s ear to make it possible to prevent other people using your iPod or iPhone.

ID card scheme costs hit £215m

The government has spent £215 million (US$353.7 million) on the national identity scheme, including ID cards and biometric passports.

Report: Apple to patch iPhone SMS bug Saturday

Apple on Saturday will patch a critical vulnerability that lets hackers take control of users’ iPhones by sending malicious text messages, according to a report by the BBC.

British hacker’s mom wants Obama’s help on extradition

Shortly after a British court ruled today that it wouldn’t stop the extradition of British hacker Gary McKinnon, the man’s mother called on President Barack Obama to stop the legal proceedings.

Security Fixes for Adobe Flash, Reader, Acrobat, AIR

Adobe has issued a range of patches for its most popular software to head off malware-pushing assaults that use poisoned PDF files to trigger a flaw in Flash.

Adobe updates Acrobat, Reader with security improvements

Adobe Systems has updated Acrobat and Reader to version 9.1.3. Both updates are available through the Adobe Updater application or for download through Adobe’s Web site.

Enter to win one of 15 copies of ‘Practical Intrusion Analysis’

We have 15 copies of ‘Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century’ to give to 15 lucky readers.Deadline for entries: August 31, 2009.

Mozilla squashes critical bugs in Firefox
SSL spoofing vuln slain

Mozilla on Monday issued an update for Firefox that fixes four critical security bugs in the popular open-source browser, including one exposed last week that could make it easy for attackers to spoof SSL certificates used to secure websites.…

AES encryption not as tough as you think
Cipher attack shaves safety margin

Cryptographers have found a new chink in the widely used AES encryption standard that suggests the safety margin of its most powerful cipher is not as high as previously thought.…

Twitter starts filtering links to malware sites
Block and tackle

Micro-blogging site Twitter has begun filtering links to known malware sites.…

Fake ATM scam rumbled by Defcon hackers
Black hats in Fear & Loathing conference moment

White hat hackers attending the DefCon conference in Vegas last week uncovered the presence of a fake ATM in the show’s venue.…

PerlMonks suffers unholy hack
Tidings without comfort or joy

Web developer site PerlMonks is obliging users to change up their passwords, following a successful hacking attack.…

cPanel, Netgear and Linksys susceptible to nasty attack
Unholy trinity

Defcon If you use cPanel to administer your website or certain Linksys or Netgear devices to route traffic over your wireless network, you’re susceptible to web-based attacks that could take complete control of your systems, two security researchers said Saturday.…

Switch hardening on your network, (Mon, Aug 3rd)

For many pentesters, myself included, switches and routers are a favourite target when performing in …(more)…

Website Warnings, (Sat, Aug 1st)

We received an email today from a lady who runs a website that helps to look for and locate missing …(more)…

Firebird SQL op_connect_request main listener shutdown vulnerability

A remote denial of service vulnerability has been found in Firebird SQL, which can be exploited by a remote attacker to force the server to close the socket where it is listening for incoming connections and to enter an infinite loop, by sending an unexpected ‘op_connect_request’ message with invalid data to the server.

Cisco Using Microsoft Active Template Libraries Vulnerability

Certain Cisco products that use Microsoft Active Template Libraries (ATL) and headers may be vulnerable to remote code execution. In some instances, the vulnerability may be exploited against Microsoft Internet Explorer to perform kill bit bypass. In order to exploit this vulnerability, an attacker must convince a user to visit a malicious web site.

FreeBSD BIND named(8) Dynamic Update Message Denial of Service Vulnerability

When named(8) receives a specially crafted dynamic update message an internal assertion check is triggered which causes named(8) to exit.

HP ProLiant DL/ML 100 Series G5 G6 Servers Remote Denial of Service

A potential vulnerability has been identified with certain HP ProLiant DL/ML 100 Series G5/G6 Servers with ProLiant Onboard Administrator Powered by LO100i.

Akamai Download Manager Execution of Arbitrary Code

Akamai has become aware of a security vulnerability within the Akamai Download Manager up to and including version 2.2.3.7 of the ActiveX control.

Apple iPhone Arbritary Code Execution

Calling the CSS attr() attribute with a large number leads to memory corruption, heap spraying allows execution of code.

Hathaway Resigns as U.S. Cyber-security Chief

Acting cyber-security chief Melissa Hathaway will reportedly step down Aug. 21. Hathaway, who headed up President Obama’s 60-day review on the nation’s cyber-infrastructure, says she is leaving for personal reasons.

WatchGuard Buys BorderWare for E-Mail, Web Security

WatchGuard Technologies has purchased BorderWare Technologies to get into the e-mail and Web content security business, the company says. WatchGuard says the move will help it compete against Google and Cisco Systems in the messaging security space. The official announcement will be Aug. 4.

Brief: Defense deputy calls for identity chief

Defense deputy calls for identity chief

Vegas ATM Malware Demonstrates Banking Security Woes (PC World)

In technology

PC World – Fake ATM machines have taken up residence around Las Vegas.

Security Analyst: Las Vegas ATMs May Have Malware (PC World)

In technology

PC World – The U.S. Secret Service said on Monday it is investigating a group of ATM machines in Las Vegas that are debiting people’s accounts but not dispensing cash.

Hackers expose weakness in visiting trusted sites (AP)

In technology

AP – A powerful new type of Internet attack works like a telephone tap, except operates between computers and Web sites they trust.

Apple: GarageBand leaks user data to advertisers

By Ryan Naraine on Vulnerability research

Apple today warned that its GarageBand software is leaking users’ Web activity to third parties and advertisers. The company shipped GarageBand 5.1 to plug the hole and advise users to tweak their Safari browser preferences to avoid data leakage.  Here’s the relevant information from Apple’s advisory: CVE-2009-2198: When GarageBand is opened, Safari’s preferences are changed to always [...]

Does Twitter’s malware link filter really work?

By Dancho Danchev on Web 2.0

Today, researchers from F-Secure stumbled upon a long-anticipated feature in Twitter’s fight against malicious abuse of its service – a malware URL filter preventing automatically registered or compromised legitimate accounts from tweeting known malicious links. Whenever a Twitter user is attempting to post a link to a known malware/phishing URL, a “Oops! Your tweet contained a [...]

Twitter turns to Google for help with malware attacks

By Ryan Naraine on Web Applications

As it scrambles to cope with a noticeable surge in malware attacks targeting its users, Twitter has found a friend in Google. The popular micro-blogging service has quietly started using the Google Safe Browsing API to block links to known malicious Web sites. [ SEE: Guy Kawasaki's Twitter account hijacked, pushes Windows and Mac malware ] The Safe [...]

Black Hat recap podcast: SSL, SMS, BIOS rootkits

By Ryan Naraine on iPhone

In this podcast, I chat with Threatpost.com co-editor Dennis Fisher about the big news coming out of the Black Hat security conference.  We discuss the attacks using SMS and MMS, rootkits in keyboards and BIOSes, vulnerabilities in SSL and the response from vendors to these problems. Listen here [mp3].

Dead-finger tech: 3G USB Modem, Prestigio Powerbank 501

By Dancho Danchev on Uncategorized

Connectivity is addictive, and in my line of work it’s a prerequisite for timely assessing the latest cybercrime incidents as they emerge in order to properly respond to them. Next to connectivity, I put mobility as the second most important success factor, in particular my ability to increase the average working time for my power-hungry [...]

Mozilla patches ‘critical’ Firefox flaws

By Ryan Naraine on Zero-day attacks

Mozilla has released two advisories to patch serious security flaws in its flagship Firefox Web browser. The vulnerabilities are rated “critical,” meaning they can be exploited by malicious hackers to run harmful code and install software, requiring no user interaction beyond normal browsing.   These issues were separately discussed at last week’s Black [...]

Hacker demos persistent Mac keyboard attack

By Ryan Naraine on Zero-day attacks

Apple’s sleek $49 Mac keyboards can be hacked and infected with keystroke loggers and impossible-to-detect rootkits, according to a security researcher presenting at this year’s Black Hat/DEFCON conferences. The researcher, known only as “K. Chen,” found a way to reverse engineer and tamper with the keyboard’s firmware upgrade. With the firmware under control, an attacker can [...]

Fake ATM, skimmers found in Las Vegas hotels

By Ryan Naraine on Vulnerability research

A Google security researcher attending the Black Hat/DEFCON conferences in Las Vegas was victimized by a skimming device placed in an ATM at the Rio All-Suite Hotel and Casino. Chris Paget, an RFID security expert who now works on Google’s security team, said he lost $200 to a rigged ATM that also claimed several other victims.   [...]

Apple patches Black Hat SMS attack flaw

By Ryan Naraine on iPhone

On the heels of a Black Hat conference demo of an iPhone hijack via text messages, Apple has shipped an iPhone update with patches for the security flaw. The iPhone OS 3.0.1 update, available only via iTunes, addresses a memory corruption issue in the way the device decodes SMS (text) messages.   Apple warned that a maliciously [...]

SB09-215: Vulnerability Summary for the Week of July 27, 2009

Vulnerability Summary for the Week of July 27, 2009

Cisco Security Center: IntelliShield Cyber Risk Report

July 27-August 2, 2009

Report Highlight: U.S. Government Websites Tracking Policy Proposal

White House cyber adviser Melissa Hathaway resigns

Melissa Hathaway, who led the administration’s 60-day review of cyber policy and was considered a candidate for the new White House cyber coordinator position, will resign later this month, according to an article on The Wall Street Journal’s Web site.

DOD rethinking social media access

Groups want more input in classification debate

Advocates for open government want to see national security adviser’s recommendations for revising government data classification policy before they are sent to President Obama for consideration.

Come join the homeland security review

Starting today people can go online to participate in a wide-ranging review of the Homeland Security Department designed to help shape the department over the coming years.

McNamara: Give info-sharing office more authority

Thomas McNamara said the Program Manager for the Information Sharing Environment should have budgetary authority and the ability to direct policy changes.

DOD may ban Twitter, Facebook, other social media

The military is once again considering blocking social-media sites, for security reasons.

E-Verify could add biometrics

Sen. Charles Schumer (D-N.Y.) has begun laying the groundwork for adding a biometric — most likely a fingerprint — to the E-Verify federal employment verification system

U.K. agency releases 20-page policy for Twitter

In the U.S. and abroad, agencies determine how to deal with YouTube, Twitter and fake agencies.

The great cybersecurity star search

A consortium of private and government organizations has launched a program of competitions and educational opportunities for young people to build the next-generation cybersecurity workforce.

Desperately seeking cyber skills

Efforts to recruit young people into government cybersecurity roles could benefit everyone.

Bill would ban peer-to-peer use in agencies

A House committee chairman who has jurisdiction over some government operations plans to introduce a bill designed to ban the use of peer-to-peer software on government and contractor networks.

Group opposes making contractors use E-Verify

The Professional Services Council opposes Senate legislation would require federal contractors to use the E-Verify system for new and existing employees.

Committee approves bill to strip some IT requirements from Real ID

A bill that would remove costly information technology requirements from a secure identification law has been approved by a Senate committee.

Spires named new CIO at DHS

Richard Spires is the Homeland Security Department’s top information technology executive.

OMB evaluates federal Web tracking policies

The Office of Management and Budget is re-evaluating federal policies barring the use of Web tracking tools.

GAO: Details needed on electronic records system

The National Archives and Records Administration’s spending plan for its Electronic Records Archive system needs important details, GAO has found.

Around The Horn vol.1,143

Posted in Uncategorized by lightthedarkfiber on August 1, 2009

iPhone/GSM phones vulnerable to SMS hacks, patch coming soon

By chris.foresman@arstechnica.com (Chris Foresman) on Windows Mobile

As promised, iPhone security expert Charlie Miller, along with colleague Collin Mulliner, demonstrated a vulnerability in the SMS messaging system which can ultimately lead to hacking of an iPhone. Miller and his cohorts identified similar flaws in the Android and Windows Mobile operating systems, though no complete exploits were demonstrated. However, security researchers Zane Lackey and Luis Miras also demonstrated that the vulnerability can affect any GSM phone, though exactly how each phone reacts to the vulnerability differs.

The problem stems from the SMS system. Phones have to accept SMS messages, and these security experts have found that carefully crafted messages can be interpreted as binary instructions instead of text. Some phones may see a scrambled message—the iPhone, for instance, will show a text with just a square—or may see nothing at all. Lackey and Miras showed an exploit for a Sony Ericsson phone that simply showed the message, “New settings received. Install?” The user might easily assume the data is from a legitimate source.

Black Hat attendees warn of impending Mac OS X hacker doom

By chris.foresman@arstechnica.com (Chris Foresman) on security

Mac security researcher Dino Dai Zovi revealed a significant vulnerability in Mac OS X today at the Black Hat conference taking place in Las Vegas this week. He and other Mac security experts warn that Mac OS X could prove to be an easy target if hackers were to shift significant resources to exploiting any of its security flaws.

Dai Zovi detailed a technique that he calls “Machiavelli,” which can be used to grab data, even if it is encrypted. Specifically, it relies on an exploit of Safari, the most common attack vector for Mac OS X. “There is no magic fairy dust protecting Macs,” he told Reuters in an interview.

Saving us from forged DNS data: an update on DNSSEC

By iljitsch.vanbeijnum@arstechnica.com (Iljitsch van Beijnum) on web

Like so many of the Internet protocols invented decades ago, the Domain Name System has some serious security issues. Earlier this week in Stockholm, the Internet Society (ISOC), the Internet Engineering Task Force, and DNS experts provided a status update on DNSSEC, the secure DNS protocol designed to close a security hole in the bowels of the Internet that has been the target of exploits.

Researchers offer tools for eavesdropping and video hijacking

By Elinor Mills

LAS VEGAS–Showing off technology that James Bond would love, two researchers at Defcon on Friday demonstrated tools that allow people to eavesdrop on video conference calls and intercept surveillance camera video.

An attacker needs to be in the same building as the victims to carry out the man-in-the-middle attacks over …

Apple fixes iPhone SMS flaw

By Jim Dalrymple

Apple on Friday fixed an SMS-related security flaw in the iPhone that had been at the center of one of the most talked-about exploits at this week’s Black Hat security conference.

“We appreciate the information provided to us about SMS vulnerabilities which affect several mobile phone platforms,” Apple representative …

Microsoft acknowledges Windows 7 activation leak

By Dong Ngo

Alex Kochis, Microsoft’s director of Genuine Windows, posted a blog late Thursday addressing the “leak of a special product key” of Windows 7 RTM (release to manufacturers). This confirmed the rumor on Tuesday that an ISO file of Windows 7 RTM sent to Lenovo that …

NASA hacker loses bid to avoid extradition

By David Meyer, Tom Espiner

Gary McKinnon has lost his high court bid in the U.K. to avoid extradition to the U.S. for hacking into military systems.

McKinnon had tried to argue that former home secretary, Jacqui Smith, was legally wrong to push for the extradition despite …

An SMS can force a URL or app on smartphones

By Elinor Mills

LAS VEGAS–In one of a handful of SMS-related presentations here at the Black Hat security show, researchers demonstrated on Thursday how they can force certain types of smartphones to …

McAfee acquiring MX Logic, delivers solid outlook

By Larry Dignan

This was originally published at ZDNet’s Between the Lines.

McAfee on Thursday announced it’s acquiring MX Logic, which provides on-demand e-mail, continuity, and Web services, for $140 million in cash.

The move is designed to bolster McAfee’s security as a service lineup. Security software vendors …

Adobe patches critical Flash hole

By Stephen Shankland

Adobe has released a patch for a critical Flash Player problem that could let attackers take over people’s computers through content viewed in a browser.

The vulnerability affected a file that shipped with Flash Player 9.x and 10.x for Windows, Mac OS X, and Linux, and with …

Hackers: We can bypass San Francisco e-parking meters

By Declan McCullagh

A three-man team of programmers and engineers announced on Thursday that it has found a way to park for free by bypassing the security of “smart” parking meters used in cities including San Francisco, which has about …

Researchers can attack mobile phones via spoofed SMS messages

By Elinor Mills

LAS VEGAS–Researchers at the Black Hat security conference on Thursday showed how an attacker could spoof a type of SMS message that appears to be sent from the carrier or some other trusted source.

This attack on MMS (multimedia messaging service) messages, a type of SMS message, could allow an …

Symantec: Shorter contracts ding earnings

By Larry Dignan

This was originally published at ZDNet’s Between the Lines.

Symantec’s fiscal first quarter fell short of expectations as corporate customers opted for shorter-term maintenance and license renewals.

The company, which makes security and storage software, reported first-quarter net income of $73 million, or 9 cents a share, down …

Jailbreaking iPhone could pose threat to national security, Apple claims

By Dong Ngo

I just got my new iPhone 3GS the other day and the first thing I did with it was get it jailbroken, just how I handled my iPhone 3G.

This time around, it was not really because I was in dire need of any extra functionality (the 3GS now can …

5 Tips for Safe Tweeting

By Rik Ferguson on Twitter

  If you use, or are thinking of joining the estimated 32 million people who are already using the micro-blogging service Twitter, then here are 5 security tips for you consider.   1.     Consider *everything* you post, at least three times, before you post it. There is currently no effective means of deleting or recalling public tweets.   2.     Never share [...]

sqlmap 0.7 Released – Automatic SQL Injection Tool

By Darknet on web-application-security

We’ve been following sqlmap since it first came out in Feburary 2007 and it’s been quite some time since the last update sqlmap 0.6.3 in December 2008. For those not familiar with the tool, sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection [...]

Chinese Firm Writes First SMS Worm

By Darknet on yxe worm

Ah another first, and once again China is at the forefront! We recently reported about a Chinese company sharing their huge malware database and now a group of Chinese companies has managed to develop the first SMS worm! It’s a pretty cool concept, abusing the Symbian Express Signing procedure. It reminds me of the heydays of [...]

Mobile Security Still Not Caught up to the Hype

In Mobile malware

Mobile security is a serious issue, as recent research has shown. However, it is important to distinguish between the actual threat and hyperbole. 

Rolling Review: Symantec’s DLP-9

Symantec’s DLP software provides robust leak prevention for endpoints and on the network.

Hacker Gary McKinnon Loses Extradition Appeal

Fighting to avoid what he fears will be unfair treatment from U.S. courts, U.K. hacker Gary McKinnon lost another appeal in his attempt to avoid being extradited.

Apple Fixes iPhone SMS Vulnerability

Moving to close a hole revealed at the Black Hat security conference on Thursday, Apple has released iPhone OS 3.0.1.

Black Hat: Social Networks Reveal, Betray, Help Users

Researchers at security conference show how social networks can reveal more than users intend.

Black Hat: Mac OS X Rootkit Debuts

The development of a proof-of-concept rootkit for Mac OS X reinforces the fact that security concerns aren’t just for Windows users.

Black Hat: Android, iPhone SMS Flaws Revealed

Security researchers have identified several SMS vulnerabilities that can be used to deny service to mobile phones. They’re presenting on Thursday but their findings have been published.

Remote BIND 9 DoS Vulnerability Patched

By Denys Ma on Add new tag

A new, remotely exploitable denial-of-service (DoS) vulnerability affecting BIND Version 9 was reported by ISC on July 28. It’s also reported that exploits have been seen in the wild.  Because BIND is widely used, these attacks can affect many critical infrastructures. Here’s a little description of the problem. The vulnerability exists in the DNS dynamic-update request [...]

iPhone Virus: What You Need to Know

The iPhone’s security flaws were laid bare at the Black Hat Conference in Las Vegas yesterday, and now the smartphone-clutching public has boiled itself into a frenzy. But how serious is this supposed iPhone virus, and what can be done to protect your iPhone from infection? Here is what we know, and why you probably shouldn’t worry.

Adobe patches 12 Flash bugs, 3 caused by Microsoft

Adobe on Thursday patched a dozen vulnerabilities in Flash Player, including three it inherited from faulty Microsoft development code and one that hackers have been exploiting for at least a week.

Conficker talk sanitized at Black Hat to protect investigation

A talk at Black Hat had to be scaled back because it contained information about Conficker that might tip investigators’ hand and send the perpetrators further underground, says F-Secure’s chief research officer.

Practicing safe surfing can derail attempts to cruise ‘Net anonymously

A Google service that helps protect Internet surfers from malicious sites also gathers data about browsing activities that users are trying to keep secret, a researcher told Black Hat attendees.

Sophos: MI5 hack is warning to all website owners

Security firm Sophos is warning website publishers to be wary of a group of cybercriminals that managed to hack into MI5’s website.

NASA hacker loses appeal against extradition

NASA hacker Gary McKinnon has once again lost his fight against extradition to the US.

P2P ban plan for government gets mixed response

A proposal to introduce a bill seeking to formally ban the use of peer-to-peer (P2P) file sharing applications on government and contractor networks is evoking a mixed response.

The Macalope Weekly: R.I.P. Apple Tablet

Can it be? Is the device we already started saving up an undetermined amount of money to buy because we don’t even know how much it costs yet dead on before arrival?! Or is it coming to CES with Apple? And an iPhone bug lets the Macalope ride one of his favorite hobby horses: Apple and security.

Defense stalwarts building cybersecurity CSI

Northrop Grumman has become the latest defense contractor to go whole hog into cyber threat monitoring and detection. The defense giant said it has opened cyber threat detection and response center staffed around-the-clock, providing security monitoring for more than 105,000 clients and 10,000 servers worldwide.

Meter hackers find free parking in San Francisco

San Francisco’s ambitious plans to roll out computerized smart parking meters have hit a snag: They can be hacked for free parking.

More holes found in Web’s SSL security protocol

Security researchers have found some serious flaws in software that uses the SSL (Secure Sockets Layer) encryption protocol used to secure communications on the Internet.

Open-source project aims to makes secure DNS easier

A group of developers has released open-source software that gives administrators a hand in making the Internet’s addressing system less vulnerable to hackers.

Disney, Universal demand closure of The Pirate Bay

Disney and Universal Studios are among 13 production companies that are trying to get BitTorrent search engine the Pirate Bay closed.

Fake anti-virus programs set to rule the roost

The phenomenon of fake anti-virus (AV) software is growing at such a pace that it could grow to eclipse all other types of malicious software, one security company has suggested.

UnboundID adds proxy server to directory lineup

Directory and identity start-up UnboundID completed its directory lineup with the release of a proxy server that provides users with load balancing, failover and extra security controls.

Surveillance camera hack swaps live feed with spoof video
Reliving Thomas Crown

Defcon Corporate teleconferences and other sensitive video feeds traveling over internet are a lot more vulnerable to interception thanks to the release of free software tools that offer penetration testers and attackers a point-and-click interface.…

Apple patches Black Hat SMS vuln
Claims 24 hour turnaround

Yesterday, The Reg reported that researchers had discovered a vulnerability in the iPhone and other mobile devices that made them vulnerable to an SMS hack.…

Flash update plugs zero-day Adobe vuln
Plethora of patches perplexes punters

Adobe released an update to its Flash Player software on Thursday, completing a busy week of security updates from the software developer.…

McAfee gobbles up MX Logic for cloud security push
Splashes out again with SAAS-y purchase

McAfee has agreed to buy email and filtering services firm MX Logic for $140m in cash, followed by a further $30m, providing performance targets are met.…

Hijacking iPhones and other smart devices using SMS
No user interaction necessary

Black HatUpdate: Apple says it has patched the vulnerability described below. The full story is here

Meter insecurity raises specter of free parking hacks
Cloned card could allow unlimited parking

Black Hat Hackers have figured out a way to trick San Francisco’s computerized parking meter system into giving away unlimited free parking by cloning the smart cards used to pay fees.…

Cisco patches DoS vuln pair in IOS
No exploit spotted

Cisco has issued a pair of updates today patching two remote denial of service vulnerabilities affecting certain devices running its Internetwork Operating System (IOS).…

MI5 website vuln builds mountain out of molehill
Team Elite: Mission Implausible

Hackers have uncovered information security shortcomings involving MI5’s website, even though the problem is nowhere near as severe as one tabloid paper claims.…

Intel warns over bare-metal BIOS bug
Set bug panic meters to ‘important’

Intel has warned that some of its motherboards contain a flaw in their BIOS setup that creates a privilege escalation vulnerability.…

Tiny typo blamed for massive IE security fail
That’ll teach you to keep your ampersands in order

One small typo in Microsoft’s code caused the security vulnerability that prompted Microsoft to release an out of sequence patch on Tuesday, it has emerged.…

Adobe Patch is out, (Fri, Jul 31st)

It looks like today will be patch day for a lot of folks. It appears that Adobe has rele …(more)…

The iPhone patch is out, (Fri, Jul 31st)

Just what we have been waiting for – the patch is out. We have received confirmation that the …(more)…

Google Safe Browsing, (Fri, Jul 31st)

Last night one of our long time readers sent me an email that had a link to a Google Safebrowsing Di …(more)…

Don’t forget to tell your SysAdmin Thanks, (Fri, Jul 31st)

I had totally forgotten that this is indeed a special day! A holiday of sorts for me and all S …(more)…

iPhone Hijack, (Thu, Jul 30th)

We received some information today about a bug in the iPhone OS that may cause some pretty s …(more)…

Happy patching day, (Thu, Jul 30th)

With the DNS issues, Microsoft OOBpatch and the Flash issue a couple of other things may have …(more)…

P2P Leaks of Government Data Prompt Promise of Legislation (July 29 & 30, 2009)

US Representative Edolphus Towns (D-NY) plans to introduce legislation prohibiting the use of peer-to-peer (PP2) filesharing software on government and government contractor computers…….

Smart Grid Grant Applicants Must Demonstrate They Take Security Seriously (July 28, 2009)

The US Department of Energy says that companies hoping for federal grants designated for the country’s smart grid will first need to demonstrate that they have implemented policies and procedures to protect their systems from cyber attacks…….

AT&T Blocked 4chan to Prevent DDoS Attack From Spreading (July 28, 2009)

AT&T says it blocked access to parts of the 4chan website to prevent a distributed denial-of-service (DDoS) attack from spreading and affecting service for other AT&T customers…

Research Shows Digital Certificate Warnings are Ineffective (July 28 & 29, 2009)

Researchers at Carnegie Mellon found that digital certificate warnings are not an effective security tool…….

Dutch Spammer Fined (July 28 & 29, 2009)

A Dutch spammer has been fined 250,000 euro (US $353,000) by the Dutch Independent Post and Telecommunications Authority (OPTA)…….

Center for Democracy & Technology Seeks Information About Computer Monitoring System (July 28, 2009)

The Center for Democracy & Technology (CDT) has published a report calling for the US government to release information about the Einstein computer monitoring system…….

Fixes Available for BIND Vulnerability (July 29, 2009)

The Internet Software Consortium has issued an urgent alert warning of a security flaw in BIND that can be exploited to crash vulnerable Domain Name System (DNS) servers using a single maliciously crafted dynamic update packet…….

Adobe Releases Flash Player Security Update (July 30, 2009)

Adobe has issued security updates to fix a critical vulnerability in Flash Player…….

Typo Responsible for Out-of-Cycle Microsoft Patch (July 29 & 30, 2009)

The critical vulnerability Microsoft addressed in an out-of-cycle security release earlier this week is due to an extra character in the code…….

Microsoft Issues Two Out-of-Cycle Bulletins (July 28, 2009)

Microsoft released two out-of-cycle security bulletins to address a critical remote code execution flaw in the Microsoft Active Template Library (ATL)…….

Clampi Trojan Steals Account Data (July 29, 2009)

The Clampi Trojan horse program has proven it is capable of stealing account information related to more 4,600 companies around the world…….

Scareware Purveyors are Turning a Hefty Profit (July 29, 2009)

According to statistics from Panda Security, an estimated 35 million computers are infected with scareware, also known as rogueware, every month…….

Undersea Cable Damage Causes Internet Outages in West Africa (July 30, 2009)

A cable disruption of an unknown nature has caused Internet connectivity problems in West Africa…….

INVITATION TO PARTICIPATE IN NATIONAL DIALOGUE FOR QUADRENNIAL HOMELAND SECURITY REVIEW

The Department of Homeland Security is in the process of completing the first ever congressionally- mandated Quadrennial Homeland Security Review (QHSR), a top-to-bottom review that will inform the Department of Homeland Security’s policies and priorities for the next four years…….

Researchers say search, seizure protection may not apply to SaaS data

By Robert Westervelt

Researchers examining cloud computing security issues presented a number of technical and legal hurdles that Software as a Service users could face.

DoD urges less network anonymity, more PKI use

By Robert Westervelt

U.S. Department of Defense CISO Robert Lentz went down a laundry list of security technologies needed to protect both private and government networks from cybercriminals. The age of anonymity on networks needs to come to a close to improve national cybersecurity, Lentz said at Black Hat 2009.

McAfee to acquire email SaaS vendor MX Logic

By Neil Roiter and Marcia Savage

McAfee will acquire MX Logic, one of the few remaining independent email security SaaS vendors, for $140 million in cash in a deal announced Thursday.

Machiavelli Mac OS X rootkit unveiled at Black Hat

By Michael S. Mimoso

Researcher Dino Dai Zovi presented details on a rootkit called Machiavelli, a proof-of-concept Mac OS X rootkit that seeks to dent what many Mac enthusiasts believe is an impervious OS.

WASC Web Honeypot Project enters next phase

By Robert Westervelt

Ryan Barnett of Breach Security and leader of the WASC Honeypot Project talks about phase three of the project, which uses an open proxy server to analyze Web attack data.

New Cisco IOS bugs pose tempting targets, says Black Hat researcher

By Robert Westervelt

VoIP implementations, basic coding within the devices and few router security features have made them an increasingly attractive target.

Microsoft kill-bits, browser plug-ins pose big risks, say Black Hat researchers

By Robert Westervelt

Researchers at Black Hat say complex interoperability flaws affect browser plug-ins that transmit data between different components of an OS. The holes could be exploited to gain access to a system.

Kaminsky reveals key flaws in X.509 SSL certificates at Black Hat

By Michael S. Mimoso

Researcher Dan Kaminsky returned to Black Hat with new research on X.509 certificates, explaining an attack method that could enable malicious hackers to spoof legitimate SSL certificates..

Cisco IOS Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities

Recent versions of Cisco IOS Software support RFC4893 (“BGP Support for Four-octet AS Number Space”) and contain two remote denial of service (DoS) vulnerabilities when handling specific Border Gateway Protocol (BGP) updates.

HP-UX Running Kerberos Denial Of Service And Execution Of Arbitrary Code

Potential security vulnerabilities have been identified on HP-UX running Kerberos. These vulnerabilities could be exploited by remote unauthenticated users to create a Denial of Service (DoS) or to execute arbitrary code.

Joomla! Multiple Full Path Disclosure Vulnerabilities

This vulnerability could allow a malicious user to view the internal path information of the host due to some files were missing the check for JEXEC.

Cisco Wireless LAN Controllers Multiple Vulnerabilities

Multiple vulnerabilities exist in the Cisco Wireless LAN Controller (WLC) platforms.

Drupal 6 Date and Calendar XSS Vulnerability

The Calendar module suffers from a cross site scripting (XSS) vulnerability due to the fact that it does not properly sanitize names during display.

Apple Fixes iPhone SMS Vulnerability Highlighted at Black Hat

Apple has swatted a bug in the iPhone that security researchers Charlie Miller and Collin Mulliner spotlighted at the Black Hat security conference in Las Vegas. 

British Hacker Loses Latest Try to Block Extradition

Gary McKinnon, the British hacker accused of breaking into U.S. military computers, lost his latest attempt at avoiding extradition to the United States. McKinnon is accused of hacking computers at the Pentagon, NASA and the U.S. Army and Navy in 2001 and 2002.

Adobe Flash Vulnerabilities Plugged in Security Update

Adobe updates its Flash software to patch several security issues, including a vulnerability being exploited by attackers. Among the vulnerabilities being patched are flaws in Microsoft’s Active Template Library, which was used by Adobe during its development process.

McAfee to Buy MX Logic to Build SAAS Business

McAfee agrees to buy security vendor MX Logic for $140 million to bolster its software-as-a-service business. The deal follows McAfee’s recent announcement that it will be looking to expand its SAAS footprint among enterprises.

Black Hat ’09 Shines Light on Security

The Black Hat security conference wrapped up today in Las Vegas. For those who couldn’t attend, here are a few of the stories that came out of it.

PCI Compliance Only the Start of Security

Reports that companies involved in some of the latest data breaches were PCI-compliant continues to spark discussion of whether PCI is a solid measuring stick for overall security. Industry observers say yes, but businesses need to change their check-list approach.

Following the Money: Rogue Anti-virus Software

In Web Fraud 2.0

By its very nature, the architecture and limited rules governing the Web make it difficult to track individuals who might be involved in improper activity. Cyber-sleuths often must navigate through a maze of dead-end records, pseudonyms or anonymous corporations, usually based overseas. The success rate is fairly low. Even if you manage to trace one link in the chain — such as a payment processor or Web host — the business or person involved claims that he or she was merely providing a legal service to an unknown client who turns out to be a scammer. But every so often, subtle links between the various layers suggest a more visible role by various parties involved. This was what I found recently, when I began investigating a Web site name called innovagest2000.com. This Innovagest2000 domain has for at least four years now been associated with spyware and so-called “scareware,”

Critical Update for Adobe Flash Player

In New Patches

Adobe Systems Inc. today issued a security update to its Flash player to plug at least a dozen security holes in the software, including some that hackers have been using in to break into vulnerable systems. The latest update brings Flash player to version 10.0.32.18. Updates are available for most Flash installations on Windows, Mac and Linux machines.

Clampi Trojan: The Rise of Matryoshka Malware

In Fraud

Last week, Security Fix told the online banking saga of Slack Auto Parts, a company in Georgia that lost nearly $75,000 at the hands of an extremely sophisticated malicious software family known as “Clampi”. I only mentioned the malware in passing, but it deserves a closer look: Research released this week by a top malware analyst suggests that Clampi is among the stealthiest and most pervasive threats to Microsoft Windows systems today.

Apple warns iPhones vulnerable; fixes bug (Reuters)

In technology

Reuters – Apple Inc has released an iPhone software patch to fix a critical software bug uncovered by two independent researchers that make the devices susceptible to secret attacks by hackers.

Apple says it’s fixed iPhone SMS vulnerability (AP)

In technology

AP – Apple Inc. says it has fixed an iPhone vulnerability that lets hackers knock people offline — and possibly take over the phones — by sending them specially crafted text messages.

Essential Security Fixes for Adobe Flash, Reader, Acrobat and AIR (PC World)

In technology

PC World – Adobe has issued a range of patches for its most popular software to head off malware-pushing assaults that use poisoned PDF files to trigger a flaw in Flash.

O2 says iPhone SMS patch imminent (Macworld.com)

In technology

Macworld.com – Don’t fear the square text message! British wireless provider O2 told the BBC that Apple will shortly be rolling out a patch for the recently uncovered SMS vulnerability that could allow hackers to remotely take control of phones.

UK court rejects hacker’s bid to avoid extradition (AP)

In technology

AP – Britain’s High Court on Friday rejected an autistic British man’s bid to avoid extradition to the United States to face trial for hacking into military computers.

Update: Apple Reportedly Patches iPhone SMS Flaw (PC Magazine)

In technology

PC Magazine – Apple will patch a critical security flaw on the iPhone that could let malicious hackers disable or take over any of the devices, a UK carrier told the BBC today.

British Court Allows Hacker to be Extradited to U.S. (PC World)

In technology

PC World – A British hacker who broke into U.S. government computer systems seeking evidence of alien life has failed in his latest efforts to block extradition to the U.S. to face trial.

British hacker loses bid to avoid US extradition (AFP)

In technology

AFP – A Briton accused of hacking into US military and NASA computers on Friday lost his latest legal bid to avoid extradition to the United States.

Court Allows Extradition of British Hacker to Proceed (PC World)

In technology

PC World – A British hacker who broke into U.S. government computer systems seeking evidence of alien life has failed in his latest efforts to block extradition to the U.S. to face trial.

Researchers: iPhone Vulnerable to Attacks (PC Magazine)

In technology

PC Magazine – Security experts have uncovered flaws in Apple Inc’s iPhone that they said hackers can exploit to take control of the popular device, using the tactic for identity theft and other crimes.

Anti-theft software could create security hole (AP)

In technology

AP – A piece of anti-theft software built into many laptops at the factory opens a serious security hole, according to research presented Thursday.

McAfee 2Q profit slides 40 pct, tops analyst views (AP)

In business

AP – McAfee Inc.’s second-quarter financial performance exceeded analyst expectations amid rising demand for the software maker’s computer security products.

U r pwned: text messaging paves way for hacking (AP)

In technology

AP – Getting a text message is akin to someone sliding a piece of mail under your door: You may not have asked for it, you can’t stop its delivery and you have to deal with it whether you want to or not.

Meter Hackers Find Free Parking in San Francisco (PC World)

In technology

PC World – San Francisco’s ambitious plans to roll out computerized smart parking meters have hit a snag: They can be hacked for free parking.

iPhone vulnerable to hacker attacks: researchers (Reuters)

In technology

Reuters – Security experts have uncovered flaws in Apple Inc’s iPhone that they said hackers can exploit to take control of the popular device, using the tactic for identity theft and other crimes.

Open-source Project Aims to Makes Secure DNS Easier (PC World)

In technology

PC World – A group of developers has released open-source software that gives administrators a hand in making the Internet’s addressing system less vulnerable to hackers.

Mac Flaw Could Let Hackers Get Scrambled Data (PC Magazine)

In technology

PC Magazine – A Mac security expert has uncovered a technique that hackers could use to take control of Apple Inc computers and steal data that is scrambled to protect it from identity thieves.

Researchers find insecure BIOS ‘rootkit’ pre-loaded in laptops

By Ryan Naraine on Vulnerability research

LAS VEGAS — A popular laptop theft-recovery service that ships on notebooks made by HP, Dell, Lenovo, Toshiba, Gateway, Asus and Panasonic is actually a dangerous BIOS rootkit that can be hijacked and controlled by malicious hackers. The service — called Computrace LoJack for Laptops — contains design vulnerabilities and a lack of strong authentication  that [...]

Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities

In Cisco Security Advisory

Recent versions of Cisco IOS Software support RFC4893 (“BGP Support for Four-octet AS Number Space”) and contain two remote denial of service (DoS) vulnerabilities when handling specific Border Gateway Protocol (BGP) updates.

Apple Releases Fix for iPhone SMS Vulnerability (PC Magazine)

In technology

PC Magazine – Apple on Friday confirmed that it has issued an update to fix a security glitch on the iPhone that could have allowed hackers to disable or take over the smartphones.

Around The Horn vol.1,142

Posted in Uncategorized by lightthedarkfiber on July 30, 2009

Congressman calls for P2P ban after sensitive data leaks

By ars@lasarletter.net (Matthew Lasar) on Thomas Sydnor

When he opened Wednesday’s hearing on the hazards of inadvertent file sharing via peer-to-peer software, Representative Edolphus Towns (D-NY) said he was done with letting the industry solve the problem. By the end of the hearing Towns had lowered the boom, announcing that he plans to introduce a bill to bar LimeWire-style software from government and government contractor computers and their networks.

One extra ampersand in code leads to IE exploit

By emil.protalinski@arstechnica.com (Emil Protalinski) on Internet Explorer

Microsoft has admitted that one of the out-of-band security updates it released yesterday was actually caused by a single typo in the code. The security flaw in Internet Explorer was caused by an unnecessary ampersand character, according to The Security Development Lifecycle blog: “The extra ‘&’ character in the vulnerable code causes the code to write potentially untrusted data, of size cbSize, to the address of the pointer to the array, pbArray, rather than write the data into the array, and the pointer is on the stack. This is a stack-based buffer overrun vulnerability.” The typo corrupted the code of the MSVidCtl ActiveX control used by Internet Explorer.

Cheerleader sues school, coach after illicit Facebook log-in

By jtimmer@arstechnica.com (John Timmer) on privacy

At this point, you would think that most users would be aware that they should keep embarrassing information off of Facebook. Everyone from potential employers to the press regularly check users’ accounts on the service, looking for evidence of illicit or debauched behavior, and a number of jobs have been lost due to the information found there. Still, many fail to exercise discretion when using the service, people in positions of power are catching on, and there continue to be problems that result from the blurring of boundaries between public and private.

Benign security warnings have trained users to ignore them

By jacqui@arstechnica.com (Jacqui Cheng) on study

Internet users have grown immune to security certificate warnings and are more than happy to click past them, according to a new report out of Carnegie Mellon University. Researchers found that users won’t hesitate to engage in this risky browsing behavior, especially since most warnings are for benign things like expired certificates. This behavior leaves them vulnerable to man-in-the-middle attacks, and the report calls for a reform in how warnings are handled in both safe and dangerous situations.

IE and VS out-of-band security patches coming tomorrow

By emil.protalinski@arstechnica.com (Emil Protalinski) on Visual Studio

Late on Friday, Microsoft issued an advance notification for two out-of-band security bulletins, one for Internet Explorer and one for Visual Studio, to be released tomorrow. Microsoft typically releases security patches the second Tuesday of every month and did not say why this out-of-band release was necessary. While this release encompasses Internet Explorer (Critical rating) and Visual Studio (Moderate rating), Microsoft says the patches address a single issue that can be exploited via Remote Code Execution. Both patches will require a restart. The good news Microsoft relayed was that customers who are up-to-date on their security updates are protected from known attacks related to this out-of-band release.

New iPhone hardware encryption not even close to hack proof

By chris.foresman@arstechnica.com (Chris Foresman) on security

Apple has attempted to improve the security of iPhone data two ways with recent updates. One new feature is encrypted backups, available to any phone running iPhone OS 3.0 and iTunes 8.2 or later. Another is hardware-based encryption, available on the iPhone 3GS. On the surface, these things may seem industrial-grade, but iPhone data forensics expert Jonathan Zdziarski told Ars that it’s trivial to get around these features.

Flash security vulnerability exploited in PDFs

By segphault@arstechnica.com (Ryan Paul) on Flash

When Adobe released Acrobat 9 last year, the company introduced support for embedding Flash media in PDF files. This feature is now being used by attackers who are exploiting a new vulnerability in Adobe’s Flash media plugin. The vulnerability allows remote code execution, making it a potential vector for malware deployment.

WASC Threat Classification 2.0 Sneak Peek

By Robert A. on XSS

Here is a sneak peek at the WASC Threat Classification v2.0. We’ve been working on this for more than a year and it’s been a very challenging, educational experience to say the least. Sections that are gray are currently in peer review and are not completed. Mission statement “The Threat Classification…

Fuzzware 1.5 released

By Robert A. on Tools

“Fuzzware is tool for pen-testers and software security testers that is designed to simplify the fuzzing process, while maximising the fuzzing quality and effectiveness. Fuzzware is adaptable to various testing scenarios (e.g. file fuzzing, Web Services fuzzing, etc), gives you fine grain control over the fuzzing techniques used and ensures any…

Social Security Numbers Can Be Extrapolated From Public Data

By Robert A. on IndustryNews

“For years, government officials have urged consumers to protect their social security numbers by giving out the nine-digit codes only when absolutely necessary. Now it turns out that all the caution in the world may not be enough: New research shows that social security numbers can be predicted from publicly available…

New Attack on AES

By Robert A. on Research

A new attack has been discovered against AES. “Abstract. In this paper we present two related-key attacks on the full AES. For AES-256 we show the rst key recovery attack that works for all the keys and has complexity 2119, while the recent attack by Biryukov-Khovratovich-Nikolic works for a weak key…

Security Guard Busted For Hacking Hospital’s HVAC, Patient Information Computers

By Robert A. on IndustryNews

“A former security guard for a Dallas hospital has been arrested by federal authorities for allegedly breaking into the facility’s HVAC and confidential patient information computer systems. In a bizarre twist, he posted videos of his hacks on YouTube, and was trying to recruit other hackers to help him wage a…

Three Web Application Firewall Advisories, Whitepaper Published

By Robert A. on Web Application Firewalls

Michael Kirchner and Wolfgang Neudorfer have published 3 advisories in various Web Application Firewall products. Artofdefence Hyperguard Web Application Firewal (Remote Denial of Service) http://www.h4ck1nb3rg.at/wafs/advisory_artofdefence_hyperguard_200907.txt phion airlock Web Application Firewall (Remote Denial of Service via Management Interface (unauthenticated) and Command Execution) http://www.h4ck1nb3rg.at/wafs/advisory_phion_airlock_200907.txt radware AppWall Web Application Firewall (Source code disclosure on…

Researchers exploit flaws in SSL and domain authentication system

By Elinor Mills

LAS VEGAS – Two researchers have separately uncovered flaws in the way domain names are verified on the Internet that could allow attackers to impersonate a site and steal information from unsuspecting Web surfers.

Researchers attack my iPhone via SMS

By Elinor Mills

LAS VEGAS–Researchers have discovered a way to take complete control over an iPhone merely by sending special SMS messages…

Hackers rumored to have cracked Windows 7 activation

By Dong Ngo

Microsoft only just released final code for Windows 7 to manufacturers and the company is already facing a security risk.

The Windows Genuine Advantage antipiracy system in the Windows 7 Ultimate release to manufacturers (RTM) has reportedly been compromised by some Chinese hackers, according to a variety of Chinese forums, …

Security experts’ sites hacked on eve of Black Hat conference

By Elinor Mills

LAS VEGAS–Web sites of a handful of security experts and groups were hacked and passwords, e-mails, IM chats and other information was posted on the Internet on Tuesday, the eve of the Black Hat security conference.

Jailbreaking iPhone could pose threat to national security, Apple claims

By Dong Ngo

I just got my new iPhone 3GS the other day and the first thing I did with it was get it jailbroken, just how I handled my iPhone 3G.

Single misplaced ‘&’ caused latest IE exploit

By Lance Whitney

A security hole in Internet Explorer that opened the browser to hackers since early July was caused by a single typo in Microsoft’s code.

An errant ampersand (“&”) took the blame for the exploit, admitted Microsoft in a blog published Tuesday at its Security Development Lifecycle (SDL) Web site.

Clampi Trojan stealing online bank data from consumers and businesses

By Elinor Mills

LAS VEGAS–Hundreds of thousands of Windows computers are believed to be infected with a Trojan called “Clampi” that has been stealing banking and other …

Report: Spam and malware at all-time highs

By Lance Whitney

Spam and botnets have hit their highest levels ever, according to McAfee’s second-quarter Threats Report, released Wednesday. McAfee’s Avert Labs says spam recorded in the second quarter shot up 80 percent compared with the first quarter of the year.

Report finds fake antivirus on the rise

By Elinor Mills

Malware posing as antivirus software is spreading fast with tens of millions of computers infected each month, according to a report to be released on Wednesday from PandaLabs.

Microsoft offers patches to ward off ActiveX attacks

By Elinor Mills

Microsoft released an emergency patch on Tuesday to protect Internet Explorer users from a hole in technology used to build ActiveX controls and other Web application components that has been targeted in attacks.

Researchers attack my iPhone via SMS

Two security researchers prove to a reporter during Black Hat that they can indeed “Pwn” …

Web users ignoring security certificate warnings

By Tom Espiner

Digital certificate warnings in Web browsers are not an effective security measure, according to Carnegie Mellon researchers.

Talent search is on for cybersecurity students

By Elinor Mills

The U.S. government on Monday launched a national talent search for high school and college students interested in working in cybersecurity.

Network Solutions breach exposes nearly 600,000

By Elinor Mills

Network Solutions is investigating a breach on its servers that may have led to the theft of credit card data of 573,928 people who made purchases on Web sites hosted by the company.

AVG temporarily blocked iTunes, labeling it malware

By Elinor Mills

AVG’s free antivirus product temporarily blocked users from getting to iTunes late last week, detecting it as a Trojan, the company said on Monday.

Microsoft says security programs are paying off

By Elinor Mills

One year after launching three security programs designed to improve security industry-wide, Microsoft is finding that more security patches are beating exploits out the door.

From iPhones to smart grids at Black Hat, Defcon

By Elinor Mills

My favorite security show each year is one at which there are no sales pitches, the speakers favor black T-shirts and dyed hair over suits and ties, and the talks tend to be controversial enough to prompt legal threats and even arrests.

HP researchers develop browser-based darknet

By Tom Espiner

Two researchers for Hewlett-Packard have created a browser-based darknet, an idea that could make it easier for businesses to keep eavesdroppers from uncovering confidential information.

Darknets are encrypted peer-to-peer networks normally used to communicate files between closed groups of people. Most darknets require a …

Microsoft to fix critical hole in IE

By Elinor Mills

In a rare move, Microsoft on Friday said it would be releasing security updates on Tuesday–outside of its monthly patch cycle–for a critical vulnerability in Internet Explorer and a moderate vulnerability in Visual Studio.

Expert: iPhone 3GS crypto is easily crackable

By Elinor Mills

The encryption functionality of the iPhone 3GS is so easy to crack that it is essentially “broken” as far as protecting sensitive personal data like credit card and social security numbers, according to a forensics expert and iPhone developer.

Facebook closes API loophole that let people see strangers’ photos

By Elinor Mills

Facebook has changed its application-programming interface to close a loophole developers were using to write applications based on access to photo albums set to be viewable by everyone.

Obama Safe House location leaked over P2P

By Rik Ferguson on Opinion

In an article published today by Computerworld, it was revealed that the details of a US Secret Service safe house – one meant for the US First family in the event of a national emergency – had been leaked over peer-to-peer networks using the popular LimeWire client.   This is of course not the fault of LimeWire [...]

ZF05, Kaminsky = 0wned, Mitnick = 0wned

By Rik Ferguson on vulnerability

The hacker group Zero for Owned have released their latest zine, and this time, in their own words it’s “a big one”. The group have compromised Kevin Mitnick and Dan Kaminsky to name just the two highest profile victims. The timing of the release can be no coincidence, with BlackHat opening this week.

Dutch Spammer fined €250000

By Rik Ferguson on email

Subsequent to official warnings given in 2005, OPTA, the telecoms watchdog in the Netherlands, has issued a fine of €250000 against Dutch national Reinier Schenkhuizen whom they label a “persistent spammer” . The fine comprises €150000 for sending the mails and €100000 for not including a link to unsubscribe from the mailings and will be increased by€5000 [...]

New malicious tweet run on Twitter

By Rik Ferguson on web

Only two days after Twitter had a major clear-out of spambot accounts, a new malicious tweet campaign is gathering speed, (currently at an under-the-radar speed of 33tph (tweets per hour)) using hundreds of accounts that appear to have been created just for this purpose.   The creation of the accounts actually predates Twitter’s clean-up operation in most cases, with the accounts [...]

Get Intimate with Facebook

By Rik Ferguson on web

There has been a considerable amount of talk on various social networks recently about how a Facebook user’s personal content can be used in advertising. In truth it seems there are two separate technical issues issues at play here. Although (in keeping with an earlier blog post) the real problem boils down to a lack [...]

crack.pl – SHA1 & MD5 Hash Cracking Tool

By Darknet on sha1 password cracker

crack.pl is a tool for cracking SHA1 & MD5 hashes, including a new BETA tool which can crack MD5 that have been salted. You can use a dictionary file or bruteforce and it can be used to generate tables itself. NOTE – Salt function is currently only available for md5, you need to append ‘\’ infront [...]

Hacker Group L0pht Making A Comeback

By Darknet on symantec

L0pht has been a staple of the hacking scene since the Internet existed, with the ever fabulous L0phtcrack being their best known offering. Of course when that was sold off to Symantec then subsequently discontinued, things changed a lot. Well now the Hacker News Network is back online, one of the side projects of L0pht Heavy Industries [...]

Wireshark 1.2.1 Released – Network Protocol Analyzer

By Darknet on wireshark

Wireshark is the world’s foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions. Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998. Many of you will know it as Ethereal. Features Deep [...]

UAE Telco Etisalat Installs Spyware On Users Blackberries

By Darknet on uae

Now this is pretty disgusting behaviour from a national telco provider, but well is it really surprising in Dubai? For me..no it’s not. I’ve spent a reasonable amount of time in Dubai on various projects, and my first surprise was Flickr being blocked. Especially as Dubai is probably the most liberal place in the

Microsoft Vulnerability Underscores Importance of Strong SDL

In Vulnerability Research

At the heart of the security issue involving the MSVidCtl ActiveX control was a single piece of code – an “&” symbol. Microsoft says it was hard to catch in a code review, but either way it underscores the importance of having good policies in place to catch vulnerabilities.

Black Hat: Security Research Celebs Prepare to Rock Black Hat

In Vulnerability Research

All the ethical hacking and vulnerability management rock stars are ready to go in Vegas at Black Hat.

Black Hat: Microsoft Touts Progress of Security Initiatives

In Vulnerability Research

Microsoft is claiming signifcant progress with some of the vulnerability information sharing projects it launched in late 2008.

Twitter Attacks Getting Smarter

In Web 2.0

Twitter-borne attacks just keep on getting slicker. It might not be long before they so well mimic real user interactions that it’s impossible to tell the difference.

In Malware Schemes, Sex Still Selling

In Virus and Spyware

Sex still sells in the world of malware, if evidenced only by attackers’ continued devotion to the world’s oldest social engineering tactic.

Conficker Mystery to Continue at Black Hat Conference

In Vulnerability Research

An F-Secure researcher was planning to reveal the secrets of the group behind the infamous Conficker worm but has been derailed. But that doesn’t mean there won’t be plenty to talk about.

The Business of Botnets

In Spam

Everyone knows botnets are a big business. But how big? Kaspersky Lab has some statistics that may surprise you.

As Malware Bell Tolls, Time Marches On

In Virus and Spyware

McAfee reports that it has seen nearly as many unique attacks over the course of first-half 2009 as it observed during all of 2008.

Security risks evolve alongside social media

Facebook and Twitter make it possible for government agencies to communicate and interact with the public in ways not possible just two years ago. But these social media tools also create new types of security risks that agencies must anticipate and plan for.

Private cybersecurity commission to continue

The Center for Strategic and International Studies’ cybersecurity commission plans to give more recommendations about how the government can better secure cyberspace.

Got cyber skills? Uncle Sam wants you

A new program tries to find young people that could meet the government’s need for more highly skilled cybersecurity professionals.

Official: Panel wants privacy protection for electronic medical records

A federal advisory panel wants encryption and access controls to protect patients’ medical records. official says.

DDoS Malware Was Produced in Korea

Posted by InfoSec News on Jul 28

http://www.koreatimes.co.kr/www/news/tech/2009/07/129_49163.html

By Kim Tong-hyung
Staff Reporter
Korea Times
07-27-2009

The powerful Internet attack that crippled South Korean computers earlier this month may have been initiated by local hackers after all, according to a police report…

Cyber Wars: Experts say Armenia IT sector vulnerable to attack

Posted by InfoSec News on Jul 28

http://armenianow.com/?action=viewArticle&AID=3971&CID=3762&IID=1245&lng=eng

By Georg Khachaturyan
Armenianow.com
24 July, 2009

A cyber security expert has predicted a rise in the number of hacker attacks against Armenian web resources pointing an accusatory finger at …

Microsoft Unveils Security Tools, Resources At Black Hat

Posted by InfoSec News on Jul 28

http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=218600627

By Thomas Claburn
InformationWeek
July 27, 2009

At the Black Hat conference in Las Vegas this week, Microsoft (NSDQ: MSFT) plans to provide a progress report on the security initiatives …

Researchers Try to Stalk Botnets Used by Hackers

Posted by InfoSec News on Jul 28

http://www.nytimes.com/2009/07/28/science/28comp.html

By JOHN MARKOFF
The New York Times
July 27, 2009

Researchers at Sandia National Laboratories in Livermore, Calif., are creating what is in effect a vast digital petri dish able to hold one million operating systems at once in an effort…

Security researchers unpick botnet economics

Posted by InfoSec News on Jul 28

http://www.theregister.co.uk/2009/07/24/botnet_economics/

By John Leyden
The Register
24th July 2009

The economics of botnets and the sale of stolen information in
underground bazaars have been detailed in greater depth then ever before in new research from Kasperky Lab.

Microsoft rushes to fix IE kill-bit bypass attack

Posted by InfoSec News on Jul 28

http://www.computerworld.com/s/article/9135950/Microsoft_rushes_to_fix_IE_kill_bit_bypass_attack?taxonomyId=17

By Robert McMillan
IDG News Service
July 27, 2009

Microsoft has been forced to issue emergency patches for its Windows operating system after researchers discovered a way to…

10 Tips for iPhone Users at DEFCON 17

Posted by InfoSec News on Jul 27

http://wikee.iphwn.org/howto:iphones_at_defcon

iPhone Dev Team
2009/07/27

This week, MuscleNerd and a few other unnamed dev team members will be at DEFCON 17 in Las Vegas. We’ll of course be carrying our iPhones on us like last year. Bringing an iPhone to a conference packed with hackers…

Network Solutions warns merchants after hack

Posted by InfoSec News on Jul 27

http://www.computerworld.com/s/article/9135905/Network_Solutions_warns_merchants_after_hack?taxonomyId=17

By Robert McMillan
IDG News Service
July 25, 2009

Criminals may have stolen more than half a million credit card numbers from merchant servers hosted by Networks Solutions, the…

US set to hike aid aimed at Iranians

Posted by InfoSec News on Jul 27

http://www.boston.com/news/nation/washington/articles/2009/07/26/us_to_increase_funding_for_hackivists_aiding_iranians/

By Farah Stockman
Boston Globe Staff
July 26, 2009

WASHINGTON – The Obama administration is poised to dramatically increase funding aimed at helping Iranian activists…

Rising Internet Fraud, Darknets On Agenda At Black Hat

Posted by InfoSec News on Jul 27

http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=218600423

By Thomas Claburn
InformationWeek
July 23, 2009

The economy may still be sputtering but for hackers and scammers, opportunities abound. At the Black Hat security conference in Las Vegas next…

Click, click … counting down to Cyber 911

Posted by InfoSec News on Jul 27

http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2009/07/25/IN6K18S60M.DTL

By John Arquilla
San Francisco Chronicle
Sunday Insight
July 26, 2009

When it comes to national security, our leaders are overly focused on nuclear weapons of mass destruction; more thought should be given to the …

Blumenthal defers judgment on FISMA use

Posted by InfoSec News on Jul 27

http://fcw.com/articles/2009/07/24/blumenthal-defers-judgment-on-fisma-use.aspx

By Alice Lipowicz
FCW.com
July 24, 2009

The top federal official for health information technology has not taken a position on one of the pressing issues that affects nationwide sharing of health information…

One In Two Security Pros Unhappy In Their Jobs

Posted by InfoSec News on Jul 24

http://www.darkreading.com/security/management/showArticle.jhtml?articleID=218600434

By Kelly Jackson Higgins
DarkReading
July 23, 2009

You’d think most professionals in a hot industry like IT security would feel content and challenged technically and creatively in their jobs — but not…

Hacker Group L0pht Makes a Comeback, of Sorts

Posted by InfoSec News on Jul 24

http://www.cio.com/article/497967/Hacker_Group_L_pht_Makes_a_Comeback_of_Sorts

By Robert McMillan
IDG News Service
July 23, 2009

The news report begins with shots of a tense space shuttle launch.
Engineers hunch over computer banks and techno music pounds in the background. There is a…

Energy gets jump on implementing DNS security on ESnet research network

Posted by InfoSec News on Jul 24

http://gcn.com/articles/2009/07/27/update1-esnet-dns-security.aspx

By William Jackson
GCN.com
July 23, 2009

The Energy Department has started implementing Domain Name System Security Extensions on its high-performance Energy Sciences Network (ESnet), using a commercial appliance to…

Black Hat: Android, iPhone SMS Flaws Revealed

Security researchers have identified several SMS vulnerabilities that can be used to deny service to mobile phones. They’re presenting on Thursday but their findings have been published.

Fake Security Software Steals $34 Million Monthly

Cybercriminals are making a fortune by preying on gullible computer users.

Apple Fears Jailbroken iPhones Could Kill Phone Networks

Fighting an attempt to win a copyright law exemption that would sanction the use of unauthorized iPhone software, Apple claims phone networks are at risk when it’s not in charge.

Black Hat: Smart Meter Worm Attack Planned

IOActive’s Mike Davis intends to unleash a worm on a smart meter at the Black Hat security conference on Thursday.

Google Hot Trends Dictate Malware Targeting

Popular search terms get more dangerous, a security report finds. And crossword puzzle players should be particularly vigilant.

Microsoft Issues Emergency Fixes For IE, Visual Studio

Outside of its normal patch cycle, Microsoft has released two security bulletins to fix critical flaws.

AT&T Says DoS Attack Prompted Block Of 4chan Site

The popular bulletin board site had been under a constant attack by hackers for three weeks before it was detected by the telecom company.

Security Worries Ratcheting Up; Spending Down

One in five IT managers expects to curtail investments in encryption, authentication, application security, and protection against DoS attacks this year, survey says.

Microsoft Plans Emergency Patch Tuesday

Two out-of-band security bulletins will be issued tomorrow to fix a critical flaw in Internet Explorer and a related issue in Visual Studio. Microsoft is withholding details until the patches are released.

Microsoft Plans Emergency Patch Tuesday

Two out-of-band security bulletins will be issued tomorrow to fix a critical flaw in Internet Explorer and a related issue in Visual Studio. Microsoft is withholding details until the patches are released.

Global CIO: An Open Letter To Cisco CEO John Chambers

In an open letter to Cisco CEO John Chambers, this column notes that Cisco is expanding beyond its traditional networking business with its Unified Computing System, telepresence, and other enterprise-level efforts. While this offers great potential, it also raises this question: What business is Cisco in today?

Microsoft Unveils Security Tools, Resources At Black Hat

Dealing with the changing threat landscape requires information sharing, Microsoft says, and it has developed software, guidelines, and programs to help make that happen.

Microsoft Unveils Security Tools, Resources At Black Hat

Dealing with the changing threat landscape requires information sharing, Microsoft says, and it has developed software, guidelines, and programs to help make that happen.

Apple iPhone Security Weaknesses Exposed On YouTube

Deleted voice mail, e-mail, and other data on the iPhone 3GS is vulnerable to hackers, a security expert claims in two video tutorials.

The AP Plans ‘News Registry’ To Protect Content

The world’s oldest and largest news gathering organization aims to fight online theft of its content with digital tracking beacons.

Q2 Threat Report Released and its all about botnets and spam

By David Marcus on Vulnerability Research

Today we released our Q2 Threat Report. Some trends have continued. Some new trends and threats have been established and some old friends have even outdone themselves. Spam volumes have increased 141 percent since March, continuing the longest streak of increasing spam volumes ever. We also highlights the dramatic expansion of botnets and the threat [...]

Counting Badness

By Toralv Dirro on Web and Internet Safety

Following up on the recent post by my colleague Dave Marcus concerning malware growth, the guys from AV-Test in Germany just released their updated stats. To avoid confusion when comparing the different numbers, here’s a quick explanation of the different counts: AV-Test counts unique binaries. Unique means different cryptographic hashes. So the same Trojan, obfuscated with [...]

Verizon offers free service to help developers test for Microsoft ATL flaw

Verizon Business is offering a free scanning service for developers to help them determine whether any controls or components they built using Microsoft’s ATL are vulnerable to flaws Microsoft patched on Tuesday.

Extra ‘&’ in Microsoft development code gave hackers IE exploit

Microsoft on Tuesday confirmed that a single superfluous character in its own development code is responsible for the bug that has let hackers exploit Internet Explorer (IE) since early July.

Apple: Jailbreaking could knock out transmission towers

Apple has told the U.S. Copyright Office that modifying the iPhone’s operating system could crash a mobile phone network’s transmission towers or allow people to avoid paying for phone calls.

Mobile Security: How Gadgets Evolved

CSO Publisher Bob Bragdon is a self-proclaimed “gadget head.” His collection, which spans from 1987, runs the gamut from primitive digital address book to the latest generations of today’s Blackberry and iPhone (Check out the slideshow to see pictures of all of them).

Security vendor McAfee spills 1,400 customer names

In a story just dripping with irony, e-mail security vendor McAfee has accidentally sent the contact details of some1400 conference attendees in a spreadsheet attached to a thank you message.

Some SMS networks vulnerable to attack

Flaws in the way some mobile-phone networks handle SMS (short message service) signaling data could leave them open to a whole new range of attacks.

iPhone SMS attack to be unleashed at Black Hat

Apple has just over a day left to patch a bug in it’s iPhone software that could let hackers take over the iPhone, just by sending out an SMS message.

Microsoft delivers emergency patches to IE, code library

As promised, Microsoft today patched six vulnerabilities in Internet Explorer (IE) and Visual Studio with the first “out-of-cycle” update since it plugged a hole last October that the Conficker worm later used to run rampant.

Microsoft Issues Emergency Patches for IE

Microsoft today took the unusual step of releasing out-of-band patches for severe security flaws in all versions of Internet Explorer, along with related holes in the Microsoft Active Template Library included with Visual Studio.

Microsoft rushes patches to fix ‘big deal’ programming flaw

As promised, Microsoft today patched six vulnerabilities in IE and Visual Studio with its first “out-of-cycle” update since last October, when it plugged a hole later exploited by the Conficker worm.

CDT wants US gov’t to detail computer monitoring program

U.S. President Barack Obama’s administration needs to answer several questions about the privacy implications of a new version of a computer intrusion detection system that can reportedly read e-mail, a privacy and civil rights advocacy group said.

Brits won’t use firms involved in security breaches

Almost half of Brits claim they wouldn’t purchase good or services from a company that had suffered a security breach, says SafeNet UK.

Researchers clam up about Microsoft’s rush patches

Microsoft Corp. has dropped a cone of silence over several security researchers who have recently divulged details of the vulnerabilities that the company will patch later today with a pair of emergency updates.

Tories’ NHS IT proposals slammed by own party member

David Davis has heavily criticised his own party’s plans to allow NHS patient records to be stored online by IT suppliers.

Online banking security boost: Credit union shifts to two-factor authentication

Addison Avenue Federal Credit Union is strengthening its online banking security by implementing two-factor variable-password authentication.

F-Secure: Chinese firms write world’s first SMS worm

Three Chinese companies — XiaMen Jinlonghuatian Technology, ShenZhen ChenGuangWuXian Technology, and XinZhongLi TianJin — created the ‘Sexy Space’ worms or Yxe Worm (Worm:SymbOS/Yxe.D) and submitted to Symbian OS-based phones through the express signing procedure, said F-Secure Security Labs recently.

Almost all Windows users vulnerable to Flash zero-day attacks

More than 90% of Windows users are vulnerable to the Flash zero-day vulnerability that Adobe won’t patch until Thursday, a Danish security company said today.

AT&T’s 4chan Block Raises Issue of Net Neutrality

It appears some of AT&T’s broadband customers across the United States were intentionally blocked from accessing the infamous forum 4chan over the weekend. The message board’s founder Christopher “Moot” Poole posted a notice on the 4chan Status blog yesterday claiming AT&T was “filtering/blocking img.4chan.org (/b/ & /r9k/) for many of [its] customers.” Poole encouraged 4chan users to contact AT&T to complain. The 4chan black out lasted for about 12 hours and was reportedly over by 11 p.m. Pacific Time.

New initiative is looking for a few good cybersecurity pros

Amid concerns that the U.S. has a shortage of cybersecurity professionals, a new consortium of U.S. government and private organizations aims to identify students with strong computer skills and train them as cybersecurity guardians, warriors and “top guns.”

PCI breaches shed light on cloud securityi

Credit card numbers compromised in an attack  against Web hosting provider Network Solutions exposes one of the security problems faced by cloud computing.

Adobe users face week of exploit angst

For at least the next week users of Adobe’s Acrobat Reader and Flash Player will be vulnerable to a zero-day exploit now rated as ‘highly critical’, security companies are warning.

Karoo u-turn over internet piracy policy

Karoo, the Hull-based ISP that suspended the accounts of web users caught illegally file-sharing, has changed its policy for tackling internet piracy.

Karoo suspends accounts of illegal file-sharers

A UK ISP has suspended the accounts of a number of customers it suspects have been involved in file-sharing activity.

Twitter breach revives security issues with cloud computing

Security and privacy issues over cloud computing are not very different from those surrounding any sort of IT outsourcing and need to be treated that way, security managers and analysts say in the wake of breaches involving Twitter and Google Apps.

Best data loss prevention tools

Finding the right data loss prevention tool means striking a balance between speed, success rate at detecting and/or blocking sensitive data from exiting the network, and adequate coverage across a broad range of rule-sets and protocols.

Microsoft rushes clutch patch for ‘deep’ bug in Windows, third-party apps

The emergency patches Microsoft plans to rush out on Tuesday will fix a flaw that runs through several critical Windows components and an unknown number of third-party applications, according to a pair of security researchers.

Network Solutions warns merchants after hack

Criminals may have stolen more than half a million credit card numbers from merchant servers hosted by Networks Solutions, the Internet hosting company warned Friday.

Microsoft to rush out emergency IE patch

Microsoft is taking the unusual step of rushing out two emergency security patches ahead of its regularly scheduled updates on Aug. 11.

Bugs & Fixes: Failure to launch bugs

This week, Apple released updates to its Final Cut and Logic products. (Macworld has extensive coverage of the new features in Logic as well as the Final Cut Studio suite.)

Beware of Privacy-Policy Loopholes

“We won’t share your information with third parties.” You’ve no doubt seen that common phrase in Web site privacy policies many times. You might think that the site in question won’t divulge details about your visit to other companies or organizations. But according to a study by privacy researchers at the University of California, Berkeley, sites have a huge amount of wiggle room with that promise.

Can privacy and consumer protection coexist online?

Legislation that would create privacy regulations for online advertising could cause consumers to get fewer free services and isn’t necessary because privacy advocates have shown no harm from data collection, the co-author of a study on online advertising said.

Security certificate warnings don’t work, researchers say

Every Web surfer has seen them. Those “invalid certificate” warnings you sometimes get when you’re trying to visit a secure Web site.

Palm Updates Pre OS With an Eye on the Enterprise

Palm on Thursday released another update to the Pre’s mobile operating system, webOS v1.1.0, and it includes a variety of valuable features meant for corporate IT departments supporting Pres in the enterprise.

iPhone Security: Not Beefy Enough for Businesses?

The iPhone has evolved from a casual smart phone into one with the potential to serve businesses across the globe. Its latest iteration, the iPhone 3GS, comes packaged with an encryption feature supposedly perfect for sensitive information stored on the device.

Hacker group L0pht makes a comeback, of sorts

The news report begins with shots of a tense space shuttle launch. Engineers hunch over computer banks and techno music pounds in the background. There is a countdown, a lift-off, and then you see a young man in a black T-shirt and sunglasses, apparently reporting from space.

EFF urges members to pressure Google on books privacy

Digital liberties group the Electronic Frontier Foundation is urging its supporters to pressure Google to build significant privacy protections into its Book Search service, with the EFF suggesting the service gives Google access to new personal information.

Microsoft admits it can’t stop Office file format hacks

Microsoft’s plan to “sandbox” Office documents in the next version of its application suite is an admission that it can’t keep hackers from exploiting file format bugs, a security analyst said today.

HSBC fined over £3m for data security failings

HSBC has received an almost £3.2 million (US$5.3 million) fine from the Financial Services Authority (FSA) after three of its firms lost computer discs and posted unencrypted customer details.

Asia launches online traveler tracker

A travel security online service that provides real-time traveler tracking service was launched in Asia on Tuesday (July 21).

Mass 201 CMR 17: A Survival Guide for the Anxious

David Escalante has as much cause as any IT security practitioner to be nervous about Mass 201 CMR 17, the tough Massachusetts data protection requirements organizations must comply with by Jan. 1, 2010.

EU backs renewal of anti-terror bank scrutiny deal
Follow the money

The EU is in talks to renew an agreement allowing US authorities to scrutinise European banking transactions as part of US anti-terrorism efforts.…

Wildcard certificate spoofs web authentication
SSL felled by null string

Black Hat In a blow to one of the net’s most widely used authentication technologies, a researcher has devised a simple way to spoof SSL certificates used to secure websites, virtual private networks, and email servers.…

Security elite pwned on Black Hat eve
Kaminsky, Mitnick, et al

On the eve of the Black Hat security conference, malicious hackers posted a 29,000-line file detailing embarrassing attacks that took complete control of servers and websites run by several high-profile security researchers, including Dan Kaminsky and Kevin Mitnick.…

Translation services used to pump out polyglot spam
Sie haben multi sprachliche Trödelpost

Spammers are making greater use of automated translation services and templates to create multiple language junk mail runs.

BIND crash bug prompts urgent update call
Master server flaw could break the interwebs

A vulnerability in BIND creates a means for miscreants to crash vulnerable Domain Name System servers, posing a threat to overall internet stability as a result.…

IBM piles on security pounds with Ounce Labs buy
Big cheque confirms code checking firm checks out

IBM has announced a deal to buy privately-held code security review firm Ounce Labs. The terms of the deal, announced on Tuesday, were undisclosed.…

Microsoft emergency fix kills bugs in IE, Visual Studio
Just in time

Microsoft issued two emergency updates on Tuesday to fix critical security bugs that leave users of Internet Explorer and an untold number of third-party applications vulnerable to remote attacks that completely commandeer their computers.…

Dutch spam suspect fined €250K
Clogged interwebs with 21m junk mails

Dutch telecoms regulators have fined a junk email spammer €250,000.…

Facebook slaps faces on ads
Rogue ad network to blame for photo privacy violation, apparently

The appearance of Facebook users’ photos in ads that crop up on their friends’ pages has once again raised questions about the social networking website’s privacy policies.…

SHA-3 hash contest enters second round
Crypto Olympiad hots up

The competition for the next generation of cryptographic hash algorithms has moved on to its second stage.…

New attack resurrects previously patched security bugs
Coming soon: The Windows killbit bypass manual

Researchers may have figured out how to bypass a common technique Microsoft and other software makers have used to fix hundreds of security vulnerabilities over the past decade, according to a brief video previewing a talk scheduled for later this week at the Black Hat security conference.…

Smut page ransomware Trojan ransacks browsers
Pay or it’ll display

Russian cybercrooks have come up with a variant of ransomware scams, which works by displaying an invasive advert for online smut in users’ browsers that victims are extorted to pay to remove.…

AVG update gags iTunes
Security scanner strikes a duff note

A dodgy AVG update over the weekend left users with crippled iTunes installations.…

Microsoft to issue emergency patches Tuesday
Relief for what ails IE, Visual Studio

Microsoft plans to issue two emergency patches next week that fix vulnerabilities in the Internet Explorer browser and Visual Studio developer suite that allow attackers to remotely execute malware.…

Network Solutions breach exposed 500k card accounts
The case of the 3-month hack

A breach at Network Solutions has exposed details for more than 500,000 credit and debit cards after hackers penetrated a system it used to deliver e-commerce services and planted software that diverted transactions to a rogue server, the hosting company said late Friday.…

Remote IT support tool hijacks customer webserver
TeamViewer turns outage into ad time

On Thursday morning, IT consultant Paul Nash received an urgent call from a client whose Apache webserver had crashed the previous night and inexplicably wouldn’t restart. Equally vexing, people who tried to visit the client’s website during the 10-hour outage received a message advertising TeamViewer, a maker of widely used software for remotely managing PCs and servers.…

Security researchers unpick botnet economics
Baron Samedi’s nice little earner

The economics of botnets and the sale of stolen information in underground bazaars have been detailed in greater depth then ever before in new research from Kasperky Lab.…

MS adds sandboxing to Office 2010
Harm reduction tactic aims to block bug exploitation

Microsoft has announced plans to introduce sandboxing technology with the next version of its Office suite.…

Adobe promises fix for critical Flash hole next week
Long hot weekend

Adobe has promised to fix a critical vulnerability in its Flash player software by the end of next week.…

Tackling ISO 27001: A Project to Build an ISMS

Category: Management & Leadership

Paper Added: July 27, 2009

BIND 9 DoS attacks in the wild, (Wed, Jul 29th)

Earlier today Marc posted a short diary about a vulnerability in the Internet Systems Consortium’s B …(more)…

Increasing number of attacks on security sites, (Wed, Jul 29th)

In last couple of weeks we have been all witnesses of multiple compromises of (in some cases) pretty …(more)…

BIND 9 Issue, (Wed, Jul 29th)

The Internet Systems Consortium announced a DoS condition in BIND 9. Details are on their web …(more)…

Twitter spam/phish, (Tue, Jul 28th)

Ben wrote in that: There’s a new worm going around Twitter. Victim feeds it her username …(more)…

MS released two OOB bulletins and an advisory, (Tue, Jul 28th)

Microsoft has released two Out of Band (OOB) bulletins and one advisory. The security advisory (9738 …(more)…

YYAMCCBA, (Tue, Jul 28th)

Yes Yet Another Massive Credit Card Breach Alas, this time Network Solutions. They appear to still b …(more)…

Filemon and Regmon are dead, long life to Procmon!, (Mon, Jul 27th)

Frequent reader and contributor, Roseman, called our attention about a new update to the Sysinternal …(more)…

New Hacker Challenge: Prison Break – Breaking, Entering & Decoding, (Mon, Jul 27th)

Hey, ISC readers and challenge fans! Ed Skoudis has posted one of his famous and always entertain …(more)…

New Volatility plugins, (Sun, Jul 26th)

There isn’t a lot of activity on the Internet Storm Center radar at the moment, Isuppose it is …(more)…

Microsoft Out of Band Patch, (Fri, Jul 24th)

Several readers have pointed out that Microsoft has provided notification of an Out-of-Band patch to …(more)…

US Cyber Challenge Seeks Top Cyber Security Potential (July 27, 2009)

A consortium of government and private organizations have established the US Cyber Challenge, an initiative that seeks to find 10,000 people with the potential to become the cyber security leaders of the future…….

Leahy Introduces US Data Security Legislation (July 22 & 24, 2009)

US Senator Patrick Leahy (D-Vt…….

Summary Judgment in Downloading Undermines Defense (July 27, 2009)

Opening arguments are set to begin on Tuesday, July 28 in the filesharing case against a Boston University student…….

Network Solutions Data Breach (July 24, 25 & 27, 2009)

More than 4,000 e-commerce websites hosted by Network Solutions had their credit card sales transactions compromised in a data security breach…….

UK ISP Reverses Course on Hasty Anti-Piracy Measures (July 24 & 27, 2009)

UK Internet service provider (ISP) Karoo has changed its tune regarding Internet piracy…….

Guilty Plea in Movie Uploading Case (July 22 & 23, 2009)

A California man has pleaded guilty to uploading a copyrighted work being prepared for commercial distribution…….

Adobe Promises Patches for Flash, Reader, and Acrobat By End of Week (July 23, 24 & 27, 2009)

A fix for the zero-day flaw in Adobe Flash, Reader and Acrobat will be available at the end of this week…….

Microsoft Out-of-Cycle Patches Affect Internet Explorer and Visual Studio (July 24 & 25, 2009)

Microsoft plans to issue two out-of-cycle fixes on Tuesday, July 28…….

Alico Breach Believed to be Connected to Credit Card Fraud (July 27 & 28, 2009)

A data security breach at insurance company Alico Japan has exposed credit card information related to as many as 130,000 insurance contracts…….

Twitter Weeds Out Spam Accounts (July 24, 2009)

Last week, Twitter purged accounts believed to have been created for the purpose of spamming, leaving some Twitterers with significant decreases in their number of followers…….

Post-Transaction Marketers Drawing Shoppers’ Ire (July 24, 2009)

Thousands of people who have shopped at certain online retailers have found unexpected charges on their credit card statements…….

Study Says Government Facing Shortage of Cyber Security Talent (July 22 & 23, 2009)

Although President Obama has called the threat of cyber attacks “one of the most serious economic and national security challenges,” the government is likely to be facing a shortage of well-qualified cyber security specialists, according to a study from the Partnership for Public Service and Booz Allen Hamilton…….

Kundra Letter Addresses Need to Correct Flaws in FISMA Cyber Security Metrics (July 21, 2009)

In a letter to the Government Accountability Office (GAO) director of information security issues Gregory Wilshusen, US federal CIO Vivek Kundra says that the Office of Management and Budget (OMB) is looking for new ways to measure government agencies’ cyber security postures…….

Committee Attaches Disclosure Requirements to FY10 Intelligence Authorization Bill (July 23, 2009)

Funding for cyber security programs initiated by the US government will depend in part upon disclosure of each program’s legality and privacy impact…….

Information Commissioner’s Office Will Have Authorization to Impose Fines Next Year (July 23, 2009)

As of April 2010, the UK Information Commissioner’s Office (ICO) will have the authority to levy new fines against organizations that fail to adequately protect personal data…….

Ministry of Defence Lost Server Last Year (July 21, 2009)

In detailing data loss incidents as part of its Annual Report and Accounts document, the UK’s Ministry of Defence (MOD) acknowledged losing a server from a secured building in 2008…….

Adobe Will Patch Critical Flaw in Flash, Reader, and Acrobat Next Week (July 22 & 23, 2009)

Adobe plans to release fixes for a critical vulnerability in Flash, Reader, and Acrobat next week…….

Adobe Site Offers Vulnerable Version of Reader (July 21 & 22, 2009)

The version of Adobe Reader currently offered for download on the company’s website leaves users’ computers vulnerable to attacks…….

Conflicting Reports on Flaw in Firefox 3.5.1 (July 19 & 20, 2009)

While reports from several sources suggest that the just-released update for Firefox, version 3…….

Mozilla Releases Security Update for Firefox 3.0 (July 22, 2009)

Mozilla has released an update for Firefox 3…….

HSBC Firms Fined GBP 3.2 Million (US $5.28 Million) for Data Handling Problems (July 22 & 23, 2009)

The Financial Services Authority (FSA) has fined three HSBC firms GBP 3…….

Malicious Banner Ads Infect Some Digital Spy Subscribers’ Computers (July 20, 2009)

The computers of US and Australian subscribers to the Digital Spy gossip website have been infected with malware from banner ads on the site…….

Windows 7 Released to Manufacturing (July 22 & 23, 2009)

Microsoft Windows 7 and Microsoft Windows Server 2008 R2 have been released to manufacturing, putting the operating system on track for a late October launch…….

Serious interoperability vulnerabilities affect multiple vendors, say researchers

By Robert Westervelt

Complex interoperability vulnerabilities affect browser plug-ins and other components that transmit data between different components of an operating system. The serious holes could be exploited to execute malicious code and gain access to a system.

Kaminsky reveals critical flaws in X.509 certificates at Black Hat

By Michael S. Mimoso

Researcher Dan Kaminsky returns to Black Hat with new research on X.509 certificates and explains a hacking method that enables him to spoof legitimate SSL certificates.

Expert: Information security spending often restricts innovation

By Robert Westervelt

In the opening keynote at the Black Hat USA 2009 conference, a former Google executive urged security pros to stop spending money on technologies that place restrictions on employees and instead empower end users to be security aware.

Microsoft issues emergency Active Template Library updates

By Robert Westervelt

Security updates address flaws the Active Template Library affecting Internet Explorer and Visual Studio. An IE fix also blocks a method that allows attackers to bypass killbits.

Network Solutions data security breach exposes a half-million credit card numbers

By SearchSecurity.com Staff

Company says intruders planted malicious code on Web servers supporting its e-commerce customers.

Microsoft to issue security report card, new tool at Black Hat

By Robert Westervelt

In addition to updating the public on its new security programs, the software giant is issuing a guide outlining its patching process and how to assess vulnerability data.

Microsoft to release emergency bulletins for Visual Studio, IE

By Robert Westervelt

An update correcting vulnerabilities in Internet Explorer is rated critical.

Massive spam campaign hits Yahoo Groups, LiveJournal

By Robert Westervelt

Spammers are using a spam technique that uses automated CAPTCHA-breaking software to set up accounts and use free file storage for links and images.

Symantec Profits Fall in Q1

Symantec’s profits tumbled in the first quarter of fiscal 2010, the security company reports. Symantec officials say businesses are slow to adopt long-term contracts.
- Symantec saw profits drop year-over-year for the first quarter of fiscal 2010, as the company has found enterprises less willing to sign long-term deals. quot;On the enterprise side, some customers focused their spending on shorter-term contracts or maintenance renewals, resulting in fewer new…

Researcher Unmasks Sneaky Clampi Trojan at Black Hat

At the Black Hat security conference in Las Vegas, SecureWorks researcher Joe Stewart discusses his analysis of the Clampi Trojan, which has remained largely under the radar outside security circles despite infecting hundreds of thousands of users. According to Stewart, the group behind Clampi is running one of the most sophisticated Trojan criminal operations on the Internet.

Symbian Smartphones: 1 in 63 Infected

A study by mobile security company SMobile Systems claims smartphones running the Symbian operating system are breeding grounds for spyware, viruses, worms and Trojans. SMobile says most users of the infected Symbian smartphones are unaware of the infections.

Microsoft Rushes Out Visual Studio, IE Fixes

Microsoft issues two out-of-band security bulletins to address problems in Visual Studio and Internet Explorer. The patches address an attack that could bypass Microsoft’s killbit security feature, and bugs in the Microsoft Active Template Library included with Visual Studio.

IBM Buys Ounce Labs, Could Challenge HP

IBM acquires Ounce Labs to build out its application testing capabilities. The purchase, which follows continued growth in the market, may trigger a reaction from HP and other vendors.

Kundra Considers Opening Federal Website Cookie Jar

Federal CIO Vivek Kundra proposes removing the ban on placing tracking cookies on federal Websites and instead adopting a policy of using cookies to provide better customer service and allow for enhanced Web analytics.

A Day in the Life of the Rustock Botnet

It’s a busy time for botnets. According to Marshal8e6, spam levels are up 60 percent between January and June. The vast majority of that spam comes from massive botnets such as Cutwail and Mega-D. Today, eWEEK is focusing on just one of those botnets Rustock which has been spamming users for the past few years. In its latest biannual report, TRACELabs Marshal8e6 noted Rustock uses rootkit functionality to hide itself, and changes spam templates often. It typically uses HTML templates from legitimate newsletters and inserts its own images and links to give Rustock spam a mask of respectability. This also allows it to dodge spam filters. In this slideshow, eWEEK has gathered images of Rustock in action to help illustrate a day in the life a prolific botnet. (Images courtesy of SecureWorks, Symantec, Marshal8e6 and FireEye)

Will Google Chrome OS Security Be Tough Enough?

There has been no shortage of speculation on the security of Google Chrome OS, even as Google remains quiet on exactly what its plans are. What is certain is that Google’s focus on the cloud means the security requirements of Chrome OS will be significantly different from those of traditional operating systems.

ATandT Lifts 4chan Block, Denies Censorship

AT T says it has lifted a block it put on part of the notorious 4chan.org bulletin board. AT T says the block was a security move in response to a denial-of-service attack against one of its customers, but the incident has touched a nerve among those concerned about net neutrality and censorship.

Leahy Takes Third Shot at Data Breach Notifications

Having failed twice before to convince the U.S. Senate of the necessity for a national data breach notification standard, Sen. Patrick Leahy tees up the Personal Data Privacy and Security Act again.

Apple iPhone 3GS Security Holes Revealed in YouTube Videos

A security researcher is backing up his claims that the Apple iPhone 3GS is not enterprise-ready, with YouTube videos demonstrating how an attacker could get your private data.

Microsoft Pushing Out Critical Security Patches Next Week

Microsoft will release two out-of-band security bulletins July 28, targeting issues in Internet Explorer and the Microsoft Visual Studio product line.

Weaponizing Web 2.0

In From the Bunker

Imagine simply visiting a Web forum and finding that doing so forced your browser to post an embarrassing Twitter message to all of your contacts, or caused you to admit a stranger to your online social network. Now consider the same dynamic being used to move money out of your online auction account or delete the contents of your e-mail inbox. These are just a taste of the Web 2.0 cross-site trust issues explored in a talk delivered at the Black Hat security conference in Las Vegas today. The presenters, researchers Nathan Hamiel and Shawn Moyer, delivered a related talk at Black Hat last year called “Satan is on my Friends List,” that was highly entertaining and relevant to similar trust concerns that plague dozens of social networking sites.

Report: First Lady Safehouse Route, Govt. Mafia Trial Info, Leaked on P2P Networks

In U.S. Government

Update, 2:15 p.m. ET: A previous version of this story incorrectly stated that files were found on P2P networks that listed the location of nuclear missile silos in the United States. A spokesman for the committee said the information regarding nuclear installations is related to sensitive documents accidentally published on the Web site of the Government Printing Office recently, which included a “detailed list of the civilian nuclear complex, including precise locations of weapons grade nuclear fuel.” An earlier version also incorrectly stated that on information the location of a safe house for Michelle Obama was compromised.

Microsoft’s Emergency Patch Mess

In New Patches

Microsoft today released a pair of emergency software updates (Redmond calls them “out-of-band” updates). Yes, that’s right folks: If you use Windows — and especially if you browse the Web with Internet Exploder Explorer – it’s once again time to update. The backstory to these patches is a bit complex, so here’s the short version: A while back, Microsoft introduced several security flaws into a set of widely-used third-party software development tools, and today it’s correcting that error by issuing an updated set of tools. Another update tries to block attackers from exploiting those weaknesses while third-party software makers figure out how to fix their code with the updated tools. On a scale of 1 to 10, with 10 being the most dire and far-reaching, Eric Schultze, chief technology officer at Shavlik Technologies, said he’d put the seriousness of today’s out-of-band patch releases at an 8.

Microsoft to Issue Emergency Patches Next Week

In New Patches

As Security Fix predicted earlier this week, Microsoft says it plans to issue at least two out-of-band software updates next week to plug a series of unusually stubborn and critical security holes in the Windows operating system and its Internet Explorer Web browser. Microsoft says it will issue two patches — one to deal with problems in Internet Explorer, and another to fix a bug in its Visual Studio software suite. From Microsoft: While we can’t go into specifics about the issue prior to release, we can say that the Visual Studio bulletin will address an issue that can affect certain types of applications. The Internet Explorer bulletin will provide defense-in-depth changes to Internet Explorer to help provide additional protections for the issues addressed by the Visual Studio bulletin. The Internet Explorer update will also address vulnerabilities rated as Critical that are unrelated to the Visual Studio bulletin

Network Solutions Hack Compromises 573,000 Credit, Debit Accounts

In Latest Warnings

Hackers have broken into Web servers owned by domain registrar and hosting provider Network Solutions, planting rogue code that resulted in the compromise of more than 573,000 debit and credit card accounts over the past three months, Security Fix has learned. Herndon, Va. based Network Solutions discovered in early June that attackers had hacked into Web servers the company uses to provide e-commerce services – a package that includes everything from Web hosting to payment processing — to at least 4,343 customers, mostly mom-and-pop online stores. The malicious code left behind by the attackers allowed them to intercept personal and financial information for customers who purchased from those stores, Network Solutions spokeswoman Susan Wade said. Wade said the company is working with federal law enforcement and a commercial data breach forensics team to determine the cause and source of the break-in.

Direct Financial Cost of Intrusions

By Richard Bejtlich

Thanks to the blog reader who directed me to the Washington Times story Contractor returns money to Pentagon:
Apptis Inc., a military information technology provider, repaid $1.3 million of a $5.4 million Pentagon contract after investigators said the company provided inadequate computer security and a subcontractors system was hacked from an Internet address in China
Apptis agreed to the repayment after the Defense Criminal Investigative Service concluded the company and a subcontractor failed to provide “proper network security and information assurance services,” according to the report, released in June.
The subcontractors system under Apptis management was intruded upon “with total access to the root network” from an Internet address in China, the report said.

Wow. Can anyone think of another case where a company was “fined” by a customer for an intrusion? Usually we only hear of PCI issues.

Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Cyber-criminals targeting social networks: experts (AFP)

In technology

AFP – Facebook, MySpace and other social networking sites are inceasingly being targeted by cyber-criminals drawn to the wealth of personal information supplied by users, experts warn.

Mac flaw could let hackers get scrambled data (Reuters)

In technology

Reuters – A Mac security expert has uncovered a technique that hackers could use to take control of Apple Inc computers and steal data that is scrambled to protect it from identity thieves.

Mac flaw could let hackers get scrambled data (Reuters)

In technology

Reuters – A Mac security expert has uncovered a technique that hackers could use to take control of Apple Inc computers and steal data that is scrambled to protect it from identity thieves.

Out-of-Cycle Patches May Make IE Vulnerabilities Worse (NewsFactor)

In business

NewsFactor – Microsoft on Tuesday released two out-of-cycle patches to fix vulnerabilities found in Active Template Library, a set of software developer tools used in the creation of COM and ActiveX modules. ActiveX modules are commonly used in Microsoft Internet Explorer and are traditional targets for hackers.

Spam Volumes Up 141 Percent, Aided By Botnets (PC Magazine)

In technology

PC Magazine – Was your spam inbox extra full these past few months? Spam volumes increased by 141 percent since March, thanks in part to the more than 14 million computers that were taken over by botnets this quarter, according to a Wednesday study from McAfee.

IPhone SMS Attack to Be Unleashed at Black Hat (PC World)

In technology

PC World – Apple has just over a day left to patch a bug in it’s iPhone software that could let hackers take over the iPhone, just by sending out and SMS (Short Message Service) message.

Microsoft releases security patch for Web browser (AFP)

In us

AFP – Microsoft released a security patch on Tuesday aimed at preventing hackers from exploiting a vulnerability in its Web browser, Internet Explorer.

Check Point 2Q profit down slightly; tops forecast (AP)

In business

AP – Check Point Software Technologies Ltd., which makes Internet security products, said Tuesday its second-quarter profit slipped nearly 5 percent on one-time charges.

Teamwork crucial to fighting cyber crime: Microsoft (AFP)

In us

AFP – Longtime computer security rivals are joining forces to battle increasingly sophisticated online attacks by cyber criminals.

Hacker Group L0pht Makes a Comeback, of Sorts (PC World)

In technology

PC World – The news report begins with shots of a tense space shuttle launch. Engineers hunch over computer banks and techno music pounds in the background. There is a countdown, a lift-off, and then you see a young man in a black T-shirt and sunglasses, apparently reporting from space.

Spammers go multilingual, use automatic translation services

By Dancho Danchev on Spam and Phishing

For years spammers relied on basic mass marketing concepts in an attempt to target everyone, everywhere, thereby sacrificing quality for quantity. Things changed, at least for some of them. Realizing the advantages of market segmentation, certain spammers started segmenting the databases of harvested or emails based on their country of origin, followed by an attempt to [...]

419 scammers using Dilbert.com

By Dancho Danchev on Spam and Phishing

Scammers too, know Dilbert. On their way to search for clean IPs through which to send out yet another scam email, 419 con-artists (Mrs Sharon Goetz Massey) have recently started  using Dilbert.com’s recommendation feature in an attempt to bypass anti-spam filters — and it works. The use of Dilbert.com’s clean IP reputation comes a month after [...]

Microsoft to ship emergency IE, Visual Studio patches

By Ryan Naraine on Zero-day attacks

Less than a month after a first pass at patching a troublesome flaw affecting its dominant Internet Explorer browser, Microsoft has announced plans to release two emergency updates with a comprehensive fix for the problem. The unusual move comes on the heels of a bombshell blog post by reverse engineering specialist Halvar Flake that the original [...]

A Good Year for Security Collaboration

By Ryan Naraine on Zero-day attacks

Guest Editorial by  George Stathakopoulos It seems like just yesterday when I was at Black Hat.  Now as I get ready to fly to Las Vegas again, I look forward to seeing a lot of security researchers, hearing their latest exploits and how they fared over the last 352 days.  At the same time, it is [...]

Adobe ‘zero-day’ flaw is eight months old

By Ryan Naraine on Zero-day attacks

The current zero-day attacks against Adobe Flash Player are not quite zero-day after all.   According to new information, Adobe’s security response team knew about the vulnerability since December 31, 2008 (see image below) but it was misdiagnosed as a “data loss corruption” issue. When word of the attacks surfaced this week, Adobe quickly locked access to [...]

SB09-208: Vulnerability Summary for the Week of July 20, 2009

Vulnerability Summary for the Week of July 20, 2009

TA09-209A: Microsoft Windows, Internet Explorer, and Active Template Library (ATL) Vulnerabilities

Microsoft Windows, Internet Explorer, and Active Template Library (ATL) Vulnerabilities

MS09-035 – Moderate: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706) – Version:1.0

Severity Rating: Moderate – Revision Note: V1.0 (July 28, 2009): Bulletin published.Summary: This security update addresses several privately reported vulnerabilities in the public versions of the Microsoft Active Template Library (ATL) included with Visual Studio. This security update is specifically intended for developers of components and controls. Developers who build and redistribute components and controls using ATL should install the update provided in this bulletin and follow the guidance provided to create, and distribute to their customers, components and controls that are not vulnerable to the vulnerabilities described in this security bulletin.

MS09-034 – Critical: Cumulative Security Update for Internet Explorer (972260) – Version:1.0

Severity Rating: Critical – Revision Note: V1.0 (July 28, 2009): Bulletin published.Summary: This security update is being released out of band in conjunction with Microsoft Security Bulletin MS09-035, which describes vulnerabilities in those components and controls that have been developed using vulnerable versions of the Microsoft Active Template Library (ATL). As a defense-in-depth measure, this Internet Explorer security update helps mitigate known attack vectors within Internet Explorer for those components and controls that have been developed with vulnerable versions of ATL as described in Microsoft Security Advisory (973882) and Microsoft Security Bulletin MS09-035. This security update also resolves three privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Security Advisory (973882): Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution

Revision Note: V1.0 (July 28, 2009): Advisory published.Summary: Security Advisory

Microsoft Security Bulletin Advance Notification for July 2009

Revision Note: Advance Notification publishedSummary: This advance notification lists security bulletins to be released for July 2009.

MS09-035 – Moderate: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)

Bulletin Severity Rating:Moderate – This security update addresses several privately reported vulnerabilities in the public versions of the Microsoft Active Template Library (ATL) included with Visual Studio. This security update is specifically intended for developers of components and controls. Developers who build and redistribute components and controls using ATL should install the update provided in this bulletin and follow the guidance provided to create, and distribute to their customers, components and controls that are not vulnerable to the vulnerabilities described in this security bulletin.

MS09-034 – Critical: Cumulative Security Update for Internet Explorer (972260)

Bulletin Severity Rating:Critical – This security update is being released out of band in conjunction with Microsoft Security Bulletin MS09-035, which describes vulnerabilities in those components and controls that have been developed using vulnerable versions of the Microsoft Active Template Library (ATL). As a defense-in-depth measure, this Internet Explorer security update helps mitigate known attack vectors within Internet Explorer for those components and controls that have been developed with vulnerable versions of ATL as described in Microsoft Security Advisory (973882) and Microsoft Security Bulletin MS09-035. This security update also resolves three privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Security Bulletin Webcast Questions and Answers – Out-Of-Band July 2009

By MSRCTEAM

Hi,

In conjunction with the Microsoft July 2009 Out-of-Band Bulletin release, we conducted two public webcasts to assist customers. During these webcasts, we were able to address 60 questions in the time allotted. The questions centered primarily on MS09-034: the Internet Explorer Cumulative Update Bulletin and MS09-035: the Visual Studio Bulletin. We also addressed questions regarding the Microsoft Security Advisory 973882 and the ATL issues as a whole.

Here is the link to the full Q&A so you can see all of the answers that were provided for these great questions:

http://blogs.technet.com/msrc/pages/security-bulletin-webcast-q-a-oob-july-2009.aspx

Also, here is the link to the Q&A index page in case you want to view previous months:

http://blogs.technet.com/msrc/pages/microsoft-security-bulletin-webcast-q-a-index-page.aspx

As always, customers experiencing issues installing any of the updates this month should contact our Customer Service and Support group:

Customers in the U.S. and Canada can receive technical support from Microsoft Customer Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.

International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.

Thanks!

Al Brown

*This posting is provided “AS IS” with no warranties, and confers no rights.*

Microsoft Security Advisory 973882, Microsoft Security Bulletins MS09-034 and MS09-035 Released

By MSRCTEAM

Today, we’re releasing guidance and security updates to help better protect customers from responsibly reported security vulnerabilities discovered in the Microsoft Active Template Library ( ).

Because libraries function as building blocks that can be used to build software, vulnerabilities in software libraries can be complex issues and benefit from what we call community based defense – broad collaboration and action from Microsoft, the security community and industry. Because of this, in addition to the updates and guidance we’re releasing today, we’ve been actively engaged with the industry through programs like the Microsoft Active Protections Program (MAPP), Microsoft Security Vulnerability Research (MSVR) and working with organizations such as Industry Consortium for the Advancement of Security on the Internet (ICASI) to provide a broad, industry-wide response to help better protect customers. While this is a complex issue, we believe a broad, industry-wide response can help minimize the impact to customers.

The vulnerability that we addressed with Microsoft Security Bulletin MS09-032 was a result of this issue. While that issue was attacked before a security update was released, that is the only known attack that we’re aware of against an issue related to vulnerabilities in the

. However, we are releasing our guidance and updates outside of our regular monthly release cycle because our updates are of appropriate quality for broad distribution, we are aware of one attack which was addressed through MS09-032, and we believe that there is a greater risk to customer safety from broader disclosure of this issue if we wait until our next scheduled release on August 11, 2009.

We have focused our efforts on this issue around two main fronts:

1. Helping developers to identify and address instances where the

vulnerability manifests in their controls or components

2. Mitigating the impact of future attacks on customers

Some of the steps that we’re taking to help developers include:

1. Releasing MS09-035 for Visual Studio which provides an updated copy of the

that developers can use to build new controls and components if needed. It is important to note that not all controls built using the vulnerable versions of the

are vulnerable – this will depend on decisions the developer made when building the control or component.

2. Posting a special developer resource page with detailed information on how developers can identify if their control or component is exploitable using the vulnerabilities in the

3. Working with ICASI who is partnering with Verizon Business to offer customers a no-charge service that will scan developers’ controls and components and provide initial indications if the control or component is vulnerable and what potential next steps customers or developers should take to modify the control.

4. Working with vendors responsible for widely used controls and components through our Microsoft Security Vulnerability Research to help them identify and address instances where the

vulnerability manifests in their controls or components.

5. Reiterating our commitment to third party developers to set “killbits” for their ActiveX controls on request in a Microsoft Update.

Some of the steps we’re taking to mitigate the impact of future attacks on customers include:

1. Releasing MS09-034 for Internet Explorer. While Internet Explorer is not itself vulnerable to the

issue, the IE team has built a defense-in-depth change that can help protect against attempts to attack controls or components containing the

vulnerabilities. More detailed information on how this works is provided at the Security Research and Defense blog. This update also addresses an issue where attackers can attempt to bypass the “killbit” protections in IE. Finally, this update also addresses three unrelated, responsibly disclosed vulnerabilities.

2. Providing information to our MAPP partners to help ensure security protection providers have key technical information to help them build protections for customers more quickly.

3. Committing to set “killbits” in a Microsoft Update for vulnerable third-party ActiveX controls identified as vulnerable or under attack when no vendor can be identified.

Home Users and IT Pros should go ahead deploy the IE update, MS09-034 so they can benefit from the protections it introduces. Additionally, Internet Explorer 8 provides additional security enhancements that can further lessen the impact of this issue. There’s more details on that at the IE blog. Also, enabling automatic updates for third-party software (where available) may help you get the latest updates for those products.

Developers should take the same steps as home users and IT Pros but should also review the information we’ve provided to help you determine if the

vulnerability manifests in your component or control. Additionally, you should consider using the service offered by ICASI who is partnering with Verizon Business to identify any components or controls that are vulnerable.

Because we know folks will have additional questions, we’ve posted additional information on our security blogs. Our colleagues at the Security Research and Defense blog have several posts related to this that Jonathan Ness points to in his overview post. Michael Howard over at the SDL blog has one going into some more detail around the actual underlying issue. Katie Moussouris and Adrian Stone talk about MSVR’s work with other vendors on this issue over at the Ecostrat blog. And, finally, Ryan Smith, Mark Dowd and David Dewey, the security researchers who brought this issue to us, discuss their work on the issue with us over at the BlueHat blog.

Our worldwide security teams have been mobilized working around the clock to deliver these protections to customers and we will be continuing to watch the threat landscape closely. We will work closely with our partners in the industry and notify customers with any new information about this situation through our security advisory and the MSRC weblog.

Thanks.

Christopher

*This posting is provided “AS IS” with no warranties, and confers no rights.*

Advance Notification for July 2009 Out-of-Band Releases

By MSRCTEAM on Internet Explorer (IE)

We have just published our advance notification for an out-of-band security bulletin release, with a target of 10:00 AM Pacific Time next Tuesday, July 28, 2009. 

While this release is to address a single, overall issue, in order to provide the broadest protections possible to customers, we’ll be releasing two separate security bulletins:

1. One Security Bulletin for Visual Studio

2. One Security Bulletin for Internet Explorer

While we can’t go into specifics about the issue prior to release, we can say that the Visual Studio bulletin will address an issue that can affect certain types of applications. The Internet Explorer bulletin will provide defense-in-depth changes to Internet Explorer to help provide additional protections for the issues addressed by the Visual Studio bulletin. The Internet Explorer update will also address vulnerabilities rated as Critical that are unrelated to the Visual Studio bulletin that were privately and responsibly reported.

Customers who are up to date on their security updates are protected from known attacks related to this Out of Band release.

We’ll be holding two webcasts to give you details and take your questions:

· Webcast: July 28, 2009 1:00 p.m. Pacific Time

· Encore Webcast: July 28, 2009 4:00 p.m. Pacific Time

A reminder that this information is subject to change and that when we do release the security bulletins, we’ll let you know through the MSRC weblog.

Thanks,

Mike Reavey

*This posting is provided “AS IS” with no warranties, and confers no rights.*

Active Template Library (ATL) Vulnerability

In Cisco Security Advisory

Certain Cisco products that use Microsoft Active Template Libraries (ATL) and headers may be vulnerable to remote code execution. In some instances, the vulnerability may be exploited against Microsoft Internet Explorer to perform kill bit bypass. In order to exploit this vulnerability, an attacker must convince a user to visit a malicious web site.

Multiple Vulnerabilities in Wireless LAN Controllers

In Cisco Security Advisory

Multiple vulnerabilities exist in the Cisco Wireless LAN Controller (WLC) platforms.

Cisco Security Center: IntelliShield Cyber Risk Report

July 20-26, 2009

Report Highlight: University of Washington Software Allows for Time-Limited Access of Encrypted Data

Around The Horn vol.1,141

Posted in Uncategorized by lightthedarkfiber on July 23, 2009

UAE cellular carrier rolls out spyware as a 3G “update”

By jtimmer@arstechnica.com (John Timmer) on Spyware

With the proliferation of ever more capable smart phones, many security experts are predicting that the cellular world will be the new malware frontier. Always-on Internet connections and direct SMS messages do provide a lot of opportunities for external parties to inject malware into a user’s phone. But in what may be developing into the most disturbing instance in the relatively short history of cellular malware, Blackberry users in the United Arab Emirates have had a spyware package placed on their devices through the actions of their carrier, which claimed it was necessary for a service upgrade.

IT admins: users’ online antics greatest threat to security

By jacqui@arstechnica.com (Jacqui Cheng) on Web 2.0

Hackers don’t have to work very hard to steal information from people and organizations—people are pretty willing to give it away. Social networks and other Web 2.0 sites are making it ever easier for Internet users to accidentally share too much information or become victim to phishing scams, leading to security research firm Sophos to warn IT admins on how to handle employee use of these services.

Adobe to fix critical Flash hole next week

By Elinor Mills

Adobe said Thursday that it will issue fixes next week for a critical hole in Flash that is being exploited in attacks against Adobe Reader version 9 on Windows.

The vulnerability exists in current versions of Flash Player for Windows, Macintosh, and Linux and the authplay.dll component .

Researchers to offer tool for breaking into Oracle databases

By Elinor Mills

During their presentation at the Black Hat and Defcon hacker conferences next week in Las Vegas, security experts will release a tool that can be used to break into Oracle databases.

Chris Gates and Mario Ceballos will present Oracle Pentesting Methodology and give out “all the tools to …

Gmail offers auto-unsubscribe feature for newsletters

By Elinor Mills

Gmail Auto-unsubscribe gives you the option to have Google unsubscribe you from mailing lists.

Ever sign up for a newsletter and then regret it later and feel too lazy to go back to the source and unsubscribe? Well, instead of just marking the messages as spam and hoping …

Adobe investigating zero-day bug in Flash

By Elinor Mills

Researchers on Wednesday said they have uncovered attacks in the wild in which malicious Acrobat PDF files are exploiting a vulnerability in Flash and dropping a Trojan onto computers.

The situation could affect tons of users since Flash exists in all popular browsers, is available in PDF files, and is …

Another round of Hacktivism

By Rik Ferguson on web

Independent websites dedicated to high profile Indian political figures have been compromised in a targeted attack.   The websites manmohansingh.org and soniagandhi.org have both been compromised by the same group who have injected defamatory and inflammatory content into many of the pages. Although these sites are not official, they are returned int he first page of a [...]

Touting Possible Benefits of Windows 7 Security

In Vulnerability Research

At least one respected security researcher believes that Windows 7 should prove effective at stemming some forms of electronic attack.

Panel OKs bill that would increase cybersecurity oversight

A Senate committee has approved a bill that would require the president to notify Congress about existing and new cybersecurity programs that involve personally identifiable information.

IG: DHS should get new infrastructure data system

The Homeland Security Department should finish the acquisition process for a new system that will be used to keep track of critical infrastructure, DHS’ inspector general said.

Wanted: Cyber Warriors and Media Sanitizers

Posted by InfoSec News on Jul 23

http://www.wired.com/threatlevel/2009/07/raytheon/

By Kim Zetter
Threat Level
Wired.com
July 22, 2009

Defense and intelligence contractor Raytheon is moving into the
lucrative realm of cyber warfare, and wants to hire hundreds of cyber warriors toplay offense and defense,…

Hacking Oracles database will soon get easier

Posted by InfoSec News on Jul 23

http://www.washingtonpost.com/wp-dyn/content/article/2009/07/22/AR2009072202447.html

By Jim Finkle
Reuters
July 22, 2009

BOSTON (Reuters) – Hackers will soon gain a powerful new tool for
breaking into Oracle Corp’s database, the top-selling business software used by companies to store…

Math students tackle cryptography

Posted by InfoSec News on Jul 23

http://www.chicagotribune.com/features/chi-cryptomath-city-zonejul22,0,1591681.story

By Angie Leventis Lourgos
Special to the Tribune
July 22, 2009

Julius Caesar is said to have encrypted battle plans in an alphabetical code, protecting the life-or-death messages from spies.  That…

Intell chief: Source of cyberattacks still unknown

Posted by InfoSec News on Jul 23

http://fcw.com/articles/2009/07/22/web-blair-cyberattack-responsibility.aspx

By Ben Bain
FCW.com
July 22, 2009

U.S. authorities haven’t figured out who was behind the recent cyberattacks that temporarily knocked some federal Web sites off-line, the country’s top intelligence official…

HSBC companies slapped with US5M fines over data breaches

Posted by InfoSec News on Jul 23

http://www.zdnetasia.com/news/business/0,39044229,62056295,00.htm

By Jo Best
Special to ZDNet Asia
July 23, 2009

Three HSBC companies have been hit with fines after the financial
services watchdog found they weren’t doing enough to protect customers’ data.

The Financial Services…

The AP Plans ‘News Registry’ To Protect Content

The world’s oldest and largest news gathering organization aims to fight online theft of its content with digital tracking beacons.

Privacy Tool Makes Internet Postings Vanish

The open source tool called Vanish encrypts any text that’s entered into a browser and scatters it, in disappearing pieces, across a network.

Adobe Warns Of Critical Flash Vulnerability

Echoing security warnings issued earlier this year, Adobe is warning users of Flash Player, Reader, and Acrobat to exercise caution online due to a zero-day vulnerability that’s being actively exploited.

Rising Internet Fraud, Darknets On Agenda At Black Hat

The information-security community is set to converge for the industry’s premier conference as Black Hat comes to Las Vegas on July 25 – 30.

Researchers Bypass Secure Web Connections

EV SSL certificates are supposed to help people feel more secure online. But at Black Hat next week, two researchers plan to disclose a way around SSL protection.

New Zero-Day Attacks Use PDF Documents

By Vitaly Zaytsev on Zero-Day

As we already mentioned multiple times in the past, exploits that take advantage of newly discovered holes in popular applications represent a growing threat to Internet users. Many, if not most, computer systems are vulnerable to these attacks. More evidence shows zero-day attacks remain the preferred choice of cybercriminals. Today, a new unpatched Adobe vulnerability has [...]

Adobe promises patch for seven-month old Flash flaw

Adobe admitted its Flash and Reader software have a critical vulnerability and promised it would patch both next week.

Malware levels to exceed those of 2008

Security firm McAfee has identified more than 1.2 million different types of malware in the first half of 2009.

25% of firms suffer social-network phishing attacks

Cybercriminals are increasing the number of attacks on social networks, says Sophos.

Mozilla patches 11 serious bugs in older Firefox 3

Mozilla yesterday patched 11 vulnerabilities, 10 of them critical, in Firefox 3.0, the browser that Mozilla plans to stop supporting sometime in January 2010.

Adobe confirms Flash zero-day bug in PDF docs

Adobe is investigating a critical flaw in its Flash format that is currently being exploited by hackers using malicious PDF documents, according to the company’s security team and outside researchers.

Zero-day PDF Attack Goes After Flash Flaw

Adobe’s unfortunate security problems continue: Symantec today reported that is has discovered a new attack in the wild using malicious PDFs that target a zero-day security hole in Adobe Flash.

Congress eyes biometric authentication for job eligibility

In a move likely to worry opponents of a national ID card, some lawmakers in Congress are proposing that biometrics be used to authenticate the identity of anyone seeking a job in the U.S.

Mind Games: How Social Engineers Win Your Confidence

Social engineering and mind games expert Brian Brushwood has not come by his knowledge in the traditional manner of school or business training. Brushwood is the host of the Internet video series Scam School, a show he describes as dedicated to social engineering in the bar and on the street.

DNS security, net neutrality up for debate at IETF meeting

Standards body IETF will tackle the Internet’s toughest problems, including DNS security, IPv6 adoption and network neutrality, at its Stockholm meeting next week

New tool makes cloud-dwelling data self-destruct
Prototype makes sensitive emails ‘vanish’

Just in time for the evolution to cloud computing, boffins at the University of Washington have developed a tool that makes electronic data self-destruct automatically after a set period of time.…

Total eclipse used to bait scareware scam
Ruse targets geographically-confused stargazers

Wednesday’s total solar eclipse over India and China has been exploited as a bait for sites punting scareware.…

Signed mobile malware prompts Symbian security review
Sexy Space wriggles under testing procedures

Analysis The recent distribution of digitally signed mobile malware raises troubling questions about Symbian’s automated approval procedure.…

New attacks exploit vuln in (fully-patched) Adobe Flash
Browse and get owned

Online criminals are targeting a previously unknown vulnerability in the latest versions of Adobe’s ubiquitous Flash Player that allows them to take complete control of end users’ computers, security researchers warn.…

Missouri Passes Breach Notification Law: Gap Still Exists for Banking Account Information, (Thu, Jul 23rd)

Earlier this month, Missouri passed a breach notification law as part of on omnibus package of laws …(more)…

Serious Adobe Flash flaw being exploited

By Robert Westervelt

Purewire principal researcher Paul Royal explains the ins and outs of the latest Adobe Flash vulnerability. Adobe said it plans to fix the flaw by July 30.

Adobe issues security advisory for Flash zero-day flaw

By Robert Westervelt

A serious flaw in Adobe Flash Player could enable an attacker to take complete control of a computer. Security firms are reporting limited attacks in the wild.

Adobe acknowledges serious Flash zero-day vulnerability

By SearchSecurity.com Staff

UPDATED: Adobe Systems Inc. said it was investigating a potential Adobe Flash error. Symantec discovered attacks exploiting an error in a Flash component.

Adobe Vulnerability Targeted in Drive-by Attacks

A new zero-day vulnerability affecting Adobe’s Flash Player software is being targeted by attackers via drive-by downloads. Here is some advice on mitigating the vulnerability.

U.S. Must Attract More Cyber-Security Pros, Report Finds

As the Obama administration works to shore up cyber-security, a new report found the government needs new ways to attract the right talent for the job. The report, prepared by Partnership for Public Service and a consulting firm, urged for Congress to be pushed to expand programs for training fresh talent.

Service Offers to Retrieve Stolen Data, For a Fee

In Web Fraud 2.0

A former cyber cop in the United Kingdom is heading up a new online portal that claims to offer a searchable database of about 120 million consumer records that have been phished, hacked or otherwise stolen by computer crooks. Visitors who search for their information and find a match can verify which data were stolen — for a £10 ($16.50) fee. Colin Holder, a retired detective sergeant with the Metropolitan Police, said the idea for lucidintelligence.com became obvious shortly after he resigned from the U.K. fraud squad in 2004. “About six months after I retired, I was contacted by an old source who said he was seeing a vast amount of credit card and other personal data being exchanged between criminals, and what could he do with it,'” Holder recalled. Many companies scour e-crime chat rooms and message boards for stolen data, and share that data with banks and companies

Attackers Target New Adobe Flash/Reader Flaw

In Latest Warnings

Adobe Systems Inc. said Tuesday it is investigating reports that attackers are exploiting a previously unknown security hole in its Acrobat, Flash and PDF Reader applications. Adobe’s security advisory says the security weakness appears to affect Adobe Reader and Acrobat 9.1.2, as well as Adobe Flash Player 9 and 10.That’s about the extent of the information provided by Adobe at this point. Meanwhile, Symantec says it has seen several instances of this vulnerability being exploited in targeted attacks — such as those in which the attackers include a poisoned attachment in an e-mail that addresses the recipient by name.

China’s Green Dam and the cyberwar implications

By Ryan Naraine on Zero-day attacks

Guest editorial by Oliver Day Chinese military leaders have always been aware of the military advantage the US has over the People’s Liberation Army.  Reading through their published assessments of Sino-US war possibilities confirm our belief that we would dominate them in the air, land and sea.  However the PLA was born of asymmetric warfare and [...]

The future of mobile malware – digitally signed by Symbian?

By Dancho Danchev on Mobile (In)Security

Earlier this month, a mobile malware known as Transmitter.C, Sexy View, Sexy Space or SYMBOS_YXES.B, slipped through Symbian’s mobile code signing procedure, allowing it to act as a legitimate application with access to device critical functions such as access to the mobile network, and numerous other functions of the handset. Upon notification, the Symbian Foundation quickly [...]

Adobe Flash zero-day attack underway; Harden PDF Reader immediately

By Ryan Naraine on Zero-day attacks

Malicious hackers have found a new vulnerability in Adobe’s ever-present Flash software and are using rigged PDF documents to launch exploits against Windows targets. The Adobe Flash Player flaw, which is currently unpatched, affects millions of Windows XP and Windows Vista users.  Adobe has acknowledged a “potential vulnerability” but, inexplicably, has not seen it fit to [...]

Surprise: Facebook Use Cuts Productivity at Work

A Nucleus Research study found that Facebook work in the workplace is cutting employee productivity.

TA09-204A: Adobe Flash Vulnerability Affects Flash Player and Other Adobe Products

Adobe Flash Vulnerability Affects Flash Player and Other Adobe Products

Around The Horn vol.1,140

Posted in Uncategorized by lightthedarkfiber on July 22, 2009

Mission possible: researchers make online text self-destruct

By jtimmer@arstechnica.com (John Timmer) on Vanish

As users flock to Web-based mail and social sites, more and more of their data is stored in cloud systems. As we’ve seen, some of that data can persist long after a user hits the delete button on it. Now, computer scientists have come up with a way to encrypt data so that it operates like the self-destructing messages in Mission Impossible. Their scheme, called Vanish, encrypts the message, and then essentially throws away the key. The trick is that the key will take a set amount of time before disappearing from view; during that time, it’s still possible to access the data.

Operating Vanish

It’s probably easiest to describe how the system operates in practical terms before discussing the technology behind it. Thanks to a FireFox plugin, it’s possible to select text on any webpage—a Gmail message or Facebook posting, for example—and forward it to Vanish, which runs as a background process. Vanish will then encrypt the text, replacing it with the encrypted version if it’s in an editable field, or providing the encrypted form in a popup window if not. Users can also create a drop folder for encrypting self-destructing files.

Chinese firms behind ‘Sexy Space’ Trojan

By Vivian Yeo

F-Secure has identified three China-based companies as the creators of the “Sexy Space” Trojan, which was identified last week to have passed through Symbian Foundation’s digital-signing process.

XiaMen Jinlonghuatian Technology, ShenZhen ChenGuangWuXian Technology, and XinZhongLi TianJin cloaked the malware, also known as Yxe, and submitted it to the Symbian …

Chrome security in limelight with Google OS plan

By Elinor Mills

(Credit: Google)

The techniques Google uses to protect Chrome users from browser-based attacks have taken on new importance with the company’s plan to make the software the centerpiece of a Netbook operating system.

Two weeks ago, Google announced plans for the open-source Chrome OS designed for people who spend …

Firefox 3.0.12 patches five critical problems

By Stephen Shankland

Mozilla on Tuesday released Firefox 3.0.12, an update to the open-source browser that fixes five critical security vulnerabilities and fixes a handful of other bugs.

“We strongly recommend that all Firefox 3.0.x users upgrade to this latest release,” Mozilla said on its developer blog. “If you …

LA officials question Google Apps plan

By Elinor Mills

A Los Angeles councilman and the head of a police group are questioning the city’s plan to move government e-mail and other records onto Google’s hosted Web service Google Apps.

“Anytime you go to a Web-based system, that puts you just a little further out than you were …

Dodgy dealing & Info stealing.

By Rik Ferguson on snooping

The results of an investigation carried out by Sky News should be enough to worry anyone who is put in the unfortunate position of having to entrust their computer to a stranger.   Researchers from Sky News set up a laptop with a keylogger and webcam enabled surveillance software. They gave the laptop a very common, easy [...]

GFI LANguard 9 Review – Network Security Scanner & Vulnerability Management Tool

By Darknet on windows security scanner

GFI LANguard is a product that has been around for a LONG time, I remember using it way back at version 3 or 4 and it was always my choice of platform if I was auditing a Windows based network. Especially internal Windows LAN setups with a domain, for Linux I always felt there were better [...]

Mozilla Denies Firefox 3.5 Bug Is Exploitable

By Darknet on milw0rm

Ah a bug in our beloved Firefox, after the latest 3.5 update (which sees some definite improvements). The last one I recall was the Clickjacking Vulnerability, which also effected Chrome. It seems like it’s not too serious of an issue and will only cause crashing, there’s no room for remote exploitation or code execution. So it may [...]

U.S. Leads the Way in Malware, Spam

In Trojan attacks

Sophos latest report puts the United States on top of the malware hosting and spam sending lists.

Online Scam Smiths Attempt to Hang the DJ

In Web 2.0

Crafty 419 scammers are finding aspiring DJs on sites like Facebook and attempting to lure them into forking over some cash to pursue their dreams on the ones and twos.

Who is Using Fast Flux?

In Virus and Spyware

Fast flux botnet control techniques continue to prove effective as registrars have not sufficiently stepped-up their efforts to choke it out, according to Team Cymru.

Witnesses: E-Verify system can’t detect ID theft

Former agency officials told a Senate subcommittee that the E-Verify system for employment verification cannot detect identity theft.

Intel chief: Source of cyberattacks still unknown

The director of national intelligence said today federal officials aren’t sure who was behind recent cyberattacks that knocked some government sites off-line.

House bill would restrict laptop searches

A House subcommittee today will consider legislation that would require DHS to strengthen protections for U.S. citizens whose laptops are searched at the borders.

Feds need help hiring cyber workforce

The government has problems hiring enough cybersecurity workers and needs to ratchet up recruiting, a study released today says.

6 steps to cutting the cord with departing employees

NASA uses a check in/check out de-provisioning checklist that invokes six inter-departmental actions that cut off outgoing workers from networks, applications, e-mail accounts and other agency resources.

Emergency IT authority for FERC gains support

Support is growing for proposals to give the Federal Energy Regulatory Commission additional authority to act during an emergency involving a cyberattack on the country’s electric power system.

FBI’s Dubree named assistant director of IT

Daniel Dubree is responsible for the operations of the bureau’s information technology systems worldwide.

Researchers Bypass Secure Web Connections

EV SSL certificates are supposed to help people feel more secure online. But at Black Hat next week, two researchers plan to disclose a way around SSL protection.

HP Researchers Develop Browser-Based Darknet

HP security experts have developed a browser-based system for secure communications and plan to present their project at the upcoming Black Hat conference.

RIM Scrubs Spyware From UAE BlackBerrys

Users complained a firmware update — unauthorized by RIM — had led to decreased battery life and system crashes.

Google Apps Contract In LA Hits Security Headwind

The City of Los Angeles faces worries about privacy and security as it considers moving to Google Apps.

Senate Mulls Jamming Cell Phone Signals In Prisons

Proposed legislation seeks to halt the use of illegal cell phones in prisons but is countered by public interest agency officials.

Defense Dept. Seeks Cyberattack Protection

The main Web site of the Department of Defense was a target of a recent distributed denial of service attack.

Cyber Attack Code Starts Killing Infected PCs

Infected computers participating in the distributed denial of service attack on U.S. government and South Korean Web sites are set to destroy their own data.

DHS Systems More Secure, Inspector General Finds

Report indicates progress has been made certifying and accrediting the Department of Homeland Security’s intelligence systems.

Cyber Attack Hits South Korea Web Sites Again

Attack denies access to some banking and U.S. government sites from South Korea and is similar to recent DDOS attacks there and in the U.S.

Details Emerge In U.S. Cyber Attacks

Malware that targeted Web sites of The White House, Department of Homeland Security, the FAA, and others appears to be a MyDoom variant.

Cyber Attacks Hit U.S. Government Sites; North Korea Eyed

Attacks crippled at least 11 U.S. government and private Web sites for much of the weekend. No data is believed to have been stolen.

Dell Launches Forensics Service For Police

Digital-forensics package of hardware, software, and services would help police reduce data backlogs. Dell partners include Intel, EMC, Oracle, and Symantec.

Defense Secretary Orders Cyberspace Command

Initiative aims to unify offense and defense in cyberspace under U.S. military command and enable responses “in Internet time rather than bureaucratic time.”

Malware is their Business…and Business is Good!

By David Marcus on Rootkits and Stealth Malware

I cribbed the title from Megadeth – I admit it. However when looking at this year’s growth in malware it seems disturbingly appropriate. Economic downturn globally or not, malware production continues at a record setting pace because this is how many cybercriminals make their money (malware long ago stopped being about fun and bragging). We here [...]

UK couple chases bank over ‘phantom’ withdrawals

When Emma Woolf of London logged into her online account with Abbey National bank in early March, she expected to see a balance of £10,000 (US$16,300).

Adobe tries to explain Acrobat patch woe

Adobe has played down the charge that it has been serving users an insecure version of its Acrobat PDF Reader, claiming that the software is automatically updated after installation.

Data Leak Prevention On The Cheap

You may wonder if DLP is the updated version of RUN-DMC, but what it really stands for is Data Loss Prevention. Some call it “Data Leak Prevention” to emphasize that important company data often “leaks” away through no malicious action. But as compliance regulations like HIPAA, PCI-DSS, and FRCP multiply like acronym rabbits, more and more companies must take steps to stop data from leaving their business, whether it’s lost, leaked or stolen.

RIM: UAE Carrier’s Blackberry update was spyware

A Blackberry firmware update pushed out to subscribers of United Arab Emirates carrier Etisalat contained spyware, Research in Motion confirmed Tuesday.

Microsoft Office 2008 for Mac Service Pack 2 released

Microsoft’s Macintosh Business Unit has released Microsoft Office 2008 for Mac Service Pack 2 on Monday, billed as a midcycle free update designed to improve the user experience with speed, stability and compatibility enhancements.

Adobe admits users vulnerable after downloading Reader

Adobe acknowledged that some users are vulnerable to attack after downloading an outdated version of Reader from its Web site, and said it is reevaluating how it updates the popular PDF reader.

Oracle’s Security solution for Banks

The Reserve Bank of India (RBI) has recently set up guidelines for banks to avoid risks related to DBA (Database Administrator) access and control. To help the BFSI sector in India, they will now be able to use the Oracle Security and Compliance Solution, to meet these standard guidelines.

Decision Manager Helped Spice Jet Cut Online Fraud

SpiceJet is operating under fierce competition and online payment frauds became have become rampant. CyberSource’s Decision Manager, an automated online risk management solution has helped Spice Jet to automatically evaluate credit card transactions in real time.

US named as top spam-producing country

The US has been named the world’s biggest spam-producing country.

Panda cranks up cloud anti-virus

Panda Software has cranked up its forthcoming Cloud Antivirus product with a new beta featuring what the company says is greatly improved performance and stability.

Hilton hotels book in new CIO

Hilton Hotels Corporation, the global hotel chain. has hired Robert Webb as its new CIO from financial information providers Equifax.

OMB eyes new metrics for security at federal agencies

The White House Office of Management and Budget is looking for better ways to measure the readiness of government agencies to fend off cyberthreats, according to federal CIO Vivek Kundra.
Related Searches

Mozilla denies new Firefox bug is security risk

Mozilla is denying that a bug that crashes Firefox 3.5 is a security flaw, countering earlier reports that the company’s latest browser contained a vulnerability, even though it had just been patched.

Ottawa MIA in cyberwarfare?

A Canadian anti-Internet censorship organization which recently exposed the activities of a China-based computer spy network says the Canadian government is dropping the ball in taking a pivotal role in leading a global effort against cybercrime such as the distributed-denial-of-service (DDoS) attacks now crippling major U.S. and South Korean Websites.

IT exec who sabotaged organ donation records sentenced

The IT director of a nonprofit organ procurement center for more than 200 hospitals in Texas has been sentenced to two years in prison for deleting numerous organ donation records and other data after being fired from her job.

Feds suffer from ‘serious’ IT security talent shortage
New report counts the ways

The United States government faces a serious shortage of skilled cybersecurity specialists, according to a new report, which estimates the country may need an 8-fold increase in the number nationally sponsored graduates with security degrees.…

Firefox laggards offered security update
3.0.12 release fixes multiple critical bugs

Mozilla has released a security and stability update for users still running 3.0.x versions of Firefox.…

Twitter, Facebook urged to improve security
‘Vulnerable’ defined in less than 140 characters

Social networking sites such as Twitter and Facebook have become feeding grounds for cybercrime.…

Adobe spanked for insecure Reader app
Download, install, then update

Adobe Systems has been taken to task for offering outdated software on its downloads page that contains dozens of security vulnerabilities, several of which are already being exploited in the wild to install harmful malware on users’ machines.…

Open-source firmware vuln exposes wireless routers
Back door to complete control

A hacker has discovered a critical vulnerability in open-source firmware available for wireless routers made my Linksys and other manufacturers that allows attackers to remotely penetrate the device and take full control of it.…

Canadian privacy chief flunks Facebook
Lax data policies in sharp detail

Facebook does not protect personal information well enough to comply with Canadian data protection law, the Canadian Privacy Commissioner has said.…

Erin Andrews peephole footage spreads Trojan
Malware risk to the unwary horny

Updated Supposed hidden camera footage of US sports reporter Erin Andrews on offer online often leads to malware, security firm Sophos warns.…

NotW bosses fight back over hacking claims
Never done nothin’ or nothin’

Tory communications boss Andy Coulson has assured MPs that he played no part in either condoning or facilitating phone hacking while editor of the News of the World.…

RIM fights BlackBerry snoop gaffe
Denies involvement in half-baked Etisalat scheme

RIM, maker of the BlackBerry mobile phone, has told the Reg that Etisalat is talking tosh and the BlackBerry remains a secure platform, after the United Arab Emirates operator “patched” the device with surveillance software.…

Deutsche Bank sacks two for spying
Lives of Others lives on

Deutsche Bank has sacked two senior executives for spying on its board of directors and two other people.…

Swine flu malware poses as pig plague update
Telling porkies

Wrongdoers have created a new strain of swine flu-themed malware.…

YA0D (Yet Another 0-Day) in Adobe Flash player, (Wed, Jul 22nd)

Well, it looks like the last two weeks have definitely been marked by multiple 0-day exploits active …(more)…

DD-WRT Vulnerability, (Wed, Jul 22nd)

Paul wrote in to let us know about a new vulnerability in DD-WRT that was being reported in the Regi …(more)…

Vulnerability in dhclient – Check Your Vendor For Patches, (Wed, Jul 22nd)

US-Cert releasedVU#410676 which deals with a vulnerability in the ISC DHCP dhclient applicatio …(more)…

Firefox 3.0.12 is Available, (Wed, Jul 22nd)

For those Firefox users which have not upgraded to 3.5 …(more)…

GAO Report Finds Problems With Agencies’ Security Practices and FISMA Guidance (July 17, 2009)

A report from the US Government Accountability Office (GAO) found “persistent weaknesses in information security policies and practices that continue to threaten the confidentiality, integrity, and availability of critical information and information systems used to support the operations, assets, and personnel of most federal agencies…….

Virtual Task Force Cooperation Helps Police Nab Cyber Criminals (July 8, 2009)

An agreement struck by banks and credit card companies to create a virtual task force to share information about cyber attacks and malware has resulted in busts of two cyber crime gangs, netting a total of 22 arrests…….

Police in Queensland, Australia to Seek Out Unsecured Wireless Networks and Warn Owners (July 17, 2009)

Police in Queensland, Australia plan to wardrive for unsecured wireless networks…….

Pirate Websites to go Legit (20 July, 2009)

In a move similar to that made by Napster, the companies behind Pirate Bay and Kazaa have decided to legitimize their respective business models…….

Microsoft Files Lawsuit Against Alleged Phishers (July 17, 2009)

Microsoft has filed a lawsuit in Washington state accusing two companies of using phishing tactics to trick Live Messenger users into divulging their login information…….

Amazon Deletes Purchased Books From Kindle Users’ Devices (July 17, 2009)

Kindle owners who had purchased electronic copies of George Orwell’s Animal Farm and 1984 were no doubt surprised to find the books deleted from their devices last week…….

City of Los Angeles Considering Move to Google-Provided Cloud Computing (July 16 & 17, 2009)

The city of Los Angeles has proposed moving its government e-mail, police records and other information management to Google’s cloud computing services…….

JavaScript DOM Flaw Affects Most Browsers (July 16 & 17, 2009)

A security flaw in JavaScript’s Document Object Model (DOM) affects most major web browsers…….

Mozilla Releases Firefox 3.5.1 (July 17, 2009)

On Thursday, July 16, Mozilla released Firefox 3…….

Google Chrome 2 Update Addresses Two Flaws (July 16 & 17, 2009)

Google has released version 2…….

Eircom Acknowledges Cache Poisoning Attacks (July 17, 2009)

Irish internet service provider (ISP) Eircom says that it was targeted by a cache poisoning attack that redirected customers to sites they did not intend to visit twice within the last few weeks…….

Consumer Devices with Embedded Web Interfaces are Vulnerable to Attacks (July 16, 2009)

Stanford University researchers tested 21 devices with embedded web interfaces, such as webcams, printers, network switches, and photo frames, and found that none was immune to attack…….

The United States Tops the Spam Table (July 20, 2009)

A recent study by Sophos shows that the United States is responsible for relaying more spam than any other country in the world…….

INFOSEC Leadership Council – Secrets of Great Security Managers

INFOSEC Leadership Council web cast on how to get security programs implemented when you have no authority to demand action……

Adobe acknowledges serious Flash zero-day vulnerability

By SearchSecurity.com Staff

Adobe Systems Inc. said it was investigating a potential Adobe Flash error. Symantec discovered attacks exploiting Flash in the wild.

Hacker skills include business plans to optimize revenue

By Eric Ogren

Cybercriminals take tips from business pros to expand their reach, optimize revenue and make the most money with the least amount of investment.

New hacker skills optimize revenue

By Eric Ogren

Cybercriminals take tips from business pros to expand their reach, optimize revenue and make the most money with the least amount of investment.

Hackers to award most over-hyped bug, epic fail

By Robert Westervelt

The annual Black Hat hackers conference will include an informal award ceremony recognizing security industry failures and over-hyped bugs.

GAO report cites government weaknesses, data leakage

By Robert Westervelt

Federal agencies continue to lack adequate access controls, encryption and risk assessments. Specialized security training was also weak, according to the report.

Novell Launching IAM into the Cloud

Novell is unveiling a cloud-based security service to perform identity and access management for hosted applications and hosted storage. The vendor plans to unveil the technology next week at a conference in San Diego.

Researchers to Unveil Browser-Based Darknet at Black Hat

HP security researchers are presenting a browser-based darknet at Black Hat. The darknet permits secure communication and file sharing, and could be accessed by any device with a browser – from a PC to an iPhone.

Smart Grid Security in the Spotlight at Black Hat

Security researchers have their eyes on the electric grid at the upcoming Black Hat security conference in Las Vegas. In separate talks, researchers will highlight some of the threats and concerns facing plans to deploy smart grid technology – and what can be done about them.

Microsoft Scrambling to Close Stubborn Security Hole

In Latest Warnings

Microsoft may soon be taking the unusual step of issuing an out-of-band security update to address multiple weaknesses that stem from a Windows security flaw that the software giant tried to fix earlier this month, Security Fix has learned. Last week, on its regularly scheduled Patch Tuesday (second Tuesday of the month), Redmond issued software updates to plug nine security holes. Among those was a patch for a flaw in Windows and Internet Explorer that hackers were exploiting to break into PCs. However, it soon became clear that Microsoft had known about this vulnerability since at least April 2008. On July 9, noted security researcher Halvar Flake published a blog post suggesting that the reason Microsoft took so long to fix the bug may be because the flaw was caused by a far more systemic problem in Windows.

Update for Norton Internet Security & Firefox 3.5

In New Patches

A few readers have asked me why their installation of Norton Internet Security 2009 won’t play nice with their copy of Firefox 3.5. Symantec now has an update to fix this compatibility issue. The problem was with the Norton Toolbar, a component of NIS2009 that Symantec markets as a way to encrypt and securely store your passwords and logins, and other sensitive data. I know many people who use this feature, so if you’re one of them, follow the instructions here to get this feature to work with Firefox 3.5. If you use NIS2009 but don’t store your personal data with the toolbar, there is no need to install this update. NIS has earned a bad rap over the years for being a slow, resource-hogging beast of an anti-virus program, but when I trialed the program for a few months, I found NIS2009 to be very fast and unobtrusive.

Cloud Computing; The Past, The Present, The Future (Part 1)

By rickym@trencor.net (Ricky M. Magalhaes)

What a company needs to consider when evaluating a cloud service.

Hacking Oracle’s database will soon get easier (Reuters)

In technology

Reuters – Hackers will soon gain a powerful new tool for breaking into Oracle Corp’s database, the top-selling business software used by companies to store electronic information.

BlackBerry maker: UAE partner’s update was spyware (AP)

In technology

AP – BlackBerry users in the Mideast business centers of Dubai and Abu Dhabi who were directed by their service provider to upgrade their phones were actually installing spy software that could allow outsiders to peer inside, according to the device’s maker.

Report: Shortage of cyber experts may hinder govt (AP)

In technology

AP – Federal agencies are facing a severe shortage of computer specialists, even as a growing wave of coordinated cyberattacks against the government poses potential national security risks, a private study found.

BlackBerry cries foul over UAE ‘spyware’ (AFP)

In business

AFP – The makers of BlackBerry have charged that an update issued by UAE telecommunications company Etisalat was actually spyware, the local press reported on Wednesday.

RIM: UAE Carrier’s Blackberry Update Was Spyware (PC World)

In technology

PC World – A Blackberry firmware update pushed out to subscribers of United Arab Emirates carrier Etisalat contained spyware, Research in Motion confirmed Tuesday.

Erin Andrews Video Attacks Target Macs and PCs (PC World)

In technology

PC World – Internet crooks love to create attack sites and e-mails that use lures based on popular news items and Internet porn. When the two come together, as with the recent news of an online “peephole” video of ESPN sportscaster Erin Andrews, the malware is sure to swarm.

Adobe ships insecure version of Reader from official site

By Dancho Danchev on Patch Watch

Following reports by users of Secunia’s Personal Software Inspector on a potential false positive for an insecure version of Adobe Reader, the company has found that Adobe is surprisingly shipping the insecure Adobe Reader 9.1.0 version from its official site, potentially exposing users to previously fixed flaws in the latest 9.1.2 version. Adobe’s comment on the [...]

Some important truths about pen-testing

By Ryan Naraine on Vulnerability research

Guest editorial by Alberto Soliño Penetration testing is a highly scientific, metrics-driven approach to IT security that has been in practice since almost the dawn of the modern computing era when programmers first began conducting organized tests, or “hacks” of their own, or others’ technologies to test their performance and reliability. From nearly the start, as developers [...]

Lawmakers: Electric utilities ignore cyber warnings

Posted by InfoSec News on Jul 22

http://www.computerworld.com/s/article/9135753/Lawmakers_Electric_utilities_ignore_cyber_warnings?taxonomyId=17

By Grant Gross
IDG News Service
July 21, 2009

The U.S. electrical grid remains vulnerable to cyber and electromagnetic pulse attacks despite years of warnings, several U.S….

Open-source firmware vuln exposes wireless routers

Posted by InfoSec News on Jul 22

http://www.theregister.co.uk/2009/07/21/critical_ddwrt_router_vuln/

By Dan Goodin in San Francisco
The Register
21st July 2009

A hacker has discovered a critical vulnerability in open-source firmware available for wireless routers made my Linksys and other manufacturers that allows…

GAO: Many Federal Agencies Still Dont Meet Security Standards

Posted by InfoSec News on Jul 22

http://www.darkreading.com/insiderthreat/security/government/showArticle.jhtml?articleID=218501432

By Tim Wilson
DarkReading
July 20, 2009

Virtually all of the U.S. federal government’s key civilian agencies are
still falling short of the security marks they have been asked to meet,

Researcher: BlackBerry Spyware Wasnt Ready for Prime Time

Posted by InfoSec News on Jul 22

http://www.wired.com/threatlevel/2009/07/blackberry-spyware/

By Kim Zetter
Threat Level
Wired.com
July 21, 2009

A BlackBerry software upgrade in the Middle East that turned out to be an e-mail interception program was likely a buggy beta version of a U.S.-made surveillance product,…

OBrien: Corporate secrecy under the microscope after Twitter leaks

Posted by InfoSec News on Jul 22

http://www.mercurynews.com/ci_12886345

By Chris O’Brien
Mercury News Columnist
07/21/2009

The publication of internal documents about Twitter that were filched by a hacker caused fans across Silicon Valley to express their outrage before they hunkered down to read them.

Around The Horn vol.1,139

Posted in Uncategorized by lightthedarkfiber on July 21, 2009

Firefox 3.5.1 released to patch TraceMonkey vulnerability

By segphault@arstechnica.com (Ryan Paul) on vulnerability

Mozilla has announced the availability of Firefox 3.5.1, the first minor point release in the 3.5 series. The purpose of this release was largely to patch a critical security vulnerability that was found in the browser’s new TraceMonkey JavaScript engine.

Linux exploit gets around security barrier

By Tom Espiner

A security researcher has released zero-day code for a flaw in the Linux kernel, saying that it bypasses security protections in the operating system.

Adobe Offers Unpatched Version of Reader – But Don’t Panic

In Vulnerability Research

Danish security firm Secunia issued an alert today that Adobe is pushing an out-of-date version of Adobe Reader to users through its Web site. But is it a false alarm?

Can Malware Help Erin Andrews?

In YouTube

ESPN reporter Erin Andrews got stung by a spy camera, but thanks to the work of an unexpected group of allies, malware scammers, she may get a small measure of justice.

Tweeters beware: All is not secure on the cyber front

Recent hacks of Twitter data and the misuse of the microblogging service for phishing and other malicious activities highlight the danger of adopting new technologies before they are business-ready.

FERC lays out priorities for Smart Grid standards

The Federal Energy Regulatory Commission said cybersecurity is among its priorities for standards being developed for the country’s next-generation, technology-enabled electric grid.

Google Apps Contract In LA Hits Security Headwind

The City of Los Angeles faces worries about privacy and security as it considers moving to Google Apps.

Adobe Offering Insecure Reader Software

Plagued by a series of vulnerabilities in its Reader software, Adobe has been tightening its security. Yet the company hasn’t gotten around to offering a secure version of Reader on its Web site.

Drivers Frown On Texting, Even As Practice Spreads

While 86% of study respondents support a ban on texting while driving, the incidence of drivers sending SMS messages increased by 40% in the past year.

A year after Terry Childs case, privileged user problem grows

One year after former network administrator Terry Childs made national headlines for locking up access to a crucial San Francisco city network, the issue of how to protect corporate systems against the very people who manage and administer them remains as thorny as ever.

McAfee getting more aggressive on cloud-based security

McAfee Monday said it intends to expand its security-as-a-service offerings in recognition that customers are opting more and more to adopt cloud-based deployments.

Could You be Hacked Like Twitter?

The French hacker who broke into Twitter’s Google Apps and stole more than 300 private company documents has revealed in detail how he did it. Using a method known as “cracking,” the man who goes by the name Hacker Croll was able to break down Twitter security by trolling the Web for publicly available information, according to TechCrunch.

IMPACT, ITU calls for borderless effort on cybersecurity

Concerted borderless cooperation is needed to tackle today’s cyber-attacks, according to international agencies, the International Multilateral Partnership Against Cyber Threats (IMPACT) and International Telecommunication Union (ITU). This, in response to recent reports of more than two dozen attacks against prominent government websites in South Korea and the US.

McAfee unveils cloud-based security

McAfee has taken the wraps off its Security-as-a-Service (SaaS) strategy, a comprehensive set of security products delivered as a service in the cloud.

Report: Hacker broke into Twitter e-mail with help from Hotmail

The hacker who stole confidential Twitter documents used a feature of Microsoft’s Hotmail to hijack an employee’s work e-mail account, according to TechCrunch, the site that published some of the Twitter documents.

Bug in Firefox 3.5.1 isn’t exploitable, Mozilla says

A bug discovered in the latest version of Firefox is not exploitable, Mozilla said on Sunday, responding to reports of another vulnerability in the browser.

Mac OS X gets rootkit coding manual
Filling the void

Over the past decade, the world has seen advances in rootkits running on Windows and Unix operating systems that few would have thought possible. Now, it’s Mac OS X’s turn, as a security researcher plans to share a variety of techniques for developing the ultra-stealthy programs for the Apple platform.…

Researcher raids browser history for webmail login tokens
Point, click, and hijack

In a disclosure that has implications for the security of e-commerce and Web 2.0 sites everywhere, a researcher has perfected a technique for stealing unique identifiers used to prevent unauthorized access to email accounts and other private resources.…

Digital Spy fights second malware attack
Oops we did it again

Celebrity and TV gossip website Digital Spy is investigating reports that its subscribers outside the UK have been exposed to malware. The latest reported outbreak follows an earlier malware infestation, later traced to tainted banner ads, that hit the site only six weeks ago.…

Anti-Sec spoof threatens s’kiddie mayhem
Interweb will be punked rather than pwned

Pranksters have latched onto Anti-Sec’s quixotic crusade against full disclosure of security vulnerabilities by impersonating the group in a threat to unleash an OpenSSH exploit.…

Mozilla downplays risk from unpatched flaw
Nothing to exploit here. Please move along

There are conflicting reports as to whether a flaw in a new version of Firefox is exploitable or not.…

Wireshark Release 1.2.1, (Mon, Jul 20th)

One of our readers, Tommy, highlighted that the developers of Wireshark have released a bug fi …(more)…

Mozilla Comments on Firefox 3.5.1 issue, (Sun, Jul 19th)

Yesterday we published a diary about a new vulnerability and POC that affected Firefox 3.5 …(more)…

Former Admin Sentenced for Cyber Attack (July 15, 2009)

Lesmany Nunez was sentenced to one year in prison for a cyber attack on his former employers computer network…….

Five NHS Trusts Sign Undertakings to Comply with Data Protection Act (July 14 & 16, 2009)

Five NHS Trusts have signed formal undertakings with the Information Commissioner’s Office (ICO) in which they agree to comply with the seventh data protection principle of the Data Protection Act, which states that appropriate technical and organisational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data…….

Critical Flaw in Firefox 3.5 (July 14 & 15, 2009)

A critical memory corruption flaw in the Just-in-time JavaScript compiler in Firefox could be exploited to take control of vulnerable computers…….

Blackberry Update Found to Contain Spyware (July 14, 2009)

A United Arab Emirates service provider pushed out a BlackBerry update that contains spyware capable of intercepting user’s email and text messages and sending them back to the server…….

Oracles Quarterly Security Release (July 16, 2009)

Oracle has issued its quarterly Critical Patch Update to address 30 security flaws in seven product lines…….

Microsoft Issues Six Security Bulletins (July 14 & 15, 2009)

On Tuesday, July 14, Microsoft released six security bulletins to address flaws in a variety of the company’s products, including Windows, Microsoft Office, Internet Security and Acceleration Server, Virtual PC and Virtual Server…….

Twitter Company Data Compromised (July 15 & 16, 2009)

Twitter is consulting its legal team following a cyber attack that exposed internal documents…….

Eircom Investigating Attack (July 14 & 15, 2009)

Irish Internet service provider (ISP) Eircom is investigating an apparent distributed denial-of-service (DDoS) attack that prevented the majority of its 500,000 customers from accessing the Internet for about five hours earlier this week…….

Survey Finds One-Third of Users Respond to Spam (July 16, 2009)

Nearly one-third of 800 people surveyed by the Messaging Anti-Abuse Working Group (MAAWG) said they had responded to messages that were probably spam…….

Cisco 2009 Midyear Security Report (July 14, 2009)

Cyber criminals are taking their cues from the business world, according to a new Cisco report…….

Is Virtual Desktop Infrastructure (VDI) Right for Me? By Tim Proffitt and Emilio Valente

Virtual Desktop Infrastructure (VDI) is a solution for server-hosted, virtual desktop computing that leverages thin client architecture and centralizes endpoint images as virtual machines…….

Researchers Find IP Address of Command Server Used in US and South Korea Cyber Attacks (July 14, 2009)

A Vietnamese security company has reportedly identified the Internet protocol (IP) address of the command server that controlled the botnet responsible for the cyber attacks on US and South Korean government and commercial websites…….

Proposed Legislation Would Require State Dept. to Work on Global Cyber Crime Response (July 14, 2009)

In response to the recent cyber attacks on government and commercial web sites in the US and South Korea, US Senator Kirsten Gillibrand (D-NY) has introduced legislation that would require the Department of State to work with governments around the world to foster a united response to cyber attacks…….

Top Cyber Analysts See Denial of Service Attacks As Very Minor (July 16, 2009)

“The physical equivalent of this would have been an attack using hot-air balloons,” said CSIS’s Jim Lewis…….

Construction Blacklist Database Administrator Fined (July 16, 2009)

The man who maintained a blacklist database of builders in Britain has been fined GBP 5,000 (US $8,219) by the Crown Court…….

Former IT Director Sentenced for Cyber Damage (July 15, 2009)

Danielle Duann of Houston, TX has been sentenced to two years in prison for a cyber attack on her former employer’s computer network…….

Proposed expansion of top-level domains generates security concerns

By Marcia Savage

Financial industry worried that ICANN plan could mislead consumers and lead to more cybersquatting and phishing attacks.

Oracle Secure Enterprise Search Linked XSS Vulnerability

Oracle Secure Enterprise Search (SES) has been found to contain a vulnerability in the “search” script.

Mobile Rediff Username and Password Disclosure

Rediffmail component of MobileRediff (Version 1.04) application allows username and password disclosure.

Microsoft Office Publisher 2007 Arbitrary Pointer Dereference Vulnerability (MS09-030)

Remote exploitation of an arbitrary pointer dereference vulnerability in version 2007 of Microsoft Corp.’s Publisher could allow an attacker to execute arbitrary code as the user running Publisher.

Microsoft Embedded OpenType Font Engine Heap Buffer Overflow (MS09-029)

Remote exploitation of a heap based buffer overflow vulnerability in Microsoft Corp.’s Embedded OpenType Font Engine (T2EMBED.DLL) could allow an attacker to execute arbitrary code with the privileges of the current user.

ILIAS LMS Multiple Artibrary Information Disclosure

Several functions in ILIAS LMS allow arbitrary information disclosure.

Cisco Unified Contact Center Express Administration Pages Multiple vulnerabilities

Cisco Unified Contact Center Express (Cisco Unified CCX) server contains both a directory traversal vulnerability and a script injection vulnerability in the administration pages of the Customer Response Solutions (CRS) and Cisco Unified IP Interactive Voice Response (Cisco Unified IP IVR) products.

Wyse Device Manager hagent.exe buffer overflow vulnerability

Buffer overflow vulnerabilities have been reported in WDM Server and the WDM HAgent. A carefully crafted packet sent to the WDM Server port or the WDM Agent would crash the service, and could potentially allow the attacker to take control of the affected system.

Virtualmin Multiple Vulnerabilities

Virtualmin is prone to multiple vulnerabilities: Unprivileged port use, XSS, Anonymous proxy, Information disclosure and Symlink attacks.

Microsoft DirectShow QuickTime Atom Parsing Memory Corruption Vulnerability (MS09-028)

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required in that a target must visit a malicious page or open a malicious video file.

Novell eDirectory iMonitor Accept-Language Buffer Overflow

Secunia Research has discovered a vulnerability in Novell eDirectory, which can be exploited by malicious people to cause a DoS (Denial of Service).

MimeTeX/MathTeX Buffer Overflows and Command Injection

The mimeTeX and mathTeX CGIs are widely used helper executables that allow mathematical equation rendering in the form of images. Both applications suffer from several buffer overflows as well as command injection which result in remote code execution .

Microsoft Office Web Components Memory Corruption Vulnerability

A memory corruption vulnerability exists in the ActiveX Controls of Microsoft Office Web Components which allows a remote attacker to compromise a system through a malicious site.

libtiff Tools Multiple Integer Overflows

The libtiff image library tools suffer from integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution.

HP ProCurve Threat Management Services zl Module Unauthorized Access and DoS

Potential security vulnerabilities have been identified with HP ProCurve Threat Management Services zl Module (J9155A). These vulnerabilities could be exploited remotely to gain unauthorized access or to create a Denial of Service (DoS).

Mozilla Downplays New Firefox Bug

Mozilla is downplaying a reported bug in its Firefox browser. According to Mozilla, initially reports that the vulnerability could be exploited to execute code are false.

McAfee Outlines SAAS Security Plans to Challenge Rivals

McAfee lays out its plans to expand its software-as-a-service business with an eye toward gaining traction among enterprises. To back up its talk, McAfee announces the addition of Web filtering and vulnerability assessment to its SAAS portfolio.

The Growing Threat to Business Banking Online

In Latest Warnings

Federal investigators are fielding a large number of complaints from organizations that are being fleeced by a potent combination of organized cyber crooks abroad, sophisticated malicious software and not-so-sophisticated accomplices here in the United States, Security Fix has learned. The attacks also are exposing a poorly-kept secret in the commercial banking business: That companies big and small enjoy few of the protections afforded to consumers when faced with cyber fraud.

SB09-201: Vulnerability Summary for the Week of July 13, 2009

Vulnerability Summary for the Week of July 13, 2009

Cisco Security Center: IntelliShield Cyber Risk Report

July 13-19, 2009

Report Highlight: Twitter Account Intrusions Highlight Password Recovery Weaknesses

McAfee Updates Managed Cloud Security Service

McAfee’s latest version of its managed security service includes a new feature that lets companies scan their Web sites for vulnerabilities.

Could You be Hacked Like Twitter?

Don’t let hackers catch you all a-Twitter — secure your e-mail accounts using these tips.

Follow

Get every new post delivered to your Inbox.

Join 582 other followers