Sunday, June 28, 2009

Around The Horn vol.1,128

Internet scareware scammers settle with FTC for $100,000

By jacqui@arstechnica.com (Jacqui Cheng) on security

The Federal Trade Commission has settled a case involving two scareware scammers. The settlement will relieve the two defendants of having to fork over almost $1.9 million as part of a judgment made against them, but will still require them to forfeit $116,697 in assets to the FTC.

The two defendants, James Reno and ByteHosting Internet Services, LLC, were based out of Cincinnati when they began their "massive deceptive advertising scheme." The two supposedly conned over a million customers into buying computer security software (such as WinFixer, WinAntivirus, DriveCleaner, XP Antivirus, and more) that ended up falsely claiming that they had found viruses, spyware, and porn on people's machines. The software would then ask for money in order to rid the computers of these fake viruses.

English Microsoft Security Essentials beta filled in <24 hours

By emil.protalinski@arstechnica.com (Emil Protalinski) on Microsoft Security Essentials

companion photo for English Microsoft Security Essentials beta filled in <24 hours

This morning, on the Microsoft Security Essentials (MSE) homepage, a message appeared explaining that the limited beta program has already filled up: "Alert! Thank you for your interest in joining the Microsoft Security Essentials Beta. We are not accepting additional participants at this time. Please check back at later a date for possible additional availability." The MSE beta was released yesterday at around 8am, and less than 24 hours later the English version of the beta was full (MSE was also made available in Brazilian Portuguese). When Ars asked for details, a Microsoft spokesperson explained how quickly the cap was reached:

Watch what Microsoft's new security app can do

By Seth Rosenblatt

The public beta for Microsoft Security Essentials, the free replacement for Live OneCare, is now closed, but that doesn't mean you've missed your chance to see what it's like.

In ...

Originally posted at The Download Blog

Expert: China's Green Dam software is unsafe

By Elinor Mills

The content-filtering software the Chinese government wants installed on all PCs sold in that country beginning next week was poorly developed and puts users at risk of having their computers compromised, a security expert who examined the code said on Thursday.

The Chinese government is requiring that all PCs include ...

Finjan offers free SecureTwitter browser plug-in

By Elinor Mills

Finally, there's a tool that can help prevent people from clicking on URLs that appear to come from friends on Twitter and other social media sites but which lead to sites hosting malware.

Web security firm Finjan began offering this week a free browser plug-in dubbed SecureTwitter that warns ...

U.K. cybersecurity office to have attack role

By Tom Espiner

The U.K. government plans to form a cybersecurity agency, with functions including cyberattack capability.

The Office of Cyber Security (OCS), dedicated to protecting Britain's IT infrastructure, will be created with a model proposed--and in part practiced by--the U.S. The U.K. government said Thursday that the OCS ...

Green Dam exploit in the wild

By Tom Espiner

An exploit for a flaw in censorware mandated by the Chinese government has been made publicly available for download on the Internet.

The buffer overflow flaw exists in the latest, patched version of Green Dam, 3.17, according to security researcher "Trancer," who claims authorship of the attack code.

"I ...

VC's automated Twitter feed spreads malware

By Elinor Mills

Updated June 25 at 9:00 a.m. PDTwith Trend Micro saying the Trojan is harmful to Macs and PCs.

Venture capitalist Guy Kawasaki got more than he bargained for from an automated feed he set up on his Twitter account. ...

Microsoft's free security beta fills up

By Ina Fried

A day after making a beta of its free security program available, Microsoft has said it already has the number of testers it needs and has halted new downloads.

(Credit: CNET)

Well, that didn't take long.

A day after making available a free beta of its Microsoft Security Essentials ...

Originally posted at Beyond Binary

Q&A: Adrian Lamo, the hacker philosopher

By Elinor Mills

...

Abbreviate Me Two Times (I’m Gone Away)

By Rik Ferguson on web

A quick warning note. I am starting to see URLs being shortened with one service, and then shortened again with a second service in order to overcome URL previewing solutions. In fact, if you came here as a result of my tweet about this blog entry, you came through three URL shorteners.   Here’s an innocuous example that [...]

Would the Real Cybersecurity Minister Please Stand Up.

By Rik Ferguson on government

Let me get this out of the way first, this blog always represents my own opinion, and not Trend Micro’s official view.   Yesterday I made a posting about the release of the UK government’s National and Cyber Security Strategy documents. I spent some time talking to the press and broadcast media and one of the recurring [...]

What Can We Expect from a National Security Strategy?

By Rik Ferguson on government

UPDATE: The strategy update has been published, at first glance, it appears to hit several of the points I mentioned below. I will publish my thoughts on the content later this afternoon.   I did note though, from a BBC report “Officials said it would require input from those who had their own expertise in hackers. “We need [...]

Targeted Attack Designed to Infect Both Macs and PCs.

By Rik Ferguson on web

UPDATE (25th June): Guy Kawasaki has stated that his Twitter account was not compromised, the malicious tweet came from a feed that Guy’s account is subscribed to automatically post. The feed comes from NowPublic, a user generated news feed. According to the Wall Street Journal “Michael Tippett, co-founder of NowPublic, responds, pointing out that Mr. [...]

BackTrack 4 Pre Release Available For Download

By Darknet on wireless security livecd

You may remember back in February the BETA of BackTrack 4 was released for download, the team have made many changes and have now released BackTrack 4 Pre Release. For those that don’t know BackTrack is the top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly [...]

Database Security: The First Three Steps

A guide to locating sensitive data in databases -- and finding a strategy to protect it

Booming Underground Economy Makes Spam A Hot Commodity, Expert Says

Booming underground markets make spam even easier and more lucrative than before, researcher says

FTC Issues Final Order In CVS Caremark Data Security Case

FTC issues final order censuring CVS Caremark for mishandling customer data

Attackers Use Michael Jackson, Farrah Fawcett as Lure

In Virus and Spyware

Spammers are taking advantage of reports on the deaths of celebrities Michael Jackson and Farrah Fawcett to infect users with malware.

Global Takeout: China Cooking Up Lots of Spam

In Virus and Spyware

Researchers contend that China is currently accounting for as much as 70 percent of the world's unsolicited e-mail.

Apps Whitelisting Proponents Tout Growing Acceptance

In Vulnerability Research

Applications whitelisting vendors maintain that the current malware environment and demand for tools to address the shortcomings of traditional AV are speeding their push to market.

Twitter Malware Attack Targets Both Mac and PC

In Trojan attacks

Attackers hijacked the Twitter account of venture capitalist and ex-Apple evangelist Guy Kawasaki in a bid to lure users to a site hosting a Trojan. The catch -- the malware affects both Windows PCs and Apple Mac computers.

Britain to establish new cybersecurity office

The British government is establishing a new Office of Cyber Security, as part of a broader strategy dedicated to protecting Britain's information technology infrastructure.

Alexander: Military cybersecurity requires broaders training

The man expected to head the new military cyber command says military cybersecurity efforts require broader-based training and improved support mechanisms for the military services, while also preserving civil liberties.

Napolitano endorses PASS ID bill

Homeland Security Secretary Janet Napolitano has backed proposed legislation that would repeal part of the Real ID Act.

Cyber Command: Observers worry about unintended consequences

The size and importance of DOD’s military operations have caused some observers to wonder about how big an effect the Cyber Command might have outside its own domain.

House backs biometrics in DHS 2010 spending bill

The House endorsed a spending increase on DHS' largest biometrics program in the fiscal 2010 spending bill it has passed.

DOD creates Cyber Command as U.S. Strategic Command subunit

The director of NSA will lead the U.S. Cyber Command, which will be a subunit of the U.S. Strategic Command and will reach initial operating capacity in October.

ICANN Names Security Expert As CEO

Rod Beckstrom, former director of the U.S. National Cybersecurity Center, faces demands to make the US organization into an international body.

Most PC Users Have A Dozen Dangerous Apps

The average PC user has a dozen unpatched applications installed.

Defense Secretary Orders Cyberspace Command

Initiative aims to unify offense and defense in cyberspace under U.S. military command and enable responses "in Internet time rather than bureaucratic time."

Defense Secretary Orders Cyberspace Command

Initiative aims to unify offense and defense in cyberspace under U.S. military command and enable responses "in Internet time rather than bureaucratic time."

Green Dam Deadline Remains Unchanged Despite U.S. Objections

Chinese authorities claim that putting Green Dam censorware on all new PCs sold in the country is necessary to limit young people's exposure to "harmful information."

Michael Jackson News Affects Web Traffic

By Paula Greve on Web and Internet Safety

The announcement of Michael Jackson’s death has caused immediate effects on the Web 2.0 world. The impact ranged from the interruption on Facebook of coverage of Farrah Fawcett’s death to a surge experienced by Twitter. The Web 2.0 world is definitely abuzz with traffic regarding his passing. Within hours the percentage of “long-tail” URL traffic associated with [...]

Bad News Offers Opportunity to Spread Malware

By Guilherme Venere on Web and Internet Safety

With the current news about the deaths of Farrah Fawcett and Michael Jackson, it’s a good idea to remind our readers to beware of blackhat attempts to distribute malware to anyone looking for news.   Every time a disaster happens or news about some celebrity reaches the media, malware writers try to take advantage of it. [...]

China remains spam haven due to 'bulletproof' hosting

An overwhelming majority of Web sites promoted through spam are hosted in China at service providers that many times choose to ignore complaints and allow illegal activity, according to research from the University of Alabama.

Michael Jackson spam spreads, malware attacks likely

Within hours of the death of Michael Jackson's death, spam capitalizing on his demise hit inboxes, a security firm said today as it warned that more was in the offing.

Fake Online Harry Potter Movies Launch Malware Attack

If you happen to see a too-good-to-be-true offer to watch the latest Harry Potter movie online for free, watch out.

Network shutdown bill faces changes, aide says

A bill in the U.S. Senate that would allow President Barack Obama to shut down parts of the Internet during a cybersecurity crisis will likely be rewritten and needs input from private businesses, said a congressional staff member associated with the legislation.

Security Experts Visualize Botnets With Eye On Defense

Not all botnets are organized in the same way. That's the conclusion of a report from Damballa which seeks to categorize the dominate structures. It attempts to explain why certain types of blocking and filtering will work against some botnets, and not for others.

Michael Jackson Death Spurs Spam, Viruses

Less than 24 hours after Michael Jackson's death, fraudsters are exploiting public interest with their attempts to spread spam and malware. Security researchers say they've observed hundreds of cases of malicious messages masquerading as information about Jackson's death. Some of them, they say, popped up within minutes of the news.

FTC suspends heavy penalty against scareware defendants

The U.S. Federal Trade Commission has suspended the majority of a judgment levied against two defendants accused of selling bogus security software to up to a million consumers.

Sophos warns of Michael Jackson spam emails

Hackers are using Michael Jackson's death to try and trick people into disclosing personal details, says Sophos.

Security agencies to combat cyber attacks, PM announces

Intelligence agents and computer experts are to step up operations against a growing online threat from "criminals, terrorists and hostile states", as part of the government's updated national security strategy.

Out of business, Clear may sell customer data

Three days after ceasing operations, owners of the Clear airport security screening service acknowledged that their database of sensitive customer information may end up in someone else's hands, but only if it goes to a similar provider, authorized by the U.S. Transportation Security Administration.

Facebook puts privacy controls in users' hands

Facebook has updated its Publisher tools to give users more control over who gets to see their posts on the social network.

Infosys chairman to head government identity project

Infosys Technologies' co-chairman, Nandan Nilekani, has quit his post to take up a position with the Indian federal government, with the rank of a cabinet minister.

Microsoft Security Essentials: The First Test Results Are In

The biggest question on everyone's minds with regard to Microsoft Security Essentials is how well it can detect and remove malware. The early returns are in, and Microsoft Security Essentials performed well overall in initial malware detection testing provided to PC World by AV-test.org.

Merchants Struggle to Comply With PCI Security In Economy

The heads of seven business organizations sent PCI Security Standards Council General Manager Bob Russo a cry for help earlier this month, saying the recession is making it "increasingly difficult" for merchants to meet the requirements of the Payment Card Industry's Data Security Standard (PCI DSS).

Yet Another Malware Attack Spreads via Twitter

Guy Kawasaki -- a Silicon Valley venture capitalist who was partially responsible for marketing the Macintosh in 1984 -- has almost 140,000 Twitter followers. Many of those followers likely thought it was strange that Kawasaki was suddenly into shilling porn, when a link purporting to host a pornographic video of "Gossip Girl" star Leighton Meester appeared on June 23. Anyone who downloaded the video discovered a virus that ravaged both PCs and Macs.

National Grid signs £207m deal for data network

National Grid has signed £207 million worth of deals with Cable & Wireless for a new data network.

Webroot: social networkers open to ID theft

A third of social networkers have at least three pieces of information visible on their profiles that could make them vulnerable to ID theft, says Webroot.

Online banking device reads information from a screen

As German banks layer more security into their online banking procedures, security vendor Gemalto has launched a device it says makes completing transactions easier.

Windows installs updates without permission, researchers say

Windows is installing "surprise updates" against the wishes of some users, who have expressly set up the operating system not to deploy patches without permission, researchers charged today.

TJX reaches $9.75 million breach settlement with 41 states

TJX Companies has agreed to pay for investigations by 41 states into a massive data breach that gave hackers access to data stored on as many as 94 million payment cards used by TJX customers.

Securely wipe your hard drive

Reader Jim Bradley seeks a way to securely wipe the data from his hard drive. He writes:

Reporters find Northrop Grumman data in Ghana market

A team of journalists investigating the global electronic waste business has unearthed a security problem too. In a Ghana market, they bought a computer hard drive containing sensitive documents belonging to U.S. government contractor Northrop Grumman.

Experts Only: Time to Ditch the Antivirus?

To the average IT security practitioner, the idea of disabling antivirus on new machines might seem blasphemous. After all, weren't we all told in IT Security 101 that everyone needs AV to keep the malware and data thieves at bay?

Unique cloud features can improve cloud security

Cloud computing may offer a new form of data defense by bringing into play the maneuverability of data to secure it from attacks while the source of the attack can be pinpointed and neutralized, a blogger suggests.

Subtle pressures for security policy compliance

Information security officers and managers are constantly looking for ways to encourage colleagues to comply with security policies. The paper "Social Psychology and INFOSEC: Psycho-Social Factors in the Implementation of Information Security Policy" summarizes a number of principles from social psychology that can help practitioners in our work.

MS Security Essentials: Basic Protection

Microsoft today released a limited beta version of Microsoft Security Essentials, a free antivirus application for users of Windows XP, Vista, or 7. The new app, which will replace Windows Live OneCare, aims to cover the basic security needs of home users, and its easy-to-use interface appears to be taking the right approach to the task.

High profile Twitter hack spreads porn Trojan

Former Apple Macintosh evangelist Guy Kawasaki [cq] posts Twitter messages about a lot of different thing, but the message he put up on Tuesday afternoon was really out of character.

E-Mail Crooks Target Webmail Accounts

Imagine having to explain an e-mail message that asks your friends for money--a message sent from your Webmail account. (Webmail refers to any e-mail service you use via a Web browser rather than through an e-mail client.) That's exactly what's happening: Scammers are breaking into such ac­­counts and, from those addresses, sending e-mail messages to the victims' entire contact list. The messages often tout a Web site (such as an e-commerce site), or even ask for money directly.

Abrupt closure of airport fast-lane program sparks concern over customer data

A company that collected detailed personal information including biometric data on 260,000 individuals as part of a registered air traveler program it operated has abruptly gone out of business, leaving many customers wondering about the safety and privacy of their personal data.

Defense Secretary Gates approves creation of U.S. Cyber Command

Defense Secretary Robert Gates today approved the creation of a unified U.S. Cyber Command to oversee the protection of military networks against cyber threats.

Adobe issues update for Shockwave Player

Adobe Systems has released a patch for its Shockwave Player to fix a critical vulnerability, the company wrote on its security blog on Tuesday.
Related Searches

Police to create regional e-crime squads

Police forces across the UK are to collaborate to create regional cybercrime squads.

UK shut out for Microsoft Security Essentials

Microsoft's new free antivirus product - Microsoft Security Essentials - is now available in beta, but not if you live in the UK.
Related Searches

Phoenix Freeze Auto-Locks Laptops via Smartphone

A new product from Phoenix Technologies, called Freeze, lets you use BlackBerry or iPhone Bluetooth to tell a PC that you're leaving the area and want it to lock up. When you return, Phoenix Freeze can also automatically unlock the machine so it's ready for you. However, it only works on Windows PCs, doesn't support 64-bit platforms, disables all other Bluetooth peripherals and seems to be a bit buggy for an official release.

Titsup airport express lane biz may pawn flyer data
If the feds Clear it

Defunct American airport security lane service Clear said on Friday it may sell its sensitive customer data to a similar provider if it's authorized to do so by the US government.…

Blue chip FTP logins found on cybercrime server
Monster breach exposes Amazon and BBC to compromise

Security researchers have found a treasure chest of FTP passwords, some from high profile sites, on an open cybercrime server.…

ICANN appoints former cybersecurity chief as new boss
Provocative pick

Internet oversight agency ICANN has hired former US cybersecurity chief Rod Beckstrom as its next boss.…

Spammers swift to exploit Jackson death to punt malware
Who's bad?

Updated Miscreants have wasted no time exploiting the shock death of Michael Jackson to run email harvesting and banking Trojan campaigns.…

Louisiana judge holds Dell in contempt
Dell making a 'mockery' of system in New Orleans brouhaha

A Louisiana judge found Dell in contempt of court Thursday after berating the eponymous computer vendor for making a "mockery" of the system though haphazard retrieval of evidence for a lawsuit that alleges corruption in the city of New Orleans' crime-camera program.…

Defense-contract discs sold in African market for $40
Northrop Grumman and Pentagon data dumped

Dumped hard drives with US defense data have turned up for open sale in a West African market.…

US calls for China to revoke censorware plan
Green Dam under attack

The US adminstration is pushing China to review its controversial policy of mandating the installation of specific content filtering software on new PCs.…

Crypto guru urges incentives for SSL cert recall
Come in MD5, your time is up

An SSL security guru is urging incentives to promote website certificate upgrade in response to problems with a widely-used digital-signature algorithm.…

UK.gov decides best form of cyber defence is attack
Playing the great game online

UK cyber security spooks will soon have the ability to undertake proactive missions online rather than just playing defense, under the revamped National Security Strategy published today.…

Chrome update plugs hush-hush browser hole
As Secunia releases browser patching tool

Google has pushed out a new version of its browser that protects against a critical vulnerability as well as fixing some stability snags.…

Microsoft cuts off Security Essentials downloads
Less than a day later

Redmond has cut off access to its Microsoft Security Essentials beta, less than a day after offering the free security app to John Q. Public on a first-come, first-served basis.…

MS no-frills security scanner gets thumbs up in early tests
Security Essentials does what it says on the tin

Microsoft's limited but free-of-extra-charge anti-malware scanner has performed creditably in early tests.…

US military cyberwar force will work with NSA
Priority is net 'defense'. As in Department of Defense

The long wrangle among the US military about who gets to be in charge of cyber warfare and who gets all the resulting pork appears to have been settled. Questions remain, however, regarding the level of America's readiness to take offensive military cyber action against enemies presumably overseas.…

Homebrew Pre apps find easy install
We've got ourselves a security hole, Rubber Duck

Developers unwilling to wait for the Mojo SDK for Palm's Pre, or to be bound by its restrictions, have discovered that unsigned applications can be installed using a specially-formatted e-mail rather than any mucking about with unlocking the handset.…

UK police chiefs mull regional cybercrime squads
We're the eSweeney son, and we ain't had any dinner

British police chiefs are drawing up plans to set up regional "cybercrime" squads along the lines of existing teams tasked to handle anti-terror operations.…

Inside a Phish

Categories: Case Studies,Malicious Code

Paper Added: June 25, 2009

IP Address Range Search with libpcap, (Sun, Jun 28th)

This week, I received a request to search for a range of destination addresses that cannot easily do ...(more)...

New NIAP Strategy on the Horizon, (Sat, Jun 27th)

It has been recently announced that the Common Criteria Evaluation and Criteria Scheme (CCEVS) will ...(more)...

Special SANSFIRE 2009 Podcast Presentations - State of the Internet Panel, (Fri, Jun 26th)

Our third presentation is by all of the Internet Storm Center Handlers that were present (at the tim ...(more)...

Michael Jackson Spam Distributes Malware, (Fri, Jun 26th)

As we anticipated in our yesterday's diary, spammers are starting to exploit attention-grabbing head ...(more)...

How Malware Defends Itself Using TLS Callback Functions, (Fri, Jun 26th)

Malware authors employ numerous and creative techniques to protect their executables from reverse-en ...(more)...

Michael J & Farrah F death SPAM, (Thu, Jun 25th)

With the reported death of Farrah Fawcett and Michael Jackson today, it is likely only a matter of h ...(more)...

PHPMYADMIN scans, (Fri, Jun 26th)

We have received some reports (thanks Drew) of scanning for keyhandler.js which is part of PHPMyAdmi ...(more)...

Special SANSFIRE 2009 Podcast Presentations - John Bambenek, (Thu, Jun 25th)

Our second presentation is by one of our Handlers by the name of John Bambenek. You may recogn ...(more)...

Special SANSFIRE 2009 Podcast Presentations - Deb Hale, (Thu, Jun 25th)

Recently at SANSFIRE 2009, there were a lot of talks given by our Internet Storm Center Handlers.&nb ...(more)...

TCP scanning increase for 4899, (Wed, Jun 24th)

An observant reader reports that he is seeing a very noticeable increase in TCP scanning for port 48 ...(more)...

Exploit tools are publicly available for phpMyAdmin, (Wed, Jun 24th)

As a follow-up to our earlier diary about phpMyAdmin scanning, there is at least 2 exploits posted i ...(more)...

Adobe Shockwave Player Update, (Wed, Jun 24th)

Several readers pointed out that Adobe released a security update for the Shockwave Player today whi ...(more)...

Five Guilty Pleas in Stock Manipulation Spam Case (June 25, 2009)

Five people have pleaded guilty to charges related to a spam scheme that artificially inflated the price of Chinese penny stocks.......

Hard Drive Purchased in Ghana Contains US Military Contractor Data (June 24 & 25, 2009)

Canadian journalism students bought a hard drive for US $40 at a market in Ghana, only to discover that it contained unencrypted information about contracts between military contractor Northrop Grumman and the Pentagon.......

Conference on Cyberwarfare Attendees Discuss Pros and Cons of Proactive Attacks (June 21, 2009)

People attending the Conference in Cyber Warfare in Tallinn, Estonia discussed the merits and drawbacks of conducting proactive cyber attacks.......

Payment Card Industry Security Standards Council Seeks Input (June 24 & 25, 2009)

The Payment Card Industry Security Standards Council (PCI SSC) is seeking "detailed and actionable feedback" from member organizations on versions 1.......

Customers Worry About Defunct Registered Traveler Program Data Security (June 23, 2009)

Customers of the suddenly-defunct Verified Identity Pass (VIP) registered air travel service Clear have expressed concern about the security of the data they provided to the company.......

Adobe Issues Shockwave Update to Fix Vulnerability (June 23, 24 & 25, 2009)

Adobe has released an update for a critical flaw in its Shockwave Player.......

Stolen Laptop Holds Cornell University Staff and Student Data (June 24, 2009)

Cornell University in Ithaca, NY has notified approximately 45,000 current and former staff members, students and their dependents that a stolen laptop computer contains their unencrypted, personally identifiable information.......

Green Dam Exploit Posted to Internet (June 25, 2009)

An exploit for a buffer overflow in the controversial Green Dam Youth Escort filtering software has been released in the wild.......

TJX Agrees to $9.75 Million Settlement (June 23, 2009)

TJX, parent company of TJ Maxx and Marshalls, has agreed to a US $9.......

Security Maxims

Smile ruefully in recognition at this list of security maxims, including "The Ignorance is Bliss Maxim: The confidence that people have in security is inversely proportional to how much they know about it.......

Gates Orders Creation of Unified Military Cyber Command (June 23 & 24, 2009)

US Defense Secretary Robert Gates has given the official go-ahead to the creation of a unified military cyber command dedicated to managing Pentagon cyber warfare and network defense efforts.......

UK Releases National Security Strategy (June 25, 2009)

According to the recently released National Security Strategy, the UK government plans to establish a new cyber security agency called the Office of Cyber Security (OCS) that will manage the government's cyber security program and act as a hub for information sharing between the public and private sectors.......

Microsoft Limits Security Essential Beta Downloads to 75,000 (June 23 & 24, 2009)

Microsoft has halted downloads of its free Microsoft Security Essentials beta software.......

Man Arrested for Stealing and Selling Client Data (June 25 & 26, 2009)

Police in Tokyo have arrested Hideaki Kubo, a former Mitsubishi UFJ Securities Co.......

Social engineering training could disrupt botnet growth

By Brian Sears

Security pros should address social engineering attacks with end users, helping them identify the tactic and possibly have an impact on botnet viability.

TJX to pay $9.75 million for data breach investigations

By Robert Westervelt

The company agrees to pay legal expenses related to investigations conducted by 41 Attorneys Generals and establish a data security fund for states.

Will the Antivirus Market Be Challenged or Complimented By Whitelisting?

Application whitelisting is being talked up by everyone from pure-play vendors like CoreTrace to larger security vendors like McAfee and Symantec. But while many say a hybrid blacklist/whitelist approach is needed, CoreTrace is positioning itself as an alternative to blacklist-based anti-virus.
- There has been plenty of talk in the past year or so among anti-virus vendors about the usefulness of application whitelisting. But when it comes to the question as to whether or not the technology can replace anti-virus, the subject gets a bit stickier. Whitelisting allows a list of approved file...

Facebook Tightens Privacy Controls

A beta version of Facebook's publisher gives users more control over who can see their content. The move is meant to improve security and privacy on the social networking site.
- Facebook is testing out granular privacy controls for its users that will allow them to exercise more control over who sees published content. Just recently, Facebook made a beta version of its publisher available to some of its users that allows them to configure the settings for who can view ...

IBM Discovers Encryption Scheme That Could Improve Cloud Security, Spam Filtering

A researcher at IBM reports having developed a fully homomorphic encryption scheme that allows data to be manipulated without being exposed. Researcher Craig Gentry's discovery could prove to be important in securing cloud computing environments and fighting encrypted spam.
- An IBM researcher has uncovered a way to analyze data while it is still encrypted, in what could be a boon for both spam-filtering applications and cloud computing environments. The challenge of manipulating data without exposing it has bugged cryptographers for decades. But in a breakthrough, ...

Enterprise Security: Educate Employees or Leave It to Microsoft?

NEWS ANALYSIS: How much does enterprise security really matter? Since most employees aren't being educated, it might not matter enough to businesses. For many companies, using software such as Microsoft Security Essentials makes more sense since employee computers are protected and IT departments can save time and money by not having to train employees about security.
- Quite a few security issues have impacted the business world over the past few months. The Conficker worm was considered a possibly damaging issue. The Nine Ball outbreak looked like it had the potential of unleashing some serious damage on the enterprise after it compromised 40,000 legitimate Web...

Cisco Baking RSA Data Loss Prevention Technology Into Its E-mail Security Mix

Cisco plans to integrate DLP technology from EMC's RSA security division into some of its IronPort e-mail security appliances by the fall. The integration is the result of a partnership between RSA and Cisco that was announced last year at the RSA security conference.
- EMC s RSA security division is bringing its data loss prevention technology to bear in the e-mail security space through integration with Ciscos IronPort appliances. By the fall, the DLP (data loss prevention) technology from RSA will be built into the Cisco IronPort C-Series applian...

U.S. Defense Secretary Orders Creation of Cyber Command

U.S. Secretary of Defense Robert Gates has ordered the creation of a new command to unify efforts at the Pentagon to secure military networks. Plans for the Cyber Command come a month after President Obama declared cyber-security a national security priority in a speech.
- U.S. Secretary of Defense Robert Gates has ordered the creation of a Cyber Command to help secure the U.S. military's computer networks, according to reports. In a memo, Gates said he will recommend President Barack Obama put the director of the National Security Agency in charge of the com...

Ex-DHS Cyber Chief Tapped as President of ICANN

In U.S. Government

Former Department of Homeland Security cyber chief Rod A. Beckstrom has been tapped to be the new president of the Internet Corporation for Assigned Names and Numbers (ICANN), the California based non-profit, which oversees the Internet's address system. Most recently, Beckstrom was director of the National Cyber Security Center -- an organization created to coordinate security efforts across the intelligence community. Beckstrom resigned that post in March, citing a lack of funding and authority. Beckstrom joins ICANN as the Internet governance body faces some of the most complex and contentious proposed changes to the Internet's addressing system in the organization's entire 11-year history. For example: -- The United States is under considerable pressure to give up control over ICANN and turn it over to international supervision and management. ICANN currently operates under a Joint Project Agreement with the U.S. government, but that agreement is due to expire at the end

Critical Security Fix for Adobe Shockwave Player

In New Patches

Adobe Systems Inc. on Tuesday issued a software update to fix a critical security flaw in its Shockwave Player, a commonly installed Web browser plug-in. According to Adobe, a malicious or hacked site could use the security hole to install malicious software if the visitor merely browses the site with a vulnerable version of the media player software. The flaw exists in Shockwave Player (also known as Macromedia Shockwave Player) version 11.5.0.596 and earlier. To find out whether Shockwave is installed and which version may be on your PC, visit this site. In a posting to its security blog, Adobe said it is not aware of any exploits in the wild for this vulnerability. Adobe recommends Shockwave Player users on Windows uninstall Shockwave version 11.5.0.596 and earlier on their systems, restart and install Shockwave version 11.5.0.600, available here. Readers should be aware that by default this patch will also try

Microsoft Debuts Free Antivirus Software Beta

In Safety Tips

Microsoft on Tuesday released a beta version of its new free anti-virus offering, Microsoft Security Essentials (a.k.a "Morro"). My review, in short: the program is a fast, easy to use and unobtrusive new addition to the stable of free anti-virus options available today. MSE is basically the next generation of Microsoft's Windows Live Onecare anti-virus and anti-spyware service, but without all of the extras, such as a firewall, data backup solution or PC performance tuning (Microsoft announced in Nov. 2008 that it would stop selling Onecare through its retail channels at the end of June 2009). The toughest part was getting the program installed. MSE can run on Windows XP, Vista or Windows 7 (both 32-bit and 64-bit versions), but it failed to install on an XP Pro system I tried to use as my initial test machine -- leaving me with nothing more than a failure message and cryptic

Brief: Adobe re-patches Shockwave player

Adobe re-patches Shockwave player

Brief: Pentagon signs off on Cyber Command

Pentagon signs off on Cyber Command

Simpler IP Range Matching with Tshark Display Filters

By Richard Bejtlich

In today's SANS ISC journal, the story IP Address Range Search with libpcap wonders how to accomplish the following:
...how to find SYN packets directed to natted addresses where an attempt was made to connect or scan a service natted to an internal resource. I used this filter for addresses located in the range 192.168.25.6 to 192.168.25.35.
The proposed answer is this:


tcpdump -nr file '((ip[16:2] = 0xc0a8  and ip[18] = 0x19 and ip[19] > 0x06)\
and (ip[16:2] = 0xc0a8 and ip[18] = 0x19 and ip[19]



I am sure it's clear to everyone what that means!


Given my low success rate in getting comments posted to the SANS ISC blog, I figured I would reply here.


Last fall I wrote Using Wireshark and Tshark display filters for troubleshooting. Wireshark display filters make writing such complex Berkeley Packet Filter syntax a thing of the past.


Using Wireshark display filters, a mere mortal could write the following:


tshark -nr file 'tcp.flags.syn and (ip.dst > 192.168.25.6 and ip.dst



Note that if you want to be inclusive, change the > to >= and the


To show that my filter works, I ran the filter against a file with traffic on my own 192.168.2.0/24 network, so I altered the last two octets to match my own traffic.


$ tshark -nr test.pcap 'tcp.flags.syn and (ip.dst > 192.168.2.103 and ip.dst 
137 2009-06-28 16:21:44.195504 74.125.115.100 -> 192.168.2.104 HTTP Continuation or non-HTTP traffic



You have plenty of other options, such as ip.src and ip.addr.


Which one do you think is faster to write and easier to understand?




Richard Bejtlich is teaching new classes in Las Vegas in 2009. Regular Las Vegas registration ends 1 July.

Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)





Effective Digital Security Preserves Long-Term Competitiveness


By Richard Bejtlich



Yesterday I mentioned a speech by my CEO, Jeff Immelt. Charlie Rose also interviewed Mr Immelt last week. In both scenarios Mr Immelt talked about preserving long-term competitiveness. Two of his themes were funding research and development and ensuring the native capability to perform technical tasks.



Black Hat Budgeting


By Richard Bejtlich



Earlier this month I wondered How much to spend on digital security. I'd like to put that question in a different light by imagining what a black hat could do with a $1 million budget.


The ideas in this post are rough approximations. They certainly aren't a black hat business plan. I don't recommend anyone follow through on this, although I am sure there are shops our there who do this work already.



Being a Critic Is Easy, So What Would I Do?


By Richard Bejtlich



After my last post, some of you are probably thinking that it's easy to be a critic, but what would I suggest instead? The answer is simple to name but difficult to implement.





Ugly Security


By Richard Bejtlich



I read Anton Chuvakin's post MUST READ: Best Chapter From “Beautiful Security” Downloadable! with some interest. He linked to a post by Mark Curphey pointing out that Mark's chapter from O'Reilly's new book Beautiful Security was available free for download in .pdf format. O'Reilly had been kind enough to send me a copy of the book, so I decided to read Mark's chapter today.


I found the following excerpts interesting.





DoD Creates USCYBERCOM


By Richard Bejtlich



Today is an historic day for our profession, and for my American readers, our country. As reported in The Washington Post and by several of you, today Secretary Gates ordered the creation of U.S. Cyber Command, a subordinate unified command under U.S. Strategic Command. The NSA Director will be dual-hatted as DIRNSA and CYBERCOM Commander, with Title 10 authority, and will be promoted to a four-star position. Initial Operational Capability for CYBERCOM is October 2009 with Full Operational Capability planned for October 2010. Prior to CYBERCOM achieving FOC, the Joint Task Force - Global Network Operations (JTF-GNO) and the Joint Task Force - Network Warfare (JTF-NW) will be "disestablished."


As one of my friends said: "Step one to your Cyber Service -- what will the uniforms look like?"






Richard Bejtlich is teaching new classes in Las Vegas in 2009. Regular Las Vegas registration ends 1 July.

Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)





US, Russia in dispute over computer attacks: report (AFP)


In politics



AFP - Less than two weeks before President Barack Obama's visit to Moscow, the United States and Russia cannot agree how to counter the growing threat of cyberwar attacks that could wreak havoc on computer systems and the Internet, according to The New York Times.





Michael Jackson Death Spurs Spam, Viruses (PC World)


In technology



PC World - Less than 24 hours after Michael Jackson's death, fraudsters are exploiting public interest with their attempts to spread spam and malware. Security researchers say they've observed hundreds of cases of malicious messages masquerading as information about Jackson's death. Some of them, they say, popped up within minutes of the news.





Fake Online Harry Potter Movies Launch Malware Attack (PC World)


In technology



PC World - If you happen to see a too-good-to-be-true offer to watch the latest Harry Potter movie online for free, watch out.





FTC OKs $1.9M Deal Over Deceptive 'Scareware' Ads (PC Magazine)


In technology



PC Magazine - The Federal Trade Commission has reached a $1.9 million settlement with two defendants who allegedly operated a deceptive advertising scheme to dupe consumers into buying computer security products.





SaaS, Not Shopping, Is Focus of Symantec's New CEO (PC World)


In technology



PC World - CIOs think of Symantec as a company that buys its way into new markets. Over the past decade the Cupertino, California, vendor has snatched up about 30 companies as it's evolved from an antivirus and tools seller to an aspiring enterprise infrastructure vendor.





Security Essentials Does Its Job With No Frills (PC World)


In technology



PC World - People often turn to me for advice regarding what anti-virus package to get. Usually I recommend McAfee or AVG, but Security Essentials will be my go-to anti-malware package once it's released from beta. For small-business and home users, the price, performance, and ease-of-use of MSE can't be beat.





Yet Another Malware Attack Spreads via Twitter (PC World)


In technology



PC World - Guy Kawasaki -- a Silicon Valley venture capitalist who was partially responsible for marketing the Macintosh in 1984 -- has almost 140,000 Twitter followers.





UK looks to young geeks to secure cyberspace (AP)


In technology



AP - Britain is hiring former computer hackers to join a new security unit aimed at protecting cyberspace from foreign spies, thieves and terrorists, the country's terrorism minister said.





Panda Outlines 2010 Security Lineup (PC Magazine)


In technology



PC Magazine - When it comes to computer security, you usually want as much as you can get.  But that doesn't mean you want that protection to affect everything else you do on your PC. With that in mind, Panda Security has devised its 2010 lineup of security packages.





Britain says facing growing cyber security threat (Reuters)


In technology



Reuters - Britain warned on Thursday of a growing risk to military and business secrets from computer spies and pledged to toughen cyber security to protect the 50 billion pounds ($82 billion) spent a year online in its economy.





Microsoft Security Essentials: The First Test Results Are In (PC World)


In technology



PC World - The biggest question on everyone's minds with regard to Microsoft Security Essentials is how well it can detect and remove malware. The early returns are in, and Microsoft Security Essentials performed well overall in initial malware detection testing provided to PC World by AV-test.org.





Pro-Iranian regime hackers invade Oregon computers (AP)


In us



AP - Hackers defaced the home page of the Oregon University System, posting a caustic message telling President Barack Obama to mind his own business and stop talking about the disputed Iranian election.





Vulnerabilities in Cisco Video Surveillance Products


In Cisco Security Advisory





Cisco Physical Access Gateway Denial of Service Vulnerability


In Cisco Security Advisory



Beware: Identity Thieves Harvest Social Networks


Social networks are ripe for identity theft, with personal information easily up for grabs, security firm warns.



TJX Pays States for Cost of Investigating its Data Breach


The retail chain has reached a $9.75 million settlement with 41 states that helped untangle a major security leak.



Security Experts Visualize Botnets With an Eye Toward Defense


Not all botnets are organized in the same way. Understanding botnet design helps fight them more effectively.



Can an Enterprise iPhone Really Be Secure?


Analysis: As part of the evaluation process for any enterprise business solution, a risk analysis should be conducted beforehand.



Taking Pride in Nefarious Net Activities


Analysis: Thanks to Pretty Good Privacy encryption creator Phil Zimmermann for software that undermines suppression -- and for keeping me out of jail.



Fake Online Harry Potter Movies Launch Malware Attack


Plus: A new password-stealing Trojan to guard against.



FTC Suspends Heavy Penalty Against Scareware Defendants


The FTC has suspended the majority of a fine levied against two defendants accused of selling bogus security software to up to a million consumers.



Security Essentials Does Its Job With No Frills


Microsoft Security Essentials may be the right tool for smaller businesses.



Don't Get Tricked by Fake Microsoft Update E-Mails


I've received several phishing e-mails that look surprisingly authentic and professional.



Is It Time to Ditch the Antivirus?


To the average IT security practitioner, the idea of disabling antivirus on new machines might seem blasphemous.



Yet Another Malware Attack Spreads via Twitter


A link on Guy Kawasaki's Twitter page purported to direct his followers to a porn video, but really, it was a virus attack.



Microsoft Security Essentials: The First Test Results Are In


Early test results show that Microsoft Security Essentials holds its own in malware detection and cleanup.



Securely Wipe Your Hard Drive


Reader Jim Bradley seeks a way to securely wipe the data from his hard drive. He writes:



EC Proposes Creation of Centralized Security Data Agency


EU took a step toward creating a pan-European IT system for security and surveillance Wednesday.



Adobe Issues Security Update for Shockwave Player


Adobe Systems released a patch on Tuesday for its Shockwave Player to fix a critical vulnerability.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

My Blog List