Wednesday, July 1, 2009

Around The Horn vol.1,130

Report: botnets sent over 80% of all June spam

By jacqui@arstechnica.com (Jacqui Cheng) on spam

There's a ton of spam on the Internet—we all are painfully aware of this already. However, what once required an actual person to send is increasingly being taken over by botnets. A new report (PDF) from Symantec's MessageLabs says that more than 80 percent of all spam sent today comes from botnets, despite several recent shut-downs.

According to MessageLabs' June report, spam accounted for 90.4 percent of all e-mail sent in the month of June—this was roughly unchanged since May. Botnets, however, sent about 83.2 percent of that spam, with the largest spam-wielding botnet being Cutwail. Cutwail is described as "one of the largest and most active botnets" and has doubled its size and output per bot since March of this year. As a result, it is now responsible for 45 percent of all spam, with others like Mega-D, Xarvester, Donbot, Grum, and Rustock making up much of the difference.

China delays rule for Net-screening software

By Stephen Shankland

China has indefinitely delayed enforcement of a requirement that PC makers preinstall Green Dam-Youth Escort software that experts believe would have screened not just Internet pornography but also some online political content.

Green Dam allows users to specify categories of sites to block.

Password Masking - a Necessary Evil

By Rik Ferguson on web

I was reading an article on the The Register this morning which presented the views of usability expert Jakob Nielsen and security expert Bruce Schneier when it comes to the routine masking of passwords when logging in to services. They both call for an end to this practice.   Both Jakob and Bruce agreed that there was [...]

Kon-Boot – Reset Windows & Linux Passwords

By Darknet on reset windows password

Kon-Boot is an prototype piece of software which allows to change contents of a Linux kernel (and now Windows kernel also!!!) on the fly (while booting). In the current compilation state it allows to log into a Linux system as ’root’ user without typing the correct password or to elevate privileges from current user to [...]

'Mafiaboy': Cloud Computing Will Cause Internet Security Meltdown

Notorious black-hat hacker warns that cloud-based computing will be "extremely dangerous," and explains how he got into hacking at age 15

ATM Attack Talk Canned at Black Hat

In Vulnerability Research

Juniper Networks has agreed to pull a talk on ATM security slated for the upcoming Black Hat and DefCon security conferences.

Sunbelt Formalizes Ties With Stopbadware

In eBay

Sunbelt Software has agreed to contribute research data to the Harvard Law School-based Stopbadware.org initiative.

Data Theft Attacks Still Driving Underground

In Virus and Spyware

Data theft is at the center of the malware torrent and will continue to be so for the forseeable future, Trend Micro reports.

China's cybersecurity fears sound very familiar

I came across a fascinating article while traveling in China that tells us a lot about Chinese perceptions of cybersecurity issues — and something about the human psyche as well.

Cyber command in urgent need of strategy, military leaders say

At the same time, the increasing complexity of cyberspace and ongoing workforce issues remain pressing challenges, adding urgency, military leaders said, for the new command to articulate its strategy soon.

Registered Traveler: Data privacy, security prompts chairman’s inquiry

A House committee chairman is questioning TSA on its handling of personal data for the Registered Traveler program.

Administration seeks input on declassification

As part of the White House’s open government initiative, officials ask public to comment on declassification policies.

Improved FISMA scores don't add up to better security, auditor says

The government could improve the way it measures the security of agencies' information technology programs, a senior GAO official told Congress.

Zeus Trojan Variant Steals FTP Login Details

A new variant of the particularly malicious Zeus family of Trojans has surfaced and is compromising computers at an alarming rate.

China Delays 'Green Dam' Mandate

China has pushed back its deadline requiring all PCs sold in the country to include Web filtering software known as Green Dam. No new deadline has been set.

Web Filtering Company Reports Cyber Attack To FBI

The U.S.-based company that claims its programming code was unlawfully included in China's Green Dam software reports being targeted by a cyber attack.

CSIRT Management: Lessons from other group postmortems

My favorite graduate course in the Norwich University Master of Science in Information Assurance Program is the "Computer Security Incident Response Team Management" graduate seminar which I developed some years ago based in part on an extensive series of articles on the subject that appeared here in the Network World Security Strategies and that I collected for readers in a single document freely available on my Web site along with a free companion CD-ROM from the Defense Information Systems Agency on the subject.

U.S. teams with Italy to fight cyber crime

The head of the U.S. Secret Service on Tuesday signed a memorandum of understanding with the head of the Italian police and the chief executive officer of the Italian Postal Service to set up an international task force to combat cyber crime.

Juniper nixes ATM security talk

Router maker Juniper Networks has barred one of the company's security researchers from discussing security flaws in Automated Teller Machines after an ATM maker threatened legal action.

Feds arrest man allegedly behind DDoS attacks against Rolling Stone

A man has been charged with allegedly launching distributed denial-of-service attacks against at least nine Web sites, including Rolling Stone magazine's site.

'Iceman' pleads guilty to massive computer hacking

Max Ray Butler, a hacker known as the "Iceman," pleaded guilty to breaking into numerous financial institutions and card-processing networks and stealing credit card and identity data on hundreds of thousands of individuals.

Symantec service deploys, monitors endpoint tools

In an effort to help large enterprises use their endpoint security tools to their fullest capacity, Cupertino, Calif.-based Symantec Corp. is offering a set of services to help deploy, manage and monitor these technologies.

CDT: New privacy law getting closer

Comprehensive legislation to protect consumers' privacy is closer to becoming a reality in the U.S. Congress than it's been in several years, officials with the Center for Democracy and Technology said Tuesday.

Questions hang at deadline for China's censorware

Just one day before China expects PC makers to start shipping Internet filtering software with new computers, it was unclear if China would enforce the rule when that deadline comes.

Government criticised for plan to hire 'naughty boys'

The security minister Lord West has been slammed for hinting that former hackers are being recruited by Britain's security forces to help protect IT infrastructure from malicious online forces.

Unisys launches secure cloud service

Unisys is announcing a cloud service protected by a double-encryption scheme that it says has earned high government security ratings.

Study: Business Risk of Fraud Up Amid Economic Crisis

The global economic crisis will lead to more cases of large-scale business fraud and corruption as the situation continues to unfold, according to a new report from Control Risks, an international business risk consultancy (See also: 3 Global Risks to Business in 2009).

Tufin tool automates firewall switch-on

Israeli security outfit Tufin has added an automatic policy generator (APG) to its SecureTrack firewall analysis system. The new feature lets admins plan firewall deployments based on the traffic actually passing across their networks.

Trade groups urge China to drop Web filtering program

A wide-ranging group of trade associations has urged China to lift its requirement that an Internet filtering program be distributed with all new PCs, with the order set to take effect this week.

Blind phone hacker gets 11-year sentence

A Boston-area teenager was sentenced to more than 11 years in prison Friday for hacking into the telephone network and harassing the Verizon investigator who was building a case against him.

Michael Jackson's death spawns malware, more scams

As security researchers predicted last week, hackers have begun to use the death of pop star Michael Jackson to infect people's PCs with malware.

Q&A: No alternative to PCI, security council chief insists

Robert Russo, the general manager of the Payment Card Industry Security Standards Council, fires back at critics of the PCI data security standard.

Twitter Gains Upper Hand on Latest Scam

Sometimes, it seems scams are becoming almost as common as social media experts on Twitter. The latest one, unleashed Monday morning and initially noticed by tech blog Mashable, centers on a fake blog hosted at the domain twittersblogs.com. Tweets containing links to the site circulated rapidly, each featuring the message: "omg!! is it true what they wrote about you in their twit blog?"

Kaspersky beats Zango in malware classification case
Right to call spade a digging implement won

Kaspersky Lab has secured a legal victory against notorious adware firm Zango, with a ruling that goes a long way towards protecting security software developers from nuisance lawsuits from the developers of internet pests in future.…

Conficker left Manchester unable to issue traffic tickets
Infection cost £1.5m in total

Manchester City Council was prevented from issuing hundreds of motoring penalty notices in time after the infamous Conficker worm knocked out parts of its IT systems.…

China spam crisis provokes researcher's ire
Name and shame campaign aims to change attitudes

A security researcher is calling for action against Chinese internet firms which are failing to protect their services from abuse by cybercrooks.…

Rolling Stone allegedly DDoSed for negative story
Perverted Justice

Federal prosecutors accused a Pennsylvania man of unleashing a crippling series of attacks against the websites of Rolling Stone and other groups after they published articles that cast him in an unfavorable light.…

Researcher barred from demoing ATM security vuln
Not ready for prime time

A talk demonstrating security weaknesses in a widely used automatic teller machine has been pulled from next month's Black Hat conference after the machine vendor placed pressure on the speaker's employer.…

Max Vision pleads guilty to running cybercrime bazaar
Iceman melts

Notorious hacker Max Vision faces a lengthy prison sentence after pleading guilty to two counts of wire fraud involving the trafficking of around 1.8 million credit card numbers and running a clearing house for cybercrime.…

How to improve your application security
What products and services are available?

Regcast With major security breaches in the news almost daily, IT security practitioners are starting to pay more attention to the how rather than the why when it comes to application security. This is the topic of our upcoming webcast: Jump start your Application Security initiatives.…

Hotmail hack blamed for exposing extra-marital governor frolics
Mucky affair mails leaked by prurient hacker?

Emails from the Argentine mistress of married South Carolina Governor Mark Sanford were leaked to the press by a hacker, according to the Latin American siren at the centre of a political scandal in the US Deep South.…

Cybercrooks ramp up recession-themed scams
DoJ Untouchables plan crackdown

Cybercrooks have adapted to the global economic crisis with scams based on topical subjects such as refinancing or unemployment in a bid to reel in vulnerable marks.…

How secure are your applications?
Locking the stable door before the horse bolts

Let’s be blunt. The fine heritage of application development has not traditionally incorporated the pre-emptive creation of secure code, i.e. programs that are built from the ground up to be secure.…

Masked passwords must go
'Shoulder surfing is largely a phantom problem'

Websites should stop masking passwords as users type because it does not improve security and makes websites harder to use, according to two of the technology world's leading thinkers.…

OT: Happy Birthday Canada!, (Wed, Jul 1st)

Cheers, Adrien de Beaupr EWA-Canada.com Teaching SANS Cutting-Edge Hacking Techniques i ...(more)...

New VMWare Security Advisory, (Wed, Jul 1st)

VMWare released a new security advisory about a vulnerability in the krb5 (Kerberos) package. The vu ...(more)...

Mobile phone trojans, (Wed, Jul 1st)

Couple of days ago one of our readers, Frank Wolff, sent a screenshot of an unsolicited message he r ...(more)...

Firefox 3.5 is available, (Tue, Jun 30th)

Firefox 3.5 has been released ...(more)...

De-Obfuscation Submissions, (Tue, Jun 30th)

Here are a list of sites that readers have submitted as being particularly useful for de-obfuscation ...(more)...

Obfuscated Code, (Tue, Jun 30th)

Earlier today we received a fairly common email from a reader asking us for help de-obfuscating some ...(more)...

Juniper pulls ATM hacking presentation from Black Hat

By Robert Westervelt

Researcher planned to demonstrate a hacking technique targeting the underlying software of a new ATM.

Hacker Max Ray Butler Pleads Guilty

Former security consultant Max Ray Butler pleaded guilty to wire fraud charges June 29 in connection with his role in a massive hacking and identity theft scheme. Butler faces decades behind bars when he is sentenced in October.
- Notorious hacker Max Ray Butler, also known as Max Ray Vision, pleaded guilty to wire fraud charges June 29, acknowledging his involvement in the theft of credit card and identity data. Butler, 36, of San Francisco, was a former security consultant turned hacker who had been on the radar of la...

Firefox 3.5 Armed with Privacy Controls

Mozilla adds new privacy features to the latest version of its Firefox browser in response to features in Internet Explorer 8, Apple Safari and Google Chrome. In addition to a Private Browsing mode, Firefox 3.5 has Forget This Site and Clear Recent History capabilities.
- Mozilla has responded to enhanced privacy settings in rival browsers from Microsoft, Apple and Google with new privacy features of its own. In Firefox 3.5, released June 30, Mozilla has added its own version of private browsing to match a feature offered by Google Chrome, Internet Explorer 8 and...

Matt Mederios: Security Meets the Cloud and Social Nets

How do you keep your company's data secure in an era of economic uncertainty, when your employees are using Twitter and other social networks and mobility has dispersed your employees around the globe? SonicWall President and CEO Matt Mederios has looked at these challenges and believes data security is up to the challenge.

Blind Hacker Hit with 11-Year Sentence

A blind man tracked by the FBI since he was a teenager was sentenced to prison recently for his role in hacking into a telephone system and intimidating a Verizon security investigator. The court sentenced him to 135 months in prison.
- A blind Boston-area hacker was hit with more than 11 years in prison June 26 for his role in hacking into a telephone network and threatening the Verizon investigator building a case against him. Matthew Weigman, 19, also known as quot;Little Hacker, quot; was accused of being part of a gang ...

A Bustling Week for Cyber Justice

In Cyber Justice

This past week has been a bustling one for cyber justice. The Federal Trade Commission announced a settlement in its ongoing case against scareware purveyors; a notorious hacker admitted stealing roughly two million credit card numbers; the Justice Department has charged a software developer from Arkansas with launching a series of debilitating online attacks against several online news sites that carried embarrassing stories about him. Finally, a federal appeals court decision gives security vendors added protection against spurious lawsuits by adware companies. -- Last week, the FTC said it had settled with James Reno and his company ByteHosting Internet Services LLC. Both were named in the commission's broad sweep last year against purveyors of "scareware," programs that uses bogus security alerts to frighten people into paying for worthless security software. The settlement imposes a judgment of $1.9 million against Reno and Bytehosting, yet the court overseeing the case suspended all

FFSearcher: A Stealthy Evolution in Click Fraud

In Web Fraud 2.0

Every so often, a new piece of malicious software comes along that introduces a subtle yet evolutionary technological leap, a quickly-mimicked shift that allows cyber crooks to be far more stealthy in plying their trade. According to research released last week, this happened most recently in the realm of click fraud, a rapidly growing problem that inflates online advertising costs for legitimate companies and ad networks. For years, hackers have used malicious software to perpetrate click fraud by hijacking the results displayed when users search for something online. The trouble is, these scams can be rather clumsy: Victims often figure out pretty quickly that something is wrong, usually because their searches are redirected to an unfamiliar search portal, as opposed to their regular default search provider. But a new Trojan horse program being distributed by tens of thousands of recently hacked Web sites hijacks search results so that

Blind Phone Hacker Gets 11-year Sentence (PC World)

In business

PC World - A blind Boston-area teenager was sentenced to more than 11 years in prison Friday for hacking into the telephone network and harassing the Verizon investigator who was building a case against him.

No comments:

Post a Comment

My Blog List