MS09-049 - Critical: Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution (970710) - Version:1.0
Severity Rating: Critical - Revision Note: V1.0 (September 8, 2009): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Wireless LAN AutoConfig Service. The vulnerability could allow remote code execution if a client or server with a wireless network interface enabled receives specially crafted wireless frames. Systems without a wireless card enabled are not at risk from this vulnerability.
MS09-048 - Critical: Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723) - Version:1.0
Severity Rating: Critical - Revision Note: V1.0 (September 8, 2009): Bulletin published.Summary: This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
MS09-047 - Critical: Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812) - Version:1.0
Severity Rating: Critical - Revision Note: V1.0 (September 8, 2009): Bulletin published.Summary: This security update resolves two privately reported vulnerabilities in Windows Media Format. Either vulnerability could allow remote code execution if a user opened a specially crafted media file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS09-046 - Critical: Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844) - Version:1.0
Severity Rating: Critical - Revision Note: V1.0 (September 8, 2009): Bulletin published.Summary: This security update resolves a privately reported vulnerability in the DHTML Editing Component ActiveX control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS09-045 - Critical: Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961) - Version:1.0
Severity Rating: Critical - Revision Note: V1.0 (September 8, 2009): Bulletin published.Summary: This security update resolves a privately reported vulnerability in the JScript scripting engine that could allow remote code execution if a user opened a specially crafted file or visited a specially crafted Web site and invoked a malformed script. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
A parent's quick guide to content blocking technologies
By ars@lasarletter.net (Matthew Lasar) on parental control devices
The Federal Communications Commission's long awaited Report to Congress on Parental Control Technologies for Video or Audio Programming is finally out. The report compiles almost a year's worth of comments from industry and public interest groups on the state of content filtering technology, and what does it conclude? By golly, the FCC says it needs to issue another study! The next one will be about why more parents don't use the wide range of content filtering apps and gizmos that are currently available.
Learn how to protect yourself from identity theft
By jacqui@arstechnica.com (Jacqui Cheng) on trustedID
Identity theft is big business, and it keeps getting bigger as more and more information about us floats around in an ever data-obsessed society. From every swipe of your credit card to every time you go to the doctor, doors are opened for thieves to snatch information and use it to their advantage. And, as the name implies, it's not just about fraudulent charges showing up on your bank account, either. At worst, you could find that someone has been using your social security number for years to work various jobs or, as in one Chicago teenager's recent experience, you could even get thrown in jail because a thief using your identity had a warrant out for his arrest. "Oops" doesn't even begin to describe it.
Most Americans know the basic principle of checking their credit reports once a year. Every US citizen can now get a free report from the three major credit bureaus every year to ensure everything is right on their accounts. However, that's the extent of most of our knowledge, and only addresses one facet of identity theft (financial institutions). It turns out there are a number of other preventative measures that can be taken, especially if you're the paranoid type.
New flaw can crash Windows Vista and Server 2008 remotely (Updated)
By emil.protalinski@arstechnica.com (Emil Protalinski) on Windows Vista
Redmond is investigating reports that a newly discovered flaw in Microsoft's implementation of the Server Message Block 2 (SMB2) protocol, an extension of the conventional server message block protocol, can be exploited to remotely crash and restart computers running Windows Vista or Windows 7. The attack does not require authentication, but port 445 of the target system must be open, and on Windows it is open by default. Laurent GaffiƩ, who discovered the vulnerability, has contacted Microsoft, noting that the only solution he can think of is to turn off the SMB feature and close port 445.
Ruby on Rails vulnerability affects Twitter; IE8 immune
By segphault@arstechnica.com (Ryan Paul) on security
A cross-site scripting (XSS) vulnerability that was patched on Thursday in Ruby on Rails affected several widely used Web services including the popular Twitter microblogging website and Basecamp, a project management tool created by 37Signals from which the Ruby on Rails framework originated.
Security researcher Brian Mastenbrook uncovered the bug when he was conducting a serendipitous test of unicode handling in Twitter. He discovered that he could circumvent the site's string sanitization mechanism and inject a JavaScript payload. It falls into the category of a non-persistent or "type 1" XSS vulnerability.
Securing the .edu top-level domain with DNSSEC
By nate@arstechnica.com (Nate Anderson) on DNSSEC
DNS security continues its slow march to the root servers with today's announcement that the educational top-level domain ".edu" will roll out the DNSSEC protocol for testing this month, with a full deployment to follow by March 2010.
The domain name system (DNS) resolves Internet addresses like arstechnica.com into a numerical IP address—but the ancient DNS protocol provides little to no security. Hackers have figured out ways to poison the DNS cache, redirecting users who think they're visiting one site to another, quite different site. The insecurity of this fundamental piece of Internet architecture has been a boon for phishers and other miscreants, and the problems have been recognized for years.
Microsoft Patch Tuesday for September 2009: five bulletins
By emil.protalinski@arstechnica.com (Emil Protalinski) on Patch Tuesday
According to the Microsoft Security Response Center, Microsoft will issue five Security Bulletins on Tuesday, and it will host a webcast to address customer questions on the bulletin the following day (September 9 at 11:00am PST, if you're interested). All five of the vulnerabilities are rated "Critical," and they all earned their rating through a remote code execution impact, meaning a hacker could potentially gain control of an infected machine. At least two of the five patches will require a restart.
3.3% of PCs with ESET antivirus block a threat each day
By emil.protalinski@arstechnica.com (Emil Protalinski) on ESET
ESET is known as the creator of one of the better security software solutions, and recently the organization has done more research into what its customers are seeing. The company's virus lab receives over 100,000 new pieces of malware every day. The big conclusion? There are more malware authors than ever and their technologies to rapidly create new variants of malicious code are getting better.
While you stifle your yawn (since you're not really surprised), here's a statistic ESET discovered that you probably couldn't have come up with yourself: 3.3 percent of the computers running ESET's antivirus detect and block at least one threat every day. The calculation was made using the company's ThreatSense.Net monitoring system, which gathers statistics on malicious activity on customer computers running ESET software.
Microsoft: IIS vulnerability under limited attacks (Updated x2)
By emil.protalinski@arstechnica.com (Emil Protalinski) on Internet Information Services
A hacker has posted code on his Milw0rm website that could be used to attack a system running Microsoft Internet Information Services (IIS) server and install unauthorized software on it. The good news is that the attack appears to work only on older versions of IIS—versions 7.x are not affected. The flaw resides in the File Transfer Protocol (FTP) software used by IIS to transfer large files, meaning that FTP must be enabled for an attack to be succesful. The risk posed by this vulnerability isn't completely clear yet, but Microsoft says it is looking into the issue.
MS09-048: Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution
By Robert A. on Vulns
Microsoft has just published a remote vulnerability in the windows TCP/IP stack. "This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening...
Apache.org Incident Report For 8/28/2009 Hack
By Robert A. on IndustryNews
From the report "Our initial running theory was correct--the server that hosted the apachecon.com (dv35.apachecon.com) website had been compromised. The machine was running CentOS, and we suspect they may have used the recent local root exploits patched in RHSA-2009-1222 to escalate their privileges on this machine. The attackers fully compromised this...
Cross-protocol XSS with non-standard service ports
By Robert A. on XSS
i8jesus has posted an entry on smuggling other protocol commands (such as ftp) in HTML forms, as well as edge case situations where running a tcp service (in this case ftp on a non standard port) can result in more XSS abuse cases. While not likely still worth a read. "Most...
Microsoft: Windows 7 not affected by latest flaw
By Ina Fried
Microsoft issued a formal security advisory late Tuesday on a reported zero-day flaw in Windows Vista and Windows Server 2008. However, the software maker also said that the flaw does not affect the final version of Windows 7, contrary to earlier reports.
"Microsoft is investigating new public reports of a ...
Originally posted at Beyond Binary
Microsoft issues critical Windows patches
By Ina Fried
Microsoft on Tuesday issued five critical Windows-related updates as part of its monthly Patch Tuesday release.
While the issues affect different versions of Windows differently, Microsoft said none of the issues apply to the final version of Windows 7, which Microsoft wrapped up in July.
The five bulletins address eight ...
Originally posted at Beyond Binary
Windows 7, Vista zero-day flaw reported
By Tom Espiner
Microsoft said on Tuesday that it is investigating reports of a zero-day vulnerability affecting Windows 7 and Vista.
The flaw in Windows 7 could allow an attack which would cause a critical system error, or "blue screen of death," according to researcher Laurent Gaffie.
Gaffie wrote in his blog that ...
Norton calls on Quorum for 2010
By Seth Rosenblatt
Symantec is betting heavily that program behavior is the future battlefront of security and is making a big push in its 2010 security program lineup with a behavioral engine called Quorum.
Debuting Wednesday, both the basic Norton AntiVirus 2010 and the more robust Norton Internet Security 2010 will use Quorum, ...
Originally posted at The Download Blog
WordPress blogs falling prey to worm
By Jennifer Guevin
A worm is circulating that can post malware and spam to some WordPress blogs using outdated versions of the blogging software, according to a post by Matt Mullenweg, founding developer of WordPress.
The worm can be tough to catch, as Mullenweg explains: "it registers a user, uses a security bug (...
Microsoft reports attacks using IIS vulnerability
By Stephen Shankland
A vulnerability in Microsoft's software for housing Web sites is now being used for "limited attacks" on the servers it's running on, the company said Friday.
Microsoft disclosed the Internet Information Services (IIS) vulnerability on Monday and said Friday it's still working on a security update to ...
Originally posted at Deep Tech
Symantec: Posted code enables VoIP spying
By Larry Magid
Along with keyloggers that track what you type, now we have to worry about malicious software that listens in on our voice over Internet Protocol conversations.
Gerry Egan
(Credit: Joris Evers/CNET)
A Symantec security blog on Thursday disclosed a new Trojan horse, Tojan.Peskyspy "that records VoIP communications, specifically ...
Originally posted at Safe and Secure
Microsoft issues advisory on server flaw
By Ina Fried
Microsoft on Tuesday issued a security advisory for a Web server flaw that was made public on Monday.
The flaw affects certain versions of Microsoft Internet Information Services product, but to be exploited it requires a user to have the FTP function enabled. The flaw could allow an attacker to
...
Originally posted at Beyond Binary
Microsoft investigating newly reported IIS flaw
By Ina Fried
Microsoft on Monday said it is looking into a report of a flaw in some versions of its Internet Information Services product that could allow an attacker to gain control of a system.
In a statement, a Microsoft representative said the company "is investigating new public claims of a possible ...
Originally posted at Beyond Binary
Trend Micro launches new security tracking tool
By Sam Diaz
This was originally posted at ZDNet's Between the Lines.
It used to be that an IT administrator could warn employees about opening attachments from unknown sources or clicking on links from unknown e-mail senders as the first line of defense against spam, malware, and other bad stuff on the ...
ZoneAlarm's 2010 suites include encryption
By Seth Rosenblatt
Best known for its ZoneAlarm firewall, Check Point Software has announced updates for ZoneAlarm's more full-featured security suites. Available in two versions, ZoneAlarm Internet Security 2010 gives users a robust firewall, antivirus and antispyware, and parental control package for $50, while ZoneAlarm Extreme Security 2010 adds Web browsing protection, ...
Originally posted at The Download Blog
What price your child’s safety?
By Rik Ferguson on web
This is often thorny question for parents to consider. How intrusive should my monitoring of my children’s internet activity be? How can I be sure that I am helping them to stay safe online and still maintain their sense of independence and, perhaps more importantly, the privacy which is so important to kids as they are growing up? [...]
Cisco & Microsoft Patch TCP Stack DoS Exploit
By Darknet on vulnerability
A fairly serious flaw that was announced in October 2008 by Outpost24 (and apparently discovered way back in 2005), has finally been patched by the major players Cisco and Microsoft. So far Redhat has offered a workaround for the flaw and Juniper has responded that their equipment is not vulnerable. It could be that Juniper doesn’t [...]
SWFScan – Free Flash Application Security Scanner
By Darknet on web-application-security
HP SWFScan is a free tool developed by HP Web Security Research Group, which will automatically find security vulnerabilities in applications built on the Flash platform. HP is offering SWFScan because: Their research shows that developers and increasingly implementing applications built on the Adobe Flash platform without the required security expertise. As a result, they are seeing a [...]
UK Has The Worst Internet Security In Europe
By Darknet on uk internet security
Interesting story for our British readers, seems like back in Old Blighty people are a bit lax when it comes to keeping their security software up to date. Not only that, from the other aspects of the survey it seems UK is generally lacking in cybersecurity awareness and education with people not deleting dodgy files and [...]
MySqloit – SQL Injection Takeover Tool For LAMP
By Darknet on web-application-security
MySqloit is a SQL Injection takeover tool focused on LAMP (Linux, Apache, MySQL, PHP) and WAMP (Windows, Apache, MySQL, PHP) platforms. It has the ability to upload and execute metasploit shellcodes through the MySql SQL Injection vulnerabilities. Attackers performing SQL injection on a MySQL-PHP platform must deal with several limitations and constraints. For example, the lack [...]
Apache.org Hacked Using Remote SSH Key
By Darknet on vulnerabilities
Apache.org has been hacked quite a number of this times, last week it happened again and the whole infrastructure was down for a few hours while they sorted out what had happened and how to remedy it. Apparently one the remote SSH keys was compromised allowed attacked to upload code, the scary part is they could [...]
Graudit – Code Audit Tool Using Grep
By Darknet on programming security
Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It’s comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible. Usage Graudit supports several options and tries to follow [...]
University Research Exposes Potential Vulnerabilities In Cloud Computing
"Cross-VM attacks" could threaten sensitive data in cloud computing environments, researchers say
DNSSEC Secures Another Domain
The .edu domain will adopt DNSSEC in March of next year amid more concern over Domain Name System security
Tech Insight: XSS Exposed
Pervasive Web application vulnerability is often misunderstood -- with dangerous consequences
Jury Exacts $32M Penalty From ISPs For Supporting Criminal Websites
California jury exacts $32 million in damages from ISPs that purportedly supported Websites dealing in fraud
Social Networks Fight Back
How major social networks MySpace and Facebook are building up security -- and where their weakest links remain
SQL Vulnerability Leaves Passwords In The Clear, Researchers Say
Researchers say vulnerability in Microsoft SQL Server could unnecessarily expose passwords to system administrators, hackers
Five Ways To Meet Compliance In A Virtualized Environment
RSA, VMware unite security compliance and virtualization in new best practices guidelines
Flaw In Sears Website Left Database Open To Attack
Business-logic flaw in Sears Web application vulnerable to brute-force attack
'Freakshow' Provides Inside Look At Real Malware Behind Big Breaches
Forensics specialists who investigated hacks of a hotel chain, casino, and restaurant share details on sophisticated malware used to successfully steal confidential data from those organizations
IT Pros Question Effectiveness of Anti-Malware
In Virus and Spyware
IT pros are worried about the ability of traditional defenses to stop attacks, according to a new study backed by advocates of applications whitelisting.
Symantec Goes Under the Hood of Waledac Botnet
In Spam
A Symantec researcher has released a new paper outlining the operations of the Waledac botnet, laying bare what has kept the botnet going strong.
Compromised Computers Host an Average of 3 Malware Families
In Trojan attacks
Research from security company ESET underscores the level of cooperation among attackers working to infect users. The presence of multiple malware families shows cyber-crooks are increasingly paying criminal networks to have their malware installed on compromised PCs.
Smartphone Users Ignoring Security Risks
In Spam
A new survey of 1,000 smartphone users conducted by Trend finds that people are not yet sensitive to matters of mobile security, while threats to handheld devices do appear to be on the rise.
Koobface Crew Keeps Foot to Floor
In Web 2.0
Koobface continues to spread its tentacles using the same old template and shows no signs of slowing down, security experts have observed.
New PowerPoint Attacks Hit Old Flaw
In Virus and Spyware
A new wave of attacks are taking aim at an old .PPT vulnerability, highlighting the inability of many users to keep up with vendor-issued security updates.
Zeus Trojan Purveyors Change Tactics
In Trojan attacks
New research from RSA into the Zeus Trojan shows that the malware has been surging of late as its purveyors continue to adopt new techniques.
Report: Government secrecy down slightly in 2008
An annual report says government secrecy decreased slightly in the last year of the Bush administration.
One appeal fails, another pending today for E-Verify
The U.S. Chamber of Commerce and other plaintiffs have filed another appeal in attempt to stop the E-Verify rule from going into effect today for federal contractors, according to a media report.
FCC buying emergency notification system
The FCC is buying an emergency notification system to keep in touch with responder agencies and taking other steps to improve its disaster communications capabilities, its chairman said today.
U.S. and Mexico talk safety across the fence
U.S. and Mexican officials announced an agreement to set up a cross-border network to enhance safety and law enforcement at the border.
Top 5 challenges for the cyber coordinator
President Barack Obama's pledge to appoint a cybersecurity policy coordinator at the White House has drawn cheers, a few jeers and a long to-do list.
Experts disagree on effect of E-Verify's expiration
The authorization for the E-Verify employment verification program expires three weeks after it is set to cover federal contractors.
Top 5 stories at the FCW.com watercooler
FCW.com readers, on the whole, might be more civil than most people who post comments on mainstream Web sites but they are no less passionate.
CMS considers contractors for identifier program
The Centers for Medicare and Medicaid Services is considering using contractors to operate a national system for assigning health providers unique identifying numbers.
Groups ask court to delay E-Verify despite ruling
The organizations trying to stop the E-Verify rule from covering federal contractors have filed for an injunction to delay enforcement from beginning Sept. 8.
Who is sending mysterious laptops to governors?
The FBI is investigating unsolicited laptop computers sent to several governors’ offices.
DHS needs to plug some cybersecurity holes, audit finds
The DHS Inspector General recommends improving the department's coordination of cybersecurity for critical control systems.
Joint Forces Command to test new network encryption
Unisys's Stealth technology is intended to allow separate secure virtual communities to coexist on a single network.
Court: Federal contractors covered by E-Verify rule
A judge upheld the Homeland Security Department's E-Verify electronic employment verification rule for federal contractors starting Sept. 8.
Experts debate expansion of president’s cybersecurity powers
Existing laws already give the president broad discretion on how to respond to cyberattacks, despite language in a Senate bill that proposes giving the president specific powers during such events, expert says.
Health IT group to offer security certification to vendors
The Health Information Trust Alliance will certify security products against its Common Security Framework as the government moves to establish an infrastructure, national standards and privacy requirements for the handling of electronic health care records.
Indo-Israeli Cyber Warfare against Pakistani nuclear program
Posted by InfoSec News on Sep 9
http://www.asiantribune.com/news/2009/09/08/indo-israeli-cyber-warfare-against-pakistani-nuclear-program
By Farzana Shah
Asian Tribune
2009-09-09
After sea, land and air warfare, traditional arch rivals India and Pakistan are now facing each other in another arena. With evolution of...
How a Phishing Attack Exposed an Energy Company to Hackers
Posted by InfoSec News on Sep 9
http://www.eweek.com/c/a/Security/How-a-Phishing-Attack-Exposed-an-Energy-Company-to-Hackers-183328/
By Brian Prince
eWEEK.com
2009-09-08
In an interview with eWEEK, the Intrepidus Group reveals some of the details behind a malware attack that exposed critical systems at an energy...
University Research Exposes Potential Vulnerabilities In Cloud Computing
Posted by InfoSec News on Sep 9
http://www.darkreading.com/securityservices/security/management/showArticle.jhtml?articleID=219700098
By Tim Wilson
DarkReading
Sept 08, 2009
Users of cloud computing infrastructures should be aware that their sensitive data could be potentially leaked, a group of university researchers...
Unpatched Microsoft bugs raise red flags
Posted by InfoSec News on Sep 9
http://www.computerworld.com/s/article/9137731/Unpatched_Microsoft_bugs_raise_red_flags?taxonomyId=17
By Robert McMillan
September 8, 2009
IDG News Service
Microsoft has released its security updates for the month of September, but a couple of unpatched flaws have some security experts...
Website exposes sensitive details on military personnel
Posted by InfoSec News on Sep 9
http://www.theregister.co.uk/2009/09/08/ridematch_website_vulnerability/
By Dan Goodin in San Francisco
The Register
8th September 2009
Programming errors on a website that helps commuters carpool to work are exposing sensitive information of workers for hundreds of employers in...
ASIO officers met whistleblowers in pancake parlour
Posted by InfoSec News on Sep 8
http://www.theaustralian.news.com.au/story/0,25197,26029093-5001561,00.html
By Cameron Stewart
The Australian
September 05, 2009
A PANCAKE Parlour restaurant and a cafe in the Block Arcade in central Melbourne are unlikely places to discuss claims of Chinese espionage.
But these were...
Court Allows Woman to Sue Bank for Lax Security After 26, 000 Stolen by Hacker
Posted by InfoSec News on Sep 8
http://www.wired.com/threatlevel/2009/09/citizens-financial-sued/
By Kim Zetter
Threat Level
Wired.com
September 4, 2009
An Illinois district court has allowed a couple to sue their bank on the novel grounds that it may have failed to sufficiently secure their account, after an...
Wi-fi an easy target for terrorists?
Posted by InfoSec News on Sep 8
http://www.timesnow.tv/Wi-fi-an-easy-target-for-terrorists/articleshow/4326496.cms
5 Sep 2009
In a city like Bangalore, India's Silicon Valley, the Internet has become indispensable with millions of e-mails sent daily, electronic transactions made and data transferred. But how secure is...
Experts: Hackers might view summit as a chance to make a statement
Posted by InfoSec News on Sep 8
http://www.pittsburghlive.com/x/pittsburghtrib/news/pittsburgh/s_641856.html
By Mike Cronin
TRIBUNE-REVIEW
September 6, 2009
Duquesne Light and Alcosan, two of Western Pennsylvania's largest utilities, are working to ensure a potential attack to their computer systems during the G-20...
Wordpress problem: Hackers break into Robert Scobles blog, delete posts
Posted by InfoSec News on Sep 8
http://venturebeat.com/2009/09/05/hackers-break-into-robert-scobles-blog-and-delete-older-posts/
By Dean Takahashi
Venture Beat
September 5, 2009
Uber blogger Robert Scoble said today that hackers broke into his blog and deleted about two months' worth of postings -- leang to findings...
Defense Security Command seeks approval to expand cybersecurity personnel
Posted by InfoSec News on Sep 8
http://english.hani.co.kr/arti/english_edition/e_national/374918.html
The Hankyoreh
Sept. 4, 2009
The Defense Security Command (DSC), the Ministry of National Defense's (MND) counterintelligence arm, is proposing the creation of a cyberdefense organization under its command, and is...
Who is sending mysterious laptops to governors?
Posted by InfoSec News on Sep 4
http://www.fcw.com/Articles/2009/09/02/FBI-investigates-mysterious-laptops.aspx
By Doug Beizer
FCW.com
Sept 02, 2009
Who is sending unsolicited laptop computers to governors' offices, and why?
The FBI is investigating the unexpected deliveries that were sent to governors' offices in at...
Nations web access cut after Telstra outage
Posted by InfoSec News on Sep 4
http://www.smh.com.au/technology/technology-news/nations-web-access-cut-after-telstra-outage-20090903-f8uz.html
By Georgina Robinson
smh.com.au
September 3, 2009
Telstra's national internet network went down for an hour today, the company says.
The outage affected all Telstra home and...
Government Develops Korean e-Government Model
Posted by InfoSec News on Sep 4
http://www.koreaittimes.com/story/4865/government-develops-korean-e-government-model
By Chung Myung-je
Korean IT
September 2nd, 2009
Cyber security has emerged as a matter of significant concern. The government is determined to drastically increase the portion of cyber security policies,...
Breaching Fort Apache.org - What went wrong?
Posted by InfoSec News on Sep 4
http://www.theregister.co.uk/2009/09/03/apache_website_breach_postmortem/
By Dan Goodin in San Francisco
The Register
3rd September 2009
Administrators at the Apache Software Foundation have pledged to restrict the use of Secure Shell keys for accessing servers over their network...
Prince William and Harrys mobile phones may have been hacked
Posted by InfoSec News on Sep 3
http://www.telegraph.co.uk/news/newstopics/theroyalfamily/6128186/Prince-William-and-Harrys-mobile-phones-may-have-been-hacked.html
By Chris Irvine
Telegraph.co.uk
02 Sept 2009
Detective Chief Superintendent Philip Williams, from the Metropolitan Police, raised the possibility at the...
Court allows suit against bank for lax security
Posted by InfoSec News on Sep 3
http://www.computerworld.com/s/article/9137451/Court_allows_suit_against_bank_for_lax_security?taxonomyId=17
By Jaikumar Vijayan
September 2, 2009
Computerworld
A couple whose bank account was breached can sue their bank for its alleged failure to implement the latest security measures...
DHS needs to plug some cybersecurity holes, audit finds
Posted by InfoSec News on Sep 3
http://fcw.com/articles/2009/09/02/dhs-needs-to-improve-cybersecurity-efforts-for-control-systems-ig-says.aspx
By Alice Lipowicz
FCW.com
Sept 02, 2009
The Homeland Security Department is should improve its cybersecurity programs for some major control systems, according to a new report...
How to Succeed in a Two-Faced IT Security Job Market
Posted by InfoSec News on Sep 3
http://www.csoonline.com/article/501117/How_to_Succeed_in_a_Two_Faced_IT_Security_Job_Market
By Bill Brenner
Senior Editor
CSO
September 01, 2009
More companies have hired CSOs and CISOs in response to an ever-increasing regulatory compliance load. They are spending less on outsourcing...
Raytheon to buy BBN, a firm that helped create Net
Posted by InfoSec News on Sep 2
http://www.boston.com/business/technology/articles/2009/09/02/raytheon_to_buy_bbn_a_firm_that_helped_create_net/
By Hiawatha Bray
The Boston Globe
September 2, 2009
Raytheon Co. has struck an agreement to buy BBN Technologies, a privately held Cambridge firm that played a vital role in...
UK Parliament website hack exposes shoddy passwords
Posted by InfoSec News on Sep 2
http://www.theregister.co.uk/2009/09/01/uk_parliament_hacked/
By Dan Goodin in San Francisco
The Register
1st September 2009
A vulnerability in the website of the UK Parliament appears to be exposing confidential information, including unencrypted login credentials, a Romanian hacker...
5 More Indicted in Probe of International Carding Ring
Posted by InfoSec News on Sep 2
http://www.wired.com/threatlevel/2009/09/westernexpress/
By Kim Zetter
Threat Level
Wired.com
September 1, 2009
Five eastern European men were indicted in New York on Monday as part of an international ring allegedly responsible for at least $4 million in credit card theft.
The ring,...
Bill would give president emergency control of Internet
Posted by InfoSec News on Aug 31
http://news.cnet.com/8301-13578_3-10320096-38.html
By Declan McCullagh
Politics and Law
CNET News
August 28, 2009
Internet companies and civil liberties groups were alarmed this spring when a U.S. Senate bill proposed handing the White House the power to disconnect private-sector...
Financial Crypto and Data Security 2010: speakers and workshops [deadline: September 15]
Posted by InfoSec News on Aug 31
Forwarded from: Radu Sion <sion (at) moon.crypto.cs.stonybrook.edu>
Financial Cryptography and Data Security Tenerife, Canary Islands, Spain
25-28 January 2010
http://fc10.ifca.ai
Financial Cryptography and Data Security is a major international forum for research, advanced...
Indonesian Hackers Launch Independence Day Attack on Malaysian Web Sites
Posted by InfoSec News on Aug 31
http://thejakartaglobe.com/home/indonesian-hackers-launch-independence-day-attack-on-malaysian-web-sites/327111
The Jakarta Globe
31 August 2009
A ring of Indonesian hackers on Monday claimed to have attacked a list of more than 120 Web sites as retribution for Malaysia's alleged theft...
Skype spy Trojan escapes into wild
Posted by InfoSec News on Aug 31
http://news.techworld.com/security/3200665/skype-spy-trojan-escapes-into-wild/
By John E. Dunn
Techworld UK
28 August 09
Only days after Swiss programmer Ruben Unteregger released the source code for a Trojan he wrote three years ago to hack Skype phone calls, the inevitable has...
ITL Bulletin for August 2009
Posted by InfoSec News on Aug 31
Fowarded from: "Lennon, Elizabeth B." <elizabeth.lennon (at) nist.gov>
ITL BULLETIN FOR AUGUST 2009 REVISED CATALOG OF SECURITY CONTROLS FOR FEDERAL INFORMATION SYSTEMS AND ORGANIZATIONS: FOR USE IN BOTH NATIONAL SECURITY AND NONNATIONAL SECURITY SYSTEMS
Shirley...
Accused TJX Hacker Agrees to Guilty Plea -- Faces 15 to 25 Years
Posted by InfoSec News on Aug 31
http://www.wired.com/threatlevel/2009/08/gonzalezguiltyplea/
By Kim Zetter
Threat Level
Wired.com
August 28, 2009
Accused TJX hacker, Albert Gonzalez, has accepted a plea agreement with prosecutors in Boston that will put an end to cases that authorities have described as one of the...
Game server admins arrested for Chinese DNS attacks
Posted by InfoSec News on Aug 31
http://arstechnica.com/web/news/2009/08/game-server-admins-arrested-for-chinese-dns-attacks.ars
By Jacqui Cheng
Ars Technica
August 28, 2009
A denial of service attack that took down Internet access in parts of China earlier this year has been attributed to an over-enthusiastic game...
Microsoft Fixes Eight Flaws, But Three Remain Open
By Thomas Claburn
The September patch set from Microsoft has fallen a bit short, leaving three zero-day vulnerabilities open to be exploited
Rolling Review Wrap-Up: Data Loss Prevention
By Randy George
From enterprise data discovery to stopping leaks on endpoints and the network, DLP tools are ready.
Rolling Review Wrap-Up: Data Loss Prevention
By Randy George
From enterprise data discovery to stopping leaks on endpoints and the network, DLP tools are ready.
Practical Analysis: Time For A New Way Of Thinking About IT Risk
By Greg Shipley
A colleague joked that a time capsule from 2000 would hold warnings against the hacking techniques Gonzalez used. His victims aren't laughing.
CIO Profiles: Ken Silva, Senior VP And CTO Of VeriSign
This security pro sees huge potential for virtualization.
Microsoft Expands IIS Vulnerability Warning
By Thomas Claburn
Following up on a Security Advisory published earlier this week, Microsoft has added IIS 7.0 to the list of vulnerable configurations
FBI Investigates Laptops Sent To Governors
By Antone Gonsalves
State officials fear the unsolicited computers could contain malware meant to penetrate the security of state or federal networks.
FBI Investigates Laptops Sent To Governors
By Antone Gonsalves
State officials fear the unsolicited computers could contain malware meant to penetrate the security of state or federal networks.
Apple's Snow Leopard Downgrades Flash Security
By Thomas Claburn
Users of Apple's Snow Leopard Mac OS X operating system upgrade are being advised to install, or reinstall, the latest version of Adobe's Flash player.
VMware CTO Details Future Of Virtualization
By Charles Babcock
Speaking at VMworld, Stephen Herrod foresees virtual data centers recovering from disaster before users realize a disaster has occurred.
Privacy Group Coalition Urges Data Regulation
By Thomas Claburn
Ten consumer and privacy groups are urging Congress to limit the way online information can be used for advertising and profiling.
Microsoft IIS Zero-Day Vulnerability Reported
By Thomas Claburn
Exploit code affecting the FTP module for certain versions of Microsoft IIS has been posted online. US-CERT recommends taking countermeasures.
Wikipedia Considers Coloring Untested Text
By Thomas Claburn
Registered Wikipedia users may soon have access to software that colors text deemed untrustworthy.
Apple Snow Leopard Security Criticized
By Thomas Claburn
Mac users are getting new security features with the arrival of Apple's Mac OS X 10.6, known as "Snow Leopard." But security vendors see Apple's security enhancements as lightweight.
5 Security Lessons From Real-World Data Breaches
We break the code of silence on data breaches to show how criminals operate -- and how you can thwart them.
DDoS Response: Part 2
By Francois Paget on Vulnerability Research
In my post “DDoS Response: Part 1,” I started an analysis on combating distributed-denial-of-service attacks. In this post, Part 2, I shall examine solutions for private networks. To proactively prevent attacks on private networks, one solution is to hide the legitimate paths from attackers and to periodically change the topology of the network. Source-address filtering, secret [...]
DDoS Response: Part 1
By Francois Paget on Vulnerability Research
Distributed-denial-of-service (DDoS) attacks can be conducted in various ways (by SYN flood, UDP flood, Teardrop Attack, Ping of Death, Smurfing, Mail Bombing, etc.). DDoS attacks can exploit vulnerabilities in software running on the victim’s machine or via sending a higher volume of traffic than the victim’s system can handle. The attacks can target resources (such [...]
Task Manager Still Working? Can You Change Your Windows Password?
By Karthik Raman on Malware Research
Update of September 3: Some detections of this Trojan were on a component of a commercial application. For this reason we’ve updated the detection type to “potentially unwanted program” (PUP). Customers who see files that exhibit the behavior discussed in the Threat Library for QTaskMgr-1 should submit the file to McAfee Avert Labs. In anti-virus research, [...]
Huawei hits back at spy claims
Networking vendor Huawei has released a public refutation of a recent media report that alleged it was being investigated by the Australian Security Intelligence Organisation (ASIO) for possible espionage.
Related Searches
on Ask.com
Verizon launches mobility services for large firms
Verizon Business today announced Managed Mobility Solutions, a new service for large multinational businesses that provides security for mobile devices and mobile expense management.
Microsoft Patches Critical MP3 Flaw
Today's Patch Tuesday fixes from Microsoft include six critical bulletins that head off potential attacks involving poisoned media files and Web pages, along with wireless and TCP/IP security holes. An under-attack FTP flaw remains unfixed.
Microsoft: Patching Windows 2000 'infeasible'
Microsoft took the unusual step today and skipped patching one of the vulnerabilities addressed in its monthly security update, an omission that leaves users running Windows 2000 Server Service Pack 4 vulnerable to attack.
Seven Deadly Sins of Building Security
You've got a few security guards and your CCTV system is up to snuff. You've got your building security covered, right? Think again. While many organizations are taking the steps to ensure their building is secure, many are ignoring basic pieces of the puzzle that is physical security in and around a facility.
FanCheck developer defends app, says it's not malware
The controversial and popular FanCheck application for Facebook carries no viruses and is completely safe and legitimate, according to its creator.
Unpatched Microsoft bugs raise red flags
Microsoft has released its security updates for the month of September, but a couple of unpatched flaws have some security experts wondering if the software company will be forced to release an emergency patch sometime in the month ahead.
Group of authors opposes Google book settlement
More than two dozen authors and publishers have filed an objection to a proposed settlement that would allow Google to digitize and sell millions of books, saying that the agreement ignores important privacy rights of readers and writers.
Sophos: Searches about Fan Check app can lead to malware
Malicious hackers are setting up malware-infested Web sites that falsely claim to remove a virus from a new Facebook application called Fan Check, security vendor Sophos is warning.
Symantec adds Quorum antimalware analysis to consumer security software
Symantec unveils the 2010 editions of its flagship antimalware consumer software, Norton AntiVirus and Norton Internet Security, adding a new type of malware detection and analysis it calls Quorum.
Close to Patch Tuesday, new flaw surfaces
As Microsoft prepares to release patches, researchers said they've seen exploit code for a new flaw that puts organizations using Vista and Windows 7 at great risk.
25% of all fraudulent online purchases made in County Durham
Nearly a quarter of all internet purchases made using a stolen credit cards last year took place in Shildon in Country Durham, says The 3rd Man.
Online travel takes off with EV SSL security
The image of organised crime rings running rampant across the Internet, creating legitimate-looking Web sites to lure cash from unsuspecting consumers, has many would-be customers scurrying back to the relative safety of the retail store environment.
'Generation Y-pay?' refuses to pay for downloads
Less than one in two 16 to 34 years olds believe they should pay to download TV and movies from the web, says The Industry Trust for IP Awareness (Itipa).
Small English town outpaces others in likely online fraud
A town in England with a modest population of 10,000 or so has chalked up the highest percentage of online transactions flagged as fraudulent by a U.K. security analyst.
European banks warned: brace for rise in cash machine fraud
Banks are likely to see cash-machine fraud rise unless steps are taken to improve their cash-machine infrastructure, the European Network and Information Security Agency (ENISA) has warned.
Vormetric's agent-based approach provides strong key management across all apps
The Vormetric Data Security Expert Security Server is not a direct competitor to the Thales and Venafi systems. Rather than managing keys used by other certificate authorities or encryption solutions, it manages its own encryption solution across multiple systems.
Federal IT strategy, hope over reality
Well, that ugly, ill-conceived bill from Senator Rockefeller, now called the "Cybersecurity Act of 2009", has reappeared and if it passes someone is going to get saddled with the job of making it happen. Who will be the lucky guy and can he succeed?
Microsoft Promises IIS Bug Patch
Microsoft said it is working on a patch for a bug in its popular Web server software, but experts say it's unlikely that the company will field a fix fast enough to make this week's regular Patch Tuesday release.
Firefox adds Flash plug-in update protection
Mozilla's next update for Firefox, slated to ship Tuesday, will check for outdated versions of Flash Player, a frequent target of hackers, the company said on Friday.
Oracle delays security updates for user conference
Oracle database administrators who are worried they might have to skip Oracle's user conference next month to fiddle with security updates can relax. Oracle is cutting them a break and releasing its next set of patches a week later than planned.
Old Flash for Snow Leopard, and Firefox Gets Fake Flash
Here's a sneaky one for you. According to Sophos, a piece of spyware is masquerading as a Flash player plug-in for Firefox. Its installation screen looks legit (per examples in the Sophos post), and it will even show up thereafter in the list of Firefox extensions as "Adobe Flash Player 0.2."
Microsoft: Cyber-crooks exploiting unpatched IIS bug
Microsoft says that cyber-criminals are starting to exploit an unpatched bug in its IIS server software that was made public earlier this week.
Patch scramble throws Adobe updates off schedule
July was a tough month for Adobe Systems' security team. So tough, in fact, that the company's second-ever quarterly patch release will arrive a month late, Adobe's security chief said Thursday.
UK has the worst internet security in Europe
Brits are lax at updating their security software, compared to their European counterparts, says PC Tools.
Snow Leopard 'downgrades' Flash to vulnerable version
Apple shipped an out-of-date -- and vulnerable -- version of Adobe Flash Player with its newest OS, Snow Leopard, security companies have warned.
What is Antivirus 2010?
Lonerlady asked the Answer Line forum about this very insistent program that wants to download itself and protect her computer.
Microsoft to deliver five critical Windows patches next week
Microsoft today said it will deliver five security updates on Tuesday, all affecting Windows and all ranked "critical," the company's highest threat rating
Has your sensitive data leaked into the wild?
Most organizations have data security policies designed to keep sensitive information from becoming publicly available. Still, you’d be surprised at the kind of information that makes its way out into the open, either accidentally or intentionally. Financial records, customer account information, product plans and roadmaps. Do you know what information your company is exposing? New “data leak detection” (not prevention) technology from Exobox Technologies can tell you what is in the public eye, and where it is.
Apple ships vulnerable Flash version with new Mac OS
Mac users may be surprised that versions of Apple's latest operating system, Snow Leopard, also installs an older version of Adobe System's Flash player, potentially putting them at a higher security risk.
Half of Brits use same passwords online
Nearly half of all Brits use the same password to log in to their online banking account as their social networking account, says CPP.
'Digital tatoos' ignored by 33% of under 25s
A third of web users under 25 claim they don't care about their 'digital tattoo' and the items they post online, says Symantec.
Brits are worst in Europe at online security
Brits are lax at updating their security software, compared to their European counterparts, says PC Tools.
Turn an Old Floppy Into a Password Safe
Think back. Wayyy back. Remember floppy disks? If you're like me, you've probably got a box of them in a closet, serving absolutely no practical use. (When was the last time you owned, or even used, a computer with a floppy drive?)
Microsoft promises patch for critical Web server bug
Microsoft yesterday said it is working on a patch for a bug in its popular Web server software, but it's unlikely the company will field a fix fast enough to make next week's regular release, a security expert predicted.
Five indicted in long-running cybercrime operation
New York prosecutors indicted five Eastern European men on Monday in an extensive credit-card fraud operation that netted the defendants at least US$4 million from some 95,000 stolen card numbers.
Security vendor Marshal8e6: Call us M86 Security
Web and messaging security products provider Marshal8e6 this week announced a name change to M86 Security.
The Wacky World of WiFi
In honor of the 802.11n WiFi standard getting close to arriving after wandering through the desert for 40 years, let's look at wireless. Our focus today is on helping you WiFi better, even if it means doing less WiFi.
Anti-phishing training adds attachments to mix
After launching an anti-phishing training system a year ago, Intrepidus Group has followed up with a new version that adds targeted email attacks using attachments to the model.
French Pirate Party will fight for parliamentary seat
The French Pirate Party will present a candidate in an upcoming interim election for a vacant seat in the National Assembly, it announced Tuesday.
BitDefender’s top 10 e-threats for August
Trojans total half of security vendor BitDefender's top 10 e-threats for August.
Pseudonymous critic impugns integrity of all security professionals
In a recent response to an article on hiring hackers, a pseudonymous critic calling itself "Secure network..." posted a comment entitled "so called hacking and security professionals." It started with the run-on sentence, "Of course someone calling them selves[sic] a ‘security Professional’ would be upset, it's job security they're losing...."
Is your health privacy at risk?
The year's worst health information breaches, which compromised millions of patient records, show just how vulnerable health privacy is to hacker attacks.
After code released, Microsoft to patch IIS bug
One day after a security researcher published attack code for a flaw in Microsoft's IIS server software, Microsoft said it plans to patch the issue.
Facebook agreement with Canada will impact everyone
If having an affect on 250 million users around the world weren't enough, upcoming changes to Facebook Inc.'s privacy policies and practices are likely to spawn a chain reaction among all the other major social media sites, impact business marketing practices and address everyone who doesn't have a Facebook account.,"
Privacy, consumer groups want news laws to protect Web users
A coalition of 10 U.S. privacy and consumer groups has called for new federal privacy protections for Web users, including a requirement that Web sites and advertising networks get opt-in permission from individuals within 24 hours of collecting personal data and tracking online habits.
How to Succeed in a Two-Faced IT Security Job Market
More companies have hired CSOs and CISOs in response to an ever-increasing regulatory compliance load. They are spending less on outsourcing as economic conditions prompt them to handle more security tasks in-house.
Instant messaging speeds up data theft danger
One of the more sophisticated pieces of malware in circulation has been given an upgrade that lets cybercriminals act even faster after they've stolen data from a PC.
Catbird reports whether cloud security meets compliance standards
Catbird is adding a feature to its security platform that gives cloud users a reading on how well their data use complies with specific regulatory requirements.
Symantec warning: Spam targeting your achy breaky heart
The information security gurus at Symantec Corporation have seen it fit to warn us all that spammers are now looking to con troubled lovers into parting with their personal information, at the very least, in return for a reversal of fortunes in their relationships. The company issued a five-point advisory for consumers to Computerworld Singapore on Tuesday, September 1, 2009:
RSA publishes virtualization security, compliance guidelines
RSA today published security and compliance recommendations for virtualization products. The guidelines focus primarily on optimizing use of management and security tools available from VMware parent company EMC and EMC's RSA security division.
Privacy Office approves laptop searches without suspicion
Travelers arriving at U.S. borders may soon be confronted with their laptops, PDAs, and other digital devices being searched , copied and even held by customs agents -- all without need to show suspicion for cause.
Judge won't lower $5M bail for SF IT administrator
A Bay Area man who has spent nearly 14 months in jail after refusing to hand over administrative passwords to San Francisco's city network is likely to remain incarcerated after a county judge denied his motion for reduced bail on Monday.
Unpatched flaw could take down Microsoft's IIS server
A hacker has posted code that could be used to take over a system running Microsoft IIS (Internet Information Services) server.
3Com to blend security brains, enterprise brawn
3Com plans to integrate intrusion prevention technology from its TippingPoint subsidiary into networking gear from its H3C division as part of a strategy to deliver streamlined secure networks at less cost and power consumption than marquee vendors.
Microsoft: Upgrade Messenger or else
Microsoft will force an upgrade on users of its Windows Live Messenger instant messaging software in September to plug a hole the company introduced when a programmer added an extra character to a code library.
Skype spy Trojan escapes into wild
Only days after Swiss programmer Ruben Unteregger released the source code for a Trojan he wrote three years ago to hack Skype phone calls, the inevitable has happened - someone has released it as a compiled piece of 'faux' malware.
Companies put security on back burner in dash to virtualise
Companies are putting security on the back burner in the rush to virtualise their data centres. That's according to applications delivery vendor F5 which conducted a survey of more than 100 decision makers about their virtualisation plans.
Crossing Borders with Laptops: Facts and Tips
Earlier this week, the U.S. Department of Homeland Security made it clear that border crossing officials could continue to search any device that can store electronic media without any suspicion of wrongdoing.
AJAX widget security enabled
In an upgrade to one of its core technologies, the OpenAjax Alliance, an industry group formed to boost interoperability in the AJAX space, on Monday is offering OpenAjax Hub 2.0, featuring capabilities for secure interaction between JavaScript widgets.
Skype Wiretapping Trojan Publicly Released
The Swiss creator of a Skype Trojan that can intercept calls made using the VoIP program has released the Trojan's source code online in an attempt to allow for its widespread detection.
New cloud infrastructure service focuses on security
OpSource on Friday announced a new cloud computing infrastructure service that it says meets the security and management needs of enterprises more effectively than rival offerings.
Microsoft, Cisco issue patches for newfangled DoS exploit
Relief for industry-wide TCP attack
Microsoft and Cisco have issued updates that protect against a new class of attack that requires very little bandwidth and can leave servers and routers paralyzed even after a flood of malicious data has stopped.…
Website exposes sensitive details on military personnel
Required by law
Programming errors on a website that helps commuters carpool to work are exposing sensitive information of workers for hundreds of employers in Southern California, including at least one military installation.…
What US Homeland Security collects about you
Inside your terrorist score
Any time a person crosses the US border, the Department of Homeland Security assigns travelers with a "risk assessment" score to divine their likelihood of any involvement with a terrorist cell or criminal activity.…
Byrne's naked shorting crusade outs Yahoo! security vuln
From Wikimadness to cross-site scripting
Patrick Byrne's unrelenting crusade against naked short selling has uncovered a gaping security hole in Yahoo!'s ever-popular message boards.…
Adobe and Oracle postpone quarterly patches
Schtop! This security update isn't ready yet
Adobe and Oracle are both planning to delay their quarterly patch releases, albeit for different reasons.…
UK.biz lax on web app security
SQL injection problems getting worse
Web application security among UK corporates is getting worse, according to audits carried out by CESG-accredited security consultancy NTA Monitor.…
Facebook Fan Check scareware begets malign ware-scares
How very meta
Searching for information about a supposed virus threat affecting Facebook might itself be hazardous.…
Worm wiggles through weary WordPress
Spam-friendly malware spanks Scoble blog
Hackers are exploiting older installations of WordPress to distribute blog comment spam and disguise links to malware-contaminated sites.…
EU urges wise-up to combat rampant ATM crime
Don't stand so close to me
The rise in ATM-related crime has prompted a EU security agency to urge consumers to be more careful about withdrawing money from cash machines.…
Firefox to warn users of insecure Adobe Flash
By popular demand
Upcoming versions of Mozilla's Firefox browser will automatically warn users running versions of Adobe's Flash Media Player that contain known security bugs, according to a published report.…
New IIS attacks (greatly) expand number of vulnerable servers
Microsoft's webserver even easier to exploit
Attackers have begun actively targeting an unpatched hole in Microsoft's Internet Information Services webserver using new exploit code that greatly expands the number of systems that are vulnerable to the bug.…
Faux Facebook 'friend' takes US woman for $4,000
Crooks impersonate UK Immigration
A US woman has been stung for $4,000 via a fraudulent Facebook "friend in peril" scam.…
Conficker borks London council
Dirty USB shuts systems for days
Updated An Ealing council employee infected the UK local authority's IT systems with the Conficker-D worm after he plugged an infected USB into a work computer, causing tens of thousands of pounds in damages in the process.…
Man arrested for £1m online tax fraud
London cybercrime network under investigation
Police investigating a complex online fraud which scammed more than a million pounds from taxpayers have arrested a man in London.…
MS fuels up five critical Windows fixes
Black Tuesday likely to skip relief for IIS zero-day
Microsoft plans to release five critical update bulletins next Tuesday, all critical, in the September edition of its regular Patch Tuesday update cycle.…
McAfee false alert snares innocent JavaScript files
I didn't do it
Faulty virus definition updates from McAfee that flagged legitimate JavaScript files as potentially malign caused a headache for some sysadmins earlier this week.…
Month of Facebook flaws gets underway
Every day a different hole
A security researcher has vowed to reveal technical details of a series of cross-site scripting vulnerabilities involving Facebook applications during September.…
Apple security lags (again) with critical Java patches
A month late, an OS short
Comment Apple is once again playing security catch-up to the rest of the computing world, this time with an update for the Leopard version of its Mac operating system that patches critical holes in Java that were fixed on competing systems 29 days ago.…
Breaching Fort Apache.org - What went wrong?
Open-sourcers put locks on keys
Administrators at the Apache Software Foundation have pledged to restrict the use of Secure Shell keys for accessing servers over their network following a security breach on Monday that briefly forced the closure the popular open-source website.…
Anti-spam smackdown finds best junk filter
McAfee spanks all comers in early tests
McAfee has claimed the crown in a run-off of anti-spam products organised by Virus Bulletin, the independent security certification body.…
Snow Leopard forces silent Flash downgrade
Bundled insecurity bungle
Apple has bundled a vulnerable version of Flash with Snow Leopard.…
Yorkshire start-up aims to shake up telecoms security
Syphan leaps funding gap for Silicon Dale
UK-based security appliance firm Syphan aims to shake up telecoms security from an unlikely base in Skipton, North Yorkshire.…
Microsoft confirms IIS bug gives complete server control
But only if ...
Microsoft has confirmed a vulnerability in its Internet Information Services webserver and spelled out the conditions under which it can be exploited to give an attacker complete control of the server on which it runs.…
Microsoft rejects call to fix SQL password-exposure risk
Unpatched and staying that way
Microsoft is butting heads with a company that provides software for database security over a weakness in SQL Server that can expose user passwords to anyone with administrative access to the program.…
Men far worse than women on password security
And Brits rubbish at updating software
Women are more password savvy than blokes, according to a new survey.…
Azerbaijani donkey bloggers face seven years' jail
Trumped up charges are a pain in the ass
A pair of Azerbaijani bloggers, who posted a satirical YouTube vid featuring a donkey, face up to seven years' jail on what human rights organisations are calling trumped-up charges.…
Four arrested in China over net-paralysing gaming spat
DDoS kerfuffle between rivals causes web chaos
Chinese police have arrested four gamers who allegedly launched denial of service attacks that disrupted internet communications across the country back in May.…
MS warns of forced Messenger update
More fallout from ATL snafu
Microsoft has outlined plans to push a mandatory Windows Live Messenger upgrade in order to plug a security hole related to a vulnerable code library.…
UK Parliament website hack exposes shoddy passwords
Lights on, no one home
Updated A vulnerability in the website of the UK Parliament appears to be exposing confidential information, including unencrypted login credentials, a Romanian hacker wrote on his blog.…
The power of collaboration within unified communications
Buggy home routers expose O2 customers to hijacking
O2 looking in to it
Updated If you get your internet service from O2, there's a good chance Paul Mutton can remotely log in to your router and make configuration changes that surreptitiously allow him to access computers on your network.…
Spyware ad-on targets Firefox fans
Fake Flash bash
Miscreants have created an item of spyware targeted at Firefox users.…
5 men named in racket that netted $4m in stolen card data
All aboard the Western Express Cybercrime Group
Prosecutors in Manhattan have named five additional men from Eastern Europe in an alleged scheme that pilfered $4m using more than 95,000 stolen credit cards.…
Malware thrown on California bush fires
Scareware burns incautious surfers
California bush fires that have destroyed 50 homes and ten commercial buildings - and claimed the lives of two firefighters - have become the latest lure for malware scams.…
Microsoft says US is top malware target
The United States of infected PCs
Windows users based in the United States are the most likely to benefit from Microsoft's malicious software removal tool, which has removed malware from nearly 2.2 million US machines, more than the other nine top countries combined.…
IIS bug gives attackers complete server control
Linux and Chrome flaws too
A hacker has uncovered a previously unknown bug in Microsoft's Internet Information Services webserver that in some cases gives attackers complete control of vulnerable machines.…
US health-care debate clogged world's inboxes
Pharma-spam cashes in
When the US debates health care reform, the world's inboxes get clogged with health-related spam.…
Mac OS X Malware Analysis
Category: Forensics
Paper Added: September 8, 2009
Possible DDOS on gov.au sites starting tonight? , (Wed, Sep 9th)
The group anonymous, who were reported to be responsible for the attack on scientology sites now hav ...(more)...
Bug Fixes in Sun SDK 5 and Java SE 6, (Tue, Sep 8th)
Sun released 17 bug fixes for JDK 5 Update 21. There are no new security vulnerabilities fixes part ...(more)...
Microsoft September 2009 Black Tuesday Overview, (Tue, Sep 8th)
Overview of the September 2009 Microsoft patches and their status. # ...(more)...
Cisco Security Advisory TCP DoS, (Tue, Sep 8th)
ISC reader Kurt reported that Cisco has released an advisory affecting TCP State Manipulation which ...(more)...
Microsoft Security Advisory 975191 Revised, (Tue, Sep 8th)
We wrote about the new IIS FTP service vulnerabilities when the exploit code became public in diary ...(more)...
Vista/2008/Windows 7 SMB2 BSOD 0Day, (Tue, Sep 8th)
We have received a report from Tyler that a vulnerability affecting Microsoft SMB2 can be remotely c ...(more)...
Anybody recognize these packets?, (Tue, Sep 8th)
Ihave been looking at a packet trace sent in by a reader, and have reached a dead end. He has ...(more)...
Seclists.org is finally back, (Mon, Sep 7th)
The 4 day outage at seclists.org/insecure ...(more)...
Request for packets, (Mon, Sep 7th)
One of our loyal readers, Jon, sent an e-mail this morning that he was seeing some unusual traffic.& ...(more)...
Encrypting Data, (Mon, Sep 7th)
One of the challenges that any security professional is sure to face revolves around encryption and ...(more)...
Critical Infrastructure and dependencies, (Sat, Sep 5th)
Critical infrastructure is a term used by governments to describe assets that are essent ...(more)...
SANS Network Security 2009 @Night Classes, (Sat, Sep 5th)
If you are coming to San Diego in a few days for SANS Network Security 2009, be sure to check out th ...(more)...
SeaMonkey Security Update, (Fri, Sep 4th)
SeaMonkey is an 'all-in-one' Internet suite for users. SeaMonkey 1 ...(more)...
So, you updated your Flash did you?, (Fri, Sep 4th)
Helpfully Snow Leopard downgrades it for you. If you had upgraded to Flash version 10 ...(more)...
Vulnerabilities (plural) in MS IIS FTP Service 5.0, 5.1. 6.0, 7.0, (Fri, Sep 4th)
Microsoft has published an advisory on multiple vulnerabilities in the Microsoft FTP services bundle ...(more)...
Fake anti-virus, (Fri, Sep 4th)
Matt wrote in with the following: It might be a good idea to make end users aware that the fa ...(more)...
RealVNC Remote Auth Bypass?, (Thu, Sep 3rd)
We had an interesting submission from one of our readers today. He thinks there might be a pro ...(more)...
seclists.org Outage, (Thu, Sep 3rd)
It appears that seclists.org is offline ...(more)...
Telstra Outage, (Thu, Sep 3rd)
We had a couple of reports that Telstra (Australia) was down earlier today. Still not sure wha ...(more)...
Incident Response Pre Planning Return On Investment, (Wed, Sep 2nd)
I had an interesting conversation the other day with a good friend regarding the merits of having sp ...(more)...
Happy Birthday, Internet!, (Wed, Sep 2nd)
It all started 40 years ago today, when a couple of computers were connected by a long gray cable in ...(more)...
Gmail Down, (Tue, Sep 1st)
We had several ISC readers reporting that Gmail is down. Gmail will be providing updates here under ...(more)...
Opera 10 with Security Fixes, (Tue, Sep 1st)
Opera 10 for Windows has been released. It provides several new and improved features ...(more)...
Microsoft IIS 5/6 FTP 0Day released, (Mon, Aug 31st)
We are aware of a new 0-day exploit that was posted on Milw0rm today. According the exploit ...(more)...
How do I recover from.....?, (Sun, Aug 30th)
One of our readers, Scott F., yesterday submitted to the ISC that he had been notified in early July ...(more)...
Judge Allows Couple to Sue Bank for Inadequate Data Security (September 2, 2009)
A District Court Judge in Illinois has ruled that an Indiana couple may sue Citizens Financial Bank for negligence.......
TJX Reaches Settlement with Banks Over Breach (September 2 & 3, 2009)
TJX Cos.......
Five Indicted in International Card Fraud Scheme (September 1 & 2, 2009)
Five men have been indicted in connection with the theft of more than US $4 million using nearly 100,000 stolen payment card numbers.......
Microsoft to Issue Five Bulletins on September 8 (September 3, 2009)
Microsoft will release five security bulletins on Tuesday, September 8.......
Snow Leopard Installs Older, Unsecure Version of Flash (September 3, 2009)
Apple's recently released Mac OS X 10.......
UK ISP O2 Acknowledges and Provides Fix for Router Vulnerability (September 3, 2009)
A security flaw in routers provided to customers of UK Internet service provider (ISP) O2 could be exploited to gain access to these devices and make configuration changes that allow attackers access to computers on the network.......
Firefox Will Warn Users Running Out-of-Date Versions of Flash (September 3, 2009)
Firefox 3.......
Missing Navy Hospital Laptop Holds Personally Identifiable Information of 38,000 (September 2, 2009)
A missing US Navy laptop computer contains personally identifiable information of 38,000 individuals.......
Microsoft Acknowledges IIS Vulnerability (Update) (September 1 & 2, 2009)
Microsoft has investigated reports of a security flaw in its Internet Information Services (IIS) web server and has said it will release a fix for the remote code execution vulnerability as soon as it is ready.......
Eircom Will Block Access to The Pirate Bay; UPC Will Not (September 1, 2009)
Irish ISP Eircom has acknowledged that as of September 1, subscriber access to The Pirate Bay website and related IP addresses will be blocked.......
Spyware Aimed at Firefox Users (September 1, 2009)
Malware that purports to be an update for Adobe Flash Player is actually spyware that logs Firefox users' Google queries.......
Judge Denies Bail Reduction for San Francisco City Network Admin (August 31, 2009)
A county judge in California has denied a request to reduce bail for a former network administrator being held on charges of locking users out of a city computer network.......
Revised Legislation Still Gives President Power to Shut Down Portions of the Internet (August 28 & 31, 2009)
Proposed legislation introduced in April gave the President the power to "declare a cybersecurity emergency and order the limitation or shutdown of internet traffic to and from a compromised federal government or critical infrastructure information system or network.......
Facebook Will Strengthen Privacy Practices (August 27 & 28, 2009)
In response to an investigation launched by Canada's Office of the Privacy Commissioner, Facebook has agreed to give users more control about the information they share with third-party applications.......
Phishing Attacks Diminishing (Study) (August 27, 2009)
A report from IBM indicates that phishing attacks appear to be declining.......
Gonzalez Reaches Plea Agreement But Still Faces Additional Charges (August 29, 2009)
Albert Gonzalez has agreed to plead guilty to 19 counts of wire fraud, conspiracy, aggravated identity theft, and money laundering.......
Four Arrested in Connection with Chinese Internet Outage (August 28, 2009)
Police in Foshan, Guangdong Province (China) have arrested four people in connection with a denial-of-service attack that caused Internet outages in parts of the country earlier this year.......
Directives Clarify Some Laptop Border Search Policies (August 27 & 28, 2009)
Two new directives from the US Department of Homeland Security (DHS) regarding laptop border searches do not address the issue of whether laptop owners can be compelled to surrender passwords and encryption keys to allow authorities to examine the devices' contents.......
Proof-of-Concept Code Published for IIS Vulnerability (August 31, 2009)
Proof-of-concept exploit code has been published for a vulnerability in Microsoft's Internet Information Services (IIS) server.......
Microsoft to Push out Mandatory Live Messenger Upgrades (August 31, 2009)
In September, Microsoft plans to push out a mandatory upgrade for certain Windows Live Messenger users to fix a vulnerability in an Active Template Library (ATL).......
Apache.org Offline Due to SSH Remote Administration Key Compromise (August 28, 2009)
The Apache.......
Social Engineering Pen Test Prompts National Warning (August 28, 2009)
A social engineering portion of a sanctioned penetration test of computer systems at an unnamed credit union prompted the National Credit Union Administration (NCUA) to issue a warning to all federally insured credit unions.......
Microsoft repairs Windows media, TCP/IP vulnerabilities
By Robert Westervelt
Microsoft released five critical updates fixing a serious flaw in the Windows Media Format Runtime engine and TCP/IP processing errors that could crash Web and mail servers.
Attackers target Microsoft IIS; new SMB flaw discovered
By Robert Westervelt
New exploit code targets a zero-day flaw in Microsoft Server Message Block, a protocol used by Windows to communicate messages to printers and other devices on a network.
Microsoft five critical updates won't include IIS
By SearchSecurity.com Staff
A patch repairing a critical zero-day flaw in Microsoft's IIS Web server will not be ready in time for Patch Tuesday, the software giant said.
Schneier-Ranum Face-Off: Is Perfect Access Control Possible?
By Bruce Schneier and Marcus Ranum
Security experts Bruce Schneier and Marcus Ranum debate whether perfect access control is possible.
Security threats to virtual environments less theoretical, more practical
By Michael S. Mimoso
The demonstration of a hacking tool at Black Hat that allows attackers to escape from virtual machines to attack their guest OS elevates the seriousness of security threats to virtualization.
Truth, lies and fiction about encryption
By Adrian Lane and Rich Mogull
Encryption solves some very straight-forward problems but implementation isn't always easy. We'll explain some of the common misperceptions so you'll understand your options.
2009 Information Security magazine Readers' Choice Awards
By Information Security magazine, SearchSecurity.com staff
For the fourth consecutive year, Information Security readers voted to determine the best security products. A record 1721 voters participated this year, rating products in 17 different categories.
Microsoft issues IIS FTP advisory, exploit code circulates
By SearchSecurity.com Staff
Exploit code is circulating for the FTP zero-day flaw in Microsoft IIS Web server.
At VMworld 2009, companies focus on virtual desktops for security
By Eric Ogren
While security is not a major theme at VMworld 2009, companies are turning attention to virtual desktop infrastructures to improve security and address remote employees.
Unpatched vulnerability discovered in Microsoft SQL Server
By Michael S. Mimoso
Database security vendor Sentrigo today released some detail about a flaw discovered a year ago in Microsoft SQL Server that exposes passwords stored in memory as cleartext. Microsoft is not planning to patch this flaw. Sentrigo released a free utility that will erase cleartext passwords from memory. Updated to include comments from Microsoft.
Security fundamentals remain focus of virtualization deployments
By Robert Westervelt
Companies are avoiding virtualization security technologies until the market matures and established security vendors address threat mitigation and compliance issues.
Skype Trojan records VoIP communications
By SearchSecurity.com Staff
Called the first wiretap Trojan, Peskyspy, targets Skype conversations by intercepting and recording audio between the Skype application and the victim's audio device.
VMware Frame Buffer Parameter Heap-Based Buffer Overflow Vulnerability
The VMware movie decoder contains the VMnc media codec that is required to play back movies recorded with VMware Workstation, VMware Player and VMware ACE, in any compatible media player. The movie decoder is installed as part of VMware Workstation, VMware Player and VMware ACE, or can be downloaded as a stand alone package.
yTNEF/Evolution TNEF Attachment Decoder Plugin Multiple Vulnerabilities
Transport Neutral Encapsulation Format (TNEF) is a proprietary e-mail attachment format used by Microsoft Outlook and Microsoft Exchange Server. A plugin for Evolution exists that provides basic support for TNEF encoded e-mails. This plugin uses the ytnef library (libytnef) for processing TNEF messages. It borrows code from the ytnef program, which is a program to work with procmail to decode TNEF streams (winmail.dat attachments). These applications share code and are, because of this, both affected by the issues described in this document. yTNEF & the Evolution TNEF Attachment decoder plugin are affected by several directory traversal and buffer overflow vulnerabilities. The directory traversal vulnerabilities allow attackers to overwrite or create local files with the privileges of the target user. Exploiting the buffer overflow vulnerabilities allows for arbitrary code execution with the privileges of the target user.
Asterisk IAX2 Call Number Resource Exhaustion
The IAX2 protocol uses a call number to associate messages with the call that they belong to. However, the protocol defines the call number field in messages as a fixed size 15 bit field. So, if all call numbers are in use, no additional sessions can be handled.
Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server
Dnsmasq is a lightweight DNS forwarder and DHCP server. A vulnerability has been found that may allow an attacker to execute arbitrary code on servers or home routers running dnsmasq[1] with the TFTP service enabled ('--enable-tfp').
OpenOffice.org Word Document Table Parsing Integer Underflow
OpenOffice.org 3 is the leading open-source office software suite for word processing, spreadsheets, presentations, graphics, databases and more. A vulnerability was discovered in OpenOffice.org, which can potentially compromise a user's system.
JSFTemplating Mojarra Scales and GlassFish Application Server File Disclosure Vulnerability
The JSFTemplating FileStreamer functionality is vulnerable to file disclosure and also allows an attacker to retrieve directory listings of the whole server. Furthermore Mojarra Scales and the GlassFish Application Server Admin console are using vulnerable components too.
Microsoft ATL/MFC ActiveX Security Bypass Vulnerability
Microsoft's Component Object Model (COM) was designed to allow interoperability between disjointed software components. Remote exploitation of a logic flaw vulnerability in Microsoft Corp.'s ATL/MFC ActiveX code, as included in various vendors' ActiveX controls, could allow attackers to bypass ActiveX security mechanisms.
Microsoft ATL/MFC ActiveX Information Disclosure Vulnerability
Microsoft's Component Object Model (COM) was designed to allow interoperability between disjointed software components. It is a standardized interface solution to the programming dilemmas involved in object oriented programming, distributed transactions, and inter-language communications. Remote exploitation of an information disclosure vulnerability in Microsoft's ATL/MFC ActiveX template, as included in various vendor's ActiveX controls, allows attackers to read memory contents within Internet Explorer.
Microsoft IIS FTP Server Stack Based Overrun Vulnerability
Microsoft IIS servers that allow anonymous write access to the FTP server are vulnerable to a stack based overrun. IIS5 and to some degree IIS6 are susceptable.
Xerox WorkCentre LPD daemon Denial of Service
The Xerox WorkCentre 7132 multifunction is the affordable transition to the next level of productivity for your office. One easy-to-use device offers powerful printing, copying, scanning, and faxing. During a brief assessment performed for Xerox WorkCentre 7132 it was discovered that LPD daemon implementation contains a weakness related to robustness of LPD protocol handling. Attacker can crash the whole device with a relatively simple attack. Recovering from the denial-of-service condition requires power cycling the device.
ProShow Gold Buffer Overflow Vulnerabilities
ProShow Gold allows you easily create photo and video slide shows on DVD, PC and Web. Vvulnerabilities in the software related to the processing of ProShow Slideshow s project files ( .psh ). This vulnerability permits hackers to execute malicious code on users systems.
Microsoft ATL/MFC ActiveX Type Confusion Vulnerability
Remote exploitation of a type confusion vulnerability in Microsoft Corp.'s ATL/MFC ActiveX code as included in various vendors' ActiveX controls, could allow an attacker to execute arbitrary code within Internet Explorer (IE). Microsoft's Component Object Model (COM) was designed to allow interoperability between disjointed software components. It is a standardized interface solution to the programming dilemmas involved in object oriented programming, distributed transactions, and inter-language communications. Microsoft's Active Template Library (ATL) is a set of C++ templates that simplify developing COM objects.
Subdreamer CMS SQL Injection Vulnerabilities
Subdreamer is a content management system, which is written in PHP and uses MySQL as its database backend. There are vulnerabilities in two integration modules in Subdreamer. Both Invision Power Board 2 and phpBB3 integration modules have this vulnerability.
Oracle Database Server Resource Manager Buffer Overflow
To exploit this vulnerability it is required to have ALTER SYSTEM privilege. Exploitation of this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DoS (Denial of service) killing the Oracle server process.
Microsoft Fixes Critical Windows Vulnerabilities in Patch Tuesday Updates
Microsoft fixes several critical vulnerabilities in Microsoft Windows in September's Patch Tuesday release. All five of the security bulletins are rated critical, including one that addresses a vulnerability in the JavaScript engine that affects several versions of Windows.
- Microsoft released five critical security bulletins Sept. 8 to cover issues in Microsoft Windows that company officials said could allow hackers to remotely execute code. None of the vulnerabilities are known to be under attack at this time. Still, two of the bulletins address vulnerabilities t...
How a Phishing Attack Exposed an Energy Company to Hackers
The Intrepidus Group reveals some details behind a malware attack that exposed critical systems at an energy company. Using a Microsoft zero-day vulnerability and a bit of social engineering, hackers compromised a workstation and threatened critical SCADA systems, the security vendor says.
- It began with an e-mail sent to an employee at an energy company, and ended with a security breach that exposed critical systems to outside control. This is an-all-too common scenario, and just one example of the types of threats targeting not only critical infrastructure but organizations ge...
Microsoft Warns IIS Vulnerability Is Under Attack
Microsoft reports that a zero-day vulnerability in Internet Information Services is now the subject of limited attacks. Exploit code for the IIS vulnerability is known to have been circulating publicly for the past several days.
- Microsoft officials are reporting limited attacks targeting a zero-day vulnerability in the FTP service in Internet Information Services. The IIS vulnerability warning follows the release of new exploit code that can be used to create a DoS (denial of service) condition on Windows XP and Windows...
Microsoft Readies 5 Critical Windows Updates for Patch Tuesday
Microsoft is preparing to release five critical security bulletins Sept. 8 for Patch Tuesday. The five bulletins target vulnerabilities in Microsoft Windows, and do not include a fix for a bug affecting Internet Information Services the company has warned about.
- Microsoft is prepping five critical security bulletins for the Patch Tuesday release Sept. 8. All five are classified as remote code execution vulnerabilities in Microsoft Windows. The bulletins cover various editions of the operating system, ranging from Windows 2000 to Windows Server 2008. T...
Apple Ships Vulnerable Adobe Flash with 'Snow Leopard,' Sophos Reports
Apple is silently downgrading users of Mac OS X 10.6, code-named Snow Leopard, to an old, vulnerable version of Adobe Flash Player. According to Sophos, users who upgrade to Snow Leopard are left with Adobe Flash Player Version 10.0.23.1, which is known to be susceptible to attacks.
- Apple is pushing out an older, vulnerable version of Adobe Flash Player with its quot;Snow Leopard quot; operating system upgrade, according to Sophos. Snow Leopard, aka Mac OS X 10.6, hit the streets Aug. 28 with much fanfare about promised performance improvements. Apple also generat...
Marshal8e6 Renamed M86 Security
Marshal8e6 changes its name to M86 Security as it pushes a Web and messaging security focus. The company announces the change along with plans for two upcoming products that bring together technology from recent mergers and acquisitions.
- Security vendor Marshal8e6 is sporting a new name and a new bag of integrated products bringing its technology together with technology from recently acquired Avinti. The new name M86 Security is meant to reflect the companys focus on Web and messaging security, and is the second name change fo...
Energy Sector in Danger of Cyberattack
A former Department of Homeland Security official is warning that the nations energy grid could be opening itself up to crippling cyberattacks. Greg Garcia, former Assistant Secretary of Cyber Security for Homeland Security, told Ziff-Davis Enterprise in an exclusive video interview that the energy industrys move to embrace so-called smart grid technology could allow hackers to disrupt our critical infrastructure in new and very dangerous ways.
Microsoft Downplays SQL Server Database Vulnerability
Microsoft is disputing the severity of a vulnerability found in its SQL Server database that security researchers say exposes administrative passwords. The vulnerability, uncovered by Sentrigo, can be exploited remotely in SQL Server 2000 and 2005.
- Microsoft is downplaying a SQL Server security flaw that could be exploited by someone with administrative privileges to see users' unencrypted passwords. The vulnerability was discovered last year by database security vendor Sentrigo when one of their researchers noticed that the uniqu...
Virtualization Security in Spotlight During VMworld
With VMworld in full swing, virtualization security is at the tip of some people's tongues. Based on a new paper from RSA and some user surveys, IT pros are advised to keep security high on their list of concerns when it comes to virtualized environments.
- In some ways, the virtualization security market may be in a good news, bad news situation. The good news: More tools are appearing that focus on securing virtual environments. The bad news: Many may not be making their way into the IT infrastructure. A survey by Nemertes Research found that onl...
Microsoft Investigates IIS Zero-Day Security Vulnerability
Microsoft is investigating reports of a vulnerability affecting Microsoft Internet Information Services' FTP module after exploited code surfaced on the Web. The vulnerability could be leveraged by an attacker to execute arbitrary code, officials at US-CERT warn.
- Microsoft officials are investigating reports of a zero-day bug affecting Microsoft Internet Information Services in response to the appearance of exploit code on the Internet. The exploit, which targets a FTP server remote stack overflow, was published Aug. 31 on Milw0rm.com. According to US-C...
Revised Bill Still Gives Obama Unprecedented Cyber-security Powers
After receiving a hailstorm of criticism for his first version of the Cybersecurity Act of 2009, Sen. Jay Rockefeller revises the legislation to encounter even more criticism. In both versions, the controversy rests on the president's ability to shut down private Internet networks in the case of a national emergency.
- Sen. Jay Rockefeller's revised Cybersecurity Act of 2009 is creating as much controversy as his original effort in April did. Both versions give the president unprecedented authority to shut down private Internet networks in the case of a cyber-security emergency. The original draft bill gave ...
Future Firefox to Nag Users on Insecure Plug-ins
In Safety Tips
Mozilla says that the next version of Firefox will warn users if they are running insecure, outdated versions of the Adobe Flash Player, as part of a nascent effort to work with vendors of the most popular browser plug-ins to ensure users aren't falling behind on important security updates. Beginning with Firefox 3.5.3 and Firefox 3.0.14, Mozilla will warn users if their Flash plugin is out-of-date. Mozilla said it is starting with Flash because if its ubiquity, but also in response to recent studies showing as much as 80 percent of users are running old versions of Flash. "Mozilla will work with other plugin vendors to provide similar checks for their products in the future," the company said on its Security Blog. "Keeping your software up to date remains one of the best things you can do to keep yourself safe online, and Mozilla will continue to look for ways
Microsoft Fixes Eight Security Flaws
In New Patches
Microsoft today pushed out software updates to plug at least eight critical security holes in computers powered by its various Windows operating systems. The patches are available through Windows Update or via Automatic Updates. The flaws were addressed in a bundle of five patches, each of which earned Microsoft's most dire "critical" rating, meaning they are serious enough that attackers could break into systems without any help from users. One particularly dangerous flaw covered by this month's patch batch is a problem with the way Windows handles Javascript. While this flaw stems from a faulty component of the Windows operating system, it would most likely be exploitable through Internet Explorer versions 6, 7 and 8, said Wolfgang Kandek, chief technology officer at software security provider Qualys. The flaw resides in every version of Windows except Windows 7. In fact, none of the vulnerabilities patched today affect Windows 7, Kandek said.
More Business Banking Victims Speak Out
In Web Fraud 2.0
Since our story about Eastern European cyber crooks targeting small to mid-sized U.S. businesses ran last week, I've heard from a few more victims. Eerie similarities in their descriptions of how they were robbed suggest the bulk of this crime may be the work of one or two gangs. David Johnston, owner of Sign Designs, Inc., a Modesto, Calif.-based company that makes and installs electric signs, said his company lost nearly $100,000 on July 23, when crooks used the company's credentials to log in to its online banking account and initiate a series of transfers to 17 accomplices at seven banks around the country. "Our daily limit on these transactions was $100,000, and [the thieves] took just $47 short of that amount," Johnston said. "What we're looking at really is the bank robber of 2009. They don't use a gun, they have lots of helpers, their [profits] are huge, and
Apple Updates Java, Backdates Flash
In New Patches
Apple Thursday shipped an update to plug a slew of critical security holes in its version of Java for Leopard systems (OS X 10.5). In other Apple patch news, it appears those who have updated to the latest version of OS X -- 10.6/Snow Leopard -- received an insecure version of the Adobe Flash player. The Java update brings Mac's version of Java to 10.5 Update 5, and fixes at least 16 security flaws in the program. Users can grab the patch through Software Update or directly from Apple Software Downloads. Mac users who have upgraded to Snow Leopard should be aware that the current version of the installation disc comes with an outdated version of Flash -- version 10.0.23.1. Snow Leopard users can upgrade to the latest version -- 10.0.32.18 -- by visiting the Flash Player Download Center.
What To Do When Scareware Strikes
In Safety Tips
Mrs. Krebs and I were enjoying a relaxing, quiet morning last Saturday in our living room -- silently bonding with our respective laptops propped on our knees -- when she nearly jumped off of the sofa, shouting, "Uh oh! It's one of those fake virus things popping up! WhatdoIdo!?!?" It occurred to me as I reached for her computer that most people probably wouldn't know what to do should they stumble across a hacked or malicious site that tries to frighten and corral visitors into downloading and purchasing some rogue anti-virus product (a.k.a. "scareware"). The misleading pop-ups and animations about supposed security and privacy threats are unnerving, to be sure, and can be awfully convincing to the unwary. Typically, they are the result of scripts stitched into legitimate, hacked Web sites, or into banner ads that scam artists stealthily submit to some online ad networks. It is tempting to try
Getting Friended By Koobface
In From the Bunker
You know you've attracted the attention of online troublemakers when they start using their malicious software to taunt you by name. Such is apparently the case with the latest version of Koobface, a worm that spreads on Facebook, Twitter and other Web 2.0 sites and turns infected systems into bots that can be used for a variety of improper and possibly criminal purposes. According to an analysis performed on the malware by researchers from the University of Alabama at Birmingham, the latest version references a domain that begins with an expletive and ends with ...briankrebs.com (if you figure it out please DO NOT visit this Web site, as you could pick up a malicious program). I suppose I should be flattered, as I'm in good company: According to the researchers, this Koobface variant also forces infected systems to call out to another domain that drops an expletive in the middle
Brief: WordPress warns of wayward worm
WordPress warns of wayward worm
Brief: Snow Leopard users suffer Flash back
Snow Leopard users suffer Flash back
Brief: Microsoft warns of IIS flaw
Microsoft warns of IIS flaw
Brief: Judge dismisses everyone-a-hacker case
Judge dismisses everyone-a-hacker case
Brief: Security tools snarl Snow Leopard update
Security tools snarl Snow Leopard update
Extreme Asymmetry in Network Attack and Defense
By Richard Bejtlich
As usual, Gunter Ollmann posted a great story on the Damballa blog titled Want to rent an 80-120k DDoS Botnet? He writes:
[T]his particular operator is offering a botnet of between 80k and 120k hosts capable of launching DDoS attacks of 10-100Gbps – which is more than enough to take out practically any popular site on the Internet. The price for this service? $200 per 24 hours – oh, and there’s a 3 minute try-before-you-buy.
Someone please tell me how much it costs to provision equipment and services sufficient to sustain network operations during a 10-100 Gbps DDoS attack. I bet it is much more than $200 per day. This extreme level of asymmetry demonstrates another reason why intruders have the upper hand in network attack and defense.
Situations like this remind me that an insurance model might work. Insurance works when many contribute but few suffer simultaneous disasters. Perhaps organizations could buy insurance policies to cover losses due to DDoS, rather than provision for the disaster? Or do organizations already do that? I know some work with companies like Prolexic specifically to mitigate DDoS, but how about with insurers?
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Securing Application Execution with Microsoft AppLocker
By (Chris Sanders)
A deep dive into AppLocker, Microsoft's new feature for Windows 7 and Windows Server 2008 R2.
FanCheck Developer Defends App, Says It's Not Malware (PC World)
In technology
PC World - The controversial and popular FanCheck application for Facebook carries no viruses and is completely safe and legitimate, according to its creator.
Sophos: Searches About Fan Check App Can Lead to Malware (PC World)
In technology
PC World - Malicious hackers are setting up malware-infested Web sites that falsely claim to remove a virus from a new Facebook application called Fan Check, security vendor Sophos is warning.
Close to Patch Tuesday, New Flaw Surfaces (PC World)
In technology
PC World - As Microsoft prepares to release patches, researchers said they've seen exploit code for a new flaw that puts organizations using Vista and Windows 7 at great risk.
Symantec Announces Norton 2010, 'Quorum' Tech (PC Magazine)
In technology
PC Magazine - Symantec has announced the new line of Norton 2010 security products, which promise to deliver a revolutionary approach to fighting cyber crime.
Privacy bill would set rules for online marketing (AP)
In technology
AP - Here is a look at some of the things that Rep. Rick Boucher, chairman of the House Energy and Commerce Subcommittee on Communications, Technology and the Internet, hopes to put in a bill governing Internet advertising.
Congress weighs landmark change in Web ad privacy (AP)
In technology
AP - The Web sites we visit, the online links we click, the search queries we conduct, the products we put in virtual shopping carts, the personal details we reveal on social networking pages — all of this can give companies insight into what Internet ads we might be interested in seeing.
Microsoft: Cyber-crooks Exploiting Unpatched IIS Bug (PC World)
In technology
PC World - Microsoft says that cyber-criminals are starting to exploit an unpatched bug in its IIS server software that was made public earlier this week.
Old Flash for Snow Leopard, and Firefox Gets Fake Flash (PC World)
In technology
PC World - Here's a sneaky one for you. According to Sophos, a piece of spyware is masquerading as a Flash player plug-in for Firefox. Its installation screen looks legit (per examples in the Sophos post), and it will even show up thereafter in the list of Firefox extensions as "Adobe Flash Player 0.2."
Virtual Detectives Stalk In-Game Spammers (PC Magazine)
In technology
PC Magazine - Gamers competing against rivals around the globe in online multiplayer games have a new force protecting them—teams of virtual detectives.
Virtual detectives stalk in-game spammers (Reuters)
In technology
Reuters - Gamers competing against rivals around the globe in online multiplayer games have a new force protecting them -- teams of virtual detectives.
Wiretapping Skype calls: virus eavesdrops on VoIP (AP)
In technology
AP - Some computer viruses have a crude but scary ability to spy on people by logging every keystroke they type. Now hackers and potentially law enforcement have another weapon: a virus that can eavesdrop on voice conversations that go over computers instead of a regular phone line.
Five Indicted in Long-running Cybercrime Operation (PC World)
In technology
PC World - New York prosecutors indicted five Eastern European men on Monday in an extensive credit-card fraud operation that netted the defendants at least US$4 million from some 95,000 stolen card numbers.
Instant Messaging Speeds up Data Theft Danger (PC World)
In technology
PC World - One of the more sophisticated pieces of malware in circulation has been given an upgrade that lets cybercriminals act even faster after they've stolen data from a PC.
The Broadband Revolution = Webcam Exhibitionists (PC Magazine)
In technology
PC Magazine - They're everywhere. If we can't make the webcam girls go away, can we at least get them to stop spamming every single Web site?
Unpatched Flaw Could Take Down Microsoft's IIS Server (PC World)
In technology
PC World - A hacker has posted code that could be used to take over a system running Microsoft IIS (Internet Information Services) server.
Making Sense of the Snow Leopard Security Debate (PC World)
In technology
PC World - Snow Leopard is out and users seem generally satisfied with the latest version of the Mac OS X operating system. The release hasn't come without some controversy though, part of which has been the debate over the malware protection features Apple included in Snow Leopard.
Microsoft patches gaping Windows worm holes
By Ryan Naraine on Vulnerability research
Microsoft today released a peck of patches to cover at least seven documented worm holes in the Windows operating system. The most serious of the vulnerabilities addresses could lead to remote code execution complete system takeover attacks.
Firefox to run checks for Adobe Flash patch
By Ryan Naraine on Pen testing
Starting with the upcoming releases of Firefox 3.5.3 and Firefox 3.0.14, Mozilla will warn users if their version of the popular Adobe Flash Player plug-in is out of date
Microsoft FTP in IIS vulnerability now under attack
By Ryan Naraine on Zero-day attacks
Less than a week after the publication of exploit code for a critical vulnerability in the FTP Service in Microsoft Internet Information Services (IIS), attackers are now launching in-the-wild attacks against Windows users.
Scareware goes Green
By Dancho Danchev on Spyware and Adware
Malicious pseudo-environmentalists have come up with a new social engineering tactic aiming to improve the profit margins of their fake antivirus software releases - by promising to donate $2 from every purchase for saving the Amazonian green forests. The new scareware template branded as “Green-AV Premier Edition 3.0” is pitched as the “World’s First Antivirus Which [...]
Patch Tuesday heads-up: Five 'critical' bulletins on tap
By Ryan Naraine on Patch Watch
Microsoft's September batch of security updates will include fixes for a multiple "critical" vulnerabilities affecting the Windows operating system.
Apple plugs 15 Java for Mac security holes
By Ryan Naraine on Patch Watch
Apple today released a new version of Java for Mac to plug a total of 15 documented security vulnerabilities that could lead to remote code execution attacks via rigged Web pages.
Opera browser (finally) gets an auto-updater
By Ryan Naraine on Patch Watch
The Opera Web browser has undergone a minor security makeover with one significant improvement — the ability to update itself when patches are released. The latest browser update will, by default, notify the user about available updates in very much the same way Mozilla Firefox handles automatic patching. From the changelog: Users can specify that snapshot build releases [...]
Snow Leopard ships with vulnerable Flash Player
By Ryan Naraine on Patch Watch
Apple's new operating system comes with an outdated version of Flash Player that exposes Mac users to hacker attacks.
Microsoft confirms IIS zero-day flaw; Exploit code published
By Ryan Naraine on Windows Vista
Microsoft late Tuesday confirmed the publication of exploit code for a serious code execution vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0.
Firefox add-on spies on Google usage, search results
By Ryan Naraine on Patch Watch
Security researchers have intercepted a fake Flash Player update creating a Firefox add-on that spies on a target user's Google search results.
Microsoft to push 'mandatory' Live Messenger security patch
By Ryan Naraine on Windows Vista
Microsoft plans to force a mandatory Windows Live Messenger upgrade later this month to fix a security vulnerability that exposes Windows users to remote code execution attacks.
Posts
No comments:
Post a Comment