Ars Technica - Security
AntiVir, 10 others, fail Virus Bulletin's latest tests
By emil.protalinski@arstechnica.com (Emil Protalinski) on Virus Bulletin
Virus Bulletin (VB) conducted its latest test in August, posting the results this month. The security research company evaluated 26 anti-malware products (product submission deadline was August 22) for the 32-bit version of Windows Server 2008 SP2. The basic requirements for a product passing the test is detecting, both on demand and on access, in its default settings, all malware known to be "In the Wild" at the time of the review, and not detecting any false positives when scanning a set of clean files. The products were pitted against about 3,000 unique samples of malware that fall into four categories: WildList viruses, worms and bots, polymorphic viruses, and Trojans.
Report: Thousands of Hotmail passwords posted
By emil.protalinski@arstechnica.com (Emil Protalinski) on Windows Live Hotmail
Password details for Windows Live Hotmail accounts, including @hotmail.com, @msn.com, and @live.com e-mail addresses, were posted by an anonymous user over at pastebin.com, a site that allows users to paste snippets of text and then share it privately or publicly. On October 1, there were over 10,028 account user names and passwords posted as a result of either some type of "hack" or phishing scheme, most of which appear to be based in Europe, according to Neowin, which first reported this story. Pastebin has since removed the link in question, though the issue may not have such a simple solution.
"Over the weekend Microsoft learned that several thousand Windows Live Hotmail customers' credentials were exposed on a third-party site due to a phishing scheme," a Microsoft spokesperson confirmed with Ars. "As always, upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts."
CGISecurity - Website and Application Security News
All things related to website, database, SDL, and application security since 2000.
WASC Honeypots - Apache Tomcat Admin Interface Probes
By Robert A. on WASC
The WASC Distributed Open Proxy Honeypots project has published an entry on people performing brute force attacks against tomcat administrative interfaces through WASC's open relay proxies. Tomcat Brute Forcing: http://tacticalwebappsec.blogspot.com/2009/10/wasc-honeypots-apache-tomcat-admin.html
CNET News - Security
Podcast: Symantec exec on how to avoid being a phishing victim
By Larry Magid
Phishing attacks have been around for a while and you might think that most people are savvy enough to avoid them. But, as CNET's Elinor Mills discovered, even FBI Director Robert Mueller finds it hard to distinguish a rogue phishing site from a legitimate bank website.
Symantec Internet safety
...
Originally posted at For the Record
Wife bans FBI head from online banking
By Elinor Mills
Robert Mueller
(Credit: James Martin/CNET
SAN FRANCISCO--No one is immune from cyberthreats, not even the head of the FBI.
FBI Director Robert Mueller was banned by his wife from doing online banking after he nearly fell for a phishing scam, he said on Wednesday during a talk at the ...
Originally posted at InSecurity Complex
Oops! Hack lets anybody join the MySpace network on Facebook
By Caroline McCarthy
I'm not an employee of MySpace, but I was able to join its Facebook network.
(Credit: Facebook
I do not work for MySpace. But my Facebook profile now says I do, thanks to what appears to be a sneaky little flaw in MySpace's recently launched e-mail client....
Originally posted at The Social
Q&A: Amit Yoran talks cybersecurity
By Elinor Mills
Amit Yoran
(Credit: Amit Yoran
West Point graduate Amit Yoran went from security work in the Air Force, the Defense Department, and private industry before being tapped as director of cybersecurity for the Department Homeland Security.
He joined DHS in September 2003 and left about a year later, the first ...
Originally posted at InSecurity Complex
Avoid being a victim of an e-mail phishing scam
By Larry Magid
A recent phishing scam resulting in usernames and passwords of Microsoft's Hotmail, Google's Gmail, and possibly accounts of AOL and Yahoo users being posted online is cause for concern for anyone who uses any of those services. Rather than panic, though, there are simple ways to avoid becoming ...
Originally posted at Safe and Secure
Gmail also hit by e-mail phishing scheme
By Don Reisinger
Hotmail users aren't the only ones who've been hit by a phishing scheme over the past week. Google told BBC News on Tuesday that Gmail users have also been affected by the hackers who posted passwords online.
The problem is far more widespread than was disclosed on Monday, ...
Originally posted at Webware
Hotmail passwords leaked online
By Don Reisinger
Update October 6 at 11:25 a.m.:This was later discovered to be an industrywide problem that has affected users of Gmail and possibly other e-mail services as well. See more details here.
Thousands of Windows Live Hotmail passwords have been leaked online, ...
Originally posted at Webware
AVG: Version 9 faster, includes ID protection service
By Seth Rosenblatt
The feature-rich versions of popular security program AVG have been updated, with AVG Technologies claiming faster scan times, faster boot times, and other under-the-hood improvements. While version 8 introduced a consolidated product line, making those features work better together takes the attention of AVG Internet Security 9 and AVG Anti-Virus 9. ...
Originally posted at The Download Blog
CounterMeasures
Rik Ferguson blogs about security issues.
Stolen email accounts, 90 bucks and some Chinese spam.
By Rik Ferguson on spam
In the news over the past couple of days, much has been made of the tens of thousands of stolen email account credentials that have been posted on publicly visible websites. There is no positive indication of how these accounts were obtained or really even whether they were obtained as a result of one single [...]
Darknet - The Darkside
Ethical Hacking, Penetration Testing & Computer Security
AVG Stepping Up Consumer Anti-Virus Offerings
By Darknet on malware
AVG used to be THE anti-virus software a few years ago, especially with it being the first major vendor offering a free solution for home users. If you asked any techie back in 2002 which AV should you use, the answer would invariably be AVG free (or perhaps Panda). After that AVG just got bloated, slow and [...]
Samhain v.2.5.9c – Open Source Host-Based Intrusion Detection System (HIDS)
By Darknet on tripwire
We’ve only mentioned one HIDS before, that was OSSEC HIDS, so I thought I’d do some updates on the others. Samhain has always been one of my favourites, before that of course I was using Tripwire like everyone else. The Samhain open source host-based intrusion detection system (HIDS) provides file integrity checking and logfile monitoring/analysis, as well [...]
DarkReading - All Stories
DarkReading
SSL Still Mostly Misunderstood
Even many IT professionals don't understand what Secure Sockets Layer (SSL) does and doesn't do, leaving them vulnerable, new survey shows
Tens Of Thousands of Email Usernames and Passwords Posted Online By Phishers
Hotmail, Gmail, Yahoo, and other email users' accounts exposed
Bankers Gone Bad: Financial Crisis Making The Threat Worse
70 percent of financial institutions in the last 12 months have had cases of insider fraud, new survey says
DarkReading - Security News
DarkReading
WD(R) Introduces High-Performance My Book(R) Studio(TM) External Hard Drives With Innovative E-Label Display
Compound Profit(R) Is Hiring
Zoovy, Inc. Brings Seamless Mobile E-Commerce to Existing Zoovy Merchants at No Extra Cost
eWeek Security Watch
Malware Distributors Mastering News SEO
In Virus and Spyware
Malware purveyors are having a great deal of success in getting their news-driven attacks to the top of search engine results, often beating their legitimate peers.
IDC: DLP Adoption to Continue as Businesses Fear Insider Threat
In Products
In a new survey by analyst firm IDC, nearly 60 percent of respondents said they plan to invest in data loss prevention technology.
Asprox Botnet Attacks Come Back
In Virus and Spyware
The Asprox botnet campaign may not be as savvy as some of its newer counterparts, but it's still finding plenty of opportunities to infect end users.
Federal Computer Week: Security News
Panel recommends improvements to E-Verify
A panel of experts recommends improving the E-Verify electronic employment verification system to reduce false reports and to use it in immigration reform efforts.
Judge sends Deepwater false claims lawsuit to trial
A U.S. District Court judge refuses to dismiss the False Claims Act lawsuit against the Deepwater contractors and sets trial for next year.
Air Force activates new cyberspace defense unit
Combat communications wing supports new Space Command
Pentagon authorizes outside firm to manage access to some DOD systems
Exostar is now permitted to issue digital certificates and smart cards on its own behalf
SSA needs better information security, IG says
SSA has not followed through on key cybersecurity recommendations, according to a new report.
Commerce neglects its IT security workforce: inspector general
The department’s management has not devoted enough resources to training its IT security workers as the threat of cyber attacks increase in number and sophistication, IG says.
DHS falling short on small vessel security, IG says
The Homeland Security Department does not have an effective strategy or technologies in place to counteract the threat of attacks by terrorists who arrive on small boats, according to a new report.
Info Security News
Carries news items (generally from mainstream sources) that relate to security.
Jon Go$$elin Hack Attack
Posted by InfoSec News on Oct 07
http://www.nationalenquirer.com/jon_gosselin_hacked_kate_computers_embezzlement_baby_sitter_stephanie_santoro_interview/celebrity/67453
The National Enquirer
Enquirer Exclusive
October 7, 2009
Jon Gosselin used his computer skills to hack into his wife Kate's
e-mail, online bank accounts and cell phone, and he smoked marijuana at
the family home while watching their kids!
Those blockbuster charges are being leveled against the former star of...
Re: Help InfoSec News with a Donation
Posted by InfoSec News on Oct 07
Tonight I'd like to thank the 11 people since sending this out last
night for donating a little something to keep the lights on here, but
also in helping improve the site in the long run!
http://www.infosecnews.org/donate.html
Thanks!
William Knowles
InfoSec News
@infosecnews.org
________________________________________
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News...
Citing cybercrime, FBI director doesn't bank online
Posted by InfoSec News on Oct 07
http://www.networkworld.com/news/2009/100709-citing-cybercrime-fbi-director-doesnt.html
By Robert McMillan
IDG News Service
10/07/2009
The head of the U.S. Federal Bureau of Investigation has stopped banking
online after nearly falling for a phishing attempt.
FBI Director Robert Mueller said he recently came "just a few clicks
away from falling into a classic Internet phishing scam" after receiving
an e-mail that appeared to be...
Former Teen Stock Swindler Pleads to New Hacking Charges
Posted by InfoSec News on Oct 07
http://www.wired.com/threatlevel/2009/10/dinh/
By Kevin Poulsen
Threat Level
Wired.com
October 7, 2009
A former teenage hacker who once served prison time for an online
stock-trading scheme pleaded guilty last week to new charges of cracking
a New York-based currency exchange service and gifting himself more than
$100,000.
On Sept. 29, Van T. Dinh, now 25, confessed to computer fraud and
identity theft in federal court in Manhattan....
One Hundred Phishers Charged In Largest Cybercrime Case
Posted by InfoSec News on Oct 07
http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=220301571
By Thomas Claburn
InformationWeek
October 7, 2009
The FBI on Wednesday announced that it had charged 53 defendants, the
largest number ever charged in a cybercrime case, following a
multinational investigation into a phishing scheme that operated in the
United States and Egypt.
Thirty-three of the 53 defendants named in the indictment have been...
Hathaway Joins Kennedy School as Senior Adviser
Posted by InfoSec News on Oct 07
http://www.govinfosecurity.com/articles.php?art_id=1843
By Eric Chabrow
Managing Editor
Gov Info Security
October 7, 2009
Melissa Hathaway, the National Security Council official who led
President Obama's 60-day review of federal cybersecurity policies and
processes, has joined Harvard Kennedy School's Belfer Center for Science
and International Affairs as a senior adviser to its cybersecurity
initiative, the center announced Tuesday....
Q&A: Amit Yoran talks cybersecurity
Posted by InfoSec News on Oct 07
http://news.cnet.com/8301-27080_3-10369070-245.html
By Elinor Mills
InSecurity Complex
CNet News
October 7, 2009
West Point graduate Amit Yoran went from security work in the Air Force,
the Defense Department, and private industry before being tapped as
director of cybersecurity for the Department Homeland Security.
He joined DHS in September 2003 and left about a year later, the first
of several cybersecurity directors to have a short...
Phishing for Trouble: Officials Use Humor to Promote Cyber Security
Posted by InfoSec News on Oct 07
http://www.virginia.edu/uvatoday/newsRelease.php?id=9928
By Dan Heuchert
UVA Today
October 6, 2009
If you see someone strolling around Grounds this month in a fish
costume, think of your computer.
That someone is likely Karen McDowell, an information security analyst
at the University of Virginia's Information Security, Policy, and
Records Office. She spells the name of her costume "p-h-i-s-h," after
the computer...
Man banished from PayPal for showing how to hack PayPal
Posted by InfoSec News on Oct 07
http://www.theregister.co.uk/2009/10/06/paypal_banishes_ssl_hacker/
By Dan Goodin in San Francisco
The Register
6th October 2009
PayPal suspended the account of a white-hat hacker on Tuesday, a day
after someone used his research into website authentication to publish a
counterfeit certificate for the online payment processor.
"Under the Acceptable Use Policy, PayPal may not be used to send or
receive payments for items that show the...
Re: Help InfoSec News with a Donation
Posted by InfoSec News on Oct 07
Right off the bat, I'd like to thank the 20 people since sending this
out last night for donating a little something to keep the lights on
here, but also in helping improve the site in the long run!
http://www.infosecnews.org/donate.html
Thanks!
William Knowles
InfoSec News
@infosecnews.org
________________________________________
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News...
Most Common Hotmail Password Revealed!
Posted by InfoSec News on Oct 07
http://www.wired.com/threatlevel/2009/10/10000-passwords/
By Kim Zetter
Threat Level
Wired.com
October 6, 2009
A researcher who examined 10,000 Hotmail, MSN and Live.com passwords
that were recently exposed online has published an analysis of the list
and found that "123456" was the most commonly used password, appearing
64 times.
Forty-two percent of the passwords used lowercase letters from "a to z";
only 6 percent...
Former DuPont researcher hit with federal data theft charges
Posted by InfoSec News on Oct 07
http://www.computerworld.com/s/article/9139014/Former_DuPont_researcher_hit_with_federal_data_theft_charges?taxonomyId=17
By Jaikumar Vijayan
October 6, 2009
Computerworld
A former research scientist at DuPont USA who is already facing civil
charges for allegedly attempting to steal corporate secrets from the
company, has been hit with a federal criminal complaint on the same
charges.
Prosecutors charged Hong Meng with exceeding his...
Lawsuit: Heartland Knew Data Security Standard was 'Insufficient'
Posted by InfoSec News on Oct 07
http://www.bankinfosecurity.com/articles.php?art_id=1834
Linda McGlasson
Managing Editor
Bank Info Security
October 5, 2009
Months before announcing the Heartland Payment Systems (HPY) data
breach, company CEO Robert Carr told industry analysts that the Payment
Card Industry Data Security Standard (PCI DSS) was an insufficient
protective measure.
This is the contention of a new master complaint filed in the class
action suit against...
Bankers Gone Bad: Financial Crisis Making The Threat Worse
Posted by InfoSec News on Oct 07
http://www.darkreading.com/insiderthreat/security/government/showArticle.jhtml?articleID=220301087
By Kelly Jackson Higgins
DarkReading
Oct 05, 2009
A former Wachovia Bank executive who had handled insider fraud incidents
says banks are in denial about just how massive the insider threat
problem is within their institutions. Meanwhile, the economic crisis
appears to be exacerbating the risk, with 70 percent of financial
institutions saying...
IT security breach causes WebCenter shutdown
Posted by InfoSec News on Oct 07
http://www.tuftsdaily.com/it-security-breach-causes-webcenter-shutdown-1.1940619
By Ben Gittleson
The Tufts Daily
October 6, 2009
An unusually large-scale hacking attack over the weekend affected at
least 100 computers on Tufts' Medford/Somerville campus, causing the
university to temporarily shut down WebCenter and send many employees
home early.
The security breach likely resulted from people outside of the
university trying to hijack...
Keesler AFB begins cyber warfare training
Posted by InfoSec News on Oct 07
http://www.wlox.com/Global/story.asp?S=11261989
By Jeff Lawson
WLOX.com
Oct 05, 2009
BILOXI, MS (WLOX) - Monday marked the beginning of a new era for Keesler
Air Force Base as airmen began taking classes on cyber warfare. The
Biloxi base is the official cyber training headquarters for the entire
Air Force.
The commander of the 81st Training Wing, General Ian Dickinson, welcomed
the 95 young airmen to the class, and reflected on the...
Hacker conference starts next week
Posted by InfoSec News on Oct 06
http://star-techcentral.com/tech/story.asp?file=/2009/9/29/technology/20090929111828
The Star
September 29, 2009
KUALA LUMPUR: The term "cloud computing" dominates the headlines these
days but like most paradigm changes requiring new technology, various
risk and vulnerabilities of these new systems are also introduced.
Haroon Meer, technical director of information security company
Sensepost, will separate fact from fiction in his...
MoD 'how to stop leaks' document is leaked
Posted by InfoSec News on Oct 06
http://www.telegraph.co.uk/news/newstopics/politics/defence/6261756/MoD-how-to-stop-leaks-document-is-leaked.html
By Tom Chivers
Telegraph.co.uk
05 Oct 2009
The Defence Manual of Security is intended to help MoD, armed forces and
intelligence personnel maintain information security in the face of
hackers, journalists, foreign spies and others.
But the 2,400-page restricted document has found its way on to
Wikileaks, a website that publishes...
Blue Cross physicians warned of data breach
Posted by InfoSec News on Oct 06
http://www.boston.com/news/local/massachusetts/articles/2009/10/03/blue_cross_physicians_warned_of_data_breach/
By Kay Lazar
Boston Globe Staff
October 3, 2009
The largest health insurer in Massachusetts is warning roughly 39,000
physicians and other health care providers in the state that personal
information, including Social Security numbers, may have been
compromised after a laptop containing the data was stolen in August from
an...
Re: The Cybersecurity Myth (2 replies)
Posted by InfoSec News on Oct 06
Forwarded from: security curmudgeon <jericho (at) attrition.org>
: http://www.cringely.com/2009/10/the-cybersecurity-myth/
:
: Listen to this post in Bob's sexy, sexy voice
: http://www.cringely.com/podcast/20091002.mp3
:
: Robert X. Cringely
: October 2nd, 2009
:
: The Department of Homeland Security (DHS) said this week it will hire
: up to 1,000 cybersecurity experts over the next three years to help
: protect U.S. computer networks....
Commerce neglects its IT security workforce: inspector general
Posted by InfoSec News on Oct 06
http://fcw.com/articles/2009/10/05/commerce-it-security-workforce.aspx
By Matthew Weigelt
FCW.com
Oct 05, 2009
The Commerce Department has failed to take the basic steps to develop
its workforce that oversees the security of the department.s information
technology systems, a newly posted report [1] states.
The department's management has not devoted enough attention and
resources to training its IT security workers, according to an audit by...
Bank Botnet Serves Fake Info to Thwart Researchers
Posted by InfoSec News on Oct 06
http://www.wired.com/threatlevel/2009/10/urlzone-trojan/
By Kim Zetter
Threat Level
Wired.com
October 6, 2009
Researchers tracking a gang of online bank thieves found that the
criminals have deployed a devious means to thwart law enforcement and
anyone else trying to monitor their activities.
The gang behind the URLZone trojan, which siphons money from online bank
accounts and then alters a victim's online bank statement to hide the...
10,000 Hotmail passwords mysteriously leaked to web
Posted by InfoSec News on Oct 06
http://www.theregister.co.uk/2009/10/05/hotmail_passwords_leaked/
By Dan Goodin in San Francisco
The Register
5th October 2009
Updated: Login credentials for more than 10,000 Microsoft Live accounts
have been posted to the internet, most likely by miscreants who found
them or harvested them in a phishing attack.
In all, there were 10,028 pairs of user names and passwords posted to
multiple pages of public upload website Pastebin.com, some...
Small Business Information Security Task Force; Request for Nominations
Posted by InfoSec News on Oct 05
http://edocket.access.gpo.gov/2009/E9-23538.htm
[Federal Register: September 30, 2009 (Volume 74, Number 188)]
[Notices]
[Page 50264-50265]
[DOCID:fr30se09-108]
-----------------------------------------------------------------------
SMALL BUSINESS ADMINISTRATION
Small Business Information Security Task Force; Request for
Nominations
AGENCY: U.S. Small Business Administration (SBA).
ACTION: Request...
Roughead: Newest corps to dominate cyber intel
Posted by InfoSec News on Oct 05
http://www.stripes.com/article.asp?section=104&article=65150
By Leo Shane III
Stars and Stripes
Mideast edition
October 3, 2009
WASHINGTON - The Navy will reorganize nearly 44,000 jobs and add 1,000
additional positions to a newly created "Information Domination Corps"
designed to bring the naval intelligence community, cybersecurity
experts and communications specialties under a single command.
The new 10th Fleet, to be...
The Cybersecurity Myth
Posted by InfoSec News on Oct 05
http://www.cringely.com/2009/10/the-cybersecurity-myth/
Listen to this post in Bob's sexy, sexy voice
http://www.cringely.com/podcast/20091002.mp3
Robert X. Cringely
October 2nd, 2009
The Department of Homeland Security (DHS) said this week it will hire up
to 1,000 cybersecurity experts over the next three years to help protect
U.S. computer networks. This was part of National Cybersecurity
Awareness Month and the announcement was made by...
RIM Plugs BlackBerry Security Hole
Posted by InfoSec News on Oct 05
http://www.eweek.com/c/a/Security/RIM-Plugs-BlackBerry-Security-Hole-165742/
By Brian Prince
eWEEK.com
2009-10-02
Research In Motion fixes a security bug it says left BlackBerry users
open to phishing attacks.
Research In Motion has plugged a security hole that left BlackBerry
users open to phishing attacks.
The bug lies in the BlackBerry browser dialog box, which provides
information about Website domain names and their associated...
PCs with Shtokman-info stolen
Posted by InfoSec News on Oct 05
http://www.barentsobserver.com/pcs-with-shtokman-info-stolen.4639084-16178.html
BarentsObserver
2009-10-02
Four computers with sensitive information about the Shtokman project
were stolen from a consulting company in Oslo in August.
A thief broke into the offices of Multiconsult in Oslo. The Norwegian
consulting company is currently working for StatoilHydro with prospects
for the building site and harbour facility and piers.
StatoilHydro...
Linux Advisory Watch - October 2nd 2009
Posted by InfoSec News on Oct 05
+----------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| October 2nd, 2009 Volume 10, Number 40 |
| |
| Editorial Team: Dave Wreski <dwreski () linuxsecurity com> |
| Benjamin D. Thomas <bthomas () linuxsecurity...
New IT Security Authority to safeguard Singapore against cyber threats
Posted by InfoSec News on Oct 05
http://www.channelnewsasia.com/stories/singaporelocalnews/view/1008285/1/.html
By S Ramesh
Channel NewsAsia
30 September 2009
SINGAPORE: Singapore is taking steps to harden its national IT
infrastructure against cyber-terrorism and cyber-espionage.
A new unit called the Singapore Infocomm Technology Security Authority
or SITSA will be set up from October 1 to oversee efforts to safeguard
the nation against infocomm technology security...
Targeted e-mails distribute malware in PayChoice breach
Posted by InfoSec News on Oct 02
http://news.cnet.com/8301-27080_3-10365830-245.html
By Elinor Mills
Insecurity Complex
CNet News
October 1, 2009
Payroll processor PayChoice said Thursday it is investigating a breach
in which customers received targeted e-mails purporting to be from the
company but were designed to trick people into downloading malware.
Workers received e-mails last week that directed them to download a
browser plug-in or visit a Web site so they could...
Express Scripts: 700,000 notified after extortion
Posted by InfoSec News on Oct 02
http://www.computerworld.com/s/article/9138723/Express_Scripts_700_000_notified_after_extortion?taxonomyId=17
By Robert McMillan
September 30, 2009
IDG News Service
Nearly a year after being hacked by computer extortionists, pharmacy
benefits management company Express Scripts now says hundreds of
thousands of members may have had their information breached because of
the incident.
Last November, the company reported that someone had...
Probe Targets Archives' Handling of Data on 70 Million Vets
Posted by InfoSec News on Oct 02
http://www.wired.com/threatlevel/2009/10/probe-targets-archives-handling-of-data-on-70-million-vets/
By Ryan Singel
Threat Level
Wired.com
October 1, 2009
The inspector general of the National Archives and Records
Administration is investigating a potential data breach affecting tens
of millions of records about U.S. military veterans, Wired.com has
learned. The issue involves a defective hard drive the agency sent back
to its vendor for...
DHS could hire 1,000 more cybersecurity professionals
Posted by InfoSec News on Oct 02
http://fcw.com/articles/2009/10/01/web-dhs-hiring-cybersecurity-officials.aspx\
By Ben Bain
FCW.com
Oct 01, 2009
The Homeland Security Department will hire up to 1,000 additional people
to work in cybersecurity jobs over the next three years, senior DHS
officials announced today.
The new employees will be scattered across DHS agencies, and will work
in areas such as cyber risk and strategic analysis, cyber incident
response, vulnerability...
Linux saves Aussie electrical grid
Posted by InfoSec News on Oct 02
http://www.theinquirer.net/inquirer/news/1556944/linux-saves-aussie-electricity
By Nick Farrell
The Inquirer
1 October 2009
QUICK THINKING open sourcerers might have saved an Australian power
supply system after its electrical grid control room network got
infected with a virus.
A Windows virus hit the networks of Integral Energy and, according to a
submission to Slashdot, the virus managed to spread to the operator
display consoles in the...
Secunia Weekly Summary - Issue: 2009-40
Posted by InfoSec News on Oct 02
========================================================================
The Secunia Weekly Advisory Summary
2009-09-24 - 2009-10-01
This week: 43 advisories
========================================================================
Table of Contents:
1.....................................................Word From...
UK already 'major world power' in cyberwar
Posted by InfoSec News on Oct 02
http://www.theregister.co.uk/2009/10/01/borg_cyberwar/
By Chris Williams
The Register
1st October 2009
The UK government already has a "considerable" number of attackers and
defenders that make it a "major world power" in cyberwarfare, according
to a leading US expert.
Scott Borg of the Washington DC-based US Cyber Consequences Unit, a
well-connected research group, told The Register that the British
military and...
New Malware Re-Writes Online Bank Statements to Cover Fraud
Posted by InfoSec News on Sep 30
http://www.wired.com/threatlevel/2009/09/rogue-bank-statements/
By Kim Zetter
Threat Level
Wired.com
September 30, 2009
New malware being used by cybercrooks does more than let hackers loot a
bank account; it hides evidence of a victim's dwindling balance by
rewriting online bank statements on the fly, according to a new report.
The sophisticated hack uses a Trojan horse program installed on the
victim's machine that alters html coding...
InformationWeek Security News
InformationWeek
Google Robbed By Botnet
By Thomas Claburn
A botnet designed to facilitate click fraud is defrauding advertisers and denying potential revenue to Google and other search engines.
One Hundred Phishers Charged In Largest Cybercrime Case
By Thomas Claburn
A two-year international phishing investigation involving the FBI and authorities in Egypt has led to charges against 53 people in the U.S. and 47 overseas.
One Hundred Phishers Charged In Largest Cybercrime Case
By Thomas Claburn
A two-year international phishing investigation involving the FBI and authorities in Egypt has led to charges against 53 people in the U.S. and 47 overseas.
100 Phishers Charged In Largest Cybercrime Case
By Thomas Claburn
A two-year international phishing investigation involving the FBI and authorities in Egypt has led to charges against 53 people in the U.S. and 47 overseas.
Google Offers Advice On Strong Passwords
By Thomas Claburn
Passwords remain the primary means of online authentication, despite their shortcomings. That's why Google wants to make sure users' passwords won't be easily defeated.
CBS Interactive Sued For Distributing China's Green Dam Filter
By Thomas Claburn
Internet filter maker Solid Oak Software has filed a lawsuit against CBS Interactive's ZDNet China for distributing China's Green Dam filtering software, which allegedly includes the company's code.
CBS Interactive Sued For Distributing China's Green Dam Filter
By Thomas Claburn
Internet filter maker Solid Oak Software has filed a lawsuit against CBS Interactive's ZDNet China for distributing China's Green Dam filtering software, which allegedly includes the company's code.
Heartland, After The Hacking
By Thomas Claburn
The data breach at Heartland Payment Systems was a disaster for the company. But after picking up the pieces, the company is looking ahead to a more secure future.
Microsoft Blocks Hacked Hotmail Accounts
By Paul McDougall
Phishing scam may also have breached e-mail services offered by Google and Yahoo.
Glide Health Makes Medical Records Mobile
By Thomas Claburn
With the support of Integrated Medical Professionals, a large medical group, Glide Health aims to make medical records accessible from any mobile phone.
Federal Taskforce To Focus On Cybersecurity Metrics
By J. Nicholas Hoover
Cross-agency taskforce will emphasize cybersecurity outcomes over compliance, says federal CIO Kundra
Wolfe's Den Interview: Pacific Labs CIO Talks Cloud Computing Security
By Alexander Wolfe
Jerry Johnson, chief information officer of Pacific Northwest National Laboratory, offers insights into cloud security, the war on cybercrime, and the expansion of the perimeter.
Amazon Settles Kindle Deletion Lawsuit For $150,000
By Thomas Claburn
A student who sued Amazon in June for deleting a copy of the book <i>1984</i> from his Kindle e-book reader has won limited deletion protection for other Kindle users.
AT&T Buys VeriSign Security Consulting Unit
By Marin Perez
The deal could boost AT&T's network-based security offering to enterprise customers.
Beware Hijacked Social Networking Accounts, FBI Warns
By Thomas Claburn
Social networking sites are becoming a more popular attack vector for cybercriminals because people trust those they believe to be friends.
InSecurity Complex
Keeping tabs on flaws, fixes, and the people behind them.
Wife bans FBI head from online banking
By Elinor Mills
Robert Mueller
(Credit: James Martin/CNET
SAN FRANCISCO--No one is immune from cyberthreats, not even the head of the FBI.
FBI Director Robert Mueller was banned by his wife from doing online banking after he nearly fell for a phishing scam, he said on Wednesday during a talk at the ...
Q&A: Amit Yoran talks cybersecurity
By Elinor Mills
Amit Yoran
(Credit: Amit Yoran
West Point graduate Amit Yoran went from security work in the Air Force, the Defense Department, and private industry before being tapped as director of cybersecurity for the Department Homeland Security.
He joined DHS in September 2003 and left about a year later, the first ...
McAfee Avert Labs
Cutting edge security research as it happens.......
Please Call My Virus This!
By Pedro Bueno on Malware Research
Occasionally when we analyze malware, we find hidden messages there. They can be as simple as “Hi” or some choice words that would probably cause this blog to be X-rated. This trait is not new. And naturally we don’t make much of this habit so that the malware writers don’t earn any extra fame. [...]
W32/Xpaj Botnet Growing Rapidly
By Vitaly Zaytsev on Web and Internet Safety
Two weeks ago I blogged about a new virus–W32/Xpaj–found in the wild by McAfee researchers and actively spreading around the world. Since then we have closely monitored the change in spread and severity of the virus, improved generic detection for future W32/Xpaj instances, and added cleaning and proper repair for all the files infected by [...]
Network World on Security
The latest security news, analysis, reviews and feature articles from NetworkWorld.com.
How dangerous could a hacked robot possibly be?
It seems like a question ripped from the back of a cheap sci-fi novel: What happens when the robots are turned against us?
Gmail and Yahoo also caught in massive phishing attack
A massive phishing attack, which originally hit Hotmail, has also affected Gmail, Yahoo and AOL users, according to the BBC.
Researcher refutes Microsoft's account of hijacked Hotmail passwords
A security researcher at ScanSafe isn't buying Microsoft's and Google's explanation that hijacked Hotmail and Gmail passwords were obtained in a massive phishing attack. She blames botnets and keylogging.
Operation Phish Phry hooks 100 in U.S. and Egypt
More than 50 people in Southern California, Las Vegas and Charlotte, N.C., were indicted by a grand jury in Los Angeles for scheming to steal bank account information from thousands of people in the U.S. using phishing techniques.
Operation Phish Phry Nets 100 Suspects
United States and Egyptian authorities began rounding up 100 suspects indicted in connection with a two-year investigation dubbed "Operation Phish Phry."
Citing cybercrime, FBI director doesn't bank online
The head of the U.S. Federal Bureau of Investigation has stopped banking online after nearly falling for a phishing attempt.
The Seven Deadly Sins of Security Policy
Are your security policies really managing your organization's risks? Or are they just 'check-the-box' rules? We detail common policy mistakes security pros often make.
CIA endorses cloud computing, but only internally
One of the U.S. government's strongest advocates of cloud computing is also one of its most secretive operations: the CIA. The agency has adopted cloud computing in a big way, and it believes that the cloud approach makes IT environments more flexible and secure.
Careless downloading makes BlackBerry users spy targets
IPhone lovers and other smartphone users should take heed: A security researcher showed ways to spy on a BlackBerry user during a presentation Wednesday, including listening to phone conversations, stealing contact lists, reading text messages, taking and viewing photos and figuring out the handset's location via GPS.
Online banking fraud in the UK hits a new high
Online banking fraud in the U.K. has risen to the highest level in at least three years while card-related losses fell in most categories, according to industry figures released Wednesday.
A look at stolen Hotmail data finds simple passwords
1234567 may not be a very secure password, but it's popular on Hotmail.
Nasty banking Trojan makes mules of victims
A sophisticated Trojan horse program designed to empty bank accounts has a new trick up its sleeve: It lies to investigators about where the money is going.
DHS faces challenge in hiring 1,000 security experts
Security experts say the Department of Homeland Security faces several challenges in its plan to hire some 1,000 security experts over the next three years.
Gmail, Yahoo Mail join Hotmail; passwords exposed
Google's Gmail and Yahoo's Mail were also hit by a large-scale phishing attack, perhaps the same one that snagged at least 10,000 passwords from Microsoft's Windows Live Hotmail.
More views on cloud computing security
I recently had the opportunity to speak with the two old-line purveyors of privileged user management software (also called Privileged Identity Management and Privileged Password Management) -- Cyber-Ark and e-DMZ Security. In separate phone conversations we covered most of the two companies' offerings and today we'll take a look at how they feel about cloud computing and authentication.
Identity top priority for South Australia’s CIO this year
Identity and knowing who governments are dealing with has emerged as the top priority over the next 12 months for South Australia’s CIO, Andrew Mills.
Stolen Hotmail Passwords Show that Crooks like Webmail
Microsoft is blocking access to thousands of Windows Live Hotmail accounts after passwords for the accounts were publicly posted on a Web site.
Mozilla augments Firefox's plug-in check
As promised, Mozilla has created a page that checks for outdated plug-ins used by Firefox and helps users get the latest ones available.
Bitbucket's downtime is a cautionary cloud tale
Bitbucket’s weekend troubles with Amazon’s cloud services are instructive, but don’t necessarily indicate a problem with cloud security.
AVG launches AVG 9.0 Free and Anti-Virus
AVG today launched the latest version of its family of free and paid-for internet security products. AVG Anti-Virus 9.0 is available now for £39 for a one-year licence. AVG Free 9.0 will be available in mid October 2009.
After attacks, Adobe patches now come faster
Hackers like Adobe Systems, and now the company knows it all too well.
Hackers plan to clobber the cloud, spy on Blackberries
A new era of computing is on the rise and viruses, spies and malware developers are tagging along for the ride.
New Firefox security technology blocks Web attacks, Mozilla claims
Mozilla has released a test build of Firefox that adds new technology, dubbed "Content Security Policy," that's designed to stymie most Web-based attacks, the browser maker said.
60% of Brits store personal data on their phone
Over 60 percent of Brits keep sensitive personal data on their smartphone, says The Carphone Warehouse.
Easy Email Encryption Lite Lives up to Name
If you're looking for a very simple way to protect the privacy of your e-mail communications, look no further than Easy Email Encryption Lite ($18, demo). It provides about an easy a way to encrypt communications as you'll be able to find--as long as the receiver has a copy of the program as well.
Hacker leaks thousands of Hotmail passwords, says site
More than 10,000 usernames and passwords for Windows Live Hotmail accounts were leaked online late last week, according to a report by Neowin.net.
The justification for paranoia
We normally focus on technology and its impact on business. That is our background and those are areas we feel comfortable writing about. In the next two newsletters we are stepping out of our comfort zone to write about something that gets us darn nervous – the interaction of the US government with our right to privacy and what this means for IT organizations.
The Norm Coleman Web crash and full disclosure
How do we make ethical decisions? It is surely not by announcing preferences as if we were choosing a flavor of ice cream. There are guidelines we can follow in making ethical decisions, as Professor John Orlando, PhD described in an earlier series in this column in 2007 on social engineering in penetration testing.
HP security blade scores impressive performance results for UDP traffic
Want to get the highest possible performance out of your security device? Make sure it only handles connectionless UDP traffic – the stuff that, according to studies from CAIDA and other sources – makes up less than 5 percent of traffic on Internet backbones.
NotAwesome Firefox Add-On Hides History
Enough people loved Firefox's history and bookmark searching location bar that the name "AwesomeBar" caught on. While this tool is great for productivity, its omniscience is a serious privacy concern. Don't let your boss see that you've been looking for a new career on job search Web sites. You can clear your history, and completely exclude bookmarks from displaying in the bar, but why waste such a useful feature just to hide a few URLs? NotAwesome is a simple, free add-on that allows you to selectively hide bookmarks from the incriminating gaze of the AwesomeBar.
The Register - Security
Biting the hand that feeds IT
Hotmail 'phishing' campaign is small peanuts
Black market bulges with webmail logins
Access to the 10,000 compromised Hotmail accounts at the centre of a high profile breach might be obtained for as little as $90 on the black market.…
CBS hit for $1.2m over Chinese censorware
Net nanny files chicken feed damages demand
Solid Oak Software has hit media giant CBS with a demand for $1.2m, after the media giant's tech subsidiary posted downloads of the Chinese government's Green Dam Youth Escort software.…
UK Supremes to deliver McKinnon hearing decision
Anxious wait for Pentagon hacker
A decision on whether Gary McKinnon will be allowed leave to appeal to the newly-established UK Supreme Court will be given on Friday (9 October).…
The Register primer on web based threats (and their changing nature)
I'm Bad, You Know it
The internet is a gold mine for bad people, who continue to think of innovative, clever ways to extract money from individuals and corporations.…
Feds net 100 phishers in biggest cybercrime case ever
Operation Phish Phry
US and Egyptian authorities have charged 100 people with conducting a phishing operation that siphoned at least $1.5m from thousands of accounts belonging to Bank of America and Well Fargo customers.…
Spammers jump on Gmail, Hotmail mass-hack gravy train
Like manna from heaven
This week's airing of some 30,000 compromised Windows Live and Google Mail accounts has coincided with a spike in spam from those two services that promote sketchy electronics dealers, a researcher said.…
MySpace confession sinks car-death conviction appeal
You are what you post
A California appeals court has upheld a California woman's conviction for vehicular manslaughter by citing her MySpace page, in which she confessed to a penchant for drag racing.…
Visa gives merchants crypto card security guidelines
Retailers scramble for safety
Visa has published best practices for data field encryption (AKA end-to-end encryption) that call on merchants to always encrypt cardholder data.…
Hotmail phish exposes most common passwords
Live ID hacking made as easy as 123...
Data from the Hotmail phishing attack proves that consumer password security remains pants.…
Online banking scams overshadow plastic fraud slide
CNP fraud shrinks for first time
UK online banking fraud losses rose 55 per cent to hit £39m for the first half of 2009, according to banking industry figures published on Tuesday.…
Man banished from PayPal for showing how to hack PayPal
Some hacking tools more equal than others
PayPal suspended the account of a white-hat hacker on Tuesday, a day after someone used his research into website authentication to publish a counterfeit certificate for the online payment processor.…
Gmail, AOL, Yahoo! all hit by webmail phishing scam
I can see my address from here
Update Google has confirmed that Gmail has also been targeted by an "industry-wide phishing scheme" which first hit Hotmail accounts. Yahoo! and AOL are also reportedly affected.…
Scareware scams spill onto Skype
And are you interested in double glazing, while you're here?
Scareware spreaders have started to use Skype to spread their cash-sapping crud.…
AVG goes toe to toe with MS in consumer security fight
US gets discount, as usual
Update AVG is putting an emphasis on increased speed with a revamp of its free and paid for security suites.…
IE, Chrome, Safari duped by bogus PayPal SSL cert
Fraudulent credential, real risk
If you use the Internet Explorer, Google Chrome or Apple Safari browsers to conduct PayPal transactions, now would be a good time to switch over to the decidedly more secure Firefox alternative.…
10,000 Hotmail passwords mysteriously leaked to web
Phishing booty free for taking
Updated Login credentials for more than 10,000 Microsoft Live accounts have been posted to the internet, most likely by miscreants who found them or harvested them in a phishing attack.…
DDoS attack rains down on Amazon cloud
Code haven tumbles from sky
Updated Web-based code hosting service Bitbucket experienced more than 19 hours of downtime over the weekend after an apparent DDoS attack on the sky-high compute infrastructure it rents from Amazon.com.…
SANS Information Security Reading Room
Last 25 Computer Security Papers added to the Reading Room
Harness the Power of SIEM
Categories: Intrusion Detection,Logging Technology and Techniques
Paper Added: October 6, 2009
SANS Internet Storm Center, InfoCON: green
BETA Feature: I added a tools page. See if it works or let me know what I should add http://isc.sans.org/tools, (Wed, Oct 7th)
------ Johannes B. Ullrich, Ph ...(more)...
Spam rate increase is seen, (Wed, Oct 7th)
Thanks to a reader (Thanks Bob), who wrote in this morning asking if we have seen an increase in spa ...(more)...
Cyber Security Awareness Month - Day 7 - Port 6667/8/9/7000 - IRC: is it evil?, (Wed, Oct 7th)
IRC. Internet Relay Chat, commonly found on ports 6667,6668,6669, and 7000, but really, found ...(more)...
Cyber Security Awareness Month - Day 6 ports 67&68 udp - bootp and dhcp, (Tue, Oct 6th)
DHCP is a very commonly used protocol for the automatic assignment of TCP/IP configuration options. ...(more)...
Time to change your hotmail/gmail/yahoo password, (Mon, Oct 5th)
Microsoft has confirmed that thousands of Windows Live accounts have been compromised with their pas ...(more)...
Cyber Security Awareness Month - Day 5 port 31337, (Mon, Oct 5th)
Backdoors and malware and trojans oh my! Post 31337 (tcp or udp) is not an officially assigned port ...(more)...
ISC Update: Fixed search feature. Please test and report problems. Thanks!, (Sun, Oct 4th)
------ Johannes B. Ullrich, Ph ...(more)...
SANS NewsBites
All Stories From Vol: 11 - Issue: 78
CIO Council to Develop Outcome-Based Security Metrics (October 2 & 5, 2009)
The US Chief Information Officer Council has established a Security Metrics Taskforce that has been given the objective of developing "new metrics for information security performance for federal agencies that are focused on outcomes.......
Amazon.com Agrees to Pay US $150,000 to Settle Kindle eBook Removal Lawsuit (October 1 & 2, 2009)
Amazon.......
US Dept. of Homeland Security to Hire 1,000 Cyber Security Specialists (October 1, 2 & 5, 2009)
The US Department of Homeland Security has announced that it plans to hire up to 1,000 cyber security experts over the next three years.......
RIM Issues Update to Fix Security Certificate Flaw in BlackBerry Handset Software (October 6, 2009)
Research In Motion (RIM) has issued an update to address a security flaw in the way the BlackBerry reports security certificate mismatches.......
Null-Prefix Certificate Could be Used to Exploit Vulnerability in Browsers (October 5, 2009)
A phony PayPal SSL certificate has been released, making it easy for cyber criminals to dupe users running Internet Explorer, Google Chrome or Apple Safari web browsers with man-in-the-middle attacks.......
Missing Hard Drive Contains US Military Veterans' Records (October 1, 2 & 5, 2009)
A hard drive containing personally identifiable information of US military veterans was sent to a contractor to be repaired without first being erased.......
Google Apologized for Temporarily Removing Pirate Bay From Search Results (October 5, 2009)
Google has issued a public apology for removing The Pirate Bay from its search results.......
Windows LiveID Credentials Posted on Internet (October 5, 2009)
The leak of more than 10,000 Microsoft Windows Live ID account usernames and passwords is being blamed on a phishing attack; Microsoft maintains that the leak "was not a breach of internal Microsoft data.......
Careless Security Practices Result in Dropped Charges Against Former Employee (October 3, 2009)
A Deputy Merrimack County (New Hampshire) Attorney has dropped theft and computer crime charges against a Concord, NH-area Local Government Center employee.......
California Joins Cyber Security Challenge (October 2, 2009)
US Senator Dianne Feinstein (D-Calif.......
Australian Energy Supplier Computer Network Infected (October 1 & 2, 2009)
Malware has infected the computer network at Integral Energy, a major Australian energy supplier.......
Injunction Served Over Twitter (October 2, 2009)
The UK High Court has allowed an injunction to be served via Twitter.......
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
FBI raids phishing crime ring, nearly 100 arrested
By SearchSecurity.com Staff
Two American Banks were targeted in an International scheme that had U.S.-based runners funneling pilfered funds to phishers in Egypt.
FBI raids phishing crime ring, nearly 100 arrested
By SearchSecurity.com Staff
Bank of America Corp. and Wells Fargo & Co. were targeted in an International scheme that had U.S.-based runners funneling pilfered funds to phishers in Egypt.
Visa probes tokens, encryption for PCI card data protection
By Robert Westervelt
Visa issued payment industry best practices that outline the use of encryption and tokenization to protect credit card data.
Feds push cybersecurity jobs, PCI DSS changes ahead.
By Eric Ogren
The federal government plans to fill cybersecurity jobs, the payment industry is studying PCI virtualization best practices and Microsoft offers free endpoint protection software.
Security - RSS Feeds
Security - RSS Feeds
Federal Investigation Nets 100 in Phishing Scheme
The FBI partnered with Egyptian law enforcement to shut down a phishing ring authorities say was targeting American banks. The investigation, which began in 2007, represents the biggest cyber-crime roundup thus far in the United States.
- Authorities in the United States and Egypt have charged 100 people with participating in a sophisticated phishing ring authorities say defrauded two banks in the United States. Early today, police in cities across the United States arrested 33 of the 53 suspects named in a federal indictmen...
Visa Releases Encryption Guidelines for Merchants
Visa published a set of best practices this week for end-to-end encryption in the payment card industry as work on global standards continues.
- Visa released a document this week with best practices for end-to-end encryption in a bid to help early adopters and encryption vendors while industry standards are being developed. The document, available here, is meant to give organizations something to think about as they evaluate or deplo...
Attackers Improving Search Engine Optimization to Push Rogue Security Tools
In an analysis of a rogue anti-spyware scam, AVG Technologies noted that just 24 hours after a news event, attackers had already gotten their malicious links into five of the top 10 Google search results. The incident highlights the challenges faced by search engines such as Yahoo, Google and Microsoft Bing.
- Poisoning search engines results to trick users into visiting malicious sites is not a new tactic. But as an analysis by AVG Technologies shows, it can be very effective. Examining a rogue spyware campaign that sought to take advantage of interest in the earthquake in Samoa last week, AVG determ...
Fighting Phishers in Light of Gmail, Yahoo, Hotmail Password Leaks
Twenty-four hours after news broke that someone posted usernames and passwords for 10,000 Microsoft Hotmail customers, it was discovered that a similar list with information on thousands of Gmail, AOL and Yahoo Mail were online as well. In light of the news, here are some tips about staying safe online.
- A day after reports surfaced that 10,000 Microsoft Windows Live Hotmail user credentials had been stolen and posted online, the BBC has reported seeing a list of some 20,000 e-mail accounts and passwords belonging to users of Google Gmail, AOL, Yahoo Mail, Comcast and Earthlink. In both cases, of...
Database Security Takes Proper Planning
With the increasing sophistication of attackers and the problems posed by insider threats, database security requires proper planning and the aligning of database and information security policies, experts say. From Hannaford Bros. to LendingTree, the prevalence of data breaches means businesses need to make sure they are paying attention to their databases.
- In an age of high-profile data breaches, database security has started to get more attention. SQL injection attacks were at the root of the breaches at Hannaford Bros. and Heartland Payment Systems, while others such as the one affecting LendingTree last year were caused by malicious insiders. All ...
Microsoft Blames Hotmail Data Leak on Possible Phishing Attack
Microsoft confirmed thousands of Hotmail customers had their usernames and passwords posted recently on a third-party site as a result of a likely phishing attack. An investigation by Microsoft has determined that there was no breach of internal data on the company's part.
- Officials at Microsoft confirmed that thousands users of Windows Live Hotmail had their user credentials posted on a third-party site. According to Microsoft, the username and password information was likely swiped in a phishing scheme, and the company is currently working with customers who...
Security Fix
Brian Krebs on computer and Internet security
Latest FBI Crackdown on Phishing Targets 100 Defendants in U.S., Egypt
In Cyber Justice
UPDATED: 7:45 p.m. Law enforcement authorities in California, Nevada, North Carolina arrested 33 people Wednesday as part of an international crackdown on "phishing," e-mail scams that trick people into giving personal and financial data to counterfeit Web sites. The action, dubbed "Operation Phish Phry" by the FBI, targeted at least 100 people, including 20 defendants in the United States who remain at large. The FBI said that authorities in Egypt have charged at least 47 unindicted co-conspirators there in connection with the scam, which ran from January 2007 through September. It is the largest group of defendants to face charges in a cybercrime case, the FBI said. According to a 51-count indictment returned last week by a federal grand jury in Los Angeles, the defendants in Egypt used e-mails to lure customers of Wells Fargo and Bank of America to phony bank Web sites rigged to steal victims' usernames and
Hijacked Webmail Accounts Used to Promote Dodgy E-Commerce Sites
In Latest Warnings
Tens of thousands of compromised Gmail, Hotmail and Yahoo Webmail accounts are being used to gin up traffic for dodgy, bargain-basement electronics vendors online that only accept bank transfers and Western Union payments, security experts warn. Over the weekend, the credentials for at least ten thousand Microsoft Hotmail accounts were briefly posted online. Microsoft acknowledged the incident on Monday, saying the accounts were stolen as part of a phishing scam. Since then, other news outlets have reported that large caches of Yahoo and Gmail account credentials also were found online. According to an analysis by security vendor Websense, attackers used the hijacked accounts to spam each victim's e-mail contacts, sending messages that tout several online electronics stores. According to Websense, the stores promoted in the spam e-mails are all fakes set up to steal your money (click the image at the right for an enlarged screen shot of one sales
Zeus Trojan Infiltrates Bank Security Firm
In Fraud
On Sept. 1, security industry start-up Silver Tail Systems held an in-depth online seminar for its bank and e-commerce clients that examined the stealth and sophistication of Zeus, a data-stealing Trojan horse program that organized thieves have used in a string of lucrative cyber heists this year. A week later, Silver Tail learned that Zeus had infiltrated its own network defenses. Silver Tail founder Laura Mather said she believes her company was targeted by criminals wielding Zeus specifically because of the recent webinar, which spotlighted the myriad ways in which Zeus can defeat online banking security measures. Still, she said the incident shows this family of malware can be a threat to any business - even security companies. "Luckily, we were vigilant enough and had things locked down to a degree that the attackers weren't able to get anything of value to them," Mather said.
Trove of Hotmail Passwords Posted Online
In Latest Warnings
If you use Microsoft's free Hotmail service, it may be time to change your password: Microsoft said Monday that several thousand Hotmail account credentials were posted online over the weekend. In a statement posted to its Windows Live Spaces blog, Microsoft said the company has determined that the data spill was not the result of a breach of internal Microsoft data, but rather was likely the haul from a phishing scheme. Microsoft said it is taking measures to block access to all of the accounts that were exposed and have resources in place to help those users reclaim their accounts. Microsoft said users who believe their information was documented on the illegal list (i.e., you have reason to believe you may have recently fallen for a Hotmail phishing scam) can reclaim access to their accounts by filling out this form. October being Cyber Security Awareness Month and all, it's probably
SecurityFocus News
SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
Brief: Phishing scam exposes Hotmail passwords
Phishing scam exposes Hotmail passwords
Brief: Spam gets meatier as attached files grow
Spam gets meatier as attached files grow
TaoSecurity
Richard Bejtlich's blog on digital security and the practices of network security monitoring, incident response, and forensics.
Technical Visibility Levels
By Richard Bejtlich
It's no secret that I think technical visibility is the key to trustworthy technology. Via Twitter I wrote The trustworthiness of a digital asset is limited by the owner's capability to detect incidents compromising the integrity of that asset. This topic has consumed me recently as relatively closed but IP-enabled systems proliferate. This ranges from handheld computers (iPhone, Blackberry, etc.) all the way to systems hosted in the cloud. How are we supposed to trust any of them?
One of the first problems we should address is how to describe the level of technical visibility afforded by these technologies. The following is very rough and subject to modification, but I'm thinking in these terms right now.
- Level 0. System status available only by observing explicit failure.
- Level 1. Anecdotal status reporting or limited status reporting.
- Level 2. Basic status reporting via portal or other non-programmatic interface.
- Level 3. Basic logging of system state, performance, and related metrics via defined programmatic interface.
- Level 4. Debug-level logging (extremely granular, revealing inner workings) via defined programmatic interface.
- Level 5. Direct inspection of system state and related information possible via one or more means.
Let me try to provide some examples.
- Level 0. I pick up my POTS line and there is no dial tone.
- Level 1. status.twitter.com. Gmail Last account activity.
- Level 2. www.google.com/appsstatus. status.aws.amazon.com
- Level 3. Pick an app that writes to /var/log/messages on Unix. Cisco IOS logging. Amazon S3 Server Access Logging.
- Level 4. Pick an app that writes debug-level messages to /var/log/messages on Unix. Cisco IOS debug logging.
- Level 5. Tcpdump of network traffic. Memory capture and analysis.
There must be dozens of other examples here. Keep in mind this is more of a half-thought than a finished thought, but I've been sitting on it for too long. Hopefully out in the open someone might comment on it. Thank you.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Hakin9 5/2009 Issue
By Richard Bejtlich
I just received a review copy of the 5/2009 issue of Hakin9 magazine. Several articles look interesting, such as Windows Timeline Analysis by Harlan Carvey, The Underworld of CVV Dumping by Julian Evans, and a few others on malware analysis and ASLR. Check it out!
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Incident Handler, Incident Analyst, Threat Analyst, and Developer Positions in GE-CIRT
By Richard Bejtlich
My team just opened five more positions. These candidates will report to me in GE-CIRT.
- Information Security Incident Handler (1093498)
- Information Security Incident Analyst (two openings, 1093494)
- Cyber Threat Analyst (1093497)
- Information Security Software Developer (1093499)
These candidates will sit in our new Advanced Manufacturing & Software Technology Center in Van Buren Township, Michigan. We don't have any flexibility regarding the location for these positions, and all five must be US citizens. No security clearance is required however!
If interested, search for the indicated job numbers at ge.com/careers or go to the job site to get to the search function a little faster. We are being deluged by applicants for the SIEM role, so your best bet is to apply online and let me find you after reading your resume. Thank you.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
WindowSecurity.com
WindowSecurity.com provides Windows security news, articles, tutorials, software listings and reviews for information security professionals.
Top 10 Windows Security Configurations: Where and How! (Part 2)
By (Derek Melber)
Part two of three articles to complete Derek Melber's top 10 Windows Security configurations.
Yahoo! News: Security News
Security News
Citing Cybercrime, FBI Director Doesn't Bank Online (PC World)
In technology
PC World - The head of the U.S. Federal Bureau of Investigation has stopped banking online after nearly falling for a phishing attempt.
FBI smashes US-Egypt cyber 'phishing' ring (AFP)
In politics
AFP - Investigators in the United States and Egypt have smashed a computer "phishing" identity theft scam described as the biggest cyber-crime investigation in US history, officials said Wednesday.
Windows Attack Code Out, but Not Being Used (PC World)
In technology
PC World - It has been a week since hackers released software that could be used to attack a flaw in Windows Vista and Server 2008, but Microsoft and security companies say that criminals haven't done much with the attack.
Hackers hook Web email users with "phishing" scams (AFP)
In us
AFP - Google and Yahoo! on Tuesday joined a growing roster of Web-based email service providers with users duped by hackers into betraying passwords to accounts.
Threat of next world war may be in cyberspace: UN (AFP)
In business
AFP - The next world war could take place in cyberspace, the UN telecommunications agency chief warned Tuesday as experts called for action to stamp out cyber attacks.
Hackers expose slew of Hotmail acount passwords (AFP)
In us
AFP - Microsoft blocked access to thousands of Hotmail accounts in response to hackers plundering password information and posting it online.
World War III Could Be Fought on Internet, Says ITU Head (PC World)
In business
PC World - Threats of cyberwar and a story of real violence rubbed shoulders at a news conference to mark the opening of the ITU Telecom World exhibition and forum in Geneva on Monday.
Hackers Plan to Clobber the Cloud, Spy on Blackberries (PC World)
In technology
PC World - A new era of computing is on the rise and viruses, spies and malware developers are tagging along for the ride.
Cybersecurity starts at home and in the office (AP)
In technology
AP - When swine flu broke out, the government revved up a massive information campaign centered on three words: Wash your hands. The Obama administration now wants to convey similarly clear and concise guidance about one of the biggest national security threats in your home and office — the computer.
Zero Day
Tracking the hackers
Weak passwords dominate statistics for Hotmail's phishing scheme leak
By Dancho Danchev on Spam and Phishing
The recently leaked accounting data of thousands of Hotmail users — Gmail has also been affected — obtained through what appears to be a badly executed phishing campaign, once again puts the spotlight on the how bad password management practices remain an inseparable part of the user-friendly ecosystem. According to a statistical analysis of the 10,000 [...]
The case of the fake money-mules: Inside the URLZone Trojan network
By Ryan Naraine on iPhone
Security researchers tracking the URL Zone malware/botnet have stumbled upon a new tactic being used by cyber-criminals to hide information on the money mules being used to transfer stolen funds from compromised online bank accounts.
Ars Technica - Security
Microsoft Patch Tuesday for October 2009: 13 bulletins
By emil.protalinski@arstechnica.com (Emil Protalinski) on Patch Tuesday
According to the Microsoft Security Response Center, Microsoft will issue 13 Security Bulletins on Tuesday, and it will host a webcast to address customer questions about the bulletin the following day (October 14 at 11:00am PST, if you're interested). Eight of the vulnerabilities are rated "Critical," and the other five are marked as "Important." All of the Critical vulnerabilities earned their rating through a remote code execution impact, meaning a hacker could potentially gain control of an infected machine. At least six of the 13 patches will require a restart.
Botnet-hosting subscribers soon to get warnings from Comcast
By jacqui@arstechnica.com (Jacqui Cheng) on virus
Internet users, don't worry—papa Comcast's lookin' out for you. The company announced that it has begun rolling out a service that will warn its broadband customers when they could be infected with malware based on their traffic patterns. The service, dubbed "Constant Guard," is really aimed at reducing botnet traffic on Comcast's network with the spin that the company wants to protect customers, and a trial has already begun in Denver, Colorado.
The warning will come as an in-browser pop-up that will trigger if there's an unusual spike in traffic from a customer's home, or if mass numbers of e-mails suddenly start going out of that user's account. The pop-up will instruct users to go to Comcast's Anti-Virus Center to help diagnosing and fixing the problem (Comcast has partnered with McAfee for virus removal software).
CGISecurity - Website and Application Security News
All things related to website, database, SDL, and application security since 2000.
WASC TC v2 - Improper Input Handling Section Completed
By Robert A. on WASC
I lead the WASC Threat Classification v2 project and we've just completed a section that I felt deserved its own post. Prasad Shenoy along with the WASC TC peer review team authored a really great section on Improper Input Handling meant to describe each aspect of input handling with a medium level...
Yahoo Best Jobs in America ranks infosec professional #8
By Robert A. on IndustryNews
After checking out my favorite stocks this morning at finance.yahoo.com I saw an article titled 'best jobs in America' so figured I'd check it out. To my surprise Computer/Network Security Consultant was ranked as the 8th best job in the US. Very cool! Link: http://finance.yahoo.com/career-work/article/107932/best-jobs-in-america.html
Announcing the Web Application Security Scanner Evaluation Criteria v1
By Robert A. on XSS
"The Web Application Security Consortium is pleased to announce the release of version 1 of the Web Application Security Scanner Evaluation Criteria (WASSEC). The goal of the WASSEC project is to create a vendor-neutral document to help guide information security professionals during web application scanner evaluations. The document provides a comprehensive list...
CNET News - Security
IBM privacy chief: Asia need not mimic Europe
By Vivian Yeo
Harriet Pearson, chief privacy officer, IBM
(Credit: IBM
Harriet Pearson once joined a petition signed by Facebook users, urging the social-networking site to do more in terms of privacy.
But the privacy expert considers herself a moderate when it comes to protecting her personal information.
Pearson, IBM's chief privacy ...
New Ad-Aware offers behavioral detection
By Seth Rosenblatt
Lavasoft has updated its popular malware and spyware detection and removal tool Ad-Aware. Rather than a dramatic redo, version 8.1 builds on the improvements made in the previous version. The new version is faster, has better removal abilities, and introduces a behavioral detection engine.
Ad-Aware 8
Called Genotype, Ad-Aware'...
Originally posted at The Download Blog
Hacked Web mail accounts used to send spam
By Carly Newman
There has been a marked increase in the amount of spam e-mails being sent from Yahoo, Gmail, and Hotmail accounts, according to analysts at Websense Security Labs.
Websense said on Thursday that personalized spam e-mails had been sent from the compromised accounts to all of each user's contacts. The ...
Adobe exploit puts backdoor on computers
By Elinor Mills
A new zero-day exploit targeting Adobe Reader, as well as 9.1.3 and earlier versions of Adobe Systems' Acrobat, drops a backdoor onto computers using JavaScript, Trend Micro researchers warned on Friday.
Trend Micro identified the exploit as a Trojan horse dubbed "Troj_Pidief.Uo" in a blog post. It ...
Originally posted at InSecurity Complex
China 'Green Dam' enforcement faces hurdles
By Vivian Yeo
China's Green Dam-Youth Escort censorship initiative is facing hurdles as some schools and Internet cafes either don't have the software or have uninstalled it.
Initially required for all new PCs when it was introduced in June, the Chinese government revised its mandate in August and effectively lifted the burden on PC makers ...
Phished or not, leaked passwords show lazy habits
By Elinor Mills
These are the 20 most common passwords, based on 10,000 analyzed by Acunetix.
(Credit: Acunetix
It's still unclear exactly how 20,000 passwords discovered on the Web recently were stolen, but the finding reveals much in the way of people's password habits: some of us are lazy....
Originally posted at InSecurity Complex
Forefront Endpoint Protection release delayed
By Elinor Mills
Microsoft on Thursday said it is delaying the release of its Forefront Endpoint Protection 2010 antimalware product for Windows desktops and servers until the second half of next year.
Forefront Endpoint Protection is a component of the upcoming Forefront Protection Suite, formerly code-named "Stirling."
"Based on customer feedback and market ...
Originally posted at InSecurity Complex
Microsoft to patch zero-day SMB, IIS holes
By Elinor Mills
Microsoft on Thursday said it will provide a fix next week for zero-day flaws in Microsoft Server Message Block (SMB) and Internet Information Services (IIS) that could allow an attacker to take control of a computer.
Those are just two of the 34 vulnerabilities addressed in 13 bulletins (eight of ...
Originally posted at InSecurity Complex
Comcast pop-ups alert customers to PC infections
By Elinor Mills
Comcast is launching a trial on Thursday of a new automated service that will warn broadband customers of possible virus infections, if the computers are behaving as if they have been compromised by malware.
For instance, a significant overnight spike in traffic being sent ...
Originally posted at InSecurity Complex
Verizon, McAfee team up on security products
By Lance Whitney
With security and cloud-computing both hot-button topics, Verizon Communications and McAfee are joining forces to offer customers a combination of the two.
Verizon's business unit and McAfee announced Thursday a new joint venture to sell cloud-based security products and services to large businesses and government agencies. With more companies ...
CounterMeasures
Rik Ferguson blogs about security issues.
A (google) Wave of Scams
By Rik Ferguson on web
It was no surprise to see blackhat SEO happening based on the search term “Google Wave invitation”, as reported by Websense when the service was launched. Well, interest in Google’s new Wave service and API is still running high, invitations are even up for sale on online auction sites and the opportunistic interest of cybercrime [...]
Darknet - The Darkside
Ethical Hacking, Penetration Testing & Computer Security
Nat Probe – NAT Detection Tool
By Darknet on p2p detection
This little, but very useful program, try to sends ICMP packet out the LAN, and detect all the host that allow it. Whit this you can find bugs in your (company?) network ( or others), for example hosts that allow p2p connections. Explanation When we use a Gateway, we send the packets with IP destination of the [...]
Read the full post at darknet.org.uk
DarkReading - All Stories
DarkReading
Enterprises Continue To Struggle With Vulnerability Management
New Dark Reading report offers a look at how to find -- and fix -- security flaws in enterprise infrastructure
Six Steps Toward Better Database Security Compliance
Experts outline six steps to improving regulatory compliance of enterprise databases
Botnets Behind Most Modern Malware Infections
Command-and-control conduit in most malware makes infected machines bots
Federal Computer Week: Security News
DHS Web sites vulnerable to hackers, IG says
The DHS inspector general has found vulnerabilities related to uneven security patch management in the department's nine most popular Web sites.
While security clearances speed up, quality lags, GAO says
Although OPM and DOD have made significant progress in improving the timeliness of the personnel security clearance process, agencies still need to improve the quality of clearance investigations, according to GAO officials.
IG faults HUD for stimulus law reporting problems
HUD falls on privacy and data security goals and misses deadlines as it tracks spending for the economic stimulus law, the IG's office says.
Info Security News
Carries news items (generally from mainstream sources) that relate to security.
Cyberwar Readiness Recast As Low Priority
Posted by InfoSec News on Oct 13
http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=220600297
By J. Nicholas Hoover
InformationWeek
October 12, 2009
The U.S. government should not make cyberwarfare a priority investment
area, according to a report from public policy think tank RAND Corp.
The report, which was underwritten by the Air Force, recommends that the
government focus instead on shoring up defenses of critical
infrastructure like...
Choosing the Right Emergency Contacts
Posted by InfoSec News on Oct 13
http://shankman.com/choosing-the-right-emergency-contacts/trackback/
By Peter Shankman
September 10th, 2009
As a skydiver, I'm asked to put down an emergency contact every time I
visit a new dropzone. Growing up, chances are, we choose our parents.
I've learned since that they're not the best for that "bad call." Not to
diss them in any way, but if the worst were ever to happen, I'd rather
they find out from someone they know,...
AusCERT2010 Call for Presentations and Tutorials
Posted by InfoSec News on Oct 13
Forwarded from: Robert Lowe <rlowe (at) auscert.org.au>
Greetings,
This is a call for presentations and tutorials for AusCERT2010, the
AusCERT Asia Pacific Information Security Conference. The conference
will take place from Sunday, 16 May until Friday, 21 May 2010 and held
at RACV Royal Pines Resort Gold Coast, Australia.
For information on topic areas and submission guidelines please refer to:...
Request for feedback
Posted by InfoSec News on Oct 13
Forwarded from: Rodolfo G. Rosini <rodolfo (at) cellcrypt.com>
I've written an introductory cellular voice security guide and would
like to get some feedback before releasing it into the wild. ISN readers
are not my audience but they are a very informed bunch and I'd like
to get their viewpoint on this.
The brief is at
http://www.cellcrypt.com/documents/Cellcrypt_security_brief.pdf
Feedback (of any kind) is more than welcome at...
Montgomery Planner Tried To Hinder Audit, Report Finds
Posted by InfoSec News on Oct 13
http://www.washingtonpost.com/wp-dyn/content/story/2009/10/12/ST2009101200662.html
By Miranda S. Spivack
Washington Post Staff Writer
October 12, 2009
Montgomery County's planning director tried to block an investigation of
his spending practices and those of his agency, according to a report by
the Maryland-National Capital Park and Planning Commission.
The audit report details instances in which Montgomery Planning Director
Rollin Stanley...
Re: Help InfoSec News with a Donation
Posted by InfoSec News on Oct 09
We're just a few subscribers short of having a 1% response rate, but I'd
like to thank the 8 people since sending this out last night for
donating a little something to keep the lights on here, but also in
helping improve the site in the long run!
http://www.infosecnews.org/donate.html
Thanks!
William Knowles
InfoSec News
@infosecnews.org
________________________________________
Did a friend send you this? From now on, be the
first to...
Deutsche Bank Spy Case Rises to New Level
Posted by InfoSec News on Oct 09
http://online.wsj.com/article/SB125499181593172927.html
By David Crawford
The Wall Street Journal
OCTOBER 9, 2009
BERLIN -- German prosecutors have opened a formal criminal investigation
into the Deutsche Bank AG spying affair but say their probe doesn't
target the bank's chairman, chief executive or other management-board
and supervisory-board officials.
Frankfurt prosecutors said they had found evidence that those carrying
out the...
Comcast pop-ups alert customers to PC infections
Posted by InfoSec News on Oct 09
http://news.cnet.com/8301-27080_3-10370996-245.html
[Here's a better idea, forget the pop-up that your computer is infected,
everyone ignores that. Just cut off the account from the Internet, when
Joe Sixpack can't download more Carla Bruni nudie pics, they'll just
call Comcast customer support, listen to Ben Stein and Shaq flap their
gums for a few minutes, and someone in your CS department will tell them
if they want to see more Carla...
Survey shows business sceptical about external hacking
Posted by InfoSec News on Oct 09
http://www.v3.co.uk/v3/news/2250893/survey-shows-business-sceptical
By Iain Thomson in San Francisco
V3.co.uk
09 Oct 2009
A global survey of IT managers from IDC has shown that the last majority
think that having the company hacked from the outside is highly
unlikely.
Of the companies questioned just 15 per cent thought that they would
lose data to hackers, with three times as many thinking employee
carelessness would cause a breach....
Re: Citing cybercrime, FBI director doesn't bank online
Posted by InfoSec News on Oct 09
Forwarded from: security curmudgeon <jericho (at) attrition.org>
: http://www.networkworld.com/news/2009/100709-citing-cybercrime-fbi-director-doesnt.html
:
: By Robert McMillan
: IDG News Service
: 10/07/2009
:
: The head of the U.S. Federal Bureau of Investigation has stopped banking
: online after nearly falling for a phishing attempt.
:
: FBI Director Robert Mueller said he recently came "just a few clicks
: away from...
Critical Adobe Reader vuln under 'targeted' attack
Posted by InfoSec News on Oct 09
http://www.theregister.co.uk/2009/10/08/adobe_reader_vuln_under_attack/
By Dan Goodin in San Francisco
The Register
8th October 2009
Attackers once again are targeting an unpatched vulnerability in Adobe
Reader that allows them to take complete control of a user's computer,
the software maker warned.
Adobe said it planned to patch the critical security bug in Reader and
Acrobat 9.1.3 for Windows, Mac and Unix on Tuesday, the date of the...
Secunia Weekly Summary - Issue: 2009-41
Posted by InfoSec News on Oct 09
========================================================================
The Secunia Weekly Advisory Summary
2009-10-01 - 2009-10-08
This week: 42 advisories
========================================================================
Table of Contents:
1.....................................................Word From...
How dangerous could a hacked robot possibly be?
Posted by InfoSec News on Oct 09
http://www.computerworld.com/s/article/9139118/How_dangerous_could_a_hacked_robot_possibly_be_?taxonomyId=17
By Robert McMillan
October 8, 2009
IDG News Service
It seems like a question ripped from the back of a cheap sci-fi novel:
What happens when the robots are turned against us?
But researchers at the University of Washington think it's finally time
to start paying some serious attention to the question of robot
security. Not because...
CFP: Workshop on Ethics in Computer Security Research 2010 - EXTENDED Deadline: Oct 22, 2009
Posted by InfoSec News on Oct 09
Forwarded from: Sven Dietrich <spock (at) cs.stevens.edu>
Dear colleagues,
as requested by many of you, we're extending the deadline for WECSR2010 to
Oct 22, 2009, 11:59pm EDT.
Best regards,
Sven Dietrich
InformationWeek Security News
InformationWeek
T-Mobile, Microsoft Promise $100 Gift Card For Lost Data
By Thomas Claburn
But most customers will see their data restored, the two companies hope.
Google Helps Webmasters Spot Malware
By Thomas Claburn
In an effort to help owners of compromised Web sites find and remove hidden malware, Google is now offering a malware identification tool to Webmasters who have registered their sites with the company.
Google Helps Webmasters Spot Malware
By Thomas Claburn
In an effort to help owners of compromised Web sites find and remove hidden malware, Google is now offering a malware identification tool to Webmasters who have registered their sites with the company.
Microsoft, T-Mobile Apologize For Data Loss, Offer Month Credit
By Thomas Claburn
Sidekick users who lost their data won't be getting it back. T-Mobile and Microsoft say the data is gone.
Microsoft, T-Mobile Apologize For Data Loss, Offer Month Credit
By Thomas Claburn
Sidekick users who lost their data won't be getting it back. T-Mobile and Microsoft say the data is gone.
Report Casts Cyberwar In 'Niche Role' For U.S.
By J. Nicholas Hoover
Cyberwar readiness should have a place in U.S. defense planning, but resources are better spend on bolstering potentially vulnerable infrastructure, according to think tank RAND.
Cyberwar Readiness Recast As Low Priority
By J. Nicholas Hoover
Preparedness for cyberwar should have a place in U.S. defense planning, but resources are better spent on bolstering potentially vulnerable infrastructure, according to think tank RAND.
Google Patches Android DoS Flaws
By Marin Perez
The patch fixes flaws that would enable malformed SMS messages or mobile applications to crash Android 1.5 handsets.
Dark Reading Tech Center: Database Security
Hackers may covet your data, but insiders are the most common source of database leaks, a new report says.
Dark Reading Tech Center: Database Security
Hackers may covet your data, but insiders are the most common source of database leaks, a new report says.
8 Things To Think About For Windows 7
By Michael Healey
Windows 7 has features that point to the future of the desktop.
Web Security Goes Online
By Randy George
A growing number of providers offer Web security in the cloud
Google Patches Google Pack Vulnerability
By Thomas Claburn
Google Pack, the company's collection of free Google and third-party applications, had a vulnerable component that Google has just fixed.
Google Patches Google Pack Vulnerability
By Thomas Claburn
Google Pack, the company's collection of free Google and third-party applications, had a vulnerable component that Google has just fixed.
Microsoft Security Fix Breaks Record Set In June
By Thomas Claburn
Next week's "Patch Tuesday" will keep IT administrators busy. Fixes include two zero-day vulnerabilities, at least one of which is actively being exploited.
Google Robbed By Botnet
By Thomas Claburn
A botnet designed to facilitate click fraud is defrauding advertisers and denying potential revenue to Google and other search engines.
InSecurity Complex
Keeping tabs on flaws, fixes, and the people behind them.
Neil Gaiman to create audio book based on tweets
By Elinor Mills
Twitter may not be making money but at least it's providing a forum for some innovative artistic collaboration.
Take, for instance, science fiction writer and graphic novelist Neil Gaiman. He's going to create an audio book based on tweets provided by Twitter users.
You might remember the game ...
Adobe exploit puts backdoor on computers
By Elinor Mills
A new zero-day exploit targeting Adobe Reader, as well as 9.1.3 and earlier versions of Adobe Systems' Acrobat, drops a backdoor onto computers using JavaScript, Trend Micro researchers warned on Friday.
Trend Micro identified the exploit as a Trojan horse dubbed "Troj_Pidief.Uo" in a blog post. It ...
Phished or not, leaked passwords show lazy habits
By Elinor Mills
These are the 20 most common passwords, based on 10,000 analyzed by Acunetix.
(Credit: Acunetix
It's still unclear exactly how 20,000 passwords discovered on the Web recently were stolen, but the finding reveals much in the way of people's password habits: some of us are lazy....
Forefront Endpoint Protection release delayed
By Elinor Mills
Microsoft on Thursday said it is delaying the release of its Forefront Endpoint Protection 2010 antimalware product for Windows desktops and servers until the second half of next year.
Forefront Endpoint Protection is a component of the upcoming Forefront Protection Suite, formerly code-named "Stirling."
"Based on customer feedback and market ...
Microsoft to patch zero-day SMB, IIS holes
By Elinor Mills
Microsoft on Thursday said it will provide a fix next week for zero-day flaws in Microsoft Server Message Block (SMB) and Internet Information Services (IIS) that could allow an attacker to take control of a computer.
Those are just two of the 34 vulnerabilities addressed in 13 bulletins (eight of ...
Comcast pop-ups alert customers to PC infections
By Elinor Mills
Comcast is launching a trial on Thursday of a new automated service that will warn broadband customers of possible virus infections, if the computers are behaving as if they have been compromised by malware.
For instance, a significant overnight spike in traffic being sent ...
McAfee Avert Labs
Cutting edge security research as it happens.......
McAfee Labs’ October Spam Report
By David Marcus on Web and Internet Safety
Cybercriminals are taking advantage of American concerns about healthcare by flooding the internet with spam. According to our October Spam Report, 70 percent of global spam is now “Canadian” pharmacy spam that takes advantage of fears of Swine Flu and rising costs of Medicare and pharmaceuticals. Spammers generate more than 150 billion spam messages daily; that’s [...]
Network World on Security
The latest security news, analysis, reviews and feature articles from NetworkWorld.com.
Barracuda gobbles up SaaS security start-up Purewire
Barracuda Networks has acquired start-up Purewire in an effort to expand its footprint in the market for Web security services.
British ISP offers self-managing MPLS box
ISP Pro-Net has launched a multiple-service security box
8% of web users have considered hacking
More than one in ten social networkers thinks their account has been hacked, says Moneysupermarket.com.
ID fraud surged by a third in 2009
The number of victims of ID fraud in the UK rose by a third in 2009 compared to the previous year, said the CIFAS.
Apple Snow Leopard Flaw Devours User Data
A serious flaw in Apple's Snow Leopard OS appears capable of wiping user data after the user opens and closes the "guest" account on the afflicted Macintosh.
ACMA extends cyber bullying smarts to trainee teachers
The Australian Communications and Media Authority (ACMA) has extended its cyber safety education program to trainee teachers, with the introduction of a new program.
Stephen Gately death exploited by hackers
Hackers have already starting exploiting the death of pop star Stephen Gately just 48 hours after the singer tragically died, says Sophos.
Snow Leopard Bug is a Doozy, How Did Apple Miss It?
Reports of a major bug in Snow Leopard, the latest version of Mac OS X that debuted in August, are creating dismay among Mac users in Apple's support forums, on Twitter, and elsewhere across the Web.
Expert provides more proof hackers hijacked Hotmail accounts
It's almost certain that hackers obtained the Hotmail passwords that leaked to the Internet through a botnet-based attack, a researcher said today as she provided more proof that Microsoft's explanation was probably off-base.
Researchers advise cyber self defense in the cloud
Security researchers are warning that Web-based applications are increasing the risk of identity theft or losing personal data more than ever before.
Analysis: Phishing arrests highlight massive problem
The massive phishing scam broken up by federal authorities this week is only a hint at what many say is an insidious and growing problem on the Internet.
Hackers exploit year's fourth PDF zero-day
Adobe has acknowledged that hackers are exploiting bugs in its Reader PDF viewer and Acrobat PDF maker to break into Wndows-based PCs.
Kaspersky intros Kaspersky Anti-Virus for Mac
Kaspersky Lab has introduced Kaspersky Anti-Virus for Mac, which the company believes strengthens the security provided by Apple and offers a platform to add additional security modules as new threats emerge.
Spam accounts for 86% of all emails
Worldwide spam has surged by nine times and now makes up 86 percent of all emails, says Symantec.
Google patches DoS vulnerabilities in Android
Researchers at the Open Source Computer Emergency Response Team disclosed two denial-of-service vulnerabilities in Google's Android 1.5 mobile phone platform, both of which have already been patched by the vendor.
Wikileaks plans to make the Web a leakier place
Wikileaks.org, the online clearinghouse for leaked documents, is working on a plan to make the Web leakier by enabling newspapers, human rights organizations, criminal investigators and others to embed an "upload a disclosure to me via Wikileaks" form onto their Web sites.
Google Offers Advice on Secure Passwords
It's National Cyber Security Awareness Month, and Google wants to remind you of a basic tenet of online security: passwords. Considering that October started off with a security breach that struck more than 10,000 Hotmail accounts, a security review may not be such a bad idea. Michael Santerre, Google's Consumer Operations Associate detailed Google's password advice in a recent blog post.
Senate panel approves extension of Patriot Act
The U.S. Senate Judiciary Committee on Thursday voted to extend the controversial Patriot Act, an antiterrorism law passed shortly after the Sept. 11 terrorist attacks on the U.S.
Microsoft plans monster Patch Tuesday next week
Microsoft will deliver its largest-ever number of security updates on Tuesday to fix flaws in every version of Windows, as well as IE, Office, SQL Server, important developer tools and the enterprise-grade Forefront Security client software.
Sophos adds DLP to desktop anti-malware
Sophos added data-loss prevention capabilities to its desktop anti-malware software and is promising gateway-based DLP in the future.
Microsoft falls further behind on security, identity integration
Microsoft is delaying the release of Forefront Endpoint Protection 2010 until the second half of 2010. The anti-malware software had been expected to ship in the first half of the year.
Number of UK kids with Web access in bedroom increases
Over a third of children aged 12 to 15 have internet access in the bedroom, says Ofcom.
Intel IT Director Keeps Network PCs Safe
Want to be your own IT? Small business owners may not want to outsource their PC management or buy an expensive management package--but they still need to keep track of what's happening with the PCs in their network. Intel's IT Director (free) allows you to monitor stats for each PC, such as the amount of disk space used, whether or not the Windows firewall is enabled, and whether or not antivirus software is installed.
CIA trusts cloud security, but only in private clouds
It turns out the CIA is interested in cloud computing, but not cloud services for security reasons.
The Register - Security
Biting the hand that feeds IT
Feds: bald man posing as 17-year-old secretly taped teens
'I'm lonely and hate being old'
A Massachusetts man in his 40s stands accused of posing as a 17-year old boy so he could lure teenage girls into video chatrooms and secretly videotape them as they engaged in sexual acts.…
'Hack Idol' to find top UK cyberwarriors
Wouldn't trust the phone voting
The UK government has launched plans to find the best young hackers through a talent competition.…
ID fraud prevention week fights UK's fastest growing crime
Oo are yer?
National Identity Fraud Prevention week kicked off in the UK on Monday. The scheme marks an attempt to raise public awareness of the threat of identity fraud, reckoned to be one of the UK's fastest growing financial crimes.…
Telecoms reform tabled as EU plots spam clampdown
Italy praised and UK shamed over enforcement
The European Commission is calling on tougher action to fight spammers and protect online privacy.…
Large Hadron boffin arrested on terrorism suspicion
No more atom-smashing for you
An atomic physicist who worked at the European Organization for Nuclear Research for six years has been arrested on suspicion he had links to an Al Qaeda affiliate in North Africa.…
Twitter bans security maven for sharing naughty link
"We scan evrythng"
A well known security researcher was banished from Twitter for more than two days for including the address of a malicious website in a two-month-old dispatch.…
YouTube video spam promotes Russian real estate
A different kind of viral video
Russian security researchers have discovered a spam campaign that points towards video ads hosted on YouTube.…
UK Border Agency suspends 'flawed' asylum DNA testing
To try head measuring?
The UK Border Agency has quietly suspended its heavily-criticised attempt to test asylum seekers' nationality by DNA fingerprinting and isotope analysis.…
ID card support hits bottom under Brown
Still more popular than Gordo though
Support for the government's ID card scheme has slumped to its lowest level yet, according to research by NO2ID.…
UK Supremes turn down McKinnon hearing
Pentagon hacker one step closer to extradition
Updated Gary McKinnon has been refused leave to appeal to the newly-established UK Supreme Court against his extradition to the US on hacking charges.…
Zero-day fixes star in biggest ever Patch Tuesday
13 updates (8 critical) in record haul
Microsoft is preparing its biggest ever Patch Tuesday update for next week.…
Bitbucket's Amazon DDoS - what went wrong
A cautionary cloud tale
After a DDoS brought down Bitbucket's web-based code-hosting service for more than 19 hours over the weekend, Jesper Nøhr speculated the attack had exposed a flaw in the sky-high Amazon infrastructure that hosts the site. Nøhr - who runs Bitbucket - has since spoken to an "Amazon executive" about the attack, and according to his account of the conversation, his earlier speculation was right on the money.…
Botnet caught red handed stealing from Google
And Yahoo!... and Bing
A recently discovered botnet has been caught siphoning ad revenue away from Google, Yahoo! and Bing and funneling it to smaller networks.…
Critical Adobe Reader vuln under 'targeted' attack
No patch till Tuesday
Attackers once again are targeting an unpatched vulnerability in Adobe Reader that allows them to take complete control of a user's computer, the software maker warned.…
FBI chief barred from online banking by wife
Domestic surveillance
America's chief spook has been banned from internet banking by his wife after nearly falling prey to a common email phishing scam.…
Recidivist stock fraud hacker pleads guilty to ID theft
Go directly to jail. Do not collect $200
A former stock fraud hacker has pleaded guilty to new fraud and identity theft charges.…
SANS Information Security Reading Room
Last 25 Computer Security Papers added to the Reading Room
Security Concerns in Using Open Source Software for Enterprise Requirements
Category: Security Awareness
Paper Added: October 8, 2009
SANS Internet Storm Center, InfoCON: green
Some interesting SSL SPAM, (Mon, Oct 12th)
A few people have mentioned (Thanks Luke, Anon, et all) that they have started receiving SPAM ...(more)...
Cyber Security Awareness Month - Day 12 Ports 161/162 Simple Network Management Protocol (SNMP), (Sun, Oct 11th)
SNMP has to be one of my favourite protocols when doing internal pentesting. Mainly because I ...(more)...
Cyber Security Awareness Month - Day 11 - RPCBind aka Portmapper, (Sun, Oct 11th)
As most of our regular readers are aware, this is Cyber Security Awareness Month and the ISC handler ...(more)...
OT: Happy Thanksgiving weekend Canada!, (Sun, Oct 11th)
...(more)...
Cyber Security Awareness Month - Day 10 - The Questionsable Ports, (Sat, Oct 10th)
The Internet Storm Center is focusing on IP ports for the month of October. I am going to cont ...(more)...
User Notification for Possible Infected Systems, (Sat, Oct 10th)
One of our readers, Roy, came across this article from Yahoo! this morning reporting that Comcast is ...(more)...
OUTAGE: I will be upgrading the server for ISC/DShield later today. Outages should last around 5 minutes., (Sat, Oct 10th)
------ Johannes B. Ullrich, Ph ...(more)...
AT&T Cell Phone Phish, (Fri, Oct 9th)
Alan tells us that several ATT cell subscribers have just received a text message, which instru ...(more)...
THAWTE to discontinue free Email Certificate Services and Web of Trust Service, (Fri, Oct 9th)
Arno writes in to tell us that Thawte will be discontinuing their free E-mail Certificates and email ...(more)...
Cyber Security Awareness Month - Day 9 - Port 3389/tcp (RDP), (Fri, Oct 9th)
Feel free to comment on this diary entry - were interested in issues or resolutions you may h ...(more)...
New Adobe Vulnerability Exploited in Targeted Attacks, (Thu, Oct 8th)
Adobe's PSIRT (Product Security Incident Response Team) published a new blog post today [1]. The pos ...(more)...
Nessus.org is coming back up, very slow right now. Thank you for writing in., (Thu, Oct 8th)
...(more)...
Cyber Security Awareness Month - Day 8 - Port 25 - SMTP, (Thu, Oct 8th)
My personal favorite port is port 53, but well, it was already taken. So I am going to cover port 25 ...(more)...
Firefox Plugin Collections, (Thu, Oct 8th)
Our reader Mark send us a link to his firefox Security Suite https://addons.mozilla ...(more)...
SANS NewsBites
All Stories From Vol: 11 - Issue: 79
Comcast Testing Malware Alert Service (October 8, 2009)
On Thursday, October 8, Comcast began testing a service that alerts its broadband subscribers with pop-ups if their computers appear to be infected with malware.......
Japan High Court Acquits Winny Creator of Copyright Violation Charges (October 8, 2009)
A Japanese court has ruled that the creator of the Winny filesharing software is not guilty of helping its users violate copyright law.......
Film Companies Take Australian ISP to Court to Failure to Act on Filesharing Information (October 7, 2009)
Australian Internet service provider (ISP) iiNet was in court facing charges that it has not taken action against suspected illegal filesharers.......
Microsoft Will Issue 13 Bulletins on October 13 (October 8, 2009)
According to its Security Bulletin Advance Notification for October 2009, Microsoft plans to release 13 security bulletins on Tuesday, October 13 to address vulnerabilities in Internet Explorer (IE), Microsoft Office, SQL Server, some developer tools, Forefront Security client software and all supported versions of Windows.......
Adobe Warns of Limited Targeted Attacks on Reader and Acrobat Vulnerability (October 8, 2009)
Adobe is warning that attackers are actively exploiting an unpatched flaw in Reader and Acrobat 9.......
No More Internet Banking for FBI Director (October 7 & 8, 2009)
FBI Director Robert Mueller says he will no longer bank online after he nearly succumbed to a phishing attack.......
Convicted Online Trading Hacker Strikes Again (October 7 & 8, 2009)
Van T.......
Legislators Seek More Information on JP Morgan Chase Bank Data Breach (October 7, 2009)
US Representatives Joe Barton (R-Texas) and George Radanovich (R-Calif.......
Operation Phish Phry Rounds Up 100 Suspects (October 7 & 8, 2009)
A two-year international investigation known as Operation Phish Phry has netted authorities in the US and Egypt 100 suspects.......
Stolen Laptop Holds Unencrypted Data of 850,000 Doctors (October 6 & 7, 2009)
A laptop computer stolen from the car of a BlueCross BlueShield employee contains unencrypted personal data of 850,000 physicians.......
Microsoft Blocks Hacked Hotmail Accounts; Researcher Says Scope of Attack Suggests Keystroke Loggers (October 6 & 7, 2009)
Microsoft has blocked access to all the Hotmail accounts that were recently compromised.......
PayPal Suspends Researcher's Account (October 6 & 7, 2009)
PayPal has suspended the account of security researcher Moxie Marlinspike after someone used research he presented at the Black Hat security conference this summer to publish a phony PayPal certificate.......
SPECIAL NOTICE: Protecting Your Business from Online Banking Fraud
One of the big problems in security right now is organized crime targeting comptroller PCs with malware, collecting online banking credentials and using them to wire transfer money to accomplices (mules) in numerous transfers that are below ten thousand dollars each.......
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Adobe warns of critical update for Reader, Acrobat 9.1.3
By Robert Westervelt
An Adobe update next week will repair a critical zero-day flaw being actively targeted by attackers.
Microsoft to address SMB zero-day, IIS FTP Service vulnerabilities
By Robert Westervelt
Thirteen bulletins address 34 vulnerabilities across the Microsoft product line, according to the Microsoft advance notification.
McAfee, Verizon Business partner to develop cloud security services
By Neil Roiter
Extensive deal also positions Verizon as major McAfee reseller and managed security services provider for its products.
FBI raids phishing crime ring, nearly 100 arrested
By SearchSecurity.com Staff
Bank of America Corp. and Wells Fargo & Co. were targeted in an international scheme that had U.S.-based runners funneling pilfered funds to phishers in Egypt.
SecuriTeam
Welcome to the SecuriTeam RSS Feed - sponsored by Beyond Security. Know Your Vulnerabilities! Visit BeyondSecurity.com for your web site, network and code security audit and scanning needs.
TrustPort Antivirus and PC Security Privilege Escalation Vulnerability
Trustport installs its program files with insecure permissions (Everyone - Full Control). A local attacker (unprivileged user) can replace some files (including executable files of Trustport services) with malicious files and execute arbitrary code with SYSTEM privileges.
HP Remote Graphics Software (RGS) Sender, Remote Unauthorized Access
A potential security vulnerability has been identified with HP Remote Graphics Software (RGS) Sender. The vulnerability could be exploited remotely to gain unauthorized access.
Adobe Photoshop Elements Active File Monitor Service Local Elevation Of Privileges
The Adobe Active File Monitor service is installed with an improper security descriptor.
FlatPress FP-includes Remote Command Execution Vulnereability
FlatPress is an open-source standard-compliant multi-lingual extensible blogging engine written in PHP by Edoardo Vacchi. It is prone to an LFI vulnerability which can be exploited to have RCE (Remote Command Execution).
Flickr API Authentication Hash Extension Attack
This advisory describes a vulnerability in the signing process that allows an attacker to generate valid signatures without knowing the shared secret. By exploiting this vulnerability, an attacker can send valid arbitrary requests on behalf of any application using Flickr's API. When combined with other vulnerabilities and attacks, an attacker can gain access to accounts of users who have authorized any third party application. Additionally, if an application uses PHPFlickr >= 1.3.1, an attacker can trick users of that application to visit arbitrary web sites. This may apply for other Flickr's API libraries and applications as well.
OSISoft PI Server Authentication Weakness
The PI Server suffers from an encryption weakness in the default authentication process.
Novell NetWare NFS Portmapper and RPC Module Stack Overflow Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware NFS Portmapper daemon. Authentication is not required to exploit this vulnerability..
HP-UX Running Kerberos Denial of Service and Execution of Arbitrary Code
Potential security vulnerabilities have been identified on HP-UX running Kerberos. These vulnerabilities could be exploited by remote unauthenticated users to create a Denial of Service (DoS) or to execute arbitrary code.
Security - RSS Feeds
Security - RSS Feeds
Google: Five Fixes For Five Password Security Problems
October is National Cyber Security Awareness Month, and Google paid homage to that fact by offering a brief tutorial on creating stronger passwords. Why, Google, you ask? After all, Google is not a security consultant. True, but Google is the world's Web service leader. Millions of users flock to Google to use its Gmail, Google Reader, iGoogle home pages and other applications. These services require a Google Account, which in turn means a user ID and password. To help users steer clear of activities such as phishing, Google Oct. 7 offered fixes to five password security problems. eWEEK runs through them here.
- ...
McKinnon Loses Latest Battle Against Extradition for Hacking NASA, Pentagon
In the latest legal twist, Gary McKinnon, the hacker accused of compromising computers at NASA and the Pentagon, may be out of options to fight extradition to the United States. A court in the United Kingdom today denied him permission to appeal to the British Supreme Court.
- Computer hacker Gary McKinnon may finally be heading to the United Statesto stand trial on charges of breaking into U.S.military and NASA computers. McKinnon, who has fought extradition for seven years, was denied permission today by a court in the UK to take his battle against extraditio...
New Adobe Reader, Acrobat Vulnerability Comes Under Attack
A new zero-day bug affecting Adobe Reader and Acrobat is being exploited in the wild. Though the vulnerability affects the products on Unix, Mac and Windows systems, the exploit observed in the wild is focused on Microsoft Windows for the moment.
- Adobe is warning users about a critical vulnerability in versions of Adobe Reader and Acrobat that is being exploited in targeted attacks. While little information has been made available about the exact nature of the vulnerability, it has been described by VUPEN Security as a memory c...
FBI Director Nearly Hooked in Phishing Scam, Swears Off Online Banking
In a speech in San Francisco, FBI Director Robert Mueller confessed he has given up online banking after nearly falling victim to a phishing attack. His remarks came the same day authorities in Egypt and the U.S. charged 100 people in an international phishing ring that was targeting American banks.
- FBI Director Robert Mueller has apparently sworn off online banking after nearly falling victim to a phishing attack. During a speech Oct. 7 at the Commonwealth Club of California in San Francisco, Mueller recounted being "just a few clicks away from falling into a classic Internet phishing sch...
10 Reasons Why Reliable Windows 7 Security Is Crucial to Users
News Analysis: Windows Security has been a particular pain point for users with every new edition Microsoft has released since the advent of the Internet. Effective security is essential in any operating system in preventing malware, protecting a network and ensuring data protection. But reliable security is especially important to restore trust in the Windows ecosystem. If Windows 7 isn't as secure as it could be, Microsoft could face significant trouble going forward.
- As Microsoft prepares Windows 7 for its release later this month, it's important to realize that there really isn't a guarantee that it will offer any more value than earlier versions. Recent reports have said that it's a superior operating system to its predecessors - Windows XP and Windows Vist...
Microsoft to Plug Windows Security Holes on Patch Tuesday
Microsoft is issuing 13 security bulletins next week, eight of them critical. In the batch are two critical Windows security bulletins - one for the zero-day in the Server Message Block protocol and the other for vulnerabilities in the FTP service in Microsoft Internet Information Services.
- Microsoft plans to release 13 security bulletins in a massive patch Tuesday update next week. Eight of the 13 bulletins are rated quot;critical, quot; and the remaining five are classified as quot;important. quot; All totaled, the bulletins cover 34 vulnerabilities affecting Microsoft Windows, I...
Cisco Security Software Extends URL Filtering to 'Dark Web'
Cisco Systems is targeting the darkest corners of the Web with a new software blade for its S-series secure Web gateway appliance. The new software is designed to help organizations better enforce their URL filtering policies as the number of uncategorized sites continues to grow.
- Cisco Systems is looking to extend its URL filtering controls to what it refers to as the `Dark Web the nebula of sites that remain uncategorized by URL filtering databases. With Cisco IronPort Web Usage Controls, the company is targeting the 80 percent of the Web it says is largely unknown to leg...
Security Fix
Brian Krebs on computer and Internet security
Avoid Windows Malware: Bank on a Live CD
In Safety Tips
An investigative series I've been writing about organized cyber crime gangs stealing millions of dollars from small to mid-sized businesses has generated more than a few responses from business owners who were concerned about how best to protect themselves from this type of fraud. The simplest, most cost-effective answer I know of? Don't use Microsoft Windows when accessing your bank account online. I do not offer this recommendation lightly (and at the end of this column you'll find a link to another column wherein I explain an easy-to-use alternative). But I have interviewed dozens of victim companies that lost anywhere from $10,000 to $500,000 dollars because of a single malware infection. I have heard stories worthy of a screenplay about the myriad ways cyber crooks are evading nearly every security obstacle the banks put in their way. But regardless of the methods used by the bank or the crooks, all
E-Banking on a Locked Down (Non-Microsoft) PC
In Safety Tips
In past Live Online chats and blog posts, I've mentioned any easy way to temporarily convert a Windows PC into a Linux-based computer in order to ensure that your online banking credentials positively can't be swiped by password-stealing malicious software. What follows is a brief tutorial on how to do that with Ubuntu, one of the more popular bootable Linux installations. Also known as "Live CDs," these are generally free, Linux-based operating systems that one can download and burn to a CD-Rom or DVD. The beauty of Live CDs is that they can be used to turn a Windows based PC into a provisional Linux computer, as Live CDs allow the user to boot into a Linux operating system without installing anything to the hard drive. Programs on a LiveCD are loaded into system memory, and any changes - such as browsing history or other activity -- are completely wiped
Comcast Trials Browser Alerts for Bot-Infected Customer PCs
In From the Bunker
Comcast, the nation's largest residential Internet service provider, this week began rolling out an initiative to contact customers whose PCs appear to be infected with malicious software, by notifying these users via Web browser alerts. The Philadelphia-based cable Internet company has already been alerting bot-infected customers via phone for the past year, but a pilot program in Denver that began Thursday will inform affected users with a so-called "service notice," a semi-transparent banner that overlays a portion of whatever page is being displayed in the customer's Web browser. Customers can then either move or close the alert, or click "Go to Anti-Virus Center," for recommended next-steps, which may include downloading and running the McAfee anti-virus tools the company offers for free, or purchasing a cleanup package and allowing a Comcast technician to attempt to remotely diagnose and fix the problem. Jay Opperman, senior director of security and privacy at Comcast,
Adobe Warns of Critical Threat to Reader, Acrobat Users
In Latest Warnings
Adobe Systems Inc. late Thursday issued an alert saying that hackers are exploiting a newly-discovered vulnerability in its free PDF Reader and Acrobat products to break into Microsoft Windows systems. Adobe said it plans to release a patch to fix this vulnerability next Tuesday, in keeping with its recent shift to push out security updates in tandem with Microsoft's regular monthly patch cycle, which occurs on the second Tuesday of each month (a.k.a. "Patch Tuesday"). According to the Adobe advisory, the company is planning to release an update for Adobe Reader 9.1.3 and Acrobat 9.1.3, Adobe Reader 8.1.6 and Acrobat 8.1.6 for Windows, Macintosh and UNIX, and Adobe Reader 7.1.3 and Acrobat 7.1.3 for Windows and Macintosh to resolve critical security issues. "Among other issues, this update will resolve a critical vulnerability in Adobe Reader and Acrobat 9.1.3 and earlier (CVE-2009-3459) on Windows, Macintosh and UNIX," Adobe said in its
Phishing Scam Spooked FBI Director Off E-Banking
In U.S. Government
In announcing a crackdown on "phishing" e-mail scams that netted one of the FBI's largest cyber crime cases ever, FBI Director Robert Mueller on Wednesday offered a candid revelation: A personal close call with a phishing scam has kept his family away from online banking altogether. Addressing the Commonwealth Club of California in San Francisco, Mueller spoke at length about the insidiousness of cyber crime, and how cyber criminals had affected him personally. Not long ago, the head one of our nation's domestic agencies received an e-mail purporting to be from his bank. It looked perfectly legitimate, and asked him to verify some information. He started to follow the instructions, but then realized this might not be such a good idea. It turned out that he was just a few clicks away from falling into a classic Internet "phishing" scam--"phishing" with a "P-H." This is someone who spends a good
SecurityFocus News
SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
Brief: Adobe to patch exploited Acrobat flaw
Adobe to patch exploited Acrobat flaw
News: Botnet boosts criminals' revenues from Google
Botnet boosts criminals' revenues from Google
TaoSecurity
Richard Bejtlich's blog on digital security and the practices of network security monitoring, incident response, and forensics.
"Protect the Data" Where?
By Richard Bejtlich
I forgot to mention another thought in my last post "Protect the Data" from Whom? Intruders are not mindly attacking systems to access data. Intruders direct their efforts toward the sources that are easiest and cheapest to exploit. This produces an interesting corollary.
Once other options have been eliminated, the ultimate point at which data will be attacked will be the point at which it is useful to an authorized user.
For example, if a file is only readable once it has been decrypted in front of a user, that is where the intruder will attack once his other options have been exhausted. This means that the only way to completely "protect data" is to make it unusable. If data is not usable then it doesn't need to exist, so that means intruders will always be able to access data if they are sufficiently resourced and motivated, as explained in my first post on this subject.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
"Protect the Data" from Whom?
By Richard Bejtlich
This is a follow-on from my "Protect the Data" Idiot! post. Another question to consider when someone says "protect the data" is this: "from whom?" The answer makes all the difference.
I remember a conversation I overheard or read involving Marcus Ranum and a private citizen discussing threats from nation-state actors.
Questioner: How do you protect yourself from nation-state actors?
MJR: You don't.
Q: What do you do then?
MJR: You lose.
In other words, private citizens (and most organizations who are not nation-state actors) do not have a chance to win against a sufficiently motivated and resourced high-end threat. The only actors who have a chance of defending themselves against high-end threats are other nation-state actors. Furthermore, the defenders don't necessarily have a defensive advantage over average joes because the nation-state possesses superior people, products, or processes. Many nation-state actors are deficient in all three. Rather, nation-state actors can draw on other instruments of power that are unavailable to average joes.
I outlined this approach in my posts The Best Cyber-Defense..., Digital Situational Awareness Methods and Counterintelligence Options for Digital Security:
[T]he best way to protect a nation's intelligence from enemies is to attack the adversary's intelligence services. In other words, conduct aggressive counterintelligence to find out what the enemy knows about you.
In the "protect the data" scenario, this means knowing how the adversary can access the containers holding your data. Nation-states are generally the only organizations with the discipline, experience, and funding to conduct these sorts of CI actions. They are not outside the realm of organized crime or certain private groups with CI backgrounds.
To summarize, it makes no sense to ponder how to "protect the data" without determining what adversaries want it. If we unify against threats we can direct our resources against the adversaries we can possibly counter independently, and then petition others (like our governments and law enforcement) to collaborate against threats that outstrip our authority and defenses.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
"Protect the Data" Idiot!
By Richard Bejtlich
The 28 September 2009 issue of InformationWeek cited a comment posted to one of their forums. I'd like to cite an excerpt from that comment.
[W]e tend to forget the data is the most critical asset. yet we spend inordinate time and resources trying to protect the infrastructure, the perimeter... the servers etc. I believe and [sic] information-centric security approach of protecting the data itself is the only logical approach to keep it secure at rest, in motion and in use. (emphasis added)
I hear this "protect the data" argument all the time. I think it is one of the most misinformed comments that one can make. I think of Chris Farley smacking his head saying "IDIOT!" when I hear "protect the data."
"Oh right, that's what we should have been doing for the last 10, 20, 30 years -- protect the data! I feel so stupid to have not done that! IDIOT!"
"Protect the data" represents a nearly fatal understanding of information security. I'm tired of hearing it, so I'm going to dismantle the idea in this post.
Now that I've surely offended someone, here are my thoughts.
Someone show me "data." What is "data" anyway? Let's assume it takes electronic form, which is the focus of digital security measures. This is the first critical point:
Digital data does not exist independently of a container.
Think of the many containers which hold data. Imagine looking at a simple text file retrieved from a network share via NFS and viewed with a text editor.
- Data exists as an image rendered on a screen attached to the NFS client.
- Data exists as a temporary file on the hard drive of the NFS client, and as a file on the hard drive of the NFS server.
- Data exists in memory on the NFS client, and in memory on the NFS server.
- The NFS client and server are computers sitting in facilities.
- Network infrastructure carries data between the NFS client and server.
- Data exists as network traffic exchanged between the NFS client and server.
- If the user prints the file, it is now contained on paper (in addition to involving a printer with its own memory, hard drive, etc.)
- The electromagnetic spectrum is a container for data as it is transmitted by the screen, carried by network cables and/or wireless media, and so on.
That's eight unique categories of data containers. Some smart blog reader can probably contribute two others to round out the list at ten!
So where exactly do we "protect the data"? "In motion/transit, and at rest" are the popular answers. Good luck with that. Seriously. This leads to my second critical point:
If an authorized user can access data, so can an unauthorized user.
Think about it. Any possible countermeasure you can imagine can be defeated by a sufficiently motivated and resourced adversary. One example: "Solution:" Encrypt everything! Attack: Great, wait until an authorized user views a sensitive document, and then screen-scrape every page using the malware installed last week.
If you doubt me, consider the "final solution" that defeats any security mechanism:
Become an authorized user, e.g., plant a mole/spy/agent. If you think you can limit what he or she can remove from a "secure" site, plant an agent with a photographic memory. This is an extreme example but the point is that there is no "IDIOT" solution out there.
I can make rational arguments for a variety of security approaches, from defending the network, to defending the platform, to defending the operating system, to defending the application, and so on. At the end of the day, don't think that wrapping a document in some kind of rights management system or crypto is where "security" should be heading. I don't disagree that adding another level of protection can be helpful, but it's not like intruders are going to react by saying "Shucks, we're beat! Time to find another job."
Intruders who encounter so-called "protect the data" approaches are going to break them like every other countermeasure deployed so far. It's just a question of how expensive it is for the intruder to do so. Attackers balance effort against "return" like any other rational actor, and they will likely find cheap ways to evade "protect the data" approaches.
Only when relying on human agents is the cheapest way to steal data, or when it's cheaper to research develop one's own data, will digital security be able to declare "victory." I don't see that happening soon; no one in history has ever found a way to defeat crime, espionage, or any of the true names for the so-called "information security" challenges we face.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
NSM in Products
By Richard Bejtlich
A blog reader recently asked:
I've been tasked with reevaluating our current NSM / SIEM implementation, and I see that you posted about a NetFlow book you are techediting for Lucas.
My question is this, Outside of Sguil, what do you prefer/recommend in the way of NSM products/solutions?
Our current NSM uses a modified version NetFlow and our Networking team also uses Cisco Netflow elsewhere...
While I find it useful to collect header data, the current implementation lacks payload information. So while we may be able to turn back the clock to look at flows for a given duration, its not always possible to see valuable contents...
Another wall I have hit with NetFlow is that the communication of the protocol takes place in somewhat of a half duplex manner (I.E. it is possible to receive the response flow before you receive the request flow) thus making it difficult to assure a particular direction without some processing...
I have yet to see a blog post covering any consolidated comparisons to solutions regarding NSM.
I do have your NSM book on order from Amazon today if it already has the answers I'm looking for...
As always, thank you for your time Richard, I appreciate it greatly.
Thank you for the question. I don't recommend specific products, but I do recommend NSM data types. That way, you can ask the vendor which NSM data types they support, and then decide if their answer is 1) correct and 2) sufficient. For reference, the six NSM data types are:
- Alert: judgment made by a product ("Port scan!" or "Buffer overflow!"); either detect or block
- Statistical: high-level description of activity (protocol percentages, trending, etc.)
- Session: conversations between hosts ("A talked to B on Friday for 61 seconds sending 1234 bytes")
- Full Content: all packets on the wire
- Extracted Content: rebuild elements of a session and extract metadata
- Transaction: generate logs based on request-reply traffic (DNS, HTTP, etc.)
Looking at these six types, I can make the following general assessments of products. This is my opinion based on products I have encountered. If you find a product that performs better than the general categories I describe, excellent!
If you want to learn more about this, I'll be discussing it during my solo presentation at the 2009 Information Security Summit, October 29-30, 2009 at Corporate College East in Warrensville Heights, Ohio.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Yahoo! News: Security News
Security News
No Refunds for App Store May Mean Quality Problems (NewsFactor)
In business
NewsFactor - Apple's policy of offering almost no refunds for applications purchased from its App Store may have implications for business users beyond the waste of a few dollars, according to In-Stat analyst Allen Nogee. He said the policy may be a yellow flag that applications are being poorly tested and more likely to carry malware.
Comcast tries pop-up alerts to warn of infections (AP)
In technology
AP - Comcast Corp. wants to enlist its customers in a fight against a huge problem for Internet providers — the armies of infected personal computers, known as "botnets," that suck up bandwidth by sending spam and facilitating cybercrime.
UK hacker's latest US extradition appeal fails (AP)
In technology
AP - A British man accused of hacking into American military computers has failed in his latest bid to avoid extradition to the U.S., his lawyer said Friday.
British hacker loses U.S. extradition case (Reuters)
In us
Reuters - A British "UFO eccentric," wanted in the United States for breaking into NASA and Pentagon computers in "the biggest military hack of all time," lost his latest battle to avoid extradition on Friday.
Cisco shines light on dark corners of the Web (AFP)
In us
AFP - Cisco launched software that shines light on potentially troublesome websites hidden in what the US computer security firm dubbed the "Dark Web."
Huge International Phishing Ring Busted (NewsFactor)
In business
NewsFactor - Fifty-four people in the U.S. have been indicted in connection with a multinational bank phishing scheme, according to the Department of Justice, which said it's the largest number of people ever charged in a U.S. cybercrime case. One of the suspects, a woman, was charged separately by the Los Angeles district attorney, according to an FBI spokesperson.
Comcast to Warn PC Users If They're Infected (PC Magazine)
In technology
PC Magazine - Comcast on Thursday launched a new security initiative that will provide in-browser notifications about possible virus infections.
Google Offers Advice on Secure Passwords (PC World)
In technology
PC World - It's National Cyber Security Awareness Month, and Google wants to remind you of a basic tenet of online security: passwords. Considering that October started off with a security breach that struck more than 10,000 Hotmail accounts, a security review may not be such a bad idea. Michael Santerre, Google's Consumer Operations Associate detailed Google's password advice in a recent blog post.
Zero Day
Tracking the hackers
Google patches Android DoS vulnerabilities
By Ryan Naraine on iPhone
Google has shipped a new version of the Android open-source mobile phone platform to fix a pair of security flaws that could lead to denial-of-service attacks.
Mozilla 'Plugin Check' keeps Firefox add-ons secure
By Ryan Naraine on Patch Watch
Mozilla has expanded its Plugin Check service to provide an easy way for Firefox users to pinpoint browser add-ons that might be vulnerable to hacker attacks.
New Adobe PDF flaw under attack; Patch coming Tuesday
By Ryan Naraine on Zero-day attacks
Adobe has confirmed a critical, unpatched vulnerability in its PDF Reader/Acrobat software is being exploited by malicious attackers.
Monster Patch Tuesday on tap: 13 bulletins, 34 vulnerabilities
By Ryan Naraine on Pen testing
Microsoft is planning a bumper Patch Tuesday next week -- 13 bulletins covering 34 security vulnerabilities in a wide range of products.
Click fraud facilitating Bahama botnet steals ad revenue from Google
By Dancho Danchev on Web 2.0
Originally exposed as a botnet redirecting and monetizing hijacked traffic to over 200,000 parked domains primarily located in the Bahamas, researchers from ClickForensics have recently found evidence on active DNS hijacking of Google properties allowing cybercriminals to steal revenue from Google by pulling search results and displaying them on a bogus homepage (Cybercriminals promoting malware-friendly [...]
No comments:
Post a Comment