Ars Technica - Security
Dutch hacker holds jailbroken iPhones "hostage" for €5 (Updated)
By chris.foresman@arstechnica.com (Chris Foresman) on port scanning
Though jailbreaking an iPhone certainly opens up opportunities to add functionality that Apple doesn't approve of, it can also make an iPhone less secure. Several Dutch iPhone users found that out the hard way after a hacker attacked a number of vulnerable phones on T-mobile Netherlands and tried to extort €5 from them.
It appears one enterprising Dutch hacker used port scanning to identify jailbroken iPhones on T-mobile Netherlands with SSH running. Enabling SSH is a common procedure for jailbroken iPhones, allowing a user to log in via Terminal and run standard UNIX commands. Unfortunately, iPhones all have a default root password that many forget to change after jailbreaking, leaving their phone as vulnerable as a Lamborghini parked on a public street with the windows down, the doors unlocked, and the keys in the ignition.
AV-Comparatives picks six malware removal winners
By emil.protalinski@arstechnica.com (Emil Protalinski) on malware
Following its August 2009 on-demand report, AV-Comparatives has released its October 2009 removal comparative. Sixteen products were tested between September 1, 2009 and September 15, 2009 on Windows XP Professional SP3 32bit. The latest updates installed on September 1, 2009. The tests in this latest study focus only on the malware removal/cleaning capabilities of the security products installed on an already infected/compromised system; detection rates and protection capabilities are ignored.
CGISecurity - Website and Application Security News
All things related to website, database, SDL, and application security since 2000.
Amazon EC2 cloud computing for password/crypto cracking
By Robert A. on Research
There is a rather lengthy set of posts on using cloud based computing services as ideal venues for crypto and password cracking. Link: http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html Link: http://news.electricalchemy.net/2009/10/password-cracking-in-cloud-part-5.html
CNET News - Security
Mac Game: Art project or malware?
By Elinor Mills
Is the Lose/Lose game a legitimate art project, or should it be flagged as malware because it deletes files?
Originally posted at InSecurity Complex
Corporate bank accounts targeted in online fraud
By Elinor Mills
Small and medium-size businesses, governments, and school districts are targets of online bank fraud involving malicious e-mails, key loggers, and money mules, FBI says.
Originally posted at InSecurity Complex
Hacker breaks into jailbroken iPhones, asks for $7
By Elinor Mills
A hacker asks victims to pay $7 to get instructions for fixing a security hole in their jailbroken iPhones.
Originally posted at InSecurity Complex
Malwarebytes accuses rival of software theft
By Elinor Mills
Anti-malware provider Malwarebytes says it will take legal action against China-based IObit, but IObit says it is all a mistake.
Originally posted at InSecurity Complex
Security firm M86 acquires Finjan
By Elinor Mills
M86 makes second acquisition in the past year, buying secure SaaS and Web gateway provider Finjan.
Originally posted at InSecurity Complex
Spammy scams surfacing on Twitter, Facebook
By Elinor Mills
Users of the microblogging service report spammy direct messages, while users of the social network report receiving links to a malware site.
Originally posted at InSecurity Complex
New Trojan encrypts files but leaves no ransom note
By Elinor Mills
Victims of the Ramvicrype Trojan horse must find tools to repair encrypted files.
Originally posted at InSecurity Complex
Phishing, worms spike this year, say Microsoft and McAfee
By Elinor Mills
Top attacks on computers come from phishing and worms, separate reports from Microsoft and McAfee show.
Originally posted at InSecurity Complex
File sharing's mysteries again stump Uncle Sam
By Charles Cooper
A security breach that stemmed from the use of peer-to-peer file sharing by a junior congressional staffer is said to be an isolated incident. Not exactly.
Originally posted at News - Politics and Law
Kaspersky tool detects malware in Twitter links
By Elinor Mills
"Krab Krawler" looks at Twitter posts, extracts any URLs in them, and analyzes the Web page they lead to, blocking any malware associated with them.
Originally posted at InSecurity Complex
CounterMeasures
Rik Ferguson blogs about security issues.
Sophisticated banking Trojan – Human consequences
By Rik Ferguson on web
I was contacted by a friend yesterday who was understandably very concerned to find that a large amount of money had been transferred from her bank account to the account of a complete stranger hundreds of miles away. My friend had been using her online banking at home the evening before, had made a couple of transfers and all appeared [...]
Countermeasures shortlisted for award
By Rik Ferguson on web
I am very proud to be able to say that Countermeasures has been shortlisted for the Computer Weekly IT blog awards 2009 in the IT Security category. So firstly, many thanks to all of you who felt motivated enough to nominate the blog in the first place. Now the contest heats up as voting has opened, so [...]
Deutsche Bahn on track for million Euro fine.
By Rik Ferguson on snooping
The German rail operator Deutsche Bahn AG has been handed down a record fine of more than one million Euros according to a report in the German newspaper Süddeutsche Zeitung. The Berlin Data Protection Commissioner revealed that Deutsche Bahn were to be fined exactly 1,123,503.50 million Euros to cover a number of serious breaches of data protection legislation [...]
Darknet - The Darkside
Ethical Hacking, Penetration Testing & Computer Security
Windows 7 UAC (User Access Control) Ineffective Against Malware
By Darknet on windows 7 uac
There have been a few stories about Windows 7, even one about Windows 7 UAC before and now it’s officially on sale I’d expect there to be many more. As always malware and mass infections is a numbers game so the bad guys will always target the most popular and prolific operating systems to increase their [...]
Read the full post at darknet.org.uk
UCSniff 3.0 Released – VoIP/IP Video Sniffing Tool
By Darknet on voip-security
UCSniff is a VoIP & IP Video Security Assessment tool that integrates existing open source software into several useful features, allowing VoIP and IP Video owners and security professionals to rapidly test for the threat of unauthorized VoIP and Video Eavesdropping. Written in C/C++, and available on Linux and Windows, the software is free...
Read the full post at darknet.org.uk
Using Cloud Computing To Crack Passwords – Amazon’s EC2
By Darknet on sensepost
Now this is interesting a proper mathematical calculation for using cloud computing to crack passwords, now Amazon has opened up their EC2 (Elastic Compute Cloud) the cost of massive parallel processing power has come right down. And guess what, someone thought of using it to crack passwords. It seems the cut-off would be a 12 character [...]
Read the full post at darknet.org.uk
RATS – Rough Auditing Tool for Security
By Darknet on scan python code
RATS – Rough Auditing Tool for Security – is an open source tool developed and maintained by Secure Software security engineers. Secure Software was acquired by Fortify Software, Inc. RATS is a tool for scanning C, C++, Perl, PHP and Python source code and flagging common security related programming errors such as buffer overflows and...
Read the full post at darknet.org.uk
Illegal File Sharers To Be Cut Off By 2011
By Darknet on VPN
It was 2008 when the UK government originally proposed disconnecting pirates from the Internet, then a few months later Australia followed suit. The latest is that it’s really going to be legislated and will come into force by April 2010 under the Digital Economy Bill. I’ve noticed this trend picking up lately, a few companies are...
Read the full post at darknet.org.uk
KrbGuess – Guess/Enumerate Kerberos User Accounts
By Darknet on Windows Hacking
KrbGuess is a small and simple tool which can be used during security testing to guess valid usernames against a Kerberos environment. It allows you to do this by studying the response from a TGT request to the KDC server. The tool works against both Microsoft Active Directory, MIT and Heimdal Kerberos implementations. In addition [...]
Read the full post at darknet.org.uk
DarkReading - All Stories
DarkReading
Corporate Breaches Increase Chances Of Consumer ID Theft, Study Says
Consumers four times more likely to suffer identity fraud when their data is involved in a corporate breach, study says
New Security Certification On The Horizon For Cloud Services
Cloud security cert would go beyond existing SAS 70, ISO 27001 standards
Researchers Create Hypervisor-Based Tool For Blocking Rootkits
New technology 'patches' the operating system kernel, protects it from rootkits
Microsoft Report: Worms Rise, New Vulnerabilities Decline
The new Microsoft Security Intelligence Report (SIR) found worm infections nearly doubled, vulnerability counts down by nearly one-third in the first half of 2009
Thwarting SQL Injection Threats
New Dark Reading report explores what database developers and database administrators can do about the pervasive SQL injection attack
Tech Insight: Developing Security Awareness Among Your Users
Skip the 'Wall of Shame' and instead try promotional events, penetration-testing your users
CSI Speakers Offer Advice On Risk Assessment, Reporting
Speakers at Computer Security Institute conference offer advice on how to convey risk to top management
New Honeypot Mimics The Web Vulnerabilities Attackers Want To Exploit
New open-source Honeynet Project tool toys with attackers by dynamically emulating apps with the types of bugs they're looking for
iPhone, BlackBerry, Palm Pre All Vulnerable To Spear-Phishing Experiment
Phony LinkedIn invitation from 'Bill Gates' lands in smartphone inboxes
DarkReading - Security News
DarkReading
Innerscope Research Becomes First Neuroscience-Based Biometric Company Validated by Advertising Research Foundation Research Review
Microsoft Report Reveals Resurgence of Worms; Rogue Security Software Still Top Threat
incMagic Named 2010 'New Product to Watch'
Incident Communication Solutions and Squire Tech Solutions Partner to Introduce the ICS pCom(TM) 355 System for Public Safety, Military and Civilian Federal Markets
Internet Gold's Third Quarter Earnings Release and Conference Call Scheduled for November 19, 2009
Walmart Announces 100 More Toy Rollbacks Including Top Holiday Picks
(ISC)2 (R)'s Certification and Accreditation Professional (CAP(R)) Credential Qualifies for Use Under U.S. Department of Defense (DoD) 8570.1 Mandate
Michael Jackson Handwritten Lyrics, Memorabilia at Heritage Auctions, Nov. 6-7
Raytheon Receives $9 Million Contract for Ship Self-Defense System Support
eWeek Security Watch
Facebook Campaigns Serve Up Nasty Cocktail
In Virus and Spyware
The Facebook phishing campaign landing in your in-box is more than just a social networking password thieving scheme, according to researchers with McAfee.
Dutch Attacker Hijacked iPhones, Demanded Ransom
In Vulnerability Research
A Dutch teenager has backed away from plans to extort users of jail-broken iPhones in Netherlands. The teen had compromised the phones via the default root password.
McAfee: Piracy Sites Jump 300 Percent
In Products
According to research from McAfee, the number of file sharing sites hosting copyrighted content has increased 300 percent in the past few months.
Inside the Elite Control Botnet
In Virus and Spyware
Experts have unwrapped the Elite Loader botnet only to find that it's a pretty sophisticated attack. And that it's becoming even easier for less advanced attackers to get their hands on such threats.
New DHL Notice Campaigns Deliver Backdoor Threat
In Trojan attacks
Researchers are seeing an uptick in new phony delivery notice attacks, with more fake AV Trojan threats mixed in for good measure.
Federal Computer Week: Security News
DHS approves enhanced tribal ID cards
The Homeland Security Department has signed agreements with four tribes to develop enhanced identification cards with some technology improvements.
International cooperation to shape common policies for cybersecurity and data protection
The United States and the European Union pledge to extend their cooperation on security and human rights issues, including cybersecurity, fighting cyber crime, and data protection. The next step is negotiating a binding agreement.
New cybersecurity role for NIST?
NIST would be responsible for developing a plan to coordinate the government's work with international organizations developing cybersecurity standards under a bill approved by the House Science and Technology’s Innovation Subcommittee.
TechAmerica: Appoint cybersecurity coordinator now
The technology trade association TechAmerica wants President Barack Obama to make good on his promise to appoint a cybersecurity coordinator.
Collins opposes White House cyber czar
Sen. Susan Collins (R-Maine) said she opposes putting a cybersecurity coordinator in the White House.
Government spending on cybersecurity to grow
Input predicts that the government's cybersecurity spending will increase to $11.7 billion in 2014, a compound annual growth rate of 8.1 percent.
Security Content Automation Protocol backgrounder
A quick guide to the Security Content Automation Protocol, which makes it easier for agencies to continuously verify the security status of their computers.
Taking some sweat out of security compliance
New automated tools can help agencies get some of the voluminous security configuration data required under the Federal Information Security Management Act. But the tools aren't a cure-all.
Lieberman outlines plan for cybersecurity legislation
Sen. Joe Lieberman (I-Conn.) today detailed his goals for comprehensive cybersecurity legislation he plans to introduce.
DHS to open new cybersecurity center
The Homeland Security Department will open a new cybersecurity coordination center near Washington on Friday.
DHS' critical infrastructure plan not cyber-secure, GAO says
The Homeland Security Department should reassess its program for working with agencies and industry to secure critical infrastructure from cyber vulnerabilities, GAO says.
Info Security News
Carries news items (generally from mainstream sources) that relate to security.
Call for Papers: Conference on Cyber Conflict, Estonia
Posted by InfoSec News on Nov 05
Forwarded from: k g <kgconference (at) gmail.com>
Call for Papers!
Cooperative Cyber Defence Centre of Excellence (www.ccdcoe.org),
Tallinn, Estonia
Conference on Cyber Conflict, June 15-18, 2010
CCD CoE seeks research papers from academia and the professional world
that offer an original and substantial contribution toward understanding
conflict in cyberspace.
The 2010 agenda has three tracks:
- Strategic Viewpoints
- Technical...
Men allegedly broke into computers of former employer
Posted by InfoSec News on Nov 05
http://www.theregister.co.uk/2009/11/05/computer_intrusion_charges_filed/
By Dan Goodin in San Francisco
The Register
5th November 2009
Federal authorities on Wednesday filed intrusion charges against two men
accused of accessing the computer systems of their former employer.
Scott R. Burgess, 45, of Jasper, Indiana, and Walter D. Puckett, 39, of
Williamstown, Kentucky, both worked as managers for Indiana-based Stens
Corporation until...
IT Workers Building Security Into Their Career Strategies
Posted by InfoSec News on Nov 05
http://www.darkreading.com/security/management/showArticle.jhtml?articleID=221600343
By Tim Wilson
DarkReading
Nov 04, 2009
IT professionals are placing their bets on security as they plot their
next career moves, according to a new study published earlier today.
The survey of more than 1,500 IT workers, which was conducted by the IT
trade association CompTIA, found that 37 percent intend to pursue a
security certification over the next...
New cybersecurity role for NIST?
Posted by InfoSec News on Nov 05
http://fcw.com/articles/2009/11/04/web-cybersecurity-nist-bill.aspx
By Ben Bain
FCW.com
Nov 04, 2009
A bill that would expand the National Institute for Standards and
Technology's role in cybersecurity cleared a House subcommittee today.
NIST would be responsible for developing a plan to coordinate the
government's work with international organizations developing
cybersecurity standards under the bill approved by the House Science and...
IT budgets sacrificed despite rise in hack attacks
Posted by InfoSec News on Nov 05
http://www.theage.com.au/technology/security/it-budgets-sacrificed-despite-rise-in-hack-attacks-20091103-hubi.html
By Conrad Walters
theage.com.au
November 3, 2009
Even as companies acknowledge cyber attacks have rocketed to
unprecedented levels this year, many businesses are freezing or even
cutting the security budgets that fend off these dangers.
A study of nine countries has found mid-size companies - those with
between 51 and 1000...
Military Admits N. Korean Hacker Attack
Posted by InfoSec News on Nov 03
http://english.chosun.com/site/data/html_dir/2009/11/04/2009110400775.html
The Chosun Ilbo
Nov. 04, 2009
The North Korean military hacked into the South Korean Army command in
March and a password for the National Institute of Environmental
Research (NIER) website leaked out, Lt. Gen. Kim Jong-tae, commander of
the Defense Security Commend (DSC), admitted to a parliamentary audit on
Tuesday. That confirms a report last month in the Monthly...
Mossad Hacked Syrian Official's Computer Before Bombing Mysterious Facility
Posted by InfoSec News on Nov 03
http://www.wired.com/threatlevel/2009/11/mossad-hack
By Kim Zetter
Threat Level
Wired.com
November 3, 2009
Agents of Israel's Mossad intelligence service hacked into the computer
of a senior Syrian government official a year before Israel bombed a
facility in Syria in 2007, according to Der Spiegel.
The intelligence agents planted a Trojan horse on the official's
computer in late 2006 while he was staying at a hotel in the Kensington...
Lockheed Martin To Manage Pentagon Network
Posted by InfoSec News on Nov 03
http://www.informationweek.com/news/government/enterprise-architecture/showArticle.jhtml?articleID=221600125
By J. Nicholas Hoover
InformationWeek
November 3, 2009
Lockheed Martin has won a $293 million contract to provide network
operations support to the Pentagon and other military networks in the
Washington, D.C., area.
Lockheed will manage, operate, and secure the Pentagon's data networks
and provide 24 by 7 support to users. According...
International cooperation to shape common policies for cybersecurity and data protection
Posted by InfoSec News on Nov 03
http://gcn.com/articles/2009/11/03/us-eu-cybersecurity-agreement.aspx
By William Jackson
GCN.com
Nov 03, 2009
The United States and the European Union have agreed to treat
cybersecurity, cyber crime and data protection as international issues,
cooperatively developing polices based on shared values.
Mary Ellen Callahan, chief privacy officer of the Homeland Security
Department, called the recent joint statement on these principles by
U.S....
New Honeypot Mimics The Web Vulnerabilities Attackers Want To Exploit
Posted by InfoSec News on Nov 03
http://www.darkreading.com/database_security/security/app-security/showArticle.jhtml?articleID=221300001
By Kelly Jackson Higgins
DarkReading
Oct 29, 2009
A next-generation Web server honeypot project is under way that poses as
Web servers with thousands of vulnerabilities in order to gather
firsthand data from real attacks targeting Websites.
Unlike other Web honeypots, the new open-source Glastopf tool
dynamically emulates...
Malwarebytes accuses rival of software theft
Posted by InfoSec News on Nov 03
http://news.cnet.com/8301-27080_3-10389650-245.html
By Elinor Mills
InSecurity Complex
CNet News
November 3, 2009
Malwarebytes is accusing China-based computer security firm IObit of
intellectual property theft, but IObit denied the allegations and said
there were problems with its malware submission site.
Malwarebytes claims IObit stole from its database of signatures of
malicious applications that its software uses for detecting malware...
Finjan bought by M86 Security
Posted by InfoSec News on Nov 03
http://news.techworld.com/security/3205431/finjan-bought-by-m86-security/
By John E. Dunn
Techworld
03 November 2009
In what deserves to go down as one of the least surprising deals of the
year, Israeli web gateway company Finjan has been bought by Anglo-US
rival, M86 Security.
Given that both parties are private companies, the deal has already been
agreed without the need to name the price paid to the outside world, but
it brings the...
Hackers bombard electronic voting in November
Posted by InfoSec News on Nov 03
http://www1.folha.uol.com.br/folha/informatica/ult124u645011
(Google Translation)
the Efe, in Rio de Janeiro
29/10/2009
The security of electronic voting machines will be tested next month by
26 computer experts and hackers who enrolled in an open challenge by the
Supreme Electoral Tribunal (TSE).
"The court decided to accept the registration of all persons who have
expressed interest in putting the ballot to any evidence to show that...
Reminder for DeepSec 2009 Conference
Posted by InfoSec News on Nov 02
Forwarded from: DeepSec Conference - Announcement <deepsec (at) deepsec.net>
== DeepSec In-Depth Security Conference 2009 "TripleSec" ==
This is a reminder for the third DeepSec conference, taking place between
17th and 20th November at the Imperial Riding School Renaissance Hotel.
== Schedule ==
The schedule of all presentations can be found on our web site:
https://deepsec.net/schedule/
Random speaker and content from the...
Ex-army officer busted for espionage
Posted by InfoSec News on Nov 02
http://joongangdaily.joins.com/article/view.asp?aid=2911952
By Yoo Jee-ho
JoongAng Daily
October 31, 2009
South Korean authorities have nabbed a former South Korean army officer,
who was also a consultant to a presidential agency on unification, for
allegedly leaking confidential military intelligence to a North Korean
spy he met overseas.
The Suwon District Prosecutors. Office and the National Intelligence
Service said Thursday that a...
Swedish police slammed by DDoS attack
Posted by InfoSec News on Nov 02
http://www.v3.co.uk/v3/news/2252317/swedish-police-slammed-ddos
By Shaun Nichols in San Francisco
V3.co.uk
31 Oct 2009
A denial of service attack crippled the web site for Sweden's police
administration earlier this week.
The attacks flooded the site with information requests, causing the
servers to crash and take the site offline. According to Swedish news
site The Local, at its peak the attack caused traffic to spike from 800
requests...
House leaders order data security review
Posted by InfoSec News on Nov 02
http://www.politico.com/news/stories/1009/28967.html
By John Bresnahan
Politico
10/31/09
Following the worst breach in the House Ethics Committee's security in
the more than a decade, Speaker Nancy Pelosi and House Minority Leader
John Boehner announced Friday that they have ordered a review on the
handling of sensitive data.
The statement by the two party leaders came after the Washington Post
obtained an internal ethics committee...
California man accused of DOSing site he founded
Posted by InfoSec News on Nov 02
http://www.theregister.co.uk/2009/10/30/yousendit_founded_indicted/
By Dan Goodin in San Francisco
The Register
30th October 2009
Federal prosecutors have accused a co-founder of YouSendIt.com of
repeatedly launching web attacks against the popular upload site.
Khalid Shaikh, who was CEO and CTO of the California-based company until
he left in 2006, used an Apache benchmarking program to flood YouSendIt
servers with more traffic than they...
Conficker, Still Infecting Windows Machines a Year Later, Remains an Enigma
Posted by InfoSec News on Nov 02
http://www.eweek.com/c/a/Security/Conficker-Still-Infecting-Windows-Machines-A-Year-Later-Remains-an-Enigma-543974/
By Brian Prince
eWEEK.com
2009-11-01
A year after Conficker sprang into the public consciousness, the
notorious Windows worm continues to claim millions of victims. While the
hype has died down, the worm remains an example of the dangers of
cutting-edge malware and how cooperation in the security community can
make the...
FDIC Warns Banks to Watch for 'Money Mules' Duped by Hackers
Posted by InfoSec News on Nov 02
http://www.wired.com/threatlevel/2009/10/money_mules/
By Kevin Poulsen
Threat Level
Wired.com
October 29, 2009
Bank customers are increasingly being duped into acting as 'money mules'
for hackers, unwittingly laundering cash stolen from business bank
accounts, the Federal Deposit Insurance Corporation warned the nation's
financial institutions on Thursday.
Using specialized Trojan horse malware, cybercrooks have been
intercepting...
DHS to open new cybersecurity center
Posted by InfoSec News on Nov 02
http://fcw.com/articles/2009/10/29/web-new-dhs-cybersecurity.aspx
By Ben Bain
FCW.com
Oct 29, 2009
The Homeland Security Department on Friday will open a new cybersecurity
center near Washington to house some of the department's computer
defense programs, DHS announced today.
The facility, the National Cybersecurity and Communications Integration
Center (NCCIC) will be a unified operations center, DHS said in
statement. Homeland Security...
N. Korean ministry behind July cyber attacks: spy chief
Posted by InfoSec News on Oct 30
http://english.yonhapnews.co.kr/northkorea/2009/10/30/86/0401000000AEN20091030002200315F.HTML
Yonhap News Agency
2009/10/30
Seoul's intelligence agency has named North Korea's telecommunications
ministry as the origin of a series of cyber attacks in July on scores of
state and private Web sites in South Korea and the United States,
lawmakers said Friday.
The National Intelligence Service (NIS) had initially assumed North
Korea was the...
Manhattan DA: Computer Technician Charged In Identity Theft
Posted by InfoSec News on Oct 30
http://online.wsj.com/article/BT-CO-20091028-715647.html
By Chad Bray
DOW JONES NEWSWIRES
OCTOBER 28, 2009
NEW YORK (Dow Jones) -- A computer technician has been charged with
allegedly stealing the identities of more than 150 Bank of New York
Mellon Corp. (BK) employees and using their identities to steal more
than $1.1 million from charities, non-profit groups and others,
prosecutors said Wednesday.
In a statement, Manhattan District...
ITL Bulletin for October 2009
Posted by InfoSec News on Oct 30
Fowarded from: "Lennon, Elizabeth B." <elizabeth.lennon (at) nist.gov>
ITL BULLETIN FOR OCTOBER 2009
PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON
FIREWALL TECHNOLOGIES AND POLICIES
Shirley Radack, Editor
Computer Security Division
Information Technology Laboratory
National Institute of Standards and Technology
U.S. Department of Commerce
Firewalls are essential devices or programs that help...
40 computers in Chemistry Department hacked, possibly exposing private info
Posted by InfoSec News on Oct 30
http://www.dailycardinal.com/news/40-computers-in-chemistry-department-hacked-possibly-exposing-private-info-1.832564#at
By Ryan Hebel
The Daily Cardinal
October 28, 2009
Forty computers in UW-Madison's Chemistry Department were hacked and
2,920 names and Social Security numbers were potentially exposed, mostly
during the past 18 months, according to an e-mail from UW-Madison
spokesperson John Lucas.
UW-Madison discovered the security...
Survey: Few companies addressing cyberterrorism
Posted by InfoSec News on Oct 30
http://news.cnet.com/8301-1009_3-10385230-83.html
By Lance Whitney
Security
CNet News
October 28, 2009
Cyberterrorism is on the rise around the world. But only one-third of
companies are tackling it in their disaster recovery plans, says a
survey released Tuesday by data center association AFCOM.
Although the majority (60.9 percent) of companies questioned see
cyberterrorism as a threat to be addressed, "AFCOM's 2009/2010 Data
Center...
Secunia Weekly Summary - Issue: 2009-44
Posted by InfoSec News on Oct 30
========================================================================
The Secunia Weekly Advisory Summary
2009-10-22 - 2009-10-29
This week: 69 advisories
========================================================================
Table of Contents:
1.....................................................Word From...
Amazon downplays report highlighting vulnerabilities in its cloud service
Posted by InfoSec News on Oct 30
http://www.computerworld.com/s/article/9140074/Amazon_downplays_report_highlighting_vulnerabilities_in_its_cloud_service?taxonomyId=17
By Jaikumar Vijayan
October 28, 2009
Computerworld
Amazon said today that it has taken steps to mitigate a security issue
in its cloud computing infrastructure that was identified recently by
researchers from MIT and the University of California at San Diego.
The report described how attackers could search...
Feds' Smart Grid Race Leaves Cybersecurity in the Dust
Posted by InfoSec News on Oct 30
http://www.wired.com/threatlevel/2009/10/smartgrid
By Kim Zetter
Threat Level
Wired.com
October 28, 2009
Amid the government-funded rush to upgrade America’s aging electric
system to a smart grid comes a strange confluence of press releases this
week by the White House and the University of Illinois.
Tuesday morning, President Obama, speaking at Florida Power and Light
(FPL) facilities, announced $3.4 billion in grants to utility...
InformationWeek Security News
InformationWeek
Enterprise 2.0: Novell, SAP, ThoughtWorks Ride Google Wave
By Thomas Claburn
Business software vendors have begun building on the Wave platform as Google promises a Wave App Store.
Bank IT Worker Charged In $1.1 Million Fraud
By Thomas Claburn
An indictment announced last week charged a computer technician at the Bank of New York Mellon with stealing the identities of 150 bank employees and using that information to commit more than $1.1 million in fraud.
Worms Invade Corporate Computers, Microsoft Finds
By Thomas Claburn
In its latest Security Intelligence Report, Microsoft documents the doubling of worms in enterprises during the first half of 2009.
InformationWeek's RSS Feed is brought to you by
Pressure Grows To Name National Cybersecurity Coordinator
By J. Nicholas Hoover
Five months after President Obama announced plans to appoint a cybersecurity coordinator, some members of Congress are getting impatient and pressing for action.
Pressure Grows To Name National Cybersecurity Coordinator
By J. Nicholas Hoover
Five months after President Obama announced plans to appoint a cybersecurity coordinator, some members of Congress are getting impatient and pressing for action.
Global CIO: Juniper Attacks Cisco Head-On With Help Of IBM And Dell
By Bob Evans
Column about Juniper Networks' attempt to become the top networking supplier via its powerful new products and its equally powerful new alliances with IBM and Dell.
Global CIO: Juniper Attacks Cisco Head-On With Help Of IBM And Dell
By Bob Evans
Column about Juniper Networks' attempt to become the top networking supplier via its powerful new products and its equally powerful new alliances with IBM and Dell.
Federal CIO Kundra Plans Cybersecurity Dashboard
By J. Nicholas Hoover
The White House, which recently introduced a FISMA reporting tool, outlines plans for new cybersecurity metrics and a dashboard for tracking progress.
Federal CIO Kundra Plans Cybersecurity Dashboard
By J. Nicholas Hoover
The White House, which recently introduced a FISMA reporting tool, outlines plans for new cybersecurity metrics and a dashboard for tracking progress.
Facebook Wins $711 Million From Spammer
By Thomas Claburn
In addition to financial damages, Sanford Wallace, among the first to be crowned "Spam King," may face jail time.
Catbird Monitoring VMs In Amazon EC2
By Charles Babcock
A version of Catbird's vSecurity Cloud Edition is available as an app in Amazon's EC2-approved catalog of application services.
Amazon Introduces PayPhrase Payment Shortcut
By Thomas Claburn
Online merchants can use Amazon's passphrase payment scheme to ease the friction of online commerce.
NSA To Build $1.5 Billion Cybersecurity Data Center
By J. Nicholas Hoover
The massive complex, comprising up to 1.5 million square feet of building space, will provide intelligence and warnings related to cybersecurity threats across government.
Global CIO: Hewlett-Packard's Hurd Says Bad IT Means A Bad CEO
By Bob Evans
Column about HP CEO Mark Hurd's belief that bad IT usually starts with a bad CEO.
Google's 'Gov Cloud' Wins $7.2 Million Los Angeles Contract
By Thomas Claburn
The City of Los Angeles plans to replace its Novell GroupWise e-mail system with Google Apps, partly using anti-trust settlement money paid by Microsoft.
InSecurity Complex
Keeping tabs on flaws, fixes, and the people behind them.
Mac Game: Art project or malware?
By Elinor Mills
Is the Lose/Lose game a legitimate art project, or should it be flagged as malware because it deletes files?
Corporate bank accounts targeted in online fraud
By Elinor Mills
Small and medium-size businesses, governments, and school districts are targets of online bank fraud involving malicious e-mails, key loggers, and money mules, FBI says.
Hacker breaks into jailbroken iPhones, asks for $7
By Elinor Mills
A hacker asks victims to pay $7 to get instructions for fixing a security hole in their jailbroken iPhones.
Malwarebytes accuses rival of software theft
By Elinor Mills
Anti-malware provider Malwarebytes says it will take legal action against China-based IObit, but IObit says it is all a mistake.
Security firm M86 acquires Finjan
By Elinor Mills
M86 makes second acquisition in the past year, buying secure SaaS and Web gateway provider Finjan.
Spammy scams surfacing on Twitter, Facebook
By Elinor Mills
Users of the microblogging service report spammy direct messages, while users of the social network report receiving links to a malware site.
New Trojan encrypts files but leaves no ransom note
By Elinor Mills
Victims of the Ramvicrype Trojan horse must find tools to repair encrypted files.
Phishing, worms spike this year, say Microsoft and McAfee
By Elinor Mills
Top attacks on computers come from phishing and worms, separate reports from Microsoft and McAfee show.
Kaspersky tool detects malware in Twitter links
By Elinor Mills
"Krab Krawler" looks at Twitter posts, extracts any URLs in them, and analyzes the Web page they lead to, blocking any malware associated with them.
Twitter users warned about new phishing attack
By Elinor Mills
Sophos says the new attack features direct messages with link to fake Twitter log-in page. Entering a username and password prompts a fake overcapacity "fail whale."
McAfee Avert Labs
Cutting edge security research as it happens.......
Peer-to-Peer Goes Both Ways
By Kevin Beets on Web and Internet Safety
We all know the dangers of peer-to-peer (P2P) networks and their role in distributing malware. Most people who deal with this problem work tirelessly to limit the impact of these potential threat points by (among other things) adding antivirus, firewalling, watching network flows for P2P traffic, and usually outright banning of P2P applications. They may however, [...]
Tis the Season for Christmas Spam! Fa La La La La…
By Sam Masiello on Web and Internet Safety
It didn’t take long for spammers to change from Halloween lures to spam and malware. They’ve already moved to the Christmas season, and we have started to see emails from the Cutwail botnet that are using a Christmas theme to trick users into visiting malicious websites. Spammers must be trying to beat retailers to the advertising [...]
Facebook Phishing Campaign Pushes ‘Cocktail’ Attack
By Arun Pradeep on Web and Internet Safety
We have already discussed the Facebook phishing campaign. Now the scammers are using the phishing campaign not just for spamming but also for a “cocktail” attack. The scammers have targeted Facebook, telling them that the Facebook account passwords have been changed. The malware downloads a keylogger to collect credit card numbers, social security number, and other passwords [...]
The missing letter that links Fake AV and Extreme Porn
By Chris Barton, Research Scientist and Artemis Geek on Web and Internet Safety
Today, Microsoft’s Security Intelligence report is out and it’s no surprise that it’s littered with FakeAV/security product threats. Four out of the top 5 threats in the US no less. Let me show you that with a keen eye and our threat intelligence databases the same group are responsible for a diverse set of [...]
Rogue AV Haunts Halloween
By Arun Pradeep on Web and Internet Safety
Festive search words are a favorite with scammers as a lure to their offerings, as my colleague David Marcus recently warned us about Halloween-themed threats. In recent research, we have found that search results for “scary halloween pumpkin designs” could lead users to a hijacked web page that hosts rogue security products. Upon clicking the hyperlink, the [...]
Trick or Treat With Spam and Malicious Screensavers
By David Marcus on Web and Internet Safety
I have previously blogged that some of the most common techniques scammers and cybercriminals use are news events and holidays. Balloon Boy and the Windows 7 Launch are good examples. My colleague Sam Masiello’s blog on President Barack Obama’s Nobel Prize is another excellent example. With Halloween approaching rapidly, the tricks are already knocking on [...]
Network World on Security
The latest security news, analysis, reviews and feature articles from NetworkWorld.com.
InfoWorld review: Whitelisting security comes of age
Remarkably good solutions from Bit9, CoreTrace, Lumension, McAfee, and SignaCert show that whitelisting may be the new best defense against modern malware
Application whitelisting review: CoreTrace Bouncer
CoreTrace Bouncer 5 provides first-rate application control with a few unique features
Application whitelisting review: Bit9 Parity Suite
Bit9 Parity 5.0 shines brightest among whitelisting competitors with strong protection and useful risk metrics
Application whitelisting review: McAfee Application Control
McAfee's whitelisting protection for Windows, Linux, and Solaris is short on shortcomings
Application whitelisting review: SignaCert Enterprise Trust Services
SignaCert is great for monitoring compliance with application and configuration policies, but it lacks built-in blocking
Application whitelisting review: Lumension Application Control
Lumension Application Control is a competitive product with a number of standout features and one significant omission
Microsoft 'neutered' UAC in Windows 7, says researcher
A Sophos security official said that Microsoft went too far in cutting the security messages delivered in Windows 7 by "neutering" the User Account Control (UAC) feature.
Put cybersecurity chief in DHS not the White House, Senator says
Five months after President Obama announced the need for a White House-appointed coordinator to oversee national cybersecurity affairs, the debate continues in Washington over whether such a coordinator would be more effective if outside the White House.
Java, BlackBerry desktop get security bug fixes
Sun Microsystems and Research In Motion have issued critical bug fixes for security issues with their products.
Microsoft re-patches last month's critical IE update
Microsoft on Monday re-patched Internet Explorer, the third time it's been forced to repair one of the updates delivered in its largest-ever bug fix, which was delivered on Oct. 13.
Hackers exploit Google Wave's popularity
Hackers are exploiting web users that were too late in signing up for Google Wave, says Symantec.
Catbird tunes security software for public clouds
Catbird's new version of its security software for virtual environments can monitor resources running in Amazon's EC2 cloud.
McAfee: P2P sites on the rise
The number of peer-to-peer (p2p) websites that allow users to share copyrighted materials has increased, says McAfee.
Firewall upgrade tames nasty Flash games
The nuisance posed by Flash-based games and Internet viral advertising is now so significant that security vendor SmoothWall has decided to offer a web filter capable of ‘intelligently' blocking the application.
Worms back at top of Microsoft threat list
Long dismissed as a security scare of the past, Internet worms appear to have made a strong comeback, jumping to take the top two places on Microsoft's latest threat list.
Software shields online banking on infected PCs
A U.K. security company is giving to banks, for free, security software that it says can block malicious software from manipulating online banking transactions or stealing data, even if the computer is infected.
ArcSight adds unstructured log analysis with Logger 4
Event management vendor ArcSight will soon start selling a new version of its product, designed to mine unstructured computer logfiles for signs of hacking or illegal activity.
The core of risk management: It's the data!
Over the past couple of weeks, I have had opportunities to sit down and talk with risk management professionals from two perspectives; analysis and data. From the analytical perspective, I spoke with risk management practitioners and, on the data side, it was data warehousing experts. The question I posed was given the events of the last 18 months, what is the one issue that confronts you today in evolving your risk practices?
MS Security Intelligence Report Has Valuable Insight
Microsoft has released the latest version of the semi-annual Security Intelligence Report (SIR). Microsoft gathers data from millions of Windows computers and high-traffic Internet sites to compile a detailed analysis of the current threat landscape and highlight attack trends. The Microsoft SIR contains some valuable insight, particularly given the recent release of Windows 7.
MS Security Architect: Windows 7 Will Slash Malware
Jimmy Kuo, principal architect for Microsoft's Malware Protection Center, has high hopes that Windows 7 security features will help reverse attack trends identified in the seventh volume of the software giant's Security Intelligence Report.
Microsoft Patch Tally: 6 Years, 745 Vulnerabilities
In six years of monthly Patch Tuesdays, Microsoft has issued 400 security bulletins that address 745 vulnerabilities, an informal tally shows.
Microsoft: Worms are most prevalent security problem
The Conficker worm continues to be one of the most prevalent threats facing PCs running Windows, according to a new security report published by Microsoft.
eBay phishing scam scariest email blunder of 2009
The eBay email fraud campaign, which took place in May this year, and aimed to get users of the online auction site to disclose their bank details has been named this year's scariest email blunder by Proofpoint.
Delayed Again: Red Flags Rule Deadline Now June 1, 2010
Bowing to Congressional pressure, the FTC is delaying enforcement of the Red Flags Rule until June 1, 2010, for financial institutions and creditors. Here, IT security pros weigh in on what the rule means for them.
Which? responds to Mandelson Internet plan
Consumer champion Which? has responded to Lord Mandelson's threats to cut persistent file-sharers Internet connections off as early as summer 2011 under new 'three strikes' rules.
Microsoft: Vista Infected 62% Less Often Than XP
Windows Vista is dramatically more secure than Windows XP, according Microsoft's latest Security Intelligence Report, released Monday. The infection rate of Windows Vista SP1 was 61.9 percent less than Windows XP SP3, the company said.
Q&A: Don't judge Microsoft security by the number of Patch Tuesday bulletins
Don't judge Microsoft security on the number of monthly patches, says Steve Lipner, senior director of security engineering at Microsoft's Trustworthy Computing Group. Microsoft has made a lot of progress with its Security Development Lifecycle and continues to improve the process, he said.
Will Facebook's $711 Million Antispam Win Matter?
After slapping a restraining order on the Spam King last March, Facebook walloped notorious Sanford Wallace, yesterday winning its $711 million lawsuit for Wallace's violations of the Computer Fraud and Abuse Act, the California Anti-Phishing Act and the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM). While these offenses and crippling fines are nothing new to Wallace, Facebook seems to believe that the latest ruling against Sir Spamalot will be a heavy deterrent against future spam artists. But will it actually make a difference?
Former CEO charged with cyber attack on firm
Khalid Shaikh, former CEO of YouSendIt, has been indicted by a grand jury on four counts of mail fraud after allegedly launching four denial-of-service (DOS) attacks against the company's servers, the U.S. Department of Justice said.
Leaked House Ethics document spreads on the Net via P2P
A document containing the names of more than two dozen members of the U.S. House of Representatives who are being scrutinized for conduct violations is getting widely distributed over the Internet after being leaked on a peer-to-peer network earlier this week.
Facebook spammer's $711M fine won't stop problem, analysts say
Analysts expect that this week's federal court decision to fine a spammer $711 million for attacking Facebook will prompt cybercriminals to develop more sophisticated ways to avoid detection when attacking social networks.
After one year, Conficker infects 7 million computers
The Conficker worm has passed a dubious milestone. It has now infected more than 7 million [m] computers, security experts estimate.
Scary new tech fears to haunt your Halloween
We all love our PCs and gadgets, don't we? Technology publications like this one (and columnists like me) love to wax eloquent about the wonders of the iPhone, the joys of Twitter and the un-Vista like qualities of Windows 7.
Why can't we do anything about spam?
So I open my inbox this morning to find a bit-o-spam from an outfit calling itself Broadcast-info.com.
Facebook awarded $711 million in spammer case
Facebook was awarded US$711 million in damages from a convicted spammer on Thursday, but the social networking site is hoping a separate criminal action will eventually send him to jail.
US-CERT moves in with NCC, NCSC
The group responsible for coordinating U.S. responses to cyber threats is getting new digs.
Open source algorithms a regulatory risk
Canadian open source companies doing development in the U.S. are seldom aware of export regulations requiring encryption algorithms in the code to be filed with the U.S. Department of Commerce Bureau of Industry and Security (BIS).
Five Things You Should Know About Windows 7 Security
Microsoft says Windows 7 is the most secure version of the Windows operating system ever developed. Big deal, right? I am pretty sure that Microsoft has made that claim for every new version of Microsoft Windows in the past 15 years, and that it is a valid claim.
CalOptima recovers discs with personal data on 68,000 members
Several missing CDs with unencrypted personal data on 68,000 members of the CalOptima managed care plan have been traced to a secure postal facility in Atlanta.
US cyber war policy needs new focus, experts say
U.S. policies toward defending against cyber warfare need to take a different approach than the government has against other forms of attack, three cybersecurity experts said Thursday.
Chapter 1: What Is a Security Threat?
NCC: Cost cutting outweighs security fears in outsourcing
A third of IT managers (64 percent) at medium sized businesses in the UK expect some of their suppliers not to have formal security procedures in place.
Microsoft cleans up bugs after biggest patch release
After releasing its largest-ever group of security patches two weeks ago, Microsoft has done a little cleaning up.
UK police smooth over rift with Internet registry
U.K. police have apologized over a recent public presentation that linked a nonprofit Internet registry with money laundering by a notorious group of Russian cybercriminal gangsters.
FreeFixer
If you suspect your PC has been invaded by malware, FreeFixer can help you find it. It shows you a wealth of information about what's running on your PC, but the data is meant primarily for security gurus.
Illegal file-sharers to be cut off in 2011
Illegal file-sharers could be booted off the internet by summer 2011, says Lord Mandelson.
Symantec reveals lack of confidence in online retailers
Brits have most confidence in the UK's banks over other retail sectors, when it comes to looking after their sensitive personal data, says Symantec.
Stalqer iPhone App Redefines Creepy
First we had Twitter, the ultimate text-based up-to-the-minute portal for following friends, businesses, and organizations. With a handful of excellent Twitter iPhone apps, we were no longer tethered to the Web and could tweet and read on the go. Then we started moving closer into stalking territory with programs like Google Latitude and apps like Loopt and FourSquare. Now, the Australian iPhone app developers behind GasBag (an [app to help
Amazon downplays report highlighting vulnerabilities in its cloud service
Amazon today said that it has taken steps to mitigate a security issue in its cloud computing infrastructure that was identified recently by researchers from MIT and the University of California at San Diego.
FBI: National data-breach law would help fight cybercrime
A U.S. law that would require businesses to report data breaches to potential victims could help law enforcement agencies fight the growth of cybercrime, a U.S. Federal Bureau of Investigation official said Wednesday.
4 Swine Flu Scams Making the Rounds
The words "swine flu" had barely been uttered last spring when spammers and malware authors, hoping to take advantage of fears and curiosity about the virus, began devising ways to trick people with clever subject lines and fake web sites. In April, only days after officials began to talk about the virus, officially known as H1N1, researchers with several security firms reported spam relating to the virus already accounted for 4 percent of all unwanted emails.
The Register - Security
Biting the hand that feeds IT
Swedish spooks knocked offline by hack attack
DDoS attack follows intro of new monitoring powers
The website of the Swedish Signals Intelligence agency (Försvarets Radioanstalt, or FRA) was taken offline by a massive DDoS attack this week.…
Google launches privacy Dashboard service
What does Google know about me?
Google has launched a Dashboard service that's designed to show how much the search engine giant knows about its users online activities.…
Cybercriminals down five British police forces in a year
For more than three days each
In the last year five British police forces have suffered major computer failures lasting three days or more as a result of malicious internet attacks.…
Tech titans meet in secret to plug SSL hole
Web authentication busted on Apache, IIS
Researchers say they've uncovered a flaw in the secure sockets layer protocol that allows attackers to inject text into encrypted traffic passing between two endpoints.…
Judge spanks lawyer for leaking personal details in brief
'Negligent, inattentive electronic filing'
A judge has chastised a lawyer for including the social security numbers and birthdays of 179 individuals in an electronic court brief, ordering him to pay a $5,000 sanction and provide credit monitoring.…
Men allegedly broke into computers of former employer
Poor password hygiene indictment
Federal authorities on Wednesday filed intrusion charges against two men accused of accessing the computer systems of their former employer.…
Twitter fanatic glimpses dark side of OAuth
'Secure' authentication can be anything but
A mobile enthusiast and professional internet strategist got a glimpse of OAuth's dark side recently when he received an urgent advisory from Twitter.…
Mac art project game destroys aliens files
Lose / Lose
A Mac game that deletes users' files has sparked a debate about whether it's malware or not.…
Google opens up OAuth to tackle password chores
Cleverness to dispose of onerous task of logging in
Google has opened up a technology designed to cut back on the number of passwords users need to access multiple websites to web developers, effectively moving the technology into the mainstream after a restricted beta lasting almost a year.…
Naked Win 7 still vulnerable to most viruses
User Account Control easily bypassed
Out-of-the-box Windows 7 machines are still vulnerable to eight out of ten viruses, according to a test by security firm Sophos.…
Whitehall plans 'White Noise' phone network collapse
Unjoined-up government, coming next week
The government will simulate a shutdown of the national phone network next week in an exercise involving hundreds of government and industry players.…
Lords want help on cyber attacks
Give the learned gents a hand
A Lords Committee is investigating European Union policy on cyber attacks and is calling for evidence from industry and other interested parties.…
PrevX piles in against bank Trojans, phishing
Plugging gaps in traditional anti-malware
The fight against banking Trojans and phishing attacks has stepped up a gear with the launch of a new product on Wednesday targeted at securing online transactions.…
Newfangled cookie attack steals/poisons website creds
Google, Facebook risk
A security researcher has discovered a weakness in a core browser protocol that compromises the security of Google, Facebook, and other websites by allowing an attacker to tamper with the cookies they set.…
Bug in latest Linux gives untrusted users root access
Protections for some, but not all
A software developer has uncovered a bug in most versions of Linux that could allow untrusted users to gain complete control over the open-source operating system.…
Trojan pokes Facebook for zombie commands
Anti-social networking
Crimeware distributors have begun using Facebook as a command and control channel for a Trojan that turns compromised Windows PCs into zombie drones.…
M86 picks up Finjan to tackle web-based threats
Doubling up on behaviour-based protection
Content security firm M86 Security has acquired web security appliance firm Finjan in a deal designed to allow it to offer better protection against both email and web-based threats. Terms of the agreement, announced Tuesday, were undisclosed.…
Devious decryption scam rides ransomware Trojan
We can remember it for you wholesale
Devious virus writers have come up with a new twist on ransomware-style malware.…
Hacker charged in $1m cable ISP customer cloning scheme
MAC spoofing biz flourished for six years
Federal prosecutors have charged a California man with earning $1m over a six-year period by illegally selling products that allowed customers to get high-speed internet service for free.…
Amazon's EC2 brings new might to password cracking
Cloudonomics and the art of black-hat hacking
Forget what you've learned about password security. A simple pass code with nothing more than lower-case letters may be all you need - provided you use 12 characters.…
US gov warns banks on money mules
More dough in the laundry
The government agency that insures US banks has warned its members to be on the lookout for an increase in money mules used to launder money that's been electronically stolen from deposit accounts.…
Notorious Kiwi pill spammers slapped with fine
Herbal King dethroned
A gang of notorious spammers from Christchurch, New Zealand have been hit with fines in the first prosecution under the country's anti-spam laws.…
Microsoft security report shows worms are returning
UK holding its own in cyber security
Microsoft's latest security intelligence report shows a resurgence in worms, although rogue security software also remains a big issue.…
Pirate Bay clampdown prompted file sharing site spike
A true 'cloud computing' effort, reports McAfee
Attempts to shut down notorious torrent tracker site The Pirate Bay have spurred a four-fold increase in the number of file sharing websites during the third quarter of 2009.…
TalkTalk to fight net disconnection plan
Speak to you in court
A major ISP has promised a court challenge to Government plans to allow the cutting off of internet connections used by people accused of unlawful file sharing. TalkTalk said it will challenge the plans in the courts.…
DDoS attacks topple 40 Swedish sites
Police among victims
Swedish authorities have few leads in their investigation of a massive denial-of-service attack on Thursday that downed about 40 websites belonging to police and media outlets.…
California man accused of DOSing site he founded
Former YouSendIt CEO and (very) prolific iPhone developer
Federal prosecutors have accused a co-founder of YouSendIt.com of repeatedly launching web attacks against the popular upload site.…
Facebook awarded $711m in 'Spamford' Wallace case
Expects to receive almost nothing
Facebook has been awarded $711 million in damages against the infamous junk mail merchant, Sanford "Spamford" Wallace, who gained access to numerous accounts on the social website and sent phony messages to their friends.…
Thieves target BT cables as scrap value rises
There's never a copper around when you need one
Thieves in Sussex made off with more than half a mile of BT cabling in an overnight operation that cut off 800 homes and businesses.…
eBay.co.uk blocked for smelling phishy
OpenDNS makes oopsie
Online tat bazaar ebay.co.uk was blocked for much of yesterday because OpenDNS wrongly labelled auction pages on the site as phishing pages.…
SANS Information Security Reading Room
Last 25 Computer Security Papers added to the Reading Room
Why Crack When You Can Pass the Hash?
Category: Penetration Testing
Paper Added: November 3, 2009
A Fuzzing Approach to Credentials Discovery using Burp Intruder
Category: Penetration Testing
Paper Added: October 29, 2009
SANS Internet Storm Center, InfoCON: green
Insider threat: The snapnames case, (Thu, Nov 5th)
Insider jobs are not often made public. So, when one does come around it's very interesting to try t ...(more)...
TLS Man-in-the-middle on renegotiation vulnerability made public, (Thu, Nov 5th)
TLS 1.0+ and SSL3 ...(more)...
Legacy systems, (Thu, Nov 5th)
IT in general is riddled with legacy system. They are inheritances of a past we 'd like to forget or ...(more)...
Sun Java 6 Update 17 out, fixes lots of security vulnerabilities (thanks Toby&Roseman), (Tue, Nov 3rd)
...(more)...
Adobe released Shockwave Player 11.5.2.602 which fixes several critical security vulnerabilities, (Tue, Nov 3rd)
...(more)...
Opachki, from (and to) Russia with love, (Tue, Nov 3rd)
Opachki is a pretty interesting link hijacking trojan that has been spreading quite a bit in last co ...(more)...
SURBL now posting abuse statistics for TLD's, (Tue, Nov 3rd)
Well it looks like the busy guys over at surbl have created an interesting new feature. They a ...(more)...
Microsoft releases v1.02 of Enhanced Mitigation Evaluation Toolkit (EMET), (Mon, Nov 2nd)
EMET has a bunch of neat features to help harden bad code (usually old bad code). T ...(more)...
Password rules: Change them every 25 years, (Mon, Nov 2nd)
While there certainly are parts of the password rules - like length, complex syntax, special charact ...(more)...
IDN ccTLDs, (Mon, Nov 2nd)
Two days ago, the ICANN authorized the introduction of country code top level domains (ccTLDs) using ...(more)...
Cyber Security Awareness Month 2009 - Summary and Links, (Sun, Nov 1st)
As requested by many readers, below are links to all 31 of the diaries that we wrote for Cyber Secur ...(more)...
Cyber Security Awareness Month - Day 31, ident, (Sat, Oct 31st)
Welcome to day 31 of Cybersecurity Awareness Month!. Ihope that you have enjoyed reading ...(more)...
New version of NIST 800-41, Firewalls and Firewall Policy Guidelines, (Fri, Oct 30th)
A new version of NIST Special Publication 800-41, Revision 1, Guidelines on Firewalls and Fire ...(more)...
ICANN Strategic Planning (2010-2013) Consultation, (Fri, Oct 30th)
ICANN is currently formulating their 2010 - 2013 Strategic Plan. In order to define priorities ...(more)...
Cyber Security Awareness Month - Day 30 - The "Common" IPSEC VPN Protocols - IKE / ISAKMP (500/udp), ESP (IP Protocol 50), NAT-T-IKE (500/udp, 4500/udp), PPTP (tcp/1723), GRE (IP Protocol 47), (Fri, Oct 30th)
IPsec is a group of protocols that together encapsulate, authentication and encrypt traffic. I ...(more)...
Help me assemble a list of "days of doom" as a followup to the ntp diary. http://jbu.me/25, (Thu, Oct 29th)
------ Johannes B. Ullrich, Ph ...(more)...
Opera browser 10.01 security bugfix released, (Thu, Oct 29th)
...(more)...
Cyber Security Awareness Month - Day 29 - dns port 53, (Thu, Oct 29th)
DNS is a network client/server protocol that allows clients to resolve hostnames into IP addresses ( ...(more)...
SANS NewsBites
All Stories From Vol: 11 - Issue: 87
Microsoft Report Says Worms Top Threat List in Enterprise Environments (November 2, 2009)
According to Microsoft's Security Intelligence Report, Conficker was the top threat to enterprise computers during the first half of 2009.......
European Commission Wants UK to Beef Up Privacy (November 2, 2009)
The European Commission says that the UK government has not adequately protected citizens' privacy.......
House Ethics Committee Report Accidentally Leaked Through P2P Network (October 30, 31 & November 2, 2009)
A confidential House Ethics Committee report was inadvertently leaked through a P2P file-sharing network.......
Global Information Security Report Sees Security Spending Stabilizing (November 2 & October 30 & 14, 2009)
According to PricewaterhouseCoopers's 7th Annual Global State of Information Security Survey 2010, 63 percent of CIOs around the world say that they intend to maintain or increase information security spending, despite economic conditions.......
Facebook Awarded US $711 Million in Damages in Spam Case (October 30 & November 2, 2009)
A California court has awarded Facebook US $711 million in damages for spam sent through its network.......
Former YouSendIt CTO Indicted on Charges Related to DoS Attacks Against Company (October 30, 2009)
A US federal grand jury has indicted Khalid Shaikh on four counts of mail fraud for allegedly launching denial-of-service (DoS) attacks against servers at YouSendIt, a company Shaikh co-founded in 2004.......
Former Bank of New York Mellon Employee Indicted on Identity Theft Charges (October 28 & 30, 2009)
Adeniyi Adeyemi has been charged with grand larceny, identity theft and money laundering in connection with the theft and misuse of Bank of New York Mellon employee information.......
IP Address Indicates North Korean Involvement in July Cyber Attacks (October 30 & November 2, 2009)
The July cyber attacks that targeted US and South Korean websites have been traced to an IP (Internet protocol) address at North Korea's Ministry of Post and Telecommunications.......
National Cybersecurity and Communications Integration Center Opens (October 30 & 31, 2009)
The US Department of Homeland Security (DHS) has unveiled a cyber security operations center designed to help the government coordinate cyber attack response.......
Automated Tools Will Help Reduce Costs of FISMA Compliance (October 30, 2009)
The Office of Management and Budget (OMB) has introduced a Federal Information Security Management Act (FISMA) reporting tool that automates the process and significantly reduces the amount of paper used in compliance reporting; the system is expected to cut associated costs as well.......
GAO Report Exposes OMB Mismanagement of FISMA As Important Cause Of US Government Cyber Security Ineffectiveness (October 29, 2009)
A GAO report published on Thursday faults OMB for reliance on "inadequate performance measures.......
Judge Denies Settlement Proposal in TD Ameritrade Case (October 27 & 28, 2009)
A federal judge has denied a proposed settlement in the TD Ameritrade data security breach case.......
Three-Quarters of Small and Mid-Sized Companies Froze or Cut Security Spending (October 28 & 29, 2009)
A McAfee survey of 100 small to medium-sized companies in each of nine countries around the world found that while 71 percent believe a data security breach could put them out of business, three-quarters of the companies either froze or reduced their information security spending in 2009.......
CalOptima Locates Disks Containing Patient Data (October 29, 2009)
Several disks that disappeared when they were sent through the mail two weeks ago have been located at a US Postal Service facility in Atlanta, GA.......
UK's Proposed Anti Piracy Policy Draws Criticism (October 28 & 29, 2009)
UK Internet service provider (ISP) TalkTalk has threatened to initiate legal action if a plan to cut Internet service to illegal filesharers is approved.......
Federal Breach Notification Law Would Help Authorities (October 28, 2009)
FBI Criminal Cyber Section chief Jeffrey Troy said that a federal law requiring entities to report data security breaches to federal authorities "would help us tremendously.......
Malware Spreading Through Phony FDIC eMails (October 27 & 28, 2009)
There are reports of phony FDIC notification emails that attempt to infect users' computers with the ZBot Trojan horse program.......
US-CERT Warns of Blackberry Spyware (October 27, 28 & 29, 2009)
The US-CERT has issued a warning about a free spyware program called PhoneSnoop that can be used to bug BlackBerry phones.......
Research Project Aims to Spoil Malware's Picnic (October 28, 2009)
Researchers at Wake Forest University and the Pacific Northwest National Laboratory have developed an army of digital ants designed to help sniff out malware.......
Two Attacks Target Facebook Users (October 28 & 29, 2009)
Phishers have been targeting Facebook users with an attack designed to steal account usernames, passwords and other sensitive information.......
European Commission to Consider Additional Data Privacy Rules Next Year (October 29, 2009)
In 2010, the European Commission plans to review privacy and data protection rules in the European Union.......
Energy Regulators Seek Authority to Enforce Security Standards Throughout Power Grid (October 27 & 28, 2009)
The Federal Energy Regulatory Commission (FERC), the North American Electric Reliability Corp.......
Firefox Update Fixes 11 Critical Flaws (October 27, 2009)
Mozilla has updated its Firefox 3.......
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Two-factor authentication, constant vigilance foils password theft
By Eric Ogren
Password stealing Trojans, keyloggers and other malware are reaping account credentials by the thousands forcing some to rethink password policies and develop new defenses.
Two-factor authentication, vigilance foils password theft
By Eric Ogren
Password stealing Trojans, keyloggers and other malware are reaping account credentials by the thousands forcing some to rethink password policies and develop new defenses.
Microsoft fixes security update that breaks Internet Explorer
By Robert Westervelt
An update released Monday corrects two issues that affect the proper display of Web pages.
Modern malware, stealthy botnets, adapt quickly, expert says
By Robert Westervelt
As network intrusion detection systems evolve so does the malware they're designed to detect, continuing the cat and mouse game between security professionals and cybercriminals.
M86 buys Web security gateway vendor Finjan
By Neil Roiter
The company plans to develop its U.S. channel, but faces market and integration challenges, according to an industry analyst.
Despite recession, information security certification pay continues to climb
By Carolyn Gibney
Pay for information security certifications continued its uptick despite a volatile IT market. Compliance and the desire to retain good security pros contributed to the rise.
Web-based attacks skyrocket, Pirating sites surge, security firms say
By Robert Westervelt
Reports highlight surge in spam as well as an increase in malicious Web pages attacking visitors with Trojan malware and downloaders.
Computer worm infections up, scareware antivirus down, Microsoft says
By Michael S. Mimoso
Microsoft's biannual report finds rogue antivirus infections and Trojan and downloader attacks down in the first six months of 2009.
Squad: Tokenization, Phishing and the Feds
By Security Squad team
SearchSecurity.com editors discuss Microsoft's record breaking patching month, DHS plans to hire cybersecurity pros, the FBI crackdown on a massive phishing ring and tokenization.
Kaspersky system analyzes malicious URLs on Twitter for malware
By Robert Westervelt
Kaspersky Krab Krawler analysis finds users fueling the number of malicious links on Twitter by posting URLs to infected websites.
US-CERT warns of Blackberry snooping software
By Robert Westervelt
PhoneSnoop can configure the Blackberry speakerphone to function as a listening device for a remote hacker.
US-CERT warns of BlackBerry snooping software
By Robert Westervelt
PhoneSnoop can configure the BlackBerry speakerphone to function as a listening device for a remote hacker.
Chip and PIN adoption serves lesson for U.S. payment industry
By Eric Ogren
As payment processors offer plans for end-to-end encryption, the UK is finding success with chip and pin deployments. The U.S. payment industry should take notice, expert says.
SecuriTeam
Welcome to the SecuriTeam RSS Feed - sponsored by Beyond Security. Know Your Vulnerabilities! Visit BeyondSecurity.com for your web site, network and code security audit and scanning needs.
Novell eDirectory LDAP Null Base DN DoS Vulnerability
This vulnerability allows attackers to deny services on vulnerable installations of Novell eDirectory. Authentication is not required in order to exploit this vulnerability.
HP-UX Using libc DoS Vulnerability
A potential security vulnerability has been identified in HP-UX using libc. This vulnerability could be exploited remotely to create a Denial of Service (DoS).
Adobe Shockwave Player Multiple Code Execution Vulnerabilities
Four critical vulnerabilities affecting Adobe Shockwave Player have been discovered: String Length Code Execution; Pointer Overwrite Code Execution; Invalid Pointer Code Execution and Invalid Index Code Execution.
IBM Tivoli Storage Manager CAD Service Buffer Overflow
There is a CAD Service buffer overflow vulnerability in IBM Tivoli Storage Manager Client, which can be exploited by malicious people to compromise a vulnerable system.
Hyperic HQ XSS Alerts List Vulnerability
An authenticated Hyperic user can create an alert with JavaScript code in the Description field. When a user visits the Alerts list, the Description field of every alert is displayed without properly escaping especial HTML characters, thus leading to a persistent XSS.
Microsoft SharePoint 2007 ASP.NET Source Code Disclosure
It was found that the download facility of Microsoft SharePoint Team Services can be abused to reveal the source code of ASP.NET files.
Hyperic HQ Reflected XSS in Stack Trace
The stack trace displayed on the default error page is displayed verbatim without running it through a sanitizer. This can be exploited by an attacker to execute arbitrary JavaScript code in the context of the browser of a legitimate logged in user.
Palm Pre WebOS Remote File Access Vulnerability
The Palm Pre WebOS
Android Malformed SMS and Dalvik API DoS Vulnerabilities
Android, an open source mobile phone platform, is affected by two bugs that lead to denial-of-service (DoS) conditions.
VMware Mishandled Exception and Directory Traversal Vulnerabilities
An improper setting of the exception code on page faults may allow for local privilege escalation on the guest operating system. This vulnerability does not affect the host system. A directory traversal vulnerability allows for remote retrieval of any file from the host system. In order to send a malicious request, the attacker will need to have access to the network on which the host resides.
F-Secure Generic PDF bypass
Improper parsing of the PDF structure leads to evasion of detection of malicious PDF documents at scantime and runtime. This has been tested with several malicious PDF files and represents a generic evasion of all PDF signatures and heuristics.
Asterisk ACL check Vulnerability
Unauthorized calls are allowed on prohibited networks.
Oracle Database PL/SQL Injection Vulnerability
Oracle Database 10G and 9g vulnerable to PL/SQL Injection. PL/SQL Injection found in procedure ctxsys.drvxtabc.create_tables.
Aruba Networks Malformed 802.11 Association Request DoS Vulnerability
A Denial of Service (DoS) vulnerability was discovered during standard bug reporting procedures. A malformed 802.11 association request frame causes a crash on the Access Point (AP) causing a temporary DoS condition for wireless clients. Prior successful security association with the wireless network is not required to cause this condition. The AP recovers automatically by restarting itself.
Rising Multiple Products Local Privilege Escalation Vulnerability
Rising installs the own program files with insecure permissions (Users: Full Control). Local attacker (unprivileged user) can replace some files (for example, executable files of Rising services) by malicious file and execute arbitrary code with SYSTEM privileges. This is local privilege escalation vulnerability.
KDE Multiple Vulnerabilities
KDE, an open source desktop environment, suffers from several bugs that pose a security risk.
McAfee generic PDF detection bypass
Improper parsing of the PDF structure leads to evasion of detection of malicious PDF documents at scantime and runtime.
Mozilla Firefox Floating Point Memory Allocation Vulnerability
The vulnerability is caused due to an array indexing error while allocating space for floating point numbers. This can be exploited to trigger a memory corruption when a specially crafted floating point number is processed. Successful exploitation allows execution of arbitrary code.
Mozilla Firefox GIF Color Map Parsing Buffer Overflow Vulnerability
Remote exploitation of a buffer overflow in the Mozilla Foundation's libpr0n image processing library allows attackers to execute arbitrary code.
TwonkyMedia Server Multiple Cross-Site Scripting Vulnerabilities
The TwonkyMedia web server fails to adequately sanitize user input (HTTP request strings and form input); thus, an attacker may be able to execute arbitrary script code in a victim's browser.
Security - RSS Feeds
Security - RSS Feeds
FBI: Online Banking Attacks Reach $100 Million Mark
In an intelligece note, FBI officials say a mix of banking Trojans and phishing attacks has plagued victims - mainly public institutions and small to midsized businesses - to the tune of $100 million in attempted losses as of October.
- Malware and phishing schemes targeting online bankers have spurred a jump in Automated Clearing House (ACH) fraud that has led to $100 million in attempted losses as of October, according to the FBI. In an intelligence note released earlier this week by the Internet Crime Complaint Center (IC3), ...
Botnets Tighten Defenses Year After McColo Shutdown
In the roughly 12 months since the McColo shutdown caused a short but dramatic drop in spam, botnet operators have changed tactics to minimize the impact of authorities shutting down their ISPs. Security researchers discussed how with eWEEK.
- In the year since the shutdown of notorious Web hosting firm McColo, spammers are growing strong. In fact, researchers at McAfee reported that spam accounted for 92 percent of e-mail in the second quarter of 2009. Part of this is the result of improvements by botnet operators. Like anyone who...
Windows 7 UAC Is Ineffective Security Solution for Malware, Sophos Says
A researcher at Sophos reports putting Windows 7's User Account Control feature to the test and finding the technology failed to block numerous pieces of malware. Microsoft, however, stresses that UAC is only one part of Windows 7's security.
- A researcher at Sophos called the UAC feature in Windows 7 ineffective after numerous pieces of malware snuck by the technology in a test. Microsoft first introduced User Account Control in Windows Vista to improve security. After some users complained the number of alerts it generated were an...
Man Indicted in Cable Modem Hacking Scheme
The FBI unsealed charges recently against Ryan Harris, 26, who they say developed hardware and software tools to enable people to configure their cable modems to give them free Internet access.
- Federal authorities unsealed charges in Boston Nov. 2 against a man they allege developed tools to help people steal free Internet access by modifying cable modems. Charges against 26-year-old Ryan Harris, who has residences in Redmond, Ore., and San Diego, were unveiled Nov. 2. According...
How to Protect Against Web 2.0 Crime and Data Breaches
Facebook, Twitter, MySpace, blogs and other Web 2.0 technologies have created new opportunities for individuals, enterprises and governments. But where law-abiding users go, cyber-criminals quickly follow. It's critical for users to be wary of increasingly sophisticated online threats from the recently discovered Botnet platform to cyber-criminals who infiltrate networks to steal data and identities. Here, Knowledge Center contributor Yuval Ben-Itzhak explains how users can protect their systems from cyber-criminals, phishing, botnets, viruses, Trojans and other malware.
- In today's Web 2.0 world, information sharing, online shopping and remote working are just a few examples of the many benefits the Internet and Web 2.0 technologies offer us. Blogs and social networks such as Facebook, Twitter and MySpace are becoming increasingly popular, with individual users and ...
M86 Buys Finjan in Web Security Play
Fresh off the acquisition of Avinti, M86 Security announces the acquisition of Finjan. The deal, made for an undisclosed sum, brings Finjan's enterprise-class solutions to the company.
- M86 Security has acquired Finjan as part of a push into the enterprise secure Web gateway and software-as-a-service businesses. Financial terms of the deal were not disclosed, but the buy is the latest in a string of acquisitions and mergers by the company. Formed last year by the merger of Marshal...
Security Vendors Take Hybrid Approach to Web Filtering
To help enterprises deal with a growing number of remote workers, cloud-based URL filtering is likely to continue to gain traction.
- With more employees operating outside the workplace, solving the problem of web filtering for remote workers has gotten attention from a number of security vendors. Addressing it has led some vendors to push a hybrid approach of cloud-based and on-premise technology - something that may gain tracti...
Symantec Uncovers Trojan Scheme Using Facebook
Researchers at Symantec find a Trojan that uses Facebook to communicate with a command and control server.
- Researchers at Symantec have uncovered a Trojan using Facebook as a coordinator for its command and control server. The Trojan malware, known to Symantec as Whitewell, is being spread via e-mail through quot;documents (PDF, or MS Office formats) containing exploits for known vulnerabilities, qu...
10 Reasons Why Google Android Is Secure
News Analysis: Google's Android platform is a relatively secure operating system. It has a number of features that make it a fine alternative to the iPhone. But it's important for users to understand just how Google built security into the mobile operating system.
- The debate over which mobile platform iPhone, Android, Windows Mobile or BlackBerry is best might rage for hours. Everything is subjective. But it's security that may matter most when considering a mobile phone. Will the phone provide the kind of security required when important data is transmi...
Tech Prods Obama over Cyber Czar
TechAmerica tells President Obama his promise to appoint a cyber-security coordinator in the White House is growing more urgent by the day. Obama promised to appoint a cyber-security coordinator more than five months ago.
- The tech industry is growing impatient over President Obama's failure so far to appoint a cyber-security coordinator in the White House. It has been more than five months since Obama held a much ballyhooed media event on the importance of cyber-security and pledging to appoint a cyber-security ...
Microsoft Security Report Underscores Weak Enterprise Security Policies
In an analysis of the top security threats during the first half of 2009, Microsoft's findings show the importance of having sound guidelines governing thumb drives and connecting to corporate networks from machines outside the enterprise. According to Microsoft, both Conficker and another notorious worm took advantage of poor policies around USB devices to spread.
- In its biannual snapshot of the security landscape, Microsoft has uncovered a resurgence a worms that underscores the importance of having sound security guidelines for removable USB devices accessing corporate networks. While Volume 7 of Microsofts Security Intelligence Report found that Tr...
Conficker, Still Infecting Windows Machines a Year Later, Remains an Enigma
A year after Conficker sprang into the public consciousness, the notorious Windows worm continues to claim millions of victims. While the hype has died down, the worm remains an example of the dangers of cutting-edge malware and how cooperation in the security community can make the difference.
- The Conficker worm struck Windows computers this past year with the force of a tsunami and swept away illusions of security in the minds of its victims. But after the overhyped April 1 deadline passed quietly, interest in the general public started to dwindle, and the malware for some became ...
10 Windows 7 Security Features You Should Know About
Now that Windows 7 has been available for over a week, some users are diving into the new operating system. They're learning all about the new and improved Taskbar. They're checking out some of the new design tweaks. But it's the silent protection in the background that might be providing the most value to those users. Windows 7 is packed with security features that Microsoft no doubt hopes will help it earn the moniker of safest Windows release in recent memory. This slide show highlights some of the top security features in Windows 7, so you can be aware of how you can keep yourself safe in the Windows ecosystem.
- ...
Facebook Awarded $711 Million in Spam Case
Facebook won a victory against spammers Oct. 29 when a judge in California awarded the site some $711 million in damages in relation to an anti-spam case.
- Facebook scored a win against a notorious spammer in federal court. The social networking site was awarded $711 million in damages Oct. 29 by a U.S. District Court in San Jose, Calif. The judge found spammer Sanford Wallace guilty of violating the Can-Spam Act as well as a temporary restrai...
The 10 Scariest Technology Ideas
Plenty of technologies and products are based on or full of bad ideas. But sometimes these ideas go from being bad to being scary. These ideas, usually put forth in the name of ease of use or increased functionality, actually serve to make products dangerous to use, threatening users' security, privacy, finances and even their lives. A list like this could easily become very long, especially if we included biotech and health products. But, for now, we'll focus on classic PC, Internet and mobile technologies in use by businesses and individuals today.
- ...
10 Essential Things Companies Should Teach Employees About Security
News Analysis: As many security systems as an organization might have, the last line of defense rests with the employees. That's precisely why companies need to do a good job of educating employees about security. Employees have to be directly engaged in the IT security process.
- When it comes to enterprise security, ensuring that sensitive data doesn't find its way out and beyond the control of the office is a major concern for most companies. That's why they enlist the help of security software, hardware systems and anything else that can possibly keep data secure. It's...
Security Fix
Brian Krebs on computer and Internet security
Microsoft Fixes Eight Security Flaws
In New Patches
Microsoft today pushed out software updates to plug at least eight critical security holes in computers powered by its various Windows operating systems. The patches are available through Windows Update or via Automatic Updates. The flaws were addressed in a bundle of five patches, each of which earned Microsoft's most dire "critical" rating, meaning they are serious enough that attackers could break into systems without any help from users. One particularly dangerous flaw covered by this month's patch batch is a problem with the way Windows handles Javascript. While this flaw stems from a faulty component of the Windows operating system, it would most likely be exploitable through Internet Explorer versions 6, 7 and 8, said Wolfgang Kandek, chief technology officer at software security provider Qualys. The flaw resides in every version of Windows except Windows 7. In fact, none of the vulnerabilities patched today affect Windows 7, Kandek said.
More Business Banking Victims Speak Out
In Web Fraud 2.0
Since our story about Eastern European cyber crooks targeting small to mid-sized U.S. businesses ran last week, I've heard from a few more victims. Eerie similarities in their descriptions of how they were robbed suggest the bulk of this crime may be the work of one or two gangs. David Johnston, owner of Sign Designs, Inc., a Modesto, Calif.-based company that makes and installs electric signs, said his company lost nearly $100,000 on July 23, when crooks used the company's credentials to log in to its online banking account and initiate a series of transfers to 17 accomplices at seven banks around the country. "Our daily limit on these transactions was $100,000, and [the thieves] took just $47 short of that amount," Johnston said. "What we're looking at really is the bank robber of 2009. They don't use a gun, they have lots of helpers, their [profits] are huge, and
Apple Updates Java, Backdates Flash
In New Patches
Apple Thursday shipped an update to plug a slew of critical security holes in its version of Java for Leopard systems (OS X 10.5). In other Apple patch news, it appears those who have updated to the latest version of OS X -- 10.6/Snow Leopard -- received an insecure version of the Adobe Flash player. The Java update brings Mac's version of Java to 10.5 Update 5, and fixes at least 16 security flaws in the program. Users can grab the patch through Software Update or directly from Apple Software Downloads. Mac users who have upgraded to Snow Leopard should be aware that the current version of the installation disc comes with an outdated version of Flash -- version 10.0.23.1. Snow Leopard users can upgrade to the latest version -- 10.0.32.18 -- by visiting the Flash Player Download Center.
What To Do When Scareware Strikes
In Safety Tips
Mrs. Krebs and I were enjoying a relaxing, quiet morning last Saturday in our living room -- silently bonding with our respective laptops propped on our knees -- when she nearly jumped off of the sofa, shouting, "Uh oh! It's one of those fake virus things popping up! WhatdoIdo!?!?" It occurred to me as I reached for her computer that most people probably wouldn't know what to do should they stumble across a hacked or malicious site that tries to frighten and corral visitors into downloading and purchasing some rogue anti-virus product (a.k.a. "scareware"). The misleading pop-ups and animations about supposed security and privacy threats are unnerving, to be sure, and can be awfully convincing to the unwary. Typically, they are the result of scripts stitched into legitimate, hacked Web sites, or into banner ads that scam artists stealthily submit to some online ad networks. It is tempting to try
Getting Friended By Koobface
In From the Bunker
You know you've attracted the attention of online troublemakers when they start using their malicious software to taunt you by name. Such is apparently the case with the latest version of Koobface, a worm that spreads on Facebook, Twitter and other Web 2.0 sites and turns infected systems into bots that can be used for a variety of improper and possibly criminal purposes. According to an analysis performed on the malware by researchers from the University of Alabama at Birmingham, the latest version references a domain that begins with an expletive and ends with ...briankrebs.com (if you figure it out please DO NOT visit this Web site, as you could pick up a malicious program). I suppose I should be flattered, as I'm in good company: According to the researchers, this Koobface variant also forces infected systems to call out to another domain that drops an expletive in the middle
Snow Leopard's Anti-Malware Feature
In Safety Tips
Apple has long maintained that Mac users don't need to worry about viruses and other malicious software. So it's hardly surprising that many media outlets have seized upon revelations that Snow Leopard, the newest version of Apple's OS X operating system, detects and warns users about certain types of malicious software designed to attack Macs. Snow Leopard went on sale Friday and I haven't had a chance to fiddle with it yet (I'm hoping to tackle this over the weekend). By most accounts this anti-malware feature is fairly limited, with the caveat that it could quite easily be expanded to accommodate future security threats to the Mac platform. A blog entry from computer security firm Sophos includes a clever video showing the performance of the Snow Leopard feature alongside the company's own security software built for the Mac. Graham Cluley, a senior technology consultant at Sophos, said Snow Leopard's ability
Phishing Attacks on the Wane
In Latest Warnings
Phishing attacks have fallen out of favor among cyber crooks who make a living stealing personal and financial information, according to a report released this week by IBM. Instead, attackers increasingly are using malicious Web links and password-stealing Trojan horse programs to filch information from victims, the company found. The analysis from X-Force, IBM's security research and development division, notes that Trojan horse programs are taking the place of phishing attacks aimed at financial targets. The company found that throughout 2008, phishing volume was, on average, 0.5 percent of overall spam volume. In the first half of 2009, however, phishing attacks fell to an average of 0.1 percent of spam volume. The targets of phishing attacks also changed, IBM says: In the first half of 2009, 66 percent of phishing schemes targeted the financial industry, down from 90 percent in 2008. I looked at the number of phishing sites tagged
U.K. Govt: Spammers Before Downloaders?
In From the Bunker
The British government plans to suspend the Internet accounts of residents suspected of downloading pirated music and films, according to news reports. But the latest figures on the geographic location spam-spewing zombie PCs suggest the U.K. government might do better to start by disconnecting the nation's most notorious uploaders. The Associated Press reports that plans announced Tuesday by the British Treasury Minister include blocking access to download sites, and temporarily suspending users' Internet accounts. The story didn't say how many of Britain's estimated 48.7 million Internet users are suspected of being serial music and movie downloaders. But Security Fix reviewed the 8.8 million Internet addresses around the globe that are on Spamhaus.org's composite block list -- which tracks connections that show strong signs of being spam relays -- and found that roughly 60,000 U.K. systems currently are blasting junk e-mail to the rest of the world on behalf of spammers.
Microsoft Expands Office Anti-Piracy Program
In New Patches
Microsoft expanded its anti-piracy program this week, shipping a new software update that checks whether Office users are running a licensed or pirated version of the productivity suite. Windows users who have Automatic Updates turned on probably have by now noticed at least one new update available from Redmond. The patch represents the next phase of the Office Genuine Advantage (OGA) anti-piracy pilot program Microsoft launched last year. Microsoft says the update is being gradually rolled out to different countries, so the update will not be available to everyone at the same time. The program checks against Office XP, Office 2003, and Office 2007 installations. Even users who have Automatic Updates set to download and install patches for them will need to approve a license agreement before the OGA patch will fully install. That's a good thing, too, because according to Microsoft, this patch cannot be removed once it is
Businesses Reluctant to Report Online Banking Fraud
In Latest Warnings
A confidential alert sent on Friday by a banking industry association to its members warns that Eastern European cyber gangs are stealing millions of dollars from small to mid-sizes businesses through online banking fraud. Unfortunately, many victimized companies are reluctant to come forward out of fear of retribution by their bank. According to the alert, sent by the Financial Services Information Sharing and Analysis Center (FS-ISAC), the victims of this type of fraud tell different stories, but the basic elements are the same: Malicious software planted on a company's Microsoft Windows PC allows the crooks to gain access to the victim's corporate bank account online. The attackers wire chunks of money to unwitting and in some cases knowing accomplices in the United States who then wire the money to the fraudsters overseas. As grave as that sounds, the actual losses from this increasingly common type of online crime almost certainly
Tighter Security Urged for Businesses Banking Online
In Safety Tips
An industry group representing some of nation's largest banks sent a private alert to its members last week warning about a surge in reported cybercrime targeting small to mid-sized business. The advisory, issued by the Financial Services Information Sharing and Analysis Center, recommends that commercial banking customers take some fairly rigorous steps to secure their online banking accounts. For example, the group recommends that commercial banking customers "carry out all online banking activity from a standalone, hardened, and locked-down computer from which e-mail and Web browsing is not possible." Such a system might be a virgin install of Windows with all the proper updates, using something like Microsoft steady state. Even smarter would be a Mac, or some flavor of Linux, or even a Live CD distribution of Linux (after shutdown, all changes are erased). Why take such extreme precautions? The alert indicates that the sophistication, stealth, and sheer volume
Malware Writers: Will That Be OS X, or W?
In Latest Warnings
Security researchers increasingly are finding that sites designed to trick the visitor into installing malicious software will serve different malware depending on whether the visitor arrives at the page using a Microsoft Windows PC or a Mac. Trend Micro researcher Ivan Macalintal recently found a new variant of the dreaded DNS changer Trojan that checks to see which operating system the visitor's Web browser appears to be riding on, and then offers the appropriate Windows- or Mac-based installer. The malware was masquerading as a pirated version of Foxit Reader and several anti-virus applications. This follows a similar finding last month by McAfee, which spotted the same tactic being used at sites that try to trick the user into installing a browser plug-in supposedly needed to view online videos: The bogus plug-in was offered as a ".exe" file for Windows visitors, and a ".dmg" installer file for those who browsed the
TwitBlock Helps Root Out Spammy Followers
In Safety Tips
Those of you who use Twitter know how quickly one can accumulate unknown "followers," people who sign up to receive updates on their Twitter pages whenever you post a Tweet. Unfortunately, it's not uncommon to find that a number of those unknown followers aren't really people at all, but fake profiles designed to draw visitors away from your profile to adult Web sites and other dicey online destinations. A new service called TwitBlock makes this task of separating spam from fan an interesting and fun - if not always accurate - exercise (hat tip to Mashable). TwitBlock uses OAuth, an open authentication protocol that allows users to approve an application to act on their behalf without sharing their password. More information on using OAuth is available here. The criteria by which TwitBlock rates the spamminess of a Twitter follower is explained here. TwitBlock is still in alpha mode, meaning it
TJX Hacker Indicted in Heartland, Hannaford Breaches
In Fraud
A federal grand jury has indicted three individuals for allegedly hacking into credit and debit card payment processing giant Heartland Payment Systems last year, as part of an investigation the Justice Department is calling the largest identity theft case ever prosecuted. According to indictments returned Monday in a New Jersey federal court, the government believes the same individuals were involved in a string of high-profile data breaches between October 2006 and May 2008, including intrusions at Hannaford Brothers Co., and 7-Eleven, Inc. In total, the government alleges the hackers stole data on more than 130 million credit and debit cards from Princeton, NJ-based Heartland. Read the full story, at this link here. A copy of the indictment is available here.
Security Patch Catchup: Java, Safari & OS X
In New Patches
Security Fix took a mini-vacation last week, but that's all it takes to fall behind in important software security updates. Here's a quick pointer to some recent updates that have recently happened. The last time I wrote about Java updates was at Update 13, but as several readers have pointed out, the latest version is now Update 16. Near as I could tell, Updates 14 and 16 did not include security updates. Indeed, Java maker Sun Microsystems says users who have Java SE 6 Update 15 have the latest security fixes and do not need to upgrade to version 16 to be current on security fixes. However, Update 15 shipped fixes for a number of serious security holes, so if you've got an earlier version of this program installed, take a few minutes to update. Don't know whether you have Java or what version you may have? Visit this link.
Microsoft Fixes 19 Windows Security Flaws
In New Patches
Microsoft today issued a raft of software updates to plug at least 19 security holes in its various Windows operating systems and other software, 15 of which earned the company's most dire "critical" rating. This month's batch of patches fix some fairly dangerous flaws. Redmond labels a security flaw "critical" if attackers could use it to seize control over a vulnerable system without any help from the victim. What's more, a dozen of the flaws earned the highest rating on Microsoft's "exploitability index," which is the software maker's best estimation of the likelihood that criminals will soon develop reliable ways to exploit them to break into Windows-based machines. Patches are available for Windows 2000, XP, Vista, Windows Server 2003 and Windows Server 2008. Microsoft said none of the vulnerabilities affect Windows 7, its newest operating system. Windows users can download the updates from Windows Update or via Automatic Updates Many
Russia-Georgia Conflict Blamed for Twitter, Facebook Outages
In Misc.
The theories behind who and what attacked Twitter and Facebook yesterday -- causing intermittent outages at each -- are flying like so many tweets across the Internet. The prevailing theory suggests that the outage was due to a cyber skirmish stemming from simmering tensions between Russia and Georgia. CNet and CNN place blame for the incident on an elaborate, politically motivated vendetta timed to coincide with the one year anniversary of the Russia-Georgia war, a brief but costly skirmish in August 2008 accompanied by cyber attacks on Georgian government Web sites. In short: the outage at Twitter (and to a lesser extent Facebook & LiveJournal) was due to an effort to silence an anti-Russian blogger from Tbilisi who has been calling attention to a recent resurgence of tensions in the region. CNet cites Facebook's Chief Security Officer Max Kelly saying that a political blogger using the online name "Cyxymu" -
Hackers Target House.gov Sites
In U.S. Government
Hackers broke into more than a dozen Web sites for members of the U.S. House of Representatives in the past week, replacing portions of their home pages with digital graffiti, according House officials. The landing pages at house.gov for Reps. Duncan Hunter (R-Calif.), Jesse L. Jackson, Jr. (D-Ill.), and Spencer Bachus (R-Ala.) were among at least 18 member pages that were defaced in a series of break-ins that apparently began earlier this month, according to zone-h.com, a site that archives evidence of Web site attacks. Adam Bozzi, a spokesman for Rep. Harry Mitchell (D-Ariz.), confirmed that Mitchell's site was among those hacked. Bozzi said it appears the attackers broke in by guessing passwords used to administer the site. Bozzi said the messages that the hackers left behind had been erased, and that his office now has stronger passwords for the site. The hackers replaced portions of the member pages with
Researchers: XML Security Flaws are Pervasive
In New Patches
Security researchers today unveiled details about a little-known but ubiquitous class of vulnerabilities that may reside in a range of Internet components, from Web applications to mobile and cloud computing platforms to documents, images and instant messaging products. At issue are problems with the way many hardware and software makers handle data from an open standard called XML. Short for "eXtensible Markup Language," XML has been used for many years as a fast and efficient way to transport, store and structure information across a wide range of often disparate applications. Researchers at Codenomicon Ltd., a security testing company out of Oulu, Finland, say they found multiple critical flaws in XML "libraries," chunks of code that are typically used and re-used in software applications to process XML data. Codenomicon is a spinoff from the University of Oulu, and is run by many of the same individuals who in 2001-2002 found and
Twitter Tries to Tame Tainted Links
In From the Bunker
Faced with a recent surge in the number of malicious software programs using its micro-blogging service to spread, Twitter is making an effort to block users from posting links to known malicious Web sites. The initiative, first noted in a blog posting by Finnish anti-virus maker F-Secure Corp., involves the use of Google's Safe Browsing program, which the search giant uses to prevent Internet users from visiting Web sites that Google's bots have flagged for installing malicious software. "Our Safety and Security team has been using the Safebrowsing API for many months," Twitter co-founder Biz Stone wrote in a reply to an inquiry by Security Fix. Web sites flagged in Google searches by the Safe Browsing bots are generally accompanied by a warning under the search result listing that reads: "This Site May Harm Your Computer." If you ignore that warning and click the link anyway, Google will try to
Security Updates for iPhone, Adobe Reader
In New Patches
Apple has issued a security update for the iPhone. The patch fixes a vulnerability demonstrated recently at a hacker conference in Las Vegas, where security researchers showed they could hijack an iPhone simply by sending it a series of booby-trapped text messages. Apple's patch comes in response to research revealed at last week's Black Hat security conference, by well-known Apple hacker Charlie Miller and co-presenter Collin Mulliner, a Ph.D. student in telecommunications security at the Technical University of Berlin. The two showed that a specially designed text-message barrage could allow attackers to hijack various iPhone core functions, such as making calls and turning on the device's microphone and camera. The update is available only through iTunes, which should auto-detect that the update is available. If it doesn't, or you don't want to wait around for an auto-update notice (Apple says that process can take up to a week), click the
Following the Money: Rogue Anti-virus Software
In Web Fraud 2.0
By its very nature, the architecture and limited rules governing the Web make it difficult to track individuals who might be involved in improper activity. Cyber-sleuths often must navigate through a maze of dead-end records, pseudonyms or anonymous corporations, usually based overseas. The success rate is fairly low. Even if you manage to trace one link in the chain -- such as a payment processor or Web host -- the business or person involved claims that he or she was merely providing a legal service to an unknown client who turns out to be a scammer. But every so often, subtle links between the various layers suggest a more visible role by various parties involved. This was what I found recently, when I began investigating a Web site name called innovagest2000.com. This Innovagest2000 domain has for at least four years now been associated with spyware and so-called "scareware," surreptitiously installed
Critical Update for Adobe Flash Player
In New Patches
Adobe Systems Inc. today issued a security update to its Flash player to plug at least a dozen security holes in the software, including some that hackers have been using in to break into vulnerable systems. The latest update brings Flash player to version 10.0.32.18. Updates are available for most Flash installations on Windows, Mac and Linux machines. To find out what version of Flash you have, visit this page. Adobe recommends users of Adobe AIR version 1.5.1 and earlier versions update to Adobe AIR 1.5.2 Bear in mind that depending on the number of Web browsers you use, you may need to install this update more than once. For example, Windows users who use both Internet Explorer and Firefox will need to visit the Flash download page with each browser. The IE update requires the installation of an ActiveX control, while the Firefox update page asks you to download
Clampi Trojan: The Rise of Matryoshka Malware
In Fraud
Last week, Security Fix told the online banking saga of Slack Auto Parts, a company in Georgia that lost nearly $75,000 at the hands of an extremely sophisticated malicious software family known as "Clampi". I only mentioned the malware in passing, but it deserves a closer look: Research released this week by a top malware analyst suggests that Clampi is among the stealthiest and most pervasive threats to Microsoft Windows systems today. Joe Stewart, director of malware research for the Counter Threat Unit at computer security firm SecureWorks, said Clampi appears to have spread to hundreds of thousands of Windows systems, since its debut in 2007. Unlike other malware families designed to steal credentials -- which are frequently sold and used among the larger cyber criminal community -- Stewart said Clampi appears to be the ever-evolving weapon used by a single organized crime group operating out of Eastern Europe that
Weaponizing Web 2.0
In From the Bunker
Imagine simply visiting a Web forum and finding that doing so forced your browser to post an embarrassing Twitter message to all of your contacts, or caused you to admit a stranger to your online social network. Now consider the same dynamic being used to move money out of your online auction account or delete the contents of your e-mail inbox. These are just a taste of the Web 2.0 cross-site trust issues explored in a talk delivered at the Black Hat security conference in Las Vegas today. The presenters, researchers Nathan Hamiel and Shawn Moyer, delivered a related talk at Black Hat last year called "Satan is on my Friends List," that was highly entertaining and relevant to similar trust concerns that plague dozens of social networking sites. And since I am unfortunately not going to be at Black Hat this year, I wanted to catch up with them
Report: First Lady Safehouse Route, Govt. Mafia Trial Info, Leaked on P2P Networks
In U.S. Government
Update, 2:15 p.m. ET: A previous version of this story incorrectly stated that files were found on P2P networks that listed the location of nuclear missile silos in the United States. A spokesman for the committee said the information regarding nuclear installations is related to sensitive documents accidentally published on the Web site of the Government Printing Office recently, which included a "detailed list of the civilian nuclear complex, including precise locations of weapons grade nuclear fuel." An earlier version also incorrectly stated that on information the location of a safe house for Michelle Obama was compromised. The safe house was designed for former First Lady Laura Bush. The text below has been changed. The latest caches of sensitive data reportedly found on peer-to-peer (P2P) file-sharing networks are shocking: A highly sensitive document dated July 2009, listing the precise location of installations bearing weapons grade nuclear fuel in the United
Microsoft's Emergency Patch Mess
In New Patches
Microsoft today released a pair of emergency software updates (Redmond calls them "out-of-band" updates). Yes, that's right folks: If you use Windows -- and especially if you browse the Web with Internet Exploder Explorer - it's once again time to update. The backstory to these patches is a bit complex, so here's the short version: A while back, Microsoft introduced several security flaws into a set of widely-used third-party software development tools, and today it's correcting that error by issuing an updated set of tools. Another update tries to block attackers from exploiting those weaknesses while third-party software makers figure out how to fix their code with the updated tools. On a scale of 1 to 10, with 10 being the most dire and far-reaching, Eric Schultze, chief technology officer at Shavlik Technologies, said he'd put the seriousness of today's out-of-band patch releases at an 8. "When I was at
Microsoft to Issue Emergency Patches Next Week
In New Patches
As Security Fix predicted earlier this week, Microsoft says it plans to issue at least two out-of-band software updates next week to plug a series of unusually stubborn and critical security holes in the Windows operating system and its Internet Explorer Web browser. Microsoft says it will issue two patches -- one to deal with problems in Internet Explorer, and another to fix a bug in its Visual Studio software suite. From Microsoft: While we can't go into specifics about the issue prior to release, we can say that the Visual Studio bulletin will address an issue that can affect certain types of applications. The Internet Explorer bulletin will provide defense-in-depth changes to Internet Explorer to help provide additional protections for the issues addressed by the Visual Studio bulletin. The Internet Explorer update will also address vulnerabilities rated as Critical that are unrelated to the Visual Studio bulletin that were
Network Solutions Hack Compromises 573,000 Credit, Debit Accounts
In Latest Warnings
Hackers have broken into Web servers owned by domain registrar and hosting provider Network Solutions, planting rogue code that resulted in the compromise of more than 573,000 debit and credit card accounts over the past three months, Security Fix has learned. Herndon, Va. based Network Solutions discovered in early June that attackers had hacked into Web servers the company uses to provide e-commerce services - a package that includes everything from Web hosting to payment processing -- to at least 4,343 customers, mostly mom-and-pop online stores. The malicious code left behind by the attackers allowed them to intercept personal and financial information for customers who purchased from those stores, Network Solutions spokeswoman Susan Wade said. Wade said the company is working with federal law enforcement and a commercial data breach forensics team to determine the cause and source of the break-in. The payment data stolen was captured from transactions made
Service Offers to Retrieve Stolen Data, For a Fee
In Web Fraud 2.0
A former cyber cop in the United Kingdom is heading up a new online portal that claims to offer a searchable database of about 120 million consumer records that have been phished, hacked or otherwise stolen by computer crooks. Visitors who search for their information and find a match can verify which data were stolen -- for a £10 ($16.50) fee. Colin Holder, a retired detective sergeant with the Metropolitan Police, said the idea for lucidintelligence.com became obvious shortly after he resigned from the U.K. fraud squad in 2004. "About six months after I retired, I was contacted by an old source who said he was seeing a vast amount of credit card and other personal data being exchanged between criminals, and what could he do with it,'" Holder recalled. Many companies scour e-crime chat rooms and message boards for stolen data, and share that data with banks and companies
Attackers Target New Adobe Flash/Reader Flaw
In Latest Warnings
Adobe Systems Inc. said Tuesday it is investigating reports that attackers are exploiting a previously unknown security hole in its Acrobat, Flash and PDF Reader applications. Adobe's security advisory says the security weakness appears to affect Adobe Reader and Acrobat 9.1.2, as well as Adobe Flash Player 9 and 10.That's about the extent of the information provided by Adobe at this point. Meanwhile, Symantec says it has seen several instances of this vulnerability being exploited in targeted attacks -- such as those in which the attackers include a poisoned attachment in an e-mail that addresses the recipient by name. Marc Fossi, manager of development at Symantec, said the attacks the company has seen so far involve booby-trapped PDF files that take advantage of Adobe Flash functions built into Reader. Fossi said none of the attacks so far have used stand-alone Flash, such as a malicious Flash movie embedded in a
Microsoft Scrambling to Close Stubborn Security Hole
In Latest Warnings
Microsoft may soon be taking the unusual step of issuing an out-of-band security update to address multiple weaknesses that stem from a Windows security flaw that the software giant tried to fix earlier this month, Security Fix has learned. Last week, on its regularly scheduled Patch Tuesday (second Tuesday of the month), Redmond issued software updates to plug nine security holes. Among those was a patch for a flaw in Windows and Internet Explorer that hackers were exploiting to break into PCs. However, it soon became clear that Microsoft had known about this vulnerability since at least April 2008. On July 9, noted security researcher Halvar Flake published a blog post suggesting that the reason Microsoft took so long to fix the bug may be because the flaw was caused by a far more systemic problem in Windows. According to Flake, the problem resides in a collection of code that
Update for Norton Internet Security & Firefox 3.5
In New Patches
A few readers have asked me why their installation of Norton Internet Security 2009 won't play nice with their copy of Firefox 3.5. Symantec now has an update to fix this compatibility issue. The problem was with the Norton Toolbar, a component of NIS2009 that Symantec markets as a way to encrypt and securely store your passwords and logins, and other sensitive data. I know many people who use this feature, so if you're one of them, follow the instructions here to get this feature to work with Firefox 3.5. If you use NIS2009 but don't store your personal data with the toolbar, there is no need to install this update. NIS has earned a bad rap over the years for being a slow, resource-hogging beast of an anti-virus program, but when I trialed the program for a few months, I found NIS2009 to be very fast and unobtrusive. Still,
The Growing Threat to Business Banking Online
In Latest Warnings
Federal investigators are fielding a large number of complaints from organizations that are being fleeced by a potent combination of organized cyber crooks abroad, sophisticated malicious software and not-so-sophisticated accomplices here in the United States, Security Fix has learned. The attacks also are exposing a poorly-kept secret in the commercial banking business: That companies big and small enjoy few of the protections afforded to consumers when faced with cyber fraud. Earlier this month, I wrote about Bullitt County, Kentucky, which lost $415,000 after criminals planted malicious software on the county treasurer's PC. That rogue program allowed the crooks to initiate wire transfers to more than two dozen so-called "money mules," people duped into laundering the money and wiring it to the perpetrators in Ukraine. A few days after that story ran, I heard from a source in federal law enforcement who said the attack against Bullitt County was only the
Firefox Update Plugs Critical Security Hole
In Safety Tips
Mozilla has pushed out an update to Firefox 3.5 to plug a critical security hole that Security Fix warned about this week. According to the SANS Internet Storm Center, there have been reports of public exploits for this flaw being used in the wild. The update brings Firefox 3.5 to version 3.5.1, and can be installed by selecting "Help," and then "Check for Updates," (3.5 users may also have the update auto-installed upon restarting the browser). This update appears to fix a number of other stability and security issues as well. If you took my advice to blunt the threat from the public exploit for this flaw, take a moment to undo the setting you changed earlier. That's because my advice was disable the vulnerable component -- Tracemonkey -- which dramatically speeds up the rendering of Javascript in Web pages, and is among the most-touted improvements in Firefox 3.5. To
PC Infections Often Spread to Web Sites
In Latest Warnings
Most people are familiar with the notion that a computer virus can be passed from PC to PC, but many folks would probably be surprised to learn that a sick PC can often pass its infection on to Web sites, too. Some of the most pervasive malicious software circulating today (e.g., Virut) includes spreading capabilities that hark back to the file-infecting methods of the earliest viruses, which spread by making copies of themselves, or by inserting their code into other files on the host system. Malware often modifies existing files on the victim's PC to maximize the chances that infected files will be shared with and downloaded onto new host systems. One of the most effective ways of doing that is for malware to inject copies of itself into all of the HTML files found on a victim's computer. The end result could be this: If the victim is also
Spammers, Virus Writers Abusing URL Shortening Services
In Latest Warnings
Purveyors of spam and malicious software are taking full advantage of URL-shortening services like bit.ly and TinyURL in a bid to trick unwary users into clicking on links to dodgy and dangerous Web sites. Fortunately, with the help of a couple of tools and some common sense, most Internet users can avoid these scams altogether. According to alerts from anti-virus vendors McAfee, Symantec and Trend Micro, the latest to abuse these services is the Koobface worm, which targets users of social networking sites like Facebook (Koobface is an anagram of Facebook) and Myspace. It's now also spreading via microblogging service Twitter. Koobface arrives as a message that urges users to click on a link to a video, which invariably leads to a site that prompts the visitor to install a missing video plug-in. The fake plug-in turns the user's system into a bot that can be used for a variety
Microsoft Patches Nine Security Flaws
In New Patches
Microsoft Corp. today issued software updates to plug at least nine different security holes in its various Windows operating systems and other software. Today's patch batch includes fixes for two very serious flaws that are actively being exploited by attackers to break into vulnerable PCs. Redmond issued patches to fix the vulnerability in its Video ActiveX Control for Internet Explorer, as well as the DirectShow flaw in Windows. Criminals currently are using both security holes to plant rogue software on PCs when users visit certain hacked or malicious Web sites. Contrary to what Microsoft itself said, the company did not release an official patch to plug the other ActiveX flaw hackers are actively exploiting -- which I first wrote about yesterday. Instead, it has released an interim workaround to blunt the threat from that weakness. Unfortunately, someone at Redmond seems to be a little confused about this point. In its
Stopgap Fix for Critical Firefox 3.5 Security Hole
In Safety Tips
Instructions showing hackers how to exploit an unpatched, critical security hole in Mozilla's new Firefox 3.5 Web browser have been posted online. So, until Mozilla can ship an update to quash this bug, Security Fix is posting instructions to help readers protect themselves from this vulnerability. The security hole has to do with a flaw in the way Firefox 3.5 handles Javascript, a powerful programming language heavily used on popular Web sites. Specifically, the vulnerability was introduced with the addition of the Tracemonkey, a new feature in 3.5 that is designed to dramatically speed up the rendering of Javascript. Vulnerability watcher Secunia rates this flaw "highly critical," noting that it is the type of flaw that criminals could use to remotely install rogue software, merely by convincing users to visit a hacked or booby-trapped Web site. Fortunately, there is a relatively easy fix for this that can be reversed once
Microsoft: Newly Discovered MS Office/IE Flaw
In Latest Warnings
For the second time in a week, Microsoft is warning that criminals are exploiting a previously unknown security hole in its software to break into Windows computers. The company has released a stopgap fix to help protect users until an official software update is available. The problem stems from yet another insecure ActiveX component, this time one made to manage Excel spreadsheets between Internet Explorer and various Microsoft Office products. In an advisory released today, Microsoft said it is aware of attacks exploiting this vulnerability, which is the sort that could give criminals complete control over a vulnerable Windows PC merely by tricking users into visiting a booby-trapped Web site with IE (yes, this means if you use Windows but consistently use a non-IE browser to surf the Web and open e-mail links, then you have little to worry about from this flaw). According to Microsoft, your system is vulnerable
PCs Used in Korean DDoS Attacks May Self Destruct
In Latest Warnings
There are signs that the concerted cyber attacks targeting U.S. and Korean government and commercial Web sites this past week are beginning to wane. Yet, even if the assaults were to be completely blocked tomorrow, the attackers could still have one last, inglorious weapon in their arsenal: New evidence suggests that the malicious code responsible for spreading this attack includes instructions to overwrite the infected PC's hard drive. Update: This is already happening. Please be sure to read the updates at the end of this post. Original post: According to Joe Stewart, director of malware research at SecureWorks, the malware that powers this attack -- a version of the Mydoom worm -- is designed to download a payload from a set of Web servers. Included in that payload is a Trojan horse program that overwrites the data on the hard drive with a message that reads "memory of the independence
Washington Post, White House, FAA, DoD, Others, Targeted in Online Attack
In U.S. Government
Washingtonpost.com and Security Fix readers may have noticed that our site was a bit slow and occasionally unreachable today. Turns out, the site has been under attack by about 60,000 compromised PCs around the globe for several hours now. We weren't the only site reportedly picked on, though. According to several security researchers who asked to remain anonymous because they are still helping to investigate the assault, the same attackers targeted Web sites for the White House, the Department of Homeland Security, the Department of Defense and the Federal Aviation Administration, with varying success. The culprit is a piece of malicious software that orders infected PCs to visit the Web sites on its hit list over and over again, all in an apparent bid to render the targets unreachable to legitimate visitors. Joe Stewart, director of malware research at Atlanta-based SecureWorks, said he examined the attack software and found that
High Crimes Using Low-Tech Attacks
In Fraud
Criminals are resurrecting low-tech attacks to siphon tens of thousands of dollars from unsuspecting victims. According to financial fraud experts, so-called "man-in-the-phone" attacks require little more than a telephone and old-fashioned con artistry. The scam works like this: The criminal calls a target, claiming to be the fraud department of the target's bank calling to alert the mark to potential unauthorized activity. The recipient of the call is then told to please hold while a fraud specialist is brought on the line. The perpetrator then calls the victim's bank, and bridges the call, while placing his portion of the call on mute. When the bank's fraud department asks various questions in a bid to authenticate the victim, the criminal records the customer's answers. Depending on the institution, the answers may include the victim's Social Security number or national ID number, a PIN or password, and/or the amount of last deposit
Predicting Social Security Numbers
In Latest Warnings
The Washington Post today carries a story I wrote about new research, which found that it is possible to guess many -- if not all -- of the nine digits in an individual's Social Security number using publicly available information, a finding experts say compromises the security of one of the most widely used consumer identifiers in the United States. The full story is here. I'm mentioning it in the blog to call attention to some resources and additional information on this subject for readers who are interested in digging deeper. In the story, we wrote of the two Carnegie Mellon University researchers: Acquisti and Gross found that it was far easier to predict SSNs for people born after 1988, when the Social Security Administration began an effort to ensure that U.S. newborns obtained their SSNs shortly after birth. They were able to identify all nine digits for 8.5 percent
Microsoft: Attacks on Unpatched Windows Flaw
In Latest Warnings
Microsoft warned today that hackers are targeting a previously unknown security hole in Windows XP and Windows Server 2003 systems to break into vulnerable PCs. Today's advisory includes instructions on how to mitigate the threat from this flaw. In a security alert posted today, Microsoft said the vulnerability could be used to install viruses or other software on a victim's PC if the user merely browsed a hacked or booby trapped Web site designed to exploit the security hole. Redmond says at this time it is aware of "limited, active attacks that exploit this vulnerability." Microsoft doesn't define "limited, active" attacks in the context of this vulnerability, but the SANS Internet Storm Center is reporting that thousands of newly compromised Web sites have been seeded with code that exploits this vulnerability. SANS also says instructions for exploiting the vulnerability have been posted to a number of Chinese Web sites. According
PC Invader Costs Ky. County $415,000
In Web Fraud 2.0
Cyber criminals based in Ukraine stole $415,000 from the coffers of Bullitt County, Kentucky this week. The crooks were aided by more than two dozen co-conspirators in the United States, as well as a strain of malicious software capable of defeating online security measures put in place by many banks. Bullitt County Attorney Walt Sholar said the trouble began on June 22, when someone started making unauthorized wire transfers of $10,000 or less from the county's payroll to accounts belonging to at least 25 individuals around the country (some individuals received multiple payments). On June 29, the county's bank realized something was wrong, and began requesting that the banks receiving those transfers start reversing them, Sholar said. "Our bank told us they would know by Thursday how many of those transactions would be able to be reversed," Sholar said. "They told us they thought we would get some of the
Spam Rates Recovering From 3FN Takedown
In From the Bunker
Google published a report on spam rates this past quarter indicating that spam volumes declined roughly 30 percent following the Federal Trade Commission's takedown of the troubled online hosting provider 3FN early last month. Google says spammers have already made up a significant amount of ground, climbing 14 percent from the initial drop. The stats differ from other figures Security Fix collected about the impact of the 3FN takedown. Google's spam data was drawn from Postini, the company's e-mail security and archiving service. The following graph shows Postini's view of spam volumes over the past six months: Read more about Google's view of spam trends, at their quarterly report, available here.
A Bustling Week for Cyber Justice
In Cyber Justice
This past week has been a bustling one for cyber justice. The Federal Trade Commission announced a settlement in its ongoing case against scareware purveyors; a notorious hacker admitted stealing roughly two million credit card numbers; the Justice Department has charged a software developer from Arkansas with launching a series of debilitating online attacks against several online news sites that carried embarrassing stories about him. Finally, a federal appeals court decision gives security vendors added protection against spurious lawsuits by adware companies. -- Last week, the FTC said it had settled with James Reno and his company ByteHosting Internet Services LLC. Both were named in the commission's broad sweep last year against purveyors of "scareware," programs that uses bogus security alerts to frighten people into paying for worthless security software. The settlement imposes a judgment of $1.9 million against Reno and Bytehosting, yet the court overseeing the case suspended all
FFSearcher: A Stealthy Evolution in Click Fraud
In Web Fraud 2.0
Every so often, a new piece of malicious software comes along that introduces a subtle yet evolutionary technological leap, a quickly-mimicked shift that allows cyber crooks to be far more stealthy in plying their trade. According to research released last week, this happened most recently in the realm of click fraud, a rapidly growing problem that inflates online advertising costs for legitimate companies and ad networks. For years, hackers have used malicious software to perpetrate click fraud by hijacking the results displayed when users search for something online. The trouble is, these scams can be rather clumsy: Victims often figure out pretty quickly that something is wrong, usually because their searches are redirected to an unfamiliar search portal, as opposed to their regular default search provider. But a new Trojan horse program being distributed by tens of thousands of recently hacked Web sites hijacks search results so that Google.com users
Ex-DHS Cyber Chief Tapped as President of ICANN
In U.S. Government
Former Department of Homeland Security cyber chief Rod A. Beckstrom has been tapped to be the new president of the Internet Corporation for Assigned Names and Numbers (ICANN), the California based non-profit that oversees the Internet's address system. Most recently, Beckstrom was director of the National Cyber Security Center -- an organization created to coordinate security efforts across the intelligence community. Beckstrom resigned that post in March, citing a lack of funding and authority. Beckstrom joins ICANN as the Internet governance body faces some of the most complex and contentious proposed changes to the Internet's addressing system in the organization's entire 11-year history. For example: -- The United States is under considerable pressure to give up control over ICANN and turn it over to international supervision and management. ICANN currently operates under a Joint Project Agreement with the U.S. government, but that agreement is due to expire at the end
Critical Security Fix for Adobe Shockwave Player
In New Patches
Adobe Systems Inc. on Tuesday issued a software update to fix a critical security flaw in its Shockwave Player, a commonly installed Web browser plug-in. According to Adobe, a malicious or hacked site could use the security hole to install malicious software if the visitor merely browses the site with a vulnerable version of the media player software. The flaw exists in Shockwave Player (also known as Macromedia Shockwave Player) version 11.5.0.596 and earlier. To find out whether Shockwave is installed and which version may be on your PC, visit this site. In a posting to its security blog, Adobe said it is not aware of any exploits in the wild for this vulnerability. Adobe recommends Shockwave Player users on Windows uninstall Shockwave version 11.5.0.596 and earlier on their systems, restart and install Shockwave version 11.5.0.600, available here. Readers should be aware that by default this patch will also try
Microsoft Debuts Free Antivirus Software Beta
In Safety Tips
Microsoft on Tuesday released a beta version of its new free anti-virus offering, Microsoft Security Essentials (a.k.a "Morro"). My review, in short: the program is a fast, easy to use and unobtrusive new addition to the stable of free anti-virus options available today. MSE is basically the next generation of Microsoft's Windows Live Onecare anti-virus and anti-spyware service, but without all of the extras, such as a firewall, data backup solution or PC performance tuning (Microsoft announced in Nov. 2008 that it would stop selling Onecare through its retail channels at the end of June 2009). The toughest part was getting the program installed. MSE can run on Windows XP, Vista or Windows 7 (both 32-bit and 64-bit versions), but it failed to install on an XP Pro system I tried to use as my initial test machine -- leaving me with nothing more than a failure message and cryptic
Accused Spam King Alan Ralsky Pleads Guilty
In Cyber Justice
Alan Ralsky, a 64-year-old Michigan man that federal investigators say was among the world's top spam kingpins, pleaded guilty on Monday to running a multi-million dollar international stock fraud scam powered by junk e-mail. Ralsky (pictured at right, courtesy of Spamhaus) and his son-in-law and chief financial officer Scott K. Bradley, 38, also of Michigan, pleaded guilty to conspiracy to commit wire fraud, money laundering and to violate the CAN-SPAM Act. Under the terms of his plea agreement, Ralsky faces as much as 87 months in prison and a $1 million fine, while Bradley could get as much as 78 months in prison and a $1 million fine under the federal sentencing guidelines. The Ralsky plea caps a long effort by the government to nab one of the most prolific spammers. In September 2005, the FBI raided Ralsky's home, but it wasn't until early 2008 that the government indicted Ralsky
Web Fraud 2.0: Franchising Cyber Crime
In Web Fraud 2.0
For the most part, cyber gangs that create malicious software and spread spam operate as shadowy, exclusive organizations that toil in secrecy, usually in Eastern Europe. But with just a few clicks, anyone can jump into business with even the most notorious of these organizations by opening up the equivalent of a franchise operation. Some of the most active of these franchises help distribute malicious software through so-called pay-per-install programs, which pay tiny commissions to the franchise operators, or so-called affiliates, each time a supplied program is installed on an unsuspecting victim's PC. These installer programs will often hijack the victim's search results, or steal data from the infected computer. Typically, affiliates will secretly bundle the installers with popular pirated software titles that are made available for download on peer-to-peer file-trading sites. In other cases, the installers are stitched into legitimate, hacked Web sites and quietly foisted upon PCs when
Malicious Attacks Most Blamed in '09 Data Breaches
In From the Bunker
Rogue employees and hackers were the most commonly cited sources of data breaches reported during the first half of 2009, according to figures released this week by the Identity Theft Resource Center, a San Diego based nonprofit. The ID Theft Center found that of the roughly 250 data breaches publicly reported in the United States between Jan. 1 and Jun. 12, victims blamed the largest share of incidents on theft by employees (18.4 percent) and hacking (18 percent). Taken together, breaches attributed to these two types of malicious attacks have increased about 10 percent over the same period in 2008. Some 44 states and the District of Columbia now have laws requiring entities that experience a breach to publicly disclose that fact. Yet, few breached entities report having done anything to safeguard data in the event that it is lost or stolen. The ITRC found only a single breach in
iPhone 3.0 Includes 46 Security Updates
In New Patches
Apple on Wednesday released the much anticipated 3.0 update for the iPhone, bundling at least 46 security fixes into a new version of the iPhone operating system that includes essential functionality such as cut-and-paste and Spotlight search. Included in the 3.0 bundle are security patches for vulnerabilities in a broad range of iPhone components, including Safari and Mail. The mail flaw, for example, could allow a malicious app or attacker to place a phone call without user interaction. A host of other security holes fixed by this update could allow a remote attacker or Web site to run malicious code on the device or cause it to crash. The update is available only through iTunes. My colleague Rob Pegoraro has a more in-depth post about the new features built into this update, but he was having trouble grabbing the update yesterday. Apple says that the automatic update process may take
An Odyssey of Fraud
In Web Fraud 2.0
Andy Kordopatis is the proprietor of Odyssey Bar, a modest watering hole in Pocatello, Idaho, a few blocks away from Idaho State University. Most of his customers pay for their drinks with cash, but about three times a day he receives a phone call from someone he's never served -- in most cases someone who's never even been to Idaho -- asking why their credit or debit card has been charged a small amount by his establishment. Kordopatis says he can usually tell what's coming next when the caller immediately asks to speak with the manager or owner. "That's when I start telling them that I know why they're calling, and about the Russian hackers who are using my business," Kordopatis said. The Odyssey Bar is but one of dozens of small establishments throughout the United States seemingly picked at random by organized cyber criminals to serve as unwitting pawns
Top Security Minds Urge Google to Encrypt All Services
In From the Bunker
A who's-who of more than three dozen high-tech and security experts from industry and academia is urging Google to beef up the privacy and security settings of its Gmail, Google Docs and Calendar online services. At issue is whether Google is doing enough to block hackers from hijacking a user's Webmail account or intercepting information from online documents. An increasing number of free, publicly available tools may make it simple for even novice hackers to launch such attacks. "Google's default settings put customers at risk unnecessarily. Google's services protect customers' usernames and passwords from interception and theft," said the experts, including luminaries from AT&T, PGP Corp. and top researchers from Berkeley, Harvard, MIT, Oxford and Purdue. "However, when a user composes email, documents, spreadsheets, presentations and calendar plans, this potentially sensitive content is transferred to Google's servers in the clear, allowing anyone with the right tools to steal that information."
Apple Patches Java Flaws, At Last
In New Patches
Apple on Monday shipped updates to plug more than two dozen security holes in its version of Java, including a particularly dangerous flaw that Java maker Sun patched back in early December. Last month, Security Fix and others took Apple to task for taking too long to fix Java vulnerabilities. In fact, I found that Apple patches Java flaws on average about six months after Sun had shipped its own updates to fix the same vulnerabilities. At least two different researchers even released proof-of-concept exploits to shame Apple into quickly fixing an easy-to-exploit vulnerability that potential attackers had known about for six months. This Java update appears to address most of the outstanding Java vulnerabilities. From looking at the common vulnerabilities and exposures (CVE) numbers attached to each of the flaws fixed by Apple's Java rollup, it looks like this update brings Mac OS X systems to the equivalent of
Default Passwords Led to $55 Million in Bogus Phone Charges
In Cyber Justice
The U.S. Justice Department today unsealed indictments against three Filipino residents accused of hacking into thousands of private telephone networks in the United States and abroad, and then selling access to those networks at call centers in Italy that advertised cheap international calls. The indictments correspond to a series of raids and arrests announced today in Italy, where authorities apprehended five men alleged to have been operating the call centers and using the profits to help finance terrorist groups in Southeast Asia. The U.S. government alleges that the individuals arrested in the Philippines were responsible for hacking so-called private branch exchange (PBX) systems -- computerized telephone switches and voice mail systems -- owned by more than 2,500 companies in the United States, Canada, Australia and Europe. The indictment alleges that between October 2005 and December 2008, Manila residents Mahmoud Nusier, Paul Michael Kwan and Nancy Gomez broke into PBX systems,
Spear-Phishing Gang Resurfaces, Nets Big Catch
In Latest Warnings
A prolific phishing gang known for using sophisticated and targeted e-mail attacks to siphon cash from small to mid-sized business bank accounts appears to be back in operation after more than a 5-month hiatus, security experts warn. From Feb. 2007 to Jan 2009, analysts at Sterling, Va., based security intelligence firm iDefense tracked 38 separate phishing campaigns from am Eastern European gang they simply call "Group A." iDefense believes this group was one of two responsible for a series of successful phishing attacks that spoofed the U.S. Better Business Bureau (BBB), the U.S. Department of Justice, the IRS, as well as Suntrust and payroll giant ADP. Last summer, authorities in Europe and Romania are thought to have arrested most members of a rival BBB phishing gang that iDefense called Group B. While the type of tricks that Group A employs once victims are hooked have grown more sophisticated, the initial
Adobe Issues Security Updates for Reader, Acrobat
In New Patches
Adobe Systems Inc. on Tuesday released security updates to remedy at least 13 security flaws in its PDF Reader and Acrobat software. Updates are available for Mac and Windows versions of both programs. Last month, Adobe said it would begin rolling out security updates every three months, and yesterday was the first installment under that program, which is timed to coincide with Microsoft's Patch Tuesday in a bid to lighten the load on businesses that have to test these patches before deploying them. The latest update brings both Reader and Acrobat to version 9.1.2. Users can grab the latest versions via the updater built-in to the programs (from the menu, click "Help," then "Check for Updates") or from the links in the accompanying security advisory for this rollup.. Adobe said security updates for Adobe Reader on the UNIX platform will be available on June 16, 2009.
Microsoft Issues Record Number of Security Updates
In New Patches
Microsoft Corp. issued a record-breaking number of software security updates today, shipping patches that plug at least 31 different security flaws in its Windows operating systems and other software. More than half of the security holes Microsoft plugged with June's patch batch earned a "critical," severity rating, meaning Redmond believes attackers could exploit the flaws to break into vulnerable systems without any help from the victims. What's more, Microsoft is warning that it expects to see publicly available reliable exploit code for most of the vulnerabilities it has issued patches for today. According to Symantec Corp., this is the largest number of vulnerabilities Microsoft has ever addressed in a single patch release (the previous record was set in Dec. 2008, when Microsoft issued 28 security updates in one go). Probably the most important of today's updates is a critical patch that addresses at least eight security holes in various versions
The Fallout from the 3FN Takedown
In Cyber Justice
The Federal Trade Commission's unprecedented recent takedown against troubled Web hosting provider 3FN.net has had an immediate -- if little noticed -- impact on the level of spam sent worldwide, and the number of infected PCs doing the spamming, according to multiple sources. Experts say the drop in spam probably is not visible to most Internet users or even operators of large networks, as the decrease is within the upper ranges of daily fluctuations in spam volumes. Still, the preliminary results indicate that a large number of spam-spewing zombie PCs were being coordinated out of severs hosted at 3FN. According to botnet expert Joe Stewart, director of malware research at Atlanta based SecureWorks, 3FN was home to a large number of command-and-control servers for the Cutwail spam botnet, one of the world's largest. As of last week, Stewart said he was tracking upwards of 400,000 spam zombies infected with Cutwail
Unshrinking Shortened Web Links
In Safety Tips
Social networking are contributing to an explosion in the number of services that help people convert long URLs into tiny Web links. URL shrinking services are especially useful on sites that place a premium on brevity -- such as Twitter, which limits tweets to 140 characters. But few online communities have made it easy for users to tell where the shortened links will take them, a reality that could be advantageous to phishers and other cyber crooks. When I first began researching this subject, I was amazed to learn how many URL shortening services are available today (at least 90). Also, the lack of a built-in or standardized approach to URL shortening services within individual social networking sites adds complexity to the problem. For example, many Twitter users shorten long Web links with bit.ly, but Twitter users are just as likely to see Tweets with links shortened by the services
T-Mobile Investigating Data Breach Claims
In Misc.
Wireless phone giant T-Mobile said today it is investigating claims that hackers have broken in and stolen customer data and company proprietary information. On Saturday, June 6, someone anonymously posted to the Full Disclosure security mailing list claims that a broad range of internal T-Mobile data had been compromised and was being put up for sale to the highest bidder. "We have everything, their databases, confidental [sic] documents, scripts and programs from their servers, financial documents up to 2009. We already contacted with their competitors and they didn't show interest in buying their data - probably because the mails got to the wrong people - so now we are offering them for the highest bidder."
FTC Sues, Shuts Down N. Calif. Web Hosting Firm
In U.S. Government
In an unprecedented move, the Federal Trade Commission has taken legal steps to shut down a Web hosting provider in Northern California that the agency says was directly involved in managing massive global spam operations. Sometime on Tuesday, more than 15,000 Web sites connected to San Jose, Calif., based Triple Fiber Network (3FN.net) went dark. 3FN's sites were disconnected after a Northern California district court judge approved an FTC request to have the company's upstream Internet providers stop routing traffic for the provider. In its civil complaint, the FTC names 3FN and its various monikers, including Pricewert LLC -- the business entity named on the 3fn.net Web site registration records. The FTC alleges that Pricewert/3FN operates as a "'rogue' or 'black hat' Internet service provider that recruits, knowingly hosts, and actively participates in the distribution of illegal, malicious, and harmful content," including botnet control servers, child pornography and rogue antivirus
Microsoft's Fix for the Firefox Add-on Snafu
In New Patches
Last week, I received a tremendous reader response to a post I wrote about a security update from Microsoft that silently installed a "Microsoft .NET Framework Assistant" add-on for Firefox that was difficult and risky for users to uninstall. Given the emotional buttons this subject pushed among a large number of readers, I've put together a brief update along with some information provided in the comments to the previous post. Since that posting, someone pointed out that Microsoft has issued a patch in an apparent bid to appease those who have cried foul about this silently installed add-on. The patch is available and detailed at this link here. The update patches Windows systems so that the add-on installed by Microsoft can be successfully uninstalled without the user having to manually edit the Windows registry. (While editing the registry isn't all that difficult, a misstep can cause serious problems and it
Security Updates for iTunes, QuickTime
In New Patches
Apple has issued updates to fix security issues in its QuickTime media player and iTunes software. Updates are available for both Mac and Windows versions of both programs. The QuickTime patch brings the program to version 7.6.2, and plugs at least 10 security holes, including two that are specific to the Windows version of QuickTime. The iTunes update, version 8.2, fixes a single yet critical flaw in iTunes that could let a malicious Web site use the program to install software on the user's system. Apple users can grab the updates from Software Update. Windows users will need to use the bundled Apple Software Update program to fetch these.
Beladen Loads Hacked Web Sites With Badness
In Latest Warnings
At least 40,000 Web sites recently were hacked and retrofitted with instructions that silently attempt to infest visitor PCs with malicious software, security experts warn. Internet security firm Websense has dubbed this series of attacks "Beladen," because the infected sites divert visitors to a site called beladen.net -- one of at least two exploit domains implicated in this attack (this domain actively serves malicious software, so please do not visit it). Stephan Chenette, a senior security researcher at Websense, said the company is not sure how the attackers are breaking into the hacked sites, and that it is still in the process of determining what the malware installed on victim's PCs actually does. However, each hacked Web page shares the same blob of obfuscated Javascript code, which is appended to the bottom of the hacked page's HTML. Each hacked site redirects to Web sites that bombard the visitor's PC with
Microsoft Warns of Attacks on Unpatched Windows Flaw
In Latest Warnings
Microsoft is warning that hackers are using booby-trapped QuickTime media files to exploit a newly discovered security hole in Windows 2000, Windows XP, and Windows Server 2003 systems. Microsoft said it is aware of "limited attacks" against an unpatched vulnerability in a Windows DirectShow component designed to process QuickTime files. The vulnerability is present in those operating systems and can be exploited whether or not users have QuickTime installed. From a post on the Microsoft's Security Research & Defense blog: The vulnerability is in the DirectShow platform (quartz.dll). While the vulnerability is NOT in IE or other browsers, a browse-and-get-owned attack vector does exist here via the media playback plug-ins of browsers. The attacker could construct a malicious webpage which uses the media playback plug-ins to playback a malicious QuickTime file to reach the vulnerability in Quartz.dll. Please note this type of attack could happen for any browsers, not IE
Obama: Cyber Security is a National Security Priority
In U.S. Government
President Barack Obama today pledged to make securing the nation's most vital computer networks a top economic and national security priority, broadly detailing the results of 60-day cyber security review that calls for a range of responses to help improve the security of information networks that power the government and the U.S. economy. Speaking at the White House this morning, the president said he would work to make sure the nation's core digital infrastructure is treated as a national asset. "Protecting this infrastructure will be a national security priority. We will ensure that these networks are secure, trustworthy and resilient." Obama said. "We will deter, prevent, detect, and defend against attacks and recover quickly from any disruptions or damage." As expected, Obama said he plans to create a new office at the White House to be led by a cyber security coordinator "responsible for orchestrating and integrating all cyber security
Microsoft Update Quietly Installs Firefox Extension
In New Patches
A routine security update for a Microsoft Windows component installed on tens of millions of computers has quietly installed an extra add-on for an untold number of users surfing the Web with Mozilla's Firefox Web browser. Earlier this year, Microsoft shipped a bundle of updates known as a "service pack" for a programming platform called the Microsoft .NET Framework, which Microsoft and plenty of third-party developers use to run a variety of interactive programs on Windows. The service pack for the .NET Framework, like other updates, was pushed out to users through the Windows Update Web site. A number of readers had never heard of this platform before Windows Update started offering the service pack for it, and many of you wanted to know whether it was okay to go ahead and install this thing. Having earlier checked to see whether the service pack had caused any widespread problems or
The Scrap Value of a Hacked PC
In Latest Warnings
Computer users often dismiss Internet security best practices because they find them inconvenient, or because they think the rules don't apply to them. Many cling to the misguided belief that because they don't bank or shop online, that bad guys won't target them. The next time you hear this claim, please refer the misguided person to this blog post, which attempts to examine some of the more common -- yet often overlooked -- ways that cyber crooks can put your PC to criminal use. The graphic above (click it for a larger version) shows the different reasons criminals may want access to your system. I've explained each category in more detail below: Illicit Web Hosting Cyber criminals commonly use hacked PCs as a host for a variety of dodgy Web hosting schemes, including: - Spam Web sites - Phishing Web sites - Malware download sites - "Warez" servers, or hosts
Apple Slow To Fix Java Flaws
In Safety Tips
Instructions showing wannabe Mac-hackers a way to remotely take control over OS X systems through an unpatched security hole have been posted online. The researcher who published the blueprints said he did so to nudge Apple into fixing the problem, which the company has known about for more than six months. But Security Fix has found that half a year is about the average time it takes Cupertino to plug these types of holes. On Tuesday, renowned Apple researcher Landon Fuller published a proof-of-concept exploit for a particularly dangerous bug in Java that Sun Microsystems fixed in a patch released Dec. 3, 2008. However, Apple -- which ships its own version of Sun's Java with OS X -- has yet to push out an update to fix that particular flaw. "Unfortunately, it seems that many Mac OS X security issues are ignored if the severity of the issue is not
Report: IRS Created Dumpster-Diver Swimming Holes
In U.S. Government
The Internal Revenue Service has long advised consumers to shred old tax returns and other documents that contain sensitive data, as a way to thwart identity thieves who sometimes root through trash bins in search of identity information. But it seems the IRS doesn't take its own advice: a recent investigation of more than a dozen IRS document disposal facilities found that -- at each location -- old taxpayer records were being tossed out in regular waste containers and dumpsters. The audit by the Treasury Inspector General for Tax Administration also found that IRS officials failed to consistently verify whether contract employees who have access to taxpayer documents had passed background checks. In addition, investigators also had trouble finding anyone responsible for overseeing most of the facilities that the IRS contracted with to burn or shred sensitive taxpayer documents. "We found evidence of only 2 instances where IRS personnel conducted
Investment Firms Report Increased Credit & Debit Card Fraud
In U.S. Government
Financial institutions in the securities and futures industries last year reported a large increase in the number of suspicious transactions attributed to debit and credit card fraud -- nearly double the number reported in 2007, new statistics released by the federal government show. The numbers come from an annual report released by the Financial Crimes Enforcement Network (FinCEN), a division of the U.S. Treasury Department. The report tracks so-called "suspicious activity reports" (SARs), which financial institutions are required to file when they spot customer transactions of $5,000 or more that set off various red flags most commonly associated with money laundering or other fraudulent activity. Originally, these filings were required only of traditional financial institutions, but in 2003, the government began requiring the reports from trading firms and mutual fund providers, too. According to FinCEN, the number of SARs that investment firms attributed to credit and debit card fraud jumped
Adobe Adopts Microsoft's Patch Tuesday Approach
In New Patches
Following a series of high-profile attacks that leveraged security vulnerabilities in its PDF Reader and Acrobat applications, Adobe Systems Inc. is making a major push to revamp its approach to security. The company said today that it plans to ship security updates more regularly and push out emergency updates more speedily, and that it will be continually stress-testing those products to find and close security holes before hackers can exploit them. In announcing the changes, Adobe is borrowing several pages from Microsoft's security playbook. Redmond ships updates on the second Tuesday of each month and regularly fixes vulnerabilities that its in-house researchers have uncovered. Sometime this summer, Adobe will begin shipping patches on a quarterly basis -- on the second Tuesday of every third month. Brad Arkin, Adobe's director for product security and privacy, said that day was picked to help lighten the load on businesses, most of which already
MyIDscore.com Offers Free ID Theft Risk Score
In Safety Tips
Consumers trying to determine their risk of becoming an identity theft victim typically are told to check their credit report for signs of unauthorized or suspicious activity. But a new Web-based service aims to give users a view into tricks ID thieves use that credit reports often miss, such as when crooks use only parts of a victim's identity to fabricate a new one. The new service, www.myidscore.com, is a free offering by ID Analytics, a company that sells anti-fraud software to banks and other creditors. After providing some personal information and answering a handful of questions, visitors to the site are presented with a score from 1 to 999. Unlike credit scores, where a higher score signifies a favorable credit history, with myidscore.com, a higher score means a greater risk of identity theft. Avivah Litan, a fraud analyst with Gartner Inc., said the difference between a credit report and
Heartland Breach Blamed for Failed Membership Renewals
In Economy Watch
In February, Bill Oesterle began seeing nearly twice the normal number of transactions being declined for customers who had set up auto-billing on their accounts. The co-founder of Angie's List -- a service that aggregates consumer reviews of local contractors and physicians -- said he originally assumed more customers were simply having trouble making ends meet in a down economy. But as that trend continued into March and April, the company shifted its suspicions to another probable culprit: credit card processing giant Heartland Payment Systems. The data breach last year at Heartland -- a company that processes roughly 100 million card transactions a month for more than 175,000 businesses, has forced at least 600 banks to re-issue untold thousands of new cards in a bid to stave off fraud. For consumers, receiving a new credit or debit card number means contacting companies that have those credentials on file to charge
Adobe, Apple and Microsoft Issue Security Updates
In New Patches
This turned out to be one of the busiest Patch Tuesdays in a long while: Adobe, Apple and Microsoft all independently released software security updates today. Adobe patched two vulnerabilities in its PDF Reader and Acrobat software. The update applies to all supported versions of both programs on Windows, Mac and Linux systems. Adobe vulnerabilities are some of the most heavily used in targeted attacks, and they show up quite a bit in exploit kits that are sewn into hacked and malicious Web sites. So, if you use Reader or Acrobat, try not to let too much time elapse before you apply this update. Redmond issued a single update to plug at least 16 security holes in its PowerPoint software. The Microsoft Office PowerPoint update is rated critical and applies to all supported versions of PowerPoint, including Office for Mac, Microsoft Works 8.5 and 9.0, as well as various Office
Pirated Version of Windows 7 Has Malware Built-in
In Fraud
Security researchers are warning that Internet users who install pirated versions of Microsoft's latest Windows 7 operating system may also be installing malicious software, too. Experts at Atlanta-based security firm Damballa say they first noticed hacked versions of the Windows 7 release candidate available on peer-to-peer file-sharing networks and newsgroups last week, shortly after the OS was released to developers. Damballa found that computers with the tainted versions of Windows 7 were programmed to silently reach out to an Internet server to check for further updates, which in this case is a piece of malware that Kaspersky Antivirus calls Win32.Banload.cdk. "The first thing this does is phone home and get a list of additional malware to install," said Tripp Cox, vice president of engineering at Damballa. Damballa managed to grab control over the server that's contacted by the pirated Windows 7 versions -- codecs.sytes.net. -- which is how it knows
Oprah, KFC and the Great PC Cleanup?
In From the Bunker
Last week, Kentucky Fried Chicken stores around the nation struggled to accommodate a surge of roughly 4 million new customers, after Oprah Winfrey told viewers of her show that they could get a free meal at KFC by printing out an Internet coupon. By most accounts, the marketing gimmick was a disaster, but it got me thinking about Oprah's sheer ability to mobilize the masses. I wondered: How much badness on the Internet would disappear overnight if Oprah suggested that her devotees download, install and run a set of free PC security scanning tools? Probably quite a bit, or at least enough to register a notable drop in global spam volumes, malicious software attacks and other activity that depends largely on remotely compromised PCs or "bots" to do most of the grunt work. Estimates of just how many systems are infected by bot programs vary widely, but even by the
ZeusTracker and the Nuclear Option
In Web Fraud 2.0
One of the scarier realities about malicious software is that these programs leave ultimate control over victim machines in the hands of the attacker, who could simply decide to order all of the infected machines to self-destruct. Most security experts will tell you that while this so-called "nuclear option" is an available feature in some malware, it is hardly ever used. Disabling infected systems is counterproductive for attackers, who generally focus on hoovering as much personal and financial data as they can from the PCs they control. But try telling that to Roman Hüssy, a 21-year-old Swiss information technology expert, who last month witnessed a collection of more than 100,000 hacked Microsoft Windows systems tearing themselves apart at the command of their cyber criminal overlords. Hüssy oversees Zeustracker, a Web site listing Internet servers that use Zeus, a kit sold for about $700 on shadowy cyber criminal forums to harvest
Windows 7 Security Fail: File Extensions Still Hidden
In From the Bunker
The release candidate for Windows 7 is now available for download, and techies everywhere are busy kicking the tires on the new operating system. But as the folks over at Finnish anti-virus firm F-Secure observe, Microsoft persists in misleading users on the true nature of file types, by hiding file extensions of known file types in Windows 7. The default behavior of Windows Explorer in every version of Windows from Windows 2000 through Windows Vista is to represent files using icons, and to hide each file's extension type, such as ".txt" for text files, ".doc" for Microsoft Word files, and so on. But as Security Fix has noted before, this is a usability vs. security decision that Microsoft should have reversed long ago, and it's disheartening to see this behavior persist in Windows 7. That means that our average Windows user -- when he or she opens up their "My
Safari, Opera Users Lag Behind in Security Updates
In New Patches
Users of the Google Chrome and Mozilla Firefox Web browsers are far more likely to be cruising the Web with the latest, most secure versions of the browsers than users of either Opera or Safari, a study released today found. The analysis, from researchers at Google Switzerland and the Swiss Federal Institute of Technology, pored through anonymized logs from Google's Web servers. The results were somewhat unsurprising, but still interesting: 97 percent of Chrome users were browsing with the latest version within 21 days of that version's release date. By comparison, 85 percent of Firefox users were surfing with the latest version within three weeks of a major new release (this is a marginal improvement over the results from a similar study released last summer, which showed roughly 83 percent of Firefox users browsing with the latest version). The study's conclusion extols the virtues of auto-update features, functionality that is
Hackers Break Into Virginia Health Professions Database, Demand Ransom
In Fraud
Hackers last week broke into a Virginia state Web site used by pharmacists to track prescription drug abuse. They deleted records on more than 8 million patients and replaced the site's homepage with a ransom note demanding $10 million for the return of the records, according to a posting on Wikileaks.org, an online clearinghouse for leaked documents. Wikileaks reports that the Web site for the Virginia Prescription Monitoring Program was defaced last week with a message claiming that the database of prescriptions had been bundled into an encrypted, password-protected file. Wikileaks has published a copy of the ransom note left in place of the PMP home page, a message that claims the state of Virginia would need to pay the demand in order to gain access to a password needed to unlock those records: "I have your [expletive] In *my* possession, right now, are 8,257,378 patient records and a total
Microsoft Pushing Out IE8 Through Auto Update
In New Patches
Microsoft has begun pushing out Internet Explorer 8, the latest version of its Web browser, to Windows users who are signed up for automatic software updates. If your system has Automatic Updates turned on, you may have already been prompted to install the software. Whether you use IE on a regular basis or not, it's probably a good idea to accept this update, for a couple of reasons. One is speed, both in startup and in normal browsing. From my own, unscientific testing, IE8 simply runs quite a bit faster and smoother than IE7. Various Web sites and blogs have sought to pit IE8's speed against those of other browsers; I won't attempt that here. My take: If you must have any version of IE installed, this is the one you want. The other is improved security. IE8 ships with a feature called SmartScreen Filter, which is designed to block
Facebook Among Top Phished Web Sites
In Latest Warnings
A washingtonpost.com colleague today called my attention to a phishing scam targeting Facebook users that is apparently getting some digital ink from Twitter users and various blogs. I figured this was as good a time as any to note that Facebook is and has been for some time one of the brands most frequently targeted by scam artists, right up there with some of the world's largest banks. According to phishtank.com, a community-based site that tracks phishing Web sites, Facebook.com was the seventh most-phished brand in March -- even ahead of the Internal Revenue Service, and that was during tax month! In fact, Phishtank found at least 104 phishing Web sites targeting Facebook users, or an average of three different Facebook phishing campaigns each day. Why on Earth would cyber crooks want to hijack your Facebook profile? Why, to trick your friends into visiting sites that try to download malicious
Spam From Hijacked Webmail Accounts
In Fraud
A family member called last night, upset and embarrassed that his yahoo.com account was used to blast out spam to all of his contacts. A quick examination of the message headers indicated the spam was indeed sent through his yahoo.com account, and that someone had hijacked his Webmail account password. Upon closer inspection, I noticed that whoever had sent the message had also done the following: deleted the last 30 days worth of messages in the "Sent" folder; added the same message they had spammed out to his e-mail signature, so that the message would be tacked onto each subsequent e-mail he sent; and the perpetrators even signed his first name at the bottom of the message. An Internet search for the domain advertised in the spam -- easylifeing.com -- shows that spammers have advertised this site by hijacking accounts at other free Web mail providers as well, including Hotmail
Equifax Outage Halts Credit Freezes, Fraud Alerts
In From the Bunker
If you've frozen your credit file as a protection against identity thieves, you may have to wait a while longer to get it thawed out. Equifax, one of the big three credit reporting bureaus, is still reeling from a system-wide computer outage that began this weekend. Equifax spokesman Tim Kline said the company experienced a power outage on Sunday as a result of an electric transformer failure, and that it is in the final steps of bringing its last remaining systems online. "We still have some platforms we're bringing up, including those that allow people to unfreeze and freeze their credit, and place fraud alerts," Kline said. "Service is operational for virtually all of our customers and this is last area we need to resolve." That is to say, the only systems still to be brought back online are ones that are required by law and do not earn the
Adobe Warns of Potential Reader Flaw
In Latest Warnings
Adobe Systems Inc. is warning about a potential new security flaw in the latest versions of its Adobe Reader products. Update, Apr. 29, 8:17 a.m. ET: Adobe has confirmed that this affects all currently supported, shipping versions of Adobe Reader (9.1, 8.1.4, and 7.1.1 and earlier versions) for Windows, Mac and Linux. Adobe recommends disabling Javascript in Reader until it can ship a patch. Original post: In its product security incident response team blog, Adobe issued a brief advisory on Monday, saying it is investigating reports of a security hole in Adobe Reader 9.1 and 8.1.4. The company says it will provide an update once it gets more information. The SecurityFocus submission on this vulnerability indicates that it is a Javascript flaw in Reader for versions designed to run on Linux operating systems, although that advisory suggests that other versions or operating systems may also be affected. This may turn
Proposal Would Shore Up Govt. Cyber Defenses
In U.S. Government
While cyber attacks have evolved dramatically since the beginning of this decade, the regulations governing how federal agencies defend against digital intruders haven't been updated since 2002. Legislation expected to be introduced Tuesday in the Senate would seek to correct that imbalance. The "U.S. Information and Communications Enhancement Act of 2009," which would update the Federal Information Security Management Act, or FISMA, calls for the creation of hacker squads to test the defenses of federal agency networks. In addition, agencies would be required to show that they can effectively detect and respond to the latest cyber attacks on their information systems. Critics of the current law say it merely requires agencies to show they have the proper cyber security policies in place, but not necessarily demonstrate that those policies are helping to block or mitigate real-world attacks. "Only about five federal agencies are testing to see whether they are actually
Scammers, Spammers Embrace Swine Flu News
In Latest Warnings
There's something vaguely diabolical about a form of unwanted communication named after a brand of canned, chopped pork that piggybacks on a public health scare involving a flu strain derived from swine. Yes, you guessed it: Spammers have seized upon public awareness around the Swine Flu epidemic to hawk knockoff prescription drugs. And we're not talking about flu vaccines, either. According to McAfee Avert Labs, over the weekend spammers began pumping out junk e-mail with various Swine Flu subject lines to trick people into opening the missives. McAfee says the first of those spam campaigns amounted to about 2 percent of global spam volume. Meanwhile, it appears that dozens of new Web site names with the term "swineflu" included in them were registered during the last few days. Researchers at security software maker F-Secure Corp. warn that if similar activity surrounding previous national emergencies is any indicator, scam artists may
Planting Your Flag at Social Networking Sites
In Web Fraud 2.0
On Thursday I shared a laugh with a source at the expense of a mutual acquaintance: a security expert who has for the most part eschewed social networking sites. We were howling because someone who obviously knew enough about this person to push his emotional buttons had registered a Twitter account in his name and was posting some amusing but slightly mocking Tweets. The impersonated person even had several "followers" from the security community. I mention this because it raises an interesting question for people who have embraced social media, but only to a certain point: That is, does it make sense to go ahead and plant your virtual flag at various social networking sites before someone else does it for you, and potentially uses it to make fun of you -- or worse -- abuse your good name to trick your acquaintances into doing something harms you both? Indeed,
Hack Against ISP Hijacks Bank, Google Adsense
In Safety Tips
Hackers hijacked a major Brazilian ISP this month in a sophisticated attack that silently served up malicious software and phishing scams to more than a million customers. According to Brazilian news outlet Globo.com, unknown attackers hijacked the domain name system (DNS) records for NET Virtua, a broadband provider that serves at least 1.4 million customers in the region. NET Virtua's DNS records reportedly were hijacked on April 11, so that customers who visited any site that ran Google Adsense content were redirected to a site that tried to install and run a Java applet that in turn installed a Trojan horse program. Globo.com said the attackers also took aim at Bradesco, one of Brazil's largest financial institutions. NET Virtua customers who tried to visit Bradesco.com.br during the four hours the DNS records were hijacked were redirected to a counterfeit version of the site designed to steal customer credentials, the story
Earthlink Outage Blamed on Earth Day Power Failure
In Misc.
Atlanta based Internet service provider Earthlink had an outage for several hours on Wednesday, temporarily interrupting e-mail service. It also knocked offline many of the 87,000 Web sites it hosts, including the company's own homepage. Several readers have written Security Fix asking what's up, and some have speculated that the fact that Earthlink was felled on Earth Day was just too perfect to be caused by anything but an attack on the company. The reality is far more ironic: A spokeswoman for Earthlink blamed the incident on a power outage in Pasadena, California.
IRS Awards Tax Payment Contract to RBS Worldpay
In U.S. Government
The Internal Revenue Service has awarded a contract to process tax return payments for the coming filing season to RBS Worldpay, a company that recently disclosed that a hacker break-in jeopardized financial data on 1.5 million payroll card holders and at least 1.1 million Social Security numbers. The contract award comes a month after credit card giant Visa said RBS was no longer in compliance with the Payment Card Industry (PCI) security standards, a set of guidelines designed to protect cardholder data. RBS spokesman Josh Passman said the company expects to be re-certified as PCI compliant "within the next few weeks." The contract awarded to RBS is a what's known as a "zero dollar" contract, meaning the government doesn't award a specific dollar amount. Rather, the approved vendor takes a convenience fee for each transaction it processes. According to a copy of the contract listed at fedbizopps.gov, RBS's base convenience
Obama's Cyber Czar Offers Few Details on Govt. Strategy
In U.S. Government
Those who were hoping to hear details today about how the Obama administration plans to revamp the government's approach to cyber security threats may have to wait a little while longer. In a much-anticipated speech at the RSA security conference in San Francisco today, Melissa Hathaway, the White House's top cyber official, instead highlighted all of the meetings, studies, and recommendations that have informed the administration's 60-day cyberspace policy review, which was completed last week. But details about how the administration might seek to organize and streamline the government's cyber efforts were lacking. Much of the coverage of the administration's cyber review has focused on the power struggle on cyber underway between the Department of Homeland Security and the National Security Agency. The Obama administration also is finalizing plans for a new Pentagon command to coordinate the security of military computer networks and to develop new offensive cyber weapons. Meanwhile,
Congress Investigating P2P Data Breaches
In U.S. Government
A key oversight panel in the House of Representatives said this week that it is re-opening an investigation into the "indavertent sharing" of sensitive government and consumer data through popular peer-to-peer file swapping programs such as BearShare and Limewire. The inquiry from the House Committee on Oversight and Government Reform comes just weeks after revelations that blueprints for Marine One -- President Barack Obama's helicopter -- were being traded on P2P networks. Committee Chairman Edolphus Towns (D-N.Y.) and ranking Republican Darrell E. Issa (Calif.) sent a letter (PDF) to Attorney General Eric Holder, asking the Justice Department to detail what it is doing to protect Americans from the dangers of data breaches via P2P networks. The committee also asked (PDF) Federal Trade Commission Chairman Jonathan Leibowitz what his agency was doing to investigate P2P networks, and whether the makers of P2P software were adequately disclosing to consumers the risks associated
Time for an Internet A-Team?
In From the Bunker
Last week, I spoke to Joe Stewart, a senior security researcher at Atlanta based SecureWorks who probably has done more than any other researcher to make life more difficult and expensive for cyber crooks. Stewart is speaking at the RSA Security conference in San Francisco on Thursday about what he thinks can be done to institutionalize some of these efforts. Stewart says the world needs a more concerted effort to identify -- if not apprehend -- top cyber criminal actors. He also said that ISPs need to be held more accountable when they ignore overt signs of persistent criminal activity on their networks. What follows are some excerpts from our discussion: Stewart: We've had some small victories here and there, but overall the Internet security community hasn't been terribly effective. We're not really stopping them. BK: Why do you think that is? Stewart: One of the conclusions we came to
Cyber Spies Breach Pentagon's Fighter Jet Project
In U.S. Government
Cyber spies have broken into the Pentagon's $300 billion Joint Strike Fighter project - the defense department's costliest weapons program ever, according to the lead item in today's Wall Street Journal. From the story: Similar incidents have also breached the Air Force's air-traffic-control system in recent months, these people say. In the case of the fighter-jet program, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft. Attacks like these -- or U.S. awareness of them -- appear to have escalated in the past six months, said one former official briefed on the matter. "There's never been anything like it," this person said, adding that other military and civilian agencies as well as private companies are affected. "It's everything that keeps this country going. The disclosure is the latest tale
World's First Mac Botnet? Not Quite.
In From the Bunker
This morning, as I scrolled down the list of security Web sites I normally check via my RSS reader, I noticed several items referencing news about the "world's first Mac botnet." As I read on, it became clear this was neither news nor a first. Ryan Naraine from ZDNet.com writes about a paper released via Virus Bulletin (subscription required) by a pair of Symantec researchers who found what was described as "the first Mac OS X botnet launching denial-of-service attacks." The story goes on to describe how the researchers traced the botnet back to Mac users who had installed pirated copies of Apple's iWork 2009 software. Back in January, many tech outlets wrote about a Trojan that was being distributed with copies of iWork 2009, that was available on Bittorrent and other file-sharing services. In my own coverage of that Trojan, I interviewed Pete Yandell, a software developer from Australia
Creating a Public Nuisance with Insecure Web Sites
In Safety Tips
Thousands of Web sites that were cited last year for harboring security flaws that could be used to attack others online remain a hazard and an eyesore along the information superhighway. At issue are sites that harbor so-called cross-site scripting (XSS) vulnerabilities, which occur when Web sites accept input from a user -- usually from something like a search box or e-mail form -- but do not prevent users from entering malicious code or other instructions. Once the code is entered, the URL that the Web site spits back can then be used for phishing scams. Unlike other scams, the URLs used in these cases look more legitimate. A typical XSS attack usually goes like this: The bad guys send out e-mails designed to look like they were sent by a trusted e-commerce company. The e-mails instruct recipients to click on a link and update their account information. Instead of
Hackers Test Limits of Credit Card Security Standards
In Latest Warnings
The number, scale and sophistication of data breaches fueled by hackers last year is rekindling the debate over the efficacy of the credit card industry's security standards for safeguarding customer data. All merchants that handle credit and debit card data are required to show that they have met the payment card industry data security standards (PCI DSS), a set of technical and operational requirements designed to safeguard cardholder information from theft or unauthorized access. Yet, some of the most notable data breach incidents last year targeted companies that had recently been certified as compliant with those standards, raising the question of whether the standards go far enough, or if entities that experienced a breach are falling out of compliance with the practices that led to their certification. In a recent hearing on PCI standards at a House Homeland Security Committee panel, experts from the retail sector charged that the entire
Glut of Stolen Banking Data Trims Profits for Thieves
In Fraud
A massive glut in the number of credit and debit cards stolen in data breaches at financial institutions last year has flooded criminal underground markets that trade in this material, driving prices for the illicit goods to the lowest levels seen in years, experts have found. For a glimpse of just how many financial records were lost to hackers last year, consider the stats released this week by Verizon Business. The company said it responded to at least 90 confirmed data breaches last year involving roughly 285 million consumer records, a number that exceeded the combined total number of breached records from cases the company investigated from 2004 to 2007. Breaches at banks and financial institutions were responsible for 93 percent of all such records compromised last year, Verizon found. As a result, the stolen identities and credit and debit cards for sale in the underground markets is outpacing demand
Microsoft Fixes 23 Software Security Flaws
In New Patches
Microsoft on Tuesday issued eight security updates to plug at least 23 security holes in its Windows operating systems and other software. The patches are available through Windows Update or via Automatic Updates. One patch fixes six flaws in Internet Explorer 6 & 7 (the flaws are not present in IE8), including the carpetbombing issue. Microsoft addressed that vulnerability with this IE update, as well as with a stand-alone fix for Windows XP and newer Windows versions. Microsoft has rated this update critical, meaning attackers could exploit these IE flaws merely by convincing a user to visit a hacked or booby-trapped Web site. Redmond also issued updates to fix at least two zero-day threats, vulnerabilities that hackers have been exploiting in targeted attacks to break into Windows systems. These updates include a fix for an Microsoft Excel vulnerability, and an update for a hole in most supported versions of Wordpad/Microsoft
Report: China, Russia Top Sources of Power Grid Probes
In U.S. Government
Last week, blogs and the mainstream press alike were abuzz with reports that Chinese and Russian hackers had penetrated the U.S. power grid and left behind secret back doors. The original story, a piece in the Wall Street Journal, was light on details, and many readers have asked me if I uncovered additional nuggets of knowledge about the existence of these back doors. I have not. But I have discovered some interesting data published recently, which seems to support the notion that China and Russia are quite interested in locating digital control systems connected to our nation's power grid and other complex critical infrastructures. The data comes from a white paper released late last month by Team Cymru, a group of researchers who try to discover who is behind Internet crime and why. That document sought to provide empirical evidence to show which nations were most active in probing our
Conficker Worm Awakens, Downloads Rogue Anti-virus Software
In Latest Warnings
Security experts nervously watching computers infested with the prolific Conficker computer worm say they have begun seeing infected hosts downloading additional software, including a new rogue anti-virus product. Since its debut late last year, the collection of hundreds of thousands - if not millions - of systems sick with Conficker has somewhat baffled security researchers, who are accustomed to seeing such massive networks being used for money-making criminal activities, such as relaying junk e-mail. Today, however, that mystery evaporated, as anti-virus companies reported seeing Conficker systems being updated with SpywareProtect2009, a so-called "scareware" product that uses fake security alerts to frighten consumers into paying for bogus computer security software. According to Kaspersky Labs, once the scareware is downloaded, the victim will see the usual warnings, "which naturally asks if you want to remove the threats it's 'detected'. Of course, this service comes at a price - $49.95." Kaspersky reports that
Digital Pearl Harbor, Cyber 9/11, and E-Qaeda
In From the Bunker
From today's print edition of The Washington Post come a pair of alarming stories about how Chinese hackers and terrorist groups have infiltrated our electric power grid and are using our own digital infrastructure against us. A piece on page A4 talks about cyber spies having left behind software backdoors on networks connected to the U.S. power grid. A story on the front page warns that terrorist groups who have sworn to destroy the United States are taking full advantage of Web site hosting and registration services here in our backyard. The stories each are a fascinating read, but both have been told before. Hackers motivated by financial gain have been both infiltrating power networks and using our Internet infrastructure against us for years. The main differences these stories highlight are in attribution -- that is, who's responsible -- and intent, or their implied goals. For example, most malicious software,
Microsoft: Dramatic Rise in 'Scareware' Infections
In Fraud
"Scareware," or programs that masquerade as legitimate security and anti-virus software and then frighten and bully users into paying for them, have emerged as the most prolific and fastest-growing threats facing PC users, according to a biannual security report released this week by Microsoft Corp. George Stathakopoulos, general manager of Microsoft's trustworthy computing group, said these rogue security products can snare even experienced computer users. "Some of these sites and products look really professional and well-done, with trademarks and copyrighted material," Stathakopoulos said. "If you're in a situation where you don't already have security software and you have not yet figured out the state of the machine, you will look for a solution, and these are solutions that come to you." Microsoft found that in the second half of last year, seven of the top 25 malicious software families removed from Windows computers were scareware titles such as Antivirus2008, XPAntivirus,
Time to Update Java
In New Patches
Sun Microsystems has shipped an update to its widely deployed Java platform that fixes multiple security flaws present in older versions. The latest Java software, Java Version 6 Update 13, is available from this link here. Not sure what version of Java you have? Check out this page, and click the "Do I Have Java?" link. Users of more recent Java versions may already have received a prompt from the built-in auto-update client to grab this version. After updating, you may find older versions of Java still present in the Windows "Add/Remove Programs" listing. If you spot any older versions, go ahead and remove those. Be advised that Sun's installer may by default install some browser add-on, such as Microsoft's MSN Toolbar (this is the plug-in the Update 13 installer offered me when I ran it on a Windows 7 Beta machine using IE 8). If you want the Java
Web Sites Disrupted By Attack on Register.com
In Fraud
Web site host and domain name registrar Register.com has been the target of a sustained attack this week, disrupting service for thousands of customers. The attacks began on Wednesday, causing a three-hour outage for many Web sites that rely on the company for hosting and/or use the company's domain name system (DNS) servers, said Roni Jacobson, executive vice president at Register.com. The outage was the result of what's known as a distributed denial of service (DDoS) attack, in which attackers cause hundreds or thousands of compromised PCs to flood a target with so much junk traffic that the Web site can no longer accommodate legitimate visitors. Typically, DDoS attacks are waged as a way for criminals to extort money from the targets, who are told the attack will cease when a ransom demand is paid. Jacobson declined to say whether Register.com had received any extortion demands. "We did have a
Conficker's April Fools Fizzled, But Threat Remains
In Latest Warnings
Security experts selling weapons to ward off the dreaded Conficker warned anyone who would listen that April 1 could be a day of destruction, as millions of infected machines started phoning home for malicious software updates. Of course, not only was April Fool's Day a non-event for Conficker, but now comes news that there are far fewer than millions of systems infected with this version of the worm. Earlier in the week Security Fix reported that only six percent of the world's Conficker-infected systems are in North America, let alone the United States. On Thursday, the researchers who brought us that news - from Atlanta based Internet Security Systems - published their best guess of how many Windows systems are infected wtih Conficker.C, the only version of the worm that instructs computers to search the Internet and private P2P networks for updates after April 1. ISS's Holly Stewart writes that
FBI: Internet Fraud Rates Rose 33% Last Year
In Fraud
Internet fraud complaints to the FBI by consumers increased more than 33 percent in 2008 over the previous year, according to figures released this week. Some 275,284 complaints were filed last year with the Internet Crime Complaint Center (IC3), a partnership between the FBI and the National White Collar Crime Center. In 2007, the IC3 received 206,844 complaints. The report shows that the nation's capital appears to be home to the largest concentration of online con artists in the country. The District of Columbia ranks #1, just ahead of Nevada and Washington State, in terms of online fraud perpetrators per 100,000 residents, the IC3 found. The non-delivery of merchandise and/or payment was by far the most reported offense, accounting for nearly one-third of all referred cases, the IC3 reports. Internet auction fraud made up 25.5 percent of referred complaints, while credit/debit card fraud comprised 9 percent. The total dollar loss
Google: Spam Levels Back to Pre-McColo Levels
In Fraud
Spam levels have finally bounced back to levels seen prior to the shutdown of notorious Web hosting provider McColo in November of last year, at least from the vantage point of Postini, Google's e-mail security provider. Postini said its measure of the seven-day average spam volume didn't return to pre-McColo measurements until March 23. "What we have seen in Q1 is a slow but steady return to before-McColo" spam levels, said Adam Swidler, Postini's product marketing manager. Still, just as some anti-spam hardware and software vendors saw anywhere from a 50 percent to 75 percent drop in spam after McColo was shuttered, depending on their view, I should note that some e-mail security providers cited a resumption of pre-McColo spam levels as early as December. As far as spam trends in first quarter 2009, the spammers appear to be dusting off tried-and-true infection and distribution methods, Postini reports. Virus-laden e-mail
Conficker Worm Strike Reports Start Rolling In
In Fraud
Editor's Note: The following was written in the spirit of April Fool's Day. Brian is following the story and if there are real reports of outbreak, he'll report them in a separate post. Reports are trickling in about the impact from the Conficker worm, as infected systems passed zero hour at midnight and began downloading additional malicious components. Here's a quick roundup of some of the more notable incidents caused by Conficker so far, according to published reports: - A nuclear missile installation near Elmendorf Air force Base outside of Anchorage, Alaska briefly went on a full-scale military alert after technicians manning the bunker suspected that several of their control systems were infected with Conficker. According to wire reports, the remote facility temporarily moved to Defense Condition (Defcon) 3 in the pre-dawn hours, but quickly backed down from that posture. An airman at the installation who asked not to be
Asia, Europe, S. America Biggest Conficker Targets
In Fraud
It's still not clear what, if anything, millions of Microsoft Windows systems infected with the much-hyped Conficker worm will do in the next 12 hours, when the systems are expected to seek out new instructions from the worm's author(s). If anything significant does happen, however, it will disproportionately affect PCs and networks in Asia, Europe and South America, and comparatively few systems in North America, new research suggests. Researchers at IBM's Internet Security Systems say they found a way to decode the encryption that masks the data shared by peer-to-peer communications software planted on all systems infected by Conficker.C. As a result, ISS has been able to begin charting the location of infected systems across the globe. According to ISS, only 6 percent of the known infections are located in North America, let alone the United States. In contrast, nearly 45 percent of infections are in Asia, while Europe accounts
Flaw in Conficker Worm May Aid Cleanup Effort
In Safety Tips
Experts have discovered a security hole in the computer code that powers the Conficker worm, an aggressive contagion that has spread to more than 12 million Microsoft Windows systems worldwide. The security community is treading lightly with this news, because while the discovery could make it easier to isolate infected systems, it could also give criminals a way to quietly hijack millions of systems. Conficker spreads mostly by exploiting a security vulnerability in Microsoft Windows systems, one that the software giant issued a patch to fix last October - just days before the first version of Conficker struck. Experts have known for some time now that Conficker applies its own version of that patch shortly after infecting a host system. This tactic not only prevents other malicious software from infiltrating the host via that vulnerability, but it also makes it difficult to for system administrators to find potentially infected systems
Happy 4th Birthday, Security Fix
In Misc.
Today marks the fourth anniversary of the launch of Security Fix. A heartfelt "thank you" to all of our faithful readers who make this blog come alive with their thoughtful comments and participation. I tried to explain how important this audience has become to me in an interview I did recently with BeatBlogging.org. It seems silly to try to paraphrase what I said, so here's a quote about you -- the reader -- from that interview. Readers are more inclined to speak their minds, interact with others, and generally contribute to a more well-rounded discussion and story if they get a sense that the author is accountable and responsive. I do try to be responsive. So if there is something I'm missing that you'd like to see more (or less!) of, please don't hesitate to let me know.
Conficker: Doomsday, or the World's Longest Rickroll?
In From the Bunker
When it comes to criminal hackers, establishing motive is usually a no-brainer: In a majority of cases, computer worms and viruses are little more than tools that bad guys use to make money. But every so often, a prolific and sophisticated worm or virus emerges that isn't so obviously connected to a financial scheme. Almost every time this happens, people start to get nervous and spin wild theories about the threat, until the hype surrounding said threat starts to reach a fever pitch. This is exactly what's happening with the latest version of the worm dubbed "Conficker," a contagion that has infected millions of PCs worldwide. Computers already infected by the worm are supposed to be automatically updated with some unknown software component on April Fools Day. That's more or less the sum of what computer experts know about the rhyme or reason behind this worm, but it hasn't stopped
Hacked File-Upload Accounts Prized by E-Jihadis
In Web Fraud 2.0
Hackers who sympathize with radical Islamic groups increasingly are using hijacked accounts at online file-upload and distribution services to disseminate large files, such as videos of attacks on Western forces in the Middle East, new research suggests. Services like RapidShare, Ziddu, and MegaUpload allow users to share large files, yet each places certain restrictions on non-paying users, such as limiting the number, speed, and size of files that free users can upload and download. But according to analysts at iDefense, a security intelligence firm owned by Verisign, hackers from various online jihadists forums have in recent months begun posting lengthy lists of hacked premium RapidShare account usernames and passwords to help fellow members avoid those limits. The same forums have latched onto obscure programs that allow Rapidshare users to effectively circumvent file size limits by splicing up large files into smaller chunks that the programs then reassemble after the constituent
Mac OS X Top Target in Browser Beatdown
In From the Bunker
Legendary bank robber Willie Sutton was made famous for allegedly explaining why he robbed banks with the answer: "Because that's where the money is." So why do cyber crooks attack Web browsers? Because that's where the user is. But maybe a more accurate answer is: "Because that's where the vulnerabilities are." At least, that was the answer given by a 25-year-old German computer science student known only as "Nils," who last week proudly showcased three brand new exploits for remotely hijacking the most popular Web browsers, including Firefox, Safari and the last beta release of Microsoft's Internet Explorer 8. Nils was competing in the "Pwn2Own" contest at the CanSecWest security conference in Vancouver. That contest, sponsored by 3Com's TippingPoint, awarded contestants $5,000 per browser bug. The first person to crack any of the browsers was allowed to keep the laptop it was running on (TippingPoint purchases information about unpatched security
Web Fraud 2.0: Data Search Tools for ID Thieves
In Web Fraud 2.0
Data such as your Social Security number, mother's maiden name and credit card balance are not as difficult for ID thieves to find as most people think. I've recently learned that cyber crooks are providing cheap, instant access to detailed consumer databases, offering identity thieves the ability to find missing data as they compile dossiers on targeted individuals. Security Fix spent the past week testing services offered by two Web sites that sell access to a wealth of information on consumers. Each site offers free registration, but requires users to fund their accounts via Webmoney, a PayPal-like virtual currency that is popular in Russia and Eastern Europe. I enlisted the help of a half-dozen volunteers who agreed to let me try to find their personal and financial data on these sites. For a payment of $3 each, I was able to find full Social Security numbers on four of the
Rogue Antivirus Distribution Network Dismantled
In Cyber Justice
A major distribution network for rogue anti-virus products has been shut down following reports by Security Fix about massive profits that the network's affiliates were making for disseminating the worthless software. On Monday, Security Fix profiled TrafficConverter2.biz, a program that pays affiliates handsome commissions for spreading "scareware" products like Antivirus2009 and Antivirus360. Scareware tries to frighten consumers into purchasing fake security software by pestering them with misleading and incessant warnings about threats resident on their systems. According to a message posted at TrafficConverter2.biz and its sister sites, the program's credit card payment processor pulled the plug on them shortly after our story ran. TrafficConverter2.biz is currently unreachable, but a message posted to the home page earlier this morning reads: On March 18th, in the evening, with no warnings, the German Merchant Processing was cut off. Merchant was at the bank personally (without intermediaries), proved and with the arrangements on the
FTC Takes on Freecreditreport.com
In U.S. Government
If you watch television, chances are you've seen the jingles where the young guy sings a campy song about his troubles with identity theft, in a bid to pitch a site called freecreditreport.com. Well, now the Federal Trade Commission is getting in on the act, running a series of hilarious public service announcements to point out that such services often are not free at all, and instead pointing consumers to annualcreditreport.com, a site mandated by Uncle Sam and probably the only place online consumers can truly go to get a free copy of their credit reports from each of the three major credit reporting bureaus. Here's my favorite annualcreditreport.com PSA from the FTC: If you haven't seen any of the freecreditreport.com commercials that the FTC is lampooning, it may make more sense if you take a gander at them over at YouTube. Here's one more from the FTC: Looking for
Antivirus2009 Holds Victim's Documents for Ransom
In Latest Warnings
Security experts are warning that some new "scareware" programs, software that tries to frighten consumers into purchasing bogus security products, also encrypt the victim's digital documents until he or she agrees to pay a $50 ransom demand. Newer versions of scareware family Antivirus2009 warn users in a fake Windows alert that files in the "My Documents" folder are corrupt. The program then directs the victim to download a program called "FileFixerPro" to fix the supposedly corrupt files. In fact, this version of Antivirus2009 encrypts or scrambles contents of documents in that folder, so that only users who pay $50 for a FileFixerPro license can get the decryption key needed to regain access to the files in their My Documents folder. A number of security forums have chronicled the rise of this nasty development in scareware evolution. This thread, over at the "devshed" Web development forum, includes cries for help from
Newsflash: Local Man Launches Virus Epidemic
In Latest Warnings
Malware authors are beginning to personalize virus attacks sent through e-mail, blasting out fake news alerts about shocking events that supposedly happened in or around the recipient's home town. This latest innovation comes compliments of the Waledac worm, widely seen as the successor to the Storm worm, a wily virus that used a seemingly bottomless bag of new tricks to fool people into clicking on links that launch the worm into action. On Monday, security firm Trend Micro began warning people to look out for bogus "Reuters breaking news" e-mails warning of explosion or other various calamities that have supposedly broken out in a city near you. The message content pulls data from so-called "geo-location" services that can use the recipient's Internet address to make a semi-accurate guess of their nearest town. For example, a user who lives in Fairfax, Va., might see this subject line in a missive sent
Massive Profits Fueling Rogue Antivirus Market
In Web Fraud 2.0
In the cyber underworld, more and more individuals are generating six-figure paychecks each month by tricking unknowing computer users into installing rogue anti-virus and security products, new data suggests. One service that exemplifies a very easy way these bad guys can make this kind of money is TrafficConverter.biz, one of the leading "affiliate programs" that pays people to distribute relatively worthless security software. Affiliates are given a range of links and Javascript snippets they can use to embed the software in hacked and malicious Web sites, or tainted banner advertisements online. Unsuspecting users who view one of these hacked sites or ads see a series misleading warnings saying their computers are infected with malware, and offering a free scan. Those who agree are prompted to download a program that conducts a bogus scan and warns of non-existent threats on the user's system. The software also blocks the user from visiting
Hacking iTunes Gift Cards, and an iTunes Update
In Fraud
Recently, several media outlets have been running a fascinating story about hackers making oodles of money selling iTunes gift cards activation codes at online auctions, supposedly after cracking the secret algorithm Apple uses to generate voucher codes for iTunes gift cards. But a blog post published today by one of the security industry's most prominent researchers suggests that the real hack here is far simpler: The crooks are merely using stolen credit cards to purchase and resell the iTunes gift cards. Joe Stewart, director of malware research at SecureWorks writes: This would be a pretty clever hack if it were true -- however, something just isn't quite right here. Nowhere in these articles does it explain one simple thing - how do they manage to generate activated iTunes gift voucher codes? When you purchase an iTunes gift card, it has to be activated before it will work, otherwise you will
Microsoft Plugs Eight Windows Security Holes
In New Patches
Microsoft Corp. on Tuesday pushed out a set of three updates to fix at least eight security vulnerabilities in its Windows operating systems and other software. The patches are available through Windows Update or via Automatic Updates. Easily the most critical update addresses an image processing flaw present in every supported version of Windows that could be exploited merely by tricking a Windows users into viewing a booby-trapped image on a Web site or sent via e-mail. According to Eric Schultze, chief technology officer for St. Paul, Minn., based Shavlik Technologies, attackers could use this flaw to install and run malicious software on a victim's system even if the user wasn't logged on using the all-powerful administrator account. "With system privileges, the evil code can access, copy, or delete any files on the system, create or delete user accounts, change passwords, or install backdoors," Schultze said. "In other words, nasty
Sprint: Employee Stole Customer Data
In Fraud
Sprint is warning several thousand customers that a former employee sold or otherwise provided their account data without permission. In letters sent via snail mail to some customers, Sprint urged recipients to contact customers service and change their existing personal identification number and security question. Turns out, a Sprint employee accessed "multiple customer accounts," between Dec. 2008 and Jan. 2009. "It appears this employee may have provided customer information to a third party in violation of Sprint policy and state law. We have terminated this employee. The information that may have been compromised includes your name, address, wireless phone number, Sprint account number, the answer to your security question, and the name of the authorized point of contact on your account." Sprint spokesman Matt Sullivan declined to say how many customers were sent the letters, but said it was less than one percent of its customer base. A woman who
Adobe, Foxit, Ship PDF Reader Security Updates
In New Patches
Adobe Systems today released an update to plug a dangerous security hole that hackers first began exploiting in January. The update, available here, is for Adobe Reader and Acrobat programs on both Windows and Mac systems. Adobe said it expects updates for Adobe Reader 7 and 8, and Acrobat 7 and 8, to be available by March 18. If you've chosen to read PDF documents using the popular alternative to Adobe -- Foxit Reader -- you also need to update. On Monday, Foxit shipped an update that fixes at least three serious vulnerabilities in its Reader products. That update, which brings Foxit Reader to version 3.0, is available from this link.
Users Complain of Mysterious 'PIFTS' Warning
In Latest Warnings
Computer support forums are lighting up with queries from users wondering what to do about an alert on whether to trust a file called "PIFTS.exe". Meanwhile, someone at Symantec's support forum seems to be deleting posts from users inquiring about this alert almost as soon as they go up on the forum. Swa Frantzen, an incident handler with the SANS Internet Storm Center, writes today that PIFTS.exe appears to be related to a Norton update since it has a has a component in it that leverages the user's Internet connection to contact a Web page at norton.com, which is owned and operated by Symantec. A Security Fix reader sent this e-mail today about his experience with this alert: "Symantec's response has been odd. It has removed all chat threads on the subject, and seems to be deleting questions about PIFTS.exe wherever they may be posted. In short, it is Symantec's
Why Web Site Security Matters to Us All
In From the Bunker
For the past several months, some of the sharpest minds in the security community have teamed up to block cyber criminals from wresting control over what may be one of the largest armies of hacked computers ever built. While those efforts are ongoing and so far appear effective, all of that work could be undone thanks to the lax security of a single Web site. The scourge in question is the Conficker worm, a contagion that has infected tens of millions of Microsoft Windows machines since its birth in November. Experts figured out early on that Conficker was a two-stage threat because it tells infected systems to contact a list of 250 different domain names each day. If just one of those domains is registered by the virus writer, the thinking goes, it could be used to download an as-yet unknown secondary component to all infected systems, such as malicious
Twitter Security Hole Left Accounts Open to Hijack
In Latest Warnings
Micro-blogging service Twitter.com has fixed a vulnerability that until Wednesday night allowed users to create fake posts on other users' Twitter pages, or sign up fellow users for a deluge of potentially wallet-busting text messages. Twitter is designed to let people blog from their phones, by sending text (aka "short message service" or SMS) messages or "Tweets" that will then appear on the user's Twitter.com home page. Any Twitter users who are "following" or have syndicated that account will then receive updates on their Web sites about what that user is doing. Twitter users can choose to receive updates from other users via their own home page, through their phone, or both. The authentication weakness allowed anyone who knew your mobile number to spoof messages to your Twitter.com home page so that they appeared to have come from you, provided your mobile phone number was set up to post and/or
Fanning the Flames of the Browser Security Wars
In From the Bunker
A report published this week by software vulnerability watcher Secunia promises to stoke the ever-smoldering embers of the debate over which major Web browser is more secure. In trying to draw conclusions from the data, though, I hope readers will look past the sheer numbers of security holes that each browser maker fixed this past year, to the metric that in my opinion matters most: How long did it take each browser maker to address security flaws once those vendors knew about them? Secunia's study (PDF) found that 115 security flaws were reported in 2008 for Mozilla's Firefox browser, almost four times as many flaws as other popular browsers. In contrast, Secunia said, 31 vulnerabilities were reported for versions of Microsoft's Internet Explorer, while Opera and Safari claimed at least 30 and 32 reported security holes in 2008, respectively. But the Secunia study also measured how nimbly Microsoft and Mozilla
From (& To) Russia, With Love
In Cyber Justice
If you ask security experts why more cyber criminals aren't brought to justice, the answer you will probably hear is that U.S. authorities simply aren't getting the cooperation they need from law enforcement officials in Russia and other Eastern European nations, where some of the world's most active cyber criminal gangs are thought to operate with impunity. But I wonder whether authorities in those countries would be any more willing to pursue cyber crooks in their own countries if they were forced to confront just how deeply those groups have penetrated key government and private computer networks in those regions? As Security Fix documented in When Cyber Criminals Eat Their Own, a common misconception about hacker groups in Russia and the former Soviet nations is that they avoid targeting their own people. On the contrary, aggregate statistics from recent attacks and outbreaks strongly suggest that perception no longer matches reality.
"Koobface" Worm Resurfaces on Facebook, MySpace
In Latest Warnings
Security experts are warning users of Facebook, MySpace and other social networking communities to be on guard against a new strain of the "Koobface" worm, which spreads by tricking users into responding to a message apparently sent from one of their friends. The latest version of Koobface arrives as an invitation from a user's friend or contact, inviting the recipient to click on a link and view a video at a counterfeit YouTube site. Visitors are told they need need to install an Adobe Flash plug-in to view the video. The bogus plug-in instead installs a Trojan horse program that gives Koobface author(s) control over the infected user's computer, according to security firm Trend Micro, which documented the new strain on its blog. In addition, the worm also hijacks the victim's social networking account, by sending out additional invites in order to spread the worm to the victim's friends and
Microsoft: Attackers Target Unpatched Excel Flaw
In Latest Warnings
Microsoft Corp. is warning computer users that attackers are now exploiting a previously unknown security hole in the company's Excel spreadsheet software to break into vulnerable systems. The vulnerability, which appears to be present in all supported versions of Microsoft Excel and Microsoft Office (including Office 2004 and Office 2008 for Mac), could be exploited merely by convincing a user to open a booby-trapped Excel file hosted on a hacked or malicious Web site, or sent as an attachment in an e-mail message. Microsoft reports that it is "aware only of limited and targeted attacks that attempt to use this vulnerability," and that it is working on shipping a fix for the flaw. Symantec researchers report on the company's blog more or less supporting Microsoft's claim that this flaw is not yet widely being exploited. But that should not deter readers from following this tried-and-true advice: If you didn't ask
ID Fraud, Abusive Debt Collectors Top Consumer Gripes in '08
In U.S. Government
Identity fraud was the top complaint consumers lodged last year with the Federal Trade Commission, followed by gripes about harassing and abusive debt collectors, the agency reported today. Of the 1,223,370 complaints the FTC received last year, 313,982 - or 26 percent - were related to identity fraud. The biggest chunk of those complaints related to credit card fraud (20 percent), while employment fraud and fraud related to government documents/benefits each accounted for 15 percent of identity fraud complaints. Phone or utilities fraud made up 13 percent, while 15 percent of complaints related to bank and loan fraud complaints. Debt collectors have always generated a large volume of complaints, but this is the first year that the FTC has included the industry as a category in its top complaints listing, FTC spokeswoman Claudia Bourne Farrell said. In November 2008, nationwide debt collection agency Academy Collection Service and its owner agreed
Adobe Issues Security Update for Flash Player
In New Patches
Adobe Systems Inc. has shipped an update for its ubiquitous Flash player that fixes at least five security flaws. A few of the flaws are critical, meaning users could have malicious software installed on their system merely by visiting a Web page that features a booby-trapped Flash movie. Many readers will need to apply two different versions of this patch: One is designed for Internet Explorer, and another updates the Flash player in Firefox, Opera and Safari. This can be accomplished by visiting this update link twice, once with IE, and then again with Firefox or whichever other browser you're using. The patch plugs security holes in Flash player 10.0.12.36 and earlier. Updates are available for Flash versions made for Windows, Mac OS X, and Linux. Not sure which version of Flash you have installed, or want to make sure the fix worked? Visit this link to find out.
Adobe Urges Stopgap Changes To Blunt Cyber Threat
In Safety Tips
Adobe Systems Inc. has found itself in the midst of a public relations maelstrom of the sort once reserved only for Microsoft Corp., as security experts chastise the company for not moving fast enough to address a critical security hole in its products even as third-party software makers offer makeshift fixes for the flaw. On Feb. 19, experts at Shadowserver.org, a volunteer-led security group, let the world know that bad guys were attacking an unpatched security flaw in Adobe Acrobat and Reader to break into systems when users opened booby-trapped .PDF files. The Shadowserver guys said one way to mitigate this threat was to disable the rendering of Javascript within these programs. Later that day, Adobe released its own advisory, which acknowledged that the flaw existed in all supported versions of its products, and on all operating systems. The company said it planned to ship an update to fix the
Just Say "No" To Gmail "ViddyHo" Chats
In Latest Warnings
A crazy number of readers have written in asking what they should do about unsolicited instant messages coming in from their Gmail accounts. The messages are from a site called ViddyHo urging them to "check out this video." I hope most readers will recognize the link provided in this chat invite for what it is: An invitation to give your Gmail credentials over to criminals. A quick check of the ever-sobering Google Trends feature would telegraph that this is a scam that has ramped up extremely quickly. Ryan Narine, security evangelist for security firm Kasperksy Lab Americas, said crooks may be after Google accounts because those accounts offer several tempting targets all in one place. "These types of phishing attacks are not new but it's interesting that Google is the target of a multi-pronged phishing attack at the same time," Narine said. "Google Accounts, in some cases, are tied to
The Tigger Trojan: Icky, Sticky Stuff
In Latest Warnings
A relatively unknown data-stealing Trojan horse program that has claimed more than a quarter-million victims in the span of a few months aptly illustrates the sophistication of modern malware and the importance of a multi-layered approach to security. When analysts at Sterling, Va., based security intelligence firm iDefense first spotted the trojan they call "Tigger.A" in November 2008, none of the 37 anti-virus products they tested it against recognized it. A month later, only one - AntiVir - detected it. That virtual invisibility cloak, combined with a host of tricks designed to elude forensic malware examiners, allowed Tigger to quietly infect more than 250,000 Microsoft Windows systems, according to iDefense's read of log files recovered from one of the Web servers Tigger uses to download code. iDefense analyst Michael Ligh found that Tigger appears designed to target mainly customers or employees of stock and options trading firms. Among the unusually
Attackers Exploiting Unpatched Flaw In Adobe Reader, Acrobat
In Latest Warnings
Hackers are exploiting an unpatched security hole in current versions of Adobe Reader and Acrobat to install malicious software when users open a booby-trapped PDF file, security experts warn. Adobe issued an advisory Thursday warning that its Reader and Acrobat software versions 9 and earlier contain a vulnerability that could allow attackers to take complete control over a system if the user were to open a poisoned PDF file. Adobe said it doesn't plan to issue an update to plug the security hole until March 11. Meanwhile, the folks at Shadowserver.org, a volunteer-led security group, said it has seen indications that this vulnerability is being used in targeted attacks. Shadowserver warns that this exploit is likely to be bundled into attack kits that are sold to cyber crooks who specialize in seeding hacked and malicious Web sites with code that tries to install malware. "These types of attacks are frequently
Travel-Booking Site for Federal Agencies Hacked
In Fraud
Govtrip.com, which handles travel reservations for at least a dozen U.S. government agencies, last week was infected with a virus that tried to install malicious software when users visited the site, causing some agencies to block employees from accessing it, Security Fix has learned. Sometime on Feb. 11, hackers changed the Govtrip.com Web site to redirect visitors to a site that installed malicious software. A number of agencies, including the departments of Agriculture, Energy, Health & Human Services, Interior, Transportation, and Treasury, use the site exclusively to book travel arrangements. Govtrip.com also is used to reimburse workers via direct deposit, which means that many federal employees' checking account information is stored there as well. On Thursday, Feb. 12, the Federal Aviation Administration began urging employees to avoid visiting the site. Rather, employees seeking to make travel arrangements were given instructions on how to book travel arrangements manually, FAA spokeswoman Laura
Verizon to Implement Spam Blocking Measures
In Misc.
Verizon.net is home to more than twice as many spam-spewing zombies as any other major Internet service provider in the United States, according to an analysis of the most recent data from anti-spam outfit Spamhaus.org. Verizon, however, says it plans to put measures in place to prevent it from being used as a home to so many spammers. Security Fix examined the latest stats from Spamhaus's "composite block list," (CBL) which relies on intelligence relayed by large spamtraps and e-mail infrastructures around the world. The list only is comprised of Internet addresses that have been observed to be sending spam, worms and viruses, or participating in other malicious activity. Spamhaus currently includes 225,454 U.S. based Internet addresses on its CBL. Of those, nearly one-quarter -- almost 56,000 -- are assigned to Verizon.net. Comcast, which according to Spamhaus is home to the next-largest concentration of malicious hosts among U.S. ISPs, has
Apple Patches More Than 50 Security Holes
In New Patches
Apple last week issued security updates to plug more than 50 security holes in its OS X operating system and other software. The patches, which affect Mac OS X 10.4 and 10.5, Java for the Mac and Safari for Windows systems, are available through Apple Downloads or via the company's automatic update program. Apple's Security Update 2009-001 addresses roughly four dozen security flaws in the operating system and bundled software. Java Release 8 patches at least four security flaws in Apple's version of Java for Mac OS X 10.4 and 10.5 Cupertino also fixed a critical vulnerability in its Safari Web browser for Windows XP and VIsta systems. Sarari 3.2.2 for Windows fixes a flaw that Apple said could allow a Web site to run hostile Javascript on the user's system if he or she subscribed to an RSS feed that included a malicious link. Brian Mastenbrook, the researcher Apple
As Tax Season Continues, Beware of Scams
In Safety Tips
As sure as the taxman cometh each year, so do the scam artists. The Internal Revenue Service is warning U.S. taxpayers to be prepared for a steady increase in scams and virus attacks via e-mail, telephone and the Web as the April 15 tax-filing deadline approaches. "We see a big upswing in complaints about these phishing emails January through April during the tax filing season," IRS spokeswoman Nancy Mathis said. The most common type of scam arrives via e-mails claiming to come from the IRS or Treasury Department. They typically try to either scare consumers into thinking there is an error with their tax filing, or that they are eligible for a tax rebate or benefit from the government economic stimulus package that just passed on Capitol Hill. These so-called "phishing" e-mails typically arrive in an e-mail that urges users to visit a site, which in turn prompts visitors to
Microsoft Offers $250,000 Reward for Conficker Worm Author(s)
In Cyber Justice
Microsoft Corp. today said it is offering a $250,000 reward for information that leads to the arrest and conviction of those responsible for launching the "Conficker" computer worm, a threat that has infected millions of Microsoft Windows PCs over the past two months. The reward is the most public acknowledgment yet of the damage inflicted by the Conficker worm - known to some anti-virus companies as "Downadup" -- which wiggles into Microsoft systems primarily through a security hole in the Windows operating system. Microsoft issued a software update in late October to help customers guard against the attack, but Conficker can spread even to systems that have already been patched, by piggybacking on removable media -- such as USB drives -- that launch the worm when connected to a Windows system. "As part of Microsoft's ongoing security efforts, we constantly look for ways to use a diverse set of tools
Critical IE, Exchange Flaws in Microsoft's Patch Tuesday
In New Patches
Microsoft Corp. today released four patch bundles to fix at least eight security vulnerabilities in PCs powered by its Windows operating system and other software. The fixes are available through Microsoft Update or via Automatic Updates. Half of the flaws fixed in February's patch batch earned Microsoft's most urgent "critical" rating, meaning attackers could wield them to break into vulnerable systems with little or no assistance from users, aside from maybe convincing users to visit a booby-trapped Web site or open a specially-crafted e-mail. Two of the critical vulnerabilities reside in Microsoft's Internet Explorer 7 Web browser (oddly enough, Microsoft says IE6 is not affected). The other two critical flaws Redmond fixed are found in Microsoft Exchange, an e-mail server program used by tens of millions of organizations. Andrew Storms, director of security operations for nCircle, a network security company, said the Exchange vulnerability is especially serious for businesses, because
Covering Your Tracks in Firefox
In Safety Tips
Firefox users looking for a little more control over the privacy of their Web browsing habits should check out a handy add-on called "RefControl," a Firefox extension that lets you decide which sites should be allowed to see your most recent browsing history. When you visit a Web site, the people who run that site can see by looking at their traffic logs the name and Internet address of the site you were at directly before visiting their site, also known as the "referrer" link. Using RefControl, Firefox users can block all referrers, or block referrers for all sites except those included on your personal exclusion list. RefControl users can even set a fake referrer for all or specific sites that includes a custom message (e.g., "NoReferrerForYou"), a sentiment that will show up in the visited Web site's logs. RefControl is very easy to use. By default, the add-on doesn't
Consider the Source, Not Just the File Type
In Latest Warnings
An uptick in malware that infects music files being traded on popular peer-to-peer (P2P) file-sharing networks should give Windows users pause about downloading songs from unknown sources. Symantec is reporting a spike in the number of audio files infected with what it calls Trojan.Brisv.A (detected as Worm.Win32.GetCodec.a by other antivirus vendors). The malicious software resides in otherwise innocuous-looking music Windows Media Audio (.wma) files that, when opened, changes all .mp3 and .mp3 files on a host system to Windows Media Audio (.wma) format. Audio files altered by the Trojan won't lose their .mp2 or .mp3 file extensions. Rather, the Trojan embeds in each converted media file a placeholder, so that when a victim tries to listen to it, the song is opened up in Windows Media Player. At that point, the victim is prompted to download an audio codec in order to continue playback. If the victim installs the codec,
Quick Poll: Many Smaller Banks Hit By Heartland Breach
In From the Bunker
In another sign that the recently disclosed data breach at credit card processing giant Heartland Payment Systems may indeed be one for the record books, a quick survey of community banks indicates that a majority of institutions have been notified that at least some of their debit or credit cards were compromised in the breach. Princeton, N.J., based Heartland has not disclosed how many credit and debit card accounts may have been intercepted by malicious software the company recently found on its payment processing network. Heartland's president and chief financial officer Robert Baldwin told Security Fix last month that the company processes about 100 million card transactions each month. The Independent Community Bankers of America, a trade group that includes some 5,000 banks representing 18,000 locations nationwide, took an informal poll of its members recently to find out how many were contacted by Heartland. According to the ICBA, 83 percent
Data Breach Led to Multi-Million Dollar ATM Heists
In Web Fraud 2.0
A nationwide ATM heist late last year netted thieves $9 million in cash in one day, according to published reports. The coordinated attack stemmed from a computer intrusion at payment processor RBS WorldPay. Atlanta-based RBS WorldPay announced on Dec. 23 that hackers had broken into its database and made off with personal and financial data on 1.5 million customers of its payroll cards business. Some companies use payroll cards in lieu of paychecks by depositing employee salaries or hourly wages directly into payroll card accounts, which can then be used as debit cards at ATMs. RBS said that thieves also might also have accessed Social Security numbers of 1.1 million customers. New York's Fox 5 cites FBI sources as saying that thieves used the stolen payroll cards recently to withdraw $9 million from ATMs from 49 cities, including Atlanta, Chicago, New York, Montreal, Moscow, and Hong Kong. Steve Lazarus, a
OpenOffice Installs Insecure Java Version
In New Patches
An alert reader let me know that the latest version of OpenOffice, the open source alternative to the Microsoft Office productivity suite, also installs a very old, insecure version of Java. Users who accept the default installation options for OpenOffice 3.0.1 also will get Java 6 Update 7, a version of Java that Sun Microsystems released last spring (the latest version is Java 6 Update 12). This is notable because not only could attackers target security vulnerabilities that were fixed in subsequent versions of Java, but Java 6 Update 7 was released prior to Sun's inclusion of a feature known as "secure static versioning," which is intended to prevent Web sites from invoking even older versions of Java that may be present on the user's system. Starting with Java 6 Update 11, Sun included a feature that uninstalls older versions, but that functionality for whatever reason did not automatically remove
Report: Most Spam Sites Tied to Just 10 Registrars
In From the Bunker
Nearly 83 percent of all Web sites advertised through spam can be traced back to just 10 domain name registrars, according to a study to be released this week. The data come from millions of junk messages collected over the past year by Knujon ("no junk" spelled backwards and pronounced "new john"), an anti-spam outfit that tries to convince registrars to dismantle spam sites. While there are roughly 900 accredited domain name registrars, spammers appear to register the Web sites they advertise in junk e-mail through just one percent of those registrars. Knujon's rankings include: 1. XinNet Cyber Information Company Limited 2. eNom 3. Network Solutions 4. Register.com 5. Planet Online 6. Regtime Ltd. 7. OnlineNIC Inc. 8. Spot Domain LLC 9. Wild West Domains 10. Hichina Web Solutions Knujon co-founder Garth Bruen said registrars made his list based on several factors, including: the number of reported illicit domains held
Data Breaches More Costly Than Ever
In Misc.
Organizations that experienced a data breach paid an average of $6.6 million last year to rebuild their brand image and retain customers following public disclosures of the incidents, according to a new study. The fourth annual survey by the Ponemon Institute, a Tucson, Ariz., based independent research company, found that companies spent roughly $202 per consumer record compromised. The same study put the total cost of a breach in 2007 at $6.3 million, and roughly $4.7 million in 2006. The survey examined cost estimates from 43 organizations that reported a data breach last year. The average number of consumer records exposed in each breach was about 33,000, but the number of records affected in each incident ranged from fewer than 4,200 to more than 113,000. Eighty-four percent of the companies surveyed had experienced at least one data breach or loss prior to 2008, said Larry Ponemon, the institute's founder. The
Google: This Internet May Harm Your Computer
In Latest Warnings
A glitch in a computer security program embedded deeply into Google's search engine briefly prevented users of the popular search engine from visiting any Web sites turned up in search results this morning. Instead, Google users were redirected to page that warned: "This site may harm your computer." Calls and e-mails sent to Google were not returned as of publication. I will update this blog if and when I hear back from them about the cause and length of this incident. The problem, which appears to have been corrected by the time of publication, was related to Google's "Stop Badware" program, which is designed to keep Internet users from visiting sites that Google's bots have found try to install malicious software when users browse the sites. I first learned of the blockage just before 10 a.m. ET, when my wife complained that Google was telling her that OfficeDepot.com was trying
Troubled Ukrainian Host Sidelined
In Web Fraud 2.0
A Ukrainian Web hosting provider that, according to published reports, has long served as home base to a prolific and invasive family of malicious software has been taken offline following abuse reports from Security Fix to the company's Internet provider. Since at least 2005, and perhaps earlier, an entity known as UkrTeleGroup Ltd. has hosted hundreds of Web servers that control a vast network of computers infected with some variant of "DNSChanger," according to security software vendor McAfee, which monitors worldwide malware. DNSChanger is a Trojan horse program that changes the host system's settings so that all of the Internet traffic flowing to and from the infected computer is sent through servers controlled by the attackers. In a report issued last month, McAfee said it found more than 400 DNS servers on UkrTeleGroup's network that appeared to be set up to to re-direct Web traffic for systems infected with DNSChanger.
Blogfight: IE Vs. Firefox Security
In From the Bunker
I'm writing this to set the record straight on some statements made earlier this month by Jeff Jones, a security strategy director at Microsoft. In analysis published on his Technet Security Blog and at cio.com, Jeff picked apart research I conducted in 2007, which found that Microsoft's Internet Explorer browser was unsafe for 284 days in 2006. According to Jones's analysis, Firefox users were instead more "at risk" than their IE counterparts in 2006 -- albeit just by a single day -- 285 days in 2006, he concludes. What Jones neglected to mention was that in my analysis I only examined the longevity of unpatched browser vulnerabilities that by each company's definition earned the most dangerous security ratings. In the case of Internet Explorer, for example, I counted only flaws that Microsoft said were "critical," for one or more versions of the browser or closely-tied component of the Windows operating
Security Fix Pop Quiz, Reality-Show Style
In Latest Warnings
It's been a while since we published our last Security Fix Pop Quiz, a periodic exercise to see whether you've updated your computer with the proper security updates. Usually when we do these quizzes I focus on the latest updates for third-party software programs, patches designed to guard against attackers who try to install malicious software using known security holes in these widely-used applications. This time around, however, I want to give readers more perspective about why applying these updates are so critical, by looking through the lens of the criminal masterminds behind "Grum," one of this year's largest spam botnets, or groupings of hacked Microsoft Windows PCs typically used to relay junk e-mail. But what exactly is it that makes this malware family so successful? Put simply, it observes the old adage, "If at first you don't succeed, try, try again." Indeed, Grum is incredibly tenacious: the Web sites
Monster.com Breach May Preface Targeted Attacks
In Latest Warnings
Job search giant Monster.com quietly disclosed this week that its user database was illegally accessed, resulting in the theft of an unspecified number of Monster user IDs and passwords, names, phone numbers and e-mail addresses. The company said it opted not to notify users by e-mail out of concern that those messages would be "used as a template for phishing e-mails targeting our job seekers and customers." "We believe placing a security notice on our site is the safest and most effective way to reach the broadest audience," the company said in a statement posted on its homepage. "As an additional precaution, we will be making mandatory password changes on our site." In 2007, a Trojan horse program that anti-virus giant Symantec Corp. named Infostealer.Monstres began using hijacked Monster.com employer accounts to hoover up data on Monster.com users, ultimately gathering information on roughly 1.6 million users. Not long after that,
When Cyber Criminals Eat Their Own
In From the Bunker
Some of the most prolific and recognizable malware disbursed by Russian and East European cyber crime groups purposefully avoids infecting computers if the program detects the potential victim is a native resident. But evidence from the Conficker worm -- which by some estimates is infecting more than one million new PCs each day -- shows that trend may be shifting. According to an analysis by Microsoft engineers, the original version of the Downadup (a.k.a. "Conficker") worm will quit the installation process if the malware detects the host system is configured with a Ukrainian keyboard layout. However, the latest variant has no such restriction. Stats collected by Finnish computer security firm F-Secure show that Russia and Ukraine had the second and fifth-largest number of victims from the worm, 139,934 and 63,939, respectively, as of Tuesday, Jan. 20. In the past, attackers from the infamous rogue anti-spyware families -- such as Antivirus
Pirated iWork Software Infects Macs With Trojan Horse
In Safety Tips
A company that makes security software for Mac computers is warning that copies of Apple's iWork productivity software that are available for download from peer-to-peer (P2P) file-sharing networks may be infected with a Trojan horse program. The malicious software appears to be designed to enlist infected systems in a bot army that is targeting Web sites with so much junk traffic they can no longer accommodate legitimate visitors. In an alert issued today, Intego said some pirated versions of the $79 iWork software suite circulating on BitTorrent trackers are infected with what it calls OSX.Trojan.iServices.A. Intego said the Trojan is bundled so that it runs when the user installs the pirated iWork software. iServices.A then opens up a "backdoor" on the victim's computer, effectively alerting the virus writer that a new system is infected and potentially allowing the attacker to upload new software to or perform other actions on the
Obama Administration Outlines Cyber Security Strategy
In U.S. Government
President Barack Obama's administration has sketched out a broad new strategy to protect the nation's most vital information networks from cyber attack and to boost investment and research on cyber security. The key points of the plan closely mirror recommendations offered late last year by a bipartisan commission of computer security experts, which urged then president-elect Obama to set up a high-level post to tackle cyber security, consider new regulations to combat cyber crime and shore up the security of the nation's most sensitive computer networks. The strategy, as outlined in a broader policy document on homeland security priorities posted on the Whitehouse.gov Web site Wednesday, states the following goals: * Strengthen Federal Leadership on Cyber Security: Declare the cyber infrastructure a strategic asset and establish the position of national cyber advisor who will report directly to the president and will be responsible for coordinating federal agency efforts and development
Apple's First 2009 Patch Batch Fixes 7 QuickTime Flaws
In New Patches
Apple today released a security update for its QuickTime media player. The new version, QuickTime 7.6, is available for both Mac and Windows systems. This release fixes at least seven security vulnerabilities. All seven are serious enough that Apple says they could be used to run software of the attacker's choice on a vulnerable system simply by convincing the user to view a specially-crafted movie or streaming media file. It's important for QuickTime users (particularly Windows users) not to let too much grass grow under their feet before applying this update. Because it is so widely installed (and probably so infrequently updated), QuickTime has drawn the attention of hackers who write and sell automated exploit toolkits. These are software kits that attackers typically stitch into the fabric of hacked Web sites. When a user visits such a site, the toolkit checks to see which if the browser plug-ins may still
Payment Processor Breach May Be Largest Ever
In Web Fraud 2.0
A data breach last year at Princeton, N.J., payment processor Heartland Payment Systems may have compromised tens of millions of credit and debit card transactions, the company said today. If accurate, such figures may make the Heartland incident one of the largest data breaches ever reported. Robert Baldwin, Heartland's president and chief financial officer, said the company, which processes payments for more than 250,000 businesses, began receiving fraudulent activity reports late last year from MasterCard and Visa on cards that had all been used at merchants which rely on Heartland to process payments. Baldwin said 40 percent of transactions the company processes are from small to mid-sized restaurants across the country. He declined to name any well-known establishments or retail clients that may have been affected by the breach. Baldwin said it would be unfair to mention any one of his company's customers. "No merchant of ours represents even [one-tenth
Move Over, Client #9
In Latest Warnings
A popular Web site that helps connect young women with so-called "Sugar Daddies" has fixed a major security hole that - apparently since its inception two years ago -- allowed anyone with a Web browser to view the private negotiations between site members. This discovery highlights the potential privacy pitfalls of placing too much personal information online, and fully trusting social networking sites. Most online communities, such as Facebook, provide residents a way to keep their public and private online personas separate. In many cases, when a breach between those two worlds occurs, it's because the user misconfigured or misunderstood their privacy settings, as I've documented with users of Google's Calendar service. But when the social networking community itself is responsible for the misconfiguration, the results could be disastrous and long-lasting. Seekingarrangement.com, an adult social networking site that boasts some 300,000 registered users, contained a weakness that allowed anyone to
Tricky Windows Worm Wallops Millions
In Latest Warnings
A sneaky computer worm that uses a virtual Swiss army knife of attack techniques has infected millions of Microsoft Windows PCs, and appears to be spreading at a fairly rapid pace, security experts warn. Also, while infected PCs could be used for a variety of criminal purposes -- from relaying spam to hosting scam Web sites -- there are signs that this whole mess may be an attempt to further spread so-called "scareware," which uses fake security alerts to frighten consumers into purchasing bogus computer security software. The worm, called "Downadup" and "Conficker" by different anti-virus companies, attacks a security hole in a networking component found in most Windows systems. According to estimates from Finnish anti-virus maker F-Secure Corp., the worm has infected between 2.4 million and 8.9 million computers during the last four days alone. If accurate, those are fairly staggering numbers for a worm that first surfaced in
Microsoft Plugs Three Windows Security Holes
In New Patches
Microsoft today issued a critical software update to plug at least three security holes in its Windows operating systems. The patch, which applies to all supported versions of Windows, is available from the Microsoft Update Web site, or via Automatic Updates. All three security vulnerabilities relate to a weakness in the "Server Message Block" (SMB) protocol, a component of Windows used to provide shared access to files, printers, and other communications over a network. Blueprints showing would-be attackers how to exploit one of the flaws were posted online back in October; Microsoft said the other two vulnerabilities were privately reported. SMB threats can generally be stopped by a decent firewall, as they rely on the attacker or malicious software having direct access to a network hosting vulnerable systems. However, businesses typically test patches before deploying them to make sure they don't interfere with custom software, and in the meantime infected
Meet the New Bots: Will We Get Fooled Again?
In Fraud
The close of 2008 sounded the death knell for some of the most notorious spam networks on the planet. But already several new breeds of spam botnets -- massive groups of hacked PCs used for spamming -- have risen from the ashes, employing a mix of old and new tricks to all but ensure a steady flow of spam into e-mail boxes everywhere for many months to come. * In September, the shuttering of Northern California based host Atrivo/Intercage was the final nail in the coffin for the Storm worm, widely considered one of the most ingenious spam botnets ever created. * In November, the unplugging of Silicon Valley hosting provider McColo -- a network experts say absorbed many of the refugees from Atrivo's shutdown -- spelled the beginning of the end for "Srizbi," which was until recently considered the most massive spam botnet with an estimated 450,000 infected computers.
Tiny Charges Often Precede Big Trouble
In Safety Tips
Security experts advise consumers to keep a close eye on their bank and credit card statements, and for good reason: Small, unauthorized charges often are the first sign that thieves have made off with your account number and are getting ready to sell it to other crooks or use it to rack up thousands of dollars in fraudulent purchases. The Boston Globe writes this week about one such scam, which shows up on consumer accounts as 25-cent charges to a mysterious company called Adele Services, supposedly in New York. From that piece: Two theories of what is going on have advanced on message boards and among consumer advocates: Someone is trying to find out whether an illegally obtained credit card number will work before making a bigger charge, or they're trying to rip off tiny amounts from tons of people. The latter theory has more credibility at the moment. The
Caveat Emptor: Watch Out for Phantom Stores
In Web Fraud 2.0
Most people are proud to say they would never fall for a phishing scam, that they would never give their personal and financial information away at fake banking sites, just because someone asked them to in an e-mail. But how many people will use that same common sense when a too-good-to-be-true bargain presents itself at a no-name online electronics shop? A slew of fake electronics sites, some of them apparently being promoted by major online search engines and comparison-shopping sites, have been swindling consumers out of cash and credit card numbers for several weeks. The Web sites are confusingly named after legitimate electronics and clothing shops in the United States. All say they accept major credit cards and PayPal, and some carry seals boasting that they are "hacker safe." But customers who order something from these sites soon find their accounts charged increasing amounts for unauthorized transactions. Regina Arndt, owner
Spamhaus: Google Now 4th Most Spam-Friendly Provider
In Fraud
Google's free services are being heavily exploited by spammers to redirect visitors to sites touting knockoff designer drugs and scams, according to the latest rankings from Spamhaus.org, a group that tracks unsolicited commercial e-mail. Last month, Security Fix called attention to Microsoft's persistent ranking on Spamhaus's running list of the "Top 10 Worst Spam Service ISPs". Now that Microsoft has cleaned up its act, it appears the bad guys are moving on to Google, which is now ranked #4 on the list (#1 being the worst). "Microsoft got rid of the bad guys, and off they went to Google, which is now hosting a lot of the stuff that was on Microsoft's domains," said Richard Cox, Spamhaus's chief information officer. Other Internet providers, including Sprint and Verizon, currently round out the #8 and #10 slots on the Top 10 list, respectively. According to Spamhaus, spammers are using Google Documents to
Phishers Now Twittering Their Scams
In Latest Warnings
Phishers are trying to trick Twitter users into forking over their user names and passwords by sending tweets that direct users to fake Twitter login pages, security experts warn. Update, 7:31 p.m. ET: Twitter now says that in an unrelated incident, the Twitter accounts for president-elect Barack Obama and 33 other notables were compromised by an individual who hacked into some of the tools the company's support team uses to help people do things like edit the email address associated with their Twitter account when they can't remember or get stuck. More on that incident from a new post on the Twitter blog. Original post: Blogger Chris Pirillo spotted the Twitter phishes on Jan. 3, after receiving a tweet that asked him to log in at a counterfeit Twitter site called "twitter.login-access.com" (it's probably best to avoid visiting this site, which is still active as of this writing.) Suspecting that
One Weak Link to Rule Them All
In From the Bunker
It is said that any security system is only as strong as its weakest link. A team of researchers today proved that point yet again, showing the world how they could use known weaknesses in the encryption technology that protects online transactions to undermine the security around e-commerce. washingtonpost.com ran an in-depth story I wrote about their findings, along with a sidebar explaining the weakness in a bit more detail. Long story short: An international team of security experts (pictured at right, thanks to Alexander Klink) showed that they could undermine the system most of us rely on to secure our online transactions, so that even though the browser indicates your connection is encrypted (Web browser address starts with "https://") and vetted by a third party to be secure and authentic, it may in fact be controlled by an attacker offering up a counterfeit Web site designed to steal your
Beware Holiday e-Greeting Cards, Digital Hitchhikers
In Latest Warnings
Cyber crooks are once again blasting out fake holiday e-greeting cards in a bid their special kind of cheer. Also, there are signs that computer viruses may again be piggybacking on digital photo frames and other data storage devices that make popular holiday gifts. E-greeting scams are hardly new, but they tend to increase around major holidays, probably because consumers are more receptive to opening them at these times and because more people are home in front of their computers. Most of these e-greeting scams try to foist malicious software by claiming the recipient needs to install some application in order to view the card, such as Adobe's Flash Player. Almost invariably, the downloaded program isn't a legitimate add-on, but malware. According to Symantec, some of the fake e-card domains being used in this scam include (please don't visit any of these sites): * [http://]itsfatherchristmas.com * [http://]bestchristmascard.com * [http://]whitewhitechristmas.com *
PC Got a Virus? Consider Getting Help Offline
In From the Bunker
If you suspect or know your PC is infected with a virus, it's probably wise to avoid purchasing anything using that computer until you're sure the machine is clean. That includes additional anti-virus or security products. Chances are the malicious software on your machine includes built-in ability to steal user names, passwords and other sensitive data from infected hosts. Recently, I've heard from several people who used their credit or debit cards at the first sign of infection, to renew or upgrade their anti-virus protection when their existing software didn't work or failed to update. Also, in a Live Web chat a few weeks ago, one reader described how he "stupidly" went online and bought an anti-virus product after realizing he'd infected his machine with a DNS hijacker Trojan. Consumers can be forgiven for such goofs: After all, they paid for security software, they expect (rightly or wrongly) to be
Hundreds of Stolen Data Dumps Found
In Web Fraud 2.0
A comprehensive new study that peers into huge troves of financial data stolen by cyber thieves confirms what experts have surmised from looking at much smaller, isolated caches of digital loot: That criminals can make hundreds, even thousands, of dollars a day selling data stolen with the help of widely available software toolkits. Recent reports by security firms Finjan, RSA, SecureWorks and Symantec have shown that stolen identities, bank accounts and credit card numbers are sold in bulk every day in shadowy online forums, often for pennies on the dollar. In its analysis, Symantec found in 2007 that the going rate for the keys to assuming someone else's identity was between $14 and $18 per victim. Those reports either presented conclusions based on examining a single cache of stolen data, or by observations based on watching transactions between cyber thieves. But a report released today by researchers at the University
Firefox 2 Users Will Get No More Security Updates
In New Patches
Security Fix has often praised Mozilla for equipping its Firefox Web browser with a no-hassle system for automatically applying security updates. But for those users still browsing the Interwebs with anything less than Firefox 3, it's time to take note: Mozilla shipped its final update to Firefox 2 on Tuesday, and plans no further updates for this version. Put simply: If you want to keep using Firefox safely, you're going to need to upgrade to Firefox 3. The latest version of the popular browser received mixed reviews on its release, but Mozilla appears to have done a good job ironing out the kinks since then. Most notably, Firefox 3 consumes far less system memory than older releases. That said, there is a non-trivial chance that Mozilla may in fact ship another update to Firefox 2. A bug report filed Wednesday with Mozilla indicates the browser maker overlooked a security flaw
Microsoft Issues Emergency Patch to Curb Password-Stealing Hackers
In New Patches
Microsoft today issued an emergency update to plug a critical security hole present in all versions of its Internet Explorer Web browser, a flaw that hackers have been leveraging to steal data from millions of Windows users. The patch, which Microsoft dubbed MS08-078, fixes a security vulnerability that Microsoft says already has been used to attack more than 2 million Windows users. As Security Fix and other members of the tech community have chronicled, attackers have been busy compromising thousands of Web sites by seeding them with code that installs password-stealing software on computer systems of Web site visitors who use Internet Explorer. Microsoft estimated Monday that one in every 500 Windows users had been exposed to sites that try to exploit the flaw. Additionally, it said the number of victims was increasing at a rate of 50 percent daily. Vulnerability management company nCircle said Microsoft's decision to issue the
CheckFree.com Hijack May Have Affected 160,000 Users
In Fraud
Online bill pay giant CheckFree.com said the hijacking of its Web site this month affected an estimated 160,000 people, a disclosure that offers the most detailed account yet of the true size and scope of a brazen type of attack that experts say may become more common in 2009. In a filing with Wisconsin's Office of Privacy Protection, CheckFree said at least 160,000 people may have visited the site during the nine-hour period it was hijacked, which had redirected visitors to a site in Ukraine. An analysis of that Ukranian site indicated that it was trying to exploit known security flaws in Adobe Acrobat and Adobe Reader, in an attempt to install a variant of the the Gozi Trojan, which is among the most sophisticated password-stealing programs in use today. CheckFree controls between 70 to 80 percent of the U.S. online bill pay market. Among the 330 kinds of bills
Google Ads Lead to Phony Apps
In Web Fraud 2.0
Web security firm Websense is warning that scam artists have hijacked Google's sponsored links to spread rogue anti-virus software. While this type of attack is not new, I was amazed to find how deeply Google's ad program appears to be infested with this crud. Websense's alert shows how following sponsored links generated by searches for popular software titles may not be such a hot idea. Their investigation of the sites served up at those links took them through what appears to be a long and convoluted effort to trick visitors into installing bogus security software. Websense discovered the scam after searching for WinRAR, a popular tool used for archiving files and folders. Interestingly, when I searched for WinRAR just a few minutes ago, I found two different sponsored links to sites that offered up a version of the program that came with a malicious keystroke-logging program attached, according to a
Microsoft: Emergency Patch for IE Flaw Coming Wednesday
In New Patches
Microsoft is signaling that it plans to ship an emergency software update on Wednesday to fix a dangerous security hole in its Internet Explorer Web browser that thousands of compromised Web sites have been using to install malicious software. Microsoft says the critical flaw is present in all versions of IE, from IE5 all the way up through IE8 Beta 2. In an unusually frank blog post, the company estimated that about 0.2 percent of Windows users worldwide may have been exposed to Web sites containing exploits that try to attack this vulnerability. While one in every 500 IE users may not sound like a large number, Microsoft said the frequency of attacks is increasing dramatically. "That percentage may seem low, however it still means that a significant number of users have been affected. The trend for now is going upwards: we saw an increase of over 50 percent in
Apple Patches 21 Security Flaws
In New Patches
Apple has released software updates to fix at least 21 security vulnerabilities in its Mac OS X operating system and other software for the Mac. The patches are available via Software Update or Apple Downloads. Seven of the updates included in this patch bundle fix flaws for the Mac version of Adobe's Flash player, flaws that Adobe patched last month in two separate releases. No matter what OS platform you use, it's important not only to keep Flash updated with the latest security protections, but also to only use Adobe's site to grab those updates (for everything but Solaris, Flash 10,0,12,36 is the latest version). Bogus Flash updates are probably the single biggest vector for distributing malicious software in use today. So, when in doubt, keep this link handy: It will show you whether you are indeed running the most up-to-date version of Flash.
Microsoft: Big Security Hole in All IE Versions
In Latest Warnings
On Wednesday, Security Fix warned readers about a newly-discovered security hole in Internet Explorer 7. I'm posting this again because Microsoft now says the flaw affects all supported versions of IE, and because security experts are warning that a large number of sites are being compromised in an effort to exploit this vulnerability and install malware on vulnerable systems. The SANS Internet Storm Center reports that hackers are breaking into legitimate Web sites and uploading code that could install data-stealing software on the machine of a user who visits the site using Internet Explorer. SANS's chief technology officer Johannes Ullrich estimates that thousands of sites have been seeded with this exploit to date. For example, Web security firm Websense reports that hackers have compromised the Chinese Web site for ABIT, the maker of motherboards that power many home computers. So far, the exploits appear to be only stealing online gaming
Who's Tracking You?
In Safety Tips
The cover story for the January 2009 issue of Popular Mechanics magazine is a piece I wrote about ways marketers, or even stalkers, can track people through technologies many of us use every day. Here's a snippet from that piece: "Free Web services aren't free," says Gregory Conti, a computer science professor at the United States Military Academy at West Point. "We pay for them with micropayments of personal information. Users aren't entirely oblivious to the fact that information is being collected, and they're doing a cost-benefit analysis, but they're not thinking long-term." Even those who take the time to read a Web site's privacy policy may not realize how many companies have access to their data. That's because most Web sites pull advertisements, snippets of code and other content from a number of third-party sources, any one of which may track the visitor and use the data in a
Retail Fraud Rates Plummeted the Night McColo Went Offline
In Web Fraud 2.0
One month after the shutdown of hosting provider McColo Corp., spam volumes are nearly back to the levels seen prior to the company's take down by its upstream Internet providers. But according to one noted fraud expert, spam wasn't the only thing that may have been routed through the Silicon Valley based host: New evidence found that retail fraud dropped significantly on the same day. It is unclear whether the decrease in retail fraud is related to the McColo situation, but in speaking with Ori Eisen, founder of 41st Parameter, he said close to a quarter of a million dollars worth of fraudulent charges that his customers battle every day came to a halt. Eisen, whose company provides anti-fraud consulting to a number of big retailers and banks, told me at least two of the largest retailers his company serves reported massive declines in fraud rates directly following McColo's termination.
SecurityFocus News
SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
Brief: Vulnerability sales help secure Microsoft
Vulnerability sales help secure Microsoft
Brief: Sensitive gov't docs leaked over peer-to-peer
Sensitive gov't docs leaked over peer-to-peer
Brief: Small, medium firms cut security budgets
Small, medium firms cut security budgets
TaoSecurity
Richard Bejtlich's blog on digital security and the practices of network security monitoring, incident response, and forensics.
Tentative Speaker List for SANS Incident Detection Summit
By Richard Bejtlich
Thanks to everyone who attended the Bejtlich and Bradley Webcast for SANS yesterday.
We recorded that Webcast (audio is now available) to start a discussion concerning professional incident detection.
I'm pleased to publish the following tentative speaker list for the SANS WhatWorks in Incident Detection Summit 2009 on 9-10 Dec in Washington, DC.
We'll publish all of this information, plus the biographies for the speakers, on the agenda site, but I wanted to share what I have with you.
Day One (9 Dec)
- Keynote: Ron Gula
- Briefing: Network Security Monitoring dev+user: Bamm Visscher, David Bianco
- Panel: CIRTs and MSSPs, moderate by Rocky DeStefano: Michael Cloppert, Nate Richmond, Jerry Dixon, Tyler Hudak, Matt Richard, Jon Ramsey
- Cyberspeak Podcast live during lunch with Bret Padres and Ovie Carroll
- Briefing: Bro introduction: Seth Hall
- Panel: Enterprise network detection tools and tactics, potentially with a guest moderator: Ron Shaffer, Matt Olney, Nate Richmond, Matt Jonkman, Michael Rash, Andre Ludwig, Tim Belcher
- Briefing: Snort update: Martin Roesch
- Panel: Global network detection tools and tactics: Stephen Windsor, Earl Zmijewski, Andre' M. Di Mino, Matt Olney, Jose Nazario, Joe Levy
- Panel: Commercial security intelligence service providers, moderated by Mike Cloppert: Gunter Ollmann, Rick Howard, Dave Harlow, Jon Ramsey, Wade Baker
- Evening clas: Advanced Analysis with Matt Richard
Day Two (10 Dec)
- Keynote: Tony Sager
- Briefing: Memory analysis dev+user: Aaron Walters, Brendan Dolan-Gavitt
- Panel: Detection using logs: Jesus Torres, Nate Richmond, Michael Rash, Matt Richard, Ron Gula, J. Andrew Valentine, Alex Raitz
- Panel: Network Forensics: Tim Belcher, Joe Levy, Martin Roesch, Ken Bradley
- Briefing: Honeynet Project: Brian Hay, Michael Davis
- Panel: Unix and Windows tools and techniques: Michael Cloppert, Patrick Mullen, Kris Harms
- Panel: Noncommercial security intelligence service providers, moderated by Mike Cloppert: Andre' M. Di Mino, Jerry Dixon, Ken Dunham, Andre Ludwig, Jose Nazario
- Panel: Commercial host-centric detection and analysis tools: Dave Merkel, Ron Gula, Alex Raitz
I'm thankful to have these excellent speakers and panel participants on board for this event. If you register and pay tuition by next Wednesday, 11 Nov, you'll save $250. Thank you.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Bejtlich and Bradley on SANS Webcast Monday 2 Nov
By Richard Bejtlich
Ken Bradley and I will conduct a Webcast for SANS on Monday 2 Nov at 1 pm EST. Check out the sign-up page. I've reproduced the introduction here.
Every day, intruders find ways to compromise enterprise assets around the world. To counter these attackers, professional incident detectors apply a variety of host, network, and other mechanisms to identify intrusions and respond as quickly as efficiently as possible.
In this Webcast, Richard Bejtlich, Director of Incident Response for General Electric, and Ken Bradley, Information Security Incident Handler for the General Electric Computer Incident Response Team, will discuss professional incident detection. Richard will interview Ken to explore his thoughts on topics like the following:
- How does one become a professional incident detector?
- What are the differences between working as a consultant or as a member of a company CIRT?
- How have the incident detection and response processes changed over the last decade?
- What challenges make it difficult to identify intruders, and how can security staff overcome these obstacles?
I will lead this event and conduct it more like a podcast, so the audio will be the important part. This is a short-notice event, but it will be cool. Please join us. Thank you!
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Partnerships and Procurement Are Not the Answer
By Richard Bejtlich
The latest Federal Computer Week magazine features an article titled Cyber warfare: Sound the alarm or move ahead in stride? I'd like to highlight a few excerpts.
Military leaders and analysts say evolving cyber threats will require the Defense Department to work more closely with experts in industry...
Indeed, the Pentagon must ultimately change its culture, say independent analysts and military personnel alike. It must create a collaborative environment in which military, civilian government and, yes, even the commercial players can work together to determine and shape a battle plan against cyber threats...
Ok, that sounds nice. Everyone wants to foster collaboration and communication. Join hands and sing!
“Government may be a late adopter, but we should be exploiting its procurement power,” said Melissa Hathaway, former acting senior director for cyberspace for the Obama administration, at the ArcSight conference in Washington last month...
Hmm, "procurement power." This indicates to me that technology is the answer?
Although one analyst praised the efforts to make organizational changes at DOD, he also stressed the need to give industry more freedom. “The real issue is a lack of preparedness and defensive posture at DOD,” said Richard Stiennon, chief research analyst at independent research firm IT-Harvest and author of the forthcoming book "Surviving Cyber War."
“Private industry figured this all out 10 years ago,” he added. “We could have a rock-solid defense in place if we could quickly acquisition through industry. Industry doesn’t need government help — government should be partnering with industry.”
Hold on. "Private industry figured this all out?" Is this the same private industry in which my colleagues and I work? And there's that "acquisition" word again. Why do I get the feeling that technology is supposed to be the answer here?
Industry insiders say they are ready to meet the challenge and have the resources to attract the top-notch talent that agencies often cannot afford to hire.
That's probably true. Government civilian salaries cannot match the private sector, and military pay is even worse, sadly.
Industry vendors also have the advantage of not working under the political and legal constraints faced by military and civilian agencies. They can develop technology as needed rather than in response to congressional or regulatory requirements or limitations.
I don't understand the point of that statement. Where do military and civilian agencies go to get equipment to create networks? Private industry. Except for certain classified scenarios, the Feds and military run the same gear as everyone else.
“This is a complicated threat with a lot of money at stake,” said Steve Hawkins, vice president of information security solutions at Raytheon. “Policies always take longer than technology. We have these large volumes of data, and contractors and private industry can act within milliseconds.”
Ha ha. Sure, "contractors and private industry can act within milliseconds" to scoop up "a lot of money" if they can convince decision makers that procurement and acquisition of technology are the answer!
Let's get to the bottom line. Partnerships and procurement are not the answer to this problem. Risk assessments, return on security investment, and compliance are not the answer to this problem.
Leadership is the answer.
Somewhere, a CEO of a private company, or an agency chief, or a military commander has to stand up and say:
I am tired of the adversary having its way with my organization. What must we do to beat these guys?
This is not a foreign concept. I know organizations that have experienced this miracle. I have seen IT departments aligned under security because the threat to the organization was considered existential. Leaders, talk to your security departments directly. Listen to them. They are likely to already know what needs to be done, or are desperate for resources to determine the scope of the problem and workable solutions.
Remember, leaders need to say "we're not going to take it anymore."
That's step one. Leaders who internalize this fight have a chance to win it. I was once told the most effective cyber defenders are those who take personal affront to having intruders inside their enterprise. If your leader doesn't agree, those defenders have a lonely battle ahead.
Step two is to determine what tough choices have to be made to alter business practices with security in mind. Step three is for private sector leaders to visit their Congressional representatives in person and say they are tired of paying corporate income tax while receiving zero protection from foreign cyber invaders.
When enough private sector leaders are complaining to Congress, the Feds and military are going to get the support they need to make a difference in this cyber conflict. Until then, don't believe that partnerships and procurement will make any difference.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
WindowSecurity.com
WindowSecurity.com provides Windows security news, articles, tutorials, software listings and reviews for information security professionals.
Top 10 Windows Security Configurations: Where and How! (Part 3)
By (Derek Melber)
The final installation on Derek Melber's top 10 security configurations.
Nessus Security Scanner - Voted WindowSecurity.com Readers' Choice Award Winner - Security Scanner Software
By info@WindowSecurity.com (The Editor)
Nessus Security Scanner was selected the winner in the Security Scanner Software category of the WindowSecurity.com Readers' Choice Awards. GFI LANguard and AW Security Port Scanner were first runner-up and second runner-up respectively.
Yahoo! News: Security News
Security News
Application whitelisting review: Bit9 Parity Suite (InfoWorld)
In technology
InfoWorld - As many product vendors can readily tell you, this reviewer is the ultimate computer security cynic and a tough writer to please.
FBI Warns of $100M Cyber-threat to Small Business (PC World)
In technology
PC World - Cyberthieves are hacking into small- and medium-sized organizations every week and stealing millions of dollars in an ongoing scam that has moved about US$100 million out of U.S. bank accounts, the U.S. Federal Bureau of Investigation warned Tuesday.
A Single Sign-In for All Your Websites? Google Hopes So (PC World)
In technology
PC World - It's one of the basic tenets of online security: Never use the same password/username combo for every website that requires one. The logic is sound, of course. A single security breach could expose your most private information - such as banking and credit card numbers - to the bad guys.
Alleged Cable Modem Hacker Indicted in US (PC World)
In technology
PC World - A U.S. man is facing federal criminal charges for allegedly selling modified cable modems and software that enabled free Internet access at super-fast broadband speeds.
China police chief urges harsher Internet controls (AFP)
In technology
AFP - China's police chief has called for a reinforced nationwide Internet security system, in the nation's latest effort to oversee the activities of the world's largest online population.
Cable Modem Hacker Busted by Feds (PC World)
In technology
PC World - An expert on cable modem hacking has been arrested by federal authorities on computer intrusion charges.
Security Report Finds Enterprise Infections Up 100 Percent (NewsFactor)
In business
NewsFactor - Microsoft released its latest security intelligence report on Monday -- and the picture looks grim for enterprises. Enterprise worm infections rose nearly 100 percent in the first half of 2009 from the previous six months. In the same period, consumers continued to struggle with rogue software.
Microsoft: Worms Are Most Prevalent Security Problem (PC World)
In technology
PC World - The Conficker worm continues to be one of the most prevalent threats facing PCs running Windows, according to a new security report published by Microsoft.
US cyber center opens to battle computer attacks (AP)
In business
AP - The United States is well behind the curve in the fight against computer criminals, Sen. Joe Lieberman said Friday, as Homeland Security officials opened a $9 million operations center to better coordinate the government's response to cyberattacks.
After One Year, Conficker Infects 7 Million Computers (PC World)
In technology
PC World - The Conficker worm has passed a dubious milestone. It has now infected more than 7 million [m] computers, security experts estimate.
Will Facebook's $711 Million Antispam Win Matter? (PC World)
In technology
PC World - After slapping a restraining order on the Spam King last March, Facebook walloped notorious Sanford Wallace, yesterday winning its $711 million lawsuit for Wallace's violations of the Computer Fraud and Abuse Act, the California Anti-Phishing Act and the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM). While these offenses and crippling fines are nothing new to Wallace, Facebook seems to believe that the latest ruling against Sir Spamalot will be a heavy deterrent against future spam artists. But will it actually make a difference?
Spammer Ordered to Pay Facebook $711 Million (PC World)
In technology
PC World - Facebook was awarded US$711 million in damages from a convicted spammer on Thursday, but the social networking site is hoping a separate criminal action will eventually send him to jail.
Facebook Wins $711M in Spam Case (PC Magazine)
In technology
PC Magazine - Facebook was awarded $711 million in damages Thursday against Sanford Wallace, a spammer the social networking site sued in February.
US-CERT Moves in With NCC, NCSC (PC World)
In technology
PC World - The group responsible for coordinating U.S. responses to cyber threats is getting new digs.
Facebook gets $711 million damages in anti-spam case (Reuters)
In technology
Reuters - Social networking website Facebook was awarded $711.2 million in damages relating to an anti-spam case against Internet marketer Sanford Wallace, court documents show.
Web marketer ordered to pay Facebook $711M damages (AP)
In technology
AP - Facebook said Thursday a California court has awarded the social networking Web site $711 million in damages in an anti-spam case against Internet marketer Sanford Wallace.
Tough World Aids Security Firms (Investor's Business Daily)
In business
Investor's Business Daily - Some tech security firms have lifted on the wings of government spending lately, as the feds seek to boost cybersecurity against worsening threats.
Symantec shares up as 2Q results beat Street view (AP)
In business
AP - Shares of Symantec Corp. soared Thursday after the antivirus software maker reported second-quarter earnings that exceeded investors' expectations amid signs that stabilization in its business has begun to take hold.
Zero Day
Tracking the hackers
Adobe Shockwave haunted by critical security holes
By Ryan Naraine on Vulnerability research
Adobe today released a patch to fix several serious security flaws in its Shockwave Player software. The most serious flaw could allow remote code execution attacks against Windows and Mac users.
iHacked: jailbroken iPhones compromised, $5 ransom demanded
By Dancho Danchev on iPhone
Yesterday, a “Your iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your phone right now!” message popped up on the screens of a large number of automatically exploited Dutch iPhone users, demanding $4.95 for instructions on how to secure their iPhones and remove the message from appearing at startup. Through a combination [...]
Phishing experiment sneaks through all anti-spam filters
By Dancho Danchev on Spam and Phishing
A recently conducted ethical phishing (New study details the dynamics of successful phishing) experiment impersonating LinkedIn by mailing invitations coming from Bill Gates, has achieved a 100% success rate in bypassing the anti-spam filters it was tested against. The experiment emphasizes on how small-scale spear phishing campaigns are capable of bypassing anti-spam filters, and once again [...]
Spooky Halloween - scareware or crimeware?
By Dancho Danchev on Viruses and Worms
With all the “spooky” cybercrime trends taking place on a monthly basis, such as the death of CAPTCHA, the suspicious idleness of the Conficker botnet, the clear presence of government-tolerated and upcoming government-sponsored botnets, the inevitable migration from using malicious infrastructure to entirely relying on legitimate one, followed by the cyber terrorism myopia that cyber [...]
Opera browser dinged by code execution flaw
By Ryan Naraine on Patch Watch
Opera releases version 10.01 to fix three documented flaws, including a memory corruption issue that exposes users to code execution attacks.
Brief: Gov't warns firms about online robberies
Gov't warns firms about online robberies
No comments:
Post a Comment