Aurora Report: January 2010

Zero Day

Tracking the hackers

Bogus IQ test with destructive payload in the wild

By Dancho Danchev on Windows Vista

Researchers from ESET and BitDefender have intercepted two destructive malware variants (Win32/Zimuse.A, Win32/Zimuse.B/zipsetup.exe), posing as an IQ test, and currently spreading in the wild.

Yahoo! News: Security News

Security News

Scammers Hop on iPad Bandwagon (PC World)

In technology

PC World - iPad search results may contain poisoned links that lead to rogue antivirus software, as fraudsters unleash a favorite malware-pushing tactic.

Google attack highlights 'zero-day' black market (AP)

In technology

AP - The recent hacking attack that prompted Google's threat to leave China is underscoring the heightened dangers of previously undisclosed computer security flaws — and renewing debate over buying and selling information about them in the black market.

Power plants, other infrastructure face hackers (AP)

In technology

AP - More than half of the operators of power plants and other "critical infrastructure" say in a new study that their computer networks have been infiltrated by sophisticated adversaries. In many cases, foreign governments are suspected.

Startpage launches anonymous Web search service (Reuters)

In technology

Reuters - Search-engine company Startpage launched a service allowing users concerned about privacy to carry out Web searches and click on linked pages without being identified, tracked or recorded.

Malware Aims to Evade Windows 7 Safeguards (PC World)

In technology

PC World - Experts agree that Windows 7 has enhanced security to ward off attacks on vulnerabilities in old software. But what if a money-minded online scammer can persuade you to download malware onto your PC?

Malware research group spins off from Harvard (AP)

In technology

AP - A research organization that tries to warn computer users about programs that do sneaky things on their computers has spun off from Harvard University.

Google Toolbar Tracks Some Browsing Even When It's Not Supposed To (PC World)

In technology

PC World - A bug in Google Toolbar has resulted in the search giant receiving information about users' Web surfing in violation of the product's privacy policy, according to an anti-spyware and privacy researcher. In a report to be released Tuesday, Ben Edelman, an assistant professor at Harvard Business School, shows that under certain circumstances the Google Toolbar (versions 6.3 and above) tracks the browser habits of Internet Explorer 8 users who have activated the toolbar's "enhanced features" even when the toolbar is turned off or disabled.

IPhone Hacker Says He's Also Cracked PlayStation 3 (PC World)

In technology

PC World - The 20-year-old hacker best known for cracking Apple's iPhone says he's done it again, this time with Sony's PlayStation 3.

Google Toolbar Still Spies When Told Not To (PC Magazine)

In technology

PC Magazine - Spyware researcher Ben Edelman details tests which show that, even after the user disables "Google Toolbar" using the IE Manage Add-ons feature, it continues to report on a user's actions.

Researcher to Reveal More Internet Explorer Problems (PC World)

In technology

PC World - Microsoft's Internet Explorer could inadvertently allow a hacker to read files on a person's computer, another problem for the company just days after a serious vulnerability received an emergency patch.

WindowSecurity.com

WindowSecurity.com provides Windows security news, articles, tutorials, software listings and reviews for information security professionals.

Authenex ASAS - Voted WindowSecurity.com Readers' Choice Award Winner - Authentication & Smart Cards

By info@WindowSecurity.com (The Editor)

Authenex ASAS was selected the winner in the Authentication & Smart Cards category of the WindowSecurity.com Readers' Choice Awards. Aladdin eToken and Smart Enterprise Guardian were runner-up and second runner-up respectively.

Configuring Advanced IE Settings Using Group Policy

By (Derek Melber)

What is involved in the Advanced Security settings in IE and how best to configure each one.

How I Cracked your Windows Password (Part 1)

By (Chris Sanders)

How Windows creates and stores password hashes and how those hashes are cracked.

TaoSecurity

Richard Bejtlich's blog on digital security and the practices of network security monitoring, incident response, and forensics.

Review of Professional Penetration Testing Posted

By Richard Bejtlich

Amazon.com just posted my three star review of Professional Penetration Testing by Thomas Wilhelm. From the review:
I had fairly high hopes for Professional Penetration Testing (PPT). The book looks very well organized, and it is published in the new Syngress style that is a big improvement over previous years. Unfortunately, PPT should be called "Professional Pen Testing Project Management." The vast majority of this book is about non-technical aspects of pen testing, with the remainder being the briefest overview of a few tools and techniques. You might find this book useful if you either 1) know nothing about the field or 2) are a pen testing project manager who wants to better understand how to manage projects. Those looking for technical content would clearly enjoy a book like Professional Pen Testing for Web Applications by Andres Andreu, even though that book is 3 years older and focused on Web apps. This is my 300th Amazon.com book review. I wish I had planned the review schedule such that I reviewed a five star book for number 300.
I reported my 200th book review for Building an Internet Server With FreeBSD 6 in August 2006.

Energy Sector v China

By Richard Bejtlich

The aftershocks of Google v China continue to rumble as more companies are linked to the advanced persistent threat. Mark Clayton from the Christian Science Monitor wrote a story titled US oil industry hit by cyberattacks: Was China involved? I found these excerpts interesting.
At least three US oil companies were the target of a series of previously undisclosed cyberattacks that may have originated in China and that experts say highlight a new level of sophistication in the growing global war of Internet espionage.
The oil and gas industry breaches, the mere existence of which has been a closely guarded secret of oil companies and federal authorities, were focused on one of the crown jewels of the industry: valuable “bid data” detailing the quantity, value, and location of oil discoveries worldwide...
The companies – Marathon Oil, ExxonMobil, and ConocoPhillips – didn’t realize the full extent of the attacks, which occurred in 2008, until the FBI alerted them that year and in early 2009. Federal officials told the companies proprietary information had been flowing out, including to computers overseas...
“What these guys [corporate officials] don’t realize, because nobody tells them, is that a major foreign intelligence agency has taken control of major portions of their network,” says the source familiar with the attacks. “You can’t get rid of this attacker very easily. It doesn’t work like a normal virus. We’ve never seen anything this clever, this tenacious...”
Many experts say the theft of this kind of information – about, for instance, the temperature and valve settings of chemical plant processes or the source code of a software company – can give competitors an advantage, and over time could degrade America’s global economic competitiveness...
Even more basic, many corporate executives aren’t aware of how sophisticated the new espionage software has become and cling to outdated forms of electronic defense...
[B]ased on the kind of information that was being stolen, federal officials said a key target appeared to be bid data potentially valuable to “state-owned energy companies...”
China would certainly be interested in this kind of data, experts say. With the country’s economy consuming huge amounts of energy, China’s state-owned oil companies have been among the most aggressive in going after available leases around the world, particularly in Nigeria and Angola, where many US companies are also competing for tracts...
“What I’m saying to you is that it’s not just the oil and gas industry that’s vulnerable to this kind of attack: It’s any industry that the Chinese decide they want to take a look at,” says an FBI source. “It’s like they’re just going down the street picking out what they want to have.”
Expect more denials from party spokesmen in China.

SecurityFocus News

SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.

Brief: Cyberattacks from U.S. "greatest concern"

Cyberattacks from U.S. "greatest concern"

Security - Security News

The Art of Technology

Security researchers blast credit card verification system

By segphault@arstechnica.com (Ryan Paul) on Security

Some credit card companies use a system called 3-D Secure (3DS) that adds an extra step to transactions that are carried out on the Internet. Visa and MasterCard tout their security, but researchers are questioning their efficacy.

When making a purchase, online shoppers are confronted with a validation check that requires them to supply a password—in addition to the standard security code that is on the card itself—in order to prove that they are the real owner of a credit card. Systems built on 3DS are better known by their brand names, which include Verified by Visa and MasterCard SecureCode.

Researchers jail spam bots, reverse engineer their payload

By jtimmer@arstechnica.com (John Timmer) on spam

If you have access to a server-side spam mailbox, you're likely to find it filled with sets of messages that are variations on a theme: similar products, similar sites offering them, but a dizzying variety of variations in the precise wording. According to security researchers, there's a simple reason for this: to simplify out spam campaigns to a botnet, spammers are using templates for messages, with the variations in the body created by text macros that insert random characters or words from a limited dictionary (think Mad Libs meets Viagra). Now, researchers are turning this feature against the spammers by creating software, called Botnet Judo, that uses collections of spam to reverse-engineer the template, then filters anything that matches it.

In a few cases, such as the Storm botnent, which the researchers have worked on previously, security experts have been able to reconstruct the use of templates and macros. The material is generally sent by the botnet's command and control system, and then used to generate hundreds of thousands of messages. In some cases, the macros simply produce random characters in specific locations in the body or header information. In others, it places a word from a limited dictionary in specific locations—the paper describing Botnet Judo gives the example of placing one of "gucci", "prada", or "chanel" in a specific location of a spam for counterfeit luxury goods.

Google: Toolbar data persistence a bug, fix available

By jtimmer@arstechnica.com (John Timmer) on Software

Google's Toolbar for Internet Explorer and Firefox serves as a gateway to a variety of software services provided by the search giant, many of which require a user to provide Google with information on the site that's currently displayed in the browser. A Harvard professor that focuses on spyware issues has now discovered that this information continues to be sent in to Google even if the Toolbar is inactivated.

The academic in question, Benjamin Edelman, starts with a full disclosure of his conflicts of interest: he consults for Google competitors such as Microsoft and has been involved in a lawsuit against the company. None of that necessarily alters the basics of his findings, which are extensively documented, but it may influence how they're presented.

etc: TechCrunch was down for a couple of hours last night after being attacked by hackers. Visitors were greeted by a link to pornographic content.

In @etc

TechCrunch was down for a couple of hours last night after being attacked by hackers. Visitors were greeted by a link to pornographic content.

Read More:TechCrunch, BBC

One day after latest fix, Microsoft investigates new IE flaw

By p_emil@hotmail.com (Emil Protalinski) on internetexplorer

A day after releasing an out-of-band security bulletin for a vulnerability in Internet Explorer notably exploited in the recent series of Chinese-based attacks against Google and 30 other tech companies, new flaws have been discovered in Microsoft's browser.

Boston-based research firm Core Security Technologies has outlined a set of vulnerabilities in Internet Explorer that hackers can link together to remotely exploit a Windows PC. None of the vulnerabilities are serious enough to compromise a machine alone, but a hacker could take control of a PC by exploiting all of them at once. "There are three or four ways to conduct this type of attack," Jorge Luis Alvarez Medina, a security consultant with Core, told Reuters, though he admitted he was uncertain whether any hackers had already exploited his findings.

"Microsoft is investigating a responsibly disclosed vulnerability in Internet Explorer," a Microsoft spokesperson told Ars. "We're currently unaware of any attacks trying to use the vulnerability or of customer impact, and believe customers are at reduced risk due to responsible disclosure."

After the investigation, Microsoft will either provide a security update on Patch Tuesday, or an out-of-cycle update like it did with the last IE flaw (less likely in this case). The Microsoft spokesperson took the opportunity to make the now-familiar recommendations that IE users upgrade to Internet Explorer 8 and to enable Automatic Updates.

Medina plans to demonstrate the IE vulnerabilities at the Black Hat security conference in Washington, which begins February 2, but until then he will work with Microsoft to find a way to mitigate the risk. Still, he believes that other related vulnerabilities will crop up even after fixes are found to the ones he unearthed.

Security - RSS Feeds

Apple iPhone App Security in Spotlight at Black Hat

At the upcoming Black Hat DC security conference, software engineer Nicolas Seriot will focus on security and privacy issues involving third-party applications developed for the Apple iPhone.
- A software engineer is highlighting the challenges facing mobile application stores in an upcoming presentation at Black Hat DC. In his presentation Feb. 3, software engineer Nicolas Seriot will focus on applications for the Apple iPhone, and how Apple's guarantees of privacy and applications ca...

Symantec's Consumer Business Led Way in Q3

IT security company Symantec reports a jump in its consumer business in the fiscal third quarter.
- Symantec reported $1.551 billion in revenues in the third quarter of fiscal 2010, due in part to growth in its consumer business. The company reported GAAP net income of $300 million for the quarter, compared with a $6.82 billion loss for the same quarter the previous year. About 31 percent ...

Nebraska Man Admits DDoS Attack on Church of Scientology

A Nebraska man confessed to his role in a distributed denial of service (DDoS) attack targeting Websites for the Church of Scientology.
- A Nebraska man agreed this week to plead guilty in connection with attacks on Web sites for the Churchof Scientology, becoming the second person to do so since the investigation began. Brian Thomas Mettenbrink of Grand Island, Neb., will plead guilty to the misdemeanor charge of u...

10 Internet Access, Security, Privacy Threats for 2010

The Electronic Frontier Foundation was busy in 2009, picking on companies it believes crept a little too close to people's privacy comfort zones. The EFF took on Google over the Google Book Search deal and the Google Latitude mobile social networking application, among other topics. As we go deeper into 2010, Tim Jones, the EFF's activism and technology manager, said the EFF has several concerns on its action list, which it plans to revisit in December 2010 to see what transpired over the course of the year. eWEEK walks through these issues in this slide show, mixing up the EFF's original order for some consistency.

Google Chrome 4 Bolsters Browser Security with New Features

Google is touting three new security features added to the latest version of its Chrome browser, including new protections against reflective cross-site scripting.
- Google has beefed up the latest version of its Chrome browser with new security protections designed to help developers build secure Websites. In Chrome 4, which was released Jan. 25, Google added three new security features: strict transport security, cross-origin communication with postMess...

IT Security Spending Expected to Increase for Enterprises, SMBs

Roughly 40 percent of enterprises and small and midsize businesses plan to increase security spending, with both groups paying particular attention to data security, network security and managed services, according to Forrester Research.
- Two new reports from Forrester Research project that roughly 40 percent of enterprises and small and midsize businesses plan to increase their IT security budgets in 2010. The reports, released Jan. 25, found other commonalities: A large percentage of both groups expect spending on network s...

Data Breaches Cost More if Enterprises Move Too Fast

Acting too quickly after a data breach can cost companies even more money, the Ponemon Institute reports.
- Data breaches are not getting any cheaper to deal with, and companies that jump the gun on notifications can end up paying the most. In its fifth annual study on data breaches, the Ponemon Institute discovered that about 36 percent of participants notified their breach victims within one month,...

HP Unveils New Security Services Portfolio

HP is rolling out its new Security, Compliance and Continuity Services portfolio aimed at helping businesses and government agencies reduce the cost and complexity of their security initiatives by offering a tightly integrated set of services that span traditional settings and cloud computing environments. HP officials said the new portfolio is the latest step in their efforts to compete more closely with services king IBM.
- Hewlett-Packard is wielding the strength gained from its $13.9 billion acquisition of EDS in creating an extensive package of security services that touches on everything from hardware to cloud computing to applications. The HP Security, Compliance and Continuity Services portfolio, announced J...

SecuriTeam.com

SecuriTeam

Welcome to the SecuriTeam RSS Feed - sponsored by Beyond Security. Know Your Vulnerabilities! Visit BeyondSecurity.com for your web site, network and code security audit and scanning needs.

Publique! CMS and SQL Injection Vulnerabilities

A remotely exploitable vulnerability was found in the framework core component. Exploitation of this bug does not require authentication and will lead to remotely exposed potentially sensitive information from the Publique! database. Particularly, an attacker can extract usernames and passwords needed to authenticate to the administrative interface and gain full control of the web site and (depending on certain conditions) the server itself.

LedgerSMB Multiple Vulnerabilities

It has been brought to our attention that a number of security vulnerabilities have been noted in SQL-Ledger. Several of these affect earlier versions of LedgerSMB, and three hotfixes have been released for problems that continue to affect the LedgerSMB codebase.

Files2Links F2L-3000 SQL Injection Vulnerability

The login page of the F2L-3000 version 4.0.0 is vulnerable to SQL Injection. Exploitation of the vulnerability may allow attackers to bypass authentication and access sensitive information stored on the device.

SearchSecurity: Security Wire Daily News

The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.

SCADA system, critical infrastructure security lacking, survey finds

By Robert Westervelt

IT and security executives at firms that own critical infrastructure facilities are concerned about the lack of security protecting underlying management systems from attack.

MA 201 CMR 17 enforcement less likely with prompt reporting, cooperation

By Eric B. Parizo

The official charged with enforcing the MA 201 CMR 17 data protection law says early reporting of potential breaches and cooperation will help firms avoid enforcement action.

No major PCI DSS revision expected in 2010

By Robert Westervelt

The next revision of PCI DSS will contain clarifications, but no major revisions, according to Bob Russo, general manager of the PCI Security Standards Council.

PCI QSAs, certifications to get new scrutiny

By Robert Westervelt

The PCI Security Standards Council now has a team of five reviewing PCI assessments for inconsistencies and has increased funding for its QSA oversight program.

SANS NewsBites

All Stories From Vol: 12 - Issue: 7

Major US Oil Companies' Networks Infiltrated by Spies (January 25, 2010)

Three major US oil companies were targeted by sophisticated espionage attacks in 2008; they were unaware of the scope of the problem until the FBI notified them in late 2008 and in 2009.......

No Easy Deterrent for Cyber Warfare (January 26, 2009)

In a far ranging and insightful article, New York Times reporters Thom Shanker, David Sanger, and John Markoff analyze the United States' currents capabilities in deterring cyber attacks.......

Chinese Human Rights Sites Hit With DDoS Attack (January 25, 2010)

Over the weekend, five Chinese human rights groups, including the Chinese Human Rights Defenders, experienced attacks on their websites.......

Google Attack Fallout Underscores China's Culture of Censorship and Surveillance (January 25, 2010)

The recent disclosure of cyber attacks on Google and other US companies and the allegations that they originated in China has shined a spotlight on China's practices of surveillance and censorship that have been requirements for multinational companies wanting to conduct business in that country.......

China Denies Hacking Allegations; Accuses US (January 23 & 25, 2010)

The Chinese government has categorically denied allegations that it is behind a series of attacks on Google and other American companies.......

Study Shows US $100,000 Increase in Costs Associated With Average Breach (January 25, 2010)

According to a study from the Ponemon Institute, the costs associated with data security breaches rose US $100,000 between 2008 and 2009, from US $6.......

Judge Reduces Penalty in Jammie Thomas-Rasset Filesharing Case (January 22 & 25, 2010)

A US District Court judge in Minnesota has reduced the monetary penalty imposed on Jammie Thomas-Rasset for illegal filesharing from nearly US $2 million to US $54,000.......

Thomas-Rasset Case Offers Glimmer of Hope to BU Student (January 25, 2010)

Boston University graduate student Joel Tenenbaum is cautiously hopeful that the significant reduction of damages levied against Jammie Thomas-Rasset will prompt the judge in his case to reduce the US $675,000 fine he is facing for illegal filesharing.......

Ladbrokes Data Breach (January 24 & 25, 2010)

A man claiming to represent a Melbourne, Australia company provided UK newspaper The Mail on Sunday with the names and other personal details of 10,000 people who were customers of the Ladbrokes bookmaking company and offered to sell them a database of information on 4.......

Italian Government Considering Law That Would Require Monitoring of Internet Content (January 22, 2010)

Italian Prime Minister Silvio Berlusconi's government has proposed legislation that would require all video uploaded to YouTube, blogs and news media outlets to be vetted for pornographic or excessively violent content.......

RealPlayer Update (January 19 & 22, 2010)

RealNetworks has issued a security update to address 11 vulnerabilities in its RealPlayer media player.......

Boards.ie User Data Compromised (January 22, 2010)

Boards.......

People Leaving USB Drives in Clothing Pockets, Say Cleaners (January 20, 2010)

A UK survey found that 4,500 USB drives have been found in people's clothing pockets when they were taken to dry cleaners.......

SANS%20Internet%20Storm%20Center,%20InfoCON%3A%20green

SANS Internet Storm Center, InfoCON: green

Analyzing isc.sans.org weblogs, part 2, RFI attacks, (Fri, Jan 29th)

The 2nd part of the Weathering the Storm blog series is now live [1]. In this series, I ...(more)...

Symantec generating a False Positive on Flash Player installer, (Thu, Jan 28th)

If you are running Symantec antivirus, and trying to install Flash, and the Installer is being flagg ...(more)...

Wireshark Version 1.2.6 is out: http://www.wireshark.org/docs/relnotes/wireshark-1.2.6.html, (Thu, Jan 28th)

-- Joel Esler | http://blog.joelesler ...(more)...

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified MeetingPlace, (Thu, Jan 28th)

Just wanted to call attention these patches released today:http://www.cisco ...(more)...

Active SEO poisoning attacks for hot topics, (Wed, Jan 27th)

In the past we have already covered how attackers are using SEO(Search Engine Optimization)&nb ...(more)...

Nmap 5.21 released (nmap.org): bug-fix only release., (Wed, Jan 27th)

-- Raul Siles www.raulsiles ...(more)...

Command Line Kung Fu, (Wed, Jan 27th)

A while ago I realized we've never mentioned the Command Line Kung Fu blog on the ISC diary. It is a ...(more)...

European Union Security Challenge (Campus Party 2010), (Wed, Jan 27th)

The Campus Party Europe 2010 (http://www.campus-party ...(more)...

Google Chrome v4.0.249.78 Released: http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html, (Wed, Jan 27th)

-- Raul Siles www.raulsiles ...(more)...

e107 CMS system website compromised, (Tue, Jan 26th)

The website of e107 CMSsystem was found to be compromised, directing users to malware site but ...(more)...

VMware vSphere Hardening Guide Draft posted for public review, (Tue, Jan 26th)

VMware announces the first draft of the vSphere Hardening Guide, posted for public comment. A ...(more)...

"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!", (Mon, Jan 25th)

Do you manage Apache based web server farms with Web Application Firewall (WAF) requirements that re ...(more)...

SANS Information Security Reading Room

Last 25 Computer Security Papers added to the Reading Room

The Evolving Role of Security Structures

Category: Management & Leadership

Paper Added: January 28, 2010

Capturing and Analyzing Packets with Perl

Categories: Intrusion Detection,Scripting Tips,Tools

Paper Added: January 28, 2010

Winquisitor: Windows Information Gathering Tool

Categories: Incident Handling,Tools

Paper Added: January 19, 2010

The Register - Security

Biting the hand that feeds IT

Critical infrastructure execs fear China

But they fear the US more

Operators of electrical grids, telecommunications networks, and other critical infrastructure say their systems are under constant attack, often from sophisticated nation-states, according to a poll of 600 IT executives in 14 countries who oversee such networks.…

Symantec slaps Trojan alert against Spotify

Scanner turns song software slayer

Symantec has apologised over a cock-up that resulted in the incorrect classification of streaming music service Spotify as a Trojan on Thursday.…

Congressional websites befouled by mucky-mouthed hackers

Swear splatter follows State of the Union address

A number of Congressional websites were defaced with abuse aimed at President Obama following Wednesday's State of the Union address.…

Japanese biometric border check no match for, um, tape

Caught sticky handed

Japan's million-dollar biometric immigration screening systems are still no match for a little ingenuity - and some tape.…

IE Windows vuln coughs up local files

One click bares entire C drive

If you use any version of Internet Explorer to surf Twitter or other Web 2.0 sites, Jorge Luis Alvarez Medina can probably read the entire contents of your primary hard drive.…

Phantom app risk used to bait scareware trap

The non-threat with no name

Scareware scammers are staking advantage of rumours about an "unnamed app" that supposedly poses a security risk to Facebook users in order to trick users into sites slinging rogue security software packages.…

Potty mouth hackers pwn TechCrunch (again)

This time it's personal

TechCrunch has been hit by potty-mouth hackers for the second time in 24 hours.…

Verified by Visa bitchslapped by Cambridge researchers

More about pushing blame than preventing fraud

Secondary credit card security systems for online transactions such as Verified by Visa are all about shifting blame rather then curtailing fraud, Cambridge University security researchers argue.…

Gates backs China in Google censorship spat

Uh, that's just what the Chinese do

Lovable, huggable ex-monopolist Bill Gates has more often than not found himself batting for China in a recent publicity drive as head of the Gates Foundation.…

Second US man admits DDoS attack on Scientology

Not so Anonymous after all

A Nebraska man has admitted he participated in a mass attack last year that briefly brought the Church of Scientology's website to its knees.…

Prolific hacker releases PlayStation exploit

Some memory-bus corruption required

On Monday, when we reported that the prolific hacker geohot had successfully penetrated the previously impervious PlayStation 3 gaming console, readers were understandably skeptical.…

Google Toolbar caught tracking users when 'disabled'

We'll ignore this window if you close it

Google has updated its browser toolbar after the application was caught tracking urls even when specifically "disabled" by the user.…

Defects in e-passports allow real-time tracking

This threat brought to you by RFID

Computer scientists in Britain have uncovered weaknesses in electronic passports issued by the US, UK, and some 50 other countries that allow attackers to trace the movements of individuals as they enter or exit buildings.…

StopBadware morphs into standalone non-profit

Anti-Malware Inc backed by Google and Mozilla

StopBadware, the anti-malware project started four years ago at Harvard University’s Berkman Center for Internet and Society, has spread its wings and become a standalone nonprofit corporation.…

Aurora-style attacks swiped oil find data from energy giants

Social networks implicated in planning Google assault

At least three US oil giants were hit by cyberattacks aimed at stealing secrets, in the months before the high-profile Operation Aurora attacks against Google, Adobe et al in December.…

'Aurora' code circulated for years on English sites

Where's the China connection?

Updated An error-checking algorithm found in software used to attack Google and other large companies circulated for years on English-~~speaking~~language books and websites, casting doubt on claims it provided strong evidence that the malware was written by someone inside the People's Republic of China.…

'Cyber Genome Project' kicked off by DARPA

The code you write - it'll be as traceable as your DNA

Applecart-bothering Pentagon boffinry bureau DARPA is at it again. This time, the military scientists want to establish a "Cyber Genome" project which will allow any digital artifact - a document, a piece of malware - to be probed to its very origins.…

Smut-peddling hackers pwn TechCrunch

Tech site back up off the canvas

Updated Popular technology site TechCrunch was hit by potty-mouth hackers late on Monday, leaving the site temporarily unavailable.…

Oil companies hit by 'state' cyber attacks, says report

Petrol reserves data targeted

At least three US oil companies were victims of highly targeted, email-borne attacks designed to siphon valuable data from their corporate networks and send it abroad, according to a published report citing unnamed people and government documents.…

Once impenetrable PS3 cracked wide open

iPhone hacker: 'I have great power'

The first hacker to successfully jailbreak the iPhone says he has pulled off yet another modding marvel, this time penetrating the previously impervious PlayStation 3 gaming console.…

Kaspersky update slaps Trojan warning on Google Adsense

Tsk, you and your false positives

Updated An update to Kaspersky's popular anti-virus software on Monday falsely identified Google AdSense as a malicious script.…

Ladbrokes, police probe data breach

Millions of customer profiles for sale

Ladbrokes is investigating the loss of thousands of customer details from one of its databases, but is reassuring gamblers that the information did not include bank details or passwords.…

Slovak biker spat linked to rare destructive worm

Hi-tech equivalent of tyre-slashing spreads globally

A rare example of a destructive computer worm has been spotted on the web.…

Network World on Security

The latest security news, analysis, reviews and feature articles from NetworkWorld.com.

DDoS attacks, network hacks rampant in oil and gas industry, other infrastructure sectors

Massive denial-of-service attacks and infiltration of corporate networks by attackers is a common experience for companies in critical infrastructure sectors, including financial services, energy, water, transportation and telecom.

Bugs and Fixes: Adobe Reader, Acrobat Come Under Fire

Adobe product security took another hit recently when reports surfaced of a zero-day attack against a critical vulnerability in the ubiquitous Adobe Reader.

Congressional Web sites hacked near Obama speech

More than two dozen Congressional Web sites have been defaced by the Red Eye Crew, a group known for its regular attacks on Web sites.

Will Cloud Computing Kill Privacy?

As cloud computing speeds ahead, privacy protections are too often being left in the dust.

Advance-fee fraud scams rise dramatically in 2009

People around the world continue to be duped by advance-fee frauds, with one Dutch private investigation company estimating the highest ever annual losses occurred in 2009.

Leading voice encryption programs hacked in minutes

Most voice encryption systems can be tapped in minutes by installing a voice-recording Trojan on the target computer, a security researcher has confirmed after testing a range of well-known products.

Malware Aims to Evade Windows 7 Safeguards

Experts agree that Windows 7 has enhanced security to ward off attacks on vulnerabilities in old software. But what if a money-minded online scammer can persuade you to download malware onto your PC?

Apple security threats exaggerated, report reveals

Apple's desktop computers experience little malware, a review of 2009 has found, but this is partly because attacks are starting to move to the company's other platforms such as the iPhone.

3D Secure online payment system not secure, researchers say

A widely deployed system intended to reduce on-line payment card fraud is fraught with security problems, according to University of Cambridge researchers.

Security, network management vendors add log, compliance capabilities

Security vendor Tripwire develops technology to take on security event and log management, while Ipswitch’s network management division WhatsUp Gold acquires Dorian Software to address customer compliance demands.

MoD staff leak military secrets on Facebook and Twitter

The Ministry of Defence has admitted that staff leaked secret information 16 times on social networking sites such as Facebook and Twitter over the past 18 months.

Brits accused of illegal file-sharing forking out £500

Hundreds of Brits are being forced to fork out £500 after wrongfully being accused of illegally downloading music and pornography files.

IMPERVAious to common sense

In December 2009, 32 million passwords stored without encryption on the Rockyou.com Web site were stolen and published on the Web for anyone to see. The security firm IMPERVA published a thorough analysis of these passwords to see how a large sample of users – not just those responding to a survey – actually manage their personal authentication.

PlayStation 3 hack released online

Days after announcing he'd managed to hack Sony's PlayStation 3 console to run his own software George Hotz has released the exploit online.

Bank files lawsuit against victim of $800,000 cybertheft

A Texas bank is suing a customer hit by an $800,000 cybertheft in a case that could test the extent to which customers should be held responsible for protecting their online accounts from compromises.

Canada needs cyber security czar: CATA Alliance

U.S. president Obama's appointment last December of a cyber security co-ordinator should be mirrored by the Canadian government if it wants to raise awareness of cyber security and leverage the security expertise that exists in Canada, according to the Canadian Advanced Technology Alliance (CATA Alliance).

WhatsUp Gold buys Windows security management vendor

WhatsUp Gold acquires Dorian Software to augment its network management software suite with security event and log management capabilities.

Review: Kingston's new USB drive offers public and encrypted partitions

Kingston recently unveiled a new version of its DataTraveler USB stick that includes the ability to create two partitions, one for public use and the other for secure data storage, a very handy feature.

Canadian bill tightens noose around identity thieves

A bill came into force last Friday that makes early stages of identity-related crime an offense in the Criminal Code, thereby granting Canadians greater protection against identity theft.

Smart phone security management a ripe market

The number of smart phones protected by advanced security software will increase fivefold over the next five years as IT departments seek out mobile device management services to deal with functionality that is more and more like that of the desktop, according to a recent report from ABI Research.

iPhone Hacker Cracks the PlayStation 3

Up to this point, just about every gaming console--from the Xbox 360 to the Nintendo DS--has been hacked in some way, usually to allow it to play pirated games. This excluded the PlayStation 3, which remained unhacked for over three years, leading many to believe that it is virtually impossible to hack.

Kaspersky false positive tags Google Adsense as Trojan

Following an update, Kaspersky Antivirus today falsely identified Google Adsense as a malicious script.

Nebraskan pleads guilty to 2008 Web attack on Scientologists

A 20-year-old man from Nebraska has agreed to plead guilty to charges stemming from a January 2008 attack on Web sites of the Church of Scientology.

Cisco, NetApp, VMware team up on virtualization security

Cisco, NetApp and VMware announced a project to improve the security of virtualization deployments, with a focus on isolating applications that use the same physical network, server and storage resources in multi-tenant systems.

Researcher to reveal more Internet Explorer problems

Microsoft's Internet Explorer could inadvertently allow a hacker to read files on a person's computer, another problem for the company just days after a serious vulnerability received an emergency patch.

Internal Investigations: The Basics

Internal investigations are a vital part of a security program. It's a serious matter when an employee is alleged to be violating company rules. So-called 'insider threats' can cause as much damage as thieves outside. These threats come in many different forms, including:

Student facing $675K music piracy fine hopeful award will be lowered

A federal judge's decision last week to reduce damages in a music piracy case has give a Boston University student reason to be optimistic that his $675,000 fine will be lowered.

Intego releases report on Mac, iPhone security for 2009

Security firm Intego has added to the bevy of year-in-review pieces for 2009 with a comprehensive report on Mac and iPhone security of the past year. While this may seem more than a little self-serving for the authors of VirusBarrier, the report is fair, comprehensive and hyperbole-free.

InSecurity Complex

Keeping tabs on flaws, fixes, and the people behind them.

Congressional sites defaced after Obama speech

By Elinor Mills

Third-party vendor manages 49 House of Representative Web sites that were hacked following president's address, and 18 that were defaced last year, report says.

Expert sees security issues with the iPad

By Elinor Mills

Security expert says things like strong encryption and an access control feature are missing from Apple's new iPad tablet device.

Report shows cyberattacks rampant; execs concerned

By Elinor Mills

Critical infrastructure networks are vulnerable to repeated, expensive attacks from adversaries and U.S. and China are seen as top potential aggressors, survey finds.

Report unearths targeted attacks on oil firms

By Elinor Mills

The Christian Science Monitor reports there is a China link in one of the attacks on three oil firms in 2008 that involved e-mails containing hyperlinks to spyware.

Report: Attackers sent Google workers IMs from 'friends'

By Elinor Mills

Attackers used social networks to research friends of employees with access to data and then posed as those friends, sending workers links to malware in instant messages, according to the Financial Times.

Report: Companies unprepared for cybercrime

By Elinor Mills

Hackers rated biggest threat by respondents, but nation-states and organized crime should not be disregarded, Deloitte study says.