Friday, January 15, 2010

Around The Horn vol.2,1

Zero Day

Tracking the hackers

Google (finally) enables default "https" access for GMail

By Ryan Naraine on People's Republic of China

A day after confirming a major security breach by Chinese hackers looking for GMail account information, Google has turned on default "https:" access for its popular Web mail service.

Adobe plugs PDF zero-day flaw in latest security makeover

By Ryan Naraine on Zero-day attacks

Adobe has released a mega-update for its Reader and Acrobat software products to fix a total of eight documented security vulnerabilities.

[Sponsored]

Adobe confirms 'sophisticated, coordinated' breach

By Ryan Naraine on United States of America

In an attack described as "sophisticated" and "coordinated," Adobe said its corporate network systems were breached by hackers.

Attention Windows XP users: Update Flash Player now

By Ryan Naraine on Patch Watch

The Adobe Flash Player 6 that ships by default in Windows XP is vulnerable to multiple code execution vulnerabilities that could lead to PC takeover attacks.

Baidu DNS records hijacked by Iranian Cyber Army

By Dancho Danchev on Phishing

The DNS records of China's most popular search engine Baidu were hijacked earlier today by a group known as the "Iranian Cyber Army". In response, Chinese hacktivists have already started to attack Iranian web sites.

MS Patch Tuesday: Another critical font engine vulnerability

By Ryan Naraine on Windows Vista

The first Microsoft patch for 2010 is out, providing cover for a solitary vulnerability in the way Windows handles EOT (Embedded OpenType) fonts.

Microsoft planning quiet Patch Tuesday this month

By Ryan Naraine on Responsible disclosure

Microsoft's first Patch Tuesday for 2010 will be very light: A solitary bulletin addressing a vulnerability that is rated critical only for Windows 2000 users.

Researcher exposes Google spyware connections

By Ryan Naraine on Spyware and Adware

A high-profile anti-spyware advocate finds that Google is charging advertisers for "conversion-inflation" traffic from the WhenU spyware program.

Apple (Snow Leopard) malware blocker collecting cobwebs

By Ryan Naraine on Viruses and Worms

Six months after its launch, Snow Leopard's malware blocker has not received any definition updates.

Collapse

Yahoo!%20News

Yahoo! News: Security News

Security News

Microsoft, HP fail to back Google's China move: FT (AFP)

In us

Microsoft CEO Steve Ballmer, seen here on January 7, and his Hewlett-Packard counterpart, have declined to back Google's threat to pull out of China over censorship and cyberattacks, the Financial Times reported on Thursday.(AFP/File/Robyn Beck)AFP - The chief executives of Microsoft and Hewlett-Packard have declined to back Google's threat to pull out of China over censorship and cyberattacks, the Financial Times reported on Thursday.

Law firm suing China says hit by Google-style cyber-attacks (Reuters)

In technology

Reuters - A law firm representing a U.S. software maker that is suing China for code theft said it has been targeted by Chinese hackers, a day after Google Inc. threatened to withdraw from the country following similar attacks.

U.S. Business Sees China Dilemma (Investor's Business Daily)

In business

Investor's Business Daily - As Google's threatened pullout underscores, China has long been the Wild, Wild East for U.S. companies doing business there, thanks to cyberattacks, digital piracy and stolen company secrets.

Facebook-McAfee Deal: A Great Start (PC World)

In technology

PC World - McAfee and Facebook have joined forces to keep 350 million Facebook users safe from malware. But if you think this is a silver bullet to keep you safe on Facebook, think again.

Google's Gmail adds security after China hacking (AP)

In technology

AP - Google is tightening the security of its free e-mail service to combat computer hackers like the ones that recently targeted it in China.

Google's China threat is a rare show of defiance (AP)

In technology

Flowers put by Chinese Google users are seen on its sign outside the Google China headquarters in Beijing, Wednesday, Jan. 13, 2010.   Google's threat to pull out of China over censorship is a rare display of defiance in a system where foreign companies have long accepted intrusive controls to gain access to a huge and growing market. (AP Photo/Vincent Thian)AP - Google's threat to end its operations in China over censorship and computer-security concerns could embarrass communist leaders who crave international respect. Yet it appears unlikely that many other companies would follow suit and try to change how business is done in China.

Yahoo backs Google's response to China hackers (AP)

In technology

AP - Yahoo Inc. supports rival Google's threatened departure from China because of computer attacks that pried into the e-mail accounts of human rights activists.

Google Attack Highlights Strength of Targeted Malware (PC World)

In technology

PC World - Google's revelation of China-based hacker attacks against it and many other major companies shines the spotlight on today's top Internet threat: the targeted attack.

UK Pentagon hacker wins delay of extradition to U.S. (Reuters)

In technology

Reuters - A Briton who hacked into NASA and Pentagon computers has won the right to challenge the government's decision to refuse to block his extradition to the United States, his lawyers said on Wednesday.

Intego releases VirusBarrier X6 (Macworld.com)

In technology

Macworld.com - For some, it's a little disorienting to make the switch to Mac from PCs. Chief among them, the fact that, yes, that screensaver isn't going to infect your Mac with something nasty, and neither is that wallpaper. That antivirus program you installed for the Mac? It's not a virus, it's a legitimate program just doing its job. That's because the risk for malware on the Mac is many orders of magnitude less significant than it is for Windows.

Hacking Risks Persist Even If Companies Withdraw From China (PC World)

In technology

PC World - Google and other enterprises still face a bleak computer security landscape that makes their companies vulnerable to hackers, whether they do business in China or not, analysts say.

The Cost of Google Pulling Out of China (PC World)

In technology

PC World - If Google follows through on its threat to shut down operations in China in response to cyber attacks and spying efforts, it would be walking away from a fairly significant chunk of revenue. The resulting Internet advertising vacuum would lead to hundreds of millions of dollars flowing out of the United States and into Chinese coffers.

Facebook teams with McAfee to tighten security (AFP)

In technology

Facebook has announced an alliance with Internet security specialty firm McAfee to get members of the world's leading online social network to better defend their computers.(AFP/File/Loic Venance)AFP - Facebook has announced an alliance with Internet security specialty firm McAfee to get user of the world's leading online social network to better protect their computers.

Google threatens to quit China over cyber attacks (AFP)

In us

A laptop computer screen shows the homepage of Google.cn. Google has vowed to defy Chinese Internet censors and risk banishment from the lucrative market in outrage at AFP - Google has vowed to defy Chinese Internet censors and risk banishment from the lucrative market in outrage at "highly sophisticated" cyber attacks aimed at Chinese human rights activists.

Google to end China censorship after e-mail breach (AP)

In technology

Visitors stand at the reception of the Google China headquarters in Beijing, China, Wednesday, Jan. 13, 2010. Google Inc. will stop censoring its search results in China and may pull out of the country completely after discovering that computer hackers had tricked human rights activists into opening their e-mail accounts to outsiders. (AP Photo/Ng Han Guan)AP - Google Inc. will stop censoring its search results in China and may pull out of the country completely after discovering that computer hackers had tricked human-rights activists into exposing their e-mail accounts to outsiders.

Wall Street frets over Google's future in China (Reuters)

In business

Reuters - Google Inc's threat to withdraw from China over censorship and cyber attacks has suddenly jeopardized any plans it has for the world's biggest Internet market, stunning investors and analysts.

Google may quit China over cyberattacks on rights activists (AFP)

In us

A laptop computer screen in Beijing shows the homepage of Google.cn. Google threatened Tuesday to shut down its operations in China after uncovering what it said were AFP - Google threatened Tuesday to shut down its operations in China after uncovering what it said were "highly sophisticated" cyberattacks aimed at Chinese human rights activists.

Chinese human rights activists

Malware: Android Apps Threaten Mobile Security (PC World)

In technology

PC World - It doesn't take much malware to do a whole lot of damage, and Android users are in the crosshairs. Businesses and their users are threatened, and Google is slow to react.

McAfee shares higher after UBS upgrade (AP)

In business

AP - Shares of McAfee Inc. edged higher Monday as UBS upgraded the maker of computer security software, saying investor concerns over margins and Hewlett-Packard Co.'s acquisition of a competitor are "overblown."

The Low-down on Low-level Rootkits (PC World)

In technology

PC World - Rootkits, a type of stealth technology used by malware malefactors, attempt to hide in the dark corners of an infected PC and evade detection. A new post out today from the Microsoft Malware Protection Center shines the spotlight on the evil tools.

Cellular group says mobile calls safe from hackers (Reuters)

In technology

Reuters - A wireless industry group said mobile phone conversations are safe from eavesdropping, even after a German security expert released the code for unscrambling calls made using most of the world's cell phones.

Facebook, Twitter to face more sophisticated attacks: McAfee (AFP)

In us

The logo of social networking website 'Facebook' is displayed on a computer screen. AFP - Social networks will face increasingly sophisticated hacker attacks in 2010 but law enforcement is expected to make strides in fighting cybercrime, according to Web security firm McAfee Labs.

WindowSecurity.com

WindowSecurity.com

WindowSecurity.com provides Windows security news, articles, tutorials, software listings and reviews for information security professionals.

Securing the Intranet in a World of Digital Natives

By deb@shinder.net (Deb Shinder)

How securing a network in this new user environment differs from the old model and why it may be beneficial to change some longstanding policies and training methods to adapt to the natives.

Product Review: GFI WebMonitor 2009

By (Mitch Tulloch)

This article reviews the capabilities and features of GFI WebMonitor 2009, an integrated Web security, monitoring and Internet access control product from GFI Software.

TaoSecurity

Richard Bejtlich's blog on digital security and the practices of network security monitoring, incident response, and forensics.

Why Would APT Exploit Adobe?

By Richard Bejtlich

After reading this statement from Adobe, they seem to be using the same language that described the Google v China incident:
Adobe became aware on January 2, 2010 of a computer security incident involving a sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies. We are currently in contact with other companies and are investigating the incident.
Let's assume, due to language and news timing, that it's also APT. Would would APT exploit Adobe? Am I giving Adobe too much credit if I hypothesize that APT wanted to know more about Adobe's product security plans, in order to continue exploiting Adobe's products?
If that is the case, who else might APT infiltrate? Should we start looking for similar announcements from other software vendors?

Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Has China Crossed a Line?

By Richard Bejtlich

I'm wondering if China has crossed a line with its Google hack. It's relatively easy for the Obama administration to pretend that nothing's amiss when it's playing politics with the Chinese government. But when an American company that was just named "word of the decade" proclaims to the world that it is being exploited by Chinese intruders, can the President turn a blind eye to that? This could be the first publicity-driven incident (i.e., something that comes from public sources) that the new Cyber Czar will have to address, if not higher officials.
Oh, and expect China to issue a statement saying that it strongly denies official involvement, and that it prosecutes "hackers" to the fullest extent of its laws. That's nice.

Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Mechagodzilla v Godzilla

By Richard Bejtlich

After posting Google v China I realized this is a showdown like no other. In my experience, no one "ejects" the advanced persistent threat. If you think they are gone, it's either 1) because they decided to leave or 2) you can't find them.
Now we hear Google is the latest victim. Google is supposed to be a place where IT is so awesome and employees so smart that servers basically run themselves, and Google's HR has to leave some of the other smart people "in place" to help the rest of us cope with life. Could Google be the first company to remove APT despite APT desire to remain persistent? Google v China could be Mechagodzilla v Godzilla. No one without inside knowledge will know how this battle concludes, and it probably will not conclude until one of the combatants is gone.

Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Mechagodzilla v Godzilla

Google v China

By Richard Bejtlich

It's been a few months since I mentioned China in a blog post, but this one can't be ignored. Thanks to SW for passing me this one:
Google Blog: A New Approach to China
In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google...
First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses--including the Internet, finance, technology, media and chemical sectors--have been similarly targeted...
These attacks and the surveillance they have uncovered--combined with the attempts over the past year to further limit free speech on the web--have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.

Welcome to the party, Google. You can use the term "advanced persistent threat" (APT) if you want to give this adversary its proper name. See my post Report on Chinese Government Sponsored Cyber Activities for more details.
I have to really applaud Google for saying they might shut down operations in a country of 1.4 billion potential consumers as a result of an incident detection and response!
There were many events last year that fulfilled my prediction for 2009 Expect at least one cloud security incident to affect something you value. I think this one wins hands down.
Never mind the China angle for a moment. All of us should stop and consider what sort of data we are storing at Google, and in what form that data is stored. Google's Keeping Your Data Safe post for Enterprise customers claims While some intellectual property on our corporate network was compromised, we believe our customer cloud-based data remains secure. However, my experience with these sorts of incidents is that if it occurred in "mid-December," Google will be spending the next several months realizing how large the exposure really is.

Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Happy 7th Birthday TaoSecurity Blog

By Richard Bejtlich

Today, 8 January 2010, is the 7th birthday of TaoSecurity Blog. I wrote my first post on 8 January 2003 while working as an incident response consultant for Foundstone. 2542 posts (averaging 363 per year) later, I am still blogging.
I don't have any changes planned here. I plan to continue blogging, especially with respect to network security monitoring, incident detection and response, network forensics, and FreeBSD when appropriate. I especially enjoy reading your comments and engaging in informed dialogues. Thanks for joining me these 7 years -- I hope to have a ten year post in 2013!
Don't forget -- today is Elvis Presley's birthday. Coincidence? You decide.
The image shows Elvis training with Ed Parker, founder of American Kenpo. As I like to tell my students, Elvis' stance is so wide it would take him a week to react to an attack. Then again, he's Elvis.
I studied Kenpo in San Antonio, TX and would like to return to practicing, along with ice hockey, if my shoulders cooperate!

Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

SecurityFocus

SecurityFocus News

SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.

Brief: Google, Adobe attacked through China

Google, Adobe attacked through China

Brief: Microsoft, Oracle, Adobe issue patches

Microsoft, Oracle, Adobe issue patches

Brief: NIST investigates secure USB flaws

NIST investigates secure USB flaws

Brief: Cyber exercise to target financial firms

Cyber exercise to target financial firms

News: Malicious traffic can crash routers, Juniper warns

Malicious traffic can crash routers, Juniper warns

Brief: Adobe revamps Reader, Acrobat updater

Adobe revamps Reader, Acrobat updater

Brief: Zeus software behind one-in-ten botnets

Zeus software behind one-in-ten botnets

Brief: China sued over Green Dam code

China sued over Green Dam code

 

Security - RSS Feeds

Security - RSS Feeds

British Court Gives McKinnon Extradition Reprieve With New Judicial Review

The British High Court has granted approval for a judicial review of the Home Secretary's decision not to hear medical evidence for hacker Gary McKinnon, who is accused of breaking into U.S. military computers.
- The British High Court has given the thumbs up to a judicial review of the Home Secretary's decision to allow the extradition process for hacker Gary McKinnon to move forward. The courts decision is yet another twist in the roughly eight-year effort to bring McKinnon back to the United States to f...

How to Use Data Encryption to Secure Mobile Business Data

A staggering number of enterprise mobile devices are lost or stolen annually, at a high cost to the organizations that own them. But there are solutions available to help secure the data left on the devices. Here, Knowledge Center contributor Kurt Lennartsson explains why it is imperative that organizations secure this data, and explains how to use encryption software to protect data that is in transit on these mobile devices.
- Over the past two decades, private, public and governmental organizations have built walls to contain their businesses. More specifically, firewalls. These firewalls were built as safeguards to establish secure perimeters within which enterprise computing, communication devices and data are saf...

How to Secure Data with End-to-End Encryption

With the alarming increase in the number of reported data breaches in recent years, enterprises must seek measures beyond regulation that will help them protect their company reputation, and avoid financial and brand damage. Here, Knowledge Center contributor Paul Meadowcroft discusses how end-to-end encryption and good key management can be the panacea to securing sensitive data, regardless of whether encryption is explicitly mandated by a piece of regulation or simply recommended.
- To date, it has largely been banks and governments that have taken advantage of encryption to secure information. However, almost every organization in every industry handles information that someone somewhere regards as being private or valuable. There is an implicit, and increasingly explicit...

Google Gmail Switches HTTPS to Always On by Default

HTTPS is now the default setting for Gmail users. Google's security decision follows revelations of efforts by attackers to improperly access the Gmail accounts of Chinese human rights activists.
- Google has opted to turn on HTTPS for Gmail continuously by default to protect user e-mails. The move follows the revelation that there have been repeated attempts to access Gmail accounts belonging to Chinese human rights activists, as well as calls from security and privacy experts for Go...

Adobe Investigates Cyber-attack

Adobe Systems is investigating an attack against corporate network systems managed by Adobe. Details of the security threat are scarce.
- Adobe Systems reported Jan. 12 that it has uncovered a quot;coordinated attack against corporate network systems managed by Adobe and other companies. quot; Adobe became aware of the attack Jan. 2, according to a post by Adobe employee Pooja Prasad on a company blog. Other companies were aff...

How to Strategically Secure IT Remote Support

Without a strategic vision for remote control security, organizations will continue to fall prey to hackers who take advantage of IT support departments' growing use of remote access tools. Here, Knowledge Center contributor Nathan McNeill outlines five ways to maintain security and corporate governance policies while relying on remote access technology to support off-site computing devices.
- Worker mobility and technological complexity in today's enterprise are driving the increased demand for IT support departments. Even though IT has used remote control tools to troubleshoot PC issues for some time, there is a renewed interest in the technology to provide anytime, anywhere suppor...

Facebook, McAfee Partner to Improve Security

Facebook and McAfee have joined forces to improve security. As part of their partnership, the companies are pushing out a new scanning tool for Facebook users whose accounts are compromised and offering complimentary McAfee security software users.
- Facebook and McAfee are teaming up to improve security on the popular social networking site. For Facebooks 350 million users, the partnership between the two companies has multiple aspects. If Facebook users are compromised, the social networking site will require them to run a scan using a fre...

Google Threatens to Leave China After Cyber-attack

Google says it is no longer willing to censor search results in China, and is considering closing its offices due to a cyber-security attack.
- Google is mulling the idea of shutting down its operations in China amid concerns about a cyber-attack and repeated efforts to access the Gmail accounts of Chinese activists. Google Chief Legal Officer David Drummond in a blog post Jan. 12 said Google is no longer willing to censor resul...

Microsoft Patches Windows Security Vulnerability

In the first Patch Tuesday of 2010, Microsoft releases a critical security update for Windows 2000 users. The company also updates a bulletin from 2009 and issues an advisory about vulnerabilities in Adobe Flash Player 6.
- Microsoft released a single Windows security bulletin Jan. 12 for its first Patch Tuesday update of 2010. The bulletin is rated critical for users of Windows 2000 Service Pack 4, and low for several other editions of Windows. The vulnerability at issue lies within the Microsoft Windows EOT (Em...

Symantec to Acquire Gideon Technologies for Risk Management Technology

Symantec has agreed to buy Gideon Technologies with the intention of using Gideon's vulnerability, configuration and compliance management technology to appeal to the public sector.
- Symantec has agreed to acquire Gideon Technologies in a bid to add to its risk management capabilities to meet the compliance needs of the public sector. Gideon Technologies specializes in vulnerability, configuration, policy and compliance management as well as network and asset discovery....

Feds Charge 19 in $15M Cyber-Scam

A federal grand jury in Dallas accused 19 people of taking part in a scheme to use shell companies to defraud companies ranging from AT T to Wells Fargo.
- A federal grand jury in Dallasindicted 19 people Jan. 8 in a complex scheme that allegedly used a series of shell companies to defraud banks, telecommunications providers and others out of $15 million. The 19 defendants were each charged with conspiracy to commit wire and ma...

Google Removes Suspicious Mobile Apps from Android Market

Google has removed a series of suspicious mobile applications from the Android Market. Google says the applications were taken down for violating the site's use policy by using the names of banks without their permission.
- Google has removed several banking applications from its Android Market mobile application store for violating Google's terms of use. The presence of the applications in question, which according to those with direct knowledge of the situation did not misuse or steal user information, has nonet...

10 Reasons Why Microsoft Should Have Discussed Security At CES

News Analysis: The big news that came out of CES was a tsunami of new smartphones and tablet PC designs. But Microsoft, arguably the most important company at the show, could have made security the theme at CES this year. Unfortunately, it didn't. And users are left wondering how to keep their data secure going forward.
- The Consumer Electronics Show is a spectacle. It's a place where massive tech companies and small startups come together to show off neat, new ideas. Some companies focus on PCs, others attempt to innovate with products that consumers have never seen. For the tech lover, it's an exciting show th...

Facebook CEO: Privacy Not the 'Social Norm'

Facebook CEO Mark Zuckerberg told the audience at the 2009 Crunchies Awards in San Francisco that Web users have become more accepting of information sharing in the past several years - a change he said has guided Facebook's privacy strategy.
- Facebook CEO Mark Zuckerberg recently declared that privacy has become less of a quot;social norm quot; on the Internet as users have become more comfortable sharing information. Zuckerbergs comments came Jan. 8 at the Crunchies Awards in San Francisco. The annual ceremony is co-hosted by ...

McAfee: Spammers Turn to Free Web Hosting Services

In a new report, McAfee says spammers are taking to Web hosting services in a big way.
- Spammers are increasingly turning to free-hosting Websites to provide spam URLs, according to a new report from McAfee. In its quot;January 2010 Spam Report, quot; McAfee notes the trend is turning into an "all-out gold rush" as dozens of these free-hosting sites have sprung up to provide...

Heartland Agrees to $60M Settlement with Visa over Breach

Heartland Payment Systems agrees to pay as much as $60 million to Visa to address losses by credit and debit cardholders affected by the data breach Heartland suffered in 2008.
- Heartland Payment Systems on Jan. 8 announced that it has agreed to pay up to $60 million to Visa to cover losses to credit and debit cardholders affected by the massive data breach Heartland suffered in 2008. According to Heartland's news release, the settlement agreement is quot;contingent ...

REVIEW: eEye's Retina CS Is the Management Console the Blink Agent Always Deserved

eEye Digital Security's Blink is a solid security agent, but its stodgy REM management console has been frustrating. Enter eEye Retina CS, a console based on Adobe Flash that makes management easier and more elegant. Retina CS isn't perfect, and some administrators may balk at its use of Flash, but Retina CS just may represent the management console of the future.
- eEye Digital Security raises the standard in enterprise endpoint protection with a management console that could almost be called next generation. The chic new GUI, called Retina CS, allows the top-notch Blink client agent to be managed quickly and easily in large enterprise environments. Blink ...

Microsoft Preps Windows Security Fix for Patch Tuesday

In its first Patch Tuesday of the year, Microsoft is planning to plug a Windows security hole rated critical for Windows 2000 systems. A fix for a Server Message Block protocol vulnerability is still being worked on, Microsoft says.
- Microsoft is kicking off the new year with a single Windows security bulletin. The first Patch Tuesday release of 2010 will contain a fix rated quot;critical quot; for Windows 2000 users and low for others. According to Microsoft's pre-Patch Tuesday notification, the bulletin addresses a remote...

Cisco Acquires Security Startup Rohati

Cisco says it has bought Rohati Systems, a company specializing in agentless transaction networking systems designed to secure collaboration and ease regulatory compliance by providing granular access controls.
- Cisco Systems confirmed that it has acquired Rohati Systems, a security startup founded by former Cisco employees. Rohati came out of stealth mode in 2008 with a focus on providing TNS (transaction networking systems) to enable secure collaboration and ease regulatory compliance. quot;Cisco c...

FBI Investigates Online Theft of $3M from School District

A school district in Schenectady County in New York reports it was robbed of $3 million in late December. According to the district, the money was looted from the school's online bank account. Additional security precautions are now being taken.
- The FBI is investigating the cyber-theft of roughly $3 million from a New York school district's bank account between Dec. 18 and 22. According to the Duanesburg Central School District, there were attempts to steal roughly $3.8 million from a school account with NBT Bank via online access...

LABS GALLERY: eEye Digital Security Retina CS Provides Top-Notch Management for Blink

eEye Digital Security raises the standard in enterprise endpoint protection with a management console that could almost be called next-generation. The chic new GUI, called Retina CS, allows the excellent protection provided by the Blink client agent to be managed quickly and easily in large enterprise environments.
- ...

REVIEW: IBM Web Application Protection Ably Combines Proactive and Reactive Security Measures

IBM Rational AppScan and IBM ISS Proventia IPS GX5108 combine proactive application vulnerability scanning with live IPS attack reports to provide powerful Web application protection.
- Most organizations have embraced the Web to some extent to provide user-friendly applications for employees, customers and partners. However, while Web 2.0 collaboration technologies can increase productivity, they also provide a larger attack surface for miscreants. In its 2008 Trend and Risk ...

Does Google Nexus One Have Enough Security for Enterprises?

Google made its Nexus One phone available to consumers in the U.S., U.K., Hong Kong and Singapore Jan. 5. But some wonder how Nexus One security will stack up against the Apple iPhone and other devices, and whether that will be enough to win over enterprises.
- Google pulled the covers off its Nexus One smartphone Jan. 5 at a press event at its corporate headquarters, touching off talk about whether or not it will be able to compete with other smartphones in the enterprise. This, of course, leads to a larger question of how Googles latest play in the ...

Adobe Keeps Focus on Security in 2010 as Attackers Circle

Almost a year after changing its development process and a week away from a Jan. 12 patch for yet another zero-day vulnerability, Adobe Systems remains a popular target for attackers. But the company is not taking it sitting down.
- Adobe Systems took its share of security hits in 2009. It changed its update schedule and took steps to improve application development, but still ended the year with a prediction from McAfee that the number of attacks against Adobe products would surpass those against Microsoft Office. Offici...

Security

The Art of Technology

Facebook working to keep network, users free of malware

By jacqui@arstechnica.com (Jacqui Cheng) on software

Social networks have become popular vectors for malware, and Facebook is taking measures to ensure that its users are safe. The company announced Wednesday that it has partnered with McAfee to provide security software and services to Facebook's 350 million users. Though the offerings are pretty much your standard security package, Facebook is painting itself in a positive light by being proactive about user security while other social networks stand on the sidelines.

Through the agreement, Facebook users will be able to get McAfee's security tools, a "custom" scanning and repair tool, and education materials about malware. They also qualify for a free six-month subscription to McAfee's security suite (with discounted pricing after that), though the subscription part is optional. Facebook wants to make it clear, however, that it is pouring money into this partnership in order to benefit users, "and will not be taking a share of any revenue from user subscriptions." The other tools are free and will remain so for those who choose to use them.

This isn't likely to be the most exciting news in a Facebook user's day, but it's a helpful step in a world where malware spreads through social networks like an STD on a college campus. Users have known to be careless when using sites like Facebook and MySpace, downloading unknown files with abandon and clicking links they're not familiar with. Malware writers have become aware of how easy it is to target these users, too, leading to continued growth in malware attacks via social networks.

Of course, Facebook likes to act as if it's a rare, Bigfoot-sighting-level event when a user's account has been compromised. However, the company still emphasized that users can take special steps to take back their accounts and that McAfee's "custom technology" will clean their machines after the breach. And although Facebook sure seems to like patting its own back over the move, it really is one that is needed across more services (particularly in the wild west known as MySpace). "[W]e are taking an unprecedented step towards making the entire Internet more secure and reducing the possibility of threats being brought onto our service by unsuspecting users," Facebook VP of global communications Elliot Schrage said in a statement. "We hope this is something that other services will emulate."

Microsoft urges Windows XP users to ditch old Flash version

By p_emil@hotmail.com (Emil Protalinski) on windowsxp

Microsoft has had it with old versions of Adobe Flash and has issued Security Advisory (979267) to urge users to either uninstall old versions, or upgrade to the latest. More specifically, the software giant is asking users ditch Flash Player 6.0 as the multimedia player plugin contains multiple bugs. Microsoft rarely issues security advisories on third-party products, but since this version of Flash originally came bundled with Windows XP, Microsoft feels it needs to warn its users. Adobe discontinued security support for Flash Player 6.0 in 2006; the current version is Flash 10.0.42.34.

The advisory outlines Microsoft's stance very clearly, making sure to emphasize that the vulnerabilities only occur with the combination of the old version of Flash and old version of Windows (other supported versions of Windows do not include the Flash). "The Adobe Flash Player 6 was provided with Windows XP and contains multiple vulnerabilities that could allow remote code execution if a user views a specially crafted Web page. Adobe has addressed these vulnerabilities in newer versions of Adobe Flash Player. Microsoft recommends that users of Windows XP with Adobe Flash Player 6 installed update to the most current version of Flash Player available from Adobe." The good news is that the advisory says Microsoft is "not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time."

The security advisory was posted on Patch Tuesday, the same day Microsoft releases security patches for all of its software for the month. This month though, the company only posted a single bulletin, Microsoft Security Bulletin MS10-001. It affects all supported versions of Windows, but is only rated as "Critical" for Windows 2000, and "Low" for all later versions. As a result, the Adobe Flash flaw is slightly more serious and should take priority.

Another GSM encryption technique falls to researchers

By jtimmer@arstechnica.com (John Timmer) on gsm

Late December saw the announcement that the A5/1 encryption technique used by GSM cellphones was vulnerable to a new attack, raising questions about how the cellular industry would respond. There was some thought that the transition to 3G service, which is already well under way, could be relied on to limit the risk of attack, as 3G communications uses a different encryption system. For anyone planning on that response, however, this week's news is not so good: researchers have described an attack on 3G's KASUMI system that requires only a few hours on a typical PC.

The KASUMI system is based on an encryption technique called MISTY, which belongs to a general class of techniques called Feistel encryption. These are rather complex, with multiple keys being combined, and a recursive, multiround encryption processes that alternates the order of different functions. A sense of the complexity can be had by looking at the diagram on a page that describes it.

Unfortunately, a full MISTY encryption is apparently computationally expensive, making it less than ideal for an application where time and processing power are in short supply. The KASUMI algorithm was developed specifically to simplify the MISTY system, and make it "faster and more hardware-friendly," in the words of the new study's authors. Supposedly, the simplifications didn't reduce the security of the protocol, but the new research suggests otherwise.

The math behind the attack is rather complex but, distilled down, relies on sending multiple inputs through the encryption process that differ by known values, and look for pairs of pairs that show key similarities. These similarities allow the authors to determine when related encryption keys are being used, and then identify some of the bits in these keys. According to the paper, "our unoptimized implementation on a single PC recovered about 96 key bits in a few minutes, and the complete 128 bit key in less than two hours." That should meet almost nobody's standard of secure.

768-bit RSA cracked, 1024-bit safe (for now)

By jtimmer@arstechnica.com (John Timmer) on rsa

With the increasing computing power available to even casual users, the security-conscious have had to move on to increasingly robust encryption, lest they find their information vulnerable to brute-force attacks. The latest milestone to fall is 768-bit RSA; in a paper posted on a cryptography preprint server, academic researchers have now announced that they factored one of these keys in early December.

Most modern cryptography relies on single large numbers that are the product of two primes. If you know the numbers, it's relatively easy to encrypt and decrypt data; if you don't, finding the numbers by brute force is a big computational challenge. But this challenge gets easier every year as processor speed and efficiency increase, making "secure" a bit of a moving target. The paper describes how the process was done with commodity hardware, albeit lots of it.

Their first step involved sieving, or identifying appropriate integers; that took the equivalent of 1,500 years on one core of a 2.2GHz Opteron; the results occupied about 5TB. Those were then uniqued and processed into a matrix; because of all the previous work, actually using the matrix to factor the RSA value only took a cluster less than half a day. Although most people aren't going to have access to these sorts of clusters, they represent a trivial amount of computing power for many organizations. As a result, the authors conclude, "The overall effort is sufficiently low that even for short-term protection of data of little value, 768-bit RSA moduli can no longer be recommended." 1024-bit values should be good for a few years still.

Given that these developments are somewhat inevitable, even the authors sound a bit bored by their report. "There is nothing new to be reported for the square root step, except for the resulting factorization of RSA-768" they write. "Nevertheless, and for the record, we present some of the details." Still, they manage to have a little fun, in one place referencing a YouTube clip of a Tarantino film following their use of the term "bingo."

Microsoft Patch Tuesday for January 2010: one bulletin

By emil.protalinski@arstechnica.com (Emil Protalinski) on patchtuesday

According to the Microsoft Security Response Center, Microsoft will issue a single Security Bulletin on Tuesday, and it will host a webcast to address customer questions about the bulletins the following day (January 13 at 11:00am PST, if you're interested). The vulnerability is rated "Critical" and it earned the rating through a remote code execution impact, meaning a hacker could potentially gain control of an infected machine. The single patch may require a restart.

The list of affected operating systems includes Windows 2000, Windows XP (32-bit and 64-bit), Windows Server 2003 (32-bit and 64-bit), Windows Vista (32-bit and 64-bit), Windows Server 2008 (32-bit and 64-bit), Windows 7 (32-bit and 64-bit), and Windows Server 2008 R2 (32-bit and 64-bit). Microsoft noted that the vulnerability is critical only on Windows 2000, and it is low for all other platforms.

Microsoft will not be releasing any patches for Microsoft Office nor Internet Explorer this month. If you're wondering, the SMB hole in Windows 7 and Windows Server 2008 R2, disclosed in November 2009 will not be addressed either. Microsoft says it is still working on an update for the issue and that it is not aware of any active attacks using the exploit code that was made public.

Along with these patches, Microsoft is also planning to release the following on Patch Tuesday

  • One or more nonsecurity, high-priority updates on Windows Update (WU) and Windows Server Update Services (WSUS)
  • One or more nonsecurity, high-priority updates on Microsoft Update (MU) and WSUS
  • An updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Microsoft Download Center

This information is subject to change by Patch Tuesday; Microsoft has been known to rush patches as well as pull them if it deems it necessary.

SearchSecurity.com

SearchSecurity: Security Wire Daily News

The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.

Adobe issues patch fixing month-long PDF zero-day vulnerability

By Robert Westervelt

The latest version plugs a serious hole being actively targeted by attackers in the wild. Users are urged to apply the updates as soon as possible.

Facebook, McAfee partner to fix social network security issues

By Robert Westervelt

Facbook beefs up its account remediation process with a free malware scanning tool, security education and a free antivirus trial followed by a subsidized price on the software.

Facebook, McAfee partner to fix social network security issues

By Robert Westervelt

Facebook beefs up its account remediation process with a free malware scanning tool, security education and a free antivirus trial followed by a subsidized price on the software.

Chinese hacker attacks target Google Gmail accounts, top tech firms

By Robert Westervelt

Up to 33 Silicon Valley tech firms, financial companies and government contractors have been breached by a sophisticated attack believed to have originated in China.

Social networks face user content risks, Web application vulnerabilities

By Robert Westervelt

A variety of new tools and methods can help social networks monitor third-party applications for traffic anomalies and user content coding that could signal trouble.

Microsoft releases Windows OpenType Font Engine patch

By Robert Westervelt

Lone security bulletin is critical for Windows 2000 users.

Facebook attacks prompt investments in social networking security

By Robert Westervelt

Social networks are opening their wallets in a big way to bolster security teams and install new security technologies to combat attacks.

How to steal a virtual machine and its data in 3 easy steps

By Eric SIebert

Stealing a virtual machine and its data is pretty easy. If you know how it's done, you can figure out how to prevent it and avoid some potentially costly administrative missteps.

Microsoft to patch single Windows 2000 vulnerability

By Robert Westervelt

Patch for a Microsoft Server Message Block zero-day vulnerability in Windows 7 is still being tested, the software giant said.

Another PDF attack targets Adobe zero-day vulnerability

By Robert Westervelt

Trend Micro discovers malware attempting to exploit Adobe's latest zero-day vulnerability. A patch is due out next week.

Security report finds rise in banking Trojans, adware, fewer viruses

By Robert Westervelt

Panda Security's 2009 annual report finds banking Trojans and account credential stealers dominating the threat environment.

Five security industry themes to watch in 2010

By Robert Westervelt

All signs point to payment industry security improvements, tighter security in social networks and some new attack vectors for savvy cybercriminals.

 

SANS%20RSS%20Feed

SANS NewsBites

All Stories From Vol: 12 - Issue: 3

Judge Says RealDVD is "Almost Certainly Illegal" (January 11, 2010)

US District Judge Marilyn Patel has rejected RealNetworks' argument that the Motion Picture Association of America (MPAA) is a "price-fixing cartel" that prevents the distribution of products capable of decrypting DVDs.......

Full Body Scanners Used by TSA Present Privacy Concerns (January 11, 2010)

According to documents obtained by the Electronic Privacy Information Center (EPIC) under a Freedom of Information Act (FOIA) lawsuit, the full body scanners currently being used by the Transportation Security Administration (TSA) are capable of retaining and transmitting images.......

Heartland and Visa Reach Settlement (January 8 & 9, 2010)

Heartland Payment Systems will pay up to US $60 million to Visa payment card issuers affected by Heartland's 2008 data security breach.......

South Korean Military to Ban USB Drives (January 11, 2010)

The South Korean military says it will ban the use of USB drives.......

USB Flaws Prompt NIST Review of Cryptographic Module Certification Process (January 8 & 11, 2010)

The National Institute of Standards and Technology (NIST) is investigating security flaws in several brands of USB drives that were thought to be secure.......

Incident Handling Certification Now The Top For Premium Security Pay (January 12, 2009)

The American National Standards Institute has accredited the GIAC Certified Incident Handler certification, and the same certification was recently ranked as the No.......

Questionable Applications Removed From Android Marketplace (January 11, 2010)

Suspected phishing applications were found and removed from the Android Marketplace.......

Facebook Group Page Has Links to Malware-Laced Sites (January 11, 2010)

Miscreants intent on spreading malware appear to be preying on people's unfounded fears that Facebook plans to begin charging users for its services.......

Oracle's Critical Patch Update Will Offer 24 Fixes (January 11, 2010)

On Tuesday, January 12, Oracle plans to release its monthly/quarterly Critical Patch Update that will include 24 fixes, some of which affect multiple products.......

Proof-of-Concept Code Posted for Mac OS X Flaw (January 8 & 12, 2010)

Proof-of-concept exploit code for a vulnerability in Mac OS X has been posted on the Internet.......

Panel Questions FCC's Authority to Enforce Net Neutrality Rules (January 8 & 11, 2010)

A federal appeals court panel is questioning the Federal Communications Commission's (FCC) authority to impose net neutrality rules on Comcast.......

Wide-Reaching Spear Phishing Campaign Claims to be Outlook Alert (January 8, 2010)

A recently detected spear phishing scheme is spreading in the guise of a Microsoft Outlook alert.......

Microsoft and Adobe Will Issue Security Updates on January 12 (January 7, 2010)

Microsoft plans to release just one security bulletin on Tuesday, January 12.......

2010 Date Recognition Problems (January 5, 2010)

German payment cards are not the only technology to be hit with problems recognizing dates in the new year.......

Attackers are Actively Exploiting Critical Adobe Reader and Acrobat Flaw (January 4, 7 & 8, 2010)

Attackers are actively exploiting a critical flaw in Adobe Reader that will not be patched until next week.......

Adobe Will Release Silent Update Beta (January 6, 2010)

Adobe plans to introduce silent updates to help ensure that more users are running current versions of Reader and Acrobat.......

Year-Change Confounds Some German Payment Cards (January 6 & 7, 2010)

A software glitch pertaining to the change from the year 2009 to 2010 prevented German shoppers from using their payment cards.......

US Financial Services ISAC to Hold Cyber Incident Exercise (January 6, 2010)

In February, the Financial Services Information Sharing and Analysis Center (FS-ISAC) will hold a cyber attack simulation for banks, payment processors and retailers.......

Software Company Suing Chinese Government Over Alleged Stolen Code in Green Dam (January 5 & 6, 2010)

A California software company is seeking US $2.......

Thieves Attempt to Steal US $3.8 Million From NY School District (January 5 & 6, 2010)

The FBI and New York State Police are investigating an attempt to steal US $3.......

FTC Roundtable Will Address Cloud Computing Privacy Issues (January 5 & 6, 2010)

The US Federal Trade Commission (FTC) will hold a roundtable session on January 28 at the University of California, Berkeley to discuss the consumer privacy ramifications of cloud computing.......

Flash Drive Flaw (January 5, 2010)

Three flash drive manufacturers have issued warnings that a vulnerability in the drives' access control mechanism could allow attackers access to data on what were believed to be secure devices.......

Convicted Filesharer Seeks Lower Fine (January 4 & 5, 2010)

The Boston University student who was fined US $675,000 for illegally downloading music has asked a judge to reduce the penalty or give him a retrial.......

ABA Recommends Using Dedicated PC for Online Banking (January 1 & 4, 2010)

The American Bankers' Association (ABA) issued guidance to small and mid-sized businesses regarding how to protect themselves from the growing problem of unauthorized Automated Clearing House (ACH) transactions.......

New Zealand Law Enforcement and Intelligence Agents Get Increased Surveillance Powers (January 3, 2010)

Police and Security Intelligence Service agents in New Zealand now have expanded powers of surveillance over citizens' online activity.......

French Anti-Piracy Law Now in Effect (January 1, 2010)

France's new Internet anti-piracy law took effect on January 1.......

Pentagon's Planned Cyber Command Faces Questions From Lawmakers (January 3, 2010)

Efforts to establish the Pentagon's computer network defense command have been slowed by congressional concerns about privacy and clarity about the command's mission.......

Lawmakers and Consumer and Industry Groups Respond to HHS Interim Breach Notification Rule (December 31, 2009)

Health industry representatives and members of the US Congress have sent letters of comment to US Department of Health and Human Services (HHS) Secretary Kathleen Sebelius regarding her agency's interim final rule regarding data breaches of protected health information.......

Indiana Fugitive Found Through Online Game (December 31, 2009)

The Howard County, Indiana Sheriff's Department found a fugitive from justice through his penchant for playing the online game World of Warcraft (WoW).......

TSA Withdraws Subpoenas Against Bloggers (December 31, 2009)

The US Transportation Security Administration (TSA) has withdrawn subpoenas served against two bloggers who allegedly posted copies of a TSA security directive issued in the wake of the December 25 attempted attack on an airplane en route to Detroit.......

McAfee Report Predicts Top Threats and Trends for 2010 (December 29 & 30, 2009)

According to McAfee's 2010 Threat Predictions Report, Adobe Reader and Adobe Flash will be the top targets for malware writers in 2010.......

Gonzalez Pleads Guilty (December 29 & 30, 2009)

Albert Gonzalez has pleaded guilty to charges of conspiracy for his role in the massive data breach that compromised millions of payment card accounts from the networks of Heartland Payment Systems, 7-Eleven, Hannaford Bros.......

TJX Sniffer Author Sentenced (December 22 & 29, 2009)

One of the people involved in the TJX data breach has been sentenced to two years in prison.......

Chinese Matchmaking Site Data Stolen (December 26 & 28, 2009)

A former board member of a Chinese matchmaking website is accused of stealing applicant information and trying to sell it to other companies.......

SANS%20Internet%20Storm%20Center,%20InfoCON%3A%20green

SANS Internet Storm Center, InfoCON: green

PDF Babushka, (Thu, Jan 14th)

I'm pretty sure that some of our readers had enough of malicious PDF for last couple of weeks. Adobe ...(more)...

Sun Java JRE 6 Update 18 Released, (Wed, Jan 13th)

This release contains fixes for 358 bugs. You can see the release notes for this version here ...(more)...

Adobe Reader and Acrobat patches are available, (Wed, Jan 13th)

If you are running Adobe Reader and/or Acrobat version 9.2 and earlier, you need to patch again! Ad ...(more)...

Domains being registered about the Haiti Earthquakes already, (Wed, Jan 13th)

While we, at the ISC, do not assume that the domains being registered are malicious in nature in any ...(more)...

SMS Donations Advertised via Twitter, (Wed, Jan 13th)

[Update] Both short codes in use right now, 501501 and 90999 are tracing back to registered twitter ...(more)...

Google's response to being attacked by China, (Wed, Jan 13th)

Today a blog post was put on the Official Google Blog talking about the attack against them from Chi ...(more)...

Haiti Earthquake: Possible scams / malware, (Tue, Jan 12th)

Major news organizations reported earlier about a devastating earthquake in Haiti. Unlike the smalle ...(more)...

Pre-Announced Adobe Reader and Acrobat Patch Found!, (Tue, Jan 12th)

As soon as I wrote this diary about the missing Adobe Acrobat / Reader patch, a few readers (ours, n ...(more)...

Oracle Patches Relased, (Tue, Jan 12th)

Luckily, Microsoft din't have much to announce today. But don't take the day off yet ...(more)...

Microsoft Advices XP Users to Uninstall Flash Player 6, (Tue, Jan 12th)

As part of today's bulletin release, Microsoft advices users of Windows XP to uninstall Flash Player ...(more)...

Microsoft Security Bulletin: January 2010, (Tue, Jan 12th)

Overview of the January 2010 Microsoft patch and status. # ...(more)...

IPv6 and isc.sans.org, (Tue, Jan 12th)

I spent some time last week to analyze the IPv6 traffic isc.sans ...(more)...

Baidu defaced - Domain Registrar Tampering, (Tue, Jan 12th)

The Chinese search engine Baidu was briefly defaced earlier today. The replacement page was identica ...(more)...

Microsoft Patch Tuesday - Preannouncement, (Tue, Jan 12th)

According to Microsoft patch tuesday preview, there will only be one bulletin released tomorrow [1]. ...(more)...

PoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability, (Tue, Jan 12th)

Proof of Concept code exploiting the MacOS X 10.5/10 ...(more)...

BackTrack 4 final released http://www.remote-exploit.org/news.html http://www.backtrack-linux.org/downloads/, (Mon, Jan 11th)

...(more)...

Fake Android Application, (Mon, Jan 11th)

Somehow I missed that First Tech Credit Union warned its users late in December about a ...(more)...

the (large) domain registrar "eNom" appears to have problems with its DNS servers according to some user reports., (Mon, Jan 11th)

------ Johannes B. Ullrich, Ph ...(more)...

Easy DNS BIND Sinkhole Setup, (Sun, Jan 10th)

ISC handlers have written several reports this past week dealing with malware that redirect a client ...(more)...

6.5 magnitude earthquake in California causing local poweroutage, (Sun, Jan 10th)

A 6.5 magnitude earthquake off the coast of California [1] is causing some local power outages at th ...(more)...

What's Up With All The Port Scanning Using TCP/6000 As A Source Port?, (Sat, Jan 9th)

We here at the SANS ISC always appreciate all the feedback from our readers concerning Internet an ...(more)...

Microsoft OfficeOnline, Searching for Trust and Malware, (Fri, Jan 8th)

Several readers have commented on today's Websense alert, found here == http://securitylabs.webs ...(more)...

Targeting OWA users - A report from the Mailbag, (Fri, Jan 8th)

We received a report from Ted of an email campaign targeting OWA users that leads to malware infecti ...(more)...

Please participate in our reader survey: http://www.surveymonkey.com/s/2MH25ZC, (Fri, Jan 8th)

------ Johannes B. Ullrich, Ph ...(more)...

VMWare ESX console, critical update for NSS and NSPR: http://lists.vmware.com/pipermail/security-announce/2010/000075.html, (Thu, Jan 7th)

...(more)...

Juniper routers may crash on certain malformed packets, (Thu, Jan 7th)

I personally don't have access to the full vendor bulletin, but word is out that Juniper JUNOS route ...(more)...

Static analysis of malicous PDFs (Part #2), (Thu, Jan 7th)

This sample came to us from ISCreader Joe, who reported that his Acrobat reader had crashed wi ...(more)...

Static analysis of malicious PDFs, (Thu, Jan 7th)

While we are still waiting for the patch and the malicious PDFs which exploit CVE-2009-4324 become m ...(more)...

Possible new MySQL 0day, (Wed, Jan 6th)

Intevydis published a flash video on Monday showing what appears to be a new 0day exploit against My ...(more)...

Firefox update available, (Wed, Jan 6th)

Just a quick note - Mozilla released Firefox 3.5 ...(more)...

Secure USB Flaw Exposed, (Wed, Jan 6th)

Update Our Handler Arrigo Triulzi pointed out that the fixed memory content that was me ...(more)...

New Tool: IPv6 conversions http://isc.sans.org/tools/ipv6.html, (Wed, Jan 6th)

------ Johannes B. Ullrich, Ph ...(more)...

Denial of Service Attack Aftermath (and what did Iran have to do with it?), (Wed, Jan 6th)

I finally finished the report summarizing what we learned from yesterday's denial of service attack. ...(more)...

Firefox security and stability update for version 3.5.7 and 3.0.17 available for download, (Wed, Jan 6th)

...(more)...

Kodak EasyShare Wireless Picture Frame RSS Feed is world readable, (Tue, Jan 5th)

Garrett pointed us at this blog post: http://seattlewireless.net/~casey/?p=13 which discusses an int ...(more)...

Report of Java Object Serialization exploit in use in web drive-by attacks, (Tue, Jan 5th)

We've had a report (thanks Tom!) of a java applet exploiting CVE-2008-5353 (http://cve.mitre ...(more)...

New poll on handling PDF documents, (Tue, Jan 5th)

...(more)...

SANS%20RSS%20Feed

SANS Information Security Reading Room

Last 25 Computer Security Papers added to the Reading Room

Humans... The Overlooked Asset

Category: ISO-17799

Paper Added: January 7, 2010

The%20Register

The Register - Security

Biting the hand that feeds IT

Security experts dissect Google China attack
Howdunnit mystery

Analysis The hacking attacks against Google that prompted the search engine giant to consider pulling out of the country are far more frequent than is commonly thought.…

Dodgy Haiti earthquake-themed domains point to scams
Some people really are all heart

With sad inevitability, fraudsters have rushed to register the Haiti earthquake-themed scam URLs in the wake of Tuesday's natural disaster in the impoverished Caribbean country.…

Trojan pr0n dialers make comeback on mobile phones
By popular demand

After taking a long hiatus, trojan dialers that can rack up thousands of dollars in charges are back by popular demand.…

Google flips default switch for always-on Gmail crypto
Hours after dropping Chinese hack bomb

Just hours after Google disclosed it and at least 20 other large companies were the targets of highly sophisticated cyberattacks, the online giant said it would enhance the security of its email service by automatically encrypting entire web sessions.…

McKinnon granted another judicial review
Is Pentagon hacker too ill for US trial?

The High Court has granted a further judicial review of the Home Secretary's decision to allow extradition proceeding against Pentagon hacker Gary McKinnon to proceed. The move means the imminent threat of extradition against McKinnon is removed until at least April.…

Facebook snuggles with McAfee in security spree
Symantec unlikely to like updated relationship status

Facebook has partnered with McAfee to offer users of the social networking site a free six-month subscription to its security software.…

Spam filters stuff Canadian Beaver
Venerable magazine to adopt less suggestive title

Venerable Canadian publication The Beaver has been obliged to change its name after prudish spam filters objected to its suggestive title.…

Google leaves censorship to China's experts
China crisis not exactly a human rights triumph

Comment Amnesty International was among the human rights organisations scrambling to congratulate Google for threatening to pull out of China today.…

Lethic botnet knocked out by security researchers
Zombie network taken down

The command-and-control servers of the Lethic botnet have been taken out following a spam-busting collaboration between security firm Neustar and ISPs.…

Critical Adobe updates overshadow MS Patch Tuesday
PDF peril finally plugged

January's Patch Tuesday update from Microsoft was overshadowed in importance by fixes that defend against highly publicised exploits in Adobe Acrobat and Reader.…

'Sandwich attack' busts new cellphone crypto
Kasumi cipher cracked (in theory)

A new encryption scheme for protecting 3G phone networks hasn't even gone into commercial use and already cryptographers have cracked it - at least theoretically.…

Google may exit China after 'highly targeted' attack
Activists hit in 20-company dragnet

Updated Google plans to curb its controversial practice of censoring search results in China after uncovering a "highly sophisticated and targeted attack" designed to steal information about human rights activists from its Gmail service and at least 20 other large companies.…

Hackers pluck 8,300 customer logins from bank server
New variation on an old theme scheme

Hackers have stolen the login credentials for more than 8,300 customers of small New York bank after breaching its security and accessing a server that hosted its online banking system.…

South Korea sets up cyberwarfare unit to repel NORK hackers
M*A*S*H with hackers instead of medics

South Korea has launched a cyberwarfare command centre designed to fight against possible hacking attacks blamed on North Korea and China.…

Police cuff citizens for videotaping arrests
Film a cop, go to jail

Since the police beating of motorist Rodney King in 1991, men in blue have looked warily at the civilian videotaping of arrests and other police activities. Some cops are so opposed to the practice, they've begun arresting the amateur videographers and charging them criminally.…

Frustrated bug hunters to expose a flaw a day for a month
Fed up about getting exploited about exploits

A Russian security firm has pledged to release details of previously undisclosed flaws in enterprise applications it has discovered every day for the remainder of January.…

Twitter hack group hits Baidu.com
Chinese search engine giant in DNS hijack drama

The same group that used a DNS attack to hijack Twitter last month has defaced the home page of Chinese search engine Baidu.…

Twitter hunts app-making, security-boosting techies
Can you apply in less than 140 characters?

Twitter is looking to hire engineers that will enable it to develop revenue-generating services and improve its security.…

Google leaks small biz stats to random people
Traffic data snafu blamed on 'human error'

Google has inadvertently leaked web traffic data for multiple small businesses to random third-parties across the web.…

Apple sits on critical Mac bug for 7 months (and counting)
Unix flaw fixed in OpenBSD, not OS X

Researchers have disclosed a critical vulnerability in the latest version of Mac OS X that they say Apple has sat on for almost seven months without fixing.…

Judge awards Dish Network $51m from satellite pirate
'Substantial and unquantifiable harm'

A federal judge has slapped a $51m judgment on a Florida man for distributing software that allowed people to receive television programming from Dish Network without paying for it.…

False Facebook charge group used to spread malware
Malware pokes outraged users

A false rumour suggesting that Facebook is to start charging is being used to bait malware traps.…

Rogue phishing app smuggled onto Android Marketplace
Ghost in the machine

A phisher hoping to harvest bank login details managed to smuggle his app onto the Android app store.…

Database updates star in Oracle quarterly patch batch
A light sprinkling of security fixes

Oracle is preparing 24 patches for its latest quarterly patch update.…

Symantec Y2.01K bug still stymies customers
String compare hobbles Endpoint Manager

Nine days after Symantec's corporate antivirus dashboard succumbed to an end-of-decade bug that caused it to stop accepting updates, the company has yet to fix the underlying problem, much to the chagrin of customers.…

Fix finalized for SSL protocol hole
Now comes the hard part

Engineers have signed off on a fix for a potentially serious vulnerability in the SSL, or secure sockets layer, protocol that secures email, web transactions and other types of sensitive internet traffic.…

Serious IE and Windows flaws left to fester
No Microsoft fix in sight

Microsoft won't fix vulnerabilities in the latest versions of Internet Explorer or Windows during its regularly scheduled patch release on Tuesday, meaning users will have to wait at least another month to get updates that correct the security risks.…

Brit ISP knocked offline by Latvian DDOS
Company switchboard nobbled too

About 30,000 customers of the Cheshire-based ISP Vispa were forced offline for almost 12 hours today by a DDOS attack traced to the Baltic state of Latvia.…

Microsoft readies singular fix for first Patch Tuesday of 2010
No update for frosty Windows 7 bug, mind

Microsoft's first Patch Tuesday of the year looks set to be more famine than feast.…

RSA crypto defiled again, with factoring of 768-bit keys
More where that came from

Yet another domino in the RSA encryption scheme has fallen with the announcement Thursday that cryptographers have broken 768-bit keys using the widely used public-key algorithm.…

Easily spoofed traffic can crash routers, Juniper warns
Ashes, ashes all fall down

Juniper Networks is warning customers of a critical flaw in its gateway routers that allows attackers to crash the devices by sending them small amounts of easily-spoofed traffic.…

Hacker pierces hardware firewalls with web page
No interaction required

On Tuesday, hacker Samy Kamkar demonstrated a way to identify a browser's geographical location by exploiting weaknesses in many WiFi routers. Now, he's back with a simple method to penetrate hardware firewalls using little more than some javascript embedded in a webpage.…

'Peeping Tom' caught on own camera
Police issue self-portrait of changing room spy cam man

Police have issued a fetching self-portrait of a man who was caught on the miniature camera he put in the ladies changing room of a Cheshire supermarket.…

Year 2010 bug wreaks havoc on German payment cards
Son of Y2K also hits SpamAssasin, Symantec

A delayed Y2K bug has bitten hard at some 30 million holders of German debit and credit cards, making it impossible for them to use automatic teller machines and point-of-sale terminals since New Year's Day.…

Feds investigate theft of $3m from NY school
An epidemic continues

The FBI and New York state police are investigating the online theft of more than $3m from a small school district in the western part of the state.…

Hacker pilfers browser GPS location via router attack
'Scary how accurate it is'

If you're surfing the web from a wireless router supplied by some of the biggest device makers, there's a chance Samy Kamkar can identify your geographic location.…

Google Moves Gmail to More Secure HTTPS Service

At the risk of inconveniencing some users, Google has moved its Gmail to a more secure protocol. The timing of the action is seen as a response to Chinese hacking attempts against the online mail service.

Law firm in Green Dam suit targeted with cyber-attack

The law firm representing a U.S. company involved in a legal dispute over China's Green Dam censorship software says it was targeted with a sophisticated online attack this week, similar to the one reported by Google Tuesday.

Facebook puts your privacy on parade

Once again Facebook is involved in a privacy imbroglio, and once again it's because boy-founder Mark Zuckerberg opened his yap and stuck his Keds-clad foot inside.

DDoS Attacks Are Back (and Bigger Than Before)

DDoS attacks are back in the headlines. Thanks to the rapid proliferation of botnets, the threat may be bigger than the bad guys had even planned.

The Cost of Google Pulling Out of China

If Google follows through on its threat to shut down operations in China in response to cyber attacks and spying efforts, it would be walking away from a fairly significant chunk of revenue. The resulting Internet advertising vacuum would lead to hundreds of millions of dollars flowing out of the United States and into Chinese coffers.

Hackers used rigged PDFs to hit Google -- and Adobe, says researcher

Adobe today confirmed that the cyberattack that hit its corporate network earlier this month was connected to the large-scale attacks Google cited yesterday as one reason it might abandon China.

Converging physical and logical security: A good idea or not?

A look at the pros and cons of merging physical and logical security.

Debate rages over converging physical and IT security

IT departments are no strangers to turf wars, but the one shaping up between those overseeing computer networks and those in charge of physical security could really get ugly.

Google Attack Highlights Strength of Targeted Malware

Google's revelation of China-based hacker attacks against it and many other major companies shines the spotlight on today's top Internet threat: the targeted attack.

Hacking risks persist even if companies withdraw from China

Google and other enterprises still face a bleak computer security landscape that makes their companies vulnerable to hackers, whether they do business in China or not, analysts say.

£500,000 fines for companies that lose data

Organisations that lose sensitive data could be fined up to £500,000 by the Information Commissioner's Office.

Gemalto offers fix for German payment card date bug

Smart card vendor Gemalto said Wednesday it is distributing a software fix to banks for a programming glitch that caused millions of German payment cards to stop working.

The state of the data center: Part 2

Symantec released its 2010 State of the Data Center study this week. This newsletter is part II of the study conducted by Applied Research of 1,780 respondents.

Google hack raises serious concerns, U.S. says

A coordinated hacking campaign targeting Google, Adobe Systems and more than 30 other companies raises serious concerns, U.S. Secretary of State Hillary Clinton said Tuesday.

Facebook, McAfee team on Facebook security effort

Facebook and McAfee have formed a partnership aimed at improving security for Facebook's 350 million users.
Related Searches

Google threatens to leave China after massive cyberattacks

Google today said that a "highly sophisticated and targeted" attack against its network last month originated in China, prompting the search giant to consider pulling its operations out of the country.

Critical Updates from Microsoft, Adobe, and Oracle

Today is the second Tuesday of 2010, which means it's the second Tuesday in January, which makes it Patch Tuesday. Microsoft welcomed 2010 by taking things easy this month and released only a single security bulletin.

Serious Flaws Patched for Adobe Reader and Windows 2000

Today's post-holiday Patch Tuesday included just one bulletin, which is rated critical only for Windows 2000, but Adobe also released a must-have Reader update.

Pirate's cove: Defenses

This final article in a series of four articles examines issues of defense against cyber pirates. In laws and regulations, distinctions are not made between passive defenses, such as firewalls, anti-malware and other conventional defenses, and active defenses such as counter attacks. Perhaps such distinctions are necessary.

Skip Microsoft's critical patch, focus on Adobe's, experts urge

Microsoft today issued just one security update for Windows, the lowest number on a Patch Tuesday since January 2009, and security experts advised users to focus first on updates coming from Adobe.

Microsoft DirectAccess: The ugly truth

The seamless secure remote access built into Windows 7 and Windows Server 2008 R2 is fantastic, if you don't mind a forklift upgrade or complexity and work-arounds

More Identity issues for 2010

Today we'll get back to predictions for 2010 as offered to me by some of the leading lights of the IdM universe. You'll remember (I hope) that two issues ago we looked at predictions for identity and cloud computing, the most popular topic from my correspondents. The next most popular topic was mergers and acquisitions, with some surprising answers.

Google blames 'human error' for data leak

Google is apologizing after it mistakenly e-mailed potentially sensitive business data last week to other users of its business listings service.

Banking malware found in Google Android Market

Mobile phone owners with handsets running Google's Android OS, such as the HTC Hero, could be at risk from cybercriminals trying to steal their bank account information.

Anti-theft chip turns laptop into ‘brick'

Absolute Software has added a new feature to its Computrace Lojack anti-theft software that can remotely turn a stolen laptop into a useless, non-bootable ‘brick'.

Group behind Twitter hack takes down Baidu.com

The group that took down Twitter.com last month has apparently claimed another victim: China's largest search engine Baidu.com.

ISP operators among 19 arrested in cyber-fraud case

The owner of a Dallas-based Internet service provider that was raided last April has been charged with participating in a conspiracy to defraud more than US$15 million from companies such as Verizon, AT&T and XO Communications.

Expert: Fraudsters pull tricks with Google ads

Companies such as Continental Airlines rely on Internet advertising from Google to deliver customers to their Web site. It constitutes essential marketing in the digital age.

Security Manager's Journal: Conficker worm keeps on coming

Many people are worried about H1N1 this flu season, but I'm more concerned about a different kind of virus right now. My company is dealing with an outbreak of the Conficker worm, which uses some fairly sophisticated techniques to evade detection and removal. Meanwhile, some cleverly designed spam is getting past our filters as well. Both of these problems are examples of evolving network threats that present some challenges to the security team.

Facebook CEO Challenges the Social Norm of Privacy

Lost in the flurry of products announcements at last week's Consumer Electronics Show was Facebook CEO Mark Zuckerberg's suggestion on Friday that some aspects of privacy are a thing of the past. The Facebook founder's comments were part of an interview with TechCrunch's Michael Arrington during last week's Crunchie awards presentation.

Maryland aims to be cybersecurity 'epicenter'

Maryland officials want the state to be the U.S. "epicenter" for fighting cyber attacks, and on Monday they launched an effort to bring more cybersecurity research and jobs to the state.

4 out of 5 parents let children use Facebook

Almost four out five parents allow their children under 15 to use social networks site such as Facebook and Bebo, says MyVoucherCodes.

Pirate's cove: The eastern havens

This third in a series of four articles by Kathleen E. Hayman, Michael Miora, CISSP-ISSMP, FBCI and Allen P. Forbes presents discusses the environment or climate affecting the activities of cyber pirates and privateers.

Half of all data centers understaffed, Symantec survey finds

Fifty percent of IT executives say their data centers are understaffed, and companies are still looking for more ways to cut costs.

Software uses fingerprint to launch apps, log in

Taiwanese software manufacturer EgisTec is showing a product here at CES that lets you use your laptop's built-in fingerprint reader to launch applications, manage passwords and encrypt files. EgisTec BioExcess also lets you scroll internet pages and office documents using four-way navigation.

Hacking Takes Lead as Top Cause of Data Breaches

Hacking has topped human error as the top cause of reported data breaches for the first time since such tracking began in 2007, according to the Identity Theft Resource Center's 2009 Breach Report.

L.A. Apple Store shoppers targeted by thieves

The L.A. Times Blog reports about an ongoing series of thefts targeting more than 100 Los Angeles-area Apple Store customers.

White House calls for IT boost to fight terrorism

The White House report on the bombing attempt board a U.S airliner on Christmas Day highlights the challenges U.S intelligence agencies face in correlating terrorism-related information gathered from multiple databases and sources.

More flash drive firms warn of security flaw; NIST investigates

SanDisk and Verbatim have joined Kingston in warning owners of some USB flash drives they should update their devices to protect against a security flaw that allows hackers access to their data.

Chrome sets browser security standard, says expert

All browser makers should take a page from Google's Chrome and isolate untrusted data from the rest of the operating system, a noted security researcher said today.

Oracle critical patch update includes 24 fixes

Oracle on Tuesday will release a patch update that includes 24 security fixes for its database, application server and other products.

Norton wins PC Advisor's Best Security Software award

Norton Internet Security 2009 has been named the best security software to come through PC Advisor's Test Centre over the past 12 months.

Microsoft wins PC Advisor's Best Free Software award

Microsoft Security Essentials has won the PC Advisor Awards 2010 - Best Free Software award, after being named as the best freebie to come through the PC Advisor Test Centre over the past 12 months.

Heartland to pay up to $60 million to Visa over breach

Heartland Payment Systems will pay up to US$60 million to issuers of Visa credit and debit cards for losses they incurred from a 2008 data breach at the large payment processor.

Improving network access security for unmanaged devices

Unmanaged devices such as smartphones and guest users' laptops can be a real problem on any network. Experts from Avenda Systems provide best practice tips on how to balance network access security with the need for productivity.

TSA nominee runs into flak over improper database access

The improper use of a federal database two decades ago by Erroll Southers, the White House nominee to be administrator of the Transportation Security Administration (TSA), has caught the attention of GOP lawmakers.

Juniper patches router-crashing bug

Juniper Networks has issued seven security advisories for its products, including a fix for a nasty bug that could be used to crash the company's routers.

The Low-down on Low-level Rootkits

Rootkits, a type of stealth technology used by malware malefactors, attempt to hide in the dark corners of an infected PC and evade detection. A new post out today from the Microsoft Malware Protection Center shines the spotlight on the evil tools.

Mac security reality check: mobile tech

Portable technology--laptops and iPhones particularly--come with their own special security risks. They can be lost, for starters. And iPhones can be made especially vulnerable if you jailbreak them. Here are some tips for keeping your mobile technology--and you--safe.

The 10 dumbest tech moves of 2009

It's that time of year again -- time to look back and offer my 2009 awards for the most malicious, obnoxious, offensive, or nonsensical behavior in technology. The 10 winners this year include some of the best-known companies on the planet, as well as some obscure but worthy candidates.

Microsoft won't fix Windows 7 crash bug next week

Microsoft today said it will deliver a single security update on Tuesday to patch just one vulnerability in Windows.

Large-scale attacks exploit unpatched PDF bug

Hackers are exploiting a bug in Adobe's PDF software with both target and large-scale attacks a week before a patch is slated to be released.

SpamAssassin '2010' bug blocked email across world

If you sent an email in the first few hours of 2010, there is a chance that it never reached its recipient thanks to an embarrassing ‘2010' bug buried in the open source SpamAssassin anti-spam engine used by many Internet Service Providers.

Heartland breach shows why compliance is not enough

Nearly a year after Heartland Payment Systems disclosed what turned out to be the largest breach involving payment card data, the company remains a potent example of how compliance with industry standards is no guarantee of security.

FTC to examine cloud privacy concerns

In a development likely to be closely watched by Google Inc., Amazon.com, Microsoft Corp. and other vendors, the Federal Trade Commission is examining potential threats to consumer privacy and data security posed by cloud computing.

VA, Kaiser Permanente launch e-health records exchange

The Veterans Administration and Kaiser Permanente unveiled a pilot program that shares patients' electronic health records between the two organizations. The system is the first of its kind.

Kingston recalls some USB drives due to security flaw

Kingston Technology Company Inc. is saying a security flaw in certain models of its "secure" USB flash drives allows hackers unauthorized access to passwords.

FBI investigating online school district theft

A New York school district has reverted to using paper checks after cybercriminals tried to steal about US$3.8 million from its online accounts just before Christmas, prompting an FBI investigation.

25 million strains of malware identified in 2009

More than 25 million new strains of malware were created last year, says PandaLabs.

Carry cash as well as a card, says German bank association

An end-of-the-decade programming glitch is causing problems for holders of millions of German credit and ATM cards.

TalkTalk slams 'misguided' Bono for net piracy comments

TalkTalk has called U2 frontman Bono "misguided" after he accused ISPs from profiting from illegal filesharing.

Startup shows super-rugged SSD backup

Storage startup ioSafe has shown off its idea of indestructible storage, the Solo SSD, which it claims can survive almost any shock, drop, flood or even fire hazard business disaster can throw at it.

Adobe testing new automatic updater

Next week, Adobe Systems will begin testing new automatic software designed to make it easier for Reader and Acrobat users to keep their products up-to-date.

Cisco buys Rohati Systems

Cisco has just acquired start-up Rohati Systems, according to Rohati’s president and CEO Prashant Gandhi, who says the acquisition price is not disclosed.

Secure USB Drives Not So Secure

Vendors admit many hardware-encrypted USB memory sticks contain a dangerous flaw that make them easy hack targets, and many more may be vulnerable

Private Investigations in the Information Age

These first two decades of Information Age, i.e., the 1990s and the 2000s, have transformed almost all aspects of human endeavor from bookselling to physics, from astrology to economics, and from pornography to politics; and the many ways in which the field of investigation has been impacted by information technology (IT) is of particular interest for me.

Mac security reality check: user error

Some security problems are due to user error (or user laziness). It's not that hard to practice good system security on your Mac. But a surprising number of people--including some who should know better--don't. Here are some basic tips on practicing safe computing.

CyberSitter files lawsuit against China over Green Dam

Web software filtering vendor CyberSitter has filed a US $2.2 billion lawsuit against the Chinese government, two Chinese software markers and seven major computer manufacturers for their distribution of Green Dam Youth Escort, a controversial Web filtering package the Chinese government had mandated to be installed on computers sold there.

Identity issues for 2010

A belated Happy New Year to you all, and let's hope it's a better one that 2009. But what can we look forward to in the coming year? I posed that question to a number of people in the IdM industry and over the next few issues we'll look at what they had to say.

Symantec product hits end-of-decade snafu

Symantec is warning that its Endpoint Protection Manager server product is erroneously marking signature updates issued this year as out of date.

2010 tech forecasts: What the accurate analysts predict

New-year predictions are often iffy, but these firms were pretty accurate in their 2009 calls. Will they be right again?

Kingston owns up to USB stick hack

Independent memory giant Kingston Technology has issued a highly unusual warning that several of its supposedly secure encrypted USB drives can be hacked

McAfee Avert Labs

Cutting edge security research as it happens.......

New Koobface variant saves researchers time from analysis

By Prajwala Rao on Uncategorized

Researchers at McAfee labs monitor Koobface activities 24/7 via custom honeypots and while reviewing one such update we noticed a variant that had debug/log features. Unlike the traditional captcha breaking technique to create new accounts, this variant of the worm converts the infected machine to a bot. When we analysed the malware trapped in our botnet, [...]

BlackBerry Messenger the new vehicle to distribute Hoaxes?

By Oliver Devane on Web and Internet Safety

I received an interesting IM from a friend via BlackBerry Messenger [BBM] this weekend. She was worried that it could do damage to her shiny new BlackBerry and, as she knew I work for McAfee, she forwarded it to me for my opinion. As soon as I read it, I knew it was a hoax and [...]

McAfee Labs’ January Spam Report

By David Marcus on Spam and Phishing

Angelina Jolie and Barack Obama are the #1 celeb subjects of choice for spammers, according to our January Spam Report. The report also reveals: • The top 25 men and women that were spammed • Chinese pharma spam isn’t going away – in fact, on Dec 14, spam levels skyrocketed with subject lines advertising discounts on Pfizer drugs • “Free-hosting” websites [...]

W32/Fame

By Oliver Devane on Malware Research

Unlike the first malware authors who wrote viruses seeking fame through destruction, their motivation has changed to financial gain. Nevertheless, there are still the ones out there who share the first authors’ intent. I was analysing a simple Trojan today and saw the following message: It is not uncommon for malware authors to leave messages in [...]

Windows 7 – XP Mode

By Bing Sun on Uncategorized

In my last blog, we have discussed the kernel API refactoring in Windows 7, today we are going to look at a new feature of Windows 7 – XP Mode, which is a combined solution of Virtualization and RemoteApp technologies. For quick understanding on Windows XP Mode, let’s look at an excerpt from Wikipedia about its [...]

Windows 7 – Kernel API Refactoring

By Bing Sun on Uncategorized

After the public release of Microsoft Windows 7, I saw many people were curious about and showed great interest in “MinWin”, but most of them were not able to understand or explain it correctly and they often confused “MinWin” with “Server Core”. So what does exactly the term “MinWin” mean? One of Microsoft goals for Windows [...]

InSecurity Complex

Keeping tabs on flaws, fixes, and the people behind them.

Behind the China attacks on Google (FAQ)

By Elinor Mills

Here's an FAQ on what is known and what is not known about the China-related attacks on Google and the other Silicon Valley companies.

U.S. law firm behind China piracy suit targeted in attacks

By Elinor Mills

It's unknown whether an e-mail attack targeted at firm's lawyers is related to the mid-December attacks on Google and other companies that also originated in China.

Unpatched Adobe holes link Google and earlier attacks

By Elinor Mills

PDF files exploiting unpatched holes in Adobe Reader were used in attacks on Google and others in December and a previous targeted attack on 100 U.S. companies last summer, an expert says.

Fixes in for Windows 2000, Adobe Reader

By Elinor Mills

Security experts say Adobe's patch for a zero-day Reader vulnerability is more critical than the Windows hole.

Microsoft, Adobe prep critical security patches

By Elinor Mills

Microsoft to issue one bulletin on Patch Tuesday, while Adobe will fix a targeted Reader and Acrobat vulnerability and launch a beta of new automatic-update service.

Cybersitter suit accuses China, PC makers of software piracy

By Elinor Mills

Lawsuit alleges that Sony, Toshiba, Lenovo, and others distributed millions of copies of pirated Web filtering software at the behest of the Chinese government.

Info Security News

Carries news items (generally from mainstream sources) that relate to security.

Google Hackers Targeted Source Code of More Than 30 Companies

Posted by InfoSec News on Jan 13

http://www.wired.com/threatlevel/2010/01/google-hack-attack/
By Kim Zetter
Threat Level
Wired.com
January 13, 2010
A hack attack that targeted Google in December also hit 33 other
companies, including financial institutions and defense contractors, and
was aimed at stealing source code from the companies, say security
researchers at iDefense.
The hackers used a zero-day vulnerability in Adobe Reader to deliver
malware to many of the...

DARPA moves ahead with National Cyber Range project for advanced cyber security research

Posted by InfoSec News on Jan 13

http://mae.pennnet.com/display_article/372369/32/ARTCL/none/EXECW/1/DARPA-moves-ahead-with-National-Cyber-Range-project-for-advanced-cyber-security-research/
By John Keller
Military & Aerospace Electronics
13 Jan. 2010
ARLINGTON, Va. -- The U.S. Defense Advanced Research Project Agency
(DARPA) in Arlington, Va., is awarding multimillion-dollar contracts to
two research organizations to build prototype advanced computing centers
to...

Clinton queries China about Google's cyberattack allegations

Posted by InfoSec News on Jan 13

http://fcw.com/articles/2010/01/13/web-google-cyberattack-china.aspx
By Ben Bain
FCW.com
Jan 13, 2010
Secretary of State Hillary Rodham Clinton is looking for an explanation
from the Chinese government regarding Google's accusation that a
cyberattack against the company's infrastructure originated in China,
with a primary goal of accessing Chinese human rights activists' Gmail
accounts.
"We have been briefed by Google on these...

Judicial review for McKinnon extradition decision

Posted by InfoSec News on Jan 13

http://news.bbc.co.uk/2/hi/uk_news/8458004.stm
BBC News
13 January 2010
A High Court judge is to rule on whether Home Secretary Alan Johnson was
wrong to allow the extradition of computer hacker Gary McKinnon.
The judicial review will examine Mr Johnson's decision that a US trial
would not breach his human rights.
Mr McKinnon, 43, who has Asperger's syndrome, is accused of breaking
into the US military computer system. He says he was...

U.S. law firm behind China piracy suit targeted in attacks

Posted by InfoSec News on Jan 13

http://news.cnet.com/8301-27080_3-10434551-245.html
By Elinor Mills
InSecurity Complex
CNET News
January 13, 2010
A U.S. law firm representing a Web content-filtering company in a piracy
lawsuit against the Chinese government said on Wednesday that it
received malicious e-mails in a targeted attack from China similar to
recent attacks on Google and other U.S. companies.
At least 10 employees at Gipson Hoffman & Pancione received the...

Hackers of the world unite

Posted by InfoSec News on Jan 13

http://www.guardian.co.uk/commentisfree/2010/jan/13/hackers-26c3-technology
By Mark Fonseca Rendeiro
Comment is free
guardian.co.uk
13 January 2010
The 26th edition of the world's largest annual hacker conference, 26C3,
took place in Berlin last week. With about 2,500 attendees, a combined
total of 9,000 participants worldwide (via live streams), and an array
of features that no other conference in the world can match, it was very
much a...

CFP: Workshop on Collaboration and Security (COLSEC'10) - Last date approaching

Posted by InfoSec News on Jan 13

Forwarded from: Patrice Clemente <patrice.clemente (at) ensi-bourges.fr>
================================================================
The 2010 International Symposium on Collaborative Technologies and Systems
(CTS 2010)
CALL FOR PAPERS
Workshop on Collaboration and Security (COLSEC'10)
The Westin Lombard Yorktown Center Chicago, Illinois, USA May 17-21,...

Hackers pluck 8,300 customer logins from bank server

Posted by InfoSec News on Jan 12

http://www.theregister.co.uk/2010/01/12/bank_server_breached/
By Dan Goodin in San Francisco
The Register
12th January 2010
Hackers have stolen the login credentials for more than 8,300 customers
of small New York bank after breaching its security and accessing a
server that hosted its online banking system.
The intrusion at Suffolk County National Bank happened over a six-day
period that started on November 18, according to a release (PDF)...

Judiciary boosting security after website hacked

Posted by InfoSec News on Jan 12

http://thestar.com.my/news/story.asp?file=/2010/1/12/nation/20100112211300&sec=nation
By SHAILA KOSHY
The Star Online
January 12, 2010
KUALA LUMPUR: The Judiciary will be upgrading the security of its court
computer systems, following a hacking and defacing of its website last
Thursday.
Security has become crucial with the introduction of e-filing and the
online management of court documents last year.
According to court sources, the...

U.S. Army Website Hacked

Posted by InfoSec News on Jan 12

http://www.darkreading.com/database_security/security/app-security/showArticle.jhtml?articleID=222300588
By Kelly Jackson Higgins
DarkReading
Jan 12, 2010
Romanian hackers continue to have a field day with SQL injection flaws
in major Website applications: A vulnerability in a U.S. Army Website
that leaves the database wide open to an attacker has now been exposed.
"TinKode," a Romanian hacker who previously found holes in NASA's...

ISP Operators Among 19 Arrested in Cyber-Fraud Case

Posted by InfoSec News on Jan 12

http://www.csoonline.com/article/514639/ISP_Operators_Among_19_Arrested_in_Cyber_Fraud_Case
By Robert McMillan
IDG News Service
January 12, 2010
The owner of a Dallas-based Internet service provider that was raided
last April has been charged with participating in a conspiracy to
defraud more than US$15 million from companies such as Verizon, AT&T and
XO Communications.
Matthew Simpson, 25, of Red Oak, Texas, is one of 19 people charged...

Google threatens to leave China after massive cyberattacks

Posted by InfoSec News on Jan 12

http://www.computerworld.com/s/article/9144139/Google_threatens_to_leave_China_after_massive_cyberattacks?taxonomyId=17
By Gregg Keizer
Computerworld
January 12, 2010
Google today said that a "highly sophisticated and targeted" attack
against its network last month originated in China, and tried to access
the Gmail accounts of Chinese human rights activists.
In a blog post Tuesday, David Drummond, Google's chief legal officer,...

Baidu hacked by 'Iranian cyber army'

Posted by InfoSec News on Jan 12

http://news.bbc.co.uk/2/hi/technology/8453718.stm
BBC News
12 January 2010
China's most popular search engine, Baidu, has been targeted by the same
hackers that took Twitter offline in December, according to reports.
A group claiming to be the Iranian Cyber Army redirected Baidu users to
a site displaying a political message.
The site was down for at least four hours on Tuesday, Chinese media
said.
Last year's attack on micro-blogging...

South Korean military to ban use of USB flash drives

Posted by InfoSec News on Jan 12

http://news.xinhuanet.com/english/2010-01/11/content_12791043.htm
By Wang Guanqun
www.chinaview.cn
2010-01-11
SEOUL, Jan. 11 (Xinhua) -- South Korean military plans to ban the use of
USB flash drives starting as early as next year after it builds a new
system to transfer data, local media reported Monday.
The country's Ministry of Defense will put 2.8 billion won (2.5million
U.S. dollars) into developing an alternative system to end...

Firm to Release Database & Web Server 0days

Posted by InfoSec News on Jan 12

http://www.krebsonsecurity.com/2010/01/firm-to-release-database-web-server-0days/
By Brian Krebs
krebsonsecurity.com
January 11th, 2010
January promises to be a busy month for Web server and database
administrators alike: A security research firm in Russia says it plans
to release information about a slew of previously undocumented
vulnerabilities in several widely-used commercial software products.
Evgeny Legerov, founder of Moscow based...

Deny all, permit some

Posted by InfoSec News on Jan 12

http://www.infoworld.com/d/data-explosion/deny-all-permit-some-367
By Matt Prigge
Information Overload
January 11, 2010
Corporate networks face more security threats than ever before. Whether
it's the rampant spread of malware, malicious employees, or plain and
simple user error, IT administrators must bend over backward to ensure
that intruders stay out and corporate data stays in. Tools abound to
help you secure your data, but one simple...

10 Reasons Why Microsoft Should Have Discussed Security At CES

Posted by InfoSec News on Jan 12

http://www.eweek.com/c/a/Security/10-Reasons-Why-Microsoft-Should-Have-Discussed-Security-At-CES-498844/
By Don Reisinger
eWEEK.com
2010-01-11
News Analysis: The big news that came out of CES was a tsunami of new
smartphones and tablet PC designs. But Microsoft, arguably the most
important company at the show, could have made security the theme at CES
this year. Unfortunately, it didn't. And users are left wondering how to
keep their data...

More Researchers Going On The Offensive To Kill Botnets

Posted by InfoSec News on Jan 12

http://www.darkreading.com/insiderthreat/security/vulnerabilities/showArticle.jhtml?articleID=222300408
By Kelly Jackson Higgins
DarkReading
Jan 11, 2010
Yet another botnet has been shut down as of today as researchers joined
forces with ISPs to cut communications to the prolific Lethic spamming
botnet -- a development that illustrates how botnet hunters increasingly
are going on the offensive to stop cybercriminals, mainly by disrupting...

Social Engineering: The Basics

Posted by InfoSec News on Jan 12

http://www.csoonline.com/article/514063/Social_Engineering_The_Basics
By Joan Goodchild
Senior Editor
CSO
January 11, 2010
You've got all the bells and whistles when it comes to network firewalls
and your building's security has a state-of-the-art access system.
You've invested in the technology. But what about the staff?
Social engineers, or criminals who take advantage of human behavior to
pull of a scam, aren't worried about a badge...

Maryland aims to be cybersecurity 'epicenter'

Posted by InfoSec News on Jan 12

http://www.computerworld.com/s/article/9143823/Maryland_aims_to_be_cybersecurity_epicenter_?taxonomyId=17
By Grant Gross
IDG News Service
January 11, 2010
Maryland officials want the state to be the U.S. "epicenter" for
fighting cyber attacks, and on Monday they launched an effort to bring
more cybersecurity research and jobs to the state.
Maryland has several resources that make it the perfect place to be a
national -- and world...

Heartland to pay up to $60M to Visa over breach

Posted by InfoSec News on Jan 10

http://www.computerworld.com/s/article/9143480/Heartland_to_pay_up_to_60M_to_Visa_over_breach?taxonomyId=17
By Grant Gross
IDG News Service
January 8, 2010
Heartland Payment Systems will pay up to $60 million to issuers of Visa
credit and debit cards for losses they incurred from a 2008 data breach
at the large payment processor.
The settlement between Heartland and Visa, announced today, will offer
card issuers "an immediate recovery...

Don't Wait To Lock Down DB2

Posted by InfoSec News on Jan 10

http://www.darkreading.com/database_security/security/app-security/showArticle.jhtml?articleID=222300099
By Ericka Chickowski
DarkReading
Special to Dark Reading
Jan 08, 2010
As pundits ponder how IBM will leverage its acquisition of database
security vendor Guardium to add more security features and
functionalities to its in-house DB2 databases, now is the time for
organizations to re-examine their DB2 security strategies. But many
haven't...

Mac OS X Vulnerability Posted

Posted by InfoSec News on Jan 10

http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=222300150
By Thomas Claburn
InformationWeek
January 8, 2010
Proof of concept exploit code was posted today by a security researcher
at SecurityReason to demonstrate a vulnerability in versions 10.5 and
10.6 of Apple's Mac OS X operating system.
The vulnerability is a potential buffer overflow error arising from the
use of the strtod function Mac OS X's...

RSA crypto defiled again, with factoring of 768-bit keys

Posted by InfoSec News on Jan 10

http://www.theregister.co.uk/2010/01/07/rsa_768_broken/
By Dan Goodin in San Francisco
The Register
7th January 2010
Yet another domino in the RSA encryption scheme has fallen with the
announcement Thursday that cryptographers have broken 768-bit keys using
the widely used public-key algorithm.
An international team of mathematicians, computer scientists and
cryptographers broke the key though NFS, or number field sieve, which
allowed...

Microsoft, Adobe prep critical security patches

Posted by InfoSec News on Jan 10

http://news.cnet.com/8301-27080_3-10429070-245.html
By Elinor Mills
InSecurity Complex
CNET News
January 7, 2010
Microsoft will issue one bulletin on Patch Tuesday next week that is
rated "critical" for Windows 2000.
The patch is designed to address a vulnerability that could allow an
attacker to take control of a computer by remotely executing code on it,
according to an advisory released Thursday. It is rated "low"...

Go Card error investigated

Posted by InfoSec News on Jan 10

http://www.abc.net.au/news/stories/2010/01/11/2789252.htm
By Nikole Jacobi
ABC News
11 January 2010
Queensland's acting Premier Paul Lucas maintains Queensland's Go Card
transport system is the envy of other states, but concedes the
Government needs to do better.
An investigation is underway into how one person's Go Card credit was
wrongly transferred to another person with the same name.
Two call centre employees have been stood down...

Hackers deface 5th govt Web site, mock automated polls

Posted by InfoSec News on Jan 10

http://www.gmanews.tv/story/181239/hackers-deface-5th-govt-web-site-mock-may-polls
By JERRIE ABELLA
GMANews.TV
01/11/2010
Another government Web site was found defaced Sunday night - the fifth
attack since last month.
Hackers of the Technical Education and Skills Development Authority
(Tesda) Web site, however, took on a bolder approach by leaving a
message that seemed to mock the upcoming automated elections.
“Ano ba gagamitin sa...

Nicolas Sarkozy given 'impenetrable' superphone

Posted by InfoSec News on Jan 08

http://www.telegraph.co.uk/news/worldnews/europe/france/6944236/Nicolas-Sarkozy-given-impenetrable-superphone.html
By Henry Samuel in Paris
Telegraph.co.uk
07 Jan 2010
President Sarkozy got to grips with the Teorem phone, which looks like a
regular smartphone, while on a visit to the Thales Communication factory
in Cholet, western France.
Some 20,000 such devices will be distributed to the president and his
entourage as well as government...

CFP: TrustBus'10 (fwd)

Posted by InfoSec News on Jan 08

Forwarded from: Isaac Agudo <isaac (at) lcc.uma.es>
** Apologies for multiple copies **
Preliminary Call for Papers
7th International Conference on
TRUST, PRIVACY AND SECURITY IN DIGITAL BUSINESS (TrustBus'10)
Bilbao, Spain 30 August - 3 September 2010
http://www.isac.uma.es/trustbus10
The advances in the Information and Communication Technologies (ICT)
have raised new opportunities for the implementation of novel
applications and...

Easily spoofed traffic can crash routers, Juniper warns

Posted by InfoSec News on Jan 08

http://www.theregister.co.uk/2010/01/07/juniper_critical_router_bug/
By Dan Goodin in San Francisco
The Register
7th January 2010
Juniper Networks is warning customers of a critical flaw in its gateway
routers that allows attackers to crash the devices by sending them small
amounts of easily-spoofed traffic.
In an advisory sent Wednesday afternoon, the networking company said a
variety of devices could be forced to reboot by sending them...

Secunia Weekly Summary - Issue: 2010-01

Posted by InfoSec News on Jan 08

========================================================================
The Secunia Weekly Advisory Summary
2009-12-31 - 2010-01-07
This week: 81 advisories
========================================================================
Table of Contents:
1.....................................................Word From...

Microsoft won't fix Windows 7 crash bug next week

Posted by InfoSec News on Jan 08

http://www.computerworld.com/s/article/9143297/Microsoft_won_t_fix_Windows_7_crash_bug_next_week?taxonomyId=17
By Gregg Keizer
Computerworld
January 7, 2010
Microsoft today said it will deliver a single security update on Tuesday
to patch just one vulnerability in Windows.
However, the company acknowledged that it does not yet have a fix for a
crippling bug in Windows 7 that went public nearly two months ago.
The expected update will patch...

CFP - Information and Cyber Operations Working Group MORS Symposium

Posted by InfoSec News on Jan 07

Forewarded from McMullin, James D Mr CIV USA OSA <james.mcmullin (at) us.army.mil>
The call for papers for the 78th Military Operations Research (MORS)
symposium has gone out. The submission deadline for this year is 26
January 2010; this can be done online at:
http://www.mors.org/events/78thsym.aspx
The symposium is scheduled for 22-24 June 2010 at Marine Base Quantico,
Virginia.
MORS Symposia are classified (up to...

Hacker pierces hardware firewalls with web page

Posted by InfoSec News on Jan 07

http://www.theregister.co.uk/2010/01/06/web_based_firewall_attack/
By Dan Goodin in San Francisco
The Register
6th January 2010
On Tuesday, hacker Samy Kamkar demonstrated a way to identify a
browser's geographical location by exploiting weaknesses in many WiFi
routers. Now, he's back with a simple method to penetrate hardware
firewalls using little more than some javascript embedded in a webpage.
By luring victims to a malicious link, the...

Cyber Attack Simulation Planned Next Month

Posted by InfoSec News on Jan 07

http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=222200554
By Thomas Claburn
InformationWeek
January 6, 2010
A financial services industry group is planning to simulate a series of
cyber attacks to test how well banks, payment processors and retailers
deal with online threats.
The Financial Services Information Sharing and Analysis Center
(FS-ISAC), a group formed in response to a 1998 Presidential...

Certifications: A false sense of security

Posted by InfoSec News on Jan 07

http://gcn.com/articles/2010/01/11/backtalk-security-certification.aspx
By John S. Monroe
GCN.com
Jan 06, 2010
Nothing irks a security professional more than the suggestion that the
federal government could improve security by setting up a standard
certification program for agency staff members.
This idea, which is gaining traction in Congress, might sound
reasonable. But many security experts say it is a red herring. One such
expert is...

Update: Heartland breach shows why compliance is not enough

Posted by InfoSec News on Jan 07

http://www.computerworld.com/s/article/9143158/Update_Heartland_breach_shows_why_compliance_is_not_enough?taxonomyId=17
By Jaikumar Vijayan
Computerworld
January 6, 2010
Nearly a year after Heartland Payment Systems Inc. disclosed what turned
out to be the biggest breach involving payment card data, the incident
remains a potent example of how compliance with industry standards is no
guarantee of security.
Princeton, N.J.-based Heartland...

Spear-Phishing Experiment Evades Big-Name Email Products

Posted by InfoSec News on Jan 07

http://www.darkreading.com/insiderthreat/security/client/showArticle.jhtml?articleID=222200326
By Kelly Jackson Higgins
DarkReading
Jan 05, 2010
The researcher who conducted a successful spear-phishing experiment with
a phony LinkedIn invitation from "Bill Gates" is about to reveal the
email products and services that failed to filter the spoofed message --
and that list includes Microsoft Outlook 2007, Microsoft Exchange,
Outlook...

Pentagon computer-network defense command delayed by congressional concerns

Posted by InfoSec News on Jan 07

http://www.washingtonpost.com/wp-dyn/content/article/2010/01/02/AR2010010201903.html
By Ellen Nakashima
Washington Post Staff Writer
January 3, 2010
The Pentagon's plan to set up a command to defend its global network of
computer systems has been slowed by congressional questions about its
mission and possible privacy concerns, according to officials familiar
with the plan.
As a result, the Defense Department failed to meet an Oct. 1...

Hacker pilfers browser GPS location via router attack

Posted by InfoSec News on Jan 06

http://www.theregister.co.uk/2010/01/05/geo_location_stealing_hack/
By Dan Goodin in San Francisco
The Register
5th January 2010
If you're surfing the web from a wireless router supplied by some of the
biggest device makers, there's a chance Samy Kamkar can identify your
geographic location.
That's because WiFi access points made by Westell and others are
vulnerable to XSS, or cross-site scripting, attacks that can siphon a
device's media...

Secure USB Drives Not So Secure

Posted by InfoSec News on Jan 06

http://www.csoonline.com/article/512613/Secure_USB_Drives_Not_So_Secure
By Joan Goodchild
Senior Editor
CSO
January 05, 2010
Several hardware-encrypted USB memory sticks are now part of a worldwide
recall and require security updates because they contain a flaw which
could allow hackers to easily gain access to the sensitive information
contained on the device.
When USB maker SanDisk first received news of the problem last month,
the...

NZ's cyber spies win new powers

Posted by InfoSec News on Jan 06

http://www.stuff.co.nz/national/3203448/NZs-cyber-spies-win-new-powers
By NICKY HAGER
Sunday Star Times
03/01/2010
New cyber-monitoring measures have been quietly introduced giving police
and Security Intelligence Service officers the power to monitor all
aspects of someone's online life.
The measures are the largest expansion of police and SIS surveillance
capabilities for decades, and mean that all mobile calls and texts,
email,...

Mr Bean ousts Zapatero from Spain's EU website

Posted by InfoSec News on Jan 06

http://www.guardian.co.uk/technology/2010/jan/05/mr-bean-hacker-zapatero
By Giles Tremlett
Guardian.co.uk
5 January 2010
The resemblance is, if anything, in the way their eyebrows arch. But
that was enough for a computer hacker's caricature of the prime
minister, Jos Luis Rodrguez Zapatero, as Mr Bean to spoil Spain's launch
week as holder of the European Union's presidency.
The beaming face of Rowan Atkinson's bumbling comic fool was...

Alleged Ponzi Mastermind Stanford Pwned in Antigua

Posted by InfoSec News on Jan 06

http://www.wired.com/threatlevel/2010/01/alleged-ponzi-mastermind-stanford-pwned-in-antigua/
By Brian Krebs
Threat Level
Wired.com
January 5, 2010
In early 2008, while federal investigators were busy looking into
disgraced financier Robert Allen Stanford for his part in an alleged $8
billion fraudulent investment scheme, Eastern European hackers were
quietly hoovering up tens of thousands of customer financial records
from the Bank of...

i-Society 2010: Call for Papers!

Posted by InfoSec News on Jan 06

Forwarded from: David Brown <d.brown (at) i-society.eu>
Apologies for cross-postings. Please send it to interested
colleagues and students. Thanks!
CALL FOR PAPERS
*******************************************************************
International Conference on Information Society (i-Society 2010),
Technically Co-Sponsored by IEEE UK/RI Computer Chapter
28-30 June, 2010, London, UK
www.i-society.eu...

Cryptographic showdown, Round 2: NIST picks 14 hash algorithms

Posted by InfoSec News on Jan 06

http://gcn.com/articles/2010/01/05/nist-sha3-competiton-010510.aspx
By William Jackson
GCN.com
Jan 05, 2010
The competition to select the new Secure Hash Algorithm standard for
government has moved into the second round. The National Institute of
Standards and Technology has winnowed the 64 algorithims submitted down
to 14 semifinalists.
Of the 64 algorithms submitted in 2008, 51 met minimum criteria for
acceptance in the competition. The...

The Decade's 10 Most Dastardly Cybercrimes

Posted by InfoSec News on Dec 31

http://www.wired.com/threatlevel/2009/12/ye_cybercrimes/
By Kevin Poulsen
Threat Level
Wired.com
December 31, 2009
It was the decade of the mega-heist, when stolen credit card magstripe
tracks became the pork bellies of a new underground marketplace, Eastern
European hackers turned malware writing into an art, and a nasty new
crop of purpose-driven computer worms struck dread in the heart of
America.
Now that the zero days are behind us,...

Security and Building Design: What Changed in This Decade

Posted by InfoSec News on Dec 31

http://www.csoonline.com/article/511785/Security_and_Building_Design_What_Changed_in_This_Decade
By Joan Goodchild
Senior Editor
CSO
December 30, 2009
As we head into 2010, within the design and construction industry, the
two hot concerns when it comes to building design are security and
environmental sustainability. What a difference a decade makes,
according to author and architect Barbara A. Nadel, FAIA, who
specializes in building...

RockYou sued over data breach

Posted by InfoSec News on Dec 31

http://news.cnet.com/8301-27080_3-10423042-245.html
By Elinor Mills
InSecurity Complex
CNET News
December 30, 2009
An Indiana man filed a lawsuit against RockYou this week alleging that
the provider of social-networking apps failed to secure its network and
protect customer data, enabling a hacker to grab passwords of 32 million
users earlier this month.
The suit seeking class action status was filed Monday in U.S. District
Court in San...

Secunia Weekly Summary - Issue: 2009-53

Posted by InfoSec News on Dec 31

========================================================================
The Secunia Weekly Advisory Summary
2009-12-24 - 2009-12-31
This week: 46 advisories
========================================================================
Table of Contents:
1.....................................................Word From...

Adobe To Surpass Microsoft As Hacker Target

Posted by InfoSec News on Dec 31

http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=222100263
By Antone Gonsalves
InformationWeek
December 30, 2009
Adobe Reader and Flash will surpass Microsoft Office applications as
favorite targets of cybercriminals, a security vendor predicted Tuesday.
In unveiling its 2010 Threat Predictions report, McAfee said the growing
popularity of the Adobe products has attracted the attention of...

TJX kingpin pleads guilty to Heartland hack

Posted by InfoSec News on Dec 31

http://www.theregister.co.uk/2009/12/30/gonzalez_cybercrime_plea/
By John Leyden
The Register
30th December 2009
TJX hacking mastermind Albert Gonzalez faces a minimum of 17 years
behind bars after pleading guilty to further cybercrimes.
Gonzalez, 28, of Miami, admitted hacking into the systems of card
processor Heartland Payment Systems, 7-Eleven, and supermarket chain
Hannaford Brothers as part of a plea bargain agreement on Tuesday. The...

Federal Computer Week: Security News

Senior House lawmaker urges diligence on aviation screening technology

After a failed attempt to detonate a bomb aboard a Detroit-bound U.S. commercial airliner on Christmas Day, Rep. Bennie Thompson (D-Miss.) says information sharing, terrorist watch lists, aviation security technologies demand "immediate attention."

Maryland wants to be cybersecurity epicenter

Maryland Gov. Martin O'Malley wants Maryland to be recognized as the leading state for cybersecurity.

South Korean military bans USB flash drives

In the wake of recent hacking attempts, the South Korean military plans to ban portable flash drives, according to reports.

SSA fails to E-Verify 19 percent of new hires, IG says

The Social Security Administration did not follow federal employment verification requirements for 19 percent of its new hires, according to a new report.

FIPS-certified USB drives have security flaws

Vulnerabilities in supposedly secure USB flash drives that received FIPS certification are causing NIST to review the certification process for cryptographic modules.

Google Wave rolls in with familiar tech concerns

Agencies should proceed with caution when testing the waters of Google Wave.

Analysis, not info sharing, blamed for intell failure

Officials failed to search all available databases to uncover data on the would-be airplane bomber, a preliminary White House review has found.

President calls for urgent improvements to anti-terrorism efforts

President Barack Obama has directed his security team to take technology-related security measures to bolster homeland security and thwart terrorist attacks.

Obama calls for closer eye on watch list system

The government has updated its terrorist watch list system and added more names to the "no-fly" list after a failed attack aboard a plane on Christmas Day.

Certifications: A false sense of security

FCW readers say a certification program is not the answer to the federal government's concerns about cybersecurity.

Security issues to fear in the New Year

An increasingly complex and networked world poses new threats; cloud computing, social networking and mobile platforms claim the attention of security prognosticators for 2010.

eWeek Security Watch

Chinese Search Engine Baidu Hit in Attack

In Vulnerability Research

Chinese search engine Baidu was taken down for a few hours Jan. 12 courtesy of the "Iranian Cyber Army," which in December claimed responsibility for an attack on Twitter.

The Rap on Rootkits

In Windows 7

Rootkits targeting Windows computers make up 7 percent of infections, according to research from Microsoft.

Adobe Patches Illustrator Security Flaws

In Vulnerability Research

Adobe has patched buffer overflow vulnerabilities impacting Adobe Illustrator CS3 and CS4.

Spear Phishing Swims Past E-Mail Filters

In Vulnerability Research

PacketFocus claims to have demonstrated in a report how a spoofed LinkedIn e-mail beat filters for a variety of popular e-mail services and security appliances, ranging from Microsoft Outlook to Cisco IronPort.

DarkReading - Security News

DarkReading

iJET Outlines Risk Landscape for 2010

MyFavesClub Launches Koobimark.com, Its New Bookmarking/Social Networking Site

Environmental Tectonics Corporation Announces that Grants are Available to Help Obtain ADMS Services

DarkReading - All Stories

DarkReading

Spear-Phishing Attacks Out Of China Targeted Source Code, Intellectual Property

Attackers used intelligence, custom malware to access Google, Adobe, and other U.S. companies' systems

When Vulnerability Management Meets Compliance

New Dark Reading report offers advice on building a vulnerability management process in environments where regulatory compliance is crucial

Product Watch: NitroSecurity Integrates Log Management With SIEM

New offering adds geo-location tracking

Product Watch: Symantec Acquires Maker Of Vulnerability, Risk Management Tools

Purchase of Gideon Technologies will help Symantec build out its SCAP offerings

2010 Could Be The Year For Security Outsourcing, Forrester Says

New year could bring closer evaluations of security services offerings, research firm says

IETF Fix For SSL Protocol Complete

Security extension to the SSL/TLS protocol that protects against man-in-the middle attack is ready for prime time, security experts say

More Researchers Going On The Offensive To Kill Botnets

Another botnet bites the dust, and more researchers looking at more aggressive ways to beat cybercriminals

Court Indicts 19 In Massive Cybercrime Scam

Grand jury indicts 19 for conspiracy to defraud customers, service providers

Mozilla Pushes Out Firefox 3.6 Release Candidate To The Masses

Release candidate builds are supposed to be less buggy than beta builds

Don't Wait To Lock Down DB2

Existing access control, trusted context features in DB2 are not widely deployed

More Than 400 U.K. Police Employees Disciplined For Computer Misuse, New Data Says

More than 400 U.K. police employees have been disciplined or dismissed for computer misuse over the past five years, according to newly-released documents

Researcher Rates Mac OS X Vulnerability 'High'

Flaw in versions 10.5 and 10.6 can be exploited by a remote attacker, says SecurityReason

Critical Juniper Router Flaw Triggers Prompt Patching

Vulnerability causes routers to crash and reboot

Industry Group Plans Cyber Attack Simulation

The Financial Services Information Sharing and Analysis Center will test participants' emergency response, notification, and communication procedures

U.S. Software Maker Accuses China Of Building 'Green Dam' On Stolen Code

In $2.2 billion lawsuit, Cybersitter says China's Green Dam content filter infringes its copyrights

Hack Pinpoints Victim's Physical Location

'Samy worm' writer publishes proof-of-concept that gleans home router GPS coordinates

Product Watch: Cisco Acquires Security Firm Founded By Cisco Alumni

Access management technology startup Rohati Systems will become part of Cisco's Nexus team

New PDF Exploit May Be First Of Many In The New Year, Experts Say

Adobe will be a chief target for hackers and cybercriminals in 2010, researchers predict

Researchers Infiltrate Storm Botnet Successor

Going undercover in Waledac botnet, European researchers discover it's much bigger than they thought

Darknet%20-%20Hacking,%20Cracking%20%26%20Computer%20Security

Darknet - The Darkside

Ethical Hacking, Penetration Testing & Computer Security

GFI EventsManager – Event Monitoring, Archiving & Management

By Darknet on sox

You may remember a while back we reviewed the latest update of GFI LANguard 9, another powerful product developed by GFI is EventsManager. Managing, archiving and monitoring logs and SNMP traps for a whole network can be a bit of a logistical nightmare, that’s where products like this come in. Commonly they are known under the [...]
Read the full post at darknet.org.uk

Microsoft Preps Windows Security Fix for Patch Tuesday

By Darknet on windows-security

Many users are expecting a patch for the Microsoft IIS Semicolon Bug, but from the recently published bulletin by Microsoft it seems that is highly unlikely during this patch cycle. Microsoft Security Bulletin Advance Notification for January 2010 It seems they will only be pushing out a fairly low priority fix which is rated critical only for...
Read the full post at darknet.org.uk

WAFP – Web Application Finger Printing Tool

By Darknet on web-security

WAFP is a Web Application Finger Printer written in ruby using a SQLite3 DB. How it works? WAFP fetches the files given by the Finger Prints from a webserver and checks if the checksums of those files are matching to the given checksums from the Finger Prints. This way it is able to detect the detailed version [...]
Read the full post at darknet.org.uk

Active Exploitation Of Unpatched PDF Vulnberability

By Darknet on pdf vulnerability

Fairly wide-spread attacks based on the latest vulnerability in Adobe PDF Reader have been spotted by Symantec, they appear to be variants on old attacks but still can be very effective. It’s not the first time this has happened, back in February 2009 Hackers targeted a 0-day exploit in PDF Reader. With one variant of this current [...]
Read the full post at darknet.org.uk

YASAT – Yet Another Stupid Audit Tool

By Darknet on sed

YASAT (Yet Another Stupid Audit Tool) is a simple stupid audit tool. Its goal is to be as simple as possible with minimum binary dependencies (only sed, grep and cut). It do many tests for checking security configuration issue or others good practice. It checks many software configurations like: Apache PHP kernel MySQL OpenVPN Packages...
Read the full post at darknet.org.uk

2010 Bug Wreaks Havoc In Germany

By Darknet on y2k

This was pretty unexpected for most people, the Y2K bug was so over-hyped then nothing really happened. Then suddenly 2010 comes and everything goes haywire! The first big news that struck was Spam Assassin which included all versions of cPanel, it started rejected almost all e-mails due to a bug in the spam detection rules with [...]
Read the full post at darknet.org.uk

CounterMeasures - A Security Blog

Rik Ferguson blogs about current security issues.

Pakistani National Response Center for Cyber Crimes… Hacked!

By Rik Ferguson on web

It seems to be the season for defacements and hacktivity. The week began with the Cross Site Scripting attack on the Spanish EU website and the defacement hack of Iranian President Ahmadinejad’s Official site and it closes with a high profile hack of the Pakistani National Response Center for Cyber Crimes, part of the Federal [...]

Move over Big Brother, Sister ELENA is here

By Rik Ferguson on snooping

On the 1st of January this year German employers became subject to a new legal requirement, one that has their own Data Protection Authorities, Trade Unions and Civil Rights groups appalled.   From the beginning of 2010 every German employer must now submit detailed information on a monthly basis to the so-called ELENA database, ELENA is an acronym [...]

CNET News - Security

Want really secure Gmail? Try GPG encryption

By Stephen Shankland

If you're a Gmail user spooked by Chinese cyber attacks on Google, here's a way to encrypt your e-mail. Be warned: better security comes at a cost.

Originally posted at Deep Tech

Behind the China attacks on Google (FAQ)

By Elinor Mills

Here's an FAQ on what is known and what is not known about the China-related attacks on Google and the other Silicon Valley companies.

Originally posted at InSecurity Complex

U.S. law firm behind China piracy suit targeted in attacks

By Elinor Mills

It's unknown whether an e-mail attack targeted at firm's lawyers is related to the mid-December attacks on Google and other companies that also originated in China.

Originally posted at InSecurity Complex

In urgent times, avoiding online charity scams

By Caroline McCarthy

After the devastating earthquake in Haiti on Tuesday, many have flocked to the Web to find outlets for donation. But what's reputable and what isn't?

Originally posted at The Social

Gmail to get secure Net connection by default

By Stephen Shankland

HTTPS encryption makes snooping on network activity harder, and after a hack attempt on Gmail, Google is switching it on by default its e-mail service.

Originally posted at Deep Tech

Unpatched Adobe holes link Google and earlier attacks

By Elinor Mills

PDF files exploiting unpatched holes in Adobe Reader were used in attacks on Google and others in December and a previous targeted attack on 100 U.S. companies last summer, an expert says.

Originally posted at InSecurity Complex

CES: Is Taser's phone-monitoring product overparenting?

By Larry Magid

Taser International has announced a product that will allow parents to eavesdrop on their kids' phone calls, texts, and e-mail. For most families, says Larry Magid, it could be overparenting.

Originally posted at Safe and Secure

CES: Fixes in for Windows 2000, Adobe Reader

By Elinor Mills

Security experts say Adobe's patch for a zero-day Reader vulnerability is more critical than the Windows hole.

Originally posted at InSecurity Complex

CES: Why we can't have nice security

By Jonathan Eunice

A recently discovered flaw in many encrypted USB drives provides an object lesson in why IT security is so blessed hard.

Originally posted at Apps Meet Ops

CES: Microsoft, Adobe prep critical security patches

By Elinor Mills

Microsoft to issue one bulletin on Patch Tuesday, while Adobe will fix a targeted Reader and Acrobat vulnerability and launch a beta of new automatic-update service.

Originally posted at InSecurity Complex

CES: 'Kill Obama' Facebook group active for a month

By Chris Matyszczyk

A group whose name appeared to advocate the demise of the president survives on Facebook since November and is removed only after CNET draws Facebook's attention to it.

Originally posted at Technically Incorrect

CES: Cybersitter suit accuses China, PC makers of software piracy

By Elinor Mills

Lawsuit alleges that Sony, Toshiba, Lenovo, and others distributed millions of copies of pirated Web filtering software at the behest of the Chinese government.

Originally posted at InSecurity Complex

CES: 'Kama Sutra' most pirated e-book of 2009

By Chris Matyszczyk

The list of 2009's most pirated e-books reveals that those who downloaded illegally are people with rather narrow minds and broad frustrations.

Originally posted at Technically Incorrect

CGISecurity - Website and Application Security News

All things related to website, database, SDL, and application security since 2000.

Hacker Messes With Student's Schedule

By Robert A. on IndustryNews

I don't usually post much about hacking incidents but this one was particularly funny. "A college student has been dropped from her classes twice, apparently the victim of someone who hacked into her schedule.Michelle McCoy-Lloyd was going to take two culinary classes at San Joaquin Delta College starting next week.Last month, someone...

WASC Threat Classification to OWASP Top Ten RC1 Mapping

By Robert A. on XSS

Jeremiah Grossman and Bil Corry have created a nice visual mapping between the OWASP Top Ten and the WASC Threat Classification v2. More Information: http://jeremiahgrossman.blogspot.com/2010/01/wasc-threat-classification-to-owasp-top.html

No comments:

Post a Comment

My Blog List