BBC News
26 November 2009
Computer hacker Gary McKinnon faces being tried in the US after requests to block his extradition were refused, the Home Office has confirmed.
Home Secretary Alan Johnson told Mr McKinnon's family he could not block the move on medical grounds.
Glasgow-born Mr McKinnon, 43, who has Asperger's syndrome, is accused of breaking into US military computers. He says he was seeking UFO evidence.
Now of Wood Green, north London, he faces 60 years in prison if convicted.
Mr Johnson said he had carefully considered the representations but had concluded that sending Mr McKinnon to the US would not breach his human rights.
As such, he had no discretion to block the extradition.
Monday 30 November 2009
State dinner crashers greeted President Obama
[First thought that came to mind after hearing this was the season finale of Day 2 on '24' - President Palmer is shaking hands with many of the onlookers, one of them being a woman hired in Day 1 to assassinate Palmer. She slips a deadly virus into his hand, and President Palmer collapses to the ground, panting. - WK]
By Jason Horowitz, Roxanne Roberts and Michael Shear Washington Post Staff Writers November 27, 2009
Getting to the president is supposed to be tougher than this.
According to a White House official, Michaele and Tareq Salahi, the couple previously best known for auditioning for a Bravo reality television show, not only got through various Secret Service checkpoints at Tuesday night's state dinner but also went through the receiving line and personally greeted President Obama. Their high-profile home invasion penetrated the most vaunted security apparatus on Earth, and the Secret Service issued its apologia on the subject late Friday.
A statement issued by Director Mark Sullivan said the agency was "deeply concerned and embarrassed by the circumstances surrounding the State Dinner" and added that "the preliminary findings of our internal investigation have determined established protocols were not followed at an initial checkpoint, verifying that two individuals were on the guest list."
Sullivan added, "Although these individuals went through magnetometers and other levels of screening, they should have been prohibited from entering the event entirely. That failing is ours."
By Jason Horowitz, Roxanne Roberts and Michael Shear Washington Post Staff Writers November 27, 2009
Getting to the president is supposed to be tougher than this.
According to a White House official, Michaele and Tareq Salahi, the couple previously best known for auditioning for a Bravo reality television show, not only got through various Secret Service checkpoints at Tuesday night's state dinner but also went through the receiving line and personally greeted President Obama. Their high-profile home invasion penetrated the most vaunted security apparatus on Earth, and the Secret Service issued its apologia on the subject late Friday.
A statement issued by Director Mark Sullivan said the agency was "deeply concerned and embarrassed by the circumstances surrounding the State Dinner" and added that "the preliminary findings of our internal investigation have determined established protocols were not followed at an initial checkpoint, verifying that two individuals were on the guest list."
Sullivan added, "Although these individuals went through magnetometers and other levels of screening, they should have been prohibited from entering the event entirely. That failing is ours."
Navy to investigate security breach
By Henry McDonald
Ireland editor
The Observer
29 November 2009
Royal Navy investigators flew to Belfast last week after a memory stick containing "restricted" information on naval manoeuvres and personnel around the UK was reported missing.
The Observer has learnt that two senior detectives from the Royal Navy Police's Special Investigation Branch met members of the Police Service of Northern Ireland to investigate the issue.
The detectives flew from Portsmouth to discuss the loss of a USB memory stick close to Belfast docks last month. The device was found at the Odyssey car park, near the river Lagan. It was offered for sale to a newspaper, which declined the offer. It was later handed to the police in Bangor. The device is understood to have contained 37 pages of information on Royal Navy personnel including name, ages and ranks.
It also contained "restricted" information on naval operations around the UK, and the whereabouts of Royal Navy officers. Security sources said this weekend that naval investigators would examine the device to see if any of the material was copied. They will also look for "electronic footprints" on the device to find out who last used it.
Ireland editor
The Observer
29 November 2009
Royal Navy investigators flew to Belfast last week after a memory stick containing "restricted" information on naval manoeuvres and personnel around the UK was reported missing.
The Observer has learnt that two senior detectives from the Royal Navy Police's Special Investigation Branch met members of the Police Service of Northern Ireland to investigate the issue.
The detectives flew from Portsmouth to discuss the loss of a USB memory stick close to Belfast docks last month. The device was found at the Odyssey car park, near the river Lagan. It was offered for sale to a newspaper, which declined the offer. It was later handed to the police in Bangor. The device is understood to have contained 37 pages of information on Royal Navy personnel including name, ages and ranks.
It also contained "restricted" information on naval operations around the UK, and the whereabouts of Royal Navy officers. Security sources said this weekend that naval investigators would examine the device to see if any of the material was copied. They will also look for "electronic footprints" on the device to find out who last used it.
Feds To Sharpen Cybersecurity Job Policies
By J. Nicholas Hoover
InformationWeek
November 24, 2009
On the heels of a report that raised concerns about the competency of cybersecurity pros at the Department of the Interior, the Office of Personnel Management plans to develop better ways to ensure that the federal cybersecurity workforce is up to snuff.
In a recent memo to federal HR directors, OPM director John Berry said the effort will include developing policies and guidance on job classification, hiring, performance management, and workforce education and development. He implied that the work was brought on by a consensus among OPM, the federal CIO Council, and federal Chief Human Capital Officers Council that cybersecurity workforce development required a government-wide framework.
That bears out with other findings. Earlier this year, Booz Allen Hamilton surveyed 69 officials from 18 federal agencies and concluded that among other challenges to federal cybersecurity, "fragmented governance and uncoordinated leadership" hinder the ability to meet the government's cybersecurity needs.
A report issued this month by the Department of the Interior highlights the problems Barry and OPM plan to address. Among cybersecurity staff, Interior requires only self-certified training, and the inspector general found that only 13.5% of self certifications were relevant and complete.
InformationWeek
November 24, 2009
On the heels of a report that raised concerns about the competency of cybersecurity pros at the Department of the Interior, the Office of Personnel Management plans to develop better ways to ensure that the federal cybersecurity workforce is up to snuff.
In a recent memo to federal HR directors, OPM director John Berry said the effort will include developing policies and guidance on job classification, hiring, performance management, and workforce education and development. He implied that the work was brought on by a consensus among OPM, the federal CIO Council, and federal Chief Human Capital Officers Council that cybersecurity workforce development required a government-wide framework.
That bears out with other findings. Earlier this year, Booz Allen Hamilton surveyed 69 officials from 18 federal agencies and concluded that among other challenges to federal cybersecurity, "fragmented governance and uncoordinated leadership" hinder the ability to meet the government's cybersecurity needs.
A report issued this month by the Department of the Interior highlights the problems Barry and OPM plan to address. Among cybersecurity staff, Interior requires only self-certified training, and the inspector general found that only 13.5% of self certifications were relevant and complete.
US Air Force orders 2200 Sony PS3s
By James Sherwood
RegHardware
25th November 2009
The US Air Force plans to buy a whopping 2200 PlayStation 3 games consoles which it will use to expand an existing PS3-based supercomputer.
The current cluster of consoles contains 336 PS3s, each connected by their RJ45 ports to a common 24-port Gigabit Ethernet hub, Air Force online documentation states.
The entire set-up runs on an in-house developed Linux-based OS.
However, the expanded PS3 supercomputer will be used to further the Air Force's "architectural studies" which "determine what software and hardware technologies are implemented [in] military systems".
The Air Force hasn't said much more than this, preferring to keep its intentions close to its medal-bedecked chest. However, it did describe one possible scenario where the PS3 supercomputer could be used to determine additional software and hardware requirements for advanced computing architectures and high-performance embedded computing applications.
RegHardware
25th November 2009
The US Air Force plans to buy a whopping 2200 PlayStation 3 games consoles which it will use to expand an existing PS3-based supercomputer.
The current cluster of consoles contains 336 PS3s, each connected by their RJ45 ports to a common 24-port Gigabit Ethernet hub, Air Force online documentation states.
The entire set-up runs on an in-house developed Linux-based OS.
However, the expanded PS3 supercomputer will be used to further the Air Force's "architectural studies" which "determine what software and hardware technologies are implemented [in] military systems".
The Air Force hasn't said much more than this, preferring to keep its intentions close to its medal-bedecked chest. However, it did describe one possible scenario where the PS3 supercomputer could be used to determine additional software and hardware requirements for advanced computing architectures and high-performance embedded computing applications.
Sunday 29 November 2009
iPhone upgrades - a one-way control-freak street
By Rik Myslewski in San Francisco • Get more from this author
Comment For over 30 years, your personal computer has been, well, your personal computer. You could install whatever software you liked - provided it was compatible. After installing an app or an operating system, if you then decided you preferred the previous version, you were free to uninstall the new and revert to the old.
But nowadays, that's not entirely true. You can't revert software on your iPhone. Why? Because Apple doesn't trust you.
Last month, after Apple unveiled the new iPhone 3.1 OS, more than a few Reg readers asked how - or, indeed, if - they could revert their iPhone operating systems back to version 3.0 when they experienced battery, WiFi, and other problems after upgrading to version 3.1.
The answer is they can't. At least not officially. And much the same goes for iPhone applications.
After our recent story about Rogue Amoeba - the iPhone App developer who was snuffed for too much Appleness - one reader pointed out the simple truth: "If an update [to an iPhone app] introduces a bug, then you're screwed until the developer fixes it and the fix is approved by Apple (say 3 weeks). In contrast on any other platform you could just revert to the previous version immediately."
What does Apple say about this? Very little, of course.
Focusing first on the ability to revert to a previous version of the iPhone's OS, we contacted Apple with three quick questions:
1. What is Apple's official position on reverting from a current iPhone Software version to a previous one?
2. If such a reversion is not supported by Apple, does doing so void any existing and current iPhone warranty?
3. If such a reversion is supported by Apple, does Apple offer any tools/advice/support for such a reversion?
Simple and straightforward, don't you think? But nothing is ever simple and straightforward when dealing with Apple.
After over a week of back-and-forth exchanges with an Apple spokeswoman who wanted to know why we were asking, what kind of a story we were planning, and the like, we finally received a one-line response: "Apple always recommends that iPhone customers keep current with software updates for the best user experience."
Now, we have no personal beef with any Apple spokesfolks. They do their jobs, and we do ours. And their prime directive is to not deviate from the oh-so-carefully controlled company line. If anything, we look upon their daily deflection duties with sympathy.
To be honest, we didn't expect much help from Apple, so while we were waiting for the spokeswoman's non-response response we conducted a series of tests that led us to suggest a one-word edit to her statement: "Apple always requires that iPhone customers keep current with software updates for the best user experience."
Operating-system reversion can, indeed, be accomplished - but no thanks to Apple. In fact, in our experience Apple makes it as difficult as possible to install a previous version of your iPhone's OS then restore the iPhone's iTunes backup of apps and data.
Our test iPhone was a 3G model running iPhone Software version 3.1.2. We first backed up the phone using iTunes 9, then followed instructions published on BenM.at to revert the iPhone from 3.1.2 to 3.0.
Doing so was not rocket science - the most difficult part was timing the button dance needed to slip the phone into DFU (device firmware update) mode.
But whether performing this relatively simply hack is easy or not isn't the point. What is the point is that it's not supported by Apple - and that for the vast majority of iPhone users, using the command-line Terminal utility to run iRecovery is an unfamiliar, not to say daunting, task.
Why doesn't Apple make it easy to switch back to a previous version of the OS if you're dissatisfied with an upgrade? Because "Apple always recommends that iPhone customers keep current with software updates for the best user experience."
Our annoyance with Apple's heavy-handedness increased when we tried to restore our backed-up apps and data onto the now-3.0-equipped iPhone 3G. When we connected it back to iTunes 9, we were curtly informed that our iPhone OS wouldn't work with that version of iTunes, and should upgrade to 3.1.2.
Fair enough, we thought - although irritating. If you revert one aspect of a sync system, needing to revert the rest of that system might be a reasonable request. So we downloaded a copy of iTunes 8, and attempted to install it. No dice - we were told that was a no-no since we already had iTunes 9.
"Apple always recommends that iPhone customers keep current with software updates for the best user experience."
So we tried to install iTunes 8 on a different volume. No can do - iTunes must be installed on the boot volume. Okay, so we booted from an external FireWire drive and installed iTunes 8 on that volume. Success - but our backup was on the original boot volume, tied to iTunes 9.
After numerous frustrating and eventually futile attempts to associate the iTunes 9 backup with iTunes 8, we gave up. Possibly that feat is, indeed, possible, but we couldn't crack the code.
And we're willing to bet that your Average Joe can't, as well. Which is just the way Apple likes it. After all, "Apple always recommends that iPhone customers keep current with software updates for the best user experience."
This is ridiculous - and the ridiculousness extends to the inability to revert to previous versions of iPhone apps as well. Once an app has been upgraded on the iTunes App Store, its previous version is gone, extinct, kaput.
We asked a few iPhone devs if they knew of any way in which an iPhone app could be saved and then restored to the phone through the standard syncing process, and they each threw up their hands in defeat.
As John Muchow, founder of iPhoneDeveloperTips.com told us: "Working within the standard app delivery method provided by Apple, I don't believe there is any means to install a previous version of an application." He added, however, that "a release could be submitted to the App Store that roles back to a previous version."
But, of course, that version would have to pass muster with the App Store police - and we all know how time-consuming and uncertain that process can be.
Paul Kafasis of Rogue Ameoba fame knows exactly how unpredictable the App Store police's decision-making can be, but he doesn't know how a user can revert to an older version of an iPhone app. He does suggest one possible work-around, but one that requires a close working relationship with the app's vendor: Ad Hoc app delivery.
Apple allows developers to distribute apps outside of the App Store for beta-testing purposes. This so-called Ad Hoc process is a wonky one, but it does - in most cases - work.
"With Ad Hoc," Kafasis told The Reg, "developers could [distribute an old version] on a one-off basis. Basically, if the user gets an Ad Hoc build, it can be any version, and it comes from outside the store. Developers are limited to 100 Ad-Hoc users, however, and the process is clunky." Promising, maybe, in extreme cases, but as Kafasis admitted, "This really isn't a viable solution."
Muchow agrees. "A developer could create an earlier version and provide that to users as an Ad Hoc release, yet the limitation here is that there is a finite number of devices on which an Ad Hoc build will run."
Neither Muchow and Kafasis claimed to be absolutely 100 per cent positive that there is no way to revert to a previous iPhone app version. But that proves our point. If there is such a mechanism, it's not immediately apparent - and Apple isn't helping.
One more time: "Apple always recommends that iPhone customers keep current with software updates for the best user experience."
The key to Apple's official position is that they use phrase "iPhone customers." Not "iPhone owners."
We're being told that such control is for our own good. As Apple's marketing veep Phil Schiller recently told BusinessWeek, "We review the applications to make sure they work as the customers expect them to work when they download them."
That's kind of you, Phil, but there are many of us who would prefer the freedom to take our own chances. Feel free to keep close tabs on the apps that you choose to sell to run on your company's smartphones, but let us yank 'em and replace them with previous versions as we see fit, and add - and subtract - any others without having to jump through jailbreaking hoops.
After all, it's my iPhone, isn't it? Or is it? ®
Comment For over 30 years, your personal computer has been, well, your personal computer. You could install whatever software you liked - provided it was compatible. After installing an app or an operating system, if you then decided you preferred the previous version, you were free to uninstall the new and revert to the old.
But nowadays, that's not entirely true. You can't revert software on your iPhone. Why? Because Apple doesn't trust you.
Last month, after Apple unveiled the new iPhone 3.1 OS, more than a few Reg readers asked how - or, indeed, if - they could revert their iPhone operating systems back to version 3.0 when they experienced battery, WiFi, and other problems after upgrading to version 3.1.
The answer is they can't. At least not officially. And much the same goes for iPhone applications.
After our recent story about Rogue Amoeba - the iPhone App developer who was snuffed for too much Appleness - one reader pointed out the simple truth: "If an update [to an iPhone app] introduces a bug, then you're screwed until the developer fixes it and the fix is approved by Apple (say 3 weeks). In contrast on any other platform you could just revert to the previous version immediately."
What does Apple say about this? Very little, of course.
Focusing first on the ability to revert to a previous version of the iPhone's OS, we contacted Apple with three quick questions:
1. What is Apple's official position on reverting from a current iPhone Software version to a previous one?
2. If such a reversion is not supported by Apple, does doing so void any existing and current iPhone warranty?
3. If such a reversion is supported by Apple, does Apple offer any tools/advice/support for such a reversion?
Simple and straightforward, don't you think? But nothing is ever simple and straightforward when dealing with Apple.
After over a week of back-and-forth exchanges with an Apple spokeswoman who wanted to know why we were asking, what kind of a story we were planning, and the like, we finally received a one-line response: "Apple always recommends that iPhone customers keep current with software updates for the best user experience."
Now, we have no personal beef with any Apple spokesfolks. They do their jobs, and we do ours. And their prime directive is to not deviate from the oh-so-carefully controlled company line. If anything, we look upon their daily deflection duties with sympathy.
To be honest, we didn't expect much help from Apple, so while we were waiting for the spokeswoman's non-response response we conducted a series of tests that led us to suggest a one-word edit to her statement: "Apple always requires that iPhone customers keep current with software updates for the best user experience."
Operating-system reversion can, indeed, be accomplished - but no thanks to Apple. In fact, in our experience Apple makes it as difficult as possible to install a previous version of your iPhone's OS then restore the iPhone's iTunes backup of apps and data.
Our test iPhone was a 3G model running iPhone Software version 3.1.2. We first backed up the phone using iTunes 9, then followed instructions published on BenM.at to revert the iPhone from 3.1.2 to 3.0.
Doing so was not rocket science - the most difficult part was timing the button dance needed to slip the phone into DFU (device firmware update) mode.
But whether performing this relatively simply hack is easy or not isn't the point. What is the point is that it's not supported by Apple - and that for the vast majority of iPhone users, using the command-line Terminal utility to run iRecovery is an unfamiliar, not to say daunting, task.
Why doesn't Apple make it easy to switch back to a previous version of the OS if you're dissatisfied with an upgrade? Because "Apple always recommends that iPhone customers keep current with software updates for the best user experience."
Our annoyance with Apple's heavy-handedness increased when we tried to restore our backed-up apps and data onto the now-3.0-equipped iPhone 3G. When we connected it back to iTunes 9, we were curtly informed that our iPhone OS wouldn't work with that version of iTunes, and should upgrade to 3.1.2.
Fair enough, we thought - although irritating. If you revert one aspect of a sync system, needing to revert the rest of that system might be a reasonable request. So we downloaded a copy of iTunes 8, and attempted to install it. No dice - we were told that was a no-no since we already had iTunes 9.
"Apple always recommends that iPhone customers keep current with software updates for the best user experience."
So we tried to install iTunes 8 on a different volume. No can do - iTunes must be installed on the boot volume. Okay, so we booted from an external FireWire drive and installed iTunes 8 on that volume. Success - but our backup was on the original boot volume, tied to iTunes 9.
After numerous frustrating and eventually futile attempts to associate the iTunes 9 backup with iTunes 8, we gave up. Possibly that feat is, indeed, possible, but we couldn't crack the code.
And we're willing to bet that your Average Joe can't, as well. Which is just the way Apple likes it. After all, "Apple always recommends that iPhone customers keep current with software updates for the best user experience."
This is ridiculous - and the ridiculousness extends to the inability to revert to previous versions of iPhone apps as well. Once an app has been upgraded on the iTunes App Store, its previous version is gone, extinct, kaput.
We asked a few iPhone devs if they knew of any way in which an iPhone app could be saved and then restored to the phone through the standard syncing process, and they each threw up their hands in defeat.
As John Muchow, founder of iPhoneDeveloperTips.com told us: "Working within the standard app delivery method provided by Apple, I don't believe there is any means to install a previous version of an application." He added, however, that "a release could be submitted to the App Store that roles back to a previous version."
But, of course, that version would have to pass muster with the App Store police - and we all know how time-consuming and uncertain that process can be.
Paul Kafasis of Rogue Ameoba fame knows exactly how unpredictable the App Store police's decision-making can be, but he doesn't know how a user can revert to an older version of an iPhone app. He does suggest one possible work-around, but one that requires a close working relationship with the app's vendor: Ad Hoc app delivery.
Apple allows developers to distribute apps outside of the App Store for beta-testing purposes. This so-called Ad Hoc process is a wonky one, but it does - in most cases - work.
"With Ad Hoc," Kafasis told The Reg, "developers could [distribute an old version] on a one-off basis. Basically, if the user gets an Ad Hoc build, it can be any version, and it comes from outside the store. Developers are limited to 100 Ad-Hoc users, however, and the process is clunky." Promising, maybe, in extreme cases, but as Kafasis admitted, "This really isn't a viable solution."
Muchow agrees. "A developer could create an earlier version and provide that to users as an Ad Hoc release, yet the limitation here is that there is a finite number of devices on which an Ad Hoc build will run."
Neither Muchow and Kafasis claimed to be absolutely 100 per cent positive that there is no way to revert to a previous iPhone app version. But that proves our point. If there is such a mechanism, it's not immediately apparent - and Apple isn't helping.
One more time: "Apple always recommends that iPhone customers keep current with software updates for the best user experience."
The key to Apple's official position is that they use phrase "iPhone customers." Not "iPhone owners."
We're being told that such control is for our own good. As Apple's marketing veep Phil Schiller recently told BusinessWeek, "We review the applications to make sure they work as the customers expect them to work when they download them."
That's kind of you, Phil, but there are many of us who would prefer the freedom to take our own chances. Feel free to keep close tabs on the apps that you choose to sell to run on your company's smartphones, but let us yank 'em and replace them with previous versions as we see fit, and add - and subtract - any others without having to jump through jailbreaking hoops.
After all, it's my iPhone, isn't it? Or is it? ®
Gang sentenced for UK bank trojan
Almost £600,000 siphoned
By Dan Goodin in San Francisco • Get more from this author
Posted in Crime, 16th November 2009 18:45 GMT
Free whitepaper – Shopping for a secure file transfer solution for retail
A British court has sentenced four men to prison after they admitted they used sophisticated trojan software to steal almost £600,000 from bank accounts and send it to Eastern Europe.
London's Southwark Crown Court on Friday imposed sentences of as much as 4 and a half years on the men. According to IDG News, they used a trojan known as PSP2-BBB to stealthily monitor victims' browsers. It inserted special fields into banking pages that asked for sensitive information and then sent it to the criminals when the user complied.
To give it the pages air of legitimacy, they bore the logo of NatWest, according to other news reports. The gang used a stable of money mules to transfer the funds to countries including Ukraine, which is also the location of a computer server that was used in the scam.
At least 138 banking customers were affected with "just under £600,000 being fraudulently transferred," according to the Press Association. Almost £140,000 was later recouped from Royal Bank of Scotland, NatWest's parent company.
Azamat Rahmanov, 25 of London's Lewisham, received four and a half years and was considered one of the organizers, according to news reports. Shohruh Fayziev, a 23-year-old Uzbekistani who lived in Peckham Rye, Southwark, in south east London, got four years. He was regarded as a "trusted lieutenant."
The remaining two men were the Angolan-born "facilitator" Joao Cruz, 33, of South London, who received three years, and Portuguese Recardo Pereira, 36, of Essex, who was sentenced to 21 months.
UK authorities have hailed the case as the first collaboration between the financial industry and the Police Central e-Crime Unit, which was established earlier this year to crack down on cybercrime. ®
By Dan Goodin in San Francisco • Get more from this author
Posted in Crime, 16th November 2009 18:45 GMT
Free whitepaper – Shopping for a secure file transfer solution for retail
A British court has sentenced four men to prison after they admitted they used sophisticated trojan software to steal almost £600,000 from bank accounts and send it to Eastern Europe.
London's Southwark Crown Court on Friday imposed sentences of as much as 4 and a half years on the men. According to IDG News, they used a trojan known as PSP2-BBB to stealthily monitor victims' browsers. It inserted special fields into banking pages that asked for sensitive information and then sent it to the criminals when the user complied.
To give it the pages air of legitimacy, they bore the logo of NatWest, according to other news reports. The gang used a stable of money mules to transfer the funds to countries including Ukraine, which is also the location of a computer server that was used in the scam.
At least 138 banking customers were affected with "just under £600,000 being fraudulently transferred," according to the Press Association. Almost £140,000 was later recouped from Royal Bank of Scotland, NatWest's parent company.
Azamat Rahmanov, 25 of London's Lewisham, received four and a half years and was considered one of the organizers, according to news reports. Shohruh Fayziev, a 23-year-old Uzbekistani who lived in Peckham Rye, Southwark, in south east London, got four years. He was regarded as a "trusted lieutenant."
The remaining two men were the Angolan-born "facilitator" Joao Cruz, 33, of South London, who received three years, and Portuguese Recardo Pereira, 36, of Essex, who was sentenced to 21 months.
UK authorities have hailed the case as the first collaboration between the financial industry and the Police Central e-Crime Unit, which was established earlier this year to crack down on cybercrime. ®
Smut-ladened spam disguises WoW Trojan campaign
Posted in Malware, 27th November 2009 15:12 GMT
Free whitepaper – A Healthy Prescription for Secure and Compliant File Transfer
A malicious spam campaign that attempts to harvest online game passwords under the guise of messages containing smutty photos is doing the rounds.
The tainted emails have subject line such as "Do you like to find a girlfriend like me?", and an attached archive file called "my photos.rar". The archive contains photos of young Asian women and content that poses as clips from a bongo flick.
The supposed video files actually harboured video files and a password-stealing Trojan called Agent-LVF, which is designed to steal the login credentials of World of Warcraft gamers. Security firm Sophos reckons it's likely the stolen credentials and associated in-game assets will be sold through underground sites, earning hackers a tidy profit in the process.
"A surprising amount of malware is designed to steal registration keys, passwords and data from players of computer games," said a consultant at Sophos. "This isn't just about doing better in a computer game. Criminals are stealing virtual assets like armour, money and weapons to trade for hard cash in the real world.”
More about the threat can be found in a blog posting by Sophos here. ®
Free whitepaper – A Healthy Prescription for Secure and Compliant File Transfer
A malicious spam campaign that attempts to harvest online game passwords under the guise of messages containing smutty photos is doing the rounds.
The tainted emails have subject line such as "Do you like to find a girlfriend like me?", and an attached archive file called "my photos.rar". The archive contains photos of young Asian women and content that poses as clips from a bongo flick.
The supposed video files actually harboured video files and a password-stealing Trojan called Agent-LVF, which is designed to steal the login credentials of World of Warcraft gamers. Security firm Sophos reckons it's likely the stolen credentials and associated in-game assets will be sold through underground sites, earning hackers a tidy profit in the process.
"A surprising amount of malware is designed to steal registration keys, passwords and data from players of computer games," said a consultant at Sophos. "This isn't just about doing better in a computer game. Criminals are stealing virtual assets like armour, money and weapons to trade for hard cash in the real world.”
More about the threat can be found in a blog posting by Sophos here. ®
Web host Daily recovers after Tux-themed defacement
UK-based web host Daily has largely restored services following an apparent hack attack on Thursday that replaced content on some sites it hosts with pictures of cartoon penguins.
The images of Linux penguin Tux parodied the 'hear/see/speak no evil' monkeys". Text included on the defacements claimed the hack in the name of 'Heart_Hunter - TH3_H4TTAB'.
pwned with cartoon penguins
Customers were advised to restore their sites from back-up copies. Daily has begun an investigation into the attack, which bears the hallmarks of a mass defacement. Groups of websites are regularly defaced by TH3_H4TTAB, as defacement archive Zone-H records. In many cases eastern folk music is uploaded onto compromised sites.
A status page on Daily's status site explains "We have received reports this [Thursday] morning of a small number of customer websites having their index or start page replaced with an image and in some cases text as well."
The host completed the restore process by 2100 on Thursday. Daily modified its PHP build as a security precaution. Services were largely restored on Friday but may proceed more slowly than possible after some servers were taken offline in order to mount an ongoing security investigation, a status update from Daily explains:
We are confident there will be no repeat events as all servers are locked down.
Some websites (in particular Database driven sites) will be running at slower speeds as we have taken some web servers from our cluster to carry on with our investigations and diagnosis.
A Reg reader who told us of the hack explained how the attack affected one of the web sites he managed, which was hosted by Daily. "Every file that included 'index' and 'php' in the name - including some buried in a child directory that's invisible to Google were defaced," he explained.
The reader expressed frustration that the attack had taken place. "When you go to great lengths to keep everything secure and then the hosting company lets them through the back door, it doesn't look good," he said. ®
The images of Linux penguin Tux parodied the 'hear/see/speak no evil' monkeys". Text included on the defacements claimed the hack in the name of 'Heart_Hunter - TH3_H4TTAB'.
pwned with cartoon penguins
Customers were advised to restore their sites from back-up copies. Daily has begun an investigation into the attack, which bears the hallmarks of a mass defacement. Groups of websites are regularly defaced by TH3_H4TTAB, as defacement archive Zone-H records. In many cases eastern folk music is uploaded onto compromised sites.
A status page on Daily's status site explains "We have received reports this [Thursday] morning of a small number of customer websites having their index or start page replaced with an image and in some cases text as well."
The host completed the restore process by 2100 on Thursday. Daily modified its PHP build as a security precaution. Services were largely restored on Friday but may proceed more slowly than possible after some servers were taken offline in order to mount an ongoing security investigation, a status update from Daily explains:
We are confident there will be no repeat events as all servers are locked down.
Some websites (in particular Database driven sites) will be running at slower speeds as we have taken some web servers from our cluster to carry on with our investigations and diagnosis.
A Reg reader who told us of the hack explained how the attack affected one of the web sites he managed, which was hosted by Daily. "Every file that included 'index' and 'php' in the name - including some buried in a child directory that's invisible to Google were defaced," he explained.
The reader expressed frustration that the attack had taken place. "When you go to great lengths to keep everything secure and then the hosting company lets them through the back door, it doesn't look good," he said. ®
Thursday 26 November 2009
Cyber breaches kept secret
By Reuters
25 Nov 2009
Cybercriminals regularly breach computer security systems, stealing millions of dollars and credit card numbers in cases that companies keep secret, said the FBI's top Internet crimes investigator.
For every break-in like the highly publicised attacks against TJX and Heartland Payment, where hacker rings stole millions of credit card numbers, there are many more that never make the news.
"Of the thousands of cases that we've investigated, the public knows about a handful," said Shawn Henry, assistant director for the Federal Bureau of Investigation's Cyber Division. "There are million-dollar cases that nobody knows about."
Companies that are victims of cybercrime are reluctant to come forward out of fear the publicity will hurt their reputations, scare away customers and hurt profits. Sometimes they don't report the crimes to the FBI at all. In other cases they wait so long that it is tough to track down evidence.
"Keeping your head in the sand on filing a report means the bad guys are out there hitting the next guy, and the next guy after that," Henry said.
He said the cybercrime problem has gotten bigger over the past three years because hackers have changed their attack methods as companies have tightened up security.
"It's absolutely gotten bigger, yes, absolutely," he said.
25 Nov 2009
Cybercriminals regularly breach computer security systems, stealing millions of dollars and credit card numbers in cases that companies keep secret, said the FBI's top Internet crimes investigator.
For every break-in like the highly publicised attacks against TJX and Heartland Payment, where hacker rings stole millions of credit card numbers, there are many more that never make the news.
"Of the thousands of cases that we've investigated, the public knows about a handful," said Shawn Henry, assistant director for the Federal Bureau of Investigation's Cyber Division. "There are million-dollar cases that nobody knows about."
Companies that are victims of cybercrime are reluctant to come forward out of fear the publicity will hurt their reputations, scare away customers and hurt profits. Sometimes they don't report the crimes to the FBI at all. In other cases they wait so long that it is tough to track down evidence.
"Keeping your head in the sand on filing a report means the bad guys are out there hitting the next guy, and the next guy after that," Henry said.
He said the cybercrime problem has gotten bigger over the past three years because hackers have changed their attack methods as companies have tightened up security.
"It's absolutely gotten bigger, yes, absolutely," he said.
NIST Director Sees Key Role In Emerging Technologies
By J. Nicholas Hoover
InformationWeek
November 25, 2009
As it takes on research and standardization in the areas of healthcare IT, smart grid, and cybersecurity, the National Institute of Standards and technology has a "critically important" role to play, according to NIST's new director, Patrick Gallagher.
A 16-year NIST veteran and former deputy director, Gallagher's appointment as confirmed by the Senate earlier this month. "What you're going to see is a small parade of things that will become critically important to solving government or national problems where we'll have to tackle them," Gallagher said in an interview.
IT has become an important focus of NIST's efforts. While better known for its work in physics and science -- the agency sets official time in the United States -- NIST's IT work is every bit as significant, Gallagher says. The agency's IT Laboratory accounts for much of the institute's overall lab budget.
NIST, which was given some authority over smart grid standards in 2007, in September released a framework and road map for smart grid interoperability. NIST recently held the first meeting of the Smart Grid Interoperability Panel, which will help set standards. It's a pressing, and challenging, task given that government and private utilities are expected to spend $8.1 billion on smart grid projects over the next three years as part of the American Recovery and Reinvestment Act.
InformationWeek
November 25, 2009
As it takes on research and standardization in the areas of healthcare IT, smart grid, and cybersecurity, the National Institute of Standards and technology has a "critically important" role to play, according to NIST's new director, Patrick Gallagher.
A 16-year NIST veteran and former deputy director, Gallagher's appointment as confirmed by the Senate earlier this month. "What you're going to see is a small parade of things that will become critically important to solving government or national problems where we'll have to tackle them," Gallagher said in an interview.
IT has become an important focus of NIST's efforts. While better known for its work in physics and science -- the agency sets official time in the United States -- NIST's IT work is every bit as significant, Gallagher says. The agency's IT Laboratory accounts for much of the institute's overall lab budget.
NIST, which was given some authority over smart grid standards in 2007, in September released a framework and road map for smart grid interoperability. NIST recently held the first meeting of the Smart Grid Interoperability Panel, which will help set standards. It's a pressing, and challenging, task given that government and private utilities are expected to spend $8.1 billion on smart grid projects over the next three years as part of the American Recovery and Reinvestment Act.
Security Is Chief Obstacle To Cloud Computing Adoption, Study Says
By Tim Wilson
DarkReading
Nov 25, 2009
Nearly half of organizations say they have no plans to use any cloud computing technologies in the next year -- and security concerns are the chief reason why.
That's the conclusion of a survey that will be published next month by Launchpad Europe, a company that helps emerging firms with global business expansion.
In the survey, 49.5 percent of businesses said they are not using or planning to use any cloud technologies within the next 12 months. Of that group, 50 percent cited "security concerns" as the primary reason.
"Budgetary restraints" was the second-biggest reason for avoiding the cloud -- 21.4 percent of respondents said tight budgets precluded them from migrating to cloud-based services. Less than 5 percent cited a lack of available cloud technology to meet their particular needs.
The results suggest security eclipses most other criteria when organizations are considering cloud services vendors, Launchpad Europe said. Thirty-eight percent of respondents said their top priority when considering cloud vendors was "security of the cloud infrastructure."
DarkReading
Nov 25, 2009
Nearly half of organizations say they have no plans to use any cloud computing technologies in the next year -- and security concerns are the chief reason why.
That's the conclusion of a survey that will be published next month by Launchpad Europe, a company that helps emerging firms with global business expansion.
In the survey, 49.5 percent of businesses said they are not using or planning to use any cloud technologies within the next 12 months. Of that group, 50 percent cited "security concerns" as the primary reason.
"Budgetary restraints" was the second-biggest reason for avoiding the cloud -- 21.4 percent of respondents said tight budgets precluded them from migrating to cloud-based services. Less than 5 percent cited a lack of available cloud technology to meet their particular needs.
The results suggest security eclipses most other criteria when organizations are considering cloud services vendors, Launchpad Europe said. Thirty-eight percent of respondents said their top priority when considering cloud vendors was "security of the cloud infrastructure."
Metasploit releases IE attack, but it's unreliable
By Robert McMillan
IDG News Service
November 25, 2009
Developers of the open-source Metasploit penetration testing toolkit have released code that can compromise Microsoft's Internet Explorer browser, but the software is not as reliable as first thought.
The code exploits an Internet Explorer bug that was disclosed last Friday in a proof-of-concept attack posted to the Bugtraq mailing list.
That first code was unreliable, but security experts worried that someone would soon develop a better version that would be adopted by cyber-criminals.
The original attack used a "heap-spray" technique to exploit the vulnerability in IE. But for a while Wednesday, it looked as though the Metasploit team had released a more reliable exploit.
They used a different technique to exploit the flaw, one pioneered by researchers Alexander Sotirov and Marc Dowd, but Metasploit eventually pulled its code
IDG News Service
November 25, 2009
Developers of the open-source Metasploit penetration testing toolkit have released code that can compromise Microsoft's Internet Explorer browser, but the software is not as reliable as first thought.
The code exploits an Internet Explorer bug that was disclosed last Friday in a proof-of-concept attack posted to the Bugtraq mailing list.
That first code was unreliable, but security experts worried that someone would soon develop a better version that would be adopted by cyber-criminals.
The original attack used a "heap-spray" technique to exploit the vulnerability in IE. But for a while Wednesday, it looked as though the Metasploit team had released a more reliable exploit.
They used a different technique to exploit the flaw, one pioneered by researchers Alexander Sotirov and Marc Dowd, but Metasploit eventually pulled its code
Man guilty of selling fake chips to US Navy
By John Oates
The Register
25th November 2009
A 32-year-old California man has pleaded guilty to selling thousands of counterfeit computer processors to the US Navy.
Neil Felahy of Newport Coast, California pleaded guilty to conspiracy and trafficking in counterfeit goods charges. As part of a plea bargain Felahy has agreed to co-operate with the US authorities.
He faces a possible five year prison sentence and a $250,000 fine for the conspiracy charge and 10 years and $2m for the counterfeiting offences. In reality he is more likely to receive a 30 to 51 month sentence.
Felahy's wife and brother-in-law face related charges. They are accused of importing counterfeit chips from China and selling them to the public via a website. They are also accused of grinding off existing trademarks or grades on chips and regrading them - processors are typically marked commercial grade, industrial-grade or military-grade depending on quality and testing.
The Register
25th November 2009
A 32-year-old California man has pleaded guilty to selling thousands of counterfeit computer processors to the US Navy.
Neil Felahy of Newport Coast, California pleaded guilty to conspiracy and trafficking in counterfeit goods charges. As part of a plea bargain Felahy has agreed to co-operate with the US authorities.
He faces a possible five year prison sentence and a $250,000 fine for the conspiracy charge and 10 years and $2m for the counterfeiting offences. In reality he is more likely to receive a 30 to 51 month sentence.
Felahy's wife and brother-in-law face related charges. They are accused of importing counterfeit chips from China and selling them to the public via a website. They are also accused of grinding off existing trademarks or grades on chips and regrading them - processors are typically marked commercial grade, industrial-grade or military-grade depending on quality and testing.
Surprise "Housewives" dinner guests not invited, White House says
By The Reliable Source
The Washington Post
November 25, 2009
A couple of aspiring reality-TV stars from Northern Virginia appear to have crashed the White House's state dinner Tuesday night, penetrating layers of security with no invitation to mingle with the likes of Vice President Biden and White House Chief of Staff Rahm Emanuel.
Tareq and Michaele Salahi -- polo-playing socialites known for a bitter family feud over a Fauquier County winery and their possible roles in the forthcoming "The Real Housewives of Washington" -- were seen arriving at the White House and later posted on Facebook photos of themselves with VIPs at the elite gathering.
"Honored to be at the White House for the state dinner in honor of India with President Obama and our First Lady!" one of them wrote on their joint Facebook page at 9:08 p.m.
But a White House official said the couple was not invited to the dinner, not included on the official guest list and never seated at a table in the South Lawn tent.
A woman describing herself as a publicist for the Salahis denied that they were interlopers. Pressed for details, Mahogany Jones sent a statement saying simply: "The Salahis were honored to be a part of such a prestigious event.... They both had a wonderful time."
While the White House offered no official explanation, it appears to be the first time in modern history that anyone has crashed a White House state dinner. The uninvited guests were in the same room as President Obama, first lady Michelle Obama and Indian Prime Minister Manmohan Singh, although it is unknown whether they met the Obamas and the guest of honor.
"Everyone who enters the White House grounds goes through magnetometers and several other levels of screenings," said Ed Donovan, a spokesman for the Secret Service. "That was the case with the state dinner last night. No one was under any risk or threat."
Donovan said a preliminary internal investigation Wednesday identified "a Secret Service checkpoint which did not follow proper procedure to ensure these two individuals were on the invited guest list." He declined to give further details. An administration official said the White House will conduct its own review.
The Salahis, both in their 40s, showed up about halfway through the guest arrivals. A Marine announced their names, and the couple -- he in a tux, she in a striking red and gold lehenga (traditional Indian
formalwear) -- swept pass reporters and photographers, stopping several times to pose for pictures. They then walked into the White House lower hallway, where they mingled with guests on the red carpet before heading up to the cocktail reception in the East Room.
Later, they posted pictures that seem to chart their course through the
night: Michaele posing with Marines outside near the White House doors, and with Katie Couric and Rep. Ed Royce (R-Calif.) inside the mansion.
In the East Room, the Salahis both cozied up to D.C. Mayor Adrian Fenty and his wife, Michelle.
But the best was yet to come: Once inside the dinner tent, they got pictures that appeared to show them with ABC's Robin Roberts, Bollywood composer AR Rahman, PepsiCo CEO Indra Nooyi, Obama Chief of Staff Emanuel (identified as "Ron" in the couple's Facebook photo caption) and two with a grinning vice president. The photos end there -- no shots of the Salahis sitting at a table, their seatmates or the post-dinner entertainment.
In this May 2007 photo, Tareq (left) and Michaele Salahi talk to Prince Charles at a polo match. (Courtesy of the America's Cup of Polo)
How could it happen? A former White House senior staffer -- who more than a decade ago encountered a crasher at one of the executive mansion's less-fancy parties -- offered this theory:
A savvy pair of crashers, dressed to the nines, might arrive on foot at the visitors' entrance, announce their names -- then express shock and concern when the security detail at the gate failed to find them on the guest list. On a rainy night like Tuesday, with a crowd of 300-plus arriving, security might have lost track of or granted a modicum of sympathy to a pair who certainly looked like they belonged there. If their IDs didn't send up any red flags in the screening process, they would be sent through the magnetometers and into the White House.
And yet, the former staffer noted: Someone from the White House social office should have been posted at the guest entrance with the guards.
Once visitors were in, no one necessarily would ask them for further identification. They could check their coats, give their names to the Marine on duty, walk past reporters and into the lower hallway where guests picked up their table assignments. They would pass the junior staffers handing out seating cards and walk on up the stairs for cocktails in the East Room.
Later, all guests were directed to head for the dinner tent on the South Lawn. Facebook photos suggest that the Salahis walked into the tent; it's unclear when they left. Reporters were cleared from the entryway by the time dinner seating got under way. There is no security checkpoint to leave the grounds.
The Washington Post
November 25, 2009
A couple of aspiring reality-TV stars from Northern Virginia appear to have crashed the White House's state dinner Tuesday night, penetrating layers of security with no invitation to mingle with the likes of Vice President Biden and White House Chief of Staff Rahm Emanuel.
Tareq and Michaele Salahi -- polo-playing socialites known for a bitter family feud over a Fauquier County winery and their possible roles in the forthcoming "The Real Housewives of Washington" -- were seen arriving at the White House and later posted on Facebook photos of themselves with VIPs at the elite gathering.
"Honored to be at the White House for the state dinner in honor of India with President Obama and our First Lady!" one of them wrote on their joint Facebook page at 9:08 p.m.
But a White House official said the couple was not invited to the dinner, not included on the official guest list and never seated at a table in the South Lawn tent.
A woman describing herself as a publicist for the Salahis denied that they were interlopers. Pressed for details, Mahogany Jones sent a statement saying simply: "The Salahis were honored to be a part of such a prestigious event.... They both had a wonderful time."
While the White House offered no official explanation, it appears to be the first time in modern history that anyone has crashed a White House state dinner. The uninvited guests were in the same room as President Obama, first lady Michelle Obama and Indian Prime Minister Manmohan Singh, although it is unknown whether they met the Obamas and the guest of honor.
"Everyone who enters the White House grounds goes through magnetometers and several other levels of screenings," said Ed Donovan, a spokesman for the Secret Service. "That was the case with the state dinner last night. No one was under any risk or threat."
Donovan said a preliminary internal investigation Wednesday identified "a Secret Service checkpoint which did not follow proper procedure to ensure these two individuals were on the invited guest list." He declined to give further details. An administration official said the White House will conduct its own review.
The Salahis, both in their 40s, showed up about halfway through the guest arrivals. A Marine announced their names, and the couple -- he in a tux, she in a striking red and gold lehenga (traditional Indian
formalwear) -- swept pass reporters and photographers, stopping several times to pose for pictures. They then walked into the White House lower hallway, where they mingled with guests on the red carpet before heading up to the cocktail reception in the East Room.
Later, they posted pictures that seem to chart their course through the
night: Michaele posing with Marines outside near the White House doors, and with Katie Couric and Rep. Ed Royce (R-Calif.) inside the mansion.
In the East Room, the Salahis both cozied up to D.C. Mayor Adrian Fenty and his wife, Michelle.
But the best was yet to come: Once inside the dinner tent, they got pictures that appeared to show them with ABC's Robin Roberts, Bollywood composer AR Rahman, PepsiCo CEO Indra Nooyi, Obama Chief of Staff Emanuel (identified as "Ron" in the couple's Facebook photo caption) and two with a grinning vice president. The photos end there -- no shots of the Salahis sitting at a table, their seatmates or the post-dinner entertainment.
In this May 2007 photo, Tareq (left) and Michaele Salahi talk to Prince Charles at a polo match. (Courtesy of the America's Cup of Polo)
How could it happen? A former White House senior staffer -- who more than a decade ago encountered a crasher at one of the executive mansion's less-fancy parties -- offered this theory:
A savvy pair of crashers, dressed to the nines, might arrive on foot at the visitors' entrance, announce their names -- then express shock and concern when the security detail at the gate failed to find them on the guest list. On a rainy night like Tuesday, with a crowd of 300-plus arriving, security might have lost track of or granted a modicum of sympathy to a pair who certainly looked like they belonged there. If their IDs didn't send up any red flags in the screening process, they would be sent through the magnetometers and into the White House.
And yet, the former staffer noted: Someone from the White House social office should have been posted at the guest entrance with the guards.
Once visitors were in, no one necessarily would ask them for further identification. They could check their coats, give their names to the Marine on duty, walk past reporters and into the lower hallway where guests picked up their table assignments. They would pass the junior staffers handing out seating cards and walk on up the stairs for cocktails in the East Room.
Later, all guests were directed to head for the dinner tent on the South Lawn. Facebook photos suggest that the Salahis walked into the tent; it's unclear when they left. Reporters were cleared from the entryway by the time dinner seating got under way. There is no security checkpoint to leave the grounds.
Wednesday 25 November 2009
Hitman Pro Antivirus Cloud Computing. Next Generation Antivirus Removal
AVAILABLE NOW THROUGH IREMOVE.NL
Hitman Pro 3 - the all-in-one tool against malicious software
Hitman Pro 3 is a fast all-in-one tool to locate, identify and remove viruses, spyware, trojans, rootkits and other malware. Hitman Pro 3 will quickly show if your PC is infected with malicious software.
Research shows that many computers are infected, even if they have an up-to-date security suite installed, and that a combination of different anti malware programs would be required to prevent infection.
Hitman Pro 3 uses innovative cloud computing techniques to detect and remove potential malware threats with minimal impact on system performance.
Testimonials
"Part of Hitman Pro's sweep for suspicious behavior involves detecting processes that hide their components using rootkit technology, so I wasn't surprise to find that it detected 100 percent of my rootkit-related samples."
"Yes this is a very impressive application that's being actively improved all the time. Leveraging all that AM technology with practically zero resource usage, great stuff."
Advantages of Hitman Pro 3
* Recognizes and removes viruses, trojans, rootkits, spyware and other malware.
* Revolutionary innovation in scanning technique to distinguish between malicious and safe software without signatures.
* Short scan time - searches the system within a few minutes.
* No extra system load.
* Impossible to make false positives on important systems files thanks to "profiling" and whitelisting.
* Multi-vendor identification of malware in our real-time "Scan Cloud".
* Automatically restores common system alterations made by malicious software.
* Creates a check point in System Restore before removing malicious software.
* Removes resistant threats using native NT boot-time deleter.
* Removes references to malicious software (like shortcuts and registry entries).
* Free malware scan.
* Free online support in English, German and Dutch.
How does Hitman Pro 3 work?
The Hitman Pro 3 executable can be downloaded and run straight from a USB Flash Drive, CD/DVD, local or network attached hard drive and will quickly reveal the presence of any malware.
It will scan your PC in a few minutes and detect files that are potentially malware using a Behavioral Scan.
The actual identification of these potential malware files is then done on the Hitman Pro servers - the "Scan Cloud".
To understand how Hitman Pro 3 works we first need to describe a few fundamental characteristics of malicious software and your Windows PC.
Like everything else, malicious software always has a purpose. The malware writer only wants one thing: money. The traditional virus that cripples or destroys your PC is now quite rare. To make money the virus needs to be run and stay resident on the PC. This way the malicious software can steal your personal data, show pop-ups, or install fake software programs. The software can even turn your PC into a zombie as part of a botnet, using your PC to send spam or be part of a cyber attack. Of course, all this is going on without you noticing anything. To keep doing this, the malicious software needs to start automatically and protect itself from being removed by security software.
On a single Windows PC there are thousands of files with a limited number of these files being "executables" and "associated data files", which have file extensions like EXE, DLL, SYS, etc. They belong to for example a word processor, a spreadsheet program or a photo editing program.
To work properly, the malicious program must be an executable file.
Hitman Pro 3 looks for executables like drivers and other automatically starting software programs. These are active in memory, communicate with the internet and potentially try to make themselves invisible. From an average of 400,000 files on your PC typically only 2000 are interesting enough for Hitman Pro 3 to classify. Hitman tries to determine:
* where a file comes from
* how it got on your PC
* which publisher created it
* what purpose it has
* whether it can be uninstalled appropriately
* if it is visible for the user and through Windows API's
* if it's communicating with unreliable computers on the internet
* if it's compressed or encrypted
* if it has anomalies commonly found in malicious software
* what people say about the file on security related websites
These are just a few of the details that Hitman Pro 3 collects, understands and associates. This method is what we call the Behavioral Scan.
History
Hitman Pro versions 1 and 2 were immensely popular in 2006-2008 with millions of users.
The software installed anti-malware software from various vendors to detect and remove malicious software. These software programs were automatically managed on the PC of the end user by Hitman Pro version 1 and 2.
This approach had some disadvantages: A very long scan process, high system load, and errors made by the used anti-spyware software could cause an unstable system.
All these issues are solved in Hitman Pro 3, that was re-developed completely from scratch, using our own technologies.
Hitman Pro 3 uses as many characteristics of safe and malicious software as possible. After classifying only a handful remain interesting enough for further investigation. Each file is fingerprinted and sent to our Scan Cloud. This cloud determines if a file is safe, unsafe or unknown.
Unknown files on your PC are physically sent to the Scan Cloud where the files are scanned, in just seconds, by trusted anti-malware software from our trusted partners.
Purpose
Hitman Pro 3 does not leave a program running in the background that continuously checks incoming e-mail and downloaded files for malware. Therefore you need to scan your PC regularly to ensure your PC is not infected.
Hitman Pro 3 can be used in combination with any other security suite. Scanning your PC for malware with Hitman Pro 3 will always be free so if you already have a security suite on your PC, it is an ideal program to make sure your security suite has not missed anything.
Behavioral Scan
The Behavioral Scan in Hitman Pro 3 does not need to monitor your system constantly to discover suspicious behavior. Most behavioral blocking programs need to monitor continuously. Hitman Pro 3 uses the knowledge from multiple anti-malware partners to identify the files on your system, which makes it exceptionally usable for non-technical computer users, who cannot answer incoherent questions about for example new system services or registry entries. In addition, Hitman Pro 3 knows upfront which files are not interesting and which belong to the operating system. This is done by checking the (valid) digital signatures on executable files and a white list containing signatures of known safe files. Hitman Pro 3 has signatures of all important files from Windows 2000 to Windows 7 (RC). After a quick check, these files are automatically detected as safe.
Screenshots
Welcome
Settings
Price: €17.95
Hitman Pro 3 - the all-in-one tool against malicious software
Hitman Pro 3 is a fast all-in-one tool to locate, identify and remove viruses, spyware, trojans, rootkits and other malware. Hitman Pro 3 will quickly show if your PC is infected with malicious software.
Research shows that many computers are infected, even if they have an up-to-date security suite installed, and that a combination of different anti malware programs would be required to prevent infection.
Hitman Pro 3 uses innovative cloud computing techniques to detect and remove potential malware threats with minimal impact on system performance.
Testimonials
"Part of Hitman Pro's sweep for suspicious behavior involves detecting processes that hide their components using rootkit technology, so I wasn't surprise to find that it detected 100 percent of my rootkit-related samples."
"Yes this is a very impressive application that's being actively improved all the time. Leveraging all that AM technology with practically zero resource usage, great stuff."
Advantages of Hitman Pro 3
* Recognizes and removes viruses, trojans, rootkits, spyware and other malware.
* Revolutionary innovation in scanning technique to distinguish between malicious and safe software without signatures.
* Short scan time - searches the system within a few minutes.
* No extra system load.
* Impossible to make false positives on important systems files thanks to "profiling" and whitelisting.
* Multi-vendor identification of malware in our real-time "Scan Cloud".
* Automatically restores common system alterations made by malicious software.
* Creates a check point in System Restore before removing malicious software.
* Removes resistant threats using native NT boot-time deleter.
* Removes references to malicious software (like shortcuts and registry entries).
* Free malware scan.
* Free online support in English, German and Dutch.
How does Hitman Pro 3 work?
The Hitman Pro 3 executable can be downloaded and run straight from a USB Flash Drive, CD/DVD, local or network attached hard drive and will quickly reveal the presence of any malware.
It will scan your PC in a few minutes and detect files that are potentially malware using a Behavioral Scan.
The actual identification of these potential malware files is then done on the Hitman Pro servers - the "Scan Cloud".
To understand how Hitman Pro 3 works we first need to describe a few fundamental characteristics of malicious software and your Windows PC.
Like everything else, malicious software always has a purpose. The malware writer only wants one thing: money. The traditional virus that cripples or destroys your PC is now quite rare. To make money the virus needs to be run and stay resident on the PC. This way the malicious software can steal your personal data, show pop-ups, or install fake software programs. The software can even turn your PC into a zombie as part of a botnet, using your PC to send spam or be part of a cyber attack. Of course, all this is going on without you noticing anything. To keep doing this, the malicious software needs to start automatically and protect itself from being removed by security software.
On a single Windows PC there are thousands of files with a limited number of these files being "executables" and "associated data files", which have file extensions like EXE, DLL, SYS, etc. They belong to for example a word processor, a spreadsheet program or a photo editing program.
To work properly, the malicious program must be an executable file.
Hitman Pro 3 looks for executables like drivers and other automatically starting software programs. These are active in memory, communicate with the internet and potentially try to make themselves invisible. From an average of 400,000 files on your PC typically only 2000 are interesting enough for Hitman Pro 3 to classify. Hitman tries to determine:
* where a file comes from
* how it got on your PC
* which publisher created it
* what purpose it has
* whether it can be uninstalled appropriately
* if it is visible for the user and through Windows API's
* if it's communicating with unreliable computers on the internet
* if it's compressed or encrypted
* if it has anomalies commonly found in malicious software
* what people say about the file on security related websites
These are just a few of the details that Hitman Pro 3 collects, understands and associates. This method is what we call the Behavioral Scan.
History
Hitman Pro versions 1 and 2 were immensely popular in 2006-2008 with millions of users.
The software installed anti-malware software from various vendors to detect and remove malicious software. These software programs were automatically managed on the PC of the end user by Hitman Pro version 1 and 2.
This approach had some disadvantages: A very long scan process, high system load, and errors made by the used anti-spyware software could cause an unstable system.
All these issues are solved in Hitman Pro 3, that was re-developed completely from scratch, using our own technologies.
Hitman Pro 3 uses as many characteristics of safe and malicious software as possible. After classifying only a handful remain interesting enough for further investigation. Each file is fingerprinted and sent to our Scan Cloud. This cloud determines if a file is safe, unsafe or unknown.
Unknown files on your PC are physically sent to the Scan Cloud where the files are scanned, in just seconds, by trusted anti-malware software from our trusted partners.
Purpose
Hitman Pro 3 does not leave a program running in the background that continuously checks incoming e-mail and downloaded files for malware. Therefore you need to scan your PC regularly to ensure your PC is not infected.
Hitman Pro 3 can be used in combination with any other security suite. Scanning your PC for malware with Hitman Pro 3 will always be free so if you already have a security suite on your PC, it is an ideal program to make sure your security suite has not missed anything.
Behavioral Scan
The Behavioral Scan in Hitman Pro 3 does not need to monitor your system constantly to discover suspicious behavior. Most behavioral blocking programs need to monitor continuously. Hitman Pro 3 uses the knowledge from multiple anti-malware partners to identify the files on your system, which makes it exceptionally usable for non-technical computer users, who cannot answer incoherent questions about for example new system services or registry entries. In addition, Hitman Pro 3 knows upfront which files are not interesting and which belong to the operating system. This is done by checking the (valid) digital signatures on executable files and a white list containing signatures of known safe files. Hitman Pro 3 has signatures of all important files from Windows 2000 to Windows 7 (RC). After a quick check, these files are automatically detected as safe.
Screenshots
Welcome
Settings
Price: €17.95
New Antivirus Technology Prevx 3.0 & Safe Online Via iRemove.nl
AVAILABLE NOW VIA IREMOVE.NL
Prevx 3.0 Anti-malware is a powerful security application with exceptional ability to protect, detect
and remove rootkits and ‘early life’ malicious software including Viruses, Trojans, Worms, Spyware,
and Bots.
Prevx 3.0 Anti-malware can be used as a stand-alone security application or as part of a ‘defense in
depth’ approach alongside other antivirus, antispyware or internet security suites. It is compatible
with Windows 98, NT4, 2000, 2003, 2008, XP, Vista and even Windows 7. Both 32 bit and 64 bit
versions are available. It is also designed to be interoperable with most leading security products
including those from Symantec, McAfee, Trend Micro, CA, Sophos, Kaspersky, Panda, Bit Defender,
ESET, AVIRA, AVAST, AVG, Norman and F-Secure and many others.
Prevx 3.0 Anti-malware has the following key features:
- Comprehensive support for all Windows environments (32 and 64 bit)
- Ultra fast, class leading scan speed
- Powerful, signature-less rootkit detection and removal
- Strong ‘early life’ malware detection and removal
- Powerful, generic clean up of even advanced rootkit and malicious software
- Tiny, class leading, agent size
- Light, class leading, low system resource utilization
- Powerful anti-phishing
- Support for Prevx SafeOnline a powerful layered defense module which protects against phishing , Trojans, DNS poisoning and man-in-the –browser attacks
- Real-time, always up to date connection to the World’s largest online threat database
- Class leading interoperability with other security applications
- Supports scheduled, rapid on-demand and right click scan options
- Supports full cleanup roll back
- Simple, easy to use interface
- Powerful but simple user controls allow the user to choose the level of heuristic protection
- Unique age and spread detection controls allow the user to defeat low volume and targeted attack malware by prohibiting execution of ‘early life’ and/or ‘low usage’ programs
The Prevx 3.0 Anti-malware agent download is just 900 kilobytes. It installs in seconds and will scan
an average PC in around 2-4 minutes on install. Once installed scan times reduce dramatically with
typical PCs being scanned in around 30 to 60 seconds.
There are 4 key elements of the Prevx 3.0 product set the Ultrafast Scan engine, the rootkit and
malicious software detection and removal engine, the real time protection agent and Prevx
SafeOnline. Collectively, these provide a powerful level of protection against today’s advanced
malicious software and web based threats.
Prevx 3.0 Ultrafast Scan Engine
We believe that security products must have minimal impact on the normal use and enjoyment of
your PC and web browsing. The scan engine of Prevx 3.0 sets new standards in scan speed and in
detection rates of advanced rootkit and early life malware. The scan engine incorporates ‘raw’ disk
and registry access technology. This has the simultaneous benefits of dramatically reducing scan
times and allowing much more effective detection of rootkits and stealth malware. A key
differentiator in detecting powerful banking and information stealing Trojans and targeted malware.
Prevx 3.0 will scan an average PC in around 2 to 4 minutes immediately on installation. Thereafter,
scan times reduce even more due the caching techniques used by the scan engine. After the very
first scan a typical PC scan will take around 30 to 60 seconds.
Prevx 3.0 SafeOnline
Every year hundreds of millions of dollars are stolen from individuals, businesses and banks. In
almost all cases the victims of these crimes are totally unaware their information has been stolen
until it is too late. In many cases victims assumed they were safe because they had an antivirus or
internet security product running when the theft occurred and no alert was raised.
Online fraud, information or identity theft is the major concern of most PC users. More than 70% of
online theft, is caused by Trojans that go undetected by antivirus and internet security products.
SafeOnline is an optional component of Prevx 3.0 that provides a powerful and much needed
defense against threats that target web based activity such as online banking and Internet shopping.
Prevx SafeOnline significantly reduces your exposure to online fraud, information, or identity theft. It
does this without any impact on your normal Internet surfing. While you surf, shop and bank online
Prevx SafeOnline is watching to make sure that:
- you don’t mistake a phishing web site as your bank’s web site
- your PC really is connected to the web site you think it is
- your keystrokes are not being copied, recorded or stolen
- the contents of your web page are not being copied, recorded or stolen
- stored information in your internet cache is not being copied, recorded or stolen
- the web page being displayed has not been injected with fields to steal your information
- the contents of your clipboard are not being copied, record or stolen
- your DNS is not poisoned connecting you to a criminal’s fake banking or shopping web site
- your browser is not subject to a ‘man-in-the-browser’ attack
Prevx SafeOnline can be easily configured to protect your information on any web site you choose to
visit. It is completely browser independent and provides its protection with minimum fuss, alerting
you only if a threat is detected. In the case that your PC is infected with an undetected threat such as
a Trojan then Prevx SafeOnline hides your personal information allowing you to complete your
transactions safely.
Antivirus, antimalware and internet security products are no longer enough to give you maximum
protection. Prevx SafeOnline significantly improves your safety by protecting against the threats
which otherwise would go unchecked.
Price: €29.95
Prevx 3.0 Anti-malware is a powerful security application with exceptional ability to protect, detect
and remove rootkits and ‘early life’ malicious software including Viruses, Trojans, Worms, Spyware,
and Bots.
Prevx 3.0 Anti-malware can be used as a stand-alone security application or as part of a ‘defense in
depth’ approach alongside other antivirus, antispyware or internet security suites. It is compatible
with Windows 98, NT4, 2000, 2003, 2008, XP, Vista and even Windows 7. Both 32 bit and 64 bit
versions are available. It is also designed to be interoperable with most leading security products
including those from Symantec, McAfee, Trend Micro, CA, Sophos, Kaspersky, Panda, Bit Defender,
ESET, AVIRA, AVAST, AVG, Norman and F-Secure and many others.
Prevx 3.0 Anti-malware has the following key features:
- Comprehensive support for all Windows environments (32 and 64 bit)
- Ultra fast, class leading scan speed
- Powerful, signature-less rootkit detection and removal
- Strong ‘early life’ malware detection and removal
- Powerful, generic clean up of even advanced rootkit and malicious software
- Tiny, class leading, agent size
- Light, class leading, low system resource utilization
- Powerful anti-phishing
- Support for Prevx SafeOnline a powerful layered defense module which protects against phishing , Trojans, DNS poisoning and man-in-the –browser attacks
- Real-time, always up to date connection to the World’s largest online threat database
- Class leading interoperability with other security applications
- Supports scheduled, rapid on-demand and right click scan options
- Supports full cleanup roll back
- Simple, easy to use interface
- Powerful but simple user controls allow the user to choose the level of heuristic protection
- Unique age and spread detection controls allow the user to defeat low volume and targeted attack malware by prohibiting execution of ‘early life’ and/or ‘low usage’ programs
The Prevx 3.0 Anti-malware agent download is just 900 kilobytes. It installs in seconds and will scan
an average PC in around 2-4 minutes on install. Once installed scan times reduce dramatically with
typical PCs being scanned in around 30 to 60 seconds.
There are 4 key elements of the Prevx 3.0 product set the Ultrafast Scan engine, the rootkit and
malicious software detection and removal engine, the real time protection agent and Prevx
SafeOnline. Collectively, these provide a powerful level of protection against today’s advanced
malicious software and web based threats.
Prevx 3.0 Ultrafast Scan Engine
We believe that security products must have minimal impact on the normal use and enjoyment of
your PC and web browsing. The scan engine of Prevx 3.0 sets new standards in scan speed and in
detection rates of advanced rootkit and early life malware. The scan engine incorporates ‘raw’ disk
and registry access technology. This has the simultaneous benefits of dramatically reducing scan
times and allowing much more effective detection of rootkits and stealth malware. A key
differentiator in detecting powerful banking and information stealing Trojans and targeted malware.
Prevx 3.0 will scan an average PC in around 2 to 4 minutes immediately on installation. Thereafter,
scan times reduce even more due the caching techniques used by the scan engine. After the very
first scan a typical PC scan will take around 30 to 60 seconds.
Prevx 3.0 SafeOnline
Every year hundreds of millions of dollars are stolen from individuals, businesses and banks. In
almost all cases the victims of these crimes are totally unaware their information has been stolen
until it is too late. In many cases victims assumed they were safe because they had an antivirus or
internet security product running when the theft occurred and no alert was raised.
Online fraud, information or identity theft is the major concern of most PC users. More than 70% of
online theft, is caused by Trojans that go undetected by antivirus and internet security products.
SafeOnline is an optional component of Prevx 3.0 that provides a powerful and much needed
defense against threats that target web based activity such as online banking and Internet shopping.
Prevx SafeOnline significantly reduces your exposure to online fraud, information, or identity theft. It
does this without any impact on your normal Internet surfing. While you surf, shop and bank online
Prevx SafeOnline is watching to make sure that:
- you don’t mistake a phishing web site as your bank’s web site
- your PC really is connected to the web site you think it is
- your keystrokes are not being copied, recorded or stolen
- the contents of your web page are not being copied, recorded or stolen
- stored information in your internet cache is not being copied, recorded or stolen
- the web page being displayed has not been injected with fields to steal your information
- the contents of your clipboard are not being copied, record or stolen
- your DNS is not poisoned connecting you to a criminal’s fake banking or shopping web site
- your browser is not subject to a ‘man-in-the-browser’ attack
Prevx SafeOnline can be easily configured to protect your information on any web site you choose to
visit. It is completely browser independent and provides its protection with minimum fuss, alerting
you only if a threat is detected. In the case that your PC is infected with an undetected threat such as
a Trojan then Prevx SafeOnline hides your personal information allowing you to complete your
transactions safely.
Antivirus, antimalware and internet security products are no longer enough to give you maximum
protection. Prevx SafeOnline significantly improves your safety by protecting against the threats
which otherwise would go unchecked.
Price: €29.95
MS unleashes legal attack dogs to lick up COFEE spill
Microsoft unleashed its legal attack dogs to remove its leaked forensics tool from a respected security site, it has emerged.
Cryptome.org was issued with a take-down notice shortly after Microsoft's point-and-click "computer forensics for cops" tool leaked onto the web earlier this month. Redmond's lawyers acted over allegations that Cryptome was offering copies of its COFEE computer forensics utility via its website and days after acknowledging the utility was at least briefly available via BitTorrent.
COFEE (Computer Online Forensic Evidence Extractor) is a package of forensics utilities bundled onto a specially adapted USB stick, and is designed to allow police officers to collect digital evidence from a suspect's PC at a scene of crime or during a raid. The technology can be used to recover internet activity, scan files and obtain a list of processes running on an active computer at the scene of an investigation without interfering with the machine.
Redmond makes the utility (actually a bundle of 150 applications) available at no charge to law enforcement agencies via Interpol. The leak of the tool earlier this month created fears that the software might fall into the hands of miscreants and spur the development of countermeasures.
Microsoft responded to these fears by stressing that the utility was a bundle of commercially available applications and that no secret data was leaked. A statement issued on behalf of Richard Boscovich, senior attorney of Microsoft's Internet Safety Enforcement Team, also acknowledged the software had been made available through BitTorrent, a development that meant anyone might have been able to download the software.
We have confirmed that unauthorised and modified versions of Microsoft’s COFEE tool have been improperly posted to bit torrent networks for public download. We strongly recommend against downloading any technology purporting to be COFEE outside of authorised channels – both because any unauthorised technology may not be what it claims to be and because Microsoft has only granted legal usage rights for our COFEE technology for law enforcement purposes for which the tool was designed. Note that contrary to reports, we do not anticipate the possible availability of COFEE for cybercriminals to download and find ways to ‘build around’ to be a significant concern. COFEE was designed and provided for use by law enforcement with proper legal authority, but is essentially a collection of digital forensic tools already commonly used around the world. Its value for law enforcement is not in secret functionality unknown to cybercriminals; its value is in the way COFEE brings those tools together in a simple and customisable format for law enforcement use in the field.
In cooperation with our partners, we will continue to work to mitigate unauthorised distribution of our technology beyond the means for which it’s been legally provided and, again, would strongly discourage people from downloading unauthorised versions of the tool. As always, law enforcement wishing to use COFEE can safely get the latest released version of the tool free of charge through the established channels with both NW3C and INTERPOL by contacting NW3C at www.nw3c.org or INTERPOL.
Microsoft supplied this statement of 11 November two days before firing off its legal nastygram to Cryptome.org on 13 November. Since COFEE was already available via BitTorrent the legal action might seem slightly overboard, though consistent with Redmond's promise to chase unauthorised distribution of the code.
Security experts we quizzed on this point, however, said Microsoft was well within is rights to ask sites to stop offering copies of the tool for download. In any case, Cryptome.org complied with Microsoft's order. Copies of correspondence pertaining to the COFEE take-down order have been posted by Cryptome here. ®
Cryptome.org was issued with a take-down notice shortly after Microsoft's point-and-click "computer forensics for cops" tool leaked onto the web earlier this month. Redmond's lawyers acted over allegations that Cryptome was offering copies of its COFEE computer forensics utility via its website and days after acknowledging the utility was at least briefly available via BitTorrent.
COFEE (Computer Online Forensic Evidence Extractor) is a package of forensics utilities bundled onto a specially adapted USB stick, and is designed to allow police officers to collect digital evidence from a suspect's PC at a scene of crime or during a raid. The technology can be used to recover internet activity, scan files and obtain a list of processes running on an active computer at the scene of an investigation without interfering with the machine.
Redmond makes the utility (actually a bundle of 150 applications) available at no charge to law enforcement agencies via Interpol. The leak of the tool earlier this month created fears that the software might fall into the hands of miscreants and spur the development of countermeasures.
Microsoft responded to these fears by stressing that the utility was a bundle of commercially available applications and that no secret data was leaked. A statement issued on behalf of Richard Boscovich, senior attorney of Microsoft's Internet Safety Enforcement Team, also acknowledged the software had been made available through BitTorrent, a development that meant anyone might have been able to download the software.
We have confirmed that unauthorised and modified versions of Microsoft’s COFEE tool have been improperly posted to bit torrent networks for public download. We strongly recommend against downloading any technology purporting to be COFEE outside of authorised channels – both because any unauthorised technology may not be what it claims to be and because Microsoft has only granted legal usage rights for our COFEE technology for law enforcement purposes for which the tool was designed. Note that contrary to reports, we do not anticipate the possible availability of COFEE for cybercriminals to download and find ways to ‘build around’ to be a significant concern. COFEE was designed and provided for use by law enforcement with proper legal authority, but is essentially a collection of digital forensic tools already commonly used around the world. Its value for law enforcement is not in secret functionality unknown to cybercriminals; its value is in the way COFEE brings those tools together in a simple and customisable format for law enforcement use in the field.
In cooperation with our partners, we will continue to work to mitigate unauthorised distribution of our technology beyond the means for which it’s been legally provided and, again, would strongly discourage people from downloading unauthorised versions of the tool. As always, law enforcement wishing to use COFEE can safely get the latest released version of the tool free of charge through the established channels with both NW3C and INTERPOL by contacting NW3C at www.nw3c.org or INTERPOL.
Microsoft supplied this statement of 11 November two days before firing off its legal nastygram to Cryptome.org on 13 November. Since COFEE was already available via BitTorrent the legal action might seem slightly overboard, though consistent with Redmond's promise to chase unauthorised distribution of the code.
Security experts we quizzed on this point, however, said Microsoft was well within is rights to ask sites to stop offering copies of the tool for download. In any case, Cryptome.org complied with Microsoft's order. Copies of correspondence pertaining to the COFEE take-down order have been posted by Cryptome here. ®
The rise of targeted attacks
Webcast Earlier this month Paul Wood of MessageLabs joined Freeform Dynamics’ Jon Collins in the Reg studio to discuss targeted attacks and their affect on the modern business.
This thirty minute audio webcast with accompanying slides is now available to watch free of charge from the Reg Archives.
Volumes of targeted attacks are on the rise, but what does this mean for the business and what should we all be looking out for? Tune into Jon and Paul's conversation as they dish out opinion and help shed some light on now we can all make sure we're better protected.
Squeezing in a whole host of the latest facts and figures, Paul kicks proceedings off by giving an overview of targeted attacks, highlighting the industries and document types most under threat, the reasons for targeted attacks becoming popular and some real-world examples.
Jon wraps things up with his take on why businesses have the most to lose and the solutions and processes that will help in combating this type of attack.
Help keep your organisation safe. Tune into the conversation here. Feedback via the tab on the media player is welcome, as always. ®
This thirty minute audio webcast with accompanying slides is now available to watch free of charge from the Reg Archives.
Volumes of targeted attacks are on the rise, but what does this mean for the business and what should we all be looking out for? Tune into Jon and Paul's conversation as they dish out opinion and help shed some light on now we can all make sure we're better protected.
Squeezing in a whole host of the latest facts and figures, Paul kicks proceedings off by giving an overview of targeted attacks, highlighting the industries and document types most under threat, the reasons for targeted attacks becoming popular and some real-world examples.
Jon wraps things up with his take on why businesses have the most to lose and the solutions and processes that will help in combating this type of attack.
Help keep your organisation safe. Tune into the conversation here. Feedback via the tab on the media player is welcome, as always. ®
iPhone anti-malware stuck in state of denial
The blaze of publicity that accompanied the release of the first iPhone worms this month has sparked interest in selling anti-malware products for the device. However no such security products currently exist and Apple shows little inclination in licensing any that do get developed.
Antivirus products for Symbian smartphones have been available for years, but not one antivirus product is available for the iPhone, from any vendor. Releasing such tools would require the help of Apple, which tightly controls what applications are licensed to run on the devices via its successful AppStore marketplace.
But since both the ikee (Rickrolling) and Duh worms affect only jailbroken iPhones (with SSH open and default passwords) the line from Apple is that there's no need for anti-malware for iPhones.
Intego, which has carved out a successful niche marketing anti-malware software for Mac machines, is yet to produce any security software for the iPhone. As well as getting approval from Apple to develop such software, developing security software for the devices poses technical challenges.
"Apple does not allow applications to run in the background on the iPhone, which makes any antivirus or anti-malware software less than optimal," Peter James, an Intego spokesman explained. "To be effective anti-malware needs to run all the time. The same is true of personal firewall software."
James explains that iPhones use a stripped down version of Mac OS X. Although Apple restricts third-party developers from running background processes, not unreasonably because the processing power of the chips on iPhones is limited, Apple system processes including DNS name resolution and clock functions do run in the background, so the restriction isn't absolute.
The practical upshot of Apple's third-party restrictions is that any anti-malware product for an iPhone could not be designed to run constantly in the background, warning about incoming threats. Instead the software could only be used to do either scheduled or on-demand scans.
Graham Cluley, a senior security consultant at Sophos, which offers antivirus products for corporate Macs, explained that the hands of security firms looking to provide protection against the Duh worm and future iPhone malware threats are caught in a bind. Only Apple can untangle this confusion, however it has little incentive to shift its line.
"It's feasible for Sophos to write an application that scans an iPhone for the Duh worm (we detect it as Iph/Duh on other platforms) however the app would obviously have to be approved by Apple to enter their AppStore. I'm not sure how long that process would take, or if it would be approved."
"The only alternative - ironically - would be for us to make it available as an unauthorised app, meaning that iPhone users would have to jailbreak their iPhones to scan them for security problems. This is obviously not ideal," he added.
Mikko Hypponen, chief research officer at F-Secure, criticised Apple for failing to tackle the nascent mobile malware problem more proactively. He contrasts Apple's stance with the more go-ahead attitude of other smartphone manufacturers that rely on the Symbian platform - such as Sony Ericsson - in a blog posting here. ®
Bootnote
Trend Micro has a browser add-on called SmartSurf, available via Apple's AppStore, to protect iPhone users from malicious websites. Cisco has a security dashboard product targeted at iPhone users, tasked with looking after corporate security on enterprise networks. However nether of these are anti-malware products for the iPhone, which remain a glint in the eye of anti-virus developers and (doubtless) the marketing departments of security firms.
Antivirus products for Symbian smartphones have been available for years, but not one antivirus product is available for the iPhone, from any vendor. Releasing such tools would require the help of Apple, which tightly controls what applications are licensed to run on the devices via its successful AppStore marketplace.
But since both the ikee (Rickrolling) and Duh worms affect only jailbroken iPhones (with SSH open and default passwords) the line from Apple is that there's no need for anti-malware for iPhones.
Intego, which has carved out a successful niche marketing anti-malware software for Mac machines, is yet to produce any security software for the iPhone. As well as getting approval from Apple to develop such software, developing security software for the devices poses technical challenges.
"Apple does not allow applications to run in the background on the iPhone, which makes any antivirus or anti-malware software less than optimal," Peter James, an Intego spokesman explained. "To be effective anti-malware needs to run all the time. The same is true of personal firewall software."
James explains that iPhones use a stripped down version of Mac OS X. Although Apple restricts third-party developers from running background processes, not unreasonably because the processing power of the chips on iPhones is limited, Apple system processes including DNS name resolution and clock functions do run in the background, so the restriction isn't absolute.
The practical upshot of Apple's third-party restrictions is that any anti-malware product for an iPhone could not be designed to run constantly in the background, warning about incoming threats. Instead the software could only be used to do either scheduled or on-demand scans.
Graham Cluley, a senior security consultant at Sophos, which offers antivirus products for corporate Macs, explained that the hands of security firms looking to provide protection against the Duh worm and future iPhone malware threats are caught in a bind. Only Apple can untangle this confusion, however it has little incentive to shift its line.
"It's feasible for Sophos to write an application that scans an iPhone for the Duh worm (we detect it as Iph/Duh on other platforms) however the app would obviously have to be approved by Apple to enter their AppStore. I'm not sure how long that process would take, or if it would be approved."
"The only alternative - ironically - would be for us to make it available as an unauthorised app, meaning that iPhone users would have to jailbreak their iPhones to scan them for security problems. This is obviously not ideal," he added.
Mikko Hypponen, chief research officer at F-Secure, criticised Apple for failing to tackle the nascent mobile malware problem more proactively. He contrasts Apple's stance with the more go-ahead attitude of other smartphone manufacturers that rely on the Symbian platform - such as Sony Ericsson - in a blog posting here. ®
Bootnote
Trend Micro has a browser add-on called SmartSurf, available via Apple's AppStore, to protect iPhone users from malicious websites. Cisco has a security dashboard product targeted at iPhone users, tasked with looking after corporate security on enterprise networks. However nether of these are anti-malware products for the iPhone, which remain a glint in the eye of anti-virus developers and (doubtless) the marketing departments of security firms.
Symantec Japan website bamboozled by hacker
By John Leyden
The Register
23rd November 2009
A Symantec-run website was vulnerable to Blind SQL Injection problems that reportedly exposes a wealth of potentially sensitive information.
Romanian hacker Unu used off-the-shelf tools (Pangolin and sqlmap) to steal a glimpse at the database behind Symantec's Japanese website. A peek at the Symantec store revealed by the hack appears to show clear-text passwords associated with customer records. Product keys held on a Symantec server in Japan were also exposed by the hack.
Unu has previously exposed similar problems involving the websites of the UK's parliament and Kaspersky, among many others. The grey-hat hacker has published screenshots to back up his latest claims which, if verified, run deeper than shortcomings on the websites of Kaspersky, F-secure and other security firms previously reported by Unu.
Symantec said it was investigating the reported breach, which Unu claims gave him full disk and database access. The security giant said the vulnerability only affected a website used by consumer customers in the Far East. Symantec admitted there was a problem without commenting on how serious the snafu might be, pending the result of an investigation.
The offending site - pcd.symantec.com - has been taken offline pending the addition of extra security defences.
The Register
23rd November 2009
A Symantec-run website was vulnerable to Blind SQL Injection problems that reportedly exposes a wealth of potentially sensitive information.
Romanian hacker Unu used off-the-shelf tools (Pangolin and sqlmap) to steal a glimpse at the database behind Symantec's Japanese website. A peek at the Symantec store revealed by the hack appears to show clear-text passwords associated with customer records. Product keys held on a Symantec server in Japan were also exposed by the hack.
Unu has previously exposed similar problems involving the websites of the UK's parliament and Kaspersky, among many others. The grey-hat hacker has published screenshots to back up his latest claims which, if verified, run deeper than shortcomings on the websites of Kaspersky, F-secure and other security firms previously reported by Unu.
Symantec said it was investigating the reported breach, which Unu claims gave him full disk and database access. The security giant said the vulnerability only affected a website used by consumer customers in the Far East. Symantec admitted there was a problem without commenting on how serious the snafu might be, pending the result of an investigation.
The offending site - pcd.symantec.com - has been taken offline pending the addition of extra security defences.
Inside the Ring - Chinese, Russian cyberwarfare
By Bill Gertz
INSIDE THE RING
November 19, 2009
[...]
Chinese, Russian cyberwarfare
The Pentagon's National Defense University recently published a groundbreaking book that is one of the few U.S. government documents to highlight the cyberwarfare capabilities of both China and Russia.
The book "Cyberpower and National Security" contains a chapter on the issue revealing that China's computer attack capabilities have become "more visible and troubling" in recent years. "China has launched an unknown number of cyber reconnaissance and offensive events with unknown intent against a variety of countries," the chapter said.
Among the most important attacks were the 2005 cyber espionage attacks against Pentagon computer networks that federal investigators code-named Titan Rain. Another Chinese-origin attack involved computer operations against the U.S. Naval War College in 2006 that shut down systems.
According to the chapter, China's military strategists regard cyberwarfare as an important element of "pre-emptive" warfare capabilities.
Chinese military analysts Peng Guangqian and Yao Youzhi are quoted as saying China plans to use several types of pre-emptive attacks in a future conflict, including "striking the enemy's information center of gravity and weakening combat efficiency of his information systems and cyberized weapons" with the goal of weakening information superiority and reducing combat efficiency.
INSIDE THE RING
November 19, 2009
[...]
Chinese, Russian cyberwarfare
The Pentagon's National Defense University recently published a groundbreaking book that is one of the few U.S. government documents to highlight the cyberwarfare capabilities of both China and Russia.
The book "Cyberpower and National Security" contains a chapter on the issue revealing that China's computer attack capabilities have become "more visible and troubling" in recent years. "China has launched an unknown number of cyber reconnaissance and offensive events with unknown intent against a variety of countries," the chapter said.
Among the most important attacks were the 2005 cyber espionage attacks against Pentagon computer networks that federal investigators code-named Titan Rain. Another Chinese-origin attack involved computer operations against the U.S. Naval War College in 2006 that shut down systems.
According to the chapter, China's military strategists regard cyberwarfare as an important element of "pre-emptive" warfare capabilities.
Chinese military analysts Peng Guangqian and Yao Youzhi are quoted as saying China plans to use several types of pre-emptive attacks in a future conflict, including "striking the enemy's information center of gravity and weakening combat efficiency of his information systems and cyberized weapons" with the goal of weakening information superiority and reducing combat efficiency.
Microsoft warns of IE exploit code in the wild
By Elinor Mills
InSecurity Complex
CNet News
November 23, 2009
Microsoft on Monday said it is investigating a possible vulnerability in Internet Explorer after exploit code that allegedly can be used to take control of computers, if they visit a Web site hosting the code, was posted to a security mailing list.
Microsoft confirmed that the exploit code affects IE 6 and IE 7, but not IE 8, and it said it is "currently unaware of any attacks trying to use the claimed vulnerability or of customer impact," according to a statement.
The exploit code was published to the BugTraq mailing list on Friday with no explanation.
"The exploit targets a vulnerability in the way Internet Explorer uses Cascading Style Sheet (CSS) information. CSS is used in many Web pages to define the presentation of the sites' content," Symantec wrote in a blog post this weekend.
[...]
InSecurity Complex
CNet News
November 23, 2009
Microsoft on Monday said it is investigating a possible vulnerability in Internet Explorer after exploit code that allegedly can be used to take control of computers, if they visit a Web site hosting the code, was posted to a security mailing list.
Microsoft confirmed that the exploit code affects IE 6 and IE 7, but not IE 8, and it said it is "currently unaware of any attacks trying to use the claimed vulnerability or of customer impact," according to a statement.
The exploit code was published to the BugTraq mailing list on Friday with no explanation.
"The exploit targets a vulnerability in the way Internet Explorer uses Cascading Style Sheet (CSS) information. CSS is used in many Web pages to define the presentation of the sites' content," Symantec wrote in a blog post this weekend.
[...]
Tuesday 17 November 2009
Kaspersky Internet Security ID Vault Bundle
Kaspersky Internet Security ID Vault Bundle
Purchase Internet Security and receive ID Vault for FREE!
A limited time offer Offer Expires 12/31/09
Coupon Code: No Code Needed!
Purchase Internet Security and receive ID Vault for FREE!
A limited time offer Offer Expires 12/31/09
Coupon Code: No Code Needed!
Researcher Hacks Twittter Using SSL Vulnerability
By Brian Prince
eWEEK.com
2009-11-16
A security researcher has demonstrated how attackers could use a newly discovered vulnerability in the Secure Sockets Layer protocol to launch an attack on Twitter.
The researcher, Anil Kurmus, posted details of the attack to his blog, The Secure Goose, Nov. 10. The exploit takes advantage of a vulnerability reported Nov. 5 by researchers from PhoneFactor. Although the security hole Kurmus took advantage of has reportedly been closed by Twitter, one of the researchers at PhoneFactor who discovered the bug said the exploit underscores the flaw's significance.
The exploit takes advantage of an SSL renegotiation issue. According to PhoneFactor, the vulnerability partially invalidates the SSL lock and enables attackers to launch attacks that could compromise a variety of sites that use SSL for security.including banking sites, and back-office systems that use Web services-based protocols.
In a paper, PhoneFactor researchers Steve Dispensa and Marsh Ray explained (PDF) that the vulnerability allows a man-in-the-middle attack to inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream. This in turn can lead to a variety of abuses, they contended.
eWEEK.com
2009-11-16
A security researcher has demonstrated how attackers could use a newly discovered vulnerability in the Secure Sockets Layer protocol to launch an attack on Twitter.
The researcher, Anil Kurmus, posted details of the attack to his blog, The Secure Goose, Nov. 10. The exploit takes advantage of a vulnerability reported Nov. 5 by researchers from PhoneFactor. Although the security hole Kurmus took advantage of has reportedly been closed by Twitter, one of the researchers at PhoneFactor who discovered the bug said the exploit underscores the flaw's significance.
The exploit takes advantage of an SSL renegotiation issue. According to PhoneFactor, the vulnerability partially invalidates the SSL lock and enables attackers to launch attacks that could compromise a variety of sites that use SSL for security.including banking sites, and back-office systems that use Web services-based protocols.
In a paper, PhoneFactor researchers Steve Dispensa and Marsh Ray explained (PDF) that the vulnerability allows a man-in-the-middle attack to inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream. This in turn can lead to a variety of abuses, they contended.
Obama said to be close again to naming cybersecurity chief
By Jaikumar Vijayan
Computerworld
November 16, 2009
The Obama administration is once again reported to be close to naming a White House cybersecurity coordinator.
A story in the Federal Times, quoting unnamed sources, said that an announcement could come as soon as Thanksgiving.
The two people in the running for the post are Frank Kramer, a former assistant secretary of defense during the Clinton administration, and Howard Schmidt, a former White House cybersecurity adviser and corporate chief security officer (CSO), the report says. Both are names that have been mentioned as likely candidates for the position for several months.
This is not the first time that the White House has been rumored to be close to announcing its pick. In September, Reuters reported that an announcement was imminent. When that did not happen, some security analysts suggested that the White House could be waiting for October to make the announcement because the month had been designated as a "cybersecurity month."
Computerworld
November 16, 2009
The Obama administration is once again reported to be close to naming a White House cybersecurity coordinator.
A story in the Federal Times, quoting unnamed sources, said that an announcement could come as soon as Thanksgiving.
The two people in the running for the post are Frank Kramer, a former assistant secretary of defense during the Clinton administration, and Howard Schmidt, a former White House cybersecurity adviser and corporate chief security officer (CSO), the report says. Both are names that have been mentioned as likely candidates for the position for several months.
This is not the first time that the White House has been rumored to be close to announcing its pick. In September, Reuters reported that an announcement was imminent. When that did not happen, some security analysts suggested that the White House could be waiting for October to make the announcement because the month had been designated as a "cybersecurity month."
Report: Countries prepping for cyber war
By Elinor Mills
InSecurity Complex
CNet News
November 16, 2009
Major countries and nation-states are engaged in a "Cyber Cold War,"
amassing "cyber weapons," conducting espionage, and testing networks in preparation for using the Internet to conduct war, according to a new report to be released on Tuesday by McAfee.
In particular, countries gearing up for cyber offensives are the U.S., Israel, Russia, China, and France, the says the report, compiled by former White House Homeland Security adviser Paul Kurtz and based on interviews with more than 20 experts in international relations, national security and Internet security.
"We don't believe we've seen cases of cyber warfare," said Dmitri Alperovitch, vice president of threat research at McAfee. "Nations have been reluctant to use those capabilities because of the likelihood that [a big cyber attack] could do harm to their own country. The world is so interconnected these days."
Threats of cyber warfare have been hyped for decades. There have been unauthorized penetrations into government systems since the early ARPANET days and it has long been known that the U.S. critical infrastructure is vulnerable.
InSecurity Complex
CNet News
November 16, 2009
Major countries and nation-states are engaged in a "Cyber Cold War,"
amassing "cyber weapons," conducting espionage, and testing networks in preparation for using the Internet to conduct war, according to a new report to be released on Tuesday by McAfee.
In particular, countries gearing up for cyber offensives are the U.S., Israel, Russia, China, and France, the says the report, compiled by former White House Homeland Security adviser Paul Kurtz and based on interviews with more than 20 experts in international relations, national security and Internet security.
"We don't believe we've seen cases of cyber warfare," said Dmitri Alperovitch, vice president of threat research at McAfee. "Nations have been reluctant to use those capabilities because of the likelihood that [a big cyber attack] could do harm to their own country. The world is so interconnected these days."
Threats of cyber warfare have been hyped for decades. There have been unauthorized penetrations into government systems since the early ARPANET days and it has long been known that the U.S. critical infrastructure is vulnerable.
A different kind of antiviral donation for Africa
Africa is suffering from yet another plague: this one infects their computers instead of their communities.
Chris Michael, writing in the English newspaper The Guardian in August 2009, summarized the situation as follows: "...Africa has become a hive of [T]rojans, worms and exploiters of all stripes. As PC use on the continent has spread in the past decade (in Ethiopia it has gone from 0.01% of the Ethiopian population to 0.45% through 1999-2008), viruses have hitched a ride, wreaking havoc on development efforts, government programmes and fledgling businesses."
Michael points out that African organizations can hardly afford to pay $50 per year per computer for virus protection, and thus computers all over the continent are sinking into unusability. Organizations lose critical documents ("an agriculture bureau employee ... lost the multi-year plan for agricultural improvements for the Benishangul-Gumuz region, Ethiopia's fourth poorest area"), suffer slow access to the Internet ("it is not unusual to wait 10 minutes to access a single [W]eb page"), randomly reboot computers, and destroy files.
Alan Mercer, a computer specialist with Voluntary Service Overseas (VSO), is bitter about the effect of (mostly Chinese) virus writers on his African clients:
"I'd take them to Ethiopia," Mercer says. "I'd show them the man who lost his agricultural development plan to the virus he wrote. Then I'd show him the kids who will die in two years because the agricultural reforms came too late and the annual harvest failed because the agricultural development plan at the regional agricultural bureau was destroyed by his virus."
Chris Michael, writing in the English newspaper The Guardian in August 2009, summarized the situation as follows: "...Africa has become a hive of [T]rojans, worms and exploiters of all stripes. As PC use on the continent has spread in the past decade (in Ethiopia it has gone from 0.01% of the Ethiopian population to 0.45% through 1999-2008), viruses have hitched a ride, wreaking havoc on development efforts, government programmes and fledgling businesses."
Michael points out that African organizations can hardly afford to pay $50 per year per computer for virus protection, and thus computers all over the continent are sinking into unusability. Organizations lose critical documents ("an agriculture bureau employee ... lost the multi-year plan for agricultural improvements for the Benishangul-Gumuz region, Ethiopia's fourth poorest area"), suffer slow access to the Internet ("it is not unusual to wait 10 minutes to access a single [W]eb page"), randomly reboot computers, and destroy files.
Alan Mercer, a computer specialist with Voluntary Service Overseas (VSO), is bitter about the effect of (mostly Chinese) virus writers on his African clients:
"I'd take them to Ethiopia," Mercer says. "I'd show them the man who lost his agricultural development plan to the virus he wrote. Then I'd show him the kids who will die in two years because the agricultural reforms came too late and the annual harvest failed because the agricultural development plan at the regional agricultural bureau was destroyed by his virus."
Police probe breach of NHS smartcard security as e-records launched in London
By Tony Collins
ComputerWeekly.com
16 Nov 2009
An NHS trust at the forefront of work on the 12.7bn NHS IT scheme has called in police after a breach of smartcard security compromised the confidentiality of hundreds of electronic records.
Patients in Hull have expressed their dismay that an unauthorised NHS employee has accessed their confidential records; and the local primary care trust, NHS Hull, says it is "shocked" at the breach of security by a member of staff who has since left.
Details of the breach emerged as health officials in London were, in an unrelated event, telling journalists about the start of a roll-out of electronic records across London, as part of the National Programme for IT [NPfIT].
The roll-out is part of plans by the Department of Health to create for 50 million people in England an electronic "summary" medical record on a central database run by BT.
But doctors say that the breach of security at NHS Hull shows that an insider with a smartcard can access confidential electronic records without authorisation, if the person is determined to do so.
ComputerWeekly.com
16 Nov 2009
An NHS trust at the forefront of work on the 12.7bn NHS IT scheme has called in police after a breach of smartcard security compromised the confidentiality of hundreds of electronic records.
Patients in Hull have expressed their dismay that an unauthorised NHS employee has accessed their confidential records; and the local primary care trust, NHS Hull, says it is "shocked" at the breach of security by a member of staff who has since left.
Details of the breach emerged as health officials in London were, in an unrelated event, telling journalists about the start of a roll-out of electronic records across London, as part of the National Programme for IT [NPfIT].
The roll-out is part of plans by the Department of Health to create for 50 million people in England an electronic "summary" medical record on a central database run by BT.
But doctors say that the breach of security at NHS Hull shows that an insider with a smartcard can access confidential electronic records without authorisation, if the person is determined to do so.
GMH data breached in stolen laptop
By Laura Matthews
Pacific Daily News
November 17, 2009
The Guam Memorial Hospital suffered an information breach when a laptop containing unsecured health information was stolen in late October.
It wasn't until late last week that they found out the machine contained a file with personal information for approximately 2,000 employees, volunteers, contractors and physicians.
Their names, the date of their last physical examinations and their vaccination, Tuberculosis and Hepatitis B statuses were contained in the machine, which was being used by the GMH Employee Health Office.
"No patients were affected, only the people seen by the Employee Health Office," said Connor Murphy, the hospital's spokesman. "No social security numbers, addresses, dates of birth or financial information was breached. From the feedback I am getting, this is what people are most worried about."
The machine wasn't password-protected.
Pacific Daily News
November 17, 2009
The Guam Memorial Hospital suffered an information breach when a laptop containing unsecured health information was stolen in late October.
It wasn't until late last week that they found out the machine contained a file with personal information for approximately 2,000 employees, volunteers, contractors and physicians.
Their names, the date of their last physical examinations and their vaccination, Tuberculosis and Hepatitis B statuses were contained in the machine, which was being used by the GMH Employee Health Office.
"No patients were affected, only the people seen by the Employee Health Office," said Connor Murphy, the hospital's spokesman. "No social security numbers, addresses, dates of birth or financial information was breached. From the feedback I am getting, this is what people are most worried about."
The machine wasn't password-protected.
Monday 16 November 2009
14 tech firms form cybersecurity alliance for government
By Wyatt Kash
GCN.com
Nov 12, 2009
Thirteen leading technology providers, together with Lockheed Martin, today announced the formation of a new cybersecurity technology alliance. The announcement coincided with the opening of a new NexGen Cyber Innovation and Technology Center in Gaithersburg, Md., designed to test and develop new information and cybersecurity solutions for government and commercial customers.
The alliance represents a significant commitment on the part of competing technology companies to work collaboratively on new ways to detect and protect against cyber threats and develop methods that could automatically repair network systems quickly after being attacked.
The companies participating in the Cyber Security Alliance include APC by Schneider Electric, CA, Cisco, Dell, EMC Corp. and its RSA security division, HP, Intel, Juniper Networks, McAfee, Microsoft, NetApp, Symantec and VMware.
Art Coviello, EMC executive vice president and president of RSA, speaking on behalf of the new alliance at the center.s dedication ceremony, highlighted the importance of combining the strengths of the companies at the NexGen center.
GCN.com
Nov 12, 2009
Thirteen leading technology providers, together with Lockheed Martin, today announced the formation of a new cybersecurity technology alliance. The announcement coincided with the opening of a new NexGen Cyber Innovation and Technology Center in Gaithersburg, Md., designed to test and develop new information and cybersecurity solutions for government and commercial customers.
The alliance represents a significant commitment on the part of competing technology companies to work collaboratively on new ways to detect and protect against cyber threats and develop methods that could automatically repair network systems quickly after being attacked.
The companies participating in the Cyber Security Alliance include APC by Schneider Electric, CA, Cisco, Dell, EMC Corp. and its RSA security division, HP, Intel, Juniper Networks, McAfee, Microsoft, NetApp, Symantec and VMware.
Art Coviello, EMC executive vice president and president of RSA, speaking on behalf of the new alliance at the center.s dedication ceremony, highlighted the importance of combining the strengths of the companies at the NexGen center.
Kaspersky Internet Security SugarSync Bundle
Get 10gb free back up from SugarSync with Kaspersky Internet Security Purchase
Get 10gb free back up from SugarSync with Kaspersky Internet Security Purchase and save $29.99 Offer Expires 11/28/09
Coupon Code: no code needed
Get 10gb free back up from SugarSync with Kaspersky Internet Security Purchase and save $29.99 Offer Expires 11/28/09
Coupon Code: no code needed
Kaspersky AntiVirus 2010 and ID Vault Bundle
Kaspersky AntiVirus and ID Vault Bundle
Purchase AntiVirus and receive ID Vault for free! A limited time offer! Offer Expires 12/31/09
Coupon Code: No Code Needed!
Purchase AntiVirus and receive ID Vault for free! A limited time offer! Offer Expires 12/31/09
Coupon Code: No Code Needed!
DNS problem linked to DDoS attacks gets worse
By Robert McMillan
IDG News Service
November 13, 2009
Internet security experts say that misconfigured DSL and cable modems are worsening a well-known problem with the Internet's DNS (domain name system), making it easier for hackers to launch distributed denial-of-service (DDoS) attacks against their victims.
According to research set to be released in the next few days, part of the problem is blamed on the growing number of consumer devices on the Internet that are configured to accept DNS queries from anywhere, what networking experts call an "open recursive" or "open resolver" system.
As more consumers demand broadband Internet, service providers are rolling out modems configured this way to their customers said Cricket Liu, vice president of architecture with Infoblox, the DNS appliance company that sponsored the research. "The two leading culprits we found were Telefonica and France Telecom," he said.
In fact, the percentage of DNS systems on the Internet that are configured this way has jumped from around 50% in 2007, to nearly 80% this year, according to Liu.
Though he hasn't seen the Infoblox data, Georgia Tech Researcher David Dagon agreed that open recursive systems are on the rise, in part because of "the increase in home network appliances that allow multiple computers on the Internet."
IDG News Service
November 13, 2009
Internet security experts say that misconfigured DSL and cable modems are worsening a well-known problem with the Internet's DNS (domain name system), making it easier for hackers to launch distributed denial-of-service (DDoS) attacks against their victims.
According to research set to be released in the next few days, part of the problem is blamed on the growing number of consumer devices on the Internet that are configured to accept DNS queries from anywhere, what networking experts call an "open recursive" or "open resolver" system.
As more consumers demand broadband Internet, service providers are rolling out modems configured this way to their customers said Cricket Liu, vice president of architecture with Infoblox, the DNS appliance company that sponsored the research. "The two leading culprits we found were Telefonica and France Telecom," he said.
In fact, the percentage of DNS systems on the Internet that are configured this way has jumped from around 50% in 2007, to nearly 80% this year, according to Liu.
Though he hasn't seen the Infoblox data, Georgia Tech Researcher David Dagon agreed that open recursive systems are on the rise, in part because of "the increase in home network appliances that allow multiple computers on the Internet."
Little to Show for $433 MM Infosec Investment
By Eric Chabrow
Managing Editor
Gov InfoSecurity
November 13, 2009
Los Alamos National Laboratory has spent $433 million to secure its classified computer network between fiscal years 2001 and 2008, according to a report issued Friday by the Government Accountability Office, yet significant weaknesses remain in safeguarding the confidentiality, integrity and availability of information stored on and transmitted over its classified computer network.
The audit, requested by the House Committee on Energy and Commerce, cites Los Alamos' management as saying funding for its core classified cybersecurity program has been inadequate for implementing an effective program during fiscal years 2007 and 2008.
"LANL's security plans and test plans were neither comprehensive nor detailed enough to identify certain critical weaknesses on the classified network," the GAO said in its 39-page report.
The Energy Department-run laboratory in Los Alamos, N.M., also known as LANL, is among the world's largest science and technology institutions that conduct multidisciplinary research for fields such as national security, outer space, renewable energy, medicine, nanotechnology and supercomputing. Along with the Lawrence Livermore National Laboratory, LANL is one of two labs in the United States where classified work designing nuclear weapons takes place.
Managing Editor
Gov InfoSecurity
November 13, 2009
Los Alamos National Laboratory has spent $433 million to secure its classified computer network between fiscal years 2001 and 2008, according to a report issued Friday by the Government Accountability Office, yet significant weaknesses remain in safeguarding the confidentiality, integrity and availability of information stored on and transmitted over its classified computer network.
The audit, requested by the House Committee on Energy and Commerce, cites Los Alamos' management as saying funding for its core classified cybersecurity program has been inadequate for implementing an effective program during fiscal years 2007 and 2008.
"LANL's security plans and test plans were neither comprehensive nor detailed enough to identify certain critical weaknesses on the classified network," the GAO said in its 39-page report.
The Energy Department-run laboratory in Los Alamos, N.M., also known as LANL, is among the world's largest science and technology institutions that conduct multidisciplinary research for fields such as national security, outer space, renewable energy, medicine, nanotechnology and supercomputing. Along with the Lawrence Livermore National Laboratory, LANL is one of two labs in the United States where classified work designing nuclear weapons takes place.
The Cyberwar Plan
By Shane Harris
National Journal
Nov. 14, 2009
Cover Story
In May 2007, President Bush authorized the National Security Agency, based at Fort Meade, Md., to launch a sophisticated attack on an enemy thousands of miles away without firing a bullet or dropping a bomb.
At the request of his national intelligence director, Bush ordered an NSA cyberattack on the cellular phones and computers that insurgents in Iraq were using to plan roadside bombings. The devices allowed the fighters to coordinate their strikes and, later, post videos of the attacks on the Internet to recruit followers. According to a former senior administration official who was present at an Oval Office meeting when the president authorized the attack, the operation helped U.S.
forces to commandeer the Iraqi fighters' communications system. With this capability, the Americans could deceive their adversaries with false information, including messages to lead unwitting insurgents into the fire of waiting U.S. soldiers.
Former officials with knowledge of the computer network attack, all of whom requested anonymity when discussing intelligence techniques, said that the operation helped turn the tide of the war. Even more than the thousands of additional ground troops that Bush ordered to Iraq as part of the 2007 "surge," they credit the cyberattacks with allowing military planners to track and kill some of the most influential insurgents. The cyber-intelligence augmented information coming in from unmanned aerial drones as well as an expanding network of human spies. A Pentagon spokesman declined to discuss the operation.
Bush's authorization of "information warfare," a broad term that encompasses computerized attacks, has been previously reported by National Journal and other publications. But the details of specific operations that specially trained digital warriors waged through cyberspace aren't widely known, nor has the turnaround in the Iraq ground war been directly attributed to the cyber campaign. The reason that cyber techniques weren't used earlier may have to do with the military's long-held fear that such warfare can quickly spiral out of control. Indeed, in the months before the U.S. invasion of Iraq in March 2003, military planners considered a computerized attack to disable the networks that controlled Iraq's banking system, but they backed off when they realized that those networks were global and connected to banks in France.
Protect Yourself! Limited Offer.
Kaspersky Internet Security ID Vault Bundle
Purchase Internet Security and receive ID Vault for FREE!
A limited time offer Offer Expires 12/31/09
Coupon Code: No Code Needed!
Purchase Internet Security and receive ID Vault for FREE!
A limited time offer Offer Expires 12/31/09
Coupon Code: No Code Needed!
Thursday 12 November 2009
Microsoft probing Windows 7 zero-day hole
By Elinor Mills
InSecurity Complex
CNet News
November 11, 2009
Microsoft said on Wednesday it is looking into a report of a vulnerability in Windows 7 and Server 2008 Release 2 that could be used by an attacker to remotely crash the computer.
The company is investigating claims of a "possible denial-of-service vulnerability in Windows Server Message Block (SMB)," the Microsoft spokesperson said, adding that the company was unaware of any attacks trying to exploit the hole.
The bug triggers an infinite loop on the Server Message Block (SMB) protocol used for sharing files in Windows, researcher Laurent Gaffi wrote in a posting on the Full-Disclosure mailing list and on a blog.
"Whatever your firewall is set to, you can get remotely smashed via IE or even via some broadcasting NBNS [NetBIOS Naming Service] tricks,"
Gaffi wrote.
[...]
InSecurity Complex
CNet News
November 11, 2009
Microsoft said on Wednesday it is looking into a report of a vulnerability in Windows 7 and Server 2008 Release 2 that could be used by an attacker to remotely crash the computer.
The company is investigating claims of a "possible denial-of-service vulnerability in Windows Server Message Block (SMB)," the Microsoft spokesperson said, adding that the company was unaware of any attacks trying to exploit the hole.
The bug triggers an infinite loop on the Server Message Block (SMB) protocol used for sharing files in Windows, researcher Laurent Gaffi wrote in a posting on the Full-Disclosure mailing list and on a blog.
"Whatever your firewall is set to, you can get remotely smashed via IE or even via some broadcasting NBNS [NetBIOS Naming Service] tricks,"
Gaffi wrote.
[...]
How to DDOS a federal wiretap
By Robert McMillan
November 11, 2009
IDG News Service
Researchers at the University of Pennsylvania say they've discovered a way to circumvent the networking technology used by law enforcement to tap phone lines in the U.S.
The flaws they've found "represent a serious threat to the accuracy and completeness of wiretap records used for both criminal investigation and as evidence in trial," the researchers say in their paper, set to be presented Thursday at a computer security conference in Chicago.
Following up on earlier work on evading analog wiretap devices called loop extenders, the Penn researchers took a deep look at the newer technical standards used to enable wiretapping on telecommunication switches. They found that while these newer devices probably don't suffer from many of the bugs they'd found in the loop extender world, they do introduce new flaws. In fact, wiretaps could probably be rendered useless if the connection between the switches and law enforcement are overwhelmed with useless data, something known as a denial of service (DOS) attack.
Four years ago, the University of Pennsylvania team made headlines after hacking an analog loop extender device they'd bought on eBay. This time, the team wanted to look at newer devices, but they couldn't get a hold of a switch. So instead they took a close look at the telecommunication industry standard -- ANSI Standard J-STD-025 -- that defines how switches should transmit wiretapped information to authorities. This standard was developed in the 1990s to spell out how telecommunications companies could comply with the 1994 Communications Assistance for Law Enforcement Act (CALEA).
November 11, 2009
IDG News Service
Researchers at the University of Pennsylvania say they've discovered a way to circumvent the networking technology used by law enforcement to tap phone lines in the U.S.
The flaws they've found "represent a serious threat to the accuracy and completeness of wiretap records used for both criminal investigation and as evidence in trial," the researchers say in their paper, set to be presented Thursday at a computer security conference in Chicago.
Following up on earlier work on evading analog wiretap devices called loop extenders, the Penn researchers took a deep look at the newer technical standards used to enable wiretapping on telecommunication switches. They found that while these newer devices probably don't suffer from many of the bugs they'd found in the loop extender world, they do introduce new flaws. In fact, wiretaps could probably be rendered useless if the connection between the switches and law enforcement are overwhelmed with useless data, something known as a denial of service (DOS) attack.
Four years ago, the University of Pennsylvania team made headlines after hacking an analog loop extender device they'd bought on eBay. This time, the team wanted to look at newer devices, but they couldn't get a hold of a switch. So instead they took a close look at the telecommunication industry standard -- ANSI Standard J-STD-025 -- that defines how switches should transmit wiretapped information to authorities. This standard was developed in the 1990s to spell out how telecommunications companies could comply with the 1994 Communications Assistance for Law Enforcement Act (CALEA).
Alleged $9 Million Hacking Ring Exposed
By Tim Wilson
DarkReading
Nov 11, 2009
A group of alleged hackers from Eastern Europe has been indicted on charges of hacking into a computer network operated by the Atlanta-based credit card processing company RBS WorldPay, which is part of the Royal Bank of Scotland.
Eight individuals, mostly from Russia and Estonia, have been charged.
The 16-count indictment charges four of the defendants with conspiracy to commit wire fraud, wire fraud, conspiracy to commit computer fraud, computer fraud, access device fraud, and aggravated identity theft.
The indictment alleges the group used sophisticated hacking techniques to compromise the data encryption that was used by RBS WorldPay to protect customer data on payroll debit cards. Payroll debit cards are used by various companies to pay their employees. By using a payroll debit card, employees are able to withdraw their regular salaries from an ATM.
Once the encryption on the card processing system was compromised, the hacking ring allegedly raised the account limits on compromised accounts, and then provided a network of "cashers" with 44 counterfeit payroll debit cards, which were used to withdraw more than $9 million from more than 2,100 ATMs in at least 280 cities worldwide, including cities in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan, and Canada. The $9 million loss occurred within a span of less than 12 hours.
The hackers then allegedly sought to destroy data stored on the card processing network in order to conceal their hacking activity. The indictment alleges that the "cashers" were allowed to keep 30 to 50 percent of the stolen funds, but transmitted the bulk of those funds back to the defendants. Upon discovering the unauthorized activity, RBS WorldPay immediately reported the breach.
[...]
DarkReading
Nov 11, 2009
A group of alleged hackers from Eastern Europe has been indicted on charges of hacking into a computer network operated by the Atlanta-based credit card processing company RBS WorldPay, which is part of the Royal Bank of Scotland.
Eight individuals, mostly from Russia and Estonia, have been charged.
The 16-count indictment charges four of the defendants with conspiracy to commit wire fraud, wire fraud, conspiracy to commit computer fraud, computer fraud, access device fraud, and aggravated identity theft.
The indictment alleges the group used sophisticated hacking techniques to compromise the data encryption that was used by RBS WorldPay to protect customer data on payroll debit cards. Payroll debit cards are used by various companies to pay their employees. By using a payroll debit card, employees are able to withdraw their regular salaries from an ATM.
Once the encryption on the card processing system was compromised, the hacking ring allegedly raised the account limits on compromised accounts, and then provided a network of "cashers" with 44 counterfeit payroll debit cards, which were used to withdraw more than $9 million from more than 2,100 ATMs in at least 280 cities worldwide, including cities in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan, and Canada. The $9 million loss occurred within a span of less than 12 hours.
The hackers then allegedly sought to destroy data stored on the card processing network in order to conceal their hacking activity. The indictment alleges that the "cashers" were allowed to keep 30 to 50 percent of the stolen funds, but transmitted the bulk of those funds back to the defendants. Upon discovering the unauthorized activity, RBS WorldPay immediately reported the breach.
[...]
Microsoft tries to clean up COFEE spill
By Kurt Mackie
GCN.com
Nov 11, 2009
Someone spilled hot COFEE, otherwise known as Microsoft's Computer Online Forensic Evidence Extractor.
The spill or leak was noted on Monday in reports from CrunchGear and Ars Technica. COFEE is a computer forensics solution that Microsoft provides for free to law enforcement agencies. It's really a collection of tools packaged together on a thumb drive for easy use by police on the scene of a crime or cybercrime.
Now, the software has somehow become expropriated, and it's found its way onto bit torrent sites.
Essentially, COFEE is now openly distributed as pirated software. The distribution was supposed to have been controlled through the National White Collar Crime Center or INTERPOL.
Microsoft confirmed the leak on Tuesday, stating that it plans to "mitigate unauthorized distribution of our technology beyond the means for which it's been legally provided," according to a statement from Richard Boscovich, senior attorney for Internet safety at Microsoft Corp. He discouraged people from downloading pirated COFEE software - not just because it's an unauthorized distribution, but because the copies could have been modified.
[...]
GCN.com
Nov 11, 2009
Someone spilled hot COFEE, otherwise known as Microsoft's Computer Online Forensic Evidence Extractor.
The spill or leak was noted on Monday in reports from CrunchGear and Ars Technica. COFEE is a computer forensics solution that Microsoft provides for free to law enforcement agencies. It's really a collection of tools packaged together on a thumb drive for easy use by police on the scene of a crime or cybercrime.
Now, the software has somehow become expropriated, and it's found its way onto bit torrent sites.
Essentially, COFEE is now openly distributed as pirated software. The distribution was supposed to have been controlled through the National White Collar Crime Center or INTERPOL.
Microsoft confirmed the leak on Tuesday, stating that it plans to "mitigate unauthorized distribution of our technology beyond the means for which it's been legally provided," according to a statement from Richard Boscovich, senior attorney for Internet safety at Microsoft Corp. He discouraged people from downloading pirated COFEE software - not just because it's an unauthorized distribution, but because the copies could have been modified.
[...]
Tuesday 10 November 2009
Brazilian Blackout Traced to Sooty Insulators, Not Hackers
By Marcelo Soares
Threat Level
Wired.com
November 9, 2009
A massive 2007 electrical blackout in Brazil newly blamed on computer hackers was actually the result of a utility company's negligent maintenance of high voltage insulators on two transmission lines, according to reports from government regulators and others who investigated the incident for more than a year.
In a broadcast Sunday night, the CBS news magazine 60 Minutes cited unnamed sources in making the extraordinary claim that a two-day outage in the state of Espirito Santo was triggered by hackers targeting a utility company's control systems. The blackout affected some three million people. Another, smaller blackout north of Rio de Janeiro in January 2005 was also caused by hackers, the network claimed.
Brazilian government officials over the weekend disputed the report, and Raphael Mandarino Jr., director of the Homeland Security Information and Communication Directorate, told the newspaper Folha de S.Paulo that he's investigated the claims and found no evidence of hacker attacks, adding that Brazil's electric control systems are not directly connected to the internet.
On Monday, Furnas Centrais Eltricas, the utility company involved, told Threat Level it "has no knowledge of hackers acting in Furnas. power transmission system."
A review of official reports from the utility, the country's independent system operators group and its energy regulatory agency turns up nothing to support the hacking claim.
[...]
Threat Level
Wired.com
November 9, 2009
A massive 2007 electrical blackout in Brazil newly blamed on computer hackers was actually the result of a utility company's negligent maintenance of high voltage insulators on two transmission lines, according to reports from government regulators and others who investigated the incident for more than a year.
In a broadcast Sunday night, the CBS news magazine 60 Minutes cited unnamed sources in making the extraordinary claim that a two-day outage in the state of Espirito Santo was triggered by hackers targeting a utility company's control systems. The blackout affected some three million people. Another, smaller blackout north of Rio de Janeiro in January 2005 was also caused by hackers, the network claimed.
Brazilian government officials over the weekend disputed the report, and Raphael Mandarino Jr., director of the Homeland Security Information and Communication Directorate, told the newspaper Folha de S.Paulo that he's investigated the claims and found no evidence of hacker attacks, adding that Brazil's electric control systems are not directly connected to the internet.
On Monday, Furnas Centrais Eltricas, the utility company involved, told Threat Level it "has no knowledge of hackers acting in Furnas. power transmission system."
A review of official reports from the utility, the country's independent system operators group and its energy regulatory agency turns up nothing to support the hacking claim.
[...]
Hackers attack Al-Watan's website
By Fatima Sidiya
Arab News
8 November 2009
JEDDAH: Al-Watan newspaper was hacked on Saturday by a group calling itself Moorish Team-Dz. The hackers said they supported Sheikh Saad bin Nasser Al-Shithri who was recently removed from his job following statements he made on Al-Majd TV channel against coeducation at King Abullah University for Science and Technology (KAUST).
Jamal Khashoggi, editor in chief of Al-Watan newspaper, had written in Al-Watan criticizing Al-Shithri's statements. He said, "This much ado about coeducation is in downright opposition to knowledge, scientific research and the information revolution which does not distinguish between female and male." Mohammad Al-Ghahtani the Head of the Technical Department at Al-Watan newspaper refused to call what happened "hacking."
He said it was the work of amateurs operating through servers located in Syria, Egypt and Algeria. When asked what the newspaper had done to protect its site, he said that when the hacking was discovered, the paper transferred to an alternate site. Due to the large number of hits the site receives every day, it had taken some time to rectify the situation.
However the website was up and running again by the evening. Asked if the incident would have any effect on the paper's editorial decisions, Al-Ghahtani said, "The policy of the newspaper is clear and this will not discourage the newspaper from expressing its views."
Arab News
8 November 2009
JEDDAH: Al-Watan newspaper was hacked on Saturday by a group calling itself Moorish Team-Dz. The hackers said they supported Sheikh Saad bin Nasser Al-Shithri who was recently removed from his job following statements he made on Al-Majd TV channel against coeducation at King Abullah University for Science and Technology (KAUST).
Jamal Khashoggi, editor in chief of Al-Watan newspaper, had written in Al-Watan criticizing Al-Shithri's statements. He said, "This much ado about coeducation is in downright opposition to knowledge, scientific research and the information revolution which does not distinguish between female and male." Mohammad Al-Ghahtani the Head of the Technical Department at Al-Watan newspaper refused to call what happened "hacking."
He said it was the work of amateurs operating through servers located in Syria, Egypt and Algeria. When asked what the newspaper had done to protect its site, he said that when the hacking was discovered, the paper transferred to an alternate site. Due to the large number of hits the site receives every day, it had taken some time to rectify the situation.
However the website was up and running again by the evening. Asked if the incident would have any effect on the paper's editorial decisions, Al-Ghahtani said, "The policy of the newspaper is clear and this will not discourage the newspaper from expressing its views."
Hackers blacked out Brazil: Report
Forwarded from: Simon Taplin
http://www.timeslive.co.za/scitech/article184124.ece
Nov 7, 2009 11:02 AM | By AFP
Massive power outages in Brazil in 2005 and 2007 that impacted millions were caused by cyber hackers attacking control systems, the US television network CBS says.
The CBS news program 60 Minutes said it had learned that the 2007 blackout in Espirito Santo State, which affected over three million people, and a smaller incident in Rio de Janeiro in 2005, were perpetrated by hackers.
The program, to be aired on Sunday, included the revelations as part of an investigation into the threat of cyber attacks on the United States.
Former Chief of US National Intelligence Mike McConnell told the 60 Minutes that he thought a similar attack is poised to take place on US soil.
If cyber hackers were able to infiltrate the US power grid, he said, “the United States is not prepared for such an attack."
Earlier this year the White House, State Department and Pentagon websites were among US government entities targeted in cyber attacks, amid suspicion that North Korea or its supporters are to blame.
In May South Korea and the United States agreed to cooperate in fighting cyber attacks against their defense networks.
Jim Lewis, director of the Center for Strategic and International Studies, emphasized to 60 Minutes that US cyber security has come under significant attack from foreign nations in the past few years, including a breach of the CENTCOM Network, the US command post heading the wars in Afghanistan and Iraq.
"We know it was a foreign country. We don't know which one — this was a very sophisticated set of skills," Lewis told CBS.
http://www.timeslive.co.za/scitech/article184124.ece
Nov 7, 2009 11:02 AM | By AFP
Massive power outages in Brazil in 2005 and 2007 that impacted millions were caused by cyber hackers attacking control systems, the US television network CBS says.
The CBS news program 60 Minutes said it had learned that the 2007 blackout in Espirito Santo State, which affected over three million people, and a smaller incident in Rio de Janeiro in 2005, were perpetrated by hackers.
The program, to be aired on Sunday, included the revelations as part of an investigation into the threat of cyber attacks on the United States.
Former Chief of US National Intelligence Mike McConnell told the 60 Minutes that he thought a similar attack is poised to take place on US soil.
If cyber hackers were able to infiltrate the US power grid, he said, “the United States is not prepared for such an attack."
Earlier this year the White House, State Department and Pentagon websites were among US government entities targeted in cyber attacks, amid suspicion that North Korea or its supporters are to blame.
In May South Korea and the United States agreed to cooperate in fighting cyber attacks against their defense networks.
Jim Lewis, director of the Center for Strategic and International Studies, emphasized to 60 Minutes that US cyber security has come under significant attack from foreign nations in the past few years, including a breach of the CENTCOM Network, the US command post heading the wars in Afghanistan and Iraq.
"We know it was a foreign country. We don't know which one — this was a very sophisticated set of skills," Lewis told CBS.
9 In 10 Web Apps Have Serious Flaws
By Thomas Claburn
InformationWeek
November 9, 2009
The number of software vulnerabilities detected has risen to the point that almost 9 out of 10 Web applications have flaws that could lead to the exposure of sensitive information.
Cenzic's "Web Application Security Trends Report Q1-Q2, 2009" report, released on Monday, says that more than 3,100 vulnerabilities were identified in the first half of the year, 10% more than the number identified in the second half of 2008.
Of the vulnerability total, 78% were Web application vulnerabilities, lower than in the second half of 2008 but higher than in the first half of last year.
The SANS Institute's Top Cyber Security Risks report, released in September, found that over 60% of attack attempts on the Internet target Web applications.
Ninety percent of the Web application vulnerabilities were in commercial Web apps and 8% were the browsers that run Web apps, Cenzic's report says.
[...]
InformationWeek
November 9, 2009
The number of software vulnerabilities detected has risen to the point that almost 9 out of 10 Web applications have flaws that could lead to the exposure of sensitive information.
Cenzic's "Web Application Security Trends Report Q1-Q2, 2009" report, released on Monday, says that more than 3,100 vulnerabilities were identified in the first half of the year, 10% more than the number identified in the second half of 2008.
Of the vulnerability total, 78% were Web application vulnerabilities, lower than in the second half of 2008 but higher than in the first half of last year.
The SANS Institute's Top Cyber Security Risks report, released in September, found that over 60% of attack attempts on the Internet target Web applications.
Ninety percent of the Web application vulnerabilities were in commercial Web apps and 8% were the browsers that run Web apps, Cenzic's report says.
[...]
Bot herders hide master control channel in Google cloud
By Dan Goodin in San Francisco
The Register
9th November 2009
Cyber criminals' love affair with cloud computing just got steamier with the discovery that Google's AppEngine was tapped to act as the master control channel that feeds commands to large networks of infected computers.
The custom application was used to relay download commands to PCs that had already been infected and made part of a botnet, said Jose Nazario, the manager of security research at Arbor Networks. Google shut down the rogue app shortly after being notified of it.
The discovery is the latest to highlight bot herders' growing embrace of the cloud, in which applications and data are hosted on large, publicly available servers instead of stand-alone machines. Last Friday, researchers from Symantec found a Facebook account pumping commands to zombie drones. And in August, Nazario found several Twitter accounts that were doing much the same thing.
Also on Monday, researchers from anti-virus provider Trend Micro reported that the massive Koobface botnet was abusing Google Reader to spam malicious links to Facebook and other social networking sites.
Microsoft COFEE Leaked ONLINE
By Kelly Jackson Higgins
DarkReading
Nov 09, 2009
A forensics tool built by Microsoft exclusively for law enforcement officials worldwide was posted to a file-sharing site, leaving the USB-based tool at risk of falling into the wrong hands.
COFEE is a free, USB-based set of tools, which Microsoft offers only to law enforcement, that plugs into a computer to gather evidence during an investigation. It lets an officer with little or no computer know-how use digital forensics tools to gather volatile evidence.
COFEE was posted, and then later removed, from at least one file-sharing site, but security experts say the cat is now out of the bag. While many forensics tools with similar functionality as Microsoft's Computer Online Forensic Evidence Extractor (COFEE) are available, security experts still worry the bad guys will use their access to the tool to figure out ways to circumvent it.
Chris Wysopal, CTO at Veracode, says the danger is that a detection tool will be written for COFEE so that the bad guys can cover their tracks.
"Someone will build a detector so that machines will wipe themselves or give rootkit-like fake answers if this USB is inserted into a computer,"
Wysopal says.
One researcher who got a copy of COFEE online says bad guys could abuse the tool by taking one of its DLLs and loading it into a compromised machine's memory, where it then dumps stored clear-text passwords to a file.
[...]
Subscribe to:
Posts (Atom)
