Monday, 25 January 2010

China hacks used as lure for more targeted attacks

By Jaikumar Vijayan
Computerworld
January 22, 2010

Malicious hackers have begun using the recent cyberattacks against Google and more than 30 other companies as lures for launching even more targeted attacks, security firm F-Secure said in a blog post today.

The company reported spoofed e-mails purporting to contain details on the alleged Chinese attacks that contain a PDF attachment. When opened, it installs and runs the Acrobat.exe backdoor on the user's machine.

A screen shot posted on F-Secure's Web site showed an e-mail designed to look like it came from George Washington University. The e-mail, with the subject header 'Chinese cyberattack,' offered the target a review of an article on the recent attacks that the purported author had just written for the Far Eastern Economic Review.

When the attached PDF is opened in Acrobat Reader, it exploits a known vulnerability in the doc.media.newPlayer function of the reader to install a back door on the user's system, F-Secure said. The flaw was patched by Adobe last week.

Microsoft, Aurora and something about forest and trees?

By jericho
1.24.2010
OSVDB Blog

Perhaps it is the fine tequila this evening, but I really don't get how our industry can latch on to the recent 'Aurora' incident and try to take Microsoft to task about it. The amount of news on this has been overwhelming, and I will try to very roughly summarize:

News surfaces Google, Adobe and 30+ companies hit by "0-day" attack

Google uses this for political overtones

Originally thought to be Adobe 0-day, revealed it was MSIE 0-day

Jan 14, confirmed it is MSIE vuln, shortly after dubbed "aurora"

Jan 21, uproar over MS knowing about the vuln since Sept

Now, here is where we get to the whole forest, trees and some analogy about eyesight. Oh, I'll warn (and surprise) you in advance, I am giving Microsoft the benefit of the doubt here (well, for half the blog post) and throwing this back at journalists and the security community instead. Let's look at this from a different angle.

The big issue that is newsworthy is that Microsoft knew of this vulnerability in September, and didn't issue a patch until late January.
What is not clear, is if Microsoft knew it was being exploited. The wording of the Wired article doesn't make it clear: "aware months ago of a critical security vulnerability well before hackers exploited it to breach Google, Adobe and other large U.S. companies" and "Microsoft confirmed it learned of the so-called 'zero-day' flaw months ago". Errr, nice wording. Microsoft was aware of the vulnerability (technically), before hackers exploited it, but doesn't specifically say if they KNEW hackers were exploiting it. Microsoft learned of the "0-day" months ago?
No, bad bad bad. This is taking an over-abused term and making it even worse. If a vulnerability is found and reported to the vendor before it is exploited, is it still 0-day (tree, forest, no one there to hear it falling)?

Short of Microsoft admitting they knew it was being exploited, we can only speculate. So, for fun, let's give them a pass on that one and assume it was like any other privately disclosed bug. They were working it like any other issue, fixing, patching, regression testing, etc. Good Microsoft!

Bad Microsoft! But, before you jump on the bandwagon, bad journalists!
Bad security community!

Botnets: "The Democratization of Espionage"

By Brian Krebs
CSO Online
January 22, 2010

The cyber attacks against Google, Adobe and a raft of other top U.S.
corporations late last year were by most accounts sophisticated and targeted attempts to steal proprietary data. But lost in all of the resulting media hoopla over who the remaining victims were and whether Chinese hackers or indeed the Chinese government itself were responsible is the simple, terrifying truth that individual hackers now have access to the same arsenal of cyber weapons once reserved only for nation states.

The weapons at issue are, of course, botnets -- agglomerations of remotely controlled, hacked computers that are used for a variety of criminal purposes, from spam, to high-powered, distributed online attacks against virtual targets. In these attacks, the botnets acted as a sort of "cloud" data collection and storage network.

I caught up recently with Roland Dobbins, a solutions architect with the Asia Pacific division of Arbor Networks, a company that specializes in helping customers defend against botnet attacks. Dobbins said the Google incident a perfect example of how the botnet has enabled what he calls the democratization of espionage.


Brian Krebs: What does that mean."the democratization of espionage"?

Roland Dobbins, Arbor Networks: Well, ten to fifteen years ago, if you were going to be the target of state sponsored or corporate espionage, you yourself were going to be a government or a large corporation that had intellectual property or information that an adversary was going to have to invest a lot of time and effort to pry out of you. What we have seen over the last five to seven years is that the botnet has democratized that process, so that now an individual can commit his own intelligence reconnaissance and espionage, whether at arms legth on behalf of a state, on his own, or whether he's doing it for corporate espionage. This whole process has tons of implications for national and corporate security, and for individual privacy.

[...]

Hackers strike again in attack on eateries

January 25, 2010
joongang.co.kr

Hackers cracked into the credit card processing networks of several popular restaurant chains in Korea from December through early this year, obtaining personal information from customers to make fake cards and ring up millions of won in purchases.

Authorities said the resulting monetary damage could exceed similar high-profile hacking incidents over the past two years, though they did not provide data on the chains involved or the estimated number of consumers affected.

The cyber crime unit of the national policy agency and local financial authorities said yesterday that the hackers manufactured fake credit cards based on the stolen information, charging roughly 190 million won
($165,794) in purchases abroad.

A Financial Supervisory Service official said the hacker made a total of 460 transactions with the fake credit cards.

Authorities alerted the credit card providers about the latest development, and the firms are now contacting affected customers and reissuing cards with new numbers.

It's the latest incident in a string of hacking attacks on local credit card payment networks over the past two years, deepening concern among consumers and companies alike.

Similar hacking attacks on several local retail chains - whose names were not revealed - in April 2008 forced some 20,000 Koreans to get new credit cards.

Hackers used the information gleaned in the attacks to produce fake cards, making 310 purchases worth 166 million won.

In August through September of last year, hackers obtained the credit card information of about 2,360 people who swept their cards in local restaurants and bar chains. In these cases, the hackers made purchases worth 78 million won using fake cards.

Industry officials said that the smaller chain businesses are particularly susceptible to these types of attacks, as they don't have as advanced security systems in place as their larger peers.

"The [credit card payment] processing networks of large business chains like big discount stores are relatively well protected in this regard,"
said one official at the Credit Finance Association of Korea. "But small and midsized chains are far more vulnerable in terms of securities measures."

In the face of intensifying hacking threats, the Financial Supervisory Service, the Credit Finance Association and credit card companies last month formed a joint task force team to come up with possible solutions to prevent such attacks.

Swiss Army Encryption Challenge Worth More Than $100K

By Andy Cordial
businesscomputingworld.co.uk
January 21st, 2010

News that am encrypted swiss army knife from manufacturers Victorinox remained uncracked - and a $100,000 prize went unclaimed - at the Consumer Electronics Show in Las Vegas this month comes as no surprise.

Even if someone had cracked the 2010 version of the famous Swiss Army knife, they would have obtained a lot more than $100,000 from other sources.

Victorinox, the manufacturers of the Swiss Army knife, which dates back to the late 1800s in its various forms, has made much of the unit's tamper-proof self-destruct mode, but the reality is that the crypto USB drive supports elliptical curve and AES encryption, which makes it almost impervious to crackers using current known technology.

The reputation of encryption technology has taken a battering with the revelations that the A5/1 and A5/3 crypto systems used on cellular networks have been compromised in the last few weeks, but the elliptical curve and especially the AES systems are still, I'm pleased to report, uncracked.

The AES encryption system is likely to remain uncracked for some time to come, as even Bruce Schneier - the renowned ITsec industry sceptic and researcher - said in his research last summer that "AES-128 provides more than enough security margin for the foreseeable future."

China denies involvement in Google cyberattacks

By Steven Musil
Security
CNet News
January 24, 2010

After warning of strained U.S.-China relations, China's government has issued a statement denying any state involvement in the cyber attacks on Google and some 30 other companies.

The statement, issued Monday Beijing time by China's Ministry of Industry and Information Technology and carried on the state news agency Xinhua, comes at a time of heightened tension between China and the United States over Internet censorship and security in China.

The "accusation that the Chinese government participated in (any) cyberattack, either in an explicit or inexplicit way, is groundless and aims to denigrate China," an unidentified ministry spokesman told Xinhua, according to an Agence France Presse report. "We are firmly opposed to that."

U.S. Secretary of State Hillary Rodham Clinton formally denounced Internet censorship in a speech Thursday that was directed both at the private and public sectors. For corporations, she said, "Censorship should not be accepted by any company from anywhere. American companies need to make a principled stand."

Friday, 22 January 2010

YOU CAN UPDATE YOUR IE EXPLORER NOW :)

It is now safe to update :)...

Microsoft Releases Critical Internet Explorer Patch

By Thomas Claburn
InformationWeek
January 21, 2010

Microsoft on Thursday released an out-of-band patch, MS10-002, to address eight vulnerabilities in Internet Explorer, a move prompted by the revelation last week that a series of cyber attacks from China on Google and some 33 other companies relied on a flaw in Microsoft's browser.

The eight vulnerabilities are rated "critical" in most cases and have an Exploitability Index rating of 1, meaning that exploit code is likely.
In fact, proof-of-concept exploit code has already been reported and malicious exploit code is circulating online.

Microsoft is urging customers to install this update as soon as possible. The vulnerabilities affect Internet Explorer versions 5-8 and Windows 2000, XP, Vista, 7, Server 2003, and Server 2008. The company maintains that it has only seen limited and targeted attacks against Internet Explorer 6. But other security companies see broader risk affecting users of Internet Explorer 7 and 8.

Symantec on Wednesday said that it had detected a new exploit that attempts to leverage one of Internet Explorer's current vulnerabilities.

DarkMarket Ringleader Pleads Guilty in London

By Kim Zetter
Threat Level
Wired.com
January 21, 2010

A former ringleader of a top internet carding site run secretly by the FBI has pleaded guilty in the United Kingdom.

Renukanth Subramaniam, aka JiLsi, was a former Pizza Hut delivery guy who helped run one of the leading English-language criminal sites, DarkMarket. The site operated as an international cyber-bazaar for more than 2,000 hackers, carders and identity thieves until it was closed in 2008.

Members of the site traded in stolen bank card and identification data.
They bought and sold specialized equipment for skimming card and PIN numbers, and for cloning data to blank cards. The activities on DarkMarket are estimated to have resulted in fraud amounting to tens of millions of dollars.

Subramaniam, a Sri Lankan–born British citizen who was arrested in 2007, pleaded guilty last week to charges of conspiracy to defraud and five counts of distributing false information. The conspiracy charge alone carries a possible 10-year prison term. Judge John Hillen warned that Subramaniam “inevitably” faces a “substantial custodial sentence.”

Users still make hacking easy with weak passwords

By Jaikumar Vijayan
Computerworld
January 21, 2010

In a report likely to make IT administrators tear out their hair, most users still rely on easy passwords, some as simple as "123456," to access their accounts.

A report released today by database security vendor Imperva Inc. serves as another reminder of why IT administrators need to enforce strong password policies on enterprise applications and systems.

Imperva's report is based on an analysis of 32 million passwords that were exposed in a recent database intrusion at RockYou Inc., a developer of several popular Facebook applications. The passwords, which belonged to users who had registered with RockYou, had been stored by the company in clear text on the compromised database. The hacker responsible for the intrusion later posted the entire list of 32 million passwords on the Internet.

An analysis of that list provides the latest confirmation that a majority of users still don't care about the strength of their passwords if they are left to choose them on their own.

[...]

Router glitch cripples California DMV network

By Elinor Mills
InSecurity Complex
CNET News
January 21, 2010

The California Department of Motor Vehicles department suffered a network outage on Thursday due to an equipment glitch, a state official said.

A router switch malfunctioned, said Bill Maile, spokesman for Office of Technology Services for the state of California.

"It's very rare," he said. "Our staff quickly diagnosed the problem and re-routed network traffic to restore connectivity."

The network was down for about two hours and was restored at about 1:40 p.m. PST, according to Maile.

Tuesday, 19 January 2010

ISPs could cut spam easily, says expert

By John E. Dunn
Techworld
18 January 10

Two simple techniques could be used to strangle botnets, a security expert has claimed. First, block email port 25 by default. Second, tell users when they are spewing spam from compromised PCs.

According to Trend Micro's CTO, Dave Rand, who is leading a campaign to reform the way ISPs approach the matter of botnets and spam, the two countries that adopted such techniques, The Netherlands and Turkey, have seen a huge reduction in the numbers of botnetted PCs.

According to his own figures and analysis, Turkey went from having around 1.7 million compromised PCs per month to only 35,000 after implementing techniques through its major ISP, Turk Telekom.

"They went from the number one spam source in the world to off the charts, said Rand. "They don't appear in the top 50 now."

Or alternativly, you can purchase 'Caretaker Antispam' available from iremove.nl

Companies Fight Endless War Against Computer Attacks

By STEVE LOHR
The New York Times
January 17, 2010

The recent computer attacks on the mighty Google left every corporate network in the world looking a little less safe.

Google's confrontation with China - over government censorship in general and specific attacks on its systems - is an exceptional case, of course, extending to human rights and international politics as well as high-tech spying. But the intrusion into Google's computers and related attacks from within China on some 30 other companies point to the rising sophistication of such assaults and the vulnerability of even the best defenses, security experts say.

"The Google case shines a bright light on what can be done in terms of spying and getting into corporate networks," said Edward M. Stroz, a former high-tech crime agent with the F.B.I. who now heads a computer security investigation firm in New York.

Computer security is an ever-escalating competition between so-called black-hat attackers and white-hat defenders. One of the attackers. main tools is malicious software, known as malware, which has steadily evolved in recent years. Malware was once mainly viruses and worms, digital pests that gummed up and sometimes damaged personal computers and networks.

Malware today, however, is likely to be more subtle and selective, nesting inside corporate networks. And it can be a tool for industrial espionage, transmitting digital copies of trade secrets, customer lists, future plans and contracts

Poisoned PDF pill used to attack US military contractors

By John Leyden
The Register
18th January 2010

Unidentified hackers are running an ongoing cyber-espionage attack targeting US military contractors

Booby-trapped PDF files, posing as messages from the US Department of Defense, were emailed to US defence contractors last week. The document refers to a real conference due to be held in Las Vegas in March.

Opening the malicious PDF file attached to the spoofed emails triggers an attempt to exploit an Adobe Reader vulnerability only patched by the software firm last Tuesday (12 January).

The infection of vulnerable systems opens up a backdoor that connects to a server hosted in Taiwan, though the hackers who set up the attack may potentially be located anywhere.

France, Germany Say Avoid IE Until Security Vulnerability Patched

By Brian Prince
eWEEK.com
2010-01-18

France and Germany are advising users to switch from Internet Explorer to another Web browser until Microsoft patches the zero-day vulnerability linked to attacks on Google and others.

France and Germany have advised their citizens to ditch Internet Explorer (IE) in the wake of reports that an IE zero-day bug was involved in the massive cyber-attack against Google and other companies.

Officials in both countries issued warnings in the past few days through telling users to consider switching from Internet Explorer to other Web browsers until Microsoft delivers a patch. Researchers at McAfee have reported seeing references to attack code for the vulnerability on mailing lists and confirmed the presence of the code on at least one Website.

The IE vulnerability was used in a spate of cyber-attacks targeting Google and other large corporate networks. The attacks, which are believed to have come from China, have prompted Google to threaten to pull out of China altogether, and the U.S. State Department plans to get answers from China this week regarding the incident.

Officials at Microsoft said they are only seeing a limited number of targeted attacks against a small subset of corporations.

Prince William in New Zealand security alert as DJ gatecrashes barbecue

By Andrew Alderson, in Wellington
Telegraph.co.uk
18 Jan 2010

The man is believed to have gained access to Mr Key's private residence at Premier House in Wellington, where the Prime Minister had invited 50 guests.

The local DJ is understood to have spent several minutes on the loose as a stunt. Sources said he was carrying his own sausages and bread in an apparent attempt to pose as catering staff once inside the grounds.

A spokesman for Wellington police said: "A radio employee jumped over the fence into the grounds of Premier House. He was apprehended by police and removed."

Prince William, who is on his first foreign tour representing the Queen, had not arrived at the event when the man was detained by police.

Google investigates its own China staff over cyber attack

By Tania Branigan in Beijing and Reuters Guardian.co.uk
18 January 2010

Google is investigating whether one or more of its employees in China helped launch the cyber attack against it last month, according to reports.

It is thought the line of inquiry is a routine part of its investigation into the attack, which Google says was sophisticated, originated in China and targeted intellectual property and the email accounts of human rights activists.

According to Reuters news agency, citing two unidentified sources, the attack, which targeted people with access to specific parts of Google networks, might have been helped by employees in the company's offices in China. It has several hundred staff on the mainland.

"We're not commenting on rumour and speculation. This is an ongoing investigation and we simply cannot comment on the details," a Google spokeswoman said.

Monday, 18 January 2010

Key ministry officials asked not to use Blackberry for emails

The Hindu
January 17, 2010

Against the backdrop of concerns over hacking of crucial official websites, central security agencies have again warned the government about the use of multi-tasking blackberry instruments by some of the officials working in sensitive ministries including the Prime Minister.s office.

Agencies have also cautioned against the practice of connecting official computers and laptops with unsecured internet connections by some bureaucrats thus compromising security.

With hackers mainly from China very active and having penetrated deep into the cyber space, the security agencies had asked all ministries especially the Defence, External, Home and the PMO to separate their official computers with those used for internet connection.

The recommendations of the central security agencies seem to have gone unheeded. An official maintained that their suggestion was only recommendatory in nature. The National Technical and Research Organisation (NTRO) also circulated the Do.s and Don.ts to key ministries recently after attempts from hackers were noticed.

A quick random check was carried out during which it was found that some of the officials in the Prime Minister.s Office were using Blackberry services and had linked their official emails on the handset, which is not allowed.

Other Targets In Google Cyber Attack Surface

By Thomas Claburn
InformationWeek
January 15, 2010

The names of other companies targeted in the cyber attack disclosed by Google earlier this week have started to emerge.

Google reportedly asked the other 33 companies targeted in the attack to come forward.

A Google spokesperson said that while the company provided technical information, that was the extent of its communication to other affected organizations.

Adobe was the first company after Google to acknowledge that it had been targeted. It said on Tuesday that it had learned about "a sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies" at the beginning of the month.

According to an Adobe spokesperson, Adobe decided to come forward on its own.

Web hosting provider Rackspace followed suit in a blog post.

Symantec and Juniper Networks have acknowledged being targeted.

Dow Chemical and Northrop Grumman were also among the targets, according to The Washington Post. Other reports say Yahoo was attacked as well.

Army mulls realignment to fortify cyber command

By Amber Corrin
FCW.com
Jan 15, 2010

Army mulls realignment options to build cyber command

As the Army strengthens its military presence in the cyber realm, officials are planning for full operational capabilities by October 2010 for a unified Army cyber component that would report directly to the U.S. Cyber Command, according to a senior Defense Department official.

"We are excited to get all of the [Army] cyber forces under a single command," said Army Brig. Gen. (P) Steven Smith, chief cyber officer, Office of the Army CIO/G-6.

The Army cyber command would involve a hybrid approach, headed up by a three-star general and comprising elements of Army communications and intelligence communities, Smith said.

Smith stressed that all plans for an Army cyber command, currently known as ARFORCYBER, are pre-decisional and subject to change. And no timeline has been announced for organizing a cyber chain of command for the Army.

Defence repelled 2400 cyber attacks in 2009

[That number seems abnormally low and missing an extra 0! - WK]

By Nicola Berkovic
The Australian
January 15, 2010

DEFENCE department computers sustained about 2400 cyber attacks last year, Defence Minister John Faulkner revealed today.

Launching a new cyber warfare centre in Canberra, Senator Faulkner outlined the scale of electronic attacks against government operations.

He said Defence investigated about 200 “electronic security incidents” a month last year involving its own computers and networks.

Defence also responded to about 220 cyber attacks against other areas of the Australian government last year.

Warning there was a “dark side” to technology, Senator Faulkner said the new Cyber Security Operations Centre was a significant part of the government's response to cyber threats.

“The internet is not only a tool in this battle - cyberspace is a battlefield itself,” he said.

McAfee Calls Operation Aurora A "Watershed Moment In Cybersecurity", Offers Guidance

By Robin Wauters
TechCrunch.com
January 17, 2010

Computer and software security company McAfee last week identified a vulnerability in Microsoft Internet Explorer as a key vector in the cyberattacks that hit Google and over 30 other companies in a high-profile, multi-staged and concentrated effort to hack into specific computer systems in order to obtain intellectual property.

Redmond has since issued a security advisory and later published its own risk assessment of the zero-day threat. This morning, McAfee announced that it is offering consumers and businesses further guidance on what it refers to as "Operation Aurora".

And it's bringing out the superlatives to describe the attacks.

George Kurtz, McAfee's worldwide chief technology officer, has been blogging about how the browser vulnerability was exploited for the cyberheist and is now quoted in this morning's press release as saying that it is the "largest and most sophisticated cyberattack we have seen in years targeted at specific corporations".

Kurtz stops short of saying that the planet nearly stopped spinning, but refers to the attack as a "watershed moment in cybersecurity" that has "changed the world".

Google Hack Code Released, Metasploit Exploit Now Available

By Kelly Jackson Higgins
DarkReading
Jan 16, 2010

Internet Explorer exploit code used in the so-called Aurora attacks out of China against Google and other companies has been posted online -- and now the popular Metasploit hacking tool has released a working exploit of the attack as well.

The malware, which exploited a zero-day vulnerability in Internet Explorer in targeted attacks against Google and other companies'
networks, was used to go after IE6 browsers in the massive attacks, which ultimately resulted in the theft of intellectual property from Google and other as-yet unnamed organizations. Adobe and Rackspace are among the companies so far that say they were hit by the attacks that first came to light this week and were allegedly conducted by hackers in China.

With the IE exploit in the wild now, it could be used by other cybercriminals to go after other organizations or users. And while Metasploit's new exploit is meant for researchers and penetration testers to gauge their vulnerability to the attack, Metasploit is still an open-source tool that can be deployed for nefarious purposes as well.

"The public release of the exploit code increases the possibility of widespread attacks using the Internet Explorer vulnerability," George Kurtz, McAfee's CTO, blogged late yesterday. "This attack is especially deadly on older systems that are running XP and Internet Explorer 6," he said.

WinXP users, have you updated your flash?

Microsoft has published a security advisory, warning users of Windows XP that they must update their installations of Flash.

Windows XP came with version 6 of the Adobe Flash Player, and it has been discovered that that version contains a number of vulnerabilities that could be exploited if you visited a boobytrapped webpage.

The end result? Malicious code could run on your computer, opening a backdoor for hackers to gain access, potentially stealing your identity or turning your computer into part of a spam-spewing bonnet.

And you wouldn't want that would you?

So, double-check that your version of Adobe Flash is current. Visit this page on Adobe's website to run the test (it only takes a few seconds), and you'll quickly know if you're up-to-date or not.

If not, update Adobe Flash immediately from http://get.adobe.com/flashplayer/

Friday, 15 January 2010

U.S. Army Website Hacked

By Kelly Jackson Higgins
DarkReading
Jan 12, 2010

Romanian hackers continue to have a field day with SQL injection flaws in major Website applications: A vulnerability in a U.S. Army Website that leaves the database wide open to an attacker has now been exposed.

"TinKode," a Romanian hacker who previously found holes in NASA's Website, has posted a proof-of-concept on his findings on a SQL injection vulnerability in an Army Website that handles military housing, Army Housing OneStop. TinKode found a hole that leaves the site, which has since been taken offline, vulnerable to a vulnerable to a SQL injection attack. "With this vulnerability I can see/extract all things from databases," he blogged.

TinKode was able to gain access to more than 75 databases on the server, according to his research, including potentially confidential Army data.
He also discovered that the housing site was storing weak passwords in plain text. One password was AHOS, like the site's name.

"Four-character passwords that are the same name as the database table names are inexcusable," says Robert "RSnake" Hansen, founder of SecTheory.

Google Hack Attack Was Ultra Sophisticated, New Details Show

By Kim Zetter
Threat Level
Wired.com
January 14, 2010

Hackers seeking source code from Google, Adobe and dozens of other high-profile companies used unprecedented tactics that combined encryption, stealth programming and an unknown hole in Internet Explorer, according to new details released by researchers at anti-virus firm McAfee.

“We have never ever, outside of the defense industry, seen commercial industrial companies come under that level of sophisticated attack,”
says Dmitri Alperovitch, vice president of threat research for McAfee.
“It’s totally changing the threat model.”

In the wake of Threat Level’s story disclosing that a zero-day vulnerability in Internet Explorer was exploited by the hackers to gain access to Google and other companies, Microsoft has published an advisory about the flaw that it already had in the works. McAfee has also added protection to its products to detect the malware that was used in the attacks and has now gone public with a number of new details about the hacks.

Google announced Tuesday that it had been the target of a “highly sophisticated” and coordinated hack attack against its corporate network. It said the hackers had stolen intellectual property and sought access to the Gmail accounts of human rights activists. The attack had originated from China, the company said.

Minutes later, Adobe acknowledged in a blog post that it discovered Jan.
2 that it also had been the target of a “sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies.”

Surge in e-crimes in Dubai

By Sharmila Dhal
Senior Reporter
Gulfnews.com
January 14, 2010

Dubai Most cyber attacks in the UAE last year targeted banks and were perpetrated by electronic criminals from outside the country, a government report has revealed, adding that the number of hacking and defacement incidents quadrupled in 2009 from 2008.

It added that of all the electronic breaches during 2009, "phishing"
comprised the main offence - 62 per cent of which targeted local banks, followed by UAE branches of international banks and other institutions at 19 per cent each.


Emergency plan

The report was presented by Mohammad Geyath, Executive Director, Technology Development Affairs, Telecom Regulatory Authority (TRA), at the Crises and Emergency Management Conference in Abu Dhabi which concluded on Wednesday. The report was put together by the Computer Emergency Response Team (CERT), a consultative body that advises TRA.
The total number of cyber-related offences recorded by CERT was 51 in 2009, up from 47 in 2008, while incidents of phishing and defacement had increased to 26 in 2009, from six in 2008.

Meanwhile, the TRA announced at the conference an Emergency Plan for the country's telecom sector. Making the announcement Mohammad Nasser Al Ganem, Director-General of TRA, said the plan has been developed in co-operation with the National Crisis and Emergency Management Authority
(NCEMA) and in consultation with key stake-holders, telecom operators and service providers.

Lincoln National Discloses Breach Of 1.2 Million Customers

By Tim Wilson
DarkReading
Jan 14, 2010

Lincoln National Corp. (LNC) last week disclosed a security vulnerability in its portfolio information system that could have compromised the account data of approximately 1.2 million customers.

In a disclosure letter (PDF) sent to the attorney general of New Hampshire Jan. 4, attorneys for the financial services firm revealed that a breach of the Lincoln portfolio information system had been reported to the Financial Industry Regulatory Authority (FINRA) by an unidentified source last August. The company was planning to issue notification to the affected customers on Jan. 6, the letter says.

The letter does not give technical details about the breach, but it indicates the unidentified source sent FINRA a username and password to the portfolio management system.

"This username and password had been shared among certain employees of [Lincoln Financial Services] and employees of affiliated companies," the letter says. "The sharing of usernames and passwords is not permitted under the LNC security policy."

FINRA declined to tell Lincoln whether the source of the username and password was a current employee or some other party, according to the letter.

Google Hackers Targeted Source Code of More Than 30 Companies

By Kim Zetter
Threat Level
Wired.com
January 13, 2010

A hack attack that targeted Google in December also hit 33 other companies, including financial institutions and defense contractors, and was aimed at stealing source code from the companies, say security researchers at iDefense.

The hackers used a zero-day vulnerability in Adobe Reader to deliver malware to many of the companies and were in some cases successful at siphoning the source code they sought, according to a statement distributed Tuesday by iDefense, a division of VeriSign. The attack was similar to one that targeted other companies last July, the company said.

A spokeswoman for iDefense wouldn't name any of the other companies that were targeted in the recent attack, except Adobe.

Adobe acknowledged Tuesday in a blog post that it discovered Jan. 2 that it had been the target of a "sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies."

The company didn.t say whether it was a victim of the same attack that struck Google. But Adobe.s announcement came just minutes after Google revealed that it had been the target of a "highly sophisticated" hack attack originating in China in December.

Neither Google nor Adobe provided details about how the hacks occurred.
Google said only that the hackers were able to steal unspecified intellectual property from it, and that they had focused their attack on obtaining access to the Gmail accounts of human rights activists who were involved in China rights issues.

But according to iDefense, whose customers include some of the 33 companies that were hacked, the attacks were well targeted and "unusually sophisticated" and aimed at grabbing source code from several hi-tech companies based in Silicon Valley as well as financial institutions and defense contractors.

Hackers of the world unite

By Mark Fonseca Rendeiro
Comment is free
guardian.co.uk
13 January 2010

The 26th edition of the world's largest annual hacker conference, 26C3, took place in Berlin last week. With about 2,500 attendees, a combined total of 9,000 participants worldwide (via live streams), and an array of features that no other conference in the world can match, it was very much a milestone.

A bit on the word "hacker", as I know the term might be bothering some of you. I am not using it in the stereotypical way mainstream society often does, to refer to criminal and malicious activity. The hackers I am talking about go back to the origins of the word: one who tinkers, one who deconstructs out of a natural curiosity about how something works and how it could be made to do something it wasn't originally intended to do. Such abilities are akin to the skilled locksmith, and do not automatically make a hacker a criminal. Unfortunately for many who work in mainstream media, the word has been hijacked to be synonymous with "electronic evildoer". Yet, like many words that have been used to keep minority groups down, hackers are taking the label back.

Announcements such as the GSM encryption crack may have made international headlines last month, but something much more significant is clear: throughout the world, hackers have come out from their bunkers and opened up community spaces. They go by various names (co-working spaces, clubhouses, hideouts, space stations) and are a global-scale breakthrough for a community that for decades has not always been willing or able to go public. By opening up, they've not only gone public, but have also opened their doors to anyone curious or interested in the world of technology and how things work.

This phenomenon may be bigger than it has ever been, but in some corners of the world, it is not altogether new. Groups of German hackers have long organised themselves as officially recognised clubs and taken on challenges of a technical (or non-technical) nature. In North America, the movement has seen its greatest expansion in the past few years, with spaces such as NYC Resistor in Brooklyn, Pumping Station: One in Chicago and Noisebridge in San Francisco providing a creative space for a rapidly growing membership. The hacker space movement includes clubs in different parts of Latin America, as well as in South Africa, Israel, Iran, Dubai, Thailand, Malaysia, Singapore, Indonesia, Japan and Australia. Every month, the list gets longer as more groups come forward and post their details online at hackerspaces.org, a central hub and wiki for all info about spaces, including how to start one.

DARPA moves ahead with National Cyber Range project for advanced cyber security research

By John Keller
Military & Aerospace Electronics
13 Jan. 2010

ARLINGTON, Va. -- The U.S. Defense Advanced Research Project Agency
(DARPA) in Arlington, Va., is awarding multimillion-dollar contracts to two research organizations to build prototype advanced computing centers to demonstrate and test cyber security, defensive information warfare, and information assurance technologies.

DARPA awarded a $30.8 million contract to the Lockheed Martin Simulation, Training, & Support segment in Orlando, Fla., and a $24.8 million contract to the Johns Hopkins University Applied Physics Laboratory in Laurel, Md., to develop prototypes of the National Cyber Range (NCR), which is to revolutionize the state of the art for large-scale cyber testing.

The National Cyber Range will provide an advanced computer and data networking laboratory in which experts can assess information assurance and survivability tools; replicate the kinds of large and complex computer networks that support U.S. Department of Defense weapons and operations; conduct several large cyber security experiments at the same time. conduct realistic tests of the U.S. Global Information Grid (GIG); and develop and deploy revolutionary cyber testing capabilities.

The National Cyber Range is DARPA's contribution to the federal Comprehensive National Cyber Initiative (CNCI), a secret multibillion-dollar project to build defenses for government computers against foreign and domestic hackers and cyber terrorists.

U.S. law firm behind China piracy suit targeted in attacks

By Elinor Mills
InSecurity Complex
CNET News
January 13, 2010

A U.S. law firm representing a Web content-filtering company in a piracy lawsuit against the Chinese government said on Wednesday that it received malicious e-mails in a targeted attack from China similar to recent attacks on Google and other U.S. companies.

At least 10 employees at Gipson Hoffman & Pancione received the e-mails on Monday and Tuesday, according to Gregory Fayer, a lawyer at the Los Angeles-based firm.

The firm filed a $2.2 billion lawsuit last week on behalf of Solid Oak Software against the Chinese government, two Chinese software developers, and seven PC manufacturers. The suit alleges that they illegally copied code from Solid Oak's Cybersitter Web content-filtering program and distributed the code as part of a Chinese government-sponsored censorship program involving China-created Green Dam Youth Escort filtering software.

The e-mails sent to the law firm, mostly to lawyers, came in three different formats, were made to look like they came from Fayer or one of two other lawyers at the firm, and had attachments or included links to outside Web sites, Fayer said. Some of the content of the e-mails expressed concern over viruses and other potential security issues, while another gave a link to an FTP site where large files could be downloaded, he said.

Sunday, 10 January 2010

iRemove Amsterdam Now Open!

iRemove Amsterdam NOW OPEN!

Having problems with your computer?


Is your system running slow or doesn't start properly?


Worried about personal online security and want to protect yourself against the newest threats of 2010?

Is your computer filled with Viruses, Spamware and Adware & any other types Malware?


Then visit iRemove Amsterdam. Virus & Malware removal specialists, we can help.



Fast & freindly service, NO FIX NO FEE!


Our Services include:

* Virus & Malware Removal
* Computer Safe & Secure Setup
* Home Network Secure Setup (wired & Wireless)
* Remote Assistance & online help
* Fresh Operating System Installation (including "Windows 7")
* Data Backup & Recovery
* Online Store
* Advanced Tutorials in Online Protection & Security
* Local Password recovery (including MSN, AIM, Windows Login, WEP & WPA)


House calls available : 30.00EU per Hour
No travel cost inside Amsterdam

Contact us for a price list of operating systems. email :infected@iremove.nl


Securing & Protecting Local Amsterdam, Byte by Byte. Online, At Home or Pickup & Delivery.

Heartland to pay up to $60M to Visa over breach

By Grant Gross
IDG News Service
January 8, 2010

Heartland Payment Systems will pay up to $60 million to issuers of Visa credit and debit cards for losses they incurred from a 2008 data breach at the large payment processor.

The settlement between Heartland and Visa, announced today, will offer card issuers "an immediate recovery with respect to losses they may have incurred from the Heartland intrusion," Ellen Richey, Visa's chief enterprise risk officer, said in a statement.

Heartland disclosed the breach a year ago. The U.S. Department of Justice has charged Albert Gonzalez and several other accomplices with the data breach, and Heartland was one of several companies they broke into using SQL injection attacks. Gonzalez and his associates stole more than 130 million credit card numbers from Heartland, prosecutors alleged.

Gonzalez pleaded guilty in the Heartland case and in two other data breach cases. In the Heartland case, he pleaded guilty in December to two counts of conspiracy and will receive a prison term of at least 17 years.

Don't Wait To Lock Down DB2

By Ericka Chickowski
DarkReading
Special to Dark Reading
Jan 08, 2010

As pundits ponder how IBM will leverage its acquisition of database security vendor Guardium to add more security features and functionalities to its in-house DB2 databases, now is the time for organizations to re-examine their DB2 security strategies. But many haven't even tapped the security features they already have available in DB2.

Many organizations don't take advantage of the existing capabilities that DB2 provides for locking down access to information, IBM executives say. Among DB2's extant security controls, some of the most powerful features that organizations often leave untouched -- to their detriment
-- revolve around access control. These include two biggies: utilities label-based access control (LBAC) and trusted context.

LBAC, which is designed to offer fine-grained access control, lets DB2 administrators extend controls over data that reach far beyond the simple masking of rows or columns. Administrators can use LBAC to control table objects by attaching security labels to them. Users who try to access these objects must have the corresponding security label granted to them in order to view that data.

"I think that's one of the newer areas where, in my experience with clients, they haven't leveraged a lot of it yet," says Jim Lee, director of product management and strategy for IBM's Information Management division. "I think LBAC is not commonly used today."

Mac OS X Vulnerability Posted

By Thomas Claburn
InformationWeek
January 8, 2010

Proof of concept exploit code was posted today by a security researcher at SecurityReason to demonstrate a vulnerability in versions 10.5 and
10.6 of Apple's Mac OS X operating system.

The vulnerability is a potential buffer overflow error arising from the use of the strtod function Mac OS X's underlying Unix code. It was first reported by researcher Maksymilian Arciemowicz last June.

SecurityReason's advisory describes a flaw in the libc/gdtoa code in OpenBSD, NetBSD, FreeBSD, and MacOS X, as well as Google Chrome, Mozilla Firefox and other Mozilla software, Opera, KDE, and K-Meleon.

SecurityReason's advisory rates the vulnerability's risk as "high" and claims that the flaw can be exploited by a remote attacker.

A spokesperson for SecurityReason wasn't immediately available to characterize the likelihood that this vulnerability could be exploited.

RSA crypto defiled again, with factoring of 768-bit keys

By Dan Goodin in San Francisco
The Register
7th January 2010

Yet another domino in the RSA encryption scheme has fallen with the announcement Thursday that cryptographers have broken 768-bit keys using the widely used public-key algorithm.

An international team of mathematicians, computer scientists and cryptographers broke the key though NFS, or number field sieve, which allowed them to deduce two prime numbers that when multiplied together generated a number with 768 bits. The discovery, which took about two-and-a-half years and hundreds of general-purpose computers, means 768-bit RSA keys can no longer be counted on to encrypt or authenticate sensitive communications.

More importantly, it means it's only a matter of another decade or so - sooner assuming there's some sort of breakthrough in NFS or some other form of mathematical factoring - until the next largest RSA key size, at
1024 bits, is similarly cracked. The accomplishment was reached on December 12.

"It's an important milestone," said Benjamin Jun, vice president of technology at security consultancy Cryptography Research. "There's indisputable evidence here that 768-bit key are not enough. It's a pretty interesting way to close out a decade."

Microsoft, Adobe prep critical security patches

By Elinor Mills
InSecurity Complex
CNET News
January 7, 2010

Microsoft will issue one bulletin on Patch Tuesday next week that is rated "critical" for Windows 2000.

The patch is designed to address a vulnerability that could allow an attacker to take control of a computer by remotely executing code on it, according to an advisory released Thursday. It is rated "low" severity for Windows 7, Vista, XP, Server 2003, and Server 2008 operating systems.

Meanwhile, Adobe Systems is scheduled to release a patch for a vulnerability in Adobe Reader and Acrobat on Tuesday that was discovered in mid-December and which is being exploited by attacks in the wild to deliver Trojan horse programs that install backdoor access on computers.

Go Card error investigated

Queensland's acting Premier Paul Lucas maintains Queensland's Go Card transport system is the envy of other states, but concedes the Government needs to do better.

An investigation is underway into how one person's Go Card credit was wrongly transferred to another person with the same name.

Two call centre employees have been stood down pending the outcome.

Mr Lucas says security protocols were not followed.

"People have raised a number of concerns about how the Go Card was rolled out in the last week or so and I've got to say we have to do better with that and Translink has got to make sure that it is doing everything in its power to make sure that people get appropriate and proper levels of service," he said.

"But having said that, we have a Go Card system that is the envy of other states."

Hackers deface 5th govt Web site, mock automated polls

By JERRIE ABELLA
GMANews.TV
01/11/2010

Another government Web site was found defaced Sunday night - the fifth attack since last month.

Hackers of the Technical Education and Skills Development Authority
(Tesda) Web site, however, took on a bolder approach by leaving a message that seemed to mock the upcoming automated elections.

“Ano ba gagamitin sa Election? Blade server? Juniper Firewall (what is going to be used in the elections? Blade server? Juniper firewall)?" the message read.

Before Tesda's, hackers had also victimized the Web sites of the Department of Health (DOH), Department of Social Welfare and Development (DSWD), National Disaster Coordinating Council (NDCC), and Department of Labor and Employment (DOLE).

Malacañang has expressed alarm over the series of hacking attacks on government Web sites, saying it raises new concerns about the security of the automated elections in May.

“Of course we are concerned. This is not just a problem in our country, this is not just something that has happened just recently, it's happening all over the country so this is certainly something that we are sensitive to as a matter of information policy within government,"
said deputy presidential spokesman Gary Olivar at a press conference last week.


Dirty finger

The hacked Tesda Web site also showed a black and white illustration of a man giving the “dirty finger" supposedly directed against several “abusive" military and police units.

A pair of bulging eyeballs also followed the pointer anywhere on the page, and background music was also set up on the site’s second web page to which it automatically transfers.

Aside from the derisive reference to the May elections, message of sympathy to a slain communist rebel and a potshot against an alleged abusive police officer also replaced the original contents of the site.

“Nakikiramay kami sa Iskolar ng Bayan, Freedom Fighter na si Kimay" (We sympathize with the death of scholar of the people, freedom fighter Kimay)" the hackers’ message read, referring to Kemberly Jul Luna, a young New People’s Army (NPA) cadre who was killed last December 15 in an encounter with the military in Bukidnon province.

The message also identified a certain PO1 Ramos as an “abusive" police officer.

The hackers also made the site automatically jump into a second page, which featured a background music; a job announcement supposedly from VenturesLink, one of the partners of Smartmatic-TIM in the automation of the elections, inviting technicians across the country to be part of its team; a quote from the Hacker Manifesto, a short essay written by well-known hacker Lloyd Blankenship after he was arrested in 1986.

Friday, 8 January 2010

Celebrity Live Cam

Nicolas Sarkozy given 'impenetrable' superphone

By Henry Samuel in Paris
Telegraph.co.uk
07 Jan 2010

President Sarkozy got to grips with the Teorem phone, which looks like a regular smartphone, while on a visit to the Thales Communication factory in Cholet, western France.

Some 20,000 such devices will be distributed to the president and his entourage as well as government ministers and their advisers early next year. Top military officials will also use them.

The superphone's designers said the phone "guarantees a very high safety level," and has the added advantage of being able to use commercial mobile networks or fixed secure lines.

"It's beautiful", the president could be heard saying during the visit.

Shortly after Mr Sarkozy's election in 2007, workers in the offices of the president and prime minister were reportedly ordered not to use handheld BlackBerry devices, amid fears that foreigners could spy on them.

Spear-Phishing Experiment Evades Big-Name Email Products

By Kelly Jackson Higgins
DarkReading
Jan 05, 2010

The researcher who conducted a successful spear-phishing experiment with a phony LinkedIn invitation from "Bill Gates" is about to reveal the email products and services that failed to filter the spoofed message -- and that list includes Microsoft Outlook 2007, Microsoft Exchange, Outlook Express, and Cisco IronPort.

Joshua Perrymon, CEO of PacketFocus, had previously revealed that the iPhone, BlackBerry, and Palm Pre smartphones had all fallen victim to the spear-phishing exercise.

"Email-based attacks are probably one of the most effective in today's hacker bag of tricks. The email security industry gets by with stopping most spam and known phishing attacks," Perrymon says. "The problem lies in a directed, under-the-radar, spear-phishing attack -- the type where the attacker spends time to understand the target, create an effective spoofed email and phishing site, [and] then attacks."

The experiment was aimed at measuring the effectiveness of email security controls in several major products and services. And the simplicity and success of the test demonstrated just how powerful social engineering can be and what little technology can actually do about it, security experts say.

Certifications: A false sense of security

By John S. Monroe
GCN.com
Jan 06, 2010

Nothing irks a security professional more than the suggestion that the federal government could improve security by setting up a standard certification program for agency staff members.

This idea, which is gaining traction in Congress, might sound reasonable. But many security experts say it is a red herring. One such expert is Daniel Castro, a senior analyst at the Information Technology and Innovation Foundation, who wrote a column on the topic [1] for FCW.com.

"If certifications were effective, we would have solved the cybersecurity challenge many years ago," Castro wrote. "Certainly more workforce training, although not a panacea, can help teach workers how to respond to known cyberattacks. However, workforce training is not certification, and organizations, not Congress, are in the best position to determine the most appropriate and effective training for their workers."

His column triggered a flurry of reaction from readers, most of whom seconded his remarks by sharing observations and experiences of their own. Here is a sample of the responses, which have been edited for length, style or clarity.

Hacker pierces hardware firewalls with web page

By Dan Goodin in San Francisco
The Register
6th January 2010

On Tuesday, hacker Samy Kamkar demonstrated a way to identify a browser's geographical location by exploiting weaknesses in many WiFi routers. Now, he's back with a simple method to penetrate hardware firewalls using little more than some javascript embedded in a webpage.

By luring victims to a malicious link, the attacker can access virtually any service on their machine, even when it's behind certain routers that automatically block it to the outside world. The method has been tested on a Belkin N1 Vision Wireless router, and Kamkar says he suspects other devices are also vulnerable.

"What this means is I can penetrate their firewall/router and connect to the port that I specified, even though the firewall should never forward that port," Kamkar told El Reg. "This defeats that security by visiting a simple web page. No authentication, XSS, user input, etc. is required."

Kamkar's proof-of-concept page forces the visitor to submit a hidden form on port 6667, the standard port for internet relay chat. Using a hidden value, the form surreptitiously coerces the victim to establish a DCC, or direct client-to-client, connection. Vulnerable routers will then automatically forward DCC traffic to the victim's internal system, and using what's known as NAT traversal an attacker can access any port that's open on the local system.

Microsoft won't fix Windows 7 crash bug next week

By Gregg Keizer
Computerworld
January 7, 2010

Microsoft today said it will deliver a single security update on Tuesday to patch just one vulnerability in Windows.

However, the company acknowledged that it does not yet have a fix for a crippling bug in Windows 7 that went public nearly two months ago.

The expected update will patch a vulnerability rated "critical" -- Microsoft's most serious rating in its four-step scoring system -- in Windows 2000. The bug also affects Windows XP, Vista and Windows 7, as well as Windows Server 2003, Server 2008 and Server 2008 R2, but is tagged as "low" for those editions.

"The first thing that came to mind was a denial-of-service vulnerability for the newer [operating systems], and a remote code execution on Windows 2000," said Andrew Storms, director of security operations at nCircle Network Security.

Microsoft downplayed the threat even to Windows 2000 users. "The Exploitability Index rating for this issue will not be high, which lowers the overall risk," said Jerry Bryant, a Microsoft security spokesman, in a post to the company's security response center blog today.

Easily spoofed traffic can crash routers, Juniper warns

By Dan Goodin in San Francisco
The Register
7th January 2010

Juniper Networks is warning customers of a critical flaw in its gateway routers that allows attackers to crash the devices by sending them small amounts of easily-spoofed traffic.

In an advisory sent Wednesday afternoon, the networking company said a variety of devices could be forced to reboot by sending them internet packets with maliciously formed TCP options. The flaw affects versions 3 through 10 of Junos, the operating system that powers devices at ISPs, backbones, and other large networks. Software releases built on or after January 28, 2009 have already fixed the issue.

"The Junos kernel will crash (i.e. core) when a specifically crafted TCP option is received on a listening TCP port," the bulletin, which was issued by Juniper's technical assistance center, stated. "The packet cannot be filtered with Junos's firewall filter. A router receiving this specific TCP packet will crash and reboot."

There are "no totally effective workarounds," the bulletin added.

Wednesday, 6 January 2010

Cryptographic showdown, Round 2: NIST picks 14 hash algorithms

By William Jackson
GCN.com
Jan 05, 2010

The competition to select the new Secure Hash Algorithm standard for government has moved into the second round. The National Institute of Standards and Technology has winnowed the 64 algorithims submitted down to 14 semifinalists.

Of the 64 algorithms submitted in 2008, 51 met minimum criteria for acceptance in the competition. The cryptographic community spent the next year hammering at the candidates, looking for flaws and weaknesses.

"We were pleased by the amount and quality of the cryptanalysis we received on the first round candidates, and more than a little amazed by the ingenuity of some of the attacks," said Bill Burr, manager of NIST's Security Technology Group, in announcing the initial narrowing of the field in July.

Submitters of algorithms that made it through the first round of competition had until September to tweak the specifications or source code, and the final list of second round contenders was recently announced. The 14 second-round candidates are called BLAKE, BLUE MIDNIGHT WISH, CubeHash, ECHO, Fugue, Grstl, Hamsi, JH, Keccak, Luffa, Shabal, SHAvite-3, SIMD, and Skein. Candidate algorithms are available online at www.nist.gov/hash-competition

[...]

NZ's cyber spies win new powers

By NICKY HAGER
Sunday Star Times
03/01/2010

New cyber-monitoring measures have been quietly introduced giving police and Security Intelligence Service officers the power to monitor all aspects of someone's online life.

The measures are the largest expansion of police and SIS surveillance capabilities for decades, and mean that all mobile calls and texts, email, internet surfing and online shopping, chatting and social networking can be monitored anywhere in New Zealand.

In preparation, technicians have been installing specialist spying devices and software inside all telephone exchanges, internet companies and even fibre-optic data networks between cities and towns, providing police and spy agencies with the capability to monitor almost all communications.

Police and SIS must still obtain an interception warrant naming a person or place they want to monitor but, compared to the phone taps of the past, a single warrant now covers phone, email and all internet activity.

It can even monitor a person's location by detecting their mobile phone; all of this occurring almost instantaneously.

[...]

Secure USB Drives Not So Secure

By Joan Goodchild
Senior Editor
CSO
January 05, 2010

Several hardware-encrypted USB memory sticks are now part of a worldwide recall and require security updates because they contain a flaw which could allow hackers to easily gain access to the sensitive information contained on the device.

When USB maker SanDisk first received news of the problem last month, the vendor issued a security bulletin that warned customers its Cruzer Enterprise series of USB flash drives contained a vulnerability in the access control mechanism. SanDisk offered a product update online to address the issue and made sure to note the problem only applied to the application running on the host, not the device hardware or firmware.

Now USB vendor Kingston has jumped in with a similar warning, probably because their drives utilize the same code from SanDisk. Kingston's alert informs customers that "a skilled person with the proper tools and physical access to the drives may be able to gain unauthorized access to data contained" on the drives. The company has issued a recall on the devices and urged customers to return them. A warning has also been issued by USB vendor Verbatim.

The drives impacted are equipped with AES 256-bit hardware encryption, which is designed to meet the stringent requirements of enterprise-level security. However, penetration testers with German security firm SySS uncovered a vulnerability that exploits the way the flash drives handle passwords. The exact nature of the flaw is not described on any of the vendor bulletins, but according to an article in security publication The H, "the main point of attack for accessing the plain text data stored on the drive is the password entry mechanism." SySS testers found a flaw that allowed them to write a tool that sent the same character string to unlock the drive, regardless of what password was entered.

Hacker pilfers browser GPS location via router attack

By Dan Goodin in San Francisco
The Register
5th January 2010

If you're surfing the web from a wireless router supplied by some of the biggest device makers, there's a chance Samy Kamkar can identify your geographic location.

That's because WiFi access points made by Westell and others are vulnerable to XSS, or cross-site scripting, attacks that can siphon a device's media access control address with one wayward click of the mouse. Once in possession of the unique identifier, Kamkar can plug it in to Google's Google Location Services and determine where you are.

"It's actually scary how accurate it is," said Kamkar, the author of the Samy Worm, a self-replicating XSS exploit that in 2005 added more than 1 million friends to his MySpace account and in the process knocked the site out of commission. "I've found that with a single MAC address, I've always been spot on with the tests I've done."

Kamkar, who tweeted about the vulnerability Tuesday, has posted a proof-of-concept attack here. For now, it works only on FiOS routers supplied by Verizon, and then only when users are logged in to the device's administrative panel. With a little more work, he said he can make it exploit similar XSS holes in routers made by other manufacturers.

Tuesday, 5 January 2010

iRemove Amsterdam Now Open!

iRemove Amsterdam NOW OPEN!

Having problems with your computer?


Is your system running slow or doesn't start properly?


Worried about personal online security and want to protect yourself against the newest threats of 2010?

Is your computer filled with Viruses, Spamware and Adware & any other types Malware?


Then visit iRemove Amsterdam. Virus & Malware removal specialists, we can help.



Fast & freindly service, NO FIX NO FEE!


Our Services include
:

* Virus & Malware Removal
* Computer Safe & Secure Setup
* Home Network Secure Setup (wired & Wireless)
* Remote Assistance & online help
* Fresh Operating System Installation (including "Windows 7")
* Data Backup & Recovery
* Online Store
* Advanced Tutorials in Online Protection & Security
* Local Password recovery (including MSN, AIM, Windows Login, WEP & WPA)


House calls available : 30.00EU per Hour
No travel cost inside Amsterdam

Contact us for a price list of operating systems. email :infected@iremove.nl


Securing & Protecting Local Amsterdam, Byte by Byte. Online, At Home or Pickup & Delivery.


http://iremove.nl

Secret code protecting cellphone calls set loose

Cryptographers have moved closer to their goal of eavesdropping on cellphone conversations after cracking the secret code used to prevent the interception of radio signals as they travel between handsets and mobile operators' base stations.

The code is designed to prevent the interception of phone calls by forcing mobile phones and base stations to rapidly change radio frequencies over a spectrum of 80 channels. Without knowing the precise sequence, would-be eavesdroppers can assemble only tiny fragments of a conversation.

At a hacker conference in Berlin that runs through Wednesday, the cryptographers said they've cracked the algorithm that determines the random channel hopping and have devised a practical means to capture entire calls using equipment that costs about $4,000. At the heart of the crack is open-source software for computer-controlled radios that makes the frequency changes at precisely the same time, and in the same order, that the cellphone and base station do.

"We now know this is possible," said Karsten Nohl, a 28-year-old cryptographer and one of the members of an open-source project out to prove that GSM, the technical standard used by about 80 percent of the mobile market, can't be counted on to keep calls private. The attack "is practical, and there are real vulnerabilities that people are exploiting."

A spokeswoman for the GSM Association, which represents 800 operators in 219 countries, said officials hadn't yet seen the research.

"GSM networks use encryption technology to make it difficult for criminals to intercept and eavesdrop on calls," she wrote in an email. "Reports of an imminent GSM eavesdropping capability are common."

The channel-hopping crack comes as the collective is completing the compilation of a rainbow table that allows them to decrypt calls as they happen. The table works because GSM encryption uses A5/1, a decades-old algorithm with known weaknesses. The table - a 2-terabyte list of known results that allows cryptographers to deduce the unique key that encrypts a given conversation - was developed by volunteers around the globe using giant clusters of computers and gaming consoles.

Within days of the project announcement in August, the GSMA pooh-poohed it as a "theoretical compromise" that would have little practical effect on the security of phone calls. In addition to the massive rainbow table needed, the GSMA said it doubted researchers had the means to process the vast amounts of raw radio data involved.

"Initially, we didn't consider channel-hopping a big security feature," Nohl told The Register. "If the GSM Association's excuse for bad crypto is there is another security feature we rely on much more, then of course, we'll break that, too."

A bare-bones attack can be pulled off with a PC with a medium-end graphics card, a large hard drive, two USRP2 receivers and the channel-hopping software. Under normal conditions, it will take a few minutes of conversation before eavesdroppers have collected enough data to break the encryption. Because the calls are recorded and played back later, the entire contents of a conversation can still be captured.

More elaborate setups that use a network of computers or Field Programmable Gate Array devices, will be able to unlock calls almost instantaneously, Nohl said.

To capture both ends of a conversation, an attacker would have to place one of the radios in close proximity to the person making the call, while the second would be used to capture downlink transmissions coming from a carrier's base station. That requires a fair amount of effort because attackers must target a specific individual.

But in many cases - such as phone menus used by banks and airline companies - it's sufficient for an attacker to intercept only the downlink, said David Burgess, a signal processing engineer who helped to identify weaknesses used to break A5/1.

"Even if I only see the downlink, that's still very useful," he said. "The base station is acknowledging back every button press."

After weaknesses in A5/1 became common knowledge, mobile operators devised A5/3, an algorithm that requires about a quintillion times more mathematical operations to break. Despite estimates that some 40 percent of cellphones are capable of using the newer cipher, it has yet to be adopted, largely, Nohl says, because of the cost of upgrading and fears older handsets will be left behind.

"A5/3 is a better encryption algorithm and there has been a long-standing proposal to make this the preferred cipher in GSM," he said. "But no network operator with one exception that I'm aware of has started adopting A5/3 so far."

The GSMA has said it plans to transition to the new technology, but has yet to provide a timetable.

Nohl described the channel-hopping techniques at the 26th Chaos Communication Congress, an annual hacker conference in Berlin, along with fellow reverse engineer Chris Paget. Their presentation is here. ®

Kingston coughs to security flaw in 'Secure' flash drive

Kingston Technology is instructing customers to return certain models of its memory sticks, after the firm discovered a glitch in its DataTraveler Secure flash drives.

The company said in a security notice that the models affected were "privacy" editions of the DataTraveler Secure, DataTraveler Elite and DataTraveler Blackbox.

Kingston said the security flaw could allow a wrongdoer to hack into the memory sticks.

"A skilled person with the proper tools and physical access to the drives may be able to gain unauthorised access to data," warned the vendor.

Kingston added that a number of its USB drives weren't affected by the security flaw.

Customers whose drives could be exploited by the security loophole should return the product, where Kingston said it would apply a factory update.

Kingston had claimed that its Data Traveler Secure drive was the first of its kind to protect "100 per cent of data on-the-fly via 256-bit hardware-based AES encrpytion".

It's also supposed to "meet enterprise-level security and compliance requirements", according to blurb about the drive on the firm's website. ®

Mr. Bean ousts PM from Spain's official website

Spain's prime minister was briefly ousted from that country's official website after hackers replaced his likeness with that of bumbling slapstick character Mr. Bean.

Representatives for Prime Minister Jose Luis Rodriguez Zapatero confirmed the defacement of www.eu2010.es but insisted data on the site was never compromised, the BBC reported. Instead, the stunt was done using cross-site scripting attack, which injects unauthorized content and code into vulnerable websites.

People who tried to visit the PM's site site were briefly met by an image of Mr. Bean actor Rowan Atkinson. Comparisons between the appearance of Spain's leader and the buffoon have been a long-standing joke.

While the hack was relatively harmless XSS, or cross-site scripting holes can be exploited to inject malicious code into visitors' browsers that steal authentication credentials or redirect victims to malicious websites.
Screenshot of Mr. Bean

More from the BBC and Reuters are here and here. ®

Adobe Reader vuln hit with unusually advanced attack

With more than a week until Adobe is scheduled to patch a critical vulnerability in its Reader and Acrobat applications, online thugs are targeting it with an unusually sophisticated attack.

The PDF file uses what's known as egg-hunting shellcode to compress the first phase of the malicious payload into 38 bytes, a tiny size that's designed to thwart anti-virus detection. As a result, just four of the 41 major AV programs detect the attack more than six days after the exploit surfaced, according to this analysis from Virus Total.

The shellcode then loads an obfuscated binary file contained in the PDF file that installs PoisonIvy, a backdoor client used to maintain control over infected PCs.

"Not only was this a very interesting example of a malicious PDF document carrying a sophisticated 'war head,' but it also showed the length attackers are willing to go to in order to make their malware as hard to detect as possible, not only for the AV vendors, but also for victims," wrote Bojan Zdrnja, a Sans handler who analyzed the exploit.

The PDF was distributed through email that was specifically targeted at an unnamed organization, Zdrnja, who is a senior information security consultant with Infigo, said in an interview with The Register. Based on the metadata found in the PDF, it originated in China and was produced on December 29.

Just to make the attack even harder for end users to detect, the obfuscated binary runs a third executable program that does nothing more than open a benign file called baby.pdf on the infected machine. Zdrnja believes this is done to deflect attention and prevent users from figuring out their PC has just been compromised.

In mid December, Adobe confirmed the critical flaw in Reader and Acrobat, but said a fix wouldn't come until January 12, the same day Microsoft is slated to release its next installment of security fixes. The vulnerability, which is classified as CVE-2009-4324, has been under targeted attack for more than three weeks. White hat hackers have also added an exploit to the Metasploit framework for penetration testers.

These latest in-the-wild attacks are bound to add fuel to critics who say Adobe software, which runs on well more than 95 percent of the world's computers, needs to be better screened for security vulnerabilities. The company is in the process of designing a new updater that will patch security holes in Reader, Acrobat, and Flash without requiring user interaction, according to the Zero Day blog. Beta users will begin testing it sometime this month.

This should come as good news. The wide availability of exploits targeting now-patched vulnerabilities suggests that a significant portion of users don't run the most recent version of the programs.

Adobe has also pledged to beef up the security of Reader and Acrobat by using software fuzzers and other tools to proactively find bugs that can be exploited. Since then, criminals have beat Adobe to spotting new critical vulnerabilities at least twice, including the latest attacks. ®

Adobe To Surpass Microsoft As Hacker Target

By Antone Gonsalves
InformationWeek
December 30, 2009

Adobe Reader and Flash will surpass Microsoft Office applications as favorite targets of cybercriminals, a security vendor predicted Tuesday.

In unveiling its 2010 Threat Predictions report, McAfee said the growing popularity of the Adobe products has attracted the attention of cybercriminals, who have been increasingly targeting the applications.
Adobe Reader and Flash are two of the most widely deployed applications in the world.

As a result of Adobe's success in client software, McAfee Labs believes "Adobe product exploitation will likely surpass that of Microsoft Office applications in 2010."

Security experts for quite a while have warned of the potential security risk posed by Flash. In November, Foreground Security identified a flaw in the way Web browsers handle Flash files that could be used to compromise Web sites that have users submit content.

Beyond Adobe, cybercriminals are also expected to step up efforts next year to crack social networking sites, as well as third-party applications in general. Internet users can expect crooks to use more complex Trojans and botnets to build and execute attacks and to take advantage of HTML 5 to create threats. HTML 5 is the next major revision of hypertext markup language, the core markup language of the Web.

RockYou sued over data breach

By Elinor Mills
InSecurity Complex
CNET News
December 30, 2009

An Indiana man filed a lawsuit against RockYou this week alleging that the provider of social-networking apps failed to secure its network and protect customer data, enabling a hacker to grab passwords of 32 million users earlier this month.

The suit seeking class action status was filed Monday in U.S. District Court in San Francisco by lawyers for Alan Claridge, of Evansville, Ind., who registered with RockYou in August 2008 to use a photo-sharing application. RockYou is a publisher and developer of online apps and services like "SuperWall" on Facebook and "Slideshow" on MySpace.

Claridge said he received an e-mail from RockYou on December 16 informing him that his sensitive, personally identifiable information, including e-mail address and password, may have been compromised in a security breach, according to the suit.

Security firm Imperva notified RockYou on December 4 that it had learned of a breach of RockYou's network from underground hacker forums. RockYou had been hit with a common type of exploit known as a SQL injection flaw that targets information stored in databases and hackers were regularly discussing the fact that the hole at RockYou was being exploited, the lawsuit said.

The Decade's 10 Most Dastardly Cybercrimes

By Kevin Poulsen
Threat Level
Wired.com
December 31, 2009

It was the decade of the mega-heist, when stolen credit card magstripe tracks became the pork bellies of a new underground marketplace, Eastern European hackers turned malware writing into an art, and a nasty new crop of purpose-driven computer worms struck dread in the heart of America.

Now that the zero days are behind us, it's time to reflect on the most ingenious, destructive or groundbreaking cybercrimes of the first 10 years of the new millennium.


2000 - MafiaBoy

Once upon a time, "distributed denial of service attacks" were just a way for quarreling hackers to knock each other out of IRC. Then one day in February 2000, a 15-year-old Canadian named Michael "MafiaBoy" Calce experimentally programmed his botnet to hose down the highest traffic websites he could find. CNN, Yahoo, Amazon, eBay, Dell and eTrade all buckled under the deluge, leading to national headlines and an emergency meeting of security experts at the White House.

Compared to modern DDoS attacks, MafiaBoy's was trivial. But his was the cyberstrike that put the internet's security issues on a national stage, and inaugurated an era where any pissed off script kiddy could take down part of the web at will.


2002 - California Payroll Database Breach

On April 5, 2002, an unidentified hacker penetrated a California server housing the state government's payroll database, gaining access to names, Social Security numbers and salary information for 265,000 state workers from the governor on down. The breach itself was small potatoes, but when it emerged that the California Controller's Office had waited two weeks to warn the victims, angry lawmakers reacted by passing the nation's first breach disclosure law, SB1386.

The law requires hacked organizations to promptly warn potential identity theft victims. Its passage pulled the rock off the string of major corporate breaches that companies would have preferred to hush up.
Today, 45 states have enacted similar laws.
http://www.wired.com/threatlevel/2009/12/ye_cybercrimes/

emails

a

The Register - Security

IQ test

The Register - Security: Anti-Virus

HackWire - Hacker News