China says thousands arrested over web porn

The Chinese government says it arrested more than 5,000 people in 2009 in an effort to crack down on web porn use, according to Reuters

Friday Squid Blogging: Squid Ski Mask

You probably can't walk into a bank wearing this....

Five security themes to watch in 2010

All signs point to payment industry security improvements, tighter security in social networks and some new attack vectors for savvy cybercriminals.

Q&A: Researcher Karsten Nohl on mobile eavesdropping

Researcher who tackled smart card security last year talks to CNET about how easy it is to listen in on GSM-based mobile phone calls now that the encryption has been cracked.

Hacker Gonzalez pleads guilty to further breaches

Albert Gonzalez has pleaded guilty to breaches at companies including Heartland Payment Systems and convenience-store chain 7-Eleven

RockYou sued over data breach

Suit seeks class action status and accuses RockYou of "reckless indifference to proper security measures" in failing to secure its network and protect customer data.

Hacker Gonzalez pleads guilty in Heartland breach

Reuters reports that Target was also among the many victims of the data breaches led by Albert Gonzalez that led to massive identity fraud.

Hacker pleads guilty to orchestrating Heartland credit card heist

Albert Gonzalez plead guilty to hacking into computer networks and stealing tens of millions of credit and debit cards from retailers and financial firms.

Microsoft rebuts IIS vulnerability claims

Redmond follows up on a security researcher's claims of a URL loophole that could let an attacker upload and execute code on an Web server.

Quantum Cryptography Cracked

Impressive: This presentation will show the first experimental implementation of an eavesdropper for quantum cryptosystem. Although quantum cryptography has been proven unconditionally secure, by exploiting physical imperfections (detector vulnerability) we have successfully built an intercept-resend attack and demonstrated eavesdropping under realistic conditions on an installed quantum key distribution line. The actual eavesdropping hardware we have built will be shown during...

McAfee: Facebook, Twitter targets for attack in 2010

McAfee Labs 2010 Threat Predictions report warns of increased attacks on social networks, as well as Adobe Reader and Google's Chrome OS

Microsoft denies IIS vulnerability claims

The software giant says it has investigated claims of a flaw in Internet Information Services 6, but has found 'no vulnerability'

More attacks expected on Facebook, Twitter in 2010

McAfee Labs 2010 Threat Predictions report warns of increased attacks on social networks, as well as Adobe Reader and Google's Chrome OS.

GSM cell phone encryption crack may force operators to upgrade

Karsten Nohl, a widely known encryption expert, has cracked the GSM encryption algorithm and claims software is available for hackers to eavesdrop on calls.

Me and the Christmas Underwear Bomber

I spent a lot of yesterday giving press interviews. Nothing I haven?t said before, but it?s now national news and everyone wants to hear it. These are the most interesting bits. Rachel Maddow interviewed me last night on her show. Jeffrey Goldberg interviewed me for the Atlantic website. And CNN.com published a rewrite of an older article of mine on...

Change Blindness

Interesting video demonstrating change blindness: the human brain's tendency to ignore major visual changes. The implications for security are pretty serious....

GSM crypto code cracked, says computer engineer

Karsten Nohl claims to have deciphered the secret algorithm used to encrypt most of the world's mobile phone calls

GSM crypto code cracked, engineer says

German computer engineer says he cracked the secret code used to encrypt most of the world's mobile phone calls, reports The New York Times.

Microsoft doesn't rule out rushed patch for IIS zero-day vulnerability

Software giant dismisses the critical nature of the Internet Information Services zero-day flaw, but doesn't rule out an out-of-band patch.

"The Behavioral Economics of Personal Information"

Good survey article by Alessandro Acquisti in IEEE Security & Privacy....

Brief: UltraDNS suffers attack, Amazon affected

UltraDNS suffers attack, Amazon affected

Separating Explosives from the Detonator

Chechen terrorists did it in 2004. I said this in an interview with then TSA head Kip Hawley in 2007: I don't want to even think about how much C4 I can strap to my legs and walk through your magnetometers. And what sort of magical thinking is behind the rumored TSA rule about keeping passengers seated during the last...

Friday Squid Blogging: Squid Creche

Happy Squidmas, everybody....

Friday Squid Blogging: Madonna and Squid

A painting....

DDoS attack strikes UltraDNS, affects Amazon, Wal-Mart

A flood of traffic caused general sluggishness and some outages for about an hour late Wednesday.

Web security strategy: Use cloud security services

Web security used to be mainly URL filtering and protocol validation, but as Eric Ogren explains, Web security clouds improve security with little impact on performance.

Twitter domain hijacking highlights DNS security weaknesses

While some security experts call the Twitter incident a non-issue, others say it is a reminder of DNS weaknesses and the need for better authentication.

Web-based Lookout protects mobile devices, data

Lookout offers data security, backup, and management over the Web and a way to locate and protect missing or stolen devices.

Intercepting Predator Video

Sometimes mediocre encryption is better than strong encryption, and sometimes no encryption is better still. The Wall Street Journal reported this week that Iraqi, and possibly also Afghan, militants are using commercial software to eavesdrop on U.S. Predators, other unmanned aerial vehicles, or UAVs, and even piloted planes. The systems weren't "hacked" -- the insurgents can?t control them -- but...

Amazon, other sites hit by DDoS attack

An attack on a major DNS provider in the US hobbled service to sites such as Amazon, Wal-Mart and Expedia for about an hour, two days before Christmas

Hackers claim to crack Kindle copyright armor

Two hackers, one in Israel and one in the United States, say they've found ways to export e-books from Amazon's popular e-reader to other devices.

Using Facebook and Twitter safely

Share a lot? Here's a guide to the security and privacy problems that users of Facebook and Twitter encounter, and what they can do about it.

Plant Security Countermeasures

The essay is about veganism and plant eating, but I found the descriptions of plant security countermeasures interesting: Plants can?t run away from a threat but they can stand their ground. ?They are very good at avoiding getting eaten,? said Linda Walling of the University of California, Riverside. ?It?s an unusual situation where insects can overcome those defenses.? At the...

Young Londoners next in line for ID cards

The Home Office has confirmed that 16- to 24-year-olds in the capital will be offered voluntary identity cards early next year

Brief: Lookout aims to lockdown smart phones

Lookout aims to lockdown smart phones

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909

Security industry praises Schmidt but sees challenges ahead

President Obama's choice for cybersecurity coordinator is being widely praised, but experts say he has major hurdles to overcome.

Luggage Locator

Wow, is this a bad idea: The Luggage Locator is an innovative product that travellers or anyone can use to locate items. It has been specifically engineered to help people find their luggage quickly and can also be used around the home or office. A battery operated, two unit system, the Luggage Locator consists of a small transmitter about the...

Report: FBI investigating Citibank cyberattack

Russian cybercriminals reportedly hacked into Citibank, stealing tens of millions of dollars and prompting an FBI investigation, says The Wall Street Journal.

White House names Howard Schmidt as cyber tsar

Schmidt, a former cybersecurity advisor to the Bush administration, will co-ordinate many security activities across the US government

White House appoints cybersecurity chief

New Cybersecurity Coordinator Howard Schmidt promises to develop strategies to protect U.S. networks, beef up technology partnerships, and promote R&D.

Howard Schmidt to be Named U.S. Cybersecurity Czar

I head this rumor two days ago, and The New York Times is reporting today. Reporters are calling me for reactions and opinions, but I just don't know. Schmidt is good, but I don't know if anyone can do well in a job with lots of responsibility but no actual authority. But maybe Obama will imbue the position with authority...

Northern Ireland DFP rapped over data loss

The Information Commissioner's Office has rebuked Northern Ireland's Department of Finance and Personnel for a major loss of people's personal data

Brief: White House appoints cybersecurity advisor

White House appoints cybersecurity advisor

Howard Schmidt named cybersecurity coordinator

Former Bush administration cybersecurity advisor Howard Schmidt is expected to be named cybersecurity coordinator.

Adobe warns of critical Flash Media Server vulnerability

Adobe issues update correcting two critical flaws in Flash Media Server 3.5.2 and earlier versions.

e-Borders may be illegal, select committee warns

Government plans to collect data on all travellers coming to the UK could be illegal under EU law, according to the Commons Home Affairs Committee

Firefox, Adobe lead list of buggiest software

The Mozilla browser is first and Adobe software knocks Microsoft out of second place on the list of products with the most reported flaws

So, is it safe to tweet now?

In the "Iranian Cyber Army" incident, Twitter has once again proven embarrassingly vulnerable. The good news? It doesn't look like user accounts were compromised--not that Twitter stores a whole lot of personal information.

News: Twitter attacker had proper credentials

Twitter attacker had proper credentials

News: PhotoDNA scans images for child abuse

PhotoDNA scans images for child abuse

Brief: Twitter investigates DNS hijack

Twitter investigates DNS hijack

Twitter hijacked by 'Iranian Cyber Army'

The microblogging site appeared defaced by a group that identified itself as the "Iranian Cyber Army" before the site went down.

Firefox, Adobe top buggiest-software list

Open-source Firefox reports all holes, putting it at the top of the list for bug reports, while Adobe replaces Microsoft in the second spot, reports find.

Predator drones hacked in Iraq operations

The apparent security breach arose because the UAVs do not use encryption in the final link to their operators on the ground.

Adobe to plug zero-day Reader, Acrobat hole

The company will release the patch on 12 January, allowing it to stick to its quarterly security update schedule. In the meantime, users can disable JavaScript

ID cards extended to north-west of England

The scheme is being rolled out to people living in Cheshire, Cumbria, Lancashire and Merseyside from January

Adobe to patch zero-day Reader, Acrobat hole

Company will release the patch on January 12, allowing it to stick to its quarterly security update schedule. In the meantime, users can disable JavaScript.

Firefox 3.5.6 patches critical security holes

A memory corruption bug and two issues with Ogg media technology are among the 62 fixes in the latest version of Mozilla's browser.

Keeping Uncle Sam from spying on citizens

As Center for Democracy and Technology lawyer, Greg Nojeim works to keep government from using national security as excuse to violate citizens' online privacy.

Symantec confirms zero-day Acrobat, Reader attack

A malicious Acrobat PDF is being distributed via an email attachment that drops the Trojan, affecting Windows systems when the file is opened

Facebook sues over alleged phishing, spamming

The lawsuit accuses three men of gaining access to Facebook user accounts by phishing and then sending spam from their accounts

News: Conficker data highlights infected networks

Conficker data highlights infected networks

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909

Facebook sues men for allegedly phishing, spamming

Facebook's latest lawsuit accuses three men of getting access to Facebook user accounts by phishing and then sending spam from their accounts.

Scammers exploit Google Doodle to spread malware

Latest twist on search engine scam exploits interest in the Google Doodle to send Web surfers to malware-laden Web sites, Barracuda Networks says.

Symantec confirms zero-day Acrobat, Reader attack

Malicious Acrobat PDF is distributed via e-mail attachment that drops Trojan affecting Windows systems when the file is opened.

Chrome bug undermines web anonymisation

Google's browser has a design error that keeps anonymisation services such as Tor from working properly, according to researchers

Adobe looking into Reader, Acrobat exploit reports

Security vendor partners partners have warned Adobe of an exploit in the wild targeting a hole in Reader and Acrobat 9.2

Microsoft issues patch for Office 2003 bug

The software maker has posted a download that resolves an issue that was keeping users from accessing some rights-managed files

Adobe investigating Reader, Acrobat exploit reports

Adobe partners warn the company of an exploit in the wild that targets a vulnerability in Reader and Acrobat 9.2.

Futuristic tech for daily living outshines outer space in 2009

Despite a few big space discoveries being made, cutting edge breakthroughs were concentrated on solving earthbound problems this year.

Waste gets a workout at energy plant (photos)

Is there a cleaner way to convert garbage into usable energy? Ze-gen's gasification facility is testing a system that gasifies construction debris to make burnable syngas.

Cloud will bring new threats, warns Trend Micro

Cloud infrastructure and connectivity, as well as devices reliant on it, will lead to new vulnerabilities for enterprises, according to Trend Micro

Top-rated reviews of the week (photos)

Here are a few of CNET's favorite items from the past week, including the Sony Ericsson Aino, 2010 Lincoln MKS, and the HP Pavilion dm3-1002.

Botnet gangs collaborate on malware

The criminal groups behind the Zeus and Avalanche botnets appear to have struck a deal to use each other's infrastructure

News: Scammers scrape RAM for bank card data

Scammers scrape RAM for bank card data

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909

Schneier: Steps to combat file-sharing are misguided

So-called 'three strikes' laws ignore due process and are technologically unfeasible to implement, according to security guru Bruce Schneier

Microsoft fixes zero-day flaw in IE

The software giant's regular Patch Tuesday release includes six security bulletins addressing 12 vulnerabilities in IE, Windows, Windows Server and Office

MS09-074 - Critical: Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183)

Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Office Project. The vulnerability could allow remote code execution if a user opens a specially crafted Project file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-073 - Important: Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)

Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft WordPad and Microsoft Office text converters. The vulnerability could allow remote code execution if a specially crafted Word 97 file is opened in WordPad or Microsoft Office Word. An attacker who successfully exploited this vulnerability could gain the same privileges as the user. Users whose accounts are configured to have fewer privileges on the system could be less impacted than users who operate with administrative privileges.

MS09-072 - Critical: Cumulative Security Update for Internet Explorer (976325)

Bulletin Severity Rating:Critical - This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. An ActiveX control built with Microsoft Active Template Library (ATL) headers could also allow remote code execution; for more information about this issue, see the subsection, Frequently Asked Questions (FAQ) Related to This Security Update, in this section.

MS09-071 - Critical: Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318)

Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if messages received by the Internet Authentication Service server are copied incorrectly into memory when handling PEAP authentication attempts. On Windows Server 2008, the Internet Authentication Service is replaced by Network Policy Server (NPS). An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system. Servers using Internet Authentication Service or Network Policy Server are only affected when using PEAP with MS-CHAP v2 authentication.

MS09-070 - Important: Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726)

Bulletin Severity Rating:Important - This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if an attacker sent a specially crafted HTTP request to an ADFS-enabled Web server. An attacker would need to be an authenticated user in order to exploit either of these vulnerabilities.

MS09-069 - Important: Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392)

Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow a denial of service if a remote, authenticated attacker, while communicating through Internet Protocol security (IPsec), sends a specially crafted ISAKMP message to the Local Security Authority Subsystem Service (LSASS) on an affected system.

Researchers break into BitLocker

Unlike previous attacks against the Windows encryption, the technique developed by Fraunhofer SIT works even when a Trusted Platform Module is in use

Government to share more data in fraud fight

The government has announced a set of measures to increase data-sharing and encourage people to use public-sector services online

Microsoft expands Forefront security suite

The business security suite gets refreshed web-client protection and secure remote-access tools with Threat Management Gateway 2010 and Unified Access Gateway 2010

News: Sequoia to show off e-voting code

Sequoia to show off e-voting code

News: Major IE8 flaw makes 'safe' sites unsafe

Major IE8 flaw makes 'safe' sites unsafe

News: Researcher busts into Twitter via SSL reneg hole

Researcher busts into Twitter via SSL reneg hole

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909

Infocus: Enterprise Intrusion Analysis, Part One

Enterprise Intrusion Analysis, Part One

Infocus: Responding to a Brute Force SSH Attack

Responding to a Brute Force SSH Attack

Infocus: Data Recovery on Linux and ext3

Data Recovery on Linux and <i>ext3</i>

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909

Infocus: WiMax: Just Another Security Challenge?

WiMax: Just Another Security Challenge?

Gunter Ollmann: Time to Squish SQL Injection

Time to Squish SQL Injection

Mark Rasch: Lazy Workers May Be Deemed Hackers

Lazy Workers May Be Deemed Hackers

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909

Adam O'Donnell: The Scale of Security

The Scale of Security

Mark Rasch: Hacker-Tool Law Still Does Little

Hacker-Tool Law Still Does Little

More rss feeds from SecurityFocus

News, Infocus, Columns, Vulnerabilities, Bugtraq ...

MS09-068 - Important: Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307)

Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-067 - Important: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)

Bulletin Severity Rating:Important - This security update resolves several privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-066 - Important: Vulnerability in Active Directory Could Allow Denial of Service (973309)

Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Active Directory directory service, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow denial of service if stack space was exhausted during execution of certain types of LDAP or LDAPS requests. This vulnerability only affects domain controllers and systems configured to run ADAM or AD LDS.

MS09-065 - Critical: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)

Bulletin Severity Rating:Critical - This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font. In a Web-based attack scenario, an attacker would have to host a Web site that contains specially crafted embedded fonts that are used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted Web site. Instead, an attacker would have to convince the user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the attacker's site.

MS09-064 - Critical: Vulnerability in License Logging Server Could Allow Remote Code Execution (974783)

Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Windows 2000. The vulnerability could allow remote code execution if an attacker sent a specially crafted network message to a computer running the License Logging Server. An attacker who successfully exploited this vulnerability could take complete control of the system. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter.

MS09-063 - Critical: Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565)

Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in the Web Services on Devices Application Programming Interface (WSDAPI) on the Windows operating system. The vulnerability could allow remote code execution if an affected Windows system receives a specially crafted packet. Only attackers on the local subnet would be able to exploit this vulnerability. This security update is rated Critical for all supported editions of Windows Vista and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.

MS09-062 - Critical: Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)

Bulletin Severity Rating:Critical - This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-061 - Critical: Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)

Bulletin Severity Rating:Critical - This security update resolves three privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications, or if an attacker succeeds in persuading a user to run a specially crafted Microsoft .NET application. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerabilities could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and executing it, as could be the case in a Web hosting scenario. Microsoft .NET applications, Silverlight applications, XBAPs and ASP.NET pages that are not malicious are not at risk of being compromised because of this vulnerability.

MS09-060 - Critical: Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)

Bulletin Severity Rating:Critical - This security update resolves several privately reported vulnerabilities in ActiveX Controls for Microsoft Office that were compiled with a vulnerable version of Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-059 - Important: Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467)

Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sent a maliciously crafted packet during the NTLM authentication process.

MS09-058 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486)

Bulletin Severity Rating:Important - This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logged on to the system and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit any of these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.

MS09-057 - Important: Vulnerability in Indexing Service Could Allow Remote Code Execution (969059)

Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker set up a malicious Web page that invokes the Indexing Service through a call to its ActiveX component. This call could include a malicious URL and exploit the vulnerability, granting the attacker access to the client system with the privileges of the user browsing the Web page. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-056 - Important: Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571)

Bulletin Severity Rating:Important - This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow spoofing if an attacker gains access to the certificate used by the end user for authentication.

MS09-055 - Critical: Cumulative Security Update of ActiveX Kill Bits (973525)

Bulletin Severity Rating:Critical - This security update addresses a privately reported vulnerability that is common to multiple ActiveX controls and is currently being exploited. The vulnerability that affects ActiveX controls that were compiled using the vulnerable version of the Microsoft Active Template Library (ATL) could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-054 - Critical: Cumulative Security Update for Internet Explorer (974455)

Bulletin Severity Rating:Critical - This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Firefox users who are running the Windows Presentation Foundation (WPF) plug-in and do not have it disabled should also apply this security update. For more information regarding this issue, please see the FAQ section for HTML Component Handling Vulnerability ? CVE-2009-2529.

MS09-053 - Important: Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)

Bulletin Severity Rating:Important - This security update resolves two publicly disclosed vulnerabilities in the FTP Service in Microsoft Internet Information Services (IIS) 5.0, Microsoft Internet Information Services (IIS) 5.1, Microsoft Internet Information Services (IIS) 6.0, and Microsoft Internet Information Services (IIS) 7.0. On IIS 7.0, only FTP Service 6.0 is affected. The vulnerabilities could allow remote code execution (RCE) on systems running FTP Service on IIS 5.0, or denial of service (DoS) on systems running FTP Service on IIS 5.0, IIS 5.1, IIS 6.0 or IIS 7.0.

MS09-052 - Critical: Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112)

Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if a specially crafted ASF file is played using Microsoft Windows Media Player 6.4. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-051 - Critical: Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)

Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Windows Media Runtime. The vulnerabilities could allow remote code execution if a user opened a specially crafted media file or received specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-050 - Critical: Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517)

Bulletin Severity Rating:Critical - This security update resolves one publicly disclosed and two privately reported vulnerabilities in Server Message Block Version 2 (SMBv2). The most severe of the vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB packet to a computer running the Server service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate from outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

News: Popular apps need better patching, says report

Popular apps need better patching, says report

It's almost 2010, yearly round of new year related malware is going on.

The first signs of New Year malware for this year were already sighted a while back, but the current one we're seeing in circulation wishes "Happy New Year 2010" and points to a fast flux domain site which serves up Trojan-Downloader:W32/Agent.MUG. This particular trojan will try to install further malware, though the content it's pointing to seems to not yet be online, at least at the time of this post.

Be careful when reading electronic happy New Year's wishes also this year.

F-Secure Labs wishes all our readers happy and malware free New Year.

On 31/12/09 At 10:33 AM

Y2K

It's now the end of 2009.

Ten years ago, at the end of 1999, IT professionals around the world were busy overhauling computer systems to make them 2000 compliant. This meant double-checking all legacy software and hardware to make sure the century roll-over wouldn't cause problems.

What was the problem then? For example, if in 1997 a program tried calculate the age of a person by subtracting current year from his birth year of 1965, it might simply do it as a calculation of 97-65, concluding correctly that the person is 32 years old. Obviously after the decade changed, the calculation would fail: calculating 00-65 would tell that this person is minus 65 years old. Making software Y2K compliant meant combing through source code of all software using dates and converting them to use four-digit years - as 2000-1965 would again compute correctly.

An enormous amount of work hours and money was spent to fix these problems.

And this work did not go to waste. The global Y2K project was a success; when January 2000 came around, most systems were already checked and fixed, and only minor problems were reported.

Unfortunately this wasn't enough. A huge hype had been generated around the problem. Mainstream media was forecasting major failures, power outages and rioting for 1st of January. And there was no shortage of salesmen trying to cash in with the hysteria. For examples, check out these products on Amazon.com: The Millennium Bug and Y2k Family Survival Guide on Video with Leonard Nimoy.

    

At the time it wasn't easy trying to convince people that Y2K projects will finish in time and that running out of food wasn't likely.

Then the year changed with little fanfare.

Immediatly after the New Year mainstream media was quick to point out that since there were no major Y2K problems, the whole effort to find the bugs was unnecessary to begin with. In reality the millions invested in Y2k compliance prevented real-world problems.

Bizarrely, some people still today believe that there was no need to worry and computer systems would have worked fine without any extra effort.

So what does all this have to do with F-Secure? Not much, except that some people were expecting to see loads of viruses to appear over Y2K. We never saw any logic in this, but to ease concerns, we did set up a special Y2K Watch helpdesk over New Year 2000 to monitor things.

Interestingly, that Y2K Watch ten years ago was the first time we used a blog format to spread information. The page for the original F-Secure Y2K Watch Real-Time Status Updates is available here, with newest posts on the top. Entries are from December 31st 1999 to January 3rd 2000. The page also includes several real-world examples of the minor Y2K problems that were reported around the world at the time.

So what's next? Well, The Year 2038 Problem is just around the corner. If you're taking a 25-year mortgage and your bank's systems aren't 2038-compliant, you might run into this already in three years time...

Edited to add: Some Y2K fixes in 1999 were real quick-hacks. For example a logic like this could have been applied: IF YEAR < 10 THEN YEAR = YEAR + 2000 ELSE YEAR = YEAR + 1900. Hacks like that would create problems now, in 2009 and 2010. For a real example, see one of the comments left to this post.

On 29/12/09 At 12:17 PM

Merry CHRISTMA EXEC

Once again, we'd like to wish our readers Merry Christmas with a reference to the 1986 CHRISTMA EXEC worm.



Here's a link to January 1987 Risks Digest, discussing the worm.

And here's a link to the original source code for this worm. Normally we wouldn't link to malware code, but hey, it's 23 years old.

On 24/12/09 At 08:29 AM

Jobs and Money Mule Scams

With the unemployment rate rising, websites advertising job listings have been mushrooming. Some are the real deal, and some are not. We have also seen an increase in spam e-mails regarding job offers.

We came across this particular spam e-mail that has been circulating, looking for someone to be a money mule:



If you try going to the domain mentioned in the spam, you will be redirected to a job listing site that lists jobs in Finland by industry.

Interestingly, when you check the IT & Internet job listings and proceed with any of the jobs listed:



You will find a fictional F-Secure recruiter listing, complete with our contact information:



Apparently, we're looking to fill about 200 positions in our Helsinki office.

Just to be clear — those are definitely not authorized offers from us. The rest of the site is full of work from home offers and other slightly suspect listings.

Be careful out there if you're looking through job sites.

Oh, and if anyone out there would like to join F-Secure, please browse the job listings on our official website or a trusted source.

---

On 22/12/09 At 05:09 AM

US Chief of CyberSecurity

After months of negotiations, US President Barack Obama has finally chosen a Chief of CyberSecurity – Mr Howard A Schmidt. Confirmation of the appointment is expected shortly.

Mr Schmidt, who previously served with the Bush administration as a cyber security official, comes to the job with an impressively lengthy list of credentials.

The new Chief will essentially be the administration's go-to man for any coordinated efforts to deal with cyber threats and will be reporting to the National Security Council.

After a fairly eventful year of cyber attacks and the related media frenzy, it's nice to see someone finally willing to take up the challenge of dealing with it all. It also promises an interesting 2010.

Best of luck to the new Cyber Czar.

More details in this New York Times article.

On 22/12/09 At 03:50 AM

Brittany Murphy SEO

Just a quick note — the sudden death of Hollywood celebrity Brittany Murphy last Sunday (BBC report here) has prompted a spike in searches on the subject — and of course, an SEO attack.

Users who click on a poisoned search result link will be redirected to a website that will display a scare message trying to panic users into downloading rogue AV software:

Screenshots of the rogue AV:





We detect the rogue AV as Trojan-Downloader:W32/Fakevimes.T.

Absolutely bog standard SEO attack — but still worth a warning to those who might be looking for more news on the event.

—————

WebSecurity post by — Chu Kian

On 21/12/09 At 09:20 AM

Steam Phishing

Steam from Valve is the largest digital distribution network in the world, with over 20 million active users.

This is how people today buy their PC games and other content.

In many ways, Steam is a competitor for iTunes.



And just as there are phishing attacks to steal iTunes accounts, there are phishing attacks against Steam as well. After all, they both have money in them.

Here's an example attack, trying to steal Steam credentials via the Steam Community social network side of Steam. Real URL is steamcommunity.com. Wrong URL is steamcommuntity.com.



They do look quite similar, don't they?

The fake domain is registered to Mr. "Jay Will", who lives on 69 Lane, Los Angeles…



Be careful out there…

---

On 18/12/09 At 01:55 PM

Detailed Report of Ikee.B iPhone Worm

SRI International has published an excellent technical report on the Ikee.B botnet that replicates on jailbroken iPhone devices.

The full report can be viewed here.



We're glad we were able to provide technical details for this report regarding the attack it does against an online bank.

On 18/12/09 At 10:28 AM

Merry Christmas, Idiot

It's not a huge surprise that we are seeing some malware spam runs where the malicious attachment attempts to portray itself as a Christmas Greeting of some sort.

Here's an example from today (md5: C670165AE6DFA8318F0EA795B1D3AD55). This one is actually a Zapchast (IRC bot variant).

The "Christmas Card" requires it's own "special version" of Flash to be installed — flashplayer2009.exe — which is the malware itself.

Once ready, it will display this friendly message written in Universal Gibberish.



Pay attention to the cheerful filename used for this message — idiot.jpg.

F-Secure Anti-virus detects and removes this as Backdoor.IRC.Zapchast.AVL.

On 17/12/09 At 08:20 AM

How Not To Redact Confidential Information

We read with interest about yet another PDF redaction snafu.

In this case it was the attorney of TJX / 7-11 hacker Albert Gonzales, who posted an indictment that was redacted digitally and posted online as a PDF file — making it trivial to recover the original unredacted text.



Last week the US Travel Security Authority (TSA) sacked 5 persons for posting a digitally "redacted" security guideline document online.



Most people who know about digital redaction problems think it's just about being able to copy and paste the redacted texts of the document.

But in fact it's a much deeper problem. Most users only have a PDF Reader on their system (and most of those have specifically Adobe PDF Reader, unfortunately).

So because they can only read PDF files, they consider them PDF files to be read-only. This is not true.

Even most of the users who do create PDF files do it with a virtual printer. So they prepare the file in, say, Word, then just "print" it to a PDF file.

However, there's a wide variety of PDF Editors available. With a PDF Editor, you can open up any PDF file and modify it in any way you want. This includes being able to select the redaction black boxes and moving them away, uncovering the content underneath.

Here's a video from our YouTube channel that shows just how easy it is.


(Video — How Not To Redact a PDF File)

So, how to publish these securely then?

It's easy. There are several ways. We recommend the following…

Print the redacted document to paper.

Then scan it back as a PDF file.

Blam! No problems.

On 16/12/09 At 01:59 PM

Adobe Acrobat 0-Day Analysis

There's a 0-Day PDF exploit taking advantage of a vulnerability found in Adobe Reader and Acrobat 9.2 and earlier. Adobe has issued an advisory on their PSIRT blog.

The screenshot below, pulled from our automation, shows that when the PDF file is opened in Adobe Acrobat/Reader it attempts to download an executable file. The server has been abused but is currently active.



The executable that is downloaded searches for and encrypts certain files and then uploads them to another server. This server is currently online and its contents are publicly browsable.

The machine name and the IP address of the compromised machine are included.

Here's an example:



Based on the numbers of files found on the upload server, it appears that this exploit is only being used in targeted attacks.

But that could easily change…

Disabling Acrobat's JavaScript option may offer some mitigation.

You might also install an alternative PDF reader, many good ones are available for free.

Adobe is now on a scheduled quarterly update cycle, with security patches coming as needed on the same day as Microsoft's updates. It could be January 12th before Adobe publishes a fix.

We detect the following:

The exploit as Exploit:W32/AdobeReader.Uz.
The downloaded file as Trojan-Dropper:W32/Agent.MRH.
The dropped files as Trojan:W32/Agent.MRI, Trojan:W32/Agent.MRJ, and Rootkit:W32/Agent.MRK.

— Read More —

  •  Shadowserver – When PDFs Attack II - New Adobe Acrobat [Reader] 0-Day On the Loose
  •  Security Fix – Hackers target unpatched Adobe Reader, Acrobat flaw
  •  The Register – Unpatched PDF flaw harnessed to launch targeted attacks

—————

Updated to add: According to Contagio Malware Dump, some of the original targeted attack emails looked like this:


   From: Rachel Millstone
   To: (redacted)
   Date: Dec 11, 2009 3:12 PM
   Subject: reference
   
   Dear All
   Please find attached the updated country briefing notes, and staff lists.
   
   kind regards
   Rachel
   
   Attachment: note_20091210.pdf

---

   From: fureer.angelica@gmail.com
   To: (redacted)
   Date: 2009-12-13 12:14 AM
   Subject: Interview Request
   
   This is Fureer Angelica, diplomaic broadcaster for CNN in DC.
   There's growing concern about the U.S.-North Korea bilateral talks.
   So, we're planning an Interview about them.
   Attached is the outline of the interview.
   
   p.s. Detailed schedules will be followed soon if you accept the offer.
   
   Attachment: File outline_of_interview.pdf

---

   From: jackr@gilbrooks.edu
   To: (redacted)
   Subject: reference
   Date: Mon, 30 Nov 2009 06:53:52 +0000
   
   Dear All
   Please find attached the updated country briefing notes, and staff lists.
   
   kind regards
   Jack
   
   Attachment: note200911.pdf


—————

Updated to add: Adobe has published an updated Security Advisory. They plan to make an update available on January 12th.

Also noteworthy, this PDF vulnerability has been added to Metasploit.

On 15/12/09 At 01:08 PM

Security Threat Forecast 2010

Here are our predictions for 2010 based on this year's threat analysis.

  •  Windows 7 will gain market share during 2010. Windows XP will drop below 50% market share overall and will thus reduce the amount of "low hanging fruit." This will improve Internet security in affluent countries and it will perhaps begin to create malware ghettos in less affluent countries as cyber-criminals concentrate their efforts on the remaining installed base of Windows XP. Whether attackers continue to focus on Microsoft Windows alone or whether they diversify to include OSX and mobile platforms remains to be seen.

  •  Real-time support in search engines such as Google and Bing will affect the frequency and manner of Search Engine Optimization (SEO) attacks.

  •  The 2010 FIFA World Cup (soccer for those of you in the USA) will generate a good number of related trojans, fake ticket shops, spam, online shop hacking, and DDoS attacks. There could already be SEO attacks months before the matches actually take place in June. South Africa's mobile phone networks will be a hotbed of activity during the games.

  •  Web search results leading to "location based attacks" using geo-location IP address techniques will increase. They will be localized in terms of language, current news events, and even regional banks that they target.

  •  There will be more attacks against online banks with tailor-made trojans.

  •  There will be more iPhone attacks, possibly also proof-of-concept attacks on Android and Maemo. We could also see a 0-day vulnerability used in a large scale exploit.

  •  More snowshoe spamming.

  •  At least one large-scale DDoS attack against a nation-state is likely.

  •  We may see a large-scale internal attack against a target such as Google Wave.

  •  There will be more attacks on social networks such as Facebook, Twitter, Myspace, Linkedln, etc. Facebook has now reached 350 million accounts and its growth doesn't yet show signs of slowing. This concentration of people and data is a very tempting target for cyber-criminals to exploit.

  •  As Internet search engines and social networking sites work towards "social search results", we'll see black hat social search optimization attacks.

  •  As more people connect via mobile networks, the amount of traffic and activity such as banking, gaming, and social networking increases in step. With mobile banking and in-game purchasing gaining popularity, the financial motivation becomes stronger to spy on such transactions. Integrated social networking applications are also driving mobile phones users to be "always connected." Cyber-criminals will use social engineering to exploit this trend.

  •  Attacks related to online games will continue. Such sites and games are particularly popular in the Asia-Pacific region. Not enough focus is put on securing them and the problem will be further fueled by the fact that many users are younger and therefore more vulnerable to experienced cyber-criminals.

  •  There will be significant data base compromises that lead to tailored attacks. Cyber-criminals now have the resources to analyze, plan, and carry out mass-targeted attacks.

On 14/12/09 At 02:44 PM

DNSChanger Trojans & Modems

Quick note: we're still occasionally getting reports of DNSChanger trojan variants altering the DNS information on both the infected system and on certain ADSL modems. It's an old, unsophisticated problem, but more awareness of it can't hurt.

There are a couple twists on the basic strategy — the trojan may modify the modem's settings to use a rogue DNS server (that serves tainted information) or it can install a DHCP driver on the modem. Either way, it redirects users to a malicious site doing drive-by downloads.

The trojan gets access to the modem's settings by brute-forcing the user name and password, which many people leave set as default. A simple, user-doable prevention measure is to change the default to a strong password. We've got a couple of previous posts (May 26, October 7) on how to do this.

For our users, if the infection was already on the computer before our product was installed, the product will clean up the infection on the computer, but the modem settings will still point to the rogue DNS server.

To clean out the modems, its settings need to be manually reset. Instructions would be specific for each modem type, so if necessary call your ISP for more details.

On 11/12/09 At 01:42 AM

New Wave of SQL Injection Attacks

Reports have reached us of a fresh SQL injection attack that has compromised many websites. A Google search of the malicious iframes used in the attacks nets over 100,000 hits:



As is typical, the initial iframes lead to HTML pages, which load iframes containing obfuscated JavaScript, which then attempts to exploit the unfortunate visitor. A successful exploit leads to a download of a malware of the Buzus family.

We already detect the malware binary as Trojan.Generic.2823971 with our latest Internet Security 2010 databases and as Trojan.Win32.Buzus.croo in our other products.

On 10/12/09 At 08:17 PM

NASA works to keep Mars rover Spirit running

As NASA celebrates its Mars rover Spirit’s sixth anniversary exploring the red planet it is hunting for a way to keep the machine, which is mired in a sand trap, alive to see a seventh year. On its Web site, the space agency this week noted there may indeed be such an option.

Open source: How e-voting should be done

An open source approach to open voting systems is essential to the integrity of our electoral process. Here's a technical blueprint for securing the vote

Why traditional security doesn't work for SOA

SOA's strengths turn out to be highly exploitable entry points for attackers

New regulations will soon swell IT workloads

Government's response to the financial meltdown will require major tech initiatives for compliance, despite the recession's cutbacks

Obama can't have a BlackBerry. Should your CEO?

Information security is not as strong as you may think, and the execs with the most sensitive data are juicy targets

Google Chrome OS may be security hotspot in 2010

Google's Chrome OS will be "poked" by hackers in 2010, in large part because it will be the "new kid on the block," a security researcher predicted Wednesday.

More Security News

View more Security news and analysis from Computerworld.com

Tracking connected devices

Access to system

Installed New Printer on Fedora

MICROSOFT COFFEE

you sound like a wannabe indian.

Admin Interface for Linksys Cable Modem

Blue and Black Color folders name???

Firewall redundancy - how?

creating a web of trust with agents

Lost Excel Password

Noah's last wish

Used computer parts and accessories

Global Warming is now Officially dead

Help!!!--ASP Menus not working in VM servers

web page help