Spyware, Viruses, & Security

Alert

NEWS - April 26, 2013

by Carol~ Forum moderator / April 26, 2013 1:22 AM PDT
Google Joins FIDO Alliance Effort to Move Beyond Passwords

Google, which gradually has been moving its users away from using passwords as their main form of authentication for Web services, has joined a young organization whose goal is to phase out passwords and replace them with various forms of strong authentication. The FIDO Alliance, formed last year, is working to make two-factor authentication the default mechanism for authentication through the establishment of an open standard for strong authentication.

Google has been working to make passwords obsolete for some time now. It has introduced two-factor authentication for its Gmail service, giving users the ability to enable an option that requires the use of a one-time code in addition to their normal password in order to sign in to their accounts. Other vendors, including Apple and Facebook, have followed suit. But none of those vendors have made two-factor authentication the default mode.

The FIDO Alliance is seeking to help make two-factor authentication a more mainstream thing through the development of an open standard for the use of various strong authentication technologies such as TPMs (trusted platform modules), hardware tokens and others.

Continued: http://threatpost.com/google-joins-fido-alliance-effort-to-move-beyond-passwords/

Also:
"Forget passwords!": Google joins FIDO
Google Takes Aim at Passwords Via FIDO Alliance
Google Joins PayPal-Backed Effort to Kill the Password
Post a reply
Discussion is locked
You are posting a reply to: NEWS - April 26, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - April 26, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Rapid7 Issues Vulnerability Warning to Safari Users
by Carol~ Forum moderator / April 26, 2013 2:54 AM PDT
In reply to: NEWS - April 26, 2013

On Thursday, Rapid7 advised users of Apple's Safari Web browser to avoid opening ".webarchive" files, after the discovery of a vulnerability in the security model of the webarchive format.

In Safari, the webarchive format saves all of the resources within a given webpage, including images, scripts, and stylesheets into a single file. In a blog post, Rapid7's Joe Vennix explained the Universal Cross-Site Scripting vulnerability, which has serious repercussions to Safari users on both the Windows and Mac OS X platforms.

Apple has not addressed the issue because exploitation requires an attacker to trick a victim into opening the .webarchive file manually. This can only happen after they ignore a generic warning message that says in part "...this content was downloaded from a webpage..."

"This is a potentially dangerous decision, since a user expects better security around the confidential details stored in the browser, and since the webarchive format is otherwise quite useful. Also, not fixing this leaves only the browser's file:// URL redirect protection, which has been bypassed many times in the past," Vennix explained.

Continued: http://www.securityweek.com/rapid7-issues-vulnerability-warning-safari-users

Also: Researchers Warn Over Apple Safari Flaw

Collapse -
US Judge: Hacking into Suspects' Computers is a No-No
by Carol~ Forum moderator / April 26, 2013 2:55 AM PDT
In reply to: NEWS - April 26, 2013

The FBI's petition to plant spyware on suspects' computers to harvest information helpful for an investigation has been dismissed by a judge in the U.S. District Court for the Southern District of Texas.

The petition was sent in March, when the FBI sought a warrant to search a computer of an unknown suspect at an unknown location, in relation to e-banking fraud.

According to Computerworld, the software would disclose the location of the device, take snapshots of the suspects using the device via the webcam and exfiltrate browsing activity, firewall logs, caches, cookies, bookmarks and search queries.

U.S. Magistrate Judge Stephen Smith dismissed the request in a 13-page ruling this week, as this type of search would be "overly intrusive and infringing on Fourth Amendment protections against unreasonable search."

Continued : http://www.hotforsecurity.com/blog/us-judge-hacking-into-suspects-computers-is-a-no-no-6052.html

Also: U.S. judge says FBI can't hack crime suspect's computer

Collapse -
Another Document Targeting Uyghur Mac Users
by Carol~ Forum moderator / April 26, 2013 2:55 AM PDT
In reply to: NEWS - April 26, 2013

From the F-Secure Antivirus Research Weblog:

We spotted a new variant of the documents used in the cyber attacks against Uyghur back in February.

This variant was first submitted to VirusTotal on April 11 from China. This time it uses IUHRDF, which may be a reference to International Uyghur Human Rights & Democracy Foundation, instead of Captain as the author: [Screenshot]

The payload is still the same besides using different filenames and command and control server.

It uses "alma.apple.cloudns.org" as the command and control server:

Continued : http://www.f-secure.com/weblog/archives/00002546.html

Related: Mac malware found in malformed Word documents - is China to blame?

Collapse -
Samsung Delays Release of Security Software for Galaxy Phone
by Carol~ Forum moderator / April 26, 2013 4:24 AM PDT
In reply to: NEWS - April 26, 2013

In February, Samsung Electronics introduced Knox, a version of Android with security features to make the company's phones more suitable for businesses, expected for release this spring. But the company has delayed the release of the software until summer, according to two people briefed on the company's plans.

Samsung initially said Knox would launch on the Galaxy S4, which is to arrive in AT&T stores on Saturday. But two people working with Samsung on Knox, who asked not to be named because they were not authorized to speak about their relationships with the company, said Samsung had decided to delay the release because it needed more time to test the software internally and with carriers. Samsung informed one of these people that Knox would be out around July.

Knox is expected to ship on some Samsung Galaxy devices. Analysts say the software puts Samsung, the leading manufacturer of Android devices, in a position to replace BlackBerry as the phone for professionals.

Continued: http://bits.blogs.nytimes.com/2013/04/24/samsung-knox-delayed-july/

Collapse -
Google bans self-updating Android apps, possibly including..
by Carol~ Forum moderator / April 26, 2013 4:25 AM PDT
In reply to: NEWS - April 26, 2013
.. Facebook's

"Facebook end run around Google Play store followed by change in Google policy."

About six weeks ago, users of Facebook's Android application noticed that they were being asked to install a new version—without going to the Google Play app store.

Android is far more permissive than iOS regarding the installation of third-party applications, even allowing installation from third-party sources if the user explicitly allows it. However, it's unusual for applications delivered through the official Google store to receive updates outside of the store's updating mechanism.

Google has now changed the Google Play store polices in an apparent attempt to avoid Facebook-like end runs around store-delivered updates. Under the "Dangerous Products" section of the Google Play developer policies, Google now states that "[a]n app downloaded from Google Play may not modify, replace or update its own APK binary code using any method other than Google Play's update mechanism." A Droid-Life article says the language update occurred Thursday. APK (standing for application package file) is the file format used to install applications on Android.

Continued: http://arstechnica.com/information-technology/2013/04/google-bans-self-updating-android-apps-possibly-including-facebooks/
Collapse -
Microsoft Windows XP Support Also Ending in the Malware ..
by Carol~ Forum moderator / April 26, 2013 4:25 AM PDT
In reply to: NEWS - April 26, 2013
... Community!?

From Symantec's Security Response Blog:

Recently, I discovered a back door Trojan horse program that does not work on Microsoft Windows XP. I would like to present some of the details of this threat, especially as the malware author encoded a special trick into the functionality of the Trojan. The trick appears to have been designed to allow the threat be used in targeted attacks.

The fseek function

In this threat, the author uses the fseek function, which is unusual as it is normally used to process data. For example, if the program reads 100 bytes of data from the top of the file, the fseek function process is used to move the 100 bytes. [Screenshot]

However, in the case of this Trojan, there are three functions that continue in a loop:

1. Append one string to another string (strcat)
2. Move zero bytes from the end of the file (fseek)
3. Split a string into tokens (strtok)

Usually, code reads or writes data after the fseek function, but in this case this process does not happen. It is also strange that such a function is written in a loop.

Continued : http://www.symantec.com/connect/blogs/microsoft-windows-xp-support-also-ending-malware-community
Collapse -
Mom, I Bought You a Public Toilet Survival Kit for Mother's
by Carol~ Forum moderator / April 26, 2013 4:25 AM PDT
In reply to: NEWS - April 26, 2013
.. Day

"Hello mom. I know I haven't called you in a while, but here I was, at the office, and got an e-mail with a major discount for Mother's Day. When can I stop by to drop off the public toilet survival kit I got for you?"

If you find yourself having this implausible conversation with your mom, check your inbox - you're probably infected with the latest Mother's day spam. [Screenshot]

Scammers mostly pull out the same old tricks, boring our beloved Bitdefender Labs experts to tears. But some days are full of surprises. The most recent one is a spam campaign that starts with sensitive Mother's Day messages, ups the offer to cheap flowers ... and then appeals to any man's heart. [Screenshot]

Instead of low price on roses and tulips, men end up on a web site offering great gifts for... men. Gadgets, living, style, rides, body and entertainment presents are just a few of the "exciting" stuff users can get for their mothers on May 12th.

The scammers' mechanisms are pretty simple:

Stage 1: Tell men they should buy flowers for their moms.

Continued : http://www.hotforsecurity.com/blog/mom-i-bought-you-a-public-toilet-survival-kit-for-mothers-day-6039.html
Collapse -
Dutchman Arrested in Spamhaus DDoS
by Carol~ Forum moderator / April 26, 2013 4:43 AM PDT
In reply to: NEWS - April 26, 2013

A 35-year-old Dutchman thought to be responsible for launching what's been called "the largest publicly announced online attack in the history of the Internet" was arrested in Barcelona on Thursday by Spanish authorities. The man, identified by Dutch prosecutors only as "SK," was being held after a European warrant was issued for his arrest in connection with a series of massive online attacks last month against Spamhaus, an anti-spam organization.

According to a press release issued by the Public Prosecutor Service in The Netherlands, the National Prosecutor in Barcelona ordered SK's arrest and the seizure of computers and mobile phones from the accused's residence there. The arrest is being billed as a collaboration of a unit called Eurojust, the European Union's Judicial Cooperation Unit.

It is not clear who SK is, but according to multiple sources, the man identified as SK is likely one Sven Olaf Kamphuis. The attack on Spamhaus was the subject of a New York Times article on Mar. 26, 2013, which quoted Mr. Kamphuis as a representative of Cyberbunker and saying, "We are aware that this is one of the largest DDoS attacks the world had publicly seen." The Times quoted Kamphuis as saying that Cyberbunker was retaliating against Spamhaus for "abusing their influence."

Continued: http://krebsonsecurity.com/2013/04/dutchman-arrested-in-spamhaus-ddos/

Also:
Dutch Suspect Sven Olaf Kamphuis Arrested for Biggest Cyber Attack in Internet History
Suspect Arrested Over 'Biggest Cyber Attack Ever'

Collapse -
Kaspersky Warns UK Government Of 'Catastrophic' Cyber Attack
by Carol~ Forum moderator / April 26, 2013 4:58 AM PDT
In reply to: NEWS - April 26, 2013

Government officials have been warned of the "catastrophic" consequences of a cyber attack on the UK population, by Eugene Kaspersky, chief of the Russian security firm that carries his surname.

Kaspersky, who recently told TechWeekEurope he backed calls for a non-proliferation treaty covering cyber weapons, said code could be used to "disable companies, cripple governments and bring whole nations to their knees by attacking critical infrastructure".

Kaspersky fears catastrophe

Eugene Kaspersky"The consequences for human populations could, as a result, be literally catastrophic," Kaspersky said at a dinner with Home Office Minister James Brokenshire, in front of various dignitaries, including Adrian Leppard, commissioner of the City of London Police, and Stephen Harrison, chief executive of the National Fraud Authority.

Continued : http://www.techweekeurope.co.uk/news/kaspersky-uk-government-cyber-attack-warning-114504

Also:
Cyberwar risks calamity, Eugene Kaspersky warns UK Government and spooks
Cyber terrorists are only a matter of time, warns Eugene Kaspersky

Collapse -
Brazen Crimeware Marketing Branches Out to Social Networks
by Carol~ Forum moderator / April 26, 2013 4:58 AM PDT
In reply to: NEWS - April 26, 2013

The secrecy of underground forums where financial malware and crimeware kits are traded is well guarded, to the point that few are able to penetrate them without some kind of internal sponsor. Here, criminals value their privacy as much as those from whom they steal.

That's what makes a recent discovery from RSA Security's FraudAction Research Lab all the more jarring. Expert Limor Kessem found this week that a new fraud service was being marketed over Facebook. The developer, an Indonesian-speaking person, was selling a customized botnet panel for the Zeus Trojan.

Kessem said the Facebook page was updated frequently with information about botnets, exploits and their version of Zeus.

"Beyond having compiled a working Zeus Trojan kit, the developer customized an attractive control panel for the admin (basic and familiar in functionality, and taken from previous Zeus versions), the developer and his team created a demo website for potential buyers—which they have no qualms about sharing publicly," Kessem said.

Continued : http://threatpost.com/brazen-crimeware-marketing-branches-out-to-social-networks/

Collapse -
Phishers Hack Hosting Providers To Launch Mass Attacks
by Carol~ Forum moderator / April 26, 2013 6:43 AM PDT
In reply to: NEWS - April 26, 2013

"Nearly half of all phishing attacks in the second half of last year came via hacked hosting providers, according to new data from the Anti-Phishing Working Group (APWG)"

Spearphishing is hot, especially when it comes to targeted attacks. But for phishing campaigns looking for maximum impact and victims, the most popular method is to compromise legitimate hosting providers, and new data shows that vector on the rise worldwide.

According to the Anti-Phishing Working Group (APWG), some 47 percent of all phishing attacks the second half of 2012 were via hacked hosting providers. Phishers used 89,748 unique domain names in the second half of the year, up from 64,204 domains in the first half of the year.

Phishing via hosting provider works like this: The attacker breaks into a Web server hosting multiple domains -- a shared virtual server -- and launches phishing attacks on each domain on that server. It's an efficient method that allows the attacker to infect hundreds or even thousands of websites.

Continued : http://www.darkreading.com/attacks-breaches/phishers-hack-hosting-providers-to-launc/240153663

Also:
Hackers increasingly target shared Web hosting servers for use in mass phishing attacks
Phishing attacks skyrocketing
Study finds hosting providers offer phishing paradise

Collapse -
Brad Arkin Named Adobe CSO
by Carol~ Forum moderator / April 26, 2013 6:43 AM PDT
In reply to: NEWS - April 26, 2013

Adobe has named Brad Arkin to the newly created position of CSO, a major expansion of responsibilities for Arkin, who has been leading the company's product security and privacy initiatives.

Adobe has been in the security spotlight for several years now, as attackers have focused their attention on the company's portfolio of products that enjoy user counts in the billions. Flash and Reader have been frequent targets for attackers who are always on the lookout for vulnerabilities in widely deployed applications, which give them the best chance of compromising a high number of users. Exploits for Adobe products often pop up in the commercial exploit kits such as Cool, Blackhole and others and Flash and Reader zero days are highly prized in the hacking underground.

As the threats to Adobe's products have escalated, so too have the company's efforts to combat them. Arkin joined the company in 2008, just as Adobe was emerging as a key target. Before that, attacker mainly had focused on Microsoft, Oracle and browsers, but the ubiquity of Adobe's products drew their attention. Arkin began addressing the problem from the bottom up, implementing a software security program designed to help developers write more secure code and eliminate vulnerabilities before products ship.

Continued : http://threatpost.com/brad-arkin-named-adobe-seo/

Also:
Security of hosted services is top priority for Adobe's first CSO
Adobe Appoints Brad Arkin as Chief Security Officer
Adobe names Brad Arkin its first-ever CSO

Collapse -
VirusTotal now analyses network traffic
by Carol~ Forum moderator / April 26, 2013 7:26 AM PDT
In reply to: NEWS - April 26, 2013

The popular VirusTotal service, which can run more than 20 anti-virus scanners over a sample in one pass, can now also look for signs of malware infections in captured network traffic. To perform a check, users upload network packets that are captured in the common PCAP format instead of sending VirusTotal the more traditional suspicious EXE, PDF or HTML file. [Screenshot]

Such network traffic dumps can be created with sniffers like Wireshark or tcpdump. VirusTotal will extract all transmitted files and present them to the familiar virus scanners; registered users will also receive copies of the extracted files. The scan service also looks at the network traffic data with the Snort and Suricata intrusion detection systems. These services can, for instance, detect the communication between a botnet client and its command & control server, as well as other typical attack patterns.

However, this type of analysis will produce numerous "Potentially Bad Traffic" messages and users will need to decide for themselves whether they are dealing with a false alarm. Another interesting aspect is the extra information that is generated during analysis, which can provide insights into the activities within a network. For example, VirusTotal lists all found DNS queries and web page (HTTP) requests.

Continued: http://www.h-online.com/security/news/item/VirusTotal-now-analyses-network-traffic-1848902.html

Collapse -
LivingSocial confirms hacking; 50 million accounts affected
by Carol~ Forum moderator / April 26, 2013 7:28 AM PDT
In reply to: NEWS - April 26, 2013

"LivingSocial is the latest major online property to be hacked. Here are more details about what to do next from company leaders."

Following reports earlier on Friday, LivingSocial confirmed that it is has been the victim of a major cyber attack.

The Washington, D.C.-based business asserted via email that is already in the process of notifying more than 50 million customers whose data may have been affected by the cyber-attack.

Those emails started going out this afternoon, and company reps assured that it will continue until all customers have been reached.

The hacking spans borders, affecting members of the Amazon-owned property worldwide -- except in Thailand, Malaysia, Indonesia, and the Philippines because TicketMonster and Ensogo use different data systems.

LivingSocial PR responded to our request and provided copies of the following two emails to serve as the daily deal company's official statements:

Continued : http://www.zdnet.com/livingsocial-confirms-hacking-more-than-50-million-accounts-affected-7000014606/

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Tech Tip

Tired of your tricky Wi-Fi password?

Stop trying to memorize a complicated sequence of numbers and letters. Learn how to change the default password.