Spyware, Viruses, & Security forum


NEWS - April 27, 2012

by Carol~ Forum moderator / April 27, 2012 1:34 AM PDT
House Passes CISPA Cyberthreat Sharing Bill, Despite Privacy Concerns

The U.S. House of Representatives has passed a cyberthreat information-sharing bill that critics say will give U.S. government agencies access to the private communications of millions of Internet users.

The House late Thursday voted 248-168 to pass an amended version of the Cyber Intelligence Sharing and Protection Act (pdf), or CISPA, even though the White House Office of Management and Budget has recommended that President Barack Obama veto the bill.

Civil liberties groups, including the Center for Democracy and Technology and the American Civil Liberties Union, have opposed the bill, saying it would open up Internet communications to snooping by government agencies, including the U.S. National Security Agency.

But supporters argued the bill is needed to help private companies and government agencies fight cyberattacks. "There are people today who are literally robbing the future of America" by attacking U.S. companies, said Representative Mike Rogers, a Michigan Republican and lead sponsor of CISPA. "This is the one small thing we get to do to prepare for a bunch of folks who want to bring us down."

Continued : http://www.pcworld.com/businesscenter/article/254573/house_passes_cispa_cyberthreat_sharing_bill_despite_privacy_concerns.html

House Passes Controversial Cybersecurity Measure CISPA
Paranoia About CISPA Is Justified
CISPA passes the House, privacy battle moves to Senate
CISPA Passes The House: What You Need to Know

Related : Resistance against US cyber security act is growing
Post a reply
Discussion is locked
You are posting a reply to: NEWS - April 27, 2012
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - April 27, 2012
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Critical Unpatched Oracle Vulnerability
by Carol~ Forum moderator / April 27, 2012 3:35 AM PDT
In reply to: NEWS - April 27, 2012

From SANS ISC Diary:

Oracles April "Critical Patch Update" listed a vulnerability in the TNS Listener services as one of the patched vulnerabilities. Sadly, it turns out that current versions of Oracle are not patched. Instead, the vulnerability will apparently only be fixed in future versions of the Oracle database. According to a statement from Oracle quoted by the discoverer of the vulnerability, the fix would have possible had stability issues for current versions of Oracle. [1]

The vulnerability was responsibly reported to Oracle back in 2008. Upon release of the April CPU, Joxean Koret, who originally found the vulnerability, came forward with additional details including a proof of concept exploit, fully expecting that a patch is now available.

So in short: We got an unpatched remote code execution vulnerability in all current versions of Oracle with proof of concept exploit code.

Joxean's details published after the CPU release also include some useful workarounds [2]. Please refer to the post for details.

[1] http://seclists.org/fulldisclosure/2012/Apr/343
[2] http://seclists.org/fulldisclosure/2012/Apr/204


Critical Bug Reported in Oracle Servers
Vulnerability in Oracle Servers Fixed Only in "Future Versions"

Collapse -
Python-based malware attack targets Macs. Windows PCs also..
by Carol~ Forum moderator / April 27, 2012 3:36 AM PDT
In reply to: NEWS - April 27, 2012
.. under fire

Experts at SophosLabs have identified a new malware attack that is targeting both Mac and Windows computers, exploiting the infamous Java security vulnerability that allowed the Flashback botnet to commandeer 600,000 Macs.

Internet users who visit compromised webpages may find themselves at risk of infection via a Java exploit that downloads malicious software onto their computer. Patches for the Java vulnerability have been available since February 14th for Windows, Linux and Unix computers and since early April for Mac users.

Nevertheless, there may still be some users who have not yet patched their computers - and are at risk of attack.

The latest malware attack exploits the Java vulnerability to download further malicious code onto the computer (Sophos products detect the attack as Mal/20113544-A and Mal/JavaCmC-A).

The malicious Java code downloads further code onto the victim's computer - depending on what operating system they are using. On Windows, the downloaded file will be detected by Sophos as Mal/Cleaman-B. On Mac OS X, the downloaded file (install_flash_player.py) will be detected as OSX/FlsplyDp-A.

This is not, however, the end of the story.

Continued : http://nakedsecurity.sophos.com/2012/04/27/python-malware-mac/
Collapse -
Fake "Security Update KB971033" Emails Point to Malicious
by Carol~ Forum moderator / April 27, 2012 3:36 AM PDT
In reply to: NEWS - April 27, 2012
.. Sites

Vulnerabilities such as the one that affected the Windows Remote Desktop Protocol have made many users better understand the need for security updates. Cybercriminals have taken advantage of this and started sending their own "security update" notifications.

Hoax Slayer reports that an email with the subject "Security update KB971033 has been released" is currently making the rounds, landing in the inboxes of unsuspecting internauts.

After giving some decent advice on how to defend yourself against financial crimeware and identity theft, the fraudsters highlight the importance of security update products.

"We detected that you don't have installed Anti-spoofing update KB971033 from Microsoft, this update will protect you from accessing fake pages like phishing site by checking any accessed link without any delay in browsers and also will fix CVE-2012-3651 (Adobe auto-downloader) exploit, you can install it with just one click here ," reads part of the email.

Continued : http://news.softpedia.com/news/Fake-Security-Update-KB971033-Emails-Point-to-Malicious-Sites-266765.shtml
To make everything even more legitimate-looking, the notification informs recipients that sometimes, if the customer isn't careful during the automated installation process, some important updates may be skipped, thus exposing the computer to cyber threats.
Collapse -
Survey Finds Secure Sites Not So Secure
by Carol~ Forum moderator / April 27, 2012 3:36 AM PDT
In reply to: NEWS - April 27, 2012

A new project that was setup to monitor the quality and strength of the SSL implementations on top sites across the Internet found that 75 percent of them are vulnerable to the BEAST SSL attack and that just 10 percent of the sites surveyed should be considered secure.

The SSL Pulse project, set up by the Trustworthy Internet Movement, looks at several components of each site's SSL implementation to determine how secure the site actually is. The project looks at how each site is configured, which versions of the TLS and SSL protocols the site supports, whether the site is vulnerable to the BEAST or insecure renegotiation attacks and other factors. The data that the SSL Pulse project has gathered thus far shows that the vast majority of the 200,000 sites the project is surveying need some serious help in fixing their SSL implementations.

There is quite a bit of alarming data in what the project has gathered, and one of those pieces of information is that more than 148,000 of the sites surveyed are vulnerable to the BEAST attack, which was developed by researchers Juliano Rizzo and Thai Duong and disclosed last year. Their attack uses what's known as a chosen-plaintext attack against the AES implementation in the TLS 1.0 protocol and enables them to use a custom tool they wrote to steal and decrypt supposedly secure HTTPS cookies. The attacker can then hijack the victim's secure SSL session with a site such as an e-commerce site or online banking site.

Continued : http://threatpost.com/en_us/blogs/survey-finds-secure-sites-not-so-secure-042712

Related: Elgamal, Marlinspike join dream team tackling SSL screw-ups

Collapse -
Mobile malware increasingly delivered via social networks
by Carol~ Forum moderator / April 27, 2012 5:25 AM PDT
In reply to: NEWS - April 27, 2012

The growing use of mobile devices to connect with social networks is fast becoming a preferred method for cyber criminals to spread malware, particularly on those devices running Android, say the results of AVG's Q1 2012 Community Powered Threat Report. [Screenshot]

Social networks have become a key source of information and communication. Twitter now has more than 140 million active users; and Facebook has over 845 million users, with some analysts expecting that figure to reach 1 billion this year. The result: targeting those who use Facebook is like targeting around 14 per cent of world's population or approximately 43 per cent of global internet users.

Consider also that there are over 300 million Android phones already activated, with over 850,000 Android phones and tablets added to that number each day, and it is clear these two trends combined result in a new threat: infecting Android devices using social networks.

Most mobile devices are tied into operator billing systems making monetization of malware a lot more effective than on traditional computer systems. All the attackers need to do is trick users to install a malicious app on their device through which they can then gather cash using the phone companies' billing systems by utilizing premium SMS services.

Continued http://www.net-security.org/malware_news.php?id=2085

AVG's Report: Q1 2012 Community Powered Threat Report (pdf)

Collapse -
Free Ray-Bans and TOMS shoes scams hit Facebook
by Carol~ Forum moderator / April 27, 2012 5:25 AM PDT
In reply to: NEWS - April 27, 2012

Have you seen a message on Facebook saying that free pairs of Ray-Bans or TOMS shoes are being given away to users?

Don't believe it.

The messages, which have become widespread, actually point to scams.

Here are some of the messages that are being seen on unsuspecting users' Facebook walls:

Get a Free Pair of Ray-Bans! (limited time only)!
Current Limited offer

To Celebrate the Summer, We are Giving Away Free Ray-Bans to All Facebook Users!

Get a Free Pair of Toms Shoes! (Limited Time Only)!
Current Limited offer

To Celebrate the Summer, Toms is currently giving away FREE pairs of shows to select facebook users for a limited time!

If you click on the links you will be taken to pages which try to trick you into sharing the link further amongst your Facebook friends. People's excitement over the possibility of a free pair of Ray-Bans sunglasses or a pair of shoes outweighs their common sense it seems.

Continued : http://nakedsecurity.sophos.com/2012/04/27/free-ray-bans-and-toms-shoes-scams-hit-facebook/

Collapse -
A 419 Scam and an Unintended Surprise
by Carol~ Forum moderator / April 27, 2012 5:26 AM PDT
In reply to: NEWS - April 27, 2012

From the GFI Labs Blog:

Given the long history of advance-fee fraud, it is safe to assume that we're more or less aware (if not familiar) with what 419 scams are. For those who are not, 419 scams typically come to users in the form of an email, asking for either cash or personal information. They are otherwise known as Nigerian scams.

GFI Software Threat Researcher Robert Stetson spotted a 419 scam mail which has been around since 2007, is clearly back in business and whose website even managed to tangle itself up in confusion related to third-party advertising. [Screenshot]

Subject: Congratulations!!! You Won
Message body:
Congratulations!!! Dear Lucky Winner,


We are Pleased to inform you that your Email Address was selected among the winners of Asia Pacific International Lottery Promotion year 2012.

You have therefore been approved for a lump sum pay of US$ 1,000,000.00 (ONE MILLION UNITED STATES DOLLARS ONLY)

For more details visit our website below:

Kindly click on the weblink for full information and direction on how to redeem your cash prize.

Congratulations Once again !!!

Announcer !!!
Dr. Thanaporn Deng
President, Asia Pacific Lottery Organization.

Clicking the link on the email body directs users to this fake lottery and scam website:

Continued : http://www.gfi.com/blog/a-419-scam-and-an-unintended-surprise/

Collapse -
Which Facebook Apps Steal Your Data (and How to Stop Them)
by Carol~ Forum moderator / April 27, 2012 9:09 AM PDT
In reply to: NEWS - April 27, 2012

The biggest privacy problem with Facebook isn't Facebook itself, it's Facebook's apps. There are more than 500,000 games, puzzles, quizzes and other time wasters in the Facebook platform, many of which exist for the sole purpose of sucking data out of your account. Worse, these apps not only can access your information, they can also grab data from your friends' profiles, depending on their privacy settings. Thank you, obnoxious Farmville fans.

Facebook establishes limits about what data apps can access and what they can do with it, but they don't appear terribly motivated to enforce those rules. For example, in October 2010, ten popular Facebook apps were found to be slurping up user data in direct violation of Facebook's own terms. In response, Facebook removed some of those apps on a Friday, then reinstated them on the following Monday.

Now you can take matters into your own hands and find out who the real data vampires are. PrivacyScore from PrivacyChoice is a Chrome plug in that rates how each app deals with your data on a scale from 0 to 100. It can also do the same for Web sites. You can view these scores on the Web, on Facebook or, if you've installed the Chrome extension, by clicking the PS icon in the browser bar when you install an app.

Continued: http://www.pcworld.com/businesscenter/article/254636/which_facebook_apps_steal_your_data_and_how_to_stop_them.html

Collapse -
Busted In 60 Seconds: Malware Reveals Itself In First Minute
by Carol~ Forum moderator / April 27, 2012 9:09 AM PDT
In reply to: NEWS - April 27, 2012

"Nearly half of all malicious programs attempt to communicate out to the Internet in the first minute. Companies need to listen more closely to their networks"

There are telltale signs of malware communications, and organizations that monitor traffic on their networks can pinpoint nearly half of all infected computers within a minute of the system's compromise, researchers say.

Websense researchers Stephan Chenette and Armin Buescher took a random sampling of nearly 200,000 malicious programs and categorized them by behavior, including how the malware communicated over the network. Malware typically reaches out over the network to request commands from a command-and-control (C&C) server or to exfiltrate intellectual property or other sensitive corporate information, they said during a presentation at last week's SOURCE Boston security conference.

"If the point isn't the complete destruction of data, what's going to happen is that the attackers are going to install malware in the network and the malware will eventually communicate out," Chenette said.

Continued : http://www.darkreading.com/security-monitoring/167901086/security/security-management/232901106/busted-in-60-seconds-malware-reveals-itself-in-first-minute.html

Collapse -
Ghost of HTML5 future: Web browser botnets
by Carol~ Forum moderator / April 27, 2012 10:26 AM PDT
In reply to: NEWS - April 27, 2012

HTML5 will allow web designers to pull off tricks that were previously only possible with Adobe Flash or convoluted JavaScript. But the technology, already widely supported by web browsers, creates plenty of opportunities for causing mischief.

During a presentation at the B-Sides Conference in London on Wednesday, Robert McArdle, a senior threat researcher at Trend Micro, outlined how the revamped markup language could be used to launch browser-based botnets and other attacks. The new features in HTML5 - from WebSockets to cross-origin requests - could send tremors through the information security battleground and turn the likes of Chrome and Firefox into complete cybercrime toolkits.

Many of the attack scenarios involve using JavaScript to create memory-resident "botnets in a browser", McArdle -url=]warned, which can send spam, launch denial-of-service attacks or worse. And because an attack is browser-based, anything from a Mac OS X machine to an Android smartphone will be able to run the platform-neutral code, utterly simplifying the development of malware.

Creating botnets by luring punters into visiting a malicious web page, as opposed to having them open a booby-trapped file that exploits a security flaw, offers a number of advantages to hackers.

Continued : http://www.theregister.co.uk/2012/04/27/html5/

Collapse -
New Google Easter Egg "destroys" search results
by Carol~ Forum moderator / April 27, 2012 10:29 AM PDT
In reply to: NEWS - April 27, 2012


Google always seems to sneak in some cool Easter Eggs in their web site for people to discover. This week, yet another one of these hidden gems was found and it's an apparent tip of the hat to Blizzard's Starcraft game series.

All one has to do is type in "zerg rush" in Google's search box and the show starts. A bunch of yellow and red zeros with the Google logo font design start spreading themselves on the search results page and destroy those same results. You can click on the circles with your mouse cursor to destroy those circles yourself.

The Zerg are one of the alien races in the Starcraft series and the term "zerg rush" is one that is known in real time strategy game circles. It's used to describe a situation when any player tries to overwhelm his opponent with a mass of units during a multiplayer match.

Google stores your score for each "round" of play along with your "APM" (actions per minute) number, which is the number of times you click on the mouse to defeat those red and yellow foes. In the end, the circles then form two big "G" letters on the screen. You can also send your score to be displayed on your Google+ account.


Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions

CNET Holiday Gift Guide

Looking for great gifts under $100?

Trendy tech gifts don't require a hefty price tag. Choose from these CNET-recommended useful and high-quality gadgets.