Spyware, Viruses, & Security forum


NEWS - February 01, 2013

by Carol~ Forum moderator / January 31, 2013 7:49 PM PST
New York Times Accuses Chinese Military of Hacking Computer Systems [REPORT]

January 31, 2013

As one of the biggest and most brazen journalism companies in the world, The New York Times is always under a watchful eye. What makes it even more difficult for the paper to do business is that fact that it's constantly being bombarded by hackers and other outlets looking to corrupt the news.

The New York Times has published a surprising report suggesting that the government of China is responsible for a multi-month digital attack against the computer systems at the paper. The newspaper company suggests that the attacks were politically motivated, and they could be an operation of the Chinese military.

"Security experts hired by The Times to detect and block the computer attacks gathered digital evidence that Chinese hackers, using methods that some consultants have associated with the Chinese military in the past, breached The Times's network," reports the New York Times. "They broke into the e-mail accounts of its Shanghai bureau chief, David Barboza, who wrote the reports on Mr. Wen's relatives, and Jim Yardley, The Times's South Asia bureau chief in India, who previously worked as bureau chief in Beijing."

Continued : http://www.idigitaltimes.com/articles/14960/20130131/new-york-times-accuses-chinese-military-hacking.htm

New York Times says Chinese hackers hit its networks as paper investigated leader's wealth
New York Times Hit with Targetted Attacks
New York Times accuses Chinese military of hacking its journalists
Chinese hackers break into the New York Times, steal every employee's password
China-based hackers infiltrated New York Times' network

Symantec denies blame after Chinese gov. hacks The New York Times
Symantec defiant after New York Times hackers evade antivirus defences
Post a reply
Discussion is locked
You are posting a reply to: NEWS - February 01, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - February 01, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
For second time in a month, Apple blacklists Java Web plugin
by Carol~ Forum moderator / January 31, 2013 8:28 PM PST

For the second time in a month, Apple has effectively blacklisted the current version of the Java Web plugin on OS X. The block comes just days after it was discovered that the latest version of the plugin, which had been rushed out to patch a critical vulnerability, can still be exploited despite its heightened security mechanisms.

Apple has worked to distance itself from Java in recent years. The company deprecated its own version of the Java virtual machine for OS X, instead deferring development to Oracle itself. The browser plugin in particular has become a common vector for malware attacks, and Apple removed the Java Web plugin from recent versions of OS X last year. Those needing the plugin must install it separately.

Apple has also added additional security controls to OS X, including a mechanism that forces its Safari browser to use a minimum specified version of various plugins, such as Flash or Java. When security vulnerabilities are discovered in various plugins, Apple can update its Xprotect list to specify which version is acceptable. Earlier versions of plugins are then blocked from running within Safari.

Continued : http://arstechnica.com/apple/2013/01/for-second-time-in-a-month-apple-blacklists-java-web-plug-in/

Also: Apple blocks Java on the Mac over security concerns

Collapse -
Yahoo Accounts Hijacked via XSS-Type Attack
by Carol~ Forum moderator / January 31, 2013 8:28 PM PST

From Bitdefender's "HOTforSecurity" blog:

Popular webmail provider Yahoo has been slammed with a new e-mail-based attack that seizes control of victims' accounts. Bitdefender Labs discovered the ongoing campaign today and are once again warning users about the dangers of clicking spammy links.

The account hijacking begins with a spam message with a short link to an apparently harmless session of the reliable news channel MSNBC (hxxp://www.msnbc.msn.com-im9.net[removed]).

A closer look at the real link reveals that the true domain is not part of MSNBC, but a crafty domain composed of subdomains at hxxp://com-im9.net.

The domain was registered in Ukraine on Jan 27 and is hosted in a data center in Nicosia, Cyprus. This page contains a piece of malicious JavaScript, disguised as the popular Lightbox library that will perform the attack in stage 2. [Screenshot]

Continued : http://www.hotforsecurity.com/blog/yahoo-accounts-hijacked-via-xss-type-attack-5172.html

Related: How Yahoo allowed hackers to hijack my neighbor's e-mail account (Updated)

Collapse -
Backdoor.Barkiofork Targets Aerospace and Defense Industry
by Carol~ Forum moderator / January 31, 2013 8:28 PM PST

From the Symantec Security Response Blog:

A few weeks ago, we observed a spear phishing campaign targeting groups in the aerospace and defense industry. We identified at least 12 different organizations targeted in this attack. These organizations include aviation, air traffic control, and government and defense contractors. [Screenshot]

In choosing their targets, the attackers identified individuals in important roles, including directors and vice presidents. The content of all the emails were identical. The attackers used a report published in 2012 regarding the outlook of the aerospace and defense industries as the lure. The intention of the attackers was to make it seem as though this email originally came from the company that authored the report. The emails were also crafted to look as though they were being forwarded by internal employees or by individuals from within the industries identified.

When the malicious PDF attached to the email is opened, it attempts to exploit the Adobe Flash Player CVE-2011-0611 'SWF' File Remote Memory Corruption Vulnerability (CVE-2011-0611). If successful, it drops malicious files as well as a clean PDF file to keep the ruse going.

Continued : http://www.symantec.com/connect/fr/blogs/backdoorbarkiofork-targets-aerospace-and-defense-industry

Collapse -
'Silent but deadly' Java security update breaks legacy apps
by Carol~ Forum moderator / January 31, 2013 8:28 PM PST
... - dev

An application developer reports that the latest Java 7 update "silently" deletes Java 6, breaking applications in the process.

Java 7 update 11 was released two weeks ago to deal with an unpatched vulnerability which had gone mainstream with its incorporation into cybercrook toolkits such as the Blackhole Exploit Kit in the days beforehand. Attacks were restricted to systems running Java browser add-ons.

But Oracle's response appears to have caused some collateral damage.

JNBridge, which provides Java and .NET interoperability tools, reports that customers of software providers who use its technology came a cropper in cases where users had applied the latest Java update (Java 7u11). The software developer blogged about the issue here.

Oracle has decided that, in order to fix extensively reported security problems, they will not only update Java 7 (their latest version of Java), they will also completely delete a completely separate product.

Worse, it appears that they are taking it upon themselves to replace installations of Java 6 with Java 7 even if the users have only Java 6 on their machines.

We followed up with Wayne Citrin, chief technology officer at JNBridge, who shed some light on the practical issues created by Oracle's recent Java update. "We provide a Java/.NET bridge, and one of the interoperability mechanisms allows the .NET and Java to run in the same process," Citrin explained. "To do this, the user needs to supply the absolute path to the jvm.dll file belonging to the JRE that they plan to use.

Continued : http://www.theregister.co.uk/2013/01/31/java_security_update/
Collapse -
More Facebook Graph Search Suggestions
by Carol~ Forum moderator / January 31, 2013 8:28 PM PST

From the F-Secure Antivirus Research Weblog:

Yesterday as I was testing Facebook's Graph Search, which is in Beta, I searched for the following: women who live in Helsinki, Finland and who like sushi. (I wanted something that would get lots of results. It did.)

At the end of the day, I cleared my search history.

Then today, a sponsored story for a Helsinki-based sushi restaurant appeared in my News Feed. [Screenshot]

Perhaps it's just a coincidence...

In any case, today, continuing my testing, I searched for people with my name who live in Finland. (The result: me and another guy.) Graph Search will definitely make it easier for your Facebook profile to be found by others.

Here's a couple of things to check on just to make sure you don't have anything exposed.

First of all, consider limiting all of your old posts. Most of the profiles that I've observed make good use of current privacy controls, but some have pre-2010 legacy posts which are public. [Screenshot]

Continued : http://www.f-secure.com/weblog/archives/00002495.html

Collapse -
Malicious Chrome extensions: a cat and mouse game
by Carol~ Forum moderator / January 31, 2013 9:24 PM PST

Google Chrome users are being targeted these days by a wave of attacks that uses malicious extensions hosted in the official Chrome Web Store. The attack appears to be of Turkish origin and is using Facebook to spread. We saw users of different nationalities infected with the malicious extensions, which the cybercriminals are sending to the official store regularly, in a cat-and-mouse game.

As we already reported in March 2012, Brazilian cybercriminals were able at that time to host a malicious extension in the Chrome Web Store. Since then in June 2012 Google has changed the way users can add third party browser extensions i.e. not allowing the installation that are not hosted on the official Web Store. More recently Google removed the possibility of silent installations, which has been widely abused by third parties.

Maybe for these reasons bad guys started to concentrate their efforts to upload bad extensions to the official store. Now it's the turn of Turkish cybercriminals; they were able to host several extensions there in the last few days.

Continued : http://www.securelist.com/en/blog/208194095/Malicious_Chrome_extensions_a_cat_and_mouse_game

Collapse -
Hacking The Laptop Docking Station
by Carol~ Forum moderator / January 31, 2013 10:54 PM PST

"Black Hat Europe researcher builds prototype device that could be used to steal corporate data, listen in on voice calls, videoconferences"

You know that docking station you snap your laptop into at the office? It can be hacked, too.

A British researcher next month at Black Hat Europe will show just how valuable those seemingly benign devices can be to a determined attacker targeting an organization or group of users. Andy Davis, research director for UK-based NCC Group, built a prototype hardware device that can easily be placed inside a laptop docking station to sniff traffic and ultimately, steal sensitive corporate communications information from the laptop.

"You see docking stations all over the place in organizations because people are using hot-desking type environments, so different laptops can be attached to them [the docks] each day," Davis says. "And they are considered a trusted part of the infrastructure: nobody thinks someone might tamper with one or swap one for another. Admins are more concerned with protecting your laptop: that's where the money is and the information."

Continued : http://www.darkreading.com/mobile-security/167901113/security/client-security/240147566/hacking-the-laptop-docking-station.html.html

Related: Laptop Docks Can Be Used for Hardware-Based Cyberattacks, Expert Says

Collapse -
Wall Street Journal Announces That It Was Hacked..
by Carol~ Forum moderator / January 31, 2013 10:54 PM PST
... by the Chinese, Too

One day after The New York Times reported that Chinese hackers had infiltrated its computers and stolen passwords for its employees, The Wall Street Journal announced that it too had been hacked.

On Thursday, The Journal reported that it had been attacked by Chinese hackers who were trying to monitor the company's coverage of China. It said hackers had broken into its network through computers in its Beijing bureau.

In a written statement, the business newspaper owned by News Corporation described the attack as an "ongoing issue" and said it was working closely with authorities and security specialists to clean up its systems. It said that it completed a "network overhaul" on Thursday in an effort to rid its systems of hackers.

China's Ministry of National Defense has denied any involvement in the cyberattack at The Times or any other American corporations.

Continued : http://www.nytimes.com/2013/02/01/technology/wall-street-journal-reports-attack-by-china-hackers.html

The Wall Street Journal Also Got Hacked by China, Is Important [Updated]
The Wall Street Journal Also Attacked by Chinese Hackers [WSJ]
Chinese hacking of US media becoming a "widespread phenomenon"
Collapse -
Report: Mainstream Websites Host Majority of Malware
by Carol~ Forum moderator / January 31, 2013 10:55 PM PST

While Android malware continues to grow faster than other malware types, it still accounts for only a minute fraction of all malware on the Web, according to Cisco's annual security report released this week.

Compromised websites hosting malicious Java and iFrame attacks and other malware far and away outpaces all other delivery vectors for malware, Cisco's report said.

"These types of attacks often represent malicious code on 'trusted' webpages that users may visit every day— meaning an attacker is able to compromise users without even raising their suspicion," the report added.

Infecting benign sites with malware remains at the heart of malware propagation as attackers continue to find great success delivering malware over infected banner ads on Websites, malicious media files or redirects via iFrame

"Web malware encounters occur everywhere people visit on the Internet—including the most legitimate of websites that they visit frequently, even for business purposes," said Mary Landesman, senior security researcher with Cisco. "Indeed, business and industry sites are one of the top three categories visited when a malware encounter occurred. Of course, this isn't the result of business sites that are designed to be malicious."

Continued: https://threatpost.com/en_us/blogs/report-mainstream-websites-host-majority-malware-013113

Collapse -
Ticketmaster dumps 'hated' Captcha verification system
by Carol~ Forum moderator / January 31, 2013 10:55 PM PST

The world's largest online ticket retailer is to stop requiring users to enter hard-to-read words in order to prove they are human.

Captcha - which asks users to type in words to prove they are not robots trying to cheat the system - is used on many sites.

But Ticketmaster has moved to ditch it in favour of a simpler system.

It means users will write phrases, such as "freezing temperatures", rather than, for example, "tormentis harlory".

Captcha stands for Completely Automated Public Turing test to tell Computers and Humans Apart, and was first developed at Carnegie Mellon university in 2000.

For sites such as Ticketmaster, Captcha is used to make sure robots are not used to buy up tickets automatically.

Continued : http://www.bbc.co.uk/news/technology-21260007

Collapse -
IE 10 more secure, so here's a tool to prevent updating..
by Carol~ Forum moderator / February 1, 2013 12:34 AM PST
IE 10 is more secure, so here's a Microsoft tool to prevent you updating by mistake

An alert writer over at the The Register has spotted a funny thing.

Microsoft just released a free tool to stop you upgrading to Internet Explorer 10 on Windows 7 and Server 2008 R2:

"Big deal," you say. "There is no IE 10 for Windows 7, so it doesn't sound like much of a tool to me."

Except, as The Reg points out, the availability of the tool is a sort of omen: it surely means that IE 10 for Windows 7 must be nearly ready to drop for real.

Ironically, then, Microsoft is making sure that as soon as IE 10 is ready, you're already ready to avoid it.

Sounds rather odd, but sysadmins in any but the smallest organisations tend towards trepidation over Internet Explorer updates, in case some legacy business application should go pear-shaped.

Continued : http://nakedsecurity.sophos.com/2013/02/01/ie-10-is-more-secure-prevent-update/
Collapse -
I wonder what the IE market share is these days
by wpgwpg / February 1, 2013 1:06 AM PST

Carol, I see a lot of posts recommending Firefox and Chrome over IE here and in other places, and never see ones recommending IE. I remember Bob Proffitt saying he gave up on IE several years ago. So I'm wondering what the market shares are for these 3 browsers, would you happen to know the answer or where that info might be posted?

Collapse -
How about 10 years of stats?
by R. Proffitt Forum moderator / February 1, 2013 1:10 AM PST

I still use IE in a pinch when some site/app/thing doesn't work. For example I ran into some router that would not setup in FireFox or Chrome. It did in IE. I don't mind IE at all. But it's a target and after a decade it seems like they would have it nailed by now.

I think I know why it's taken this long. The goals at this company are not what they seem, unless you know what they are. It's not "security first" but something else.
Collapse -
Wow! 14.7% 2 months ago.
by wpgwpg / February 1, 2013 1:32 AM PST

Thanks, Bob. That's a real surprise to me, I'd have guessed somewhere in the 50% range. And Chrome is ahead of Firefox 47% to 31%. That's another surprise to me, although I normally use Chrome to keep 9 CNET forums open. We still have to use IE for Windows updates, and I use it for the MS forums, but I've just run into too many IE bugs for much of anything else. I thought I was in the minority, but here I find it's not just us geeks who've switched.
MS will hype IE10, but in my limited use of it in my Windows 8 test computer, I don't see anything significant to me. And as of today, you will pay $199 for the Windows 8 Pro upgrade we paid $40 for yesterday ($119 for the basic version). Sad

Collapse -
Interesting you asked ..
by Carol~ Forum moderator / February 1, 2013 2:21 AM PST

Only because I read the below just this morning, which touched upon the subject. Not quite sure if it's what you're looking for. Bob seems to have ....... delivered the goods!

IE breaks 55% market share as three-month old IE10 passes 1%; Chrome is only browser to decline

For the most part, I only use Internet Explorer for the monthly updates. And have done so for years. In a rare instance I'll use IE, when Firefox blocks me from completing a task. A good thing.

I continue to believe it's not about the browser, but the user. But then again, it's not what you asked. Happy

If I find something more on the lines of what you asked, I'll post it here.


Collapse -
I hadn't seen your post when I submitted mine..
by Carol~ Forum moderator / February 1, 2013 2:28 AM PST

A result of (too much) multi-tasking. Sad

Collapse -
Hmmm, that's a very large contrast to Bob's link
by wpgwpg / February 1, 2013 2:29 AM PST

Carol, your link says IE has a 55% market share, Bob's says 14.7%. One of these has to be wrong! Shocked Yours does include earlier versions, so maybe Bob's just looked at IE9, but there's still a discrepancy.

Collapse -
Overlooking the obvious?
by Carol~ Forum moderator / February 1, 2013 5:33 AM PST

I may be over-looking the obvious, but there sure is a discrepancy. The below was posted on April 2nd of last year.


It references both the desktop and mobile (worldwide) market. Note what they write about the differences between StatCounter and Net Marketshare. Even at that, there's still too much of a discrepancy.

Could it be how the numbers are computed and what they're based on? There's probably a VERY simple explanation. No doubt, Bob has one. 'Cause I don't. Devil

Sorry .. I'm stumped!


Collapse -
Bob usually does have the answer
by wpgwpg / February 1, 2013 5:43 AM PST

I don't know how Bob does it, he comes up with more answers more times than any 3 other folks I've ever seen. Do you think he ever sleeps? Mischief He sure doesn't let the grass grow under his feet. Happy
I guess this proves the old saying about how figures don't lie, but liars can figure?

Collapse -
Re: browser statistics
by Kees_B Forum moderator / February 1, 2013 5:59 AM PST

The w3schools statistics clearly say they are from the log-files of their own site. Which proves that Firefox is rather popular with their target group (web programmers).

The statistics of http://gs.statcounter.com/ say they are worldwide, while http://www.netmarketshare.com/browser-market-share.aspx?qprid=0&qpcustomd=0 doesn't specify where and what it measures.

So, as we say here, it's comparing apples and pears. The trends (growing or shrinking market shares) probably are more reliable than the absolute figures.


Collapse -
I like this area.
by R. Proffitt Forum moderator / February 1, 2013 6:07 AM PST
In reply to: Re: browser statistics

Thanks for the other stats. It's a loaded question as those that have something to gain or lose will measure it differently. For example, MSFT may drop Android and Apple devices since that would really skew the numbers in ways they don't want to see.

Apple may publish mobile only if they wanted to. Good question.

Collapse -
Kim Dotcom puts up $13,500 bounty to break Mega's system
by Carol~ Forum moderator / February 1, 2013 4:23 AM PST
Kim Dotcom puts up $13,500 bounty for first person to break Mega's security system

Kim Dotcom is so confident in the security system at Mega, the newly launched file storage service, that the New Zealand-based German is offering a bounty of €10,000 (approx. US$13,580) to the first person who breaks it.

Last week, Dotcom said that he would offer up a prize for any enterprising hackers, after the site was criticized for the way that it handles security. A Mega blog post dismissed points raised by Ars Technica and Forbes, explaining that the site will soon be boosted by new measures, including a change password feature and more, to increase the security of accounts and data.

Mega, which launched less than two weeks ago, is storing nearly 50 million files and it passed 1 million registered users after just one day online.

#Mega's open source encryption remains unbroken! We'll offer 10,000 EURO to anyone who can break it. Expect a blog post today.

— Kim Dotcom (@KimDotcom) February 1, 2013

The bounty offer is part of Mega's ongoing focus on improvement while it is in beta — "You find a bug. We fix it," Dotcom said last week, and such financial carrots are dangled by most major tech firms, albeit in a less public fashion. Facebook, Google, Dropbox and countless others provide developers with cash payments and official acknowledgements if they find bugs and issues.

Continued : http://thenextweb.com/insider/2013/02/01/kim-dotcom-puts-up-13500-bounty-for-first-person-to-break-megas-security-system/

Dotcom Offers €10,000 Reward For Breaking Mega's Crypto
Kim Dotcom's Offering a Cash Reward If You Can Smash Mega's Encryption
Kim Dotcom promises $13,600 to anyone who breaks Mega encryption
Collapse -
Pro-Grade Point-of-Sale Skimmer
by Carol~ Forum moderator / February 1, 2013 4:23 AM PST

Every so often, the sophistication of the technology being built into credit card skimmers amazes even the experts who are accustomed to studying such crimeware. This post focuses on one such example — images from one of several compromised point-of-sale devices that used Bluetooth technology to send the stolen data to the fraudsters wirelessly.

In October 2012, forensics experts with Trustwave Spiderlabs were called in to examine the handiwork of several Bluetooth based point-of-sale skimmers found at a major U.S. retailer. The skimmers described and pictured in this blog post were retrieved from a retail breach that has not yet been disclosed, said Jonathan Spruill, a security consultant at Trustwave.

Spruill said the card-skimming devices that had been added to the small point-of-sale machines was beyond anything he'd encountered in skimmer technology to date.

"The stuff we've been seeing lately is a leap forward in these types of crimes," said Spruill, a former special agent with the U.S. Secret Service. "You hate to say you admire the work, but at some point you say, 'Wow, that's pretty clever.' From a technical and hardware standpoint, this was really well thought-out."

Continued: http://krebsonsecurity.com/2013/02/pro-grade-point-of-sale-skimmer/

Collapse -
Retweet to Become Verified on Twitter? Not Likely...
by Carol~ Forum moderator / February 1, 2013 4:23 AM PST

From the GFI Labs Blog:

There's currently a number of "Twitter Verified" style accounts posting to Twitter, asking users to "Retweet to become verified", or posting up peculiar minigames along the lines of "The last person to RT this Tweet becomes verified". It's all rather odd, and shows no sign of slowing down. [Screenshot]

At this point, we've seen the following accounts posting similar content:

⇒ VerifiedTwiiter (notice the "ii")
⇒ PersonalVerify
⇒ nextverified
⇒ requestverified
⇒ openverified
⇒ verifiedartist
⇒ privateverified
⇒ diewhilelaughin

freeverify seems to be unrelated, with the last Tweet appearing back in August (humorously, it also mentions "we have not been verified as it takes 1 to 3 months to be totally verified". It takes up to 3 months for Twitter to verify itself?)

Along with asking for Retweets, some of the accounts seem to be looking for recently verified individuals, then sending them a Tweet to say "you're verified" shortly afterwards. By doing so, it would appear to anybody looking on that they had indeed just verified somebody.

Continued : http://www.gfi.com/blog/retweet-to-become-verified-on-twitter-not-likely/

Collapse -
Citadel Trojan: It's Not Just for Banking Fraud Anymore
by Carol~ Forum moderator / February 1, 2013 7:17 AM PST

Banking malware has primarily been just that, an attack tool used against financial institutions to steal money from online bank accounts. But what if cybercrime gangs decided to flip that on its head, and use malware such as the Citadel banking Trojan to steal credentials from not only banks, but government agencies and commercial businesses?

That situation apparently has been in play since late December. McAfee reported this week that it has observed an uptick in attacks, primarily in Europe, where Citadel has been used to attack government offices in Poland, businesses in Denmark and Sweden, as well as government agencies in Japan.

The use of Citadel, a less-circulated variant of the Zeus malware, is noteworthy because Citadel was removed from commercial underground marketplaces last June after its author Aquabox was banned from trading and said he would sell only to referrals. McAfee has observed 300 Citadel samples still active in the wild compromising more than 500 victims in Europe. By comparison, fewer than a dozen have been compromised in the United States. By comparison, Zeus infections number in the tens of thousands, McAfee's Ryan Sherstobitoff said in the company's report, "Inside the World of the Citadel Trojan."

Continued : https://threatpost.com/en_us/blogs/citadel-trojan-it-s-not-just-banking-fraud-anymore-020113

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


$16,000 used SUVs

Whether you like your SUVs cute or capable, or some blend of the two, we've got a wide variety of choices in Roadshow's first collection of Editors' Used Picks.