Spyware, Viruses, & Security forum


NEWS - May 03, 2013

by Carol~ Forum moderator / May 2, 2013 11:48 PM PDT
For anyone who has ever forgotten a password, Facebook has help

"Trusted Contacts: like giving a friend a copy of your house key." - [Screenshot]

If you've ever forgotten an important password, Facebook has an innovative solution for you. On Thursday, engineers with the social network rolled out a new(ish) feature that helps users regain control of an account after being locked out of it.

The concept behind Trusted Contacts is the same idea behind giving a trusted friend or neighbor a copy of your house key. If you lose yours, you can always count of one of them to help you get back inside. The Facebook feature actually requires the help of multiple separate trusted friends designated in advance. If a user forgets her password or is otherwise locked out of an account, she can request that Facebook send different one-time security codes to up to five friends. Once the user supplies three of the security codes sent, Facebook will reset the account password.

"So your trusted contacts can be sure it's you trying to access your account, it's best to talk to them over the phone or in person," a Facebook blog post published Thursday advises. "Someone else can impersonate you through e-mail, chat, or text messages, or hack and read your messages."

Continued : http://arstechnica.com/security/2013/05/for-anyone-who-has-ever-forgotten-a-password-facebook-has-help/

Facebook 'Trusted Contacts' lets you pester friends to recover account access
Facebook Lets Friends Help Unlock Accounts
Post a reply
Discussion is locked
You are posting a reply to: NEWS - May 03, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - May 03, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Secret Bitcoin mining code added to e-sports software sparks
by Carol~ Forum moderator / May 3, 2013 12:07 AM PDT
In reply to: NEWS - May 03, 2013
.. outrage

"E-sports league made $3,600 using the power-hungry GPUs of its users, admin admits."

Competitive video gaming community E-Sports Entertainment Association secretly updated its client software with Bitcoin-mining code that tapped players' computers to mint more than $3,600 worth of the digital currency, one of its top officials said Wednesday.

The admission by co-founder and league administrator Eric 'lpkane' Thunberg came amid complaints from users that their ESEA-supplied software was generating antivirus warnings, computer crashes, and other problems. On Tuesday, one user reported usage of his power-hungry graphics processor was hovering in the 90-percent range even when his PC was idle. In addition to consuming electricity, the unauthorized Bitcoin code could have placed undue strain on the user's hardware since the mining process causes GPUs to run at high temperatures.

"Turns out for the past 2 days, my computer has been farming bitcoins for someone in the esea community," the person with the screen name ENJOY ESEA SHEEP wrote. "Luckily I have family in the software forensics industry."

Continued : http://arstechnica.com/security/2013/05/secret-bitcoin-mining-software-added-to-video-game-sparks-outrage/

Network gaming company uses its "cheat-prevention" client to build a Bitcoin botnet
ESEA gaming client hijacks GPUs for Bitcoin mining
Rogue Employee Turns Gaming Network Into Private Bitcoin Mine
Games network used to 'mine' Bitcoins illegally

A primer on Bitcoin risks and threats
CoinLab Sues Mt.Gox Bitcoin Exchange For $75 Million
Collapse -
Java Applets May Fully Compromise Notes Users
by Carol~ Forum moderator / May 3, 2013 12:07 AM PDT
In reply to: NEWS - May 03, 2013

Java applets may fully compromise Notes users with just one click from cyber-criminals sending them through HTML e-mails, according to an IBM security advisory. The vulnerabilities affect 8.0.x, 8.5.x, and the new Notes 9 versions, but the company promises to soon fix the problems.

"This would allow attackers to compromise users reading/previewing an email" through "arbitrary code executions," IBM says.

Full Disclosure researchers also said this can be used to load arbitrary Java applets from remote sources, for information disclosure. The attack may also be used to trigger an HTTP request once the mail is previewed or opened.

"Combined with known Java sandbox escape vulnerabilities, it can be used to fully compromise the user reading the email," researchers said.

Users can work around the issues by disabling their Java applets, Java access from JavaScript, and JavaScript from their Notes preferences. They can also set the "0" variable in the notes.ini file for the "EnableJavaApplets", "EnableLiveConnect", and "EnableJavaScript" options.

Continued : http://www.hotforsecurity.com/blog/java-applets-may-fully-compromise-notes-users-6078.html

Huge Java hole in Lotus Notes
Java applets run wild inside Notes

See Vulnerabilities / Fixes:
IBM Notes Script Insertion Vulnerability
IBM Lotus Notes Script Insertion Vulnerability (2)

Collapse -
DHS: 'OpUSA' May Be More Bark Than Bite
by Carol~ Forum moderator / May 3, 2013 12:07 AM PDT
In reply to: NEWS - May 03, 2013

The U.S. Department of Homeland Security is warning that a group of mostly Middle East- and North Africa-based criminal hackers are preparing to launch a cyber attack campaign next week known as "OpUSA" against websites of high-profile US government agencies, financial institutions, and commercial entities. But security experts remain undecided on whether this latest round of promised attacks will amount to anything more than a public nuisance.

DHS-OpUSAA confidential alert, produced by DHS on May 1 and obtained by KrebsOnSecurity, predicts that the attacks "likely will result in limited disruptions and mostly consist of nuisance-level attacks against publicly accessible webpages and possibly data exploitation. Independent of the success of the attacks, the criminal hackers likely will leverage press coverage and social media to propagate an anti-US message."

The DHS alert is in response to chest-thumping declarations from anonymous hackers who have promised to team up and launch a volley of online attacks against a range of U.S. targets beginning May 7. "Anonymous will make sure that's this May 7th will be a day to remember," reads a rambling, profane manifesto posted Apr. 21 to Pastebin by a group calling itself N4M3LE55 CR3W.

Continued: http://krebsonsecurity.com/2013/05/dhs-opusa-may-be-more-bark-than-bite/

Collapse -
Reputation.com resets all user passwords following breach
by Carol~ Forum moderator / May 3, 2013 12:07 AM PDT
In reply to: NEWS - May 03, 2013
Reputation.com, one of the places that helps to bury negative search results about you, has been hacked.

The online reputation management company on Tuesday sent a letter to customers telling them that its network security personnel had recently discovered and "swiftly shut down" an external attack on its network. [Screenshot]

Reputation.com said in the letter that the intruder(s) managed to siphon off names and email and physical addresses. In some instances, phone numbers, dates of birth and occupational information was also filched.

On top of that, a list of salted and hashed passwords for "a small minority" of users was accessed, the company said.

Although it's "highly unlikely" the passwords could be decrypted, the company immediately changed all users' passwords, it said.

What was not accessed:

Continued : http://nakedsecurity.sophos.com/2013/05/02/reputation-com-resets-all-user-passwords-following-breach/

Also: Reputation.com Notifies Customers of Network Attack
Collapse -
Backdoor Leads to Facebook and Multi-protocol IM Worm
by Carol~ Forum moderator / May 3, 2013 12:08 AM PDT
In reply to: NEWS - May 03, 2013
Backdoor Leads to Facebook and Multi-protocol Instant Messaging Worm

From the Trendlabs Security Intelligence Blog:

DORKBOT, which became notorious for spreading via social media and instant messaging applications (e.g.Skype and mIRC etc.), is now found propagating in multi-protocol instant messaging (IM) apps like Quiet Internet Pager and Digsby.

These apps enable users to communicate via various IM apps. Digsby supports AIM, MSN, Yahoo, ICQ, Google Talk, Jabber, and Facebook Chat accounts while Quiet Internet Pager supports at least four different IM services. Thus, this malware may potentially affect more users because of its wider launchpad for propagation.

Detected as WORM_DORKBOT.SME, this worm sends out shortened URLs to the contacts found in the IM client of the infected system. These URLs point to a file, which is actually an updated copy of DORKBOT uploaded to the file-hosting site Mediafire. This is probably a maneuver to evade detection and easy removal from the system.

Continued : http://blog.trendmicro.com/trendlabs-security-intelligence/backdoor-leads-to-facebook-and-multi-protocol-instant-messaging-worm/
Collapse -
Android virus scanners are easily fooled
by Carol~ Forum moderator / May 3, 2013 12:08 AM PDT
In reply to: NEWS - May 03, 2013

Researchers at Northwestern University and North Carolina State University have discovered (PDF) that anti-virus programs for Android can usually be bypassed using trivial means. The researchers developed DroidChameleon, a tool that can modify known malware apps in numerous ways to prevent them from being detected.

Most of the ten scanners they tested mainly performed signature-based analyses. In some cases, simply changing the package name in the metadata was enough for virus scanners to consider the malware harmless. Several scanners could be fooled by unpacking the malware and then creating new installation packages. In other cases, the researchers were successful after encrypting parts of the app or redirecting function calls.

Their conclusion is unambiguous: all ten anti-virus programs could be fooled in one way or another. Many of the methods the researchers used have long been common practice with Windows malware, and some have even been used for deploying Android malware in the past. Tested scanners included anti-virus programs from AVG, Dr. Web, ESET, ESTSoft, Kaspersky, Lookout, Symantec, Trend Micro, Webroot and Zoner.

Continued : http://www.h-online.com/security/news/item/Android-virus-scanners-are-easily-fooled-1856133.html

Collapse -
D-Link publishes beta patches for IP camera flaws
by Carol~ Forum moderator / May 3, 2013 12:30 AM PDT
In reply to: NEWS - May 03, 2013

D-Link has published beta patches for vulnerabilities in the firmware of many of its IP surveillance cameras, which could allow a hacker to intercept a video stream.

The company said on its support forum that it will publish a full release of the upgraded firmware within a month. Some of D-Link's consumer IP cameras in its Cloud product line will automatically receive the updates.

"We are releasing beta firmware with the security patch for customers who want to manually update their cameras immediately," a D-Link administrator wrote on the company's support forum.

The administrator also posted instructions for how to upgrade the firmware. Users should not upgrade over a wireless connection, as an error could break the camera.

Continued: https://www.computerworld.com/s/article/9238846/D_Link_publishes_beta_patches_for_IP_camera_flaws

Collapse -
Security holes in McAfee's ePolicy Orchestrator
by Carol~ Forum moderator / May 3, 2013 12:30 AM PDT
In reply to: NEWS - May 03, 2013

A McAfee security advisory details how its ePolicy Orchestrator (ePO) 4.5.6 and earlier and 4.6.5 and earlier are vulnerable to remote code execution and file path traversal. The current version, ePO 5.0 is not affected. ePO is McAfee's security management platform for managing and automating security workflows and compliance.

Two vulnerabilities were discovered in the software and both are exploited by registering a rogue agent on the ePO server and sending a maliciously crafted request. In one, the request makes use of SQL injection in the Agent-Handler component to gain the ability to execute code with system privileges. In the other, the request exploits the file upload process and allows an attacker to upload files into directories on the server, including the /Software/ folder where they can be downloaded by other systems.

Continued : http://www.h-online.com/security/news/item/Security-holes-in-McAfee-s-ePolicy-Orchestrator-1854555.html

Collapse -
Beware of encryption companies bearing gifts!
by Carol~ Forum moderator / May 3, 2013 12:30 AM PDT
In reply to: NEWS - May 03, 2013

Ancient Roman propaganda poet Publius Vergilius Maro, better known as Virgil, famously had one of his more cynical characters cry out: [Screenshot]

If you don't know Latin, but you do know that Teucri refers to the people of Troy, and Danaos to the Greeks, you can probably guess what this is about.

The highlighted words mean, "Don't trust the horse, chaps!"

The thing about the Wooden Horse of Troy, of course, was the question that perplexed Laocoon, the priest who is speaking in the extract above, namely, "Why?"

Of all the gifts you could leave behind, why a giant wooden horse? Why that shape? Why that size?

Laocoon even flung his spear at the horse, by way of science, and noted that it didn't produce the sort of resonance that you'd expect from an innocently hollow wooden statue.

But no-one listened, and it didn't go so well for the Teucri after that.

As it happens, this story is about an App Store program that probably isn't a Trojan Horse - I didn't feel like paying six quid to find out, to be honest - but it is a great example of the sort of story that cries out for an answer to "Why?"

The software is called Redact Secure Messenger, and it claims to fill an important niche by sending "heavily encrypted messages from one phone to another without passing through any central servers."

Continued: http://nakedsecurity.sophos.com/2013/05/01/beware-of-encryption-companies-bearing-gifts/

Collapse -
Fake Iron Man 3 Streaming Sites Sprout on Social Media
by Carol~ Forum moderator / May 3, 2013 3:04 AM PDT
In reply to: NEWS - May 03, 2013

From the Trendlabs Security Intelligence Blog:

While users are trooping to watch Iron Man 3, some may scour the Internet for bootleg copies or free movie streaming. This gives the bad guys an opportunity to serve users with their dubious schemes.

We conducted a simple Google query and found more than a hundred websites claiming that they provide movie streaming of Iron Man 3. (The movie has already opened in some countries but not the United States, making these claims more credible at first glance.) These supposed streaming sites using popular blog providers, with half of these sites using Tumblr. [Screenshot]

Once visited, these sites ask users to download a video installer file. Based on our analysis, we found that this file was what it said it was - a legitimate video player. This particular video player has been known to display aggressive ads in the past, although we did not see that behavior this time. In addition, the player could be used to download and view pornographic materials.

Continued: http://blog.trendmicro.com/trendlabs-security-intelligence/fake-iron-man-3-streaming-sites-sprout-on-social-media/

Collapse -
Online Activities Related to Elections in Malaysia
by Carol~ Forum moderator / May 3, 2013 3:04 AM PDT
In reply to: NEWS - May 03, 2013

From the F-Secure Antivirus Research Weblog:

Malaysia's 2013 general elections are scheduled for Sunday, May 5, 2013. Political news coverage is currently inundating all news outlets, including social networking sites, as the country's political parties go into high gear in the final run-up to polling day.

The huge media interest creates an opportunity for malware writers to gain new victims using established social engineering techniques — and sure enough, this week Citizen Lab released a report (pdf) indicating that a sample of the sophisticated FinFisher (a.k.a. FinSpy) surveillance malware was discovered in a document crafted specifically for this event.

The malware was distributed in a booby-trapped Malay-language Microsoft Word document named "SENARAI CADANGAN CALON PRU KE-13 MENGIKUT NEGERI.doc" (In English: "List of proposed candidates for 13th General Elections according to states"). [Screenshot]

The report speculates that the attack document is targeting Malaysians looking for more information related to one of the most closely contested elections in the country's history. F-Secure detects the document in question as Trojan:W32/FinSpy.D.

Continued : http://www.f-secure.com/weblog/archives/00002549.html

Collapse -
Systems manager arrested for hacking former employer's
by Carol~ Forum moderator / May 3, 2013 4:04 AM PDT
In reply to: NEWS - May 03, 2013
.. network

"He allegedly caused over US$90,000 in damages, the FBI said:

A 41-year-old systems manager was arrested for allegedly disrupting his former employer's network after he was passed over for promotions, leading him to quit his job and take revenge, the FBI said.

Michael Meneses of Smithtown, N.Y., who worked for a company that manufactures high-voltage power supplies, allegedly caused the company more than $90,000 in damages, the FBI New York Field Office said Thursday.

Meneses was employed at the company until January 2012, where he specialized in developing and customizing software the company used to run its business operations, according to the FBI. He was one of two employees responsible for ensuring that the software ran smoothly in order to keep production planning, purchasing and inventory control operating efficiently, it said. This role gave Meneses high-level access to the company's network, the FBI added.

Continued : http://www.networkworld.com/news/2013/050313-systems-manager-arrested-for-hacking-269385.html

Ex-Worker Created Havoc With Hacking, U.S. Says
Ex employee hacked into high-voltage power manufacturer's network
Collapse -
"Hidden" display ads hurt Web ad networks
by Carol~ Forum moderator / May 3, 2013 5:01 AM PDT
In reply to: NEWS - May 03, 2013
Thank you for not viewing: "Hidden" display ads hurt Web ad networks

"Researcher finds at least 2% of US Web ads are stuffed in invisible webpages."

There's more than one way to fleece people using Web advertising. Botnets have been harnessed to generate fake clicks by injecting fake links into search results and to click randomly on webpages the infected computer's user never sees. But fraudsters are starting to get more sophisticated in their efforts to get rich off Web advertising.

As Dr. Douglas de Jager, CEO of Spider.io, reported in a blog post today, fraudulent advertising networks are now acting as middlemen between advertising networks placing Web display ads and those stuffing whole hidden webpages of ads into ad slots on legitimate sites. Instead of using bots, this sort of ad fraud uses real humans to generate the traffic—but it never actually shows them the ads that are served up to them.

Display advertising fraud targets ads that are paid for by pageview rather than by click. The use of real-time bidding to auction ad space on websites through exchanges such as Google's DoubleClick Ad Exchange and Microsoft's AdECN has made it possible for fraudulent ad traders to purchase an ad slot through one exchange and then sell it multiple times across others. They "fulfill" all those ads by putting them onto a webpage that gets served up within an ad slot on a legitimate site—with most of its ads hidden from view.

Continued: http://arstechnica.com/tech-policy/2013/05/thank-you-for-not-viewing-hidden-display-ads-hurt-web-ad-networks/
Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


Free trip to the Grand Prix

Don't miss your chance to win a trip to the Formula 1 Grand Prix in Monaco for you and a plus-one.