General discussion

NEWS - April 07, 2010

ISP Privacy Proposal Draws Fire

A proposal to let Internet service providers conceal the contact information for their business customers is drawing fire from a number of experts in the security community, who say the change will make it harder to mitigate the threat from spam and malicious software.

The American Registry for Internet Numbers (ARIN) ? one of five regional registries worldwide that is responsible for allocating blocks of Internet addresses ? later this month will consider a proposal to ease rules that require ISPs publish address and phone number information for their business customers.

The idea has support from several ISPs that claim the current policy forces ISPs to effectively publish their customer lists.

Continued here: http://www.krebsonsecurity.com/2010/04/isp-privacy-proposal-draws-fire/
Discussion is locked
Follow
Reply to: NEWS - April 07, 2010
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - April 07, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Adobe issues official workaround for PDF vulnerability

Adobe has confirmed the vulnerability in its Adobe Reader product and proposed a workaround. The 'Launch Actions/Launch File' function allows the launching of scripts or .exe files embedded in PDF files, indeed this option is part of the PDF specification. The vulnerability can also, in principle, be exploited to spread PDF worms, as demonstrated in a video from blogger Jeremy Conway.

The vendor is advising users to deactivate the "Allow opening of non-PDF file attachments with external applications" option under Edit/Preferences/Trust Manager. This option is activated by default. After disabling this option, the demo exploit is no longer able to launch a command line when opened in Adobe Reader. Adobe Acrobat is also affected by the problem and can also be protected by deactivating this option.

Adobe is advising administrators to generate the following registry key on users' systems to deactivate this option:

HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\\Originals
Name: bAllowOpenFile
Type: REG_DWORD
Data: 0

To ensure that users are not able to reactivate this option, it can be greyed out as follows:

HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\\Originals
Name: bSecureOpenFile
Type: REG_DWORD
Data: 1

Continued here: http://www.h-online.com/security/news/item/Adobe-issues-official-workaround-for-PDF-vulnerability-971932.html

More from the Adobe Reader Blog: PDF "/Launch" Social Engineering Attack

- Collapse -
Malware Spoof an Adobe Update and VPSKeys

From the TrendLabs Malware Blog:

TrendLabs engineers noted a recent malicious scheme that attempts to spoof an Adobe update but is actually a Trojan variant detected as TROJ_FAYKDOBE.A. This malware bears identical icons and version details to an Adobe update, which enables it to bypass antivirus software and system analysts, and to trick users into believing that it is legitimate.

Once executed, TROJ_FAYKDOBE.A drops other malicious files detected as BKDR_VB.JGT, BKDR_VB.JHM, and BKDR_VBBOT.AP. These files perform different but complementary functions. BKDR_VBBOT.AP acts as the main component and connects to specific servers to listen to commands from a remote user. It also loads BKDR_VB.JHM, the malware used to retrieve data, to launch a process in both local and remote machines, and to terminate certain running processes. Lastly, BKDR_VB.JGT serves as a proxy server, which allows remote users to access affected systems.

Continued here: http://blog.trendmicro.com/malware-spoof-an-adobe-update-and-vpskeys/

- Collapse -
Police cuff 70 eBay fraud suspects

"Scams caused

- Collapse -
iPad anti-virus shield guards against phantom threat

"You'll thank us one day"

Mac security specialist Intego has begun offering the first antivirus scanner capable of inspecting Apple's much-hyped iPad, despite the questionable need for security scans on the device.

The iPad, which Apple began selling in the US last weekend, runs on the same operating system as the iPhone. Only jailbroken iPhones with default passwords have ever been infected with malware and even then only by a handful of high-profile worms, such as the Rickrolling worm in Australia and the D'oh bank credential stealing worm in the Netherlands, which both spread last November.

Whether either of these worms might be capable of infecting an iPad is unclear. Intego acknowledges there is no iPad malware to defend against as yet but argues it will be ready if and when the threat materialises.

"We're not saying there is malware in the wild," Peter James, an Intego spokesman explained. "But there are exploits that can take advantage of vulnerabilities."

Continued here: http://www.theregister.co.uk/2010/04/07/ipad_anti_malware/

- Collapse -
iPad security for the enterprise still subject to debate

"While Apple's tablet has a Cisco VPN, it's not widely known"

Whether the iPad is secure enough for enterprise uses is debatable, based on a survey of several analysts and experts.

Some analysts say that with tougher data protection laws, such as one that recently took effect in Massachusetts, the iPad deserves an "F" for security readiness for financial services companies and other federally regulated industries.

But that view contrasts with the opinion of other security professionals who give the iPad a "B" grade for overall enterprise readiness. One of them, Wolfgang Kandek, CTO for security firm Qualys, predicted today that "the iPad will make its inroad into the enterprise just by force of users, and it's going to be a really interesting conundrum for IT managers. I don't think the iPad is ready today, but it will make it's way into the enterprise even as it clashes with the typical enterprise IT mentality."

Continued here: http://www.networkworld.com/news/2010/040710-ipad-security-for-the-enterprise.html

- Collapse -
95% don't support Facebook privacy changes, poll reveals

From Graham Cluley's Blog:

Controversial proposals by Facebook to change its privacy policy have been slammed by users, according to poll results released today.

At the end of March, Facebook proposed a change to its privacy policy which, amongst other things, would make it possible for it to share your information automatically with "pre-approved" websites.

As I explained at the time, this would mean that might visit a website and discover that it already knows who you are, your date of birth, where you live, who your friends are. All, without ever having given the site explicit permission to access that data.

Even though Facebook says that only a small number of pre-approved sites will be offered this feature and that users would be able to "opt-out", an overwhelming 95% of the 680 people polled on this blog declared that they thought Facebook's privacy changes were "a bad thing": [...]

Continued here: http://www.sophos.com/blogs/gc/g/2010/04/07/95-support-facebook-privacy-poll-reveals/

- Collapse -
Riverbed ties McAfee firewall into appliances

"Security suite to be included with hosted services"

Wide area network (WAN) optimisation specialist Riverbed Technology has signed a deal with McAfee to provide security software for its network appliances.

The companies said that the agreement would allow McAfee firewall software to be offered as a web service on all Riverbed Steelhead appliances up to the 2050 models.

Riverbed director of product marketing Nik Rouda said that the aim was to offer companies a way to include basic security protection on Steelhead WAN deployments.

Companies often configure dozens of the appliances for use in various branch offices, and the addition of McAfee's firewall will allow firms to easily add the same basic firewall protection for all branch office users.

Continued here: http://www.v3.co.uk/v3/news/2260853/riverbed-ties-mcafee-firewall

Also: Riverbed slips McAfee firewall into WAN optimizers

- Collapse -
Researcher Details New Class Of Cross-Site Scripting Attack

" 'Meta-Information XSS' exploits commonly used network administration utilities"

A new type of cross-site scripting (XSS) attack that exploits commonly used network administration tools could be putting users' data at risk, a researcher says.

Tyler Reguly, lead security research engineer at nCircle, today published a white paper outlining a new category of attack called "meta-information XSS" (miXSS), which works differently than other forms of the popular attack method -- and could be difficult to detect.

"Think about those network administration utilities that so many webmasters and SMB administrators rely on -- tools that perform a whois lookup, resolve DNS records, or simply query the headers of a Web server," the white paper states. "They're taking the meta-information provided by various services and displaying it within the rendered Website.

"These Web-based services introduce a class of XSS that can't be captured by the current categories."

Reguly explains that there are three current types of XSS attacks: reflected, persistent, and DOM-based.

Continued here: http://www.darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml?articleID=224201569

- Collapse -
Antivirus2010 ? Multiple ?Avatars? in a Single .exe

From the Security Response Blog:

Antivirus XP 2010, a clone of the Antivirus2010 family, is amongst today?s most prevalent rogue security software. Fake security software scammers continue to release new clones in frequent attempts to evade antivirus scanner detections. New clones share the same user interface and look and feel of the original application, but the application name changes.

Analysis of Antivirus2010 reveals that it is using a single binary file for multiple clones. Every time such a binary is executed, a different name is displayed as an application title. For example, when it is executed for the first time it displays itself as XP Antispyware 2010; however, when executed again it may display itself as XP Guardian 2010.

The following is a list of the names that it may use in any particular instance:

? XP Antispyware 2010
? Antivirus XP 2010
? XP Guardian 2010
? XP Guardian
? XP Defender 2010
? XP Antivirus
? XP Antivirus 2010
? XP Antivirus Pro
? XP Antivirus Pro 2010
? XP Internet Security
? XP Internet Security 2010

Here is a screen shot of the binary executed, showing the application name as Antivirus XP 2010: [...]

When same executable is launched multiple times it shows different application names?below are some screen shots. [...]

Continued here: http://www.symantec.com/connect/blogs/antivirus2010-multiple-avatars-single-exe

CNET Forums

Forum Info