Attention: The forums will be placed on read only mode this Saturday (Oct. 20, 2018)

During this outage (6:30 AM to 8 PM PDT) the forums will be placed on read only mode. We apologize for this inconvenience. Click here to read details

Spyware, Viruses, & Security forum


NEWS - April 29, 2011

by Carol~ Moderator / April 29, 2011 12:46 AM PDT
Mozilla patches Firefox and Thunderbird

The Mozilla project has released new versions of Firefox, its open source web browser, and the Thunderbird email client to address several critical issues found in the previous releases.

The first update to Firefox 4.0, version 4.0.1, addresses a total of three vulnerabilities, two of which are rated as critical. The browser's WebGLES feature contains bugs that could lead to crashes, potentially resulting in the execution of malicious code. The Windows version of Firefox was also found to have been compiled without ASLR which could allow an attacker to bypass ASLR's protection against malicious code if a memory corruption flaw was found. Several critical memory safety bugs have in the browser engine used by Firefox have also been corrected. These bugs reportedly contained evidence of memory corruption under certain circumstances. The developers presume that, with enough effort, some of them could be exploited to run arbitrary code.

Continued :

See Vulnerabilities & Fixes:
Mozilla Firefox Multiple Vulnerabilities
Mozilla Thunderbird Multiple Vulnerabilities
Discussion is locked
You are posting a reply to: NEWS - April 29, 2011
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - April 29, 2011
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
DSL Reports intrusion compromises over 9000 accounts
by Carol~ Moderator / April 29, 2011 3:07 AM PDT
In reply to: NEWS - April 29, 2011

DSL Reports - the information and review site on high speed Internet services which operates over 200 forums - has been hit with a blind SQL injection attack, which resulted in the compromise of at least 9000 accounts.

Founder Justin Beech posted a notification about the intrusion on the forum dedicated to the site, in which he specified that no login names, zip codes and private posts were compromised.

The attack went on for four hours on Wednesday and it was blocked before it had completed more than 8% of its work. All the same, the attackers managed to obtain a large number of email/password pairs.

"The ones they obtained were basically random. So they cover the entire 10 year history of the membership but sprinkled randomly. Some are very old accounts, some are new accounts, some inactive or deleted," says Beech.

"I identified the newest accounts, those that were obtained and have logged in over the last 12 months, and have alerted those by email. Older inactive accounts involved are also being notified by email now, although the older the account, the less likely the email is still current, or the password they used is still useful."

Continued :

Collapse -
Compromised ads leading to TDSS rootkit infections
by Carol~ Moderator / April 29, 2011 4:00 AM PDT
In reply to: NEWS - April 29, 2011

As we all know, compromised sites play an important role in web distributed malware, acting as the conduit, guiding user traffic to further malicious content. Sometimes, the attackers get lucky, and succeed in compromising a high profile, popular site. Another way to increase the number of users exposed to the attack is to compromise advertising content, thereby exposing all users of any 3rd party sites that happen to load the ads.

Late yesterday evening, we started to see evidence of such an attack - Sophos products were blocking certain ad content as Mal/Iframe-U.

Knowing that detection and what it looked for, I was pretty sure that the ad server of Campus Party was compromised.

Sure enough, I could see that in addition to the desired ads (for the July Campus Party event in Valencia), the content also contained malicious JavaScript (highlighted in yellow): [Screenshot]

Not the first time I have seen an OpenX ad-server getting compromised, and I suspect it won't be the last.

Deobfuscating the JavaScript reveals the payload. As our Mal/Iframe-U detection name suggests, it is an iframe to load further malicious content from a remote server.

This initiates the attack, triggering a chain of events summarised below:

Continued :

Collapse -
Playstation data for sale?
by Carol~ Moderator / April 29, 2011 4:00 AM PDT
In reply to: NEWS - April 29, 2011

From the Kaspersky Weblog:

In the past few days we have read about how the Playstation Network has been hacked, and very sensitive information such as credit card information has been stolen. We are now seeing more activity in the underground community. According to a forum post at PSX-scene rumors are spreading that the stolen information also includes the CCV2 numbers. A user on the underground forum Darkode says that the format of the stolen data would supposedly be: fname, lnam, address, zip, country, phone, email, password, dob, ccnum, CVV2, exp date

But In a statement from Sony on their playstation-blog they write that the hacker does not have access to the CCV2 code, the statement follows:

"Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."

The question is who is correct?

I would recommend everyone with a PSN account to request a new card from your bank, and if you use the same password for Facebook, MSN, email or forums that you used on the PSN I would recommend thatyou change it on those other sites.

Also : Hackers May Have Stolen Sony PlayStation Network Credit Card Info

Collapse -
NY Yankees staffer accidentally e-mails customer list
by Carol~ Moderator / April 29, 2011 4:00 AM PDT
In reply to: NEWS - April 29, 2011

A customer service representative with the New York Yankees accidentally e-mailed out personal details on close to 18,000 season ticket holders, the baseball team said Thursday.

According to a Yankees fan who received the spreadsheet, it was accidentally attached to a "Season Ticket Licensee Homestand Newsletter" sent Monday evening by a customer service representative.

The e-mail went out to several hundred season ticket holders, and contained names, addresses, phone numbers, fax numbers and e-mail addresses, along with the fans' seat numbers and Yankees account numbers.

The list contained data belonging to 17,687 non-premium season ticket holders, according to recipients, who posted details of the incident on a Yankees discussion forum. Because some ticket holders have several blocks of tickets, the total number of entries in the spreadsheet was even higher: 21,467.

The message was recalled by the sales representative within minutes, one recipient said. But by then it was too late.

Continued :

Press Release: Letter to Season Ticket Licensees

Related : The New York Yankees and responsible for 30,000 more data loss victim

Collapse -
Royal spam
by Carol~ Moderator / April 29, 2011 4:00 AM PDT
In reply to: NEWS - April 29, 2011

The wedding of Kate Middleton and Prince William is by far the most popular topic of conversation today. It's virtually impossible to look at a newspaper or a blog without seeing some mention of the royal newlyweds. And now we are getting in on the act.

And it's not because we here at Kaspersky Lab take a major interest in the private lives of the British royals. But spammers obviously do - take a look at the offer we received today: [Screenshot]

Yes, fake Swiss watches and iPads are so pass

Collapse -
Anyone Can Take Down Facebook Pages with Fake Email Address
by Carol~ Moderator / April 29, 2011 6:54 AM PDT
In reply to: NEWS - April 29, 2011

Something strange has been happening to several popular Facebook pages in recent weeks: they've disappeared. According to the affected page owners, they're victims of bogus DMCA claims. The DMCA, or Digital Millennium Copyright Act, is a piece of (arguably broken) legislation which allows copyright owners to protect their copyrighted works from infringement. Over the years, it's been used to remove content from Google's search index, from YouTube and Yahoo Video, and by entities like Major League Baseball, record labels, doctors who don't like bad reviews, software companies, and many, many others, in opposition to what most would claim is "fair use" of such content.

But while the DMCA has a long history of misuse, or perhaps, heavy-handed use, the law itself is not the main concern here with these Facebook pages' takedowns - it's Facebook's process for handling such complaints. Because the social network does not validate the identity of anyone submitting a DMCA takedown notice, nor does it check to see if the report was sent from a legitimate email address, anyone with an ax to grind can fill out a form with bogus information to see a Facebook Page disappear, sometimes for good.

Tech Blogs are Latest Victims

This has happened recently to several websites, including some which may be familiar to ReadWriteWeb readers: RedmondPie, Neowin and Ars Technica. We've come across others, too, like the Pakistan-based Rewriting Technology, for example, which proves that this is not just a U.S.-based problem. In many cases, the pages have been taken down multiple times.

Continued :

Also: Facebook Responds to Abused DMCA Loophole Issue, Doesn't Fix System

Related : Unknown copyright claim kills Ars Technica's Facebook page

Collapse -
Yahoo email suffers partial outage
by Carol~ Moderator / April 29, 2011 6:55 AM PDT
In reply to: NEWS - April 29, 2011

Yahoo 's email service was struggling Thursday with users around the globe complaining that they've had no access for most of the day.

It's not yet clear when the service started to stagger or how many of Yahoo's users have been affected. However, Yahoo confirmed on its Twitter account that there is a problem.

"We are aware that we have experienced an outage, and we are working to address the issue," tweeted @yahoo. "We appreciate your patience."

While some users seemed fairly patient about the inconvenience, some were a bit more frustrated when they took to Twitter to vent about the outage of their free email service.


Yahoo Related: Yahoo says 1M users affected by email outage

Collapse -
PDF Malware Using New Tricks to Exploit Vulnerability
by Carol~ Moderator / April 29, 2011 8:01 AM PDT
In reply to: NEWS - April 29, 2011

"Security researchers have identified a new trick in PDF files being sent as email attachments that obfuscate attack code by encoding it inside an image file."

Malicious PDF files are using a new trick to avoid detection by almost all major antivirus scanners on the market, according to security researchers.

Researchers from Avast and Sophos independently noticed PDF files making the rounds in March that weren't being flagged as malicious but had the ability to compromise a machine just by being opened. The originating address was often suspicious, and the attachments accompanied emails purporting to be an order receipt. The attachments themselves often had names containing the supposed order number.

When the attachments were opened under Adobe 8.1.1 or Adobe 9.3, the compromised computer would connect to a remote site and download malware, usually SpyEye, ZBot or FakeAV, Paul Baccas, a senior threat researcher at Sophos Labs, wrote on the company's Naked Security blog on April 15.

"The PDFs did not seem to be using any exploit that I could see and yet they were downloading malware," wrote Baccas.

It turned out these files were using a new trick to re-exploit the CVE-2010-0188 vulnerability Adobe had patched over a year ago on Feb. 16, 2010, according to Baccas.

The exploit is specific to Reader and would not execute in Google Chrome's PDF Plugin, Jiri Sejtko, a senior virus analyst and researcher at Avast Software, wrote on the company blog April 22. While that's a good sign, Chrome generally asks users if it should open the file in Reader if it can't display the file correctly. In this day and age, many users would likely say yes, making them vulnerable, according to Sejtko.

Continued :

Collapse -
Amazon (finally) apologizes for cloud services outage
by Carol~ Moderator / April 29, 2011 8:01 AM PDT
In reply to: NEWS - April 29, 2011

Amazon has apologized for last week's catastrophic AWS outage and says it will be compensating customers with a credit on their accounts.

Amazon has finally apologized for last week's Amazon Web Services (AWS) outage that left scores of popular websites inaccessible or only partially operational. Some sites, such as Reddit, were crippled for several days after the initial outage. Others appeared to have been restored in a matter of hours.

"We want to apologize," a statement from Amazon read. "We know how critical our services are to our customers' businesses and we will do everything we can to learn from this event and use it to drive improvement across our services."

In addition to the apology, Amazon also offered a rather long and detailed explanation as to what exactly went wrong. And unless you're a systems engineer or cloud computing maverick, you're not likely to be able to make complete sense of the document (if you're up for the challenge you'll find the whole thing here). Suffice it to say that problems began at 12:47 AM PDT on April 21 at Amazon's Elastic Block Store (EBS) which facilitates some of its cloud computing services. The problem was confined to a single Availability Zone, the physical location of Amazon's cloud servers, on the East Coast and appears to be the result of human error.

Amazon is planning on implementing some changes to prevent another cloud computing outage. One change involves making it easier for customers to take advantage of multiple Availability Zones. Amazon also says it's also putting into place several measures that will ensure that any future recoveries are performed more quickly.

Continued :

Also: Amazon cloud fell from sky after botched network upgrade

Collapse -
South Park takes on Apple location tracking: ?HUMANCENTiPad
by Carol~ Moderator / April 29, 2011 8:01 AM PDT
In reply to: NEWS - April 29, 2011

To end the week: A different slant on .. "Security News":

South Park's new season opened by making fun of Apple hysteria and the crazy controversy over location tracking that has erupted in the last week or so. Prepare for Steve Jobs's newest creation: the HumancentiPad!

Apple location tracking has only been an issue for a week or two, but South Park has already weighed in with a full episode dedicated to the location tracking debate.

Small spoiler: In the first episode of its 15th season, everyone at school is using their iPads until Apple "G-Men" come and start following Kyle down. When he says he doesn't want them following him, they simply point out that he already agreed to it when he signed the latest iTunes terms and conditions. Poor guy. Eventually he is abducted by Apple and forced to become a part of Steve Jobs ultimate creation: the HumancentiPad. Meanwhile, Cartman desperately tries to get his mom to get him an iPad so he doesn't get made fun of at school.

You have to hand it to Matt Stone and Trey Parker, they sure stay relevant. While we haven't seen the full episode, we know Kyle's pain. Is it really fair to be forced to agree to more than eight pages of lawyer-language terms and conditions before you use any electronic product or service? Nobody reads it all. Who knows what crazy things we've agreed to over the years.

Check out the full episode here. It's free to watch on the South Park Website.

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!