Spyware, Viruses, & Security forum

Alert

NEWS - August 16, 2011

by Carol~ Moderator / August 15, 2011 11:47 PM PDT
Korean data breach company SK already in trouble with the courts

Late last month, we reported on an astonishing data breach in internet-crazy South Korea.

SK Communications, owners of popular search portal Nate and its web cousin Cyworld, a Sims-like social networking site, suffered an intrusion in which the personal information of 35,000,000 Korean users was compromised.

There are only 49,000,000 people in South Korea.

It seems the wheels of justice turn pretty quickly in Korea, with a report from Seoul over the weekend that a court has already issued a summary judgement against SK Communications ordering a 1,000,000 Korean dollar compensation payout. The complainant is a 25-year-old man identified only as Chung.

(If you're not familiar with the South Korean economy, that fine isn't quite as dramatic as it might first sound. US$1 is worth just over 1000 Won, so the penalty comes out at a more reasonable-sounding $940.)

Continued : http://nakedsecurity.sophos.com/2011/08/16/korean-data-breach-company-sk-already-in-trouble-with-the-courts/

Related: Updates on the SK Comms Data Breach
Discussion is locked
You are posting a reply to: NEWS - August 16, 2011
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - August 16, 2011
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Cybercrime on social networks continues to climb
by Carol~ Moderator / August 15, 2011 11:53 PM PDT
In reply to: NEWS - August 16, 2011

With malware showing no signs of abating on social networks and continuous news of the privacy implications of sharing personal details through social media, it's no surprise users are making more efforts to reduce their risk of exposure, according to Webroot.

"Threats targeting social networks are continuously being regenerated in new versions so their makers can evade detection and spread their malicious programs relentlessly across users' accounts," said Jacques Erasmus, Webroot threat expert.

"Over the last nine months, our threat intelligence network has detected more than 4,000 versions of the Koobface virus hit social network users. Cybercriminals continue to target social networks because they can quickly access a large pool of victims. But our findings show that people are becoming aware of this, and they're now savvier about safeguarding their devices and the personal information they share online," he added.

Continued : http://www.net-security.org/secworld.php?id=11464

Related:
Social Networking Habits: 54 Percent of Users are Addicted, Webroot Research Finds
Study: Social Network Users Grow More Privacy Savvy, 54 Percent Feel 'Addicted'

Collapse -
eThieves Steal $217k from Arena Firm
by Carol~ Moderator / August 16, 2011 12:11 AM PDT
In reply to: NEWS - August 16, 2011

Cyber thieves stole $217,000 last month from the Metropolitan Entertainment & Convention Authority (MECA), a nonprofit organization responsible for operating the Qwest Center and other gathering places in Omaha, Nebraska.

Lea French, MECA's chief financial officer, said the trouble began when an employee with access to the organization's online accounts opened a booby-trapped email attachment containing password-stealing malware.

The attackers used MECA's online banking credentials to add at least six people to the payroll who had no prior business with the organization. Those individuals, known as "money mules," received fraudulent transfers from MECA's bank account and willingly or unwittingly helped the fraudsters launder the money.

French said the attackers appeared to be familiar with the payroll system, and wasted no time setting up a batch of fraudulent transfers.

"They knew exactly what they were doing, knew how to create a batch, enter it in, release it," she said. "They appear to be very good at what they do."

Continued : http://krebsonsecurity.com/2011/08/ethieves-steal-217k-from-arena-firm/

Collapse -
Phone hacking heat turned up on James Murdoch
by Carol~ Moderator / August 16, 2011 7:06 AM PDT
In reply to: NEWS - August 16, 2011

James Murdoch is likely to be hauled back in front of MPs to explain himself, as evidence mounts that he was less than truthful when answering questions put to him by the Commons culture, media and sport select committee last month.

Murdoch's claim that he hadn't known until late 2010 that more than one reporter at the now defunct News of the World was hacking voicemail messages had been sharply contradicted in subsequent statements made by ex-employees Tom Crone and Colin Myler, who said they'd told him about the content of a incriminating email back in 2008.

Now, written answers to follow-up questions posed by the select committee, are beginning to trickle into MPs' in-boxes, with Labour MP Tom Watson describing some of the replies as "dynamite".

The first explosive device the select committee has chosen to let off is a letter written by the News of the World's former royal correspondent, Clive Goodman back in March 2007.

In the letter, Goodman wrote that phone hacking was "widely discussed at daily editorial conferences" at the News of the World. It appears that News International offered to let Goodman keep his job if he acted as the fall-guy and managed to keep evidence of widespread phone hacking out of the court case he was facing.

Continued : http://www.thinq.co.uk/2011/8/16/phone-hacking-heat-turned-james-murdoch/

Also: News International mail server password FAIL exposed

Collapse -
Bitcoin mining with Trojan.Badminer
by Carol~ Moderator / August 16, 2011 7:06 AM PDT
In reply to: NEWS - August 16, 2011

Symantec Security Response Blog:

Bitcoins have been in the news in recent months and there has been much discussion on them, as part of public discourse. In terms of how bitcoins are being targeted by malware, we've seen past attempts by Trojan.Cointbitminer to "mine" bitcoins on compromised computers, using up precious CPU cycles in the process. We've even seen other malware groups take a more direct and perhaps easier route by stealing bitcoins instead.

Now we are seeing another new Trojan on the bitcoin mining trail, which we are calling Trojan.Badminer. Instead of packing a pick axe and shovel like previous bitcoin mining Trojans, this makes use of heavy machinery to do its job. That way the flow of bitcoins can be mined much faster than before.

When it comes to mining, Badminer contains functionality to deal with all eventualities. It detects the type of computer that it is running on and then activates the appropriate "machinery" to dig through the hashes to reach the hidden treasures. If it determines the computer has a high-spec graphics card with a fast enough graphics processing unit (GPU), it uses the appropriate packages to leverage the immense processing power of the GPU to literally move through the mountains of hashes to reach the valuable bitcoins. Conversely if a low-spec computer is found, then it will wheel out the basic bitcoin mining tools, which will result in much slower throughput.

Continued : http://www.symantec.com/connect/blogs/bitcoin-mining-trojanbadminer

Collapse -
Mobile malware to steal photos from your phone
by Carol~ Moderator / August 16, 2011 7:06 AM PDT
In reply to: NEWS - August 16, 2011

F-Secure Antivirus Research Weblog:

A good deal of this year's mobile malware was developed in China. And Chinese mobile malware tends to include stuff such as backdoors, password stealers and spy tools.

Knowing that Chinese malware likes to spy, we've been keeping an eye out for various functions, such as photo scraping. Stealing photos from a phone could be used for harassment and blackmailing.

We didn't have to look for long. A member our Threat Response team just found something interesting in a Symbian malware sample. [Screenshot]

Here are our analyst's notes:

The code of Trojan:SymbOS/Spinilog.A (md5: b346043b4efb1e9834a87dce44d6d433) includes a class named CMyCameraEngine which inherits and implements the Symbian class MCameraObserver. This enables the trojan to receive control when an image has been captured with the camera. Spinilog.A then encodes the raw bitmap to a JPG, which it saves to the phone's memory. This feature seems to still be unused and possibly incomplete as the constructor of the CMyCameraEngine class is not called in the code. Other data stolen by the trojan is more traditional such as the content and details of SMS and e-mail messages, phone call details and calendar and contact information.

So while this particular backdoor won't yet steal your photos, it's clear which direction we're headed to.

http://www.f-secure.com/weblog/archives/00002216.html

Collapse -
Firefox 6 arrives officially, but it's hard to tell
by Carol~ Moderator / August 16, 2011 8:49 AM PDT
In reply to: NEWS - August 16, 2011

Firefox 6 is now officially available from Mozilla after its early appearance over the weekend, but it's hard to tell as the Mozilla announcements don't refer to the version number, instead referring to the latest "Firefox update". In the release posting on the Mozilla blog, the version number is not mentioned. The change is a result of the switch to a new rapid release scheme which will see new versions of Firefox every six weeks. For now at least, users can still see the version number in the About window, though its days are numbered.

In terms of security, Firefox 6.0 addresses 5 critical and 2 high severity issues including memory safety issues, unsigned JavaScript privilege escalation, a string and heap overflow in WebGL, and a dangling pointer in the SVG handling. A major privacy enhancement in the "Firefox update" is the new Data Management Window which gives users more control over the access that individual web sites have to their browsing data, including cookies, passwords and location information - it can be accessed by typing "about:permissions" in the URL bar. The URL bar has been enhanced and now highlights the domain of the site you are currently visiting.

Continued : http://www.h-online.com/security/news/item/Firefox-6-arrives-officially-but-it-s-hard-to-tell-1324110.html

Related: Mozilla ships Firefox 6, patches 10 vulnerabilities

Collapse -
DEFCON 2011: SSL and the future of authenticity
by Carol~ Moderator / August 16, 2011 8:49 AM PDT
In reply to: NEWS - August 16, 2011

I had the pleasure of attending Moxie Marlinspike's DEFCON talk "SSL And The Future Of Authenticity." Marlinspike is a great presenter and he doesn't just point out the problems with what we are doing now, but proposes solutions, often with working proof-of-concept code.

Marlinspike didn't disappoint and began the talk with a funny story, rather than the typical boring bio. More importantly, he followed this with a detailed explanation of the current problems with SSL and how we got to where we are today.

He argues that the biggest issue is with authenticity. Authenticity today is verified by a list of "trusted" certificate authorities (CAs). Marlinspike points out that you must trust these CAs and today the average browser trusts more than 600. Can you say you trust each and every one?

Another issue is that CAs have had a history of not always doing their jobs properly, and occasionally demonstrating that they cannot be trusted.

What is the purpose of authenticity? Mostly to ensure that you are talking to the entity that you intend to and that no one else is listening. Authenticity provides protection against man-in-the-middle (mitm) attacks using tools like Marlinspike's sslsniff.

Continued : http://nakedsecurity.sophos.com/2011/08/16/defcon-2011-ssl-and-the-future-of-authenticity/

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

Turn up the volume with our Apple Byte sweeps!

Two lucky winners will take home the coveted smart speaker that lets Siri help you around your connected house. This sweepstake ends Feb. 25, 2018.