Spyware, Viruses, & Security forum

General discussion

NEWS - August 20, 2010

by Carol~ Moderator / August 19, 2010 9:44 PM PDT
Researcher Cracks ReCAPTCHA

"Homegrown algorithms for cheating Google's reCAPTCHA released earlier this month"

A researcher earlier this month demonstrated how he solved Google's reCAPTCHA program even after recent improvements made to the anti-bot and anti-spam tool by the search engine giant.

Chad Houck, an independent researcher, also released the algorithms he wrote to crack reCAPTCHA. Houck had published a white paper on the hack prior to presenting his research at Defcon in Las Vegas, and says that Google made several fixes to reCAPTCHA that defeated several of his algorithms before he was scheduled to give his presentation. He then quickly came up with a few additional approaches with his algorithms, and says he was able to beat the updated reCAPTCHA 30 percent of the time.

"[ReCAPTCHA] has never been wholly secure. There are always ways to crack it," says Houck, whose algorithms have been available online since Defcon. "The information [about the research] is out there. Google still hasn't changed it, which kind of surprises me."

Google, however, thus far has not seen any signs of this being actively used in the wild.

A Google spokesperson says the company had strengthened the verification words in the program both before and after Houck's paper was published. "We introduced changes both before and after its appearance to improve the strength of our verification words," the spokesperson says. "We've found reCAPTCHA to be far more resilient while also striking a good balance with human usability, and we've received very positive feedback from customers. Even so, it's good to bear in mind that while CAPTCHAs remain a powerful and effective tool for fighting abuse, they are best used in combination with other security technologies."

Continued here: http://www.darkreading.com/authentication/security/vulnerabilities/showArticle.jhtml?articleID=226700514
Discussion is locked
You are posting a reply to: NEWS - August 20, 2010
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - August 20, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Google closes critical vulnerabilities in Chrome 5
by Carol~ Moderator / August 19, 2010 9:46 PM PDT
In reply to: NEWS - August 20, 2010

Google has released version 5.0.375.127 of Chrome, a security update that addresses two "critical" and six "high" risk vulnerabilities in its WebKit-based browser. According to the developers, one of the critical issues related to the file dialogue could lead to memory corruption, while the second could cause a crash on shut down due to a notifications bug.

Additionally, the stable channel update addresses a number of high risk bugs that may, for example, lead to memory corruption while SVG handling, in MIME type handling (2x) and with Ruby and Geolocation support. Two other vulnerabilities related to text editing and a possible address bar spoofing bug, both rated as high, have been closed.

A medium risk problem has also been fixed that caused the address bar that sits at the top of the browser window (also known as the Omnibox), which doubles as a search box, to auto-suggest if the user may be about to type in a password. Further details of the vulnerabilities are being withheld until "a majority of users are up-to-date with the fix". All users are encouraged to update to the latest release as soon as possible.

As part of its Chromium Security Reward programme, launched earlier this year, Google has been rewarding those reporting security vulnerabilities. In total, Google has awarded more than $10,000 to those who discovered the above exploits in its browser, including Sergey Glazunov, Mike Taylor, kuzzcc and Team509's Wushi. Google Chrome developer Jason Kersey notes that Marc Schoenefeld was awarded with $1,337 for his help in closing a critical vulnerability in an external component, a Windows kernel bug.

Continued here: http://www.h-online.com/security/news/item/Google-closes-critical-vulnerabilities-in-Chrome-5-1062480.html

See Vulnerabilities & Fixes : Google Chrome Multiple Vulnerabilities

Collapse -
Facebook raises privacy concerns with Places
by Carol~ Moderator / August 19, 2010 11:58 PM PDT
In reply to: NEWS - August 20, 2010

Facebook is taking a page from Foursquare's book by letting users "check in" to locations.

The new "Places" feature lets users share where they are, figure out who is in the vicinity, and check out happenings and services within the same locale.

Users can "check in" from their smartphones, broadcasting their location - anywhere from a restaurant to a park - to their own Facebook friends. Their whereabouts are then flashed through the network's status updates.

Users can look up the locations of friends who are similarly "checked in" - either via updates or on a separate web page - or tag friends who happen to physically be with them, thus declaring where they are.

Places also features a "People Here Now" section, which will alert Facebook users to others at the same location. "This section is visible for a limited amount of time and only to people who are checked in there," Facebook said in a blog post. "That way you can meet other people who might share your interests." Users must opt out of that feature if they don't wish to use it.

For some, the system will raise privacy concerns. "They want to make sure they've done their homework, because privacy does become a concern right out of the gate," said Michael Gartenberg, a partner at consulting and analyst firm Altimeter Group. "They don't want to introduce this and then have to come back and fix it."

Continued here: http://www.pcpro.co.uk/news/360436/facebook-raises-privacy-concerns-with-places

Facebook Places: The Cat-and-Mouse Game Continues
Facebook Places could spark new privacy fire

Collapse -
Pentagon takes aim at China cyber threat
by Carol~ Moderator / August 20, 2010 1:36 AM PDT
In reply to: NEWS - August 20, 2010

The U.S. for the first time is publicly warning about the Chinese military's use of civilian computer experts in clandestine cyber attacks aimed at American companies and government agencies.

In a move that is being seen as a pointed signal to Beijing, the Pentagon laid out its concerns this week in a carefully worded report.

The People's Liberation Army, the Pentagon said, is using "information warfare units" to develop viruses to attack enemy computer systems and networks, and those units include civilian computer professionals.

The assertion shines a light on a quandary that has troubled American authorities for some time: How does the U.S. deal with cyber espionage emanating from China and almost certainly directed by the government ? despite the fact that U.S. officials don't have or can't show proof of those ties?

Asked about the civilian hackers, a Defense Department spokesman said the Pentagon is concerned about any potential threat to its computer networks. The Pentagon, said Cmdr. Bob Mehal, will monitor the PLA's buildup of its cyberwarfare capabilities, and "will continue to develop capabilities to counter any potential threat."

The new warning also comes as U.S. and other international leaders are struggling to improve cooperation on global cybercrime and set guidelines for Internet oversight.

Continued : http://news.yahoo.com/s/ap/20100819/ap_on_go_ca_st_pe/us_us_china_cyber_threats

Collapse -
DDoS extortion-themed scam circulating
by Carol~ Moderator / August 20, 2010 1:36 AM PDT
In reply to: NEWS - August 20, 2010

Symantec has intercepted a scam attempt, relying on scare tactics in order to trick domain owners into transferring virtual money, or face a distributed denial of service attack against their web site.

Sample message:

?You are welcomed with a command of hackers ZeleniyHach. We hold a huge network of Distributed Denial Of Service Attack, allowing to suspend any web site. We have been watching (domainname.com) and were able to find out that you have spent pretty money much for its advancement and want to to offer you to spend a little more yet. Just as little as 200 bucks as a voluntary donation to our fund will keep your web site away from DDOS attack. 200 bucks is not so much also will help you to avoid greater problems in the future.FOR DULLS..!!! IF YOU DO NOT OFFER TO US 200 bucks WE WILL KILL YOUR WEB SITE! Unfortunately, we accept only Webmoney Paymer Cheks, so make sure to get your fat asses out and without assistance find out how to transfer money into it. We give you 48 hours. If after 48 hours we will not get 200 dollars, there is one more 0 will be added to 200 bucks, i.e. 2000 bucks and so on until you come to reason. When you are ready, just send the check as your response to this message. In subject matter of the letter specify the domain with greater letters, it is a lot of you We are the one, respect our work.?

Despite the presence of ?financial penalties?, which is a popular tactic used in professional DDoS extortion letters, this spamvertised campaign is a clear attempt to scam the user, meaning there?s a low probability that the scammers have the DDoS capabilities they?re referring to.

Continued : http://www.zdnet.com/blog/security/ddos-extortion-themed-scam-circulating/7180

Collapse -
Three sentenced on charges of scamming IT vendors
by Carol~ Moderator / August 20, 2010 2:14 AM PDT
In reply to: NEWS - August 20, 2010

Three people were sentenced to prison terms Thursday for their roles in a multimillion-dollar scheme targeting payments to IT and consulting services vendors from four state governments, the U.S. Department of Justice said.

Among the companies targeted in the scam were Deloitte Consulting, Unisys, Accenture and EDS, now a part of Hewlett-Packard. The defendants were able to divert state payments totaling $3.4 million from West Virginia, Kansas, Ohio and Massachusetts to bank accounts controlled by the co-conspirators, the DOJ said in a press release.

The scheme, which began in late 2008, targeted vendors that received large payments from states on a regular basis, the DOJ said. Co-conspirators located in the U.S. filed documents to create dummy entities with names similar to legitimate vendors, as well as fraudulent bank accounts in the names of the targeted vendors. With information acquired from the Internet and other sources, the co-conspirators completed direct deposit authorization forums for the targeted vendors.

The group then mailed electronic payment authorization forums to the states, allowing the defendants to hijack legitimate vendor payments, the DOJ said. The group wired more than $770,000 to bank accounts in Kenya.

Continued : http://www.computerworld.com/s/article/9181098/Three_sentenced_on_charges_of_scamming_IT_vendors

Collapse -
Trojan suspected of contributing to 2008 Madrid aircrash
by Carol~ Moderator / August 20, 2010 2:14 AM PDT
In reply to: NEWS - August 20, 2010

Authorities investigating the 2008 Madrid air crash, which resulted in the deaths of 154 people, have discovered that a central computer system used to monitor technical problems in aircraft was infected with Trojan horses.

The tragic crash, which occurred two years ago today, saw Spanair flight 5022 crash just after take off from Madrid-Barajas international airport, on what should have been a routine trip to Gran Canaria. Only 18 people survived the explosion, Spain's worst air disaster in 25 years.

According to El Pais, an internal report by the airline has revealed that a computer located at the airline's headquarters in Palma, Mallorca, should have identified three similar technical problems with the airplane, but was suffering from a malware infection.

According to the newspaper, the plane should not have been allowed to take-off if the technical problems had been identified.

It's important to note - malware didn't cause the plane to crash. It may, however, have affected computer systems that (if they had been working properly without interference) may have meant that the flight would never have taken off. Unfortunately we don't know the name of the malware that is under suspicion in this case, so it's tricky to comment further.

Continued : http://www.sophos.com/blogs/gc/g/2010/08/20/trojan-horse-suspected-contributing-2008-madrid-aircrash/

Collapse -
Microsoft: drive-by Trojan preying on out-of-date Java
by Carol~ Moderator / August 20, 2010 2:27 AM PDT
In reply to: NEWS - August 20, 2010
...... installations"

From the Sunbelt Blog:

A piece by Marian Radu on Microsoft?s Technet Blog is warning that users who have failed to update the Java Runtime Environment (JRE) on their machines are vulnerable to drive-by downloads by a Trojan called Unruy. That Trojan has been associated with rogue security products. Radu said the vulnerability (which was patched in March) is being actively exploited.

Browsers running JRE versions up to version 6 update 18 are vulnerable. The current JRE version today is version 6, update 21.

Microsoft Technet blog piece here: ?Unruy downloader uses CVE-2010-0094 Java vulnerability?

Users can easily check their version of Java and download necessary updates here: http://www.java.com/en/download/manual.jsp [Screenshot]

As Posted Here: http://sunbeltblog.blogspot.com/2010/08/microsoft-drive-by-trojan-preying-on.html
Collapse -
PS3 Jailbreak Trojan
by Carol~ Moderator / August 20, 2010 3:24 AM PDT
In reply to: NEWS - August 20, 2010

From the F-Secure Weblog:

For those of our readers who follow PlayStation 3 discussions, it would have been hard to miss the discussion about a new "jailbreak" for PS3. News of a USB dongle that breaks the security model of the game console to enable execution of third party software (as well as pirated games) have been going around like wildfire. [...]

Not surprisingly, online miscreants are trying to exploit the excitement. The real USB jailbreak gadget is not a USB drive. But it looks like one. So now some clown is distributing a Windows program that claims to creates a jailbreak USB device out of a normal thumb drive. All you need to do is to download and run the program. [...]

Continued : http://www.f-secure.com/weblog/archives/00002014.html

Collapse -
Spamhaus Blocks Gmail? Report Was Not True.
by Carol~ Moderator / August 20, 2010 9:36 AM PDT
In reply to: NEWS - August 20, 2010

"Spamhaus Blocks Gmail" - A catchy headline which certainly got the twitterati going. However, it wasn't true.

Recently some IT websites, including Softpedia and Sucuri, erroneously issued reports of Spamhaus' SBL blocking Gmail. These reports are not true. Google's Gmail service has never been listed in, or affected by, any Spamhaus DNSBL, nor ever would be. Spamhaus quite simply will not list outbound mail servers of Google/Gmail or any giant freemail provider.

Some Google-owned server IPs hosting severe malicious spam problems - specifically Google's "Google Docs" service - do get rightly listed in the Spamhaus SBL when Google does not take action fast enough to stop the serving of malicious sites via Google Docs. Such listings act as pointers to the abused resource but do not in any way affect Google's Gmail service or any Google outbound mail service.

The problem the "Google Docs" service suffers from requires taking a step back to see one of the core issues of modern day internet abuse....

As more and more services move 'to the cloud' some companies have built enormous infrastructures to provide basic computer services anytime and anywhere, often for free. Free webmail powered email addresses were the start many years ago, long before the concept of the cloud was invented. As time moved on more and more of these hosted services became available: document storage, blogs, image hosting, collaboration services and so on.

Continued here: http://www.spamhaus.org/news.lasso?article=660

As Posted (by "yours truly" Blush ) Previously: Spamhaus Adds Gmail to Block List

Collapse -
Google Wi-Fi Spy Lawsuits Head to Silicon Valley
by Carol~ Moderator / August 20, 2010 9:37 AM PDT
In reply to: NEWS - August 20, 2010

Whether Google is liable for damages for secretly intercepting data on open Wi-Fi routers across the United States is to be aired out in a Silicon Valley federal court.

Eight proposed class actions from across the country that seek unspecified monetary damages from Google were consolidated this week and transferred to U.S. District Judge James Ware in San Jose, California. Another five cases are likely to join.

The lawsuits allege that Google violated federal and state privacy laws in collecting fragments of data from unencrypted wireless networks as its fleet of camera-equipped cars moseyed through neighborhoods snapping pictures for its Street View program.

The consolidation decision (.pdf) by the U.S. Judicial Panel on Multidistrict Litigation is likely to spark a legal frenzy by attorneys involved in the cases, as they jockey to win over Judge Ware and garner lead counsel status. That would give those lawyers intense media attention, as well as the biggest share in legal fees from a verdict or settlement.

Still, acquiring lead counsel status, a title given to lawyers whom the judge believes can best represent the interests of class members, comes with a huge risk as well.

The deep-pocketed Google [urlhttp://www.wired.com/threatlevel/2010/06/packet-sniffing-laws-murky/]maintains that it did nothing wrong, and is likely to put up a fierce and costly defense. Google, in response to government inquiries and lawsuits, claims it is lawful to use packet-sniffing tools readily available on the internet to spy on and download payload data from others using the same open Wi-Fi access point.

Continued here: http://www.wired.com/threatlevel/2010/08/google-spy-lawsuits/

Collapse -
Protect Your Network from Facebook Malware
by Carol~ Moderator / August 20, 2010 9:53 AM PDT
In reply to: NEWS - August 20, 2010

"AppRiver reports another malware campaign exploiting the trust users place in Facebook and the smartphone apps that access it"

Reports are circulating of yet another malware scam targeting Facebook users. The sheer size of the social network, combined with the inherent trust users place in messages from friends and family through Facebook make it a prime target for malware attacks to exploit.

The security analysts at AppRiver report that they are detecting a new malware campaign targeting Facebook. The campaign tricks unsuspecting users into thinking the message is coming from Facebook. The e-mail appears to be an official Facebook notification indicating the reader can reconnect with friends, but the message is full of malicious links. Clicking on one of the malicious links will then redirect them through several different Web sites and load malware onto their computer through a hidden iframe exploit.

So, what's the big deal? Is this Facebook malware attack any different than every other malicious attempt to exploit social networks? An AppRiver spokesperson explains "What's unique here is that this virus campaign is also hitting smartphone devices (specifically BlackBerrys at this time) that have the Facebook application/icon installed. In other words, it's not just utilizing email, but also triggering the application itself to make the campaign more believable."

The AppRiver spokesperson added "Since the actual payload is not pushed down until after the infection occurs, this is a great opportunity for scammers to test the lengths of their campaign. For instance, if scammers can hook applications in this fashion, it may be an indicator of what's to come in the future: an easier remote mobile device security breach. If successful, scammers may one day be able to send payloads to attack the mobile device causing a potentially severe data breach."

Continued here: http://www.networkworld.com/news/2010/082010-protect-your-network-from-facebook.html

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?