Spyware, Viruses, & Security forum


NEWS - August 22, 2011

by Carol~ Moderator / August 22, 2011 12:58 AM PDT
Hackers deface Libya's top level domain registry with anti-Gadaffi message

With heavy fighting reaching the compound of Libyan leader Colonel Gadaffi's compound, hackers have also taken virtual arms overnight and defaced the website of domain name registry nic.ly.

Hackers calling themselves "Electr0n" have defaced the nic.ly website, the main registry which administers .ly domain names (the ".ly" stands for "Libya") and replaced it with a defiant message: [Screenshot: Nic.ly defaced website]

[+] HACKED By Electr0n[+]
|~| ali monder |~|

bye bye Qadaffi
Feb 17 Libya

Greetz to
Dr.exe | Qnix | Rock-Master | LoverBoy | r1z
And All Muslim Hackers : )

The date February 17th relates to when Libyan protesters began their demonstrations only to be shot upon by security forces loyal to Colonel Gadaffi.

Continued : http://nakedsecurity.sophos.com/2011/08/22/hackers-deface-libya-anti-gadaffi/

Libya's Top Level Domain Name Registry Hacked
Rebel hackers seize Libyan domain name registry
Discussion is locked
You are posting a reply to: NEWS - August 22, 2011
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - August 22, 2011
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Serious Crypto Bug Found in PHP 5.3.7
by Carol~ Moderator / August 22, 2011 1:38 AM PDT
In reply to: NEWS - August 22, 2011

The maintainers of the PHP scripting language are warning users about a serious crypto problem in the latest release and advising them not to upgrade to PHP 5.3.7 until the bug is resolved.

PHP 5.3.7 was just released last week and that version contained fixes for a slew of security vulnerabilities. But now a serious flaw has been found in that new release that is related to the way that one of the cryptographic functions handles inputs. In some cases, when the crypt() function is called using MD5 salts, the function will return only the salt value instead of the salted hash value.

The problem does not occur when using Blowfish or DES, only with MD5. The initial bug report on the problem in the PHP system appeared Aug. 17, the day before the public stable release of PHP 5.3.7.

"If crypt() is executed with MD5 salts, the return value conists of the salt only. DES and BLOWFISH salts work as expected. I tested with php from openSUSE PHP5 repository," the report said. Several other users reproduce the problem on various other platforms.

Continued : http://threatpost.com/en_us/blogs/serious-crypto-bug-found-php-537-082211

Also: PHP users warned not to upgrade to 5.3.7

Collapse -
Google+ introduces verified accounts
by Carol~ Moderator / August 22, 2011 1:38 AM PDT
In reply to: NEWS - August 22, 2011

Google is adding another feature that should guarantee that a Google+ profile corresponds with the actual real-life identity of a user.

"We're starting to roll out verification badges on profiles so you can be sure the person you're adding to a circle is who they claim to be," wrote Google official Wen-Ai Yu. "For now, we're focused on verifying public figures, celebrities, and people who have been added to a large number of Circles, but we're working on expanding this to more folks."

The verification badge will take the form of a grey checkmark positioned next to the profile name and rolling over it with the mouse will reveal the "verified name" status.

The advent of Google+ and of its "real name" requirement has been a matter of great debate on the Internet for a while now.

Google is understandably trying to replicate the model that made Facebook successful, but has been experiencing a lot of criticism from privacy advocates regarding its insistence on it and regarding the deletion on many accounts whose owners failed to provide their real name.

Continued : http://www.net-security.org/secworld.php?id=11489

Why you shouldn't trust Google+ Verified Accounts
Google+ account verification begins, may be required for all

Collapse -
Huge stash of leaks destroyed by former Wikileaks spokesman
by Carol~ Moderator / August 22, 2011 1:38 AM PDT
In reply to: NEWS - August 22, 2011

Wikileaks has confirmed that thousands of leaked files have been destroyed by the group's former German spokesperson Daniel Domscheit-Berg.

This time last year, Wikileaks suspended Domscheit-Berg, and ever since has been trying to persuade him to return the material, which includes over 3,500 files.

These, says Wikileaks, include more than 60,000 emails from the NPD, US intercept arrangements for over a hundred internet companies, the internals of around 20 neo-Nazi organizations, 5GB of data from the Bank of America and the entire US no-fly list.

The material also includes internal Wikileaks communications which, says founder Julian Assange, Domscheit-Berg has been threatening to make public.

Assange says he's been pleading with Domscheit-Berg for the material's return, but has now had confirmation that it's been destroyed.

"The material is irreplaceable and includes substantial information on many issues of public importance, human rights abuses, mass telecommunications interception, banking and the planning of dozens of neo-Nazi groups," says Assange in a statement.

Continued : http://www.tgdaily.com/security-features/58012-huge-stash-of-leaks-destroyed-by-former-wikileaks-spokesman

Wikileaks spokesman deletes data
WikiLeaks admits insider deleted loads of its data

Collapse -
Epson Korea hack impacts 350,000 customers
by Carol~ Moderator / August 22, 2011 1:39 AM PDT
In reply to: NEWS - August 22, 2011

Epson Korea has been hit by a massive data breach, involving the personal information of 350,000 registered customers.

Hackers broke into Epson Korea's computer systems, and stole information including passwords, phone numbers, names, and email addresses of customers who had registered with the company.

A warning message was posted to the Epson Korea website, and computer users who believe that may have been affected are advised to change their passwords as soon as possible. [Screenshot]

Although you may not care very much if someone can log into your account at Epson, you certainly will care if they can also use the same password to access your other online accounts. Once again, we find ourselves having to reminder users to get into the habit of using different passwords for different websites.

Continued : http://nakedsecurity.sophos.com/2011/08/22/epson-korea-hack-impacts-350000-customers/

Collapse -
News Feeds Abused by Spammers, Again!
by Carol~ Moderator / August 22, 2011 2:41 AM PDT
In reply to: NEWS - August 22, 2011

Symantec Security Response Blog:

In the past few weeks, we have observed an old spam tactic re-emerging. Spammers are again using news feed to populate the subject header of spam messages. This technique has been used in the past in the form of directory harvesting attacks to gather valid email addresses. However, these attacks usually lasted for only one or two weeks, perhaps because their goal of collecting email addresses had served its purpose. This time not only the duration longer, but they have been selective in their news agency - it is only "BBC News" at this time.

Pharmacy-related spam is employing this technique, obviously attempting to get curious readers to open up these emails. Using different techniques, like interesting news topics in a subject line, may compel users to open a spam email. This indirectly gives spammers a chance to advertise their products and possibly sell them too. In the case of malicious attacks, it is clicking viral links or attachments to compromise and later control the user's computer.

In this particular trend, It looks like the spammers collect a whole bunch of news items from a specific day of a week (recent attacks suggest Thursdays or Fridays) and rotate these news headlines in the subject headers of the spam emails throughout the rest of the week. Spammers are known for being unpredictable, so it won't be surprising if they change their ways in this spam campaign as well. For example, sometimes we found them sending updated news as well. Russian domains (.ru top-level domains) and a domain name with "pills" have also been a common feature for this attack.

Here are some sample images of spam messages:

Continued : http://www.symantec.com/connect/blogs/news-feeds-abused-spammers-again

Collapse -
Flashy Cars Got Spam Kingpin Mugged
by Carol~ Moderator / August 22, 2011 2:41 AM PDT
In reply to: NEWS - August 22, 2011

A Russian spammer suspected of maintaining the infamous Rustock spam botnet earned millions of dollars blasting junk email for counterfeit Internet pharmacies. Those ill-gotten riches let him buy flashy sports cars, but new information suggests that this attracted the attention of common street thugs who targeted and ultimately mugged the spammer, stealing two of his prized rides

In March, I published a story linking the Rustock botnet to a spammer who used the nickname Cosma2k. This individual was consistently one of the top five moneymakers for SpamIt, which, until its closure last fall, paid spammers millions of dollars a year and was the world's largest distributor of junk mail.

Earlier this month, someone leaked thousands of online chat logs taken from Dmitry "SaintD" Stupin, a Russian who allegedly ran the day-to-day operations of SpamIt. Those records include numerous chat conversations allegedly between Stupin and a SpamIt affiliate named Cosma.

In several chats, Cosma muses on what he should do with tens of thousands of compromised but otherwise idle PCs under his control. Throughout the discussions between Stupin and Cosma, it is clear Cosma had access to internal SpamIt resources that other spammers did not, and that he had at least some say in the direction of the business.

Continued : http://krebsonsecurity.com/2011/08/flashy-cars-got-spam-kingpin-mugged/#more-11222

Collapse -
Ukraine police swoop on fake credit card gang
by Carol~ Moderator / August 22, 2011 2:41 AM PDT
In reply to: NEWS - August 22, 2011

"Criminals accused of causing £12 million in fraud damages"

Ukraine's security service SBU said Monday it had arrested four people for allegedly creating fake payment cards with stolen information in an operation estimated to have caused $20 million (£12 million) in damages.

The SBU said raids conducted earlier this month yielded 1,000 plastic cards and more than 100,000 financial records used to make the cards, according to a translation of a news release.

An official contacted at the SBU was unable to immediately give further information. The SBU said it worked with US law enforcement on the operation. A Federal Bureau of Investigation spokeswoman said on Monday that the bureau did not have information on the arrests.

The FBI has stationed a supervisory special agent at the Embassy in Kiev since October 2009 with the Office of the Legal Attache. According to the US Embassy in the Ukraine, "cybercrimes originating from Ukraine and targeting US companies and individuals represent a significant criminal threat and financial loss."

Continued : http://news.techworld.com/security/3298427/ukraine-police-swoop-on-fake-credit-card-gang/

Collapse -
Hackers Use Social Tricks To Get Bank Passwords
by Carol~ Moderator / August 22, 2011 2:41 AM PDT
In reply to: NEWS - August 22, 2011

Auditors at Trace Security used social engineering tactics to obtain sensitive information and infect systems

While cyber-attackers can probe websites to find application flaws and network holes, employees at many financial institutions are just as vulnerable to social engineering tricks.

Why hack a website when all it takes is a phone call to get into a customer bank account? That is the question Jim Stickey, CTO of TraceSecurity asks when auditing the security measures in place at banks and credit unions around the country. The audits focus on both physical thefts as well as what Stickey called "virtual thefts", where thieves use emails and phone calls to get the passwords they need to remotely penetrate sensitive systems.

LinkedIn used to choose targets

TraceSecurity's auditors employ the mindset of a cyber-criminal to determine what would be targeted, and what techniques would be used, Stickey told eWEEK.

Continued : http://www.eweekeurope.co.uk/news/study-hackers-use-social-tricks-to-get-bank-passwords-37486

Collapse -
European security agency issues HTML5 warning
by Carol~ Moderator / August 22, 2011 2:41 AM PDT
In reply to: NEWS - August 22, 2011

The European Union's computer security agency warned that the draft HTML5 standard may neglect important security issues.

The European Network and Information Security Agency (ENISA) on Aug. 1 released a 61-page document that cited 51 security problems in the draft HTML5 specifications.

"It's the first time anyone has looked at those specifications from a security point of view," said Giles Hogben, program manager for secure services at ENISA.

Some of the security issues can be fixed by tweaking the specifications, while others are risks that browser users should be warned about, Hogben said.

ENISA also recommended "sandboxed," or isolated, browser sessions to protect online financial transactions in one browser window from being hijacked by malware in another open browser window.

HTML5 is curated by the World Wide Web Consortium, which will consider the suggestions and revise the specifications by January.

Continued : http://www.computerworld.com/s/article/358181/European_Group_Finds_HTML5_Security_Gaps

Collapse -
Traffic Ticket ... or Malicious Attachment?
by Carol~ Moderator / August 22, 2011 2:41 AM PDT
In reply to: NEWS - August 22, 2011

Symantec Security Response Blog:

In the past we have seen malicious attacks pretending to be shipment notifications from various parcel delivery services. Now the New York State DMV has become the latest "brandjacking" victim for a series of malware attacks.

Here is what the fake message looks like: [Screenshot]

Ticket-064-211.zip is the name of the malicious attachment, and it is being identified as a variant of Trojan.FakeAV - one of the most prolific risks seen on the Internet today. Every day, bogus antivirus and security applications are released and pushed to unsuspecting users through a variety of delivery channels. Many of these programs turn out to be clones of each other. They are often created from the same code base, but presented with a different name and look, which is achieved through the use of a "skin".

Here are some of the best practices to protect yourself from malicious email attacks:

Continued : http://www.symantec.com/connect/blogs/traffic-ticketor-malicious-attachment

Collapse -
German authorities park tanks on Facebook's lawn
by Carol~ Moderator / August 22, 2011 5:37 AM PDT
In reply to: NEWS - August 22, 2011

Facebook has once again been criticised by a data protection authority in Germany for siphoning off information about the country's citizens to servers based in the US.

This time the company's "like" button and "pages" feature have been attacked by DPA officers in the Northern German federal state of Schleswig-Holstein.

On Friday, Germany's Independent Centre for Privacy Protection (ULD) called on website operators based in that region to "shut down their fan pages on Facebook and remove social plug-ins such as the 'like'-button from their websites," according to a statement on the DPA's website.

It said it had concluded that those features violated the German Telemedia Act as well as the Federal Data Protection Act.

The Schleswig-Holstein DPA noted that anyone using the functions within the dominant social network would have their "service traffic and content data" transferred to servers located in the US.

Continued : http://www.theregister.co.uk/2011/08/22/schleswig_holstein_facebook_dislikes_like_and_pages/

Collapse -
A Snapshot of Android Threats [INFOGRAPHIC]
by Carol~ Moderator / August 22, 2011 5:37 AM PDT
In reply to: NEWS - August 22, 2011

TrendLabs Malware Blog:

January this year, Trend Micro Chairman and co-founder Steve Chang was quoted as saying that Android devices are less secure than those running on iOS. While his comment caused quite a stir back then, today's threat landscape seems to agree: since Steve's statement, our researchers saw a whopping 1410% increase in the number of Trojanized Android apps and actual malware targeting fans of the little green robot.

Our researchers opine that we have yet to reach a tipping point where malware becomes the biggest security issue for Android users. However, that these malicious apps are out there to invade one's privacy, take control of a device, and cost users money because of unnecessary billing charges is something that should be taken seriously. Add the fact that these threats rely heavily on user interaction to initiate, like most information security threats, awareness is the first step towards prevention.

So in-for lack of a better term-"commemoration" of the discovery of first Android Trojan, below is an infographic that gives users a snapshot of Android threats: how it grew, how they work, and how users can protect themselves.

Click here to view the bigger version of the infographic below.


Collapse -
Red Arrow crashes during air show - a cold-hearted Facebook
by Carol~ Moderator / August 22, 2011 9:33 AM PDT
In reply to: NEWS - August 22, 2011
.. clickjacking scam

Scammers on Facebook have once again proven themselves to be cold-hearted opportunists, unafraid to take advantage of personal tragedies for their own financial ends.

In the latest scam seen surfacing on the social network, innocent users are being tricked into believing that they will see a video of a crash at an air show which resulted in the death of a British pilot.

Flt Lt Jon Egging was killed during an RAF Red Arrows display at the Bournemouth Air Festival this weekend.

The news of the death touched many people who are fans of the world famous Red Arrows, and over 170,000 people have joined a Facebook group in Jon Egging's memory.

Although the public's generosity and compassion must be a comfort to Flight Lt Egging's widow, it's unlikely that she would find much solace in the scams which are taking advantage of her husband's death.

For instance, this page on Facebook:

Continued : http://nakedsecurity.sophos.com/2011/08/22/red-arrow-crashes-during-air-show-video-faceboo/
Collapse -
Baking Security Into Open WiFi Networks
by Carol~ Moderator / August 22, 2011 9:33 AM PDT
In reply to: NEWS - August 22, 2011

What if you could make the coffee shop wireless LAN both open and secure? That's just what a group of researchers hopes to do with their new open-source code available to organizations or establishments hosting their own WiFi networks.

The newly released Secure Open Wireless Access (SOWA) proof-of-concept implementation is aimed at making openly available WiFi networks safer by giving users encrypted connections to wireless networks without their risking connecting to a rogue wireless access point or their traffic getting sniffed or hijacked. Researchers from IBM's X-Force research team, as well as an independent researcher, recently joined forces to push the technology, which they first demonstrated it earlier this month at Black Hat USA in Las Vegas.

At the heart of SOWA are digital certificates associated with the WLAN's SSID, which ensure that the user is actually connecting to say, Panera Bread or Starbucks' trusted WiFi network, for example. This would shield users from sidejacking or other attacks that hijack their HTML session cookies or sniff their traffic. That threat of malicious WiFi activity was intensified last fall with the release of the notorious Firefox extension called Firesheep, which made sidejacking merely a matter of point-and-click and easy enough for an everyday user and not just a hacker.

Continued : http://www.darkreading.com/authentication/167901072/security/news/231500516/baking-security-into-open-wifi-networks.html

Collapse -
Yale warns 43,000 about 10-month-long data breach
by Carol~ Moderator / August 22, 2011 9:33 AM PDT
In reply to: NEWS - August 22, 2011

"FTP server on which data was stored became searchable by Google in September"

Yale University has notified about 43,000 faculty, staff, students and alumni that their names and Social Security numbers were publicly available via Google search for about 10 months.

All of the victims were affiliated with Yale in 1999, and are being offered identity theft insurance and free credit monitoring services for two years, the university said in a statement last week.

The breach resulted when a File Transfer Protocol (FTP) server on which the data was stored became searchable via Google as the result of a change the search engine giant made last September, the Yale Daily News reported

The online publication reported that Yale IT Services Director Len Peters said the FTP server holding the compromised information was used mainly for open-source materials.

In September 2010, Google made a change that allowed its search engine to index and find FTP servers. But university IT officials were unaware of the change, Peters told the Daily News.

Continued : http://www.networkworld.com/news/2011/082211-yale-warns-43000-about-10-month-long-249979.html

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?