Spyware, Viruses, & Security forum


NEWS - August 25, 2011

by Carol~ Moderator / August 25, 2011 2:31 AM PDT
Facebook to Prevent 3rd-party Apps From Seeing Your Information Via Your Friends

On Tuesday of this week, Facebook announced significant changes to their profile controls and sharing options. The roll out of these changes begins today, August 25th. You'll find an excellent summary of the changes by Jason over on our Safe and Savvy blog.

Meanwhile, we've been busy digging into the details and reading between the lines.

And there's lots of details to consider: [Screenshot]

Wait... there's more: [Screenshot]

Aha! Now this is interesting (Facebook buried a good lead here..) :

Continued : http://www.f-secure.com/weblog/archives/00002223.html
Discussion is locked
You are posting a reply to: NEWS - August 25, 2011
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - August 25, 2011
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Police Think They've Nailed One Of The Anonymous Hackers
by Carol~ Moderator / August 25, 2011 3:08 AM PDT
In reply to: NEWS - August 25, 2011

Peter David Gibson, a 22-year-old student from Hartlepool, England, was charged in conjunction with an investigation into Anonymous' DOS attacks.

"He is accused of trying to hinder the operation of, or access to, a computer system," the BBC reports.

U.K. police arrested Gibson along with five others on April 5. They claim the loosely-affiliated worldwide network of hackers targeted the websites of companies including EBay, Sony, and Visa.

Gibson's court date is scheduled for September 7. If convicted, he faces up to 10 years in prison.

Gibson is the latest person charged in the worldwide crackdown on the hacking group.

Continued : http://www.businessinsider.com/british-police-charge-student-in-anonymous-hacking-case-2011-8

UK police charge man in connection with Anonymous DDoS attacks
UK cops charge alleged Anonymous hacker

Collapse -
Hybrid Hydras and Green Stealing Machines
by Carol~ Moderator / August 25, 2011 3:08 AM PDT
In reply to: NEWS - August 25, 2011

Hybrids seem to be all the rage in the automobile industry, so it's unsurprising that hybrid threats are the new thing in another industry that reliably ships updated product lines: The computer crime world. The public release of the source code for the infamous ZeuS Trojan earlier this year is spawning novel attack tools. And just as hybrid cars hold the promise of greater fuel efficiency, these nascent threats show the potential of the ZeuS source code leak for morphing ordinary, run-of-the-mill malware into far more efficient data-stealing machines.

Researchers at Trusteer have unearthed evidence that portions of the leaked ZeuS source code have been fused with recent versions of Ramnit, a computer worm first spotted in January 2010. Amid thousands of other password-stealing, file-infecting worms capable of spreading via networked drives, Ramnit is unremarkable except in one respect: It is hugely prolific. According to a report (PDF) from Symantec, Ramnit accounted for 17.3 percent of all malicious software that the company detected in July 2011.

Trusteer says this Ramnit strain includes a component that allows it to modify Web pages as they are being displayed in the victim's browser. It is this very feature - code injection - that has made ZeuS such a potent weapon in defeating the security mechanisms that many commercial and retail banks use to authenticate their customers.

Continued : http://krebsonsecurity.com/2011/08/hybrid-hydras-and-green-stealing-machines/#more-11255

Related: Trusteer warns of evolving 'Ramnit' online banking attack

Collapse -
That UK.gov Firefox cookie leakage snafu explained
by Carol~ Moderator / August 25, 2011 3:08 AM PDT
In reply to: NEWS - August 25, 2011

If you've used the latest version of Firefox to visit a UK government website in the last few weeks, you may have noticed something unusual in the browser address bar.

Instead of highlighting, for example, direct.gov.uk, as you might expect from Firefox 6.0's new domain-conscious security behaviour, only the gov.uk portion is shown in bold type. [Screenshot]

Far from merely a cosmetic change, this actually indicates potentially insecure behaviour that could enable user cookies to be shared between different government-run websites.

Firefox uses Mozilla's volunteer-maintained Public Suffix List to break down domain names into their component parts, enabling it essentially to determine which level of an address indicates its owner.

While anybody can register second-level domains such as example.com, some extensions require you to use the third level, such as example.co.uk and example.com.au.

Continued : http://www.theregister.co.uk/2011/08/25/cookie_leak_bug_hits_gov_uk/

Collapse -
Scan from a Xerox WorkCentre? Trojan attack spammed widely
by Carol~ Moderator / August 25, 2011 3:08 AM PDT
In reply to: NEWS - August 25, 2011

Emails claiming to come from a Xerox WorkCentre Pro photocopier have been spammed widely across the internet, containing a malicious file as an attachment.

Modern photocopiers don't just copy your confidential documents, or see the downside of inebriated staff antics at the office party, they can also email you your documents these days.

Which makes them a possibly all-too-convincing disguise for today's spammed-out malware campaign.

Although the precise wording varies from email to email, they all claim to be a scan (or sometimes a forwarded scan) from a Xerox WorkStation Pro. [Screenshot


Scan from a Xerox WorkCentre Pro #[number]

Message body:

Please open the attached document. It was scanned and sent to you using a Xerox WorkCentre Pro.
Sent by: Guest
Number of Images: 1
Attachment File Type: ZIP [DOC]

WorkCentre Pro Location: machine location not set
Device Name: [random]

The names of attached files can vary but are along the lines of Xerox_Document_08.23_C11125.zip and Xerox_Scan_08.23_K1274.zip.

Continued : http://nakedsecurity.sophos.com/2011/08/25/scan-from-a-xerox-workcentre-trojan-attack-spammed-out-widely/

Collapse -
Anonymous eyes Wall Street after BART protests
by Carol~ Moderator / August 25, 2011 3:25 AM PDT
In reply to: NEWS - August 25, 2011

Anonymous has apparently set its sights on Wall Street after leading multiple protests against BART (Bay Area Rapid Transit) in San Francisco.

Although many commuters who depend on the train system say they could do without station shutdowns and delays, the digital collective shows little sign of halting their hacktivist expansion into the physical realm.

"On September 17th, Anonymous will flood into lower Manhattan, set up tents, kitchens, peaceful barricades and occupy Wall Street for a few months," a purported Anonymous member claimed on YouTube. [Video]

"Once there, we shall incessantly repeat one simple demand in a plurality of voices. We want freedom. The abuse and corruption of corporations, banks and governments ENDS HERE!!"

However, the activist emphasized that the protest would be a "non-violent one," as Anonymous does "not encourage violence" in any way.

Obviously, Wall Street traders are unlikely to react positively to Anonymous setting up shop outside the Exchange, but what about the rest of NYC? [Video]

Continued : http://www.tgdaily.com/security-features/58103-anonymous-eyes-wall-street-after-bart-protests

Collapse -
"Free Facebook Credits" scam
by Carol~ Moderator / August 25, 2011 3:25 AM PDT
In reply to: NEWS - August 25, 2011

After a rather long time, Facebook users are again seeing offers of "Free Facebook Credits!" on their News Feed.

Those users who are not aware of the fact that they can only get Facebook Credits if they buy them, earn them or receive them from friends, can be easy targets for this rather legitimate looking scam: [Screenshot]

The page in question - located at freefb-5000.blogspot.com and still available - continues to convince the user of the legitimacy of the offer: "You might be thinking how this works. Well, this works because of the advertisers and sponsors who pay us for every promotion. So don't thank us for the free credits, thank our great sponsors!"

To get the free FB Credits, the user is required to jump through a few hoops. He must share the page, post about it and then "Like" four other pages.

In the end, the user is taken to a page where he is asked to complete a survey. Do I need to point that there are no free FB Credits waiting for him once he has performed all this?


Collapse -
Firm at heart of biggest oil spill spews toxic web attack
by Carol~ Moderator / August 25, 2011 9:46 AM PDT
In reply to: NEWS - August 25, 2011

Transocean, the offshore drilling contractor at the center of the world's biggest marine oil spill in the history of petroleum production, has been caught spewing a virtual sort of toxic sludge, according to a report released Thursday.

Researchers at web security firm Websense said deepwater.com, Transocean's official website, has been hosting malicious exploit code that attempts to install malware on the machines of people who visit the site. The researchers counted at least two separate attacks included in several deepwater.com pages that exploit known vulnerabilities in Microsoft's Internet Explorer browser and Adobe's Flash media player.

Only 16 percent of the top 44 antivirus programs detected the latter exploit, the Websense report said, citing this analysis from Virustotal. The exploit code is stashed in invisible iframe tags planted on Transocean's site, the report said.

As of 10:30 am California time, about 26 hours after the exploit code was first detected, the attacks were continuing unabated, Patrik Runald, a senior manager for security research at Websense, told The Register. They stopped shortly after The Reg asked a Transocean spokesman to comment.

"We don't know exactly how the compromise happened but as the attackers were able to upload the exploit files to the server it's not a SQL injection attack (which usually involves redirection to an external server)," he wrote in an email.

Continued : http://www.theregister.co.uk/2011/08/25/transocean_website_compromise/

From Websense Security: Transocean oil/gas rig contractor compromised (deepwater.com) - UPDATE: NOW FIXED

Collapse -
Microsoft Releases New Versions of Software Security Tools
by Carol~ Moderator / August 25, 2011 9:47 AM PDT
In reply to: NEWS - August 25, 2011

Microsoft has released new versions of several of its software security tools, including its Threat Modeling Tool and a pair of fuzzers. All of the tools are part of the company's Security Development Lifecycle program, which it has been sharing with external organizations for a few years now.

Microsoft's internal teams developed a number of tools that they use in writing and assessing software and the company has making some of them available publicly. One of the key tools in the SDL arsenal is the company's Threat Modeling Tool, which is used by developers and engineers at the beginning of a project to help find potential threats before they start writing code. The new version of the tool includes more stable support for Visio 2010 and Team Foundation Server.

Microsoft also released new versions of two specialized fuzzers: RegExFuzz and MiniFuzz. Both fuzzers are meant to be used in the Verification Phase of the SDL program. MiniFuzz is a basic fuzzer and the RegExFuzz tool is designed specifically for finding problems with regular expressions in software.

Continued : http://threatpost.com/en_us/blogs/microsoft-releases-new-versions-software-security-tools-082511

Collapse -
UPnP-enabled routers allow attacks on LANs
by Carol~ Moderator / August 25, 2011 9:47 AM PDT
In reply to: NEWS - August 25, 2011

Routers from various manufacturers support UPnP (Universal Plug and Play) on their WAN interfaces, which apparently makes it possible for attackers to reconfigure them remotely via the internet and, for example, misuse them as surfing proxies or to infiltrate internal LANs. The problem was discovered by IT security specialist Daniel Garcia, who has developed the Umap tool to demonstrate the problem; the tool is available to download free of charge. [Screenshot]

Umap detects UPnP-enabled end devices such as DSL routers and cable modems on the internet by directly retrieving the devices' XML descriptions. The required URLs and ports for some models are hard-coded into the tool. This enables the software to bypass the usual restriction that only allows UPnP to search for compatible hardware via multicast in local networks. Garcia says that entire device series by Edimax, Linksys, Sitecom or Thomson (SpeedTouch) respond to UPnP requests on their WAN interfaces.

Since UPnP isn't designed to include any authentication, the XML description can always be retrieved. Garcia said that, by performing an internet scan, he managed to detect 150,000 potentially vulnerable devices within a short period of time. Once initial contact has been made, the scanner sends such UPnP commands as AddPortMapping or DeletePortMapping to the devices via SOAP requests. LAN devices usually use these commands to access the internet via NAT. However, the devices from the manufacturers in question allow the port to be opened - and redirected to any other LAN device - via the WAN interface. Umap attempts to guess the internal IP address that is required to do so.

Continued : http://www.h-online.com/security/news/item/UPnP-enabled-routers-allow-attacks-on-LANs-1329727.html

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?