Spyware, Viruses, & Security forum

General discussion

NEWS - August 31, 2010

by Carol~ Moderator / August 31, 2010 2:35 AM PDT
Google disputes bug patching report

"IBM's X-Force admits mistake, now says Google patched all disclosed vulnerabilities in the first half of 2010"

Google on Monday said that a recent report claiming it failed to patch a third of the serious bugs in its software had the facts wrong.

IBM's X-Force security company, which released the report last week, acknowledged the error and issued a revised chart that shows Google patched all the vulnerabilities rated "critical" or "high" in its online services.

"We questioned a number of surprising findings concerning Google's vulnerability rate and response record, and after discussions with IBM, we discovered a number of errors that had important implications for the report's conclusions," said Adam Mein, a security program manager at Google, in an entry on a company blog .

Last week, X-Force's report claimed that 9% of all Google bugs disclosed in the first half of 2010 were unpatched, and 33% of the vulnerabilities ranked as critical or high had not been fixed.

According to IBM's revised tabulations, Google patched every vulnerability revealed in the first six months of this year.

"After we released our trend report ... we received feedback from two software vendors regarding the severity and remedy information for some of the vulnerabilities behind this chart," said Tom Cross, a researcher with X-Force, in a mea culpa blog posted on Saturday. "As a consequence of this feedback, we have manually reassessed the CVSS scoring, remedy information, and vendor information for every vulnerability that impacted the percentages that appear in this chart."

Continued : http://www.networkworld.com/news/2010/083110-google-disputes-bug-patching.html

Also : Unpatched security holes: IBM re-evaluates
Discussion is locked
You are posting a reply to: NEWS - August 31, 2010
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - August 31, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Fake TweetDeck update preys on Twitter users
by Carol~ Moderator / August 31, 2010 2:41 AM PDT
In reply to: NEWS - August 31, 2010

It was a Bank Holiday weekend here in the UK meaning that we had the pleasure of a longer break than normal, with Monday not being a normal working day.

But it appears that at least one bunch of criminals weren't resting on their laurels as they spread links pointing to what they claimed was an update to the popular Twitter client, TweetDeck.

? Hurry up for tweetdeck update!
? Update TweetDeck! Bank Holiday
? Critical tweetdeck update Bank Holiday
? Sorry for offtopic, but it is a critical TweetDeck update. It won't work tomorrow!


[Screenshot]

The tweets are being posted from hacked Twitter accounts, and do not link to a legitimate update for TweetDeck. Instead, unsuspecting users are putting themselves at risk of infection by a Trojan horse which Sophos detects as Troj/Agent-OOA.

TweetDeck has reminded its users that they should only download updates from its official website.

It's possible that the malicious hackers who spread the attack are taking advantage of Twitter ceasing support for basic authentication in their API today, meaning users have to be using a Twitter client which uses OAuth.

Regarding this particular attack, Twitter says it is resetting the passwords of accounts that it has seen distributing the dangerous link.

Continued @ Graham Cluely's Blog : http://www.sophos.com/blogs/gc/g/2010/08/31/fake-tweetdeck-update-preys-twitter-users/

Also: Fake TweetDeck update lures prompt password resets

Collapse -
TDSS Pretending To Be Tweetdeck Update
by Carol~ Moderator / August 31, 2010 4:55 AM PDT

Timing is everything?especially if you?re trying to spread malware. Last week, the developers of the popular Twitter application Tweetdeck notified users that due to changes in the supported authentication protocols by Twitter, users of older versions would have to upgrade.

Naturally, cybercriminals latched onto this bit of news and sent out their own tweets saying the same thing. However, their malicious tweets contained a URL-shortened link to what was supposedly a Tweetdeck installer named tweetdeck-08302010-update.exe:
[Twitter Search Results]

This particular file, however, is not a legitimate installer but a TDSS variant detected as TROJ_TDSS.FAT. The TDSS malware family functions as rootkits that are able to take complete control of affected systems; in addition their complexity and sophistication makes these malware difficult to remove.

Tweetdeck has officially warned their users not to fall prey to this attack. In addition to detecting the malicious ?installer?, the website hosting it has been blocked as well.

As Posted @ TrendLabs Malware Blog: http://blog.trendmicro.com/tdss-pretending-to-be-tweetdeck-update/

Collapse -
New Zero-Day Vulnerabilities Imminent
by Carol~ Moderator / August 31, 2010 2:41 AM PDT
In reply to: NEWS - August 31, 2010

An independent group of security researchers has announced that they will be releasing zero-day vulnerabilities, web application vulnerabilities, and proof-of-concept exploits for patched vulnerabilities throughout the month of September. Many high-profile vendors such as Adobe, Apple, Microsoft, and Mozilla are among those whose products will apparently have vulnerabilities revealed in the month.

According to Trend Micro researcher Rajiv Motwani, the vulnerabilities that will be announced will be a collection of old and new ones, with Microsoft being a major target. The new vulnerabilities can be considered as zero-day flaws, and will leave users vulnerable until a vendor patch is offered and applied. However, this process may take some time, until then users should use any suggested workarounds.

It is also believed that detailed information for recently released advisories will also be published. The chances are that the released information mayinclude proof of concept code, making exploits more likely. Exploit packs on malicious and compromised websites will probably include these new exploits as well.

Continued @ TrendLabs Malware Blog: http://blog.trendmicro.com/new-zero-day-vulnerabilities-imminent/

Collapse -
Researchers slate 'month of bugs' launch for Wednesday
by Carol~ Moderator / August 31, 2010 9:34 AM PDT

"Claim to have unpatched vulnerabilities in Excel, IE and other Microsoft, Apple and Mozilla software"

Starting tomorrow, a little-known group of security researchers will kick off a month of bug disclosures that target unpatched vulnerabilities in software from Adobe, Microsoft, Mozilla, Apple and others.

But the researcher who came up with the idea of month-long bugfests four years ago isn't optimistic that reviving the practice will have much of an impact on the general state of computer security.

The "Month Of Abysssec Undisclosed Bugs" (MOAUB) will feature flaws in Microsoft's Excel and Internet Explorer, the Linux-based cPanel Web hosting control panel, and other software, said Abysssec Security Research in a post to the firm's blog earlier this month.

"They're threatening -- at least, the companies affected will see it as a threat -- to release vulnerabilities on all kinds of software, from desktop applications to browsers," said Jamz Yaneza, threat research manager at Trend Micro, today.

Microsoft, which figured prominently in the MOAUB announcement, said it's aware of the group's plan. "As always, if and when a vulnerability is publicly disclosed, Microsoft will take immediate action to determine the appropriate response for our customers," said Jerry Bryant, group manager with the Microsoft Security Response Center (MSRC).

Continued : http://www.computerworld.com/s/article/9182999/Researchers_slate_month_of_bugs_launch_for_Wednesday

Collapse -
Major Disruption of Pushdo Botnet Wasn't The Original Goal
by Carol~ Moderator / August 31, 2010 4:54 AM PDT
In reply to: NEWS - August 31, 2010

"Botnet's spam traffic cut by 80 percent "

The researchers who successfully shut down much of the Pushdo botnet's infrastructure last week didn't go in planning to take down a large chunk of the botnet -- that was a secondary but major byproduct of some related botnet research they were conducting.

Thorsten Holz, senior threat analyst at LastLine and assistant professor of computer science at Ruhr-University Bochum, Germany, says he and his colleagues were working on a research project involving various botnets, including Pushdo, MegaD, and Rustock, matching infected IP addresses with their respective botnets. They decided to they needed C&C servers to evaluate an algorithm they were developing for the project, which ultimately led them to decide to take down some Pushdo C&C servers to assist their research, he says. "Pushdo's command and control infrastructure turns out to be pretty vulnerable to takedown efforts, so we identified the C&C servers in eight different hosting providers," Holz says. "It was the ideal target to get the servers down and analyze the data."

"It was not our goal to completely take down the entire botnet. We were looking for insights into it to learn more about command and control servers," he says.

The Pushdo C&C servers provided just the data the researchers needed to test their new tool. "It was unclear to what extent we [could] disturb the Pushdo operation, and we were positively surprised that it worked that well," Holz says.

DarkReading

Related : Huge spamming botnet injured but still alive

Collapse -
Google's New Priority Inbox Hits a Snag
by Carol~ Moderator / August 31, 2010 4:55 AM PDT
In reply to: NEWS - August 31, 2010

The buzz this morning isn't Google's Buzz, but its new Priority Inbox feature for the company's Web based Gmail messaging service. The new feature allows heavy e-mail users to filter out and prioritize important messages. But the search giant has already hit a snag in releasing it to the public.

Users of the new feature found that a fun, instructional YouTube video used to explain the new feature was loading, invisibly, in their Chrome browser every time they logged into Gmail with the Priority Inbox feature enabled.

The video, which can be viewed here, is harmless but led to some head scratching and complaints from Gmail users, who struggled to figure out why rag time was playing every time they went to check their e-mail, as documented on a number of Google support threads.

"Whenever I sign into my Gmail using Chrome, music automatically starts playing. This is a new issue. It's like old time dance music. Occasionally there will be a sound effect like a click, a bubble, cards shuffling, a dog growling, " a support group user with the handle barnolde wrote.

Continued : http://threatpost.com/en_us/blogs/googles-new-priority-inbox-update-hits-snag-083110

Collapse -
Twitter API has new third party sign-on method
by Carol~ Moderator / August 31, 2010 4:55 AM PDT
In reply to: NEWS - August 31, 2010

Users of obscure third-party Twitter applications may be surprised to find that their apps no longer work, if the app creators of those apps haven't been keeping up with changes in the Twitter API (application programming interface).

Microblogging service Twitter is in the final stages of migrating its sign-on service for third party applications to a different of authentication protocol, called OAuth.

Users logging through the Twitter Web site will not notice the difference, nor should users of third-party apps that have already made the switchover, including many popular ones such as TweetDeck, Twitterrific, Seesmic, and Twitter for Android. But if the app hasn't been updated in a while, and still requires a Twitter user name and password, then it will probably stop working correctly.

Over the past month, Twitter has periodically lowered the number of data requests that apps could make to Twitter each hour, as a way of weaning third-party application developers from the old authentication procedure, called Basic Auth. As of 8 AM Pacific time, Tuesday, Twitter will reject any requests from third-party applications that use Basic Auth.

"Basic Auth for Twitter is almost history. Rate limits are down to 15 requests/hour, and will be 0 by tomorrow," wrote Twitter creative director Doug Bowman in a short post on the Twitter site Monday. The rate limit for OAuth is 350 requests per hour.

Continued : http://www.cio.com/article/607863/Twitter_API_has_New_Third_Party_Sign_on_Method

Collapse -
Email still the top source of data loss
by Carol~ Moderator / August 31, 2010 4:56 AM PDT
In reply to: NEWS - August 31, 2010

Email continues to be the number one source of data loss risks in large enterprises as more than a third (35 percent) investigated a leak of confidential or proprietary information via email in the past 12 months, according to Proofpoint. [Screenshot]

At the same time, the number of data loss events associated with social media channels continued to increase. Employee misuse of email, work-owned mobile devices, and popular social media tools including Facebook, LinkedIn, Twitter, video sharing sites, forums and blogs resulted in an increasing number of disciplinary actions?including termination?as enterprises demonstrate increasing concern about securing sensitive data.

Despite a growing awareness of data loss risks, large enterprises continue to be impacted by data loss at a surprising rate:

? Thirty-six percent of respondents said their organization was impacted by the exposure of sensitive or embarrassing information in the past 12 months.
? Thirty-one percent of respondents said their organization was impacted by the improper exposure or theft of customer information in the past 12 months.
? Twenty-nine percent of respondents said their organization was impacted by the improper exposure or theft of intellectual property in the past 12 months.

Continued : http://www.net-security.org/secworld.php?id=9806

Collapse -
Hackers Focus on Misconfigured Networks, Survey Finds
by Carol~ Moderator / August 31, 2010 9:34 AM PDT
In reply to: NEWS - August 31, 2010

"Misconfigured networks are the most popular target for hackers, according to a survey taken at the DEFCON security conference in July."

Ever wonder what IT resource is the easiest for hackers to exploit? According to a survey of attendees of the annual DEFCON security conference, the answer is misconfigured networks.

The survey was conducted by Tufin Technologies, and polled 101 attendees at DEFCON 18 in July. Seventy-six percent named misconfigured networks as the easiest IT resource to attack.

Fifty-seven percent of those surveyed said network misconfiguration was caused by IT staffers not knowing what to look for when assessing the security posture of the network. Another 18 percent believe misconfigured networks are the result of insufficient time or money for audits, while 14 percent felt compliance audits that fail to capture security best practices are a factor.

The rest do not think security can keep up with the threat landscape.

?The really big question coming out of the survey is how to manage the risk that organizations run dealing with the complexity that is part and parcel of any medium-to-large sized company?s security operations,? said Reuven Harrison, chief technology officer at Tufin, in a statement.

Outside of attacking Web sites, 43 percent agreed planting a malicious insider in a company is the latest and most successful form of commercial hacking.

Continued : http://www.eweek.com/c/a/Security/Hackers-Focus-on-Misconfigured-Networks-Survey-Finds-264850/

Also : Misconfigured networks main cause of breaches

Collapse -
Computer problems last at DMV, other Va. agencies
by Carol~ Moderator / August 31, 2010 9:34 AM PDT
In reply to: NEWS - August 31, 2010

A massive failure of the state's problem-plagued centralized computers continued to hit several state agencies Tuesday, making it difficult for Virginians to get a driver's license or file tax returns and make payments.

The Virginia Information Technologies Agency has been trying since Wednesday to fix the computer outage that affected nearly 30 state agencies. The outage also prompted Gov. Bob McDonnell to call for an independent third party to investigate the problems, including whether contractor Northrop Grumman should reimburse the state for lost business and productivity.

As of Tuesday, computer problems continued to affect the Department of Motor Vehicles, the Department of Taxation and the State Board of Elections. Other agencies also were experiencing minor issues relating to the failure at VITA's large suburban Richmond computing center, one of several data storage systems in different parts of Virginia.

Teams are trying to get all the agencies completely up and running and are making significant progress, Virginia's Secretary of Technology Jim Duffey said in a statement. He asked for "continued understanding and patience of state employees and citizens as this work continues."

The outage has left people unable to get or renew driver's licenses or identification cards at the DMV's 74 customer service centers. About 5,000 license or ID cards expired as of Monday without being able to be renewed, spokesman Melanie Stokes said.

Continued : http://www.businessweek.com/ap/financialnews/D9HUN64O0.htm

Also : Virginia IT woes drag on; Northrup Grumman grateful for the patience

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?