Spyware, Viruses, & Security forum


NEWS - August 31, 2011

by Carol~ Forum moderator / August 31, 2011 3:29 AM PDT
Updated Chrome and Firefox for fraudulent Google certificate available

In response to the discovery of a fraudulent DigiNotar SSL certificate being used in Iran as part of a man-in-the-middle attack, Mozilla has now released versions of Firefox 6.0.1, Firefox 3.6.21 and Thunderbird 6.0.1, and Google has released Chrome 13.0.782.218. The updates disable or delete entries for DigiNotar's Certificate Authority. Google also took the opportunity to update the Adobe Flash Player in Chrome and also updated development versions of Chrome.

The impact of the removal of the DigiNotar Root certificate, beyond that of blocking the one (or more) bogus certificates, is unclear, though it may have an impact on users in the Netherlands where DigiNotar operates. For example, the government's DigiD identity management platform uses SSL certificates issued by DigiNotar.

Users will see the updates for Firefox within 24 to 48 hours. Firefox 3.6.x users who wish to install the update manually can download it from the "Older Firefox" page. At the time of writing, according to Mozilla's advisory page, updates for the Aurora and Nightly builds of Firefox have been updated as well, but not the Firefox 7 beta; Thunderbird 7 beta and Firefox for Mobile will be updated soon. Users can also manually check.

Chrome users should see their updates appear automatically, but can also manually update the browser.

Update: Mozilla has also released version 3.1.13 of Thunderbird to revoke the root certificate for DigiNotar.


Falsely issued Google SSL certificate in the wild for more then 5 weeks
Rogue Google SSL certificate missed by auditors
Discussion is locked
You are posting a reply to: NEWS - August 31, 2011
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - August 31, 2011
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Opera 11.51 closes security holes
by Carol~ Forum moderator / August 31, 2011 3:44 AM PDT
In reply to: NEWS - August 31, 2011
Opera has released version 11.51 of its web browser, a maintenance and security update that addresses a high risk vulnerability. According to the developers, Opera 11.51 closes a hole that could have been exploited by an attacker to bypass certain security features. The issue is caused by an error when loading content that causes the browser to display the security information of a trusted site instead of the actual untrusted site.

The update also adds adds support for the full-screen app mode in Mac OS X 10.7 Lion and addresses a number of bugs on all supported platforms. The developers note that the update also fixes a "low severity issue" reported by Thai Duong and Juliano Rizzo; however, details of the vulnerability were not disclosed.

Further details about the update can be found in the Windows, Mac and Unix change logs. Opera 11.51 is available to download for Windows, Mac OS X, Linux and FreeBSD.

Continued : http://www.h-online.com/security/news/item/Opera-11-51-closes-security-holes-1334216.html

See Vulnerabilities & Fixes: Opera Two Vulnerabilities
Collapse -
New Versions of Chrome and Firefox Disable DigiNotar Root
by Carol~ Forum moderator / August 31, 2011 4:04 AM PDT
In reply to: NEWS - August 31, 2011

Related to the first post in this thread:

Mozilla has released version 6.01 of its Firefox browser, which now removes the compromised DigiNotar root certificate from the list of trusted roots. The move comes just two days after security researchers discovered that the Dutch company had issued a valid wildcard certificate for Google to an unknown third party.

Within hours of the discovery, Mozilla officials released a statement saying that they planned to push an update for Firefox soon that would remove DigiNotar from Firefox's trusted root certificate list. On Tuesday, Google released a new version of Chrome that disables DigiNotar trust in the browser. Microsoft also has removed DigiNotar from the list of trusted roots that Internet Explorer uses.

"Users on a compromised network could be directed to sites using a fraudulent certificate and mistake them for the legitimate sites. This could deceive them into revealing personal information such as usernames and passwords. It may also deceive users into downloading malware if they believe it's coming from a trusted site. We have received reports of these certificates being used in the wild," Mozilla security officials said in a blog post on Monday.

In addition to disabling trust for the DigiNotar root, Google also has blacklisted in Chromium nearly 250 certificates issued by the company.


Collapse -
More on DigiNotar
by Carol~ Forum moderator / August 31, 2011 5:38 AM PDT

From the Kaspersky Labs Weblog:

In the Netherlands news just broke involving more details with regards to the DigiNotar compromise. According to this the following were included in the targeted domains: Yahoo.com, mozilla.org, torproject.org, wordpress.org and Iranian blogging platform Baladin.

So far, I haven't been able to verify these myself. It would be great if any of the browser makers or DigiNotar could confirm these were amongst the targeted domains.

Assuming these domains were indeed targeted the most plausible explanation is that a specific government is behind this attack.

What's worrisome in this saga is DigiNotar's claim a "few dozen" rogue certificates were generated. This is a particularly suspicious claim because at the same time Google has blocked over 200 rogue certificates. Something doesn't quite add up.

It gets worse though. According to DigiNotar they're not able to track which rogue certificates were generated. So more of these rogue certificates may be out there. How is this possible? Either DigiNotar performs no logging of the certificates they create or their logs got cleaned out during the attack.

Either answer is bad and neither of them is worthy of the trust we necessarily have to put into certificate authorities.

Continued : http://www.securelist.com/en/blog/208193107/More_on_DigiNotar

Collapse -
Apache patches Web server DoS vulnerability
by Carol~ Forum moderator / August 31, 2011 6:32 AM PDT
In reply to: NEWS - August 31, 2011

The Apache open-source project patched its Web server software Tuesday to quash a bug that a denial-of-service (DoS) tool has been exploiting.

Apache 2.2.20, released Tuesday, plugs the hole used by "Apache Killer," an attack tool that hackers have been using for more than a week to cripple Web servers.

On Aug. 24, project developers had promised a fix within 48 hours, then revised the timetable two days later to 24 hours. The security advisory did not explain the delay.

Earlier, the project had offered Web server administrators ways to protect their systems until a patch was available.

"We consider this release to be the best version of Apache available, and encourage users of all prior versions to upgrade," Tuesday's advisory stated.

Although the DoS vulnerability also exists in the older Apache 1.3, the project no longer supports that edition.

According to an update to the original advisory that Apache published last week, the fix reduces the amount of memory used by HTTP requests, and "weeds out or simplifies requests deemed too unwieldy."

Continued : http://www.computerworld.com/s/article/9219650/Apache_patches_Web_server_DoS_vulnerability

Also: Apache 2.2.20 released to fix DoS vulnerability

Related :
Apache DoS Bug Resurfaces, Spurring New Attacks
Tool causes Apache web server to freeze

Collapse -
Pharma Wars: Purchasing Protection
by Carol~ Forum moderator / August 31, 2011 6:32 AM PDT
In reply to: NEWS - August 31, 2011

Leaked online chats between the co-owners of the world's largest pharmacy spam operation reveal the extent to which illicit organizations in Russia purchase political protection, and bribe public officials into initiating or stalling law enforcement investigations.

Last month, there was a leak of more than four years of chat logs seized by Russian police who had arrested and interrogated Dmitry Stupin, allegedly the co-owner of GlavMed and the now-defunct SpamIt, organizations that paid spammers millions of dollars each month to promote fly-by-night online pharmacies.

In the the Jan. 9, 2010 chat between Stupin and Igor Gusev, the alleged other owner of GlavMed and SpamIt, Gusev has just learned that he and his operation are under investigation by Russian authorities (Gusev would be formally charged with illegal business activities in October 2010, forcing the closure of SpamIt). Gusev says he may be able to purchase shelter from the charges by funneling money to key Russian politicians who have influence over investigators.

Continued : http://krebsonsecurity.com/2011/08/pharma-wars-purchasing-protection/#more-11217

Collapse -
Western Union money transfer email disguises Trojan attack
by Carol~ Forum moderator / August 31, 2011 6:32 AM PDT
In reply to: NEWS - August 31, 2011

If you're clued-up about computer security, it's unlikely that you would fall for this scam. However, there are plenty of people who haven't learnt to be suspicious of unsolicited emails and wouldn't think twice about opening an attachment if they believe they've been sent some money via Western Union.

You can imagine how people might be especially vulnerable if they were overseas and expecting some money to be wired to them from relatives back at home.

Here is an example of one of the many malicious emails that has been spammed around the world today:
[Screenshot: Western Union Malicious Email]


Money Transfer Information

Message body:

DEAR CONSUMER , You have received a remittance, more information about the money transfer is in the attached file.
Money Order can be cashed at any branch or bank in Your city
Sincerely , Westernunion

As you can see by the following snapshot from our labs, the subject lines and attached filenames can vary - but all claim to be regarding money sent to you via Western Union. [Screenshot: Western Union Malicious Emails]

Continued : http://nakedsecurity.sophos.com/2011/08/31/western-union-money-transfer-trojan/

Collapse -
LulzSec hacker needs a....chaperone?
by Carol~ Forum moderator / August 31, 2011 8:36 AM PDT
In reply to: NEWS - August 31, 2011

A British teenager accused of hacking the website of the Serious Organised Crime Agency cannot visit his 19-year-old girlfriend without a chaperone.

Ryan Cleary - who was charged with various computer related crimes in June - can only leave home with a parent as per his bail agreement.

However, Cleary's lawyer Ben Cooper asked Judge Nicholas Loraine-Smith if the conditions can be slightly altered so Cleary will be able to visit his girlfriend Amy Chapman without a parent being present.??

But Loraine-Smith refused the (rather reasonable) request, at least for now.

"I will not consider making a variation until the police have interviewed her and that they are satisfied that she is responsible enough to take on the duty," he said in a statement quoted by the Daily Mail.

The judge also issued a stern warning to both Cleary and fellow alleged LulzSec hacker Jake Davis (aka Topiary) to follow their bail conditions to the letter.

"First of all, bail has to be on the same stringent terms for both of these defendants... I reiterate, as I did to one of them who has appeared before me, that if they breach any of these conditions they can be arrested and brought before the court and almost certainly remanded in custody."

Continued : http://www.tgdaily.com/security-features/58208-lulzsec-hacker-needs-a-chaperone

Also: LulzSec hacking suspect denied access.. to his girlfriend

Collapse -
Stay Away from Free Giveaways on MJ's Birthday
by Carol~ Forum moderator / August 31, 2011 8:37 AM PDT
In reply to: NEWS - August 31, 2011

From BitDefender's Malware City Blog:

New Facebook Scam plays the double bait game: an MJ tribute page hosts three survey scams claiming to reward respondents with free gadgets: iPads and Dell computers.

August 29 is an emotional time for Michael Jackson fans. It's the star's birthday and those who loved and admired him will naturally look for a way to express their regret, pay tribute to his memory or even ...wish him "happy birthday!" (after all, MJ will always live in their hearts).

As you all know, Facebook scammers are ready to crash any "party" that's likely to bring together thousands of people. So, here they are, proud creators of the "I love Michael Jackson" Facebook page that's already lured almost 25,000 people into the trap. [Screenshot]

Innocent until proven guilty, say you? That's right. And if proof is what you need, just take a look at the left hand side column under the page's profile picture. Exhibit A: "get a free iPad", Exhibit B: "get a free Dell". We won't bother about the "Facebook survey", as its competition is very much likely to kills its chances of success. We'll cut the "pick and choose" process even shorter as, given the recent buzz about Steve Jobs' resignation, iPad sounds very, very good. Social engineering, perhaps. Yeah, maybe a little.

Continued : http://www.malwarecity.com/blog/stay-away-from-free-giveaways-on-mjs-birthday-1124.html

Collapse -
Akamai employee tried to sell secrets to Israel
by Carol~ Forum moderator / August 31, 2011 8:37 AM PDT
In reply to: NEWS - August 31, 2011

"A staffer in the finance department tried to sell client information, contracts and even an employee list"

A 43-year-old former Akamai employee has pleaded guilty to espionage charges after offering to hand over confidential information about the Web acceleration company to an agent posing as an Israeli consular official in Boston.

Starting in September 2007, Elliot Doxer played an elaborate 18-month-long game of cloak-and-dagger with James Cromer, a man he thought was an Israeli intelligence officer. He handed over pages and pages of confidential data to Cromer, providing a list of Akamai's clients and contracts, information about the company's security practices, and even a list of 1,300 Akamai employees, including mobile numbers, departments and e-mail addresses.

Doxer delivered the information to a dead drop box, a predetermined location set up by Cromer where both of them could drop off documents for each other without actually meeting.

His motivation was to help Israel and to get information on his son and estranged wife, who lived outside the U.S., prosecutors said in court filings.

Unbeknownst to Doxer, his Israeli spy was actually a special agent with the counterintelligence squad at the U.S. Federal Bureau of Investigation's Pittsburgh field office. In October 2010, Doxer was arrested and charged with committing foreign economic espionage. He pleaded guilty on Tuesday, becoming only the eighth person ever to be prosecuted in the U.S. for trying to sell corporate secrets to foreign governments.

Continued : http://www.computerworld.com/s/article/9219628/Akamai_employee_tried_to_sell_secrets_to_Israel

Also: Former Akamai Employee Admits Trying to Pass Trade Secrets to Israel

Popular Forums
Computer Help 51,912 discussions
Computer Newbies 10,498 discussions
Laptops 20,411 discussions
Security 30,882 discussions
TVs & Home Theaters 21,253 discussions
Windows 10 1,672 discussions
Phones 16,494 discussions
Windows 7 7,855 discussions
Networking & Wireless 15,504 discussions


Want to see the future of car technology?

Brian Cooley found it for you at CES 2017 in Las Vegas and the North American International Auto Show in Detroit.