Spyware, Viruses, & Security forum

General discussion

NEWS - December 1, 2009

by Donna Buenaventura / November 30, 2009 6:53 PM PST
Privacy fears prompt Fry to quit Plaxo

Stephen Fry has quit Plaxo after he became annoyed that the social networking site was revealing what he sees as too many personal details with anyone visiting the site - as opposed to designated contacts.

Plaxo, which was co-founded by Napster co-creator Sean Parker, maintains an online address book and social networking service. The service has fully configurable privacy settings, but Fry believes the default settings are sharing rather more information than he's comfortable with.

In a message on Twitter last Friday, Fry complained that Plaxo was "distributing my details to every casual passerby" and not just his online contacts.

Separately, a Reg reader told us on Thursday that anyone with an account can freely browse all the personal information held on Plaxo, including their mobile number and addresses as well as who users have logged as contacts.

More in http://www.theregister.co.uk/2009/12/01/plaxo_privacy_row/
Discussion is locked
You are posting a reply to: NEWS - December 1, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - December 1, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Free Tool Paints Picture Of Stealthy Attacks
by Donna Buenaventura / November 30, 2009 6:56 PM PST

Honeynet Project's 'Picviz' gets a graphical user interface

The Honeynet Project has beefed up a free tool that helps spot attacks that can elude detection. The Picviz tool takes data from various log analysis sources and converts them into a multidimensional visual map of events.

Researchers have now added a graphical user interface to Picviz, which should make it easier to deploy and more attractive to a broader range of users. Picviz developers Sebastien Tricaud and Philippe Saade have published a paper (PDF) that details how Picviz works and how it gathers and renders data from traffic logs, database logs, SSH logs, syslogs, IPtables logs, Apache logs, and other sources.

Picviz's "parallel coordinates" approach represents an unlimited number of events in multiple dimensions, such as the protocol, URL, IP address, user agent, time frames, and other parameters. Parallel coordinates are multidimensional images used in aircraft collision-detection, as well as in other network tools. Picviz was developed to automate these images, according to Tricaud.

Continue reading in http://www.darkreading.com/vulnerability_management/security/intrusion-prevention/showArticle.jhtml?articleID=221901483

Collapse -
FreeBSD bug gives untrusted root access
by Donna Buenaventura / November 30, 2009 6:58 PM PST

A security bug in the latest version of the FreeBSD can be exploited to grant unprivileged users complete control over the operating system, a German researcher said Monday.

The flaw is present in FreeBSD 8.0 and is known to affect versions 7.1 and 7.2 of the open-source OS, Nikolaos Rangos told The Register. He said it was "unbelievably simple" to exploit. Shortly after he disclosed the flaw on the Full Disclosure mailing list, other researchers said they were able to confirm the bug.

http://www.theregister.co.uk/2009/12/01/freebsd_root_bug/

Collapse -
Trojan demands money for internet access
by Carol~ Moderator / December 1, 2009 1:04 AM PST

1 December 2009

There's nothing new about Windows trojans resorting to a little blackmail, but Computer Associates has now observed a new twist; a trojan which blocks internet access until the user enters an activation code. This is activation code is obtained by sending an SMS containing a particular number to an expensive premium rate phone number ? CA does not mention the sum involved.

The malware, dubbed 'Win32/RansomSMS.AH', infects computers by claiming to be the "uFast Download Manager" tool which, when run, accuses users (in Russian) of having breached their licence conditions. CA has kindly provided a free tool (via zip direct download) to enable users to generate the required code for themselves.

Continued here: http://www.h-online.com/security/news/item/Trojan-demands-money-for-internet-access-873853.html

~~~~~~~~~~~~~~~~~~~~~

From CA Security Advisor Research Blog:

Ransomware Blocks Internet Access

CA ISBU has come across an interesting ransomware that blocks internet access of an infected system.[...]

English translation

Internet access is blocked due to violation of the
license agreement schedules of uFast Download Manager
You must activate your copy

Get a registration code by sending an SMS with the following
code fw0004199 to number 7122

In response you will receive an activation message.

Enter the activation message received from the SMS response ________


CA detects this ransomware as Win32/RansomSMS.AH.

This malware was found to be bundled with software named uFast Download Manager. During our investigation the following activities were observed:

-Bundled software was installed in the system without informing the user.

-Using the uninstaller program will not remove the ransomware screen from the desktop or other installed components.

Continued (with screenshots) here: http://community.ca.com/blogs/securityadvisor/archive/2009/11/30/ransomware-blocks-internet-access.aspx

Collapse -
Kaspersky unveils Kaspersky KryptoStorage & Password Manager
by Donna Buenaventura / December 1, 2009 4:09 AM PST

Kaspersky announces the release of Kaspersky Password Manager, a robust password storage solution.

Every day an active user will encounter a large number of online services and programs which require authorization. In order to access email, instant messaging services, online banking and shopping accounts or social networking sites, users have to enter their credentials. A security-conscious user will create several usernames and passwords and try to remember the answers to a variety of secret questions that will help him recover login details if he loses or forgets them. Many programs that can store your credentials for you, including web browsers, typically keep them in a non-protected format, exposing the data to malicious attacks.

Kaspersky Password Manager has been designed by Kaspersky Lab to address this problem and a number of related issues. The solution ensures the security of passwords used to access websites and Windows applications. Kaspersky Password Manager stores passwords, usernames and other confidential data in a dedicated database that is accessed via a master password. Kaspersky Password Manager can automatically recognize and fill in text fields in lengthy online forms and authorization dialog windows in password-protected websites and programs. The product helps the user identify themselves to a website or a program with just one mouse click. All these functions and capabilities make the new product from Kaspersky Lab an important addition to the protection provided by Kaspersky Anti-Virus/Kaspersky Internet Security 2010.

http://www.kaspersky.com/news?id=207575970

Kaspersky announces the release of Kaspersky KryptoStorage (KKS). The product, with its user-friendly, intuitive interface, is designed to provide cryptographic protection and permanently delete data from computers running Windows operating systems.

Users of Kaspersky Anti-Virus 2010 and Kaspersky Internet Security 2010, in particular, will appreciate the new product's features because those products in conjunction with Kaspersky KryptoStorage transform your computer into an impenetrable data storage that can withstand any form of attack.

Malware linked to the theft of users' confidential data is becoming more and more widespread. Encryption of the most critical user data provides an additional layer of defense against hacker attacks, including those that make use of various types of malicious programs.

Kaspersky KryptoStorage preserves the confidentiality and integrity of information by encrypting it. Data can only be read, modified or deleted by users who know the predefined password that was entered at the time of encryption.

http://www.kaspersky.com/news?id=207575969

Collapse -
Arguments against cloud-based antivirus
by Donna Buenaventura / December 1, 2009 4:14 AM PST

From Panda Research Blog:

With any advance in science and technology there will always be critics and people oppossed to change. This has happened over and over again in the course of history. Antivirus is no different. We saw resistance when we released behavioral analysis in 2004 (which is mainstream technology nowadays) and we have seen it recently with the release of Panda Cloud Antivirus.

In this post I have compiled a list of all arguments against cloud-based antivirus that I was able to find. Let us review these arguments against cloud-based antivirus and see why they are based on either misconceptions or simple lack of understanding and knowledge of how this technology works.

* A malware could cripple the Internet connection and render the cloud antivirus useless
* A cloud-based antivirus needs to check everything against the cloud. Takes more time
* It is an invasion of privacy. I do not want my files & documents to leave my computer
* Cloud-based antivirus do not protect while offline
* So that means that it provides lower protection while offline
* So if I have some old malware and disconnect from the Internet, can I infect myself?
* I’m worried about latency and response time
* Cloud-scanning is just the latest marketing buzzword
* Cloud-scanning is just a way for AV vendors to lower their cost of downloading signatures
* Cloud-scanning is only good as a second opinion

Their response on the above concerns is in http://research.pandasecurity.com/arguments-against-cloud-based-antivirus/

Collapse -
VB calls for collaboration amongst anti-spam vendors
by Donna Buenaventura / December 1, 2009 4:33 AM PST

VB finds that, when it comes to spam filtering, a combined effort outperforms individual products.

Virus Bulletin has discovered that running several spam filters in combination could be key to getting the best performance out of them. Following the last VBSpam comparative review of anti-spam products, the VB test team established that if the efforts of several filters were to be combined, the performance would be significantly better than that of any of the products on their own.

In the test, almost 200,000 emails were sent to 14 different anti-spam solutions which were required to classify them as either ham or spam. The test revealed that no legitimate mail was blocked by more than four products. After the test, VB's anti-spam team decided to look into this further and considered a hypothetical filter that marked an email as spam if at least five of the 14 products did so.

Unlike any of the individual products, the hypothetical filter generated no false positives at all, and combined this 0% false positive rate with an impressive overall spam catch rate of 99.89% (higher than any of the individual products VB has tested).

http://www.virusbtn.com/news/2009/11_30a.xml

Collapse -
Microsoft: Black Screen of Death Unrelated to Patch Tuesday
by Donna Buenaventura / December 1, 2009 4:44 AM PST
Microsoft: Black Screen of Death Unrelated to Patch Tuesday Updates

Microsoft is contending that the Black Screen of Death reports circulating the Web are not due to the security updates the company issued in November. The 'Black Screen of Death' condition striking some users of Microsoft Windows is not the work of bugs in November's Patch Tuesday updates, the company stated.

Microsoft did not offer an explanation for the problem, but stated that it had investigated the matter and found none of its November updates were causing the situation.

"Our comprehensive investigation has shown that the November security updates, the Microsoft Malicious Software Removal Tool, and the non-security updates we released through Windows Update in November do not make any changes to the registry as claimed," a Microsoft spokesperson said. "We do not believe Microsoft Updates are related to the behavior described in these reports."

"Based on our investigation so far we can say that we're not seeing this as an issue from our support organization," the spokesperson added. "The issues as described also do not match any known issues that have been documented in the security bulletins or KB articles."

http://www.eweek.com/c/a/Security/Microsoft-Black-Screen-of-Death-Unrelated-to-Patch-Tuesday-Updates-692567

And while you're at eweek.com, see also their article on 10 Reasons Why the New Windows Black Screen of Death Is Alarming

See earlier news on the above in yesterday's News thread:
http://forums.cnet.com/5208-6132_102-0.html?messageID=3186794#3186794
Collapse -
PrevX apologizes - Windows Black Screen Root Cause blog

From PrevX blog:

The issue appears to be related to a characteristic of the Windows Registry related to the storage of string data. In parsing the Shell value in the registry, Windows requires a null terminated "REG_SZ" string. However, if malware or indeed any other program modifies the shell entry to not include null terminating characters, the shell will no longer load properly, resulting in the infamous Black Screen with the PC showing only the My Computer folder.

Having narrowed down a specific trigger for this condition we've done quite a bit of testing and re-testing on the recent Windows patches including KB976098 and KB915597 as referred to in our previous blog. Since more specifically narrowing down the cause we have been able to exonerate these patches from being a contributory factor.

We apologize to Microsoft for any inconvenience our blog may have caused. This has been a challenging issue to identify. Users who have the black screen issue referred to can still safely use our free fix tool to restore their desktop icons and task bar.

http://www.prevx.com/blog/141/Windows-Black-Screen-Root-Cause.html

Collapse -
MSRC: Reports of Issues with November Security Updates

We've received questions about public reports that customers might be experiencing system issues with the November Security Updates (which some are referring to "Black Screen" issues). We've investigated these reports and found that our November Security Updates are not making changes to the system that these reports say are responsible for these issues.

While these reports weren't brought to us directly, from our research into them, it appears they're saying that our security updates are making permission changes in the registry to the value for the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell key.

We've conducted a comprehensive review of the November Security Updates, the Windows Malicious Software Removal Tool, and the non-security updates we released through Windows Update in November. That investigation has shown that none of these updates make any changes to the permissions in the registry. Thus, we don't believe the updates are related to the "black screen" behavior described in these reports.

We've also checked with our worldwide Customer Service and Support organization, and they've told us they're not seeing "black screen" behavior as a broad customer issue. Because these reports were not brought to us directly, it's impossible to know conclusively what might be causing a "black screen" in those limited instances where customers have seen it. However, we do know that "black screen" behavior is associated with some malware families such as Daonol.

http://blogs.technet.com/msrc/archive/2009/12/01/reports-of-issues-with-november-security-updates.aspx

Collapse -
Nominations Now Open for Nation's Top Honor in Public Intere
by Donna Buenaventura / December 1, 2009 4:50 AM PST

The Tides Foundation Pizzigati Prize will award $10,000 to an open source software developer whose work is helping nonprofits succeed

Nominations will open this month for the fourth awarding of the $10,000 Antonio Pizzigati Prize for Software in the Public Interest, the nation's top honor for software developers whose work has made an outstanding contribution to the nonprofit sector and ongoing efforts for positive social change.

Nominations for the prize, the largest annual award in public interest computing, will be accepted through February 1, 2010. The prize winner will be announced this April, in Atlanta, at the NTEN 2010 Nonprofit Technology Conference.

"In today's digital age, nonprofits simply cannot thrive without access to imaginative software applications that speak directly to the work they do," notes Diana Chavez, the Tides Foundation philanthropic associate who coordinates the annual Pizzigati Prize competition. "The developers who create these applications, in the open source spirit, make this access possible - and deserve an honor all their own."

http://www.pizzigatiprize.org/index.php?option=com_content&task=view&id=67&Itemid=29

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?