Spyware, Viruses, & Security forum

General discussion

NEWS - December 24, 2010

by Carol~ Moderator / December 23, 2010 10:13 PM PST
Data security breach at the North Pole! Santa's Naughty/Nice list compromised

Following attacks on Gawker, Walgreens and McDonalds, it seems hackers have set their eyes on a new target: Santa!

Reports from the North Pole have confirmed that Santa's Naughty/Nice list has been compromised.

The list is said to contain the name, stocking address and naughty/nice score (the child equivalent of a credit score) of every child on earth. Absent from the leaked data is the "What I want for Christmas" list which is said to be stored in a separate database.

While St. Nick is not commenting on how the leak occurred, an insider elf mentioned a spear phishing campaign a few days ago promising milk and cookies after logging in to a suspicious site.

In the meantime, Santa is asking children to reset the password on their stockings. Santa's workshop has also set up a hotline for children who get coal in their stockings on Christmas day due to any mix up.

Continued : http://nakedsecurity.sophos.com/2010/12/24/data-security-breach-north-pole-santas-naughty-nice-list-compromised/ Happy
Discussion is locked
You are posting a reply to: NEWS - December 24, 2010
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - December 24, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
WikiLeaks' Entire Cache of US Diplomatic Cables Leaked
by Carol~ Moderator / December 23, 2010 11:52 PM PST

Norway's leading newspaper, Aftenposten, claims to have obtained the entire cache of 250,000 U.S. State Department cables believed to be in WikiLeaks' possession, without any strings attached.

WikiLeaks has been gradually releasing cables instead of dumping the whole archive, in order to give each of them the public attention they deserve.

In order to do this, the organization has partnered up with some of the world's largest newspapers, The New York Times (US), The Guardian (UK), Le Monde (France), Der Spiegel (Germany) and El Pais (Spain).

These publications are granted access to the diplomatic cables in advance under certain conditions, like coordinating the publishing of their articles with WikiLeaks' public release of the files they refer to.

According to Ole Erik Almlid, managing editor at Aftenposten, the newspaper has collaborated with the Swedish Svenska Dagbladet (SvD), in order to get early access to the 2,000 documents released so far.

However, the Norwegian publication claims to now have all the 250,000 in its possession without any obligation whatsoever to WikiLeaks.

"We have worked hard to get the documents, but it would be wrong of me to disclose who is the source," Almlid says [approximate translation].

Continued : http://news.softpedia.com/news/WikiLeaks-Entire-Cache-of-US-Diplomatic-Cables-Leaked-174544.shtml

Collapse -
Skype recovers from global blackout
by Carol~ Moderator / December 23, 2010 11:52 PM PST

Free internet phone service Skype says it has 'stabilized' its service following a two day outage.

In a blog post put up late on 23 December, it said it was handling 90% of its typical call volume.

Audio, video and instant messaging systems that run over the Skype network were now running normally, it said.

Skype said the fault had been caused by a "software issue" on critical parts of its network.

"We take outages like this really seriously and apologise for the inconvenience," Skype chief Tony Bates told BBC News.

In a blog post, the company said that it would offer compensation in the form of call credit vouchers to its paying customers.

The only services left to fix were offline instant messaging and group video calls. It said the problems that took the service offline were not caused by a malicious attack. It hoped to publish a more in-depth explanation in the near future.

Continued : http://www.bbc.co.uk/news/technology-12064394

Also: Skype makes wobbly return, offers compo to paying punters
Related : Millions affected as Skype goes down

Collapse -
Bank of America Buying Naughty Domain Names
by Carol~ Moderator / December 23, 2010 11:52 PM PST

It's a common practice among the disgruntled, Internet-savvy customers to create websites with embarrassing domain names to sharpen any axes they have to grind with Corporate America and its executives.

When confronted with these guerilla attacks against their prestige, most companies grin and bear it. That's not the case with Bank of America, which has taken the offensive against offending domain names by buying them up.

The bank has been feverishly registering domains that include the names of its directors and executives combined with "sucks" or "blows," according to Domain Name Wire. Hundreds of domain names were registered by the bank on December 17 alone, Domain Name Wire said.

Among the names registered by the bank to protect its CEO Brian Moynihan, for example, were BrianMoynihanBlows.com, BrianMoynihanSucks.com, BrianTMoynihanBlows.com, and BrianTMoynihanSucks.com. In addition to the .com domains for those names, .net and .org versions were also registered (though .info seems to have escaped the bank's notice).

Continued : http://www.computerworld.com/s/article/9202400/Bank_of_America_Buying_Naughty_Domain_Names

Collapse -
Old ZeuS Variant Returns for Christmas
by Carol~ Moderator / December 23, 2010 11:53 PM PST

The last time a significant ZeuS/ZBOT development cropped up in the threat landscape, a new ZeuS-LICAT variant was identified. It was also not too long ago when news of a possible merger between the creator of ZeuS and SpyEye made headlines. This time, it is interesting to see an earlier version of the notorious malware recently making its rounds online.

A spammed message, purportedly from the Executive Office of the President of the United States, spreads holiday cheer with a message and links to what is supposedly a greeting card. Clicking the link, however, leads users to a website injected with malicious iFrame tags, which Trend Micro detects as HTML_IFRAME.SMAX. Viewing the malicious HTML page leads to the download of a .ZIP file, which contains the malware detected as TSPY_ZBOT.XMAS.

[Screenshot of Spammed Message] [Screenshot of Malicious HTML Page]

This particular variant exhibits routines that ZeuS version 1.x are known for. Apart from the typical information theft routines, it modifies HOSTS files to prevent affected victims from accessing AV-related websites. The technique of using important events to lure potential victims to open the spam mail is not new either. While some targeted victims may have an idea that the these types of messages could be malicious, some people simply rely on their antivirus programs. The cybercriminals behind this attack took advantage of this fact by ensuring that the file is heavily packed and is not yet detected by most AV programs, leaving unknowing users vulnerable.

Continued : http://blog.trendmicro.com/old-zeus-variant-returns-for-christmas/

Collapse -
Mozilla takes on web data miners with privacy icon release
by Carol~ Moderator / December 23, 2010 11:53 PM PST

Mozilla has pushed out a series of privacy icons that tell web surfers how their online data might be used depending on what site they've visited.

The open source browser maker's user interface design guru, Aza Raskin, who announced just last week that he was leaving Mozilla in January, released an alpha version of the icons yesterday.

"Think about the large number of sites which vehemently promise to never share your email address when you sign up for their service or mailing list. Those are the kinds of sites, which make up a significant fraction of the web, that would adopt Privacy Icons," explained Raskin on his blog.

He wants the Firefox icons to work as a "bolt on" to existing privacy policies held on individual websites. [Screenshot]

Continued : http://www.theregister.co.uk/2010/12/24/mozilla_privacy_icons/

Collapse -
Re: North Pole Breach
by Fish / December 24, 2010 12:18 AM PST

Carol, this is truly sad news.:-(


Merry Christmas,Carol!

Collapse -
Luckily ...
by Kees_B Forum moderator / December 24, 2010 12:28 AM PST
In reply to: Re: North Pole Breach

Carols naughty/nice score (which happens to be "VERY VERY NICE", I read on http://www.santaleaks.com) is uncompromised. Only the child-part of the database has been hacked.

Kees

Collapse -
As tragic as the news is, it beats hearing about Wikileaks!
by Carol~ Moderator / December 24, 2010 1:49 AM PST
In reply to: Luckily ...

I had to say it! The Devil made me do it.

Trying to find ANY news, other than that of Wikileaks, is becoming nearly impossible these days.

I wish you both a Joyful Holiday..

Carol

Collapse -
An aside.
by Kees_B Forum moderator / December 25, 2010 3:30 AM PST
In reply to: Luckily ...

While with children it's clear nice children are much preferred above naughty children (and not only by Santaclaus), there's an interesting switch with girls in their twenties. Most men, if you ask them, would prefer the company of a naughty girl above that of just a nice one.
Or is this a naughty masculine thought?

Kees

Collapse -
A question of class
by Carol~ Moderator / December 24, 2010 1:44 AM PST

Back in November, we covered the rampant re-emergence of Java Exploits that took advantage of the many unpatched Java VMs in use on home and university PCs. The situation has improved since, mainly because the need to patch Java to the latest version was well publicized. Anti-Virus, on the other hand, is still having a hard time detecting the ever-mutating exploits for CVE-2010-0840 and other bugs, so if your Java is not patched yet, make your computer a Christmas present and update to the latest JRE.

If you have proxy logs that keep track of your users' surfing, there are two easy ways to double-check on your perimeter anti-virus:

(1) egrep "bpac.*class" on the log. Six weeks after my initial diary, the bad guys are still friendly enough to compile their exploit into a JAR that uses a "bpac" subfolder. Yes, searching for a fixed string is pretty silly, but hey, it's for free, and just about as sophisticated and fancy as what your anti-virus does, anyway.

Continued : http://isc.sans.edu/diary.html?storyid=10141

Collapse -
Getting a Kindle for Xmas?
by Carol~ Moderator / December 24, 2010 1:58 AM PST

From Randy Abrams at the ESET Threat Blog:

This isn't exactly a security post, although when things go wrong on electronic devices viruses almost always are suspected and blamed. Well, the truth is that sometimes it is a hardware problem.

Many Kindle users complained of crashes. The Kindle has not been found to have exploitable vulnerabilities (yet) and isn't even reported to have an operating system that could sustain a virus.

A recent article at http://www.theregister.co.uk/2010/12/22/kindle_crashes/ explains the cause of the crashes. The problem is that some of the covers for the Kindle are drawing power from the Kindle.

Yeah, it isn't exactly security, but perhaps you or someone you know will be spared a lot of frustration by knowing about the problem, and when it comes down to it, sparing people frustration is what we who work for security companies are trying to do.

http://blog.eset.com/2010/12/22/getting-a-kindle-for-xmas

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

We are giving away 'Black Panther' swag!

Four lucky readers will be taking home *Marvel*ous "Black Panther" prizes, including magazines autographed by the King of Wakanda himself! Giveaway ends Feb. 25, 2018.