Spyware, Viruses, & Security forum

General discussion

NEWS - February 16, 2011

Oracle Database Firewall To Replace DAM? Not So Fast, Competitors Say

"AppSec, Guardium disagree with Oracle's assertion that database firewalls can act as a DAM substitute"

RSA Conference 2011 -- Oracle stirred the database security pot this week with the release of a new database firewall product and a partnership with F5 for Web application security, which together it claims will supersede the database activity monitoring (DAM) market. The assertion sparked controversy among competitors who say gaps in the database firewall's auditing capabilities and Oracle's vested interest in its own database platform will limit its play as a one-stop shop for database security.

Monday's release of Oracle Database Firewall is the culmination of the company's acquisition of database security vendor Secerno last year. The product creates a defensive perimeter around databases by looking at SQL statements sent to the database through the wire to determine whether to pass, log, alert, block, or substitute SQL statements based on an organization's policies. Users can set whitelist or blacklist policies to control the product, which is designed to work not only with Oracle databases, but also other major platforms, such as DB2, SQL Server and Sybase platforms.

Continued @ Dark Reading

Related : Oracle Database Firewall Delivers Vendor-Agnostic Security
Discussion is locked
You are posting a reply to: NEWS - February 16, 2011
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - February 16, 2011
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Windows 7 Service Pack 1 Is Available For MSDN/Technet

In reply to: NEWS - February 16, 2011

Just a note about Service Pack 1 for Windows 7 for which the date was previously posted in the forums. I'm currently in the process of downloading the MSDN/TechNet subscriber version of Windows 7 Service Pack 1. At this point in time, the Windows 7 downloads show the service pack to be available as "Windows 7 and Windows Server 2008 R2 Service Pack 1 (x86 and x64) - DVD (Multilanguage)". The file downloads as an .ISO file of approximately 1.9 GB and will be burned to a DVD.


Later releases will surely be available in smaller sizes as just X86 or X64 but at this time, the above file is what I see.

In addition, for those that qualify to use the MSDN site, full "Windows 7 WITH Service Pack 1" are also available.

Hope this helps.


Collapse -

In reply to: NEWS - February 16, 2011

From the F-Secure Weblog:

A few days back, Mikko tweeted about a new Android trojan named ADRD (we detect it as as Trojan:Android/Adrd.A).

ADRD was mostly found included in several applications from a third-party application provider in China, with the applications repackaged to contain the trojan. So far, most of the infected applications have been wallpaper-related.

Here is an example of an infected application: [Screenshot]

An installed application infected with ADRD may show these permissions: [Screenshot]

These permissions enable ADRD to start its routine during phone start up, changing of data connection such as enabling/disabling network data access. Some of its permissions may include access to the SD card, the phone and the Access Point Name(APN) settings.

ADRD's functionality appears to involve contacting a remote host, which may be:

• adrd.tax[..].net
• adrd.xiax[..].com

and sending the phone's info - specifically, the International Mobile Equipment Identity (IMEI) and International Mobile Subscriber Identity (IMSI). Data being transmitted is DES encrypted.

Continued : http://www.f-secure.com/weblog/archives/00002100.html

New Android Trojan Surfaces in China
New Android Trojan horse could prove costly

Collapse -
Lessons to learn from the HBGary Federal hack

In reply to: NEWS - February 16, 2011

The Anonymous attack on HBGary may have amused some who enjoyed the sight of a security firm left embarrassed and exposed, but it should send a shiver down the spine of any IT administrator responsible for securing their own company.

Because can you honestly put your hand on your heart and say a hack like the one against HBGary couldn't happen at your organisation too?

As Ars Technica explains, a weakness in a third-party CMS product used by HBGary's website allowed Anonymous hackers to steal passwords that employees used to update the webpages.

Unfortunately they were passwords that weren't encrypted strongly enough, and were possible to crack with a rainbow-table based attack. Amongst those exposed were CEO Aaron Barr and COO Ted Vera.

Worse still, it appears that Aaron Barr and Ted Vera were using the same passwords for their Twitter and LinkedIn accounts, and even for an account which administered the entire company's email.

By exploiting software vulnerabilities, poor passwords and even some tried-and-trusted social engineering (see below) it was trivial for the hackers to steal the entire company's email and deface its website. [Screenshot]

Continued : http://nakedsecurity.sophos.com/2011/02/16/lessons-to-learn-from-the-hbgary-federal-hack/

HBGary related : Hacked and now vandalized, HBGary pulls out of RSA

Collapse -
Surveillance Footage & Code Clues Indicate Stuxnet Hit Iran

In reply to: NEWS - February 16, 2011

New clues about Stuxnet provide the strongest evidence yet that the superworm targeted a nuclear enrichment plant in Iran, according to a new report.

The clues come from surveillance cameras installed by international investigators at the Natanz enrichment plant in Iran - which show Iranian workers feverishly replacing damaged equipment during the time Stuxnet is believed to have attacked the plant. Other clues appear in the attack code itself, showing that the worm targeted a configuration that researchers now say match precisely the centrifuge setup at Natanz. And still more clues are found in connection to five organizations that researchers say were first targeted by the worm before it hit Natanz.

The findings come in a report released Tuesday (.pdf) by the Institute for Science and International Security (ISIS), which says that while Stuxnet may have hit Natanz, its impact on Iran's nuclear program was not detrimental.

Stuxnet was discovered last June by researchers at a security firm in Belarus who found it on infected machines belonging to customers in Iran. Recent reports have indicated that the malware was developed by a U.S. government lab and tested in Israel before being unleashed.

Continued : http://www.wired.com/threatlevel/2011/02/isis-report-stuxnet/

Collapse -
Winamp advises forum password reset after mystery hack

In reply to: NEWS - February 16, 2011

Winamp is advising users of its media player software who frequent its forum to change their passwords after a security breach resulted in the disclosure of thousands of email addresses.

The breach only exposed users' email addresses, so the forum logon password change policy is purely a precaution, according to Winamp. The firm said that users of its media player software were not affected directly by the breach, which hit only its forum and not its main site winamp.com or its developers' site.

Beyond saying that it had detected an attack on its forum database - later determined to be isolated - Winamp says little about the likely source or motive of the cyber-assault. In a statement (extract below), the software developer apologises for the incident, which may leave an unknown number of users more exposed to spam.

Continued : http://www.theregister.co.uk/2011/02/16/winamp_forum_hack_password_reset/

Collapse -
Having a Ball with ATM Skimmers

In reply to: NEWS - February 16, 2011

On February 8, 2009, a customer at an ATM at a Bank of America branch in Sun Valley, Calif., spotted something that didn't look quite right about the machine: A silver, plexiglass device had been attached to the ATM's card acceptance slot, in a bid to steal card data from unsuspecting ATM users.

But the customer and the bank's employees initially overlooked a secondary fraud device that the unknown thief had left at the scene: A sophisticated, battery operated and motion activated camera designed to record victims entering their personal identification numbers at the ATM.

The camera was discovered more than a day later by a maintenance worker who was servicing the ATM. The device, pictured below with the boxy housing in which it was discovered, was designed to fit into the corner of the ATM framework and painted to match. [Screenshot]

The ATM pictured on the right below is shown with the card skimmer and video camera attached (click the image for a slightly larger look). [Screenshot]

California police say the video camera and skimmer were installed by the person pictured below. The entire scam ran only for about three hours, and was reported about 11 AM. Police recovered both the skimmer and video camera, so no customer or bank losses ensued as a result of the attack. Meanwhile, the crook responsible remains at large.

Continued : http://krebsonsecurity.com/2011/02/having-a-ball-with-atm-skimmers/

Collapse -
Microsoft Has a Change of Heart on How to Keep Internet Safe

In reply to: NEWS - February 16, 2011

Should ISPs be the ones who keep hacked PCs off the Internet? Microsoft's chief security executive used to think so, but now he's had a change of heart.

Speaking at the RSA Conference Tuesday, Microsoft Corporate Vice President for Trustworthy Computing Scott Charney said that he no longer thought it was a good idea for service providers to be the ones on the hook for keeping infected PCs from the rest of the Internet.

"Last year at RSA I said, 'You know we need to think about ISPs being the CIO for the public sector, and we need to think about them scanning consumer machines and making sure they're clean and maybe quarantining them from the Internet,'" he said. "But in the course of the last year as I thought a lot more about this I realized that there are many flaws with that model."

Consumers may see security scans as invasive and a violation of privacy, and with more and more people using the Internet as their telephone, quarantining a PC could amount to cutting off someone's 911 service, he said. "You see the scenario, right: a heart attack, I run for my computer, it says you need to install four patches and reboot before you can access the Internet. That's not the experience we strive for."

Continued : http://www.pcworld.com/businesscenter/article/219728/microsoft_has_a_change_of_heart_on_how_to_keep_internet_safe.html

Collapse -
Hackers use hidden device to manipulate news @ Wi-Fi hotspot

In reply to: NEWS - February 16, 2011

What if you are reading the news and some startling and almost unbelievable headline caught your eye such as "U.S. wants Assange as head of Defense Department"? That would surely be something worth sharing on Facebook or tweeting about? But after you share it, people quickly reply to let you know the headline says no such thing. Yet you can clearly see that it does, so what gives? If you happened to be reading the news at a Wi-Fi hotspot, chances are that you've been had by Newstweek.

If a device called Newstweek is plugged in at a wireless hotspot, then people connected to that Wi-Fi can have all media content modified, changed or otherwise edited by a hacker who is operating from a remote location.

Tech savvy Berlin-based artists Julian Oliver and Danja Vasiliev came up with the Newstweek project to address the potential of how "trustworthy" news can be manipulated and controlled by the "gatekeepers." Newstweek is a fascinating yet terrifying reminder of how our trusted media content can easily be censored or modified to manipulate public perception of what is happening in the world. The creators point out "Data from Reporters Without Borders" as an illustration of "a world increasingly seen through a filter of government-issued data surveillance."


Collapse -
Panda Security launches 'Internet in Safe Hands' campaign

In reply to: NEWS - February 16, 2011

Panda Security has launched a senior citizens' safer internet campaign, with the aim of educating people over 60 on how to make their internet activities more safe.

The campaign comes after the Spanish-headquartered IT security vendor completed a survey of several thousand internet users over 60 and discovered that 69% of users in the 60-plus age range are male, and 68% spend more than five hours a week online.

Researchers found that the most popular online activity in the age range is checking is email (100%) followed by information on leisure activities (73%) and online shopping (72%) .

Panda says that the 'Internet in Safe Hands' campaign seeks to educate and protect the whole family by offering internet security tips according to each member's common habits and online behaviours.

Whilst the results of the study indicated that use of social networks and actively commenting on blogs is not a frequent habit of most senior citizens (34% and 14%, respectively), even the use of email can put users at risk for phishing and other malware schemes.

Continued : http://www.infosecurity-magazine.com/view/15987/panda-security-launches-internet-in-safe-hands-campaign/

Collapse -
US Hacker Earns $8 Million from German Dial-Up Fraud Scheme

In reply to: NEWS - February 16, 2011

A hacker from New Hampshire will be sentenced later this month for his role in a fraud scheme that involved installing malware on the computers of German dial-up users.

The fraudulent operation lasted from 2003 until 2007, during which time Asu Pala, 37, of New Hampshire, and his co-conspirators used a custom malicious program to abuse the modems of computers they infected.

The program silently dialed premium rate phone numbers set up by the hackers in Germany, racking up fraudulent charges on people's telephone bills.

According to prosecutors, Pala's role was to recruit programmers to work on the malicious application and to distribute it to the targets.

In total, the hacker is believed to have earned $7,941,336. He is also accused of failing to pay $2,287,993 in income taxes.

In April 2010, Pala pleaded guilty to one count of conspiracy to commit computer fraud and five counts of failure to file income tax return.

The man faces a maximum of ten years in prison, but under the plea agreement the US Attorney will recommend 92 months. In addition, he will forfeit his illegal income and will pay a fine, as well as restitution to the victims and the IRS.

Continued : http://news.softpedia.com/news/US-Hacker-Earns-8-Million-from-German-Dial-Up-Fraud-Scheme-184619.shtml


Collapse -
The World's Top Spamming Botnets

In reply to: NEWS - February 16, 2011

RSA Conference 2011 - The world's biggest and most prolific spamming botnet is now Rustock, with a 250,000 head count of bots, and its size and staying power have much to do with its constantly evolving stealth tactics, according to new research.

Joe Stewart, director of malware research for Dell SecureWorks Counter Threat Unit, says Rustock hit the number-one spot thanks to its developers constant evolution of the code base. The rootkit-based malware can hide from anti-virus software and employes several advanced techniques to evade detection.

Unlike in the past, bigger isn't necessarily a better strategy for a spamming botnet. Most botnets operators are keeping their botnets smaller to remain under the radar and to avoid takedown operations such as those suffered by Mega-D, Waledac, and others. "The model seems to be fly under the radar just to the point that no one cares about you," Stewart says. "These botnets have had good success at it," he says of those on the list of top spamming botnets he released today.

Continued : http://www.darkreading.com/insider-threat/167801100/security/attacks-breaches/229218736/the-world-s-top-spamming-botnets.html

Collapse -
Mozilla slams out of date IE9 browser

In reply to: NEWS - February 16, 2011

Mozilla has launched a scathing attack on Microsoft, criticising the latest Internet Explorer release for not being modern enough, and highlighting a number of ways in which it is failing.

Paul Rouget, technology evangelist at Mozilla, commended IE9 for being better than IE8, but said it still does not stand up against the competition.

"IE9 is a step in the right direction, but I don't believe it to be a truly modern browser," he wrote in a blog post.

Rouget cited several reasons why IE9 is failing, starting with its lack of support for modern web standards, including HTML5.

Microsoft's claims about IE9's support features are flawed, according to Rouget, because they are drawn from internal Microsoft tests. Worse still, they were created during the development of the browser.

"Does IE9 support 99 per cent of the HTML5 specification as insinuated by Microsoft? No, they're actually pretty far from it," he said.

Continued : http://www.v3.co.uk/v3/news/2274818/microsoft-internet-explorer

Also : Microsoft, Mozilla Battle Over What Makes a 'Modern' Web Browser

Collapse -
CA cloud service measures security risk, keeps out riff-raff

In reply to: NEWS - February 16, 2011

CA Technologies today announced its cloud-authentication service now features advanced controls to let customers more effectively control who gets into corporate applications.

The CA Advanced Authentication Cloud Service offers risk-based scoring that ties the strength of the authentication needed to the specific application the user wants to do after initial logon. For instance, a simple password might be deemed sufficient for some applications such as e-mail, while stronger two-factor authentication might be required when trying to access more sensitive information, such as a payroll application.

"When you hit a URL, it will check how you authenticated against a risk core," says Lina Liberti, vice president of marketing at CA, about the software-as-a-service. The initial way that the user gained access to some corporate resources via the service may be deemed not fully sufficient to gain access to other resources and the user may be prompted to provide a stronger type of authentication.

The service is based on the Arcot technology that CA acquired late last year, which has now been integrated into CA's SiteMinder Web authentication product and service. Previously, the Arcot technology working in conjunction with SiteMinder would only offer a "yes" or "no" guidance on authentication by the user, not a risk score related to all the activities the user wants to do after online authentication.

Continued : http://www.networkworld.com/news/2011/021611-ca-cloud-authentication.html

Also : CA Adds Mobile and Tagless Authentication to Arcot Cloud Security Service

Collapse -
Tax Return Virus Perfectly Timed

In reply to: NEWS - February 16, 2011

Cybercriminals are always eager to exploit any angle possible when it serves their interests and helps them to spread their malware to as many individual's computers as possible. Today we are seeing a Malware campaign that is at the very least well timed and fairly well crafted.

The messages we are seeing, claim to be from the IRS and state that "Your Federal Tax Payment has been rejected". The message contains an attachment that you are asked to open for more information. The attachments contains an .exe file that if run will infect your computer instantly. Under preliminary analysis the infection has been identified as a variant of the Zeus Trojan. At 9am CST only 1 of 41 AV engines are able to identify the attachment as malicious software. Here is a look at the message: [Screenshot]

Messages claiming to be from the IRS are nothing new but this is perhaps the most uniquely well timed attack that we have seen. Since the U.S. government waited until the last minute to extend tax cuts at the end of 2010, the IRS was unable to accept millions of tax returns until just yesterday. Every individual claiming certain deductions and using tax software to e-file their return would have had their tax return held by the tax preparation company (TurboTax, Taxact, H&R Block, etc..) until Feb. 14th ,then sent automatically, when the IRS would be ready to accept these returns.

Continued : http://blogs.appriver.com/blog/digital-degenerate-2/tax-return-virus-perfectly-timed

Collapse -
New Norton CyberCrime Index rates your risk

In reply to: NEWS - February 16, 2011

A new free tool from the makers of Norton attempts to quantify the real-time state of cybersecurity. It makes its debut today alongside the latest version of Symantec's all-in-one consumer security suite, Norton 360.

The Norton CyberCrime Index lies somewhere between a weather report and the United States' threat level advisory system, and Norton 360 version 5 launches with a direct link to it.

The CyberCrime Index uses a statistical model based on information from Symantec's Global Intelligence Network, ID Analytics, and DataLossDB. At the top level, the CyberCrime Index takes this data and creates a number evaluating the relative risk of the threats of the day. However, it also provides a more in-depth look at active threats, threat trends, and provides advice on what kinds of behaviors are being most heavily targeted that day.

Symantec has had the statistical model and algorithm it uses in the CyberCrime Index vouched for by the University of Texas at San Antonio.

Continued : http://download.cnet.com/8301-2007_4-20032077-12.html

Collapse -
NYC Hospital Data Theft Affects 1.7 Million Patients

In reply to: NEWS - February 16, 2011

Thieves robbed a van containing health records for over 1.7 million patients, staff, vendors and contractors of the North Bronx Healthcare Network in New York City.

The computer backup tapes were stolen on Dec. 23, but the New York City Health and Hospitals Corporation began notifying victims Feb. 9, according to statement issued by the 14-hospital system on Feb. 11. While it took HHC nearly two months before reporting the data breach, it was well within the 60-day period required by New York state law. It took HHC this long to sort through the files to assess what kind of information the tapes had contained and who it belonged to, before reporting the data breach, according the hospital group.

"Letters in 17 languages have begun to be mailed to patients and affected individuals this week advising them of the theft and informing them of protective services that have been made available," Alan D Aviles, the president of the HHC, said in the statement.

Patients who have visited the Jacobi Medical Center, North Central Bronx Hospital, Tremont Health Center and Gunhill Health Center over the past 20 years, from 1991 to Dec. 2010, are affected by this data breach. The stolen flies also contained medical information for staff, vendors and contractors who work for the hospitals and had either access to the QuadraMed computer medical record system, or had been examined and screened by the hospitals' Occupational Health Service, HHC said.

Continued : http://www.eweek.com/c/a/Security/NYC-Hospital-Data-Theft-Affects-17-Million-Patients-282182/

Collapse -
Watson Terminates Humans in First Jeopardy Round

In reply to: NEWS - February 16, 2011

Security news? Not really. Of interest? Maybe. Plain

February 15, 2011

IBM supercomputer Watson closed the pod-bay doors on its human competition Tuesday night in the first round of a two-game Jeopardy match designed to showcase the latest advances in artificial intelligence. The contest concludes Wednesday.

By the end of the Tuesday's shellacking, Jeopardy's greatest champions, Ken Jennings and Brad Rutter, were sporting decidedly sour looks.

Watson had a near-miss at the end of the game, when it incorrectly answered the Final Jeopardy clue, but when the dust settled, the supercomputer had earned $35,734, blowing out Rutter and Jennings, who had earned $10,400 and $4800, respectively.

That final missed clue puzzled IBM scientists. The category was US Cities, and the clue was: "Its largest airport was named for a World War II hero; its second largest, for a World War II battle."

Rutter and Jennings both correctly wrote "What is Chicago?" for O'Hare and Midway, but Watson's response was a baffling "What is Toronto???" complete with the additional question marks.

Continued : http://www.wired.com/epicenter/2011/02/watson-game-one/

IBM Research Company Blog: Watson on Jeopardy! Day Two: The Confusion over an Airport Clue

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.