Spyware, Viruses, & Security forum


NEWS - January 16, 2012

by Carol~ Moderator / January 16, 2012 4:33 AM PST
Critical hole in McAfee products still open after more than 180 days

Zero Day Initiative (ZDI) has released information on a security problem in McAfee's Security-as-a-Service products (SaaS). The vulnerability broker says that it told McAfee about the hole in April 2011, and that it has now decided to publicly release the information because the vendor still hasn't provided a patch.

The flaw is contained in the myCIOScn.dll program library. In this library, the MyCioScan.Scan.ShowReport() method insufficiently filters user input and executes embedded commands within the context of the browser. The flaw can be exploited when a user opens a specially crafted file or web page. ZDI rates the issue as very severe and has given it a CVSS score of 9 - maximum severity is 10.

ZDI's advisory doesn't state exactly which products are affected. McAfee's range of SaaS products includes "SaaS Email Encryption" for encrypting emails and "Vulnerability Assessment SaaS", which checks software for potential vulnerabilities.

Continued : http://www.h-online.com/security/news/item/Critical-hole-in-McAfee-products-still-open-after-more-than-180-days-1413775.html

See Vulnerabilities & Fixes: McAfee SaaS Endpoint Protection ActiveX Control "ShowReport()" Command Injection
Discussion is locked
You are posting a reply to: NEWS - January 16, 2012
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - January 16, 2012
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Update: Hacking Group TeaMp0isoN Claims Breach of T-Mobile
by Carol~ Moderator / January 16, 2012 5:16 AM PST

The hacking group TeaMp0isoN claims to have compromised Web servers used by T-Mobile, and absconded with account information for company employees, including members of T-Mobile's media team.

The group used a post on its official Twitter account taking responsibility for the attack, which targeted a T-Mobile Web server that hosted part of the company's Web page, including its media relations information. User names, e-mail addresses, phone numbers and passwords for around 80 T-Mobile staff were also posted, including what appear to be a dispiriting number of default passwords.

The leaked information was posted Saturday. However, the attack appears to have occurred in October, judging from date and time stamps on the leaked data, which appeared on pastebin.com.

T-Mobile did not immediately respond to requests for comment and could not confirm the breach. A Web page hosting the company's media relations contacts was offline temporarily on Sunday and early Monday, but was back in service by Monday afternoon.

In an e-mail response, a T-Mobile spokesperson said that the company's newsroom "experienced a security issue last week." No other T-Mobile Web properties were affected by the breach, however.

Continued : http://threatpost.com/en_us/blogs/update-hacking-group-teamp0ison-claims-breach-t-mobile-011612

Also: T-Mobile Hacked by TeaMp0isoN, Administrators and Staff Exposed

Collapse -
Zappos Latest Company Hit by Data Breach
by Carol~ Moderator / January 16, 2012 5:16 AM PST

"The company has taken steps to ensure its customers' passwords will be reset but offers limited details as to the nature of the breach."

Online shoes and apparel outlet Zappos, owned by e-tailing giant Amazon, has suffered a massive data breach that may have affected more than 24 million of its customers.

The company apologized for the occurrence and stressed the database that stores customers' critical credit card and other payment data was not affected or accessed. However, the company sent out an email to its customers notifying them that, for their protection and to prevent unauthorized access, Zappos expired and reset their passwords so customers can create a new password.

"We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on Zappos.com, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password)," Zappos CEO Tony Hsieh wrote in an email to customers and employees.

Continued : http://www.eweek.com/c/a/Security/Zappos-Latest-Company-Hit-by-Data-Breach-581979/

Zappos turns off phones after up to 24 million customer records exposed
Zappos Breached
Zappos breach highlights fragile password, personal data security
Zappos Reports Security Breach, Advises Customers To Change Passwords
Update: Zappos Says 24 Million Customers Affected By Data Breach

Collapse -
IE Bug Exposes Users to XSS Attacks
by Carol~ Moderator / January 16, 2012 5:17 AM PST

From the Imperva Data Security Blog:

A bug in IE allows hackers to conduct XSS attacks. The flaw in IE gets a little techie but it is essentially this: the way double quotes are encoded by IE isn't properly done. This oversight has a significant downstream effect for websites supporting IE (and there's a lot). Since website developers assume requests from IE are properly done, hackers can sneak XSS attacks into websites.

Here are the technical details. Internet Explorer (IE) doesn't encode double quote characters (") in the query part of the uniform resource identifier (URI). This behavior, besides being non standard (as stated by RFC and implemented by other browsers including Chrome or Firefox) may expose IE users to reflected XSS attacks. How? Websites may assume that the URI in the request is properly encoded by the browser and embed it "as is" in the HTML response. Since double quotes are not properly encoded by IE it may break the websites HTML structure and allow an attacker to smuggle an XSS attack against the IE user.

According to RFC 3986 (http://www.ietf.org/rfc/rfc3986.txt) which defines the URI syntax, the proper syntax of the query part of the URI is as follows:

Continued : http://blog.imperva.com/2012/01/ie-bug-exposes-its-users-to-xss-attacks-.html

Collapse -
NASA and ISS data stolen from Japanese space agency
by Carol~ Moderator / January 16, 2012 5:17 AM PST

"JAXA finds second 'virus' on PC of employee"

Sensitive data on a Japanese-designed space vehicle used to supply the International Space Station (ISS) appears to have been compromised after the country's space agency admitted it had discovered a Trojan infection on one of its employee's computers.

Japan's Aerospace Exploration Agency (JAXA) discovered the latest infection on 6 January affecting the same employee whose PC had been hit by malware after opening an infected attachment last July.

That infection was only discovered a month later and is now believed to have led to the loss of data including up to 1,000 email addresses, login details for the agency's intranet, and NASA documents covering operation of the ISS.

Given the employee's work on the JAXA H-II Transfer vehicle (HTV), nicknamed 'Konotori', the agency is worried that the latest infection could also have given attackers access to data on the project.

Continued : http://news.techworld.com/security/3330264/nasa-iss-data-stolen-from-japanese-space-agency/

Also: Japanese Space Agency Loses Data After Computer Infection

Collapse -
Mac Malware Summary 2011 (Q2/Q3/Q4)
by Carol~ Moderator / January 16, 2012 5:17 AM PST

From F-Secure Antivirus Research Weblog:

Brod, a researcher on our Threat Research team has been tasked with tracking emerging Mac based threats. Microsoft Excel is one of the tools he uses to chart variants. From April to December 2011, there have been several dozen new Mac threats.

Well, that's nothing when compared to Windows malware — but it's definitely something when compared to the number of Mac threats seen prior to 2011.

Keep in mind that by "new", we're referring to unique variants, and not the raw number of unique binaries that we've seen. We prefer a more conservative approach when counting malware. The more generic and family based, the better.

Here's an overview: [Screenshot]

Want a closer look? Download Brod's spreadsheet: Mac Threats 2011.

As we correctly predicted back in May (YouTube video), Mac malware has not scaled continuously due to market share, but rather, is more the result of opportunist "bubble economies" that have produced new threats in fits and starts.

We expect more of the same for 2012.


Collapse -
Hacker will release Symantec Norton source code tomorrow
by Carol~ Moderator / January 16, 2012 7:41 AM PST

A HACKER called Yama Tough has declared to the world on Twitter that he will release the full source code of Symantec's flagship Norton antivirus software.

The India-based hacker posted a short tweet simply saying that he will release the 1.7Gb (217MB) source code dump tomorrow. It appears that the source code was acquired in a hacking attack by The Lords of Dharmaraja that we covered earlier this month.

' This comming tuesday behold the full Norton Antivirus 1,7Gb src, the rest will follow...
— Yama Tough (@YamaTough) January 14, 2012

He previously tweeted links to a list of the source code files and the original post by The Lords of Dharmaraja, but those web pages have since been removed. The first post claimed that the source code had been obtained from Indian military intelligence servers.

His account says "Anonymous Avengers of Indian Independence Frontier, Mumbai" and he has links to the hacktivist group Anonymous.

We are still waiting for Symantec's response to this development. Earlier this month it confirmed that some source code was obtained but said that it was out of date.

Symantec has provided us with the following statement regarding the Norton source code.

Continued : http://www.theinquirer.net/inquirer/news/2137750/hacker-release-symantec-norton-source-code-tomorrow

Also: Hackers threaten to release Symantec source code tomorrow

Collapse -
Google Docs-a full-featured, full-service phishing facility?
by Carol~ Moderator / January 16, 2012 7:42 AM PST

SophosLabs has come across two spam campaigns this weekend which rely on Google Docs as a "full-service" phishing back end.

We wrote about Google Docs phishing back in June last year, when the search giant's cloud service was used to target users of Gmail itself.

These recent phishes, however, target two very different groups of users.

The first campaign is aimed at internet users of ANZ, one of the 'big four' Australian banks; the second is aimed at online users of the web portal of a large school in North America. [Screesnhot: ANZ Phishing Email]

'ANZ Bank has a strict policy to ensure that all our customer online banking details are secure and updated regularly. This is done for your own protection because some of our clients no longer have access to their online banking service due to fraudulent activities suspected by the bank management.

In order to make sure that your online banking experience is even more safe and secure, we have introduced a new security feature that allow us to detect any unusual activity on your account. So with regards to this development, to update, re-activate and verify your online banking account login details [color=blue]CLICKHERE[/color]
Thank for your understanding. We hope to serve you more better.

The email above takes you to the Google Docs form shown below:

Continued : http://nakedsecurity.sophos.com/2012/01/16/google-docs-a-full-featured-full-service-phishing-facility/

Collapse -
Log into Gmail on a PC via Your Smartphone
by Carol~ Moderator / January 16, 2012 7:42 AM PST

Google recently introduced a fun (and more secure) way to log into your Google account from a public terminal without entering your password into the PC, and instead using your smartphone and a QR code.

The method is similar to how Google sets up your handset for its two-step log-in process introduced in February 2011. Google's two-step authentication system requires you to enter your password as well as a unique short code generated by a trusted device (your smartphone) to access your account.

The new Google QR log-in now being discussed on Google+ and Hacker News uses your smartphone as a kind of proxy for the desktop PC's browser. You will be able to enter your Google account password into your smartphone and then the PC will "automagically" log you in to your Google account on the PC.

This is a neat trick to use when traveling and relying on public computers, and can protect you from a PC with keylogging software that records every keystroke entered into a compromised machine.

In my tests, I was able to log in using an iPhone as well as an Android device, it's said to also work with Windows Phone 7.

It's not clear when Google created the new QR code log-in system. The earliest mention I could find was on Reddit in late December, but as far as I can tell Google has never publicly announced this log-in option.

Continued : http://www.pcworld.com/article/248235/log_into_gmail_on_a_pc_via_your_smartphone.html

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?