Attention: The forums will be placed on read only mode this Saturday (Oct. 20, 2018)

During this outage (6:30 AM to 8 PM PDT) the forums will be placed on read only mode. We apologize for this inconvenience. Click here to read details

Spyware, Viruses, & Security forum

General discussion

NEWS - January 21, 2010

by Carol~ Moderator / January 20, 2010 11:23 PM PST
Targeted attacks replace botnet floods in telco nightmares

Targeted attacks against backend systems have replaced botnet-powered traffic floods as the main concerns for security staff at telcos and large ISPs.

Only one in five of the 132 senior telco security experts quizzed by DDoS security and network management specialists Arbor Networks reported the largest attacks they observed as lying within the one-to-four Gbps range last year, compared to 30 per cent in 2008. The most potent DDoS attacks recorded in 2009 hit 49Gbps, a relatively modest 22 per cent rise from the 40Gbps peak reached in 2008.

Although botnet-enabled DDoS attacks the top operational threats faced by the network operators surveyed by Arbor this may change in future. One in three (35 per cent) of security managers at ISPs and telcos across the world quizzed by Arbor reckoned more sophisticated service and application-layer attacks are the biggest threat they face over the coming year.

Continued here: http://www.theregister.co.uk/2010/01/21/arbor_teleco_security_survey/
Discussion is locked
You are posting a reply to: NEWS - January 21, 2010
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - January 21, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Mozilla addresses critical holes with Thunderbird 3.0.1
by Carol~ Moderator / January 20, 2010 11:24 PM PST

21 January 2010

The Mozilla developers have announced the availability of the first security and stability update for version 3 of their popular open source Thunderbird email and news client. In addition to a number of stability and bug fixes, Thunderbird 3.0.1 addresses three critical vulnerabilities.

The update fixes a critical vulnerability in the browser engine used by Thunderbird that could cause a crash, possibly leading to memory corruption and the execution of arbitrary code. The other two critical bugs in liboggplay and the Theora video library could also lead to a crash and potentially allow the execution of arbitrary code on a victim's computer. These are the same vulnerabilities were patched in mid-December by version 3.5.6 of Firefox and by version 2.0.1 of the SeaMonkey "all-in-one internet application suite". The developers strongly recommend all users to upgrade to the latest release as soon as possible.

Continued here: http://www.h-online.com/security/news/item/Mozilla-addresses-critical-holes-with-Thunderbird-3-0-1-909529.html

Collapse -
RockYou hack reveals easy-to-crack passwords
by Carol~ Moderator / January 21, 2010 1:18 AM PST

Analysis of the 32 million passwords recently exposed in the breach of social media application developer RockYou last month provides further proof that consumers routinely use easy to guess login credentials.

Sensitive login credentials - stored in plain text - were left exposed because of a SQL injection bug in RockYou's website. RockYou admitted the breach, which applied to user password and email addresses for widgits it developed, and pledged to improve security in order to safeguard against future problems.

Database security firm Imperva analysed the frequency of password disclosed by the breach, prior to publishing a report on Thursday on Consumer Password Worst Practices, a problem illustrated by the top ten passwords thrown up by the RockYou security snafu (below).

Continued here: http://www.theregister.co.uk/2010/01/21/lame_passwords_exposed_by_rockyou_hack/

Collapse -
Vulnerability in Windows Kernel Privilege Escalation
by Carol~ Moderator / January 21, 2010 1:19 AM PST
New Microsoft Advisory: Vulnerability in Windows Kernel Privilege Escalation (CVE-2010-0232)

Yesterday, we reported about a new Windows Kernel vulnerability [1] . The vulnerability affects all versions of Windows (NT 3.51 up to Windows 7) unless 16-bit application support is disabled. If exploited, the vulnerability will lead to privilege escalation.

Today, Microsoft released an official response in the form of a Security Advisory [2]. The advisory (KB Article 979682) states that Microsoft is investigating the report, and is not aware of any use of the vulnerability in current exploits.

According to Microsoft's list of vulnerable and non-vulnerable systems, 64 bit version of the Windows OS are not vulnerable, but 32 bit versions are. In part this is due to the fact that 64 bit versions of Windows do not include the vulnerable feature (16 bit compatibility).

The workaround outlined by Microsoft matches the workaround proposed in the advisory: Disable access to 16 bit applications. This should work well for the vast majority of systems. But be aware that there is a reason for this feature: Some old (very old) applications do require 16 bit support. This may in particular affect old custom software and support for odd hardware configurations. A standard office desktop should not require any 16 bit applications. As always: Test first.

Continued here: http://isc.sans.org/diary.html?storyid=8050

Also See: Microsoft Security Advisory (979682)
Vulnerabilities / Fixes - January 20, 2010: http://forums.cnet.com5208-6132_102-0.html?messageID=3227042#3227042
Collapse -
Microsoft Confirms Unpatched Windows Kernel Flaw
by Carol~ Moderator / January 21, 2010 1:50 AM PST

OT: Corrected link ( V/F's thread) in above post: Microsoft Windows "KiTrap0D" Privilege Escalation
~~~~~

Microsoft Confirms Unpatched Windows Kernel Flaw

One day after a Google security researcher releases code to expose a flaw that affects every release of the Windows NT kernel -- from Windows NT 3.1 (1993) up to and including Windows 7 (2009) -- Microsoft has released a security advisory to acknowledge the issue and warn of the risk of privilege escalation attacks.

Microsoft warns that a malicious hacker could exploit this vulnerability to run arbitrary code in kernel mode. For an attack to be successful, the attacker must have valid logon credentials..

The flaw does not affect Windows operating systems for x64-based and Itanium-based computers, Microsoft said.

According to Tavis Ormandy, the Google researcher who released the flaw details, Microsoft was notified about the issue in June 2009. After waiting several months and not seeing a patch, he decided it was in the best interest of everyone to go public.

Continued here: http://threatpost.com/en_us/blogs/microsoft-confirms-unpatched-windows-kernel-flaw-012110

Collapse -
Major virus outbreak at University of Exeter
by Carol~ Moderator / January 21, 2010 1:38 AM PST

From Graham Cluley's Blog:

The University of Exeter in England has reported that it suffered a "severe" virus outbreak, which resulted on its entire network being shut down earlier this week.

Although the University reports that 95% of its network is now back to normal operation, mystery still surrounds what exact piece of malware they were hit by.

ZDNet blogger Zack Whittaker appears to have got some inside information, as he quotes an internal support email which says:

'"...this is a completely new virus and we are the only organisation in the world to experience it. None of the mainstream virus software suppliers have seen this virus, and as such, there is no fix."'

Continued here: http://www.sophos.com/blogs/gc/g/2010/01/21/major-virus-outbreak-university-exeter/

Collapse -
New Software Aims to Keep Facebook Safer
by Carol~ Moderator / January 21, 2010 3:34 AM PST

As social-media sites like Facebook and Twitter have expanded to include more of the online population, spammers and hackers have come along for the ride. Even the FCC chairman has seen his Facebook page taken over by a malicious program that sent spam to his friends.

Facebook and other firms have started responding to the problem, and on Thursday tech-security company Websense will announce software called Defensio that allows Facebook users to better police the comments appearing on their wall and fan pages. In addition to detecting and blocking threats such as phishing and malicious Web sites, the software lets users restrict comments that include profanity or adult content.

Continued here: http://blogs.wsj.com/digits/2010/01/20/new-software-aims-to-keep-facebook-safer/

~~~~~

Today from Websense Connect:

Websense Introduces First Real-Time Security Application for Facebook

Websense delivers Defensio 2.0, the first real-time threat detection system for the social Web

Organizations and individuals alike are adopting blogging platforms, social Web sites like Facebook and Twitter, and other Web 2.0 technologies at a rapid pace. In fact 59 percent of all U.S. Internet users now use social networks , 70 percent consume content on social media and social networking sites and 46 percent of Fortune 100 companies have an official company presence on Facebook today.

Unfortunately, the social nature of Web 2.0 also causes security risks to spread swiftly and claim many victims. The chairman of the Federal Communications Commission himself fell victim and accidentally spammed his friends on Facebook after mistakenly clicking on a bad link.

Continued here: http://community.websense.com/blogs/websense-features/archive/2010/01/21/websense-introduces-first-real-time-security-application-for-facebook.aspx

Collapse -
Patch it or Scratch it: RealPlayer
by Carol~ Moderator / January 21, 2010 3:34 AM PST

Securing your computer isn?t just about making sure the doors and windows into your system are latched and patched: Sometimes, it makes more sense to simply brick up some of these entryways altogether ? by getting rid of programs you no longer use.

There are several programs that I?ve mentioned recently and put in this category (Java, QuickTime, Adobe Reader). Allow me to add another program to this list: RealPlayer. If you have this program installed, ask yourself this question: When was the latest time you used it?

Continued here: http://www.krebsonsecurity.com/2010/01/patch-it-or-scratch-it-realplayer/#more-648

Collapse -
Targeted Attack using "Operation Aurora" as the lure
by Carol~ Moderator / January 21, 2010 6:48 AM PST

From the F-Secure Weblog:

Now here's an interesting turn of events.

In the middle of all the attention to the "Operation Aurora" attacks, we're now seeing new targeted attacks that are using this very event as the lure to get the targets to open a malicious attachment!

Here's the email we saw (the mail was forged to look like it came from gwu.edu):

From: david& [blocked] ;@gwu.edu
Date: Wed, 20 Jan 2010 09:26:24
To: (email addresses of the targets)
Subject: Chinese cyberattack

Colleagues,

Attached is a short piece I just wrote for the Far Eastern Economic Review about Chinese cyberattack.

I hope you find it interesting.

If you have any good idea / comments, are warmly welcome to feedback.

Best,
David
Attachment: Chinese cyberattack.pdf


The attachment Chinese cyberattack.pdf (md5: 238ecf8c0aee8bfd216cf3cad5d82448) is a PDF file which exploits the CVE-2009-4324 vulnerability in Adobe Reader (again, this is the one which was patched last week).

Continued here: http://www.f-secure.com/weblog/archives/00001863.html

~~~~~
Also from F-Secure:

Intelligence sector hit by a targeted attack

We just blogged about a highly targeted attack against military contractors.

Now we saw one against the intelligence sector.

This attack was done with a PDF file. Again.

When opened, the PDF file (md5: c3079303562d4672d6c3810f91235d9b) looked like this: [...]

It was targetting the CVE-2009-4324 vulnerability. Again. [...]

What really happens in the background? Just like last time, the exploit code drops a backdoor in a file called Updater.exe (md5: 02420bb8fd8258f8afd4e01029b7a2b0).

Now, what is the document talking about? President's day? DNI Information Sharing Environment? We don't know, but a quick web search tells us that apparently there is going to be an Intelligence fair & expo in Germany next month.

Continued here: http://www.f-secure.com/weblog/archives/00001862.html

Collapse -
Firefox Upgrade Available
by Carol~ Moderator / January 21, 2010 6:49 AM PST

Firefox released 3.6 today with a few notable improvements.

* Changes were made that prevent other programs from adding their own toolbar to Firefox without your permission.
* Firefox 3.6 will alert you about out of date and insecure plugins.
* Private browsing also removes TEMP files

The full details can be found at Upgrading to Firefox 3.6.

Continued here: http://isc.sans.org/diary.html?storyid=8065

Collapse -
Europe's spam war hits stalemate
by Carol~ Moderator / January 21, 2010 6:49 AM PST

ISPs stuck in rut, finds ENISA.

Europe's ISPs are just about holding their own against the global spam barrage, a Europe-wide report has found. Put another way, things are not getting better, but are not getting any worse either.

Judging from the 2009 ENISA (European Network and Information Security Agency) spam survey of ISP's across 27 EU states, ISPs spend substantial sums trapping spam before it gets to the end user, mainly because they have to to keep customers. Small providers spend at least 10,000 Euros ($14,100) fighting unwanted messages, while large companies will exceed seven figure euro sums to do the same.

What most customers probably don't realise is just how many layers of filtering and technology it takes to reduce spam - which is now 95 percent of all email sent says ENISA - to the cleansed inbox most users now experience without causing false positives.

Continued here: http://news.techworld.com/security/3210786/europes-spam-war-hits-stalemate/

Collapse -
?Aurora? update brief DoS
by Carol~ Moderator / January 21, 2010 6:49 AM PST

From the Sunbelt Blog:

Early this afternoon Microsoft released an out-of-band security bulletin patching the vulnerabilities in Internet Explorer. The fix has been at the top of the news since the vulnerabilities it treats are believed to have led to the compromise of Google and about 30 other companies last week in what has been called the ?Aurora? attack. The governments of France and Germany suggested that Internet users switch to a different browser until the vulnerability was fixed.

So, I guess, in a way, this is good news: [...]

It means that the word obviously is out that there?s a problem and there?s a fix.

According to Wikipedia, Microsoft?s IE browser (versions 6 through Cool have a 63 percent browser market share. Apparently, every one of them hit Microsoft?s site at the same time for the update.

Continued here: http://sunbeltblog.blogspot.com/2010/01/aurora-update-accidental-dos.html

Collapse -
Available IPv4 addresses dwindle below 10%
by Carol~ Moderator / January 21, 2010 6:49 AM PST

Internet registries urge network operators to migrate to IPv6

The long-awaited depletion of the Internet's primary address space came one step closer to reality on Tuesday with the announcement that fewer than 10% of IPv4 addresses remain unallocated.

The Number Resource Organization (NRO), the official representative of the five Regional Internet Registries, made the announcement. The Regional Internet Registries allocate blocks of IP addresses to ISPs and other network operators.

The NRO is urging Internet stakeholders ? including corporations, government agencies, ISPs, IT vendors and users ? to take immediate action and begin deploying the next-generation Internet Protocol known as IPv6, which has vastly more address space than today's IPv4.

Continued here: http://www.networkworld.com/news/2010/011910-ipv4-addresses-dwindle.html?hpg1=bn

Collapse -
Upromise Savings transmits members' CC data
by Carol~ Moderator / January 21, 2010 7:02 AM PST
Upromise Savings transmits members' CC data in the clear to shopper-metrics firm

From the Sunbelt Blog:

Privacy advocate and researcher Ben Edelman has found that Upromise savings, a service that collects commissions from participating merchants for its members? college savings accounts, scrapes personal information, including credit card numbers, from transactions and transmits it to a Boston area shopper-metrics firm with no encryption. Neither the Upromise installation nor its privacy policy informs a user that the data collection is going on.

According to its web site, Upromise members get 1-25 percent discounts on eligible purchases from 600 online retailers, eight percent discounts at more than 8,000 restaurants "...when you pay with a registered credit or debit card." and 1-3 percent discount at registered grocery or drug stores, also if they pay with a registered card.

Upromise, owned by Sally Mae, is the biggest private source of college funding contributions in the U.S., having deposited $450 million to members' college savings accounts.

Continued here: http://sunbeltblog.blogspot.com/2010/01/upromise-savings-transmits-members-cc.html

_____________

Ben Edelman's Report:

Upromise touts opportunities for college savings. When members shop at participating online merchants, dine at participating restaurants, or purchase selected products at retail stores, Upromise collects commissions which fund college savings accounts.

Unfortunately, the Upromise Toolbar also tracks users' behavior in excruciating detail. In my testing, when a user checked an innocuously-labeled box promising "Personalized Offers," the Upromise Toolbar tracked and transmitted my every page-view, every search, and every click, along with many entries into web forms. Remarkably, these transmissions included full credit card numbers -- grabbed out of merchants' HTTPS (SSL) secure communications, yet transmitted by Upromise in plain text, readable by anyone using a network monitor or other recording system.

In it's entirety: http://www.benedelman.org/news/012110-1.html
Collapse -
Beware of Massachusetts Senate Race Search Engine Results
by Carol~ Moderator / January 21, 2010 9:19 AM PST

Did you follow the Senate race in Massachusetts between Scott Brown and Martha Coakley? Well, so did cybercriminals. They likely had no interest in who won, however. What attracted them was how many of us were performing online searches, looking for information on the race. So, the bad guys raced to answer this need, but it wasn?t with information on who won. It was with traps to infect us with rogue security software.

Symantec?through use of our Norton Safe Web technology?has identified significant search engine poisoning in searches related to the political race. At one point we looked at the results of a search for ?Massachusetts senate race results? and found that 33 of the first 100 search results led to malicious sites. Eleven of the first 100 results for the related search ?Brown Coakley results? also led to malicious sites. Unfortunately none of this is all that surprising to us. From Michael Jackson?s death, to the tragedy in Haiti, to whatever the next big news story is, the bad guys always seek to take advantage of our interest.

Continued here: http://www.symantec.com/connect/blogs/beware-massachusetts-senate-race-search-engine-results

Collapse -
Widespread Attacks Exploit Newly Patched IE Bug
by Carol~ Moderator / January 21, 2010 9:19 AM PST

The first widespread attack to leverage a recently patched flaw in Microsoft's Internet Explorer browser has surfaced.

Starting late Wednesday, researchers at antivirus vendor Symantec's Security Response group began spotting dozens of Web sites that contain the Internet Explorer attack, which works reliably on the IE 6 browser, running on Windows XP. The attack installs a Trojan horse program that is able to bypass some security products and then give hackers access to the system, said Joshua Talbot, a security intelligence manager with Symantec.

Once it has infected a PC, the Trojan sends a notification e-mail to the attackers, using a U.S.-based, free e-mail service that Symantec declined to name.

As of midday Thursday, Symantec had spotted hundreds of Web sites that hosted the attack code, typically on free Web-hosting services or domains that the attackers had registered themselves.

Continued here: http://www.pcworld.com/businesscenter/article/187413/widespread_attacks_exploit_newly_patched_ie_bug.html

Collapse -
Verizon, McAfee Bolster Online Security
by Carol~ Moderator / January 21, 2010 9:19 AM PST

Verizon (NYSE: VZ) and security software vendor McAfee (NYSE: MFE) on Wednesday announced they will partner together to provide an upgraded version of Verizon Internet Security Suite (VISS) to more than 9 million FiOS Internet and high-speed broadband customers.

Company officials said Verizon is the only Internet service provider to offer broadband customers a combination of McAfee's Internet Security tools, which includes McAfee Family Protection and SiteAdvisor technology, in a bundled Internet security suite.

"Our award-winning Windows Internet security suite now becomes even more powerful with world-class security technology from McAfee," Eric Bruno, Verizon's vice president for product management, said in a statement. "We're excited to work with McAfee to provide VISS subscribers with an enhanced, robust security solution that simplifies online protection at home and in the small-business office."

Continued here: http://www.esecurityplanet.com/trends/article.phpr/3859641/Verizon-McAfee-Bolster-Online-Security.htm

Collapse -
Encryption challenge worth $100K
by Donna Buenaventura / January 21, 2010 2:56 PM PST

News that am encrypted swiss army knife from manufacturers Victorinox remained uncracked - and a $100,000 prize went unclaimed - at the Consumer Electronics Show in Las Vegas this month comes as no surprise.

And, says Andy Cordial, managing director of Origin Storage, even if someone had cracked the 2010 version of the famous swiss army knife, they would have obtained a lot more than $100,000 from other sources.

http://www.net-security.org/secworld.php?id=8744

Collapse -
Facebook plugs friends list mobile leak
by Donna Buenaventura / January 21, 2010 3:04 PM PST

Facebook has fixed a hole that allowed strangers to see your friends list by accessing the site using a mobile device, the company said on Thursday.

"There was an inconsistency between the Web and mobile versions of the site for the friend list visibility option," Facebook spokesman Simon Axten said in an e-mail.

http://news.cnet.com/8301-27080_3-10439252-245.html

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!