Spyware, Viruses, & Security forum


NEWS - January 23, 2012

by Carol~ Moderator / January 23, 2012 12:15 AM PST
DreamHost Resets Customer FTP Passwords Following Database Breach

Los Angeles-based Web hosting firm DreamHost reset the FTP and shell access passwords for all of its customers on Friday after detecting unauthorized activity within one of its databases.

"One of DreamHost's database servers was illegally accessed using an exploit that was not previously known or prevented by our layered security systems in place," said DreamHost's CEO, Simon Anderson, in a blog post on Saturday.

Even though it couldn't be blocked, the unauthorized access was detected by one of the company's intrusion detection systems (IDS), allowing its security team to react quickly and take the necessary mitigation steps.

The company notified its customers about the security breach via email and informed them that only passwords used for FTP and shell access were affected by the breach. Billing or personal information was not exposed, DreamHost said.

DreamHost customers use three different passwords for accessing the Web administration panel, their email and their FTP/shell accounts. Changing the email passwords was also recommended by the company as a precaution, but this wasn't enforced.

Continued : http://www.pcworld.com/businesscenter/article/248565/dreamhost_resets_customer_ftp_passwords_following_database_breach.html

DreamHost warns customers of possible password breach
DreamHost warns of password hack
DreamHost Warns of Attack, Forces Customer Password Changes
Discussion is locked
You are posting a reply to: NEWS - January 23, 2012
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - January 23, 2012
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Megaupload founder Kim Dotcom arrested in New Zealand
by Carol~ Moderator / January 23, 2012 1:07 AM PST

"Dotcom and three others detained in New Zealand following US anti-piracy charges as website is shut down"

Megaupload founder Kim Dotcom and three other people connected with the file-sharing site were arrested in Auckland as the website was shut down by US federal authorities.

Megaupload.com is a "cyberlocker" website which allows users to upload and store large files. The US Department of Justice (DoJ) alleges the site was the hub of an "international organised criminal enterprise" that was responsible for "massive worldwide online piracy of numerous types of copyrighted works."

Megaupload.com and other related sites have generated more than $175 million in criminal proceeds and causing more than half a billion dollars in harm to copyright owners, claimed the DoJ.

According to a statement on the FBI website, Dotcom, along with chief marketing officer Finn Batato, Mathias Ortmann, chief technical officer, Ortmann and Bram van der Kolk, programmer, were arrested "by New Zealand authorities, who executed provisional arrest warrants requested by the United States Department of Justice."

Continued : http://news.techworld.com/security/3331824/megaupload-founder-kim-dotcom-arrested-in-new-zealand/

Megaupload takedown makes headlines and waves as Mr Dotcom applies for bail
MegaUpload Bail Decision Delayed

Collapse -
Fake Camera+ app hits the iPhone App Store
by Carol~ Moderator / January 23, 2012 1:07 AM PST

How much trust do you put in Apple's stewardship of the App Store - the online marketplace where you can download apps for your iPhone or iPad?

Chances are that you don't think twice about installing software from the App Store - after all, all the software up there has been verified by "Apple", right?

Well, just because Apple has put in procedures to police their App Store, and - unlike the Google Android platform - pre-approve each app, doesn't mean that fake or malicious apps have never appeared.

This weekend the iPhoneography blog spotted a bogus app posing as the popular Camera+ application. [Screenshot]

Fortunately, iPhoneography's Glyn Evans realised something fishy was afoot and contacted Tap Tap Tap, the real makers of Camera+, and asked them to confirm whether the app - which claimed to be "THE MOST AMAZING CAMERA+ VERSION YET" - was legitimate or not.

Oh, Apple and your all too often disappointing approval process. Thanks to Glyn Evans for noticing this Camera+ fake: iphoneography.com

tap tap tap (@taptaptap) January 21, 2012

We haven't been able to get our hands on a copy of the bogus app, so we cannot confirm if it contained any malicious functionality. It is possible that the popular app's name was being taken in vain, simply in order to try to earn some money from online purchases.

Continued : http://nakedsecurity.sophos.com/2012/01/23/fake-camera-app-hits-app-store/

Collapse -
'Citadel' Trojan Touts Trouble-Ticket System
by Carol~ Moderator / January 23, 2012 1:07 AM PST

Underground hacker forums are full of complaints from users angry that a developer of some popular banking Trojan or bot program has stopped supporting his product, stranding buyers with buggy botnets. Now, the proprietors of a new ZeuS Trojan variant are marketing their malware as a social network that lets customers file bug reports, suggest and vote on new features in upcoming versions, and track trouble tickets that can be worked on by the developers and fellow users alike.

The ZeuS offshoot, dubbed Citadel and advertised on several members-only hacker forums, is another software-as-a-service malware development. Its target audience? Those frustrated with virus writers who decide that coding their next creation is more lucrative and interesting than supporting current clients.

"Its no secret that the products in our field — without support from the developers — result in a piece of junk on your hard drive. Therefore, the product should be improved according to the wishes of our customers," Citadel's developers claim in an online posting. "One problem is that you have probably experienced developers who ignore your instant messages, because there are many customers but there is only one developer."

In the following excerpt, taken from a full description of Citadel's innovations, the developers of this malware strain describe its defining feature as a social networking platform for malware users that is made available through a Web-based portal created by the malware itself.

Continued : http://krebsonsecurity.com/2012/01/citadel-trojan-touts-trouble-ticket-system/#more-13474

Collapse -
EU to Propose New Data Breach, Privacy Regulations
by Carol~ Moderator / January 23, 2012 2:05 AM PST

The European Union (EU) is preparing to propose new rules that will require companies to disclose data breaches within 24 hours, according to reports.

The new rules are aimed at protecting customers and reducing bureaucracy, EU Justice Commissioner Viviane Reding explained in a speech at a conference today in Munich.

"Companies that suffer a data leak must inform the data protection authorities and the individuals concerned, and they must do so without undue delay," Bloomberg quoted Reding as saying at the DLD conference. "European data protection rules will become a trademark people recognize and trust worldwide."

Reding also spoke about the importance of simplifying approaches to protecting data online, and stated that Europe's current system has too many conflicting rules.

"The extra cost to business of this fragmentation is 2.3 billion euros ($3 billion) a year," she was quoted as saying by Reuters.

According to Reuters, the proposal would grant individuals additional rights, including a "right to be forgotten," which would allow people to request their information be erased and not distributed online. A "right to data portability" would ensure people can easily transfer their personal data between companies.

Continued : http://threatpost.com/en_us/blogs/eu-propose-new-data-breach-privacy-regulations-012212

EU's Data Protection Proposals Likely to Include 24-hour Breach Notification
EU to enforce 24-hour data breach disclosure
Europe exposes its stiff data protection law this week

Collapse -
Android hackers mull rooted mobe app marketplace
by Carol~ Moderator / January 23, 2012 2:06 AM PST

Android hackers are discussing the creation of a specialist app store, listing software for rooted handsets and other things that even Google won't allow.

Google is the limp-wristed liberal of certification authorities, allowing just about anything into its Android Marketplace. But it's that "just about" that has annoyed some folks in the CyanogenMod ROM team, who have started a discussion about hosting their own application store to fund the development of their alternative Android build.

Android applications aren't nearly as restricted as their iOS contemporaries, but there are still some things they can't do. Notably they can't grab a screenshot, something that prompts tech journalists (among others) to immediately unlock (or "root") their handsets. Applications running on a "rooted" Android handset can be granted access to resources otherwise unavailable.

Some Android users also want to strip out interface shells or spyware dropped in by the manufacturers and/or network operators. That means wiping out the entire installation and replacing it with an unmodified version of Android, with CyanogenMod being the most popular of such versions.

Continued : http://www.theregister.co.uk/2012/01/23/android_marketplace/

Collapse -
Critical hole in Apache Struts 2 closed
by Carol~ Moderator / January 23, 2012 2:06 AM PST

The developers of the Apache Struts 2 Java web framework have released version This closes a critical hole in versions of Struts from 2.0.0 to that allowed for remote command execution. The vulnerability makes it possible for the protection around OGNL, an expression language used for getting and setting properties of Java objects, to be bypassed and arbitrary expressions be evaluated.

An example given in the advisory shows how an attacker could invoke the java.lang.Runtime.getRuntime().exec() method to run an arbitrary command if a vulnerable action existed. This is not the first time OGNL has been problematic; in 2008 and 2010, similar problems allowed for unauthorised manipulation and execution of Java classes.

Developers are strongly advised to update to Struts which is available to download. Maven users will find details on how to update in the release notes. For installations that are unable to update, the advisory offers a configuration change which can mitigate the problem.


See Vulnerabilities & Fixes: Apache Struts "ParameterInterceptor" Security Bypass Vulnerability

Collapse -
Hacker Releases 100,000 Facebook Log-in Credentials
by Carol~ Moderator / January 23, 2012 3:46 AM PST

A hacker who claims to act in defense of Israel has released 100,000 credentials of allegedly Arab users of Facebook in an ongoing row between Israeli and Arab hackers.

The hacker, who goes by the name Hannibal, posted the credentials in four parts on Pastebin on Saturday as well as making the details available on 14 file-sharing sites.

In a note introducing the data, the hacker claimed to have 30 million email account details, 10 million bank accounts and four million credit card accounts belonging to "Arabs from all over the world."

Hannibal appeared to propose a truce, as activity from hackers targeting Israel appears to have subsided in recent days, but the hacker vowed to come to Israel's defense if needed: "If they appear again, I again come to save Israel. Trust me. I'll always be around."

Emails sent to an address provided by Hannibal in the Pastebin data were rejected by the hosting provider.

Since Jan. 13, Hannibal has released several batches of email and Facebook log-in details. Facebook officials said last week of one of the releases that less than a third of the credentials were valid, and half were not associated with Facebook accounts.

Continued : http://www.pcworld.com/businesscenter/article/248573/hacker_releases_100000_facebook_login_credentials.html

Also: 'Hannibal' leaks '100,000 Facebook logins'

Collapse -
Pole Position: Poland Attacked by Anti-ACTA Hackers
by Carol~ Moderator / January 23, 2012 3:46 AM PST

From the F-Secure Antivirus Research Weblog:

There's breaking news coming out of Poland. Hackers, reportedly associated with Anonymous, have been attacking Polish government websites to protest this week's scheduled signing of the Anti-Counterfeiting Trade Agreement (ACTA). [Screenshot]

ACTA is an intellectual property treaty. Poland announced on January 19 that it would sign the treaty on January 26, 2012.

A Twitter account called @AnonymousWiki called for action against the Polish government.

All of this follows on the heels of SOPA protests and Anonymous attacks against US government websites due to the FBI's takedown of Megaupload.

Websites targeted by DDoS attacks include: abw.gov.pl; arimr.gov.pl; ets.gov.pl; knf.gov.pl; mf.gov.pl; mkidn.gov.pl; mzios.gov.pl; pip.gov.pl; praca.gov.pl; premier.gov.pl; stat.gov.pl; uzp.gov.pl.

Here's a screenshot of premier.gov.pl, currently down, from Google's cache: [Screenshot]

Continued : http://www.f-secure.com/weblog/archives/00002302.html

Also: Hackers attack Polish government web sites

Collapse -
Researchers demonstrate tragic state of SCADA security
by Carol~ Moderator / January 23, 2012 6:01 AM PST

Since the discovery of Stuxnet, we've been hearing from a variety of researchers about security vulnerabilities in SCADA computer systems. While some researchers such as Luigi Auriemma occasionally share with the public entire batches of SCADA flaws and PoC attacks for exploiting them, others get pressured by authorities and manufacturers into canceling their lectures about their discoveries.

But last week, at the SCADA Security Scientific Symposium held in Miami, visitors had the opportunity to hear a damning presentation held by researchers grouped around Project Basecamp which revealed that their testing of six widely used programmable logic controllers (PLCs) resulted in the discovery of alarming security bugs that are mostly design flaws and (even!) features, and of the fact that some of them can't even take a probing without crashing.

One of the devices, the Control Microsystems' SCADAPack, bricked early on into testing. The remaining five (General Electric's D20ME, Koyo's Direct LOGIC H4-ES, Rockwell Automation's Allen-Bradley ControlLogix and Allen-Bradley MicroLogix, Schneider Electric's Modicon Quantum, and Schweitzer's SEL-2032) displayed a dazzling array of back door accounts, old hardware and firmware, lousy security controls, configuration files easily obtainable by attackers, buffer overflow and remotely exploitable vulnerabilities, unexpected crashes, weak password implementation and authentication protection, and inability to upload custom firmware:

Continued : http://www.net-security.org/secworld.php?id=12268

UPDATE: Looking For a 'FireSheep' Moment, Researchers Lay Bare Woeful SCADA Security
SCADA industrial control systems exposed by security researchers
Hoping to Teach a Lesson, Researchers Release Exploits for Critical Infrastructure Software

Collapse -
The rise of a typosquatting army
by Carol~ Moderator / January 23, 2012 6:01 AM PST

From Websense Security:

The week before we published a blog that discussed typosquatting of social web sites that lead visitors to spam survey sites with a high Alexa ranking. With our on-going research, we discovered that cyber-criminals are carrying out even more work, and the campaign is more widespread than we originally thought. Their targets are not limited to social web, but also include popular and frequently-visited registered typosquatting domains in all areas ranging from Google to Victoria's Secret, or Wikipedia to Craigslist; the list goes on. The attacker registers a network of typosquatting domains and redirects visitors of these mistyped sites to a spam survey site. The Websense ThreatSeeker Network has discovered over 7,000 typosquatting sites within this single network. [Screenshot]

These typosquatting sites redirect visitors to a suspicious URL via a URL shortening service. From there, they take them to a spam survey site (which we showed you in this blog). After visitors complete the spam survey, they are then taken to spam advertisement distributed sites where spam advertisements are displayed based on the their interests. An example of such advertisment is a free movie downloader as shown below. Currently, these spam advertisements are not spreading maliciously. However, if these networks are resold to underground groups, then the potential outcome could be even more damaging than the 0-day exploit security attacks. [Screenshot]

Continued : http://community.websense.com/blogs/securitylabs/archive/2012/01/22/The-rise-of-a-typosquatting-army.aspx

Collapse -
Sourcefire debuts anti-malware software FireAMP for ..
by Carol~ Moderator / January 23, 2012 6:02 AM PST
.. enterprise

Sourcefire today announced anti-malware software for Windows-based devices that combines signature- and behavior-based detection methods to identify malicious code trying to invade the enterprise network, tracking it down through cloud-based analysis.

The lightweight Windows-based software, called FireAMP, can identify malware and block it, says Alfred Huger, vice president of development at Sourcefire's cloud technology group. Once a specific threat is identified, which involves analyzing it on the fly through the FireAMP cloud-based infrastructure, another step can be taken to immediately figure out if that same malware has struck other enterprise computers.

Huger acknowledges that the 7MB FireAMP agent software will detect and block a wide range of malware through both signature and behavior-based methods, but it won't recognize every threat when it first hits the enterprise network. FireAMP represents the development of the anti-malware software Sourcefire acquired in its acquisition of startup Immunet a year ago.

Continued : http://www.networkworld.com/news/2012/012312-sourcefire-antimalware-255213.html

FireAMP Fights Malware with Big Data Analytics
Sourcefire jumps into anti-malware market
Advanced malware protection with Sourcefire FireAMP
Collapse -
Online reputation manager hacked sites to 'inject' illegal
by Carol~ Moderator / January 23, 2012 6:02 AM PST
.. code

Worried about your online reputation? Watch out: The fix could be worse than the problem.

Online reputation management (ORM) has become a burgeoning business as individuals and companies alike seek ways to hide negative or damaging statements about them from the Web.

But let the buyer beware: The company that helps protect your reputation may have its own reputation issues.

Consider the case of Darren Meade, who in 2010 was working as interim CEO at a California-based company. In an effort to address a number of negative comments (about both himself and his company) posted online, his company hired Rexxfield, an ORM, also based in California.

But Meade said he became increasingly concerned about the relationship with Rexxfield when he discovered the company wanted to sell illegal hacker code to scrub negative comments from the web -- and planned a marketing campaign of fear based on the threat that it can wipe anyone offline.

"They called it Googlecide," Meade, now an entrepreneur, told FoxNews.com.

ORM companies normally monitor search results from engines like Google or Bing and try to "push" down negative pages about their clients, so they're seen by fewer people. Common techniques are heavy promotion of positive content or formal requests that websites take down negative or libelous content.

Continued : http://www.foxnews.com/scitech/2012/01/20/google-cide-online-reputation-managers-can-wipe-from-web/
Collapse -
Free Amazon.com gift card promotion is a Facebook scam
by Carol~ Moderator / January 23, 2012 6:02 AM PST

Gift card scams are a common sight on Facebook, and this weekend it has been the turn of Amazon.com to be the brand used by cybercriminals as a way of making them cash. [Screenshot]

One Free Amazon.com Gift Card (limited time only)

Amazon is currently giving away gift cards to all facebook users. Click here to get one!

When you see one of your friends share a link like this with you, the truth is that they have been duped into a scam. Be careful not to make the same mistake as them, or you'll just be helping put cash into the pockets of the bad guys.

If you do click on the link you are taken to a webpage on a third-party website which looks something like this: [Screenshot]

Notice how it encourages you to re-share the link, and add a comment, before it will allow you to access the special deal (in this case, an allegedly free Amazon.com gift card).

If you follow the page's instructions you will be taken to another webpage, in this the example below it encourages you to sign up for a premium rate mobile phone service which could end up hurting you in the pocket.

Continued : http://nakedsecurity.sophos.com/2012/01/23/free-amazon-com-gift-card-facebook-scam/

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?