NEWS - July 04, 2011

Jul 4, 2011 1:46AM PDT
Fox News Twitter account announces Barack Obama dead after hack

An official Twitter account belonging to the political team at Fox News has been compromised and fallen into the hands of hackers who have posted false stories claiming that Barack Obama has been assassinated.

The messages were posted at approximately 2am local time, and were quickly retweeted across the network. [Screenshot]

Messages posted to the @FoxNewsPolitics account included:

BREAKING NEWS: President @BarackObama assassinated, 2 gunshot wounds have proved too much. It's a sad 4th for #america. #obamadead RIP


We wish @joebiden the best of luck as our new President of the United States. In such a time of madness, there's light at the end of tunnel

The rogue tweets seem to have begun after a message was posted on the FoxNewsPolitics account saying "Just regained full access to our Twitter and email. Happy 4th".

That message implies that whoever hacked into the account compromised the email address of the person who administers the FoxNewsPolitics account, giving an unknown third-party the ability to post tweets at will.

Continued :

Fox News Caught Sleeping After Twitter Account Hacked
Breached Fox News Politics Twitter account announces Obama's death

Discussion is locked

Reply to: NEWS - July 04, 2011
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - July 04, 2011
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
Hackers claim attack on Apple server
Jul 4, 2011 3:42AM PDT

A group of computer hackers known as Lulzsec on Sunday night claimed to have penetrated one of Apple's computer servers and posted a list of user names and passwords on the internet.

If the attack is genuine, it is thought to have affected a server used by Apple's business intelligence unit to collect survey data and does not affect iTunes accounts. Apple did not immediately respond to requests to comment on the incident.

The attack appears to be by the Lulzsec and Anonymous hacking groups who have been targeting a number of large companies, including Sony, which was hit by a hacking attack this year in which the personal details of 100m customers were in danger of being compromised.

A Twitter account, Anonymous IRC, used by members of Lulzsec, claimed that Apple's security had been penetrated, and posted a list of information supposedly taken from the company's servers.

Continued :

Also: Hackers claims Apple online data was compromised

- Collapse -
Vsftpd backdoor discovered in source code
Jul 4, 2011 3:42AM PDT

Chris Evans, aka Scary Beasts, has confirmed that version 2.3.4 of vsftpd's downloadable source code was compromised and a backdoor added to the code. Evans, the author of vsftpd - which is described on its web site as "probably the most secure and fastest FTP server for Unix-like systems" - was alerted on Sunday to the fact that a bad tarball had been downloaded from the vsftpd master site with an invalid GPG signature. It is not known how long the bad code had been online.

The bad tarball included a backdoor in the code which would respond to a user logging in with a user name ": )" by listening on port 6200 for a connection and launching a shell when someone connects.

Evans has now moved the source code and site to, a Google App Engine hosted site. The GPL-licensed source code can be downloaded (direct download) from the same site, along with the GPG signature for validating the download, a step that Evans recommends. Evans says that the lack of obfuscation and lack of victim identification leads him to believe that "perhaps someone was just having some lulz instead of seriously trying to cause trouble".

Also: Backdoor in the latest version of vsftpd

See Vulnerabilities & Fixes: vsftpd Compromised Source Packages Backdoor Security Issue

- Collapse -
Microsoft Shares Source Code for Wi-Fi Data Collection
Jul 4, 2011 3:42AM PDT

"Microsoft Shares Source Code for Wi-Fi Data Collection Software"

There continues to be a high level of public interest in how and why companies collect Wi-Fi access point information. Windows Phone division president Andy Lees recently talked about the privacy principles that were used in designing location-based services on Windows Phone 7. As part of our ongoing commitment to consumer privacy, we are taking an additional step to provide even more transparency about how we gather information through managed driving to provide location-based services.

Today, Microsoft is sharing relevant portions of the source code for our managed driving data collection software to provide those interested an opportunity to review the code we use for collection of such information. The source code is hosted on the MSDN web site. The source code demonstrates both the type and amount of data we collect when surveying Wi-Fi access points through managed driving.

As we build the database used to provide location-based services for Windows Phone 7, we use vehicles to gather available data (what is commonly referred to as "managed driving") by equipping the vehicle with mobile phones that survey Wi-Fi access points and cell tower locations. The mobile phones we use for these surveys are only capable of observing the same data points about Wi-Fi access points that any phone, computer or other device connecting to Wi-Fi access points can observe.

Continued :

- Collapse -
Spooks made 1,061 bugging errors in 2010
Jul 4, 2011 3:42AM PDT

MI5 wrongly collected subscriber data on 134 telephone numbers as a result of a software error, according to interception of communications commissioner Sir Paul Kennedy's annual report.

A spreadsheet formatting error caused the service to apply for data on the identity of telephone numbers ending in 000, rather than the actual last three digits. "The subscriber data acquired had no connection or relevance to any investigation or operation being undertaken by the Security Service," writes Kennedy.

He adds that the resulting material was destroyed, the formatting fault fixed and numbers are now checked manually before MI5 requests subscriber data from communications providers.

MI5 also acquired data on the histories of 927 internet protocol addresses without authorisation from a sufficiently senior officer, of GD3 rank or above. This was due to an "incorrect setting on the system used by the Security Service," according to Kennedy, although the requests themselves were necessary and proportionate. MI5 has corrected the setting on its systems.

Continued :

Source: MI5 makes 1,061 bugging errors

- Collapse -
Facebook Attack Leverages LinkedIn
Jul 4, 2011 6:19AM PDT

We recently found a Facebook attack, which uses the business-related social networking site, LinkedIn as its redirector site. The attack begins with a wall post that bears the subject, "The Video That Just Ended Justin Biebers Career For Good!" and creates a similar wall post on affected users' accounts once they click the URL in the image. [Screenshot: Sample Wall Post]

This Facebook attack using LinkedIn is new as cybercriminals normally employ URL shorteners and Facebook fan pages, to point users to malicious websites. The usage of a legitimate website definitely increases the possibility of users dismissing the post as a malicious threat. In the past, we also reported various attacks that employed URL shorteners here:

Facebook Spam Spreads Through Multiple Features
Bogus Twitter Spam Hits Inboxes
Shortened URLs in IM Apps Lead to a Worm

Although Facebook prompts a warning about the possible malicious URL activity, the said malicious URL can still be accessed via Facebook.

Continued :

Also: Facebook Scam Abuses LinkedIn Redirector

- Collapse -
TDL-4 Indestructible or not???
Jul 4, 2011 6:19AM PDT

Our analysis, "TDL4 - Top Bot" by Sergey Golovanov and Igor Soumenkov, has rightly been getting a lot of attention. It's an excellent analytical article which uncovers a very sophisticated and complex malware TDL-4 which is the latest version of TDSS.

Some commentators and other security researchers however, focusing on our use of the word "indestructible" in the article, seem to think that we believe the malware is indestructible. This is clearly not the case - that's why we put the word in inverted commas. In fact, our own TDSS Killer can remove the malware.

The key line from the article is, "The owners of TDL are essentially trying to create an 'indestructible' botnet that is protected against attacks, competitors, and antivirus companies."

It is the botnet which the owners want to bullet proof. To help achieve this TDL-4 uses its own encryption algorithm for communication between infected computers within the botnet:

"The new protocol encryption algorithm for communications between the botnet control center and infected machines ensures that the botnet will run smoothly, while protecting infected computers from network traffic analysis, and blocking attempts of other cybercriminals to take control of the botnet."

Continued :

- Collapse -
Congratulations!!! You won £2m pounds: SMS 419 Scams
Jul 4, 2011 6:19AM PDT

From F-Secure Weblog:

Topi Kanniainen, from Digitoday contacted us regarding an SMS advance fee fraud (419) scam message that he received.

It turns out that a member of our Threat Research team has also received such a message, back in January - he saved it.

Here's what it looks like: [Screenshot]

Here's [Screenshot]

Google Apps?

The (cloud friendly) scammers probably built and paid for it using stolen funds.

So what happens if you call the number?

Believe it or not, there's actually somebody on the other end of these phone numbers that answer if called. If they think you sound vulnerable, they'll attempt to scam you in a variety of ways.

Continued :

- Collapse -
Fake Facebook Security Team phishes passwords from users
Jul 4, 2011 6:20AM PDT

A number of Facebook users have reported to us receiving mysterious messages, seemingly from Facebook's security team, telling them that their accounts have been suspended.

The spam messages, however, are not legitimate.

In reality they have been sent out by fraudsters posing as Facebook's real security team, with the intention of phishing credentials from unsuspecting users. [Screenshot: Facebook phishing message]

Part of the message reads:

We have reviewed the suspension on your account. After reviewing your account activity, it was determined that you were in violation of our Terms of Service. We have provided a warning to you via email, but you do not respond to our notification. Therefore, your account is permanently suspended, and will not be reactivated for any reason.

If you think this is a mistake, please verify your account on the link below. This would indicate that your account does not have a violation in playing on our application. We will immediately review your account activity, and we will notify you again via email. ..

Continued :

- Collapse -
Sony to restore PSN and Qriocity in Japan
Jul 4, 2011 6:20AM PDT

Sony has said that it will finally reboot Japan's PSN and Qriocity services later this week hopefully bringing an end to eleven weeks of misery for the electronics giant and its customers.

According to a Reuters report, Sony said today that all PlayStation Network and Qriosity services will be back on-line by Wednesday July 6th.

Japan is last territory to be rebooted after hackers invaded the company's servers between April 17th and 19th making off with more than 100 million user account details and an unknown number of credit card details.

Although the world and its Wi-Fi knew about the attacks, Sony battened down the hatches and said nothing for more than a week, damaging the company's reputation enormously.

The gaming outfit is now under intense scrutiny from courts all over the world as angry users gather to bring class-action suits against the company. Governments too want to know how such a huge concern could get security so utterly wrong.

Sony has lost around 12 per cent of its value in the wake of the attack and although the final bill is expected to hit top $100 million, the drop in consumer confidence in the company caused by its poor handling of the situation could run into billions of dollars.

Continued :

CNET Forums

Forum Info