Attention: The forums will be placed on read only mode this Saturday (Oct. 20, 2018)

During this outage (6:30 AM to 8 PM PDT) the forums will be placed on read only mode. We apologize for this inconvenience. Click here to read details

Spyware, Viruses, & Security forum

Alert

NEWS - July 15, 2011

by Carol~ Moderator / July 14, 2011 10:01 PM PDT
Pentagon discloses massive cyber theft

"Attack blamed on foreign government leads to new effort to wage battle on hackers"

The Pentagon on Thursday revealed that in the spring it suffered one of its largest losses ever of sensitive data in a cyber attack by a foreign government. It's a dramatic example of why the military is pursuing a new strategy emphasizing deeper defenses of its computer networks, collaboration with private industry and new steps to stop "malicious insiders."

William Lynn, the deputy secretary of defense, said in a speech outlining the strategy that 24,000 files containing Pentagon data were stolen from a defense industry computer network in a single intrusion in March. He offered no details about what was taken but said the Pentagon believes the attacker was a foreign government. He didn't say which nation.

"We have a pretty good idea" who did it, Lynn said in an interview before the speech. He would not elaborate.

Many cyber attacks in the past have been blamed on China or Russia. One of the Pentagon's fears is that eventually a terrorist group, with less at stake than a foreign government, will acquire the ability to not only penetrate U.S. computer networks to steal data but to attack them in ways that damage U.S. defenses or even cause deaths.

In his speech at the National Defense University, Lynn said that sophisticated computer capabilities reside almost exclusively in nation-states, and that U.S. military power is a strong deterrent against overtly destructive cyber attacks. Terrorist groups and rogue states, he said, are a different problem and harder to deter.

Continued : http://www.msnbc.msn.com/id/43757768/ns/technology_and_science-security/

Also:
Pentagon Admits Thefts Of Terabytes Of Defence Data
Data theft: Hackers prey on secret files from the Pentagon 24 000
Pentagon Discloses Massive Data Theft, Lays Out New Security Strategy
Discussion is locked
You are posting a reply to: NEWS - July 15, 2011
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - July 15, 2011
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Malware Hits News Corp Websites Down Under
by Carol~ Moderator / July 15, 2011 12:47 AM PDT
In reply to: NEWS - July 15, 2011

Hackers have managed to plant malware on a number of websites in Australia belonging to News Corp, controlled by Rupert Murdoch, according to reports.

The revelation increases the pressure on the media company, which has been suffering in light of the phone hacking scandal in the UK, which has led to Murdoch withdrawing the bid by News Corp for control of BSkyB.

According to the Age, the websites of two Australian newspapers owned by Murdoch - the Herald Sun and The Weekly Times - were infected with malware.

Virus Warning

An apology on Melbourne's Herald Sun website warned that visitors may have been exposed to a virus.

"The Herald Sun wishes to apologise to any readers who may have been affected by a virus that appeared for a short time on heraldsun.com.au," the newspaper said in a note posted to its website. "The offending virus and files were quickly removed and the site is operating as normal."

It seems the malware took the form of a pop up window, and would only install if the user authorised it.

Continued : http://www.eweekeurope.co.uk/news/malware-hits-news-corp-websites-down-under-34217

Also: News apologises for website virus after hack attack

Related: Gordon Brown says newspapers also used malware to hack computers

Collapse -
Mozilla outs un-Google site sign-in prototype
by Carol~ Moderator / July 15, 2011 12:47 AM PDT
In reply to: NEWS - July 15, 2011

Mozilla has proposed a new method for signing into websites that avoids both site-specific passwords and existing cross-site sign-in services from corporate behemoths such as Google and Facebook.

Known as BrowserID, Mozilla's prototype is built atop a new "Verified Email Protocol", which uses public-key cryptography to prove that a particular user owns a particular email address. In essence, BrowserID lets you log into a website simply by clicking on a button and choosing an email address you wish to sign in with. Behind the scenes, the website, your browser, and a separate verification service use crypto keys to verify your identity.

"For a Web developer, creating a new application always involves an annoying hurdle: how do users sign in? An email address with a confirmation step is the classic method, but it demands a user's time and requires the user to take an extra step and remember another password. Outsourcing login and identity management to large providers like Facebook, Twitter, or Google is an option, but these products also come with lock-in, reliability issues, and data privacy concerns," Mozilla says in a blog post, referring to services based on OpenID and similar protocols.

Continued : http://www.theregister.co.uk/2011/07/15/mozilla_browser_id/

Collapse -
New Hotmail security features against account hijacking
by Carol~ Moderator / July 15, 2011 12:47 AM PDT
In reply to: NEWS - July 15, 2011

Microsoft has decided to introduce two new security features for its web-based Hotmail service, in the hope that this will make the accounts more difficult to hijack and eventual hijackings spotted faster.

The first one makes the use of extremely common passwords impossible. "Common passwords are not just 'password' or '123456' (although those are frighteningly common), but also include words or phrases that just happen to be shared by millions of people, like 'ilovecats' or 'gogiants,'" explains Dick Craddock, Program Manager at Microsoft.

The feature will be rolled out soon, and it will hopefully prevent successful brute force "dictionary" attacks.

The second one has already been released, and allows users to report compromised accounts to Microsoft immediately after receiving a spam or scam email from a contact's email account.

Continued : http://www.net-security.org/secworld.php?id=11292

Also:
Hotmail fights back against hacked email accounts
Hotmail to ban common passwords

Collapse -
Vulnerability in Skype allows accounts to be hijacked
by Carol~ Moderator / July 15, 2011 12:47 AM PDT
In reply to: NEWS - July 15, 2011

Popular VoIP software Skype contains a security issue which could enable an attacker to gain access to a contact's account. In a security advisory, Levent Kayan, who discovered the vulnerability, reports that in some cases it could even allow access to the user's system.

The problem revolves around a persistent cross-site scripting vulnerability. An attacker can embed JavaScript in the mobile phone field of his or her profile description. Skype fails to adequately filter this field which means that if one of the attacker's contacts logs into Skype, the embedded JavaScript can be executed automatically without further user intervention. An attacker could exploit this to retrieve the session cookie, for example.

According to Kayan, Skype 5.3.0.120 (the current version) and earlier for Windows and Mac are affected. The Linux version is not affected. The H's associates at heise Security in Germany were able to reproduce the problem in version 5.3.0.120 under Windows 7 and Windows XP, although in some cases more than ten logons were required before the problem manifested itself - why this should be the case is unclear. Kayan reports that he has informed the vendor. No patch is available at present.

http://www.h-online.com/security/news/item/Vulnerability-in-Skype-allows-accounts-to-be-hijacked-1279864.html

Collapse -
Update:Vulnerability in Skype allows accounts to be hijacked
by Carol~ Moderator / July 15, 2011 4:54 AM PDT
Update - Skype has now confirmed it is aware of the hole and has already developed a patch to be published within the next week. Skype provides a plausible explanation as to why the problem isn't immediately reproducible: to take advantage of it, the attacker must appear in the victim's list of frequent contacts. Skype classifies the issue as a lesser problem because an attacker is allegedly only able to display messages through Skype or redirect pages.

http://www.h-online.com/security/news/item/Vulnerability-in-Skype-allows-accounts-to-be-hijacked-Update-1279864.html
Collapse -
Many sites cookie-track users regardless of opt-outs
by Carol~ Moderator / July 15, 2011 12:48 AM PDT
In reply to: NEWS - July 15, 2011

More than 10 per cent of companies that promise not to track internet users' online activity for behavioural advertising purposes still do so, according to new research.

Publishers and advertising networks use cookies to track user behaviour on websites in order to target adverts to individuals based on that behaviour. A cookie is a small text file that websites store on users' computers to remember their activity on a site.

Researchers at Stanford Law School investigated whether companies belonging to a voluntary scheme run by the Network Advertising Initiative (NAI) actually complied with the rules they had signed up to.

The NAI encourages online businesses to voluntarily adopt a set of rules governing online behavioural advertising. Those rules force member companies to tell users that cookies they store about them could be used to serve behavioural ads. The rules also state that member companies must stop using the cookies to serve ads if asked to by users.

The researchers claimed that at least eight NAI members out of the 64 they investigated continued placing behavioural ad cookies on researchers' machines after being asked not to.

Continued : http://www.theregister.co.uk/2011/07/15/websites_still_dish_out_tracking_track_despite_opt_out/

Collapse -
More Than 100 Arrested in Fake Internet Sales
by Carol~ Moderator / July 15, 2011 5:39 AM PDT
In reply to: NEWS - July 15, 2011

Law enforcement officials in Romania and the United States have arrested and charged more than 100 individuals in connection with an organized fraud ring that used phony online auctions for cars, boats and other high-priced items to bilk consumers out of at least $10 million.

According to a statement from the Justice Department, the scams run by this ring followed a familiar script. Conspirators located in Romania would post items for sale such as cars, motorcycles and boats on Internet auction and online websites. They would instruct interested buyers to wire transfer the purchase money to a fictitious name they claimed to be an employee of an escrow company. Once the victim wired the funds, the co-conspirators in Romania would text information about the wire transfer to co-conspirators in the United States known as "arrows" to enable them to retrieve the wired funds. They would also provide the arrows with instructions as to where to send the funds after retrieval.

The arrows in the United States would then visit wire transfer services such as Western Union or MoneyGram, provide false documents including passports and drivers' licenses in the name of the recipient of the wire transfer, and grab the cash. They would subsequently wire the funds overseas, typically to individuals in Romania, minus a percentage kept for commissions. The victims would not receive the items they believed they were purchasing. In some cases, co-conspirators in Romania also directed arrows to provide bank accounts in the United States where larger amounts of funds could be wired by victims of the fraud.

Contunued: http://krebsonsecurity.com/2011/07/more-than-100-arrested-in-fake-internet-sales/

Collapse -
Oracle to issue 78 bug fixes
by Carol~ Moderator / July 15, 2011 5:40 AM PDT
In reply to: NEWS - July 15, 2011

Oracle is planning to issue 78 patches covering a number of its software products on Tuesday, including 13 fixes for its flagship database, according to a statement posted to its website on Thursday.

The database patches cover a number of database editions, including 11g R1 and R2, as well as 10G R1 and R2. Two of the vulnerabilities can be exploited over a network without login credentials.

Another three patches cover Oracle's Secure Backup product, all of which can be exploited remotely without authentication.

Oracle plans to issue seven patches for various modules in its Fusion Middleware line, while Enterprise Manager Grid Control will get 18 fixes.

E-Business Suite and Oracle's supply chain products will get one patch each, while a dozen are scheduled to be released for PeopleSoft.

Oracle is also rolling out 23 patches for products gained through the acquisition of Sun Microsystems, including GlassFish Server, VirtualBox, Solaris, SPARC Enterprise M Series and SPARC T3 series. Nine of the weaknesses can be exploited over a network without requiring a username or password, Oracle said.

The patch batch scheduled for Tuesday is roughly the same size as the previous update in April, which included 73 fixes. Oracle has been issuing patches for Java SE on separate dates, with the most recent set arriving last month.

http://www.networkworld.com/news/2011/071411-oracle-to-issue-78-bug.html

Also: Oracle to patch 78 vulnerabilities

Collapse -
All your data belong to 'Remo'
by Carol~ Moderator / July 15, 2011 5:40 AM PDT
In reply to: NEWS - July 15, 2011

From Kaspersky Labs Weblog:

One of the main goals of a cybercriminal is to gain total control over a victim's machine. This is currently done through the use of RATs (remote admin tools) and other methods. The infected computers are used by cybercriminals for all sorts of malicious activity.

It's no different with Brazilian cybercriminals - they have the same intent, but due to their culture of immediacy their efforts are often focused on creating Trojan bankers, rather than botnets, RATs or other methods of remote control. But this behavior is slowly changing - a recent attack shows they are ready to create a network of local infected machines and take total control of it, stealing personal data and using the infected machines to send spam. They are doing all this in a very creative way: registering a remote user account called 'Remo' which is password-protected. Through this account the cybercriminals have total access and control over the infected machine.

The attack starts with an e-mail posing as an alleged update for Flash Player. The downloader will actually install the legitimate Flash Player, but will also download another file that appears in the image below as "ajuda.txt": [Screenshot]

Once downloaded, the .txt file will be renamed to .msi and the files it contains will be installed on the system. Inside the .msi file we found several files:

Continued : http://www.securelist.com/en/blog/208193037/All_your_data_belong_to_Remo

Collapse -
A Look Inside Targeted Email Attacks
by Carol~ Moderator / July 15, 2011 5:40 AM PDT
In reply to: NEWS - July 15, 2011

The number of targeted attacks has increased dramatically in recent years. Major companies, government agencies, and political organizations alike have reported being the target of attacks. The rule of the thumb is, the more sensitive the information that an organization handles, the higher the possibility of becoming a victim of such an attack.

Here, we'll attempt to provide insight on a number of key questions related to targeted attacks, such as where did the malicious email come from, which particular organizations are being targeted, which domains (spoofed or not) sent the email, what kinds of malicious attachments did the emails contain, etc. Our analysis of the data showed that, on average, targeted email attacks are on the rise: [Screenshot: Targeted attacks trend]

Origin

For this analysis, we first looked at the origin of the email messages. The emails were launched from 6,391 unique IPs across 91 different countries, spread throughout the world. Based on the representative set of data we have, below is a regional breakdown of email-based attacks: [Screenshot: Malicious email origin, by region]

General Targets

Now, we ask ourselves, which sector is the most likely target of these attacks? Below are the top 10 most targeted types of organizations, derived from the domains that the emails were sent to: [Screenshot: Malicious email attack targets, by industry]

Continued : http://www.symantec.com/connect/blogs/look-inside-targeted-email-attacks

Collapse -
How to Buy Friends and Deceive People
by Carol~ Moderator / July 15, 2011 5:40 AM PDT
In reply to: NEWS - July 15, 2011

Want more friends and followers? Emerging enterprises will create them for you - for a price. An abundance of low-cost, freelance labor online is posing huge challenges for Internet companies trying to combat the growing abuse of their services, and has created a virtual testbed for emerging industries built to assist a range of cybercrime activities, new research shows.

Free services like Craigslist, Facebook, Gmail and Twitter have long sought to deter scammers and spammers by deploying technical countermeasures designed to prevent automated activity, such as the use of botnets to create new accounts en masse. These defenses typically require users to perform tasks that are difficult to automate, at least in theory, such as requiring that new accounts be verified by phone before activation.

But researchers from the University of California, San Diego found that these fraud controls increasingly are being defeated by freelance work arrangements: buyers "crowdsource" work by posting jobs they need done, and globally distributed workers bid on projects that they are willing to take on.

"The availability of this on-demand, for-hire contract market to do just about anything you can think of means it's very easy for people to innovate around new scams," said Stefan Savage, a UCSD computer science professor and co-author of the study.

The UCSD team examined almost seven years worth of data from freelancer.com, a popular marketplace for those looking for work. They found that 65-70 percent of the 84,000+ jobs offered for bidding during that time appeared to be for legitimate work such online content creation and Web programming. The remainder centered around four classes of what they termed "dirty" jobs, such as account registration and verification, social network linking (buying friends and followers), search engine optimization, and ad posting and bulk mailing.

Continued : http://krebsonsecurity.com/2011/07/how-to-buy-friends-and-deceive-people/

Collapse -
Was the Vodafone Femtocell hack new?
by Carol~ Moderator / July 15, 2011 7:35 AM PDT
In reply to: NEWS - July 15, 2011

Yesterday, 14 July, news that The Hacker's Choice had published details on how to use a Vodafone "Sure Signal" femtocell as a 3G phone interception point was circulated around the internet. The group had published detailed instructions covering how to wire a serial console up to gain access, break into the device and then modify the device's Linux-based software to intercept and decode traffic. It also covered how to remove the location device to stop the network provider confirming the unit's location. The proof of concept hack was both impressive and comprehensive.

The only problem, for those that wish to replicate the work, is that the project, according to its own timeline in the document, stopped in July 2010. According to Vodafone, the holes that the group exploited to gain access to the device were closed in a software update - since July 2010, a new version of femtocells has been deployed by Vodafone and other phone networks, which may or may not be more secure. Vodafone have identified a number of devices running software which predates the patch and have now disabled their access to their phone network.

The Hacker's Choice admitted that they did not "know about any femto after Jul 2010" but said that they were more interested in the architectural flaws of the femtocell network which sees cell phone network secret information requested and sent to the relatively insecure femtocell stations.

Continued : http://www.h-online.com/security/news/item/Was-the-Vodafone-Femtocell-hack-new-1279947.html

Related: MAJOR HACK: Voda femtocells open phones up to intercept

Collapse -
Apple releases iOS 4.3.4/4.2.9 to fix JailBreakMe.com flaw
by Carol~ Moderator / July 15, 2011 10:21 AM PDT
In reply to: NEWS - July 15, 2011

After a little more than a week after disclosure, Apple has patched three flaws in iOS for iPod Touch, iPad, iPad2, iPhone 3GS, iPhone 4 and the Verizon iPhone.

You may recall the return of the website JailBreakMe.com 10 days ago which exploited these vulnerabilities to provide an easy method of jailbreaking your iDevice.

The updated version for all but the Verizon iPhone is version 4.3.4, while Verizon customers can update to 4.2.9. To update just open iTunes, check for updates and plug in your phone/MP3 player/tablet.

This raises one of my big pet peeves with Apple products.. Why do I have to tether to update? Oh! I see you will have that feature in iOS 5? I guess I will stay vulnerable until I happen to be in the same city as my copy of iTunes.

Two of the fixes are for font handling issues in PDFs that allow for remote code execution (RCE). The third fix is in the graphics handling code and can be exploited to allow for elevation of privilege (EoP).

Continued : http://nakedsecurity.sophos.com/2011/07/15/apple-releases-ios-4-3-44-2-9-to-fix-jailbreakme-com-flaw/

Also:
Apple Fixes Jailbreak PDF Bug With iOS 4.3.4
Apple Software Updates

Collapse -
Google Chrome OS Hacked Using ScratchPad App
by Carol~ Moderator / July 15, 2011 10:21 AM PDT
In reply to: NEWS - July 15, 2011

how permissions can be abused to steal data

In a preview of a demonstration at the upcoming Black Hat security conference, a security researcher demonstrated how browser extensions can be used to compromise Chrome OS.

The Chrome extension ScratchPad had a wide range of permissions that made it vulnerable to a cross-site scripting attack, Matt Johansen, an application security specialist at WhiteHat Security, said July 14 in a preview of a presentation he will be making at Black Hat.

Johansen did his work on the Google CR-48 Beta laptop released last fall, but said malicious extensions would affect any device running Chrome OS, whether it is the CR-48 or the Chromebook.

He noted WhiteHat Security was able to "abuse" the Chrome OS "pretty quickly".

Exploit Based On ScratchPad Weakness

Johansen used ScratchPad, a preinstalled extension that allows users to take notes and auto-sync the note files with Google Docs in the "ScratchPad" folder, in his preview. The extension had a "quote-unquote feature" that allowed users to share ScratchPad folders without requesting any user permissions, Johansen said.

Continued : http://www.eweekeurope.co.uk/news/google-chrome-os-hacked-using-scratchpad-extension-34234

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!