Spyware, Viruses, & Security forum

General discussion

News - July 30, 2009

by Carol~ Forum moderator / July 29, 2009 8:24 PM PDT
Wildcard certificate spoofs web authentication
SSL felled by null string

By Dan Goodin
30th July 2009

Black Hat In a blow to one of the net's most widely used authentication technologies, a researcher has devised a simple way to spoof SSL certificates used to secure websites, virtual private networks, and email servers.

The attack, unveiled Wednesday at the Black Hat security conference in Las Vegas, exploits a weakness in the process for generating secure sockets layer certificates. It works by adding a null string character to several certificate fields, a technique that tricks browsers and other SSL-enabled programs into misinterpreting the domain name that is being authenticated.

More here: http://www.theregister.co.uk/2009/07/30/universal_ssl_certificate/
Discussion is locked
You are posting a reply to: News - July 30, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: News - July 30, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Red faces at McAfee after it releases personal data
by Carol~ Forum moderator / July 29, 2009 8:25 PM PDT
In reply to: News - July 30, 2009
Red faces at McAfee after it releases personal data

STRAP: Email slip-up blamed

By Rodney Gedda, Computerworld Australia
30 July 2009

Staff at security vendor McAfee were left with red faces this week after it accidentally sent the contact details of some1,400 conference attendees in a spreadsheet attached to a thank you message.

Computerworld Australia obtained details about the leak from a person who wishes to remain anonymous.

On 17 July, McAfee held a security conference at the Sydney Convention Centre. The event was well attended by 1,408 guests.

But in an email a week later thanking people for attending, McAfee added a spreadsheet containing the names, numbers, email addresses, employment details, and even dietary requirements of the 1,408 people, according to the source.

More here: http://www.techworld.com/security/news/index.cfm?newsID=120063&pagtype=samechan
Collapse -
New rogue tactic: blue screen of? whatever
by Marianna Schmudlach / July 29, 2009 11:43 PM PDT
In reply to: News - July 30, 2009
Collapse -
Rogue DNS Targets Popular Russian Social Networking Site
by Marianna Schmudlach / July 29, 2009 11:44 PM PDT
In reply to: News - July 30, 2009

by Feike Hacquebord (Advanced Threats Analyst)

Today Trend Micro researchers discovered a spoofed (fake) version of the popular Russian social networking site vkontakte.ru. Visitors of the spoofed site risk exposing their personal login credentials to a third party. Vkontakte.ru is roughly the Russian equivalent of Facebook and is very popular in Russian-speaking countries. According to the site itself it has more than 35 million users. Alexa ranks the site as the second most visited site in Russia.

The infamous UkrTelegroup rogue DNS servers resolve domain name www.vkontakte.ru to a foreign IP address beginning today. These rogue DNS servers belong to the most prevalent DNS Changer Trojans (like TROJ_DNSCHANG) that modify DNS settings of victims to point to foreign IP addresses. DNS Trojan victims are at great risk, because the controllers of the rogue DNS servers can send them to any site at any time, thus exposing the victims to possible information theft, fraudulent traffic and malicious URLs.

More: http://blog.trendmicro.com/

Collapse -
Tiny typo blamed for massive IE security fail
by roddy32 / July 30, 2009 1:53 AM PDT
In reply to: News - July 30, 2009

By John Leyden
Posted in Enterprise Security, 30th July 2009 10:28 GMT

One small typo in Microsoft's code caused the security vulnerability that prompted Microsoft to release an out of sequence patch on Tuesday, it has emerged.

A rogue ampersand ("&") created a security hole in a the MSVidCtl ActiveX control that hackers began exploiting early this month. A blog posting on Microsoft's Security Development Lifecycle (SDL) by Michael Howard, a security program manager at Microsoft, explained that the minor typo corrupted the code used by the ActiveX control. This in turn created a buffer-overflow bug, he explains.

More here

Collapse -
Researcher warns of massive 'thieving' botnet
by Marianna Schmudlach / July 30, 2009 2:35 AM PDT
In reply to: News - July 30, 2009

30 July 2009

By Gregg Keizer, Computerworld (US)

Organisations are being warned to beware of a ferocious piece of malware that has infected up to a million PCs, after a noted botnet researcher said it is stealing a "tremendous" amount of financial information from consumers and businesses.

"Clampi is the most professional thieving pieces of malware I've ever seen," said Joe Stewart, director of malware research for SecureWorks' counter-threat unit. "We know of few others that are this sophisticated and wide-ranging. It's having a real impact on users."

The Clampi Trojan horse has infected anywhere between 100,000 and 1 million Windows PCs, said Stewart - "We don't have a good way of counting at this point," he acknowledged - and targets the user credentials of 4,500 websites.

More: http://www.techworld.com/security/news/index.cfm?RSS&NewsID=120090

Collapse -
Black Hat: Mac OS X Rootkit Debuts
by Carol~ Forum moderator / July 30, 2009 10:10 AM PDT
In reply to: News - July 30, 2009

'The development of a proof-of-concept rootkit for Mac OS X reinforces the fact that security concerns aren't just for Windows users'

By Thomas Claburn
July 30, 2009

At the Black Hat security conference on Wednesday, security researcher Dino Dai Zovi revealed a proof-of-concept rootkit that runs on Apple's Mac OS X operating system, underscoring the fact that all software has flaws.

Rootkit software is designed to covertly run code, typically malicious, on affected systems. It can be used to steal information or control a compromised system. Rootkits are typically installed by other malware.

Apple users have enjoyed a relatively malware-free existence, at least compared to Windows users, and Apple has made much of that fact in its television commercials. But there are holes to be found in Apple's software, too. There just aren't a lot of cybercriminals focused on a platform that's less than 10% of the market.

That's been changing slowly, with the spread of the OS X-based iPhone, and the popularity of iTunes among Windows users. Security vendors, eager to sell Mac users security software, suggest the situation is changing quickly.

Continued here: http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=218900188&cid=RSSfeed_IWK_Security

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.