Attention: The forums will be placed on read only mode this Saturday (Oct. 20, 2018)

During this outage (6:30 AM to 8 PM PDT) the forums will be placed on read only mode. We apologize for this inconvenience. Click here to read details

Spyware, Viruses, & Security forum

Alert

NEWS - June 01, 2012

by Carol~ Moderator / May 31, 2012 10:15 PM PDT
Former Federal Reserve Bank Contractor Pleads Guilty In Code Theft

"Deal in case of theft of accounting software worth $9.5 million could cut programmer's prison sentence from 10 years to less than two"

A man arrested in January for allegedly stealing proprietary software code from the Federal Reserve Bank of New York where he had worked as a contractor has pled guilty to the crime.

Bo Zhang, 33, of Queens, N.Y., earlier this year admitted to stealing the Government-Wide Accounting and Reporting Program (GWA) from the bank in July 2011 while he worked there as a contractor developing a piece of the GWA source code. He allegedly copied the GWA code onto an external hard drive owned by the bank and used it in a private computer-programming training business.

The GWA software application, worth $9.5 million, is owned by the U.S. Treasury Department, and tracks U.S. government finances. It handles ledger accounting within Treasury and account statements to federal agency bank customers. The source code is housed in "an access-controlled" database at the Federal Reserve Board of New York, where it's under further development by the bank, according to the Justice Department.

Zhang's cooperation could result in a drastically shortened prison sentence: The crime could mean up to 10 years, but under a cooperation agreement, prosecutors have recommended he get one year to one-and-a-half years in prison. Zhang, who is free on $200,000 bail, will be sentenced on Oc. 1, according to a Reuters report.

Continued : http://www.darkreading.com/insider-threat/167801100/security/application-security/240001327/former-federal-reserve-bank-contractor-pleads-guilty-in-code-theft.html

Also:
Programmer pleads guilty to US govt software source code theft
Programmer Pleads Guilty to Stealing Code from Federal Reserve
Former NY Federal Reserve Programmer Pleads Guilty To Software Theft
Discussion is locked
You are posting a reply to: NEWS - June 01, 2012
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - June 01, 2012
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Spying version of Iranian anti-censorship software found
by Carol~ Moderator / May 31, 2012 10:29 PM PDT
In reply to: NEWS - June 01, 2012

A compromised variant of Simurgh - a stand-alone proxy software for Microsoft Windows that has been heavily used by Iranians to get around censorship since 2009, and is used now by Syrian dissidents - has been discovered by the researchers from Citizen Lab.

This version does install Simurgh, but it also installs a backdoor on the victims' computer.

Among the other files dropped onto the computers is one executable that allows the Trojan to persist on the machine, collect the IP address, hostname and victim username, and log keystrokes. These logs are then sent via HTTP post request to a remote site registered with a Saudi Arabian ISP.

The popularity of Simurgh rests in its small size (around 1MB), which makes it easy to download it speedily. It is also able to run without prior installation or administrator privileges, and it's easy to share with others via USB drives.

Continued : http://www.net-security.org/malware_news.php?id=2134

Also:
Keylogging Version of Anti-Censorship Software Simurgh Found
Copies of Anti-censorship Software Used in Iran and Syria Contain Keylogger
Trojan targets Iranian and Syrian dissidents via proxy tool
Iranian anti-censorship tool laced with spy malware

Collapse -
Browser Feature Can Be Abused to Misrepresent ..
by Carol~ Moderator / May 31, 2012 10:29 PM PDT
In reply to: NEWS - June 01, 2012
Browser Feature Can Be Abused to Misrepresent Download Origin, Researcher Says

Legitimate browser functionality can be abused to trick users into believing that a trusted website has asked them to download a file, which is actually being served from a rogue server, Google security engineer Michal Zalewski demonstrated on Tuesday.

Zalewski's proof-of-concept attack begins with a button on a page that, when clicked, opens the official Flash Player download website in a second tab and switches the browser's focus to it. After a few seconds, the original page serves a file called flash11_updater.exe from Zalewski's server, which causes the browser to display a download dialog.

However, because this happens while the active tab is the one with the official Flash Player website loaded into it and an adobe.com URL in the address bar, it appears as if the download was initiated by Adobe's website.

"In a way this is a social engineer's holy grail," said Emmanuel Carabott, security research manager at security vendor GFI Software, via email. "What a social engineer is trying to do is getting you to trust what they are saying. The more authentic they can make it seem the more successful the attack will be."

There have been many social engineering attacks in the past that tricked users into downloading malicious files by passing them as Flash Player updates. A lot of these attacks used spoofed pages that mimicked Adobe's official Flash Player site.

Continued : http://www.pcworld.com/businesscenter/article/256610/browser_feature_can_be_abused_to_misrepresent_download_origin_researcher_says.html
Collapse -
GameReplays invites white-hat hackers to probe site after ..
by Carol~ Moderator / May 31, 2012 10:29 PM PDT
In reply to: NEWS - June 01, 2012
.. data breach

The owner of GameReplays.org has invited ethical hackers to probe the website for vulnerabilities after a recent compromise that resulted in 10,000 member accounts being exposed.

GameReplays.org is home to an online community of multiplayer game enthusiasts. The site organises professional gaming tournaments and publishes match replays, as well as strategy guides and other tips and tricks.

On Monday, a hacker who claims to be affiliated with Anonymous and uses the Twitter handle EcecusHxc, published a list of 5,000 GameReplays accounts that were copied from the site's database after exploiting a vulnerability.

The leaked information included email addresses and password hashes, as well as the corresponding salts - secondary keys used to encrypt password hashes so that they can't be cracked.

On Tuesday, the hacker published a list of an additional 5,000 GameReplays member emails and passwords, raising the total number of exposed accounts to 10,000.

Continued : http://news.techworld.com/security/3361272/gamereplays-invites-white-hat-hackers-probe-site-after-data-breach/

Related:
GameReplays Hacked
GameReplays Hacked, 10,000 Members Exposed
Collapse -
McAfee: One in Six PCs Have No Security
by Carol~ Moderator / May 31, 2012 10:29 PM PDT
In reply to: NEWS - June 01, 2012

"Fully 17 percent of Windows PCs in a McAfee study had no active anti-virus software."

A recent McAfee study found that one in every six personal computers have no protection at all -- 17 percent of PCs analyzed either had disabled anti-virus software, or never had any to begin with. The study analyzed data from an average of 27 to 28 million PCs each month whose users ran the free McAfee Security Scan Plus software for Windows computers.

"Web surfers who install Scan Plus are likely to have a problem with their computers that prompted them to use the technology in the first place -- so they might be less well protected than the general population," notes The Register's John Leyden. "McAfee's figures are thus probably best regarded as indicative rather than definitive."

"PCs in Finland, Italy, New Zealand, Germany and Denmark were most likely to be protected, the study found," writes PCWorld's Cameron Scott. "Those in Singapore, Spain, Mexico, Japan, and the United States were least likely to have active antivirus protection."

The country with the worst rating, McAfee said, was Singapore, with 21.75 percent of PCs unprotected. The U.S. also had a surprisingly low rating, with 19.32 percent of consumers using no security software. At the other end of the spectrum was Finland, where only 9.7 percent of PCs are unprotected.

Continued: http://www.esecurityplanet.com/network-security/mcafee-one-in-six-pcs-have-no-security.html

Also: 17% of the world's PCs are unprotected

McAfee Study: Consumer Alert: McAfee Releases Results of Global Unprotected Rates Study

Collapse -
Targeted Attack: London 2012 Olympics
by Carol~ Moderator / May 31, 2012 10:30 PM PDT
In reply to: NEWS - June 01, 2012

From the F-Secure Antivirus Research Weblog:

We've come across a malicious Olympic themed PDF earlier this morning while data mining our back end for documents which drop executables (those are never a good thing, unsurprisingly).

The PDF exploits CVE-2010-2883, which affects older versions of Adobe Reader and Acrobat. A typical PDF exploit will launch a clean decoy as part of its attack, and in this case, the decoy is a copy of the London 2012 Olympic schedule circa October 2010. The original source PDF can still be found online at: london2012.com. [Screenshot]

The exploit attempts to make a network connection with a site registered to "student travel" in Baotoushi, China. [Screenshot]

Continued : http://www.f-secure.com/weblog/archives/00002370.html

Related : Olympics-Themed PDF is Actually Malware [WARNING]

Collapse -
Olympics fans targeted with lottery scam
by Carol~ Moderator / May 31, 2012 10:45 PM PDT

An email purportedly coming from the promotion manager of the London 2012 Olympics has been hitting inboxes, trying to scam recipients into sending personal information and money in order to get the bogus 800,000 GBP (around $125,000) prize they have supposedly won: [Screenshot]

Of course, the lottery and the prize are both non-existent, and the email is just a first step of a so-called "advance fee scam."

"The criminals operating the scam campaign will claim that these fees are unavoidable legal requirements and will insist that they must be paid in full before the prize can be awarded. They will also insist that the fees cannot in any circumstances be deducted from the prize itself. The criminals will invent all kinds of 'expenses' that must be met in advance by the 'winner', including insurance costs, tax obligations and banking fees," Hoax-Slayer explains.

Also, during the email exchange, the scammers often manage to convince their victims to share their personal and financial information, which can then be used to mount other scams and perpetrate identity theft and financial fraud.

Continued : http://www.net-security.org/secworld.php?id=13011

Collapse -
How Mobile Apps are Invading Your Privacy Infographic
by Carol~ Moderator / May 31, 2012 10:46 PM PDT
In reply to: NEWS - June 01, 2012

From the Veracode Securitiy Blog:

Every week it seems like there is a new story about a popular mobile application having privacy issues that put its users at risk. With millions of mobile apps receiving billions of downloads, it is important that users are aware of the risks they face when downloading and using apps. This infographic uses real world cases to outline the threat to user privacy posed by mobile apps.

[INFOGRAPHIC]

http://www.veracode.com/blog/2012/05/how-mobile-apps-are-invading-your-privacy-infographic/

Collapse -
Delivering the Windows 8 Release Preview
by Carol~ Moderator / May 31, 2012 10:46 PM PDT
In reply to: NEWS - June 01, 2012

Steven Sinofsky @ the MSDNs' "Building Windows 8" Blog:

31 May 2012 12:01 PM

Today, Windows 8 Release Preview is available for download in 14 languages. This is our final pre-release, and includes Windows 8, Internet Explorer 10, new Windows 8 apps for connecting to Hotmail, SkyDrive, and Messenger (and many more), and hundreds of new and updated apps in the Windows Store. Since our first preview release last September, millions of people now use the pre-release product on a daily basis and millions more have been taking it through its paces, totaling hundreds of millions of hours of testing. We genuinely appreciate the effort that so many have put into pre-release testing, and of course, we appreciate the feedback too. Direct feedback and feedback through usage contributed to hundreds of visible changes in the product and tens of thousands of under-the-hood changes.

Just nine months ago, we kicked off this blog as a dialog about the design and development of Windows 8. We've talked in depth about building Windows 8, including the features, the designs, and the background behind these. We've done so in over 70 posts totaling over 500 pages if printed out and 34 videos totaling over 90 minutes, all coming directly from engineers of the product. We've had about 18,000 comments from approximately 7,000 people. Over 170 Windows engineers contributed to the dialog, including over 200 comments I posted (though I was out-commented by one other pretty active reader!). Of course, we've been carefully watching the telemetry of the millions of tech enthusiasts using the product at each milestone.

Continued : http://blogs.msdn.com/b/b8/archive/2012/05/31/delivering-the-windows-8-release-preview.aspx

Also:
Windows 8 Release Preview Unleashes the Power of Metro [HANDS ON]
Windows 8 Release Preview
Microsoft's Windows 8 Release Preview: What's in and what's out
Refining the recommended system requirements for Windows 8
Final Windows 8 preview released

Collapse -
Facebook users suffer service disruptions
by Carol~ Moderator / May 31, 2012 10:46 PM PDT
In reply to: NEWS - June 01, 2012

Facebook has suffered a series of service disruptions which left many people unable to use the social network.

The problems meant that the site was unreachable for some people for almost two hours.

Sporadic disruptions were reported by many people and even those who could get through said pages were taking a long time to load.

Facebook apologised but said it had fixed the problem.

Stock slide

News of problems getting at and using Facebook spread quickly as people took to Twitter, news sites and blogs to express their frustration.

"Facebook is acting like its stock. It keeps going down," quipped one Twitter user.

Website watching sites such as Downrightnow and Downforeveryoneorjustme reported that the site was intermittently available for a period of several hours.

In a statement, Facebook said some users "briefly experienced issues loading the site" but these had been resolved and it should be working fine for everyone. It gave no details about what had caused the problems

Continued : http://www.bbc.co.uk/news/technology-18294049

Also:
Is Facebook Down? Yes For Some. Site Outages Lasted Over Two Hours
Facebook's Website Suffers Temporary Outage

Collapse -
Flamer: A Recipe for Bluetoothache
by Carol~ Moderator / May 31, 2012 10:51 PM PDT
In reply to: NEWS - June 01, 2012

From Symantec's Security Response Blog:

W32.Flamer is possibly the only Windows based threat we have encountered which uses Bluetooth. It is yet another indicator that W32.Flamer is not only exceptional, but that it is a comprehensive information gathering and espionage tool. The CrySyS laboratory has previously documented the technical details of Bluetooth in W32.Flamer. But, what does this actually mean for potential victims targeted by Flamer? What can an attacker accomplish using Bluetooth?

The Bluetooth functionality in Flamer is encoded in a module called "BeetleJuice". This module is triggered according to configuration values set by the attacker. When triggered it performs two primary actions:

The first is to scan for all Bluetooth devices in range. When a device is found, its status is queried and the details of the device recorded—including its ID—presumably to be uploaded to the attacker at some point.

The second action is to configure itself as a Bluetooth beacon. This means that a computer compromised by W32.Flamer will appear when any other Bluetooth device scans the local area. And there is more. In addition to enabling a Bluetooth beacon, Flamer encodes details about the infected computer (see Figure 1) and then stores these details in a special 'description' field. When any other device scans for Bluetooth-enabled devices, this description field will be displayed: [Screenshot]

These are the facts of how Flamer uses Bluetooth. And what can the attacker do with this functionality? There are several potential avenues available:

Scenario #1 - Identification of victim social networks

Continued : http://www.symantec.com/connect/blogs/flamer-recipe-bluetoothache

Collapse -
Microsoft Making 'Do Not Track' Default for IE 10
by Carol~ Moderator / May 31, 2012 11:22 PM PDT
In reply to: NEWS - June 01, 2012
In Ad Network Nightmare, Microsoft Making 'Do Not Track' Default for IE 10

Microsoft announced Thursday that the next version of its browser, IE 10, will ship with the controversial "Do Not Track" feature turned on by default, a first among major browsers, creating a potential threat to online advertising giants.

That includes one of Microsoft's chief rivals — Google.

The change could also threaten the still-nascent privacy standard, and prompt an ad industry revolt against it.

Do Not Track doesn't attempt to block cookies — instead it sends a message to every website you visit saying you prefer not to be tracked. That flag is currently optional for sites and web advertising firms to obey, but it's gaining momentum with Twitter embracing it last week.

The proposal also has the backing of the FTC, which has grown deeply skeptical of the online ad industry's willingness to play fairly with users and has threatened to call for online privacy legislation. After initially opposing the idea, the online ad industry is now seeking to soothe the feds by hammering out rules that aren't too tough on data collection. The hope then is that not many users avail themselves of the tool, and then not much has to change in how ad companies build profiles of users in order to sell premium-priced targeted ads.

Continued : http://www.wired.com/threatlevel/2012/05/ie10-do-not-track/

Also: IE10 will have "Do Not Track" on by default
Collapse -
Confirmed: US and Israel created Stuxnet, lost control of it
by Carol~ Moderator / May 31, 2012 11:22 PM PDT
In reply to: NEWS - June 01, 2012

"Stuxnet was never meant to propagate in the wild."

In 2011, the US government rolled out its "International Strategy for Cyberspace," which reminded us that "interconnected networks link nations more closely, so an attack on one nation's networks may have impact far beyond its borders." An in-depth report today from the New York Times confirms the truth of that statement as it finally lays bare the history and development of the Stuxnet virus—and how it accidentally escaped from the Iranian nuclear facility that was its target.

The article is adapted from journalist David Sanger's forthcoming book, Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power, and it confirms that both the US and Israeli governments developed and deployed Stuxnet. The goal of the worm was to break Iranian nuclear centrifuge equipment by issuing specific commands to the industrial control hardware responsible for their spin rate. By doing so, both governments hoped to set back the Iranian research program—and the US hoped to keep Israel from launching a pre-emptive military attack.

Continued : http://arstechnica.com/tech-policy/2012/06/confirmed-us-israel-created-stuxnet-lost-control-of-it/

Collapse -
NYT: Stuxnet cyberweapon created by US,Israel to attack Iran
by Carol~ Moderator / June 1, 2012 4:59 AM PDT

"The United States and Israel created the notorious Stuxnext worm to attack Iran's nuclear facilities, reports The New York Times"

The mysterious origin of Stuxnet, long considered one of the world's most dangerous computer worms, is a mystery no more. In a bombshell piece published today, The New York Times reports that Stuxnet was developed by the United States and Israel, and used by both the Bush and Obama administrations to wreak havoc on Iran's nuclear facilities. Then it accidentally "escaped" into the wild.

Many have long suspected that the U.S. and Israel developed Stuxnet, which successfully (though only temporarily) shut down 1,000 of the 5,000 centrifuges Iran was using to enrich uranium at the Natanz nuclear facility, according to the report. But until now, such assertions remained unconfirmed, as the many cybersecurity experts who analyzed Stuxnet said its code contained little evidence of who developed the worm. In September of 2010, antivirus firm Kapersky Labs concluded that the Stuxnet attack on Natanz "could only be conducted with nation-state support and backing." But that was as far as anyone got in discovering Stuxnet's origins.

Continued : http://www.digitaltrends.com/computing/stuxnet-cyberweapon-created-by-us-israel-to-attack-iran-reports-nyt/

Also: Stuxnet: How USA and Israel created anti-Iran virus, and then lost control of it

Collapse -
Why Antivirus Companies Like Mine Failed to Catch Flame and
by Carol~ Moderator / June 1, 2012 5:52 AM PDT
.. Stuxnet

Mikko Hypponen - Chief Research Officer @ F-Secure:

A couple of days ago, I received an e-mail from Iran. It was sent by an analyst from the Iranian Computer Emergency Response Team, and it was informing me about a piece of malware their team had found infecting a variety of Iranian computers. This turned out to be Flame: the malware that has now been front-page news worldwide.

When we went digging through our archive for related samples of malware, we were surprised to find that we already had samples of Flame, dating back to 2010 and 2011, that we were unaware we possessed. They had come through automated reporting mechanisms, but had never been flagged by the system as something we should examine closely. Researchers at other antivirus firms have found evidence that they received samples of the malware even earlier than this, indicating that the malware was older than 2010.

What this means is that all of us had missed detecting this malware for two years, or more. That's a spectacular failure for our company, and for the antivirus industry in general.

Continued : http://www.wired.com/threatlevel/2012/06/internet-security-fail/
Collapse -
Ex-MI5 boss loses laptop at Heathrow airport
by Carol~ Moderator / May 31, 2012 11:22 PM PDT
In reply to: NEWS - June 01, 2012

Stella Rimington, the former Director-General of MI5 (Britain's Security Service), has had her laptop stolen according to media reports.

Dame Stella Rimington made the headlines in 1992 when she was publicly named as the first female chief of MI5, and is believed to have inspired Judi Dench's casting as spy chief "M" in the James Bond films. Dame Stella has since carved herself a career as a spy novelist.

The former boss of MI5 was said by The Sun newspaper to be "very upset" by the theft which occurred as she left Heathrow airport last Tuesday.

The Metropolitan Police's SO15 Counter-Terrorism division is reported to have been informed because of possible security concerns.

Although Dame Stella retired from MI5 in 1996, the concern will be that she may still have the contact details of former colleagues, and no doubt the authorities will want to quickly determine if strong passwords and encryption were in place on the laptop.

Continued : http://nakedsecurity.sophos.com/2012/06/01/mi5-boss-loses-laptop/

Also:
Terror cops hunt laptop snatched from retired MI5 spookmistress
Ex-MI5 boss Dame Stella Rimington 'loses laptop at airport'

Collapse -
On Facebook, 'Likes' Become Ads
by Carol~ Moderator / June 1, 2012 4:59 AM PDT
In reply to: NEWS - June 01, 2012

On Valentine's Day, Nick Bergus came across a link to an odd product on Amazon.com: a 55-gallon barrel of ... personal lubricant.

He found it irresistibly funny and, as one does in this age of instant sharing, he posted the link on Facebook, adding a comment: "For Valentine's Day. And every day. For the rest of your life."

Within days, friends of Mr. Bergus started seeing his post among the ads on Facebook pages, with his name and smiling mug shot. Facebook — or rather, one of its algorithms — had seen his post as an endorsement and transformed it into an advertisement, paid for by Amazon.

In Facebook parlance, it was a sponsored story, a potentially lucrative tool that turns a Facebook user's affinity for something into an ad delivered to his friends.

Amazon is one of many companies that pay Facebook to generate these automated ads when a user clicks to "like" their brands or references them in some other way. Facebook users agree to participate in the ads halfway through the site's 4,000-word terms of service, which they consent to when they sign up.

With heightened pressure to step up profits and live up to the promise of its gigantic public offering, Facebook is increasingly banking on this approach to generate more ad revenue. The company said it does not break down how much revenue comes from such ads. Its early stock market performance — down 22 percent from its offering price — is likely to increase the urgency.

Continued : http://www.nytimes.com/2012/06/01/technology/so-much-for-sharing-his-like.html

Collapse -
The Vulnerabilities Market and the Future of Security
by Carol~ Moderator / June 1, 2012 5:00 AM PDT
In reply to: NEWS - June 01, 2012

Bruce Schneier @ his "Schneier on Security" Blog:

Recently, there have been several articles about the new market in zero-day exploits: new and unpatched computer vulnerabilities. It's not just software companies, who sometimes pay bounties to researchers who alert them of security vulnerabilities so they can fix them. And it's not only criminal organizations, who pay for vulnerabilities they can exploit. Now there are governments, and companies who sell to governments, who buy vulnerabilities with the intent of keeping them secret so they can exploit them.

This market is larger than most people realize, and it's becoming even larger. Forbes recently published a price list for zero-day exploits, along with the story of a hacker who received $250K from "a U.S. government contractor" (At first I didn't believe the story or the price list, but I have been convinced that they both are true.) Forbes published a profile of a company called Vupen, whose business is selling zero-day exploits. Other companies doing this range from startups like Netragard and Endgame to large defense contractors like Northrop Grumman, General Dynamics, and Raytheon.

This is very different than in 2007, when researcher Charlie Miller wrote about his attempts to sell zero-day exploits; and a 2010 survey implied that there wasn't much money in selling zero days. The market has matured substantially in the past few years.

This new market perturbs the economics of finding security vulnerabilities. And it does so to the detriment of us all.

Continued : http://www.schneier.com/blog/archives/2012/06/the_vulnerabili.html

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!