Alert

NEWS - June 07, 2011

RSA Says Lockheed Attack Not a New Threat to SecurID, But Will Replace Users' Tokens

In the wake of a string of attacks against high-profile users of RSA Security's SecurID tokens including Lockheed Martin, the company has posted an open letter to its customers, trying to reassure them that the tokens are secure and that the attacks don't represent a new threat to these businesses. However, the company is now offering to replace SecurID tokens for its corporate customers, a user base of tens of millions of people.

On Monday, RSA Executive Chairman Art Coviello said in the letter that the company surmised at the time of the initial attack on RSA in March that compromised data related to the SecurID tokens that the intrusion was aimed at getting information that would be useful in targeted attacks against defense contractors and other customers in the military-industrial complex. The recent attack on Lockheed Martin, which that company said it was able to stop, and other reported attacks on Northrop Grumman and L-3 Communications have done nothing to change that conclusion, Coviello said.

"Against this backdrop of increasingly frequent attacks, on Thursday, June 2, 2011, we were able to confirm that information taken from RSA in March had been used as an element of an attempted broader attack on Lockheed Martin, a major U.S. government defense contractor. Lockheed Martin has stated that this attack was thwarted," he said in the letter, posted on the RSA site.

Continued : http://threatpost.com/en_us/blogs/rsa-says-lockheed-attack-not-new-threat-securid-will-replace-users-tokens-060711

Also:
RSA replaces SecurID tokens after hack
RSA makes token offer to worried customers
RSA to replace all SecurID tokens - or perhaps not
Discussion is locked
Follow
Reply to: NEWS - June 07, 2011
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - June 07, 2011
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Hackers may try to disrupt World IPv6 Day

Hundreds of popular websites -- including Google, Facebook, Yahoo and Bing -- are participating in a 24-hour trial of a new Internet standard called IPv6 on June 8, prompting worries that hackers will exploit weaknesses in this emerging technology to launch attacks.

Background: Large-scale IPv6 trial set for June 8

Dubbed World IPv6 Day, the IPv6 trial runs from 8 p.m. EST on Tuesday until 7:59 p.m. EST on Wednesday.

Security experts are concerned that the 400-plus corporate, government and university websites that are participating in World IPv6 Day could be hit with distributed denial of service (DDoS) or other hacking attacks during the 24-hour trial.

"In the last five months, there has been a huge increase in DDoS attacks," says Ron Meyran, director of product marketing and security at Radware, a network device company that is not participating in World IPv6 Day. "IPv6 is going to be even easier for attackers ... because IPv6 traffic will go through your deep packet inspection systems uninspected."

Meyran says another concern is that IPv6 packet headers are four times larger than IPv4 headers. This means routers, firewalls and other network devices must process more data, which makes it easier to overwhelm them in a DDoS attack.

Continued : http://www.networkworld.com/news/2011/060611-ipv6-security.html

- Collapse -
Skype fix now available after outage affects 'small number'
Skype fix now available after outage affects 'small number' of users

If you're having trouble connecting to Skype this morning, it's not your computer. The company announced earlier today that its system has gone down once again, the second such outage in the past couple of weeks.

"A small number of you may have problems signing in to Skype," wrote the VoIP company on its Twitter page. "We're investigating the cause, and hope to have more details to share soon."

About an hour after that Tweet was published, the company made a statement on its blog saying that it had discovered a "configuration proble" that "has meant some of you have been disconnected from Skype."

"We've identified the cause of the problem, and have begun to address it," writes Skype's Peter Parkes on the Skype blog. "If you've been affected, you should start to see improvement in the next hour or so. You shouldn't need to manually sign back in to Skype - it should reconnect automatically when it's able to do so."

That hour is now up, and Skype has issued the following fixes to the problem:

Windows
1. Click Start, type run and press Enter. (On Windows XP: Click Start and then Run.)
2. Type the following and click OK. %appdata%\skype

Continued : http://www.digitaltrends.com/computing/skype-fix-now-available-after-outage-affects-small-number-of-users/
- Collapse -
Feds turn one in four black-hat hackers into snitches

One in four criminal hackers turn snitches under pressure from US authorities.

The FBI and US Secret Service - the two lead agencies in the fight against cybercrime in the US - have used the threat of prison to create an army of informers, according to an investigation by The Guardian. A climate of mistrust has been sown among criminal hackers as a result of this process.

Hacker turncoats running carder forums - under instructions from FBI handlers - have acted as sources of intelligence for subsequent prosecutions. In other cases, undercover agents have run underground forums as part of sting operations.

Eric Corley, publisher of hacker quarterly 2600, estimates 25 per cent of hackers (crackers) operating in the US might have turned stool pidgin. "Owing to the harsh penalties involved and the relative inexperience with the law that many hackers have, they are rather susceptible to intimidation," Corley told The Guardian.

John Young, who runs whistle-blowing website Cryptome, said mistrust among hackers is growing rife. "There are dozens and dozens of hackers who have been shopped by people they thought they trusted," he said.

Continued : http://www.theregister.co.uk/2011/06/07/hacker_snitches/

- Collapse -
.NET Framework 4 - Download 6 New Features and 35 Fixes
.. via Update

Microsoft is offering a massive update to .NET Framework 4 designed to introduce no less than six new features and provide fixes for no less than 35 issues.

.NET Framework 4 KB2468871 is now available for download from the software giant, offered to customers running the 32-bit flavors of supported Windows releases, including Windows 7 Service Pack 1 (SP1).

What the Redmond company is saying is that KB2468871 is designed as the most consistent upgrade to .NET Framework 4 since its RTM.

"The .NET Framework 4 update provides cumulative roll-up updates for customer reported issues found after the release of the .NET Framework 4," the software giant revealed.

Essentially, KB2468871 is described as a General Distribution Release (GDR) update for.NET Framework 4.

Microsoft initially released .NET Framework 4 back in April 2010, concomitantly with the RTM Build of Visual Studio 2010.

Almost a year later, the software giant also provided .NET Framework 4 Platform Update 1. A first for the .NET Framework, Platform Update 1 was offered after Visual Studio 2010 Service Pack 1 (SP1) as an upgrade.

Somewhat similarly, KB2468871 also provides new features, just like the PP1 upgrade, with the added bonus of fixing a range of problems.

Customers can read about all the issues that KB2468871 is designed to repair in the Knowledge Base article accompanying the update. The new features that the refresh introduces are also detailed there, but I also included them below for your convenience:

Continued : http://news.softpedia.com/news/NET-Framework-4-Download-6-New-Features-and-35-Fixes-via-Update-204676.shtml
- Collapse -
Google Fixes 15 Bugs in Chrome, Gives Users Ability to ..
Google Fixes 15 Bugs in Chrome, Gives Users Ability to Delete Flash Cookies

Google has fixed more than a dozen security bugs in its Chrome browser, including five high-severity vulnerabilities and one that qualified for the company's highest bug bounty, a $3133.7 reward.

The new version of Chrome has fixes for 15 separate security vulnerabilities, the most critical of which is a same origin bypass in v8, the JavaScript engine in Chrome. That bug, along with several others fixed in this release, was discovered and reported by researcher Sergey Glazunov. The v8 vulnerability earned him a payout of $3133.7 under Google's reward program, and Glazunov also reported two other bugs, each of which qualified for $1,000 rewards.

The new version of Chrome also gives users the ability to delete Flash cookies in the same manner in which they are able to delete other Web cookies. It also has new functionality that helps prevent the download of malicious files through the Safe Browsing feature.

Google's Chrome team said that the bug in the v8 engine that Glazunov reported was particularly interesting.

"We'd also like to call particular attention to Sergey Glazunov's $3133.7 reward. Although the linked bug is not of critical severity, it was accompanied by a beautiful chain of lesser severity bugs which demonstrated critical impact. It deserves a more detailed write-up at a later date," Google's Jason Kersey said in a blog post.

Continued : http://threatpost.com/en_us/blogs/google-fixes-15-bugs-chrome-gives-users-ability-delete-flash-cookies-060711

Also: A new stable release of Chrome: safer and snazzier
- Collapse -
Microsoft to launch cloud-based 'Office 365' on June 28

Looking to expand the appeal of its already hugely popular Office software suite yet further-while combating the threat of Google Docs-Microsoft is apparently planning to release the cloud-based version of its productivity platform before the end of this month.

That's according to pleasingly loose-lipped chief executive officer Steve Ballmer, who last week revealed to an industry group in Delhi, India, that Office 365's long awaited arrival is indeed imminent.

"We're pushing hard in the productivity space," commented Ballmer, who recently whipped the covers off Windows 8 ahead of Microsoft's official preview during Computex 2011 in Taipei.

"We'll launch our Office 365 cloud service, which gives you Lync and Exchange and SharePoint and Office [Word, Excel, PowerPoint] and more as a subscribable service that comes from the cloud," he added. "That launches in the month of June."

Ballmer's comments are bolstered somewhat by Jon Roskill, corporate vice president of Microsoft's worldwide partners group, who last week tweeted that Office 365 will indeed shift from beta to full release on June 28.

Office users looking to leap onto the cloud will receive a 25GB mailbox, connectivity support for Outlook 2010 and Outlook 2007, and security protection through Forefront. They'll also receive access to the storage and sharing of conventional Office documents and those crafted via Office Web Apps.

Continued : http://www.thetechherald.com/article.php/201123/7242/Microsoft-to-launch-cloud-based-Office-365-on-June-28

- Collapse -
Free antivirus programs rise in popularity, new survey shows

"Microsoft share of antivirus market grows, says Opswat survey"

Free antivirus programs such as Microsoft's Security Essentials (MSE) have now supplanted more complex paid software as the antimalware defense of choice for millions of consumers, figures from certification company OPSWAT have suggested.

In its quarterly analysis of the security software running on 43,000 computers around the world between March and May 2011, OPSWAT found that well-known brands such as McAfee, Symantec and Trend Micro are continuing to be pushed down the popularity tables by mostly European rivals marketing on the basis of either a free-to-use or "freemium" (free with paid upgrades available) model.

Globally, the two most commonly encountered brands were Czech companies Avast Software and AVG, tied with being detected on 12.3 percent of systems each, ahead of Avira of Germany on 12.2 percent, Microsoft on 11.2 percent, and ESET Software, also of Germany, on just under 10 percent. Traditional security brand leaders, Symantec, McAfee and Trend Micro were found on only 8.77 percent, 4.5 percent and 2.15 percent of systems respectively.

In terms of individual products, the most popular program was Microsoft's Security Essentials with 10. 6 percent market share, ahead of Avira's Antivir Personal Free with 10.2 percent, Avast Free Antivirus with 8.66 percent, and AVG Antivirus Free with 7.92 percent.

Continued : http://www.networkworld.com/news/2011/060711-free-antivirus-programs-rise-in.html

- Collapse -
Misguided Password Sharing Comes Back to Haunt Acer

he recent data breach incident that resulted in information about Acer consumers in over 29 countries being exposed was the result of the company's own negligence.

Last week, hackers identifying themselves as members of the Pakistan Cyber Army (PCA) obtained access to ftp.acer-euro.com, the FTP server for Acer's EMEA service & support website.

Released screenshots showed hackers connecting to the FTP server with a user called "navasp" and a "Country Wise Customer Data.zip" file sitting in a sub-directory.

The archive contained Acer customer data spreadsheets organized by country. The information included full names, email addresses, full home addresses (with postal code, city and country) and phone numbers.

The question on everyone's mind at the time was the method used by hackers to obtain the password for the navasp account.

Stealing it from the compromised computer of an Acer employee was one possibility. However, according to The Hacker News, the answer is much more simple- they Googled it.

Apparently the navasp username and password were posted at the beginning of 2008 on a public forum by an Acer employee. Judging by the post, the login info was shared with people who had trouble obtaining a hotfix.

Continued : http://news.softpedia.com/news/Misguided-Password-Sharing-Comes-Back-to-Haunt-Acer-204765.shtml

Related: Hackers say Acer breach leaked data for 40,000 users

- Collapse -
Facebook changes privacy settings for millions of users -
Facebook changes privacy settings for millions of users - facial recognition is enabled

When Facebook revealed last year it was introducing facial recognition technology to help users tag their friends in photographs, they gave the functionality to North American users only.

Most of the rest of us found the option in our privacy settings was "not yet available", which meant we could neither enable or disable it. We simply had to wait until Facebook decided to roll it out to our account.

Well, now might be a good time to check your Facebook privacy settings as many Facebook users are reporting that the site has enabled the option in the last few days without giving users any notice.

There are billions of photographs on Facebook's servers. As your Facebook friends upload their albums, Facebook will try to determine if any of the pictures look like you. And if they find what they believe to be a match, they may well urge one of your Facebook friends to tag it with your name.

The tagging is still done by your friends, not by Facebook, but rather creepily Facebook is now pushing your friends to go ahead and tag you.

Continued : http://nakedsecurity.sophos.com/2011/06/07/facebook-privacy-settings-facial-recognition-enabled/
- Collapse -
Facebook Attackers Now Hiding Behind Porn Sites

F-Secure Weblog:

There was a rather innovative Facebook malware attack last week which pushed both Windows and Mac malware.

While some folks were distracted by the Mac scareware component, it appeared to us as only the secondary factor in the overall attack. The Windows component, a fake "Adobe Flash Player" update, has ZeuS bot characteristics according to an analyst on our Threat Solutions team. We therefore conclude that the attack was focused on building a Windows OS botnet, and that the Mac OS scareware was tacked on as a bonus (as there are no ZeuS binaries to push at Mac users).

Facebook took more than 24 hours to block malicious links redirecting to newtubes.in: a domain using an Indian TLD, was hosted on a Lithuanian server, and is registered to "Narcisa Scott" of Thailand.

In the end, all links used by the attack were deleted by Facebook.

And we had hoped last week that Facebook killed whatever spam/attack vector was being used.

But that hope was in vain.

The same bad guys are now spamming links to porn sites via Facebook profiles: [Screenshot]

You can see profiles posting the links via an Openbook search for "Free Tube Hub".

The sites, which have names such as blackbootyblog.com, ebonyarea.com, justebonypussy.com and ebonykey.com, all have a common theme?

That's because many of them are hosted on the same server:

Continued : http://www.f-secure.com/weblog/archives/00002178.html

- Collapse -
Microsoft: Rustock still dead but hunt on for culprits
Though Rustock remains down for the count, according to Microsoft, the hunt goes on for the creators of the infamous botnet.

Rustock was taken down this past March by Microsoft and law enforcement officials who used a combination of legal maneuvers and raids to seize control of the servers that ran the notorious spamming network. Since then, Rustock has remained "dead and decaying," said Richard Boscovich, senior attorney for Microsoft Digital Crimes Unit, in a blog published yesterday.

But taking down the network itself is only half the battle in keeping botnets like Rustock offline. Tracking down the culprits who devise such botnets is the other half.

Based on work done through the Digital Crimes Unit, the company believes the creators of Rustock either operated or are still operating out of Russia. As a result, Microsoft is actively pursuing the perpetrators through a series of actions through the Russian press and legal system.

As the first legal step required, the company has placed ads in two large Russian newspapers aimed at the owners of the IP addresses and domain names that were shut off when Rustock was taken down. The ads, which will run for 30 days, inform the owners of the date and time of legal hearings on the matter and where they can appear to defend themselves.

Continued : http://news.cnet.com/8301-1009_3-20069687-83/microsoft-rustock-still-dead-but-hunt-on-for-culprits/
- Collapse -
Naming & Shaming Sources of Spam

A new resource for spotlighting organizations that are unwittingly contributing to the global spam problem aims to shame junk email havens into taking more aggressive security measures.

SpamRankings.net is a project launched by the Center for Research in Electronic Commerce at the University of Texas at Austin. Its goal is to identify and call attention to organizations with networks that have been infiltrated by spammers.

Andrew Whinston, the center's director, said the group initially is focusing on health care providers that appear to be infected with spam bots. "Nobody wants to do business with a bank or hospital or Internet hosting company that has been hijacked by spammers," Whinston said. "It's an environment in which user data can be stolen or compromised. [Screenshot: Spam Rankings]

It's not clear whether people pay attention to spam rankings when choosing providers, but it's nice that another method of measuring badness and reputation on the Web has come online. Unfortunately, one doesn't have to look very hard to find spambot infections at many health care providers. In April, I wrote about a service that lets crooks proxy their communications through hacked PCs (see: Is Your Computer Listed for Rent?): Within a few hours of poking around that service, I found three health care providers that were hosting spambots.

Continued : http://krebsonsecurity.com/2011/06/naming-shaming-sources-of-spam/

CNET Forums