Spyware, Viruses, & Security forum

General discussion

NEWS - June 21, 2010

by Carol~ Moderator / June 20, 2010 10:47 PM PDT
Looking For Vulns In All The Right Places? Experts Say You Might Be Missing A Few

'Network-attached devices, paper documents, and your physical plant should be included in vulnerability scans, researchers warn'

The biggest vulnerabilities in the enterprise might be items we see every day -- and just don't think about.

Experts say that vulnerability assessments often overlook the everyday dangers: Network-attached devices that aren't computers. Paper documents. Passwords posted in plain view. Portable storage devices.

Most of these are technologies that would never be taken into account by a traditional vulnerability scan. Yet they could lead to data leaks just as surely as a keylogger or a data-stealing Trojan, experts say.

"Peripheral devices on the network may have capabilities the business doesn't know of," says Kevin Brown, delivery manager for custom testing at security assessment firm ICSA. "And those capabilities can create security vulnerabilities."

Printers, fax machines, and multifunction devices with persistent storage could all serve as entry points for a sophisticated hacker, Brown observes. And the presence of internal storage might not be clear at first glance, nor does it necessarily show up on traditional security audits.

Discussion is locked
You are posting a reply to: NEWS - June 21, 2010
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - June 21, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
A Spike in Phone Phishing Attacks?
by Carol~ Moderator / June 20, 2010 10:48 PM PDT
In reply to: NEWS - June 21, 2010

A couple of readers have written in to say they recently received automated telephone calls warning them about fraud on their credit card accounts and directing them to call a phone number to ?verify? their credit card numbers. These voice phishing attacks, sometimes called ?vishing,? are a good reminder that today?s scam artists often abuse a range of modern technologies to perpetrate old-fashioned fraud.

Phone phishing schemes often begin with a pre-recorded message that prompts the recipient to call a supplied telephone number ? frequently a toll-free line. Usually, the calls will be answered by bogus interactive voice response system designed to coax account credentials and other personal information from the caller.

Lures for these telephone phishing attacks also are sent via text message, a variant also known as smishing. Indeed, the Sacramento Bee warned last week that residents in the area were receiving text messages spoofing the Yolo Federal Credit Union.

Continued here: http://krebsonsecurity.com/2010/06/a-spike-in-phone-phishing-attacks/

Collapse -
Double trouble - spam and malware payloads
by Carol~ Moderator / June 20, 2010 10:54 PM PDT
In reply to: NEWS - June 21, 2010

Don?t you hate spam? It?s a nuisance, but not anything you really need to worry about, is it? I mean, it?s not like you ran an executable, you just found yourself somewhere trying to sell you Viagra, no harm done, right? Wrong - one recent campaign in particular highlights this fact.

Graham?s been talking about spam campaigns we?ve seen this last week containing html attachments. With topics currently covering Adult Friend Finder, romantic interest & Skype purchases, Facebook porn & Skype payment problems, and Facebook password resets, the spam?s trying very hard to get you to open its attachment. And if you do, you get taken to a page from our old friends at Canadian Pharmacy: [...]

At which point you presumably close the window, and chalk up the experience as another annoying run-in with spam. Case closed ? or is it?

When you open the attachment it loads a page from a remote website which looks something like this: [...]


Collapse -
Facebook Pushes Its Privacy Controls over Lingering Concerns
by Carol~ Moderator / June 20, 2010 10:55 PM PDT
In reply to: NEWS - June 21, 2010

Facebook continued to push back against lingering concerns over its privacy controls, issuing a blog post and a letter detailing the ways in which it stewards users' personal data. Privacy advocates issued an open letter to Facebook CEO Mark Zuckerberg June 16, asking for more user control over information contained on the site. In response, Facebook issued a counter-letter addressing the advocates? concerns point-by-point, and followed that up with a corporate blog posting on June 18 detailing how its privacy settings worked. According to reports, the privately held company may have earned as much as $800 million in 2009.

This week saw Facebook push back against lingering concerns over how it uses member data, using resources such as its corporate blog to insist that individual privacy remains its utmost concern. While the social-networking site?s revenues and membership have only increased over the past year, a rising chorus of privacy groups and individual users has questioned the controls over personal information.

On June 18, a posting on the Facebook blog described how the social-networking site attempts to give users control over that information. ?We recently launched simplified privacy settings in response to feedback that certain Facebook settings had become too complicated,? Monica Horak, an associate with the Facebook user operations team, wrote in a June 18 posting on the Facebook blog. ?Facebook gives you two ways to [control] what information you share with applications and Websites.?


Collapse -
It's Signed, therefore it's Clean, right?
by Carol~ Moderator / June 20, 2010 11:03 PM PDT
In reply to: NEWS - June 21, 2010

From the F-Secure Weblog:

Jarno Niemel

Collapse -
Security firms taking days to block malware
by Carol~ Moderator / June 20, 2010 11:08 PM PDT
In reply to: NEWS - June 21, 2010

"Can you hold on till Friday?"

Anti-malware vendors can take up to 92.48 hours to block malicious sites, potentially leaving clients in blissful ignorance of threats to their systems in the meantime.

Security researchers ISS Labs reviewed a range of endpoint security products from ten big-name security vendors and their response to "socially engineered or consensual malware threats".

It said 15,000 to 50,000 such threats were presenting themselves per day.

Effectiveness rates varied from a 35 per cent block rate to a more comforting 88.3 per cent.

Vendors' average times to respond to new threats ranged from 4.62 hours to 92.48 hours, with the high end turned in by Panda, IDC said. Of the 10 vendors profiled, just three managed response times of less than 30 hours.

Continued here: http://www.theregister.co.uk/2010/06/21/malware_delays/

Collapse -
GoogleCL: Command-line tool for Google services
by Carol~ Moderator / June 20, 2010 11:37 PM PDT
In reply to: NEWS - June 21, 2010

Google has released a new utility that allows programmers and power users to access a variety of Google services using command line prompts. GoogleCL is an open source Python application that uses the Python gdata libraries (Google Data Python Client Library) to connect to the company's online services.

Supported Google services currently include, for example, Blogger, Calendar, Docs, Contacts, YouTube and the Picasa photo sharing site. Google has posted a number of Example Scripts that show how to create a new Blogger post, Calendar entry or Contact, and upload a video to YouTube. The developers note that, in addition to standard tarball and .deb package downloads, they "hope to have it included in Debian and Ubuntu repositories in time for their next releases."

Continued here: http://www.h-online.com/open/news/item/GoogleCL-Command-line-tool-for-Google-services-1025911.html

Collapse -
by Carol~ Moderator / June 20, 2010 11:37 PM PDT
In reply to: NEWS - June 21, 2010

From the F-Secure Weblog:

When a company is hit with a cross-site scripting (XSS) attack, the natural reaction is to downplay the significance of the incident.

After all, an XSS vulnerability on a site does not mean that the site could be hacked or shut down. A typical XSS demonstration showing a funny dialog box on somebody else's site just emphasizes how harmless such an attack looks.

However, XSS is not harmless. We were just hit by one last night. And we do not want to downplay it.

The vulnerability on f-secure.com was found by security researcher Xylitol. He reported it yesterday evening. Xylitol is well-known for finding XSS vulnerabilities on sites such as army.mil, ibm.com and nasa.gov.

The problem was on a download page for our Mobile Anti-Theft product (anti-theft-download-wizard.html). With some clever tinkering, it was possible to create a web link that would point to our site, but when clicked, it would execute JavaScript controlled by the attacker. [...]

Continued here: http://www.f-secure.com/weblog/archives/00001972.html

Collapse -
Spammers Target Facebook and Twitter at Once
by Carol~ Moderator / June 21, 2010 1:03 AM PDT
In reply to: NEWS - June 21, 2010

From TrendLabs Malware Blog:

Due to their ever-growing popularity, social networks have been a continuous target of cybercriminals to proliferate their malicious schemes. TrendLabsSM received samples of another Facebook spam, this time also taking advantage of the popular micro-blogging site, Twitter. [...][...]

The mail, which poses as a Facebook notification message, uses adult-themed strings to lure users into opening the attachment. The .ZIP file attachment, Twitter.zip, contains the file twitter.html, which has an embedded malicious script that Trend Micro detects as JS_REDIR.AE.

Social networks are still on the verge of reaching their peak, as an increasing number of users spend more time on managing their accounts. According to the latest findings by Nielsen, social networking and blogging account for one in every four-and-a-half minutes people spend online.

With Facebook still remaining as one of the world?s most popular social media sites and Twitter not far behind, cybercriminals will most likely use these sites more and more to propagate malicious codes.

Continued here: http://blog.trendmicro.com/spammers-target-facebook-and-twitter-at-once/

Collapse -
Network access control vendors pass endpoint security testin
by Carol~ Moderator / June 21, 2010 1:04 AM PDT
In reply to: NEWS - June 21, 2010
Network access control vendors pass endpoint security testing

"Alcatel-Lucent, Bradford, Enterasys, ForeScout, McAfee go above and beyond"

One of the main promises of network access control is that you can ensure that endpoint security tools are up to date and that non-compliant machines can be identified or blocked. As regulatory compliance has grown in importance, NAC vendors have reacted by building strong feature sets aimed at endpoint security and compliance. In our NAC testing, we had good, and sometimes great, results across the board when it came to endpoint security.

NAC: What went wrong?

We created a very basic endpoint security policy, and then checked to see if we could implement that policy in our NAC products. We also looked at a variation on endpoint security, the ability of NAC products to handle system misbehavior. For example, if a typical, compliant, desktop started to try and brute-force break into other systems by guessing passwords, that would be a misbehavior we'd like to detect. Whether the desktop is infected, or the user is acting maliciously, it's still misbehavior and NAC can help put a stop to it.

Continued here: http://www.networkworld.com/reviews/2010/062110-network-access-control-test-end-point.html
Collapse -
Opera 10.54 closes critical security holes
by Carol~ Moderator / June 21, 2010 1:23 AM PDT
In reply to: NEWS - June 21, 2010

Norwegian vendor Opera has presented version 10.54 of its browser to close four security holes, one of which the company rates as extremely severe and as another highly severe. The company plans to protect users until the majority have updated to the new version, by only releasing details of the flaws at a later date. Opera advises all users to update to the latest release as soon as possible.

The Mac version fixes numerous other minor bugs and instabilities, and now automatically uninstalls the old version during auto-updates. Last week, Opera released version 10.6 beta for Windows, Mac OS X, and Unix; this version is considerably faster and prettier than its predecessor.

Continued here: http://www.h-online.com/security/news/item/Opera-10-54-closes-critical-security-holes-1026360.html

See Vulnerabilities & Fixes: Opera Multiple Unspecified Vulnerabilities

Collapse -
Mobile malware is a reality says Kaspersky
by Carol~ Moderator / June 21, 2010 1:23 AM PDT
In reply to: NEWS - June 21, 2010

Mobile malware has been bubbling along in the background of the security world for the last few years but, according to Denis Maslennikov, Kaspersky Lab's mobile research group manager, the rise in smartphone sales is triggering a surge in mobile malware amongst cybercriminals.

Speaking at Kaspersky Lab's recent analyst summit, Maslennikov said that the first piece of mobile malware using the internet dates back to 2004, when a Ukrainian hacker developed the code.

Cybercriminals, he said, then lost interest in these types of programmes, until quite recently 35% of all detected smartphone malware was tracked as operating via the internet.

Continued here: http://www.infosecurity-us.com/view/10407/mobile-malware-is-a-reality-says-kaspersky-/

Collapse -
Update: Apple launches iOS 4 upgrade
by Carol~ Moderator / June 21, 2010 5:40 AM PDT
In reply to: NEWS - June 21, 2010

"The iPhone OS update became available just after 1 p.m. ET"

Apple will release the iOS 4 update today around 1 p.m. ET, 10 a.m. PT, according to claims from users citing calls to the company's sales and support desks.

As of 11:45 a.m. ET, the update, which Apple said earlier this month would be delivered today, was not yet available via iTunes. Apple updated iTunes to version 9.2 last week to make the software compatible with the new mobile OS.

Several iPhone owners on Apple's support forum claimed that they had been told by Apple support personnel that the iOS 4 update would launch at 10 a.m. PT. Apple is headquartered in Cupertino, Calif., in the Pacific Time zone.

Computerworld was not able to confirm the reported launch time; Apple's telephone lines were swamped with calls, with wait times that exceeded 30 minutes.

Continued here: http://www.computerworld.com/s/article/9178352/Update_Apple_launches_iOS_4_upgrade

Also: Apple iPhone iOS 4 Arrives: 10 Reasons to Upgrade

Collapse -
Malicious code on Lenovo driver download page - Update
by Carol~ Moderator / June 21, 2010 5:40 AM PDT
In reply to: NEWS - June 21, 2010

The driver download portal of hardware manufacturer Lenovo temporarily deployed malicious code. Various virus scanners issued alerts about a Java-based Trojan downloader or dropper. The iframe injected by attackers points to the volgo-marun.cn server and can still be found on several pages of the download.lenovo.com server.

However, the injected links to the Chinese server are now pointing to a non-existent target, so there is no longer an immediate threat. The Firefox and Chrome web browsers have also started to warn their users about accessing this server. Since Lenovo doesn't appear to have responded, the security hole may still be open, which would potentially allow attackers to deploy updated iframe links on the download pages at any time.

Continued (with update) here: http://www.h-online.com/security/news/item/Malicious-code-on-Lenovo-driver-download-page-Update-1025886.html

Collapse -
30 states may join probe of Google Wi-Fi snoop
by Carol~ Moderator / June 21, 2010 8:37 AM PDT
In reply to: NEWS - June 21, 2010

"'As many questions as answers'"

As many as 30 states may investigate Google for surreptitiously sniffing traffic traveling over open Wi-Fi networks over a three-year span, Connecticut's top law-enforcement official said on Monday.

Connecticut Attorney General Richard Blumenthal said his office will lead the multi-state investigation into the unauthorized data collection by Google Street View cars. A ?significant number of states? are expected to participate, according to a press release issued by his office that claimed representatives from more than 30 states joined a recent telephone conference call to discuss the probe.

?While we hope Google will continue to cooperate, its response so far raises as many questions as it answers,? Blumenthal said in the release. ?The company must provide a complete and comprehensive explanation of how this unauthorized data collection happened, why the information was kept if collection was inadvertent and what action will prevent a recurrence.?

Continued here: http://www.theregister.co.uk/2010/06/21/google_wifi_snoop_inquiries/

Collapse -
Report IDs domain name registrars who sponsor illegal ..
by Carol~ Moderator / June 21, 2010 8:37 AM PDT
In reply to: NEWS - June 21, 2010
Report IDs domain name registrars who sponsor illegal activity

From the Sunbelt Blog:

Anti-spam group KnujOn ("NoJunk" backwards), a member of the Internet Corporation for Assigned Names and Numbers (ICANN), has issued a nearly 100-page report detailing how some domain name registrars are actively shielding pharma and other illegal groups by protecting their web sites from takedown. The report (PDF) names names.

ICANN is responsible for managing the assignment of domain names and IP addresses on behalf of the U.S. government.

KnujOn's report quotes John Horton, President of LegitScript.com: ?The Internet rule is straightforward. Domain name registrars are required by ICANN to prohibit domain owners from using their domains for unlawful purposes. Without exception, this rule is also reflected in each registrar?s terms and conditions, thus formalizing and protecting the company?s contractual right to suspend domain names for unlawful activity. Once a registrar becomes aware that a website is engaged in criminal activity, the company has the legal authority and technical ability to suspend the domain name, rendering the illegal and fraudulent content inaccessible. This self-policing is meant to balance freedom of speech with safety and legitimacy as the Internet continues to evolve. But all too often, registrars simply turn a blind eye to criminal activity.?

Continued here: http://sunbeltblog.blogspot.com/2010/06/report-ids-domain-name-registrars-who.html
Collapse -
Scam Alert: GoDaddy "Order Confirmation" email is a Scam
by roddy32 / June 21, 2010 9:10 AM PDT
In reply to: NEWS - June 21, 2010

I just received on of these e-mails myself so I checked it out because I have not ordered anything from GoDaddy.

[quote]By Denise Richardson on June 21, 2010 5:01 PM

Quick scam alert...DO NOT FALL FOR the latest email scam circulating. It arrives as an order confirmation from Go-Daddy and though it appears to look very authentic -it's anything but that. The email includes Go-Daddy's official phone number and logo and it also includes a few infected links that the scammers hope you will click on. When clicked on you will undoubtedly download malicious spyware onto your computer.

The phony order confirmation comes is a receipt for $357.00 worth of bulk domain names you recently purchased and allows you to click on links and pictures in the email for additional info.

Do not click on any links or pictures.

Go-daddy has been flooded with calls on this scam - and it's easy to see why. The email looks very legit.

If you received this email, delete it immediately.

If you received it and already clicked on the links - update your virus protection, run a full scan on your computer and dump all data you may have in your cache.


Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?