14 total posts
MorganStanley Attacked by China-Based Hackers Who Hit Google
Morgan Stanley experienced a "very sensitive" break-in to its network by the same China-based hackers who attacked Google Inc.'s computers more than a year ago, according to e-mails stolen from a cyber-security company working for the bank.
The e-mails from the Sacramento, California-based computer security firm HBGary Inc., which identify the first financial institution targeted in the series of attacks, said the bank considered details of the intrusion a closely guarded secret.
"They were hit hard by the real Aurora attacks (not the crap in the news)," wrote Phil Wallisch, a senior security engineer at HBGary, who said he read an internal Morgan Stanley report detailing the so-called Operation Aurora attacks.
The nickname came from McAfee Inc., a Santa Clara, California-based cyber-security firm, which said the attacks occurred for about six months starting in June 2009 and marked "a watershed moment in cyber security." The number of companies known to be hit in the attacks was initially estimated at 20 to 30 and now exceeds 200, said Christopher Day, senior vice president for Terremark Worldwide Inc., which provides information-technology security services.
Continued : http://www.bloomberg.com/news/2011-02-28/morgan-stanley-network-hacked-in-same-china-based-attacks-that-hit-google.html
Also: Morgan Stanley hit by same attackers that breached Google
Gmail back soon for everyone
From the Official Gmail Blog:
Imagine the sinking feeling of logging in to your Gmail account and finding it empty. That's what happened to 0.02% of Gmail users yesterday, and we're very sorry. The good news is that email was never lost and we've restored access for many of those affected. Though it may take longer than we originally expected, we're making good progress and things should be back to normal for everyone soon.
I know what some of you are thinking: how could this happen if we have multiple copies of your data, in multiple data centers? Well, in some rare instances software bugs can affect several copies of the data. That's what happened here. Some copies of mail were deleted, and we've been hard at work over the last 30 hours getting it back for the people affected by this issue.
To protect your information from these unusual bugs, we also back it up to tape. Since the tapes are offline, they're protected from such software bugs. But restoring data from them also takes longer than transferring your requests to another data center, which is why it's taken us hours to get the email back instead of milliseconds.
Continued : http://gmailblog.blogspot.com/2011/02/gmail-back-soon-for-everyone.html
Gmail accidentally resetting accounts, years of correspondence vanish into the cloud?(update)
Google Gmail outage leaves 150,000 users without e-mail
US raps China's Baidu and Taobao over pirated goods
Two of China's biggest websites, the search engine Baidu and online retailer Taobao, were named as "notorious markets" in a new U.S. government report for allegedly supporting pirated and counterfeit goods.
China's largest search engine, Baidu, was named as an offender for providing online services that provide links to pirated goods via third-party sites. Major record labels have leveled the same accusations, claiming that Baidu "deep links" users to hundreds of thousands of illegal songs hosted on other sites. In 2008, the record labels brought a lawsuit against Baidu, only to see it fail.
Baidu declined to comment on the U.S. report.
China's largest online retailer, Taobao.com, was also named a major offender for allowing merchants to offer counterfeit goods on its website. The report, however, added that the company is "making significant efforts to address the availability of infringing goods through its website."
Continued : http://www.computerworld.com/s/article/9212040/US_raps_China_s_Baidu_and_Taobao_over_pirated_goods
Also: Baidu, Taobao Identified as `Notorious Markets' by U.S. for Helping Piracy
Apple Kickback Offender Pleads Guilty, Forfeits $2.3 Million
"Former Apple employee Paul Devine has plead guilty in a California court to passing Apple's secrets to its partners in exchange for lucrative kickbacks."
Paul Shin Devine, the former Apple employee at the center of a kickback scheme, admitted to defrauding Apple and plead guilty to criminal accounts of wire fraud, conspiracy and money laundering in a Northern California court Feb. 28.
The plea is an about-face from the not-guilty plea Devine made Aug. 16, 2010, after being arrested and charged with more than 23 counts.
The 38-year-old Devine, who worked for Apple as a global supply manager from 2005 until 2010, is accused of having passed confidential company information - such as pricing targets, product specifications, roadmaps, product forecasts and information obtained from Apple's partners - to a number of Asian suppliers in exchange for kickbacks. The scheme earned him more than $2.4 million.
Continued : http://www.eweek.com/c/a/Government-IT/Apple-Kickback-Offender-Pleads-Guilty-Forfeits-23-Million-605655/
Ex-Apple Manager Pleads Guilty to Fraud, to Hand in $2.25M
Ex-Apple manager pleads guilty in kickback scheme
Intel's acquisition of McAfee now complete
Intel, the world's largest chip maker, has announced that its acquisition of security specialist McAfee is now complete. Under the terms of the deal, first announced in August 2010, Intel agreed to purchase all of McAfee's common stock for $48 per share, valuing the cash deal at a total of approximately $7.68 billion (
Fake Donations for New Zealand Earthquake Victims
On February 22, 2011, a massive 6.3 magnitude earthquake devastated the New Zealand city of Christchurch. As per the official reports, the death toll has reached 75-a number that may yet increase. Thousands of people in New Zealand have lost their homes and search operations are still in progress. Fraudsters, as usual, are taking advantage of this by sending spam mails that request donations. In January, phishers had used the same ploy of asking for fake donations for victims of the Serrana floods. [Screenshot] [[url=
The phishing site spoofed the Red Cross website for New Zealand and requested help from end users. Firstly, the phishing site gave details of the earthquake, highlighting the extent of the damage in the city. Secondly, details on how to make a secure online donation were given. Users were notified that upon making an online donation, the user would receive a receipt by email for tax purposes. There were three credit card services to choose from.
To make the donation, users were required to enter certain confidential information. The first field was a drop down menu from which the user had to select the cause for which the donation would be made. The causes included New Zealand Earthquake 2011, Annual Appeal 2011, Australian Floods Fund, Landmine Appeal, Pacific Disaster Preparedness Fund, and General Fund Appeal.
Continued : http://www.symantec.com/connect/blogs/fake-donations-new-zealand-earthquake-victims
Erasing Data from Flash Drives
From Bruce Schneier @ his "Schneier on Security" Blog:
"Reliably Erasing Data From Flash-Based Solid State Drives,"(pdf) by Michael Wei, Laura M. Grupp, Frederick E. Spada, and Steven Swanson.
Abstract: Reliably erasing data from storage media (sanitizing the media) is a critical component of secure data management. While sanitizing entire disks and individual files is well-understood for hard drives, flash-based solid state disks have a very different internal architecture, so it is unclear whether hard drive techniques will work for SSDs as well.
We empirically evaluate the effectiveness of hard drive-oriented techniques and of the SSDs' built-in sanitization commands by extracting raw data from the SSD's flash chips after applying these techniques and commands. Our results lead to three conclusions: First, built-in commands are effective, but manufacturers sometimes implement them incorrectly. Second, overwriting the entire visible address space of an SSD twice is usually, but not always, sufficient to sanitize the drive. Third, none of the existing hard drive-oriented techniques for individual file sanitization are effective on SSDs.
This third conclusion leads us to develop flash translation layer extensions that exploit the details of flash memory's behavior to efficiently support file sanitization. Overall, we find that reliable SSD sanitization requires built-in, verifiable sanitize operations.
Continued : http://www.schneier.com/blog/archives/2011/03/erasing_data_fr.html
Apple iTunes accounts hacked as more rogue developers emerge
It appears that after seven months, Apple is still having difficulty coming to terms with the fact that hackers are targeting iTunes accounts to purchase apps and artificially inflate the revenue received, particularly apps originating from the developer account of "Hongbin Suo".
We exclusively revealed back in July that attackers were compromising iTunes accounts across the world, revealing not just one but a number of different developer accounts that used very similar, if not more "innovative", approaches to stealing users' money. Put simply, the Apple App store was filled with App Farms being used to steal.
Fast-forward to mid-February - We receive a tip from a worried iTunes account holder and Apple's forums begin to fill up with users complaining of transactions being made on their iTunes accounts that they didn't authorise. Reports point to apps from developer accounts Hongbin Suo and GameIsLive, particularly Texas Hold'Em and other Chinese apps which were either paid downloads or made use of Apple's in-app purchasing.
Continued : http://thenextweb.com/apple/2011/03/01/apple-itunes-accounts-hacked-as-more-rogue-developers-emerge/
Password management site plugs info-leak bug
Password management site LastPass has plugged a security hole in its website that created a means to extract the email addresses - though not the passwords - of enrolled users.
The cross-site scripting bug meant that logged-in users induced to visit a malicious site would disclose their email addresses and sites associated with a LastPass account, along with password reminders and a list of IP addresses used to access the site.
The bug was discovered by independent security researcher Mike Cardwell, who was unable to exploit the flaw to extract passwords.
LastPass - which boasts close to a million members - stores website login details in an encrypted container, safeguarded by a master password. Users log in to extract this information either directly via the website or by using a browser extension.
Cardwell reported the information disclosure bug to LastPass, which acted promptly in less than three hours to close the hole. In an advisory LastPass explains how it has improved security to prevent any repetition of the unfortunate incident, including ensuring browsers that support it (Chrome and Firefox 4) will be locked into secure SSL web requests when on the lastpass.com domain.
Continued : http://www.theregister.co.uk/2011/03/01/password_management_site_xss_bug/
Related : Password Management Site LastPass Sports Security Hole
Android's Steamy Window trojan sends SMS to premium numbers
An Android App called Steamy Window is being used by hackers to take over Android phones and run up big texting bills.
Symantec says the app is a free program that Chinese hackers have modified, then re-released into the wild.
In a statement, Vikram Thakur, a principle security response manager at Symantec, said that Steamy Window is the newest in a line of compromised Android apps.
The hackers grabbed a copy of Steamy Windows, then added a backdoor Trojan horse - "Android.Pjapps" to the app's code.
The app was then placed on unsanctioned third-party "app stores" in the hope that punters looking for dodgy apps can find them.
Thakur said that while hacks like this were becoming a dime a dozen this one stood out as a particularly nasty piece of work.
The Trojan planted by the malware-infected Steamy Windows can install other applications, bugger around with the phone's browser bookmarks, and navigate to Web sites and silently send text messages.
The criminals send messages to premium rate numbers and collect commissions.
Continued : http://www.techeye.net/security/androids-steamy-window-trojan-sends-sms-to-premium-numbers
From Symantec's Security Response Blog: Android Threats Getting Steamy
DarkComet RAT author denies BlackHole Mac Trojan is his
To follow up on our post last Friday, I was contacted by the author of the DarkComet RAT Trojan. He seemed quite upset that I suggested the new Mac OS X Trojan BlackHole RAT was related to his Windows creation.
While the BlackHole RAT Trojan seems to be copying the behavior of DarkComet, the lack of functionality and the unsophisticated user interface clearly offended the author, who felt it was necessary to set the record straight.
To make a point, DarkComet's author acknowledges that he is developing his own Mac OS X Trojan, called DarkCometX, that is not yet finished. He provided the following screenshot. [Screenshot]
Learning of two Mac OS X Trojans in less than a week was, admittedly, a bit of a surprise. Technically, in and of itself, writing a Trojan is not illegal. It's all in what you do with it.
Looking at the code and descriptions, though, I think it is clear what the authors expect you to do with their "products."
BlackHole RAT includes text saying things like:
Continued : http://nakedsecurity.sophos.com/2011/03/01/darkcomet-rat-author-denies-blackhole-rat-is-his/
Related : Mac OS X backdoor Trojan, now in beta?
Accused AT&T Hacker Makes Bail
One of the two men accused of hacking AT&T's website to grab personal information about thousands of iPad users has been released on bail.
Andrew Auernheimer was released from custody on Monday on a US$50,000 bond. He will be working for a friend's New Jersey company as a computer consultant while out on bail, according to the U.S. Department of Justice. Auernheimer is not allowed to travel outside of New Jersey and New York and is prohibited from using Internet-enabled cell phones. While on bail, he can use the Internet, but only for work-related tasks, the DOJ said.
Auernheimer, who used the hacker name Weev, and Daniel Spitler were charged with fraud and conspiracy last month in connection with the June 2010 incident, where members of their hacking group downloaded data on about 120,000 iPad users and handed it over to a reporter, saying they had uncovered an important security vulnerability in the AT&T website.
Continued : http://www.pcworld.com/businesscenter/article/220991/accused_atandt_hacker_makes_bail.html
Also: Reputed ATandT Hacker Makes Bail, Released
IE9 Feeds Insatiable User Appetite with 36 Million Downloads
Internet Explorer 9 is "downloading like hotcakes," if they would be downloadable, that is. After almost six months since IE9 made its debut into Beta, one thing is clear, users worldwide have worked out quite an appetite for the next major iteration of IE.
IE9 was downloaded in excess of 25 million times between September 15th, 2010 and February 10th, 2011 when the browser graduated to Release Candidate (RC) stage.
And it appears that the number of downloads is only accelerating, according to the latest statistics provided by Microsoft.
Since IE9 RC was launched earlier this month, there have been over 11 million new downloads of IE8's successor.
IE9 has been downloaded at the rate of a little over 2.5 copies each second, or 150 downloads per minute until March 1st, 2011.
"Since its release on February 10th, the IE9 RC has already been downloaded over 11 million times. Together with the IE9 Beta, IE9 has been downloaded over 36 million times since its initial availability on September 15, 2010," revealed Roger Capriotti, Director, Internet Explorer Product Marketing.
Continued : http://news.softpedia.com/news/IE9-Feeds-Insatiable-User-Appetite-with-36-Million-Downloads-186888.shtml
As Referenced: IE9 Reaches 36 Million Downloads; Internet Explorer Share Grows