21 total posts
Apple releases Mac OS X 10.6.7 update
Apple has released the final version of Mac OS X 10.6.7 . This update for Snow Leopard is available to download from Apple's web site and is 475 MB if Mac OS X 10.6.6 has already been installed; the combo update , which includes earlier updates from Mac OS X 10.6, is considerably larger, at 1.12 GB. Apple lists three central points among the new additions: fixes that improve the reliability of the Back to My Mac remote desktop service, that resolve an issue when transferring files to certain SMB servers and that eliminate "various minor" bugs in the Mac App Store ; the latter was introduced with Mac OS X 10.6.6 .
In the software update notes, Apple also recommends the update "for all early 2011 MacBook Pro models". The company says that the update addresses "minor FaceTime performance issues" and improves "graphics stability and external display compatibility". Problems with the new combined DisplayPort/Thunderbolt connector causing display flickering in certain configurations had recently been reported in this context. Some users also reported problems when running their quad-core machines at full load - whether Apple has made changes to resolve these issues has yet to be confirmed.
Continued : http://www.h-online.com/security/news/item/Apple-releases-Mac-OS-X-10-6-7-update-1212226.html
See Vulnerabilities & Fixes : Apple Mac OS X Multiple Vulnerabilities
Apple's silent updates
Apple has released MacOS X 10.6.7 with several bugfixes and security-patches. This patch bundle also includes a silent update to Apple's built-in Xprotect anti-virus functionality.
With the release of Snow Leopard (Mac OS X 10.6) Apple introduced a basic antivirus protection called ?XProtect". It scans and detect threats when files are downloaded through Safari, Mail, iChat, Firefox and a few more and afterwards executed. The Signature-List is updated via Apples Software Update.
Till now Xprotects database contained signatures for three well-known threats:
- OSX.RSPlug.A: changes local DNS-entries, came through fake video-codecs
- OSX.Iservice: attacks websites (DDoS), came bundled with pirated applications
- OSX.HellRTS: known as HellRaiser, tool which gives the attacker full access ofver the victims system. Version 4.2 public available, version 4.4 sold for 15$ by the creator in underground forums. [Screenshot
The updated signature now includes definitions for "OSX.OpinionSpy". This Trojan came bundled with screensavers and applications hosted on popular download websites for Macs mid of 2010. It is known as Opinion Spy and Premier Opinion. The main aim of the malware is to collect personal data which is sent to various servers. The Trojan runs as root, which means it's capable of doing ?anything" on your computer.
Continued : http://www.securelist.com/en/blog/6141/Apple_s_silent_updates
Play.com spam points to malware downloads
Multiple Reg readers were annoyed at receiving junk mail messages on Monday from addresses they had only registered with online retailer Play.com.
Several of these junk mail sites pointed to black hat controlled domains that served up malware, heightening complaints on online forums (discussion on MoneySavingExpert here) and sparking theories that either Play.com had been hacked or its mailing list had been stolen.
Affected users were sure that Play.com must have been associated with the malware touting emails because they used a unique email address when signing up to the site.
We put in a query to Play.com on Monday but are yet to hear back. However, we have received copies of emails sent to customer by Play.com that apologised for the incident and blamed the breach on an (unnamed) third-party marketing firm.
Continued : http://www.theregister.co.uk/2011/03/22/play_malware_spam/
Play.com: Only customer emails lost in data breach
Online retailer Play.com has named its marketing partner Silverpop as the guilty party behind the disclosure of customer names and email addresses.
The breach led to distribution of spam to email addresses only registered with the online retailer on Sunday, a development that led to howls of protest from users.
These emails offered supposed software updates from Adobe but actually linked to sites serving up malware.
The offer of the latest version of Adobe Reader X out of the blue and via email is unlikely to have taken in many, since the ruse was neither timely, subtle nor salacious.
Play.com, which issued an apology to users via email on Tuesday morning, has since come forward with an official statement from chief exec John Perkins (below) that seeks to downplay the significance of the admitted breach. In particular the online retailer stresses that the snafu only affected email details, and not credit card details or other sensitive information.
Continued : http://www.theregister.co.uk/2011/03/22/play_blames_marketing_firm_for_spam_snafu/
Also: Data loss at Play.com
The decline and fall of Slammer?
From Kaspersky Lab Weblog:
Me and Slammer (Helkern) go back a long way...to 25 January 2003 to be precise. It was a baptism of fire for me in my new role as a virus analyst at Kaspersky Lab. It was a weekend and I was alone, in charge of monitoring the incoming flow of suspicious files. I had barely been at the company a month.
On that day the Internet suffered one of the biggest virus epidemics in its history - within the space of just fifteen minutes a worm using a vulnerability in MS SQL Server infected hundreds of thousands of computers worldwide and knocked out the Internet in South Korea for a few hours.
Those 376 bytes were the implementation of a so-called 'bodyless' virus, which does not write itself to the system but only stays in the operational memory.
That was more than 8 years ago, but Slammer is still hanging around and is constantly among the leaders in our network attack ratings. Millions and billions of malicious packets are sent out each day searching for victims and generating a considerable amount of junk traffic.
Then something strange happened on 9 March 2011. Our automated threat analysis system, Kaspersky Security Network, recorded a significant drop in the number of attacks. We received the data from our IDS (Intrusion Detection System) module which monitors network attacks. The system also determines the source of an attack.
Continued : http://www.securelist.com/en/blog/424/The_decline_and_fall_of_Slammer
Researcher Overcomes Setback Over 'Cloud Cracking Suite'
"Apparent mis-translation by a German newspaper of English-speaking reports on researcher's Amazon EC2-based password-cracking tool led to raid, frozen bank account"
German researcher Thomas Roth got a phone call with some unsettling news the evening before he was to release a new hacking tool in his presentation at Black Hat DC: he had been served with an injunction for allegedly breaking anti-hacker laws in his country and law enforcement would be raiding his apartment back in Germany.
Roth, who had planned to release at the January conference his new open-source tool that uses Amazon's GPU processing services to crack SHA1-based passwords at high speeds, found himself in a legal quagmire that started with a German publication's mis-translation of English-speaking news reports on his research. The German newspaper incorrectly reported that Roth had said he would be turning a profit as a sort of hacker-for-hire. That led to a German telecommunications firm taking legal action against the researcher: "They misunderstood that I was getting money for doing this ... and illegally breaking into networks," says Roth, a researcher and consultant for Lanworks AG.
His bank account was frozen as a result, and Roth spent the past couple of months in a legal battle trying to clear his name and calling out the German newspaper article for its inaccurate translation of his research and the intent of his tool, which he describes as a quick way to brute-force hack weak, easily guessed passwords. ...
Continued @ Dark Reading
Chip and PIN compatibility leads to insecurity
Over the last few years, banks have been rolling out their new, chip-based payment cards which follow the EMV (Eurocard, Mastercard and Visa) standard to improve the security of card-based payment processing.
In theory, the intelligence of a semiconductor chip should be able to defeat many of the card skimming attacks that were possible with the classic magnetic stripe technology of the older chip-less cards.
A brief look at the back side of the new cards reveals, however, that the magnetic stripe is still present. Apparently it is still necessary to maintain backwards-compatibility with card reader devices that don't support the new technology yet.
In 2006, Cambridge researchers showed that the PIN may be grabbed in clear text by an interception device that eavesdrops the communication between a Point Of Sale (POS) terminal and the chip.
Continued : http://nakedsecurity.sophos.com/2011/03/22/chip-and-pin-compatibility-leads-to-insecurity/
Has Complexity Become Security's Chief Nemesis?
"Study says proliferation of vendors, lack of user awareness are top challenges for security pros"
The sheer complexity of managing the enterprise security environment has become one of the chief obstacles to building a secure environment, according to a study published last week.
An overabundance of vendors and regulatory requirements -- as well as the continuing problem of end user ignorance -- are combining to prevent many large enterprises from building an effective security defense, according to Understanding Security Complexity in 21st Century IT Environments, a new study published by the Ponemon Institute and Check Point Software Technologies Ltd.
According to the survey of over 2,400 IT security administrators around the world, managing complex security environments is the most significant challenge facing organizations today, with over 55 percent of companies using more than seven different vendors to secure their networks.
"A lot of companies would like to consolidate vendors, but it's easier to get budget if you present a problem and then purchase a single product to solve it," notes Larry Ponemon, founder and CEO of the research firm. "Ironically, consolidation is harder to cost-justify than point solutions, because there is a cost associated with consolidation projects. But having so many vendors can be an administrative nightmare on the back end."
Continued : http://www.darkreading.com/security/security-management/229400023/has-complexity-become-security-s-chief-nemesis.html
Ransomeware faking Microsoft to blackmail users
From the Bkis Global Task Force Blog:
Not long ago, my colleague (Nguyen Hong Quang) wrote an entry about a cyber fraud by Russian hackers . Reading that entry, I supposed hackers would continue to expand this fraud in the coming time. As I expected, recently our HoneyPot has collected numerous virus samples used for such sort scams, but with a completely new scenario and on a much larger scale.
If previously, such malwares fake porn videos, this time, they forge the installer and updater of established software like Adobe Flash player, Firefox. Credulously running the "software", you will notice a warning "Windows license locked" upon your next startup. However, this warning is actually a fake notice created by the malwares. This window emerges right after you log onto the system, and it is set at full screen mode, which debars you from closing or switching to other windows, including Windows' task manager. Your computer then no longer can be used. [Screenshot: Warning windows set at Top mode, unable to close]
Still threatening words in the window: "Windows license locked? system reinstallation may lead to the loss of personal data", but this menace is unreal. Such warning, if previously is merely in Russian, this time it appears in various languages, showing hackers' increasing "ambition".
After "threatening" words is the instruction how to escape the trouble, in return for money. This time, the prank fakes Microsoft's Windows Activation by phone: [Screenshot]
In this window, hacker provides quite detailed instructions from how to make a call from home phone, from mobile phone to how to enter the code correctly with a view to fool users more easily.
Curious about this system, I turn myself a prey, making a call. After a while trying all the numbers provided, finally, I managed to connect to a number with Danish country code. I heard a female voice from the switchboard:
Continued : http://blog.bkis.com/en/ransomeware-faking-microsoft-to-blackmail-users/
ISPs urged to block filesharing sites
"Music and film groups in talks with broadband providers over code that would bar access to sites such as The Pirate Bay"
Rights holders from across the music and film industries have identified about 100 websites - including The Pirate Bay and "cyberlocker" sites - that they want internet service providers such as BT to block under new measures to tackle illegal filesharing.
Under a voluntary code that is under discussion, content owners would pass evidence of illegal filesharing sites to ISPs, which would then take action against those sites.
However, the proposals are fraught with complications. ISPs are understood to be open to the idea of cutting off access to some infringing sites, but argue that an impartial judge should decide which get blocked. It is also unclear whether content owners or ISPs would be liable to pay compensation to a site that argues that it has been unfairly censored.
The communications minister, Ed Vaizey, is leading a series of talks with rights holders and ISPs, including BT and TalkTalk, aimed at developing voluntary code on internet policy, including site blocking.
Continued : http://www.guardian.co.uk/technology/2011/mar/22/isps-urged-to-block-filesharing-sites
100 Domains On Movie and Music Industry Website Blocking Wishlist
UK ISPs in talks to block The Pirate Bay and other filesharing sites
Council loses USB stick used to store security codes
Leicester City Council has become the latest organisation to tell to the Information Commissioner's Office (ICO) that it has lost a USB stick containing sensitive personal data.
The drive appears to have contained not only the personal records of 4,000 elderly and vulnerable people in the city but, worse still, the codes to 2,000 small safe boxes on the outside of social housing used to store building keys.
In the light of the immediate security risk, the council is now in the process of changing the codes to counter the possibility that these might fall into the wrong hands.
Exactly what has happened to the drive remains a mystery. The drive reportedly never left the council offices and staff are said to be still hunting for it. Normally used as a backup drive and stored in a safe after use each night, the drive was last seen on Friday 4 March and reported as missing the following Tuesday.
A key issue will be whether the data on the drive was encrypted. A statement by a council spokesperson implied that it had been but this has yet to be confirmed.
Continued : http://www.csoonline.com/article/677785/council-loses-usb-stick-used-to-store-security-codes
Student used spyware to steal passwords, change grades
A former high school senior from Orange County, California, has pleaded guilty to charges that he installed spyware on school computers in order to boost his grades.
Omar Kahan, of Coto de Caza, California, was one of two Tesoro High School students arrested three years ago in connection with the incident. The other student, Tanvir Singh, pleaded guilty in September 2008. Khan's guilty plea came as his trial was finally set to start this week.
Prosecutors say that in his senior year of high school, Khan developed a habit of breaking into school offices to steal tests and mess with the school's computers. He "installed spyware devices on the computers of several teachers and school administrators throughout his senior year," the office of the Orange County District Attorney said in a news release.
These passwords gave him access to the tests and the ability to boost his grades. Khan changed his Spanish, calculus and English grades from C's and D's to A's and a B+ and altered the grades of 12 other students, prosecutors said.
Continued : http://www.computerworld.com/s/article/9214898/Student_used_spyware_to_steal_passwords_change_grades
Sensitive data easily swiped from eBayed mobiles
Second-hand mobile phones sold on by their owners often contain extensive personal and sensitive data that leave sellers open to identity theft and other privacy risks.
Pre-owned mobile phones and SIM cards purchased on eBay or from shops were checked using readily available equipment to see what personal information was left on the handsets. Around half the handsets and chips examined by ethical hacker Jason Hart still held sensitive information.
Hart was able to recover all sorts of interesting nuggets using a mobile phone SIM Reader (something that can be bought from most electric stores), SIM recovery software and forensic examination software.
A total of 247 pieces of data were recovered from a total 19 of the 35 mobile phones and 27 of the 50 SIM cards. Data left on these handsets and communication devices included many photos (including pornographic images), bank details, login details for social networking sites and PIN numbers as well as private texts and emails.
Continued : http://www.theregister.co.uk/2011/03/22/sensitive_data_ebayed_mobiles/
Firefox 4 finally finished and freed
The developers at Mozilla have released the final version of Firefox 4 after over eight months in beta. The new version boasts a streamlined user interface and support for various HTML5 features. Other new features include Panorama, a new way to manage multiple tabs; app tabs, smaller persistent tabs for frequently used web applications; Sync, a web-based bookmarks (and more) synchronisation service; and, an integrated web developer console.
For more about Firefox 4, see our feature article "What's new in Firefox 4". Firefox 4 is available to download in over 80 languages and for Windows, Mac OS X and Linux.
The Rustock Takedown and Global Spam Volumes
Last week there was widespread media coverage of a successful effort by Microsoft and US Marshals to take down the command and control capabilities of the Rustock botnet. At the time some sources announced a significant drop in spam volumes related to that event. Although X-Force noticed a 35% drop in spam volume on March 16th, spam volumes can fluctuate within a large range on a day to day basis and so this reduction in the volume did not initially appear to be outside of the normal amount of fluctuation that occurs.
Now that several days have passed, this drop seems more significant, as the spam volume has stayed down between 35 and 40% versus its previous average volumes for several consecutive days. It appears that the Rustock takedown likely had a sustained impact on the total volume of spam. It is worth noting, however, that this reduction is only about half as big as the drop that occurred over Christmas, when spammers appeared to have gone on holiday. [Screenshot]
Continued : http://blogs.iss.net/archive/RustockSpam.html
Survey: Millions risk ID theft via social networks
Nearly 13 million American adults who use social networks are more than willing to accept friend requests from strangers of the opposite gender, a new survey from Harris Interactive has found.
According to Harris Interactive, 18 percent of men will accept a woman's friend request, even if they do not know the person. About 7 percent of women will accept an unknown man's friend request. A total of 5 percent of U.S. adults will accept every friend request they receive.
Only 50 percent trust that their connections will keep their information private. Yet more than 24 million Americans leave their personal information "mostly public" on social networks.
The results are based on a survey last month of 1,011 Americans 18 and over, including 387 who are on social networks. ID Analytics, a consumer risk-management firm, commissioned the survey, which was released today.
Leaving personal information public and allowing practically anyone to view your profile is a dangerous prospect, Harris Interactive observed. The company said that the basic information found in a social profile can help "build the dossiers [that criminals] need to beat challenge questions and other security measures on financial accounts." It's a sentiment with which ID Analytics agrees.
Continued : http://news.cnet.com/8301-13506_3-20045787-17.html
Splinter Group Says Document Outs Anonymous Members
The veil surrounding the group Anonymous may be falling, now that a group claiming to have defected from the ranks of the online mischief making group has begun publishing what it claims are the identities of the hacker collective's leadership and their roles in recent high profile hacks, including the theft of e-mail from security firm HBGary Federal.
Late Monday, the group, dubbed Backtrace Security, published a PDF that claimed to identify- or partially identify close to 80 members of Anonymous's leadership by name, and provide mailing addresses, e-mail and social networking accounts for many of those members. The release of the document on the Website, Anonymousdown is the latest in a string of efforts in recent days to poke holes in the wall of anonymity that shields the group's members.
According to the published list, Anonymous's top ranks are made up of some eighty individuals scattered mostly across the U.S., Canada and Western Europe, and as far away as Australia and New Zealand. Some of the identities floated in the list have appeared in print before in connection with the group. For example, the record for 'Kayla,' an Anonymous member who claims to be a teenage girl identifies the user of that 'nick,' or IRC ID, as a New Jersey based hacker Corey Barnhill. That name turned up in a recent Forbes.com profile, as well.
Continued : https://threatpost.com/en_us/blogs/splinter-group-says-document-outs-anonymous-members-032211
Malicious app found in Android Market
To infect a mobile device, the Rootcager/DroidDream Trojan used two known exploits: exploid and rageagainstthecage. If the first one failed to root the device, the malware would attempt to use the second one.
According to researchers from Lookout, another malicious application that uses the exploid exploit has turned up masked as a legitimate calling plan management application on unofficial Chinese app markets.
What's more, a version of the app has also been spotted on the Android Market. But, while the first one contains a binary called zHash that attempts to root a device using the aforementioned exploit, the one found on the official market has the same binary but lacks the code required to invoke the exploit.
Continued : http://www.net-security.org/malware_news.php?id=1672
Rogue AV shows up in Easter Card searches
From the Sunbelt Blog:
Looks like they're starting early with these scams, seeing as Easter isn't until April 24th.
Patrick Jordan came across some dubious links while digging around for printable Easter Cards on .pl domains. These redirect links are lurking at the top of search results, and there seem to be quite a few URLs involved. [Screenshot] [Screenshot]
In the above examples, end-users would hit one of the "it's a trap" landing pages, then be redirected to sites pushing the System Defender rogue. [Screenshot]
"1. Site/url changes almost every 24 to 48 hours.
2. Can make only one run as it then rotates to ad site for 24 hours unless you change your IP.
3. Also, for the last two site/urls they are in the #1 position in the Google results"
If you accidentally hit one of these scam sites, don't panic and DON'T open up any executable files presented in the middle of an entirely fake system scan. Just close the prompt, leave the site (shut down your browser with CTRL+ALT+DEL if you have to) and walk away - whistling optional.
"Help us escape Japan" scam mail
From the Sunbelt Blog:
Here's a freshly minted scam mail doing the rounds - this time, claiming to be a victim trying to escape Japan and needing a cool $1,600 to do it.
Subject: Please Help Life, From Jamaine Lecott
Hello Dear Friend
My Name is Jamaine Lecott
i am in hurry writing you this message and i hope you get it on time, there was very hard quake here in my country northeastern coast in japan. It has been a very sad and bad moment for me and my family here, the present condition that we found myself is very hard for me to explain.i want us to be out of the country immediately i am asking for help of ($1,600 ) only to raise our ticket charge and some other expenses to leave here I will appreciate whatever you can afford to assist me and my family so that we can have food and eat to be out of the country i will be very happy for that , we lost every thing we have Please send the money via Western Union money transfer channel because that is the only way we could be able to get the money fast and leave. which country are you transferring the money from please help us with thanks GOD will help you also and bless you...
ADDRESS.NO A14 Tokyo. northeastern coast japan
My Honest Regard,
Needless to say, you should not get involved in this.