Spyware, Viruses, & Security forum


NEWS - March 23, 2012

by Carol~ Forum moderator / March 22, 2012 9:04 PM PDT
FCC publishes voluntary code of ISP conduct to combat botnets

The Federal Communication Commission, working with communications companies including Verizon, Cox, and Comcast, passed a voluntary code on Thursday that spells out the steps participating ISPs must take to combat botnets. Those same companies, along with CenturyLink, AT&T, Sprint, and Time Warner Cable, have already committed to follow the code, comprising a customer base that accounts for at least half of all US-based Internet subscribers.

ISPs agreeing to abide by the code must "take meaningful action" in each of the following areas: education, detection, notification, remediation, and collaboration. Detection, for example, would require the provider to "identify botnet activity in the ISP's network, obtain information on botnet activity in the ISP's network, or enable end-users to self-determine potential bot infections on their end-user devices." Those who follow the code are added to a kind of "safe list" maintained by the FCC.

Continued: http://arstechnica.com/business/news/2012/03/fcc-publishes-voluntary-code-of-isp-conduct-to-combat-botnets.ars

Plan to reduce botnets launched
US ISPs Commit to New Cybersecurity Measures
ISPs Signal Support For Anti-Bot Code Of Conduct
Discussion is locked
You are posting a reply to: NEWS - March 23, 2012
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - March 23, 2012
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Pentagon remains vulnerable to cyber-attacks
by Carol~ Forum moderator / March 22, 2012 9:17 PM PDT
In reply to: NEWS - March 23, 2012

A senior defense official has acknowledged that the US Department of Defense (DoD) is "capability-limited" within the cyber realm.

??Indeed, DARPA Acting Director Kaigham "Ken" J. Gabriel told the Senate Armed Services subcommittee on emerging threats and capabilities that attackers are currently capable of infiltrating DoD networks - putting defense supply chain and physical systems at risk.

"Our approach to cybersecurity is dominated by a strategy that layers security onto a uniform architecture. This approach is not convergent with a growing and evolving threat. That's the defensive picture," Gabriel explained.

"[In terms of] cyber offense, modern warfare demands the effective use of cyber and kinetic means... [Meaning], the tasks required for military purposes are sufficiently different that we cannot simply scale intelligence-based cyber capabilities and adequately serve the needs of DoD."??

According to Gabriel, while DARPA-developed technologies are widely deployed in the military, intelligence and commercial realm, much remains to be done in terms of ensuring security in a world of evolving threats.

Continued : http://www.tgdaily.com/security-features/62262-pentagon-remains-vulnerable-to-cyber-attacks

Also: DARPA: The Pentagon's Cyber Capabilities Are Limited

Collapse -
Mobile Malware: Beware Drive-by Downloads on Your Smartphone
by Carol~ Forum moderator / March 22, 2012 9:17 PM PDT
In reply to: NEWS - March 23, 2012

While Jeff Schmidt, the CEO of JAS Global Advisors, was surfing the Web on his new Android smartphone (his first Android phone) earlier this year, what appeared to be an ad popped up on his screen. The "ad" looked like the prompt that appears when his phone rings. He clicked the button on the ad to pick up the putative call, and the ad began downloading a binary file--malware--onto his Android phone. Schmidt had been hit by a drive-by download, a program that automatically installs malicious software on end-users' computers--and increasingly, smartphones--without them knowing.

"I'm a pretty paranoid and sophisticated user," says Schmidt, whose firm provides information security and risk management services. "I didn't think I'd be vulnerable to this sort of thing, but because I wasn't familiar with the user interface, I clicked on the ad. It really surprised me."

Fortunately, Schmidt halted the download when he realized what was going on and caught it before anything bad happened to his phone. He's not sure what the malware would have installed on his phone, but he suspects it could have been some kind of spyware, such as a keystroke logger, or some other application that would turn his computer into a spam-mailing bot or otherwise compromise his security and privacy.

Continued: http://www.pcworld.com/businesscenter/article/252403/mobile_malware_beware_driveby_downloads_on_your_smartphone.html

Collapse -
Corrupt call center workers selling private info for pennies
by Carol~ Forum moderator / March 22, 2012 9:17 PM PDT
In reply to: NEWS - March 23, 2012

"Corrupt call center workers selling your private information for pennies"

According to the Daily Mail an undercover investigation in India has uncovered that some call center workers have been selling confidential information on nearly 500,000 Britons.

Undercover reporters from The Sunday Times met with two individuals who claimed to be IT workers who offered to provide them with 45 different types of data gathered from the victims.

Information offered up included names, addresses, phone numbers and credit card details (including CCV/CVV codes and expiration dates).

The reporters allege they could purchase the records for as little as 2 pence apiece ($0.03 USD). One of the IT workersthieves bragged:

"These [pieces of data] are ones that have been sold to somebody already. This is Barclays, this is Halifax, this is Lloyds TSB. We've been dealing so long we can tell the bank by just the card number."

They claimed to information on mortgages, loans, insurance policies, mobile phone contracts and television subscriptions. Much of the information was "fresh", or less than 72 hours old.

Continued : http://nakedsecurity.sophos.com/2012/03/22/corrupt-call-center-workers-selling-your-private-information-for-pennies/

Collapse -
In Australia, secure your Wi-Fi or face a visit from police
by Carol~ Forum moderator / March 22, 2012 11:47 PM PDT
In reply to: NEWS - March 23, 2012

"Police in one Australian state have undertaken a campaign to get people to password-protect their Wi-Fi routers"

If you live in the Australian state of Queensland and have an insecure Wi-Fi router, you may get a visit from the police.

In a bid to raise awareness about cybercrime, police in the northeastern state plan to "wardrive," or cruise the streets, scanning for Wi-Fi routers that are not password protected or use an aging, weak security protocol.

Australian consumers and businesses don't need to worry about a fine: Police just plan distributing information on how they can better secure their routers in their mailboxes.

Wardriving is a term that has been applied to hackers who drive around neighborhoods looking for open Wi-Fi connections. The dangers are well known: a router that is not password protected means traffic exchanged with the router is sent in the clear, which could easily be spied on.

Miscreants could also hop on the insecure network to send spam or conduct other illegal activity online, with the Wi-Fi router's owner on the hook for the activity.

Continued : http://www.itworld.com/security/261356/australia-secure-your-wi-fi-or-face-visit-police

Also: War Driving Project: Australian Police to Secure Wi-Fi Connections

Collapse -
Lawmakers ask app makers for privacy information
by Carol~ Forum moderator / March 22, 2012 11:47 PM PDT
In reply to: NEWS - March 23, 2012

Lawmakers sent letters on Thursday requesting information from more than 30 popular iPhone applications developers as part of an inquiry into how software companies collect private consumer data.

Recipients of the letter, including Twitter, Facebook, Foursquare and Path, were asked to provide information about the user data that is collected when consumers download their apps -- and how that data is used.

The letter came after several popular apps, including Path, the social networking tool, were found accessing and uploading address book data from users' iPhones without permission, sparking a massive online controversy last month.

Representatives Henry Waxman and G.K. Butterfield, two Democrats on the House Energy and Commerce Committee, sent the letter to 33 developers that had apps listed under the "iPhone Essential" area, a digital storefront curated by Apple in its App Store. The app makers have until April 12 to respond.

Apple, which was included as a recipient to the most recent letter, has also been tarnished by the scrutiny cast on its app makers; the iPhone and iPad maker has long said it subjects its app developers to a strict review before allowing new products into the App Store.

Continued : http://www.reuters.com/article/2012/03/22/us-privacy-apps-idUSBRE82L18S20120322

Also: US lawmakers demand Apple iPhone app data from Twitter and Facebook

Collapse -
Are you having a (Mac) Flashback?
by Carol~ Forum moderator / March 23, 2012 4:36 AM PDT
In reply to: NEWS - March 23, 2012

From the F-Secure Antivirus Research Weblog:

On Monday, I provided steps on how to avoid your Mac being compromised by the Flashback trojan. Today I will provide information on how to locate a Flashback infection.

To better understand the steps below, it is better to also know a bit about Flashback. It's an OS X malware family that modifies the content displayed by web browsers. To achieve this, it interposes functions used by the Mac's browsers. The hijacked functions vary between variants but generally include CFReadStreamRead and CFWriteStreamWrite: [Screenshot]

The webpages that are targeted and changes made are determined based on configurations retrieved from a remote server. The following is an example of configuration data: [Screenshot]

When decoded, you can see the targeted webpage (in red) and the injected contents (in yellow): [Screenshot]

This ability more or less makes it some sort of a backdoor. Because of this, and the fact that the malware initially relied on tricking users by pretending to be a Flash Player installer, it was dubbed Flashback. It has however evolved since then and has started incorporating exploits to spread in recent variants. In all the cases that I've seen, they at least target Google which causes me to believe that it is actually the next evolution of Mac QHost.

Continued : http://www.f-secure.com/weblog/archives/00002336.html

Collapse -
Flash-Based Fake Antivirus Software: Windows Risk Minimizer
by Carol~ Forum moderator / March 23, 2012 4:36 AM PDT
In reply to: NEWS - March 23, 2012

From the Symantec Security Response Blog:

Fake antivirus software or "scareware" is nothing new, but these applications continue to get more sophisticated. We recently discovered a relatively new fake antivirus application called Windows Risk Minimizer.

The fake antivirus software was promoted through spam sent from a popular webmail service. This is slightly unusual as normally fake antivirus infections arrive through drive-by exploits. Spam messages promoting the fake antivirus software contained links to compromised domains, which then redirected users to the fake antivirus site. We witnessed over 300 compromised domains being used in just a few hours.

When opening the fake antivirus site, the user is greeted with a JavaScript alert message, whereby the fake antivirus (referred to here as "Windows Secure Kit 2012") claims that your machine is infected. [Screenshot]

When OK is clicked, a fake scan is carried out. [Screenshot]

The page uses Flash making it look more convincing with realistic icons, progress bars, and dialog boxes. Unsurprisingly, the fake antivirus detects plenty of viruses. Decompressing the Flash file and analyzing it shows a huge list of files contained within it. The Flash movie then simply picks some of these at random and claims they are infected (with equally random virus names).

Continued : http://www.symantec.com/connect/blogs/flash-based-fake-antivirus-software-windows-risk-minimizer

Collapse -
Facebook Condemns Practice Of Employers Demanding Passwords
by Carol~ Forum moderator / March 23, 2012 4:37 AM PDT
In reply to: NEWS - March 23, 2012

In response to the controversy surrounding the practice of employers requesting Facebook log-in information from both current and prospective employees, the social network has made itself perfectly clear: Facebook will protect your privacy -- even if it means going to court.

In a March 23 note on the social network's Facebook and Privacy page, Chief Privacy Officer for Policy Erin Egan addressed the issue directly, explaining that the practice "undermines the privacy expecatations and the security of both the user and the user's friends. It also potentially exposes the employer who seeks this access to unanticipated legal liability."

The "legal liability" of which Egan speaks could arise from claims of discrimination against an employer who may have seen that a prospective employee is part of a specific "protected group (e.g. over a certain age, etc.)" and consequently does not hire them, or if an employer is exposed to certain information (e.g. suggesting that a crime has been committed) and is unaware of how to proceed.

Continued : http://www.huffingtonpost.com/2012/03/23/facebook-employer-employee-passwords_n_1375020.html

Related: Job seekers getting asked for Facebook passwords

Also: Facebook Warns Employers Not to Ask Job Applicants for Log-in Credentials

Collapse -
Facebook Warns Users About Timeline Adware
by Carol~ Forum moderator / March 23, 2012 4:37 AM PDT
In reply to: NEWS - March 23, 2012

Facebook issued a video warning to its hundreds of millions of users on Thursday about the dangers of adware programs that lure users with promises of special features.

In a video message from the Facebook Security group, the company said that a growing number of companies are fooling Facebook users into installing add-on software that can cover their Facebook account with adds, result in slower site performance and compromise user security.

The warnings come as online advertisers are looking for ways to capitalize on the Facebook platform and the hours each day that avid users can spend on the giant social network.

In a phenomenon that seems a throwback to the go-go days of the Web, Facebook users are now complaining to the company about their page and Timeline being overrun with noisy, distracting ads that also bog down site performance.

The adware programs may be promoted on the Walls and timelines of Facebook users, but are not part of the site. Instead, most are bundled with browser plugins and toolbars that must be installed on the user's Web browser.

Continued : http://threatpost.com/en_us/blogs/facebook-warns-users-about-timeline-adware-032312

Collapse -
Address spoofing vulnerability discovered in Mobile Safari
by Carol~ Forum moderator / March 23, 2012 8:17 AM PDT
In reply to: NEWS - March 23, 2012
.. on iOS 5.1

A security researcher has discovered that it's possible to show the URL of one site while loading another in Mobile Safari, which could trick users into visiting a malicious website. The vulnerability has been reported to Apple, but until the company issues a patch for iOS, users should be extra cautious when clicking unknown links.

According to David Vieira-Kurz from infosec firm MajorSecurity, Mobile Safari under iOS 5.0, 5.0.1, and the current 5.1 has a vulnerability in the way it handles JavaScript's window.open() function.

"This can be exploited to potentially trick users into supplying sensitive information to a malicious web site," Vieira-Kurz explained, "because information displayed in the address bar can be constructed in a certain way, which may lead users to believe that they're visiting another web site than the displayed web site."

Vieira-Kurz developed a proof of concept that causes a new window or tab to open when clicking a specially crafted link. That new window looks as though it is loading Apple's website at apple.com, but it actually loads in an iframe within a page on MajorSecurity's website. The proof of concept doesn't do anything malicious, but the same technique could be used to scrape your AppleID, for instance, or possibly even grab credit card info if you buy something from the Apple Store.

Continued : http://arstechnica.com/apple/news/2012/03/address-spoofing-vulnerability-discovered-in-mobile-safari-on-ios-51.ars

Also: iOS JavaScript Bug Can Lead to Spoofed Sites
Popular Forums
Computer Help 51,912 discussions
Computer Newbies 10,498 discussions
Laptops 20,411 discussions
Security 30,882 discussions
TVs & Home Theaters 21,253 discussions
Windows 10 1,672 discussions
Phones 16,494 discussions
Windows 7 7,855 discussions
Networking & Wireless 15,504 discussions


iPhone 8: Everything we know so far

This is all the iPhone 8 reports and rumors in one place. From a 5.8-inch OLED display, reports of wireless charging and even a 3D scanner for facial recognition, it's all here.