Spyware, Viruses, & Security forum

General discussion

NEWS - May 07, 2010

by Carol~ Forum moderator / May 6, 2010 10:06 PM PDT
Consumer groups hammer Facebook privacy violations in federal complaint

"FTC urged to overturn recent Facebook privacy changes"

Facebook users were shocked to learn this week that private chats could have been viewed by their friends because of a security hole that was only recently closed, and also that new Facebook features can secretly add applications to your profile.

But those weren't the only privacy complaints Facebook faced this week. On Wednesday, the Electronic Privacy Information Center filed a 38-page complaint (PDF) against the company with the Federal Trade Commission, demanding that Facebook cancel new features introduced in mid-April that compel users to share more information than before.

"Facebook now discloses personal information to third parties that Facebook users previously did not make available," EPIC said in its complaint. "These changes violate user expectations, diminish user privacy, and contradict Facebook's own representations. These business practices are Unfair and Deceptive Trade Practices."

Continued here: http://www.networkworld.com/news/2010/050610-facebook-privacy-violations.html
Discussion is locked
You are posting a reply to: NEWS - May 07, 2010
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - May 07, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
MS goes small for next week's Patch Tuesday - May 11, 2010
by Carol~ Forum moderator / May 6, 2010 10:07 PM PDT
In reply to: NEWS - May 07, 2010

Microsoft today said it would patch two critical vulnerabilities with two updates to Windows and Office next week.

"It's the predictable off month for Microsoft," said Andrew Storms, the director of security operations with nCircle Security. "That's all within the predictable pattern they've created."

Storms was referring to Microsoft's habit of alternating large- and small-sized updates. In April, the company issued 11 security updates that fixed a total of 25 flaws , including nine tagged as "critical," the highest threat ranking in its four-step scoring system.

In its monthly advance notification , Microsoft spelled out next week's single-digit Patch Tuesday.

The one-patch Windows update is labeled critical for Windows 2000, XP, Vista, Server 2003 and Server 2008, and as "important" for Windows 7 and Server 2008 R2. According to Microsoft, the newest operating systems -- Windows 7 and Server 2008 R2 -- will be patched even though they're not vulnerable.

"Windows 7 and Windows Server 2008 R2 customers will be offered the Windows-related update but they are not vulnerable in their default configurations," said Jerry Bryant, a security program manager, in an entry on the Microsoft Security Response Center (MSRC) blog.

Continued here: http://www.networkworld.com/news/2010/050610-microsoft-goes-small-for-next.html

Collapse -
New Software Turns iPad into iSpy
by Carol~ Forum moderator / May 6, 2010 10:09 PM PDT
In reply to: NEWS - May 07, 2010

A new commercial software program marketed to employers, parents and suspicious spouses lets customers surreptitiously monitor their Apple iPads remotely and view a record of all e-mail and Web use on the devices.

The software-as-a-service is the latest offering from Jacksonville, Fla. based Retina-X Studios, a company whose Mobile Spy products have long allowed people to remotely spy on iPhones, Blackberries and other smartphones. For $99.97 a year, customers get access to a Web interface that allows them to view a list of every Web site visited, every e-mail sent and received, as well as any contacts added to the iPad.

Mobile Spy pitches the product thusly:

Are your kids viewing pornography while you are alseep? [sic] Are your employees sending company secrets through their personal email? You will have the answers to all these questions answered. Logs are instantly uploaded and viewable inside your control panel.

The company said in a press release that it plans to roll out even more capabilities for its iPadspy product, such as the ability to record the target?s location (by tapping the built-in GPS), and rifle through photos and notes stored on the device.

Continued here: http://krebsonsecurity.com/2010/05/new-software-turns-ipad-into-ispy/

From Sophos : Surveillance firm sells Apple iPad spyware

Collapse -
New Facebook Social Features Secretly Add Apps to Your ...
by Carol~ Forum moderator / May 6, 2010 10:11 PM PDT
In reply to: NEWS - May 07, 2010
New Facebook Social Features Secretly Add Apps to Your Profile (Updated)

Editor's Note, 12:15 PM PDT: We have updated this story with a response from Facebook.

When a piece of software is automatically installed on your computer without your knowledge, it's called malware. But what do you call it when Facebook apps are added to your profile without your knowledge? We discovered Wednesday that this is actually happening, and stopping it isn't as easy as checking a box in your privacy settings.

If you visit certain sites while logged in to Facebook, an app for those sites will be quietly added to your Facebook profile. You don't have to have a Facebook window open, you don't need to signed in to these sites for the apps to appear, and there doesn't appear to be an option to opt-out anywhere in Facebook's byzantine privacy settings. [...]

These apps appear to be related to Facebook's sharing tools. The sites currently leaving this trail all have Facebook Connect integration, and the list includes heavyweights such as the Gawker network of blogs, the Washington Post, TechCrunch, CNET, New York Magazine, and formspring.me.

It isn't entirely clear what information these apps are pulling from user profiles or feeding back to Facebook. They don't show up automatically on profile pages, but if you go to an application's profile page, you can see a list of your friends who also have that app installed, essentially getting a unintentional peek at their browsing habits. On the other side there are sites like the Washington Post's, which has a Facebook Network News box showing a list of your friends who have recently shared a Washington Post article on Facebook.

Continued here: http://www.pcworld.com/article/195710/new_facebook_social_features_secretly_add_apps_to_your_profile_updated.html
Collapse -
Facebook has stopped secretly adding apps to users' profiles
by Carol~ Forum moderator / May 7, 2010 4:18 PM PDT

From the Sunbelt Blog:

"A "bug" did it"

PCWorld is reporting that Facebook has stopped quietly adding applications to users profiles (without permission) when they visited certain Web sites. A Facebook spokesman said a bug was responsible for it and the situation has been corrected.

PCWorld wrote: ?If you visit certain sites while logged in to Facebook, an app for those sites will be quietly added to your Facebook profile. You don't have to have a Facebook window open, you don't need to be signed in to these sites for the apps to appear, and there doesn't appear to be an option to opt-out anywhere in Facebook's byzantine privacy settings.

?These apps appear to be related to Facebook's sharing tools. The sites currently leaving this trail all have Facebook Connect integration, and the list includes heavyweights such as the Gawker network of blogs, the Washington Post, TechCrunch, CNET, New York Magazine, and formspring.me.

?It isn't entirely clear what information these apps are pulling from user profiles or feeding back to Facebook.
?

Although Facebook has stopped the practice, apps that have been added remain and Facebook members will need to remove them:

Account (top right corner of Facebook) | Application

Click on the ?X? to the right of the app. (If there are no x?es, you?re good.)

Continued here: http://sunbeltblog.blogspot.com/2010/05/facebook-has-stopped-secretly-adding.html

Collapse -
Skype ? New target of the worm spreading via IM
by Carol~ Forum moderator / May 6, 2010 10:13 PM PDT
In reply to: NEWS - May 07, 2010

From the Bkis Global Task Force Blog:

Only a few days after the emergence of the worm spreading via Yahoo! Messenger (Ymfocard), we have detected a new and more sophisticated wave of attacks targeting both Skype and Yahoo! Messenger. [...]

Still using the method of inserting malicious URLs into chat windows like Ymfocard, however, social engineering skill of the Worm, this time, is much more sophisticated than the previous one.

Each time spreading, the messages sent by the Worm have different contents, for example, ?Does my new hair style look good? bad? perfect??, ?My printer is about to be thrown through a window if this pic won?t come our right. You see anything wrong with it??? The users are more easily tricked into clicking the link by these messages, because users tend to think that ?their friend(s)? are asking for advices. Moreover, the URL shows a .JPG file to users, reinforcing the users? thought of an image file.

Continued here: http://blog.bkis.com/en/skype-new-target-of-the-worm-spreading-via-im/

Collapse -
Malicious .SWF File May Trigger a DoS Attack
by Carol~ Forum moderator / May 6, 2010 10:14 PM PDT
In reply to: NEWS - May 07, 2010

From the TrendLabs Malware Blog:

TrendLabs engineers recently discovered an interesting Shockwave Flash (.SWF) file that displays an image and downloads a worm with code capable of initiating a denial-of-service (DoS) attack.

The file detected as SWF_PALEVO.KK is hosted on a malicious site and runs whenever users access the site. Once loaded, it displays a screenshot of a YouTube video. The said image, however, is embedded with a malicious link (and is of course not a real YouTube video). [...]

Clicking the image leads users to a malicious site (http://www.{BLOCKED}com.com/{BLOCKED}layer10.0.45.2.exe) to download a file detected by Trend Micro as WORM_PALEVO.KK. Upon execution, the worm displays a fake dialog box purporting to be an Adobe Flash Player installation with instructions in French. Clicking any of the given choices leads to the execution of the malware on the affected system. [...]

Continued here: http://blog.trendmicro.com/malicious-swf-file-may-trigger-a-dos-attack/

Collapse -
phpnuke.org has been compromised
by Carol~ Forum moderator / May 7, 2010 3:42 AM PDT
In reply to: NEWS - May 07, 2010

From Websense Security Labs:

PHP-Nuke is a popular Web content management system (CMS), based on PHP and a database such as MySQL, PostgreSQL, Sybase, or Adabas. Earlier versions were open source and free software protected by GNU Public License, but since then it has become commercial software. As it is still very popular in the Internet community, it is not surprising that it has become a target of blackhat attacks. [...]

The injected iframe hijacks the browser to a malicious site, where through several steps of iframe redirections the user finally ends up on a highly obfuscated malicious page. [...]

After de-obfuscating the code, we can see three different exploits, two of them targeting Internet Explorer and the third one targeting Adobe Reader.

The first exploit targets a vulnerability in MDAC (CVE-2006-0003), described in Microsoft Security Bulletin MS06-014. If it succeeds, a malicious application is downloaded and stored in "%temp%\updates.exe". After this the downloaded trojan is executed, at which point it installs itself on the computer and attempts to access several Web sites. [...]

Continued here: http://community.websense.com/blogs/securitylabs/archive/2010/05/07/phpnuke-org-has-been-compromised.aspx

Collapse -
Spot the imposter: pretending to be the original
by Carol~ Forum moderator / May 7, 2010 3:48 AM PDT
In reply to: NEWS - May 07, 2010

From Kaspersky Lab Weblog:

Some months ago I wrote a blog post called ?The evolution of rogue antivirus? which mentioned a new trend in the graphical user interfaces of Fake Anti-viruses. Our predictions were correct, as today my colleague Fabio Assolini found a Web site with an interface very similar to Kaspersky Anti-Virus. See for yourself: [...]

This isn?t the first time we?ve found this kind of fake imitation of our solutions. The interesting part is that during our research we found fake versions of other Anti-Virus solutions on the same malicious host. Can you spot the difference? [...]

These are just some of the examples. Since some Internet users know what the most popular Anti-Virus solutions look like they can be confused and pay for a Rogue AV solution. This is the main goal of the criminals; to confuse as many people they can, and to get as much money as possible.

Continued here: http://www.securelist.com/en/blog/2136/Spot_the_imposter_pretending_to_be_the_original

Collapse -
F.C.C. Proposes Rules on Internet Access
by Carol~ Forum moderator / May 7, 2010 4:49 AM PDT
In reply to: NEWS - May 07, 2010

The chairman of the Federal Communications Commission outlined a plan on Thursday that would allow the agency to control the transmission component of high-speed Internet, but not rates or content.

In announcing the F.C.C. decision, Julius Genachowski, the commission?s chairman, said the agency would begin a process to reclassify broadband transmission service as a telecommunications service, subjecting the Internet to some of the same oversight as telephone services.

But, he said, the commission would also exempt broadband service from many of the rules affecting telephone service, seeking mainly to guarantee that Internet service providers could not discriminate against certain applications, Internet sites or users.

The approach would specifically forbid the commission from regulating rates charged by telephone and cable companies for Internet service and would not allow the commission to regulate Internet content, services, applications or electronic commerce sites.

The approach, Mr. Genachowski said, maintains the ?status quo? and is intended to be ?consistent with the longstanding consensus regarding the limited but essential role that the government should play with respect to broadband communications.?

Continued here: http://www.nytimes.com/2010/05/07/technology/07broadband.html

Also : US regulators maps 'third way' for net access for all

Collapse -
iPad global launch date confirmed by Apple
by Carol~ Forum moderator / May 7, 2010 4:49 AM PDT
In reply to: NEWS - May 07, 2010

"Apple has announced that its iPad tablet computer will go on sale in nine countries outside the US on 28 May."

The new markets are Australia, Canada, France, Germany, Italy, Japan, Spain, Switzerland and the UK.

The cheapest model will retail at

Collapse -
Stock market "wipe out" may be due to computer error
by Carol~ Forum moderator / May 7, 2010 4:49 AM PDT
In reply to: NEWS - May 07, 2010

A number of stocks lost about all their market value yesterday in the span of 5 minutes, leading to the fastest ever drop in the Dow Jones index. Luckily, most of the value was recovered, but the index overall was still substantially lower. It is not clear yet what exactly happened, but computer issues are cites as a possible reason. One report suggested a data entry error (entering "B" for "Billion" instead of "M" for "Million"). But several stocks where affected. These company's stocks went from as high s $59 to a couple of cents in a few minutes.

Again, the investigation is just starting. But this overall reminded me of a scenario we put forward a few years back. John Bambenek published a nice diary [1] in September of 2005 estimating that $24 Billion worth of assets are under the control of bot herders at the time in the form of brokerage accounts owned by infected users. This number is of course just a guess, but it does support the scenario of a bot control "Market DoS". The scenario we put forward back then was that a botnet could cause economic mayhem if such a sell-off would be timed right to coincide with real world events that would cause "market jitters". Right now, the economic crisis in Greece and the oil spill in the gulf of Mexico can be seen as such events.

Continued here: http://isc.sans.org/diary.html?storyid=8761

Collapse -
New attack bypasses virtually all AV protection
by Carol~ Forum moderator / May 7, 2010 5:11 AM PDT
In reply to: NEWS - May 07, 2010

"Bait, switch, exploit!"

Researchers say they've devised a way to bypass protections built in to dozens of the most popular desktop anti-virus products, including those offered by McAfee, Trend Micro, AVG, and BitDefender.

The method, developed by software security researchers at matousec.com, works by exploiting the driver hooks the anti-virus programs bury deep inside the Windows operating system. In essence, it works by sending them a sample of benign code that passes their security checks and then, before it's executed, swaps it out with a malicious payload.

The exploit has to be timed just right so the benign code isn't switched too soon or too late. But for systems running on multicore processors, matousec's "argument-switch" attack is fairly reliable because one thread is often unable to keep track of other simultaneously running threads. As a result, the vast majority of malware protection offered for Windows PCs can be tricked into allowing malicious code that under normal conditions would be blocked.

All that's required is that the AV software use SSDT, or System Service Descriptor Table, hooks to modify parts of the OS kernel.

Continued here: http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/

Matousec's Publication: http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php

Collapse -
Flawed IPS update cripples Astaro firewall
by Carol~ Forum moderator / May 7, 2010 6:32 AM PDT
In reply to: NEWS - May 07, 2010

In the early hours this morning (Friday), a flawed signature update for the firewalls of Astaro's intrusion prevention system (IPS) caused massive problems on users' systems. Readers reported that the Astaro gateway assigns new IP addresses to the system (itself and clients) and is no longer readily accessible via the network. This also causes disruption to users' internet connections.

Astaro recommend disabling the intrusion detection system as a temporary workaround. Astaro has released instructions detailing how to return affected systems to normal service. The vendor's server now offers a corrected IPS signature file. Astaro founder Gert Hansen has apologised for the incident and announced plans for an investigation into how the flawed signature update managed to slip through quality control.

In addition to the flawed IPS signature update, Astaro say that they also deployed a flawed signature update for the anti-virus scanner. This caused web proxies and email filters to malfunction if the "Dual Anti Virus Scanning" option was enabled. The vendor has since deployed a corrected signature update.

Continued here: http://www.h-online.com/security/news/item/Flawed-IPS-update-cripples-Astaro-firewall-996072.html

Collapse -
'More followers' spam hits Twitter accounts
by Carol~ Forum moderator / May 7, 2010 6:32 AM PDT
In reply to: NEWS - May 07, 2010

From Graham Cluley's Blog:

Thousands of Twitter users are finding that their accounts have been compromised, and are posting messages advertising a website which claims to help users attract more followers.

A typical message reads:

CHECK out this site, im a member of it, It gets you more followers: http://tinyurl.com/[removed] [...]

Clicking on one of these links takes you to the Twtfaster website, which asks you to enter your Twitter username and password. [...]

Of course, regular readers of the Clu-blog know that it's never a good idea to hand over your login credentials to a third party, and that's the case with this site too. Curiously, when I entered bogus information on the above screen it didn't display an error message - suggesting that it might be created simply to scoop up users' login details. Hmm.. that smells worryingly like a phishing attack to me.

Further investigation finds some small print on the Twtfaster website that suggests that they plan to use your account to advertise their service - but I wonder how many people would read that before eagerly signing up for more followers?

Continued here: http://www.sophos.com/blogs/gc/g/2010/05/07/more-followers-spam-hits-twitter-accounts/

Collapse -
BlackHat SEO Abuse Of UK General Election
by Carol~ Forum moderator / May 7, 2010 6:45 AM PDT
In reply to: NEWS - May 07, 2010

From Websense Security Labs:

Websense Security Labs? ThreatSeeker? Network has discovered that search terms relating to the UK General Election are delivering rogue antivirus to end users through the use of BlackHat SEO.

The British General Election polls closed yesterday, and news of the results is gradually making its way into traditional press and online media. The topical nature of the event is being abused by malware authors to direct users to rogue (fake) antivirus applications, the payloads of which are hosted on a Polish Web hosting provider, a trend that we have seen recently.

Screenshot of Google search result: [...]

Typical search terms that will return malicious links include:
uk election news
uk election
british election 2010
british election results
uk general election 2010

The user is directed to a Web site delivering rogue antivirus: [...]

See: http://community.websense.com/blogs/securitylabs/archive/2010/05/07/blackhat-seo-abuse-of-uk-general-election.aspx

Collapse -
FBI seizes $143 million of fake Cisco hardware
by Carol~ Forum moderator / May 7, 2010 6:59 AM PDT
In reply to: NEWS - May 07, 2010

"30 people convicted for selling counterfeit network gear"

The FBI and other US agencies targeting the sale of counterfeit networking hardware have gotten 30 felony convictions, including a man attempting to sell fake networking equipment to the US Marine Corps, and seized US$143 million worth of fake Cisco hardware, the Department of Justice (DOJ) said on Thursday.

The DOJ, Federal Bureau of Investigation, Immigration and Customs Enforcement (ICE), and US Customs and Border Protection (CBP) have conducted Operation Network Raider, which has made 700 separate seizures of networking equipment since 2005, the DOJ said.

In addition to the convictions and seizures, nine people are facing trial and another eight defendants are awaiting sentencing, the agencies said. There was a 75 percent decrease in seizures of counterfeit network hardware at U.S. borders from 2008 to 2009, CBP said.

Operation Network Raider seeks to protect computer networks and IT infrastructure in the US from failures associated with counterfeit network hardware, including network routers, switches and network cards, the agencies said.

Continued here: http://news.techworld.com/networking/3222790/fbi-seizes-143-million-of-fake-cisco-hardware/

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.