Spyware, Viruses, & Security forum

General discussion

NEWS - May 11, 2010

Yelp Security Hole Puts Facebook User Data At Risk, Underscores Problems With ?Instant Personalization?

As if Facebook?s Instant Personalization needed another knock against it, tonight comes news of a security issue that makes the feature even more unnerving. Web security consultant George Deglin discovered an exploit that would allow a malicious site to immediately harvest a Facebook user?s name, email, and data shared with ?everyone? on Facebook, with no action required on the user?s part. This specific exploit has been patched, and no user data was compromised, but the security problems behind it remain.

The exploit took advantage of Cross Site Scripting to inject malicious code into Yelp. Normally such an attack wouldn?t have particularly broad implications for Facebook users, but Yelp is, of course, one of the three sites that have been deemed fit for Facebook?s highly controversial Instant Personalization feature. The feature grants Yelp immediate access to much of a user?s core Facebook data as soon as they visit the reviews site, without having to bother with logins or Connect buttons. But with that convenience comes risk ? if a site with Instant Personalization is compromised, it can put almost any Facebook user in harm?s way.

Here?s a high level description of how the exploit worked:

Continued here: http://techcrunch.com/2010/05/11/yelp-security-hole-puts-facebook-user-data-at-risk-underscores-problems-with-instant-personalization/
Discussion is locked
You are posting a reply to: NEWS - May 11, 2010
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - May 11, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Malware attack: 'New resume: Please review my CV, Thank you!

In reply to: NEWS - May 11, 2010

From Graham Cluley's Blog:

In the current economic climate many people may find themselves in the unfortunate position of having to look for a new job, and human resources departments around the world are probably becoming more used to finding ad-hoc applications arriving out of the blue in their email inboxes.

Well, if you receive an email claiming to be a resume (or CV as we usually call them here in the UK) you should exercise some caution, as there's a malware attack currently being spammed out around the world - designed to infect your computer. [...]

The emails, which are short and to the point, have the following characteristics:

Subject: New resume
Attached file: Resume_document_459.zip
Message body: Please review my CV, Thank you!

Continued here: http://www.sophos.com/blogs/gc/g/2010/05/11/malware-attack-new-resume-review-cv-you/

Collapse -
What does PHP stand for? Probable Hacked Page?

In reply to: NEWS - May 11, 2010

From SophosLabs Blog:

Late last week, the wires were buzzing over news that the official site of PHP-Nuke ?Professional Content Management System? was serving malware (see 1, 2). I am frankly amazed to see the site still infected 4 days later. [...]

Here at SophosLabs we see hacked sites everyday and the majority are running PHP-driven applications such as Content Management Systems (CMS). The PHP-Nuke site is currently running PHP v. 5.2.9.

Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/ PHP/5.2.9

The current version is 5.3.2. I wonder though has the web admin updated their own version of PHP-Nuke? [...]

We often tell web admins after an infection to:

Delete or restore from backup infected files.
Patch/Update all software on the box.
Change all password especially FTP ones (and restrict FTP access to a minimum).
Review logs and policies to prevent another breach.

Continued here: http://www.sophos.com/blogs/sophoslabs/?p=9585

Collapse -
PlayStation site hacker avoids jail

In reply to: NEWS - May 11, 2010

"Teenage kicks"

A teenage hacker who took the official PlayStation site offline after he was banned from playing for cheating has avoided a jail sentence.

The unnamed 17-year-old from Latrobe, Pennsylvania received 250 hours of community service and a $5,000 fine at a sentencing hearing. The miscreant was also sentenced to 12 months' probation over the November 2008 attack, Gaming Today reports.

Spamfighter adds that the young miscreant took advantage of botnet tools to crash the Sony site after he was banned from cheating in the online war game SOCOM US Navy Seals.

Continued here: http://www.theregister.co.uk/2010/05/11/playstation_hacker_sentencing/

Collapse -
Emails from Facebook contained IP addresses

In reply to: NEWS - May 11, 2010

Facebook can be configured to send emails informing users of events such as when a friend comments on the user's status or sends a message. One of the headers in the email can be used to work out the friend's IP address. The header looks like this:

X-Facebook: from zuckmail ([ODAuMTcxLjM2LjY0])
by www.facebook.com with HTTP (ZuckMail);

The string in the square brackets is a Base64 encoded IP address, apparently from the Facebook user who sent the message. Services such as MyIPTest.com's e-mail tracer can be used to convert it back into an IP address and obtain further information.

Not that an IP address is such a big deal, but, in Germany, it can, in some cases, be traced back to a particular person. There is no obvious reason why an IP address should be included in this type of message.

Continued here: http://www.h-online.com/security/news/item/Emails-from-Facebook-contained-IP-addresses-997481.html

Collapse -
One week as a Scam Victim

In reply to: NEWS - May 11, 2010

From the McAfee Labs Blog:

We have written several times about Internet scams. Some of the most famous scams are certainly the ?Nigerian? ones, where you were supposedly the one that would receive about 1M USD to facilitate a transaction. It was even covered on Dateline! Other popular scams include work-from-home scams and romance scams.

So, I decided to get enter into one of these work-from-home scams so I could post it here and hopefully help others at the same time. The scam itself will be separated into Days for better clarification.

Day 1: The Job Proposal

I got in my personal mailbox a spam that is quite common, at least since mid-2009.

Some excerpts:

You could work on Part-Time basis for SINOCHEM Corporation as a FINANCE CO-ORDINATOR in the United States/Canada or its environs which requires a great deal of trust and honesty. Meanwhile, this job is 100% tax free and there is no start up cost required. I am Mr. CHEN Guogang (Chief Financial Officer, Sinochem Corporations).

1. Receive payment from Clients.
2. Cash Payments at your Bank.
3. Deduct 10% which will be your percentage/pay on Payment processed.
4. Forward balance after deduction of percentage and pay to any of the offices you will be instructed to do so later
(Payment is to be forwarded by WESTERN UNION Money Transfer).


Continued here: http://www.avertlabs.com/research/blog/index.php/2010/05/10/one-week-as-a-scam-victim/

Collapse -
Microsoft Patches 2 Critical Security Vulnerabilities

In reply to: NEWS - May 11, 2010

Microsoft issued fixes for two critical security bugs as part of this month's Patch Tuesday. Arguably the most serious of the flaws impacts Visual Basic for Applications.

Microsoft issued two critical security bulletins today as part of this month?s Patch Tuesday.

The release comes a month after the biggest Patch Tuesday of the year, which took aim at 25 bugs. Today?s update addresses two bugs; one a vulnerability in Microsoft Visual Basic for Applications, and the other a vulnerability impacting Outlook Express, Windows Mail, and Windows Live Mail.

Both vulnerabilities are rated critical and can leave users open to remote code execution by attackers.

?I?ve put the Visual Basic for Applications (VBA) vulnerability first on my list,? said Joshua Talbot, security intelligence manager at Symantec Security Response. ?Both vulnerabilities require social engineering to exploit, but the VBA vulnerability requires less action from a user. For instance, an attacker would simply have to convince a user to open a maliciously crafted file?likely an Office document?which supports VBA and the user?s machine would be compromised. I can see this being used in targeted attacks, which are on the rise.?

Microsoft VBA is used to develop client desktop packaged applications and integrate them with existing data and systems. According to Microsoft, the vulnerability is due to the way VBA searches for ActiveX controls in a VBA-supported document. As a result, it is possible for a host application to pass a specially-crafted document with embedded ActiveX controls to the VBA runtime and create a condition where arbitrary could run.

Continued here: http://www.eweek.com/c/a/Security/Microsoft-Patches-2-Critical-Security-Vulnerabilities-445662/

Collapse -
Adobe upgrades, renames DRM software for Flash

In reply to: NEWS - May 11, 2010

"Flash Access 2.0, previously known as Flash Media Rights Management Server, has been rewritten as an SDK"

Adobe will ship today its renamed digital rights management software for the Flash platform. Previously known Flash Media Rights Management Server, the new incarnation is called Flash Access 2.0. The company already had announced intentions to shorten the name and will roll out the upgrade at New York's Streaming Media East conference.

In a beta release for about nine months, Flash Access 2.0 has been made more scalable, said Ashley Still, Adobe group product for Flash. "Version 2.0 has been completely rewritten as an SDK, so the way that it's being delivered is different," she said. By reconfiguring the technology as an SDK, users gain greater flexibility, and it is easier to link to user management databases, Still said.

Developers can write an implementation of the SDK, and Adobe offers reference implementations, such as streaming and download-to-own or download-to-rent for content. The SDK primarily works with the Java language.

Continued here: http://www.networkworld.com/news/2010/051110-adobe-upgrades-renames-drm-software.html

Collapse -
Google pushes Docs as MS prepares for launch of Office 2010

In reply to: NEWS - May 11, 2010

Many times, when a company is getting ready for a big announcement of a product, competitors will come out with news of their own in the days just before the big announcement in an attempt to steal some thunder. In most cases, those competitors are subtle about it, trying to make it look like a coincidence that their news comes at the same time.

Not Google, though. In a blog post this morning, the company is frank and straightforward about the message being put out there:

This week Microsoft will take its Office 2010 suite out of beta. If you?re considering upgrading Office with Office, we?d encourage you to consider an alternative: upgrading Office with Google Docs. If you choose this path, upgrade means what it?s supposed to mean: effortless, affordable, and delivering a remarkable increase in employee productivity. This is a refreshing alternative to the expensive and laborious upgrades to which IT professionals have become accustomed.

From there, the post goes on to talk about the rich collaboration tools that come with Google Docs, as well as plans for real-time collaboration tools from Google that are heading for Office 2003 and Office 2007 in the coming months. Finally, the post ends with a reminder that there?s a free trial period for Google Docs and the rest of the Apps suite for business customers. The company also included a comparison chart (below)

Continued here: http://www.zdnet.com/blog/btl/google-pushes-docs-as-ms-prepares-for-launch-of-office-2010/34321

Also: Microsoft readies Google Apps challenger

Collapse -
Mozilla Preps Firefox 4 For Browser War

In reply to: NEWS - May 11, 2010

Mozilla today outlined the vision for the next version of its Firefox browser: Version 4 will take cues from Google?s Chrome and focus on more performance as well as features that will allow users to easily control their relationships with websites. Also, there will be options to personalize and customize the browser. The company said that it takes the browser war with Google and Microsoft seriously and has no intentions of surrendering. [...]

Recent browser usage data coming from web analysis firm should be a concern for Firefox. It isn?t particularly difficult to predict that Microsoft and Google will fight tooth and nail and will not leave lots of room for Mozilla, even if Google?s Chrome browser has not even reached a market share of 10% yet. But Microsoft is preparing a much improved Internet Explorer and Google is apparently throwing enormous resources at its browser to quickly create software iterations that demonstarte a rapid product enhancement cycle.

Continued here: http://www.conceivablytech.com/934/products/mozilla-preps-firefox-4-for-browser-war/

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.