NEWS - May 23, 2011

Anonymous to attack US Chamber of Commerce website today over 'PROTECT IP' bill

"In protest of the "PROTECT IP" bill, hacker group Anonymous plans to attack the US Chamber of Commerce website Monday evening."

Hacktivist group Anonymous plans to launch attack the US Chamber of Commerce website today at 8pm EST, according to a flier posted to and, which urges Internet users to join in the fight. The distributed denial of service (DDoS) campaign is an act of protest against a piece of supposed anti-piracy legislation proposed by Sen. Patrick Leahy (D-VT) known as the "Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property" bill, or "PROTECT IP."

Anonymous, known for its campaigns against both corporations and governments around the world who the group believes stifle the free flow of information, argues that, if passed, PROTECT IP "would allow the US Government to force [Internet service providers] and search engines to censor websites they do not like under the guise of 'copyright protection.'"

The online protest was first announced Sunday in a statement released by the group, which reads:

"As pioneers of this new world, it's our duty to resist and fight those who attempt to stop us. Whether you're a journalist or blogger, or a participant of Anonymous, or the activists on the ground who protest against these corporate thugs and oppressive regimes and risk everything for freedom of information and speech, we are all in this battle together and we have a responsibility to protect our civil liberties...

Continued :
Discussion is locked
Reply to: NEWS - May 23, 2011
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - May 23, 2011
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
Sony BMG Greece the latest hacked Sony site

In what seems to be a neverending nightmare it appears that the website of Sony BMG in Greece has been hacked and information dumped.

An anonymous poster has uploaded a user database to, including the usernames, real names and email addresses of users registered on

The data posted appears to be incomplete as it claims to include passwords, telephone numbers and other data that is either missing or bogus. [Screenshot]

As I mentioned in the Sophos Security Chet Chat 59 podcast at the beginning of the month, it is nearly impossible to run a totally secure web presence, especially when you are the size of Sony. As long as it is popular within the hacker community to expose Sony's flaws, we are likely to continue seeing successful attacks against them.

It appears someone used an automated SQL injection tool to find this flaw. It's not something that requires a particularly skillful attacker, but simply the diligence to comb through Sony website after website until a security flaw is found.

While it's cruel to kick someone while they're down, when this is over, Sony may end up being one of the most secure web assets on the net.

Continued :

Sony BMG Greece hacked
Sony Security Breaches Keep on Popping Up

- Collapse -
Microsoft Support Scam (again)


We have mentioned the "Microsoft Support" scams a few times over the last 6 months or so (, but a recent change in their operations grabbed my interest. A colleague of mine mentioned that other day that he had been the recipient of the mystical "Microsoft Support" call to inform him that they had received an alert from his computer. It was the usual scenario, with a twist.

In previous iterations of this scam the person on the phone would get you to click through to the event viewer to "find something red". Strangely enough there is usually something red in most people's event log log. However, do not despair if you don't have anything red, yellow is just as bad. Once the problem (well any problem) was identified your support would have expired and they redirect you to a web site where you can part with your money and download some version of malware.

The new iteration of the scam goes one step further. Rather than get the victim to look, they get you to install teamviewer (although no doubt other similar tools are likely used). They take control of your machine and start moving the files across. Manually infecting, sorry fixing, your machine. In this particular instance they noticed they were in a VM and promptly started removing the files they had moved, before the link was dropped and the phone call terminated.

The scam is obviously still working. It seems they have figured out that users can't be trusted to click a link, but installing remote control software and getting you to install the malware for them is ok.

Continued :

- Collapse -
Fix x64 Windows 7 SP1 Incorrect Memory Dump Files..
Fix x64 Windows 7 SP1 Incorrect Memory Dump Files when Using Intel AVX

Microsoft has confirmed issues in which some customers running Windows 7 Service Pack 1 have come across incorrect memory dump files on their machines.

The problem also impacts Windows Server 2008 R2 SP1 in addition to Windows 7 SP1, but only the 64-bit versions of the operating system when running on x64 Intel processors.

In addition, users need to be running either of the two platforms in the context of also leveraging the XState feature, the software giant informed.

In the scenario detailed above, customers can have a memory dump file generated on the computer. "A memory dump file is generated when the system crashes and a Stop error occurs," the Redmond company notes.

Users that turned to WinDbg command in order to open the memory dump file have found that the processor context is displayed incorrectly.

"Additionally, you receive the following error message: The context is partially valid. Only x86 user-mode context is available. The wow64exts extension must be loaded to access 32-bit state. .load wow64exts will do this if you haven't loaded it already," Microsoft said.

According to the Redmond company "this issue occurs because the dump generation logic saves the processor context to the dump file incorrectly on a computer that has the XState feature enabled."

Microsoft already has a hotfix in place designed to resolve this particular issue, but only this. Customers must be running Windows 7 SP1 or Windows Server 2008 R2 SP1 in the context detailed above in order to apply the hotfix.

Continued :
- Collapse -
Black Hole Exploit Kit Available for Free

Just a couple of weeks after the source code for the Zeus crimeware kit turned up on the Web, the Black Hole exploit kit now appears to be available for download for free, as well. Black Hole normally sells for $1,500 for an annual license, and is one of the more powerful attack toolkits on the market right now.

The Black Hole exploit kit is somewhat newer and less well-known than attack toolkits such as Zeus and Eleonore, but it has been used by attackers for major Web-based attacks for the last few months. Researchers have found that thousands of URLs have been infected with Black Hole exploit code, which is then used to infect site visitors via drive-by downloads. Kits such as Black Hole and Zeus typically will sell for upwards of $1,000 for an annual license, and some of them also give buyers the option to add extra modules and exploits for additional fees.

Now, bargain-hunting attackers can avoid paying the high prices the Black Hole creators are charging for the kit and simply download it for free. Like the leak of the Zeus source code, the availability of Black Hole for free does not bode well for site owners and defenders. Sophisticated attack tools are becoming more and more prevalent and the ease of use that some of these toolkits have makes them usable for a much broader audience than was ever the case in the past, with many of them being basically point-and-shoot toolkits.

Continued :

- Collapse -
PlayStation Network hack will cost Sony $170M

Sony expects the hack of the PlayStation Network and will cost it

- Collapse -
Spammers Offer iPhone 5, Deliver Malware

From Barracuda Labs:

The iPhone 5 isn't due to be released until fall, or even Christmas, but the spam honeypots at Barracuda Labs are already detecting malicious messages targeting anxious Apple acolytes. [Screenshot: Fake Phone]

The image of a beautiful see-through phone is actually a concept photo that is over two years old.

All of the links in the email lead to a copy of Trojan.Zapchast, an IRC-controlled backdoor. [Screenshot: Fake iPhone Spam]

Naturally the from: address is spoofed.

If you do click on one of the links and run the offered executable, another old iPhone concept photo is displayed in order to distract you from the installation of the backdoor. [Screenshot: Photo distracts you from backdoor installation]

Continued :

- Collapse -
LinkedIn is careless with access cookies

Security specialist Rishi Narang warns that LinkedIn has been careless with its users' access credentials and that third-parties could, therefore, easily obtain unauthorised access to other users' accounts.

For example, while LinkedIn does encrypt password transmission, it redirects users to unencrypted pages. When using the online service, components such as session cookies are consequently transmitted in unencrypted form. Attackers who manage to intercept such cookies, for instance on an unsecured Wi-Fi network, can use the cookies to obtain full access to their victims' accounts. This was impressively demonstrated by Firesheep, which caused Twitter and Facebook to introduce an option that allows users to visit all of their pages via https.

To make things worse, the access token LinkedIn stores in the LEO_AUTH_TOKEN cookie doesn't appear to expire and continues to provide full account access even after the user has logged out. According to Narang, it can even survive password changes and will only expire after a year.

Continued :

- Collapse -
Using Google Web Search to Find Compromised Google Images

F-Secure Weblog:

Google Search has a problem.

For several weeks now, Google Image search results have been increasingly tainted by Search Engine Optimization (SEO) poisoning. Numerous sites linked to scareware trojans and exploits via Google Image results are discovered every day. Many of these sites would otherwise be considered as safe but they've been compromised by a hack of some sort.

Google's method of crawling for and ranking images is part of the problem.

This is an example of a poisoned link from Google Image results: [Screenshot]

Notice that imgurl and imgrefurl don't match. The image is "hotlinked". And even though the image is actually hosted on a server at, Google will display the image preview and site information as though it's from the referring (compromised) site.

But then there are legitimate reasons for displaying the referring site as the "home" of the image. For example, our Safe and Savvy blog is powered by VIP, and its images are hosted on servers belonging to WordPress. If Google didn't consider the referring source of the image and ignored hotlinking (as Bing appears to), this search result wouldn't be very useful.

On the topic of WordPress, the poisoned image of actress Olivia Wilde, from the example above, is embedded in an html page located within a folder called wp-images. The compromised site is a blog.

Here's a selection of the olivia-wilde-twitter.html page:

Continued :

- Collapse -
Oracle sued by university for alleged ERP failure

Montclair State University is suing Oracle over an allegedly botched ERP (enterprise resource planning) software project, saying a series of missteps and delays could ultimately cost the school some $20 million more than originally planned, according to a complaint filed last week in U.S. District Court for the District of New Jersey.

The school entered into contracts with Oracle in 2009 for a PeopleSoft suite that was supposed to replace a 25-year-old set of legacy applications, the complaint states.

Those pacts included about $4.3 million for software and support. The school and Oracle also agreed on a $15.75 million fixed-fee contract for implementation services, according to the complaint.

Under the latter agreement's terms, Oracle would undertake the project in a series of "pillars," each with a specific completion date. In turn, the school would pay out the fixed fee in a number of "milestone" payments, "each of which was tied to Oracle's satisfactory completion of a particular project deliverable," the complaint states.

Continued :

- Collapse -
Facebook Adds Mobile Authentication

Facebook has introduced a new authentication feature designed to help users better protect their accounts from being hijacked by password-stealing miscreants. The opt-in feature - which requires users to share their mobile phone number - is a welcome security measure, but may be a tough sell to users already wary of providing too much information to the social networking giant.

Facebook intern Andrew Song explains how the new "Login Approvals" feature works, in a blog post:

"If we ever see a login from an unrecognized device, you'll be notified upon your next login and asked to verify the attempted account access. If you don't recognize this login, you'll be able to change your password with the knowledge that while some one else may have known your login credentials, they were unable to access your account and cause any harm. Once you have entered this security code, you'll have the option to save the device to your account so that you don't see this challenge on future logins."

"If you ever lose or forget your phone and have login approvals turned on, you will still have the option to authorize your login provided you are accessing your account from a saved device. Having these recognized machines associated with your account prevents lockout and ensures that you can regain access to your profile.

Facebook users can enable Login Approvals by navigating to Account Settings and then Account Security. When I enabled this feature and provided the digits for a mobile phone I own, it quickly sent that phone a six character, alphanumeric code via text message that I used to successfully authenticate on

Continued :

- Collapse -
Researchers find irreparable flaw in popular CAPTCHAs

Computer scientists have developed software that easily defeats audio CAPTCHAs offered on account registration pages of a half-dozen popular websites by exploiting inherent weaknesses in the automated tests designed to prevent fraud.

Decaptcha is a two-phase audio-CAPTCHA solver that correctly breaks the puzzles with a 41-percent to 89-percent success rate on sites including eBay, Yahoo, Digg,, and Microsoft's The program works by removing background noise from the audio files, allowing only the spoken characters needed to complete the test to remain.

In virtually all of the tests, Decaptcha was able to correctly solve the puzzle at least once in every 100 attempts, making the technique suitable for botmasters with large armies of compromised computers. The high success rate was largely the result of the ease in removing sound distortions known as background noise, intermediate noise, and constant noise inserted into the background to throw off speech-recognition programs. Most audio-based CAPTHA systems are wide open to the attack with the notable exception of the Google-owned, which uses a different approach known as semantic noise.

"Our results indicate that non-continuous audio captcha schemes built using current methods (without semantic noise) are inherently insecure," the scientists wrote in a recently published research paper. "As a result, we suspect that it may not be possible to design secure audio captchas that are usable by humans using current methods. It is therefore important to explore alternative approaches."

Continued :

- Collapse -
Firefox 6 Aurora Coming Right Up
Firefox 5 offered the first chance to try an Aurora Build to early adopters of the open source browser. Soon testers will move along to the second Aurora development milestone for a new iteration of Firefox.

Firefox 6 Aurora is getting close to release, although it's not quite there, early adopters needing to exercise their patience a tad longer.

But with Firefox 5 having graduated to the Beta channel last week, Mozilla is also tending to version 6 of the open source browser.

Testers that understand the risks implied by running pre-release software can go ahead and download Firefox 5 Beta from Mozilla. The bits were made available for download just ahead of the past weekend.

Next on Mozilla's plate is Firefox 6 Aurora. According to the open source browser vendor's plans last week, the Aurora channel merger for Firefox 6 was scheduled to start later today, Monday 23rd.

Unfortunately, just because Firefox 6 is starting the transition from Nightly to Aurora doesn't mean that the actual bits will also be available for download to testers. At least not just yet.

Continued :

Firefox Related: Mozilla rolls out Firefox 5 beta
- Collapse -
UK up in arms over Twitter's role in court case privacy laws

[Screenshot] "A controversial Tweet has made the rounds in the UK, outing the identity of a famous football player involved in a scandalous court case. While print media has been barred from releasing this information, the news has spread virally, causing the Prime Minister to consider the effects of social media. "

UK Prime Minister David Cameron is calling on British courts to examine the role Twitter is playing when it comes to privacy laws. According to the Telegraph, after the identity of a celebrity football player tied to a controversial British court case made the Twitter-rounds, advocates and industry officials are claiming that social media is unfairly distributing barred information. UK newspapers and print media are under a court "super-injunction" not to reveal the player's identity, but social networking sites do not directly fall under this ruling.

Cameron made an appearance on local talk show Daybreak to discuss the issue. "What I've said in the past is the danger is that judgments are effectively writing a new law, which is what Parliament is meant to do. So I think the government - Parliament - has got to take some time out, have a proper look at this, have a think about what we can do. But I'm not sure there is going to be a simple answer."

Twitter has been considered a platform for free speech, but now legal authorities are saying the site and its users are acting above the law. "It is rather unsustainable, this situation, where newspapers can't print something that clearly everybody else is talking about, but there's a difficulty here because the law is the law and the judges must interpret what the law is," Cameron said. "It's not fair on the newspapers if all the social media can report this and the newspapers can't, so the law and the practice has got to catch up with how people consume media today."

Continued :

CNET Forums