General discussion

NEWS - November 06, 2010

McAfee Loses Finjan Patent Infringement Appeal, Owes Damages

Federal judges deny McAfee's appeal to overturn the verdict in the patent infringement lawsuit with Finjan which would require it to pay more than $13 million in damages.

On Nov. 4, the United States Court of Appeals for the Federal Circuit in Washington upheld the finding that Secure Computing's Webwasher security line infringed on Finjan's security patents and as a result Secure Computing owed damages.

The appeals court sent the case back to district court to determine how much Finjan is owed for sales that occurred between March 2008, when the trial began, and August 2009, when a judge ordered Secure Computing to stop selling Webwaster products.

In Finjan Software v Secure Computing, Israel-based Finjan sued Secure Computing in 2006 for infringing on three of its proactive scanning patents. McAfee acquired Secure Computing in 2008. Secure Computing had counter-claimed in court that it was actually Finjan that had violated its patents.

Discussion is locked

Reply to: NEWS - November 06, 2010
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - November 06, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
Windows Phone 7 Apps Battle Malware

Microsoft has acknowledged that it has tools in place to "take action" against Windows Phone 7 malware or offending apps.

This capability, which is also present in Google Android and Apple iOS, essentially lets Microsoft, via it's Zune-based Windows Phone 7 Marketplace, unpublish an app or in some cases remove it from a phone if the software was deemed a dangerous-enough security threat. It was dubbed a "kill switch" by UK-based, which broke the story this week, based on an interview with Todd Biggs, director of product management for Windows Phone Marketplace.

Microsoft has created a highly automated app testing and certification process for Windows Phone 7 apps, and Briggs made clear the company expects that system to flag most instances of problematic code. But, he says, "Market Place is a complex operation and we need to have the capability for dealing with different situations."

As quoted in PCPro, Briggs clearly suggested the most common method of deactivating malware on the phone would be to simply yank the app from the online catalog. "ut if it was very rogue then we could remove applications from handsets - we don't want things to go that far, but we could," Biggs says.

- Collapse -
Another day, another Adobe PDF Reader security hole

A new day, a new security vulnerability haunting users of Adobe's PDF Reader software.

Adobe today acknowledged the public release of a demo PDF file that could be weaponized to launch denial-of-service or even remote code execution attacks.

The proof-of-concept, posted to the Full Disclosure security mailing list, successfully crashes fully patched versions of Adobe Reader. The company says it is investigating the issue and warned that arbitrary code execution "may be possible." [...]

The JavaScript Blacklist Framework provides granular control over the execution of specific JavaScript APIs. It allows selective blocking of vulnerable APIs so that you do not have to resort to disabling JavaScript altogether.

Also see:
Adobe Reader and Acrobat Hit by New Zero-Day
Potential issue in Adobe Reader

- Collapse -
Hacker Claims Full Compromise of Royal Navy Website

A hacker claims to have gained full access to the website of the British Royal Navy and the underlying database through an SQL injection attack.

The public disclosure was made by a Romanian self-confessed security enthusiast who uses the online handle of "TinKode."

The grey hat hacker specializes in finding Web vulnerabilities like SQL injection and cross-site scripting.

Back in July he disclosed a high-risk weakness in YouTube, which was subsequently misused to poison video comments.

In a new post on his blog, TinKode claims that the compromise of happened on November 5 at 22:55. Time zone is not specified, but Romania is in UTC +02:00.

The hacker mentions that the attack vector was SQL injection, but fortunately, he doesn't publicly disclose the vulnerable URL.

He does, however, link to a file hosted on, which contains sensitive information gathered from the Royal Navy Web server and database.

- Collapse -
Google Blocks Facebook From Importing Contacts

For years, Facebook users have been able to search and invite Google contacts to join their social network through a single mouse-click. But ever wonder why the reverse was never true: why isn't there a button allowing Google users to import Facebook friends into their contacts list?

Back in September, Google CEO Eric Schmidt wondered about this during an appearance at a Google Zeitgeist conference. And in response, last night Google made a subtle change to the Terms of Service in its Google Contacts API, as first reported by TechCrunch.

The change means Web sites will not be able to automate the import of a user's Google contacts into their own database, unless they reciprocate the exchange.

"We have decided to change our approach slightly to reflect the fact that users often aren't aware that once they have imported their contacts into sites like Facebook they are effectively trapped," Google said in a statement.,2817,2372249,00.asp?kc=PCRSS05079TX1K0000992

- Collapse -
Antivirus Protection Varies Widely Between Windows Versions

German antivirus test lab started a new series of tests this August aimed at certifying antivirus products for use on specific operating systems. The August test used Windows 7 while a just-completed test challenged the same vendors under Windows XP SP2. A comparison of results from the two tests reveals some surprising disparities in protection.[...]

Products received a rating from 0 to 6 in each of the three categories, with a total score of 12 points required for certification.

Quite a few products scored significantly lower under Windows XP than they did under Windows 7. For Microsoft Security Essentials 1.0 that meant the difference between achieving certification and missing that goal. The fact that many of these products upgraded to a newer version before or during the XP-based test didn't seem to help them.

On the flip side, PC Tools scored significantly better under the Windows XP test. Trend Micro has significantly updated their protection, but both of these tests used last year's Trend Micro suite. This product was much more successful under XP, so much so that it received certification for XP but not for Windows 7.

Kaspersky, Panda, and Norton Internet Security 2011 shared the top score in the Windows 7 test, each with a total of 16 points and no score below 5. Only Norton stayed on top in the Windows XP test. Kaspersky's total dropped to 14 points and Panda's to 13. F-Secure stayed totally consistent, receiving the exact same scores in both tests for a near-the-top total of 15.5 points.

It seems clear from these results that Windows XP is more vulnerable to malware attack than Windows 7 and hence more difficult to protect.,2817,2372224,00.asp?kc=PCRSS05079TX1K0000992

- Collapse -
Certifications for the 3rd Quarter 2010 (Windows XP)

For the 3rd quarter of 2010 we have reviewed 19 anti-virus and internet security products in the areas protection, repair and usability. 13 products have fulfilled our requirements and therefore received an AV-Test certificate. The detailed test reports for every product can be found here.

During the 3rd quarter of 2010 we have tested 19 security products in the areas protection, repair and usability. The "Protection" covers static and dynamic malware detection, including real-world 0-Day attack testing. In case of "Repair", we check the system disinfection and rootkit removal in detail. The "Usability" testing includes the system slow-down caused by the tools and the number of false positives. A product has to reach at least 12 points total in order to receive a certification. 13 products have fulfilled our requirements and received an AV-Test certificate.

- Collapse -
Researcher outs Android exploit code

A security researcher has released proof-of-concept code that exploits a vulnerability in most versions of Google's Android operating system for smartphones.

M.J. Keith of Alert Logic said he released the attack code to expose what he characterized as inadequate patching practices for the open-source mobile platform. Rather than find the underlying bug himself, he searched through a list of documented security flaws for Apple's Safari, which relies on the same Webkit browser engine used in Android. In short order, he had an attack that exploits about two-thirds of the handsets that rely on the OS.

?They need a better patching system,? Keith told The Register. ?They do a good job of repairing future releases, but I think a better patching system needs to be set up for Android.?

The bug Keith's code exploits was fixed in Android 2.2, but according to figures supplied by Google, only 36 percent of users have the most recent version. That means the remainder are susceptible to the attack.

Also see:
Researcher to Release Web-based Android Attack
88 'high-risk' security defects found in Android kernel

- Collapse -
Facebook, Twitter, WordPress Fail Security Report Card

Facebook, Twitter, and WordPress have failed a security exam conducted by "security think tank" Digital Society, highlighting old vulnerabilities most recently displayed by the spread of Firesheep.

Gmail and WordPress, which use an encryption and identification process known as SSL, received A's. Google scored a C, Yahoo and Amazon received a C-, and Hotmail and Flickr received a D-.

The main reason Twitter and Facebook failed is because neither uses complete SSL authentication, according to the report. In other words, a user can't know for sure if the authentication page they think they're visiting is actually HTTP. WordPress without SSL, the free version commonly used by personal bloggers, also lacked SSL authentication for logins.

A Facebook spokesman said the company has "been making progress testing SSL access across Facebook and hope to provide it as an option in the coming months."

The report, however, "fails to include many important security metrics that place Facebook as a leader in this industry and doesn't even mention many of the unique security features we offer to make accounts more secure such as login notification, remote session management, one-time passwords and internal spam prevention systems," Facebook continued.

George Ou, a policy director at Digital Society and author of the report card, said "the vulnerability and easy exploitation [of] online services have been well known since 2007, [but] the lack of mainstream tech media coverage has allowed the online industry to sweep the problem under the rug for the past 3 years."

In January, Google announced that it would encrypt Gmail at all times, not just during sign-on, and make the process an opt-out feature rather than opt-in, likely contributing to its A grade.

Microsoft, meanwhile, told Ou that it will default its Hotmail to SSL browsing this month.

Ou promised to create an online service report card that will be upated over time. For more details, see his full report.,2817,2372214,00.asp?kc=PCRSS05079TX1K0000992

Related news: Microsoft responds to Firesheep cookie-jacking tool

- Collapse -
Security Patch Won't Fix Notorious IE Flaw

A flaw in Internet Explorer 6 and 7 that allows hackers to run any program remotely on a PC without the user's knowledge will not be fixed in Microsoft's security update this month.

Compared to last month's bumper update that fixed a record 49 bugs, November's Patch Tuesday, which will be issued next week, will only fix 11 vulnerabilities via three bulletins.[...]

According to Symantec, Hackers use an email with a link that when clicked on identifies whether the web user's browser is IE6 or IE7. If so, the script transfers the visitor unknowingly to a malicious website where the malware infects their PC, subsequently allowing hackers to run programs remotely. Microsoft has urged users to upgrade from IE6.

Microsoft confirmed it is aware of the flaw and in an advisor said it was investigating the vulnerability.

Also see:
New Bug in Internet Explorer Used in Targeted Attacks
Microsoft Security Advisory (2458511)

- Collapse -
Search Hijacker Adds Files to Firefox Profile

[quote]In September, I posted an item about a dropper which we call Trojan-Dropper-Headshot. This malware delivers everything including the kitchen sink when it infects your system. It has an absolute ton of payloads, any of which on their own constitute a serious problem. All together, they're a nightmare.

Among the payloads, we've seen this monstrosity drop downloaders (Trojan-Agent-TDSS and Trojan-Downloader-Ncahp, aka Bubnix), adware (Virtumonde, Street-Ads, and Sky-banners), keyloggers (Zbot and LDpinch), clickfraud Trojans (Trojan-Clicker-Vesloruki and at least three other generic clickers), and a Rogue AV called Antivir Solution Pro. So this is one nasty beast that has no qualms about using the shotgun approach to malware infections.

But we also noticed that it has added yet another intriguing installer to its panoply of pests: It's a small executable named seupd.exe (search engine updater?) that makes two minor (but obnoxious) modifications to Firefox. The result of these modifications changes the behavior of Firefox's search bar, the small box that lets you send queries directly to search engines, located to the right of the Address Bar.

The modifications are not immediately apparent unless you try to search Google for something, using either the Search Box or the Address Bar: Instead of sending your search to Google, the browser submits search queries to one of six different domains not owned by Google, but which appear to use the Google API to provide results -- and, presumably, earn a little ad revenue on the side.

The modifications add a file named user.js to the currently logged-in user's Firefox profile. The presence of a file by this name is not necessarily an indication of an infection, but in this case, the user.js file contains the instructions that tell the browser where it should submit searches when you have Google set as the default engine to use in the Search Bar's dropdown menu. [...]

We remove the components and block the domains and their related IP addresses, but if you're infected with this thing, it's easy enough to get rid of manually: Just install Firefox over the top of itself, and the installer will replace the modified files with the originals. If you open up your user.js file and see anything resembling this screenshot, just delete that user.js file. The malware won't reinfect your machine, so this is the easiest way to clear up the hijack.

CNET Forums

Forum Info