Spyware, Viruses, & Security forum

General discussion

NEWS - November 08, 2010

by Donna Buenaventura / November 7, 2010 4:12 PM PST
Former Student Gets 30 Months in Prison for DDoSing Conservative Figures and Using Botnets

A former University of Akron student was sentenced Friday to 30 months in prison, followed by 3 years of supervised release for conducting Denial of Service Attacks on the sites of several prominent conservative figures as well as infecting several systems with botnet zombies.

Mitchell L. Frost, age 23, of Bellevue, Ohio admitted that between August 2006 and March 2007, he initiated Denial of Service attacks on Web servers hosting the Web sites several conservative figures including Bill O'Reilly (www.billoreilly.com), Rudy Giuliani (www.joinrudy2008.com), Ann Coulter (www.anncoulter.com), and others.

Frost was also ordered to pay restitution in the amount of $40,000 to Bill O'Reilly.com and $10,000 to the University of Akron, as well as a special assessment of $200 to the Crime Victims' Fund.

http://www.securityweek.com/former-student-gets-30-months-prison-ddosing-conservative-figures-and-using-botnets

Also see: Man accused of DDoSing conservative talking heads
Discussion is locked
You are posting a reply to: NEWS - November 08, 2010
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - November 08, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Firesheep author takes backhanded pot-shot at free speech
by Donna Buenaventura / November 7, 2010 4:13 PM PST

Two weeks ago, an automatic session-hijacking plugin was released for Firefox. It was named Firesheep, and it's been downloaded over 600,000 times so far.

The decision to release Firesheep publicly is a controversial one. On the good side, it's reminded people that some of their common web surfing habits are dangerously insecure. [...]

Since Firesheep proves just how dangerous it is to send session cookies in insecure network packets, it is likely to push businesses such as Facebook and Twitter to adopt HTTPS as an all-session default much sooner than they might otherwise have done. [...]

On the bad side, those 600,000 downloads of Firesheep are 599,999 more than were strictly needed for the software to prove its point.

The author of Firesheep, Eric Butler, is unrepentant about releasing the tool. He's publicly commented that, "like any tool, Firesheep can be used for many things. In addition to raising awareness, it has already proven very useful for people who want to test their own security as well as the security of their (consenting) friends."

He's also aghast that Microsoft has started detecting his software as a potential threat, ranting that "by installing anti-virus, you grant a third party the ability to remove files from your system trusting that only malicious code will be targeted. Microsoft and other anti-virus vendors abuse this trust and assert what they think you should or should not be doing with your computer." [...]

Moral of the story:

* Just because you can write code to prove a point doesn't mean you have to release it.
* If you do release it, you don't have to package it with a one-click install and a use-it-without-understanding-it GUI.
* If you download code which makes anti-social (and probably also illegal) online behaviour easy, don't be anti-social with it.

http://nakedsecurity.sophos.com/2010/11/07/firesheep-potshot-at-free-speech/

Also see:
Facebook, Twitter, WordPress Fail Security Report Card
Microsoft responds to Firesheep cookie-jacking tool

Collapse -
Zscaler Releases Blacksheep to Fight Firesheep
by Donna Buenaventura / November 8, 2010 12:11 AM PST

Last month at ToorCon12, a hacker conference in San Diego, researcher Eric Butler demonstrated a significant vulnerability in standard HTTP connections. Using a Firefox add-on he called Firesheep, he demonstrated a technique by which a hacker on the same Wi-Fi network could hijack a user's online session.

Many web sites authenticate users at login but then use a simple, non-secure cookie to maintain the connection. Firesheep captures that cookie and uses it to take over the session without ever having to supply login credentials. Many popular web sites, Facebook and Twitter among them, are vulnerable to this attack.

On Monday the research team at Zscaler posted detailed instructions for detecting Firesheep on a network. Now they've embodied those instructions in a simple tool they call Blacksheep .

Blacksheep detects Firesheep by baiting it with fake session ID cookies and watching to see if those cookies get hijacked. If Firesheep takes the bait, Blacksheep displays a warning and even supplies the malefactor's IP address. Firesheep itself is simply a proof of concept tool to point out the vulnerability, but Blacksheep's approach should work against any program that uses the same technique.

http://www.pcmag.com/article2/0,2817,2372231,00.asp?kc=PCRSS05079TX1K0000992

Collapse -
Keeping an Eye on the SpyEye Trojan
by Donna Buenaventura / November 7, 2010 4:13 PM PST

From Krebs on Security Blog:

Last month, I published evidence suggesting that future development of the ZeuS banking Trojan was being merged with that of the up-and-coming SpyEye Trojan. Since then, a flood of new research has been published about SpyEye, including a new Web site that helps track the location of SpyEye control networks worldwide.

Roman *****, the curator of Zeustracker -- a site that has spotlighted ZeuS activity around the globe since early 2009 -- late last week launched SpyEye Tracker, a sister service designed to help Internet service providers keep tabs on miscreants using SpyEye (take care with the IP address links listed at this service, because they can lead to live, malicious files).

***** said he's not convinced that the SpyEye crimeware kit will usurp the mighty ZeuS. "Why should they give up something which works and pay for a new tool?" he said in an online chat with KrebsOnSecurity.com. Instead, ***** said he's launching the new tracking service to help prevent that shift.

"To stay on the secure side I've decided to do some effort that SpyEye will not get [to be] the next 'ZeuS' Trojan," he said. "My goal is to put SpyEye into the spotlight before it becomes a 'big' threat like ZeuS was in the past."

Also see: SpyEye v. ZeuS Rivalry Ends in Quiet Merger

Collapse -
Glitch will make iPhone alarms late Monday
by Donna Buenaventura / November 7, 2010 4:14 PM PST

Not forgetting Sunday morning's time change is hard enough.

But Apple iPhone users in the United States must also remember to delete and then reset their phone's alarm clock -- otherwise they may be an hour late for work on Monday morning.

A glitch in the iPhone's operating system will cause recurring weekday alarms not to ring on time on Monday morning because of the end of Daylight Saving Time, which occurs at 2 a.m. on Sunday in the United States.

The phone's alarm app doesn't recognize the time change and will ring an hour late if users don't go into the program and manually reset the alarms.

Users who depend on the iPhone to wake them up should create one-time alarms specifically for Monday morning, said Apple spokeswoman Natalie Harrison.

"We suggest customers set nonrepeating alarms for now and reset after November 7 to resolve the issue," she told CNN.

Later this month, Apple will release an updated version of its mobile software, iOS 4.2, which will permanently fix the problem, Harrison said.

http://edition.cnn.com/2010/TECH/mobile/11/05/apple.alarm.daylight.savings/ via ISC

Collapse -
Google scares Aussie banks
by Donna Buenaventura / November 7, 2010 4:40 PM PST

Google could be the biggest threat to the big four banks because of the trust online users place in it and its ability to engage with customers, according to banking executives.

Managers from Commonwealth Bank, Westpac, GM Bank, Rabobank and Spain-based Bankinter chaired a panel discussion at FST media's Future of Banking and Financial Services conference last week where they were challenged by members of the financial sector on their apparent slack innovation efforts.

RaboDirect general manager Greg McAweeney told an audience from the finance sector in Sydney last week that companies such as Google and PayPal are more responsive and trusted than banks.

"If Google got up and said we are going to offer a savings account, for me, that would be very difficult and confronting," McAweeney said.

"They are a non-traditional bank yet they have great reach, access, distribution and trust ? they probably have more trust than most of the banks.

"Innovation will come from that side of our industry."

Panellists cited emerging technology with an emphasis on online applications as a means for the credit unions to challenge the position of incumbent banks. [...]

"Online and token-based security can make the experience a bit clunky. I might want to see all of my accounts, but if I have a token with each it doesn't lend to the best customer experience."

Rosmarin said that privacy demands and a lack of publicity has grounded account aggregation.

http://www.zdnet.com.au/google-scares-aussie-banks-339307074.htm

Collapse -
Heads up... 0-day in an exploit kit
by Donna Buenaventura / November 8, 2010 12:08 AM PST

It's fairly well known (well, well-known if you're a security geek) that CVE-2010-3962 is in the Wild, but over the last couple of days, we've begun detecting it in the Eleonore Exploit Kit.

This raises the stakes considerably, as it means that anyone can buy the kit for a few hundred bucks, and they have a working 0-day.

What this means to Microsoft, is that they should consider issuing an out-of-band patch.

What this means to you, if you're a non-geek, is that until Microsoft releases said patch, you should install something that's pretty good at detecting and blocking web-based attacks.

http://thompson.blog.avg.com/2010/11/heads-up-0-day-in-an-exploit-kit.html

Danger to IE users climbs as hacker kit adds exploit

An exploit of an unpatched Internet Explorer vulnerability has been added to a popular crimeware kit, a move that will probably push Microsoft to fix the flaw with an emergency update, a security researcher said Sunday.

Meanwhile, a prominent vulnerability expert has sided with Microsoft, which has said the bug will be difficult to exploit in Internet Explorer 8 (IE8), the most popular version of the company's browser.

Symantec was the first to report the IE bug to Microsoft after the antivirus vendor captured spam posing as hotel reservation notifications sent to select individuals within several organizations. [...]

On Sunday, Roger Thompson, chief research officer of AVG Technologies, said that an exploit for the newest IE flaw had been added to the Eleonore attack kit , one of several readily-available toolkits that criminals plant on hacked Web sites to hijack visiting machines, often using browser-based attacks.

http://www.networkworld.com/news/2010/110810-danger-to-ie-users-climbs.html

Collapse -
Researchers To Debut Botnet-Resistant Coding Techniques
by Donna Buenaventura / November 8, 2010 12:19 AM PST

As the botnet epidemic continues to rage, researchers are expanding the scope of their search for new methods to prevent users from becoming unwitting victims of these massive malicious networks. One pair of researchers this week will unveil a new technique they've developed to help Web sites protect users whose machines already have been compromised by bots.

One of the main problems created by botnets is that many users whose PC have been infected by a bot have no idea it's happened. In most cases, there are few outward signs that are noticeable to the average user and so the victims go about their normal online business with no clue that their sensitive data is being packaged up and exfiltrated every day. Botnet traffic typically looks like normal port 80 Web traffic and so it's extremely difficult for victims to identify it and backtrack it to a bot infection. [...]

"Security infrastructure has matured and there's been a lot of focus on that, but application security hasn't been focused on as much," said Peter Greko, a security researcher who, along with Fabian Rothschild, will talk about their new techniques at the OWASP AppSec DC conference this week. "A lot of security problems can be addressed in the application. If you go after the C&C, you only take out the bots connected to that server. That's not an overall problem that can be solved." [...]

"We're not trying to ake the bots out, we're trying to undermine the credibility they have in each other," said Rothschild, who, like Greko, is affiliated with the HackMiami hacker space. "The underground economy is based on trust and reputation. They can't check public records on each other. If you get a guy who's been trustworthy and now he's selling bad data, you'll wonder what's going on."

Greko said that although there are a number of different Zeus versions in circulation, their methods are effective against most of the known variants.

"This isn't a black-and-white solution," Greko said. "We're just trying to damage the botmaster's credibility and make it harder for him to find the usable data."

http://threatpost.com/en_us/blogs/researchers-debut-botnet-resistant-coding-techniques-110810

Collapse -
OMG!Kid expelled from his school?No, it's a viral Facebook..
by Donna Buenaventura / November 8, 2010 12:21 AM PST
survey scam

Yet another survey scam is spreading virally across Facebook, earning revenue for the con artists behind it.

You may well be one of the thousands of people who have seen messages like this posted by one of your Facebook friends.

OMG! Look What this Kid did to his School after being Expelled!
After this 11 year old child was expelled from his school he went beserk


If so, please resist the urge to click on it - and instead warn your Facebook friend that they have fallen foul of a scammer.

If you do make the mistake of clicking on the link you will be taken to a third party website which does its best to pretend to be a legitimate Facebook page.

http://nakedsecurity.sophos.com/2010/11/08/omg-kid-expelled-school-facebook-survey-scam/
Collapse -
India's Popular Financial Web Site Moneycontrol.com...
by Donna Buenaventura / November 8, 2010 12:26 AM PST
Compromised

Websense Security Labs ThreatSeeker Network has detected that the main Indian site of moneycontrol.com was compromised and injected with malicious code on November 6th 2010. It was cleaned up the next day.

Moneycontrol.com is India's number one financial portal. It's the official site for CNBC TV18, and it provides news, views, and analysis on the stock market and equity, commodities, personal finance, mutual funds, insurance, and loans.

Moneycontrol.com is ranked 673 in the world according to the three-month Alexa traffic rankings. The site also has attained a traffic rank of 36 among users in India, where approximately 93% of its audience is located.

http://community.websense.com/blogs/securitylabs/archive/2010/11/08/moneycontrol-com-compromised.aspx
Collapse -
Shhh... Opera holds the web's most valuable secret
by Donna Buenaventura / November 8, 2010 12:37 AM PST

Without anybody noticing, Opera has amassed one of the world's most valuable commercial resources. And the funny thing is, it isn't going to do anything evil with it. Marketing, new media and technology pundits may have to rethink a few things once they digest the size of Opera's well-kept secret. It is possible the gurus may have spent years barking up the wrong tree.

At current growth rates, Opera will soon overtake Google as the owner of the largest transaction farm on the web. It is the Opera mobile web cache. Google currently handles 85 billion transactions a month. From 2008 to 2009 Opera grew from 21 billion to 36.9 billion. It is growing faster than Google, and at some point in the not-too-distant future, on current trends, Opera will overtake it. Users also spend more time in the Opera engine than the Google engine, which spits most people out to other destinations.

So what does Opera plan to do with this trove? [...]

Opera initially offered the technology as a caching proxy to operators, called Mobile Accelerator. Then it decided to offer it directly to end users, via a new small lightweight browser that talked directly to a proxy hosted by Opera itself. The Opera Mini client could run on all kinds of phones and its popularity grew and grew. Opera's servers, which were originally in its downtown Oslo HQ, had to be moved outside, and soon became a major server operation.

Now compare Google's "transaction engine" with Opera's "transaction engine", and the Norwegian's offering looks potentially very valuable indeed. Users spend far more time passing through the mobile cache than they do on Google. As well as searches, it contains destinations - news pages, social networking pages and emails. That's what behavioural advertisers want. This wouldn't be hard to do, and would involve injecting an advertisement into the binary stream that trickles into the Mini browser. But it's also precisely what makes it a No Go zone for the company, says Opera.

Because its users trust Opera with such intimate information, the company feels it can't engage in any Phorm-like behavioural exploitation. Break the bond of trust and they'll destroy the business. Once upon a time, Google had a similar philosophy - Don't Get Too Creepy Today (I may have mis-remembered that). Even Google does behavioural advertising now, but it's very careful not to use the b-word.

In addition, Opera doesn't feel it needs to. Opera has a few ideas on how it will make money in the future however, and some are evolutions of what it does today. So we'll examine these for a second, before looking at what it's got planned.

http://www.theregister.co.uk/2010/11/08/opera_transaction_cache/

Collapse -
Royal Navy website infiltrated by computer hacker
by Donna Buenaventura / November 8, 2010 1:09 AM PST

The navy's website was shut down this morning after a self-confessed security enthusiast claimed to have hacked into the site and its databases.

In a new post on his blog the hacker, a Romanian national known only as TinKode, claims to have penetrated the security of the navy's site late on Friday night.

http://www.telegraph.co.uk/technology/news/8117144/Royal-Navy-website-infiltrated-by-computer-hacker.html

Also see:
Hacker Claims Full Compromise of Royal Navy Website
Hacker forces Royal Navy to suspend website

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.