Spyware, Viruses, & Security forum

General discussion

NEWS - November 25, 2009

by Donna Buenaventura / November 24, 2009 7:12 PM PST
Climate change hackers leave breadcrumb trail

The hackers who leaked more than 1,000 emails from one of the top climate research centers may have used an open proxy to cover their tracks, but that doesn't mean authorities can't figure out who they are.

Rob Graham, CEO of penetration testing firm Errata Security, said his analysis suggests that the hackers used three open proxies when they posted a 61 MB Zip file of email belonging to staff at the University of East Anglia's Climate Research Unit. CRU officials say they've brought in police to assist in their investigation into the leak of the internal documents without permission.

Open proxies have long been a favorite of people trying to hide their online identities. By funneling web requests through the third-party, websites see only the IP address of the proxy, rather than the IP address where the request is actually being made. This post by the hackers on ClimateAudit was made using an open proxy located in Russia, while another of their posts used a proxy located in Saudi Arabia.

CRU representatives have said the hackers used a Turkish IP address when breaching CRU security and posting the Zip file on its servers.

More in http://www.theregister.co.uk/2009/11/25/cru_climate_hack_identity/
Discussion is locked
You are posting a reply to: NEWS - November 25, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - November 25, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
CSI Annual Report: Financial Fraud, Malware On The Increase
by Donna Buenaventura / November 24, 2009 7:13 PM PST

Security pros generally happy with products; not so much with awareness programs

Malware and financial fraud were among the chief "growth threats" posed to businesses in 2009, according to a new study from the Computer Security Institute that will be published next week.

CSI's 14th annual security survey, which will be distributed in conjunction with a free Dec. 1 Webcast, covers a wide range of issues related to security management, including current threats, data loss statistics, and trends in technology usage.

Respondents reported big jumps in the incidence of financial fraud (19.5 percent, over 12 percent last year); malware infection (64.3 percent, over 50 percent last year); denials of service (29.2 percent, over 21 percent last year), password sniffing (17.3 percent, over 9 percent last year); and Web site defacement (13.5 percent, over 6 percent last year).

The survey showed significant dips in wireless exploits (7.6 percent, down from 14 percent in 2008), and instant messaging abuse (7.6 percent, down from 21 percent).

"The financial fraud was a major concern because the cost of those incidents is so high," says Sara Peters, senior editor at CSI and author of this year's report. Financial fraud costs enterprises approximately $450,000 per incident, according to the study.

http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=221901046

Collapse -
Microsoft adds identity to cloud
by Donna Buenaventura / November 24, 2009 7:16 PM PST

Releases Windows Identity Foundation, formerly the Geneva project

Everyone eyeing Azure, their candidate for cloud-based computing, can at least agree on one thing: Redmond is late to the party that's dominated by Salesforce.com, Google, Amazon and a host of others. How can they hope to differentiate themselves?

Microsoft's JG Chirapurath, director of marketing for the Identity and Security Division, knows exactly how, and he told me about it last week. Identity is the key differentiator.

Read about it in http://www.networkworld.com/newsletters/dir/2009/113009id1.html

Collapse -
Bug puts net's most popular DNS app in Bind
by Donna Buenaventura / November 24, 2009 7:17 PM PST

Makers of Bind have warned of a security vulnerability in versions of the domain name resolution application that could allow attackers to trick servers into returning unauthorized results.

The bug in the Berkeley Internet Name Domain program surfaces only when the DNSSEC security implementation is enabled and the name server accepts queries from the internet at large, a designation known as recursive. The combination of name servers being both recursive and using DNSSEC to validate records is rare, according to this advisory from the Internet Systems Consortium, which maintains Bind.

http://www.theregister.co.uk/2009/11/24/bind_dns_security_bug/

Collapse -
S.Korea halves ceiling on text messages to fight spam
by Donna Buenaventura / November 24, 2009 7:18 PM PST
Collapse -
Offline Gmail kisses up to attachments - at last
by Carol~ Moderator / November 25, 2009 7:57 AM PST
I'm in an igloo, look at my ice cold face

By Kelly Fiveash
25th November 2009

Google has sat up and listened to users griping about the lack of an attachments feature in its offline version of Gmail by finally adding the option.

Users who have Offline Gmail enabled (it?s not a default feature) will now see all their mail flowing through the outbox whether on or offline, said Google.

The only thing offline Gmailers won?t be able to do with attachments is to include ?inline images?.

Mountain View is dead excited about its latest feature, and the world?s largest ad broker is calling on Gmail users to send pictures of themselves sat in igloos or at airports using the web mail client when offline.

Continued here: http://www.theregister.co.uk/2009/11/25/offline_gmail_attachments/

~~~~~~~~~~~~~~~~~~~~~~~

From the Gmail Blog:

One of the most requested features for Offline Gmail has been the ability to include attachments in messages composed while offline. Starting today, attachments work just the way you would expect them to whether you are online or offline (with the exception that when you're offline you won't be able to include inline images). Just add the attachment and send your message.

If you have Offline Gmail enabled, you'll notice that all your mail now goes through the outbox, regardless of whether you're online or offline. This allows Gmail to capture all attachments, even if you suddenly get disconnected from network. If you're online, your mail will quickly be sent along to its destination.

Continued here: http://gmailblog.blogspot.com/2009/11/send-attachments-while-offline.html
Collapse -
Mozilla hatches Thunderbird 3 release candidate
by Carol~ Moderator / November 25, 2009 7:57 AM PST
Almost out of the nest

By Austin Modine
25th November 2009

Thunderbird 3 is nearly ready to leave the nest.

Mozilla Messaging on Wednesday conjured up the first release candidate for version 3.0 of their popular open source email and news client.

What's that mean to you, the reader who doesn't like plunking fledgling code on their system? Only that portentous feeling that the final product is nigh. For braver souls, the Mozilla team specifically wants testing and feedback on the software's new search tools, tabbed email, message archiving, new mail account setup wizard, and improvements for developers.

Checking the clock, the RC1 comes 15 days later than Mozilla's Thunderbird 3 schedule estimates. We'll forgive them because they say RC1 includes over 100 changes from the previous beta 4 release.

Continued here: http://www.theregister.co.uk/2009/11/25/mozilla_thunderbird_3/

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!