General discussion

NEWS - October 12, 2010

ENISA warns of further attacks targeted at critical infrastructure

The European Network and Information Security Agency, (ENISA) believes that the Stuxnet attacks represent a paradigm shift in attacks against major market resources. It warns of similar attacks in the near future involving investments of time and money in malware development comparable to that invested in Stuxnet. According to ENISA, Europe needs to rethink measures for protecting critical infrastructure.

The agency believes that one possible measure would be to formulate guidelines for decision-makers on dealing with possible effects. To achieve this ENISA is planning a November drill to practice cross-border critical infrastructure emergency plans. "CYBER EUROPE 2010" is, however, aimed only at improving the exchange of information between security organisations.

http://www.h-online.com/security/news/item/ENISA-warns-of-further-attacks-targeted-at-critical-infrastructure-1105896.html

Discussion is locked

Follow
Reply to: NEWS - October 12, 2010
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - October 12, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Young people 'most reckless' with passwords

Research has found that younger surfers are most likely to share their web passwords and take online security risks.

More than half of 18- to 29-year-olds admitted to sharing their web passwords in a survey by security firm Webroot.

Younger surfers proved to be the most reckless when it came to online security with 12 per cent sending passwords by text and 30 per cent logging into secure sites over unsecure networks and public Wi-Fi.

This compares to 41 per cent of people of other ages sharing passwords, four per cent sharing over text and 21 per cent using passwords on public Wi-Fi.

The findings from the Webroot study additionally found that almost over 40 per cent of those asked use the same password for multiple accounts, including online banking.

http://www.webuser.co.uk/news/top-stories/502858/young-people-most-reckless-with-passwords

- Collapse -
Iran Bans Arstechnica

Iran has banned one of the oldest tech news websites, Arstechnica reported that Iranian users are no longer able to access the site.

Arstechnica says this happened after the site published second piece of coverage about the Stuxnet malware which hit Ithe workers of Iranian power plant. Iran said it had some evidence that ?Israel? is behind the attack.

Arstechnica is owned by Cond? Nast Publications the same owner of Wired Magazine who?s reporter is suspected of blatant violation of journalistic ethics by setting up a trap to Wikileaks suspected Whistle blower US army intelligence Bradley Manning and handing him over to the FBI.

http://arabcrunch.com/2010/10/iran-bans-arstechnica.html

- Collapse -
Two Google Apps Help Blind Navigate

Google released two Android applications designed to help the blind with walking directions that pair Google Maps with GPS navigation technology. The applications, WalkyTalky and Intersection Explorer, both use spoken walking directions from Google Maps giving the blind (or visually-impaired) the opportunity to explore the layout of streets before navigating them in the physical world.

WalkyTalky is an audible directions app, while Intersection Explorer features touch exploration. Even if you're not blind, these new apps will appeal to map nerds who like to virtually wander.

http://www.pcworld.com/article/207500/two_google_apps_help_blind_navigate.html?tk=hp_new

- Collapse -
New fake codec scam impersonates Firefox VLC video plug in

New fake codec scam masquerading as a VLC video player plugin error message. In reality, clicking on the ?install? button will result in a download of the Security Essentials rogue security product.

In the event you stumble across it and just must watch 10,000 adult movies (or whatever), go to the real VideoLAN plug-in download site here: http://www.videolan.org/

If you are ?unwise? enough to fall for the scam, you?ll get this: the Security Essentials rogue (GFI Sunbelt Rogue Blog here: http://rogueantispyware.blogspot.com/2010/02/security-essentials-2010.html)

http://sunbeltblog.blogspot.com/2010/10/new-fake-codec-scam-impersonates.html

- Collapse -
Malware abusing digital signatures: VB2010 presentation
..highliglhts'

I recently presented my paper Want My Autograph? The use and abuse of digital signatures by malware at Virus Bulletin 2010. I will refrain from delving into the gory details of digital signatures heuristics that strongly indicate malware - those interested can refer to the paper for that information. I will however highlight one of the key takeaways from my presentation, particularly how current digital signature handling falls short in helping prevent the spread of malware.

The problem starts when the bad guys get their hands on the private key corresponding to a certificate issued by a trusted Certificate Authority (CA), which can be accomplished by providing a phony business registration to the CA or by stealing the private key from an otherwise legitimate organization. Once equipped with a private key, the malware author can add a trusted digital signature to any malicious executable of their choosing. Making matters worse, even if the CA revokes the certificate for the abused private key, any digital signature made before the revocation date will remain valid - as long as the signature was created with the date and time when the signature occurred. Hence, a malicious digital signature cannot always be revoked retroactively and, unfortunately, this is the more common scenario (e.g. Stuxnet).

Continued @ the SophosLabs Blog
- Collapse -
Facebook is 'killing privacy for commercial gain'

"Crypto guru slates social networking"

Social network chief execs are deliberately killing privacy for commercial gain, according to security guru Bruce Schneier.

Schneier said: "Less privacy makes a better market for social networks. Facebook is the worst offender - not because it's evil but because its market is selling user data to its commercial partners."

Although people don't want to pay extra for privacy, individuals still value privacy, according to Schneier. "There's no [commercial] market for a Facebook privacy add-on but if Facebook added extra privacy controls people would want it," he explained.

"Don't fool yourself that use are the user of social networks - you are the product."

The encryption expert and author explained that user data is the product that social networks such as Facebook sell to their commercial partners. "The free to user market with services paid for by third party is a common business model on the internet."

"Service providers in this model will always act in interest of their customers, not users, and this can work against the interests of consumers."

http://www.theregister.co.uk/2010/10/12/schneier_rsa_keynote_facebook/

- Collapse -
AVG 2011 Bug Affects Browsing Experience, Could Also Hurt...
... Websites'

A serious bug in a component of the new AVG 2011 anti-malware products causes computers to flood websites with unnecessary HTTP requests and in many cases prevents users from properly using their browsers.

At this time the problem is not very well documented, but reports about it, dating back to the end of last month, can be found on various forums and discussion groups around the Web.

It appears that the bug is located in the LinkScanner component, which is found in the entire AVG 2011 product line, including the company's popular free antivirus.

LinkScanner has two features. One called Search-Shield, which places safety ratings next to search results and another one called Surf-Shield, which checks pages in real time.

"AVG Surf-Shield actively checks web pages in real-time every time you click a link or enter a web address directly into your browser," the company explains.

As it turns out, this is done by adding a script element to the very beginning of every HTML page rendered inside the browser. This element loads a local JavaScript file called avg_ls_dom.js.

<script src="/A2EB891D63C8/avg_ls_dom.js" type="text/javascript">

The use of a relative path used suggests that AVG positions itself between the browser and the website in order to intercept the request and serve the .js from a local source.

The script is injected in a non-standard way, right after the document definition and outside of the <head> element, where such resources are normally defined.

http://news.softpedia.com/news/AVG-2011-Bug-Affects-Browsing-Experience-Could-Also-Hurt-Websites-160515.shtml
- Collapse -
Incognito lets Safari users evade data mining

Safari users worried about their online privacy are getting some help from a Belgian company.

Orbicule, maker of theft-tracking software Undercover, announced on Tuesday that it is launching Incognito 1.0, a free extension for the Safari browser that frustrates data miners by blocking Google Analytics and Google AdSense on all third-party sites. Safari users will still see Google ads, and they will be exposed to tracking by those programs if they view and use Google-owned sites. But Google won't be able to collect information on Incognito users who see Google ads at, say, newspaper Websites or WordPress blogs.

Incognito users will also have the option to further conceal their online movements by blocking YouTube and Facebook content on third-party sites.

http://news.yahoo.com/s/macworld/20101012/tc_macworld/incognitoletssafariusersevadedatamining

- Collapse -
Ruskie gang hijacks Microsoft network to push penis pills

"Redmond abused as scammers' IP bitch"

For the past three weeks, internet addresses belonging to Microsoft have been used to route traffic to more than 1,000 fraudulent websites maintained by a notorious group of Russian criminals, publicly accessible internet data indicates.

The 1,025 unique websites - which include seizemed.com, yourrulers.com, and crashcoursecomputing.com - push Viagra, Human Growth Hormone, and other pharmaceuticals though the Canadian Health&Care Mall. They use one of two IP addresses belonging to Microsoft to host their official domain name system servers, search results from Microsoft's own servers show. The authoritative name servers have been hosted on the Microsoft addresses since at least September 22, according to Ronald F. Guilmette, a researcher who first uncovered the hijacking.

The Register independently verified his findings with other security experts who specialize in DNS and the take-down of criminal websites and botnets. By examining results used with an internet lookup tool known as Dig, short for the Domain Information Groper, they were able to determine that 131.107.202.197 and 131.107.202.198 - which are both registered to Microsoft - are housing dozens of DNS servers that help convert the pharmacy domain names into the numerical IP addresses that host the sites.

http://www.theregister.co.uk/2010/10/12/microsoft_ips_hijacked/

CNET Forums

Forum Info