Spyware, Viruses, & Security forum


NEWS - October 12, 2011

by Carol~ Moderator / October 12, 2011 5:05 AM PDT
Sony suffers another security scare - 93,000 user accounts broken into

Hackers successfully broke into 93,000 accounts at Sony over the last few days, once again impacting users of the Sony Entertainment Network, PlayStation Network (PSN) and Sony Online Entertainment services.

According to a blog post by Philip Reitinger, Sony's Chief Information Security Officer, credit card details were not compromised.
[Screesnhot: Sony Blog Entry]

As a precautionary step, Sony has frozen the compromised accounts and will email impacted users asking them to confirm their identity and reset their passwords.

Some compromised accounts "showed additional activity prior to being locked," but the only hint from Sony as to what that activity might entail is that the company says it will "work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet."

What's interesting is that it appears that the hackers gained access to the Sony accounts by working through a large database of stolen usernames and passwords - believed to have been sourced from somewhere else. That suggests that the accounts which were broken into were using a non-unique password.

Continued : http://nakedsecurity.sophos.com/2011/10/12/sony-security-scare-hack/


Gloom and doom: BlackBerry outage hits U.S.; Sony network attacked again
New large-scale attack on Sony's online services
Discussion is locked
You are posting a reply to: NEWS - October 12, 2011
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - October 12, 2011
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
BlackBerry Outage Persists in U.S.; Customers Rely on ..
by Carol~ Moderator / October 12, 2011 5:52 AM PDT
.. Work-Arounds

Research In Motion Ltd. attempted to restore BlackBerry service around the world Wednesday as email and instant-messaging disruptions spread across Asia and North America, frustrating customers and carriers who clamored for an explanation from the smartphone maker.

RIM blamed the outages, affecting customers on at least five continents, on an internal technical glitch—a failed switch and an inoperable backup. But even as the company promised customers a day earlier that it had fixed that problem—and expected customer service to quickly return—disruptions spread Wednesday.

The Waterloo, Ontario, company said it expected some data delays after its fix, as it worked to send out a backlog of data to users. But on Wednesday, trouble spread to previously unaffected markets, including Japan and Singapore, and plagued subscribers across North America.

It was unclear if the data backlog triggered these outages, or if new problems cropped up.

Continued : http://online.wsj.com/article/SB10001424052970203914304576626451110144140.html?mod=WSJ_Tech_LEADTop

Related: BlackBerry data services suffer massive outage

BlackBerry outages spread to North America
RIM's BlackBerry outages come at worst possible time
RIM BlackBerry Outages Day 3: U.S. Hit
Collapse -
Anti-virus software fails to deal with government trojan
by Carol~ Moderator / October 12, 2011 6:46 AM PDT

Since last Monday at the latest, all virus scanners will issue an alert when an attempt is made to load the trojan that was exposed by the Chaos Computer Club (CCC) onto a computer. However, to think that one is therefore protected from the government-procured spyware would be a serious mistake. Anti-virus software hardly stands a chance against such malware; some of the alerts have even turned out to be proper dummies.

Even as late as Saturday morning, not a single AV program recognised the files as a threat. Now, most programs issue an alert along the lines of "backdoor.R2D2" when they encounter one of the files that were released by the CCC. This is intended as a measure to boost users' confidence.

However, a test conducted by The H's associates at heise Security on Monday found that programs such as Ikarus, Panda, Trend Micro and McAfee stopped issuing alerts as soon as even a minimal change was made to the file. The testers simply replaced the capital O in the "DOS" string with a small o. While McAfee identified the mfc42ul.dll file as Artemis!930712416770 before the modification was made, it remained silent afterwards.

Continued : http://www.h-online.com/security/news/item/Anti-virus-software-fails-to-deal-with-government-trojan-1360015.html

CCC cracks government trojan
German 'Government' R2D2 Trojan FAQ

German States Admit Using the Federal Trojan
German states say "federal trojan" used within legal boundaries

Collapse -
RSA: "We were hacked by a nation state"
by Carol~ Moderator / October 12, 2011 6:46 AM PDT

The two top executives at RSA, Art Coviello (chairman) and Tom Heiser (president), have both used their opening keynotes at the RSA Conference in London to provide details concerning the attacks in March. Coviello said that his company is confident that a nation state was behind the attacks because of the skill, sophistication and resources that were involved. However, he added that the available evidence is insufficient to attribute the attacks to a particular state. The executive explained that the attacks were carried out by two individual groups, adding that both groups were already known to the investigating authorities, but that it wasn't previously known that they co-operated with each other.

According to Coviello, it has become clear that RSA wasn't the actual attack target. Instead, the attackers probably wanted to use the stolen information for further attacks on other companies. The executive continued to insist that the stolen RSA data has not lead to any successful attacks. The attack on Lockheed-Martin was thought to be a consequence of the RSA hack, but it was averted in time. The RSA executives said that the nature of the data that was stolen from RSA can't be revealed because investigations are still in progress. The only statement Coviello repeated was that only partial SecurID information left his company. Nevertheless, RSA replaced around 40 million customer tokens in June.

Continued : http://www.h-online.com/security/news/item/RSA-We-were-hacked-by-a-nation-state-1359582.html

Security firm RSA blames nation state for attack on its servers
RSA chief says two groups for SecurID breach
Two state-sponsored groups responsible for RSA breach

Collapse -
Hundreds of websites share usernames sans permission
by Carol~ Moderator / October 12, 2011 6:47 AM PDT

Home Depot, The Wall Street Journal, Photobucket, and hundreds of other websites share visitor's names, usernames, or other personal information with advertisers or other third parties, often without disclosing the practice in privacy policies, academic researchers said.

Sixty-one percent of websites tested by researchers from Stanford Law School's Center for Internet and Society leaked the personal information, sometimes to dozens of third-party partners. Home Depot, for example, disclosed the first names and email addresses of visitors who clicked on an ad to 13 companies. The Wall Street Journal divulged to seven of its partners the email address of users who enter the wrong password. And Photobucket handed over the usernames of those who use the site to share images with their friends.

The report comes as US officials have proposed a mandatory Do Not Track option for all websites. Some operators have argued such measures are unnecessary because their systems for tracking visitors' browsing histories aren't linked to a user's specific identity.

Continued : http://www.theregister.co.uk/2011/10/11/websites_share_usernames/

Also: Advertisers Get Our Personal Information from Trusted Websites

Collapse -
New Attacks on CAPTCHAs
by Carol~ Moderator / October 12, 2011 6:47 AM PDT

From Bruce Schneier @ his "Schneier on Security" blog:

Nice research (pdf):

Abstract: We report a novel attack on two CAPTCHAs that have been widely deployed on the Internet, one being Google's home design and the other acquired by Google (i.e. reCAPTCHA). With a minor change, our attack program also works well on the latest ReCAPTCHA version, which uses a new defence mechanism that was unknown to us when we designed our attack. This suggests that our attack works in a fundamental level. Our attack appears to be applicable to a whole family of text CAPTCHAs that build on top of the popular segmentation-resistant mechanism of "crowding character together" for security. Next, we propose a novel framework that guides the application of our well-tested security engineering methodology for evaluating CAPTCHA robustness, and we propose a new general principle for CAPTCHA design.


Collapse -
Celebrity email hacker suspect arrested by FBI
by Carol~ Moderator / October 12, 2011 7:35 AM PDT

Nubile female film stars will be breathing a sigh of relief today at the news that the FBI has arrested a man suspected of hacking into celebrity's phones and emails accounts and stealing their invariably nude photos.

35-year-old Christopher Chaney, was arrested in Jacksonville, Florida according to an FBI statement. If found guilty of all 26 indictments, including accessing computer systems without authorisation, wire tapping and identity theft, Chaney could face a maximum of 121 years in prison.

Police believe that Chaney scoured the internet for information about his victims, which then helped him gain control of their email accounts. To me that sounds like a re-run of the same password reset trick which broke into Sarah Palin's and Paris Hilton's online accounts a few years back.

If you're a hacker who has gained access to your email account, it can be simple to automatically forward every message received by your victim to another email address under your control.

Continued : http://nakedsecurity.sophos.com/2011/10/12/celebrity-email-hacker-suspect-arrested-by-fbi/

Collapse -
Will Your Next TV Manual Ask You to Run a Scan Instead of ..
by Carol~ Moderator / October 12, 2011 7:35 AM PDT
Will Your Next TV Manual Ask You to Run a Scan Instead of Adjusting the Antenna?

From the Symantec Security Response Blog:

October 2011 marks the eighth annual "National Cyber Security Awareness Month" to be held in the United States. One highly visible concern that makes this year different from previous years is the triple-digit growth rates that are being reported across the board by every antivirus vendor when it comes to threats discovered that target mobile devices. Although the main points made in these reports remain largely the same, it is clear that mobile malware has not only come of age, but that the growth rate has been unprecedented. An underlying message comes across loud and clear: indisputably, everyone agrees that criminals targeting mobile devices have become a force that is here to stay, becoming as ubiquitous as the devices/platforms themselves.

But just when you think you have seen it all, along comes another twist, demonstrating that there is no shortage of ideas when it comes to social engineering. Because of the so called "Hardware Fragmentation" issue surrounding the Android Platform, a popular online streaming video service in the U.S. had initially pushed an Android client app in a limited release to certain devices that provided the best user experience. Owing to the popularity of the service, it wasn't long after the initial release that multiple unsanctioned developer projects sprung up attempting to port a pirated copy of the app to run on devices that were not officially supported. [Screenshot]

The official app, which was initially released in the early part of the year, was only recently published to the Android Market with support for multiple devices. A gap in availability, combined with the large interest of users attempting to get the popular service running on their Android device, created the perfect cover for Android.Fakeneflic to exploit.

Continued : http://www.symantec.com/connect/blogs/will-your-next-tv-manual-ask-you-run-scan-instead-adjusting-antenna
Collapse -
Shady Reshipping Centers Exposed, Part I
by Carol~ Moderator / October 12, 2011 7:36 AM PDT

Last week, authorities in New York indicted more than 100 people suspected of being part of a crime ring that used forged credit cards to buy and resell an estimated $13 million worth of Apple products and other electronics overseas. In this post, I offer readers a behind-the-scenes look at a somewhat smaller but similar organized crime operation that uses stolen credit card numbers to purchase and launder high-end electronics.

One of the simplest ways to extract cash from stolen credit card accounts is to buy pricey consumer goods online and resell them on the black market. Most online retailers grew wise to these scams years ago and stopped shipping to regions of the world most frequently associated with credit card fraud, including Eastern Europe, North Africa, and Russia. But these restrictions have created a burgeoning underground market for reshipping scams, which rely on willing or unwitting residents in the United States and Europe to receive and relay high-dollar stolen goods to crooks living in the embargoed areas.

There are dozens of businesses in the criminal underground engaged in merchandise laundering, known as "Drops for stuff" on cybercrime forums. The "drops" are people who have responded to work-at-home package reshipping jobs advertised on craigslist.com and job search sites. Most reshipping scams promise employees a monthly salary and cash bonuses. But the crooks almost always sever communications with drops just before the first payday, usually about a month after the drop ships their first package.

Continued : http://krebsonsecurity.com/2011/10/shady-reshipping-centers-exposed-part-i/#more-11158

Related: Biggest Identity Theft Bust Ever Nets 111 In New York

Collapse -
What's In A Name?
by Carol~ Moderator / October 12, 2011 8:31 AM PDT


Published: 2011-10-10,
Last Updated: 2011-10-12 14:53:56 UTC
by Tom Liston (Version: 1)

A rose is a rose is a rose

What if I could hack your organization and abuse your company's reputation - and what if I could do it without your firewall, IDS, IPS, or your host-based badware detection making a peep?

What if I could use your organization's good name to sell ED drugs, questionable Facebook "apps," shady online "personal ads," or to distribute porn that would make a sailor blush?

What if I did all of that, and you didn't know? What if the hack itself took place on a machine you didn't directly control and only accessed rarely? And what if the hack was so subtle, so obscure, and so difficult to find that once I had it in place, it might be years before you ever stumbled across it - if you ever stumbled across it?

This nightmare scenario is, unfortunately, reality for at least 50 organizations - ones that I've been able to uncover - and I'm certain that there are many, many more. Each of these organizations has been a victim of a malicious alteration of their domain information - an alteration that added new machine names to their existing information, and allowed bottom-feeding scam artists to abuse their good reputation to boost the search-engine profile of their drug, app, "personal ad," or porn sites.

Take a look at the following table:

Continued : http://isc.sans.org/diary.html?storyid=11770

Collapse -
Study: 8 of 10 MySpace Users "Just Don't Feel Safe"
by Carol~ Moderator / October 12, 2011 8:31 AM PDT

Nine out of 10 people have been attacked via a social network and one in four has received a virus or malware, according to a new study (.PDF) and infographic released this morning by web security firm Barracuda Networks.

The study, conducted over the course of two weeks in September and October this year, highlights the widespread usage of social networking sites and the problems users have encountered with privacy and security.

Eighty four percent of respondents felt the most unsafe on Myspace, beating out sites like Facebook and Twitter, where 40 percent and 28 percent of users, respectively, felt unsafe. Out of those surveyed, users felt the safest on LinkedIn, with only 14 percent of respondents saying they felt unsafe on the business-related social networking site. LinkedIn was also deemed the "most business friendly," by Barracuda after only 20 percent of respondents claimed the site was blocked by their workplace.

Check out the infographic below: [Infographic]


Also: Social network users notice growing security risks

Collapse -
Zeus Trojan update adds P2P takedown resistance
by Carol~ Moderator / October 12, 2011 8:31 AM PDT

The Zeus financial malware has been updated with P2P (peer-to-peer) functionality that makes it much more resilient to takedown efforts and gives its controllers flexibility in how they run their fraud operations.

The new version of the infamous banking Trojan was discovered and analysed by Swiss security expert Roman Hussy, the creator of the abuse.ch Zeus and SpyEye tracking services.

One year ago security researchers from antivirus vendor Trend Micro managed to link a file infector dubbed LICAT to Zeus, concluding that it serves as a delivery platform for the Trojan and is designed to prolong its infections.

LICAT uses a special algorithm to generate random domain names for updating purposes in a similar manner to the Conficker worm. Its creators know in advance what domains the malware will check on a certain date and can register them if they need to distribute a new version.

Continued : http://news.techworld.com/security/3310402/zeus-trojan-update-adds-p2p-takedown-resistance/

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?