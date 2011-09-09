Thread display:
GlobalSign Investigation Continues, Some Services to Return
by
Carol~
Moderator
/
September 9, 2011 2:08 AM PDT
GlobalSign Investigation Continues, Some CA Services to Return Monday
UPDATE: A day after suspending the issuance of SSL certificates while it investigates claims that its certificate authority infrastructure was compromised, GlobalSign said that the investigation is still ongoing but that it planned to begin bringing some of its services back online on Monday.
GlobalSign is one of four CAs that the attacker who compromised DigiNotar says he also has hacked in recent months. It's the only one he's identified by name, and GlobalSign officials said earlier this week that they were investigating the claim and quickly decided to stop issuing certificates as a precaution. The company has hired the same Dutch security firm, Fox-IT, that performed the post-attack audit of DigiNotar's systems. On Thursday, the company updated its statement about the investigation, saying it planned to begin some services again on Monday, but did not reveal much more detail about what's happening.
"We will start bringing services back online on Monday. We have already stated that we deem this to be an industry wide threat due to the mention of multiple CAs. We are adopting a high threat approach to bringing services back online and we are working with a number of organisations to audit the process of bringing the services back online. We apologise again for the delay.
Continued : http://threatpost.com/en_us/blogs/globalsign-investigation-continues-some-ca-services-return-monday-090811
Collapse -
"Do Not Track" standards for the Web: The work is starting.
by
Carol~
Moderator
/
September 9, 2011 2:09 AM PDT
From the W3C Blog:
Since we published the Web Tracking Protection member submission in February, and since the Workshop on Web tracking and User Privacy in late April, the conversation about Do Not Track has come a long way. Today, we have announced the creation of the Tracking Protection Working Group. The group meets 21-22 September and has an ambitious timeline of publishing standards by mid 2012.
The challenge before the group is clear: As an industry, we need to address privacy concerns and the regulators' challenges. Our task here is to deliver a set of standards that enables individuals to express their preferences and choices about online tracking, and enables transparency concerning online tracking activities for users and the public alike. Mechanisms that enable the enforcement of these preferences will be another important element of the work. At the same time, many business models on the Web as we know it rely heavily on advertising revenue.
By tracking users' behavior online, online publishers and advertisers are able to deliver more relevant, individually-tailored offers — more effective advertising. But advertisers' ability to track users across the Web, combined with a lack of transparency and user choice about these practices, has raised public concerns and caused regulators from both the European Union and the United States to call for industry to establish a Do Not Track standard on an expedited basis.
Earlier this year both Mozilla and Microsoft proposed technical solutions in this space. Together with guidelines and recommendations from organizations including the US Federal Trade Commission and Internet advertising associations, these proposals will provide the basis for the group's work.
Continued : http://www.w3.org/QA/2011/09/do_not_track_standards_for_the.html
Related: Mozilla Publishes Developer Guide on DNT; Releases DNT Adoption Numbers
Collapse -
Researchers' Typosquatting Stole 20 GB of E-Mail From
by
Carol~
Moderator
/
September 9, 2011 2:09 AM PDT
.. Fortune 500
[Screenshot]
Two researchers who set up doppelganger domains to mimic legitimate domains belonging to Fortune 500 companies say they managed to vacuum up 20 gigabytes of misaddressed e-mail over six months.
The intercepted correspondence included employee usernames and passwords, sensitive security information about the configuration of corporate network architecture that would be useful to hackers, affidavits and other documents related to litigation in which the companies were embroiled, and trade secrets, such as contracts for business transactions.
"Twenty gigs of data is a lot of data in six months of really doing nothing," said researcher Peter Kim from the Godai Group. "And nobody knows this is happening."
Doppelganger domains are ones that are spelled almost identically to legitimate domains, but differ slightly, such as a missing period separating a subdomain name from a primary domain name - as in the case of seibm.com as opposed to the real se.ibm.com domain that IBM uses for its division in Sweden.
Continued : http://www.wired.com/threatlevel/2011/09/doppelganger-domains/
Also: Typo-squatting domains can harvest corporate emails
Collapse -
SkyNET: DIY drone helicopter WiFi attacks for less than $600
by
Carol~
Moderator
/
September 9, 2011 2:09 AM PDT
If you saw a toy quadricopter flying outside your office would you be alarmed?
Researchers at the Stevens Institute of Technology, New Jersey, believe they have dreamt up a way for malicious hackers to break into WiFi networks and commandeer computers into a botnet - not via the internet, but using a DIY drone helicopter that costs less than $600.
With one mischievous eye towards the "Terminator" movies, Theodore Reed, Joseph Geis and Sven Dietrich have dubbed their creation "SkyNET" and say that for a few hundred dollars an off-the-shelf remote-controlled quadricopter can be turned into a stealth device which can seek out poorly protected WiFi networks, and then infect computers attached to them.
Because botmasters use the internet to deliver commands to their networks of compromised computers (which can in turn provide clues on if a botnet is active, and how to defend against it), the researchers were curious as to whether there were other ways to both create a botnet and send it instructions.
And thus, SkyNET was born.
Continued : http://nakedsecurity.sophos.com/2011/09/09/diy-drone-helicopter-wifi-attacks/
Collapse -
Adobe Says It Is Breaking Ties To Diginotar
by
Carol~
Moderator
/
September 9, 2011 4:15 AM PDT
Software giant Adobe said on Thursday that it was removing Diginotar's Qualified CA certificate from the Adobe Approved Trust List (AATL), according to a company blog post.
The move would effect Adobe Reader and Adobe Acrobats Versions 9 and X. It is just the latest move by major software vendors to break ties to the compromised, Dutch certificate authority, which was found to have unwittingly issued hundreds of fraudulent certificates in the names of prominent organizations in recent months.
In a post on the company's Product Security Incident Response Team (PSIRT) blog, Adobe said it hoped to have implemented the change by Friday. The company provided instructions for removing Diginotar certificates from the Approved Trust List manually. Those instructions are available on the PSIRT blog.
Software vendors including Microsoft, Google and The Mozilla Foundation moved to break trust with DigiNotar's compromised certificate authorities almost immediately after word of a fraudulent certificate for Google.com issued by DigiNotar broke on August 27th. Both companies have taken additional steps since then to expand the reach of their bans as more information about the extent of the breach has been made public. Specialty browser makers like The Tor Project have responded in a similar fashion.
Continued : http://threatpost.com/en_us/blogs/adobe-says-it-breaking-ties-diginotar-090811
See Stickie : Update on DigiNotar and the Adobe Approved Trust List (AATL)
Collapse -
Anonymous group releases new Twitter tool
by
Carol~
Moderator
/
September 9, 2011 4:15 AM PDT
The Anonymous group of online activists released a new tool today designed to allow people to hijack trending topics on Twitter and tweet messages within them.
Dubbed URGE (for Universal Rapid Gamma Emitter), the beta software is available for download for Windows computers and requires .Net Framework 4 to work.
"This is not a hacking tool nor is it an exploit tool," the group said in a statement. "It was created to make it easier for us to tweet faster without copying and pasting constantly."
Anonymous members say they are annoyed with all the redundant and "pop culture" topics featured on Twitter Trends and want to draw more attention to topics that "actually serve a cause."
"We have taken note of why Twitter would not do so, they only trend topics which would 'appeal' to people and can get people to tweet more," the statement says. "This was pathetic in our eyes, and we could not stand by and take it anymore."
URGE will allow people to spread the message of Anonymous--including "bashing corrupt politicians," among other causes--by riding the coattails of trending topics. "This will help raise awareness of problems going on in this world and show people that real problems exist outside of 'Jersey Shore' and 'Sex,'" according to the statement.
Continued : http://news.cnet.com/8301-27080_3-20103679-245/anonymous-group-releases-new-twitter-tool/
Also: Anonymous Releases Twitter Hijack Tool Called URGE
Collapse -
Patient Data Posted Online in Major Breach of Privacy
by
Carol~
Moderator
/
September 9, 2011 4:21 AM PDT
A medical privacy breach led to the public posting on a commercial Web site of data for 20,000 emergency room patients at Stanford Hospital in Palo Alto, Calif., including names and diagnosis codes, the hospital has confirmed. The information stayed online for nearly a year.
Since discovering the breach last month, the hospital has been investigating how a detailed spreadsheet made its way from one of its vendors, a billing contractor identified as Multi-Specialty Collection Services, to a Web site called Student of Fortune, which allows students to solicit paid assistance with their schoolwork.
Gary Migdol, a spokesman for Stanford Hospital and Clinics, said the spreadsheet first appeared on the site on Sept. 9, 2010, as an attachment to a question about how to convert the data into a bar graph.
Although medical security breaches are not uncommon, the Stanford breach was notable for the length of time that the data remained publicly available without detection.
Even as government regulators strengthen oversight by requiring public reporting of breaches and imposing heavy fines, experts on medical security said the Stanford breach spotlighted the persistent vulnerability posed by legions of outside contractors that gain access to private data.
Continued : http://www.nytimes.com/2011/09/09/us/09breach.html
Collapse -
Microsoft Office 365, Hotmail and SkyDrive go down
by
Carol~
Moderator
/
September 9, 2011 4:21 AM PDT
"Microsoft's Office 365, Hotmail and SkyDrive customers were left without email and other Windows Live services during an outage that lasted over three hours."
The downtime, which happened on Friday at about 4am in the UK — 8pm on Thursday Pacific time (PDT) — was due to a domain name service problem, according to Microsoft. A domain name service converts a domain name, such as ZDNet.co.uk, into an internet address such as 207.46.232.182, which is what browsers, email clients and so on use to access a service.
"Microsoft became aware of a domain name service issue causing service degradation for multiple services," the company said in a statement. "We began seeing service restoration at approximately 10.30pm PDT and achieved full service restoration at approximately 11.30pm PDT. We are conducting a review of the incident."
The outage affected customers using Office 365, Microsoft's cloud-based productivity suite, which is aimed at small to medium-sized businesses. It also affected access to Hotmail and to the SkyDrive online storage service.
People in the UK, Australia, the US, Japan and other places around the world complained in comments to the Windows Live blog that they could not use the software.
Continued : http://www.zdnet.co.uk/news/cloud/2011/09/09/microsoft-office-365-hotmail-and-skydrive-go-down-40093894/
Also: Microsoft Resolves Windows Live Hotmail and SkyDrive Outage
Collapse -
BIOS threat is showing up again!
by
Carol~
Moderator
/
September 9, 2011 4:21 AM PDT
From the Symantec Security Response Blog:
There are more and more known viruses that infect the MBR (Master Boot Record). Symantec Security Response has published a blog to demonstrate this trend last month. However, we seldom confront with one that infects the BIOS. One of them is the notorious CIH appeared in 1999, which infected the computer BIOS and thus harmed a huge number of computers at that time. Recently, we met a new threat named Trojan.Mebromi that can add malicious components into Award BIOS which allows the threat to take control of the system even before MBR.
The threat will drop a driver to %system%\drivers\bios.sys, then stop the beep service and replace %system%\beep.sys with the dropped one. After that it restarts beep service to load the dropped driver.
bios.sys is used to interact with BIOS such as get BIOS info, flash and backup BIOS. [Screenshot]
By using bios.sys, the threat will check whether the compromised computer is using Award BIOS. If so, it will save existing BIOS to c:\bios.bin and check whether it is already infected:
Continued : http://www.symantec.com/connect/blogs/bios-threat-showing-again
Collapse -
Nicole's baby kicking video is a Facebook scam
by
Carol~
Moderator
/
September 9, 2011 4:21 AM PDT
A video of baby kicking inside his mother's pregnant belly is the latest lure being used by Facebook scammers - and judging by the number of readers from Naked Security who have reported it to us, it's spreading like wildfire. [Screenshot]
AWESOME Video "Nicole's Baby Kicking - The Belly View - Unbelievable"
An amazing view of a baby kicking and moving his way out of the belly while at the beach.
There is, indeed, a real YouTube video of a heavily pregnant woman called Nicole, sunbathing on a beach. It was posted in May 2009 and has had over 3.5 million views so far.
The thing is, however, if you really want to watch the video: go to YouTube.
Don't click on the link being spread across Facebook. Because if you do, you are taken to a third-party website which insists you have to share the link with your Facebook friends before you can watch the video clip. [Screenshot]
Bizarrely, when I visited the page from my test Facebook account it was advertising the controversial Scientology organisation. One wonders if the scammers are earning revenue by driving traffic to the page.
Continued : http://nakedsecurity.sophos.com/2011/09/09/nicoles-baby-kicking-video-facebook-scam/
Collapse -
Early Patch Tuesday Today: Microsoft September 2011 Patches
by
Carol~
Moderator
/
September 9, 2011 5:37 AM PDT
From SANS ISC:
Published: 2011-09-09,
Last Updated: 2011-09-09 15:41:13 UTC
by Johannes Ullrich
Looks like Microsoft made the bulletins live that were supposed to be released this coming Tuesday. The bulletins are dated September 13th 2011. While the links below work as I type this diary, they may not work later today. Some of the related links may not have any information yet (like CVE). All bulletins appear to be live right now, and we will add them to the list below as we get to it.
This information may of course change as the final bulletins will be released on Tuesday. Some readers report that the bulletins are no longer available.
For Additional Details: http://isc.sans.edu/diary.html?storyid=11551
____________________
Microsoft Slip Up Spills September Bulletins Early
A rare mistake by Microsoft's security team resulted in the company's September software patches to be released to the public days early.
Microsoft said on Thursday that it would issue five bulletins in the September edition of Patch Tuesday, September 14. In an unexpected move, however, the company released the bulletins, days ahead of schedule.
Links to the bulletins, MS11-070 to MS11-074, were dated September 13. They were quickly taken down after Microsoft staff realized the error. But not before they were captured by alert parties.
The SANS Internet Storm Center was among a handful of Websites to publish details gleaned from the brief lapse, including links to the 16 vulnerabilities patched by the five updates and Microsoft Knowledgebase articles on the updates. Links to both the updates and the corresponding knowledgebase articles were removed shortly after the mistake was discovered.
Microsoft did not immediately respond to a request for comment from Threatpost. It is unclear how the lapse happened given the company's well established system for releasing security updates. In a blog post on Thursday, Pete Voss, the Senior Response Communications Manager for Microsoft's Trustworthy Computing Group said the firm was making a change to the URL pattern it uses on security bulletins in order to facilitate localization of the bulletins into various languages. Its unclear what role, if any, that change may have played.
The accidental early release of the bulletins is unlikely to impact Microsoft customers in the short term. However, malicious hackers commonly reverese engineer Microsoft patches to determine the location of exploitable vulnerabilities. They use that information to create new attacks that will work against unpatched systems. The early release of the bulletins gives exploit writers an early start on that process and could close the gap between patch and in-the-wild exploits targeting the patched vulnerabilities, security experts warn.
http://threatpost.com/en_us/blogs/microsoft-slip-spills-september-bulletins-early-090911
Collapse -
NBC News Twitter Account Was Just Hacked In Disgusting 9/11
by
Carol~
Moderator
/
September 9, 2011 9:27 AM PDT
.. Prank
Two days before the tenth anniversary of the attacks of September 11th, 2001, someone hacked into the official NBC News twitter account and fake posted messages that another attack was underway at Ground Zero.
The perpetrator(s), on Twitter at @S_kiddies, proclaimed they are affiliated with the Anonymous hacking network.
Within 15 minutes Twitter shut down both the hacker's account, and the NBC News account to prevent the false information from spreading.
NBC out a statement condemning the hackers and apologize to their readers.
"The NBC News twitter account was hacked late this afternoon and as a result, false reports of a plane attack on ground zero were sent to @NBCNews followers," the statement said. "We are working with Twitter to correct the situation and sincerely apologize for the scare that could have been caused by such a reckless and irresponsible act."
The incident is reminiscent of one earlier this year against the Fox News Politics which claimed President Obama had been shot. In that instance, the hackers changed the account's password, preventing Fox News staff from stopping the flow of disinformation.
Continued : http://www.businessinsider.com/nbc-news-twitter-account-hacked-in-disgusting-911-prank-2011-9
Also:
NBC Twitter account hacked, issued false reports
Hackers take over NBC News Twitter feed, post false alerts of Ground Zero attack
NBC News Twitter account hacked with fake news of 9/11 Ground Zero attack