Alert

NEWS - September 17, 2012

Google enables Do Not Track in Chrome

Google has implemented the Do Not Track (DNT) header in its Chrome web browser. The move comes after the company had agreed to the White House's Consumer Privacy Bill in February, promising to respect DNT headers set by visitors to its web site.

The Do Not Track mechanism, which was originally proposed by Mozilla, has garnered support from all major browser makers and a majority of the technology industry. DNT is designed to allow users to opt out of the behavioural tracking that many online advertising companies (Google being one of the biggest) use to identify users and serve them custom-tailored advertising. Firefox was one of the first browsers to implement DNT and Microsoft's Internet Explorer supports it as well.

Users who want to take advantage of the new DNT capabilities in Chrome will have to install the latest "bleeding edge" developer build in the form of the Chrome Canary branch. However, this version is not recommended for use in production environments. Users who are running a stable version of the browser will have to wait some months for the feature to arrive in the mainstream version.

http://www.h-online.com/security/news/item/Google-enables-Do-Not-Track-in-Chrome-1708643.html

Also:
Finally; Google Chrome will support Do Not Track
Chrome Gets 'Do Not Track'
Google adds Do Not Track support to Chrome
Discussion is locked
Follow
Reply to: NEWS - September 17, 2012
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - September 17, 2012
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
ID Theft Service Tied to Payday Loan Sites

A Web site that sells Social Security numbers, bank account information and other sensitive data on millions of Americans appears to be obtaining at least some of its records from a network of hacked or complicit payday loan sites.

Usearching.info boasts the "most updated database about USA," and offers the ability to purchase personal information on countless Americans, including SSN, mother's maiden name, date of birth, email address, and physical address, as well as and driver license data for approximately 75 million citizens in Florida, Idaho, Iowa, Minnesota, Mississippi, Ohio, Texas and Wisconsin. [Screenshot]

Users can search for an individual's information by name, city and state (for .3 credits per search), and from there it costs 2.7 credits per SSN or DOB record (between $1.61 to $2.24 per record, depending on the volume of credits purchased). This portion of the service is remarkably similar to an underground site I profiled last year which sold the same type of information, even offering a reseller plan.

What sets this service apart is the addition of more than 330,000 records (plus more being added each day) that appear to be connected to a satellite of Web sites that negotiate with a variety of lenders to offer payday loans.

Continued : http://krebsonsecurity.com/2012/09/id-theft-service-tied-to-payday-loan-sites/

- Collapse -
Public or Private? The Risks of Posting in Social Networks
[INFOGRAPHIC] Public or Private? The Risks of Posting in Social Networks

TrendLabs Malware Blog:

It appears that everyone is part of one social network or another. Facebook alone has reported to have 955 million monthly active users and 543 million monthly active mobile users. Engagement online has become a must, with social networking prompting users to share every detail of their existence, from their hometowns to their favorite quotes.

However, frequent use of these networks could skew our judgment when it comes to deciding what and what not to post online. A Trend Micro study found that 63% of users post their birthdays and another 61% post their schools. Meanwhile, 51% list down their family members and 48% share their hometowns. While these details seem harmless by themselves, users should know that these details often serve as answers for security questions to online accounts. Should cybercriminals read these details, they could be one step closer to hacking your accounts.

Posting too much information could lead to undesirable consequences such as identity theft. Trend Micro found that 1 in 3 people know someone who became victims of identity theft. In the same study, 13% admitted to being victims of identity theft as well. These numbers prove that users need to be vigilant about their online privacy. For more information about others risks of sharing information online, check out our latest infographic, "Public or Private? The Risks of Posting in Social Networks."

http://blog.trendmicro.com/infographic-public-or-private-the-risks-of-posting-in-social-networks/
- Collapse -
New in-the-wild malware linked to state-sponsored Flame..
.. targeting Iran

"Data suggests Flame was created by an advanced, nation-sponsored group with cash."

[Screenshot]
The client applications and related communications protocols supported by the Newsforyou control server used to coordinate Flame attacks. Kaspersky researchers found that at least one of the clients, SP, is still actively infecting computers.

The operators behind Flame, the highly advanced espionage malware that targeted Iran, began their campaign no later than 2006 and supported three other pieces of malicious software, one of which is still circulating on the Internet, researchers said.

The revelations are the result of a forensic investigation of control servers used to help execute the Flame operation. They show the state-sponsored campaign was even more far-reaching than previously believed. The servers were disguised as publishing platforms running a fictitious content management application called Newsforyou and were programmed to destroy hard-drive data to prevent the espionage from ever coming to light. They also used strong cryptography to prevent lower-level operators from controlling infected computers or viewing the contents of data that was extracted from them.

Continued : http://arstechnica.com/security/2012/09/new-malware-linked-to-state-sponsored-flame/

Also: Flame C&C Server Analysis Reveals New Malware in the Wild
- Collapse -
Java zero-day leads to Internet Explorer zero-day

"Following the trail of attackers exploiting vulnerabilities in Java led one security researcher to discover a new zero-day vulnerability in Internet Explorer."

While looking around a compromised server that was being used to exploit Java vulnerabilities, a security researcher stumbled upon another exploit that he claims affects fully patched versions of Microsoft Internet Explorer 7 and 8.

Eric Romang found four files on the server: an executable, a Flash Player movie and two HTML files called exploit.html and protect.html

When users visit the exploit.html page, it loads the Flash movie, which in turn loads the other HTML page, protect.html. Together, they help drop the executable on to the victim's computer. At this point, attackers have everything they need to drop whatever applications they like on the victim's machine, whether it is to join a botnet or conduct attacks. In this case, the dropper executable installs another program when the victim next logs in.

Romang discussed the zero-day with other security researchers, who also came to the same conclusion that this was a vulnerability in Internet Explorer.

Continued : http://www.zdnet.com/java-zero-day-leads-to-internet-explorer-zero-day-7000004330/

See Vulnerabilities & Fixes : Microsoft Internet Explorer Unspecified Code Execution Vulnerability

- Collapse -
Freebie virus scan biz punts belt-and-braces security for..
.. suits

Malwarebytes, the anti-virus firm best known for its freebie scanner software, branched out into the enterprise with the launch of corporate products on Monday.

Malwarebytes Enterprise Edition (MEE) is designed to catch malware that other anti-virus programs sometimes miss, including some strains of blended attacks (for example, malware with characteristics not only of viruses but also of Trojans or worms) and "polymorphic" threats - which are capable of morphing their own code to evade detection. The technology runs in batch mode and is designed to avoid conflicts with any regular anti-malware software already loaded on the same corporate desktop.

Malwarebytes achieves this by testing against all major anti-virus vendors as well as database whitelisting. The tech is designed to work in tandem with other security kit rather than as a replacement to existing anti-virus software.

"Modern malware is able to bypass many of the antivirus technologies currently deployed in today's enterprise, posing a serious risk to corporate data," said Malwarebytes chief exec Marcin Kleczynski. "MEE's heuristic and behavior-based analysis engine adds a powerful second layer of defence to today's corporate systems that more effectively safeguards sensitive corporate assets from the organised crime rings behind much of today's malware."

Continued : http://www.theregister.co.uk/2012/09/17/malwarebytes_enterprise_launch/
- Collapse -
Online daters targeted by blackmailing scammers

There are all kinds of online scammers.

Most of them try to trick users into parting with their hard-earned money on their own accord, but there are also those that prefer a more forceful approach - as the incessant ransomware campaigns, fake law enforcement threats for supposed piracy infringements, and the occasional news of hackers breaking into company systems and demanding money for the return of stolen information have demonstrated.

Individuals are targeted as often as companies, and the latest scheme once again targets a specific subset of users.

According to the BBC, the scheme starts with a woman initiating contact with men on dating sites or social networks. After chatting with her a bit and seeing how she looks like via webcam, the men get a proposition that few refuse: she will strip for them and they will reciprocate.

They are then presented with a pre-taped video of her getting her clothes off, and more often then not they end up keeping their part of the bargain.

And this is when their troubles begin.

Continued : http://www.net-security.org/secworld.php?id=13606

- Collapse -
Sun Charger, the Latest Android.Sumzand Variant, Continues..
Sun Charger, the Latest Android.Sumzand Variant, Continues the Massive Spam Campaign

Symantec Security Response Blog:

Android.Sumzand, currently one of the most active malware programs in Japan, has recently transformed itself into the "Sun Charger" app. Advertised through spam, this series of variants pretending to be apps that allow mobile devices to be charged by holding the display towards the sun has been quite successful in stealing contact details from a large number of users. As the scammers collect large volumes of data stored on the device, they send more spam advertising the fake apps to the email addresses that they have acquired. The number of recipients of the spam is increasing exponentially as each day passes by.

Because this particular spam campaign has become so huge, it is a heavily discussed topic on Internet forums and social-networking sites. Some users question if anyone would even fall for the trick, whilst others who have never received spam in the past are confused why they are suddenly receiving spam. A small portion of users criticize the app because it did not work as advertised; however, as far as the scammer is concerned, the app performed its job perfectly, i.e. it has managed to steal personal data in the background.

To combat its notoriety, the scammers are regularly changing the apps in an attempt to keep a low profile. "Sun Charger" is the fourth variant that we have seen since we confirmed its existence in early August. But the scammers have been lazy at making the changes; either that or they are just too busy and lack the time and resources to make a major facelift. It is also possible that they were not aware of the sheer scale of the operation when they commenced their venture.

Continued : http://www.symantec.com/connect/blogs/sun-charger-latest-androidsumzand-variant-continues-massive-spam-campaign
- Collapse -
Fake LinkedIn emails pointing to online pharmacy websites

The Avira TechBlog:

We have written many times already about fake LinkedIn emails which lead most of the time to online pharmacy websites and possibly to also infected websites.

The latest spams, similar to those we already wrote about, are pretending to come from LinkedIn Reminders and have a subject like "There are a total of <X> messages awaiting your response". [Screenshot]

Without exception, the emails we've seen so far are pointing to compromised websites which host a redirect to a another website hosting an online pharmacy website.

<html>
<head>
<script type="text/javascript">window.location="http://<online pharmacy website>";
</script>
</head>
<body>
<a href="http://<online-pharmacy-website>">Click</a>
</body>
</html>

The emails come in a very large number, and so far, we have seen them mostly on "real" accounts and less in spamtraps.

Continued : http://techblog.avira.com/2012/09/17/fake-linkedin-emails-pointing-to-online-pharmacy-websites/en/

CNET Forums