NEWS - September 27, 2012

Analysis Shows Some URL Shorteners Often Point to Untrusted Websites

In an analysis of 1.7 billion shortened URLs, researchers at Web of Trust found that 8.7 percent of TinyURLs and five percent of Bit. ly URLs lead to sites that received poor ratings for 'trustworthiness' and 'child protection.'

"Certainly the URL shortening services don't intend to point people to malicious websites," said Web of trust CEO, Markus Suomi, "but perhaps they can do more to proactively protect their services from being exploited."

Suomi explains that the companies responsible for URL shortening services should be able to limit their malicious use by automatically screening for compromise websites and warning users if the sites they are attempting to access are suspicious.

In addition to these findings, Web of Trust measured the overall trustworthiness of various top level domains. They determined that 2.5 percent of sites within the .com TLD are rated poorly in terms of trustworthiness and 3.6 percent were rated poorly on child protection. In the .info TLD, 10.7 percent of sites were rated poorly, 9.6 percent received poor ratings in the .net TLD, and 9.5 percent of .biz domains were poorly rated.

Continued :

Also: Analysis of nearly 1.7 billion shortened URL links
Discussion is locked
Reply to: NEWS - September 27, 2012
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - September 27, 2012
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
Building Android Malware Is Trivial with Available Tools

"While the world of malware creation may be mysterious to many, malicious apps that infect mobile devices are plentiful and easy to create."

Because of readily available tools that enable even a novice developer to create mobile applications that fall on the dark side of the fence, users should be cautious when downloading and installing mobile apps, especially from non-official App Stores.

Developing Android malware to harvest information is a "trivial" task and possible using readily available tools, Kevin McNamee, security architect and director at Kindsight Security Labs, told SecurityWeek. McNAmee demonstrated how to inject snippets of code into a legitimate Android application that infected a mobile device with malware. The malware, when executed, connected with a remote command-and-control center and transmitted data from the device.

McNamee downloaded a copy of the Android packager file APK for the popular game Angry Birds and infected it with DroidWhisper, a malicious Java program designed to collect and send phone data to a remote server and execute various commands. Along with the host APK file, all he needed were the regular tools available to any developer on the Android developer site. Criminals not interested in developing their own attack programs can easily obtain actual attack programs online. With the modified game in hand, all that remained was how to distribute it, McNamee said.

Continued :

- Collapse -
Leading US banks targeted in DDoS attacks

Attacks against the websites of leading banks in the United States have the banking and financial services industry on edge.

The Financial Services ISAC (Information Sharing and Analysis Center) set its Threat Level to "High" on Wednesday, September 19, indicating a high risk of cyber attacks.

That proved prophetic, as websites for banks including Bank of America, JP Morgan Chase and Wells Fargo suffered outages in recent days that some are attributing to politically motivated hacktivist groups.

A string of statements posted online in the last week has claimed responsibility for the attacks in the name of a Muslim hacking group calling itself Izz ad-Din al Qassam Cyber Fighters.

The group has claimed responsibility for attacks on the New York Stock Exchange, Bank of America and Chase last week. This week brought attacks against Wells Fargo, US Bank and PNC.

Wells Fargo used its Twitter account to apologize for service interruptions on Wednesday and said it was working to "quickly resolve this issue." Most of the targeted banks were back online and operational Thursday.

The events prompted U.S. Senator Joe Lieberman (I-CT) to use an interview on C-SPAN to point the finger of blame at the Iranian government and its elite Quds Force.

Continued :

Also: 'Historic' DDoS Attacks Against Major U.S. Banks Continue

Related: Bank group warns of heightened risk of cyber attacks

- Collapse -
Cisco Patches Numerous Bugs in IOS, UCM

Cisco has released nine security advisories for various products, including eight for its ubiquitous IOS operating system. Many of the vulnerabilities fixed in the patch release are denial-of-service flaws and none of them can give an attacker the ability to run code remotely on affected machines.

The one bulletin that doesn't relate to IOS is for a vulnerability in the Cisco Unified Communications Manager. That flaw is a DoS bug in the SIP (session initiation protocol) implementation in UCM. SIP is used in a variety of products to help set up voice and video calls on IP networks.

"A vulnerability exists in the SIP implementation in Cisco Unified Communications Manager that could allow a remote attacker to cause a critical service to fail, which could interrupt voice services. This vulnerability is triggered when an affected device processes a crafted SIP message that contains a valid Session Description Protocol (SDP) message. Only traffic destined to the device can trigger the vulnerability; transit SIP traffic is not an exploit vector," Cisco said in its advisory.

Continued :

See Vulnerabilities / Fixes - September 27, 2012

- Collapse -
Adobe Revoking Code Signing Certificate Used To Sign Malware

Adobe will be revoking a code signing certificate next week after discovering two pieces of malware that had been digitally signed with Adobe's credentials.

The malicious utilities, pwdump7 v7.1 and myGeeksmail.dll, both came from the same source and were signed with valid Adobe digital certificates, Brad Arkin, senior director of security for Adobe products and services, wrote on the Adobe Secure Software Engineering Team blog on Thursday. The company traced the certificates to a compromised build server, at which point the certification signing infrastructure was decommissioned, Arkin wrote.

Adobe plans to revoke the impacted certificate on Oct. 4 for all software code signed after July 10. An interim service will resign affected products.

After initial investigation, the company identified a compromised build server which had been used to access the code signing infrastructure, Arkin wrote. The build server did not have rights to any public key infrastructure functions other than the ability to issue requests to the signing service and did not have access to any Adobe products such as Flash Player, Adobe Reader, Shockwave Player, or Adobe AIR, Arkin said.

So far, Adobe has not seen any evidence of compromise related to any other sensitive information such as Adobe source code or customer, financial or employee data.

The revocation would only affect Adobe software signed with the affected certificate that runs on Windows, as well as three Adobe AIR applications (Adobe Muse, Adobe Story AIR, and desktop services) that run on both Windows and Mac OS X, Arkin said.

Continued :

Also: Valid Adobe Certificate Used to Sign Malicious Utilities Common in Targeted Attacks

See: Security Advisory: Adobe to Revoke Code Signing Certificate

From Adobe:
Adobe to Revoke Code Signing Certificate
Security Advisory: Upcoming Revocation of Adobe code signing certificate (APSA 12-01)

- Collapse -
Symantec source code leak becomes torrent

Hacktivists once again poked fun at Symantec after previously leaked source code for Symantec's Norton Utilities 2006 software was made available as a torrent on Monday. Symantec downplayed the significance of the leak, saying it only involved obsolete code that had already been exposed.

AntiSec tacked a mocking note onto the release of a 52MB file, which was uploaded to The Pirate Bay and other torrent tracker sites on Monday. "Anyhow with this release is nothing really to prove, just stop making shitty software in the name of god! Your [sic] are only killing our CPU's! [sic]"

"Respect & greetings to @AnonymousIRC @Par_AnoIA."

Back in January, a hacking group calling itself The Lords Of Dharmaraja boasted about stealing the source code for Symantec's security products from Indian government systems.

The security giant initially blamed the leak of source code for older enterprise products on a breach at the network of an unnamed third party, before later admitting that the source code of pcAnywhere and consumer products had also been exposed. It also confessed that the leak was actually down to an earlier (previously undetected) breach of its own systems back in 2006.

Continued :

- Collapse -
Fake Visa/Mastercard "Security incident" notifications...
.. doing rounds

Bogus emails purportedly sent by the Visa/Mastercard "Identity Theft Department" are targeting the cards' users by trying to convince them that a "security incident" has put their online banking and credit card credentials at risk.

"Dear valued customers," says the email, "During the past few days, we had been warned and notified regarding some problems in relation to our internet websites safety and security by Cryptico (a security consortium), the main ideas behind this e-mail is to inform you about a security incident. Unfortunately, your online banking and credit card credentials are now at risk! Please visit the following link to activate your credit card informations: (MALICIOUS LINK)"

Unfortunately for those users who click on it, the destination page is a phishing page.

"Although the fake form is not hosted on a secure (https) site as all genuine online financial transactions would be, the scammers have made an attempt to make the process seem more authentic by providing a typical image based security code field," Hoax-Slayer points out.

Continued :
- Collapse -
Passwords re-used by six out of ten consumers

"Password re-use still endemic, survey finds"

Passwords remain a brittle security blanket when wielded by many consumers, a new survey has found. Despite routine web breaches, six out of ten continue to re-use the same few passwords over and over.

The survey results from US fraud-detection vendor CSID shouldn't be surprising. As well as risky password re-use which makes multiple sites vulnerable from a single breach, 54 percent of respondents had only 5 passwords or fewer while 44 percent changed these once a year or less.

No surprise to report that the most reckless use of passwords was among users under 24 years old.

The small number of passwords seems to be driven in part by the fact most users access fewer than half dozen sites, although memorisation issues are a concern for more than half which underlines that few bother to use secure password vaults to ease this hassle.

Most passwords are between 8 and 10 characters, although in fairness not all sites allow passwords of a longer or even unlimited length. Complexity wasn't examined.

Continued :

CNET Forums