Spyware, Viruses, & Security forum

General discussion

NEWS - September 28, 2009

by Donna Buenaventura / September 27, 2009 6:47 PM PDT
Adobe, McAfee to combine DRM and data-loss prevention
Upcoming product aims to help companies better manage and protect important data

Adobe Systems and McAfee will jointly develop a product that combines digital rights management capabilities with technology designed to prevent data from leaking outside corporate networks, the companies said Monday.

The partnership combines Adobe's expertise in digital rights management with McAfee's data-loss prevention technology in a bid to give customers the ability to restrict access to documents based on how the documents are classified. That can help companies better protect information such as intellectual property and regulatory compliance data, the companies said in a statement.

McAfee and Adobe did not provide details of the new product, but plan to disclose more at McAfee's Focus 09 security conference , which will be held in Las Vegas next month.

Discussion is locked
You are posting a reply to: NEWS - September 28, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - September 28, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Cyber Security Awareness Month
by Donna Buenaventura / September 27, 2009 6:49 PM PDT

From SAN's Handler's Diary:

October is Cyber Security Awareness Month, and as we have done the past two years we plan to use our handler diaries throughout the month to conduct a deep dive into various security issues. In 2007 we covered a large range of subjects based on what our readers submitted as ideas. In 2008 we took a closer look at the six steps of incident handling. This year we are going to examine 31 different ports/services/protocols/applications and discuss some of the major security issues plus pass along reader comments on tips and tricks for securing it.

We're still working on our list but here are some examples of what we will be discussing on different days in October:

- telnet (port 23)
- SMB over tcp (port 445)
- ssh (port 22)
- Microsoft Terminal Services (port 3389)
- dns (port 53)

Read more in http://isc.sans.org/diary.html?storyid=7198

Collapse -
Australian Education Department Seeks To Build...
by Donna Buenaventura / September 27, 2009 6:52 PM PDT
'Unhackable' Netbook Network

ITNews, an Australian business publication, is reporting that the Department of Education of the state of New South Wales is using a variety of management software and techniques 'to roll out 240,000 netbook computers into what CIO Stephen Wilson calls "the most hostile environment you can roll computers into" - the local high school.' Students are offered a netbook in 9th grade through 12th and can keep them if they graduate.

The reason for the Department's optimism is Windows 7 and a highly-managed network using Microsoft's System Centre (that's Anglo for "Center") Configuration Manager, Remedy suite for asset management, Active Directory for authentication, and Aruba's Airwave for wireless network management. Tracking software is embedded at the BIOS level and each unit is password-protected. Embedded RFID tags will make the units individually identifiable even if they are completely non-functional.

More on the above in http://blogs.pcmag.com/securitywatch/2009/09/australian_education_departmen.php
Collapse -
StarCraft 2 beta scammers on the loose
by Donna Buenaventura / September 27, 2009 6:57 PM PDT

Some phishing sites are reportedly taking advantage of having hordes upon hordes of wanna-be participants by offering fake StarCraft 2 beta keys or downloadable betas.

If you come across any such offer, these are all FAKE. What this does indeed is that if you activate said keys, your computer will be infected with keyloggers, trojans and the likes. These phishing sites are so determined, they've turned to using YouTube, MySpace, blogging networks, and websites that are dedicated specifically for StarCraft 2.


Collapse -
Reddit Attacked by XSS Exploit
by Carol~ Moderator / September 27, 2009 11:36 PM PDT

28 September 2009, 13:23

The Reddit social news aggregator was reportedly the subject of a cross site scripting attack where just hovering over a comment message could cause a logged in user to post rogue comments. The XSS attack appears to exploit a vulnerability which allows JavaScript code to be inserted into Reddit comments. According to a thread on Reddit, a user named Empirical created some JavaScript code which, if copied and pasted into the address bar, would reply to all the comments on a Reddit page, while another user named "xssfinder" created a proof of concept which could run JavaScript code by hovering over a comment. Xssfinder then decided to combine the two pieces of code and tested it in a sub-Reddit called "proofofhax". From there, the XSS exploit spread over Reddit.

Continued here: http://www.h-online.com/security/Reddit-Attacked-by-XSS-Exploit--/news/114337

Collapse -
Microsoft?s New Tool in the Fight Against Malware Free to
by Donna Buenaventura / September 28, 2009 1:02 PM PDT

Microsoft Security Essentials, Microsoft Corp.?s new no-cost, core anti-malware service that helps protect consumers against viruses, spyware and other malicious software, will be available tomorrow, Tuesday, Sept. 29. Microsoft Security Essentials, independently certified by West Coast Labs, is backed by the company?s global security response team and is built on the same award-winning core security technology found in the company?s security solutions for businesses. It requires no registration, trials or renewals and will be available for download directly from Microsoft at http://www.microsoft.com/security_essentials.

?Consumers have told us that they want the protection of real-time security software but we know that too many are either unwilling or unable to pay for it, and so end up unprotected,? said Amy Barzdukas, general manager for consumer security at Microsoft. ?With Microsoft Security Essentials, consumers can get high-quality protection that is easy to get and easy to use ? and it won?t get in their way.?

Read more on the above in http://www.microsoft.com/Presspass/press/2009/sep09/09-28SecurityEssentialsPR.mspx
Collapse -
Botnet Reported Loose in Fortune 100
by Donna Buenaventura / September 28, 2009 1:17 PM PDT

Last week Canadian security vendor Defence Intelligence reported that half the Fortune 100 companies have been compromised by a botnet they dubbed Mariposa. Discovered in May, Mariposa appears to have been built using the readily available butterfly bot kit. While the afflicted among the Fortune 100 haven't stepped forward to corroborate this claim, the threat is definitely real.

Mikko Hypponen, Chief Research Officer for the Finnish security firm F-Secure, says F-Secure has been tracking this threat for many months. "Nobody just detects it as Mariposa", says Hypponen. "Depending on the variant, we detect these as Palevo or Vaklik". F-Secure has received hundreds of these samples in the last 18 months.


Collapse -
Google shuts down bank snafu Gmail account
by Donna Buenaventura / September 28, 2009 1:20 PM PDT

Court order snuffs innocent bystander

Google has resolved a lawsuit from a US bank that accidentally sent 1,300 confidential tax IDs to an innocent Gmail account, but not before the web giant complied with a court order to shutdown the account and disclose certain account info.

It's unclear what information was disclosed.

In mid-August, according to court documents, an employee with the Wyoming-based Rocky Mountain Bank was asked by a customer to send a group of loan documents to a Gmail account used by a third party. The bank employee then proceeded to send the documents to the wrong Gmail address - alongside another file that included the names, addresses, tax IDs, and loan info for 1,325 of the bank's customers.

When Google refused to release the identity of the person behind the Gmail account, the bank sued. Last week, Google told The Reg it would not release the users identity unless it receives a subpoena or court order, and such an order soon arrived.


Collapse -
Verizon Extends Antivirus, Storage Support to Macs
by Donna Buenaventura / September 28, 2009 3:54 PM PDT

Verizon on Monday announced that it is offering a Mac version of its Internet security suite and online backup service.

Customers can order the services independently or as part of a Verizon FIoS phone, Internet, and video bundle.

Verizon Internet Security Suite (VISS) offers virus protection, a firewall, and parental controls, while Verizon Online Backup and Sharing (VOBS) offers between 5 Gbytes and 250 GB of storage for a monthly fee.

"Mac users are an important and growing segment of the broadband community and Verizon is becoming more and more focused on providing them with services that enhance their online experiences," Susan Retta, Verizon vice president of consumer product management, said in a statement. "We want Mac fans to know they can turn to Verizon for online security they can't get from cable."

Customers who sign up for a Verizon Internet, TV, and voice bundle can also subscribe to VISS and VOBS for $8.99 per month, which will provide security coverage for up to three computers and 25GB of online backup and storage.

New customers will get VISS and VOBS free for 30 days.


Collapse -
Pressure on Microsoft, as Windows attack now public
by Donna Buenaventura / September 28, 2009 4:05 PM PDT

Hackers have publicly released new attack code that exploits a critical bug in the Windows operating system, putting pressure on Microsoft to fix the flaw before it leads to a worm outbreak.

The vulnerability has been known since Sept. 7, but until today the publicly available programs that leverage it to attack PCs haven't been able to do more than crash the operating system. A new attack, developed by Harmony Security Senior Researcher Stephen Fewer, lets the attacker run unauthorized software on the computer, in theory making it a much more serious problem. Fewer's code was added to the open-source Metasploit penetration testing kit on Monday.

Two weeks ago, a small software company called Immunity developed its own attack code for the bug, but that code is available only to the company's paying subscribers. Metasploit, by contrast, can be downloaded by anyone, meaning the attack code is now much more widely available.


Collapse -
School boards hit with cash-stealing Trojan
by Donna Buenaventura / September 28, 2009 4:16 PM PDT

The U.S. Federal Bureau of Investigation is probing a rash of reported online computer intrusions that have resulted in hundreds of thousands of dollars being stolen from school districts in Illinois.

FBI investigators are working on a computer intrusion case at the Crystal Lake School District in Crystal Lake, Illinois, said Ross Rice, a spokesman with the FBI's Chicago office. But several other school districts also believe that they have been hit by the same malicious software, Rice said.

The FBI believes that the Clampi virus, already associated with a rash of banking thefts throughout the U.S., may be to blame, Rice said.

Rice declined to provide more information on the case because it is still under investigation, but local reports say that as much as US$350,000 may have been taken from the Crystal Lake District alone.


Collapse -
In Security, Reputation Is Key
by Donna Buenaventura / September 28, 2009 4:36 PM PDT

Trend Micro posted a blog entry about AntiVirus test done by NSS. See related news on Sept. 22

Trend Micro wrote:

In Security, Reputation Is Key

That appears to be the conclusion of a pair of independent tests recently released by NSS Labs.

Back in June of 2008 you may remember there was some noise in the IT press, as Trend Micro was declining to participate in some of the well known anti-malware tests, such as VB100. Our argument at the time, and this still stands today, was that those tests simply do not accurately reflect the threat as our customers encounter it, and as such the results may offer a false sense of security.

The internet has emerged as the most abused attack vector, attacks are multi-variant, multi-protocol, distributed in source (botnets), often targeted in nature and can no longer be defeated by the pattern-matching techniques that have been at the core of security software for so long.

Independent and importantly unsponsored testing, from NSS Labs, has just been released that underlines the importance of this new approach. In July and August of this year NSS Labs performed 17 days of 24

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.