NEWS - September 28, 2012

Internet Explorer Blocks More Malware Than Firefox, Chrome, Safari

"NSS Labs browser tests show Google SafeBrowsing API weak link in catching click fraud malware "

It hasn't been the best month for Internet Explorer given the recent zero-day attack, but the Microsoft browser got some good news today with a new test that shows it's by far better at stopping malware than Google Chrome, Mozilla Firefox, and Apple Safari.

NSS Labs today released the results of tests it conducted on the major browsers to determine how they defend against malware associated with bank fraud, password-stealing, phony antivirus, and click fraud. IE fared best, blocking 95 percent of all malware-related activity, followed by Chrome, which blocked 33 percent, and Firefox and Safari, which blocked less than 6 percent.

Another interesting statistic: Chrome halted only 1.6 percent of click fraud, and IE was also No. 1 in this test, stopping 96.6 percent of click-fraud malware during the tests. Firefox picked up 0.8 percent; and Safari, 0.7 percent.

Continued :

Test Shows IE9 Beats Chrome, Safari, Firefox in Overall Malware Detection
You might be surprised at which Web browser aced this security test
Internet Explorer Shines in NSS Labs Browser Security Test
Discussion is locked
Reply to: NEWS - September 28, 2012
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - September 28, 2012
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
New cloud data protection guidelines

The Information Commissioner's Office published guidelines that underline organisations' sole responsibility for the protection of data, even if it has been outsourced to third party cloud network providers.

The guidelines include tips** for businesses, including securing assurances from cloud service providers on how data will be kept safe, as well as suggesting the implementation of a written contract between both parties involved.

Paul Ayers, VP EMEA of data security expert Vormetric, has made the following comments:

As more and more businesses are embracing the compelling economic and operational benefits of cloud computing, these guidelines serve as a timely reminder of the full extent of organisations' data protection responsibilities and the dangers that can ensue if they are not managed appropriately.

Some 'wishful thinking' enterprises believe that leveraging the cloud allows them to wash their hands of the need to secure their data. That is not the case. Companies still need to be able to establish where their data is held and define what data protection policies are in place.

Continued :

ICO says companies are responsible for customer data in the cloud
Cloud computing? You still can't dodge data protection rules
ICO publishes cloud data guidelines

- Collapse -
Report Examines Limitations of Firewalls in Fighting DDoS..
.. attacks

Security firm Prolexic Technologies released a whitepaper today aimed at helping organizations use their firewalls more effectively to fight distributed denial-of-service (DDoS) attacks.

DDoS attacks have emerged as a favorite weapon of hacktivists. But no matter who is doing it, the impact for businesses can be significant. As recent poll of 1,000 IT professionals by security provider NeuStar revealed just how much: according to the study, 67 percent of those in the retail industry said a DDoS attack would cost them more than $100,000 per hour.

Security firm Prolexic offers anti-DDoS services. According to its report, while firewalls can serve as a Band-Aid to block malicious traffic, they are not built to handle the massive loads of traffic that can accompany a DDoS attack.

"To ensure that you use a firewall to its best advantage in a DDoS protection strategy, you should first be aware of the difference between stateful and stateless firewalls and what each are designed to do," the report says.

Stateful firewalls, the report states, are designed to monitor regular levels of traffic and stop small amount of stateful attacks, and they often fail in the event of a DDoS.

Continued :
- Collapse -
Mozilla's "just works" Persona login system hits beta

"Distributed login system eliminates passwords, simplifies identity management."

Mozilla is moving Persona, its online identity system, out of the experimental category and is releasing an official beta.

First released earlier this year, Persona offers a secure way to eliminate individual passwords for users while offering developers a simple way to add support and authenticate requests—think of it as OpenID without the headaches.

After seven months of morphing APIs and various Persona improvements, Mozilla has deemed the project "ready to use for authentication." Persona works in all major desktop and mobile browsers and, according to Mozilla, the user experience has been considerably polished for this release. While Mozilla claims it's ready to use, bear in mind that Persona is still officially a beta.

Mozilla Persona is a distributed online identity system. It's part of Mozilla's effort to tackle online identity management by shifting the focus from individual websites to a decentralized system that sites tab into.

Continued :

Related: Safeguard your online Persona with Mozilla ID system

- Collapse -
Police Ransomware: How to Get Your Malware Noticed

From TrendLabs Malware Blog:

Recently, I talked at the VB2012 conference in Dallas about one of the recent developments in today's threat landscape: the increasing prevalence of police ransomware. Earlier, Trend Micro published a white paper discussing this threat, titled The "Police Trojan" (pdf).

The idea behind ransomware is relatively simple: the cybercriminals block the user from accessing their own computer. This continues until the user pays the cybercriminal money in order to unlock their system. We first saw this type of threat in Russia back in 2005 to 2006.

More recently, we've seen this threat spread to other countries. Using geo-location, users are presented with a notice - supposedly from local police - that they have committed some crime, and to unlock their PC they need to pay a "fine" of some sort.

As we looked into this threat, we found that this threat was, in someways, similar to previous fake antivirus threats. Multiple gangs produce their own variants; the social engineering is very good at getting users to pay up, and new versions are appearing all the time. Affiliate programs are also used to monetize this threat.

Continued :

- Collapse -
Avira launches 2013 antivirus security software line

Avira announced the arrival of the Avira 2013 product line, which includes Avira Free Antivirus, Avira Antivirus Premium 2013, Avira Internet Security 2013, and Avira Internet Security Plus.

Avira's premium products have 8 new features. These new features give consumers a more secure browsing experience by protecting them from Internet scams and threats, in addition to keeping their computers free of malware.

"With over 100 million users worldwide, our goal with Avira 2013 was to offer protection to people no matter what device they use, and we did that by adding many user oriented features to this release, making it the most feature-rich solution we've ever made," said Sorin Mustaca, product manager and data security expert at Avira. "We've also kept the resources footprint small, so users will not notice any slowdown in computer performance."

The following new features added to the Avira 2013 family of products are all designed to protect not just computer devices, but also computer users -- wherever they are and whatever device they're using:

Continued :

Related: Avira kills its pop-up for 2013, sort of

- Collapse -
What's the Meaning of This: Adobe Certificate Attack

The news yesterday that Adobe had been compromised and that the attackers were able to get valid Adobe signatures on a pair of malware utilities is one of the more worrisome and troubling stories in what has become a year of huge hacks and historic change in the security industry. Adobe was forthcoming with many of the details of the attack, but the ones that were omitted are the ones that really make a difference in this instance.

As in most of these cases, what we know is mostly the results of the attack. We know that the attackers found a weak spot somewhere on Adobe's corporate infrastructure and found a way in. Adobe has not identified what the vulnerability was, where the compromised machine sat on its network or how the attackers were able to compromise it in the first place. Was it a phishing email, a la the RSA hack? Or was it something less pedestrian? We don't know.

We do know that once the attackers were inside, they began moving around until they found the machine that they were really interested in: a build server. They got there by using what Brad Arkin, Adobe's top security and privacy official, said were techniques typically seen from APT-style attackers.

"We believe the threat actors established a foothold on a different Adobe machine and then leveraged standard advanced persistent threat tactics to gain access to the build server and request signatures for the malicious utilities from the code signing service via the standard protocol used for valid Adobe software," Arkin said.

Continued :

See: Security Advisory: Adobe to Revoke Code Signing Certificate

- Collapse -
ACLU: Electronic surveillance by US agencies skyrocketing

"The civil rights group calls on Congress to require more judicial oversight on pen register and trap-and-trace orders"

U.S. law enforcement surveillance of email and other Internet communication has skyrocketed in the last two years, according to data obtained by the American Civil Liberties Union.

The number of so-called pen register and trap-and-trace orders obtained by federal law enforcement agencies has increased 361 percent between 2009 and 2011, the ACLU said. The U.S. Department of Justice released the data to the ACLU after the civil rights group sued the agency under the Freedom of Information Act.

Pen registers capture outgoing data from a surveillance subject, while trap-and-trace orders capture incoming data, including the addresses of email messages who the subject is talking with on instant messages. The two types of surveillance are not supposed to record the contents of conversations.

Including the targets of telephone surveillance, "more people were subjected to pen register and trap-and-trace surveillance in the past two years than in the entire previous decade," Naomi Gilens, a legal assistant with the ACLU's Speech, Privacy, and Technology Project, wrote in a blog post.

Continued :

Feds snooping on email activity and social networks, without warrants - and it's on the rise
ACLU: Government documents show surge in electronic surveillance

- Collapse -
After $250,000 theft, Bitcoin exchange Bitfloor reopens

Early in the month, we reported that the top US Bitcoin exchange, Bitfloor, had a security breach that resulted in a theft of Bitcoins worth $250,000. At the time it was very much up in the air as to whether Bitfloor would be able to resume operation, but today it has announced that it is back in business.

Founder and operator Roman Shtylman took to Google+ to make the announcement, although the pre-theft funds are still frozen. New deposits will be accessible as normal. "As funds are available for repayment, they will be dispersed on a pro-rated basis," said Shtylman.

"Bitcoin funds for repayment will be purchased using revenue from fees. This will ensure that as Bitfloor grows I am able to continue operation to recover the stolen funds over time."

Bitfloor is also pursuing investment opportunities to recover funds for its customers more quickly.

Shtylman has made a number of security improvements to the exchange to prevent a similar theft occurring. Client funds will be put into cold storage — stored on a computer that is not networked — while a hot wallet will cover daily transactions, ensuring that if someone does gain access again, no customer deposits are at risk.

Continued :

Bitcoin exchange Bitfloor attempts comeback after $250,000 heist
Bitcoin Trading Floor Reopens After Daring Online Heist

CNET Forums