and Who Watches Watchfire???

November 2006
Hackers ride on Web application vulnerabilities.
According to Watchfire, the most vulnerable area in the enterprise information ecosystem is Web applications. The company specializes in software and services to audit the security and regulatory compliance of Websites. Danny Allan, Watchfire's director of strategic research, noted that network perimeters bore the brunt of attacks in the past. Given that networks today are adequately protected by a range of security tools, Web applications are now not only easier to target, they are also linked to backend servers and databases containing a wealth of information. However, businesses are currently not spending enough to protect their Web applications, said Allan. Citing research by Gartner, he pointed out that 90 percent of IT security spending is on network protection and only 10 percent is spent on Web applications.
Source: http://www.zdnetasia.com/news/security/0,39044215,61969925,00.htm

Hactivists VS. Govt. Censors...Fight!!!

November 2006
Web tool said to offer way past the government censor.
At the University of Toronto a team of political scientists, software engineers and computer−hacking activists, or “hactivists,” have created the latest, and some say most advanced tool yet in allowing Internet users to circumvent government censorship of the Web. The program, called psiphon (pronounced “SY−fon”), will be released on December 1 in response to growing Internet censorship that is pushing citizens in restrictive countries to pursue more elaborate and sophisticated programs to gain access to Western news sites, blogs and other censored material. Psiphon is downloaded by a person in an uncensored country (psiphon.civisec.org), turning that person’s computer into an access point. Someone in a restricted−access country can then log into that computer through an encrypted connection and using it as a proxy, gain access to censored sites. The program’s designers say there is no evidence on the user’s computer of having viewed censored material once they erase their Internet history after each use. The software is part of a broader effort to live up to the initial hopes human rights activists had that the Internet would provide unprecedented freedom of expression for those living in restrictive countries.
Source: http://www.nytimes.com/2006/11/27/technology/27censorship.html

Hactivists VS. Govt. Censors...Fight!!!

November 2006
Web tool said to offer way past the government censor.
At the University of Toronto a team of political scientists, software engineers and computer−hacking activists, or “hactivists,” have created the latest, and some say most advanced tool yet in allowing Internet users to circumvent government censorship of the Web. The program, called psiphon (pronounced “SY−fon”), will be released on December 1 in response to growing Internet censorship that is pushing citizens in restrictive countries to pursue more elaborate and sophisticated programs to gain access to Western news sites, blogs and other censored material. Psiphon is downloaded by a person in an uncensored country (psiphon.civisec.org), turning that person’s computer into an access point. Someone in a restricted−access country can then log into that computer through an encrypted connection and using it as a proxy, gain access to censored sites. The program’s designers say there is no evidence on the user’s computer of having viewed censored material once they erase their Internet history after each use. The software is part of a broader effort to live up to the initial hopes human rights activists had that the Internet would provide unprecedented freedom of expression for those living in restrictive countries.
Source: http://www.nytimes.com/2006/11/27/technology/27censorship.html

Sandia Labs not too busy...Hmmm

November 2006
Fan hacks singer’s cell phone data using national lab computer.
A woman is accused of using a computer at a national laboratory to hack into a cell phone company's Website to get a number for Chester Bennington, lead singer of the rock group Linkin Park. According to an affidavit filed by the Department of Defense Inspector General, Devon Townsend, 27, obtained copies of Bennington's cell phone bill, the phone numbers he called and digital pictures taken with the phone. Investigators said she also hacked into the e−mail of Bennington's wife, Talinda Bennington, and at one point called her and threatened her. Townsend is accused of using a computer at her former workplace, Sandia National Laboratories, to access Bennington's cell phone information. Lab spokesperson Michael Padilla said Wednesday, November 22, that Townsend no longer worked there. Townsend's attorney, Ray Twohig, said that investigators were still analyzing his client's computer and that it remains to be seen what exact violations will be alleged. Townsend's computer wasn't connected to classified data, Padilla said.
Source: http://www.cnn.com/2006/SHOWBIZ/Music/11/27/people.linkinpark.ap/index.html

Oh, Why Wi-fi?

November 2006
Wi−Fi standards face patent threat.
A federal judge in Tyler,
TX, ruled last week that an Australian government agency holds the rights to patents on the underlying technology used in two Wi−Fi standards and a third proposed standard. The decision −− if it survives what many assume will be a lengthy appeals process −− could have a wide−ranging impact on wireless equipment makers and consumer electronics manufacturers. Judge Leonard Davis ruled that a patent granted in 1996 to the Commonwealth Scientific and Industrial Research Organization, Australia's national science agency, is valid. The court also ruled that Buffalo Technology, a small maker of Wi−Fi routing gear, had violated this patent. The ruling is certainly a blow for Austin, TX−based Buffalo Technology, but the decision could have a huge impact on the entire Wi−Fi industry. "One reason that Wi−Fi has proliferated as it has is because it's reached a point where it's incredibly cheap, so it's easy to just stick a Wi−Fi chip in a consumer electronics device," said Stan Schatt, a vice president at ABI Research. "But if the cost of the technology goes up to pay for the license, even a little bit, it could throw off the economics."
Source:http://news.com.com/Wi−Fi+standards+face+patent+threat/
2100−7351_3−6137372.html?tag=nefd.lede

Is Bigger Better???

November 2006

Gartner meeting sees big network role.

IT professionals and Gartner Inc. analysts are looking beyond networks to the whole enterprise this week at the research company's Enterprise Networking Summit in Las Vegas. Everything system and application administrators want to do affects networks, especially now that voice and other forms of communication are moving onto IP data networks, participants said Tuesday, November 14. That trend toward unified communications, along with richer Web−based applications and a proliferation of consumer−oriented devices, is among the key issues emerging for enterprise networks in the next few years, Gartner analyst David Willis said in a keynote address. Another looming trend is virtualization of IT resources, which Cisco Systems Inc., Microsoft Corp. and IBM all want to dominate, he said. Together, it spells more chaos on networks, which have always been chaotic, he said. Don't rush into IP telephony, Gartner analyst Jeff Snyder warned attendees in a breakout session. They should have a good reason, such as replacing aging phone systems or building a distributed contact center, before moving in that direction, he said. But network experts will take on a bigger role in overall corporate strategy as the new technology comes in, he added.
Source:http://www.computerworld.com/action/article.do?
command=viewArticleBasic&articleId=9005143&intsrc=news_ts_head

And the Spam Award goes to...

November 2006

The world's most prolific spammers.
Spamhaus has published a revised list of the world's 10 worst spammers.
The top 10 are:
1) Alex Blood;
2) Leo Kuvayev;
3) Michael Lindsay;
4) Ruslan Ibraqimov;
5) Amichai Inbar;
6) Pavka;
7) Vincent Chan;
8) Alexey Panov;
9) Yambo Financials;
10) Jeffrey Peters.
For further detail: http://www.spamhaus.org/statistics/spammers.lasso
Source: http://www.theregister.co.uk/2006/11/14/spamhaus_worst_spamm er_list/

Hack, Mutate, ReHack... and Repeat

November 2006
Mutate, fragment, hide: The new hacker mantra.
Hackers working for criminal gain are using increasingly sophisticated methods to ensure that the malware they develop is hard to detect and remove from infected systems, security researchers warned at this week's Computer Security Institute tradeshow in Orlando. The most popular of these approaches involve code mutation techniques designed to evade detection by
signature_based malware blocking tools; code fragmentation that makes removal harder; and code concealment via rootkits. Unlike mass_mailing worms such as MS Blaster and SQL Slammer, most of today's malware programs are being designed to stick around undetected for as long as possible on infected systems, said Matthew Williamson, principal researcher at Sana Security Inc.

The goal in developing such malware is not to simply infect as many systems as possible but to specifically steal usage information and other data from compromised systems, he said. An increasingly popular way of attempting this is with the use of polymorphic code that constantly mutates. Many malicious hackers also now use "packers" to encrypt malware to evade detection.
Source:http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9004967&source=rss_topic85

More Mobile Devices...More Problems

November 2006
Mobile devices provide more opportunities for mischief and theft.
Smartphones and similar devices increasingly are being used by business professionals to store information, tap into customer accounts, and exchange data with the office. The expanded use of mobile devices has caught the interest of criminals and malicious hackers, and several proof_of_concept mobile viruses have emerged in recent months. The growth of Microsoft Windows Mobile 5.0 in the device market also creates new security concerns. Windows Mobile 5.0, released to manufacturers in May, offers more and easier ways to exchange information with back_end servers than previous versions, and it's the first Windows operating system to appear on popular Palm devices. Trojan.Wesber, a proof_of_concept virus for Windows Mobile discovered in September, sends messages from a mobile device via the Short Message Service wireless protocol without the device user's consent, similar to the Redbrowser Trojan reported earlier this year. MSIL.Cxover.A, discovered in March, searches for a device connected to a wireless network, then attempts to establish an ActiveSync connection to the device. If successful, the worm copies itself as a file and disconnects the ActiveSync connection. While there haven't been any public reports of data breaches or other incidents resulting from these viruses, they demonstrate hacker interest in mobile devices.
Source:http://www.informationweek.com/story/showArticle.jhtml?artic leID=193700286

Hackers Hit Wikipedia...German 1

November 2006
Hackers use Wikipedia to spread malware.
Hackers are using online encyclopedia Wikipedia to spread malware, according to a security firm. Sophos discovered that hackers had created an article on the German edition of Wikipedia containing false information about a new version of the Blaster worm, along with a link to a fix. However, the fix is actually a piece of malicious code designed to infect visitors' PCs. Wikipedia is built from user contributions, allowing anyone to create or edit the content of a page. The hackers sent spam messages to German computer users, which purported to come from Wikipedia, and directed recipients to the fraudulent information. As the e−mails linked to a legitimate Website, they were able to bypass some anti−spam solutions.
Source: http://www.vnunet.com/vnunet/news/2167949/hackers−wikipedia− dupe−users

The Guru Warns of Open Source...

Linux guru warns on security of open−source code.

Alan Cox, one of the most respected figures in the UK open−source community, has warned about complacency over the security of open−source projects. Speaking to delegates at London's LinuxWorld conference on Wednesday, October 25, he emphasized that considerable sums of money were being spent in attempting to hack into open−source systems. And he cautioned that many open−source projects were far from secure. "Things appear in the media, like 'open−source software is more secure, more reliable and there are less bugs.' Those are very dangerous statements," Cox said. Cox said that analysis looks only at well−known projects. An analysis of 150 projects from SourceForge, a repository for open−source code, would not result in the same high marks that the Linux kernel would get, he noted. "High−quality only applies to some projects −− those with good code review and those with good authors," Cox said.

Source: http://news.com.com/Linux+guru+warns+on+security+of+open−source+code
/2100−1002_3−6129835.html?tag=ne.fd.mnbc

Wi-Fi Citywide...

Citywide Wi−Fi spending could hit $3 billion.
More than $3 billion will be spent during the next four years to build and operate public wireless networks for U.S. municipalities, according to a new research report by MuniWireless.com. Interest among U.S. cities and counties to deploy their own public wireless networks is exceeding earlier expectations, said Esme Vos, founder of MuniWireless.com, which tracks the muni−wireless market. Citywide Wi−Fi networks, which are built and managed by a city alone or in partnership with a private company, have come into vogue in the past couple of years. With these new networks, is a promise to provide affordable or free broadband access to residents. But the technology is not without challenges, as cities such as Tempe, AZ, have discovered. Because Wi−Fi uses unlicensed spectrum, interference from other wireless devices can be a problem. Coverage can also be an issue, since signals often don't reach inside homes without special devices to boost the signal indoors.
Source: http://news.com.com/Citywide+Wi−Fi+spending+could+hit+3+billion/
2100−7351_3−6129655.html?tag=nefd.top

Audacity for Mac OS X 1.3.0 Beta

Audacity is a free audio editor that can record sounds, play sounds, import and export WAV, AIFF, and MP3 files, and more. Use it to edit your sounds using Cut, Copy, and Paste (with unlimited Undo), mix tracks, or apply effects to your recordings. It also has a built-in amplitude envelope editor, a customizable spectrogram mode, and a frequency analysis window for audio analysis applications. Built-in effects include Bass Boost, Wahwah, and Noise Removal, and it also supports VST plug-in effects.

Audacity has the following other editions available: Audacity for Windows and Audacity for Unix.
Source:http://fileforum.betanews.com

Apple's WiFi Flaws

November 2006
Attack code out for new Apple Wi−Fi flaw.
Kicking off a "month of kernel bugs," a security researcher has released attack code that he claims exploits a new security hole in wireless software from Apple Computer. The vulnerability lies in the Apple AirPort driver, according to details on the flaw published by H.D. Moore, the developer of the Metasploit security tool. It affects only the AirPort driver provided with wireless cards shipped between 1999 and 2003 with PowerBooks and iMacs, the posting said. To launch an attempt, the hacker would have to be on the same wireless network as a vulnerable Mac. The attack entails trying to trigger a memory corruption flaw by sending a malformed data packet to the computer, according to Moore's advisory. But the process isn't easy, and Moore hasn't yet been able to gain complete control over a vulnerable Mac.
Details on the flaw: http://projects.info−pull.com/mokb/MOKB−01−11−2006.html
Source:http://news.com.com/Attack+code+out+for+new+Apple+Wi−Fi+flaw/2100−1002_3−6131711.html?tag=cd.top

Adware on MySpace...Nah, Really??? :)

November 2006
Adware may be lurking in video on MySpace.
Several MySpace pages offer what appear to be YouTube videos that trigger installation of adware when played, Websense Security Labs has warned. The explicit videos can be found on a number of user pages on the MySpace social networking Website, Websense said Monday, November 6. They look like You Tube video, but are in fact hosted on a copycat "Yootube.info" Website, Websense said. That Website was still online as of Tuesday evening.
"When users click on the video, they are directed to a copy of the video," Websense said. People are then redirected to the Windows Media Player, which will pop up a license agreement with installation of an adware program called Zango Cash, it said. "Assuming that users have accepted the agreement, the video downloads and attempts to install setup.exe from Zango Cash," Websense said.
Source: http://www.usatoday.com/tech/products/cnet/2006−11−08−adware −myspace_x.htm