Adobe Slammed!!!

June 2008

Researcher slams Adobe for ‘epidemic’ of java_script bugs. Adobe Systems Inc. patched its free Reader and commercial Acrobat software late Monday to plug the latest in what one researcher called an “epidemic” of java_script vulnerabilities in the popular programs this year. Both the Windows and Mac editions of the Adobe software require patches. Adobe last patched java_script bugs in Reader and Acrobat in February, although other fixes were issued in early 2007. In February, Adobe updated both programs to Version 8.1.2 by patching nearly 30 problems. At the time, the company was criticized for not providing more information about exactly what was fixed. Days later, reports surfaced that some of the java_script bugs patched this year had been exploited by hackers for several weeks and had infected thousands of users. According to Adobe, Versions 8.0 through 8.1.2 of both Reader and Acrobat should be patched; Reader and Acrobat 7.1.0, which were released in February, do not contain the bug and therefore do not need to be updated. Users still relying on Version 7.0.9 or earlier, however, should update to 7.1.0, urged Adobe. Reader 9 and Acrobat 9, which are expected to launch next month, are not vulnerable.

Windows Xp Extended...

June 2008

Windows XP support extended until 2014. Microsoft has decided to offer technical support for Windows XP with updates and security patches until April 2014. However, it will not go back on its decision to discontinue Windows XP sales after June 30. This means that after June 30, Microsoft will stop distributing Windows XP as a stand-alone product, as well as stop licensing it to PC manufacturers like Dell, HP, Lenovo, and others. However, it doesn’t mean that XP will disappear overnight. Consumers may still find copies of the software or computers pre-loaded with it for months, as stores and PC makers typically work through their inventories. Microsoft’s move to extend the deadline for technical support is primarily influenced by large business customers, who haven’t yet upgraded their systems to Windows Vista. The companies have been reluctant to switch to Vista due to the costs and heavy system requirements involved. So, large business customers might just skip Vista and continue with XP until the release of Windows 7, which is scheduled for release in 2010.

Student MovieMakers Reference Links...

June 2008


http://www.ttauri.org/links.htm

http://www.kffb.com/blog/?p=282

http://www.wildandscenicfilmfestival.org/

http://www.gatlinburgscreenfest.com/submissions.html

http://www.nffty.org/

http://www.listenup.org/exchange.php?item=886e25a483f89e28ec01398e063e1924

http://www.paramount-abilene.org/24fps/entering-westfest/#showcase

Spying on Users...

June 2008

Digital rights groups hit ISP ad firm for spying on users. A targeted advertising vendor being used by several U.S. broadband providers hijacks browsers, spies on users and employs man-in-the-middle attacks, according to a report released Thursday by two advocacy groups. NebuAd Inc., a behavioral advertising vendor being used by Charter Communications Inc., WideOpenWest Holdings LLC and other Internet service providers, also uses packet forgery, modifies the content of TCP/IP packets and loads subscribers’ computers with unwanted cookies, according to the report by Public Knowledge and Free Press, two Washington-based organizations focused on digital rights. “NebuAd exploits several forms of ‘attack’ on users’ and applications’ security,” the chief technology consultant for the two groups. “These practices – committed upon users with the paid-for cooperation of ISPs – violate several fundamental expectations of Internet privacy, security and standards-based interoperability.” NebuAd violates Internet Engineering Task Force standards that “created today’s Internet, where the network operators transmit packets between end users without inspecting or interfering with them,” he said.

Let the games begin...

June 2008

Olympic visitors’ data is at risk. National security agencies are warning businesses and federal officials that laptops and e-mail devices taken to the Beijing Olympics are likely to be penetrated by Chinese agents aiming to steal secrets or plant bugs to infiltrate U.S. computer networks. Chinese government and industry use electronic espionage to “easily access official and personal computers,” says one recent report by the Overseas Security Advisory Council, a federally chartered panel comprising security experts from corporations and the State, Commerce, and Treasury departments. Equipment left unsupervised for just minutes in a hotel or even during a security screening can be hacked, mined, and bugged, adds the chair of the U.S.-China Economic and Security Review Commission, a federal panel that monitors China-related security issues for Congress. China’s government also controls Internet service providers and wireless networks, he says, so computers and PDAs can be monitored and planted with bugs remotely, too. “There is a high likelihood — virtually 100% — that if an individual is of security, political, or business interest to Chinese … security services or high technology industries, their electronics can and will be tampered with or penetrated,” he says. China’s embassy did not respond to requests for comment, but usually dismisses espionage charges.

US Hacker Gets Time...

June 2008

U.S. hacker gets 41 months for running rogue botnet. A U.S. hacker who hooked up a botnet within Newell Rubbermaid’s corporate network was sentenced to 41 months in prison on Wednesday, according to the U.S. Department of Justice. He must also pay $65,000 restitution. He pleaded guilty to charges of computer fraud and conspiracy to commit computer fraud for using the botnet to install advertising software on PCs located throughout Europe without permission. Newell Rubbermaid reported its European computer network had been hacked around December 2006. At least one other European-based company also complained. The hacker’s indictment was enabled by investigations conducted by several law enforcement agencies worldwide, including London’s Metropolitan Police Computer Crime Unit, the U.S. Secret Service, the U.S. Federal Bureau of Investigation, the Finland National Bureau of Investigation, and other local U.S. agencies. Others who helped in the hack are still under investigation, the department said. The man received a commission from a company called DollarRevenue for every installation of the advertising software. Ad software can be very difficult to remove and trigger unwanted pop-ups. Many hackers have become astute at installing the software through surreptitious means, such as exploiting software vulernabilities in a PC’s operating system or Web browser. In December 2007, DollarRevenue was fined €1 million ($1.54 million) in the Netherlands, one of the largest fines ever levied in Europe against a company over adware. That investigation found that hackers were paid €0.15 each for installation of DollarRevenue software on computers in Europe and $0.25 for PCs in the U.S.

Spam King...

June 2008

Former ‘spam king’ must pay MySpace $6 million. A Colorado man has been ordered to pay $6 million in damages and legal fees for spamming thousands of MySpace.com users. The man, who was once accused of sending more than 100 million spam messages per day, was sued by MySpace in January 2007 in connection with an August 2006 campaign in which MySpace members were hit with unsolicited messages promoting a Web site called Consumerpromotionscenter.com. The messages were sent from phished MySpace accounts, according to the findings of the court-appointed arbitrator in the case. The messages were sent to a MySpace community that was ill-equipped to deal with any security problems.

Internal or External...

June 2008

Verizon study links external hacks to internal mistakes. A study published yesterday by Verizon Business offers a new look at one of security’s oldest problems and arrives at a new conclusion: While most breaches are executed by external attackers, the attacks are usually facilitated by security failures that were overlooked by internal staff, often for a long period of time. In the study, which was generated by analyzing data from more than 500 forensic investigations conducted between 2004 and 2007, Verizon reports that 73 percent of data breaches resulted from external sources. This includes breaches caused by business partners, a source of vulnerability that increased fivefold during the study. Only 18 percent of breaches were caused by insiders. But that does not mean internal parties do not contribute to the problem, Verizon asserts. In fact, the study also reveals that 62 percent of data breaches can be attributed to a significant error in internal behavior. Sixty-six percent of the breaches involved data that the victim organization did not know was on the system, and 75 percent of breaches are discovered by a third party, rather than someone inside the organization. These seemingly contradictory bits of evidence -- that most breaches are perpetrated by outsiders but facilitated by errors inside -- indicate that most security breaches are crimes of opportunity, in which a door is left open and attackers simply walk in, Verizon suggests. In fact, the study states specifically that 83 percent of attacks resulting in breaches are “not highly difficult” for the attacker. Eighty-five percent are the result of “opportunistic attacks,” rather than targeted schemes, and 87 percent of the breaches probably could have been avoided through the proper enforcement of security controls, Verizon says.

Cyber Tips!!!

June 2008

Occasionally, you may receive a suspicious email promising something in return for forwarding the email to others. You can research the validity of the email by consulting websites such as these:

www.snopes.com

www.hoax-slayer.com

www.truthorfiction.com

Hey Scriptwriters...Want some free stuff???

June 2008

Celtx: An open source scripts, plays & screenplays writing program. It works on PCs or Macs.
http://www.celtx.com

Audacity: Use this program for audio recordings for PCs or Macs. Make sure you also get LAME for MP3s.
audacity.sourceforge.net

VLC: Use this program to view videos that Quicktime or Windows Media Player will not play. Works great on AVI,MP4,and FLV.
http://www.videolan.org/vlc/

Handbrake: Use this program to copy the information off (homemade) DVDs. Enough Said!!!
handbrake.fr/

Large Email? Here's a tip...

June 2008

If you have files that you would like to email to a person but their email account only
accepts up to 10 MB, then you should use yousendit.
YouSendIt allows you to send and receive files up to 2 GB (Gigabytes) for FREE.
We love Free!!! Thanks yousendit. Now click the link!!!

Dangerous Places...

June 2008

New report identifies dangerous Web domains. Companies that assign addresses for Web sites appear to be cutting corners on security more when they assign names in certain domains than in others, according to a report to be released Wednesday by antivirus software vendor McAfee Inc. McAfee found the most dangerous domains to navigate to are “.hk” (Hong Kong), “.cn” (China) and “.info” (information). Of all “.hk” sites McAfee tested, it flagged 19.2 percent as dangerous or potentially dangerous to visitors; it flagged 11.8 percent of “.cn” sites and 11.7 percent of “.info” sites that way. A little more than 5 percent of the sites under the “.com” domain – the world’s most popular – were identified as dangerous. More spammers, malicious code writers and other cybercriminals can establish an online presence when domain name registry businesses cut requirements for registering a site in order to boost their profit and profile. The report does not identify domain name registration companies McAfee believes are responsible for those lapses. Hundreds, perhaps thousands, of companies register domain names; some are large and well known, while others are small and less reputable, offering their services cheaply and with flimsy or no background checks to lure in more customers. The McAfee report is based on results from 9.9 million Web sites that were tested in 265 domains for serving malicious code, excessive pop-up ads or forms to fill out that actually are tools for harvesting e-mail addresses for sending spam.

Risky Business???

June 2008

Risky online behavior more likely to happen at small companies. Trend Micro recently reported that in the U.S., U.K., Germany and Japan, employees in small companies took more online risks while on the company network compared to their counterparts in larger organizations, according to the results of a study that explores corporate computer users’ perceptions of and experiences with security threats. The study, which surveyed usage habits of 1,600 corporate end users in the U.S., U.K., Germany and Japan, found that certain risky activities such as browsing Web sites unrelated to work, making online purchases, visiting social networking sites, downloading executable files and checking personal Web-based e-mail were more likely to take place in small businesses. For example, 32 percent of small business employees in the U.K. have admitted to downloading executable files that can potentially lead to Trojan or virus attacks and, ultimately, identity and data theft. Checking personal e-mail is the most popular non-work related online activity for German workers -- 70 percent of small-business employees do this at work, compared to 59 percent of those in large companies. In Japan, the study revealed that most of the personal Internet activities stated above were more likely to occur in small businesses. Despite a higher level of risky online behavior taking place, only about 50 percent or fewer end users within small companies said they had an IT department which may explain why spam, phishing and spyware were more commonly reported within these companies compared to larger ones

Storm Worm is Back!!!

June 2008

Storm worm resurfaces, tries love angle again. After a hiatus, the gang behind the Storm worm is attempting to exploit people’s curiosity about a fictional love interest to tempt users into downloading the malware, according to security training organization the Sans Institute. A security expert from the Sans Institute warned on Tuesday that a Storm worm download site had been detected by security researcher ‘DavidF’. A link that contained the site’s IP address was being spammed out in emails, he wrote in a blog post. He noted that spam is being sent with the message: “‘Crazy in love with you’ hxxp://122.118.131.58”. He wrote: “I checked that site and could only find an index.html, lr.gif and loveyou.exe.” The researcher said that index.html encourages visitors to run the ‘loveyou’ executable by asking: “Who is loving you? Do you want to know? Just click here and choose either ‘open’ or ‘run’.” Loveyou.exe is a version of the Storm worm, also known as Trojan.Peacomm.D by Symantec and Troj/Dorf-AP by Sophos. He recommended IT professionals block the IP address until it gets “cleaned up”. The unknown gang behind the Storm botnet tried a similar technique in January in the run up to Valentine’s Day. At the time, Sophos warned that the gang was using a social-engineering technique in an attempt to trick users into clicking on a link in a ‘Valentine’s Day’ email. Storm worm attacks then dropped off, leading some security vendors to report that the influence of Storm worm was waning. However, in May, Symantec researchers warned they had identified a number of nascent Storm worm hosting domains using fast-flux techniques to mask their URLs.

Spam and Goggle Docs...

June 2008

Spammers exploit Google Docs. Spam levels jumped in May to 76.8 percent of all emails sent globally, according to new monitoring data. MessageLabs’ latest Intelligence Report attributed this hike to a change of tactics in which spammers are moving away from a reliance on email attachments. Spammers are instead moving towards the exploitation of free mainstream hosted services such as Google Docs, Google Calendar and Microsoft SkyDrive. “The savvy and accurate cyber-criminals of today seem to have abandoned the attachments tactic that was so innovative in late 2007 and are exploiting free hosted applications which have become mainstream in 2008,” said the chief security analyst at MessageLabs. “The spammers are taking advantage of the fact that these services are free, provide ample bandwidth and are rarely blacklisted,” he said, adding, “This is one more addition to the growing list of ways in which the spammers have succeeded in outsmarting traditional detection devices.” MessageLabs intercepted spam emails in May which contained links to spam contained in documents hosted on the Google Docs environment. Traditional spam filters do not block links to the Google Docs domain, and spammers are using this to their advantage and even tracking their success through Google Analytics. Spammers are also using Microsoft’s SkyDrive shared file hosting service. Spam generated using this technique accounted for one per cent of all unsolicited mail in May.

Hack -n- Phish

June 2008

‘Hack-and-Pier’ Phishing on the Rise. Researchers have witnessed a growing trend in phishers hacking into legitimate Websites to host their phishing exploits, enabling them to keep their attacks alive longer. In a blog post Wednesday from F-Secure noted a series of so-called ‘hack-and-pier’ phishing exploits that had been reported to phishing clearinghouse PhishTank. “Instead of setting up their own sites, we’re seeing more and more evidence of phishing from hacked sites; legitimate sites that are unknowingly hosting phishing,” the blog said. “And then the site cannot simply be pulled offline without collateral damage to the legitimate business. So the Website’s administrator must be contacted to repair the damage.” According to MarkMonitor, only a small percentage of phishing sites today are created with purchased domain names or hosting. “A study we did in late 2007 showed that over 80 percent of phishing sites were hacked legitimate sites or free Webhosting sites,” says the director of anti-phishing for MarkMonitor. Traditionally, a phisher would register a bogus URL that looked a lot like the real thing, but was a letter or two off, such as “paypol” rather than “paypal,” or a more obscure URL that was less likely to get flagged. But those URLs can be easy to spot and shut down, so phishers have been moving to legit Websites as a way to extend the life of their exploits. An F-Secure representative said in an interview that his firm in the past has seen many examples of hacked legit sites for phishing and other cybercrime uses. “It is a growing trend,” he says. “Like any other technique, practice makes perfect.” As long as there are vulnerable Websites, hack-and-pier phishing isn’t going anywhere. “Until the Website’s vulnerabilities are resolved, the phishers will just continue to hack and pier,” he said.

More Strength For DHS...

June 2008

DHS moves to strengthen domain name servers. The U.S. Homeland Security Department’s Science and Technology Directorate has awarded a contract to Secure64 Software to increase the security of the Internet’s Domain Name Servers (DNS). DNS is one of the most critical back-end processes on the Internet or any other IP network, but it operates somewhat transparently. DNS alleviates the burden of memorizing a Web site’s IP address, instead allowing the user to type in a simple domain name such as www.dhs.gov. The Internet would not be functional from a practical perspective without DNS. But despite its importance, most DNS implementations are not secured, leaving DNS transactions vulnerable to attacks such as pharming, cache poisoning, and DNS redirection. Pharming occurs when a hacker exploits DNS or host-file vulnerabilities on a computer to redirect the person to a Web site other than the one intended. These fraudulent sites may appear similar to the site the person was attempting to reach, confusing the person and perhaps tricking him or her into revealing sensitive information that can be used to commit identify theft or other crimes. Cache poisoning occurs when an attacker tricks a DNS into accepting falsified IP addresses for Web sites, which are then cached or stored temporarily by the servers. Because DNS servers do not flush their caches for a set period of time, the false information may lead many users to fraudulent Web sites that contain viruses or malware.