Hard to Kill Web Attack...

December 2008

Relentless web attack hard to kill. Thousands of Websites infected by a new Web attack during the past few days won’t necessarily be safe even after they remove the offending code. “People are recommending that the Website remove the link, but that’s not enough. If it has compromised your machine once, it will do it again. We’ve seen evidence” of this, says a senior virus researcher for Kaspersky Lab, which first discovered this new wave of Web attacks late last week. The SQL injection attacks, which appear to originate from China, appear to have peaked yesterday, according to Kaspersky. Among the infected sites found by Kaspersky were Travelocity.com, countyofventura.org, and missouri.edu. It is not likely, however, that the attacks will reach the volume of SQL injection attacks from earlier this year, which numbered in the hundreds of thousands of sites, mainly because the new attacks are mostly using a new, stealthier, and more closely guarded SQL injection toolkit, says the director of threat intelligence for SecureWorks. The director and his team have been in communication with the Chinese developer of the tool, hoping to procure a copy and reverse-engineer it. The toolkit is protected with a layer of digital rights management and appears to be sold mainly in China.

Cybercrime Crusaders!!!

December 2008

Cybercrime crusaders shut down shadowy Web hosting operation. When cybercrime crusaders this week persuaded Internet service providers to disconnect a shadowy Web hosting operation called McColo, there was an instant 40 percent drop in spam and other “badness’” across some e-mail networks, security experts say. McColo, which operated from servers in San Jose, California, was alleged to be a conduit for illicit activities, according to a “Cyber Crime USA” report issued November 11 by an alliance of private-sector Internet security advocates. But bringing the people behind McColo to justice, these experts say, may prove much more difficult in an age when the technology has outpaced the reach of the law — particularly when the culprits may be crime syndicates in Eastern Europe. The activities hosted by McColo were disrupted, experts say, but may be quickly revived over the Web. Following the shutdown, Trend Micro found a 40 percent drop in spam on its filters to corporate clients, said an advanced threats researcher for the Cupertino Company.

Hacked Wireless Network...

December 2008

The latest 802.11 wireless hack was announced in a paper entitled “Practical Attacks Against WEP and WPA.” The current attack, which recovers what is known as the keystream and not the “secret key,” results in the attacker being able to send seven (some sources say 15, but the paper’s authors say seven) unauthorized, one-way network packets to the client every 12-15 minutes; it can also decrypt a single Address Resolution Protocol (ARP) packet. Because they only have one way communication, what an attacker could do is very limited. Essentially the malicious attacker would also have to have previous knowledge of unpatched, vulnerable software running on the victim, or access to a previously unknown zero-day exploit that would work on software running on the victim, either of which must be able to be accomplished using seven one-way Universal Datagram Protocol (UDP) packets. Most big, important attacks were the result of smaller, incremental discoveries made along the way. Even this attack builds upon the successful techniques of others. Microsoft’s senior security consultant based in the U.K said, “The thing is, just like with WEP, the first attacks took too long and required too much data. Now you can get a WEP key in under a minute. One has to ask how long it will be before subsequent attacks allow discovery of more keystream to reveal actual data for eavesdropping.”

Hacked VoIP Systems...

December 2008

FBI: Criminals auto-dialing with hacked VoIP systems. Criminals are taking advantage of a bug in the Asterisk Internet telephony system that lets them pump out thousands of scam phone calls in an hour, the U.S. Federal Bureau of Investigation (FBI) warned December 5. The FBI did not say which versions of Asterisk were vulnerable to the bug, but it advised users to upgrade to the latest version of the software. Asterisk is an open-source product that lets users turn a Linux computer into a VoIP telephone exchange. In so-called vishing attacks, scammers usually use a VoIP system to set up a phony call center and then use phishing e-mails to trick victims into calling the center. Once there, they are prompted to give private information. But in the scam described by the FBI, they apparently are taking over legitimate Asterisk systems in order to directly dial victims. “Early versions of the Asterisk software are known to have vulnerability,” the FBI said in an advisory posted Friday to the Internet Crime Complaint Center. “The vulnerability can be exploited by cyber criminals to use the system as an auto dialer, generating thousands of vishing telephone calls to consumers within one hour.”

IBM's X-Force...

December 2008

Security attacks reach 2.5 billion per day. In response to a massive rise in Web-based threats, IBM has announced a number of new initiatives which it claims will improve enterprise security. The company said that its Internet Security Systems (ISS) business had sprung into action after its X-Force division identified two “startling” developments: a 30 percent increase in network and Web-based security incidents over the past 120 days; and a 40 percent increase in the number of its clients accessing IBM virtual security operations centers. IBM said that based on data from its 3,700 managed security services customers worldwide, the number of security events had risen from 1.8 billion to 2.5 billion per day over the past four months, and noted that a significant proportion of clients logging in to the security center had not done so in the previous six months. In response to these incidents, IBM’s ISS division plans to introduce new identity and access management services which will help companies govern access to sensitive data and applications.

Koobface on Facebook

December 2008

Destructive Koobface virus turns up on Facebook. Facebook’s 120 million users are being targeted by a virus dubbed “Koobface” that uses the social network’s messaging system to infect PCs, and then tries to gather sensitive information such as credit card numbers. It is the latest attack by hackers increasingly looking to prey on users of social networking sites. Koobface spreads by sending notes to friends of someone whose PC has been infected. The messages, with subject headers like, “You look just awesome in this new movie,” direct recipients to a website where they are asked to download what it claims is an update of Adobe Systems Inc.’s Flash player. If they download the software, users end up with an infected computer, which then takes users to contaminated sites when they try to use search engines from Google, Yahoo, MSN, and Live.com, according McAfee. McAfee warned in a blog entry on Wednesday that its researchers had discovered that Koobface was making the rounds on Facebook. Privately held Facebook has told members to delete contaminated e-mails and has posted directions at www.facebook.com/security on how to clean infected computers.

SECUNIA says...

December 2008

Secunia study finds 98 percent of PCs vulnerable. A survey of computer users has shown that almost every PC is running at least one unpatched application, according to vulnerability testing firm Secunia. Secunia gathered reports from over 20,000 computer users who had downloaded its Personal Software Inspector tool, and found that over 98 percent have at least one application running that is vulnerable to attack. The company warned that the results are even more worrying since the tool is likely to have been downloaded predominantly by more security aware computer users. “Has the world improved since the last look at the numbers? The short answer is no. Nearly every PC continues to run with several insecure programs. If anything, these numbers are worse than [11 months ago] when we generated them initially,” said Secunia. “The total number of PCs/users included in these numbers is 20,000, and 98.09 per cent have one or more insecure programs installed on their PC. Hence 98 out of 100 PCs that are connected to the internet have insecure programs installed.” Another shocking figure from the research is that nearly 50 percent of PCs have 11 or more unsecured programs running on their computers. Secunia warned that antivirus software is largely ineffective at protecting against such vulnerabilities.

Apple Suggest an Antivirus Software

December 2008

Apple quietly recommends using antivirus software. Apple, which has long perpetuated the belief that its operating system is immune to security problems, is recommending that users install security software to make it harder for hackers to target its platform. “Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult,” according to a support note posted last month. Data by computer security researchers has shown that while Apple has not been affected by malicious software nearly to the extent as Windows, it is merely because hackers go after the most widely used platform. Apple is gaining market share, however, which means hackers could increasingly look to exploit the platform, particularly if it becomes perceived as an easier target. Apple systems are also not immune from problems in third-party software, such as plug-ins, which are used to view animated Flash graphics and PDF (Portable Document Format) files. Security problems in plug-ins have frequently been manipulated to cause browsers to redirect to malicious Web sites, which are rigged to try and take advantage of browser flaws. Compared to Windows, there are not nearly as many antivirus products for Apple computers.

iTunes 8 Visualizer Tips

December 2008

If you haven’t played around with the new iTunes 8 visualizer it’s well worth taking a few minutes to play with. It’s been updated, and has some interesting new effects. You can hit Command - T to display the visualizer, and Command-F to make it full screen.
Once you have it running, you can also bring up a list of available functions to help you play around with it. They are as follows:
? - Toggle help screen
M - Change mode
As far as I can tell there are 8 or 9 different patterns.

P - Change palette
Changes the colours used.

I - Display track info
Displays information about the current song.

C - Toggle auto-cycle (on by default)
Turns on or off automatically cycling through modes and colours.

F - Toggle freeze mode
Freezes the visualizer while the camera continues to pan around.

N - Toggle nebula mode
Turns on or off the clouds in the background.

L - Toggle camera lock
Holds the camera still while the visualizer continues.

Thanks mactips.org