Google, You Got Knocked the F Out, Man!!!

May 2009

Google blackout blamed on network ‘traffic jam.’ Google blamed a network error for an “embarrassing” breakdown in service on May 14 as Gmail, search, YouTube, AdSense and Blogger all experienced outages, while Facebook suffered another phishing attack. Data routing issues caused several Google products to stop functioning on May 14, most notably Google’s main search tool, before service was renewed an hour later. A systems error caused Google to direct web traffic through Asia, which created an internet traffic jam. As a result, about 14 percent of internet users experienced slow services and interruptions. A senior vice president for Google operations said: “Imagine if you were trying to fly from New York to San Francisco, but your plane was routed through an airport in Asia. And a bunch of other planes were sent that way too, so your flight was backed up and your journey took much longer than expected.” Google apologized for the glitch, calling the incident “embarrassing” and said it would work diligently to avoid future breakdowns.

http://www.brandrepublic.com

http://www.thebigmoney.com/blogs/feeling-lucky/2009/05/15/google-blackout-fallout

Going Deep, Going Fast!!!

May 2009

Viruses now penetrating deeper. New malware variants have taken researchers by surprise by adapting new “stealth” methods to penetrate systems deeper so as to avoid detection, according to Kaspersky Lab. The antivirus company said in a video conference on May 13, a new variant of botnet, Sinowal, also known as Torpig, marks the first time cybercriminals have used such sophisticated methods. Kaspersky said Sinowal writes itself to the user’s hard drive master boot record (MBR), the operating system’s lowest level, and has been successful in avoiding detection by antivirus products. It said the worm has over the last month been actively spreading through a number of methods including Web sites exploiting the Neosploit rootkit and a vulnerability in PDF software, Adobe Acrobat Reader. Kaspersky said new methods of infiltration have also rendered it nearly impossible for users to avoid infection, even if they are careful. Seemingly clean sites can also perform backend redirection to malware-ridden sites. The head of the virus lab for Kaspersky said Web malware authors have favored redirection exploits on Web apps and search fields, like iFrame attacks during 2008, compared to 2007 which saw more Trojan horses and droppers being used. The Web has also overtaken e-mail as the top transport medium for viruses, with the number of infected sites growing 300 percent in 2008, he said.

Who gets a patch???

May 2009

Adobe gets a patch:

Adobe to patch critical Adobe Reader, Acrobat vulnerabilities. Adobe is issuing patches on May 12 for critical Adobe Reader vulnerabilities that could allow remote attackers to launch malicious code on users’ computers through infected PDF files. The impending update will repair critical Adobe Reader and Acrobat Reader errors in versions 9.1 and prior for Windows, Mac and Unix systems. The patch also will cover Adobe Reader 9.1 and 8.1.4 for Linux. If exploited, the flaw could allow attackers to launch denial of service attacks, crash a system or distribute malware that could take control of a user’s computer and steal information. Reports indicate that the vulnerability stems from an error in the “getAnnots” java_script function, according to the U.S. Computer Emergency Readiness Team. In an effort to mitigate the risk, the federal agency recommended that users disable java_script in Adobe Reader. To disable java_script, users are advised to select the java_script category under the “Edit:Preferences” tab and uncheck the “Enable Acrobat java_script” option. The San Jose, California-based company issued a security advisory in April warning users that the critical flaw affected Adobe Reader 9.1 and all previous versions of Adobe Reader and Acrobat Reader. So far, security experts say that there are no known “in the wild” attacks exploiting the vulnerability, but that likely will change as hackers get a hold of the exploit code and take advantage of users who have failed to update their systems.

Microsoft gets a patch:

Microsoft delivers mega PowerPoint patch. As expected, Microsoft on May 12 patched a six week-old critical vulnerability in PowerPoint, the presentation maker that is part of the popular Office suite, using a single security update. But that one update patched 14 separate vulnerabilities, 11 of which were rated “critical,” Microsoft highest threat ranking. Also, while Microsoft patched all still-supported Windows editions of Office, including Office 2000, Office XP, Office 2003 and Office 2007, it was not able to complete fixes for the three vulnerabilities that also affect Office 2004 and Office 2008 on Macs. Fixes for those editions were not ready, the company said. This is the first time that Microsoft has issued patches, but not plugged holes in every affected version, a fact the company itself acknowledged. “We normally do not update one supported platform before another, but given this situation of a package available for an entire product line that protects the vast majority of customers at risk within the predictable release cycle, we made a decision to go early with the Windows packages,” said an engineer with the Microsoft Security Response Center, in a post to a company blog. “None of the [PowerPoint] exploit samples we have analyzed will reliably exploit the Mac version, so we did not want to hold the Windows security update while we wait for Mac packages,” added the engineer. http://www.reuters.com

Your Home D-Link Security...

May 2009

Eyeing home network security, D-Link brings CAPTCHA to routers. At about 76 percent of all phishing attacks, software represents the largest doorway that cybercriminals such as hackers use to enter computer users’ systems and steal confidential information, IT security experts say. One Cupertino, California-based security, storage and systems management solutions provider, Symantec Corp., recently reported that it is seeing malicious code grow at a record pace. In recent weeks, more and more home and small office computers have seen their networks compromised by Internet security attacks that gain traction through the devices that many use to make users’ home-surfing lives more portable: routers. In an effort to try and preempt the attacks, one Fountain Valley, California-based company recently launched a new system that prevents malicious software by detecting whether responses are generated by humans or computers. Officials at D-Link say their so-called “CAPTCHA” system, short for “Completely Automated Public Turing test to tell Computers and Humans Apart,” helps identify and root out actions caused by worms, viruses and Trojan horses. A common type of CAPTCHA requires the user to type letters or numbers from a distorted image that appears on the screen. “These malicious software invasions, in which users unknowingly download a Trojan horse when performing common tasks, invade the router to detect wireless capabilities, then alter the victim’s domain name system records so that all future traffic is diverted through the attackers’ network first,” company officials say. “The integration of CAPTCHA into home routers is a natural extension of this security technology and should cut down on the infiltration of malicious software, spyware and Trojans into home networks,” the TMC president said.

Big Ups to DropBoks

May 2009

For small online file storage, give this crew a peep.

Explanation: DropBoks is a little website that allows you to securely store your files online. No bells and whistles, just simplicity. Size: Your account has 1 GB of storage space. You can upload/download files (any format) as large as 50 MB. Security: Log in, and DropBoks switches to HTTPS . Your files are encrypted, authenticated, and secure. Cost: It's free, though we offer the option to upgrade your account for a small monthy cost if you like.

Check out their blog:
http://dropboks.wordpress.com

Big Ups to DropBoks

Are Virtualized Systems Better???

May 2009

Virtualized systems can be a security risk: analyst. With companies looking for ways to cut their IT infrastructure costs, there is no hotter technology right now than virtualization. But those cost savings could carry a big price in compromised security if IT managers are not careful. That was the message from a Gartner Fellow in his “Securing Virtualization, Virtualizing Security” presentation the week of May 4 at Everything Channel’s Midsize Enterprise Summit in Miami. The Fellow’s argument is that most virtual machines being deployed by IT departments currently are not as secure as physical systems. Not that virtualization is inherently less secure, the Fellow was careful to say, but most virtualization technology is not being deployed in a secure way. Several times during his presentation the Fellow argued that many suppliers of virtualization and security technology are not providing the same kinds of protection they provide for physical systems. “The bad news is most of the big guys are still missing in action,” he said. 

Powerpoint Holes...

May 2009

Microsoft to patch critical PowerPoint zero-day flaw. Microsoft plans to issue one critical patch during its monthly patch cycle the week of May 11, plugging a critical flaw in its PowerPoint presentation program that is being actively targeted by attackers. The PowerPoint vulnerability was the only bulletin identified in the Security Bulletin Advance Notification issued on May 7 by Microsoft. Details of the flaw surfaced last month and Microsoft acknowledged that the flaw was being exploited by hackers in the wild in targeted, limited attacks. PowerPoint versions affected by the flaw are Office PowerPoint 2000 Service Pack 3, Office PowerPoint 2002 Service Pack 3, and Office PowerPoint 2003 Service Pack 3. In a Microsoft Security Advisory issued April 2, the software giant said the flaw could allow remote code execution if a user is tricked into opening a malicious PowerPoint file. The malicious PowerPoint files identified by some security vendors contain a Trojan dropper embedded within the presentation. The file can be passed via an email message with a malicious PowerPoint attachment or by tricking users to view a malicious website containing a Trojan downloader. “If a user is logged on with administrative user rights, an attacker could take complete control of the affected system,” Microsoft said in its advisory. Until a patch is released, Microsoft has issued guidance, recommending that organizations could temporarily force all PowerPoint files to open in the Microsoft Isolated Conversion Environment (MOICE). Companies that have migrated to the newer XML file format can temporarily disable the binary file format using the FileBlock registry configuration. As it does every month, Microsoft said it would also update its Windows Malicious Software Removal Tool. 

Holes in McAfee...

May 2009

McAfee blasted for having holes in its Web sites. Security vulnerabilities on McAfee sites, including one designed to scan customers’ sites for flaws, exposed certain customer accounts and could have been used for phishing attacks in which malware disguised as McAfee software could be distributed, security experts say. McAfee said on April 5 that most of the vulnerabilities were fixed, except for one part of the Web site that was taken offline to be fixed. The McAfee sites were found to be vulnerable to cross-site scripting (XSS) attacks and cross-site request forgery attacks that could lead to phishing attacks on customers who think they are visiting the security vendor’s site, according to an article on ReadWriteWeb. Ironically, one of the vulnerable sites was McAfee Secure, which scans customer sites to determine if they are vulnerable to such attacks. The problem would signal that either McAfee does not run McAfee Secure across all of its own sites or the product does not work well, the report said. To fall victim to a cross-site request forgery attack on that site, targets would have to be logged into their McAfee accounts and browse to a malicious Web site that exploits the vulnerability, according to the Risky.biz site. Such attacks on sites of antivirus vendors are particularly dangerous because they enable attackers to create fake versions of security products that install Trojans or other malware and customers will trust it, the co-founder of Secure Science Corporation told ReadWriteWeb.

Cyberwar Rules...Really???

May 2009

Experts: U.S. military’s cyberwar rules “ill-formed.” An experts panel criticized U.S. plans for cyberwarfare as “ill-formed,” “undeveloped,” and “highly uncertain”; as a result, many nuances of cyberwar have remained poorly understood, even as the military actively prepares for it. The U.S. government has yet to form a coherent policy for engaging in warfare that involves attacks on a country’s electrical power grids and other critical infrastructure, according to a non-profit group of scientists and policy advisers. They called on policy makers to actively forge rules for how and when the military goes about mounting offensive and defensive acts of cyber warfare. “The current policy and legal framework for guiding and regulating the U.S. use of cyberattack is ill-formed, undeveloped, and highly uncertain,” the report, published by the National Academy of Sciences, states. “Secrecy has impeded widespread understanding and debate about the nature and implications of U.S. cyberattack.” The many nuances of cyberwar have remained poorly understood, even as the military actively prepares for it. They include the high degree of anonymity of those who carry out such attacks, making it hard to identify those who perpetrate them. Such attacks also result in much more uncertain outcomes than traditional warfare, making it hard to predict success and collateral damage.

Facebook Spam Scam...

May 2009

Facebook targeted in spam scam. The popular social networking site Facebook successfully fought off an attack from a piece of malware on April 30, the second attack this week. Facebook, which claims 200 million users, said the phishing scam tricked users into clicking on a link in the messages inbox that took them to a false Facebook Website here cyber-criminals were able to access their login information. The company said on April 30 it was able to shut down the two malicious links at the core of the attack, fbstarter.com and fbaction.net. Facebook said it is also in the process of removing messages that refer to the link, which tricks users with the message “Look at this!” as well as resetting passwords for affected members. The April 29 attack, a similar worm, directed users to the site BAction.net. In the wake of the attacks, Facebook and brand protection firm MarkMonitor announced that Facebook is using MarkMonitor’s AntiFraud Solutions to supplement Facebook’s own in-house security efforts in protecting users against malware attacks. Facebook, which already uses MarkMonitor AntiFraud Solutions to help combat phishing attacks, is expanding its use of MarkMonitor to further protect Facebook and its users from ongoing malware attacks. A Facebook threat analyst said the company’s deep commitment to the safety of its millions of users requires a strong, proactive security strategy, best-of-breed technology and active engagement with industry leaders. “MarkMonitor demonstrated that it understood the complexity of the phishing issue we were facing so it was a natural next step for us to bolster our own security systems with their anti-malware solution,” he said.

Two Words: Ken Stone

May 2009

For more editing tips and tricks....

Keep up the great work guys...

...from Ken to us all:

Hi Everyone, 

Well, as promised, I now have a new FCP Discussion board. A special thanks to Christoph Vonrhein, of CHV-Electronics fame, he's the guy who builds all those great FC Studio plugins. He put this new board together for me. 

As my old board was so heavily spammed, this new board does require a one time registration, "Create A New Profile". After you register you will receive an email, in the email, you must click on the link that is contained in the email to complete the registration process. 

Some requested features have been added. 

The ability to go back and edit your own post/reply after it has been posted. 

There is a Tool Bar in the Message field that will allow you to customize your message. 

You can now "Attach a file" (image) that will be automatically be uploaded with your post or reply and will be stored on my server (so you don't need an ISP account). If you attach a photograph wider than 920 pixels, the image will be scaled down to 920 pixels. You can Save the image, control (right-click) on the image and choose, 'Save Image to Desktop', or simply click on the image and drag it to your desktop. 

Attach a file 
Valid attachments: jpg, jpeg, gif, png, tif, tiff. 
No file can be larger than 2 MB 
2 file(s) can be attached to this message 

There is also a "Private Message" feature to contact a board member privately. To use this feature, click on "Private Messages" in the menu bar. This will open a new window. Under Options, click on 'Send a PM'. A message window will appear. In the "To: Select Recipient" drop-down menu, select the board memeber that you want to communicate with. The recipient will receive an email and will also see a 'highlighted' link that says, "You have a new Private Message' in the menu bar at the top of the Discussion board window in his/her Browser. Click on this link (or on the link in the PM email) to view your PM and reply. 

There is a 'Back' buton, it is called 'Message List'. 

As this board is still a 'work in progress', please let me know if there is anything else that I can do to improve your posting experience, or if things are not working right for you. 

Enjoy, 

--ken

iPlotz: wireframe your ideas...

May 2009

One of the coolest programs we've seen so far this year.

iPlotz allows you to rapidly create clickable, navigable mockups and wireframes for prototyping websites and software applications.

Create a project, add wireframe pages with design components and discuss your creations with others.

With iPlotz you can create clickable, navigable wireframes to create the experience of a real website or software application. You can also invite others to comment on the designs, and once ready, you can then manage the tasks for developers and designers to build the project.

Holes in Adobe Reader...

May 2009

Another Adobe Reader security hole emerges. Security experts are recommending that people disable java_script in Adobe Reader following reports of a vulnerability in the popular portable document format reader on April 28. The vulnerability appears to be due to an error in the “getAnnots()” java_script function and exploiting it could allow someone to remotely execute code on the machine, according to an advisory from the US-CERT. “US-CERT encourages users and administrators to disable java_script in Adobe Reader to help mitigate the risk,” the post said. “To disable java_script in Adobe Reader, open the General Preferences dialog box. From the Edit-Preferences-java_script menu, uncheck ‘Enable Acrobat java_script.’” All currently supported shipping versions of Adobe Reader (8.1.4, 9.1 and

7.1.1 and earlier) are vulnerable and Windows, Macintosh and Unix platforms are affected, Adobe said in an advisory. The company said it would release updates for all the platforms but did not yet have a time frame for that. “We are currently not aware of any reports of exploits in the wild for this issue,” the advisory said.

F-stops vs T-stops

May 2009

f/number

Definition: Setting of lens diaphragm that determines amount of light transmitted by lens. * Equal to focal length of lens divided by diameter of entrance pupil. * f/numbers are, for convenience and by convention, placed on a scale in which each standard f/number step (f/1, f/1.4, f/2, f/2.8, f/4, f/5.6, f/8, f/11, f/16, f/22, f/32, f/45, f/64 and so on) represents a doubling in the amount of light transmitted e.g. f/4 transmits twice as much light as f/5.6; conversely, f/16 transmits a quarter of f/8. * Since f/number is usually calculated from simple physical dimensions, different lens designs, varying focus and the use of accessories may all affect the actual amount of light projected: one lens set to e.g. f/8 may not give quite the same exposure as another lens set to f/8...

T-number

Definition: f/number of a lens corrected for the light loss during transmission through the lens. * f/number of a perfectly transmitting lens which would give the same illuminance on the axis as that produced by the test lens. * Equals the f/number divided by the square root of transmittance (assuming a circular aperture) e.g. if transmittance is 50% (only half light entering system exits the system), square root of a half is 1/C2, so T-number is one stop more than the f/number, so a relative aperture of f/4 with transmittance 50% is a T/5.6 lens. * Also known as T-stop. Assuming the ideal The f/number of a lens is defined by simple geometry (one length divided by another) so it assumes that the lens passes all of the light entering it. But no lens does: each interface between media of different refractive indexes causes a loss. Modern lenses are amazingly efficient so losses are in practice very small and, at any rate, losses are automatically compensated by through-the-lens metering. T-numbers are important in film industry, where TTL metering is not common. ..


So the T stop is an accurate corrected transmission reference for a particular lens as opposed to the theoretical maximum. Both use the same exposure scale...
Thanks D. Rasberry

The Top Banks...

The Largest Banks in the U.S.

Here is a list of the 50 largest banks and savings institutions in the United States ranked by total deposits in thousands of dollars.

Institution Name:  State:  Institution Name:  No. of Offices:  Total Deposits:
as of June 30,2007



Bank of America
North Carolina      5,728
596,584,899


JPMorgan Chase Bank
Ohio
3,108
439,996,000


Wachovia Bank
North Carolina
3,103
314,850,000


Wells Fargo Bank
South Dakota
3,255
263,664,999


Citibank
Nevada
1,036
210,289,000


Washington Mutual Bank
Washington
2,180
202,706,306


SunTrust Bank
Georgia
1,747
114,579,848


U.S. Bank
Ohio
2,590
113,097,080


Regions Bank
Alabama
2,087
88,388,815


Branch Banking and Trust Company
North Carolina
1,484
83,720,251


National City Bank
Ohio
1,451
82,374,824


HSBC Bank USA
Delaware
455
75,342,071


World Savings Bank, FSB
California
287
73,247,967


Countrywide Bank
Virginia
2
60,616,621


PNC Bank
Pennsylvania
836
59,188,198


Keybank
Ohio
965
57,286,597


ING Bank, fsb
Delaware
1
54,161,553


Merrill Lynch Bank USA
Utah
3
51,601,084


Sovereign Bank
Pennsylvania
745
49,134,698


Comerica Bank
Michigan
395
41,797,801


Union Bank of California
California
331
40,650,535


Commerce Bank
Pennsylvania
398
40,126,588


North Fork Bank
New York
356
38,059,484


Fifth Third Bank
Michigan
775
37,990,237


LaSalle Bank National Association
Illinois
138
34,653,022


E*TRADE Bank
Virginia
2
33,197,825


Bank
of the West
California

671

33,151,413



Citibank (South Dakota) N.A.
South Dakota
4
32,892,908


Manufacturers and Traders Trust
Company
New York
673
32,811,138


Harris National Association
Illinois
226
30,725,670


The Bank of New York
New York
9
29,601,000


Chase Bank USA,
Delaware
3
29,565,966


Marshall and
Ilsley Bank
Wisconsin
321
28,899,307


TD BankNorth
Maine
626
28,092,910


Fifth Third Bank
Ohio
415
27,054,097


USAA Federal Savings Bank
Texas
1
25,267,329


Citizens Bank of Pennsylvania
Pennsylvania
415
24,485,743


The Huntington National Bank
Ohio
424
24,121,042


Citizens Bank of Massachusetts
Massachusetts
262
23,713,359


LaSalle Bank Midwest
Michigan
268
23,435,977


Compass Bank
Alabama
420
23,405,240


First Tennessee Bank
Tennessee
259
21,763,800


Charter One Bank
Ohio
490
21,270,835


Capital One
Louisiana
354
20,567,194


Discover Bank
Delaware
2
20,343,620


UBSBank
Utah
1
20,222,245


Morgan Stanley Bank
Utah
1
19,535,000


Colonial Bank, National Association
Alabama
321
16,663,063


Banco Popular de Puerto Rico
Puerto Rico
202
15,269,000


TD Bank USA, National Association
New York
1
15,246,862

What's up with Puerto Rico???

May 2009

Puerto Rico sites redirected in DNS attack. An attack on the main domain name system registrar in Puerto Rico led to the local Web sites of Google, Microsoft, Yahoo, Coca-Cola, and other big companies being redirected for a few hours on April 26 to sites that were defaced, according to security firm Imperva. Those sites and others including PayPal, Nike, Dell, and Nokia, were redirected to sites that were black except for messages in hacker lingo saying that the sites had been hacked. However, the sites themselves were not hacked, the chief technology officer at Imperva, said on April 27. A group calling itself the “Peace Crew” claimed that they used a SQL injection attack to break into the Puerto Rico registrar’s management system, he said. “We are seeing more and more of these DNS-related attacks and seeing them scale up,” he added. While the sites that visitors were redirected to were obviously not the legitimate sites, DNS redirects could be used to send unsuspecting Web surfers to phishing sites pretending to be banks where they would be prompted to provide sensitive information. People should use the SSL (Secure Sockets Layer) protocol for encrypting communications with sensitive sites and use anti-phishing technology in the browser that colors part of the URL address bar green or red based on the safety level of the site being visited.

Protect your PC running Windows OS...

May 2009

Bitlocker, TPM won’t defend all PCs against VBootkit 2.0. Trusted Platform Modules and BitLocker Drive Encryption can protect Windows 7 computers against a bootkit attack unveiled recently but these technologies will not be available on a large portion of computers, leaving millions of users unprotected when Microsoft releases its next version of Windows. VBootkit 2.0 is proof-of-concept code that was unveiled by security researchers of NVLabs, at the Hack In The Box (HITB) security conference held in Dubai recently. The code, which is just 3KB in size, allows an attacker to take control of a Windows 7 computer by patching files as they are loaded into the system’s main memory. Because no software is modified on the computer’s hard disk, the attack is nearly undetectable. VBootkit 2.0 is an updated version of an earlier tool, called VBootkit 1.0, that can take control of a Windows Vista computer by a similar method. With VBootkit 2.0, once an attacker has taken control of the Windows 7 computer during the boot process they are able to get system-level access to the computer, the highest level possible. They can also remove user passwords to gain access to protected files and strip DRM (digital rights management) protection from multimedia files. The passwords can then be restored, hiding any evidence that it was compromised. “There is no fix for this. It cannot be fixed. It is a design problem,” one of the program designers said during his presentation last week, referring to Windows 7’s assumption that the boot process is safe from attack. In response, a Microsoft representative said Windows 7’s support for Trusted Platform Module (TPM) and BitLocker Drive Encryption (BDE) means the attack is “void,” downplaying the threat to users.

17 is Now An Adult....If You are a hacker...

May 2009

Teenaged hacker decreed for 11 months. A teen computer hacker who controlled several systems in botnet attacks has to face an imprisonment of 11 months in an adolescent prison. The 17 year old from Worcester, Massachusetts, referred to N.H. in court records or by his online name Dshocker, beseeched guilty of system fraud, four cases of wire cheating, and interstate threats during November 2008. N.H. also obtained stolen credit card numbers and purchased goods and services from them both for himself as well as for others. He assisted several carders purchase goods from these stolen cards teaching an associate who worked for a big shipping firm to redirect the packages of goods either to himself or to other carders. While announcing his punishment in the second week of April 2009, he was also granted two years probation period. Federal prosecutors informed that from November 2005 to May 2008, the accused also hacked the commercial computer systems to steal details and spread bogus bomb threats. As per the U.S. Attorney Office, the teenager issued orders to a control server commanding a network of thousands of systems to assail the target system, collapsing it or turning it slow, refuting services of that computer to the users. That is called “distributed denial of service attack.” The accused also confessed to obtaining unauthentic access to several systems repeatedly, which includes Road Runner, Comcast and Charter Communications, and robbed customer data. He also gained unauthentic access to the proprietary software and firmware of a company to amend cable modems, enabling him and others free web access.

How Smart are Hackers??? Smart Enough....

May 2009

Cybercriminals adopt industrial methods to enhance effectiveness. Cybercriminals have become industrialized to increase their effectiveness. They are increasingly using encryption to cover their tracks and prevent forensic investigators from recovering evidence, according to a security researcher for SecureWorks. The researcher, speaking at the RSA Security Conference in San Francisco on April 23, said the criminals are using virtual private networks to siphon stolen information from hacked companies so the stream of exiting data often goes undetected by the victim. They have also wised up to encrypting their hard drives so even when they are captured by authorities, evidence stored on their computers cannot be cracked. A security consultant and operator of MyNetWatchman, who spoke on a panel with the researcher, described malware-distribution services that help malicious-code creators infect machines with viruses and keystroke logging programs. The entrepreneurs behind the distribution services control legions of hacked computers corralled into botnets, and charge customers (other hackers and spammers) for the privilege of running their own malware on the hacked machines. The going rate for infection distribution varies from $5 per 1,000 computers in Asia to $130 for 1,000 installations in the United States. The distribution services are just one example of the ways that criminals in the computer underground have become industrialized to trade niche skills and expertise. The security consultant also described anonymization VPN services catering to the underground that use hijacked botnet computers to hide a criminal’s tracks. Using a VPN client, a criminal can choose any hacked system or node on the botnet through which to tunnel his traffic or access a victim’s bank account.

Lawmakers Re-Exmaine Internet...HAHAHAHAHA

May 2009

Lawmakers to re-examine Internet-sharing software. A House committee is reopening its investigation of Internet services that let computer users distribute music and movies online amid reports the same software was exploited to gain unauthorized access to government and private data. The House Oversight and Government Reform Committee sent letters Monday to the Justice Department, Federal Trade Commission and The Lime Group, which runs LimeWire, a popular file-sharing service. The letters sought information about any such breaches and what the current administration and company are doing to protect against them. Asked about the renewed investigation, a LimeWire spokeswoman responded, “We at LimeWire understand that Internet safety is paramount, and we strive to offer peer-to-peer’s most secure technology.” She said the company had worked with other P2P providers and regulators to develop and implement protections, including changes in default settings; file-sharing controls; shared folder configurations; and sensitive-file-type restrictions. “Our newest version, LimeWire 5.0, by default, does not share sensitive file types such as spreadsheets or documents,” she said. “In fact, the software does not share any file or directory without explicit permission from the user.”

Want to sell a Nokia Cellphone??? Why??

May 2009

Nokia: We don’t know why criminals want our old phones. The mystery why cybercriminals want a discontinued Nokia phone is not getting any clearer. Hackers have been offering up to US$32,413 in undergrounds forums for Nokia 1100 phones made in the company’s former factory in Bochum, Germany. The phone can allegedly be hacked so as to facilitate illegal online banking transfers, according to the Dutch company Ultrascan Advanced Global Investigations. Nokia maintains the phone’s software is not flawed. “We have not identified any phone software problem that would allow alleged use cases,” the company said in an e-mailed statement. The 1100 can apparently be reprogrammed to use someone else’s phone number, which would also let the device receive text messages. That capability opens up an opportunity for online banking fraud.

Bot Monster Hunt...

May 2009

Cops hunting monster-botnet builders. The FBI and British law enforcement authorities are trying to hunt down hackers responsible for the largest botnet ever known to the IT world, according to a California-based Internet security company. Finjan’s Chief Technology Officer has told the Financial Times that six people based in Ukraine are suspected of compromising 1.9 million computers worldwide in just two months — many of them in the United States. London’s Metropolitan Police department confirmed to CBS News on Wednesday that their e-crime unit was investigating a botnet created by Ukrainian hackers. The Met would not say what other agencies they are working with, but they do often work with other agencies on cases involving international cyber-crime, including the FBI. According to Finjan, nearly half of the infected computers were in the United States and almost 80 percent of the infected computers were running Internet Explorer, while 15 percent were using the Firefox Web browser, CNET reported. Some critics have said Finjin has not provided evidence that this is the biggest botnet ever.

Adobe Reader Exploit

May 2009

F-Secure says stop using Adobe Acrobat Reader. With all the Internet attacks that exploit Adobe Acrobat Reader people should switch to using an alternative PDF reader, a security expert said at the RSA security conference on April 22. Of the targeted attacks so far this year, more than 47 percent of them exploit holes in Acrobat Reader while six vulnerabilities have been discovered that target the program, the chief research officer of security firm F-Secure, said in a briefing with journalists. Just last month, Adobe issued a fix for an Acrobat Reader hole that attackers had been exploiting for months, after issuing a patch for a critical vulnerability in Flash player the month before. In 2008, the favored targeted attack vector was Microsoft Word, which had 15 known vulnerabilities, compared to Acrobat Reader’s 19, and which represented 34.5 percent of the attacks, compared to 28.6 percent for Acrobat Reader, he said. Top-level executives, defense contractors, and other people who have access to specific sensitive corporate or government information are subject to targeted attacks where an attacker sends a file that has malicious code embedded in it. Once the file is opened, the computer is infected typically with a back door that then steals data. PDF and Flash browser plug-ins are also used in attacks known as “drive-by downloads” in which malware is surreptitiously downloaded onto a computer while the user is surfing the Web. The number of PDF files used in attacks rose from 128 between January 1 and April 16 last year to more than 2,300 in that same time period during this year, the chief research officer said.

Twitter Worm...

April 2009

Teen takes responsibility for Twitter worms. As a second Twitter exploit began circulating on the micro-blogging site on April 12, a teenager from Brooklyn told CNET News he created both worms because he was bored and wanted to draw attention to the Twitter flaw. Much like the April 11 StalkDaily worm, the “Mikeyy” worm posts unwanted messages to users’ pages. The “Mikeyy” worm began spreading on the micro-blogging site on April 12, posting messages such as “Mikeyy I am done...,” “MikeyyMikeyy is done.,” and “Twitter please fix this, regards Mikeyy.” A 17-year-old Brooklyn resident told CNET News in an interview that he created the worm “out of boredom.” “I thought about it later and basically did it because I was bored,” he said. “And I did not think Twitter would fix (the flaw) very soon. But I did not think it would spread as far or as fast as it did.” Twitter said it has closed the hole that allowed the worm to spread. “We have taken steps to remove the offending updates, and to close the holes that allowed this ‘worm’ to spread,” Twitter said in a statement on April 11. “No passwords, phone numbers, or other sensitive information were compromised as part of this attack.” However, the creator of the worm said he released the second worm exploiting the original flaw on April 12, after Twitter claimed to have closed the holes. He also said that he had not yet been contacted by Twitter representatives.

New Skype vulnerability discovered

April 2009

A new phishing attack demonstrated by researchers at Secure Science allows hackers to gain access to a user’s Skype client and then pose as a financial institution or proxy outbound calls. The technique is called “SkypeSkrayping” and is similar to a phishing attack only a bit more interactive. According to the report, sing either an inline frame (“iframe”) or image (“img”) tag, attackers could add a Specific Call Forwarding Number, grant attacker ability to receive the victim’s incoming call, obtain a Skype-To-Go Number, and/or grant an attacker the ability to access victim’s voicemail, speed dial, and outbound calling via Spoofed Caller-ID. The company’s IT department is working on resolving the problem.