My iPod is skipping...

November 2009

After a recent update to the 1.13 software, my ipod is now skipping songs.

Once I reset the ipod, by holding down the menu button and the center button,

my songs now play as before. Follow the link to more discussion about this issue

and possible fixes. Tks JWKanvik 

DNS Problem linked to DDoS!!!

November 2009

Internet security experts say that misconfigured DSL and cable modems are worsening a well-known problem with the Internet’s DNS (domain name system), making it easier for hackers to launch distributed denial-of-service (DDoS) attacks against their victims. According to research set to be released in the next few days, part of the problem is blamed on the growing number of consumer devices on the Internet that are configured to accept DNS queries from anywhere, what networking experts call an “open recursive” or “open resolver” system. As more consumers demand broadband Internet, service providers are rolling out modems configured this way to their customers said the vice president of architecture with Infoblox, the DNS appliance company that sponsored the research. “The two leading culprits we found were Telefonica and France Telecom,” he said. In fact, the percentage of DNS systems on the Internet that are configured this way has jumped from around 50 percent in 2007, to nearly 80 percent this year, according to the vice president. Though he has not seen the Infoblox data, a Georgia Tech researcher agreed that open recursive systems are on the rise, in part because of “the increase in home network appliances that allow multiple computers on the Internet.” Because modems configured as open recursive servers will answer DNS queries from anyone on the Internet, they can be used in what’s known as a DNS amplification attack. In this attack, hackers send spoofed DNS query messages to the recursive server, tricking it into replying to a victim’s computer. If the bad guys know what they are doing, they can send a small 50 byte message to a system that will respond by sending the victim as much as 4 kilobytes of data. By barraging several DNS servers with these spoofed queries, attackers can overwhelm their victims and effectively knock them offline.

Arnold, California Move Toward Skynet!!!

November 2009

California plans to launch information security operations center. California intends to create a state-of-the-art information security operations center to monitor cyber-threats and protect state and local government networks from attack. The proposal is part of a sweeping five-year plan, released November 12 by the state Chief Information Security Officer, which is designed to safeguard government data and critical technology resources from increasingly sophisticated cyber-criminals. The plan calls for creating a California Information Security Operations Center (CA-ISOC) that would provide real-time detection of cyber-attacks and security intrusions across all state government agencies. The center also would support local government networks that need assistance. The CA-ISOC would watch for attacks on the state government’s critical information infrastructure, including attempts to disrupt automated control networks for dams, power plants and other physical facilities. The plan also envisions creating a California Computer Incident Response Team that would work in concert with the state’s Emergency Management Agency and Fusion Center, as well as the U.S. Department of Homeland Security.

Windows 7 Needs a Patch...Go Figure...

November 2009

Microsoft confirms first Windows 7 zero-day bug. Microsoft on November 13 confirmed that an unpatched vulnerability exists in Windows 7, but downplayed the problem, saying most users would be protected from attack by blocking two ports at the firewall. In a security advisory, Microsoft acknowledged that a bug in SMB (Server Message Block), a Microsoft-made network file- and print-sharing protocol, could be used by attackers to cripple Windows 7 and Windows Server 2008 R2 machines. The zero-day vulnerability was first reported by a Canadian researcher on November 11, when he revealed the bug and posted proof-of-concept attack code to the Full Disclosure security mailing list and his blog. According to the researcher, exploiting the flaw crashes Windows 7 and Server 2008 R2 systems so thoroughly that the only recourse is to manually power off the computers. At the time, Microsoft only said it was investigating his reports. Then on November 13, it took the next step and issued the advisory. “Microsoft is aware of public, detailed exploit code that would cause a system to stop functioning or become unreliable,” a spokesman for Microsoft security group, said in an e-mail. “The company is not aware of attacks to exploit the reported vulnerability at this time.”

Turk Student Hack Twitter...

November 2009

Researcher busts into Twitter via SSL reneg hole. A Turkish graduate student has devised a serious, real-world attack on Twitter that targeted a recently discovered vulnerability in the secure sockets layer (SSL) protocol. The exploit by the graduate student is significant because it successfully targeted the so-called SSL renegotiation bug to steal Twitter login credentials that passed through encrypted data streams. When the flaw surfaced last week, many researchers dismissed it as an esoteric curiosity with little practical effect. For one thing, the critics said, the protocol bug was hard to exploit. And for another, they said, even when it could be targeted, it achieved extremely limited results. The skepticism was understandable: While attackers could inject a small amount of text at the beginning of an authenticated SSL session, they were unable to read encrypted data that flowed between the two parties. Despite those limitations, the graduate student was able to exploit the bug to steal Twitter usernames and passwords as they passed between client applications and Twitter’s servers, even though they were encrypted. He did it by injecting text that instructed Twitter’s application protocol interface to dump the contents of the web request into a Twitter message after they had been decrypted. Twitter’s security team closed the hole the week of November 9.

Swedish DoS!!!

November 2009

Attack Hits Swedish Signals Intelligence Agency’s Website - Possibly a protest to recent Internet traffic monitoring activities.The website of the Swedish National Defence Radio Establishment (Forsvarets Radioanstalt) has been the target of a prolonged denial of service (DoS) attack this week. There is some speculation that the incident was caused to protest to the agency’s new role of intercepting and monitoring Internet traffic passing through Sweden. Forsvarets Radioanstalt (FRA) is an intelligence agency of the Swedish government, subordinated to the country’s Ministry of Defence. The DoS attack on FRA’s website began on November 2 and according to a report from the Pingdom uptime monitoring service, extended well into November 3 and 4. This type of attack involves overloading a server with bogus requests until it is unable to process legit ones. The total downtime suffered was of almost 29 hours, but according to an official announcement (in Swedish), it did not affect the agency’s work.

iPhone & R.I.M.Takes the Pie...

November 2009

The latest Q3 2009 smartphone market figures from Canalys show RIM and Apple gobbling up the smartphone market as overall growth in the segment begins to slow. (To read more follow the link Thk. D. Eran Dilger)

Little Known Holes...Enter Here!!!

November 2009

Little-known hole lets attacker hit main website domain via its subdomains. Turns out an exploit on a Website’s subdomain can be used to attack the main domain: A researcher has released a proof-of-concept showing how cookies can be abused to execute such an insidious attack. A senior researcher for Foreground Security published a paper this week that demonstrates how an exploit in a subdomain, such as mail.google.com, could be used to hack the main production domain, google.com, all because of the way browsers handle cookies. “There’s no specific vulnerability here, but it’s widening the attack surface for any large organization that has more than one [Web] server set up. A [vulnerability] in any one of those servers can affect all the rest,” he says. Most Web developers are not aware that a vulnerability in a subdomain could be used to target the main domain. “We’re trying to get the message out that now you have to treat everything [in the domain] as though someone can compromise your crown jewels,” says the CSO for Foreground. “You have to realize that every vulnerability, every attack vector in those subdomains, can be used to compromise [other areas of the domain],” he says. It all boils down to the browsers themselves. Within the DNS architecture, the main domain — fortune500company.com, for instance — has control over its subdomains, such as development.fortune500company.com. Development.fortune500company.com has no authority to change anything on the main fortune500company.com site. But browsers do the reverse, the CSO says. Development.fortune500company.com can set cookies for fortune500company.com, the main domain. That leaves the door open for cookie-tampering, he says, when the subdomain has an exploitable vulnerability, such as cross-site scripting (XSS) or cross-site request forgery (CSRF).

iPhone Snooping Fiasco

November 2009

Backdoor in top iPhone games stole user data, suit claims. A maker of some of the most popular games for the iPhone has been surreptitiously collecting users’ cell numbers without their permission, according to a federal lawsuit filed on November 4. The complaint claims best-selling games made by Storm8 contained secret code that bypassed safeguards built into the iPhone to prevent the unauthorized snooping of user information. The Redwood City, California, company, which claims its games have been downloaded more than 20 million times, has no need to collect the numbers. “Nonetheless, Storm8 makes use of the ‘backdoor’ method to access, collect, and transmit the wireless phone numbers of the iPhones on which its games are installed,” states the complaint, which was filed in US District Court in Northern California. “Storm8 does so or has done so in all of its games.”

Data Breach Notification Bills...

November 2009

Senate committee approves data-breach notification bills. The U.S. Senate Judiciary Committee has approved two bills that would require organizations with data breaches to report them to potential victims. The Judiciary Committee on November 3 voted to approve both the Personal Data Privacy and Security Act and the Data Breach Notification Act by large majorities. The Data Breach Notification Act, sponsored by a Senator who is a California Democrat, would require U.S. agencies and businesses that engage in interstate commerce to report data breaches to victims whose personal information “has been, or is reasonably believed to have been, accessed, or acquired.” The bill would also require agencies and businesses to report large data breaches to the U.S. Secret Service The Personal Data Privacy and Security Act would also require that organizations that maintain personal data give notice to potential victims and law-enforcement authorities when they have a data breach. It would increase criminal penalties for electronic-data theft and allow people to have access to, and correct, personal data held by commercial data brokers. The second bill, sponsored by another Senator who is the Judiciary Committee chairman and a Vermont Democrat, would also require the U.S. government to establish rules protecting privacy and security when it uses information from commercial data brokers.

The Death of the Zeus Trojan

November 2009

First there were hijacked search results, now there are hijacked links: a newly discovered Trojan redirects victims to search engine sites in order to cash in on the clicks. The so-called Opachki Trojan doesn’t do the usual search-result hijacking typically deployed by the bad guys to make money, but instead attempts to hijack all links on a page the infected user is viewing. When the user clicks on a link, the Trojan redirects him to an affiliate-based search engine site that lists multiple links. “This is the first one I’ve seen that tries to replace with arbitrary links rather than hijacking search results,” says a researcher with SecureWorks’ Counter Threat Unit. “This one goes to the page and takes all the links and makes them look like searches so the [victim] sees a search result rather than the page they thought they were going to.” Opachki basically provides the bad guys another way to make money from affiliate search engines that pay people to drive traffic to them, he says. Each time the victim clicks on one of the links at the redirected search engine site, the Opachki author gets paid a small sum of money, he says. “So to make it look somewhat legit, they have real people clicking on things so that it makes it look like that person is searching.” And interestingly, the Trojan does one good deed: if the victim’s machine is also infected by the nasty Zeus banking malware, it kills it. “Why is it deleting Zeus? [Opachki] is hooking into the browser similarly to what Zeus does. Maybe there’s some sort of conflict where they both don’t work on the same machine,” the researcher says. “I’m not sure what they’re thinking” by knocking out Zeus, he says. Opachki infections come via drive-by browser exploits, and the Trojan can do its dirty work even if the user doesn’t have administrative privileges on the machine, according to Stewart’s report on the Trojan.

Hackers Exploit Google

November 2009

Hackers are exploiting web users that were too late in signing up for Google Wave, says Symantec. According to the security firm, web users worldwide are being encouraged to download an application that claims to offer access to Google Wave - a new invite-only online tool for real-time communication and collaboration. However, the application is in fact malware, which allows hackers to potentially steal senstive personal data from your PC. A security analyst for Symantec said: “Cybercriminals have used Google Wave for the bait precisely because of current its popularity. Furthermore, using a trusted brand like this increases the chance of success for the attacker. Unfortunately, this technique is something fraudsters use all the time and internet users should be wary - if something appears too good to be true, then it usually is.” The security firm urged web users to be careful when clicking on links, only download software was from a reputable source and ensure your security software is up-to-date.

If you happen to work on a pc...

November 2009

With the recent release of Windoze 7, here are some links to programs that every pc user should have on their system.

Firefox: http://www.mozilla.com/en-US/

AVG: http://free.avg.com/us-en/homepage

Lavasoft: http://www.lavasoft.com/single/trialpay.php

Spybot: http://www.safer-networking.org/index2.html

FYI: "Make sure you get the right version of Spybot - there’s an imposter out there (I’ve provided the link to the correct one). Note that you want the Ad-Aware free version on the left, unless you want to complete an offer to get the Plus version on the right. I recommend both Ad-Aware and Spybot since in my experience they can find different things." Tks C. Lewis

Cyber Merger...

November 2009

DHS to announce cyber merger. In what could mark a major improvement to the nation’s ability to defend itself against cyber threats, the Department of Homeland Security will announce Friday that the U.S. Computer Emergency Readiness Team (CERT) will merge with the National Coordinating Center for Telecommunications (NCC). The two groups — now separated by two floors — will now be co-located and will operate jointly. It’s an interesting pairing, putting the public-private CERT together with the NCC, an interagency group of 22 Federal departments and agencies first created by a U.S. President in the aftermath of the Cuban Missile Crisis. The pending merger was discussed October 29 at a conference on cyber issues at the National Defense University. One expert at the conference expressed concern that centralizing the functions of the two groups might work against their effectiveness given the widely distributed nature of the Internet. “The primary issue this affects is in response. The military itself is commanded hierarchically but distributes capability among different commands. Unifying the agencies can help with funding but slow response and dilute capability,” said an associate professor at the Calumet campus of Purdue University.

Cyber Policy...

November 2009

U.S. cyber war policy needs new focus, experts say. U.S. policies toward defending against cyber warfare need to take a different approach than the government has against other forms of attack, three cybersecurity experts said on October 29. It will be difficult for the U.S. government to voice and follow through with a policy of cyber deterrence, like it has with nuclear attacks, said a senior management scientist specializing in cybersecurity at Rand, a nonprofit think tank. First, it’s difficult to identify attackers, especially when some nations appear to be sponsoring private attackers, he said during a meeting of the Congressional Cyber Caucus in Washington. But it may also be difficult for the U.S. to follow through with threats of counterattacks, when U.S. cyber experts don’t know how much damage the attacks could do, he added. With cyberattacks, some countries may be willing to gamble on the U.S. capability, unlike with nuclear attacks, he said. “Any deterrence policy is designed to scare people away,” he said. “The problem is, though, if you can’t execute it, you’re bluffing. It’s possible to believe people will call our bluff. If it turns out we can’t do what we say, we not only look embarrassed for ourselves, but we end up calling all of our other deterrents into question.” The senior management scientist and two other cybersecurity experts, talking to members of the Congress and their staff members, said that crafting the right cyber war policy will be difficult. The forum was organized by members of Congress interested in cyber defense policy.

North Korea Attacks!!!

November 2009

Cyberattacks traced To North Korea. The North Korean government was the source of high-profile cyberattacks in July that caused Web outages in South Korea and the United States, news reports said Friday. The IP address – the Web equivalent of a street address or phone number – that triggered the Web attacks was traced back to North Korea’s Ministry of Post and Telecommunications, the chief of South Korean’s main spy agency reportedly told lawmakers. The ministry leased the IP address from China, a individual of the National Intelligence Service told lawmakers Thursday, according to JoongAng Ilbo newspaper. South Korea’s Yonhap news agency carried a similar report. The spy agency declined to confirm the reports. Two lawmakers on parliament’s intelligence committee contacted Friday also refused to confirm the reports. The Unification Ministry, which monitors North Korea, said it cannot comment on intelligence matters. The July attacks, in which floods of computers tried to connect to a single Web site at the same time to overwhelm the server, caused outages on prominent government-run sites in the U.S. and South Korea. Affected sites include those of the White House and the South’s presidential Blue House.

Cyber Terrorism...

November 2009

Few companies addressing cyberterrorism. Cyberterrorism is on the rise around the world. But only one-third of companies are tackling it in their disaster recovery plans, says a survey released October 27 by data center association AFCOM. Although the majority (60.9 percent) of companies questioned see cyberterrorism as a threat to be addressed, “AFCOM’s 2009/2010 Data Center Trends” survey found that only 24.8 percent have adopted it in their policies and procedures manuals. Further, only 19.7 percent provide cyberterrorism training to their employees. Around 82 percent do run background checks on new hires. But that still leaves almost 20 percent of all data centers that don’t perform security checks on new employees, even those working directly with personal, financial, and even military records, noted AFCOM. AFCOM noted that over the past five years, 63 percent of all its data center members have seen a dramatic rise in the amount of information they need to store and protect. The report urges data center managers to include cyberterrorism in their disaster recovery and security plans.

Twitter Phishing Attack...

November 2009

Twitter warned users Tuesday of a new phishing scam on the social networking site. It is the latest in a series of scams that have plagued the site over the past year, designed to trick victims into giving up their user names and passwords. The message reads, “hi. this you on here?” and includes a link to a fake Web site designed to look like a Twitter log-in page. After entering a user name and password, victims enter an empty blogspot page belonging to someone named NetMeg99. Neither of these pages appears to include any type of attack code, but both should be considered untrustworthy, according to a Sophos Technology consultant. Hacked Twitter accounts are a great launching pad for more attacks, he said. “We don’t know precisely what they’re going to do in this case, but often they will send spam messages to advertise a particular site.”