Tuesday, May 24, 2011

Report: Sony Music Greece, Indonesia Hacked

Sony Music Greece was hacked with its user data published to the Web and Sony Music Indonesia's Web site was defaced, according to an online news report.

The attacks, if confirmed, would be just the latest in a series of security problems the company has had in the past month starting with a distributed denial-of-service attack by the loosely organized hacker group Anonymous in early April to protest Sony's taking PS3 hackers to court.

A Sony spokeswoman provided this statement via e-mail this evening: "There was an online tweet that one page of Sony Music Indonesia's Web site was altered and Sony Music Indonesia shut down the access to such page and started investigation. We are investigating the Sony Music Greece matter."

SonyMusic.gr was attacked with a SQL injection method and customer names, user names, and e-mail addresses of potentially more than 8,300 users were posted on Pastebin.com, The Hacker News reported on Sunday. It displayed a screen shot that said "hacked by b4d_vipera." The link to the Pastebin page was empty as of Monday morning.

Chester Wisniewski at Sophos included a snippet of redacted data from the Pastebin page on his Naked Security blog post and said that it appeared to be incomplete "as it claims to include passwords, telephone numbers and other data that is either missing or bogus."

The SonyMusic.gr site was down this morning. Users should reset their passwords when they can and be alert to the possibility of phishing attacks, Wisniewski wrote.

The Hacker News first reported the Sony Greece hack on Saturday, as well as reporting that the Sony Music Indonesia site had been defaced with a screenshot saying "defaced by k4L0ng666." The Indonesia site was accessible on Monday morning.

On Friday, The Wall Street Journal reported that someone broke into the network of Sony's Japanese ISP subsidiary, So-net Entertainment, compromised e-mail accounts and stole customer rewards points. Also late last week, Sony Thailand's site was hacked and being used for phishing, according to ZDNet UK.

However, the big Sony breach came in April when someone hacked into the PlayStation Network and exposed personal information from 77 million customer accounts. Shortly thereafter, the company said attackers may also have obtained data from close to 25 million Sony Online Entertainment accounts.

It's likely that the subsequent attacks are not all connected, but could instead indicate that attackers are testing Sony's network for weaknesses and exploiting confusion among Sony customers about security of their accounts.

Source: http://news.cnet.com/8301-27080_3-20065389-245.html#ixzz1NHu7kyOv

Thursday, May 5, 2011

LastPass Forcing Members To Change Passwords

Users who manage and store their passwords through password management service LastPass are being forced to change their master passwords after the site noticed an issue this week that raised the spectre of a possible security breach.

As described in a blog yesterday, LastPass recently followed a string of breadcrumbs that pointed to an anomaly in its network traffic on Tuesday. Though such anomalies aren't unusual, LastPass found a matching anomaly in one of its databases. Unable to identify a root cause for either anomaly, the company made the decision to assume the worst--that some of its data had been hacked.

Although LastPass hasn't identified a specific breach, it's erring on the site of caution by now forcing its members to change their master passwords. For you non-LastPass users, what exactly does that mean?

Services like LastPass and rival RoboForm let users create and manage passwords to more easily log in to the vast array of secure Web sites they visit. Those passwords can be stored on a PC or mobile device as well as online. As one means of protection, both companies typically urge users to create a single complex master password that can unlock the key to accessing their passwords. Of course, if that master password is compromised, hackers potentially can gain access to all the individual passwords, one reason why these companies advise users to employ complex master passwords.

In this case, LastPass said it believes that users with complex non-dictionary master passwords were probably safe even if any data was compromised. But the company knows that many users out of force of habit often choose simple, easily decipherable passwords. Though it sees the need to require all users to change their passwords as an overreaction, as LastPass says, "we'd rather be paranoid and slightly inconvenience you than to be even more sorry later."

In the meantime, LastPass says that it's taking further precautions against the anomaly by shutting down and moving certain key services and verifying all of its source code. The company is also enhancing the encryption used to protect its data.

Update 9:30 a.m. PT: LastPass is now reporting on its blog that the company is being overwhelmed by support requests and is having trouble keeping up with the number of password changes. The company has since set up a way for users to confirm their e-mail addresses without having to change their passwords. As a result, LastPass is urging people who are using the service from the same computer or IP address to hold off on changing their passwords for a few days.

"We're asking if you're not being asked to change your password then hold off--we're protecting everyone."

The company further suggests accessing your LastPass data offline by disconnecting from the Internet and then logging in or by downloading its LastPass Pocket software, which lets you carry around your data on a USB stick.

Source: http://news.cnet.com/8301-1009_3-20060004-83.html#ixzz1LUtFvByE

Thursday, April 28, 2011

Iran Targeted In New Malware Attack

Iran is investigating new malware dubbed "Stars" that government officials say is being targeted at the country as part of ongoing cyberattacks.

"The particular characteristics of the Stars virus have been discovered," Gholamreza Jalali, commander of the Iranian civil defense organization, told the Mehr news agency according to Reuters.

"The virus is congruous and harmonious with the (computer) system and in the initial phase it does minor damage and might be mistaken for some executive files of government organizations," he said, declining to specify what equipment the virus targets.

Jalali said efforts to contain last year's Stuxnet infections are ongoing and called on the foreign ministry to take action to stop the "cyber wars" against the country.

Officials in Iran have accused the U.S. and Israel of being behind Stuxnet, which spread through Windows holes and targeted specific Siemens industrial control software. Experts speculate it was written to sabotage Iran's nuclear program.

Source: http://news.cnet.com/8301-27080_3-20057103-245.html#ixzz1KrFJA3Gs

Tuesday, April 19, 2011

Match.com To Screen For Sex Offenders

(Credit: Chris Matyszczyk/CNET)

Match.com will start checking its members against a national sex offenders registry.

The company expects to start the new policy in 60 to 90 days, Match.com told CNET this morning, and confirmed that the policy will affect both new and existing members.

Match.com has been considering the option for a while, but yesterday's decision was hastened as a result of the attention brought on by a lawsuit filed last week, spokesman Matthew Traub told the Associated Press yesterday.

A woman in California has sued Match.com, claiming she was sexually assaulted by a man that she met through the online dating service. Arguing that the woman had no idea her date had been convicted of sexual battery, the suit is seeking an injunction to stop anyone from joining Match.com until the company sets up a process to screen for convicted sex offenders.

Match.com president Mandy Ginsberg told the AP that the company had been hesitant to implement such screenings due to their "historical unreliability." But discussions with advisers over the past few days convinced Match.com that certain improvements have made sex offender registries more accurate, prompting the dating service to reverse its stance.

To conduct its screening, the company will tap into a national registry of sex offenders set up by the federal government. This registry pulls together information from the 50 states and other U.S. territories and lets users search for sex offenders by name as well as location.

Since the registry relies on coordinating data from a variety of different local sources, Match.com is cautioning that these types of checks can still be highly flawed.

"It is critical that this effort does not provide a false sense of security to our members," Match.com said in a statement sent to CNET. "With millions of members, and thousands of first dates a week, Match.com, like any other large community, cannot guarantee the actions of all its members. Match.com is a fantastic service, having changed the lives of millions of people through the relationships and marriages it has given rise to, but people have to exercise common sense and prudence with people they have just met, whether through an online dating service or any other means."

Match.com advises its members to read and follow the safety tips that it posts on its Web site to better protect themselves both online and offline.

Update at 11:10 a.m. PT: Added statement and information from Match.com.

Source: http://news.cnet.com/8301-1009_3-20054881-83.html#ixzz1JzbtLGBO

Monday, April 11, 2011

New Fake Antivirus Accepts SMS Payments

There's a new twist with some fake antivirus scareware that has cropped up. It accepts payment via SMS, according to antivirus firm CyberDefender.

Typical rogue security programs infect the system first, then display pop ups warning that the computer is infected, and request payment to clean it up. The new programs are seemingly more genteel, asking for the money before the program is installed and infects the system, said Achal Khetarpal, threat research director at CyberDefender. Of course, a payment does nothing to "fix" a system and means criminals now have your money and possibly your credit card information.

When a potential victim happens upon a Web site hosting the malware, a dialog box pops up that looks very much like an installer window for a legitimate antivirus product, according to screenshots from CyberDefender. It says "Welcome to" and names a popular antivirus software and suggests closing other applications. If the victim falls for the ruse, it then displays a message that says "To complete installation, you must go through activation" and offers several ways to pay, including SMS (Short Message Service), WebMoney, and credit card.

If you click "cancel," the program won't install, compared with typical fake antivirus programs that have already infected the system by the time the victim realizes what is happening and keep displaying the annoying pop-up messages, even after reboot, Khetarpal said.

The company has seen five versions of the rogue security programs masquerading as software from Avast, Norton, McAfee, BitDefender, and RootKitBuster, and they, as usual, target Windows systems.

Khetarpal could not say how widespread the malware is but said he has seen it in a "lot of Web sites" and in relation to search results for popular and trending topics.

Fake AV scammers aren't the only ones to hop on the SMS payment bandwagon. Scammers were found to be seeking payment by SMS for fake browser updates earlier this year, according to GFI Labs.

Source: http://news.cnet.com/8301-27080_3-20052203-245.html#ixzz1JFJAj0pp

Monday, March 28, 2011

McAfee: Cybercrooks Target Corporate Trade Secrets

Cybercriminals are increasingly moving from stealing just personal data to capturing trade secrets and other corporate intellectual capital that they can easily sell through the underground market, according to a new report from McAfee and the SAIC.

In today's release of a new study, "Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency" (PDF), McAfee and the Science Applications International Corporate find that the theft of trade secrets, marketing plans, R&D data, and even source code is on the rise, especially as such information is often unprotected.

Based on a global survey of IT professionals, the report uncovered a number of findings.

A quarter of the companies surveyed said a data breach or just the threat of one has put a halt on plans for a merger or new product launch. Among those that actually suffered a data breach, only half of them took the necessary steps to prevent it from happening again.

Among companies that have been hit by cyberattacks, only about 3 in 10 have reported all such breaches, while 6 in 10 picked and chose which ones they reported. Along those lines, many organizations specifically look to store their data in countries where the laws are more lax over reporting data breaches to customers.

Hit by the recent economy downturn, many companies have been looking at cheaper ways of processing and storing their information abroad despite the potential risks, the report said. Across the world, China, Russia, and Pakistan are thought to be the least secure areas for storing critical data, while the U.S., U.K., and Germany are perceived to the safest. Currently, companies in the U.S., China, and India spend about $1 million a week to secure their sensitive data outside their own countries, the report said.

The information technology industry itself continues to be challenged trying to secure the wave of iPhones, iPads, and Android devices that employees are increasingly using on the job for sharing data, the report found.

"Cybercriminals have shifted their focus from physical assets to data-driven properties, such as trade secrets or product planning documents," said Simon Hunt, vice president and chief technology officer for endpoint security at McAfee. "We've seen significant attacks targeting this type of information. Sophisticated attacks such as Operation Aurora, and even unsophisticated attacks like Night Dragon, have infiltrated some of the of the largest, and seemingly most protected corporations in the world. Criminals are targeting corporate intellectual capital and they are often succeeding."

To generate the report, McAfee and the SAIC worked with Vanson Bourne to survey more than 1,000 senior IT decision makers across the U.S., U.K, Japan, China, India, Brazil, and the Middle East during November and December of last year. This latest report is a follow-up to a 2008 report entitled "Unsecured Economies," which at the time found that cybercrime was costing companies more than $1 trillion globally.

Source: http://news.cnet.com/8301-1009_3-20047876-83.html#ixzz1HvdyapDY

Friday, March 25, 2011

Sony: PS3 Hacker GeoHot Fled To South America

date, 7:01 p.m. PT:with Hotz saying he is on a long-planned vacation.

If you've been following the drama between Sony and hacker GeoHot (aka George Hotz) then you're in for a fun twist today: Sony is accusing Hotz of fleeing the country, but Hotz says he's just enjoying spring break.

Sony makes the allegation in a court filing (PDF, see page 2, line 24) dated Friday.

After news stories began appearing today, Hotz wrote a blog post to set the record straight.

"Actually, it's true I'm in South America, on a vacation I've had planned and paid for since November. I mean, it is spring break; hacking isn't my life," he writes. "Rest assured that not a dime of legal defense money would ever go toward something like this. And of course [Sony-employed law firm Kilpatrick Townsend & Stockton] loves the idea of painting me as an international fugitive. I have been in contact with my lawyers almost every day; I would not let the case suffer."

George Hotz telling Sony how he feels.

(Credit: YouTube)

Hotz is well known for reverse-engineering the multi-digit code that allows the installation and execution of non-Sony-recognized code onPlayStation 3s, essentially allowing anyone with a PS3 to run homebrew software, or even pirated games.

A federal magistrate a couple weeks ago OK'd Sony's request for Hotz to hand over his hacking gear--his PS3 consoles, computers, and other equipment--untouched. It seems that before turning the stuff in, he allegedly made edits, deleting key evidence that Sony likely planned to use against him.

What's more, Hotz was allegedly caught lying about having a PlayStation Network (PSN) account. But Sony says it was able to prove that in February of last year, Hotz allegedly purchased a new PS3 and, tracing the serial number, Sony says it concluded that he had set up a PSN account under the screen name "blickmanic," which is also a name Hotz used on previous Web forums oniPhone jailbreaking.

Besides jailbreaking PS3s for non-sanctioned use on PSN, Hotz was a very vocal and active member of the iPhone/iOS jailbreaking community, bringing several key userland jailbreaks to the devices, including blackra1n and limera1n. While Apple consistently moved to patch the exploits Hotz used in its software, it never went overtly litigious as Sony has.

It's unclear what will happen in this case next. It's not publicly known where in South America Hotz is staying, what gear he has with him, and what assets he has access to. Recently, a court granted Sony access to Hotz's donation-based PayPal account, so that cash source may well be totally unavailable.

Whatever the case, we expect this to be far from over. There are egos, weird and obscure copyright laws, and potentially millions of dollars still at stake. If you're like me, you might want to make some metaphorical popcorn as well.

Source: http://news.cnet.com/8301-17938_105-20046386-1.html#ixzz1HdF1RaLX

Monday, March 21, 2011

Microsoft And Feds Bring Down Spam Giant Rustock

Rustock, purveyor of more e-mail spam than any other network in the world, was felled last week by Microsoft and federal law enforcement agents.

A lawsuit by Microsoft that was unsealed at the company's request late today triggered several coordinated raids last Wednesday that took down Rustock, a botnet that infected millions of computers with malicious code in order to turn them into a massive spam-sending network.

"This botnet is estimated to have approximately a million infected computers operating under its control and has been known to be capable of sending billions of spam mails every day," Richard Boscovich, senior attorney in the Microsoft Digital Crimes Unit, wrote in a blog post today.

The Wall Street Journal first reported that it was Microsoft's digital crimes unit, working in concert with U.S. marshals, that raided seven hosting facilities across the country and seized the command-and-control machines that ran the network. Those are the servers that send instructions to the fleet of infected computers to dish out spam messages hawking such items as phony lottery scams and fake and potentially dangerous prescription drugs.The takedown was known internally as Operation b107.

Hard drives seized yesterday at a hosting facility in Kansas City, Mo.(Credit: Microsoft)

Shutting down Rustock could put a huge dent in spam worldwide. Tech security giant Symantec estimated last year that Rustock was responsible for 39 percent of the world's spam. Global spam levels dropped 12 percent after Dutch authorities took down a Trojan horse named Bredolab last November.

Rustock's demise surprised the cybersecurity community last week, which often works in unison to corral spammers. According to an earlier Journal blog post, spam monitors didn't know why the botnet's activity halted. It was clear at the time that the effort was coordinated and complete.

Microsoft's digital crimes unit has long worked with law enforcement to track down and eliminate spammers, botnets, and other malicious code creators. Government authorities rarely have the resources to spend on the investigations, something Microsoft willingly finances since it has a vested interest in keeping people e-mailing.

Source: http://news.cnet.com/8301-10805_3-20044480-75.html#ixzz1HG6VXOoH

Friday, March 18, 2011

Critical Flash Flaw Won't Be Fixed Until Next Week

Adobe Systems has discovered a "critical vulnerability" in its Flash Player that might cause all kinds of trouble for users.

The company said yesterday that the flaw could cause a user's computer or mobile device to crash--and, more concerning, that the vulnerability could "potentially allow an attacker to take control of the affected system." So far, the company has discovered that the vulnerability is being exploited in Flash files, as well as through Microsoft Excel. Adobe said that the issue hasn't affected Reader or Acrobat.

The flaw affects Adobe Flash Player 10.2.152.33 and earlier versions of the platform running on every major operating system, including Windows, Macintosh, Linux, and Solaris. It's also an issue on Android devices running Flash 10.1 and earlier.

That last point is destined to spark some controversy.

Unlike Android, Apple's iOS mobile operating system has never supported Flash. Instead, iOS supports HTML5, a standard that Apple believes will eventually overtake Flash. But it goes beyond just getting behind an alternative to Flash. Apple's big issue with Adobe's offering stems from the potential security headaches.

Writing last year in an open letter on his company's Web site, Apple CEO Steve Jobs said that "Flash is the No. 1 reason Macs crash." He also cited a report from security firm Symantec, saying that it "highlighted Flash for having one of the worst security records in 2009."

"We don't want to reduce the reliability and security of our iPhones, iPods, and iPads by adding Flash," Jobs wrote.

Adobe plans to release a fix for the vulnerability sometime next week. Until then, the company warned users to "follow security best practices by keeping their anti-malware software and definitions up to date."

Source: http://news.cnet.com/8301-13506_3-20043248-17.html#ixzz1GyQYzbnp

Wednesday, March 9, 2011

Microsoft Fixes Critical Windows Hole, Others

Microsoft today released three bulletins fixing four vulnerabilities in Windows and Microsoft Office, including one that is rated "critical" for Windows XP, Vista, and Windows 7.

The bulletin MS11-015 resolves one critical vulnerability in DirectShow and one in Windows Media Player and Media Center, according to the security advisory. The more severe of the flaws could allow remote code execution, and thus complete control of a computer, if a malicious Digital Video Recording file were opened. The one vulnerability rated "important" affects certain media files in all versions of Microsoft Windows, the company said in a blog post.

"Microsoft normally rates this type of file format vulnerabilities as only 'important' because user interaction is required," said Wolfgang Kandek, chief technology officer of Qualys. "However this particular flaw has a component that allows for an attack through a browser link and allows its exploitation in automated 'drive-by' fashion" by merely visiting a Web site.

The other two bulletins both address a preloading issue with DLL (Dynamic Link Library) and are rated "important." The bulletins were released as part of Patch Tuesday, the company's monthly security update roundup.

MS11-016 affects Microsoft Groove 2007 Service Pack 2 used in Office. The vulnerability could allow remote code execution if a user opened a legitimate Groove-related file that is located in the same network directory as a malicious library file.

Meanwhile, MS11-017 affects Windows Remote Client Desktop. The vulnerability could allow remote code execution if a user opened a legitimate Remote Desktop configuration file located in the same network folder as a malicious library file.

Microsoft also said it is working to provide a solution through its monthly security update process to address a Mime HTML-related hole in all supported versions of Windows which became public last month.

Source: http://news.cnet.com/8301-27080_3-20040672-245.html#ixzz1G9KIsihU

Monday, March 7, 2011

France Hit By Cyberattack With G20 Focus

The French finance ministry revealed today that it has been the victim of a major and sustained cyberattack.

The attack, which has been ongoing since December, seems to be the work of hackers looking for documents related to the G20 political group, which brings together 20 major nations tasked with stablizing the global economy and which is being led by France this year, according to AFP News.

With over 150 computers in the ministry reported to have been compromised, the ministry has so far been forced to shut down 10,000 computers, said a report in Paris Match magazine (Google Translate English version). And though the specific source of the attack hasn't yet been narrowed, down, an official told Paris Match that some of the hacked information was redirected to sites in China.

The finance ministry has filed an official complaint with the French courts, while the French secret service has started investigating the case, added AFP.

Holding their most recent summit in Paris last month, the G20 nations set an array of goals and compromises designed to stave off future financial crises. But China proved difficult in negotations over exchange rates, currency reserves, and surpluses, according to the BBC, which said that the U.S. and other nations have accused the country of purposely keeping down the value of its yuan as a way to hang onto a competitive edge in its exports.

The attack on France follows a cyberattack against the Canadian government in January that also was reportedly traced back to China. Last summer, Canada hosted the G-20 summit in Toronto.

Source: http://news.cnet.com/8301-1009_3-20040050-83.html#ixzz1FxHgW220

Wednesday, March 2, 2011

Beware Enticing Bieber Links, Free Offers On Facebook

Old scams hiding under new headlines were circulating on Facebook this week, including promises of video involving obsessed Justin Bieber fans.

"I can't believe a GIRL did this because of Justin Bieber," says the post that has been appearing on Facebook walls and status updates.

Clicking the link leads to a fake YouTube-looking page that says "Please Watch this video only if you are 16 years or older," according to an M86 blog post. Hidden behind the video window is an iframe linked to Facebook so that clicking anywhere in the window will submit a "like" click to the page and spread the post on the victim's Facebook page. This is a standard clickjacking attack that is taking advantage of a current hot topic--the teen singer.

The scam doesn't stop there. A fake Facebook dialog box also pops up that asks the victim to verify his or her age by completing a survey with links to sites relating to auto insurance, according to M86.

Facebook was able to stop this scam fairly quickly, but not before it had garnered more than 20,000 likes. Other variants of the scam were spreading, M86 said.

Separately, scammers had rehashed some scams involving offers of free iPads, free Southwest Airlines tickets, and a Miley Cyrus-related video link via posts on the site and e-mail messages. It's unclear exactly how those scams worked and if they involved clickjacking.

Clickjacking prompts a victim to click something while a different action is taken behind the scenes. It takes advantage of a vulnerability in a Web browser and is not specific to Facebook.

If you see a potential or obvious scam on Facebook report it to the person whose account is spreading it, M86 said. The NoScript Firefox plug-in protects against clickjacking attacks such as this, it added.

Because clickjacking exploits a browser weakness, Facebook can't technically prevent it completely, a Facebook spokesman said. "We continue to build additional protections to mitigate its impact," he said in an e-mail. "We're also involved in discussions with others in the industry on how to fix the underlying issue on the browser side."

Facebook users should be suspicious of anything that looks or feels strange, even if it has been posted by a friend. Facebook offers tips for how to recognize and avoid clickjacking on the "Threats" tab of the Facebook Security Page here.

The company also has developed automated systems to detect and flag Facebook accounts that are likely to be compromised based on suspicious activity like lots of messages sent in a short period of time or messages with links that are known to be bad. Once Facebook detects a phony post it is deleted across the site. The company blocks malicious links from being shared and works with third parties to get phishing and malware sites added to browser blacklists or taken down. And Facebook displays warnings when people click on a link that has been identified as malicious from an e-mail notification.

Here are some basic safety tips for using Facebook or any site on the Web:

• Use an up-to-date browser that features an antiphishing blacklist.

• Choose unique log-ins and passwords for each of the Web sites you use.

• Check to see that you're logging in from a legitimate Facebook page with the facebook.com domain.

• Be cautious of any message, post or link you find on Facebook that looks suspicious or requires an additional log-in.

Source: http://news.cnet.com/8301-27080_3-20037827-245.html#ixzz1FTZ7hTob

Monday, February 28, 2011

Mac OS X TrojanCcatches Sophos' Eye

BlackHole RAT

If you see this on your Mac, beware.

(Credit: Sophos)

A new Trojan has cropped up and it's targeting Mac OS X users, one security firm says.

According to Sophos, the Trojan, called "BlackHole RAT" by its author and "MusMinim" by the security firm, is a variant of the Remote Access Trojan on Windows. The author of the Trojan says the malware is not yet completed, but it already does some annoying things.

Overall, Sophos believes that the prevalence of the Trojan is relatively low. The malware can be removed by using antivirus software.

If a Mac becomes infected, the Trojan places text files on the desktop, puts the computer to sleep, commands it to restart or shutdown, and runs "arbitrary shell commands," Sophos says. It also loads a phishing window to get users to input their administrator password. When a full-screen window pops up forcing users to restart their computer, a rather disconcerting message is displayed.

"I am a Trojan Horse, so I have infected your Mac Computer," says the text in the Trojan, according to Sophos. "I know, most people think Macs can't be infected, but look, you ARE Infected! I have full controll (sic) over your Computer and I can do everything I want, and you can do nothing to prevent it.

"So, Im a very new Virus, under Development, so there will be much more functions when I'm finished," the text continues.

The text in the Trojan will surely fuel the long-running debate over whether Mac OS X really is more secure than Windows. Those in the Apple camp point to the numerous Windows security issues that have broken out over the years, compared to the few on Mac OS X, to try and prove that Apple's platform is more secure. Those in the Windows camp believe security is a money game, and malicious hackers have more revenue to generate by targeting all the Windows users in the world, rather than the smaller number of Mac OS X users. It's simply that hackers have ignored Mac OS X, they say.

Sophos says that BlackHole RAT infects computers through downloads over the Web. It might also find its way to the user's Mac through "a vulnerability in your browser, plugins, and other applications."

Source: http://news.cnet.com/8301-13506_3-20037158-17.html#ixzz1FIAb22V9

Tuesday, February 22, 2011

Report: Canadian Cyberattack Traced To China

A cyberattack against Canada that tried to access classified government information and forced two key departments to go offline has been traced back to China, according to a story today from CBC News.

Sources told the CBC that the attacks were initially discovered in early January but that it's unknown whether the attackers themselves were in China or just directed their attacks through the country to hide their true source.

Specifically, the attacks reached computer systems at the Canadian government's Finance Department and Treasury Board in an attempt to capture passwords for government databases. In response, the government was forced to shut down all Internet access for the two departments, according to the CBC, and only now are public employees slowly getting that access back.

In a brief statement released by the Treasury Board, the Canadian government did confirm an "unauthorized attempt to access its networks," but provided few other details beyond that, according to AFP.

In response to a request for comment, Canada's Public Safety Department e-mailed CNET the following statement on behalf of its minister, Vic Toews:

"We do not comment on the details of security related incidents. That said, our government takes threats seriously and has measures in place to address them. The next phase of our economic action plan is still in development and we have no indication that Budget security has been compromised."

On its end, China has denied any involvement in the attacks.

"What you mentioned is purely fictitious and has an ulterior motive," Chinese Foreign Ministry spokesman Ma Zhaoxu told a new briefing in Beijing, according to Reuters. "China attaches great importance to computer security and consistently opposes and cracks down on hacking activities according to relative laws and regulations."

Though cyberattacks are used as weapons today by many different countries and organizations, China has often been fingered as a major source of online attacks against other nations. A report released in November by the U.S.-China Economic and Security Review Commission pointed to Chinese government involvement in a number of hacking attempts and computer exploits.

Specifically, the USCC found that a Chinese state-run telecommunications provider had redirected traffic for U.S. military and corporate data in April. The group also reported that a China-based spy network was accused of targeting government departments and other groups in India in an attempt to steal sensitive information.

And China was traced as the source behind the cyberattacks launched against Google and other companies in 2009 as a way of targeting human rights activists.

Source: http://news.cnet.com/8301-1009_3-20032813-83.html#ixzz1EjBlLpUI

Wednesday, February 16, 2011

New Norton CyberCrime Index Rates Rour Risk

A new free tool from the makers of Norton attempts to quantify the real-time state of cybersecurity. It makes its debut today alongside the latest version of Symantec's all-in-one consumer security suite, Norton 360.

The Norton CyberCrime Index lies somewhere between a weather report and the United States' threat level advisory system, and Norton 360 version 5 launches with a direct link to it.

Norton CyberCrime Index (images)

 

The CyberCrime Index uses a statistical model based on information from Symantec's Global Intelligence Network, ID Analytics, and DataLossDB. At the top level, the CyberCrime Index takes this data and creates a number evaluating the relative risk of the threats of the day. However, it also provides a more in-depth look at active threats, threat trends, and provides advice on what kinds of behaviors are being most heavily targeted that day.

Symantec has had the statistical model and algorithm it uses in the CyberCrime Index vouched for by the University of Texas at San Antonio.

The service is set to go live this morning, so check back here later today for a hands-on update.

Symantec isn't forcing the index on any of its users, though the new version of Norton 360 does include a direct link to the service. Version 5 of Norton 360 includes the real-time threat map that debuted in Norton's 2011 consumer suites, along with all the features that were introduced in Norton's 2011 consumer suites last fall. These include updates to Norton's Insight engine, which instantly checks a file's origins and how long it's existed to determine how safe it is. The new version of System Insight also profiles your programs to determine if any of them are slowing down system performance, and automatically alerts users when a program is eating up too many resources.

Now included in Norton 360 is the Norton Bootable Recovery Tool, which will clean heavily infected systems enough to get Norton 360 installed, and can create a rescue tool on disc or USB so that your computer can be resuscitated. The backup features in Norton 360 have been improved, too, adding in automatic file encryption to the backup process. Lastly, Norton Safe Web's social-media scanner has been imported from Norton Internet Security 2011. Currently, it still only supports Facebook, though that's a good start: it will check your Facebook wall and news feeds from within Norton.

Norton 360 version 5 (review) comes with a 30-day trial and can be used on up to three computers. A one-year license with 2GB of online storage retails for $79.99. Bumping that up to 25GB of storage costs $99.99.

 

Source: http://download.cnet.com/8301-2007_4-20032077-12.html

Monday, February 14, 2011

Google Extends Two-Step Log-In Process To All

Now all Google users can take advantage of the two-step log-in procedure previously available to Google Apps customers.

 

This screen can be found in Google under "Account Settings," linked on top of a Google page, and used to set up two-step verification.(Credit: Google)

 

The company started rolling out the option to use two-step verification to Google Account holders today, according to a blog post. The idea comes from a classic security tactic, the notion that accounts are more secure when you log in using two factors: something you know, such as a password, and something that only you have, such as your phone.

Google Apps users started using this feature in September. Account holders log in to Google as usual, but the first time they enable the two-step process they will receive a code via a voice call or text message, or they can generate their own code using a mobile app available for iPhone, Android, or BlackBerry. That code can be saved for 30 days.

Obviously it will be much harder for anyone bent on hacking your account to steal a code sent to your phone (unless you're a valuable enough target to warrant stealing your phone and hacking your password). It's an optional feature, but one strongly recommended by security experts.

Source: http://news.cnet.com/8301-30684_3-20031351-265.html#ixzz1DyYU7wnR

Thursday, February 10, 2011

iPhone Passwords Succumb To Researchers' Attack

Researchers at the Fraunhofer Institute for Secure Information Technology in Darmstadt, Germany, have found a way to steal passwords found in the Apple iPhone's keychain services within six minutes.

In order to steal passwords, the researchers said, the attacker must have have the actual, physical iPhone in hand--this isn't a remote maneuver. First, the attacker has to jailbreak the iPhone, and from there then must install an SSH server on the smartphone to be able to run unrestricted programs. The researchers also created a "keychain access script" that they then copied to the iPhone. After executing that script, they found that they were able to decrypt and see some passwords saved in the keychain.

Over the past year, several iPhone exploits have been revealed by researchers around the world, including some that attack vulnerabilities in the mobile Safari browser. But at least so far, the issues have affected users who jailbreak their own devices. Even in the Fraunhofer Institute's case, a non-jailbroken iPhone will not reveal keychain passwords. Jailbreaking is the process of bypassing the restrictions that Apple sets up to keep users from tinkering with the device's underlying system software.

Researchers said that this latest issue has to do with how iOS handles encryption--namely, that "encryption is independent of the personal password to protect access to the device properly." In other words, even if a user protects access to the iPhone--or any other iOS-based device--with a passcode, it won't be enough to stop hackers from using this method to access saved passwords in the keychain.

It should be noted that the proof-of-concept maneuver would not reveal passwords for Web sites. Services like Gmail, AOL Mail, Yahoo Mail, and others with "protected" passwords "were available to the script only after entering the passcode to unlock the device, which by assumption, should not be possible for an attacker," the researchers noted.

But the folks at Fraunhofer Institute don't necessarily believe that iPhone owners should assume that they will be safe if they don't jailbreak their iPhones. In their scenario, the researchers assumed that the iPhone was stolen and the person who took it knew how to jailbreak the device and create and run scripts. They said in their evaluation of their proof-of-concept that the difficulty level of exploiting the vulnerability is "low."

"Owners of a lost or stolen iOS device should therefore quickly initiate a change of all stored passwords," the researchers wrote in their report. "Additionally, this should be also done for accounts not stored on the device but which might have equal or similar passwords, as an attacker might try out revealed passwords against the full list of known accounts."

Malicious hackers are increasingly turning towardsthe mobile market to target unsuspecting victims.

Earlier this week, security firm McAfee revealed that mobile malware threats were up 46 percent last year. The company said that it expects "cybercriminal activity" in the mobile market to surge in 2011.



Source: http://news.cnet.com/8301-13506_3-20031297-17.html#ixzz1DatgQ2bL

Tuesday, February 8, 2011

Microsoft To Seal 22 Security Holes This Month

Microsoft today said it will address 22 vulnerabilities as part of next week's Patch Tuesday, three of which are critical.

Three of the 12 bulletin items released by Microsoft earlier today are classified as critical, and affect Microsoft's Windows operating system, with one affecting Microsoft's Internet Explorer browser as well. The rest are classified as "important."

In a post on Microsoft's Security Response Center blog, the company said it will be making fixes for vulnerabilities in the Windows Graphics Rendering Engine, as well as CSS exploit in Internet Explorer that could allow an attacker to gain remote code execution.

Along with the fixes for the rendering engine and the CSS exploit, Microsoft says it will be addressing zero-day flaws that created vulnerabilities in the FTP service found inside of Internet Information Services (IIS) 7.0 and 7.5.

Not included in this month's batch of announced patches is a fix for the recently-discovered script injection attacks that affect Internet Explorer. Acknowledged by the company last week in Security Advisory 2501696, the exploit targeted the way IE handled MHTML on certain types of Web pages and document objects, and could provide hackers with access to user information. According to Wolfgang Kandek, chief technology officer at Qualys, the best route to prevent those attacks continues to be the workaround Microsoft outlined in its initial security advisory about the problem.

Microsoft has a full list of the pending issues here.



Source: http://www.news.cnet.com/8301-1009_3-20030613-83.html#ixzz1DPGp6pCT