Wednesday, February 28, 2007

Hackers unlock PSP

Computer hackers have scored a victory in their battle against Sony and the way the company controls its PlayStation Portable (PSP) handheld games console. But last month three hacker teams - Noobz, Team C+D, and a group led by PSP hacker Dark Alex - co-ordinating their efforts over the internet, found a flaw in the most recently released version of the firmware - version 3.03.

Using this flaw they devised a way to unlock all PSPs, regardless of their age or the firmware running on it. This development has been a cause for celebration in the PSP homebrew community, but caused alarm at Sony because unlocked PSPs can be used to play pirated PSP games.

Read the article HERE.

Security warning over tech support tools

Multiple flaws in commonly used technical support tools can open Windows PCs to cyber attack, security experts have warned. The vulnerable tools are often used by ISPs, PC makers and others to provide support functions such as remote assistance, the US Computer Emergency Readiness Team (US-Cert) said in an alert. The tools, provided by SupportSoft, contain multiple vulnerabilities, it warned.

Read the article HERE.

Reverse hacker describes ordeal

Shawn Carpenter, a network security analyst at Sandia National Laboratories who was fired in January 2005 for his independent probe of a network security breach at the agency, has been awarded $4.3 million by a New Mexico jury for wrongful termination.

In late May of 2004, one of my investigations turned up a large cache of stolen sensitive documents hidden on a server in South Korea. In addition to U.S. military information, there were hundreds of pages of detailed schematics and project information marked 'Lockheed Martin Proprietary Information — Export Controlled' that were associated with the Mars Reconnaissance Orbiter. ... It was a case of putting the interests of the corporation over those of the country.

Read the article HERE.

German police using trojans

Germany's police and secret services are pushing for a legal basis for "online house searches" – carried out without the knowledge of suspects, using spyware similar to a Trojan. How often German law enforcers have tried to infect the PCs of suspects with Trojans is unclear.

Influential German hacker organisation The Chaos Computer Club published a statement pointing to the possible consequences of successful infection with a Federal Trojan. "The whole PC could be telecommanded, the webcam turned on, and the room surveilled acoustically, email and chat conversion could be followed." However, the hackers are skeptical about the real danger posed by the spyware, and dryly recommend that "a well managed firewall and anti-virus software should take care of governmental or private spyware".

[If they can access your hard drive, can they also plant "evidence"?]

Read the article HERE.

Black Hat Cancels RFID Demo

A presentation that would have exposed potential vulnerabilities in RFID security technology has been pulled from tomorrow's Black Hat conference agenda following threats of a patent lawsuit by the technology's manufacturer.

HID Global Corp., which makes smart cards and proximity badges based on RFID, alleges that the presentation -- which was scheduled to include a demonstration of how to clone an RFID chip -- infringes on its manufacturing patents.

The presentation, which was to be delivered by security research firm IOActive, promised to poke holes in RFID technology by showing how easy it is to duplicate and penetrate.

Read the article HERE.

Tuesday, February 27, 2007

Tor is NOT broken - the response

The security community lives on papers that analyze attacks on security tools. Although these are called “attack papers” they are usually done by people who are trying to help and refine the object of the research.

When an attack paper is published, documenting an attack on the Tor network, it’s often with our knowledge. The authors consult with us for inside info. But invariably, someone will skim the paper and say “OMG, Tor is broken!”

Read the response HERE.

Multiple Browser Vulnerability

Web-pages without a defined charset will be rendered with the charset of the parent page when put into an (i)frame. This might allow bypassing XSS filters with for example UTF-7 payload.

Vulnerable Systems:
* Firefox versions and prior
* Internet Explorer 7
* Opera 9

Immune Systems:
* Internet Explorer 6
* Opera 8

Read the article HERE.


What happens when an adept of the dark side of the force looks at the documentation on javascript's onUnload() function ? ... Yes that's what allowing java, VBscript and javascript basically is: allowing random websites to hand your browser code to execute ...

Read the article HERE.

Fool Me Once - Fool Me Twice

In aiming to settle a class action suit, a group of companies is throwing a proverbial pie in the face of affected consumers. The class-action case referenced is the latest in a series of lawsuits against The firm promised free credit reports but allegedly failed to clarify that it would charge a customer's credit card $79.95 for a "credit monitoring service."

Read the article HERE.

The evolution of social engineering

It struck me today how much things have changed in the handful of years I’ve been looking at malware. It used to be that they would frequently give you some little message box or image to make you think you hadn’t just run something nasty or non-functional. But lately that’s fallen out of fashion - I can’t actually remember the last time I saw something that actually went to that much effort! But today I got something that reminded me of those old tactics, a new W32/Feebs variant.

Read the article HERE.

Monday, February 26, 2007

Second Google Desktop attack reported

Google's PC search software is vulnerable to a variation on a little-known Web-based attack called anti-DNS pinning that could give an attacker access to any data indexed by Google Desktop. This is the second security problem reported for the software.

According to Robert Hansen, the independent security researcher who first reported the attack, "All of the data on a Google desktop can now be siphoned off to an attacker's machine." Hansen, who is CEO of, did not post proof of concept code for his attack, but he said that he has "tested every component of it, and it works." He has posted some details of how Google Desktop data could be compromised on his blog.

Read the article HERE.

Tor (The Onion Router) Open To Attack

A group of researchers have written a paper that lays out an attack against Tor. The essential avenue of attack is that Tor doesn't verify claims of uptime or bandwidth, allowing an attacker to advertise more than it need deliver, and thus draw traffic. If the attacker controls the entry and exit node and has decent clocks, then the attacker can link these together and trace someone through the network.

Link is to PDF research paper. Download the paper HERE.

Hackers are ringing the changes

Data security specialists are warning that hackers and other criminals are turning their attention from personal computers to the new generation of sophisticated mobile phones.

Next generation (3G) cell and smartphones equipped with bluetooth wireless (WiFi) capabilities are now starting to hit the marketplace in a big way. But questions are being raised about how much protection is being provided.

Read the article HERE.

Browser attacks will continue to mount

Even as software makers add more sophisticated security features to their browsers and rush to patch documented flaws more quickly, experts maintain that holes in the programs will continue to allow for widespread malware attacks.

Read the article HERE.

Sunday, February 25, 2007

Malware now comes with 24/7 support

Malware authors in Russia are now offering service contracts with their spyware.

Yes you read right: You can now get a service contract to provide upgrades for spyware, Trojans, rootkits and key loggers, just like you get with your computers, Oracle databases and CRM software.

Read the article HERE.

Windows 2000 / XP / 2003 / Vista Informaton Leak

Impact: Any unprivileged user with LIST access to parent directory can monitor any files in child directories regardless of subdirectories and files permissions. Because by default Windows updates access time of any accessed files on NTFS volumes, it makes it possible for user to gather information about NTFS-protected files, their names and time of access to the files (reading, writing, creation, deletion, renaming, etc). Filenames may contain sensitive information or leak information about user's behavior (e.g. cookies files).

Read the article HERE.

Pendulum swinging toward privacy

The New York Times is reporting on a trend that is gathering steam among county and state officials who are increasingly eager to remove Social Security information from public records on the Internet.

This is clearly a victory for personal privacy and offers a measure off added protection against identity theft. It's also just as clearly an opportunity for the law of unintended consequences to rear its mischievous head.

Read the article HERE.

Malicious Code : email lure

Websense® Security Labs™ has discovered emails that attempt to lure users to click on a link in order to upgrade their system security. The emails, which are spoofed from Monster, are written in HTML and claim that Monster systems have been upgraded and that users need to download a certified utility to be able to use Monster.

Read the article HERE.

Uncovering a hidden gem

Most banks and related websites have started providing an "on-screen keyboard" that lets users enter their password. Most recognize this as a feature intended to beat keyloggers. Most Windows OS's have that utility that let you do the same at all websites.

Read the article HERE.

Passwords: A Thing of the Past?

So what's the problem with passwords? Well, for starters, most of us have way too many of them. We have passwords to log onto Windows, passwords to access our email, passwords to log onto various subscription-based web sites, passwords to open protected documents, BIOS passwords to boot our computers, and so forth. Somehow we have to remember each of these, and that's not even counting the PINs to use our ATMs, security codes to arm and disarm our alarm systems, codes for retrieving our voice mail, etc. Some of us also have electronic locks on our doors, safes with digital locks, and more. It's enough to drive you batty.

What about smart cards and tokens? (A token is a device such as a USB key that has to be inserted to gain access). That's certainly a step in the right direction. But there's a problem with such devices, too - they can be lost or stolen. So cards and tokens are usually paired up with passwords or PINs. This gives you a form of multi-factor authentication and it's been in use with ATMs for decades. You have to have both the card and the password to get access. This solves the problem of someone who steals or finds a card being able to get into your computer and files, but it creates another problem. If you leave your card at home, you're locked out. Using smart cards also requires installing a card reader on your computer. USB tokens are a little more convenient, since most modern systems have one or more USB ports built in.

Read the article HERE.

Weekend Reading

Weak links in your security chain

You've spent the time to make sure your server is hardened and locked down. You've audited your web apps and feel they are as solid as concrete. Your passwords are strong, your patches are applied, and your IT staff is confident that they are on top of their security game. So what could go wrong? A lot.

Take a look HERE.

RAID Data Recovery Is Possible!

Hard drive failure is especially disastrous for smaller companies working with a single server and a single disk, if they do not have a complete and working data backup at hand. The whole situation is even more complicated if the broken hard drive is a member of a RAID array. Neither hard drive failure in RAID 1 nor RAID 5 will result in data loss, since this scenario has been taken care of by the choice of these RAID levels in advance. But the risk of human error increases: self-made data loss occurs if you accidentally substitute the wrong drive in a degraded RAID 5 array (one with a failed hard drive).

Take a look HERE.

Internet Weather Forecast Accuracy

Weather forecasting is a secure and popular online presence, which is understandable. The weather affects most everyone's life, and the Internet can provide information on just about any location at any hour of the day or night. But how accurate is this information? How much can we trust it?

Read the article HERE.

DRM Is Causing Piracy

Bank robbers do indeed rob banks. But here's what they don't do, or do very, very rarely:

They don't illegally siphon gas from a neighbor's car to fuel the getaway vehicle. Instead, they buy the gasoline. They might steal the gun they're planning to use to rob the banks, because guns are expensive. But they're not likely to steal the ammunition—much less try to make the ammunition themselves. Why bother? They're not planning to fight a war, they simply need enough ammunition to load a gun. So they buy the ammunition.

I would think the point is obvious. Pirates rob bullion ships, they don't rob grain ships. Electronic copyright infringement is something that can only become an "economic epidemic" under certain conditions. Any one of the following:

1) The product they want—electronic texts—are hard to find, and thus valuable.
2) The products they want are high-priced, so there's a fair amount of money to be saved by stealing them.
3) The legal products come with so many added-on nuisances that the illegal version is better to begin with.

Those are the three conditions that will create widespread electronic copyright infringement, especially in combination. Why? Because they're the same three general conditions that create all large-scale smuggling enterprises.

And . . .
Guess what? It's precisely those three conditions that DRM creates in the first place. So far from being an impediment to so-called "online piracy," it's DRM itself that keeps fueling it and driving it forward.

Take a look HERE.

Saturday, February 24, 2007

The Dissection of a Rootkit

Security analysts have been predicting that kernel rootkits, which cloak their activity by replacing a portion of a program's software kernel with modified code, are expected to continue to grow in frequency in 2007.

While rootkit-fighting technologies such as the PatchGuard kernel protection system built into 64-bit versions of Microsoft's new Windows Vista operating system are arriving, most PC users will still be left open to the attacks over the next twelve months, CA has said, and even experienced PC users are vulnerable to their sophisticated techniques.

Read the article HERE.

Malicious Website / Code : Trojan Horse Bot

Websense Security Labs(TM) has received reports of new malicious websites designed to install Trojan Horse bots that allow attackers to compromise end-user banking credentials for more than 50 financial institutions and ecommerce websites. At the time of this alert, the statistics showed more than 1,000 successful infections per day, with the USA and Australia leading the list.

Read the article HERE.

Fraudsters Declare War

Spammers have been attacking and threatening several of the groups and individuals who have been performing some of the most important work in hobbling online scams, spam and computer viruses.

The SANS Internet Storm Center on Thursday found a piece of malicious code (called "sans.exe") designed to update a group of several thousand infected computers that SANS has been monitoring. The code includes text strings that suggest an attack on the center if two of its crime fighters don't stop interfering with his money-making spam operations. The message, in part, read:

Read the article HERE.

Updates Eliminate Major Security Flaw

Mozilla on Feb. 23 released updated versions of the Firefox browser, v1.5.0.10 and v2.0.0.2, for Windows, Mac and Linux, which include the fix for a major security flaw.

Read the article HERE, but some flaws reamain unpatched.

Mysterious 'Vladuz' again hacks eBay

A hacker has once again managed to pilfer eBay credentials that allow him to masquerade as an official company representative even as he taunts eBay officials on the company's message boards. It's at least the second time the person going by the name Vladuz has pulled off the prank, which is causing many users to question the adequacy of eBay security.

Like all good conspiracy theories, eBay's denials of anything more than a limited security breach has only fueled suspicions that something much more nefarious was afoot. eBay officials quickly removed the postings, but not before we took screen shots. Shortly after the posting of this article, Vladuz graced the German pages of an eBay forum.

Read the article HERE.

Tuesday, February 20, 2007

What Are MySpace Phishers Phishing For?

Our Site Advisor team noticed some active MySpace phish domains this week which lead me to wonder why someone would want to break into a MySpace account? There isn’t really any sensitive information like credit card or bank account details stored in the accounts so what are the phishers phishing for? We found several domains with perfect MySpace front pages designed to trick people into giving away their usernames and passwords like this one:

Read the article HERE.

Software : AnyDVD HD released

Probably the most significant product of 2007 has just been released to little or no fanfare, AnyDVD HD. What it does is to rip out the DRM infection from HD-DVDs so you can watch them in accordance with your rights.

DRM infections are about technologically removing those rights so they can sell them back to people dumb enough to buy them. HD-DVD allows you to do two things that are both quite legal, make a personal backup of an HD-DVD and play it on the machines you want to. You don't have to buy a new HD TV, cables, amp and the rest just to watch the movies you legally purchased any more

Read the article HERE.

(IN)SECURE Magazine

INSECURE Magazine - ISSUE 1.10 (February 2007) - is now online HERE.

Monday, February 19, 2007

Deadly MSN Messenger banner ads

So far I have seen two ways that the bad guys are using to try and get Winfixer on to a machine via MSN Messenger banner advertisements - one involved a pop-up alert that appeared with no user interaction - the other needs the user to click on the banner advertisement and visit a Web page, then manually download an installer

Read the article HERE.

MPAA Steals Code - is that Piracy?

A blogger who wrote his own blogging engine called Forest Blog recently noticed that none other than the MPAA was using his work, and had completely violated his linkware license by removing all links back to the Forest Blog site, and had not credited him in any way.

Read the article HERE.

Response to Steve Jobs in plain english

Posted by "Daring Fireball" - a humorous, and accurate translation from PR-Speak to English of selected portions of Macrovision CEO Fred Amoroso’s response to Steve Jobs’s ‘Thoughts on Music’.

Read the article HERE.

Hacking SYS password

How to change Oracle sys password without having to log into a database. I have been asked by a few people to convert the paper by Miladin Modrakovic to convert it to PDF as they are nervous about opening a Word Document.

Download from HERE.

CA CEO says IPv6 will be insecure

As the opening keynote speaker at the CA Expo 07, Swainson said there’s no doubt that IPv6 fixes known problems in IPv4, but with its adoption, new and unknown management security issues will emerge.

Read the article HERE.

YouTube antipiracy software policy draws fire

The media industry is clashing with YouTube over its proposal to offer antipiracy tools only to companies that have distribution deals with the top online video-sharing service, media insiders said.

YouTube, owned by Google, plans to introduce technology to help media companies identify pirated videos uploaded by users. But the tools are currently being offered as part of broader negotiations on licensing deals, they said.

Read the article HERE.

Sunday, February 18, 2007

Chinese hackers attack 'anything and everything'

“They will exploit anything and everything,” the senior official said, referring to the Chinese hackers’ strategy. And although it is impossible to confirm the involvement of China’s government, the attacks are so deliberate, “it’s hard to believe it’s not government-driven,” the official said. For example, a hacker will plant a virus as a distraction and then come in “slow and low” to hide in a system while the monitors are distracted. Hackers will also use coordinated, multipronged attacks, the official added.

Read the article HERE.

Javascript decoding round-up

In the recent past, we've shown several methods on how to unravel obstinate JavaScript codes used to convey exploits. Here's a brief round-up of the methods we commonly use. All four methods require that you get a copy of the hostile page, preferably by use of a text-only HTML tool like wget, curl or similar (since you cannot easily download a Javascript exploit with a browser that speaks Javascript without also running the Javascript code at the same time).

Read the article HERE.

Has open-source lost its halo?

Is open-source still a grassroots social movement made up of idealistic underdogs trying to revolutionize an amoral industry? Or has it become a cloak used by IT vendors large and small to disguise ruthless and self-serving behavior?

Some observers argue it’s the latter. Despite occasional protests from oldtimers -- the heated backlash against the Microsoft-Novell détente, for example -- open-source has become so co-opted by mainstream IT, so transformed by "accidental open-sourcers" simply looking for a better business model, that it’s lost its cherished moral edge.

Read the article HERE.

Giving Up Hope on Users

That's the message we've been hearing this week as security experts speak out about managing vulnerabilities. These are the voices of IT people who have seen users pull off one too many dumb moves, setting security back for the rest of the network.

Everything we're doing right now as security people is trying to mitigate the fact that people are stupid.

Read the article HERE.

What are the best ways to stop hackers?

CNET's Neha Tiwari and's Jessica Dolcourt take a lap around last week's RSA show in San Francisco, seeking the best in security. Whether it's protecting a BlackBerry or crushing a hard drive, they find the answers to cybersafety questions.

Watch the video HERE.

Weekend Reading

Why Vista's DRM Is Bad For You

Windows Vista includes an array of "features" that you don't want. These features will make your computer less reliable and less secure. They'll make your computer less stable and run slower. They will cause technical support problems. They may even require you to upgrade some of your peripheral hardware and existing software. And these features won't do anything useful. In fact, they're working against you. They're digital rights management (DRM) features built into Vista at the behest of the entertainment industry.

And you don't get to refuse them.

Take a look HERE.


Substitute teacher Julie Amero faces up to 40 years in prison for exposing kids to porn using a classroom computer, but the facts strongly suggest that she was wrongfully convicted. Many issues remain, from the need for an independent computer forensics investigation and the presence of spyware and adware on the machine, to bad or incomplete legal work on both sides of this criminal case.

A recent criminal case in Connecticut points out the problems of computer forensics and aggressive law enforcement. It also points out how companies can get themselves and their employees into legal hot water by failing to take reasonable computer security procedures.

The problem with computer forensics - Detective Lounsbury explained later in an online article his process and thinking for the collection of forensic evidence in the Amero case.

Take a look HERE.

Guidelines for Evidence Collection and Archiving

A "security incident" as defined in the "Internet Security Glossary", RFC 2828, is a security-relevant system event in which the system's security policy is disobeyed or otherwise breached. The purpose of this document is to provide System Administrators with guidelines on the collection and archiving of evidence relevant to such a security incident.
If evidence collection is done correctly, it is much more useful in apprehending the attacker, and stands a much greater chance of being admissible in the event of a prosecution.

Read the article HERE.

Microsoft dirty tricks that were never revealed

I’ve written before about Burst v. Microsoft, but the short story here is that Burst lawyers caught a pattern of apparent destruction of e-mail evidence on the part of Microsoft. Microsoft claimed it was “too hard” to search for the lost e-mails (Burst had copies from its side so many of the messages were known to exist) but the judge finally ordered Microsoft to do whatever it took to dig up the tapes and find the e-mails.

Take a look HERE.


My Microsoft Google Yahoo Stories

Everything you've ever wanted to know about being an employee at Google, Microsoft, and Yahoo. "Tastyresearch" describes the past few years interning and working at the three companies. Things I didn't know from before: Bill Gates wears old shoes, Google's internal security watches you like a hawk, the office styles of each company, and how to fill your suitcase with Google T-shirts. These few select companies are the 'prestigious internship circle', noting 'once you have worked at one, it's a lot easier to get into another'.

Take a look HERE.

Saturday, February 17, 2007

Web security in perspective

I discussed the recent attack with VeriSign's chief security officer, Ken Silva. He said that the attack focused on root servers G (maintained by the U.S. Department of Defense) and L (maintained by ICANN), and to a lesser extent, M (maintained by Japan). During the 12-hour attack, nearly 90 percent of legitimate queries to those servers were being dropped.

That's a lot worse than I had been led to believe by other news sources. I hadn't questioned the other sources because I, like most people I know, didn't even notice the attack until it was over and had made headlines.

Read the article HERE.

Many, many maps

The convergence of public participatory mapping and cybertography is having far-reaching impacts through a variety of creative applications. This paper presents three different types of Internet mapping applications — Google Earth and Google Map API, Common Census, and a design exercise in Second Life — with a public participatory geographic information system (PPGIS) and cybercartography perspective. Each of these examples empowers users in a different way. The spatial applications and the supporting information that is being made available through Internet map applications represent a unique set of examples of the democratization possible through Internet applications.

Read the article HERE.

Tougher Vista antipiracy crackdown

Microsoft CEO Steve Ballmer yesterday told Wall Street analysts that the company might "dial up" the intensity of antipiracy technology baked into Windows Vista as part of an effort to squeeze more revenue from China, India, Brazil, Russia and other emerging markets.

Read the article HERE.

Russian judge throws out piracy case

A Russian judge has tossed out a piracy case against school principal Alexander Ponosov who apparently installed hot VoleWare at his school. They said that this was worth about $115 to Microsoft. The Judge said that this was not worth bothering about and kicked out the case.

Read the article HERE.

Half of pirated Vista is malware

About half of the downloads claiming to be free versions of Microsoft Corp.'s Vista operating system are actually malicious Trojan horse software, security vendor DriveSentry Inc. warned Thursday. With Vista's consumer launch just days away, hackers have been bombarding discussion boards with offers of "cracked" versions of Windows Vista, which are typically being distributed on peer-to-peer networks.

Read the article HERE.

HD DVD hacked....again

If you were to look at the thousands of stories written, rehashed, rewritten or blatantly copied about this incident, you’d swear that something truly amazing had happened. But it hasn’t. And worse, the idea tht rampant global piracy of HD movies is about to go into overdrive is just blatant lies and scare-mongering.

So, while AACS has been kicked in the balls for the second or third time in as many months, there’s really nothing most people can do with the content. There’s not enough HD drives out there to burn content, the dedicated players are still expensive, the blank media is too expensive, the files are too big for most people to download and storing them on external HDDs is not the cheapest option. Does Hollyweird really have anything to worry about yet?

Read the article HERE.

Friday, February 16, 2007

New 'Drive-By' Attack Is Remote

[I'm not sure what has made this old topic the flavour of the day, but it is the number one news item on most security websites - I guess it's a slow news day]

They're calling it "drive-by pharming". But unlike war driving, an attacker doesn't have to be anywhere in the vicinity to stage this newly discovered type of attack, which can give him/her access to personal data such as your bank account.

The invasion is a simple one. The attacker uses a broadband router vendor's default passwords - some of which may be found below - to take control.

Read the article at [Dark Reading] HERE or [Symantec] HERE.

Default Password List 1

The list includes passwords for, but not limited to routers, modems, 3rd party firmware, Operating systems and all types of network appliances.

Visit the website HERE.

Default Password List 2

The list is back in plain HTML - HERE.

Password Portal

Have you lost or forgotten a password? Do you need help recovering a password? Here you will find links to Commercial Password Recovery resources. We have also included links to a wide range of associated resources.

Visit the website HERE.

Reported Unpatched Vulnerabilities

These statistics are based on Secunia Vulnerability Advisories only.


Adjustment on number of unpatched advisories for the following products:

Windows Vista - 1 out of 0 to 1 out of 2
Windows XP Pro - 32 out of 170 to 32 out of 177
Windows XP Home - 29 out of 155 to 29 out of 161
Windows 2000 - 24 out of 146 to 24 out of 151
Outlook 2003 - 1 out of 12 to 1 out of 14
IE 7 - 3 out of 4 to 4 out of 6
IE 6 - 19 out of 110 to 19 out of 111
Firefox 2 - 1 out of 2 to 2 out of 3
Office 2003 Pro - 8 out of 31 to 5 out of 32
Office XP - 6 out of 35 to 3 out of 35
Windows Defender - 0 out of 1 (added in the list)
Live OneCare - 0 out of 1 (added in the list)
Trend Micro Anti-spyware - 0 out of 1 (added in the list)

See the list HERE.

Cisco Warns of IOS Vulnerabilities

Cisco Systems confirmed a set of vulnerabilities in the intrusion prevention feature built into the Internetwork Operating System used in many of its popular switches and routers. Multiple vulnerabilities exist in the Cisco FWSM (Firewall Services Module), which can be exploited when the on-board IPS (intrusion prevention system) is processing certain types of traffic.

Read the article HERE.

Malware Marketing MalwareWipe

Here is a case where a PUP named Malwarewipe is getting marketed by a trojan called Puper. The strategy begins with Puper dropping its supporting files on user’s system for further action and then displaying hoax balloon messages as shown below:

Read the article HERE.

Thursday, February 15, 2007

Virus author writes me

Experts at SophosLab have advised computer users to think carefully about how they remedy virus infections, following news that the Chinese police are to release a clean-up program written by the author of the Fujacks worm.

According to media reports from China, authorities are planning to issue a fix to the Fujacks worm which turns icons into a picture of a panda burning joss-sticks. Controversially, the utility has been written by Li Jun, the suspect author of the virus.

Read the article HERE.

70% of websites can be hacked: $1,000 says no

Put up or shut up time, Acunetix. The security vendor today is touting its yearlong survey of 3,200 Web sites that purportedly shows 70% of them contained vulnerabilities that pose a medium- to high-level risk of an important data breach.

"This is just sensationalist nonsense, not credible on its face, and dishonest in its goal of inspiring fear," Snyder says. And he's willing put his money behind his mockery.

Read the article HERE.

Old Firefox, IE flaw remains unfixed

Security researchers discovered that both Mozilla's Firefox and Microsoft's Internet Explorer Web browsers fail to securely handle keystrokes entered by the user, potentially allowing an attacker the ability to download files.

Read the article HERE.

Nationwide fined £980,000 over stolen laptop

The Financial Services Authority (FSA) has fined The Nationwide Building Society £980,000 for the loss of a laptop which contained "confidential customer data" on 11 million customers. The laptop was stolen from a Nationwide employee's home. Although he quickly reported the theft, according to the BBC, he didn't tell his employers what was on the machine until after a three-week holiday, at which time Nationwide started an investigation.

[ Now, if only this size fine became a standard in all countries ... ]

Read the article HERE.

GMail opens its doors to the world

GMail, the popular web-based e-mail service provided by Google, is going global. Today Google announced that new GMail accounts will now be available to anyone on the planet.

Read the article HERE.

Wednesday, February 14, 2007

Vista design flaw

Joanna Rutkowska has always been a big supporter of the Windows Vista security model. Until she stumbled upon a "very severe hole" in the design of UAC (User Account Control) and found out — from Microsoft officials — that the default no-admin setting isn't even a security mechanism anymore.

Read the article HERE.

Blu-Ray AND HD-DVD broken

Arnezami, a hacker on the Doom9 forum, has published a crack for extracting the "processing key" from a high-def DVD player. This key can be used to gain access to every single Blu-Ray and HD-DVD disc.

Previously, another Doom9 user called Muslix64 had broken both Blu-Ray and HD-DVD by extracting the "volume keys" for each disc, a cumbersome process. This break builds on Muslix64's work but extends it -- now you can break all AACS-locked discs.

Read the article HERE.

Microsoft Patches 20 Security Holes

Microsoft today issued a dozen software updates to plug at least 20 security holes in its Windows operating system and other software, including fixes for a number of vulnerabilities in Office that hackers are currently exploiting to hijack vulnerable PCs.

Read the article HERE.

GPS sneakers

Isaac Daniel calls the tiny Global Positioning System chip he's embedded into a line of sneakers "peace of mind." He wishes his 8-year-old son had been wearing them when he got a call from his school in 2002 saying the boy was missing.

The engineer started working on a prototype of Quantum Satellite Technology, a line of $325 to $350 adult sneakers that hit shelves next month. It promises to locate the wearer anywhere in the world with the press of a button. A children's line will be out this summer.

Read the article HERE.

Vista not playing nice with gamers

Windows Vista’s powerful new graphics engine may be one of its hallmark features, but it’s engendering complaints from a key segment of potential early adopters: hardcore gamers. A small but significant number of games written for Windows XP either crash or creep along slowly on Vista, according to numerous complaints by game enthusiasts in online forums.

You installed Vista. You deserve your problems.

Read the article HERE.

Tuesday, February 13, 2007

'Storm Trojan' ignites worm war

The Trojan horse that pumped up spam volumes in January is at it again, researchers said today, and is now spreading over instant messaging and engaging in attacks on rival malware. The "Storm Trojan," aka "Peacomm," is now spreading via AOL Instant Messenger (AIM), Google Talk and Yahoo Messenger.

Moreover, the server from which the malware is downloaded to the victim's PC can be quickly changed by the attacker using the Trojan's peer-to-peer (P2P) control channel. The Trojan has been behind several recent distributed denial-of-service (DDoS) attacks against antispam Web sites, as well as servers supporting rival malware.

Read the article HERE.

Encrypted malware and code reusability

About 3 weeks ago, one of our readers, Andrew, submitted a very interesting malicious binary. Andrew did some analysis himself and told us that he found encrypted files and some certificates which immediately caused interest amongst handlers.

And this is the frightening bit :
Finally, the AV detection on submitted files is still very bad, even weeks after it has been released. The original downloader was detected by only a handful of AV programs, while the second stage (real bot) was detected by only 3 programs. It is clear that you can not rely only on the AV program and that you should have defense in depth. In this case, blocking outgoing TCP traffic would at least prevent the bot from contacting the C&C server and doing more harm on your internal network.

Read the article HERE.

Paypal's Anti-Fraud Token

The key is a small, oval fob that generates a random, new six-digit passcode every 30 seconds, using technology purchased from Verisign Inc. In addition to entering their user name and passwords, PayPal customers who sign up for the program will be required to enter the passcode before being permitted to log on to their account.

Read the article HERE.

Missing FBI Laptops

If you lose your laptop, don't go crying on the shoulder of the Federal Bureau of Investigation. It has its own problems. The agency had at least 160 laptops lost or stolen over the past four years.

Ten of those laptops contained highly sensitive classified information and at least one included "personal identifying information on FBI personnel, according to a new report.

Read the article at [Ars Technica] HERE or [Security Fix] HERE.

Vista: "Secure" but not "Security"

For the record, and without getting too much into the nitty-gritty details, Vista is simply an operating system that contains a variety of new features that make it less readily hackable and exploitable. That’s it.

So says the Symantec blog. How astute. Vista is an OS.

And it seems that the love affair between these two has a long future.

Read the article HERE.

Monday, February 12, 2007

The Culture of Fear

Scott Granneman looks at the use of fear in computer security, from misleading media reports and gross exaggeration by industry leaders to the use of fear in order to sell new computers and software.

Read the article HERE.

Mobile forensics turns up heat on suspects

The latest version of the top computer forensics package will be the first to include a mobile phone component. The move signals how vital mobile data has become to many prosecutions.

Read the article HERE.

Bridezilla feeds monster cynicism

The company behind the latest You Tube video sensation would like you to know this: It was never the intention to portray anything other than a dramatization. In other words, no one who watched "Bride Has Massive Hair Wig Out," seen 2.8 million times since its Jan. 18 release, should have believed it was a depiction of a real event free of artifice or deception.

In December, Sony admitted it had created a fake blog to promote its Play Station Portable. The blog, supposedly authored by a hip hop artist named Charlie, who claimed he wanted one of the portable devices for Christmas, was exposed as a fraud by bloggers suspicious of its legitimacy. Once the hoax was exposed, Sony admitted the blog was a veiled marketing tool.

A pro-Wal-Mart blog launched in September that chronicled the adventures of supposedly ordinary Americans travelling crosscountry in an RV and sleeping over in Wal-Mart parking lots was later exposed as a promotional tactic by Working Families for Wal-Mart, an organization created by the retail giant's public relations firm.

There is even a word for these kinds of sites: "flogs," short for fake blogs.

Read the article HERE.

Data Execution Prevention in Depth

With the new SecurAble freeware now launched, Steve Gibson and Leo Laporte discuss the full impact and importance of hardware DEP technology. I explain why I believe that hardware DEP is the single most important Internet-related security technology developed so far.

Take a look HERE.

Sunday, February 11, 2007

Happy Valentines Day [worm]

This worm reaches computers by email, in a message with variable subjects such as Together You and I, Everyone Needs Someone or Cyber Love. The sender field also varies, although it always contains a woman’s name. The file that contains the worm is an executable file with names such as flash postcard.exe or greeting postcard.exe.

Read about the alert HERE.

How Does The Hacker Economy Work?

For some illegal work, a security researcher could have made big bucks breaking into the SWIFT network for a hacker gang. The stakes can get pretty high in the hacker economy.

A few years ago, a security researcher living overseas was contacted by a man with an intriguing offer: The researcher would get 2.2 million euros (more than $2.8 million) for each financial services firm he helped the man and his group of cybercriminals infiltrate.

Read the article HERE.

[ At the bottom of this small piece is the link to the main story ]

Perils in Parallels?

Earlier this week Security Fix managed to install a new copy of Microsoft's Windows Vista Ultimate on top of Apple's Mac OS X operating system running on a Macbook Pro. I did this using Parallels, a powerful, free "virtual machine" program that lets users run two or more operating systems side by side at the same time.

When I went to behold the Frankenstein I'd created, I literally gasped when I realized that Vista now had complete access to read, write, or destroy files on my Mac's hard drive. The guest operating system -- in this case Vista -- has almost full run of the data on the underlying hard drive (the critical system files appear to be guarded).

Read the article HERE.

Yahoo! and the security certificate

The security certificate presented by this website was issued for a different website's address. Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

Read the article HERE.

Vista follow-up is Vienna

With Vista just out the door, Microsoft is now drawing up plans to deliver its follow-up client operating system by the end of 2009, according to the executive in charge of building the product's core components.

Read the article HERE.

Weekend Reading

10 Windows Vista myths

The official consumer launch of Windows Vista has brought with it a great deal of confusion, misinformation, and some fairly ignorant assertions. Windows expert Deb Shinder debunks some of the misconceptions she's been hearing, from exaggerated cost and hardware requirements to feature limitations and compatibility issues.

Read the article HERE.

The Psychology of Security

Security is both a feeling and a reality. And they're not the same.

The reality of security is mathematical, based on the probability of different risks and the effectiveness of different countermeasures. We can calculate how secure your home is from burglary, based on such factors as the crime rate in the neighborhood you live in and your door-locking habits. We can calculate how likely it is for you to be murdered, either on the streets by a stranger or in your home by a family member. Or how likely you are to be the victim of identity theft. Given a large enough set of statistics on criminal acts, it's not even hard; insurance companies do it all the time.

Read the article HERE.

Open vs. Closed

There is no better way to start an argument among a group of developers than proclaiming Operating System A to be "more secure" than Operating System B. I know this from first-hand experience, as previous papers I have published on this topic have led to reams of heated e-mails directed at me - including some that were, quite literally, physically threatening. Despite the heat (not light!) generated from attempting to investigate the relative security of different software projects, investigate we must.

Read the article HERE.

[US] Fraud and ID Theft Data for 2006

Unauthorized credit card charges were the leading contributor to more than $1.1 billion bilked in reported consumer fraud complaints last year, according to new figures released today by the [US] Federal Trade Commission.

Read the article HERE.

Phishing Facts

· An estimated 59 million phishing e-mails are sent each day.
· About 1 in 6 are opened.
· In 2006, about 109 million U.S. adults received phishing e-mail attacks, compared with 57 million in 2004.
· The average loss per victim in 2006 was $1,244, compared with $257 in 2004.
· Victims recovered an average of 54 percent of their losses in 2006, compared with 80 percent in 2004

Read the article HERE.

The Snake Eater

Problem: If a cop in Anytown, USA, pulls over a suspect, he checks the person's ID remotely from the squad car. He's linked to databases filled with Who's Who in the world of crime, killing and mayhem. In Iraq, there is nothing like that. When our troops and the Iraqi army enter a town, village or street, what they know about the local bad guys is pretty much in their heads, at best.

Solution: Give our troops what our cops have. The Pentagon knows this.

For reasons you can imagine, it hasn't happened.

This is a story of can-do in a no-can-do world, a story of how a Marine officer in Iraq, a small network-design company in California, a nonprofit troop-support group, a blogger and other undeterrable folk designed a handheld insurgent-identification device, built it, shipped it and deployed it in Anbar province. They did this in 30 days, from Dec. 15 to Jan. 15. Compared to standard operating procedure for Iraq, this is a nanosecond.

Read the article HERE.

Saturday, February 10, 2007

Are 'Sealed' Websites Any Safer?

As consumers become more concerned about protecting their information online, more "secure" labels have emerged, each promising to serve as a "Good Housekeeping seal of approval" for Website security. Hacker Safe and ControlScan, for example, prove that a site has been vulnerability-scanned. The new Extended Validation SSL (EV SSL) moniker, championed by digital certificate vendors such as VeriSign and Cybertrust, help verify that a site is not a phish or a phony.

Read the article HERE.

Security Czar Calls on IT Industry for Help

The United States government is better suited than ever to defend the nation's computing and communications networks, but federal watchdogs will need private industry to lend a hand to keep attackers at bay, according to the first-ever federal cyber-security czar.

Read the article HERE.

OpenSSL gets hard-fought revalidation

After a long and arduous journey that included a suspended validation last year, the Open Source Software Institute (OSSI) has announced that OpenSSL has regained its FIPS 140-2 validation and is now available for download. The validation process, which normally lasts a few months, took an astounding five years to complete, and those involved with the projects say they are already devising ways to avoid such long delays in future validations.

Read the article HERE.

Is Apple the New Evil Empire?

The signs are all there: The technological superiority. The ruthless march to galactic domination. The musical devices that from a fashion standpoint would be the perfect accessory for any Stormtrooper uniform.

Read the article HERE.

Apple Software v Microsoft Windows compatibility

Apple has revealed that its flagship iTunes is not be ready for Vista, and also in an Apple technical support document it seems that none of the company's Windows applications are yet compatible with Windows Vista.

These include: QuickTime, the iPod shuffle reset utility, Bonjour for Windows, AirPort for Windows, the iDisk utility, AppleWorks for Windows, and Apple Software Update for Windows. The stand-alone iPod updater for iTunes 6 for Windows also isn't ready for Vista.

Apple document HERE.

Beatles and Jobs agree on Apple trade mark

The Beatles and Steve Jobs have settled their dispute over the right to use the trade mark Apple for their respective businesses. The deal is the latest in a three decade-long string of agreements over the disputed name.

[ Will iPhone also take this long to resolve ? ]

Read the article HERE.

And if you still need more Applenews :
Jobs’ plea to abandon music DRM is scorned in Norway

Friday, February 09, 2007

Control and quarantine worms

A new anti-worm technology developed by Penn State researchers can not only identify and contain worms milliseconds after a cyber attack, but can also release the information if the quarantine turns out to be unwarranted.

Read the article HERE.

Weak passwords really do help hackers

Left online for 24 days to see how hackers would attack them, four Linux computers with weak passwords were hit by some 270,000 intrusion attempts -- about one attempt every 39 seconds, according to a study conducted by a researcher at the University of Maryland.

Read the article HERE.

Microsoft Patches Expected Next Week

Microsoft said that it plans to release at least a dozen patch bundles next Tuesday to plug security vulnerabilities in its Windows operating systems and other software. This patch batch could wind up breaking records for the most number of vulnerabilities fixed in one go by the company, as each patch can and often does address multiple security flaws

Read the article HERE.

Microsoft to Unveil Windows Mobile 6

The new version, Windows Mobile 6, is an upgrade to the popular Windows Mobile 5, now widely used in smart phones, PDAs and some cell phones. The new version adds a number of capabilities not present, or in some cases incomplete, in the earlier version.

Read the eWeek article
HERE or at Ars Technica HERE.

Thursday, February 08, 2007

Wi-Fi hacking with a handheld PDA

The palm-sized PDA tucked away in Justine Aitel's pocketbook just might be the most scary device on display at this year's RSA security conference. Aitel is roaming the hallways here with Silica, a portable hacking device that can search for and join 802.11 (Wi-Fi) access points, scan other connections for open ports, and automatically launch code execution exploits from a built-in exploit platform.

Read the article HERE.

When Security Companies Fail

Security Fix has long pontificated on the necessity of Microsoft Windows users setting up their machines to run under "limited user" accounts. It is considered a fairly effective method for warding off spyware and virus infections on your average Windows PC.

The kiosks of Microsoft Windows XP machines set up as a way for attendees to freely access e-mail from the conference floor were running under the all-powerful "administrator" account. In short, anyone could have used the terminals to download a free software program that records every keystroke typed on the terminals.

Read the article HERE.

Skype Reads Your BIOS

This probably would've gone unnoticed if the operation didn't fail on 64-bit windows. It's dumping your system BIOS, which usually includes your motherboard's serial number, and pipes it to the Skype application. I have no idea what they're using it for, or whether they send anything to their servers, but I bet whatever they're doing is no good given their track record. If they hadn't been ignorant of Win64's lack of NTVDM, nobody would've noticed this happening.

Read the article HERE.

U.K. data thieves face two years in prison

Information Commissioner Richard Thomas had proposed tougher penalties and said in a statement Wednesday that "a custodial sentence will act as a deterrent." Individuals who sell or deliberately misuse others' personal data in the U.K. could now face a penalty of up to two years in prison.

Read the article HERE.

Cybercrime ... Why not ?

Moving forward to 2007 and no one in their right mind would bother with an armed robbery these days. Why? It's not worth the risk. The volume of e-crime (as it is now officially called) has quite frankly left those agencies responsible for maintaining law and order high and dry.

Read the article HERE.

Symantec Spots Exploit for Excel Zero-Day Flaw

Symantec has uncovered malicious code that could exploit Microsoft's newest zero-day vulnerability. Today on Security Response Weblog, Symantec revealed the exploit, which could drop a back-door Trojan onto an infected system. The exploit "may enable an attacker to gain remote access to your computer," wrote Amado Hidalgo in the blog post.

Read the article HERE.

Wednesday, February 07, 2007

Security zone shortcomings

For those of you unaware or unfamiliar with browser security zones, the short story is that web sites can be classified into 'zones'. There's typically a zone for web sites you explicitly trust (such as your bank), a zone for local/intranet web sites (typical in a work environment), and then an Internet zone for everything else. The goal is to reduce the security privileges given to the Internet zone (i.e. restrict what the Internet at large can do to/with your browser), while having more relaxed restrictions for sites you trust (letting them perform more security-sensitive operations). In a perfect world, you would configure your browser to disable Javascript, ActiveX, Flash, and all other excessive features in the Internet zone. This would reasonably protect your browser against any Javascript-based attack (including attacks related to phishing and XSS) and likely curb direct browser exploitation by a native browser vulnerability.

Read the article HERE.

PCs targeted by hackers every 39 seconds

A PC connected to the internet will be attacked by hackers every 39 seconds on average, new research has revealed. A study by the A. James Clark School of Engineering at University of Maryland found that hack attacks now occur at a "near-constant rate".

Read the article HERE.

Gates: time to stop using passwords

For years, Microsoft Chairman Bill Gates has said that passwords are the weak link in the computer security chain. For years also he has called on computer users to move away from passwords to smart cards or other authentication methods.

[A man that is infamous for his quotes just keeps adding to the list]

Read the article HERE.

Yahoo India hacked

Yahoo India has roughly 25.5 MILLION USERS - that is 25.5 million potential victims of this hacking. I'm going to try and find a contact at Yahoo who can get that damned site shut down until it is cleaned up and security improved.

Read the article HERE.

Hackers Attack Key Net Traffic Computers

Hackers briefly overwhelmed at least three of the 13 computers that help manage global computer traffic Tuesday in one of the most significant attacks against the Internet since 2002.

Read the article HERE.

Tuesday, February 06, 2007

When is a firewall not a firewall?

When it’s Vista’s built-in firewall. Whereas one job of a personal firewall is to block potentially malicious inbound connections to your machine, another is to block potentially malicious outbound connections. In Windows Vista, Microsoft says its new Windows Firewall is now two-way, that it adds outbound protection, but a closer look reveals that this is more deceptive marketing spin. With Windows Vista what you get turns out to be a half-cocked firewall that's hardly worth the upgrade.

Read the article HERE.

Firefox Popup Blocker Vulnerability

There is an interesting vulnerability in the default behavior of Firefox built-in popup blocker. This vulnerability, coupled with an additional trick, allows the attacker to read arbitrary user-accessible files on the system, and thus steal some fairly sensitive information.

Read the article HERE.

Ignoring common security cues on banking sites

Password protection has its limitations, especially when it comes to things like online banking. That's why millions of phishing attempts are made every day—it's relatively easy to craft realistic-looking web pages that convince users to divulge passwords and other personal details. Financial institutions are well aware of this and as a result, have come up with additional authentication measures for their customers. A new study conducted by researchers from MIT and Harvard casts doubts on the efficacy of such measures.

Read the article HERE.

CounterSpy V2

Today, after 7 months of beta testing, we are launching CounterSpy V2.

Read the article HERE.

Security watchers lambast Vista

Windows Vista has only just left the starting blocks but security watchers have wasted no time in challenging claims that it provides improved security defences. Virus Bulletin, the independent security certification body, has revealed that Microsoft's own anti-virus product, Live OneCare, is among four anti-virus testing products that failed to reach the standard required for approval. McAfee's VirusScan anti-virus software also failed the tough VB100 certification process. Eleven of the 15 products submitted passed the tests.

Read the article HERE.

Iranian hackers possess Windows Vista

Cracked version of Windows Vista is already available at Iranian software markets. We have still received no news on Microsoft officials’ reaction to the cracking of their final version of Windows Vista.

Read the article HERE.

Monday, February 05, 2007

Have you seen the green bar yet?

High Assurance (now known as Extended Validation aka EV) Certificates are up and running for IE7 (the green address bar). To test if it is working for you, go to and see if the bar turns green (see screenshot below). If the bar doesn't turn green for you install the Windows Root Certificate update available here

Read the article HERE.

Running Vista Every Day

By Joanna Rutkowska : More then a month ago I have installed Vista RTM on my primary laptop (x86 machine) and have been running it since that time almost every day. Below are some of my reflections about the new security model introduced in Vista, its limitations, a few flaws and some practical info about how I configured my system.

Read the article HERE.

Stanford PwdHash

PwdHash generates theft-resistant passwords. The PwdHash browser extension invisibly generates these passwords when it is installed in your browser. You can activate this protection by pressing F2 before you type your password, or by choosing passwords that start with @@. If you don't want to install PwdHash on your computer, you can generate the passwords right here.

Visit the website [then the Stanford project website ] HERE.

Make Firefox Look Like Internet Explorer

Yes, it's true. There are some people that prefer the look of Internet Explorer to the way Firefox looks (though I've never met one). So, I've created this simple How To guide that shows you just what needs to be done to get Firefox looking just like IE. The goal of this project is mainly to demonstrate the power of Firefox's themes and extensions in making the browser work the way you want it to.

Read more HERE.

Sunday, February 04, 2007

VA and FBI Investigate Missing Hard Drive

WASHINGTON - The Department of Veterans Affairs (VA) today announced that an employee reported a government-owned, portable hard drive used by the employee at a Department facility in Birmingham, Ala. – and potentially containing personal information about some veterans – is missing and may have been stolen.

The Official Press Release is available at the VA website HERE.

This is the
second major data loss that the VA has experienced during the last 12 months. Last year [May 22, 2006] they reported losing a laptop containing data of 26.5 million veterans.

Kaspersky offers anti-virus for mobiles

Kaspersky Lab has produced new anti-virus software specifically for mobile phones. The new Anti-Virus Mobile software will cover Windows Mobile and Symbian phone and be officially launched next week at the RSA Conference 2007 in San Francisco. It includes signatures downloaded to the devices over their Internet connections, either via WAP or the Net. The updates can be installed using a scheduler or by hand. It includes screening of spam sent via SMS and can restrict incoming messages according to a blacklist or whitelist (banned or approved).

Read the article HERE.

Faster, safer Internet with OpenDNS

"OpenDNS runs a really big, smart cache, so every OpenDNS user benefits from the activities of the broader OpenDNS user base," says Allison Rhodes, community manager of OpenDNS. She says OpenDNS runs a high-performance network that is geographically distributed and serviced by several redundant connections. Currently, OpenDNS has four servers in the US and one in the UK. Live system statistics are available for all the servers. You can also view the current status of the servers and daily DNS requests for the past 30 days. One a typical day last month, Rhodes says OpenDNS responded to half a billion DNS queries.

Read more HERE.

The Shape of Disaster on the Net

The quakes that damaged seven undersea cables last month got me thinking about disasters in general and they way they look to the network routing around them. Much has already been written about the quakes and the damage that they did to telecommunications infrastructure to Asia. But two perspectives have been missing. The first is the understanding of the event from a network (Internet) perspective.

Read more HERE.

Introduction to Windows Integrity Control

This article takes a look at the Windows Integrity Control (WIC) capabilities in Windows Vista by examining how it protects objects such as files and folders on Vista computers, the different levels of protection offered, and how administrators can control WIC using the ICACLS command-line tool. WIC is intended to protect a system from malware and user error by helping to establish different levels of trust on objects.

Read more HERE.

Vista Family Discount Keys Not Compatible

Many (if not all) users who took advantage of Microsoft’s Vista Family Discount have been issued invalid installation keys and cannot install Windows Vista Home Premium. Microsoft confirms that the keys are indeed valid, but not for Windows Vista. The CSR I spoke with was unable to tell what the key was for, but it did appear to be a valid key, for something.

Read more HERE.

Weekend Reading

I Was a Cybercrook for the FBI

For 18 months beginning in April 2003, Thomas worked as a "paid asset" for the FBI running a website for identity and credit card thieves from a government-supplied apartment in the tony Queen Anne neighborhood of Seattle.

From bedrise to bedrest, seven days a week, he rode the boards and forums of his and other carding sites using the online nickname El Mariachi. He recorded private messages and IRC chats for the FBI as "carders" schemed to, among other things, sell stolen credit and debit card numbers, defraud the George Bush and John Kerry campaign sites, drain hundreds of thousands of dollars from bank and investment accounts, sell access to Paris Hilton's T-Mobile account and run phishing scams against U.S. Bank and the FDIC. He did it all while battling denial-of-service attacks against his site and dodging attempts by his old partner Taylor and other carders to track his whereabouts and out him as a fed.

Take a look HERE.

Windows XP Events and Errors Message Center

Learn how to use the Windows XP Events and Errors online reference search page and the Event Viewer to get more information about the error and event messages generated by Windows XP Professional. Find detailed message explanations, recommended user actions, and links to additional support and resources.

Try it HERE.

Evaluating Security Tools

All companies face the challenge of evaluating security tools that they will procure, but knowing where to start can be a daunting task. While there's no perfect way to ensure that a product meets your needs a little due diligence is essential. Fortunately, various resources are available to assist.

Take a look HERE.


Bill Gates Brags About Apple's Latest Ads

On the morning of the launch of the Vista operating system earlier this week, Microsoft chairman Bill Gates talked with NEWSWEEK’s Steven Levy about the new version of Windows—and the one after that. He also shared his views on those Apple television commercials in which the Mac is represented by a hip guy and the PC by, well, a dweeb.

Read more [and watch the Apple video] HERE.

To DMZ or not to DMZ?

It has been a long standing idea that a DMZ is a best practice when it comes to designing and implementing a corporate network. It's even required by some regulations (see article listings below). The argument not to use a DMZ has been gaining ground in discussions around the security community. The argument basically goes that once you break a system in the DMZ, they now have the keys to the kingdom. So network admins should secure every system as though it was internal and require proper authentication to gain access. That doesn't mean that you have to get rid of the DMZ, but maybe the DMZ is a crutch not to secure all systems properly. Take away the crutch, and you'r forced to do it correctly.

Read more HERE.

The Trouble with Vista

At least 80% of the changes in Windows Vista are positive. Microsoft took the extra time to smooth over some of the speed bumps noticeable in the prerelease builds of the OS. You can't fault the software giant for lack of effort with Vista's development process.

Microsoft stopped focusing on end users and now seemingly makes many decisions based on these two things: 1. Avoiding negative publicity (especially about security and software quality) 2. Making sure the largest enterprise customers are happy

Read more HERE.

In Touch With Security's Sensitive Side

Schneier says the goal of his talk at RSA is not to discuss security technologies or tactics, but to explain how people think, and feel, about security. "A lot of the time at RSA, we are just puzzled why people don't secure their computers, and why they behave irrationally. Psychology has a way of explaining this," he says. "If we in the [security] industry expect to build products, we need to understand our customers."

Read more HERE.

Saturday, February 03, 2007

IE 7 gives secure Web sites the green light

Microsoft has quietly flipped the switch on a new feature in Internet Explorer 7 meant to combat phishing scams. Microsoft is the first browser maker to adopt the EV SSL certificates. Some say the Redmond, Wash.-software giant even jumped the gun by adopting an unfinished standard for issuing the certificates. Other browser makers are still contemplating how to support the new certificates in their products.

Read the article HERE.

Video - Haxdoor Demo

Last Friday's post linked to Computer Sweden and an "interview" with Corpse, the author of Haxdoor. Today we have some video demos of Haxdoor.KI and F-Secure Internet Security 2007 with DeepGuard technology.

The DeepGuard System Control feature is capable of defending a system even without definitions of the malware. This is because the behavior of the malware is determined as a threat and is automatically blocked. The demo uses a Rakningen sample that was caught during a spam run.

See the demo HERE.

Vista encryption

Security advances in Windows Vista are unlikely to frustrate cybercrime investigation, according to a leading computer forensics firm. Enterprise and Ultimate editions of Vista include a feature that provides data volume encryption called BitLocker Drive Encryption. Suggestions that BitLocker contains a backdoor allowing law enforcement agencies automatic access to encrypted volumes have been robustly denied by Microsoft.

For one thing, in two of its three modes of operation BitLocker requires a cryptographic hardware chip called a Trusted Platform Module and a compatible BIOS. These chips are yet to become widely available much less deployed. The third mode requires a user to insert a USB device that contains a startup key in order to boot the protected OS.

Read more HERE.

Piracy worked for us

Pirated Microsoft Corp software helped Romania to build a vibrant technology industry, Romanian President Traian Basescu told the company's co-founder Bill Gates on Thursday.

Read more HERE.

Microsoft lists Vista high points - a laugh riot

One of the most damning condemnations of the shiny DRM infection masquerading as an OS is on Microsoft's own site, its paid for list of reasons why Vista roX0rz or something. It is really a good laugh.

Read the article HERE.

Friday, February 02, 2007

Crack Windows password with Ophcrack Live CD

Extremely impressed at the ease and speed with which the Ophcrack Live CD cracked my Windows admin password when I tested it out last week, I thought it might be useful to throw together a quick guide detailing how to use this powerful little utility.

Read the article HERE.

Vista [financial] hack

Many people are upset by the fact that the economical, "upgrade" version of Vista won't accept a Windows XP or Windows 2000 CD-ROM as proof of ownership. Vista Upgrade is said to install only to a hard disk that already has XP or 2000 already on it.

But I've tested a method that allows you to clean-install the Vista upgrade version on any hard drive, with no prior XP or W2K installation — or even a CD — required.

Read more HERE.

'Contact us' attack takes out mail servers

The "contact us" feature on many websites is often insecure and makes it easy to launch denial of service attacks on corporate mail servers, according to UK-based security consultancy SecureTest.

The "contact us" feature is usually a form that allows surfers to submit comments to the people running a website. According to SecureTest, these forms can be used to launch denial of service attacks through endemic security weaknesses that have largely been overlooked.

Read more HERE.

The Verbal Vista Hack?

Microsoft has said that a voice-recognition feature built into Vista could be exploited remotely to delete files on a victim's machine if he or she visited a Web site that tried to issue specific commands through the computer's audio system.

Microsoft noted that the voice-recognition feature is not turned on by default in Vista, and that such an attack would be extremely difficult to execute.

Read more HERE.

Thursday, February 01, 2007

Word exploit number 5?

Symantec are reporting in their Security Response weblog what may turn out to be a fifth unpatched vulnerability in Word, with which code can be injected onto and executed on a system using prepared Word documents.

Read more HERE.

Script wreaks havoc on MySpace

A handful of enterprising people - at least one of them a teen - has devised a Javascript that allows its owner to temporarily access the browser's MySpace account. These people also may have managed to spam about 1.5 million MySpace accounts, according to a Google Search. They pulled off the latter feat in less than three weeks by collecting thousands of passwords, according to one of the operators, in a venture that would appear to violate numerous terms governing the use of the social network.

Read more HERE.

Don't Be Mistaken for a Spammer

The "This is Spam" button popping up on many service providers' email services can be empowering for a user or potential spam victim. But it can also be the kiss of death for a legitimate business that, with a click of that button, gets falsely labeled as a spammer.

Naiveté, dumb luck, or just plain laziness can stuff your company into the spam can if you're not careful. By making any one of several common mistakes, your company can encounter blocking of its marketing emails, newsletters, or other key customer interactions.

Read more HERE.