Anonymous threatens to DDOS root Internet servers
An upcoming campaign announced by the hacking group Anonymous directed against the Internet's core address lookup system is unlikely to cause much damage, according to one security expert.
In a warning on Pastebin, Anonymous said last Thursday it would launch an action on March 31 as part of "Operation Global Blackout" that would target the root Domain Name System (DNS) servers.
Anonymous said the attack has been planned as a protest against "our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun".
The DNS translates a Web site name, such as www.idg.com, into a numerical IP (Internet Protocol) address, which is used by computers to find the Web site. Read more...
Security biz scoffs at Apple’s anti-Trojan Gatekeeper
Security watchers are expressing reservations about whitelisting security that Apple plans to integrate with OS X Mountain Lion this summer.
The security feature, dubbed Gatekeeper, restricts the installation of downloaded applications based on their source. Users can choose to accept apps from anywhere (as now) but by default Gatekeeper only lets users install programs downloaded from the Mac App Store or those digitally signed by a registered developer. More cautious users can decide to accept only applications downloaded from the Mac App Store.
The technology is designed to make it harder to trick Mac fans into installing Trojans. Apple is essentially acting to nip the problem of scareware scams and the like on Macs in the bud, before Apple-targeting malware gets out of control.
From a system security perspective that's a laudable aim but there may be less palatable consequences. Read more...
Kelihos botnet still dead, say Microsoft, Kaspersky
Contrary to reports, the Kelihos botnet has not crawled out of the grave, Microsoft said last week. But the company acknowledged that a new botnet is being assembled using a variant of the original malware.
The reappearance of a Kelihos-like army of hijacked computers shows just how difficult it is to eradicate a botnet, security experts said today.
"It's not possible in most cases," said Roel Schouwenberg, a senior researcher with Moscow-based antivirus company Kaspersky Lab, when asked whether killing a botnet was feasible. "What you're going for is disruption more than anything."
Liam O Murchu, manager of operations at Symantec's security response team, agreed and said that there was only one way to insure a botnet's death. Read more...
Windows 8, Windows Phone 8 DNA splice is on – report
Windows 8 and Microsoft's next major phone operating system will merge, if reports are correct.
Windows Phone 8, codenamed Apollo, will reuse code from Windows 8, due this year - specifically the kernel, network stacks, security and multi media. That means Windows Phone 8 will ditch the current Windows Phone 7.5 core that uses Windows Embedded Compact.
The report, here, is based on a supposed leaked Microsoft video featuring Windows Phone manager Joe Belifore. The presentation was intended for partners of Microsoft's phone BFF Nokia. The video was not posted. Read more...
Virus-slingers abuse WordPress vulns, dose punters with exploit
Malware-spreaders are hacking into vulnerable WordPress-powered sites in order to drive traffic towards pages loaded with exploits.
Hundreds of websites based on WordPress 3.2.1 have been compromised so that surfers directed to the WordPress-built sites via email links are exposed to the Phoenix exploit kit, M86 Security warns.
In order to lure users to compromised pages, the attacker has spammed out thousands of malicious emails querying an unfamiliar bill and asking recipients to click on a link. (Web security firm Websense separately warned of this spam run late last week.) Read more...
Cyber security report: All countries lag behind the bad guys
The U.S. and U.K. are relatively well prepared for cyber attacks, compared to many other developed nations, but everyone has more work to do, according to a new cyber security study from McAfee and Security & Defence Agenda (SDA).
The report, which ranks 23 countries on cyber security readiness, gives no countries the highest mark, five stars. Israel, Sweden and Finland each get four and a half stars, while eight countries, including the U.S., U.K., France and Germany, receive four stars. India, Brazil and Mexico ranked near the bottom.
No country is ahead of cyber attackers, said Phyllis Schneck, CTO of the public sector for McAfee. The bad guys are "faster and swifter" than the good guys, she said. Read more...
Enterprise gets social: Twitter-style data streams, engagement ‘apps’
Enterprise software developers are just as talented as their free-wheeling consumer-facing peers, but are shackled by the need to prioritise enterprise security over personal utility, and by the fact that IT buyers differ significantly from IT users, as 37 Signals' Jason Fried has pointed out. But a new breed of enterprise software seeks to overlay and augment crufty old systems with dynamic, user-friendly social software, and may well become a $4bn market within the next five years, according to Wells Fargo analyst Jason Maynard.
Data, not surprisingly, is both the engine behind this shift and the glue sticking it all together.
Enterprise software systems, new or old, throw off immense amounts of data, or "digital exhaust". With the rise of programmable interfaces, or APIs, getting access to that exhaust is easier than ever, but data is only useful if harnessed, made comprehensible, and turned to business value.
Unfortunately, most data is "exhaust" in the traditional sense of the word: waste. If enterprises collect data they do so in data warehouses that sit largely untapped. This is a shame given the potential of data to transform the way we work.
Enter the data stream. Read more...
How to prevent thumb drive security disasters
For such a small device, the plastic, handheld USB flash drive can cause big security headaches. Even if you have robust end-point security and establish rigid policies about employee use of these drives, employees still find a way to copy financial reports and business plans for use at home. While other security breaches are more traceable, a flash drive is more difficult to monitor, especially after the employee leaves work.
Some security professionals suggest a radical approach to locking down USB flash drives. Sean Greene, a security consultant at Evidence Solutions, advises his clients to use a clear silicone caulk and fill every USB port on every PC to prevent USB attachments. He says the only way employees can transmit sensitive business documents is by email, a method that his clients can easily monitor.
Chris Harget, a spokesperson for security vendor ActivIdentity, adds that many military organizations don't allow the drives at all, and they have resorted to gluing USB ports closed to prevent breaches.
Yet, in the modern IT climate, CIOs know they have to provide the services employees need to do their jobs, and that can include using a USB drive. For example, in a sales organization, employees often need to load PowerPoint slides, which may contain company financials, onto a USB flash drive. Read more...
Accused Kelihos botnet maker worked for two security firms
A Russian man who was accused Monday by Microsoft of creating the Kelihos botnet worked for a pair of security-related firms from 2005 to 2011, according to evidence on the Web.
In an amended complaint filed yesterday in federal court, Microsoft identified the man as Andrey Sabelnikov of St. Petersburg.
According to his LinkedIn profile, Sabelnikov worked for two Russian companies that specialize in security, including the antivirus firm Agnitum, for the last six years.
Agnitum, which is based in St. Petersburg, develops and sells a Windows antivirus product called OutPost Antivirus Pro as well as a personal firewall for Windows PCs. A company spokesman confirmed today that Sabelnikov worked for the firm from September 2005 until November 2008. Read more...
Twitter acquires antimalware company Dasient
Twitter has acquired Internet security firm Dasient, the Sunnyvale, California startup said on its blog on Monday.
Dasient, which describes itself as a cloud-based Web antimalware technology company, introduced in 2010 a service to protect advertisement networks and publishers from malicious ads.
"Over the last year, we have been very active in securing the ads and content of the some of the industry's largest ad networks and web sites," Neil Daswani, the company's co-founder and chief technology officer, said in a blog post.
Before that in 2009, the company launched its web antimalware platform, capable of scanning URLs (uniform resource locators) and websites for the presence of harmful content.
The acquisition fits with Twitter's plans to expand revenue from advertising including promoted Twitter messages and accounts. Read more...
SharePoint gods peek into colleagues’ info – poll
SharePoint admins are abusing their privileged status to sneak a peak at classified documents according to a poll that shows consistent abuse of security in Microsoft's business collaboration server.
A third of IT administrators or somebody they know with admin rights have read documents hosted in Microsoft's collaboration server that they are not meant to read.
Most popular documents eyeballed were those containing the details of their fellow employees, 34 per cent, followed by salary – 23 per cent – and 30 per cent said "other."
Ironically, the poll found the jury almost split on whether the authors of documents themselves could be trusted to control the security privilege settings on their work.
IT admins are firmly in control of setting access rights within SharePoint; 69 per cent set the permission levels that say who reads what, by individual or by group. Read more...
Smarter hypervisor use can lead to a ‘big, big change’ in security
To gain insight on the months ahead as they relate to IT attacks, malware, cloud security, and the impact of virtualization on security, we recently chatted with Simon Crosby, former CTO of Citrix Systems' data center and cloud business. Crosby recently founded a cloud security startup, Bromium, with Guarav Banga, former CTO and senior vice president at Phoenix Technologies, and Ian Pratt, chairman of Xen.org and co-founder of XenSource.
CSO Online: What do you think 2012 may bring in terms of malware?
Crosby: I think you will see, obviously, a growth. By the way, the growth path in malware is currently exponential per year. That will continue. That's obvious. I think you'll see, in the U.S. large enterprise and maybe even in the federal infrastructure, another major compromise next year. It will be incredibly bad and incredibly embarrassing. That is, to say, very succinctly, we are now in a state of ongoing national cyber espionage. It's not cyber war, but it's cyber espionage on a grand scale. That's absolutely going to carry on. However, I do think the year ahead heralds a fantastic opportunity. It will be the first time when virtualization hardware and its uses within computer systems, generally, dramatically change the odds in favor of security. Read more...
Microsoft: More secure but mission not over
In January 2002, Microsoft's Chairman Bill Gates kicked off the software maker's Trustworthy Computing Initiative with a companywide memo, telling employees that "there are many changes Microsoft needs to make as a company to ensure and keep our customers' trust at every level -- from the way we develop software, to our support efforts, to our operational and business practices."
Security problems continue to plague users and corporate customers in the software industry as a whole, but Microsoft has made great strides and set the standard in many aspects of how software should be designed, developed, secured, and supported.
Microsoft did not take the first steps on this road willingly; the software giant was pushed and prodded by hackers, security researchers, and virus writers. In 2001 the double blow of the Code Red worm and Nimda convinced Microsoft that efforts to secure its products were not working. Read more...
10 years ago today: Bill Gates kicks arse over security
Analysis Sunday marks the tenth anniversary of Bill Gates' Trustworthy computing memo, which made designing security into applications from the ground up a key priority at Microsoft for the first time.
The directive to make security a number one priority followed a period when Microsoft hack taken a sustained shellacking over the instability and insecurity of its software, especially Internet Explorer and Outlook,following the rampage of high-profile malware outbreaks such as the Love Bug, Melissa and Nimda.
The memo came after Microsoft had spent years fighting the Department of Justice's antitrust suit that centred of its Windows monopoly, in particular the bundling of IE with Windows, and two years after Redmond had begun to embrace web services with the launch of .Net.
Apple Macs were not the threat to Microsoft's desktop monopoly that they now pose but the perception of insecurity was a problem for Microsoft's ammunitions to push its servers and associated applications into the data centre, as well as its fight against Linux as a web server platform. Read more...
Wi-Fi Protected Setup easily unlocked by security flaw
Security researcher Stefan Viehböck has demonstrated a critical flaw in the Wi-Fi Protected standard that opens up routers to attack and has prompted a US-CERT Vulnerability notice.
Wi-Fi Protected Setup (WPS) is used to secure access to wireless networks and requires each router to have a unique eight-digit PIN. One mode of use allows a device to connect by just presenting that PIN, opening the way for a client to just try every available PIN. Worse still, the protocol splits the PIN into two halves which reduces the attack time to a couple of hours.
Eight digits should produce 100,000,000 possible combinations, and testing various routers Viehböck found it took an average of around two seconds to test each combination. So brute forcing should take several years unless the router was particularly responsive. Read more...
Websites, apps vulnerable to low-bandwidth, bot-free takedown, say researchers
Hackers armed with a single machine and a minimal broadband connection can cripple Web servers, researchers disclosed Wednesday, putting uncounted websites and Web apps at risk from denial-of-service attacks.
In a security advisory issued the same day, Microsoft, whose ASP .Net programming language is one of several affected by the flaw, promised to patch the vulnerability and offered customers ways to protect their servers until it releases an update.
In a follow-up message, Microsoft announced it was shipping an "out-of-band," or emergency update today. The update was released at 1 p.m. ET. Designated MS11-100, it also fixed three other bugs in ASP .Net, one tagged "critical." None of those three had been disclosed publicly prior to today.
The problem that caused a stir in the security community exists in many of the Web's most popular application and site programming languages, including ASP .Net, the open-source PHP and Ruby, Oracle's Java and Google's V8 JavaScript, according to two German researchers, Alexander Klink and Julian Walde. Read more...
Expect more cyber-espionage, sophisticated malware in ’12, experts say
The security industry expects the number of cyber-espionage attacks to increase in 2012 and the malware used for this purpose to become increasingly sophisticated.
In the past two years there has been a surge in the number of malware-based attacks that resulted in sensitive data being stolen from government agencies, defense contractors, Fortune 500 companies, human rights organizations and other institutions.
"I absolutely expect this trend to continue through 2012 and beyond," said Rik Ferguson, director of security research and communication at security firm Trend Micro. "Espionage activities have, for hundreds of years, taken advantage of cutting-edge technologies to carry out covert operations; 2011 was not the beginning of Internet-facilitated espionage, nor will it be the end," he added.
Threats like Stuxnet, which is credited with setting back Iran's nuclear program by several years, or its successor, Duqu, have shocked the security industry with their level of sophistication. Experts believe that they are only the beginning and that more highly advanced malware will be launched in 2012. Read more...
2012 in security: Rising danger
Computer security involves more than installing an antivirus utility on your PC. Malicious hackers are on a mission to steal money and wreak havoc, and they'll do it by any means possible. The growing number of mobile devices, such as phones and tablets, and the popularity of social networks give them new avenues in which to expand their cybercrime.
Here's a look at the security issues various technologies will face in the coming year.
Smartphones and tablets
The amount of malware spreading on phones and tablets continued to surge this year, rising 22 percent over 2010 in the first half of 2011, according to a McAfee study (PDF). Android came under fire -- surpassing Symbian and Java ME as the most attacked mobile operating system, according to the study -- with a 76 percent jump in malware from the first quarter of 2011 to the second. Android became the target due to its open nature and its large market share (43 percent in the third quarter of 2011, according to Nielsen).
Mobile infections will continue to rise in 2012 -- especially on Android products -- as the population of devices increases further. Mobile malware often spreads via app stores, posing as a new app or as a look-alike of a well-known app. Third-party app directories usually contain more malware than official app stores do, so stick with the latter. Even then, examine user reviews and do research before you download, especially in the case of new apps. Also, install an antivirus app like Lookout Mobile Security for Android, BlackBerry, iOS, and Windows Mobile, or AVG Mobilation for Android and Windows Phone 7. Read more...
EBay buys BillSafe for ‘purchase-on-invoice’ technology
EBay has purchased German vendor BillSafe to complement its PayPal online payment system, the company announced Thursday. Terms were not disclosed.
BillSafe offers "purchase-on-invoice" capabilities, which allows shoppers to choose items, receive them, and then get a bill for payment later. EBay had taken a minority stake in the company in October 2010.
Purchase-on-invoice is extremely popular in Germany, Austria, Switzerland and the Netherlands, and in Germany alone, eBay has 15 million accounts, the company said. Read more...
Google’s Schmidt calls Carrier IQ software a keylogger
Google Executive Chairman Eric Schmidt today distanced his company from Carrier IQ's software, even as he described the technology as a keylogger. Schmidt's comments came at an Internet freedom conference in the Netherlands.
A Reutersstory from The Hague quotes Schmidt as saying that Carrier IQ's software is a keylogger that "actually does keep your keystrokes."
"We certainly don't work with them and we certainly don't support it," Schmidt said.
It was not immediately clear whether Schmidt's description of Carrier IQ as a keylogger was based on independent knowledge of the software or on recent claims by security researcher Trevor Eckhart. Read more...
Kaspersky Dumps Anti-Piracy Group in SOPA Protest
Security vendor Kaspersky has announced it will withdraw its membership of the Business Software Alliance (BSA) over the group’s support of SOPA. The Russian company, which is famous for its anti-virus products, says the pending legislation will hurt both innovation and consumers. In protest, Kaspersky will end its association with the BSA on January 1st 2012.
While the opinions of outright SOPA opponents are well documented, it came as a surprise last month when the Business Software Alliance (BSA), a former staunch supporter, published a blog post indicating it had some reservations on the pending legislation.
The BSA – which counts giants such as Microsoft, Apple, Adobe and Intel among its ranks – declared in their headline that SOPA Needs Work to Address Innovation Considerations.
Nevertheless, for BSA member and security vendor Kaspersky, it’s too little, too late. Read more...
Why are Android anti-virus firms so slow to react on Carrier IQ?
Some Android anti-virus firms have begun releasing Carrier IQ detection apps, but only after the controversial software became a talking point on Capitol Hill ... and a month after a security researcher first discovered it.
BitDefender released Carrier IQ Finder, an app that identifies the presence of the controversial mobile diagnostic tool, following Lookout's earlier release of a similar tool called Carrier IQ Detector. Both applications let mobile phone users know if they have Carrier IQ running on their Android phone without actually removing it. Each has been available at no charge via the official Android Market since last Saturday (3 December).
In a statement, BitDefender said that Carrier IQ's mobile network diagnostic tool is "so deeply integrated with the device’s firmware [that] Carrier IQ Finder cannot remove it". Read more...
Facebook friends could be strangers in disguise, researcher shows
A recent study showed just how easy it was to fool even a security expert into accepting friend requests from total strangers. The trick? Open a profile posing as someone's real-world friend. Even if they're already that person's friend, there's a chance they will friend him or her again.
The study, presented at a conference by Brazilian security expert Nelson Novaes Neto and written up by Ars Technica, involved establishing mutual friends between the victim and the fake account. When the fraudster spammed hundreds of possible mutual friends, some were bound to accept, and did. Within 7 hours, the fake account had enough mutual friends to look like a legitimate acquaintance — all the credibility the victim needed. Read more...
Mobile spyware raises ethical, legal questions
In 2003, Atir Raihan began work on a product that has gone on to gain infamy in the world's security industry. His idea: to build a spyware program for mobile phones that would allow people to catch a cheating spouse.
"I remember eight years ago, having a drink with friends and telling them about my personal situation. It involved infidelity with an old girlfriend," Raihan recalled recently. Wouldn't it be good, he thought, if there were a technology that could help him get to the bottom of it?
Seeing a potential business opportunity, as well as a solution to his relationship dilemma, Raihan and his Thailand-based company, Flexispy, developed a product of the same name that can secretly track calls and texts made to and from a mobile phone. Read more...