softsecurity.com This day highlights

TSA worker tried to sabotage terror database, feds say

Fri, 12 Mar 2010 01:59:20 GMT

One week after losing job A former data analyst for the US Transportation Security Agency has been accused of trying to sabotage a terrorist screening database used to vet people with access to sensitive information and secure areas of the nation?s transportation network.?

Exploit for IE 0-day flaw published, patch still unavailable

Fri, 12 Mar 2010 01:11:48 GMT

An Israeli hacker has created an exploit for the IE zero-day flaw that Microsoft warned about on Tuesday, and the code is already being inserted into the Metasploit Framework. According to Ryan Nar...

Microsoft plants Bing on Google-free Chinese Androids

Fri, 12 Mar 2010 00:37:13 GMT

Google apps 'postponed' on China carriers Motorola will soon push Microsoft's Bing search engine onto Android phones in China, after announcing an alliance with the Redmond software giant that will see Bing appear on Androids across the globe.?The power of collaboration within unified communications

Advanced Persistent Threats: Should your panties be in a bunch, and how do you un-bunch them?

Fri, 12 Mar 2010 00:00:21 GMT

Marketers are starting to abuse the APT (Advanced Persistent Threat) term but that doesn't dilute the true meaning of this adversary.

New Federal IT security certification program

Thu, 11 Mar 2010 22:35:34 GMT

A new certification program specifically designed and tailored to help secure the nation�s Federal information technology systems was unveiled today. The certification program � called the Federa...

One-third of orphaned Zeus botnets find way home

Thu, 11 Mar 2010 22:04:10 GMT

Cyber security's short-lived victory The takedown of 100 servers used to control Zeus-related botnets may be a short-lived victory, security researchers said after discovering that about one-third of the orphaned channels were able to regain connectivity in less than 48 hours.?Case Study: WhatsUp keeps Legoland turnstyles ringing

Koobface gang refresh botnet to beat takedown

Thu, 11 Mar 2010 18:32:16 GMT

Twitter scourge changes pants Command and Control servers associated with the infamous Koobface worms have gone through a complete refresh over the last fortnight. Russian net security firm Kaspersky Lab reckons the change up might be aimed at making takedown efforts by cybercrime fighters more difficult.?

Targeted attacks exploiting PDF bugs are soaring

Thu, 11 Mar 2010 18:07:05 GMT

Adobe is having a hard time fighting its bad reputation when it comes to products riddled with vulnerabilities. Adobe Reader exploits seem the weapon of choice of many a cyber criminal - as can be att...

Q&A: Google hacking

Thu, 11 Mar 2010 17:59:01 GMT

Robert Abela is a Technical Manager at Acunetix and in this interview he discusses the importance of Google for security research, provides tips on Google for information gathering and more. Based ...

Is that a bot in your pocket? Or does it just look like one?

Thu, 11 Mar 2010 17:47:38 GMT

Results from a research project titled MOBOTS: Pocketful of Pwnage, which was designed to show how easy it would be to create a large mobile botnet.

0-day exploits for IE flaw another reason to switch to IE8

Thu, 11 Mar 2010 17:45:00 GMT

Microsoft confirmed on Tuesday a new flaw affecting version 6 and 7 of its Internet Explorer web browser that could allow remote code execution. The security advisory noted that targeted attacks using the flaw were already in the wild. This information was confirmed by McAfee, reporting that exploitation of the flaw was originating from the domain topix21century dot com over both HTTP and HTTPS. The drive-by attacks install a backdoor which connects to a command-and-control server. Analysis by Symantec reveals that the exploit works effectively on IE6. IE7 tended to crash instead, and IE8 is, as stated in the Microsoft advisory, immune. The attack loads some malicious code, and then makes repeated changes to the HTML document eventually provoking execution of the malicious code. The best solution is to upgrade to IE8, as one of the many improvements found in this browser also seals off the security hole. Failing that, enabling Data Execution Prevention in IE7 should provide some level of mitigation, as the current exploits do not circumvent DEP (though they could probably be combined with DEP bypass techniques). Removing access to the file iepeers.dll using either of the mechanisms described in Microsoft's advisory prevents Internet Explorer from loading the flawed code, but may also break print and web folder functionality. Finally, disabling of scripting and ActiveX in the Internet and Local Intranet security zones should also provide protection against exploitation. Microsoft has still made no indication whether this flaw will receive an out-of-band update, but with exploits in the wild and documented analysis of the exploit, clearly this flaw is something that needs fixing, and soon. Read the comments on this post

Koobface worm doubles its number of command and control servers

Thu, 11 Mar 2010 16:50:19 GMT

The shut down and recovery of the Troyak-as command and control center (C&C) for the active Zeus botnet was good news for the whole IT security community. Unfortunately, as some botnets struggle, o...

It's time to embrace the shift to the cloud

Thu, 11 Mar 2010 15:54:45 GMT

The software industry is entering another age of astonishing innovation. It's a time when not only software is advancing at a fast pace, but so too are hardware devices � where power is increasing as ...

Estonian DDoS revenge worm crafter jailed

Thu, 11 Mar 2010 15:35:06 GMT

Infection still spreading An Estonian virus writer has been jailed for two and a half years for creating a Windows worm family that launched denial of service attacks on the websites of a local insurance firm and ISP.?

File sharing networks open door to identity theft

Thu, 11 Mar 2010 14:43:46 GMT

According to the Washington Post, in any given second, nearly 22 million people around the globe are on peer-to-peer file-sharing networks downloading and swapping movies, software and documents over ...

Employees continue to put data at risk

Thu, 11 Mar 2010 14:27:11 GMT

According to a Ponemon Institute study, business managers continue to pose the greatest threat to sensitive company information such as customer records, health information and other private data. Des...

Tories on cyber war: Waffle, mutter, waffle. Um, vote for us!

Thu, 11 Mar 2010 14:22:58 GMT

'Computers. Clicking, typing. Email. I could go on' Tory peer and shadow security minister Baroness Pauline Neville Jones has set out her party's thoughts on cyber war and defence. Unfortunately once the waffle is stripped away there's pretty much nothing there.?

Password reset questions dead easy to guess

Thu, 11 Mar 2010 14:18:29 GMT

Your pet's name is Poochie? You're pwned Guessing the answer to common password reset questions is far easier than previously thought, according to a new study by computer science researchers.?

Bogus Playstation emulators pack Trojan payload

Thu, 11 Mar 2010 12:49:25 GMT

'Will be around for a long time' Retro gaming fans are being targeted in a new con designed to infect computers with a Trojan linked to scareware scams.?

PayPal restores Cryptome for real

Thu, 11 Mar 2010 12:28:46 GMT

Now go away PayPal has finally made good on its pledge to restore Cryptome's account many hours after the firm's head of global communications told Register readers it had already done so.?

etc: Another botnet takes a beating as Kazakh ISP Troyak is taken offline, temporarily disabling most of the command-and-control servers for the Zeus network.

Thu, 11 Mar 2010 05:05:29 GMT

Another botnet takes a beating as Kazakh ISP Troyak is taken offline, temporarily disabling most of the command-and-control servers for the Zeus network. Read More: Computerworld, abuse.ch Read the comments on this post

Zeus botnets suffer mighty blow after ISP taken offline

Thu, 11 Mar 2010 01:23:57 GMT

One quarter of C&C channels vanish At least a quarter of the command and control servers linked to Zeus-related botnets have suddenly gone quiet, continuing a recent trend of takedowns hitting some of the world's most nefarious cyber operations.?Offloading malware protection to the cloud

IE zero-day flaw leaks out; Exploit code published

Thu, 11 Mar 2010 01:22:12 GMT

Using obvious clues from a McAfee blog post, an Israeli hacker was able to pinpoint the latest Internet Explorer zero-day vulnerability and create working exploit code

Bad employee! 12% knowingly violate company IT policies

Thu, 11 Mar 2010 01:17:00 GMT

By now, it's practically a mantra that the biggest problem with corporate IT security is the employees themselves. However, we usually assume that's due to ignorant users or poorly enforced policies. Not so for a chunk of the US working population—according to a survey conducted by Harris Interactive, 12 percent admitted to knowingly violating IT policy in order to get work done. The survey of 1,347 employed adults was conducted on behalf of Fiberlink, a company that hawks services that "help enterprises connect, control and secure laptops and mobile devices." Needless to say, the survey results fit perfectly into the company's agenda, but they are hardly surprising. After all, how many of us know someone who has left a work laptop in an unattended vehicle, sent unencrypted e-mails without permission, or reused the same three passwords over and over instead of choosing new ones every 90 days? Fiberlink CEO Jim Sheward warned of the obvious. "IT departments nationwide spend a lot of time and money on their compliance, usage, and access policies, but they only work if people follow the rules," he said in an e-mailed statement. [C]ompanies could face dangerous breaches that include the loss of sensitive data, competitive intelligence, or customers’ private information." Harris' findings are supported by previous reports saying that leaky employees are a bigger threat than malware, that employees (not hackers) cause the most corporate data loss, and that employees' online activities pose the greatest threat to IT security. With 12 percent of those people actively working outside of stated IT policy (and plenty more who do so out of ignorance), IT admins certainly have their work cut out for them if they want to maintain a tight ship. Read the comments on this post

13m users worldwide affected by Mariposa botnet

Thu, 11 Mar 2010 00:03:35 GMT

Following the worldwide shutdown of the Mariposa botnet last week, Panda Security reported today that the massive botnet had infected 13 million computers in 190 countries and 31,901 cities. Accor...

Freshly patched Adobe PDF flaw under 'active attack'

Wed, 10 Mar 2010 23:52:48 GMT

Malicious hackers have pounced on a newly patched Adobe PDF Reader vulnerability to plant Trojan downloaders on tardy Windows users.

Hackers can locate and exploit the Energizer USB charger backdoor

Wed, 10 Mar 2010 23:21:22 GMT

Hackers using the freely available Metasploit tool can locate infected systems on the local network or gain access to a system running the Energizer backdoor.

New Twitter Feature Looks For Malicious URLs

Wed, 10 Mar 2010 21:53:00 GMT

Meanwhile, one in eight Twitter accounts is either malicious, suspicious, or suspended, according to a new report from Barracuda Networks

Most malicious websites are hosted in the US

Wed, 10 Mar 2010 21:52:49 GMT

AVG Technologies unveiled the results of a research study which shows that � contrary to popular opinion � most malicious websites are hosted on US servers and not in other countries like China. Th...

LifeLock fined $12 million over lack of life-locking ability

Wed, 10 Mar 2010 21:37:00 GMT

Identity theft prevention service LifeLock is not as pristine as its reputation claims after all. The company agreed to pay out $12 million to settle charges with the Federal Trade Commission and 35 states, which had said that LifeLock's identity-theft-prevention claims were false and that the company actually made its own customer data available and unsecured from theft. As it turns out, there is no way to fully guarantee that identity theft won't happen, no matter what someone puts on the side of a truck. LifeLock has made a name for itself as the go-to service if you never want to have any part of your identity stolen, ever. The company claims to proactively protect your information against fraud, alert you to any kind of shady activity, and reduce credit card offers for $10-15 per month. Those who have seen LifeLock's trucks driving around their cities know that the company used to slap its CEO Todd Davis' social security number on the side of the vehicle along with a number of claims guaranteeing that its customers won't fall victim. (As an aside, Davis' identity allegedly ended up getting stolen in 2007.) Read the comments on this post