Tuesday, April 28, 2009

CommSec - Hackers could trade but not withdraw money

Online share trader CommSec vulnerable to hackers

SECURITY at the nation's biggest online trader has been exposed as wide open to attack by computer hackers. Security flaws at CommSec potentially endangered accounts containing billions of dollars of mum-and-dad investors' money.

After a Herald Sun investigation, CommSec's 1.7 million customers have been strongly urged to change their passwords.
Had any hackers entered the system they would have been able to access the personal details of CommSec's customer accounts and trade in other people's share portfolios. This would potentially have allowed them to manipulate the share market to their advantage.

But hackers would not have been able to withdraw money.
The glitch was discovered by a Melbourne computer programmer, who said even a teenage computer buff with basic cyber skills could break into customers' accounts. Please here to read the news on leading Australian Online news portal.

Researchers show how to take control of Windows 7

Proof-of-concept code takes control of the computer during the boot process

Security researchers demonstrated how to take control of a computer running Microsoft's upcoming Windows 7 operating system at the Hack In The Box Security Conference (HITB) in Dubai on Thursday. Researchers Vipin Kumar and Nitin Kumar used proof-of-concept code they developed, called VBootkit 2.0, to take control of a Windows 7 virtual machine while it was booting up. They demonstrated how the software works at the conference.

"There's no fix for this. It cannot be fixed. It's a design problem," Vipin Kumar said, explaining the software exploits the Windows 7 assumption that the boot process is safe from attack. While VBootkit 2.0 shows how an attacker can take control of a Windows 7 computer, it's not necessarily a serious threat. For the attack to work, an attacker must have physical access to the victim's computer. The attack can not be done remotely.

VBootkit 2.0, which is just 3KB in size, allows an attacker to take control of the computer by making changes to Windows 7 files that are loaded into the system memory during the boot process. Since no files are changed on the hard disk, VBootkit 2.0 is very difficult to detect, he said.

For the attack to work, an attacker must have physical access to the computer, so i will personally treat this vulnerability as low at this point of time. An attacker must need to bypass physical security and walk over to someone's computer to initiate this attack.

Please refer here to read full details on NetworkWorld website.

Sunday, April 26, 2009

The Impact of the Downturn on IT Recruitment

Dirty impact of the Downturn on our IT job market

I was having a discussion with one of my friend last night. He is of the manager in a leading IT recruitment firm here in Australia. He actually mentioned to me, a pretty interesting and adverse effect of financial recession, in job market which i would like to share here.

We all aware of unemployment rate ticking up everyday, probably every month, with global economy effecting companies financial situation. Every organization is focusing on reducing their operating cost by all means, which can be achieved by reducing their travel, hiring freeze, overtime and various other expenses.

Most of them are achieving this by reducing employees, we hear almost everyday, X company made Y amount of employees redundant. I suppose, this is really a common and most upsetting news for all IT professionals.

My friend mentioned, which these effects on unemployment, he noticed some of the organizations are making their highly paid professionals redundant, giving reason that they no longer need this position or probably they don't think this position is bringing any benefit to the organization at this point of time. After some weeks or probably months, same organizations are advertising same position with half the salary and attracting unemployed IT professionals, who are willing to work for something rather then nothing.

I find this very interesting and obvious effect of financial recession where some organization are using this reason to bring IT job market price down and also to reduce their operation cost, yet keeping their same number of staff by paying them half the salary.

Thursday, April 23, 2009

Exploits allowing hackers to break into Gmail accounts

Gmail accounts hacked via unpatched hole

Exploits allowing hackers to break into Gmail accounts are likely to occur, if they're not already circulating, after security researchers released details of a hole that Google has reportedly declined to patch.

There are steps you can take to reduce the risk of using a webmail account, but it appears that the usual tricks won't solve the Gmail problem until Google fixes the software.

The weakness that researchers say afflicts Gmail, belongs to a class of attacks known as cross-site request forgery (CSRF).

Besides Gmail, CSRF holes affecting YouTube, Netflix, and NYTimes.com have also been found and repaired in the past. CSRF attacks use security flaws in cookies, password requests, and other interactive Web components to intercept communications between your browser and a Web site's server.

The first report of the Gmail problem within security circles was written by Vicente Aguilera Díaz of Internet Security Auditors (ISA) on July 30, 2007. The next day, ISA issued an alert and included a proof of concept illustrating how the exploit could be used to change a Gmail account password.

After more than a year during which, according to ISA, Google was repeatedly contacted privately about the problem researchers publicly released a detailed description of the exploit on March 3, 2009, according to a Secure Computing article.

CSRF attacks — which are also referred to as session-riding — are different from the more-widely known cross-site scripting (XSS) exploits. XSS holes allow a malicious Web site that's open in one browser window to inject JavaScript into another site's page that's open in a separate window or tab. Once the unwanted script is running on a PC, the code can try to collect private data and passwords and transmit them back to the attacker's server.

XSS vulnerabilities have recently been discovered and patched in many browsers and on many sites, including Yahoo Mail and Hotmail as well as Gmail.

Google, Yahoo, and other Internet services cover themselves by stating that you use the services at your own risk. A major threat of using any webmail service is that a hacker could swipe or guess your password and take over your account. Fortunately, the Big Three webmail services — Gmail, Yahoo Mail, and Hotmail — and many other Web sites provide protection for their sign-in sessions using Secure Sockets Layer (SSL) encryption. SSL enables a Web browser to scramble any sign-in data.

Using https does prevent traffic sniffing and so-called man-in-the-middle attacks, so you should enable it regardless of whether Gmail's CSRF hole is ever patched. To benefit from encryption when accessing Gmail, you should configure the service to use SSL by default. To do so, click Settings in the top-right corner of the main Gmail window, select Always use https in the "Browser connection" section at the bottom of the General tab, and click Save Changes. My advice to all my readers is to start taking advantage of this service to keep yourself protected from such incidents.

Outbreak on a smartphone could be worse

Once Smartphones Become Truly Common, It will be targetted by viruses

Northeastern University researchers say that smartphones will soon be targeted by viruses on a massive scale, but a study by the researchers could provide a way to negate these attacks. Northeastern University physicist and network scientist Albert-Laszlo Barabasi and fellow researchers tracked the spreading potential of Bluetooth and multimedia messaging service viruses, and predicted that these viruses will become a significant threat to smartphones that gain at least a 10 percent market share.

The user base for smart, handheld devices is still small and fragmented, making a large virus outbreak impossible. However, Barabasi warns that once smartphones are more widely used and one of the operating systems increases its market share, the users of the system will be targeted by mobile viruses in only a matter of minutes. He says an outbreak on a smartphone could be worse than any outbreak on a traditional computer.

Pu Wang, a Ph.D. candidate at Northeastern's Center for Complex Network Research, says understanding the basic spreading patterns of the viruses could help researchers find ways of minimizing their impact, estimate the realistic risk carried by mobile viruses, and develop measures to avoid the costly and damaging effects of outbreaks.

here to read more details on Nort Eastern University website.

Tuesday, April 21, 2009

McAfee Looks at Spam's Damage to Environment

33 billion kilowatt-hours (kWh) is used to transmit, process and filter spam

The global annual energy used to transmit, process, and filter spam is 33 billion kilowatt-hours (kWh), which is equivalent to the electricity used in 2.4 million homes, concludes McAfee's "Carbon Footprint of Spam" study.

The study found that spam produces the same level of green house gas (GHG) emissions as 3.1 million passenger cars using 2 billion gallons of gasoline. The study found that an estimated 62 trillion spam emails were sent in 2008, and that most of the energy consumption related to spam, 80 percent, comes from end users deleting spam and searching for legitimate email. Spam filtering accounts for 16 percent of spam-related energy consumption.

"As the world faces the growing problem of climate change, this study highlights that spam has an immense financial, personal, and environmental impact on businesses and individuals," says McAfee's Jeff Green. "Stopping spam at its source, as well investing in state-of-the-art spam filtering technology, will save time and money, and will pay dividends to the planet by reducing carbon emissions as well."

The report says if state-of-the-art spam filters were used to protect every inbox, organizations and individuals could reduce spam's energy consumption by 75 percent. However, the researchers note that although spam filtering is helpful, fighting spam at its source is even better.

Refer here to read the original article.

Monday, April 20, 2009

The Impact of the Downturn on Security

Interesting read on Roger's Halbheer blog

Please click here to read an interesting post from Roger's blog.

I quote from his post:

This is a question I often get asked: What is the impact of the economic downturn on security? I am convinced that three things will happen:
  • Cybercrime will grow
  • Security budgets will shrink – it is just open whether the budgets will shrink at the same pace as IT budgets or faster but I am convinced that companies need to safe money there as well
  • Regulations will increase and so will the requirements for compliance

Saturday, April 18, 2009

Eyeball Spy Turns the Tables on Big Brother

The gaze-tracking system may well be regarded as intrusive by CCTV control-room staff

The performance of closed-circuit television (CCTV) operators could be improved by analyzing their gaze, according to researchers in Turkey. Ulas Vural and Yusuf Akgul of the Gebze Institute of Technology have developed a gaze-tracking camera system to watch the eyeballs of CCTV operators as they work.

The gaze-tracking system would train a Webcam-style camera on the irises of people who watch CCTV images in the control room. CCTV operators could miss criminal or antisocial activity because they have so many screens to monitor simultaneously. After the system uses an algorithm to analyze where CCTV operators are looking, it uses software to create a video of sequences missed during the shift.

"This increases the reliability of the surveillance system by giving a second chance to the operator," the researchers write in the journal Pattern Recognition Letters. The gaze-tracking camera system runs on a standard PC and processes the images in real time, making summary frames ready to browse, similar to a fast-motion flip book.

Source: Click here to read the original news.

Thursday, April 16, 2009

Cisco's Linksys router is vulnerable to XSS attacks

Linksys wireless router is open to attacks

Russ McRee of HolisticInfoSec.org reports that Cisco's Linksys WRT160N wireless router is vulnerable to cross-site request forgery attacks. If you visit a site that contains an exploit targeted at the WRT160N while signed into the device's management app, the exploit can modify your router settings. (An article by the Open Web Application Security Project describes the mechanics of cross-site request forgery attacks.)

The exploit works like this: you sign into your router's management app and visit a malicious site before you sign out. The site contains some sort of JavaScript or link that, when triggered, takes action against your router — which works because you're still signed in and your router is managed via the browser.

According to McRee, the problem definitely exists in hardware version 1 and firmware version 1.02.2. Although Cisco has released newer versions of the router, the company hasn't said whether the same exploit affects the newer devices. Meanwhile, we have to assume that it does.

Your defense against the vulnerability is to make certain that you don't visit any Web sites while managing your WRT160N. You need to log out of your router once you finish your management tasks — which you should do, even when there aren't any known exploits targeting a particular router.

Be sure to check Cisco's WRT160N software download page and watch for a newer version of the router's firmware.

Tuesday, April 14, 2009

Cyber spying a threat, and everyone is in on it

Growing threat of cyber espionage

The computers of Tibetan exiles and the U.S. electrical grid were recently breached by hackers, highlighting the growing threat of cyber espionage. The White House is currently finishing a 60-day review of how the federal government can better use technology to protect electronic information such as the U.S.'s electrical grid, the stock market, tax data, airline flight systems, and even nuclear weapon launch codes.

The U.S. Department of Homeland Security reports that in 2008 there were 5,499 known breaches of U.S. government computers by malicious software, a big jump from the 3,928 known breaches in 2007 and 2,172 in 2006. A former U.S. government official says the hackers who compromised the electrical grid could have left behind computer programs that will allow them to disrupt service.

He also says the sophistication of the attack indicates that it was state-sponsored and the government does not know the extent of the attack because federal officials cannot monitor the entire grid. "We expect that the attacks we've seen are only the tip of the iceberg," say the official, who requested anonymity because he was not authorized to discuss details. "We follow the attacks to their source, and many come from China."

Click here to read the story.

Saturday, April 11, 2009

Facebook's user base hits 200 million

Facebook's population is now higher than Brazil's and Japan's.

In less than eight months, Facebook has doubled its user base by signing up 100 million people from around the world, officially hitting 200 million on Wednesday.

Its population is now higher than Brazil's and Japan's. The ubiquitous online hangout, available only to college students when it opened in 2004, has been growing rapidly since opening up to anyone who wants to sign up. But how long can that continue?

After a meteoric rise, News Corp.-owned MySpace has petered off and now has roughly 130 million active users, according to comScore Inc. Facebook could ultimately plateau as well. After all, while there more than a billion people connected to the Internet, that doesn't mean they all want to be on Facebook.

Source: MSNBC, click here to read original article.

Five 'Critical' Patches Planned for Tuesday

Microsoft's April Patch Tuesday promises a fuller slate with eight security bulletins

After some comparatively light patch rollouts in past months, Microsoft's April Patch Tuesday promises a fuller slate with eight security bulletins. Five are rated "critical" and two "important," with one rare "moderate" patch.

This month's round of security updates may have the most girth of any since October. The rollout is expected to include hotfixes for Windows programs and services, DirectX, and ubiquitous Microsoft applications such as Internet Explorer (IE), Excel and Word. All of the critical items have remote code execution implications. The important items are designed to stop two instances of elevation-of-privilege incursions. Finally, the moderate patch protects against denial-of-service attacks.

The first critical bulletin is described as a Windows fix and affects Windows 2000, XP and Windows Server 2003. Meanwhile, the second critical Windows patch touches on all supported Windows client and server OSes.

All of the eight patches may require restarts.

Wednesday, April 8, 2009

The virtue of security education is more important than vulnerability

Using Facebook to Social Engineer Your Way Around Security

The most important part of an attack isn't always a vulnerability; sometimes it's the end user's trust.

This was certainly the case during an authorized penetration test at an energy company conducted by security vendor Netragard. Looking for a way inside the customer's defenses, the vendor turned to Facebook. They built a profile, bolstered it with information on work experiences taken from actual employees and began 'friending.'

What the Facebook 'friends' did not know was that this was all part of a long con - a bit of social engineering to lull the employees into giving up their credentials more easily. The simulated attack underscores both the importance of enterprises having sound policies when it comes to employees using sites like Facebook, LinkedIn and MySpace and the challenges of authenticating users on the Web.

A penetration test by Netragard at an energy company highlights how hackers can use Facebook, LinkedIn and other social networking sites as part of phishing schemes. In the test, Netragard used social engineering to get its hands on information that could have been used to compromise critical systems at the company. Addressing this security issue means having smart policies about what employees can and cannot do on the Web.

Please click here to read full article. Worth and interesting read.

Monday, April 6, 2009

Don't open or save, Powerpoint files from un-trusted sources

Microsoft warns of Zero Day Powerpoint

Microsoft issued a security advisory Thursday, warning users about a zero-day attack exploiting a critical vulnerability in Microsoft Office PowerPoint that could allow remote hackers to launch arbitrary code on their PCs. Microsoft confirmed in its advisory that exploit code was being used in the wild, but added that so far the flaw appears to be used in "limited and targeted attacks."

The error affects numerous versions of Microsoft Office PowerPoint, including PowerPoint 2000, PowerPoint XP, PowerPoint 2003 and Microsoft Office PowerPoint 2004 for Mac. However, later versions, including Microsoft Office PowerPoint 2007 and Microsoft Office PowerPoint for Mac 2008, are not affected.

Specifically, the vulnerability results from a memory glitch that occurs when parsing a specially crafted PowerPoint file, which then opens the door for remote attackers to launch malicious code. Users can become infected by opening a maliciously crafted PowerPoint attachment in an e-mail, which would subsequently download a Trojan onto their systems. Attackers could also launch an attack after enticing their victims to visit a Web site laden with malicious code, typically with an infected link embedded in e-mail or IM.

Once the vulnerability was exploited, the attacker could run code with the same access privileges as an authenticated user, or take complete control of the affected machine to steal, alter or delete sensitive information.

Microsoft said it was initiating its security incident response procedure and is enlisting the help of other security partners to remedy the error with a fix that could be included in a regular monthly update bundle or an out-of-band patch.

However, while no security updates have been released, there are some mitigating measures users can take to protect themselves from an exploit. Microsoft warns that users should not open or save Office files received from unfamiliar sources. Suggested workarounds also include using Microsoft Office Isolated Conversion Environment when opening files from unknown or untrusted sources, as well as using the File Block policy to impede opening of Office 2003 and earlier documents.

Saturday, April 4, 2009

Be careful of fake social networking websites

Malware Impersonates Classmates and Facebook Websites to Deliver Password Stealing Trojan

Websites designed to look like Classmates.com and Facebook are currently being used to distribute a password stealing Trojan. Some of you may remember the Spyforms Malware family from a previous incident involving Barack Obama spam campaigns. In this most recent incident, the malicious web links are still primarily distributed via spam e-mails. Once clicked, the victim is presented with a realistic looking Classmates or Facebook website.

The website contains a fake YouTube video, which prompts a dialog stating “Please Download correct Flash Movie Player! Installation: Double-click the downloaded installer. Follow the on-screen instructions!” and attempts to download a file named Adobemedia10.exe or Adobemedia11.exe.

Once installed, the Trojan intercepts network traffic in order to obtain ftp, icq, pop3, and imap passwords and then sends the data back to a server in a Hong Kong based ISP (HOSTFRESH). You may recall the last major Malware incident involving the Hong Kong based ISP, which was one of the providers involved in the malware distribution operation taking place inside of the Atrivo/Intercage network.

Computer worm no ordinary bug

See how the Conficker virus could hijack and control your entire computer

Please click here to see the video, how conflicker virus could hijack and control your entire computer. This news was broadcast on Sky News.