An applause for Twitter which has recently made it so that when you sign up for an account you can't use one of those very obvious passwords.
Security researchers Karsten Nohl and Chris Paget presented their findings in a presentation (WMV video) Monday at the 26th Chaos Communication Congress (CCC) in Berlin. A practical demonstration of the vulnerabilities and potential exploits is scheduled to take place at the conference on Wednesday at 12:00 GMT.
The demonstration is a follow-up to a presentation the two researchers made in August at the Hacking At Random conference, during which they outlined serious flaws in the GSM encryption scheme.
GSM is used in approximately 80 percent of the world's mobile communications systems, and in about 3 billion cell phones across the globe, according to industry estimates. In his CCC presentation yesterday, Nohl pointed out that much data has already been published about GSM's vulnerabilities, but the pair's new research takes it one step further -- by showing how GSM calls can be intercepted and decoded using relatively low-cost hardware and open-source software that is readily available on the Web.
Organizations should assume that within six months of the demo GSM phone calls will be at risk, says Stan Schatt, vice president and practice director for healthcare and security at ABI Research.
For full report, read here.
When users go to these sites for these happy holiday thoughts – they are instead instantly greeted by having files downloaded to their computers. And voila – a lovely “gift” is attempting to execute upon them. The gift of holiday identity theft!"
The embedded link took the victim to a Web page that presented like a CAPTCHA or Turing test, and asked the user to click on a blue "Share" button on the Facebook page. (as shown below)
Once clicked, the victim is redirected to a YouTube video, and then the same post shows up on the victim's account and thus tries to infect his or her friends. Security experts say the attack appeared to be more of a prank or trial balloon, and it affects only Firefox and Chrome browsers, according to security expert Krzysztof Kotowicz, who blogged about the attack this week. Facebook has now blocked the URL to the malicious site, fb.59.to.
On Thursday, an unknown attacker hijacked Twitter's domain name and redirected visitors to an unrelated site hosting a page claiming Twitter had been hacked by the "Iranian Cyber Army." Evidence indicates, however, that the attackers were able to change the domain-name system (DNS) entries at Twitter's provider, Dyn Inc., said Rod Rasmussen, president and CEO of Internet Identity, an infrastructure security firm which monitors DNS changes.
"First of all the name servers themselves didn't change, so someone was updating things at the provider," Rasmussen said. Because other clients were not showing signs of DNS hijacking, it's unlikely that Dyn itself had been breached, Rasmussen said. "We didn't see anything else at Dyn that indicated signs of that the service had been compromised."
On Friday, Dyn confirmed that the attacker had the proper credentials to log into Twitter's account with the company and change the addressed assigned to various hosts in the Twitter.com domain. While some media reports have called the attack a hack or a defacement against the site, neither term applies, said Kyle York, vice president of sales and marketing for the firm.
"From our point of view, no unauthenticated users logged into the system," York said.
Adobe PDF Reader - Zero Day attack circulating
http://www.adobe.com/support/security/advisories/apsa09-07.html
http://www.avertlabs.com/research/blog/index.php/2009/12/16/another-adobe-reader-zero-day-take-care/
QUOTE: Adobe has confirmed a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild. Adobe recommends customers follow the mitigation guidance below until a patch is available
HOW TO DISABLE JAVASCRIPT IN ADOBE READER:
Customers can mitigate the issue by disabling JavaScript in Adobe Reader and Acrobat using the instructions below:
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the 'Enable Acrobat JavaScript' option
5. Click OK
In reality, the company's domain name had been hijacked by the vandals and visitors redirected to an unrelated site hosting the page. Passive domain-name service (DNS) records showed the DNS poisoning, as Twitter's record pointed first to two domains registered in Moldova and then to a domain registered to an undisclosed person in Pompano Beach, Florida, according to information posted by the SANS Internet Storm Center.
Twitter acknowledged the issue late last night, following earlier media reports.
Defacement was claimed to be done by the "Iranian Cyber Army," but another message -- translated from Farsi by Google's automated translation engine -- reportedly claimed the attack was motivated by the U.S. and Twitter's interference in "my country," suggesting the attacker was an individual.
Those looking to see the latest 3D blockbuster movie, The Avatar, on the cheap will have to take great care in what they search for. We have become aware of at least one site that has been rigged to redirect users to a page that presents the now-familiar "play video/need codec" screen. In an unusual twist, this time it is offering a new ActiveX update rather than the usual codec or Flash player updates.
Bit.ly, one of the most popular URL shortening services, announced it will be integrating three new security-related services by the end of the year:
Security Response has discovered a threat that is being talked about among some members of certain discussion groups in Japan. The threat, named Infostealer.Kenzero, teaches yet another lesson to those using file-sharing networks not to download illegal games. Infostealer.Kenzero primarily arrives in the guise of setup.exe, which in this case is a fake installation file for Japanese pornographic games that are circulating around the file-sharing network “Share.” Several pornographic games have been reported to include this malicious setup.exe file.
Once the setup.exe file is executed it attempts to download image files (.bmp) from a predetermined website. Using these images, the threat brings up a form that asks the user to enter personal information, including his or her full name, password for the game, email address, postal code, residential address, gender, company name, and telephone number. Users who desperately want to play the games may hurriedly complete the form without realizing that this dangerous online practice will come back and haunt them. They will soon find out that the information they have provided is to be made available on a public website, along with system information and screenshots of their desktop.
We have come across several similar cases before. However, those uploaded desktop pictures and private information do not seem to be punishment enough. As a security company we are always looking out for the users, but if you are navigating a dodgy and deceitful place, you must pay extra attention—just like you would in the real world.
What is the moral of this story? Always use legal and legitimate software.
Source:
http://www.symantec.com/connect/blogs/illegal-games-pay-price-publicly
Microsoft released data collected from an FTP-server honeypot, showing that attempts to guess passwords continue to focus on the low-hanging fruit: passwords with an average length of eight characters, with "password" and "123456" being the most common.
The data is part of a project to monitor attacks that everyday users might encounter on a regular basis. Most of the attacks attempted to log into the administrator account on English and French computers -- "Administrator" and "Administrateur" were, by far, the two most popular usernames -- using a variety of passwords. The attackers were typically compromised computer that were part of a botnet, Microsoft researchers stated on the company's Malware Protection Center blog.
"You should take care of what user name and password you're choosing," the researchers wrote. "If your account has no limit on the number of login attempts, then knowing the user name is like having half the job done."
In one case, an attacker made more than 400,000 attempts to guess a user name password combination.
The most common passwords were password, 123456, #!comment:, changeme and an expletive.
Microsoft recommended that users create passwords consisting of letters, numbers and special characters using a combination of lower and upper case. The average length of the password attacks was eight characters, so users should focus on longer passwords, the researchers stated.
The update tool is, of course, malware - a Zeus/Zbot variant.
iPhone users beware.QUOTE: "it only affects Jailbroken iPhones which have SSH installed and have not changed the default password. This one connects to a web-based command & control center running in Lithuania. The worm is not widespread, but it is much more serious than the first iPhone worm as it seems to try to steal information from the devices."
Other useful reads:Ikee - First iPhone Worm impacts "Jailbroken iPhones"
http://www.f-secure.com/weblog/archives/00001814.html
What are "Jailbroken iPhones"?
http://en.wikipedia.org/wiki/Jailbreak_%28iPhone_OS%29
How to change root password in "Jailbroken iPhones"
http://www.f-secure.com/weblog/archives/cydia.htm
The flaw in IE 8 can be exploited to introduce XSS, or cross-site scripting, errors on webpages that are otherwise safe, according to two Register sources, who discussed the bug on the condition they not be identified. Microsoft was notified of the vulnerability a few months ago, they said.
Ironically, the flaw resides in a protection added by Microsoft developers to IE 8 that's designed to prevent XSS attacks against sites. The feature works by rewriting vulnerable pages using a technique known as output encoding so that harmful characters and values are replaced with safer ones. A Google spokesman confirmed there is a "significant flaw" in the IE 8 feature but declined to provide specifics.
Full report here.
Foreground Security discovered a critical vulnerability in Adobe Flash.
"None of the products performed “very good” in malware removal or removal of leftovers, based on those 10 samples. eScan, Symantec and Microsoft (MSE) were the only products to be good in removal of malware AND removal of leftovers", says the report. "Some products do not remove all registry entries on purpose (as long as they do not have any visible side effect for the user), e.g. if that helps to prevent reinfection by the same malware. Furthermore, in some cases it is not possible to know if the registry values (or the hosts file) were modified by the malware or by the user itself (or third-party utilities used by the user)."
There was a Facebook group by the name Control Your Info, whose members were going around and hijacking groups to try to raise awareness about the flaw, but it has been shut off by Facebook.
It actually does a good job at imitating a person starting its Facebook account - the details it provides are complete, credible and vary from account to account: photo, birth date, favorite movies, religious views, etc. These details are picked up from one of the botnet’s available proxy domain.
The worm targets users who have jailbroken their phone but have not changed their default root login password. It will search for vulnerable iPhones by scanning a handful of IP ranges - most of which are in Australia. At the moment, we have no confirmed reports of Ikee outside of Australia.
The UAC managed to block by itself only on sample, and that is definitely not good enough.
When the scared users would visit the website, they were asked to send €5 to the hacker's PayPal account so he can send them instructions on how to secure their device.
Facebookers Alert! There is an email circulating with an attachment stating itself as the new password prompting you to open it, pls ignore the email and delete it.
Security firm MX Lab said in a blog post Tuesday it has detected a new Bredolab variant masking itself as the "Facebook Password Reset Confirmation." According to MX Lab, the From address in the email is shown as "The Facebook Team
The attachment has the name Facebook_Password_4cf91.zip and includes the file Facebook_Password_4cf91.exe. The part between _ and .zip at the end is choosen randomly and contains letters and numbers.
The trojan is known as Trojan.Downloader.Bredolab.AZ (BitDefender), Bredolab.gen.a (McAfee) or W32/Obfuscated.D2!genr (Norman) and is only detected by 14 of the 41 AV engines at Virus Total, MX Lab researchers said.
The body of the email is as follows:
Hey [random user name] , Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.
Thanks,
The Facebook Team
Windows 7 is set to debut on October 22, 2009.
Conficker (aka Downadup, Kido) is known to block access to over 100 anti-virus and security websites. Need some refresh your memory? Read these previous posts.However if you are using a proxy server, you will not be able to use this test to make an accurate determination, since Conficker will be unable to block you from viewing the AV/security sites.
Cyber criminals are becoming more aggressive in attempting to sell fake anti-virus programs known as rogueware. In addition they are now combining rogueware with ransomware, hijacking users' computers and making them useless until victims purchase fake anti-virus programs, according to a new report by PandaLabs.
The popularity of embedding shortened URLs into Twitter, Digg and other social media sites is being threatened by hackers who use the anonymity of these URLs to hide malicious websites.
Software firm Adobe announced on Thursday that the company plans to plug a critical security hole in its Acrobat and Reader software, a hole which is currently being used to compromised PCs.
Calling the attacks "limited," the company stated in a blog post that the current exploit can be blocked by disabling Javascript or, for Windows Vista users, if data-execution protection (DEP) is turned on. The vulnerability will be fixed as past of Adobe's regularly quarterly update scheduled for Tuesday, October 13, the company said.
"There are reports that this issue is being exploited in the wild in limited targeted attacks," the company said on its Product Security Incident Response Team (PSIRT) blog. "The exploit targets Adobe Reader and Acrobat 9.1.3 on Windows."
In May, Adobe moved to a quarterly patch schedule for its popular Adobe Acrobat and Reader software, citing criticism from security researchers. Yet, despite the fact that attackers are increasingly targeting popular third-party applications, such as Adobe's, companies are less quick to patch issues in the software, compared to fixing flaws in core operating system components, according to a report published last month.
In its latest advisory, Adobe credits Chia-Ching Fang and the Information and Communication Security Technology Center in Taiwan with helping disclose the vulnerability.
In the wake of the news reports this week of the large-scale webmail phishing attacks, much of the coverage has surrounded the compromise of email accounts which, according to the numbers, affected a massive amount of webmail users.
Bogdan Calin from Acunetix examined the passwords published after the Hotmail phishing attack, came to several conclusions and published some basic statistics.
Yesterday, when reports indicated that the passwords to certain Hotmail accounts had been published, we tried to play it safe by suggesting that all Hotmail users change their passwords.
People with Hotmail accounts - and particularly people with Hotmail accounts beginning with the letter "a" or "b" - should change their passwords as soon as possible. A list containing about 10,000 account names and passwords has been published online.
Let's face it, we all lurveeeee FREE stuffs. So, good news for you people out there!
Social-networking service Twitter warned users on Wednesday that a link sent by direct message redirects users to a malicious site that attempts to steal their account credentials.
It's unclear how many users of the microblogging service had fallen prey to the phishing scheme, which sends victims to a replica of the Twitter logon page. Accounts compromised by the attack will send out messages, which resembles "rofl this you on here? http:// videos.twitter.*****-logins01.com," to their followers, according to reports.
"A bit o'phishing going on -- if you get a weird direct message, don't click on it and certainly don't give your login creds!" Twitter warned users through its spam channel.
With the popularity of social networking platforms such as Twitter on the rise, cyber criminals have found an easy target among unsuspecting users.
First Twitter and now Facebook: A researcher today began a round of daily disclosures of serious vulnerabilities in popular Facebook applications.
You might be getting social with the wrong people. Do you check who is following you on Twitter or do you just love having lots of followers without ever reading a bio? When someone requests to be your 'friend' on Facebook, do you check to see if they are friends with people you know personally or do you just add them to your growing list?
One or more of these 'friends' might be making good use out of your updates on Twitter or Facebook...as a burglar. Every time you post excitedly about that upcoming vacation or how long you'll be gone at the mall, everyone in your network can read about it.
Not only are your updates tempting to a burglar, but your photos are as well! Perhaps you had a party at your home or you just finished your baby's new nursery. You upload the pictures to Facebook or TwitPic and everyone gets to see what's in your house. Including the person who just put you on the list of potential targets when you're on that warm vacation in the tropics next month.
This does not mean you should stop using Facebook and Twitter. Perhaps it is just a wake-up call to be a bit more savvy when it comes to choosing your friends and followers. Going to a site that allows you to get '1500 new followers overnight" is not only a terrible way to find followers, it might land you the one follower who puts your home on his target list.
Be smart when accepting friends on Facebook and followers on Twitter. Taking the time to be choosy about who you communicate with might just help you keep a burglar out of your neighborhood.
Full article here.
The next time you open Skype and make calls on it, think twice about it.
Social Zombies: Your Friends Want To Eat Your Brains from Tom on Vimeo.
The embedded code can perform any tasks the Twitter Website can perform, including redirecting a user to another page, sending tweets, changing account information, or adding or deleting followers, he said.
"Simply by seeing one of these tweets, code can be run inside your browser impersonating you and doing anything that your browser can do. Perhaps it may simply redirect you to a pornographic website? Or maybe delete all of your tweets? Send a message to all of your friends? Maybe it would delete all of your followers, or worse still, just send the details needed to log in to your account off to another website for someone to use at their leisure," Slater said
Detailed article here.
Employers are gradually putting more restrictions on what websites their employees can view and are increasingly choosing to block access to popular social networking sites, according to a new report from security firm ScanSafe.
As if being deluged under DDoS attacks isn't bad enough, this week Twitter found itself the target of another sort of threat. The Register recently reported that the wildly popular social networking service is also being used to direct part of a botnet's activities.
Most users haven't fixed their Acrobat Reader apps two weeks after Adobe issued critical patch, Trusteer says.
People who use version 2.8.3 of the WordPress blogging software may want to download an update posthaste. A vulnerability's been discovered that, while it won't let other folks take over accounts, will allow troublemakers to lock out administrators.
Every day, PandaLabs receives nearly 37,000 samples of new viruses, worms, Trojans and other types of Internet threats, 52 percent of which (that is 19,240 on average) spread and try to infect users for just 24 hours. After this, they become inactive and harmless as they are replaced by other, new variants that join the list of new specimens in circulation.
Have you received email messages in the last several weeks with several random words in the subject line, and a random sentence in the message body? If your answer is yes, then you are one of the victims of the ongoing directory harvesting attack (DHA) by spammers. The purpose of a DHA is to find valid email addresses on a domain for future spam attacks. During a DHA attack, any addresses for which the recipient’s email server accepts email are considered valid and will be added to the spammer’s address database to include in future spam attacks.
For example:
Sample #1:
From: joannjasmin8xs@xxxxxx.com
Subject: land
Those journalists showed them a photograph.
Sample #2:
From: clariceboldin9cg@xxxxxx.com
Subject: okay then
They told her the shortest way.
DHA is more than just an annoyance for email recipients. Every successful DHA attack equals one or more email address being subjected to future spam/malware attacks. Furthermore, these attacks also generate a large volume of unnecessary workload and consume significant amounts of system resources on the recipient’s email server. Symantec is closely monitoring these attacks and will inform readers of any further developments.
While it was reported earlier that Twitter is still struggling to recover form the DDOS attacks, the latest update seems to prove otherwise.
Twitter spent the later part of the week fighting off a DOS (denial of service) attack, that also targeted fellow social-media site Facebook.
Email security firm Red Condor has issued a warning to email users about the latest email scams that are targeting people looking for employment.
Nearly one out of every 63 smartphones powered by the Symbian operating system is infected with some form of malware, according to a new study by mobile security firm SMobile Systems.
Here's a discouraging piece of news for anyone who's put security professionals Dan Kaminsky and Kevin Mitnick on a pedestal: both men's sites were hacked in apparent coordination with the start of the Black Hat security conference.
Researcher RSnake has discovered that Google's anti-malware and anti-phishing features for Chrome and Firefox tracks information about user's browsing habits
A Google employee took a camera and microphone onto the streets of New York City to find out if non-techies knew what a browser is and the results were astounding. Less than 8% of those interviewed knew. And these guys don’t reside in an assisted living facility or a 55 and over community. Many of them could have Facebook accounts and even Twitter handles.
After watching the video, I wonder, how would I begin a security training program if many of my employees don’t know what a browser is?
Phishing sounds like a foreign language and malware sounds like a bad word. Maybe the next generation will have a better understanding. But how long can we wait?
Other URLs are directing users to a fake video Web site that contains the usual Codec-type social engineering trick to lure users into downloading and running the file.Symantec detects this as W32.Koobface.C. The threat that it drops is detected as Antivirus2008. Given the redirects chosen by the attacker and also the threat that it drops, clearly the makers of Koobface are in the business of making money.
Twitter has taken action and suspended accounts that have been infected.
To prevent your computer from becoming infected, be wary when clicking any links you receive in a tweet, even from your friends as this worm uses social engineering techniques in an attempt to infect your computer; that is once a user is infected it will send links to their followers and hence the link comes from someone you know.
Make sure that you also regularly update your anti-virus security software to catch the latest threats. Alternatively, you can check back here regularly for new updates. =)
netizens left a footprint.