Print

Welcome to Smokey's Security Forums.

Guests have only limited access to the board and it's features, please consider registering to gain full access!

Registration is free and it only takes a few moments to complete.

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Scarlett]

Cyclist Floyd Landis wanted for computer hacking in France
16 February 2010, 10:58 pm

A judge in Nanterre near Paris has issued a warrant for U.S. Cyclist Floyd Landis who had his 2006 Tour de France title revoked after he tested positive for performance-enhancing drugs.

The court wants to question Landis about a  2006 hacking incident in which a Trojan was installed in the computers of the Châtenay-Malabry lab which did the urine tests that resulted in Landis losing the 2006 Tour title and being barred from cycling for two years.

During the aftermath of the doping scandal, Landis launched a very shrill media campaign against the lab, questioning its testing procedures.

The Châtenay-Malabry lab filed a complaint in 2006 charging that its computer data had been stolen. The information was used in Landis’s defense, sent to other labs and given to news outlets. An investigation at the lab found a Trojan had installed a back door that gave someone access to the system. Investigators believe the Trojan arrived in an e-mail sent to the lab from a computer using the same IP address as Landis’ coach Arnie Baker.

Baker and Landis deny the charges.

Story here.

Tom Kelchner





Source: Sunbelt Blog

>> To obtain the full Sunbelt blog post, click the link in the first post line <<

[Scarlett]

Google takes flak for sloppy privacy protection in Buzz
16 February 2010, 9:09 pm

Shortly after Google introduced its Buzz social media tool last week the security community lit up about its disastrous lack of privacy controls. Setting up an account opened up your contacts and everyone could see who you’d been in frequent contact with.

More than one commentator was shocked that Google would structure a product with so little concern for security.  A piece in InfoWorld, entitled “Why Google Has Become Microsoft's Evil Twin,”  was especially hard hitting. Robert X. Cringely wrote: “The backlash over Google Buzz reveals an even bigger problem: The people behind the people's search engine are deeply out of touch.”

"When you first go into Google Buzz, it automatically sets you up with followers and people to follow. ... The problem is that -- by default -- the people you follow and the people that follow you are made public to anyone who looks at your profile. In other words, before you change any settings in Google Buzz, someone could go into your profile and see the people you email and chat with most ...” he wrote.

Cringely also said that people he knew at Google were completely dumbfounded at the criticism.

By last Saturday Google had made some fixes and Todd Jackson, Product Manager of Gmail and Google Buzz wrote on the Official Gmail Blog:

“We've heard your feedback loud and clear, and since we launched Google Buzz four days ago, we've been working around the clock to address the concerns you've raised. Today, we wanted to let you know about a number of changes we'll be making over the next few days based on all the feedback we've received.”

By Thursday Google had made changes:

-- They made the Buzz checkbox for choosing not to display personal information easier to find,

-- replaced the auto-follow model (Buzz automatically sets users up to follow people they email and chat with) to an auto-suggest model,

-- removed the automatic connection for public Picasa Web Albums and Google Reader shared items and

-- added a tab to Gmail Settings to make it possible to hide Buzz from Gmail or disable it.

We commonly hear the “home user” criticized for being oblivious to security and privacy measures (failure to update, clicking on links and attachments in spam, poor password selection, posting personal information in public places and on, and on, and on.)  You’d think that all the smart people at Google would have been more conscious of the problem. It’s great that they immediately made the fixes needed, but, it was shocking that it happened in the first place.

Generally, most people have a warm and fuzzy feeling about Google, or did. This episode is just one more wake-up call. We are all responsible for our own online security. We all have to keep up with current threats and can’t trust big institutions like Microsoft and now Google, to be some kind of parent figure.

Tom Kelchner







Source: Sunbelt Blog

>> To obtain the full Sunbelt blog post, click the link in the first post line <<

[Scarlett]

Second guess your AV scanner with SANS’ whitelist database
16 February 2010, 4:50 pm



The clever folks at SANS have made public the beta version of a whitelist hash database that enables you to look up the MD5 or SHA1 hash of a file to see it has been checked as NOT malcode by a reliable authority. The tool is based on the "National Software Reference Library" from the National Institute of Standards and Technology (NIST). The NSRL database normally comes as a download or CD and isn’t as convenient as a web site lookup.

Among other uses, this could be pressed into service to check a file that might be part of a standard package or a system file that has been tagged as malicious by a malcode scanner if you suspect a false positive. Or, if you’re simply suspicious of a file that isn’t detected by your anti-malware scanner this could be a check.

You can also put in a file name to find its whitelisted MD5 hash.

Windows 7 files are not in the database as of this writing, according to Dr. Johannes Ullrich at SANS.

Tool here: http://isc.sans.org/tools/hashsearch.html

SANS description here.

Tom Kelchner







Source: Sunbelt Blog

>> To obtain the full Sunbelt blog post, click the link in the first post line <<

[Chubb]

Social media expands: LinkedIn hits 60M
12 February 2010, 10:58 pm



A new user in the Netherlands became the 60 millionth person to sign up with LinkedIn, the professional social networking site.

Facebook says it has 400 million users of whom half log in every day.

Both are fabulous tools for communications and socializing, but making members’ identities and personal information so easily available carries some big risks. Our good friends at Sophos have pointed out that information can be harvested from LinkedIn for spear phishing. The site can contain enough information to be a virtual company directory.

There are unexpected exposures too. Imagine linking to a recruiter you’re having conversations with and being able to see the other people he or she is linked to – like your subordinates – or your boss! That spills just a bit too much info on all of us.

LinkedIn story here.

Tom Kelchner







Source: Sunbelt Blog

>> To obtain the full Sunbelt blog post, click the link in the first post line <<

[Chubb]

Wi-Fi sensitivity results in Santa Fe lawsuit
12 February 2010, 4:52 pm

When you spend your day scouring the Internet (and Sunbelt labs) for news about computer security topics you cover a lot of territory. Once in a while you just have a weird day. You run into a lot of strange stuff. Today is one of those days.

Yahoo’s tech blog is carrying a story about a man in Santa Fe, New Mexico, who is suing because he has “electromagnetic sensitivity” and can’t live in his own home because of the radiation from his neighbor’s wi-fi network.

He says in his suit that her cell phone, fluorescent lights and dimmer switches also cause "life-threatening reactions, which include heart arrhythmia."

I hope nobody tells him that people use Wi-fii to log onto to the Internet and everybody knows that’s full of viruses and bots. And there’s no frost in Santa Fe to kill the bots either.

And don’t get me started about the deadly flux fields from those refrigerator magnets.

“Wi-fi ‘sensitivity’ draws lawsuit from next-door neighbor”

Update:

Whoa boy! There some history there. Plaintiff Arthur Firstenberg has been at this for a while.

http://en.wikipedia.org/wiki/Arthur_Firstenberg

Tom Kelchner





Source: Sunbelt Blog

>> To obtain the full Sunbelt blog post, click the link in the first post line <<

[Chubb]

Interview with a Nigerian 419 scammer
11 February 2010, 10:41 pm

Bruce Schneier, in his blog Schneier on Security http://www.schneier.com/  drew attention to this great interview with an ex-Nigerian-419 scammer on the Scam-Detective site.

It’s a fairly long piece and gives a pretty good view of the Nigerian scam industry run by organized crime, how it sucks in young people who have good computer and English skills and pays them a huge amount of money ($75,000 per year in this case) to scam victims they view as white, greedy and rich.

I’ll just quote one section and the conclusion of the three-part interview:

Scam-Detective: How did you find victims for your scams?

John: First you need to understand how the gangs work. At the bottom are the “foot soldiers”, kids who spend all of their time online to find email addresses and send out the first emails to get people interested. When they receive a reply, the victim is passed up the chain, to someone who has better English to get copies of ID from them like copies of their passport and driving licenses and build up trust. Then when they are ready to ask for money, they are passed further up again to someone who will pretend to be a barrister or shipping agent who will tell the victim that they need to pay charges or even a bribe to get the big cash amount out of the country. When they pay up, the gang master will collect the money from the Western Union office, using fake ID that they have taken from other scam victims.

. . .

Scam-Detective: Can you give our readers any tips about how they can avoid getting scammed?

John: The biggest thing I can say is to delete the emails and never to reply. Once you reply your email address will be put on a list and sold to other gangs, even if you never reply again. It just tells them that the address is real and that somebody reads email going to that address. If they can’t get you with 419 (advance fee fraud) they will try phishing or viruses to get your banking details and take your money that way.

I used lots of different stories to get people to send money. I used the dying widow story a lot, saying that I was an old lady dying of cancer and had fallen out with my children. I wanted to give my money to charity and didn’t trust them to carry out my wishes, so was looking for someone outside of the country to make sure it went to the right place. So whatever the story is, make sure you delete the email, because you can be sure it is a scam.

Another thing is not to put email addresses anywhere on the internet. If it is on a guestbook or message board, or on a website anywhere then the foot soldiers will find it and put it on their list.

Tom Kelchner





Source: Sunbelt Blog

>> To obtain the full Sunbelt blog post, click the link in the first post line <<

[Chubb]

Dear taxpayer – don’t
11 February 2010, 8:41 pm



‘Tis the season for Zbot spam



Thanks Eric K. Thanks Trip A.

Tom Kelchner

 







Source: Sunbelt Blog

>> To obtain the full Sunbelt blog post, click the link in the first post line <<

[Chubb]

WinXP users: hold off on installing MS010–15
11 February 2010, 5:10 pm



Security blogger Brian Krebs is reporting that some Windows XP users are reporting blue screen of death on reboot after installing Microsoft’s Tuesday patch KB977165 (MS010–15: “Vulnerabilities in Windows kernel could allow elevation of privilege.”)

“Turns out, a non-trivial number of XP users are reporting that their systems suffer from the dreaded Blue Screen of Death (BSoD) and fall into an interminable reboot loop after installing the latest batch of patches from Redmond,” he wrote.

Brian Krebs’ blog here.

Those trying to maintain Microsoft systems are caught in the cross-currents of the patching process: some patches might be buggy (think “delay”) but the dark side will be reverse engineering the patches as fast as they can (do it now.)

It almost seems like it would be a good idea for the users of Microsoft products to hold off about two days before installing the Patch Tuesday updates. That seems to be how long it takes for the word to get out – like this problem – that there are glitches in the updates.

The overwhelming number of Microsoft fixes are straightforward and urgently needed security measures. However, the massive complexity presented by the older flavors of the Windows operating system and service pack levels almost guarantees that there are going to be problems like this.

Possibly a good strategy would be phased updates especially for enterprise systems:

-- Immediately install just the patches that fix vulnerabilities with in-the-wild exploits if you are running the vulnerable applications, modules, plug-ins, etc.

-- Wait three days for all others

-- Wait a week for non-critical (no reported exploits) updates to less-used flavors of Windows and less-used applications.

Meanwhile, have someone keep an eye on the security news sources to spot problems like this one.

Tom Kelchner

 







Source: Sunbelt Blog

>> To obtain the full Sunbelt blog post, click the link in the first post line <<

[Chubb]

Rogue trying to look like Avira anti-virus
10 February 2010, 10:59 pm

Jerome Segura at ParetoLogic blogged about this yesterday: a rogue security product with a web page that tries to imitate that of the German AV company Avira (check out the red umbrella and the type face.)

Hmmm. If this company has been providing “20 Years of Total Protection” how come its web site was just registered last year and why was it registered by a proxy service?

The fake:



Site registered last year to a proxy service.

Registrant:

   Domains by Proxy, Inc.

   DomainsByProxy.com

   15111 N. Hayden Rd., Ste 160, PMB 353

   Scottsdale, Arizona 85260

   United States

   Domain Name: SECURITY-ANTIVIRUS-SITE.COM

      Created on: 25-Feb-09

      Expires on: 25-Feb-10

      Last Updated on: 25-Feb-09

The real one:



Site registered in 1999, full identifying data in Whois record.

Whois Record

Registrant:

Avira GmbH

   Lindauer Str. 21

   Tettnang D-88069

   DE

   Domain Name: FREE-AV.COM

   Administrative Contact:

      Auerbach, Tjark              

      Avira GmbH

      Lindauer Str. 21

      Tettnang D-88069 DE

      +49 7542 500 300 fax: +49 7542 500 318

   Technical Contact:

      Network Solutions, LLC.                

      13861 Sunrise Valley Drive

      Herndon, VA 20171  US

      1-888-642-9675 fax: 571-434-4620

   Record expires on 26-Mar-2012.

   Record created on 26-Mar-1999.

Nice work Jerome.

Tom Kelchner

 







Source: Sunbelt Blog

>> To obtain the full Sunbelt blog post, click the link in the first post line <<

[Chubb]

Real life Mafia Wars: Spy Eye tool kit goes after Zeus botnet
10 February 2010, 6:50 pm

Peter Coogan at Symantec put up a very interesting blog post yesterday about a crimeware kit called SpyEye v1.0.7 (on sale now on Russian sites -- $500) that has a module that will kill a Zeus bot infection on a victim’s computer so the bot created by SpyEye can take it over.

In September, Computer Weekly reported the Swedish telco Telia Sonera shut down the Internet connections of Latvian company Real Host after it was linked to the Zeus botnet. At the time, researchers said they believed Real Host's servers had captured about 3.6 million PCs for the Zeus botnet.

They linked Zeus to a Russian gang named Rock Phish which is believed responsible for a massive amount of the phishing attacks aimed at stealing credit card and banking information.

The Zeus network took the hit and recovered, however, sending out massive malicious spam campaigns to infect more machines. One campaign carried an income tax topic in September and another had H1N1 as a lure in December.

Coogan said the SpyEye kit can also create crimeware with:

•    keyloggers

•    credit card modules

•    daily email backup

•    encrypted config files

•    Ftp protocol grabbers

•    Pop3 grabbers

•    Http basic access authorization grabber

“If the use of SpyEye takes off, it could dent Zeus bot herds and lead to retaliation from the creators of the Zeus crimeware toolkit. This, in turn, could lead to another bot war such as we have seen in the past with Beagle, Netsky, and Mydoom.” he wrote.

He credits Mario Ballano Barcena with the analysis.

Symantec blog post “SpyEye Bot versus Zeus Bot” here.

Tom Kelchner





Source: Sunbelt Blog

>> To obtain the full Sunbelt blog post, click the link in the first post line <<

[Chubb]

“Nothing” for sale on Amazon.com
10 February 2010, 3:26 pm



There’s a lot of stuff for sale today that is worth nothing, but the folks selling it usually aren’t so up front about it. It is odd that one “used” nothing costs $10 and “collectible” ones are $9.95. They’re probably the really good ones, like 1946 Christmas tree light bulbs in the shape of Santa Claus that still work.

There have been 30 customer reviews and they rate it with four stars out of five.

I wonder if it’s guaranteed. Is there a service plan available?

You probably don’t have to worry about a recall.

If it’s downloadable, be sure you scan it for malware.

http://www.amazon.com/This-Test-Product-Nothing-Will/dp/B000ZING44/ref=cm_cr_pr_product_top

Alex started my day by sending me the link. What a boss!

Tom Kelchner







Source: Sunbelt Blog

>> To obtain the full Sunbelt blog post, click the link in the first post line <<

[Chubb]

Shorten your own URLs
9 February 2010, 10:44 pm

“YOURLS is a small set of PHP scripts that will allow you to run your own URL shortening service (a la TinyURL). You can make it private or public, you can pick custom keyword URL. It comes with its own API.”  http://yourls.org/

It’s installed on your web server (needs PHP 4.3 or better and MYSQL 4.1 with mod_rewrite enabled.)

“Benefits:

1. Not reliant on third party service

2. Sends link juice to your domain, not a service provider

3. Customize your short links

4. Build your brand (showing your URL)”

Story here.

Cool.

Thanks Andrew. Thanks Alex.

Tom Kelchner





Source: Sunbelt Blog

>> To obtain the full Sunbelt blog post, click the link in the first post line <<

[Chubb]

P2P research: clue needed
9 February 2010, 9:17 pm



At the ShmooCon hacker conference in Washington, D.C., last week two security researchers showed the very sensitive information that people inadvertently make available over peer-to-peer networks.

In their presentation, “Information disclosure via P2P networks: Why stealing an identity via Gnutella is like clubbing baby seals,” pen testers Larry Pesce and Mick Douglas said they found a lot of music, porn, malcode collections and the following:

-- driver's licenses, passport and tax return forms with Social Security numbers;

-- someone's will

-- A retirement analysis form with savings account totals and income estimates;

-- An IRS form with taxpayer identification number;

-- A completed Turbo Tax form with personal information filled in.

The two have started The Cactus Project to help security specialists do similar research to help organizations tighten up the information they share over P2P. They list best-of-breed tools for conducting the research, including Mutella and the Gnutella Protocol on their site http://pauldotcom.com/cactusproject.html.

The Network World story quotes Douglas: “"We have to keep trying to educate people, but through this kind of research [security practitioners] can take steps to better protect their own organizations going forward.

Network World story here.

These guys are clearly having too much fun. Below is a quote from the pauldotcom.com site:

“I often say that we are in one of the only professions I know of which is destined to fail. You will have a breach and there will be compromises; you will get called out. In light of this reality I still find that information security professionals are a fairly happy lot. The trade-off for having the cards stacked against us is in that we get to work in one of the coolest fields.”  (http://pauldotcom.com/cactusproject.html)

Tom Kelchner







Source: Sunbelt Blog

>> To obtain the full Sunbelt blog post, click the link in the first post line <<

[Chubb]

Black Hawk Safety Net down
8 February 2010, 10:51 pm

China Daily has reported that Chinese law enforcement officials raided a hacker training and resource operation in Hubei province with 12,000 members, shut it down and arrested three principals in November.

The paper said: “The three, who ran Black Hawk Safety Net, are suspected of offering others online attacking programs and software, a crime recently added to the Criminal Law. A total of 1.7 million yuan ($249,000) in assets were also frozen.

“Hubei province named Black Hawk Safety Net as the largest hacker training site in China, which openly recruited members and disseminated hacker techniques through lessons, Trojan software and online forum communications.

“Since it was established in 2005, the site had recruited more than 12,000 VIP members and collected more than 7 million yuan ($1.03 million) in membership fees. More than 170,000 people registered for free membership.”

The story also said: “According to a report released by the National Computer Network Emergency Response Coordination Center of China, the hacker industry in China caused losses of 7.6 billion yuan ($1.1 billion) in 2009.”

The New York Times reported that the shutdown actually occurred in November and quoted a noted China watcher as saying that the action was just “window dressing” since Chinese authorities have not shut down the well-known servers that were used to attack Google and other western companies recently.

Observers in the west have been trying to fathom the meaning of events in China ever since Marco Polo wandered there in the 13th century and lived to write a book about it. China is big, in some ways very disorganized and has a history of being strange to the rest of the world. It will be interesting to see if there are more take downs coming.

China Daily story here.

New York Times story here.

Tom Kelchner





Source: Sunbelt Blog

>> To obtain the full Sunbelt blog post, click the link in the first post line <<

[Chubb]

Sunbelt supports Safer Internet Day: Think B4 U post!
8 February 2010, 3:01 pm

Sunbelt Software is supporting tomorrow’s Safer Internet Day, an awareness-raising initiative co-funded by the European Commission. Organizations in more than 60 countries are behind the campaign, this year focusing on the theme "Think B4 U post!"



New technologies have turned all of us, and mostly young people, into publishers of information, pictures, and videos. While bringing about new opportunities for personal expression and creativity, the same technologies can also conjure up embarrassing or even traumatic situations. For example, photos, once posted online, remain online and can be seen by anybody, even years after they have been posted. Therefore, children and teenagers need guidance to manage their online identity in a responsible way, to be in control of their own online identity.

“We are proud to be supporting Safer Internet Day. Whilst it is generally assumed that the latest generation will be the most technologically savvy, we see that children are taking increasingly liberties with their online identity and opening themselves up to a wealth of very real dangers,” explained Sunbelt Software CEO Alex Eckelberry. “By following this simple five point checklist they can enjoy the many social and academic benefits of the Internet safely.”

Sunbelt Software offers the following five-point checklist to both children and parents to enable a safer online experience:

1. Do not to open any emails that come from senders you don’t know. Many of those emails have luring titles like “You have won a lottery” or “Happy birthday, I have a present for you” and so on. Never open any attachments coming with such emails, as it is likely that in such cases you will install a virus or a worm in your PC.

2. Try to avoid suspicious websites, and if you accidentally enter one that seems strange, leave it immediately.

3. If pop-up windows alert you or ask you to agree to anything, immediately close them and never click on any button inside them.

4. Install antivirus software such as Sunbelt Software’s award winning VIPRE on your PC. This will protect your computer against viruses and other malware threats. Antivirus software needs to be regularly updated, and can provide added security such as content or website filtering.

5. Install a firewall, which will keep watch on all files that go in and out of your computer.

About Insafe

Insafe is the European Safer Internet awareness-raising network co-funded by the European Commission. It’s made up of national contact centers across the European Union and in Iceland and Norway, with partner organizations in Argentina, Australia and the US. Insafe aims at empowering users to benefit from the positive aspects of internet whilst avoiding the potential risks.

Further information is available at http://www.saferinternet.org or contact info-insafe@eun.org

Tom Kelchner







Source: Sunbelt Blog

>> To obtain the full Sunbelt blog post, click the link in the first post line <<