Continue reading »]]> Germany launched a national cyber defense center whose primary task will be to protect critical computer infrastructure from cyber attacks.

The Nationale Cyber-Abwehrzentrum (National Cyber-Defense Center) is based in Bonn in the same building as the Federal Office for Information Security (BSI).

For now, it has ten permanent employees and represents a joint effort between the BSI, the Federal Office for Civil Protection and Disaster Assistance (BKK) and the Federal Office for Protection of the Constitution (BFV).

Other agencies, like the German Federal Police, the Federal Intelligence Service and the Armed Forces will join the effort in the upcoming months.

“At the heart of cyber-security is the protection of critical infrastructures,” said Federal Interior Minister Friedrich. Organizations and agencies with important significance for the community are part of this infrastructure.

“Stuxnet and the most recent example of the hacker attack on the French nuclear company EDF (Electricité de France) have shown that IT systems represent critical infrastructure in the context of cyber-attacks,” he added.

The Interior Ministry announced a sharp rise in cyber attacks against critical infrastructure last year, nearly doubling in number compared to 2009. China is seen a major player in this area.

“To successfully protect critical infrastructures against attacks, we focus on prevention, response and early warning. We have been doing this for several years in various ways within the federal government.

“However, the attacks are increasing in complexity and are exceeding the responsibility of individual authorities. Therefore, the establishing of the National Cyber-Defense Center is an important step for the advancement of cyber-security in Germany,” said BSI president and Cyber-Defense Center spokesperson Michael Hange.

Germany follows the lead of other countries that have already set up similar centers, like UK’s Cyber Security Operations Centre (CSOC) and the US Cyber Command. Countries like India or Estonia have also announced plans to set up cyber defense units.

Last month China launched a cyber defense program which aims to protect the country’s critical networks against cyber attacks and also to establish a cyber training program for army officers.

Continue reading »]]> MOSCOW – Russia’s biggest retail bank is testing something that the old K.G.B. might have loved, an automated teller machine with a built-in lie detector intended to prevent consumer credit fraud.

New customers could talk to the machine to apply for a credit card, with no human intervention required on the bank’s end.

The machine scans a passport, records fingerprints and takes a three-dimensional scan for facial recognition. And it uses voice-analysis software to help assess whether the person is truthfully answering questions that include “Are you employed?” and “At this moment, do you have any other outstanding loans?”

The voice-analysis system was developed by the Speech Technology Center, a company whose other big clients include the Federal Security Service – the Russian domestic intelligence agency descended from the Soviet K.G.B.

Dmitri V. Dyrmovsky, director of the center’s Moscow offices, said the new system was designed in part by sampling Russian law enforcement databases of recorded voices of people found to be lying during police interrogations.

The big bank involved, Sberbank, whose majority owner is the Russian government, said it intended to install the machines in malls and bank branches around the country, but had not yet scheduled the rollout. Technology consultants say it would be the banking world’s first use of voice analysis in automated teller machines.

It was the global financial crisis, partly prompted by loans that people could not or would not repay, that prompted Sberbank to tap Russia’s national security experts as it set out to automate banking activities, said Victor M. Orlovsky, a senior vice president for technology at the bank.

The software detects nervousness or emotional distress, possible indications that a credit applicant is dissembling. That information, Mr. Orlovsky said, would be used in combination with other data, including credit history.

Sberbank says that to comply with Russian privacy law, the bank plans to store customers’ voice prints on chips contained in their credit cards rather than on a central database.

In addition, Mr. Orlovsky said the bank planned to make consumers aware of the types of information, including biometrics, that the machine would be collecting. But the technology center says even people who know about the voice-stress program would have trouble fooling it.

One of the center’s other products measures anger and is already installed at the telephone call center of the Russian national railways.

“We are not violating a client’s privacy,” Mr. Orlovsky said.

“We are not climbing into the client’s brain. We aren’t invading their personal lives. We are just trying to find out if they are telling the truth. I don’t see any reason to be alarmed.”

Continue reading »]]> LulzSec rampages on.

They claimed they took out cia.gov for a couple of hours tonight, but its difficult to say whether they really did it or whether the site was made unavailable because of a large number of people trying to access it after seeing the “Tango down – cia.gov – for the lulz” message on the group’s Twitter feed.

The group also redirected the incoming phone calls to their dedicated and likely untraceable phone line to online retailer Magnets.com, then the Detroit offices of the FBI, and finally to HBGary offices.

As the latest prank, they made available for download a text document containing 62,000+ emails/passwords and encouraged Internet users to try and use them on various online services and social networks in order to hijack the accounts.

“In return for flooding /b/ this morning, have 62,000 passwords and emails,” they said. “The top half is ‘password | email’, and the bottom half is ‘email | password’; these are random assortments from a collection, so don’t ask which site they’re from or how old they are, because we have no idea. We also can’t confirm what percentage still work, but be creative or something.”

And judging by the comments of various users, some rose to the challenge. The worst thing is, the file is hosted on MediaFire, and as I’m writing this, is still available for download.

Continue reading »]]>

• Signature based detection
• Checking for Suspicious Behavior

• As you have seen that normally the antivirus take the content or signature of a file or program to compare it with its database, now what if the database of an antivirus is not updated and if any new malware try to exploit your computer and your antivirus don’t identify it because it has no information about. So the new threat can easily bypass your antivirus and will cause a harm to your computer, this is called Zero-day threats.

• Awareness among the user(s) is/are very important rather than antivirus software’s, you should teach your self on how to be safe on the jungle of web where every day, is the day of new threat.
• You must be aware about the viruses and their effects and how they spread.
  • Malware: Virus
• Do not download and run the unknown programs from Internet.
• You should know how to secure yourself from malware.
  • Secure Your Self From Keylogger
• You must know about the latest antivirus software for your operating system.
  • 4 Antivirus For Android

So these are two main ways employed by the antivirus to detect the unwanted files. So now always when you run a scan you would know what is happening.

Continue reading »]]>

[Charlie X-Ray] is having some modern fun with the phone system by pulling dialed numbers from the audio track of YouTube videos (translated). The first step was to find a video where a telephone is being dialed and the sounds of the keypresses are audible. You can’t tell those tones apart, but a computer can. That’s because each number pressed generates a combination of two out of seven closely related frequencies. [Charlie] isolated the audio using Audacity, then wrote a python script to generate a spectrogram like the one above. By matching up the two dark nodes you can establish which two frequencies were played and decode the phone number being dialed. So how does this work again… find audio of a phone being dialed, decode the number.. profit?

Continue reading »]]> Passwords are the first line of defence in warding off online criminals. As web security breaches become more common, your online safety is being put at risk if your password is weak.

Figures from GetSafeOnline.org, a joint initiative between the Government and the Serious Organised Crime Agency, showed that 15% of internet users fell victim to hackers in 2010. Managing director Tony Neate warned: “A strong password is as critical to online security as having anti-virus software. Most web users choose weak combinations that are easy to guess – such as their favourite football team – and then recycle them for numerous different websites.”

To protect yourself simply and effectively, here are six tips to outsmart hackers by creating stronger passwords.

1) Never use personal information

Setting personal information as your password means that you are giving hackers an easy ride by making it too obvious. Be aware of using easy-to-crack passwords, like your own name, birth date, a pet’s name, mother’s maiden name or your favourite football team. Every word in the dictionary, names, and dates are the first things hackers try when trying to break a password. If you find it difficult to remember passwords which don’t contain a phrase or word in that is memorable to you, use it as a base password instead. For example, if you wanted to use ‘Guns N’ Roses’ song, ‘Sweet Child of Mine’, your base password might be ‘SCOM’. Remembering the password is a matter of singing yourself the song. Add on a few numbers and symbols too for extra protection.

Try not to use a dictionary password. This will help reduce the threat of your password being found by ‘dictionary’ based tools which some attackers use.

2) Use different passwords for different accounts

The problem with using the same password for every site you use, whether it is for online banking or gaining access to a social network, is that if the password is compromised and someone finds out which websites you use the most, the rest of your identity is at risk.

It is advised to Internet users to use different passwords for websites, especially banking and financial ones. This reduces the threat of anyone using the same password to log into all of your services/accounts. According to Government statistics, 17% of people still use the same password for every site they access.

3) Use random number sequences

Passwords should ideally contain a random combination of numbers alongside your chosen base letters and special characters. Media firm, Gawker, whose million-strong member’s database was hacked into in December, revealed their user’s most careless password habits. Those who were the most at risk of falling victim to hackers stupidly used the combination ’123456′ as their password.

4) Use mixed character types

Always use upper and lower case letters, numbers, and special characters like exclamation marks, hashes and asterisks where possible. ‘Bloomberg Businessweek’ recently compiled data from a variety of cyber security experts, showing how long it takes for a hacker to randomly guess a password. The data found that any six character password consisting solely of letters can be cracked in just ten minutes but a nine character password complete with letters, uppercase, numbers and symbols will take 44,530 years to crack.

It also advised web users to substitute letters with numbers, e.g. ‘F1ow3r’ instead of ‘flower’.

5) Update your password regularly

IT research and advisory company, Gartner inc. recommends that a user should change their password every 90 days to keep hackers guessing. Some banking and online trading sites give their users the opportunity to change their password at regular intervals.

6) Use long passwords

The more characters in a password, the harder it is to crack. Your password should ideally be between eight and 16 characters in length. Having at least eight characters is a good compromise between safety and usability.

Continue reading »]]> By Xu Chi

2010-11-10

http://www.shanghaidaily.com/article/?id=454146&type=Metro

Shanghai – WATCH out! “Zombies” are attacking hundreds of thousands of mobile phones in the city.

The zombies are not the scary kind, but they do qualify as annoying as at least 300,000 local handset users are unwittingly sending spam messages with a virus to all contacts in their address books after their phones caught the Zombie virus, said NetQin Mobile Inc, a leading mobile phone security company.

The number accounted for 20 percent of the 1.5 million mobile phones across the country that have been infected by the virus so far, making Shanghai one of the hardest-hit areas, the Beijing-based company found.

A local lawyer, Liu Chunquan, said if the hackers who created the virus are caught they will be jailed for creating and spreading a virus and damaging computer systems.

According to the country’s criminal law, offenders can be jailed for more than five years if their crimes lead to severe consequences.

Anti-virus experts suggested that mobile phone users install anti-virus software and avoid clicking the links of spam messages, even those from friends or relatives.

Cell phones infected by the virus will be turned into another “zombie” phone, sending the phone user’s SIM card information to hackers, who then remotely control the phone to send links of the virus to others via spam text messages.

Users who receive the messages and click the links will also be infected while the infected phones keep sending spam messages. The virus has cost handset users a total of about 2 million yuan (US$300,000) per day.

“My friend complained that he constantly received ad messages from me, but I never sent him any,” said a local resident surnamed Zhang. “Then I realized that my phone was turned into a ‘zombie.’”

According to a NetQin official surnamed Dong, they have studied hundreds of thousands of complaints and emergency calls, the feedback of the security software installed on mobile phones, and the information they gathered from a massive database that users had joined voluntarily.

However, the number of victims may far exceed the figures given by the company as its statistics don’t cover all phone users.

The virus infected 1 million users during the first week of September, according to a previous report by the National Computer Network Emergency Response Technical Team Center.

“We noticed the virus in early August and our engineers started to fight back with anti-virus software,” said Dong. “It’s possible to stop it from spreading quickly.”

But she said they also needed government help to track down the hackers.

Also read -

http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=228200648&cid=RSSfeed_IWK_Security

Continue reading »]]> 3 Sep 2010

http://www.pcpro.co.uk/news/security/360865/facebook-adds-hacker-tracker-tool

Facebook says it has improved its security with a remote log-in management tool that should help users tell if their accounts have been hacked.

The primary use for the new tool, currently being rolled out and available via the Account Security section of Account Settings, will be as a remote log-out facility for people that have forgotten to sign off when they have been using a public or friend’s computer.

However, Facebook said the tool would also be useful in monitoring accounts if they had been hacked and give users the option to kick the hackers out of their accounts and change the password.

“If someone accesses your account without your permission, you can shut down the unauthorised login before resetting your password and taking other steps to secure your account and computer,” the company said on the Facebook blog.

Within the tool, Facebook said, “you’ll see all of your active sessions along with information about each one. That information includes the log-in time, device name if you’ve previously named it through our log-in notifications feature, the approximate location of the log in based on IP address, and browser and operating system.”

Critics have claimed the new tool will only be used by the technically savvy, leaving the majority of users no better off.

Continue reading »]]>

Some of the details are beginning to emerge about the 10 Russian spies that were captured in the US. According to an article on The Register, the spies communicated with Ad-Hoc Wi-Fi networks and hid messages in pictures using Steganography.

FBI agents monitored 28 year old Russian spy Anna Chapman as she communicated with a Russian government official. Anna would go to a book store and using her laptop, created an Ad-Hoc Wi-Fi connection to a Russian contact who was outside the store:

Surveillance agents nearby used “a commercially available tool that can detect the presence of wireless networks” to witness the creation of the ad hoc networks. NetStumbler is probably the most popular example of such software. Law enforcement agents were able to detect a particular MAC address – MAC address A – at the time that Chapman was observed powering on her laptop computer,” the complaint says. Law enforcement agents were also able to determine that the electronic device associated with MAC address A created the ad hoc network.”

The spies also embedded secret messages in pictures and uploaded them to sites where Russian officials retrieved them, and decoded the messages.

A New Jersey search uncovered a network of websites, from which the alleged spies had downloaded images. “These images appear wholly unremarkable to the naked eye,” the complaint explains. “But these images (and others) have been analyzed using the steganography program. As a result of this analysis, some of the images have been revealed as containing readable text files.”

It is interesting to see the tactics used by modern spies. Of course Russia is denying any and all involvement. Kudos to the FBI for taking them down.

Continue reading »]]> Facebook is more popular than ever. The site frequently goes through changes, but how many people use the same schedule of improvements on their own profile? The new features added to Facebook are opening new windows for vulnerability. A compromised account is a backdoor to more serious attacks on email or banking.

Today I will show you 10 things you should stop doing on Facebook in order to take back your security and close the open door.

-Stop posting your phone numbers. Last week I explored a Facebook attack that harvests the phonebook feature. Remember that your number is exposed to your friends, and therefore you’re relying on their security practices as well as your own to protect you. If a phisher can spoof your number, they have an extra layer of authenticity in convincing your friends you are in trouble and need money fast.

-Put down the games. I know the Mafia can’t take Cuba without you, but it’s time to stop. The top games on Facebook have been hacked, and it’s just a matter of time before the one you play is next. It’s arguable that the damage is already done with the games and applications you’ve already allowed, but don’t sign up for any new ones! Third party apps are not guaranteed to be secure, and you should not trust them with your credentials.

-Don’t trust chat. It shouldn’t take Chris Hansen to tell everyone that the person on the other end of your chat session could be anyone. The chat feature on Facebook should be treated as a public conversation. Never give out any private information, even if you’re positive you are talking to your friend.

-Refresh your personal info. Take a fresh look at your profile from the perspective of a social engineer. Does your profile tell a story about you? What information can you cut out? Many security questions ask about personal details about primary school and pets. Delete any photos or profile details that may relate to those kinds of questions.

-Don’t use the lazy emails. Facebook will fill your email inbox with notifications, and the links to easily respond. Instead of following the links in email, open up a fresh tab and go to facebook.com directly. Facebook and most social networks are targets for email spoofing. Otherwise you’ll be entering your login password at facebock.com!

-Don’t friend acquaintances. Think of the friends list as a circle of trust. If you don’t know the person well enough to trust their
security savvy, than you’re very unlikely to recognize the behavior of a phisher pretending to be them. 500 friends means 500 possible inroads to a social engineering or phishing attack. Tone down the number.

-Don’t keep an old password! Changing your password short circuits many trivial forms of attack. Facebook is a high risk target for Identity Theft, especially if you’re using applications frequently. How about doing it now!

-Photos are forever. Make it clear to your friends and family that you do not want those pictures of you in your birthday suit on anyone’s profile. (As opposed to the one of you in a suit on your birthday!) Pictures give behavioral information to an attacker. Bruce Schneier calls this “incidental data” in his Taxonomy of Social Networking Data. There he makes the assumption that incidental data is information that you did not create about yourself, and therefore do not control. I would add that although much of it is outside your control, there are ways to influence your friend’s posting behavior overall. Also, Facebook gives users the ability to “untag” themselves in pictures. While the damage is already done in the short term, you’ve influenced long term vulnerability.

-Don’t forget @mentions. This new feature brings more incidental data. Be respectful of your neighbor’s privacy. Ask yourself if having a friend’s entire profile pinned to your comment like a big arrow is actually necessary for the joke to be funny.

-Don’t trust other websites. Facebook is everywhere now. The same trust rules apply to the Facebook Login feature that is spreading to other websites. If you don’t trust the website you’re on, then signing in with the Facebook credential does not give you an added layer of protection, but rather hands your password to strangers.

This list may seem counterproductive to the efforts Facebook makes to create a global connected community. While I am interested in being a part of such a community, I go into it with eyes open. Just like wearing a wallet belt when I go to huge tourist destinations, I want to be smart about visiting the hugely popular social networking sites online. It may not be the coolest thing to do, but in the end I found that my friends didn’t even notice I had taken these safety precautions. Now the camera bag I stuffed in my shirt… that was a different matter.

Original source:
http://erratasec.blogspot.com/2009/11/10-facebook-donts.html

Continue reading »]]> In their latest “Weekly Threat report”,VeriSign’s iDefense Intelligence Operations Team has profiled the underground market proposition of someone claiming to have 1.5 million compromised Facebook accounts available for sale.

The pricing method is based on the number of contacts per compromised account, presumably with the idea to allow easier spreading of related malicious content across Facebook.

Here’s an excerpt from the report, and a brief FAQ on the underground ad.

• “On Feb. 10, 2010, (cybercriminal) stated that he or she is selling 1.5 million compromised Facebook accounts, in bulk quantities, belonging to users in various countries. The price per 1,000 accounts varies based upon the number of friends and contacts that each account possesses. For a purchase of compromised accounts containing 10 contacts or fewer, a buyer must pay $25 per 1,000 accounts. A purchase of compromised accounts containing 10 or more contacts requires a buyer to pay $45 per 1,000 accounts. Accounts containing zero contacts are also available for bulk purchasing from (cybercriminal), at the cost of $15 per 1,000 accounts. The prices of these accounts are presumably in USD or the equivalent amount in some form of electronic currency.”

Sometimes, there’s no honor among cybercriminals (Phishers increasingly scamming other phishers), just like there isn’t among “real life” thieves.

From the distribution of backdoored web interfaces to web malware exploitation kits, to the actual “binding” of additional malware to the original release, sophisticated or at least cybercriminals with experience, have realized that there are thousands of potential cybercriminals that could unknowingly start working for them. The process of “cybercriminals attempting to scam novice cybercriminals” demonstrates just how vibrant the ecosystem has become these days.

With a huge percentage of the underground marketplace driven by reputation, this is exactly what this particular seller of Facebook data is missing. Moreover, with quality assurance now an inseparable part of the cybercrime ecosystem, the seller is not just skipping the time frame in between which the accounts were compromised, he is also not mentioning have many of them are actually verified as working.

These, and several other factors make me skeptical on the quality of this underground proposition.

If we consider that the cybercriminal’s claims to be true, how did he manage to obtain 1.5 million Facebook accounts?

The ad is clearly stating that they are accounts with contacts, meaning they’re compromised, and other which have zero contacts, meaning they’ve been automatically generated by outsourcing the CAPTCHA-solving process to international teams specializing in the process.

The compromised accounts could have been obtained through the emerging Cybercrime-as-a-Service (CaaS) market model. For instance, if he has paid $100 for 3GB of raw crimeware data, and the data mining allowed him to compile a list of 1.5m Facebook accounts, based on the current price, he’ll automatically break-even.

Phishing campaigns shouldn’t be excluded as a possibility, however, it remains unclear whether the seller has launched them personally, or managed to purchase the raw data from someone else.

What kind of a business model within the cybercrime ecosystem would allow him to sell the data so cheaply, and still make a profit?

It’s a business model with an ever-decreasing cost of supply, based on the currently active “malicious economies of scale” phrase. This efficiency-driven cybercrime model is in fact so successful, that whether consciously or subconsciously, cybercriminals are realizing the basics of market liquidity, and the time value of “underground goods”, in particular the decreasing future value of assets like the Facebook accounts — the value becomes zero when the affected user changes his password from a malware-free host.

Why would a cybercriminal want access to your Facebook account?

For a variety of fraudulent reasons, all of them exploiting the already established trust relationship between the compromised account’s holder and his network of friends.

From “money transfer schemes” where the fraudster is supposedly stuck somewhere and requires cash, to a malware campaign relying on nothing else but a status message leading to a client-side exploits serving site. Your network of friends, turns into his network for propagation of fraudulent/malicious schemes and campaigns.

VeriSign’s iDefense also makes an interesting observation.

With Facebook’s user base growing to 300 million people across the globe, this indispensable marketing platform can be easily integrated into the cybercriminal’s arsenal, with localized and targeted social engineering attacks relying on basic market segmentation, launched with the idea to achieve a higher conversion rate, compared to mass marketing approaches.

Fact or fiction, based on the ad’s content, this is perhaps the perfect time to change your Facebook password from a malware-free host, since a strong password is just as weak as the weak one in general if there’s malicious code present on the system.

Written By : Dancho Danchev

Continue reading »]]> Wonder where all those annoying spam messages come from? Who sends them? Well, you have got some answers here. Panda Security, a player in antivirus and preventive technologies segment, has stated in its report that India is the world’s number two spammer. Surprised? Even we were.

Panda Security has released a report stating that Brazil, India, Korea, Vietnam and U.S. head the list of countries from which most spam was sent during the first two months of the year 2010. With respect to the cities from which spam was being sent, Seoul was first in the list, followed by Hanoi, New Delhi, Bogota, Sao Paulo and Mumbai.

The five million emails analyzed by PandaLabs came from a total of almost one million different IP addresses. This shows that the spam is mostly sent from zombie computers belonging to a botnet. This way, the computers of the infected users themselves are those which send the spam. The cybercrooks have thousands of computers at their disposal, which do the dirty work for them.

Spam is nothing but a business and is used primarily either to distribute malware or sell/advertise all type of products. Therefore, as long as there are users, no matter if they are few, who trust these messages, it’s enough to continue betting on it.

Continue reading »]]> Cyber security researchers and analysts have uncovered the existence of a spy network based in China that was used to steal sensitive, classified government documents from India – as well data from the Dalai Lama’s office and the United Nations.

The “Shadow Network”, as this network is now known, has been traced to two people living in Chengdu, China.
China is largely believed to possess a Cyber Warfare Doctrine that is designed to achieve global “electronic dominance” by 2050. With a yearly budget of $55 million allotted for it and over 10,000 hackers working in tandem, China is second only to U.S. when it comes to cyber snooping prowess.

As more details emerge about the intentions of these hackers, it is clear that they had targeted the upcoming Commonwealth games in India. The idea was to make Commonwealth games an utter failure later this year. The plans included studying the network architecture of the entire Commonwealth games IT infrastructure. This includes ticket sales, online registration servers all of which would crash at the time of the inaugural ceremony. The hackers had also looked into tender documents for the Commonwealth games network infrastructure. Intelligence agencies feel this could be for studying vulnerabilities in the system for possible attacks.

As to how the latest attacks happened, the modus operandi was simple. Individuals in the ministries were sent emails from a genuine looking nic.in mail address. The email had a PDF attachment that was infected. Accounts on Twitter, Yahoo Mail, Google Groups, Blogspot and other social-networking sites were used to update compromised computers and to host malware, according to the report.

Isn’t it high time that we pull up our socks and deal with this grave security threat?

Continue reading »]]> Update: Trend Micro Researchers were alerted to the discovery of a malware that came preinstalled on a Vodafone mobile phone handset. Its memory card was also believed to carry malware in it. Vodafone has been taking the heat for packing malware straight out of the box on their HTC Magic Android smartphones.

The recipient of one of the malware-laden phones was an employee of the Spanish antivirus firm Panda Security. Plugging the phone in via USB into any PC quickly led to an infection by WORM_SILLY.QT. Vodafone has already released an official statement saying that the infected phone problem was an isolated one.

Vodafone Spain has revealed that at least 3,000 users may have been exposed to the Mariposa malware, which made its way into users’ computers via the cell phone’s storage. The carrier had shipped HTC Magic phones with infected MicroSD cards from where the malware spread to PCs.

Vodafone is now offering to replace the microSD cards for infected phones. The company maintains that the incident is just an isolated and local one. This is probably the first time a phone has been shipped with a virus inside. Vodafone’s idea to change the memory card isn’t much of a solution to the problem.

Even though the threat was neutralised back then and the perpetrators arrested, there are quite a few affected computers left in the world even now. This Mariposa laden microSD cards just gave the botnet another opportunity to infect computers. It was an employee of Panda Security who first discovered this problem earlier this month. It is currently estimated that up to 3,000 phones might have been affected by the bot. If you bought one of those Vodafone branded HTC Magics, you might want to scan your memory card once before using!

Continue reading »]]> Easter egg

For example, follow these instructions to see a list of people who worked on the User Assistance feature of Microsoft Word 2000:

1. Open Microsoft Word2000

2. Press F1 or click the “Office Assistant” button

3. Under the “What would you like to do?”, type “Cast” (No quotes)

4. Click SEARCH

5. Click the MICROSOFT OFFICE 2000 USER ASSISTANCE STAFF topic

6. Click the graphic in the Microsoft Word Help screen

Easter eggs in computer games are quite common and may be funny scenes, hidden levels, or other extras gamers can discover while playing. One of the most popular easter eggs to unlock in video games is the “Dopefish”. This fun, fictional fish first appeared in Commander Keen: Secret of the Oracle (1991). Since that time it has made an appearance as an easter egg in numerous games. In many games you need to unlock a special level or perform a sequence of actions to find the hidden easter egg.

Easter eggs may also be found in movies, music albums, videos and other types of media.

Continue reading »]]> Mohit Sharma

Apr 03, 2010

http://www.indianexpress.com/news/hacker-held-for-duping-job-aspirants/599464/

The Delhi Police arrested a professional hacker on Friday who led a gang which allegedly duped hundreds of youths by promising them jobs as technicians and airline crew.

Police identified the accused as Amritesh and said they are raiding several places in Delhi to nab his associates.

Amritesh, the police said, had hacked a popular job website — he would find out probable victims and stay in touch with them until they paid money for the promised job.

Police sources said at least 25 students who were cheated by the gang approached the Safdarjung Enclave police on Friday, alleging they have been duped of lakhs of rupees.

Abhinav, a student, said, “Amritesh promised me a job with a popular airline for Rs 80,000. He even gave me joining letters printed on the airlines’ letterheads and affidavits. He also arranged meetings with a person who claimed to be the HR head of the airline. He said I could join work in January.”

Continue reading »]]> By Sean Hollister

Mar 9th 2010

http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/

Since 1977, RSA public-key encryption has protected privacy and verified authenticity when using computers, gadgets and web browsers around the globe, with only the most brutish of brute force efforts (and 1,500 years of processing time) felling its 768-bit variety earlier this year. Now, three eggheads (or Wolverines, as it were) at the University of Michigan claim they can break it simply by tweaking a device’s power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password. With a small cluster of 81 Pentium 4 chips and 104 hours of processing time, they were able to successfully hack 1024-bit encryption in OpenSSL on a SPARC-based system, without damaging the computer, leaving a single trace or ending human life as we know it. That’s why they’re presenting a paper at the Design, Automation and Test conference this week in Europe, and that’s why — until RSA hopefully fixes the flaw — you should keep a close eye on your server room’s power supply.

Continue reading »]]> March 2010

http://news.webindia123.com/news/articles/Science/20100314/1464200.html

Iran claimed to have busted a spy racket allegedly linked with the US intelligence agency CIA and arrested 30 people for operating an internet network to gather secret data related to Iran’s nuclear scientists.

The Judiciary said Saturday it has dismantled a US-backed cyber network, which was set up to gather information on Iran’s nuclear scientists and spread unrest after the presidential election.

The nexus was formed by anti-Iran groups, including the terrorist Mojahedin Khalq Organisation (MKO), the Judiciary said in a statement, adding that 30 suspects have been arrested.

According to Iranian authority, during former US President George W Bush’s regime, a new campaign in the intelligence front – the “cyber war” – was set up to engage Iran, with the help of the MKO, pro-monarchy groups and other anti-Iran cells.

“Iran proxy”, which was one of the main projects of the campaign, received $50 million from the CIA and the US State Department, the statement said.

The program, which allowed Iranians bypass the state’s filtering system and access the internet, was designed to “obtain personal and family information” of its users and pass them on to US spy agencies.

Another major project was a network of “human rights activists”, which was led by Keyvan Rafiei, Jamal Hosseini and Ahmad Batebi, it said.

The network was tasked with recruiting people and sending them to an MKO camp in Iraq and other countries, where they would receive training, the statement said.

It said the network was also in close cooperation with “Lawyers Committee” and “Harana News service”, Press TV reported.

The network, according to the confession of its arrested members, was also tasked with inviting people to attend rallies and riots after the presidential election in June.

The Judiciary said that the International Criminal Police Organisation (INTERPOL) has been briefed on the situation and about the key members of the group, who operate the racket from the US.

Continue reading »]]> 02 April 2010.

http://www.net-security.org/secworld.php?id=9096&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Google analyzes millions of pages per day when searching for phishing behavior. This kind of activity is, of course, not done by people but by computers.

The computers are programmed to look for certain things that will identify the page as a phishing site. Those things are actually the same things that users should check when evaluating if a page is legitimate or not.

According to a post on Google’s official online security blog, the first step is looking at the URL- Does it contain words like “login” or “banking” or trademarks of the phishing target? Does it use an IP address for its hostname? Does it have a large number of host components, making the address unusually long? If the answer is yes to all of these questions, the page could be a phishing one.

The second step consists of analyzing the page – Does it contain a password field? Does the majority of the links point to the phishing target so that the phishing pages functions as the legitimate one would? Google’s computers check also the terms most often used on the page, and a telling terms like “password” raises a red flag.

The third step consists of a look-up of the hosting information – does the institution claim to be based in one country but the webpage is hosted on servers in another country and on a local ISP’s network? If the answer is yes, chances are high it’s not a legal site.

Lastly, checking to see whether the page is popular and checking the spam reputation of the domain on which the page is hosted will give you another clue – phishing pages are usually hosted on domains that have a (bad) reputation when it comes to spam sending.

When all these clues are combined and indicate that the site is likely set up for phishing purposes, it is put on Google’s blacklist that is used by the browsers to warn the users that they have landed on a malicious page.

“False positives” do happen, but they happen once every 10,000 checked pages, and even then it is usually a site set up for some other malicious purpose. The basis on which the classifier is trained to recognize phishing pages is provided by a sample of around ten million analyzed URLs in the last three months and an addition of current features, and it is executed once a day.

Phishers may use a number of techniques to try and bypass this system, but they can’t escape forever. The more people come to their site, the likelihood of someone recognizing it for what it is and reporting it to Google rises, so it’s just a matter of time before it gets flagged.

Continue reading »]]> Insecurity complex still rife shock

By John Leyden

30th March 2010

http://www.theregister.co.uk/2010/03/30/password_security_still_pants/

Nearly a quarter of people (23 per cent) polled in a survey by Symantec use their browser to keep tabs on their passwords.

A survey of 400 surfers by Symantec also found that 60 per cent fail to change their passwords regularly. Further violating the ‘passwords should be treated like toothbrushes’ maxim (changed frequently and not shared), the pollsters also found that a quarter of people have given their passwords to their spouse, while one in 10 people have given their password to a ‘friend’.

Password choices were also lamentably bad. Twelve of the respondents admitted they used the phrase ‘password’ as their, err, password while one in ten used a pet’s name. The name of a pet might easily be obtained by browsing on an intended target’s social networking profile.

Eight per cent of the 400 respondents said they used the same password on all their online sites, a shortcoming that means a compromise of one low-sensitivity account hands over access to a victim’s more sensitive webmail and online banking accounts. The survey respondents came from readers of Symantec’s Security Response blog, who might be expected to be more security savvy than the general net population, though the survey shows many of them making the same basic errors that crop up time and again in password security surveys.

Symantec has put together its findings together with a list of suggestions for picking better passwords, a basic but woefully overlooked security precaution, in a blog post at  http://www.symantec.com/connect/pt-br/blogs/password-survey-results.

The net security firm advised computer users to pick a mix of numbers, letters, punctuation, and symbols when picking passwords. This may be derived from taking a memorable phrase and altering it by replacing characters with symbols, for example. Surfers should avoid personal information, repetition and sequences in passwords, Symantec further recommends.

Continue reading »]]> IANS / PTI

The Hindu

March 2010

http://beta.thehindu.com/business/article193044.ece

There have been attempts to hack into the government computer network, but till date there has been no loss of vital information, says Minister of State for Communication and Information Technology Sachin Pilot.

“Yes, there have been attempts but I can categorically say that not one attempt has been successful,” the minister said. “The government’s computer network system, maintained by the National Informatics Centre, is highly efficient,” Mr. Pilot told IANS in an interview.

Earlier this year, hackers tried to penetrate government computers in vital ministries including the office of the National Security Adviser (NSA). These attacks, officials said, originated in China.

According to the Computer Emergency Response Team, a cyber security advisory and referral agency of the Department of Information Technology, 570 Indian web sites were defaced by hackers during January this year, against 271 during the like month of last year.

During the whole of last year, a total of 6,023 cases of defacement were reported.

The agency also said that during January, out of 246 cyber-security incidents, as 63 percent related to spamming, 18 to phishing, 8 percent to malicious viruses, 76 percent to unauthorised scanning and the rest to other categories.

Former NSA M.K. Narayanan, who is currently West Bengal governor, had stated that his office and other government departments were targeted on the same date that U.S. Defence, Finance and Technology companies, including Google, reported cyber attacks from China.

The hackers had sent an e-mail with a PDF attachment containing a Trojan virus. But the virus, which allows hackers to download or delete files, was detected and officials were told not to log on until it was eliminated.

Mr. Pilot pointed out that such hackers were usually scanning the entire system to find weak spots. “But our people are very efficient and well trained. Safeguards have ensured that national security has not been breached.”

The Ministry of External Affairs and Indian embassies have instituted stringent protocol on the use of e-mails by serving officers, which includes frequently changing passwords and using e-mails only for routine communication.

Besides, the ministry has instituted a periodic security review of all computers to ward off cyber threats.

Continue reading »]]> William Maclean, Security Correspondent

Reuters

Feb 22, 2010

http://www.reuters.com/article/idUKTRE61L37B20100222

LONDON (Reuters) – The best weapon against the online thieves, spies and vandals who threaten global business and security would be international regulation of cyberspace.

Luckily for them, such cooperation does not yet exist.

Better still, from a hacker’s perspective, such a goal is not a top priority for the international community, despite an outcry over hacking and censorship and disputes over cyberspace pitting China and Iran against U.S. firm Google.

Nations are thinking too parochially about their online security to collaborate on crafting global cyber regulation, an EastWest Institute security conference heard last week.

Policy statements from governments around the world are dominated by the need to heighten national cyber defenses. As a result, too many cyber criminals are getting a free ride.

“Nations are in denial,” a cyber law expert told Reuters, saying national legislation was of limited use in protecting users of a borderless communications tool.

“It may take a big shock of an event to wake people out of their complacency, something equal to a 9/11 in cyberspace,” he said referring to the 2001 coordinated attacks on U.S. cities.

With a quarter of humanity connected to the Internet, cyber crime poses a growing danger to the global economy.

TARGET THE PERPETRATOR

The FBI tallied $264 million in losses from Internet crime reported by individuals in the United States in 2008 compared to $18 million of losses from 2001: These were probably a fraction of the losses caused to companies and government departments.

The menace extends to many sectors including control systems for manufacturing, utilities and oil refining, since many are now tied to the Internet for convenience and productivity.

A priority for regulators is to find ways of tracking down criminals across borders and ensuring they are punished, a tough task when criminals can use proxy servers to remain anonymous.

“We cannot postpone the debate until we are in the midst of a catastrophic cyber attack,” former U.S. Homeland Security Secretary Michael Chertoff told the conference.

“We must formulate an international strategy and response to cyber attacks that parallels the traditional laws governing the land, sea, and air.”

Security experts say the ability to conduct disastrous mass cyber attacks is the preserve of some governments, well beyond the capacity of militant guerrilla groups like al Qaeda.

But it cannot be assumed that international organized criminal networks, long practiced at mass online fraud and theft, are not developing an interest in gaining this ability.

“Cyber crime is a very sophisticated crime with very sophisticated players and it takes a multinational effort to make sure we can enforce the law,” Dell Services President Peter Altabef told Reuters.

“Once you have identified who is at fault you really want to make sure, as a deterrent, that you can go to those jurisdictions and enforce the laws on the books.”

James Stikeleather, Dell Services Chief Technology Officer, told Reuters that tracking own criminals across borders could pose legal issues for drafters of multilateral regulation.

Giving an example, he said the more companies added the technology needed to give investigators the ability to attribute a crime, the more users’ privacy and anonymity would be reduced.

“PLAYING WITH FIRE”

“Probably the sticking point among the governments will be ‘where is the appropriate level of attribution versus anonymity or privacy for what people are doing (online)’.”

Datuk Mohammed Noor Amin, chairman of the U.N.-affiliated International Multilateral Partnership Against Cyber Threats, said failure to regulate could perpetuate cyber “failed states.”

He cited impoverished countries where customers can purchase unregistered SIM cards with mobile Internet capability, giving them the ability to commit online crime such as identify theft against people in rich nations without fear of being traced.

He said it was in the interest of rich nations to help poorer countries develop the capacity to crack down on this kind of abuse, because their own citizens were being targeted.

“Governments tend to look at their self-interest. But it’s actually in their own interest to collaborate,” he said.

Altabef said the growing rate and scale of international cyber attacks threatened to undermine the trust between nations, businesses and individuals that was necessary for economies and societies to act on the basis of the common good.

Complacency was also a problem, delegates said. “Nations take for granted the Internet is going to be ‘on’ for the rest of our lives. It may not necessarily be so,”.

“Imagine the Internet being down for two to four weeks,” he said. This would “rain disaster” on online businesses as well as transport, industry and governmental surveillance systems.

“People have realize the Internet is an integral part of every country, politically, socially and business-wise.”

“Not to focus on cybersecurity is playing with fire.”

Continue reading »]]> BANGALORE: An IT security firm, Sophos, is warning that a major attack against Twitter users last weekend that was designed to steal passwords and use hijacked accounts to spread moneymaking spam campaigns.

The attack, which is ongoing, began on Saturday, as Twitter users found members of the micro-blogging network had posted messages disguised as humorous inks, but actually aimed to phish passwords credentials from unsuspecting users.

Messages, which began with phrases such as “Lol. this is me??”, “lol, this is funny.”, “Lol. this you?? ” and “ha ha, u look funny on here”, were accompanied with clickable links which redirected users to a fake Twitter login page hosted on a Web site based in China.

Researchers discovered that although the main wave of poisoned messages has been via private direct messages between individual users on Twitter, dangerous links are also being posted in public feeds. This means that innocent users can stumble across the links even if they are not sent it directly, or even if they are not a signed-up user of Twitter.

“Thousands of users being put at risk of having their account broken into,” said Graham Cluley, senior technology consultant at Sophos.

“The cybercriminals behind the attack are creating a zombie network, or botnet, of hacked accounts that they can then abuse to spread spam, distribute malware and steal identities. There’s nothing funny about the LOL attack — you have to be on your guard against clicking on the dangerous messages. If you’ve fallen for it you must change your Twitter password immediately.”

The phishing campaign appears to be already bearing fruit for the hackers as they are now distributing spam selling herbal Viagra from the compromised accounts.

Continue reading »]]> DAILY NEWS

February 18th 2010

http://www.nydailynews.com/news/2010/02/18/2010-02-18_kneber_botnet_virus_attacks_75000_computers_worldwide_including_us_government_sy.html

A new computer virus has infected almost 75,000 computers worldwide – including 10 U.S. government agencies – collecting login credentials from online financial, social networking sites and email systems and reporting back to hackers.

The virus, dubbed the Kneber botnet, is thought to be the brainchild of an Eastern European criminal group that is likely selling the information on the black market, according to the Internet security firm NetWitness, which uncovered the attacks in January.

The attacks are continuing and corporate losses are still being compiled, said NetWitness chief technology officer Tim Belcher.

The FBI, Department of State and Department of Homeland Security have been notified, Belcher said.

The crime groups “running this activity are every bit as expert at compromising systems and siphoning off information as nation states,” according to Belcher.

“They’re well funded, motivated and successful.” Hackers using the new virus have infiltrated the computer networks of more than 2,400 companies in almost 200 countries over an 18-month period, the Herndon, Va.-based computer security firm reported.

Further investigation revealed that many commercial and government systems were compromised, including 68,000 corporate login credentials and access to email systems, online banking sites, Yahoo, Hotmail and social networks such as Facebook.

Infiltrated companies include pharmaceutical giant Merck & Co., Cardinal Health Inc., software firm Juniper Networks and Paramount Pictures, the Wall Street Journal reported Thursday.

Hackers reportedly used the virus to break into computers at 10 U.S. government agencies and in one case obtained the user name and password for a soldier’s military e-mail account.

Companies in Egypt, Mexico, Saudi Arabia, Turkey and the U.S. are the most frequently targeted in the attack, according to a research paper released by NetWitness.

The attack uses a piece of software called ZeuS, designed in Eastern Europe, that takes control of large numbers of computers.

ZeuS is among the top five most reported computer infections, according to the Department of Homeland Security.

“These large-scale compromises of enterprise networks have reached epidemic levels,” said Amit Yoran, CEO of NetWitness and former Director of the National Cyber Security Division.

“Cyber criminal elements like the Kneber crew quietly and diligently target and compromise thousands of government and commercial organizations across the globe.”

Yoran said that conventional intrusion detection systems are “inadequate for addressing Kneber or most other advanced threats.”

Continue reading »]]> 17 February 2010

http://www.h-online.com/security/news/item/Top-25-Programming-Errors-list-updated-933535.html

Just as they did last year, over thirty international security organisations have come together, to publish a list of the 25 most dangerous programming errors leading to vulnerabilities that can be exploited for cybercrime and espionage. The 2010 CWE/SANS Top 25 MDPE (Most Dangerous Programming Errors) has been updated with a number of improvements to how the errors are graded, prioritised and categorised. For example, new “Focus Profiles” allow readers to quickly see the listed errors sorted for particular professionals’ interests.

A Category based view of the list sorts the errors into “Insecure Interaction”, covering various injection techniques, “Risky Resource Management”, covering buffer overflows or invalid calculations and “Porous Defenses”, which encompasses weaknesses in encryption or authentication. In the overall short list, the top problems were cross site scripting, SQL injection, classic buffer overflows, cross site request forgery and improper access control.

The idea behind the publication of the list is to make developers aware of the causes of many weaknesses and their ramifications in terms of overall security. The list also includes a section on “Monster Mitigations”, a set of practices which, if followed, can help address many of the Top 25 errors or reduce their severity.

Red Hat’s Mark Cox also published an analysis of programming errors Red Hat experienced in 2009. He noted that of the eleven flaws that have affected Red Hat Linux development, 5 were not in the top 25 but four of them were “on the cusp” having just missed inclusion in the CWE/SANS list. Cox says that “2009 was the year of the kernel NULL pointer dereference flaw” but that this flaw didn’t make it to the top 25 as, in 2010, the “Linux kernel and many vendors ship with protections to prevent kernel NULL pointers leading to privilege escalation”.

Organisations that contributed to the compilation of the list include, McAfee, Microsoft, Oracle and Symantec as well as organisations such as the Open Web Application Security Project (OWASP) and the Web Application Security Consortium (WASC).

The initiative is managed by Mitre and the SANS Institute . It receives funding from the US Homeland Security’s National Cyber Security Division and the NSA, who also contributed to compiling the list.

The List –

http://cwe.mitre.org/top25/#Listing

Continue reading »]]> ‘Kill Zeus’ removes rival software from PCs, giving Spy Eye access to usernames, passwords

By Robert McMillan

IDG News Service

February 9, 2010

http://www.computerworld.com/s/article/9154618/New_Russian_botnet_tries_to_kill_rival

IDG News Service – An upstart Trojan horse program has decided to take on its much-larger rival by stealing data and then removing the malicious program from infected computers.

Security researchers say that the relatively unknown [Spy Eye toolkit] added this functionality just a few days ago in a bid to displace its larger rival, known as Zeus.

The feature, called “Kill Zeus,” apparently removes the Zeus software from the victim’s PC, giving Spy Eye exclusive access to usernames and passwords.

Zeus and Spy Eye are both Trojan-making toolkits, designed to give criminals an easy way to set up their own “botnet” networks of password-stealing programs. These programs emerged as a major problem in 2009, with the U.S. Federal Bureau of Investigation estimating last October that they have caused $100 million in losses.

Trojans such as Zeus and Spy Eye steal online banking credentials. This information is then used to empty bank accounts by transferring funds to so-called money mules — U.S. residents with bank accounts — who then move the cash out of the country.

Sensing an opportunity, a number of similar Trojans have emerged recently, including Filon, Clod and [Bugat], which was discovered just last month.

Spy Eye popped up in Russian cybercrime forums in December, according to Symantec Senior Research Manager Ben Greenbaum.

With its “Kill Zeus” option, Spy Eye is the most aggressive crimeware, however. The software can also steal data as it is transferred back to a Zeus command-and-control server, said Kevin Stevens, a researcher with SecureWorks. “This author knows that Zeus has a pretty good market, and he’s looking to cut in,” he said.

Turf wars are nothing new to cybercriminals. Two years ago a malicious program called Storm Worm began attacking servers controlled by a rival known as Srizbi. And a few years before that, the authors of the Netsky worm programmed their software to remove rival programs Bagle and MyDoom.

Spy Eye sells for about $500 on the black market, about one-fifth the price of premium versions of Zeus. To date, it has not been spotted on many PCs, however.

Still, the Trojan is being developed quickly and has a growing list of features, Greenbaum said. It can, for example, steal cached password information that is automatically filled in by the browser, and back itself up via e-mail. “This is interesting in its potential, but it’s not currently a widespread threat at all,” he said.

Continue reading »]]>

I ran across a pretty interesting article on RSnake’s blog about using a URL to get users to disclose personal information. Here is the original article:

http://ha.ckers.org/blog/20090810/de-cloaking-in-ie70-via-windows-variables/

I tested this in IE8 and the posting claims it works in IE6 and IE7 as well.  I tested in Firefox with and without NoScripts enabled and it doesn’t work.  Yay Firefox!

What you can do is to embed text in a URL surrounded by the normal % % that will grab the actual value out of the system value and post it to the webserver.  Since the values post to the webserver, the people behind the webserver have the ability to view the values.  So, what types of information can be disclosed?  Anything that is contained within your Enviromental variables, for example.

RSnake put up a page that will allow you to try this out:  You will see that the appdata and Computer name should display in the resulting page.

http://ha.ckers.org/log.cgi/rAnd0mcr4p%aPpdAta%2hide%coMpuTeRnaME%th3v4rz

RSnake has asked that if anyone could get this URL to work without requiring a user to type it in their address bar.  Several posters commented that they tried embedding the URL in images, IFrames, etc and couldn’t do it.

Pretty interesting stuff.

Continue reading »]]> Over a billion people visited social networking sites such as Facebook and Twitter last month so it’s not surprising that hackers have these sites in their cross-hairs.

The attacks come in many forms: spreading Trojan viruses including key loggers, phishing for passwords and sniffing out packets of sensitive information.

In fact, according to recent research from Breach Security Labs, social networks were the most targeted category in 2009, accounting for 19% of all malicious attacks last year.

The media reports evidence of these attacks seemingly every day.

For instance, in late January Twitter announced that they had once again fallen victim to hackers who were using torrent-based phishing attacks to steal usernames and passwords and hack into user accounts.

This is not the first time the popular social network has been hacked.

In late 2009, some Twitter users fell victim to a phishing attack when they received email notifications from their “new followers,” with a link that lead them to a fake Twitter site where they were prompted to enter their usernames and passwords.

Facebook has had its share of malicious attacks as well.

Most recently, in January there were widespread reports of users receiving direct messages from their “friends” within the network that included a link to a website that was suspected to infect the user’s computer with spyware.

Other widely reported incidents involve offers for a free iPod touch or gift cards, when in fact the only gift these unsuspecting users received was to have their usernames and passwords sold as part of a phishing list readily available for would-be cyber criminals to purchase online.

It’s no shock that these sites are being targeted considering that the time American’s spent on social networks increased 82% in 2009 from the previous year, accounting for over 17% of the total time spent online. *

Many of the more prominent networks have taken measures to increase security and privacy settings.

For example, Facebook has begun to closely monitor the number of postings from each account to detect abnormal behavior that can indicate an account has been compromised.

If a user who normally posts once or twice a day begins to send out hundreds of messages, the account is flagged within the system and attempts are made to contact the user and alert them to change their password and advise friends not click though on links from their recent postings.

In addition to setting robust social network passwords, setting personal reminders to change your passwords monthly and taking advantage of the privacy settings afforded by each individual network, consumers can also take advantage of simple and cost effective data encryption solutions designed to lock down your personal info and passwords.

The more advanced encryption software solutions available today enable the user to securely log into websites by using specialized tools like password managers that retain all of the data regarding each account in an encrypted vault or folder.

The data entered into password managers is encrypted in case of theft or loss of the computer or USB flash drive it is stored on.

These types of password protection features are also capable of creating, storing and managing strong secure passwords so you can maintain unique IDs for each website, without having to remember them each time you log on to do online banking, surf social networks or check your email.

By utilizing tools like password managers, users eliminate the risk of exposing themselves when using computers that they do not own.

Finally, there is another very simple tool that needs to be used when on any type of social networking site: common sense.

Only put info on your walls, blogs, tweets or posts that you would feel comfortable with strangers knowing. For example, you may not want everyone to know when you will be out for the night.

This opens a door for someone to be watching and break into your home knowing you are not around.

Exercising some simple common sense in terms of what information is made public could have prevented many of the social network related horror stories we hear about every week.

With the rapid growth in social networking and the increasing instances cyber criminals targeting these online destinations, it’s imperative that we all understand the potential threats of identity theft and harm to our personal reputations.

By using simple data encryption and password protection tools, you can ensure that your personal information and online identities remain secure and private.

Nielson Research Study

Continue reading »]]> By Andy Jordan

February 5, 2010

http://blogs.wsj.com/digits/2010/02/05/the-rise-of-caller-id-spoofing/

Applications that let users change or “spoof” their Caller ID are gaining in popularity in mobile phone app stores, even as Congress considers stalled legislation to outlaw particular uses of the technology, and criminals use it to engage in nefarious activity.

Caller ID spoofing technology allows a user to change the caller ID to show any desired number on a recipients caller ID display. There are currently a handful of companies that offer this service including SpoofCard (and it’s mobile application called Spoof App) and Spoofem, among others.

Most spoofing apps allow pranksters to mask or change their voice as well, and Spoofem actually allows users to fake texts and email. Popular desktop versions are now becoming available online in Blackberry and Droid app stores.

Spoofem and Spoofcard both claim over a million customers. “People use it as a lifestyle,” says Meir Cohen, President of TelTech Systems, SpoofCard’s parent company. Most services tend to charge $10 an hour. Spoofem’s President Gregory Evans claims more than a million dollars a year in profit.

There are useful and legitimate applications of the software: A doctor who has to call back a patient late at night and doesn’t want them to have his home or cell phone number, for instance; A public relations specialist calling on behalf a client, and wanting the client’s name to pop up on the Caller ID display.

And, of course, there is the cheating issue. Spoofem started marketing its product to women when it found, early on, that 80 percent of its users were women who were trying to catch their boyfriend or girlfriend cheating.

But the same spoofing software lets users hack into other people’s voicemail, by taking advantage of a feature in most mobile phone carriers that allows calls from a person’s own phone to default to voicemail without a password.

Spoofing companies blame the carriers for the security flaw. “It is not the service…. it’s the cell phone companies,” says Gregory Evans, President of Spoofem.com. “The cell phone companies have to take some type of responsibility.”

Some companies, such as T-Mobile have a default setting for voicemail that does not include a password.

“If the customer does not elect to turn the password on during setup, then the default setting is off,” says a spokesman for the company. “Individuals using these spoofing applications risk criminal as well as personal liability for their actions.”

AT&T also does not default its users to a passcode for voicemail. “Our customers strongly prefer to have one touch voicemail,” a spokeswoman says. “However, we make it simple to set your voicemail settings to require a password and encourage customers to do so.”

Amy Storey, A spokeswoman for CTIA, the International Association for Wireless Telecommunications, which represents wireless carriers, believes Caller ID spoofing should be illegal and supports proposed lesiglation that would make certain uses of spoofing software illegal.

Spoofing companies are confident they will survive, in the same way email technology survived spamming, or similar phishing scams. Washington, D.C.-area based Telecom Attorney Mark Del Bianco, who also represents Spoofcard, says Congress cannot legislate against a technology. “They can’t make telling lies illegal,” he says.

Del Bianco recommends setting up and keeping a password prompt on mobile voicemail. “In the end, it’s the responsibility of anyone who has a voicemail box to make sure it’s not easy to hack into that voicemail box,” he says.

And for those thinking of committing a crime with the Caller ID spoofing software, Del Bianco has words of caution. “There are an awful lot of people who believe that if they use Caller ID spoofing, somehow there is no call record, and it can’t be traced. That’s not the case.” He says Spoof Card gets regular subpoena requests from unhappy spouses and the NSA, among others.

Continue reading »]]> By Ellen Messmer

Network World

February 3, 2010

http://www.computerworld.com/s/article/9151979/How_Wi_Fi_attackers_are_poisoning_Web_browsers?source=CTWNLE_nlt_security_2010-02-04

Public Wi-Fi networks such as those in coffee shops and airports present a bigger security threat than ever to computer users because attackers can intercede over wireless to “poison” users’ browser caches in order to present fake Web pages or even steal data at a later time.That’s  according to security researcher Mike Kershaw, developer of the Kismet wireless network detector and intrusion-detection system, who spoke at the Black Hat conference.

He said it’s simple for an attacker over an 802.11 wireless network to take control of a Web browser cache by hijacking a common JavaScript file, for example.

“Once you’ve left Starbucks, you’re owned. I own your cache-control header,” he said. “You’re still loading the cache JavaScript when you go back to work.

“Open networks have no client protection,” said Kershaw, who also uses the handle Dragorn. “Nothing stops us from spoofing the [wireless access point] and talking directly to the client,” the user’s Wi-Fi-enabled device.

Knowledge gained from researchers over the past year, he said, is showing that browser-cache poisoning over Wi-Fi can be kept in a persistent state unless the user knows how to effectively empty the cache.

“Once the cache is poisoned, it’s going to stay there,” Kershaw said. This means that an attacker can intercede to “poison the URL” of the victim so that he will see a fake Web page when they try to visit a specific Web site or try to insert a “shim” that could “ship your internal pages off to a remote server once you’re in a VPN.”

The few defenses Kershaw suggested were continuously manually clearing the cache, or using private-browser mode. “Who knows how to clear the browser cache in an iPhone?” he asked.

Kershaw acknowledged he doesn’t know how widely attacks based on poisoning the browser cache via 802.11 actually are. But the potential for trouble is so evident he said he’d advise corporate security professionals to try to “forbid users from taking laptops onto open networks,” though he admitted, “Your users may lynch you.” He said some vendors, including Verizon, are looking at solving this problem with a custom client that is tied to specific operating systems.

Continue reading »]]> TNN

01 February 2010

http://timesofindia.indiatimes.com/india/India-needs-a-separate-cyber-police-force-Moily/articleshow/5521142.cms

NEW DELHI: India urgently needs a well-trained special police force to deal with cyber crimes and it must be equipped and trained to deal with all kinds of internet bugs, law minister Veerappa Moily said on Sunday.

“India does not have a specific police force to deal with cyber crimes and implementation of laws against crimes in the virtual world. India needs it urgently following the footsteps of US and South Korea,” Moily said at an interactive seminar for judges, heads of police forces and prosecution of states here.

He said there were many impediments that needed to be overcome soon. While a vast majority of the police force or prosecutors in the country had no experience of tackling cyber crime, judges too lacked experience in appreciating evidence in such cases. As cyber crime knows no geographical boundary, the absence of international cooperation between police forces adds to the woes of victims and lets the culprit go scot free, he said.

It was attorney general G E Vahanvati who pointed out the danger potential of cyber crime as was shown by `Trojan horse’ and `I love you’ bug and said cyber crime was not limited to the web world but had been extended to mobile phones, which could be used to bombard a victim with messages and send illicit MMSes.

Chief Justice of India K G Balakrishnan said cyber crimes caused irreparable damage to the victims though it may not involve inflicting of physical pain. “Someone’s bank account can be wiped off depriving him of life-long savings and others can face huge loss of reputation when his face is morphed and put in an obscene video on the net,” he said while emphasising on sensitisation of the police, prosecutors and judiciary about the consequences of the crime.

Supreme Court judge and Cyber Law Enforcement Committee chairman, Justice Altamas Kabir, said the attending DGPs and judges should make efforts to understand the nitty-gritty of the anti-cyber crime law enacted by the country in the shape of IT Act, 2000. However, he said going by the growing ingenuity of cyber criminals, there was a need for expanding the definitions of various crimes listed in the law.

Continue reading »]]> ATTACKED : CIA, PayPal under bizarre SSL assault

Plus hundreds of others

By Dan Goodin in San Francisco

29 January 2010

http://www.theregister.co.uk/2010/01/29/strange_ssl_web_attack/

The Central Intelligence Agency, PayPal, and hundreds of other organizations are under an unexplained assault that’s bombarding their websites with millions of compute-intensive requests.

The “massive” flood of requests is made over the websites’ SSL, or secure-sockets layer, port, causing them to consume more resources than normal connections, according to researchers at Shadowserver Foundation, a volunteer security collective. The torrent started about a week ago and appears to be caused by recent changes made to a botnet known as Pushdo.

“What do I mean by massive? I mean you are likely seeing an unexpected increase in traffic by several million hits spread out across several hundred thousand IP addresses,” Shadowserver’ Steven Adair wrote. “This might be a big deal if you’re used to only getting a few hundred or thousands of hits a day or you don’t have unlimited bandwidth.”

Shadowserver has identified 315 websites that are the recipients of the SSL assault. In addition to cia.gov and paypal.com, other sites include yahoo.com, americanexpress.com, and sans.org.

It’s not clear why Pushdo has unleashed the torrent. Infected PCs appear to initiate the SSL connections, along with a bit of junk, disconnect and then repeat the cycle. They don’t request any resources from the website or do anything else.

“We find it hard to believe this much activity would be used to make the bots blend in with normal traffic, but at the same time it doesn’t quite look like a DDoS either,” Adair wrote.

Continue reading »]]> COPYCAT : China Hacks Inspire Copycats

Jaikumar Vijayan,

Computerworld

Jan 24, 2010

http://www.pcworld.com/article/187534/china_hacks_inspire_copycats.html?

Malicious hackers have begun using the recent cyberattacks against Google and more than 30 other companies as lures for launching even more targeted attacks, security firm F-Secure said in a blog post today.

The company reported spoofed e-mails purporting to contain details on the alleged Chinese attacks that contain a PDF attachment. When opened, it installs and runs the Acrobat.exe backdoor on the user’s machine.

A screen shot posted on F-Secure’s Web site showed an e-mail designed to look like it came from George Washington University. The e-mail, with the subject header ‘Chinese cyberattack,’ offered the target a review of an article on the recent attacks that the purported author had just written for the Far Eastern Economic Review.

When the attached PDF is opened in Acrobat Reader, it exploits a known vulnerability in the doc.media.newPlayer function of the reader to install a back door on the user’s system, F-Secure said. The flaw was patched by Adobe last week.

F-Secure reported seeing targeted attacks using similarly poisoned PDF files being directed at U.S. military contractors earlier this week. In that case, the e-mails were designed to appear as if they were from the U.S. Air Force and purported to contain information on an actual Department of Defense event scheduled for later this year.

F-Secure also said it has learned of a similar e-mail targeting the “intelligence sector,” but offered no further details.

Attacks that attempt to take advantage of popular news events or stories to fool users into clicking on malicious attachments or browsing to malicious sites have become common in recent years. What’s different now is that such attacks are being directed at specific individuals and are increasingly tailored to appear as if they are from a trusted source. Many of the so-called Advanced Persistent Threats (APT) faced by large companies such as Google rely heavily on social-engineering tricks to get targeted individuals to open infected e-mails or download malicious files.

Continue reading »]]> There is a new facebook application doing the rounds by the name of Photas, it will say that a frnd of urs commented on a photo of you, and when u try to check the photo, it will take u to this page: http://www.facebook.com/apps/application.php?id=448829670716 , goign there will send this trojan to all your friends and thus spread exponentially.
Do not fall for this.

In General, dont take everything for granted on sites like facebook etc, look before you add apps, u may never know what you might give away.

Forward this to your friends so that they also dont fall for this.

Continue reading »]]> CRACK : Hackers crack airport access

By Matthias Kremp

14/01/2010

http://www.spiegel.de/netzwelt/netzpolitik/0,1518,671980,00.html (Translated from German by Google)

http://translate.google.com/translate?u=http%3A%2F%2Fwww.spiegel.de%2Fnetzwelt%2Fnetzpolitik%2F0%2C1518%2C671980%2C00.html&sl=de&tl=en&hl=&ie=UTF-8

Alarming vulnerability to major German airports: With a simple 200-euro device can outsmart the security barriers. Hackers of the CCC led to ARD reporters can be scanned as easily access cards, and then electronically simulated – the police union is appalled.

After the foiled bomb attack in Detroit, the security agencies and airports have reacted quickly and sharply, before the inspection are always long queues, because the checks have been stepped up. Each piece of hand baggage is searched, each fluid control, many passengers two or three times chased through the metal detector.

It is an easy way to circumvent the controls – the ARD-Magazin “Contrasts” is now demonstrating that it appears in many German airports are a vulnerability that can be exploited by simple means.

The allegations are directed against several German airports used to access security system of the Swiss agent LEGIC It should be easy to crack – how easy to have hackers from the Chaos Computer Club (CCC reporters) presented.

The operating principle of the system is simple: Each employee receives an ID card with built-in microchip. To get into airport security areas, the card is tilted close to a reader. This takes over the air on contact with the chip that reads the data and opens the door, where the institution of the chip is identified as being authorized to access.

But with a relatively simple device can be cut short this seemingly secure protection mechanism. Namely, with a “programmable RFID reader, which can both pretend to be a reader – and can pretend to be a map,” said Karsten Nohl, CCC member of the “contrast” searchers. Assemble the apparatus, therefore, will cost less than $ 200.

With this device you can first read an access card – and then switch it so that it emulates the card, then electronically replicates. In the end, can be with the RFID reader to open those doors, which also include the original would have been granted access.

15 centimeters range approximation

In an interview with SPIEGEL ONLINE, the manufacturer Legic confirmed “that members of the Chaos Computer Club has been able to evaluate by reverse engineering the algorithm of Prime and disclose.

Nohl and other CCC members were “simply shocked to even find any hurdles that we would have to overcome.” Only the limited range of the used RFID reader and emulation device using brakes. With a suitably powerful power supply can be ideally bridging distances of about 70 centimeters. If one wishes to remain anonymous and do not bulky power apparatuses attention to themselves, reduces the distance to up to 15 centimeters. But it was no real obstacle, “said ARD editor Matthias Deiss

To read out a map of it ultimately matter if you stands on an escalator next to an airport employee. Because the ID cards bear the usually either on a long ribbon around the neck or with a short bunch of keys on his belt.

The Swiss compromised by the hackers access system is used in Germany at the airports of Hamburg, Berlin-Tegel, Stuttgart, Dresden and Hanover – and marketed internationally. How far with the stunt is in doubt, was an employee of the Hamburg airport the “contrasts” reporters clear. He had his access card entry to the security area and could thus “on access gates, roads, terminals and gates directly via the apron and of course get on an airplane.” With the RFID reader, the same should be possible.

The system is outdated

The Hamburg Airport recognizes the vulnerability. However, it is pointed out that the access is not the only security mechanism of the airport. With other systems would ensure that no unauthorized persons enter the premises. The nature of these systems has been, “contrasts” but not answered. An exchange of more than 15,000 access cards and readers can not get around 500 for cost reasons.

If you read the product description, the Legic published on his website, anyway, the question arises, why use airports specifically chosen this system to protect access. Accordingly, were key to the development of the system presented at the 1992 Cebit, the simplification and comfort in mind. It is also designed for controlling access to “large-scale projects in the leisure industry”, say for example in holiday resorts. According to the data sheet a “basic security with a focus on organization and convenience” is one of the main features of the system.

Legic told SPIEGEL ONLINE with the Prime System Chriffrierverfahren use a firm that meets the technical possibilities of 1992. The company has argued that such procedures are based essentially on the secrecy of the algorithms used. Compared with today’s methods “have these older methods, a lower safety level than modern systems”, which gives the manufacturer openly. He recommends that its customers, the technology “reassess and, where necessary, replace it with modern security systems.” However, even today is still guaranteed the security – if one Legic Prime with additional measures such as a pin number, a video surveillance or simply supplement an usher. But because it costs, just as a replacement of the entire system.

Interior Ministry and police union response

According to a spokesman for the Federal Interior Ministry is on the airport operators to review the security controls already been suggested. Rainer Wendt, chairman of the German police union, which is too little – he asks to replace the cracked security system immediately and put on the cutting edge of technology.

For the omissions of the operators, he shows no sympathy. He proposes to put the security operation now under the supervision of the federal police to: “so that the airport can be more sloppy as they want.”

Continue reading »]]> We’ll ignore this window if you close it

By Cade Metz in San Francisco

Posted in Security, 27th January 2010 00:28 GMT

http://www.theregister.co.uk/2010/01/27/google_toolbar_caught_transmitting_data_when_disabled/

Google has updated its browser toolbar after the application was caught tracking urls even when specifically “disabled” by the user.

In a Monday blog post, Harvard professor and noted Google critic Ben Edelmen provided video evidence* of the Google toolbar transmitting data back to the Mountain View Chocolate Factory after he chose to disable the application in the browser window he was currently using.

The Google toolbar offers two disable options: one is meant to disable the toolbar “permanently,” and the other is meant to disable the app “only for this window.”

In a statement passed to The Reg, Google has acknowledged the bug. According to the statement, the bug affects Google Toolbar versions 6.3.911.1819 through 6.4.1311.42 for Internet Explorer. An update that fixes the bug is now available here, and the company intends to automatically update users’ toolbars sometime today.

The statement also says that the bug does not occur if you open a new tab after disabling the toolbar for a particular window. In the statement, Google goes on to say that the bug disappears if you restart your browser, but this doesn’t quite make sense. If you’re interested in disabling Google toolbar for a particular window, you aren’t going to close that window.

“For that option to work as its name promises, Google Toolbar must cease transmissions immediately,” Edelman says. “Fact is, the ‘Disable Google Toolbar only for this window’ option doesn’t work at all: It does not actually disable Google Toolbar for the specified window.”

It would appear that in saying the bug is fixed when the browser relaunches, Google is referring to a second bug Edelman uncovered. The Harvard prof also found that the toolbar continued to transmit data when he attempted to disable it through Internet Explorer’s “Manage Add-ons” window.

With the Google toolbar, certain “enhanced features” require the transmission of data back to Google servers. These features include the ability to view a website’s Google PageRank, essentially a measure of its importance on the web at large, and the new Sidewiki, a means of adding meta-comments to webpages. Using a network monitor, Edelman confirmed that if “enhanced features” are activated, Google collects domain names and associated directories, filenames, URL parameters, and search terms.

The user chooses whether to turn on “enhanced features,” but Edelman argues that it’s much too easy for a user to do so without completely realizing the consequences. The toolbar’s standard installation routine launches a “bubble message” that pushes readers to turn on the features, he says, and it’s less than clear about what data is being transmitted.

“The feature is described as ‘enhanced’ and ‘helpful,’ and Google chooses to tout it with a prominence that indicates Google views the feature as important,” Edelman writes. “Moreover, the accept button features bold type plus a jumbo size (more than twice as large as the button to decline). And the accept button has the focus – so merely pressing Space or Enter (easy to do accidentally) serves to activate Enhanced Features without any further confirmation.”

Yes, he continues, the message points out that the toolbar “tells us what site you’re visiting by sending Google the url.” But he argues this stops short of explaining that it collects everything from directories, filenames, and URL parameters to search keywords.

What’s more, Edelman says, turning off “enhanced features” is more difficult than turning them on – especially for the average Joe. It appears that the features can’t be turned off unless you uninstall the entire toolbar. Or “disable” it. But that doesn’t always work. Or at least it didn’t until Edelman noticed it didn’t.

* Video evidence at

(http://www.benedelman.org/spyware/images/googletoolbar-jan10/disablex-video-012110.html)

Continue reading »]]> Mobilewitch Bluetooth Remote Control is a free of charge program that can be used to control your computer from distance. The main purpose of this software is to turn your mobile phone into a universal PC remote control.

The application is perfect for business as well as for your own enjoyment. Now you can easily remote control your PowerPoint presentations, Mouse Cursor or simply explore the content of your computer directly from your mobile phone.

Tones of handy features will be available after installing the software. You will be able to change the tracks and videos played on Media Player or Winamp, browse for artists, albums or adjust the volume. The application will also give you remote access to programs such as Windows Explorer, Internet Explorer or Firefox. In the same time you will be able to Run commands on your computer or send text messages to your desktop.

The program consists of two parts – the client and the server (both being written in Java). The former is located into a J2ME capable mobile phone with Bluetooth capabilities while the latter is placed in the computer you wish to remotely control.

So, all you need for this software to run is a mobile phone with Bluetooth™ support and a Bluetooth dongle installed on your computer.

In order to start using the Mobilewitch Bluetooth Remote Control you first need to download and install both Mobile Application and PC Server. In case of Nokia mobile phones, the Nokia PC Suite will automatically recognize and prompt you to install the application on your handset.

After the installation is complete, please use the following steps:

Step 1

Start the PC Server application first

Step 2

Start the Mobile Application. On Nokia phones the shortcut is located in Menu/Applications/Collection. The phone will automatically start searching for active devices.

Once both devices are connected you will be able to access the Mobilewitch Bluetooth Remote Control Menu from your phone.

From this menu you will be able to control your mouse cursor, keyboard and the following programs, if installed on your computer: Windows Explorer, Firefox, Window Media Player, Internet Explorer, Winamp and Powerpoint. Please note that each application you would like to control has to be first started from the computer and needs to be Always On Top of your desktop.

Features

- Remotely control Mouse, Keyboard, PowerPoint, Winamp, Windows Media Player and much more
- Get access to your desktop from your phone
- Bluetooth setup free! Simply connect from your phone
- Customize your applications through Keymaps or VB and JScripts
- Supports all PC Bluetooth solutions Toshiba, Windows, BlueSoleil and Widcomm/Broadcom

Continue reading »]]>

Continue reading »]]> Fraudsters collaborating on software to steal bank details

By Nick Heath

18 September 2009

http://software.silicon.com/security/0,39024655,39525925,00.htm

Malware developers are going open source in an effort to make their malicious software more useful to fraudsters.

By giving criminal coders free access to malware that steals financial and personal details, the malicious software developers are hoping to expand the capabilities of old Trojans.

According to Candid Wüest, threat researcher with security firm Symantec, around 10 per cent of the Trojan market is now open source.

The move to an open source business model is allowing criminals to add extra features to their malware.

“The advantages are that you have more people involved in developing it, so someone who is into cryptography could add a cryptographic plug-in or somebody who does video streaming could add remote streaming of the desktop,” Wüest said.

Releasing Trojans as open source dates back to 1999, when the Cult of the Dead Cow group released the source code for its Trojan called Back Orifice.

More recently, the developers of the Limbo Trojan published its source code in an effort to boost take-up following a slump in its use by fraudsters.

Following its release in 2007, the Limbo Trojan became the most widely used Trojan in the world but fell from favour in 2008 after the more sophisticated Zeus Trojan was released, according to security company RSA.

There is a big cash incentive to be the dominant Trojan, with infected machines and the financial and personal details they capture worth millions of dollars on the black market. The Limbo Trojan kit was previously sold to fraudsters for $350 per time before it went open source, while the Zeus Trojan today sells for between $1,000 to $3,000.

However, head of new technologies at RSA Uri Rivner said the move to become open source had not reversed Limbo’s decline in fortunes.

“It is a move to the same business model as that behind any open source project – to give away a basic version and sell more advanced versions, professional services or customisations.

“At the beginning of it going open source it was big news but people have since stopped investing in it.

“It is not the best Trojan any more but because it’s open source you can try it as your first Trojan and it is still used in some places,” he said.

Limbo’s popularity continues to slump, despite numerous features in the basic version that allow criminals to add extra fields for PIN numbers into fake banking websites and capture the keystrokes and the files saved on an infected computer.

And while open source may not have boosted Limbo’s fortunes, it also brings with it separate problems for the fraudsters: open sourcing code also places it in the hands of security professionals.

“If you make [the Trojan] open source that means that a security company can find the source code and it is easier to make a general heuristic detection for it, as they know what could be in it,” Symantec’s Wüest said.

The majority of Trojan infections occur via driv- by downloads, where the malware is automatically downloaded after browsing an infected website, or messages sent via social networking sites that encourage people to download a Trojan masquerading as a legitimate security update, according to RSA’s Rivner.

These infection methods are proving far more effective at getting Trojans onto machines than earlier techniques such as sending an email with a link to an infected file or attachment.

RSA analysts say these new methods have fuelled an exponential growth in the rate of infection, with the security firm detecting 613 Trojan infections in August 2008 compared to 19,102 in August 2009.

Continue reading »]]> Conficker worm could be ‘weaponized,’ web security researcher warns

November 2, 2009

http://www.mxlogic.com/securitynews/viruses-worms/conficker-worm-could-be-weaponized-web-security-researcher-warns574.cfm

In the year since the inception of the Conficker worm, a malicious strain of virus that has infected computers all over the globe, security researchers have tracked its spread to as many as 7 million machines.

Although internet security researchers at the Conficker Working Group advise that it is impossible to track the exact number of PCs infected by Conficker, the latest estimates put the worm’s spread at around the 7 million mark, a milestone in the making of a huge botnet, according to Computerworld.

Botnets are controlled by hackers, cyber criminals or sometimes governments for the purpose of launching spam, malware and distributed denial-of-service attacks (DDOS), which can overpower website servers with malicious traffic that slows or crashes websites.

As an element of cyber war, DDOS attacks require a large enough botnet to overpower defenses, according to security experts. Andre DiMino, co-founder of The Shadowserver Foundation, said a botnet the size of Conficker could be “weaponized” in a cyber attack.

“This is certainly a botnet that could be weaponized,” DeMino said, according to Computerworld. “When you have a net of this magnitude, the sky’s the limit in terms of what could be done.”

DDOS attacks launched last July shut down government, banking and commercial sites in the U.S. and South Korea. Smaller attacks have hit sites like Twitter, Facebook and news websites.

Continue reading »]]> CRPCC TEAM with inputs from PIB and PTI

October 27, 2009

The Information Technology (Amendment) Act 2008 comes into force from 27 October 2009. The amended act provides for tightening procedures and safeguards for monitoring and interception of data to prevent computer and cyber crimes.

“The IT (Amendment) Act 2008 came into force today,” an official statement said.

Besides monitoring and interception, the amended Act also makes Indian Computer Emergency Response Team (CERT-In), a body created as per the act of parliament. CENRT-In has been provided with wider powers and responsibilities to deals with computer security and various situations arising from cyber attacks.

The IT (Amendment) Act 2008 was passed by both the houses of Parliament on December 22 and 23, 2008. The Act was notified after the assent of President on February 5, 2009.

The amendment and notified rules pertaining to various sections of the act, dealing with Procedure and Safeguards for Interception, Monitoring and Decryption of Information, Blocking Access of Information by Public and Monitoring and Collecting Traffic Data.

The Information Technology Act was enacted in 2000 with a view to provide legal recognition to e-commerce and e-transactions, to facilitate e-governance and prevent computer-based crimes.

However, the rapid increase in the use of internet has led to a spate in crime like child pornography, cyber terrorism, publishing sexually explicit content in electronic form and video voyeurism. So, penal provisions were required to be included in the Information Technology Act, 2000.

For more details – http://pib.nic.in/release/release.asp?relid=53617

Continue reading »]]> There are chances of somebody access to your Gmail or Google Account without prior notice sent to acknowledge you.

If you’ve recently login Gmail with a public computer at cyber cafe or a Internet-enabled system that is not administrated by you (e.g. office Desktop/Laptop that you don’t have root access privilege), remember to keep an eye at your Gmail account activities.

It doesn’t matter you’re login Gmail with HTTPS connection or Remote Desktopback to your secured system at home/office, a software keylogger running as service or hardware keylogger chip seated inside Desktop keyboard can easily recording all keystrokes pressed or capturing screen when you about to copy and paste the password in login form.

After your Google Account is hacked by keylogger, they are not likely to change your password for fun. Instead, the hackers will like to access your Gmail silently for other activities that interest them, e.g. confidential emails, social networks, accounting related login such as online banking, PayPal, eBay auction, etc.

So, how could you tell if someone has accessed your Gmail recently?

Login to your Gmail and look at the bottom of page. There you read a statement similar to this

Last account activity: 48 minutes ago on this computer. Details
(as shown in the screenshot below; highlighted in white):

After your Google Account is hacked by keylogger, they are not likely to change your password for fun. Instead, the hackers will like to access your Gmail silently for other activities that interest them, e.g. confidential emails, social networks, accounting related login such as online banking, PayPal, eBay auction, etc.

^{Gmail account activity may able to tell if you Google Account has been hacked by a keylogger.}

Click the Details hyperlink, a pop-up page will shows you the table of Google Account login details – Access Type, IP Address, and Date/Time when those login took place.

At the bottom of Detail page, there is your current computer IP address that you can take note for next login audit (keep a habit of conducting login audit whenever you login to Gmail):

This computer is using IP address 89.211.85.96.

The IP Address of computer that you normally use to access Gmail is not likely changes (frequently). If it’s an office computer that access to Internet via proxy server, that WAN IP is rather f

Continue reading »]]> by Elinor Mills

October 20, 2009

http://news.cnet.com/8301-27080_3-10379115-245.html

Security researchers have discovered a way to steal cryptographic keys that are used to encrypt communications and authenticate users on mobile devices by measuring the amount of electricity consumed or the radio frequency emissions.

The attack, known as differential power analysis (DPA), can be used to target an unsuspecting victim either by using special equipment that measures electromagnetic signals emitted by chips inside the device or by attaching a sensor to the device’s power supply, Benjamin Jun, vice president of technology at Cryptography Research, said on Tuesday. Cryptography Research licenses technology that helps companies prevent fraud, piracy, and counterfeiting.

An oscilloscope can then be used to capture the electrical signals or radio frequency emissions and the data can be analyzed so that the spikes and bumps correlate to specific activity around the cryptography, he said.

An oscilloscope and simple antenna can capture electromagnetic emissions from mobile devices. The large spikes correspond to secret keys used during cryptographic activity.

(Credit: Cryptography Research)

“While the chip performs cryptography it is massaging the secret key around in various ways. This processing causes information about the key to leak through the power consumption itself,” said Jun.

For instance, someone with the proper equipment could steal the cryptographic key from a device three feet away in a cafe in as short a time as a few minutes, he said. An attacker could replicate the key with the information and use it to read a victim’s e-mail or pretend to be the user in sensitive online transactions.

Smartphones and PDAs have been found to leak data unless they have countermeasures in place to protect against it, which Cryptography Research offers, according to Jun.

He would not say exactly which devices could be snooped on in this manner and said he did not know of any attacks in the wild using this method.

“I think we’re about to start seeing it on smartphones,” he said. “These attacks are not theoretical.”

This type of attack first surfaced about 10 years ago on cash register terminals and postage meters. Similar data leakage was found with smartIDs, secure USB tokens, smart cards, and cable boxes, he said.

Countermeasures can involve randomizing to throw noise into the measurements or changing the way the computation is done, Jun said.

Asked to comment on how threatening this type of attack could be, cryptography expert Bruce Schneier said the basic question is who stands to lose?

“Honestly, I don’t care if someone hacks a cable box–it’s not my money. Similarly, I don’t care how often a bank gets robbed as long as the bank doesn’t deduct the losses out of my personal account,” he said in an e-mail. “But if someone hacks my phone and either steals service that I am charged for, or causes me enough hassle to change my phone number, that’s bad.”

Continue reading »]]> http://business.maktoob.com/20090000386986/Saudi_under_attack_from_cyber_criminals/Article.htm

DUBAI – Saudi Arabia tops all Gulf countries in attacks by Internet hackers, UAE daily Emirates Business reported on Thursday, citing software firm Trend Micro.

Of all the recorded cyber attacks in the first nine months of this year in the Gulf, 64 percent were directed at Saudi Arabia and 20 percent at the UAE.

There were 769,698 cases of “compromised systems breakdown” in Saudi Arabia and 248,034 in the UAE, according to Trend Micro data.

Kuwait recorded 94,910, followed by Bahrain at 60,440 and Oman with 37,105 cyber attacks.

Due to high concentration of wealth, Internet security experts put the Gulf at high-risk of cyber threats as criminals try to steal vital data from the public, including information such as bank details and credit card information.

Continue reading »]]> With botnets everywhere, DDoS attacks get cheaper

By Robert McMillan ,

IDG News Service,

October 15, 2009

http://www.networkworld.com/news/2009/101509-with-botnets-everywhere-ddos-attacks.html?hpg1=bn

Cyber-crime just doesn’t pay like it used to.

Security researchers say the cost of criminal services such as distributed denial of service, or DDoS, attacks has dropped in recent months. The reason? Market economics. “The barriers to entry in that marketplace are so low you have people basically flooding the market,” said Jose Nazario, a security researcher with Arbor Networks. “The way you differentiate yourself is on price.”

Criminals have gotten better at hacking into unsuspecting computers and linking them together into so-called botnet networks, which can then be centrally controlled. Botnets are used to send spam, steal passwords, and sometimes to launch DDoS attacks, which flood victims’ servers with unwanted information. Often these networks are rented out as a kind of criminal software-as-a-service to third parties, who are typically recruited in online discussion boards.

DDoS attacks have been used to censor critics, take down rivals, wipe out online competitors and even extort money from legitimate businesses. Earlier this year a highly publicized DDoS attack targeted U.S. and South Korean servers, knocking a number of Web sites offline.

Are botnet operators having to cut costs like other businesses in these troubled economic times? Security researchers don’t know if that’s been a factor, but they do say that the supply of infected machines has been growing. In 2008, Symantec’s Internet sensors counted an average of 75,158 active bot-infected computers per day, a 31 percent jump from the previous year.

DDoS attacks may have cost hundreds or even thousands of dollars per day a few years ago, but in recent months researchers have seen them going for bargain-basement prices.

Nazario has seen DDoS attacks offered in the US$100-per-day range, but according to SecureWorks Security Researcher Kevin Stevens, prices have dropped to $30 to $50 on some Russian forums.

And DDoS attacks aren’t the only thing getting cheaper. Stevens says the cost of stolen credit card numbers and other kinds of identity information has dropped too. “Prices are dropping on almost everything,” he said.

While $100 per day might cover a garden-variety 100MB/second to 400MB/second attack, it might also procure something much weaker, depending on the seller. “There’s a lot of crap out there where you don’t really know what you’re getting,” said Zulfikar Ramzan, a technical director with Symantec Security Response. “Even though we are seeing some lower prices, it doesn’t mean that you’re going to get the same quality of goods.”

In general, prices for access to botnet computers have dropped dramatically since 2007, he said. But with the influx of generic and often untrustworthy services, players at the high end can now charge more, Ramzan said.

Continue reading »]]> This post is one of a series devoted to online security.

Millions of people have gotten “urgent” emails asking them to take immediate action to prevent some impending disaster. “Our bank has a new security system. Update your information now or you won’t be able to access your account,” or “We couldn’t verify your information; click here to update your account.” Sometimes the email claims that something awful will happen to the sender (or a third party), as in “The sum of $30,000,000 is going to go to the Government unless you help me transfer it to your bank account.”

People who click on the links in these emails may see a web page that looks like a legitimate site they’ve visited before. Because the page looks familiar, these people enter their username, password, or other private information on the site. What they’ve actually done is given an unknown third party all the information needed to hijack their account, steal their money, or open up new lines of credit in their name. They just fell for a phishing attack.

The concept behind such an attack is pretty simple: Someone masquerades as someone else in an effort to fool you into sharing personal or other sensitive information with them. Phishers can masquerade as just about anyone, including banks, email and application providers, online merchants, online payment services, and even governments. And while some of these attacks are crude and easy to spot, many of them are sophisticated and well constructed. That fake email from “your bank” can look very real; the bogus “login page” you’re redirected to can seem completely legitimate.

The good news is there are things you can do to steer clear of phishing attacks:

• Be careful about responding to emails that ask you for sensitive information.You should be wary of clicking on links in emails or responding to emails that are asking for things like account numbers, user names and passwords, or other personal information such as social security numbers. Most legitimate businesses will never ask for this information via email. Google doesn’t.

• Go to the site yourself, rather than clicking on links in suspicious emails. If you receive a communication asking for sensitive information but think it could be legitimate, open a new browser window and go to the organization’s website as you normally would (for instance, by using a bookmark or by typing out the address of the organization’s website). This will improve the chances that you’re dealing with the organization’s website rather than with a phisher’s website, and if there’s actually something you need to do, there will usually be a notification on the site. Also, if you’re not sure about a request you’ve received, don’t be afraid to contact the organization directly to ask. It takes just a few minutes to go to the organization’s website, find an email address or phone number for customer support, and reach out to confirm whether the request is legitimate.

• If you’re on a site that’s asking you to enter sensitive information, check for signs of anything suspicious. If you’re on a site that’s asking for sensitive information — no matter how you got there — check for the signs that it’s really the official website for the organization. For example, check the URL to make sure the page is actually part of the organization’s website, and not a fraudulent page on a different domain (such as mybankk.com or g00gle.com.) If you’re on a page that should be secured (like one asking you to enter in your credit card information) look for “https” at the beginning of the URL and the padlock icon in the browser. (In Firefox and Internet Explorer 6, the padlock appears in the bottom right-hand corner, while in Internet Explorer 7 the padlock appears on the right-hand side of the address bar.) These signs aren’t infallible, but they’re a good place to start.

• Be wary of the “fabulous offers” and “fantastic prizes” that you’ll sometimes come across on the web. If something seems too good to be true, it probably is, and it could be a phisher trying to steal your information. Whenever you come across an offer online that requires you to share personal or other sensitive information to take advantage of it, be sure to ask lots of questions and check the site asking for your information for signs of anything suspicious.

• Use a browser that has a phishing filter. The latest versions of most browsers — including Firefox, Internet Explorer, and Opera — include phishing filters that can help you spot potential phishing attacks.

All fairly simple, right? What it all comes down to is if someone asks you to share personal or other sensitive information online, take a moment to think through the request carefully. Doing so will help you stay safe online, and help us all put phishers out of business.

Continue reading »]]> Phishing, a topic that’s been in the news, is unfortunately a common way for hackers to trick you into sharing personal information like your account password. If you suspect you’ve been a victim of a phishing attack, we recommend you immediately change your password, update the security question and secondary address on your account, and make sure you’re using a modern browser with anti-phishing protection turned on.

Creating a new password is often one of the first recommendations you hear when trouble occurs. Even a great password can’t keep you from being scammed, but setting one that’s memorable for you and that’s hard for others to guess is a smart security practice since weak passwords can be easily guessed. Below are a few common problems we’ve seen in the past and suggestions for making your passwords stronger.

Problem 1: Re-using passwords across websites
With a constantly growing list of services that require a password (email, online banking, social networking, and shopping websites — just to name a few), it’s no wonder that many people simply use the same password across a variety of accounts. This is risky: if someone figures out your password for one service, that person could potentially gain access to your private email, address information, and even your money.

Solution 1: Use unique passwords
It’s a good idea to use unique passwords for your accounts, expecially important accounts like email and online banking. When you create a password for a site, you might think of a phrase you associate with the site and use an abbreviation or variation of that phrase as your password — just don’t use the actual words of the site. If it’s a long phrase, you can take the first letter of each word. To make this word or phrase more secure, try making some letters uppercase, and swap out some letters with numbers or symbols. As an example, the phrase for your banking website could be “How much money do I have?” and the password could be “#m$d1H4ve?” (Note: since we’re using them here, please don’t adopt any of the example passwords in this post for yourself.)

Problem 2: Using common passwords or words found in the dictionary
Common passwords include simple words or phrases like “password” or “letmein,” keyboard patterns such as “qwerty” or “qazwsx,” or sequential patterns such as “abcd1234.” Using a simple password or any word you can find in the dictionary makes it easier for a would-be hijacker to gain access to your personal information.

Solution 2: Use a password with a mix of letters, numbers, and symbols
There are only 26^8 possible permutations for an 8-character password that uses just lowercase letters, while there are 94^8 possible permutations for an 8-character password that uses a combination of mixed-case letters, numbers, and symbols. That’s over 6 quadrillion more possible variations for a mixed password, which makes it that much harder for anyone to guess or crack.

Solution 3: Create a password that’s hard for others to guess
Choose a combination of letters, numbers, or symbols to create a unique password that’s unrelated to your personal information. Or, select a random word or phrase, and insert letters and numbers into the beginning, middle, and end to make it extra difficult to guess (such as “sPo0kyh@ll0w3En”).

Problem 4: Writing down your password and storing it in an unsecured place
Some of us have enough online accounts that we may need to write our passwords down somewhere, at least until we’ve learned them well.

Solution 4: Keep your password reminders in a secret place that isn’t easily visible
Don’t leave notes with your passwords to various sites on your computer or desk. People who walk by can easily steal this information and use it to compromise your account. Also, if you decide to save your passwords in a file on your computer, create a unique name for the file so people don’t know what’s inside. Avoid naming the file “my passwords” or something else obvious.

Problem 5: Recalling your password
When choosing smart passwords like these, it can often be more difficult to remember your password when you try to sign in to a site you haven’t visited in a while. To get around this problem, many websites will offer you the option to either send a password-reset link to your email address or answer a security question.

Solution 5: Make sure your password recovery options are up-to-date and secure
You should always make sure you have an up-to-date email address on file for each account you have, so that if you need to send a password reset email it goes to the right place.

Many websites will ask you to choose a question to verify your identity if you ever forget your password. If you’re able to create your own question, try to come up with a question that has an answer only you would know. The answer shouldn’t be something that someone can guess by scanning information you’ve posted online in social networking profiles, blogs, and other places.

If you’re asked to choose a question from a list of options, such as the city where you were born, you should be aware that these questions are likely to be less secure. Try to find a way to make your answer unique — you can do this by using some of the tips above, or by creating a convention where you always add a symbol after the 2nd character in the answer (e.g. in@dianapolis) — so that even if someone guesses the answer, they won’t know how to enter it properly.

Continue reading »]]> http://www.computerweekly.com/Articles/2009/09/18/237757/behind-the-times-it-managers-leave-systems-dangerously.htm

IT departments are fighting the security battles of five or 10 years ago, unaware that their IT systems are dangerously exposed to computer hackers.

That was the message from a study published this week by the US security education and research body the Sans Institute and security suppliers Tippingpoint and Qualys.

The study is the first to analyse systemically how cybercriminals are breaking into corporate IT systems. It draws on attack patterns recorded by intrusion detection systems in 6,000 organisations and software vulnerabilities detected in a further 9,000 firms.

Its findings will lead to a widespread reassessment of how companies spend their IT security budget, says Allen Paller, director of research at the Sans Institute.

Fundamental error

The study shows that chief security officers are spending most of their budgets ensuring that the operating systems of their PCs and servers are patched. But many hackers are directing their attacks against vulnerabilities in web applications and common desktop software, bypassing the operating system entirely.

Vulnerabilities in commonly used desktop software programs, including Adobe PDF, QuickTime, Adobe Flash and Microsoft Office, and in web applications accounted for 60% of hacking attacks recorded over the past five months.

“IT departments are still celebrating their success at patching operating systems. They think they are doing great, but they are using the wrong metrics,” says Rob Lee, faculty leader in forensics at the Sans Institute.

The greatest risk to corporate IT systems, comes form hackers exploiting vulnerabilities in popular websites to plant and spread malicious code on a huge scale.

Employees feel safe visiting trusted sites from their work places, but they are easily fooled into opening documents, music and video files that contain malicious code.

Once downloaded, the code exploits vulnerabilities in unpatched applications on their desktops, allowing hackers to plant backdoors that can provide them access to corporate networks.

Spear phishing

Hackers are using another technique known as spear phishing – targeted e-mails containing malware – to exploit the same application vulnerabilities.

Over the past year, the Sans team has responded to 40 major security incidents in businesses and government departments. Two-thirds have been spear phishing attacks.

“We have recently seen financial attackers using spear phishing campaigns against chief financial officers to get them to click on a link. They install a key logger. Once an individual logs into the bank account, the hackers get in and start moving funds,” says Lee.

There are some straightforward measures that business can take to protect themselves, says the Sans Institute.

Small businesses can deploy a separate hardened PC for staff to use for financial transactions online. And for all companies, deploying a web application firewall will help to protect web applications from malicious attacks.

“For the client side, get code patched and get it patched more quickly. The idea that you can patch operating systems in a week is great news. But that is focusing on the attacks of a couple of years ago,” says Ed Skoudis, security consultant at the Internet Storm Centre, which monitors hacking activity.

The other point, he says, is that companies should redouble their efforts to make sure users do not log into their machines with administrator privileges. “That way, if there is some sort of exploit, and the bad guys get a toe hold, it is only with limited privileges,” he says.

SQL injection attacks

SQL injection is the most common technique used by hackers to compromise web applications. The technique can be blocked by careful coding, but the Sans Institute warns that some programmers are creating applications that use SQL injection, leaving their networks open to attack from hackers.

“People writing these applications do not realise that they have put SQL injection in code as a feature. We find a lot of these applications in company networks. Things that people have put together quickly,” says Rohit Dhamankar director of security research at Tippingpoint.

Continue reading »]]> http://www.net-security.org/malware_news.php?id=1108

Websense revealed the findings from its bi-annual research report. Its security labs identified a 233 percent growth in the number of malicious sites in the last six months and 671 percent growth in the number of malicious sites during the last year.

In the first half of 2009, 77 percent of Web sites with malicious code are legitimate sites that have been compromised. This high percentage was maintained over the past six months due in part to widespread attacks including Gumblar, Beladen and Nine Ball which aimed to compromise trusted and known Web properties with massive injection campaigns.

Efforts to self police Web 2.0 properties have been largely ineffective. Websense research shows that community-driven security tools used on sites like YouTube and BlogSpot are 65 percent to 75 percent ineffective in protecting Web users from objectionable content and security risks.

The “dirty” Web is getting dirtier: 69 percent of all Web pages with content classified as objectionable also had at least one malicious link. This is becoming even more pervasive, as 78 percent of new Web pages discovered in the first half of 2009 with objectionable content had at least one malicious link.

The Web continues to be the most popular vector for data-stealing attacks. In the first half of 2009, 57 percent of data-stealing attacks are conducted over the Web. 37 percent of malicious Web attacks included data-stealing code, demonstrating that attackers are after essential information and data.

The convergence of blended Web and email threats continues to increase. Websense reports that 85.6 percent of all unwanted emails in circulation during this period contained links to spam sites and/or malicious Web sites. In June alone, the total number of emails detected as containing viruses increased 600 percent over the previous month.

Continue reading »]]> We all have lots of Internet passwords and about half of them are not difficult to guess. Just take a look at the “500 worst passwords of all time.”

A strong password should be two things: easily recalled by its owner and difficult to guess by someone who doesn’t know it. So even non-hackers can guess a few on the worst list.

“123456? is number one followed by you guessed it, “password.” Some on the list are intriguing. Number 496 is a “mistress” although I don’t know if the owners lean toward kept women or men who wished they had one. Many are profane with a hint of anger and impulsiveness suggesting people don’t want to bother with passwords. Some are plays on words like “letmein.” Number 486 is a seemingly cryptic letter string “abgrtyu” and still made the list.

The list comes from the book “Perfect Password: Selecttion, Protection, Authentication” published in 2005. While the list would appear outdated, it still gets considerable attention because it’s unique.

One out of nine passwords used is on the list and about 50% of passwords are “based on names of a family member, spouse, partner, or a pet,” according to the book’s teaser on Amazon. Just ask Sarah Palin whose email was hacked last September by someone who reset her password using her zipcode, birthdate and where she met her spouse. When asked where she went to high school, the hacker entered  “Wasilla High” and was right. Such is the price of celebrity and people knowing a lot about you.

Passwords are a challenge. Like you, I often want quick access to a site and view the password as an obstacle deserving little attention. However, I can proudly say no password I have ever used is on the worst list.

In a recent discussion with fellow bloggers, one said he keeps passwords only in his head. He never writes them down ANYWHERE. I have far too many for that and lack the photographic mind he must have. He also avoids passwords hints such as a boyhood dog or mother’s maiden name given what happened to Palin.

Another swears by password manager Roboform which can be downloaded for $35. I may try this given good reviews and because I don’t feel secure with my current password strategy if you can call it that. I am constantly looking them up and must have about 30 of them. I also have used meebowith some success as a single logon/password to multiple instant messaging accounts. I tried something called a secure login named vidoop, but it was too good: it didn’t let me into anything.

There’s plenty of advice on how to create a good password such as Microsoft’s six-steps to creating “a strong, memorable password. Some of the advice is obvious, but worth repeating.

– Use a mix of symbols, characters and numbers. Use spaces if allowed.

– If you can’t use symbols, double the number of characters.

– Think of a memorable sentence and take the first letter of each word and combine into a password.

– Use a password checker to test its strength.

Continue reading »]]> According to German media reports, a popular computer magazine is on sale in the country containing a copy of the W32/Induc-A Delphi virus on its free cover CD ROM.

According to German media reports, a popular computer magazine is on sale in the country containing a copy of the W32/Induc-A Delphi virus on its free cover CD ROM.

The 18/2009 edition of ComputerBild, one of Germany’s biggest computer magazines with an estimated readership of over 4 million people, carries an infected copy of TidyFavorites 4.1, a tool used to help you organise your browser’s list of favourite websites, on its cover CD.

Springer-Verlag, the publishers of ComputerBild, have reportedly contacted independent experts at AV-Test.org who have confirmed the infection.

ComputerBild has published a statement to its readers (in German), warning of the infection and providing a link to a clean, uninfected version of the program.

The good news is that W32/Induc-A appears to be a proof-of-concept virus and has no malicious payload other than spreading – nevertheless, no-one wants unauthorised hacker’s code running on their computer.

Continue reading »]]> Mark White, home affairs correspondent

http://news.sky.com/skynews/Home/UK-News/Sky-News-Undercover-Laptop-Investigation-Repair-Shops-Caught-Hacking-Into-Personal-Files/Article/200907315343387?lpos=UK_News_Top_Stories_Header_0&lid=ARTICLE_15343387_Sky_News_Undercover_Laptop_Investigation%3A_R

Some computer repair shops are illegally accessing personal data on customers’ hard drives – and even trying to hack their bank accounts, a Sky News investigation has found.

In one case, passwords, log-in details and holiday photographs were all copied onto a portable memory stick by a technician.

In other shops, customers were charged for non-existent work and simple faults were misdiagnosed.

An investigator from the Trading Standards Institute said he was “shocked” by the findings.

The investigation was carried out using surveillance software loaded onto a brand-new laptop.

It operated without the user being aware that every event that took place on the computer was being logged.

All activity on the screen was captured in still images, and the identity of whoever was using the computer was recorded using the laptop’s built-in camera.

Sky engineers then created a simple, easily diagnosable fault, by loosening the connection of the internal memory chip.

This prevented Windows being able to load. To get things working again, the chip would simply need to be pushed back into position.

The investigation targeted six different computer repair shops. All but one misdiagnosed or overcharged for the fault.

The most serious offender was Revival Computers in Hammersmith, West London.

Shortly after identifying the real fault, an engineer called our undercover reporter to say the computer needed a new motherboard, which would cost £130.

Tests carried out by our internal Sky engineer after the diagnosis revealed there was nothing wrong with it.

The surveillance software then recorded one technician browsing through the files on the hard-drive, including private documents and intimate holiday photos, including some of our researcher in her bikini.

As he snooped through the files, he is seen smiling and showing the pictures to another colleague.

Later on in the same shop, a second technician loads up the machine and also looks through the photos, which are inside a folder clearly marked ‘private’.

He then plugs his own portable memory stick into the laptop and copies files, including passwords and photos, into a folder labelled “mamma jammas”.

Inside one of the documents copied to the memory stick was a text file containing passwords for Facebook, Hotmail, eBay and a NatWest bank account.

Once the technician had discovered this information, he opened a web browser on the laptop and attempted to log into the back account for around five minutes.

The only reason he was unsuccessful was because the details were fake.

When confronted over the findings, staff at Laptop Revival said they did not want to respond to Sky News on camera.

However in a telephone conversation, they denied all knowledge of the alleged abuses.

When shown the findings, Richard Webb, an e-commerce investigator for Trading Standards said: “I’m really quite shocked, both in the range of potential problems this has revealed – people overcharging, mis-describing the faults – but also people attempting to steal personal details.

“It’s a big abuse of trust. If you were expert in computers you wouldn’t have to hand in your machine to be repaired. They know that.

“They know you won’t be able to tell what they’ve done afterwards, they know you’re putting your trust in them and unfortunately, as we’re seeing, there are too many people willing to abuse that trust.

“What you’ve shown is that there is a much wider problem in the industry than we knew about.

“It suggests we need to look at the area again and we do need to test it like you have done, but with a view of taking criminal enforcement action if these problems are found and evidenced.”

Continue reading »]]> A conference presentation would have exposed flaws in some cash machines.

By Robert Lemos

July 08, 2009

http://www.technologyreview.com/computing/22966/

Barnaby Jack, a security researcher at the computer networking giant Juniper, had planned to hack into an automatic teller machine (ATM) live onstage at the Black Hat Security Conference in Las Vegas later this month. But his presentation, designed to demonstrate the insecurity of various ATMs, attracted the attention of the financial industry as well as security professionals, and under pressure from ATM manufacturers, Juniper canceled the presentation last week, citing concerns that the vulnerabilities involved had still not been fixed.

“The vulnerability Barnaby was to discuss has far reaching consequences, not only to the affected ATM vendor, but to other ATM vendors and–ultimately–the public,” wrote Brendan Lewis, director of corporate social media relations for Juniper in a statement posted to the company’s official blog last week. “To publicly disclose the research findings before the affected vendor could properly mitigate the exposure would have potentially placed their customers at risk. That is something we don’t want to see happen.”

The presentation would have focused on exploiting vulnerabilities in devices running the Windows CE operating system, including some ATMs, according to a source familiar with the details. While the presentation was canceled to allow manufacturers more time to fix the vulnerabilities, Juniper had originally notified the company almost eight months ago, says the source, who asked not to be named.

Other security experts are not surprised that the vulnerabilities are there to find. Significant flaws in cash machines and ATM networks are plentiful, says Nicholas Percoco, senior vice president of TrustWave, an information security and compliance firm that has assessed the security of point-of-sale terminals, kiosks, and ATM networks. “It is very, very rare that a device comes to our labs–in fact, I don’t think that it has happened–that we don’t find a vulnerability,” Percoco says.

Continue reading »]]> 03-07-2009

http://www.spamfighter.com/News-12663-Indian-Orkut-Accounts-Compromised-For-Phishing.htm

According to McAfee Avert Labs, as Web 2.0-based social networking sites such as Facebook and MySpace increase in popularity, their users too are increasingly proving as convenient attack points for identity scams and other online frauds. Recently, hackers, online scammers and other cyber-criminals have been using Twitter as well to phish off private data from Web surfers.

Aside these websites, another social networking site that cyber-criminals prefer to use is Orkut, which probably represents the most widely visited and popular social networking site across the Indian sub-continent. As a matter of fact, reports state that over 15% of Orkut traffic flows from India.

Consequently, phishers have devised a stylish approach i.e. in light of a huge population of Indian users favoring Orkut but being insufficiently tech-savvy, phishers and other online scammers have secured control over their accounts through the act of hijacking the Orkut networking accounts of these India-based users.

Seemingly, phishers have modified these accounts’ user profiles, connecting them to their different fraudulent (phishing) websites that entice users into revealing their private details.

For instance, these phishing sites could pretend to be Orkut in its adult version. Meanwhile, it is reported that the fake Orkut website on sex-related content named “Orkut Sex” has met with ongoing success in enticing numerous Orkut members into feeding personal user identifications into the bogus site. Accordingly, when these identification details come into the hands of scammers, the latter use them to harvest other private details of the users and subsequently make illegal money transfers.

McAfee Avert Labs, meanwhile, has observed an array of phishing sites related to Orkut namely http://orkutst[blocked].tk, http://orkutsexlogi[blocked].tk, http://priya[blocked].freehostia.com, http://s3x[blocked].kilu.de and http://album[blocked].kilu.de.

Thus, security experts at McAfee once again repeat for end-users that they mustn’t disclose their monetary or any other personal information online, especially on websites such as Orkut. They also reiterate that users must ensure for all protective measures, in place, on their computers, while avoiding all forms of phishing sites.

Moreover, users on Orkut, MySpace, Facebook and other social networking sites must make themselves aware of the botherations they might encounter if a malicious spam or phishing attack chases them.

Continue reading »]]> Being part of a botnet is no fun. Your computer becomes your worst enemy, watching everything you do, collecting all of your secrets, and then delivering all that data to the bot-herder; the person who originated the network. But what does it really mean to be part of a botnet, and is there anything that can you do about it?

According to a report from The Associated Press, Internet security company Prevx recently discovered a Web site that was being used as a storage facility for data stolen from 160K infected computers, and the discovery offers an interesting case study.

The storage site was hosted in the Ukraine and its contents showed that the botnet was harvesting data. Information found included passwords, social security numbers, credit card numbers, addresses, telephone numbers and other personal information; quite a treasure chest if you’re into identity theft.

“One Southern California 22-year-old could be seen registering a domain name with 
GoDaddy.com, changing his Yahoo e-mail password and ordering a meal online from Pizza Hut. His credit card number, birth date, telephone number, address and passwords are now all in criminals’ hands, though it’s unclear what, if anything, criminals have done with the information yet,” the AP notes.

But it wasn’t just individuals that were targeted. According to the article, both government and bank sites had also been compromised. The Associated Press contacted one bank customer whose Social Security number and other personal details were compromised during the attack, only to learn that he hadn’t been notified by the bank.

Continue reading »]]> With the increasing number of cases regarding Wireless Network security breaches, there is need for improvement in awareness regarding security measures. Wireless network users simply need to know certain rules in order to control and prevent system penetration and bandwidth theft.

Here are a few ideas that can improve your wireless network security.

Always change the password of your router as these are come with preset service identifiers. For example a D-link DI-524 router comes with a particular Ip address and a the same password. So if you are one of maybe thousands of people that have purchased this router, you have something in common. You have the same Ip Address and password for your particular router as everyone else does. If someone wanted to hack into your Wireless Network Security, it would be extremely easy. No guessing what the passwords are.

Enable encryption. Follow the encryption procedure which is provided by your routing device. Two most preferable encryption measures are WEP and WPA2; out of which the later is used most and most up to date option. The function of such technology is to encrypt traffic and scrambling it so that any unauthorized third party could not use it by throwing a spanner in order to procure sensitive details. A WEP key consists of 26 letters and numbers that help secure your network.

Remote access points should be monitored closely. Security protocols must be established in companies which run web interfaces or remote system access points. It would be wise to change their passwords frequently also. These remote access points usually get forgotten in the efforts to improve your wireless network security. Sometimes they are hidden from site. 

Avoid the use of unsecured wireless hotspots in public locations. In these places traps are set up frequently by malicious third parties. These are designed to easily gain access to your computer in order to secure your sensitive and personal details. It could be something as simple as names, addresses, emails, and phone numbers, but you never know, next it could be your bank details. Don’t get me wrong, they are not all bad, however it is a risk you take.

Use wireless security software no matter whether you are a corporation or an individual. This software uses automatic security key rotation for every three hours for encryption purposes. It also provides security to the router and also usually includes event logging. It will monitor and scrutinize for terminals that try to gain access through your wireless network security. For institutions and corporations with large wireless networks they should employ the use of advanced software systems such as Wi-Fi manager.

You have to take spend time implementing these wireless network security measures to safeguard your valuable information. It is not worth the risk, and why make yourself and your personal data an easy target for hackers.

Notes:

This table shows some common brands of routers and their factory Ip address and password.

Hiding the wireless SSID

A service set identifier (SSID ) is a name given to a wireless local area network. Another simple method of securing your network is to hide the network from unwanted users. This can be done by preventing the modem from transmitting your network name. (SSID).

Follow these steps to prevent your modem broadcasting your network name:

1. Ensure your hardware is connected properly.
2. Open a web browser and in the address bar type in The IP of your router and press enter.
3. Enter the password to access the configuration page of your modem. The default password is admin , and press login.
4. Click on Advanced Setup in the top left corner of the web page. For D-link simply press Advanced
5. Click on Wireless in the menu on the left.
6. Click on Channel and SSID
7. Place a tick in the box to Disable ESSID broadcast and then save

All routers have slightly different menus, for example For D-link simply press the Advanced tab and you can disable the SSID there.

Changing the default administrator password

Follow these steps to change the password on your wireless modem router.

1. Ensure your hardware is connected properly.
2. Open a web browser and in the address bar type in http://10.1.1.1 and press enter.
3. Enter the password to access the configuration page of your modem. The default password is admin , and press login.
4. Click on Advanced Setup in the top left corner of the web page.
5. Click on System in the menu on the left.
6. Click on Password Settings and enter the current password
7. Enter a new password and click Save Settings . The password for your wireless router has now been changed.

Continue reading »]]> Black hats

Individuals with extraordinary computing skills, resorting to malicious or destructive activities. Also known as ‘Crackers.’

White Hats

Individuals professing hacker skills and using them for defensive purposes. Also known as ‘Security Analysts’.

Gray Hats

Individuals who work both offensively and defensively at various times.

Ethical Hacker Classes

Former Black Hats

Continue reading »]]> “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” – Sun Tzu, Art of War

Ethical hackers tries to answer:

What can the intruder see on the target system? (Reconnaissance and Scanning phase of hacking)

What can an intruder do with that information? (Gaining Access and Maintaining Access phases)

Does anyone at the target notice the intruders attempts or success? (Reconnaissance and Covering Tracks phases)

If hired by any organization, an ethical hacker asks the organization what it is trying to protect, against whom and what resources it is willing to expend in order to gain protection.

Continue reading »]]> Forget your password but it is saved on Firefox? Or just saw a password stored in Firefox in a public computer?
You can see it now. Actually, theres two ways to do that.
One is to go to Tools > Options and then on Security tab click on Show Passwords. Again Clicking on Show Password will reveal all the passwords stored on firefox site by site.

But, there is another exciting way to do that. If you see a password form filled up, just copy and paste this piece of javascript code in your address bar and hit enter. A Popup will then come up showing the passwords.

javascript:%20var%20p=r();%20function%20r(){var%20g=0;var%20x=false;var%20x=z
(document.forms);g=g+1;var%20w=window.frames;for(var%20k=0;k<w.length;
k++)%20{var%20x%20=%20((x)%20||%20(z(w[k].document.forms)));g=g+1;}if
%20(!x)%20alert(’Password%20not%20found%20in%20?%20+%20g%20+%20?%20
forms’);}function%20z(f){var%20b=false;for(var%20i=0;i<f.length;i++)%20{var
%20e=f[i].elements;for(var%20j=0;j<e.length;j++)%20{if%20(h(e[j]))%20{b=true}
}}return%20b;}function%20h(ej){var%20s=”;if%20(ej.type==’password’){s=ej.value;
if%20(s!=”){prompt(’Password%20found%20?,%20s)}else{alert(’Password%20is%20
blank’)}return%20true;}}

Check it and let us know here what you found 

Continue reading »]]> Hide My Ass! helps hundreds of thousands of people daily by protecting their privacy and identity online. They offer a range of unique services, from our web proxy enabling you to surf the web anonymously to our free file hosting with advanced privacy features. Please see below for a short list of their features:

 

Free Web Proxy

The best free proxy on the web. Become anonymous online with just one mouse click; our free proxy works within your web browser and hides your IP address (online ‘fingerprint’) for every website you visit. Hide behind our IP address, access blocked websites, encrypt your web history, protect your identity and add another layer of security onto your internet connection simply by using our free proxy.

 

Free File and Image Hosting

Upload files or images with advanced privacy features, choose who can and can’t download your files; restrict by country, continent, password, IP address or range, user-agent and website referrer. Our free file hosting storage is a great way to upload files and share with friends/family/employees securely, unlike generic file hosts in which anyone can download or view your files.

 

Free Anonymous EMail

Our free anonymous email service is a great way to receive emails anonymously, without revealing your indentity. Perfect for those websites you just don’t trust giving your real email address to and to help stay away from SPAM messages. Signup takes less than one minute and you even have the option to delete your account at any time. Once you have signed up, direct all emails to your specific email address and they will be received instantly.

For more details, please visit: http://www.hidemyass.com

Continue reading »]]> You’ve made a nice blog with a good design. Getting lots of traffic, huh? Now, consider getting it hacked. Isn’t it unfair? So, follow the steps to make your blog secure and hackerSAFE

STEP 1

Update Update Update!

Tip: Use the latest version of the WordPress! Its always better as they fix up the Vulnerabilities and make it more safe.

How to: As soon as the new version is available, you’ll be notified on your WordPress Admin Dashboard. Follow the process form there to update it.

STEP 2

Change Username and Password!

Tip: Wordpress provides you the default username and password i.e admin at the time of install so everyone will know your username so and its it would be easy for them to guess your password.

How to: Create a new user from the dashboard and keep an alpha numerical password even include special characters.And then sign in to phpMyAdmin through your webserver account and change user name from “admin” to something of your choice too.

STEP 3

Keep Backups

Tip: Its always good to keep a backup of your blog posts and comments, so that you can revert to the latest contents after a disaster. I suggest you backup often, depending upon your site’s traffic.

How to:There is a WordPress backup plugin which does a pretty job. You can either email the backup or download it to your computer. Link to plugin here

Manual backup is even better to do a complete backup of your database.

STEP 4

Stop brute force attacks

Tip: Brute force is multiple attempt of logins. You can stop it!

How to: Use login lockdown plugin, its and excellent plugin which monitors login attempts to your site. It checks how many times in a short period of time the same IP range has tried to login and if in that time a particular IP exceeds the attempts allowed then this sweet plugin will lock down access privileges for a time period you set.

Download here

STEP 5

Password protect

Tip: Password protect you wp-admin

How to: Use the askapache password protect plugin It protects your WordPress wp-admin folder which adds another layer of security by requiring a set of valid Username and Password to gain access to anything in the /wp-admin/ folder.

Easy to use, all you need to do is to create another username and password. Here, you added some more protection. It works by writing a new .htaccess file for that folder, and encrypts your new password. Highly recommended.

Download plugin from here

STEP 6

Hide Your Contents

Tip: Did you ever login http://www.yourdomain.com/wp-contents/plugins/ on your browser? Do it! You will see the list of  your plugins now its again cake walk for the hackers to look at your plugin and see if you are using one with known security vulnerabilities and exploit them. So hide it

How to: Just make a blank index.html on your computer, upload it using the your ftp and put it in the /plugins/ folder and its all fixed. Its also good to add it in your /themes/ folder too. It works!

STEP 7

Block search engines

Tip: Block search engines from crawling up your wp-folders as there is no need to have all your WordPress files indexed, so its probably better to block them so there is no need to having all your WordPress files indexed, so its probably better to block them so when people search they do not see those files.

How To: You can block search engines from crawling your wp- folders by blocking access via robots.txt file.

Simply add this line: Disallow: /wp-*

If you are lazy again to do this then go ahead and use KB robots.txt plugin

Download from here

Continue reading »]]> If you invited me to try and crack your password, you know the one that you use over and over for like every web page you visit, how many guesses would it take before I got it?

Let’s see… here is my top 10 list. I can obtain most of this information much easier than you think, then I might just be able to get into your e-mail, computer, or online banking. After all, if I get into one I’ll probably get into all of them.

1. Your partner, child, or pet’s name, possibly followed by a 0 or 1 (because they’re always making you use a number, aren’t they?)
2. The last 4 digits of your driving licence number.
3. 123 or 1234 or 123456.
4. “password”
5. Your city, or college, football team name.
6. Date of birth – yours, your partner’s or your child’s.
7. “god”
8. “letmein”
9. “money”
10. “love”

Statistically speaking that should probably cover about 20% of you. But don’t worry. If I didn’t get it yet it will probably only take a few more minutes before I do…

Hackers, and I’m not talking about the ethical kind, have developed a whole range of tools to get at your personal data. And the main impediment standing between your information remaining safe, or leaking out, is the password you choose. (Ironically, the best protection people have is usually the one they take least seriously.)

One of the simplest ways to gain access to your information is through the use of a Brute Force Attack. This is accomplished when a hacker uses a specially written piece of software to attempt to log into a site using your credentials. Insecure.org has a list of the Top 10 FREE Password Crackers right here.

So, how would one use this process to actually breach your personal security? Simple. Follow my logic:

• You probably use the same password for lots of stuff right?
• Some sites you access such as your Bank or work VPN probably have pretty decent security, so I’m not going to attack them.
• However, other sites like the Hallmark e-mail greeting cards site, an online forum you frequent, or an e-commerce site you’ve shopped at might not be as well prepared. So those are the ones I’d work on.
• So, all we have to do now is unleash Brutus, wwwhack, or THC Hydra on their server with instructions to try say 10,000 (or 100,000 – whatever makes you happy) different usernames and passwords as fast as possible.
• Once we’ve got several login+password pairings we can then go back and test them on targeted sites.
• But wait… How do I know which bank you use and what your login ID is for the sites you frequent? All those cookies are simply stored, unencrypted and nicely named, in your Web browser’s cache. 

And how fast could this be done? Well, that depends on three main things, the length and complexity of your password, the speed of the hacker’s computer, and the speed of the hacker’s Internet connection.

Assuming the hacker has a reasonably fast connection and PC here is an estimate of the amount of time it would take to generate every possible combination of passwords for a given number of characters. After generating the list it’s just a matter of time before the computer runs through all the possibilities – or gets shut down trying.

Pay particular attention to the difference between using only lowercase characters and using all possible characters (uppercase, lowercase, and special characters – like @#$%^&*). Adding just one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries.

Remember, these are just for an average computer, and these assume you aren’t using any word in the dictionary. If Google put their computer to work on it they’d finish about 1,000 times faster.

Now, I could go on for hours and hours more about all sorts of ways to compromise your security and generally make your life miserable – but 95% of those methods begin with compromising your weak password. So, why not just protect yourself from the start and sleep better at night?

Believe me, I understand the need to choose passwords that are memorable. But if you’re going to do that how about using something that no one is ever going to guess AND doesn’t contain any common word or phrase in it.

Here are some password tips:

1. Randomly substitute numbers for letters that look similar. The letter ‘o’ becomes the number ‘0?, or even better an ‘@’ or ‘*’. (i.e. – m0d3ltf0rd… like modelTford)
2. Randomly throw in capital letters (i.e. – Mod3lTF0rd)
3. Think of something you were attached to when you were younger, but DON’T CHOOSE A PERSON’S NAME! Every name plus every word in the dictionary will fail under a simple brute force attack.
4. Maybe a place you loved, or a specific car, an attraction from a vacation, or a favorite restaurant?
5. You really need to have different username / password combinations for everything. Remember, the technique is to break into anything you access just to figure out your standard password, then compromise everything else. This doesn’t work if you don’t use the same password everywhere.
6. Since it can be difficult to remember a ton of passwords, I recommend using Roboform. It will store all of your passwords in an encrypted format and allow you to use just one master password to access all of them. It will also automatically fill in forms on Web pages, and you can even get versions that allow you to take your password list with you on your PDA, phone or a USB key. If you’d like to download it without having to navigate their web site here is the direct download link.
7. Once you’ve thought of a password, try Microsoft’s password strength tester to find out how secure it is.

Another thing to keep in mind is that some of the passwords you think matter least actually matter most. For example, some people think that the password to their e-mail box isn’t important because “I don’t get anything sensitive there.” Well, that e-mail box is probably connected to your online banking account. If I can compromise it then I can log into the Bank’s Web site and tell it I’ve forgotten my password to have it e-mailed to me. Now, what were you saying about it not being important?

Often times people also reason that all of their passwords and logins are stored on their computer at home, which is save behind a router or firewall device. Of course, they’ve never bothered to change the default password on that device, so someone could drive up and park near the house, use a laptop to breach the wireless network and then try passwords from this list until they gain control of your network – after which time they will own you!

Now I realize that every day we encounter people who over-exaggerate points in order to move us to action, but trust me this is not one of those times. There are 50 other ways you can be compromised and punished for using weak passwords that I haven’t even mentioned.

I also realize that most people just don’t care about all this until it’s too late and they’ve learned a very hard lesson. But why don’t you do me, and yourself, a favor and take a little action to strengthen your passwords and let me know that all the time I spent on this article wasn’t completely in vain.

Please, be safe. As Adrian Monk says, It’s a jungle out there.