[SecurityRatty] tag: cnet

Summarizing Zero Day's Posts for August

Thu, 04 Sep 2008 03:40:10 +0000

Here's a concise summary of all of my posts at Zero Day for August. If interested, consider going through July's summary, subscribe yourself to my personal feed, or Zero Day's main feed, and stay informed.

Some of the notable articles are - Today's assignment : Coding an undetectable malware ; Coordinated Russia vs Georgia cyber attack in progress and Inside India's CAPTCHA solving economy.

01. Cuil's stance on privacy - "We have no idea who you are"
02. Phishers increasingly scamming other phishers
03. Today's assignment : Coding an undetectable malware
04. Consumer Reports urges Mac users to dump Safari, cites lack of phishing protection
05. Fake CNN news items malware campaign spreading rapidly
06. CNET's Clientside developer blog serving Adobe Flash exploits
07. Coordinated Russia vs Georgia cyber attack in progress
08. Researcher discovers Nokia S40 security vulnerabilities, demands 20,000 euros to release details
09. Intel proactively fixes security flaws in its chips
10. 1.5m spam emails sent from compromised University accounts
11. Fortune 500 companies use of email spoofing countermeasures declining
12. China busts hacking ring, managed to penetrate 10 gov't databases
13. Scammers caught backdooring chip and PIN terminals
14. SpamZa - opt in spamming service fighting to remain online
15. FEMA's PBX network hacked, over 400 calls made to the Middle East
16. Typosquatting the U.S presidential election - a security risk?
17. Hundreds of Dutch web sites hacked by Islamic hackers
18. Twitter's "me too" anti-spam strategy
19. Malware detected at the International Space Station
20. Taiwan busts hacking ring, 50 million personal records compromised
21. MSN Norway serving Flash exploits through malvertising
22. Inside India's CAPTCHA solving economy

ASCII Art Spam

Wed, 27 Aug 2008 04:35:14 +0000

I recently had a chat with Stephen Shankland over at CNET regarding the weird and wacky world of ASCII Art Spam. It's been around for some time now, and every now and again there's a little surge (currently most of it seems to be coming out of Korea & China) before dying down again.

Of course, it has an element of visual appeal to it in some cases:

A bowl of spammy noodles, originally uploaded by pragmatic_pete.

They're pretty cool noodles, however you look at it. The biggest problem (for the spammers, anyway) continues to be the fact that, for the most part, the spam is largely unintelligble.

ASCII Art Spam, originally uploaded by schoschie.

.....wha? Sexy....grrmfs? Girls? Gorillas? Who knows. The problem with mangled text also extends (somewhat more crucially) to the URLs they happen to be pimping:

Spam, originally uploaded by cablejimmy.

They're not doing too badly there until they reach the web address, at which point it might as well say

www. absolutelynoideawhatthatsays .com

Of course, the last thing I'm suggesting is that I long for the day when the spammers get it right, but at least they can provide us with some cheap laughs regarding how hopeless their spam is in the meantime.

Beware of Rogue Anti-Malware

Mon, 18 Aug 2008 06:16:04 +0000

Rogue anti-virus and anti-spyware products are not a new story, but they are a relatively growing threat. One of these threats made some news this week and taught some lessons about just how suspicious you have to be of them. We had heard of XP Antivirus—also known by a plethora of name variants, including Antivirus XP and year variants like Antivirus XP 2008. Click here for a description from Sunbelt Software. Last week, advertisements for this product started appearing on CNET (specifically their Download.com service) through syndicated Google ads. Not to pick on CNET specifically; Google ads are likely to be appearing elsewhere, but we were referred to them on that site. The hallmark of such malware is to start with a free version. This version conducts a fake malware scan that finds lots of malware on the system, and the user is told to pay for the "premium" version in order to remove the malware that doesn't really exist in the first place. Often rogue anti-malware software such as this is not strictly malicious in the sense of spreading itself to other systems or hiding any functions; it is simply a scam. Of course, by buying the product you may also expose personal and credit card details to untrustworthy people. Later last week, GlobalSign, the certificate authority that had issued a code signing certificate for use with Antivirus XP 2008, revoked that certificate after complaints that the software was malicious. They verified that the company existed but couldn't contact them. The investigation is ongoing. The bottom line and moral of the story is that rogue anti-malware vendors are merciless and shameless when it comes to masquerading as legit software. Ads on legit sites don't prove anything, and code-signing certificates don't prove anything. You still need to use common sense and exercise precautions, like running well-known and respected anti-malware, like Sunbelt Software's. They have a lot of special in-house expertise on rogue products like this.

Reporters Tossed Out of BlackHat for Hacking Other Press Reps

Fri, 08 Aug 2008 09:02:31 +0000

Security folks seem to enjoy their jobs — making a game of penetration tests, hacking, and in good natured fun, reminding each other when they’re vulnerable online. So at the Black Hat conference this week, wireless network users were warned that if they didn’t use an encrypted connection, their data, credentials and passwords would be projected on a wall for all to see.

The baaad folks who were listed up on this “Wall of Sheep” consisted largely of security professionals who should know better, though many of them were using iPhones or other types of mobile devices instead of traditional laptops. Apparently, users were warned ahead of time that this could happen, and this type of passive hacking was done good naturedly, as a lesson and a point of humor.

But the event turned a bit sour when some reporters set out to actively hack credentials and passwords from other well known press representatives (like eWeek and CNET), in order to post them on the Wall of Sheep, too. It’s a credit to the Black Hat organizers that they showed their commitment to security and confidentiality, and threw the reporter-hackers out of the conference for their “active” hack:

With thousands of hackers milling around the Black Hat convention here, and widespread snooping on the public WiFi network, one place was supposed to be off limits: the press room.

But in a case of reporters spying on other reporters, three journalists working for the French publication Global Security Magazine were booted Thursday from the hackers’ conference after they were allegedly caught hacking into the private computer network set up for the media.

Read the full article here.

Malicious Javascript Code In Another CNET Networks Website

Fri, 08 Aug 2008 06:14:02 +0000

Websense has discovered that another CNET Networks site, CNET Clientside Developer Blog, has been compromised, just 5 months after previous incident. The main page of this website contains malicious JavaScript code that de-obfuscates into an iframe that loads its primary malicious payload from a different host. This malicious JavaScript code attempts to access the live [...]

Links for 2008-07-25 [del.icio.us]

Fri, 25 Jul 2008 20:00:00 +0000

Data Loss Prevention needs a new name--and acronym | Tech news blog - CNET News.com

Homer's Odyssey

Fri, 18 Jul 2008 12:52:08 +0000

Well, it's been a pretty busy week here as Homer Simpson + Malware = quite the commotion.

It started off with USA Today, VNUNet and CNET, then appeared on Slashdot over the weekend. After that, the sheer joy at being able to use Homer Simpson pictures in tech-related writeups was evident. Who would have thought it would finish off with Matt Selman himself (the Simpsons scriptwriter responsible for the whole "Chunkylover53" phenomenon) writing about the situation.

Pretty nuts. Heck, I even got to do a four minute Podcast that (from what I've been told) goes out to around 100 radio stations in the States. I think the closest I got to crossing security with popular culture previously was ye olde net-war (that revolved around a "stolen" picture of Lindsay Lohan - long story), but this one has Homer Simpson in it so clearly it wins by default.

However, what a lot of people might have missed - in fact, I nearly missed it myself - was something that appeared shortly before the plug appeared to be pulled on poor old Homer. Here's a screenshot of his previous message history - you can see how many times it was constantly changing:

Click to Enlarge

Here's the final message I saw before the lights seemingly went out on Homer:

Click to Enlarge

That message is particularly interesting, because it refers to a group of individuals who were involved in this Comcast hack not so long ago. Were they involved here? Or are the real culprits simply blaming someone else?

Torvalds on the "Security Circus"

Fri, 18 Jul 2008 04:32:21 +0000

According to CNET, in an e-mail to the Linux kernel developer mailing list, Torvalds said a section of the security industry was dedicated to finding bugs in software only to publicize their findings and gain notoriety. Torvalds wrote that disclosing the bug itself was enough, without having to label each individual security flaw. He added [...]

Links for 2008-07-11 [del.icio.us]

Fri, 11 Jul 2008 20:00:00 +0000

Prevent Fraud and Increase Revenue by 6% « Payment Card Security & IT Controls Explained
iPhone Smackdown: Security vs. Consumerization - Desktop Security - Dark Reading
What the heck is IT consumerization? | Tech news blog - CNET News.com
ha.ckers.org web application security lab - Archive » What Was Your Epiphany?
SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc
Jeremiah Grossman: Can WAFs protect against business logic flaws?
Not Bad For a Cubicle » Blog Archive » On Compliance
If it sounds like a duck, quacks like a duck its Security. I believe IRM is a marketing scheme for non-security professional to dictate security controls through business models. Security does use risk management principles to identify threats and should
News Blog - Media - SecureWorks
In the review, Greg attributes the problems he had to SIEM products still being immature even though they’ve been on the market for 10 years. I believe that’s true, but I also think it’s because SIEM products – even those at the leading edge of th

Security Briefing: July 2nd

Wed, 02 Jul 2008 09:20:43 +0000

Back in the saddle again. It’s a short week for both sides of the border here in North America. Happy post Canada Day to my brethren and a Happy (and approaching) July 4th to our cousins to the south.

Click here to subscribe to Liquidmatrix Security Digest!.

And now, the news…

2600 HOPE conference bringing hacking to New York City (and we’ll see you there) | CNET
FBI Investigating Major ATM Hacking Ring | Las Vegas Now
Study: Unpatched Web Browsers Prevalent on the Internet | PC World
Netherlands man arrested for hacking 50,000 credit cards | Security Pro Portal
Vint Cerf Says Government Needs To Encourage Internet Competition | Information Week
The Government’s Top Hackers? | Veracode
HSBC sites vulnerable to XSS flaws, could aid phishing attacks | ZDNet
HMRC goes cap-in-hand to Americans for help with fraud | The Independent

Tags: News, Daily Links, Security Blog, Information Security, Security News