[SecurityRatty] tag: secretly

CIA Agent Warns Against Chinese Trojan Horse Microchip

Wed, 19 Nov 2008 12:20:03 +0000

Robert Eringer, a CIA and FBI spook, also the man responsible for bringing American traitor Edward Lee Howard to justice, is claiming some Chinese-built systems are secretly equipped with a hidden microchip (called the 'Manchurian Microchip')that can be activated any time by China’s military intelligence services, the PLA.

Court halts sale of spyware program

Tue, 18 Nov 2008 02:00:00 +0000

A federal court has ordered a software company to stop selling a program that secretly records keystrokes on a person's PC, the FTC said.

U.S. court halts sale of spyware program

Mon, 17 Nov 2008 21:00:00 +0000

A U.S. court has ordered a software company to stop selling a program that secretly records keystrokes on a person's PC, the U.S. Federal Trade Commission said Monday.

Malware? We don't need no stinking malware!

Fri, 24 Oct 2008 10:25:00 +0000

Written by Oliver Fisher

"This site may harm your computer"
You may have seen those words in Google search results — but what do they mean? If you click the search result link you get another warning page instead of the website you were expecting. But if the web page was your grandmother's baking blog, you're still confused. Surely your grandmother hasn't been secretly honing her l33t computer hacking skills at night school. Google must have made a mistake and your grandmother's web page is just fine...

I work with the team that helps put the warning in Google's search results, so let me try to explain. The good news is that your grandmother is still kind and loves turtles. She isn't trying to start a botnet or steal credit card numbers. The bad news is that her website or the server that it runs on probably has a security vulnerability, most likely from some out-of-date software. That vulnerability has been exploited and malicious code has been added to your grandmother's website. It's most likely an invisible script or iframe that pulls content from another website that tries to attack any computer that views the page. If the attack succeeds, then viruses, spyware, key loggers, botnets, and other nasty stuff will get installed.

If you see the warning on a site in Google's search results, it's a good idea to pay attention to it. Google has automatic scanners that are constantly looking for these sorts of web pages. I help build the scanners and continue to be surprised by how accurate they are. There is almost certainly something wrong with the website even if it is run by someone you trust. The automatic scanners make unbiased decisions based on the malicious content of the pages, not the reputation of the webmaster.

Servers are just like your home computer and need constant updating. There are lots of tools that make building a website easy, but each one adds some risk of being exploited. Even if you're diligent and keep all your website components updated, your web host may not be. They control your website's server and may not have installed the most recent OS patches. And it's not just innocent grandmothers that this happens to. There have been warnings on the websites of banks, sports teams, and corporate and government websites.

Uh-oh... I need help!
Now that we understand what the malware label means in search results, what do you do if you're a webmaster and Google's scanners have found malware on your site?

There are some resources to help clean things up. The Google Webmaster Central blog has some tips and a quick security checklist for webmasters. Stopbadware.org has great information, and their forums have a number of helpful and knowledgeable volunteers who may be able to help (sometimes I'm one of them). You can also use the Google SafeBrowsing diagnostics page for your site (http://www.google.com/safebrowsing/diagnostic?site=) to see specific information about what Google's automatic scanners have found. If your site has been flagged, Google's Webmaster Tools lists some of the URLs that were scanned and found to be infected.

Once you've cleaned up your website, use Google's Webmaster Tools to request a malware review. The automatic systems will rescan your website and the warning will be removed if the malware is gone.

Advance warning
I often hear webmasters asking Google for advance warning before a malware label is put on their website. When the label is applied, Google usually emails the website owners and then posts a warning in Google's Webmaster Tools. But no warning is given ahead of time - before the label is applied - so a webmaster can't quickly clean up the site before a warning is applied.

But, look at the situation from the user's point of view. As a user, I'd be pretty annoyed if Google sent me to a site it knew was dangerous. Even a short delay would expose some users to that risk, and it doesn't seem justified. I know it's frustrating for a webmaster to see a malware label on their website. But, ultimately, protecting users against malware makes the internet a safer place and everyone benefits, both webmasters and users.

Google's Webmaster Tools has started a test to provide warnings to webmasters that their server software may be vulnerable. Responding to that warning and updating server software can prevent your website from being compromised with malware. The best way to avoid a malware label is to never have any malware on the site!

Reviews
You can request a review via Google's Webmaster Tools and you can see the status of the review there. If you think the review is taking too long, make sure to check the status. Finding all the malware on a site is difficult and the automated scanners are far more accurate than humans. The scanners may have found something you've missed and the review may have failed. If your site has a malware label, Google's Webmaster Tools will also list some sample URLs that have problems. This is not a full list of all of the problem URLs (because that's often very, very long), but it should get you started.

Finally, don't confuse a malware review with a request for reconsideration. If Google's automated scanners find malware on your website, the site will usually not be removed from search results. There is also a different process that removes spammy websites from Google search results. If that's happened and you disagree with Google, you should submit a reconsideration request. But if your site has a malware label, a reconsideration request won't do any good — for malware you need to file a malware review from the Overview page.

How long will a review take?
Webmasters are eager to have a Google malware label removed from their site and often ask how long a review of the site will take. Both the original scanning and the review process are fully automated. The systems analyze large portions of the internet, which is big place, so the review may not happen immediately. Ideally, the label will be removed within a few hours. At its longest, the process should take a day or so.

Malware? We don't need no stinking malware!

Fri, 24 Oct 2008 10:25:00 +0000

56 Arrested in DarkMarket Sting, Says FBI

Fri, 17 Oct 2008 00:20:00 +0000

The FBI acknowledges what Wired.com readers learned Monday: The internet's top English-speaking cybercrime forum was secretly run by the bureau for the last two years. The FBI says 56 people have been arrested around the world.

Cali, Nevada, Massachussets Pass Data Security Protections

Wed, 08 Oct 2008 05:44:03 +0000

New protections at the state-wide level are being enacted, covering a wide range of topics from RFID tags to encryption. Here’s a look at the states moving forward now:

California — Our Governator passed a law making it illegal to secretly scan RFID tags

He then killed a bill that would limit the amount of time retailers could hold onto customer information, for the second year in a row.

Nevada — A new law requires businesses to encrypt customer information sent outside “the secure system of the business” except by fax

Massachusetts — New rules require that organizations that store personal data about its residents must encrypt the data on portable devices starting in 2009.

Brian Krebs at the Washington Post has the nitty gritty about the above new laws.

'Clickjackers' could hijack Webcams, microphones, Adobe warns

Wed, 08 Oct 2008 00:00:00 +0000

Adobe Systems is warning users that hackers could use clickjacking attack tactics to secretly turn on a computer's microphone and Web camera.

Clickjackers could hijack Webcams, microphones, Adobe warns

Tue, 07 Oct 2008 20:00:00 +0000

Adobe Systems warned users Tuesday that hackers could use recently-reported "clickjacking" attack tactics to secretly turn on a computer's microphone and Web...

PC Webcams Might Be Abused Through Clickjacking To Silently Spy On Users

Tue, 07 Oct 2008 19:32:08 +0000

An Israeli security researcher has released a demo of a “clickjacking” attack, using a JavaScript game to turn every browser into a surveillance zombie. The proof-of-concept game uses a PC’s video cam and microphone to secretly spy on the player. The release of the demo follows last month’s partial disclosure of the cross-platform attack/threat, which affects [...]