Ant recommends a Wired piece on the background story of the Kaminsky DNS bug and its (temporary) resolution, decreasing the odds of a successful breach from 1 in 2^16 to 1 in 2^32. We′ve discussed this uber-hole a number of times. Wired follows the story arc from before Kaminsky’s discovery of the bug to his public presentation of it in Las Vegas.
Read more of this story at Slashdot.
Original post by kdawson
badger.foo writes “We have seen the future of botnets, and it is distributed and low-key. Are sites running free software finally becoming malware targets? It all started with a higher-than-usual number of failed ssh logins at a low-volume site. I think we are seeing the shape of botnets to come, with malware authors doing their early public beta testing during the last few weeks.”
Read more of this story at Slashdot.
Original post by kdawson
Barence writes “After years of boasting about the Mac’s near invincibility, Apple is now advising its customers to install security software on their computers. Apple — which has continually played on Windows’ vulnerability to viruses in its advertising campaigns — issued the advice in a low-key message on its support forums. ‘Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult.’ It goes on to recommend a handful of products.” Reader wild_berry points out the BBC’s story on the unexpected recommendation.
Read more of this story at Slashdot.
Original post by timothy
CWmike writes “The worm exploiting a critical Windows bug that Microsoft patched with an emergency fix in late October is now being used to build a fast-growing botnet, said Ivan Macalintal, a senior research engineer with Trend Micro. Dubbed ‘Downad.a’ by Trend (and ‘Conficker.a’ by Microsoft and ‘Downadup′ by Symantec), the worm is a key component in a massive new botnet that a new criminal element, not associated with McColo, is creating. ‘We think 500,000 is a ballpark figure,’ said Macalintal when asked the size of the new botnet. ‘That’s not as large as some, such as [the] Kraken [botnet], or Storm earlier, but it’s… starting to grow.’”
Read more of this story at Slashdot.
Original post by kdawson
killmofasta notes an LA Times story on a severe and widespread attack on US military computers that may have originated in Russia. Turns out the military’s recent ban on flash drives was a precursor to this attack, which was significant enough that the President and the Defense Secretary were briefed on it. “The ‘malware’ strike, thought to be from inside Russia, hit combat zone computers and the US Central Command overseeing Iraq and Afghanistan. The attack underscores concerns about computer warfare. ‘This one was significant; this one got our attention,’ said one defense official, speaking on condition of anonymity when discussing internal assessments. Although officials are withholding many details, the attack underscores the increasing danger and potential significance of computer warfare, which defense experts say could one day be used by combatants to undermine even a militarily superior adversary. … [A defense official said] ‘We have taken a number of corrective measures, but I would be overstating it if I said we were through this.’”
Read more of this story at Slashdot.
Original post by kdawson
wiedzmin writes “In response to the recent resurrection of the Srizbi botnet, an Estonian ISP has shut down the hosting company that was housing its new control servers. Starline Web Services, based in Estonia’s capital Tallinn, had become the new home for the Srizbi botnet control center after the McColo hosting company (which was taken down earlier this month) has briefly come back to life last week, allowing the botnet to hand-off control to the Estonian network. After Estonia’s biggest ISP Linxtelecom demanded that Starline Web Service be taken offline, the newly acquired Srizbi control servers went down with it. However, as the rootkit is armed with an algorithm that periodically generates new domain names where the malware then looks for new instructions, it is only a matter of time before a new set of control servers is created and used to manipulate one of the biggest spam botnets in the world.”
Read more of this story at Slashdot.
Original post by kdawson
alphadogg sends along news that the US National Telecommunications and Information Administration has gotten plenty of feedback on its call for comments on securing the root zone using DNSSEC. The comment period closed yesterday, and more than 30 network and security experts urged the NTIA to implement DNSSEC stat. There were a couple of dissenting voices and a couple of trolls.
Read more of this story at Slashdot.
Original post by kdawson
Surprised Giraffe writes “Symantec is warning of a sharp jump in online attacks that appear to be targeting a recently patched bug in Microsoft’s Windows operating system, an analysis that some other security companies disputed. Symantec raised its Threat Con security alert level from one to two because of the attacks, with two denoting ‘increased alertness.’ The attacks spotted by Symantec target a flaw in the Windows Server Service that Microsoft says could be exploited to create a self-copying worm attack.”
Read more of this story at Slashdot.
Original post by timothy
narramissic writes “Lenovo plans to announce on Tuesday a service that allows users to remotely disable a PC by sending a text message. A user can send the command from a specified cell phone number — each ThinkPad can be paired with up to 10 cell phones — to kill a PC. The software will be available free from Lenovo’s Web site. It will also be available on certain ThinkPad notebooks equipped with mobile broadband starting in the first half of 2009. ‘You steal my PC and … if I can deliver a signal to that PC that turns it off, hey, I’m good now,’ said Stacy Cannady, product manager of security at Lenovo. ‘The limitation here is that you have to have a WAN card in the PC and you must be paying a data plan for it,’ Cannady added.”
Read more of this story at Slashdot.
Original post by kdawson
I’ve been using Gmail for over two years now, for a wide variety of reasons (like conversations and inbox archiving for instance). Apparently, so do a lot of domain owners, who woke up one day to find that their online properties were stolen.
Here’s a summary: a hacker manages to gain access to a Gmail account, just enough to modify its Filters. The end result is that any emails sent by the domain registrar—including ones sent due to a “Forgot my Password” request—are forwarded to the hacker. This allows said hacker to grab control of the domain, and demand money for its return.
Thanks to online WhoIS services, which reveal the owner of a website and their email, pulling it off seems relatively easy. I’m honestly not sure if Gmail really suffers from a security flaw, but you can check out the complete details here—and check your Gmail filters just to be safe. It takes only a few seconds after all.
Tags: domain theft, Gmail, security, vulnerability
Original post by Rico
tiffanydanica writes “For all the flack Mozilla gets about its new security warnings for https sites, at least it warns the user when a mismatch occurs. Sadly the new Yahoo! Zimbra Desktop (released in part to fix some security issues), doesn’t bother validating the SSL certificate on the other side before sending along the username and password, making it vulnerable to a man-in-the-middle attack. This is certainly a step up from transmitting the information in the clear, since the attacker must switch from being passive to active, but with all of the DNS security problems, it would be fairly trivial for a malicious attacker to grab a large number of Yahoo! accounts (be it for phishing or spaming). Hopefully this issue will get fixed shortly, but for now Yahoo! Zimbra Desktop users may wish to use the webmail interface.”
Read more of this story at Slashdot.
Original post by timothy
An anonymous reader writes “The Pentagon has suffered from a cyber attack so alarming that it has taken the unprecedented step of banning the use of external hardware devices, such as flash drives and DVDs […] The attack came in the form of a global virus or worm that is spreading rapidly throughout a number of military networks.”
Read more of this story at Slashdot.
Original post by timothy
netbuzz writes “Meeting in Minneapolis this week, the Internet engineering community is debating whether to aggressively fashion and apply fixes for the so-called Kaminsky bug in the DNS discovered this summer, or to simply let its threat stand as motivation for all to move with greater speed toward DNSSEC, which is considered the best long-term security solution. Problem with the latter approach is that DNSSEC has been in the works for a decade already, no one is confident it will be universally embraced, and the Kaminsky flaw is causing real problems today.
Read more of this story at Slashdot.
Original post by timothy
An anonymous reader writes “Fewer than 1% of airline passengers singled out at airports using the much vaunted ‘suspicious behavior detection’ techniques are arrested, Transportation Security Administration figures show. The TSA program, launched in early 2006, looks for terrorists using a controversial surveillance method based on behavior detection and has led to more than 160,000 people in airports receiving scrutiny, such as a pat-down search or a brief interview. It has resulted in only 1,266 arrests, often on charges of carrying drugs or fake IDs, the TSA said. The TSA has not publicly said whether it has caught a terrorist through the program.” In related news, the odds of sanity coming to the TSA plummeted today when Schneier said he′s not interested in the top job there.
Read more of this story at Slashdot.
Original post by kdawson
A week ago we discussed the takedown of McColo (and the morality of that action). McColo was reportedly the source of anywhere from 50% to 75% of the world’s spam. On Saturday the malware network briefly returned to life in order to hand over command and control channels to a Russian network. “The rogue network provider regained connectivity for about 12 hours on Saturday by making use of a backup arrangement it had with Swedish internet service provider TeliaSonera. During that time, McColo was observed pushing as much as 15MB of data per second to servers located in Russia, according to… Trend Micro. The brief resurrection allowed miscreants who rely on McColo to update a portion of the massive botnets they use to push spam and malware. Researchers from FireEye saw PCs infected by the Rustock botnet being updated so they′d report to a new server located at abilena.podolsk-mo.ru for instructions. That means the sharp drop in spam levels reported immediately after McColo’s demise isn’t likely to last.”
Read more of this story at Slashdot.
Original post by kdawson
Developages - Development and Technology Blog