Monday, March 13, 2006

Hacked bank server hosts phishing sites. Hacked bank server hosts phishing sites. Criminals appear to have hacked a Chinese bank's server and are using it to host phishing sites targeting customers of eBay and a major U.S. bank. [Computerworld Privacy News] 10:37:31 AM  PermaLink   / trackback []

SS# - Holy Grail, No More. Holy Grail, No More. Frankly Speaking: Put the brakes on ID theft and stop using Social Security numbers to identify your customers, employees or others in your data. Any unique number will do, argues Frank Hayes. [Computerworld Privacy News] 10:35:30 AM  PermaLink   / trackback []

Workers object to Babylon's tracking system -- Newsday.com When the Town of Babylon installed global positioning system technology in most of its fleet of 250 vehicles in January, officials touted it as a way to improve efficiency, particularly during emergencies such as snowstorms. However, the system also is being used to monitor worker behavior -- a realization that has left town .employees increasingly nervous. One of a growing number of municipalities and corporations around the country using GPS to track workers, Babylon has become the local flash point in the debate over how to balance the desire to improve efficiency with the need to protect worker privacy. Already, the use of GPS has resulted in the firing of police officers in New Jersey for sleeping on the job, and protest demonstrations by snowplow drivers in Massachusetts. Some national labor unions are so concerned they have tried to include language in bargaining contracts limiting the use of GPS. In Babylon, the $65,000-a-year system was installed in mid-January in snowplows, dump trucks and public safety vehicles, among others. About a week later, three workers were caught and eventually disciplined -- two for goofing off on town time and a supervisor for failing to report them. 10:30:17 AM  PermaLink   / trackback []

Sun pairing tools for physical, logical access. Sun pairing tools for physical, logical access. Sun this week plans to add management and other software to its identity platform so that users can converge access to physical and logical resources onto a single smart card. [Identity mangement news] 10:23:27 AM  PermaLink   / trackback []

Compulsory and centralised - UK picks hardest sell for ID cards. Compulsory and centralised - UK picks hardest sell for ID cards. Study finds scheme design hits public's hot buttons By using both compulsion and a central identity register in its ID card scheme the UK Government has opted for the combination least popular with the public, according to a study carried out by the Open University. The results of the study, Privacy Attitudes and the Acceptance of Identity Cards in the UK, are due to be published in the Journal of Information Science, and show increased levels of suspicion in the public over both of these key aspects to the ID scheme. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 10:21:22 AM  PermaLink   / trackback []

Liveammo ; Podcast: Digital Forensics and Hacking Investigations, Part 4 In Part 4 of this series, we discuss network forensics and misuse investigations; different types of devices that may hold suspect data or evidence; introduction to the 7-layer OSI model; network forensics and the role of sniffers and protocol analysis software; the function of network interface cards and layer-2 content inspection; overview of how a NIC works; overview of how a sniffer works; introduction to promiscuous mode; the 4 ways to capture traffic for network forensics; introduction to spanning and mirroring switch ports; introduction to buffered and unbuffered network taps; layer-2 transparent bridging concepts; 8-track hubs and building a receive-only ethernet cable; reasons why ARP cache poisoning shouldn't be used for network forensics; defeating name resolution-based promiscuous mode detection; defeating specially crafted ARP and malformed multicast-based promiscuous mode detection; default snaplengths and configuring a sniffer for full packet capture; introduction to tcpdump and windump; issues with Win32-derived packet capture libraries; introduction to the Network Toolkit from CACE Technologies; and more. This LiveAmmo Podcast is in .mp3 format, 00:36:15 in duration, and a 17.4 MB download. 10:18:36 AM  PermaLink   / trackback []

Mac Skeptic: More on Mac Security. Mac Skeptic: More on Mac Security. Some advice after a handful of mostly harmless worms shows that Macs are vulnerable to attack. [PCWorld.com - Latest News Stories] Editor: The author(like many in the press) seems a bit confused on the difference between a worm and a Trojan, but the article does contain some useful info. 10:12:29 AM  PermaLink   / trackback []

Slashdot | Root Password Readable in Clear Text with Ubuntu  BBitmaster writes "An extremely critical bug and security threat was discovered in Ubuntu Breezy Badger 5.10 earlier today by a visitor on the Ubuntu Forums that allows anyone to read the root password simply by opening an installer log file. Apparently the installer fails to clean its log files and leaves them readable to all users. The bug has been fixed, and only affects The 5.10 Breezy Badger release. Ubuntu users, be sure to get the patch right away." 10:02:28 AM  PermaLink   / trackback []

Reporters Exempt From Eavesdropping Bill WASHINGTON -- Reporters who write about government surveillance could be prosecuted under proposed legislation that would solidify the administration's eavesdropping authority, according to some legal analysts who are concerned about dramatic changes in U.S. law. But an aide to the bill's chief author, Sen. Mike DeWine, R-Ohio, said that is not the intention of the legislation. "It in no way applies to reporters _ in any way, shape or form," said Mike Dawson, a senior policy adviser to DeWine, responding to an inquiry Friday afternoon. "If a technical fix is necessary, it will be made." The Associated Press obtained a copy of the draft of the legislation, which could be introduced as soon as next week. The draft would add to the criminal penalties for anyone who "intentionally discloses information identifying or describing" the Bush administration's terrorist surveillance program or any other eavesdropping program conducted under a 1978 surveillance law. Under the boosted penalties, those found guilty could face fines of up to $1 million, 15 years in jail or both. Kate Martin, director of the Center for National Security Studies, said the measure is broader than any existing laws. She said, for example, the language does not specify that the information has to be harmful to national security or classified. "The bill would make it a crime to tell the American people that the president is breaking the law, and the bill could make it a crime for the newspapers to publish that fact," said Martin, a civil liberties advocate. DeWine is co-sponsoring the bill with Sens. Olympia Snowe of Maine, Lindsey Graham of South Carolina and Chuck Hagel of Nebraska. The White House and Republican Senate leaders have indicated general support, but the bill could face changes as it works its way through Congress. 9:58:06 AM  PermaLink   / trackback []

Slashdot | Bill Could Restrict Freedom of the Press WerewolfOfVulcan writes  "The Washington Post is carrying an article about a disturbing Senate bill that could make it illegal to publicly disclose even the existence of US domestic spying programs (i.e. NSA wiretaps)." --- An aide to the bill's author assures us it's not aimed at reporters, but the language is ambiguous at best. From the article: "Kate Martin, director of the Center for National Security Studies, said the measure is broader than any existing laws. She said, for example, the language does not specify that the information has to be harmful to national security or classified. 'The bill would make it a crime to tell the American people that the president is breaking the law, and the bill could make it a crime for the newspapers to publish that fact,' said Martin, a civil liberties advocate." 9:54:54 AM  PermaLink   / trackback []

McAfee update exterminates Excel | CNET News.com For a brief period on Friday, McAfee's security tools killed more than viruses. An error in McAfee's virus definition file released Friday morning caused the company's consumer and enterprise antivirus products to flag Microsoft's Excel, as well as other applications on users' PCs, as a virus called W95/CTX, Joe Telafici, director of operations at McAfee's Avert labs, told CNET News.com. "At about 1 p.m. PST we started getting reports that people were seeing an unusual number of W95/CTX infections in their environment," Telafici said. "Files that we did identify would probably be deleted or quarantined, depending on your settings." When a file gets quarantined, it's renamed and moved to a different folder. McAfee's antivirus software detected Excel.exe and Graph.exe, two Microsoft Office components, as well as other software, including AdobeUpdateManager.exe, an application installed alongside Adobe products that deals with software updates, Telafici said. About 100 customers, individuals as well as corporations, reported the problem, Telafici said. McAfee, the world's second largest antivirus software vendor, rushed to fix the mistake. Consumers were automatically reverted to the older definition files at about 2:30 p.m. and an update was pushed to corporate users an hour later, he said. The issue affected only desktop antivirus software, not McAfee's network-level products that scan e-mail, Telafici said. Also, the incorrect detection occurred only if the user ran a manual virus scan or during a scheduled scan, not during idle time or background scanning, for example, he said. 9:50:51 AM  PermaLink   / trackback []

Slashdot | McAfee Anti-Virus Causes Widespread File Damage AJ Mexico writes, "[Friday] McAfee released an anti-virus update that contained an anomaly in the DAT file that caused many important files to be deleted from affected systems. At my company, tens of thousands of files were deleted from dozens of servers and around 2000 user machines. Affected applications included MS Office, and products from IBM (Rational), GreenHills, MS Office, Ansys, Adobe, Autocad, Hyperion, Win MPM, MS Shared, MapInfo, Macromedia, MySQL, CA, Cold Fusion, ATI, FTP Voyager, Visual Studio, PTC, ADS, FEMAP, STAT, Rational.Apparently the DAT file targeted mostly, if not exclusively, DLLs and EXE files." An anonymous reader added, "Already, the SANS Internet Storm Center received a number of notes from distressed sysadmins reporting thousands of deleted or quarantined files. McAfee in response released advice to restore the files. Users who configured McAfee to delete files are left with using backups (we all got good backups... or?) or System restore." 9:47:15 AM  PermaLink   / trackback []

Why Data Mining Won't Stop Terror. Why Data Mining Won't Stop Terror. The U.S. government puts a lot of stock in the theory that computers programmed to sift through mountains of private consumer data can spot terrorists hidden in our midst. Too bad it can't work. Commentary by Bruce Schneier. [Wired News: Top Stories] 12:27:00 AM  PermaLink   / trackback []

Porn Biller Says It Was Framed. Porn Biller Says It Was Framed. An adult-oriented internet billing firm linked by security experts to a massive data spill says it's analyzed the stolen database, and the entries don't match up with the company's consumer info at all. By Quinn Norton. [Wired News: Top Stories] 12:24:35 AM  PermaLink   / trackback []

VM Rootkits: The Next Big Threat? Lab rats at Microsoft Research and the University of Michigan have teamed up to create prototypes for virtual machine-based rootkits that significantly push the envelope for hiding malware and that can maintain control of a target operating system. The proof-of-concept rootkit, called SubVirt, exploits known security flaws and drops a VMM (virtual machine monitor) underneath a Windows or Linux installation. Once the target operating system is hoisted into a virtual machine, the rootkit becomes impossible to detect because its state cannot be accessed by security software running in the target system, according to documentation seen by eWEEK. The prototype, which will be presented at the IEEE Symposium on Security and Privacy later in 2006, is the brainchild of Microsoft's Cybersecurity and Systems Management Research Group, the Redmond, Wash., unit responsible for the Strider GhostBuster anti-rootkit scanner and the Strider HoneyMonkey exploit detection patrol. 12:22:45 AM  PermaLink   / trackback []

Microsoft Research Warn About VM-Based Rootkits. Microsoft Research Warn About VM-Based Rootkits. Tenacious Hack writes "According to a story on eWeek, lab rats at Microsoft Research and the University of Michigan have teamed up to create prototypes for virtual machine-based rootkits that significantly push the envelope for hiding malware and maintaining control of a target OS. The proof-of-concept rootkit, called SubVirt, exploits known security flaws and drops a VMM (virtual machine monitor) underneath a Windows or Linux installation. Once the target operating system is hoisted into a virtual machine, the rootkit becomes impossible to detect because its state cannot be accessed by security software running in the target system." [Slashdot] 12:19:31 AM  PermaLink   / trackback []

Firefox Whips Internet Explorer In Vulnerability Tally - Yahoo! News Symantec has changed how it spells out Firefox and Internet Explorer browser vulnerabilities in reaction to complaints last September from Mozilla Firefox users and developers. "How we did it before wasn't a fair comparison," said Oliver Friedrichs, the senior manager of Symantec's security response group. "It wasn't an apples to apples comparison." Previously, Symantec's Internet Security Threat Report counted only vendor-confirmed bugs in the two browsers, which led to gripes from Firefox fans that the Internet Explorer tally was inaccurate, and too low. In the newest report, which Symantec issued Tuesday, the Cupertino, Calif.-based security company has split the counts into two categories: vendor-confirmed and a combination of vendor- and non-vendor-confirmed flaws. That gives the edge to IE in one tally, Firefox in the other. 12:11:59 AM  PermaLink   / trackback []

Symantec Rethinks Firefox vs IE Vulnerabilities. Symantec Rethinks Firefox vs IE Vulnerabilities.   chill writes "Last September security software vendor Symantec issued a report claiming IE had fewer critical flaws than Firefox and thus was more secure. Well, it seem they have now rethought that position. 'How we did it before wasn't a fair comparison,' said Oliver Friedrichs, the senior manager of Symantec's security response group. 'It wasn't an apples to apples comparison.' The key was vendor acknowledged critical vulnerabilities. Thus, if Microsoft (or the Mozilla Foundation) didn't agree it was critical, then it didn't get counted." [Slashdot] 12:08:25 AM  PermaLink   / trackback []

Kids Learn About Cyber Security. Kids Learn About Cyber Security. A New York school program teaches high-school students about data protection, firewalls and forensics, as well as ethical and legal aspects of security. It's set to go statewide next year. [Wired News: Top Stories] 12:04:18 AM  PermaLink   / trackback []