• Leet Chrome bug finders can bag $1337 reward from Google

    Updated: 2010-01-29 17:08:17
    Google has launched a new initiative to encourage vulnerability researchers to report any security holes they find in the Google Chrome browser. Anyone who find a bug in Chrome or Chromium, the open source code used as the foundations of Chrome, can receive between $500 and $1337 for reporting the problem to Google. Bugs felt to be [...]

  • On Password Breaches and Trends

    Updated: 2010-01-29 16:43:50
    Recently, Imperva released a study (pdf) of the passwords extracted from the December 2009 RockYou security breach that resulted in the compromise of over 32 million user accounts. This study examined some statistics of the passwords retrieved, including the number and variation of characters use to construct them. The results were pretty bad. Here are [...]

  • Twitter list spam

    Updated: 2010-01-29 14:01:19
    Like many other people I'm on Twitter. Unlike most of the other websites which fall under the social networking umbrella, I've found it an essential part of my professional life - helping me share information about breaking internet threats and follow other interesting people from the computer security industry. I post tweets most days about [...]

  • Kingsoft Launches MSN Protection Shield - Version 2.1 To Offer Better Protection

    Updated: 2010-01-29 10:19:07
    Kingsoft Launches MSN Protection Shield - Version 2.1 To Offer Better Protection

  • Symantec False Positive in Flash install file

    Updated: 2010-01-28 16:07:36
    Roger's Information Security Blog Hi , welcome to my blog . It started out as a place to be able to post links and news so I could find them again . I began adding my own commentary , and its proven surprisingly popular . Thanks for stopping by . Dont forget to use the search if Google dropped you off at this page and you dont see what you're looking . for Symantec False Positive in Flash install file By Roger on January 28, 2010 11:07 AM No Comments No TrackBacks I noticed a bunch of computers reporting install_flash_player.exe as a Trojan Horse this morning . My first stop was the Symantec Forum where a bunch of users were already discussing this Since it appeared to be a false positive in an older install file for Adobe Flash , I set out to see which version of Flash was getting hit . Adobe has a archive of Flash players I downloaded a zip with every version of Flash 10 and unzipped it to my hard drive . I got a detection on flashplayer10r22_87_win.exe . Once that was quarantined the easiest thing to do was go into my local quarantine , right-click and submit to . Symantec A Symantec support employee points out the KB for false positives and the virus submission website https :

  • Facebook unnamed app: Hackers poison search results

    Updated: 2010-01-27 14:47:36
    Thanks to Clu-blog reader Jamie for contacting me regarding a scare that is currently spreading bewteen Facebook users. Users of the social-networking site are warning each other of what is rumoured to be a rogue application, spying on their activities on Facebook. Users are told in the warning that they can find the "Unnamed app" [...]

  • Second man admits involvement in Scientology DDoS attack

    Updated: 2010-01-27 11:10:43
    A second man has admitted his role in a distributed denial-of-service attack (DDoS) against websites belonging to the highly controversial Scientology organisation that struck the sites in January 2008. According to media reports, 20-year-old Brian Thomas Mettenbrink of Nebraska has signed a plea agreement confirming that he downloaded software from an anti-Scientology web forum with the [...]

  • TechCrunch hacked again, as intruders turn potty-mouthed

    Updated: 2010-01-27 07:06:37
    Top technology blog TechCrunch has been hacked for the second time in 24 hours, with visitors being greeted by an offensive message directed at site founder Michael Arrington. Part of the message posted by the hacker reads: So Arrington, how much did all the media coverage yesterday brought you in trough the welcome.html ad you forced people to? What [...]

  • The cost of a compromised record

    Updated: 2010-01-26 21:43:42
    According to a new article on TechTarget, a study by the Ponemon Institute has revealed the cost of a data breach has increased once again, to $204 per compromised record. The study is available for download at http://www.encryptionreports.com/ after giving away some personal details. The “Fifth Annual U.S. Cost of Data Breach Study,” funded in part [...]

  • TechCrunch hit by hack attack, says 'we'll be back soon'

    Updated: 2010-01-26 08:39:25
    TechCrunch, one of the world's top blogs, has been hacked. At approximately 6:20am GMT the site was replaced with this message, linking to a site containing links to adult and pirated material: As far as we can tell at this point, the site was not infected with malware. If that is confirmed then we should all [...]

  • Johnny Depp has NOT died in a car crash, but hackers exploit rumours

    Updated: 2010-01-24 13:24:05
    25 January: Updated to include video of the associated malware attack. Hollywood movie actor Johnny Depp, famous for his roles in Edward Scissorhands, Sleepy Hollow and Pirates of the Caribbean, became the unwitting star of an internet hoax which spread widely this weekend. Innocent internet users were fooled by the hoax, spreading messages to their online friends [...]

  • Can we *prove* China is behind Operation Aurora?

    Updated: 2010-01-22 21:47:36
    Is it possible to prove that the recent hacks against Google, Adobe, and others were sponsored by the Chinese government? It's not that easy. You see, although there's unlikely to be anyone with a better motive for cracking into the email accounts of Chinese human rights activists, there's a lot of difference between a good motive and [...]

  • Scams Take Advantage of Haiti Relief Efforts

    Updated: 2010-01-22 18:31:34
    Never is the heartless nature of cybercriminals more apparent than in the wake of a tragedy. As relief efforts continue and worldwide aid pours in to help those affected by the earthquake that rocked Haiti on January 12, cybercriminals have not slowed their efforts. They are eager to get you to donate money that the people [...]

  • Firefox 3.6 checks your plugins are up to date

    Updated: 2010-01-22 15:42:20
    Yesterday, Mozilla released the latest version of its web browser Firefox and it comes with a rather nice-sounding security feature. Firefox 3.6 claims to be faster than ever before, but that's not why it's caught my attention. The new functionality that I'm pleased to hear about is its ability to detect out-of-date plugins. Plugins are those [...]

  • Operation Aurora: Microsoft knew about Internet Explorer flaw for four months

    Updated: 2010-01-22 14:58:10
    On Thursday there were sighs of relief from all corners as Microsoft released a security patch for a vulnerability that had been exploited by hackers. The patch fixed a critical zero-day vulnerability in versions of Internet Explorer that would have meant visiting a boobytrapped webpage could have infected your computer, opening a backdoor for remote hackers. Nasty [...]

  • Kingsoft Highlights at Nepal CAN-InfoTech 2010 Exhibit

    Updated: 2010-01-22 03:45:41
    Kingsoft Highlights at Nepal CAN-InfoTech 2010 Exhibit

  • Patch Released for Recent Microsoft Zero Day (CVE-2010-0249)

    Updated: 2010-01-21 20:14:58
    Microsoft has released Security Bulletin MS10-002, regarding Internet Explorer vulnerabilities. In addition to patching the flaw exposed by Operation Aurora, the company released patches for seven other vulnerabilities. We are aware of reports of private CVE-2010-0249 exploits impacting Internet Explorer 7 and 8 (though these are mitigated with ASLR and DEP). Historically, the odds of private exploits [...]

  • ISACA announces CRISC certification

    Updated: 2010-01-20 21:31:38
    ISACA has introduced a new certification for risk managers – CRISC. I’ve got their CISA certification, and I’m not sure that CRISC is useful (other than as a way to make them money). First off, risk management is not specific to the IT field, and most risk managers are not working in IT but in [...]

  • Update on Recent Microsoft 0day (CVE-2010-0249)

    Updated: 2010-01-20 07:44:07
    Here’s a quick update on CVE-2010-0249, aka the Aurora exploit.  A few days ago exploit code was made public.  Since then malware authors have been customizing the exploits payload to install their own malicious creations.  Much of the field telemetry we’ve been receiving has been coming from McAfee users in China visiting websites in China.  [...]

  • Adobe Shockwave Update

    Updated: 2010-01-20 04:44:58
    Roger's Information Security Blog Hi , welcome to my blog . It started out as a place to be able to post links and news so I could find them again . I began adding my own commentary , and its proven surprisingly popular . Thanks for stopping by . Dont forget to use the search if Google dropped you off at this page and you dont see what you're looking . for Adobe Shockwave Update By Roger on January 19, 2010 11:44 PM 1 Comment No TrackBacks Adobe has released an update for Shockwave to patch security vulnerabilities . A security bulletin was released . today As usual Adobe is giving enterprise admins the finger by advising to upgrade Shockwave , you must first uninstall old Shockwave versions , reboot and then install the new version of Shockwave . Does anyone actually do that I dont know about anyone else , but I try to minimize the disruption of my patching program . Part of that is limiting reboots . I can't think of another application that makes such unreasonable demands . Fortunately I've ignored rebooting while upgrading Shockwave and it hasn't caused me any major issue yet . I also wonder where Shockwave fits into Adobe's security program . If its so important that Adobe

  • Investigating a Possible Charity Scam

    Updated: 2010-01-19 19:08:14
    On Saturday, my McAfee Labs colleague Craig Schmugar wrote about phishing sites and email scams related to the recent earthquake in Haiti. The people behind these frauds deserve to be caught by the law. I have a story that demonstrates that when several researchers join forces the bad guys run the risk of being punished. On [...]

  • McAfee ‘Hacking Exposed’ Webcast Series Fights Cybercrime

    Updated: 2010-01-19 18:16:25
    We are pleased to announce the next event in our complimentary monthly “Hacking Exposed Live!–A Webcast Series,” which educates attendees to protect against cybercrime and hackers. The monthly webcast, hosted by Hacking Exposed coauthor and McAfee Senior Vice President Stuart McClure, walks attendees through the latest hacking techniques and explains countermeasures for preventing attacks. The [...]

  • An Insight into the Aurora Communication Protocol

    Updated: 2010-01-19 07:02:19
    As we know, the recent Operation Aurora has been making waves due to a highly organized attack targeting companies such as Google, Adobe and other high profile companies. A security breach due to a vulnerability in Microsoft’s Internet Explorer, CVE-2010-0249, caused remote code execution leading to download of malware on compromised systems. At McAfee Labs, researchers [...]

  • TweetBrawl

    Updated: 2010-01-18 05:43:33
    Looks like Purewire has taken a page from AOL's AIM Fight and have put up Tweet Brawl AIM Fight attempts to determine how popular you are right this second by looking at your online buddies and their online buddies out to the third degree of separation. It actually uses people connected to you so you can't game the system by friending the world (like that stupid Luke Wilson AT&T ad). TweetBrawl is merely follower based. The results aren't going to change unless someone loses or gains a lot of followers. If you want to follow me at @infosectweet maybe I'd have a chance of wining one of these things.

  • Went Looking for IE Exploits in “Haiti”, Found Something Else

    Updated: 2010-01-17 07:43:46
    In my last post I mentioned that the “Operation Aurora” exploit code was public and that we could expect other attacks leveraging the CVE-2010-0249 exploit to emerge.  Given the significance of the recent earthquake in Haiti, and the slew of phishing sites, email scams, etc; it makes sense that attackers would try to incorporate an [...]

  • “Operation Aurora” Leading to Other Threats

    Updated: 2010-01-16 02:02:53
    Operation Aurora has received a lot of attention over the past couple of days.  To recap, Google, Adobe, and many other companies were attacked with code exploiting a zero-day vulnerability in Internet Explorer.  Since the announcement of this vulnerability (CVE-2010-0249), exploit code has been made public and already revised into a more usable form. History tells [...]

  • More Details on “Operation Aurora”

    Updated: 2010-01-14 22:48:00
    Earlier today, George Kurtz posted an entry, ‘Operation “Aurora” Hit Google, Others’,  on the McAfee’s Security Insight blog  The purpose of this blog is to answer questions about this particular attack; fill in some of the threat flow and McAfee coverage details. How were systems compromised? When a user manually loaded/navigated to a malicious web page from [...]

  • Gmail now HTTPS by default

    Updated: 2010-01-14 14:48:55
    Google has just announced that HTTPS access would be “on by default” starting immediately. This is in response to the recently publicized attacks against Google and Gmail which are causing Google to reconsider their approach to China. While I’m happy that Google will now be encrypting Gmail-related communication by default, I’m a little [...]

  • New Koobface variant saves researchers time from analysis

    Updated: 2010-01-13 16:09:24
    Researchers at McAfee labs monitor Koobface activities 24/7 via custom honeypots and while reviewing one such update we noticed a variant that had debug/log features. Unlike the traditional captcha breaking technique to create new accounts, this variant of the worm converts the infected machine to a bot. When we analysed the malware trapped in our botnet, [...]

  • Honeypots

    Updated: 2010-01-13 03:49:23
    In the struggle between cyber attackers and cyber defenders, many tools have been built to create a strategic advantage or to gather intelligence. One category of software has the benefit of being both. Honeypots are a combination of software and hardware that emulate a target computer system or service for the purpose of attracting attackers [...]

  • Microsoft Security Advisory for Flash

    Updated: 2010-01-13 02:00:38
    Microsoft published a security bulletin for Flash 6 which is included in Windows XP. MSKB 979267 recommends removing Flash 6 and installing the latest version of Flash from Adobe. Maybe its just me, but I think since Microsoft included Flash 6 in the default XP install, shouldn't they be responsible for patching it? Flash should be part of Microsoft Update. Fortunately Flash 6 is ancient. I believe a lot of Flash content will prompt you to upgrade to Flash 8 or 9 rather than allow you to use such an old version. Even so, a lot of vulnerable Flash remains.

  • SEPM Y2k.1

    Updated: 2010-01-13 01:34:39
    Roger's Information Security Blog Hi , welcome to my blog . It started out as a place to be able to post links and news so I could find them again . I began adding my own commentary , and its proven surprisingly popular . Thanks for stopping by . Dont forget to use the search if Google dropped you off at this page and you dont see what you're looking . for SEPM Y2k.1 By Roger on January 12, 2010 8:34 PM No Comments No TrackBacks As anyone using Symantec Endpoint Manager SEPM to manage SEP11 clients should already know , SEPM has an issue where it thinks virus definition updates from 2010 are older than updates from 2009. If you aren't on top of this , you should be subscribed to Symantec emails here I'd also apparently subscribed to something at the Symantec Forums at www.symantec.com connect . Symantec is just now starting to push out patches . Currently patches are available for 11.0.3. Keep an eye on this knowledge base article for . updates So far this has caused three problems that I care about . 1. We use Forescout Counteract to monitor for virus definitions more than a week out of date . I came in one day and found all my computers in the old definition group . The defined

  • Regulatory Compliance Trends

    Updated: 2010-01-12 14:43:54
    SearchCompliance.com has posted an article detailing important regulatory compliance trends that will affect IT in 2010. The trends that were listed include: Automation of compliance processes More regulation en route FISMA compliance reform More enforcement for noncompliance Federal data breach and privacy laws emerge Cloud computing complicates compliance SOX compliance for small companies Migration to risk management I was quoted in a [...]

  • Announce: Kingsoft Internet Security will take part in CAN-InfoTech in Nepal- Jan 13-18th, 2010

    Updated: 2010-01-11 02:06:58
    Kingsoft Internet Security will take part in CAN-InfoTech 2010 in Nepal- Jan 13-18th, 2010

  • Firewalls – how do they work?

    Updated: 2010-01-08 16:59:42
    (probably) Everyone knows that firewalls are a “good thing” to have, but how many people actually know how they work? Firewalls can have many features that I won’t go into here, but the basic way they work is that there’s a set of rules that someone sets up (or is given) and the firewall follows those [...]

  • Windows 7 – GodMode Feature

    Updated: 2010-01-07 20:39:22
    Seems the new year has brought out a few new findings. One being the newly discovered “God Mode” feature in Microsoft’s Windows 7 based operating systems. At its core, it’s basically a glorified control panel. It takes all the hard to get to, or annoying multiple right click -> properties -> options -> submenu -> [...]

  • New Trusted Computing Blueprint published.

    Updated: 2010-01-07 15:15:09
    by Rajiv Andrade, Linux Technology Center Since the foundation of the Trusted Computing Group, previously named Trusted Computing Platform Alliance, the pillars required to win most of today’s security challenges have been heavily developed. The Trusted Platform Module and the Trusted Software Stack are two of these. Now that we have in our hands the required enablement, the next expected step [...]

  • Create Your Rescue Disk Using Kingsoft Internet Security - Part II

    Updated: 2010-01-06 02:25:33
    Create Your Rescue Disk Using Kingsoft Internet Security. Part II

Last Months Items