Iain Thomson in San Francisco, V3.co.uk, Wednesday 14 July 2010 at 18:10:00

Latest report makes for grim reading on patching and spam

A report into the state of internet security has found patching is still
woefully poor among computer users.

O…

read more from this topic.....

Phil Muncaster, V3.co.uk, Saturday 3 July 2010 at 13:05:00

V3.co.uk rounds up the top security stories

This week has been dominated by yet more cyber criminal activity targeting
the banking and defence industries, as well as efforts by the gover…

read more from this topic.....

Shaun Nichols in San Francisco, V3.co.uk, Saturday 3 July 2010 at 01:14:00

Researchers find social engineering flaw still open to attack

Adobe is on the defensive following the discovery of a security loophole
previously believed to have been pa…

read more from this topic.....

Iain Thomson in San Francisco, V3.co.uk, Sunday 20 June 2010 at 03:32:00

Fix not mentioned in release notes

Experts at Sophos have discovered a patch for Apple’s anti-malware software
that was not mentioned in the security notes accompanying the…

read more from this topic.....

Phil Muncaster, V3.co.uk, Saturday 12 June 2010 at 13:31:00

V3.co.uk rounds up the hottest security stories of the week

The week has been dominated by a batch of security fixes from Microsoft,
Google and Adobe covering several key products, as w…

read more from this topic.....

Phil Muncaster, V3.co.uk, Saturday 8 May 2010 at 18:11:00

It’s been fairly quiet on the security front this week. Microsoft has
announced that its next Patch Tuesday update will be fairly light, while Google
has tightened up its cloud security, and new research from VeriSign and Symantec
Hosted Services proves that there is still a lot to keep security professionals
busy.

First up is the news that a college student is
facing
over 20 years in jail and huge fines after guessing the password to the
Yahoo email account of onetime vice presidential candidate Sarah Palin.

David Kernell was convicted of obstruction of justice and using unauthorised
access to obtain information from a computer, which comes with a maximum term of
20 years in jail. He was found innocent of wire fraud, and a charge of identity
theft was dismissed after a retrial.

Google, meanwhile, has
released
a new tool that allows administrators at firms using Google Apps to remotely
reset cookies to ensure that sensitive data cannot be accessed if a device is
lost or stolen.

Google Apps software engineer Will Smit said in a blog post that the feature
offers improved cloud security for organisations concerned that more information
is being stored in the cloud than ever before.

Also this week, the
perils
of Facebook were highlighted again in a new survey which found that almost a
quarter of Facebook users do not do enough to protect their own data on the
social networking site.

Web authentication firm VeriSign published a report this week offering advice
on how to guard against the
growing
threat of distributed denial-of-service attacks. The
DDoS
Mitigation report is designed to guide enterprises through the minefield of
internet security, which VeriSign said had changed dramatically over the past 12
months.

Meanwhile, Symantec Hosted Services released new research indicating that a
lack of knowledge and awareness about how to use Linux mail servers could be
contributing to the disproportionately large number of Linux machines being
exploited
to send spam.

“One reason there is so much spam from Linux could be that many companies
that have implemented their own mail servers, and are using open-source software
to keep costs down, have not realised that leaving port 25 open to the internet
also leaves them open to abuse,” said malware data analyst Mat Nisbet.

Finally, Microsoft has published its
advance
notification for this month’s Patch Tuesday update on 11 May. Security
administrators will be pleased to hear that it will be a relatively light affair
with fixes for two critical vulnerabilities in Windows and Office.

read more from this topic.....

Phil Muncaster, V3.co.uk, Saturday 1 May 2010 at 11:46:00

The Infosecurity Europe show in London dominated the week in security,
witnessing a slew of announcements from the vendor community, and a data breach
survey from PricewaterhouseCoopers (PwC).

Elsewhere, the McAfee update blunder rumbled on and a new malicious attack
targeted iPad users.

The majority of security news this week undoubtedly came from the
Infosecurity Europe 2010 event. Kingston unveiled a line of
ultra-secure
USB Flash drives for Windows PCs, certified to the US government’s FIPS
140-2 Level 2 security standard, while hardware encryption firm Stonewood Group
released a tool which it claims can
protect
shared enterprise data.

Also at the show, the Information Commissioner’s Office warned that
organisations could soon be
forced
to report all serious data breaches as part of an upcoming review of a
European Union directive on the reporting of data losses.

PwC, meanwhile, found that a staggering 92 per cent of large organisations
have
suffered
a security incident or data breach in the past year, according to its
biennial Information Security Breaches Survey.

Symantec timed its latest acquisition move nicely to coincide with the end of
the event, snapping up privately held encryption firms
PGP
and GuardianEdge for a total of $370m (£242m) in cash.

The security firm said that the two companies’ standards-based encryption
capabilities for full-disk, removable media, email, file, folder and smartphone,
will perfectly complement its own endpoint security and data loss prevention
tools.

Elsewhere, the
McAfee
update blunder story rumbled on, after the company finally promises to offer
technical and financial assistance after releasing a faulty update file last
week that crashed thousands of Windows XP SP3 systems.

Finally, Apple iPad users were warned of an
email-borne
threat which could give hackers unauthorised access to affected PCs.

BitDefender said that the threat arrives via an unsolicited email urging the
recipient to download the latest version of iTunes as a prelude to updating
their iPad software.

read more from this topic.....

Iain Thomson in San Francisco, V3.co.uk, Tuesday 27 April 2010 at 00:20:00

A plan to blow up IBM’s new nanotechnology centre in Switzerland was
apparently foiled this months by a routine traffic stop.

Italians Costantino Ragusa and Silvia Guerini, and Italian-Swiss Luca
Bernasconi were stopped by traffic police on April 15.

The trio were found to be carrying “explosives and further items in their car
” as well as a note “indicating a planned attack on the branch of an
international company,” said Jeannette Balmer, a spokeswoman for the Federal
Prosecutors Office according to the
SonntagsBlick
newspaper.

Their car was stopped six miles from Rueschlikon, where IBM is building a
multi-billion dollar nanotechnology laboratory, which showed off new research
last week. According to the paper the car contained a letter detailing the
target as IBM’s centre.

The three are reported to be members of Il Silvestre, an Italian activist
group. Costantino Ragusa and Silvia Guerini were convicted in 2006 along with
other activists to several years in prison for a series of arson attacks on the
homes of Italian entrepreneurs, trade unionists and politicians the paper
reports.

“IBM has been notified by Swiss police authorities about an investigation and
is cooperating accordingly,” company spokesman Chris Sciacca told
The
Associated Press.

read more from this topic.....

Phil Muncaster, V3.co.uk, Saturday 24 April 2010 at 16:20:00

It’s been a bad week for Microsoft and McAfee, both of which suffered
patch-related woes. Elsewhere, VeriSign’s iDefense managed services arm warned
of a major black market trade in compromised social networking accounts, while
Veracode and ValidSoft released tools which could help security bosses mitigate
growing threats.

First up, the European Commission has outlined plans for a security and
criminal justice system overhaul known as the
Stockholm
Programme. The system will be deployed between 2010 and 2014, and will
include stronger regulations on data protection and increased penalties for
identity thieves.

Microsoft was
forced
to take down a security patch for Windows 2000 Server amid reports that the
fix was not properly patching vulnerabilities in the Windows Media Services
component. The company is working on an update for the MS10-025 patch, released
last week as part of the monthly Patch Tuesday package.

McAfee, meanwhile, was
forced
to apologise after a recent update caused widespread
system
crashes on Windows XP SP3 systems. Cyber criminals
leaped
on the incident, using blackhat search engine optimisation techniques to
trick users searching for information on the update to click on infected links.

Several reports this week highlighted increasing threat levels. VeriSign’s
iDefense managed security services arm warned of “exponential” growth in demand
for
black
market data stolen from social networking sites, as criminals
internationalise their campaigns.

The company uncovered evidence of one particular black market forum user,
known as ‘kirllos’, who claimed to be selling 1.5 million compromised accounts
in bulk quantities.

Also this week, PricewaterhouseCoopers reported that nearly two thirds of
companies have detected
attempts
to break into their networks in the past year, double that of two years ago.

The consultancy blamed the rise in part on the increasing use of cloud
computing and social networks within the enterprise.

Symantec’s
annual
Internet Security Threat report found more than 240 million new malicious
programs last year, a 100 per cent year-on-year increase. The vendor’s
solutions architect, Sian John, said that one new botnet-infected computer is
detected worldwide every 4.6 seconds.

There was bad news for the NHS this week after Symantec discovered an
information-stealing botnet that has
compromised
1,100 NHS computers. The security firm said in a blog post that it had been
monitoring two FTP servers related to the Qakbot botnet, and found that it had
uploaded 4GB of confidential information in just two weeks.

And it emerged that the hacking attacks on Google earlier this year were much
worse than previously believed. The New York Times said that
the hackers managed to
steal
Google’s Gaia password system, described as one of the company’s “crown
jewels”.

The system controls access to all Google log-in accounts, including webmail
and the firm’s business applications.

Finally, application security firm
Veracode
launched a new tool allowing customers to compare the security of their
applications with those of their peers and the rest of the world.

SecurityInsights is built on anonymised application security data from
billions of lines of code and thousands of applications submitted to Veracode
for security testing.

Fraud prevention firm ValidSoft, meanwhile, launched a tool designed to
combat
cross-border fraud. VALid-POS will do this by resolving issues in real time
using telecoms technology to confirm whether the card is close to the customer’s
mobile phone.

read more from this topic.....

Phil Muncaster, V3.co.uk, Saturday 17 April 2010 at 16:24:00

It’s been a fairly quiet week in the security space, but not for Microsoft
customers, who were given a mammoth
patch
update on Tuesday.

The company delivered 11 bulletins fixing 25 vulnerabilities in Windows,
Office and Exchange. Five of the 11 bulletins were labelled as ‘critical’ which,
if exploited, could allow an attacker to remotely execute code on the targeted
system without user notification.

The ‘critical’ bulletins addressed flaws in Windows 2000, XP, Server 2003,
Vista, Windows 7 and Server 2008 R2.

Elsewhere, Trend Micro and Sophos released new security tools. Trend launched
an anti-virus product specifically designed for small netbook computers.
Titanium
costs $39.95 (£25) and is pitched at consumers, but could appeal to small
businesses and remote workers as it offers robust security features and tools.

Sophos, meanwhile, released updates to its
SafeGuard
Easy and SafeGuard Enterprise data protection packages.

The security firm said that the latest versions offer long-term data
protection plans, and cater for a wider array of customer requirements.

SafeGuard Enterprise 5.50 provides data encryption and data leak prevention.
The updated engine is compatible with most standards, and is built to support
the future needs of enterprise customers.

Trend was in the news again at the tail end of the week after it spotted new
Trojan
spreading from Japan, which threatens to post the internet history of infect
ed users.

The Kenzero Trojan masquerades as a download for an adult Hentai computer
game, primarily shared on the popular Japanese Winny peer-to-peer network.

Once downloaded the malware opens a registration screen for the game
demanding personal information while scanning the computer’s user account,
domain and computer name, operating system version, clipboard content, file use
history and Internet Explorer favourites.

read more from this topic.....

Phil Muncaster, V3.co.uk, Saturday 10 April 2010 at 13:58:00

It has been another eventful week in the information security space, with the
discovery of a sinister new malware network controlled from China.

Elsewhere, Microsoft, Adobe and Oracle all announced a bumper set of patch
updates for next week, which are likely to keep security administrators busy for
some time.

The week started with
new
powers for the Information Commissioner’s Office to fine organisations in
serious breach of the Data Protection Act up to £500,000, although it remains to
be seen whether these measures will make a great deal of difference.

More disturbing news emerged on Tuesday from the University of Toronto,
concerning a targeted malware network
controlled
by servers in China.

The network is said to have compromised computer systems in the Office of the
Dalai Lama, Indian government, business and academic organisations and even the
United Nations.

The Chinese government issued a stock denial of any such activities, claiming
that they had been “stirred up” to cause trouble.

Believe of that what you will, but the standoff between Google and China at
least seems to be abating slightly, with the news this week that some of its
mobile
services hitherto blocked in the region are coming back online.

At the tail end of the week, several major software makers published details
about upcoming security updates.

Microsoft warned that
April’s
Patch Tuesday will address 25 problems in 11 security bulletins. Five of the
vulnerabilities are rated ‘critical’, and apply to enterprise applications
including Microsoft Office and Exchange. Affected operating systems include
Windows 2000, XP, Vista, 2003, 2008 and Windows 7.

Meanwhile, Oracle announced that its next
quarterly
Critical Patch Update will contain 47 security vulnerability fixes across
hundreds of products.

The software giant also announced that its Solaris suite of products will be
moved onto the same cycle, allowing users of the Sun products to know months in
advance if their systems need patching.

Also this week, Adobe issued
a
pre-notification of its security patches for April, which will include fixes
for the Reader and Acrobat applications, and will be delivered through a new
update system.

The firm has been testing the new service with beta customers since October,
claiming that it will help customers stay on top of patches and keep systems up
to date.

And rounding off the week on another pessimistic note, security firm Webroot
warned of a
sinister
new threat that apparently uses malware to render a PC unbootable.

Andrew Brandt, a security researcher at Webroot, said that the malware takes
data from a PC before making it unbootable. The attacks are so severe that any
attempt to remove the malware causes the machine to crash repeatedly.

read more from this topic.....

Phil Muncaster, V3.co.uk, Saturday 3 April 2010 at 09:15:00

It was a busy week this week for both Apple and Microsoft, after the two tech
giants were forced to patch critical flaws in their products, while Google’s
spat with China continued and social networks were found wanting once again.

First, Microsoft’s Internet Explorer product was
was
at the centre of another security scare, with the firm forced to issue an
out-of-cycle patch for IE6 and IE7 – the second time this year Redmond has had
to release a patch outside its regular schedule.

“The out-of-band security bulletin is a cumulative security update for IE and
will also contain fixes for privately reported vulnerabilities rated ‘critical’
on all versions of IE that are not related to this attack,” said the company.

On the same day,
Apple
issued major security updates for Mac OS 10.5 (Leopard) and Mac OS 10.6
(Snow Leopard), as well as additional performance and stability updates for Snow
Leopard. The security update includes 69 fixes for various components in Leopard
and Snow Leopard, including nine vulnerabilities in QuickTime and four in the
ImageIO component.

There was more trouble for Google this week as the tit for tat battle between
the web giant and the Chinese government continued.

It emerged early in the week that some of
Google’s
mobile services were being blocked by China, while a senior Google security
researcher argued that the attacks it suffered in January originating in the
region represented
a
much wider threat to the internet.

It’s not just Google bearing the brunt of hacking attacks in China though, as
news emerged this week that the
Yahoo
Mail accounts of several foreign journalists in the region had been
attacked.

The Foreign Correspondents’ Club of China is warning its members that email
is not secure in China, and that alternative “means of arranging interviews and
conducting other sensitive business are often preferable”.

It wasn’t a great week for social networks either, with Facebook
suffering
another privacy glitch, which meant that users’ email addresses were briefly
visible to everyone. Also this week security vendor
Blue
Coat Systems stressed the need for both administrators and security vendors
to step up efforts to prevent social engineering attacks in the enterprise.

Finally, it was a week to forget for Barnet Council, which admitted that it
had
suffered
a data breach of 9,000 children’s details, after unencrypted USBs and CDs
were stolen from an employee’s home. This despite the fact it is against council
policy to take data home on unencrypted devices.

read more from this topic.....

Phil Muncaster, V3.co.uk, Saturday 27 March 2010 at 13:18:00

It has been another busy week in security for V3.co.uk, with new
products from major vendors, interesting statistics on the latest threats, and
incidents that certain people would rather forget.

The Conservative Party kicked off the week in fine fettle, setting up a web
site aimed at embarrassing the Labour Party. But in the end it was the Tories
that were on the receiving end of a rather clever hack.

Trend Micro senior security advisor Rik Ferguson
explained
that the Cash Gordon site was set up to collect any message posted on Twitter
that contained the hashtag #cashgordon and republish it in a live stream in a
widget on the Cash Gordon home page.

“Obviously this was duly noted and passed around. It was soon discovered that
if you tweeted HTML or JavaScript instead of standard messages, this content
would be interpreted and rendered by the visitor’s browser as a legitimate part
of the Cash Gordon site, allowing pranksters to redirect visitors to any site of
their choosing,” he wrote.

“This latest in a line of social media marketing related fails is a salutary
warning not to underestimate the technical know-how of the world wide audience
you are inviting.”

Next up is Mozilla, which was forced to rush out an
update
to its Firefox browser to fix a critical security flaw. Version 3.6.2 was
originally scheduled for release on 30 March.

There were red faces at Vodafone this week, as the firm was forced to admit
that the “isolated incidents” of HTC handsets apparently shipping from its
factories in Spain
containing
the Mariposa malware were not so isolated after all. Around 3,000 handsets
are now thought to be affected.

Interesting statistics again this month from Symantec Hosted Services, which
identified China as the
number-one
source of email-borne targeted attacks of the sort Google suffered recently.

Symantec also found the UK to be the most active country for phishing
attacks, thanks in part to the availability of phishing toolkits on the web.

And now for some good news. Symantec and McAfee both released tools this week
designed to protect against web-based attacks and data loss incidents.

Symantec’s
Web
Security Monitoring service provides round-the-clock protection from browser
and web application vulnerabilities, while
McAfee
Data Loss Prevention will help secure sensitive data on internal systems and
removable storage media.

Finally, there was encouraging news from the US, after
Twitter
reported a major drop in spam in the past six months, while a proposed law
being considered by senators could allow the US to impose sanctions against
countries that
fail
to deal with online crime.

read more from this topic.....

Shaun Nichols in San Francisco, V3.co.uk, Wednesday 10 March 2010 at 01:21:00

Microsoft has delivered its monthly security update, and issued a
security
advisory warning of attacks targeting older versions of Internet Explorer
(IE).

The company said that a remote-code execution flaw in IE6 and IE7 is being
exploited for malware attacks. IE8 is not believed to be susceptible.

Microsoft is advising users who cannot upgrade to IE8 to avoid suspicious or
untrusted links. Using the IE ‘protected mode’ setting in Windows Vista and
Windows 7 will also help to limit the scope of a potential attack, the company
said.

The March edition of the security update contains two bulletins addressing
eight vulnerabilities in Office.

The bulletins are rated ‘important’, Microsoft’s third of four alert levels.
If exploited, the flaws could allow an attacker to remotely execute code on a
targeted system.

The first bulletin corrects a flaw in the Movie Maker component for Microsoft
Producer 2003, while the second patches vulnerabilities in Excel for Office XP,
2003 and 2007 as well as the 2004 and 2008 versions of Office for Mac OS X.

read more from this topic.....

David Neal, V3.co.uk, Wednesday 24 February 2010 at 12:19:00

Adobe has released a
security
update fixing a critical flaw in its Download Manager software that could
let attackers download and install unauthorised software onto a user’s system.

The issue applies to any instance of the software downloaded before today,
but will not apply to any new versions, the firm said.

“Adobe Download Manager is designed to remove itself from the computer after
use at the next computer restart. However, Adobe recommends users verify that a
potentially vulnerable version of the Adobe Download Manager is no longer
installed on their machine,” said the security bulletin.

Adobe credited security researcher Aviv Raff for bringing the flaw to the
company’s attention.

“Recently, I found a design flaw on Adobe’s web site which allows the abuse
of the Adobe Download Manager to force the automatic installation of Adobe
products, as well as other software products (e.g. Google Toolbar),” Raff said
in a
blog
post.

“Instead of admitting that this design flaw is indeed a problem which can be
abused by malicious attackers, Adobe decided to downplay this issue.”

Adobe urged users to see whether the C:\Program Files\NOS\ folder and its
contents (NOS files) are present on their system. If they are, the firm
recommends running the ‘services.msc’ prompt and making sure that ‘getPlus(R)
Helper’ is not in the list of services. If it is, it should be removed.

read more from this topic.....

Shaun Nichols in San Francisco, V3.co.uk, Saturday 30 January 2010 at 03:40:00

Google is offering cash rewards to security researchers who find flaws in its
Chrome web browser.

The company will pay $500 to $1,337 (£314 to £840) to developers who find and
directly report security holes. The $1,337 amount is an apparent homage to the
hacker term
1337
(pronounced ‘leet’ and meaning ‘elite’).

The payment system will apply to flaws in the Chromium open-source project,
along with the browser and bundled components such as Google Gears.

Google Chrome security team member Chris Evans said in a
blog
post that Google is looking to bring more third-party researchers onboard.

“Some of the most interesting security bugs we’ve fixed have been reported by
researchers external to the Chromium project,” he wrote.

“Thanks to the collaborative efforts of these people and others, Chromium
security is stronger and our users are safer.”

Paying researchers for the disclosure of flaws is a tactic used by developers
and security vendors to encourage research and responsible disclosure.

Companies hope that the cash rewards will persuade researchers to report
flaws to those who will patch them, rather than malware writers who pay for new
vulnerabilities to exploit.

read more from this topic.....

Phil Muncaster, V3.co.uk, Friday 29 January 2010 at 13:09:00

The fallout from the
Chinese
hack on Google’s systems continued today, after the Department of Health
(DoH) released an urgent bulletin advising all NHS Trusts using Internet
Explorer 6 to upgrade their browser.

Microsoft admitted a fortnight ago that a
critical
flaw in Internet Explorer had been the route by which Chinese hackers sought
to infiltrate Google’s corporate systems, a flaw that it later admitted to
knowing
about for months.

Microsoft has since issued an
out-of-band
patch for the problem, which can allow remote code execution on affected
systems. But the company is recommending users to upgrade to IE8, which has
security measures which will make the exploit code difficult to implement
effectively.

The DoH Informatics Directorate has now issued its own
guidance
for NHS Trusts, urging them to implement the fix as soon as possible. The
bulletin also recommended that “organisations still using IE6 on the affected
platforms upgrade to IE7″.

“IE7 has been warranted to work correctly with NHS Spine applications such as
CSA, and provides additional security features over IE6,” the directive added.

The DoH has provided no further information, and is presumably not
recommending an upgrade to the newest version of Microsoft’s browser, IE8,
because of support issues with these key applications.

read more from this topic.....

Shaun Nichols in San Francisco, V3.co.uk, Saturday 23 January 2010 at 07:36:00

RealNetworks has become the latest company to issue a security alert,
revealing at least 10 vulnerabilities in various versions of RealPlayer.

None of the flaws is being actively targeted in the wild, but RealNetworks
has urged users to update to the latest version of the player.

Users of RealPlayer 11.0.2 for Mac and Linux or the SP 1.0.2-1.0.5 version
for Windows will not need to update their players. But systems running earlier
versions of RealPlayer, Helix Player and RealPlayer Enterprise will need to be
updated.

Among the 10 vulnerabilities are buffer overflow errors which could be used
by an attacker to crash the player and remotely install code on a targeted
system. Such remote code vulnerabilities are commonly used to perform malware
installations.

The RealPlayer update comes at the end of a busy period for security fixes.
Adobe
and
Apple
issued updates for their products recently, while Microsoft yesterday
posted
a fix for the much talked-about Internet Explorer vulnerability.

read more from this topic.....

Phil Muncaster, V3.co.uk, Friday 22 January 2010 at 12:01:00

Microsoft knew about the
critical
flaw in Internet Explorer (IE) that was recently exploited by hackers to
gain entry to the systems of Google and at least 20 other big name companies.

Redmond issued an
out-of-cycle
patch for the flaw yesterday, urging all IE users to apply the fix as soon
as possible.

However, Microsoft security programme manager Jerry Bryant said in a
blog
posting yesterday: “When the attack discussed in
Security
Advisory 979352 was first brought to our attention on Jan 11, we quickly
released an advisory for customers three days later.

“As part of that investigation, we also determined that the vulnerability was
the same as a vulnerability responsibly reported to us and confirmed in early
September.”

The news will come as no surprise to many security watchers, although it
highlights what some have described as an inadequate system of ‘responsible
disclosure’.

Last week, little-known Russian security firm Intevydis said that it will
publish
details of zero-day exploits in business software every day for the rest of
January in protest at the private disclosure system which it believes is flawed.

Intevydis claimed that vendors usually sit on vulnerabilities that are
disclosed in private, whereas they act faster if the disclosure is made public
without prior knowledge.

“Our position on responsible disclosure policy has evolved, and now we do not
support it because it is enforced by vendors and it allows vendors to exploit
security researchers to do quality assurance work for free,” the firm added in a
blog
posting.

read more from this topic.....

Phil Muncaster, V3.co.uk, Thursday 21 January 2010 at 11:44:00

Microsoft has revealed that an out-of-cycle security update it has been
working on to fix a
critical
flaw in Internet Explorer will be made available this evening UK time.

Microsoft security programme manager Jerry Bryant said in a
blog
posting yesterday that the firm is planning to release the update “as close
as possible to 10am PST” (6pm GMT).

“This is a standard cumulative update, accelerated from our regularly
scheduled February release, for Internet Explorer with an aggregate severity
rating of critical,” he wrote.

“It addresses the vulnerability related to
recent
attacks against Google and a small subset of corporations, as well as
several other vulnerabilities. Once applied, customers are protected against the
known attacks that have been widely publicised.”

Joshua Talbot, security intelligence manager at Symantec Security Response,
argued that although the flaw has only been exploited in high profile attacks
thus far, firms should patch their systems as soon as they can.

“Despite the fact that we’ve seen just limited attacks using this
vulnerability, with exploit code public, there is no reason to think we won’t
see more attack attempts,” he added. “And you can be sure bad guys are working
overtime to create reliable exploits for the other affected versions of Internet
Explorer, namely 7 and 8.”

Microsoft has been under pressure to release an unscheduled patch after
governments in France, Germany and Australia urged their citizens to
switch
to an alternative browser until the vulnerability had been fixed.

Yesterday it emerged that Opera and Firefox had both seen
spikes
in downloads of their products as a result of the ongoing uncertainty around
the security of Microsoft’s browser.

However, Microsoft had been at pains to say that users of its Internet
Explorer 8 browser would be at
minimal
risk from the threat, given its advanced built-in security protection.

read more from this topic.....

Phil Muncaster, V3.co.uk, Wednesday 20 January 2010 at 15:48:00

Security firm McAfee has released a new tool designed to detect and repair
any threats related to the recent ‘Operation Aurora’ attacks on Google and
several other firms which exploited a
vulnerability
in Internet Explorer.

McAfee chief technology officer George Kurtz explained in a
blog
posting yesterday that the tool is an updated version of the firm’s Stinger
virus removal application.

“The
Aurora
Stinger has been designed to specifically detect and repair all known
variants of Aurora and associated threats,” he wrote.

“It also includes a link to the cloud-based McAfee Global Threat
Intelligence, which means that it will also pick up on newly discovered variants
in real time without requiring an update to the signature files that come with
the tool.”

Microsoft said yesterday that it will
release
an out-of-cycle update to the flaw when it has finished internal testing.

However, Kurtz revealed that McAfee Labs has detected an unofficial patch to
the IE flaw produced by a third party, which he urged security administrators to
avoid.

“These unofficial patches may seem like a good idea as they appear to provide
immediate protection, but applying a patch from an unknown source for software
that was created by someone else just isn’t a good idea,” he wrote.

“It can create all kinds of compatibility and performance issues, and may be
a security risk of its own.”

read more from this topic.....

Shaun Nichols in San Francisco, V3.co.uk, Wednesday 20 January 2010 at 01:56:00

Microsoft has confirmed that it is working on an out-of-cycle update to
address the recently disclosed
vulnerability
in Internet Explorer.

The company said on Tuesday that it is preparing an unscheduled update to
address the remote code execution flaw, and will provide more details on
Wednesday.

Such fixes ignore the company’s monthly Patch Tuesday release schedule, and
are generally deployed in the case of a high-profile flaw which is being
actively targeted.

In this case, the vulnerability could allow for a specially crafted web page
to crash the browser and remotely install software. The flaw is believed to be
the attack vector used in the so-called
Operation
Aurora attacks on Google and
Adobe.

Microsoft has recommended that users update their browser as soon as the
patch is available to help mitigate the threat.

“To date, the only successful attacks that we are aware of have been against
Internet Explorer 6,” wrote Microsoft Trustworthy Computing security manager
George Stathakopoulos in an update posted to the company’s
security
blog.

“We continue to recommend customers update to Internet Explorer 8 to benefit
from the improved security protection it offers.”

Other security groups, however, are proposing more drastic action. Government
computer security agencies in Germany and France are advising users to
stop
using IE altogether until a fix from Microsoft is released.

read more from this topic.....

Iain Thomson in San Francisco, V3.co.uk, Friday 4 December 2009 at 02:13:00

Research in Motion (RIM) has issued a
security
alert warning of a new attack vector targeting its software.

BlackBerry users are being warned about accessing PDF files after RIM
discovered flaws in the BlackBerry Attachment Service used to send and read the
files on mobile devices.

“Multiple security vulnerabilities exist in the PDF distiller of some
released versions of the BlackBerry Attachment Service component of the
BlackBerry Enterprise Server,” the company said.

“These vulnerabilities could enable a malicious individual to send an email
containing a specially crafted PDF file which, when opened for viewing on a
BlackBerry smartphone that is associated with a user account on a BlackBerry
Enterprise Server, could cause memory corruption and possibly lead to a denial
of service condition or arbitrary code execution on the computer that hosts the
BlackBerry Attachment Service component of that BlackBerry Enterprise Server.”

RIM has posted up several security updates to fix the flaws in its
BlackBerry
Enterprise Server and Professional software. As a workaround, RIM also
suggests that users open PDF attachments only from trusted sources.

“RIM has advised customers that it has removed PDF files from the list of
allowed extensions as a stop-gap measure,” said Graham Cluley, senior technology
consultant at Sophos. “Of course, PDFs are widely used in business, so I can’t
imagine that many firms will find that an acceptable solution for very long.”

read more from this topic.....

Iain Thomson in San Francisco, V3.co.uk, Tuesday 1 December 2009 at 21:40:00

The head of the Climatic Research Unit (CRU) at the University of East Anglia
has temporarily stepped down while an investigation is carried out into
hacked
emails and documents from the organisation’s servers.

Professor Phil Jones has said he is taking a temporary leave of absence to
allow independent investigators to examine the details of the break-in. Around
4,000 emails and documents were stolen from the CRU’s servers and published
online.

“What is most important is that CRU continues its world leading research with
as little interruption and diversion as possible,” said Professor Jones.

“After a good deal of consideration I have decided that the best way to
achieve this is by stepping aside from the Director’s role during the course of
the independent review and am grateful to the University for agreeing to this.
The Review process will have my full support.”

The bulk of the emails and documents published cover previously published
work but climate change sceptics have seized on some emails as proof that the
scientific community is engaged in deception to push a green agenda.

“It is well known within the scientific community and particularly those who
are sceptical of climate change that over 95 per cent of the raw station data
has been accessible through the Global Historical Climatology Network for
several years,” commented the University’s pro-vice-chancellor of Research
Enterprise and Engagement Professor Trevor Davies.

“We are quite clearly not hiding information, which seems to be the
speculation on some blogs and by some media commentators.”

The hacking attack on the CRU’s servers came just before the Copenhagen
climate conference and Professor Jones suggested that it was a deliberate
attempt to scupper a deal to limit carbon emissions.

“In the frenzy of the past few days, the most vital issue is being
overshadowed: we face enormous challenges ahead if we are to continue to live on
this planet,” he said.

“One has to wonder if it is a coincidence that this email correspondence has
been stolen and published at this time. This may be a concerted attempt to put a
question mark over the science of climate change in the run-up to the Copenhagen
talks.”

read more from this topic.....

Shaun Nichols in San Francisco, V3.co.uk, Tuesday 10 November 2009 at 01:57:00

The notorious
Koobface
malware has started using Google’s Reader service to spread further.

Researchers say that the new attack uses spammed messages that send users to
the compromised pages on the Reader service. When the user clicks on a fake
video embedded in the page, traffic is diverted to another site that attempts to
run a remote exploit and malware installation.

Trend Micro senior security adviser Rik Ferguson noted that the attacks
provided a slight variation on the Koobface attacks that surfaced earlier this
year. The company estimates that some 1,300 accounts have already been
compromised.

“Cybercriminals are taking advantage of Google’s credibility by hiding their
malicious links behind Google Reader,” said Ferguson.

“This is a new twist on the familiar Koobface infection routine, where
victims are asked to install Adobe Flash updates in order to view a video that
appears to be shared on the Google Reader website.”

The Koobface worm and its associated botnet have gained notoriety in security
circles for its longevity and history of targeting social networking sites.
First
surfacing in 2008 within MySpace and Facebook, the worm
later
resurfaced in 2009, this time targeting Twitter users.

read more from this topic.....

Iain Thomson in San Francisco, V3.co.uk, Saturday 10 October 2009 at 22:26:00

Adobe has issued a
security
alert about a zero-day flaw in its PDF and Reader formats which is already
being exploited by malware writers.

The company said in a
blog
post that it will release a patch for the flaw on 13 October. In the
meantime users are advised to disable JavaScript, although Adobe warned that
this may not be a complete solution.

“Adobe plans to resolve this issue as part of the upcoming Adobe Reader and
Acrobat quarterly security update scheduled for release on October 13,” the firm
said.

“Adobe Reader and Acrobat 9.1.3 customers with DEP enabled on Windows Vista
will be protected from this exploit. Disabling JavaScript also mitigates against
this specific exploit, although a variant that does not rely on JavaScript could
be possible.

“In the meantime, Adobe is also in contact with anti-virus and security
vendors regarding the issue, and recommends users keep their anti-virus
definitions up to date.”

The detected malware attack uses a Trojan called ‘Troj_Pidief.Uo’ which is
transmitted via a PDF file infected with a JavaScript agent known as
‘Js_Agent.Dt’. The malware installs a backdoor entry system using
‘Bkdr_Protux.Bd’ to give complete control of the infected computer.

The attacks were confirmed by the Taiwanese National Information and
Communication Security Taskforce, an organisation of academics, security
researchers, chief security officers and government officials.

Adobe is becoming increasingly concerned at the number of attacks on its
formats. Adobe chief technical officer Kevin Lynch said at this week’s
Adobe
Max 2009 conference that the problem is being addressed.

“We have seen an increase in attacks on Reader and Flash. We have an
excellent security team working on the issue, and also have a response team to
start work immediately on problems as they come in,” he said.

“We are looking to decrease the time from bug to fix. It was months, but we
now take two weeks for critical fixes.”

read more from this topic.....

Iain Thomson in San Francisco, V3.co.uk, Friday 4 September 2009 at 03:29:00

UK information commissioner Christopher Graham has said in testimony to the
House of Commons Select Committee on Culture, Media and Sport that parliament,
the courts and journalists are hampering efforts to protect personal data.

Graham said that an investigation by the Information Commissioner’s Office
had found evidence of requests by over 300 journalists for more than 17,000
searches into private data in 2006, but that parliament had still not addressed
the issue.

“We were let down by the courts, which did not seem to be interested in
levying even the pathetic fines they had at their disposal,” he said, according
to a report in The Guardian.

“We were rather let down by parliament in the end with no legislation, and we
were let down by the newspaper groups which did not take it seriously.”

Graham recommended that the penalties for breaching the Data Protection Act
should be increased to include jail terms for serious offenders. This would end
much of the abuse “at a stroke”, he said.

Also up before the committee were members of the Metropolitan Police who had
investigated past claims of data protection breaches.

Assistant commissioner John Yates defended the limited scale of the police
investigation into allegations that the News of the World
hacked
into mobile phones owned by members of the royal family.

Tom Watson, MP for West Bromwich East, asked Yates: “Doesn’t it look
suspicious that [private investigator Glenn] Mulcaire and [News of the
World royal editor Clive] Goodman may have been tapping royal princes’
phones, and committed a serious crime that undermined their own reputations and
that of their employers, and their employers give them a undisclosed pay-off and
no one has gone back to them and asked what that financial arrangement is about?
“

Yates replied: “It is not our business.”

read more from this topic.....

Shaun Nichols in San Francisco, V3.co.uk, Friday 28 August 2009 at 01:41:00

Cisco has issued a
security
alert about two vulnerabilities in its
Unified
Communications Manager (UCM) software.

The flaws could allow an attacker to create a denial-of-service attack on the
tool, which is used to manage enterprise telephony and communication services.
Such an attack could bring down voice services and require the system to be
restarted.

An attacker could conduct the exploit by flooding a certain port on the UCM
with TCP information packets, causing the system to reject new connection
requests and render telephony systems useless.

Cisco said that the flaw affects UCM editions 4, 5, 6 and 7. The Express
edition is not believed to be vulnerable.

The company has released patches for the 6.x and 7.x versions, and a fix for
versions 5.x is scheduled for early September. Administrators are advised to
install the updates immediately.

The risk of attack can also be mitigated by filtering access to the
vulnerable TCP 2000 and 2443 ports and the UDP 5060 and 5061 ports.

read more from this topic.....

Shaun Nichols in San Francisco, V3.co.uk, Thursday 13 August 2009 at 03:16:00

Roughly half of all new malware dies off within the first day of its
deployment, according to security experts.

Researchers at
PandaLabs
found that of the 37,000 new malware samples the company collects each day, only
48 per cent are still active and targeting users after 24 hours.

The reason behind the high turnover is to avoid detection, according to
PandaLabs. The company said that many malware samples are frequently modified
and redeployed so that security software cannot detect and remove the code from
infected machines.

Luis Corrons, technical director at PandaLabs, said: “This is a never-ending
race which, unfortunately, the hackers are still winning.

“We have to wait until we get hold of the malware they have created to be
able to analyse, classify and combat it. In this race, vendors that work with
traditional, manual analysis techniques are too slow to vaccinate clients,
because the distribution and infection span is very short.”

The company also noted that the high turnover rate could also explain the
explosion in new malware detections over recent years.

Panda said that security researchers have catalogued 10 million new samples
over the past 18 months. By comparison, the total malware volume between 1990
and 2008 was said to be about 20 million.

The explosive growth in malware has also prompted vendors to change their
practices. Many vendors have begun to complement signature-based detection with
behaviour-based “heuristics” tactics. Companies have also started looking to
cloud
computing and web services to provide more consistent updates.

read more from this topic.....

Iain Thomson in San Francisco, V3.co.uk, Wednesday 12 August 2009 at 02:36:00

A distributed denial of service attack has taken down
Twitter
for the second time in a week.

While the attack only stopped services for about half an hour, the outage is
still a concern and will only heighten fears that the service is under-investing
in its security systems. Twitter gave no explanation for the attack in a
blog
posting.

“We’re working to recover from a site outage and will update as we learn
more,” it said.

“Update (12:17p): We’re back up and analyzing the traffic data to determine
the nature of this attack.”

The
first
attack is now
thought
to have been the work of Russian hackers looking to silence a pro-Georgian
commentator. Since the outbreak of hostilities between the two countries there
have been
continued
online
attacks.

Graham Cluley, senior technology correspondent at
Sophos,
said: “The good news is that, unlike last week’s attacks, Twitter was back
up-and-running in about half-an-hour. So kudos to them for managing to avoid too
much disruption for millions of their users.

“However, commentators will be wondering if this is a similar attack to the
one conducted last week (in other words, a return to political hackers taking
their revenge on a Georgian blogger with views they don’t like) or a copycat who
heard how easy it was to bring down Twitter, and thought it might be “cool” to
try it for themselves.”

read more from this topic.....