22:39 Conference: RSA Conference 2009Then RSA Conference 2009 is your information security event. As the information security field continues to grow in importance and influence, RSA Conference plays an integral role in educating and con... >>>
22:29 Cyber terrorists to face death penalty in PakistanAccording to a recently signed “Prevention of Electronic Crimes Ordinance 2008” in Pakistan, any person who commits cyberterrorism causing the death of other people will face death penalty or life imprisonment :
“Whoever commits the offence of cyber terrorism and causes death of any person shall be punishable with death or imprisonment for life, and with [...] >>>
Four months after researchers warned of a nasty design flaw in the net's address lookup system, more than 10 per cent of the servers used to resolve domain names on the internet remain "trivially vulnerable" to attack, a new study concludes.
20:58 Memoryze utility pinpoints malware code in live memoryJamie Butler, a Windows internals expert who co-wrote the definitive book on rootkits, has created a free forensics tool capable of finding malicious code in live memory.
The utility, called Mandiant Memoryze, was released at this year’s Hack in the Box conference in Kuala Lumpur, Malaysia.
Memoryze is a free memory analysis tool that can acquire physical [...] >>>
18:30 CNET Download.com not so spyware-freeOn its home page, CNET’s Download.com promises that all software available on the site “has been tested to ensure it’s 100% free of spyware, viruses, and other malware.” Unfortunately, there appears to be a kink in the system that allows the display of a known adware program called AntiVirus Defender.
According to malware researchers [...] >>>
18:25 Koobface Facebook worm still spreadingOriginally spreading since July, the Koobface worm remains active according to a recent security alert issued by Websense :
“The email reveals that infected user accounts are being used to post messages to Facebook friends lists. The content was an enticing message with a link that used a Facebook open redirector. When recipients click the link, [...] >>>
16:56 IT Horror StoriesCongratulations to Jason, the winner of the free pass to CSI. Here’s his story about how a minor change to a script almost caused a major disaster. I have my own war story about scripts I’ll share later this week. Here’s a hint: Always make sure you’re in the proper directory when running your scripts.
This [...] >>>
Visa cards with a built in one-time code generator are to be trialled by four European banks. The technology is designed to tackle the growing problem of online credit card fraud.
13:53 Zeus Crimeware Kit Gets a Carding LayoutWith cybercriminals clearly expressing their nostalgia for several notorious and already shut down credit card fraud communities, they seem to have found a way to once again give their self-esteem a boost. Following the ongoing modification of open source crimeware kits and the inevitable innovation introduced by third parties, last week a new layout was introduced for Zeus, once again courtesy of a group that's piggybacking on Zeus popularity.
It's particularly interesting to see how a one-man operation evolves into a group of third-party developers starting to claim ownership rights over the modified versions despite that they're basically brandjacking the Zeus brand and building business models on the top of it.
Open source crimeware and web malware exploitation kits on the other hand undermine the business model of a great number of "malware/spyware for hire" vendors, which surprisingly doesn't stop them from continuing offering their services and products which are often using the de facto crimeware kits as the foundations for their propositions. Are the buyers even aware of this fact? From a buyer's perspective in times when most of the output is sold in bulk form, or access to the botnet rented for a specific period of time, the buyer doesn't care about the cybercrime platform of use, but is looking for transparent ways to justify the investment he's made into renting the service.
Now that Zeus administrators and their cybercrime clerks in the face of those managing the campaigns knowingly or unknowingly knowing the type of campaigns and the data that they manage, can listen to their favorite music within Zeus and choose different layouts for the command and control interfaces while commiting cybercrime, what's next?
Never lose notebook data again. Not if you have a Dell notebook: the company is producing self-encrypting laptops with Seagate encrypting drives and McAfee security software.
Aspidistra was a World War II man-in-the-middle attack. The vulnerability that made it possible was that German broadcast stations were mostly broadcasting the same content from a central source; but during air raids, transmitters in the target area were switched off to prevent them being used for radio direction-finding of the target.
The exploit involved the very powerful (500KW) Aspidistra transmitter, coupled to a directional antenna farm. With that power, they could make it sound like a local station in the target area.
With a staff of fake announcers, a fake German band, and recordings of recent speeches from high-ranking Nazis, they would smoothly switch from merely relaying the German network to emulating it with their own staff. They could then make modifications to news broadcasts, occasionally creating panic and confusion.
German transmitters were switched off during air raids, to prevent them from being used as navigational aids for bombers. But many were connected into a network and broadcast the same content. When a targeted transmitter switched off, Aspidistra began transmitting on their original frequency, initially retransmitting the German network broadcast as received from a still-active station. As a deception, false content and pro-Allied propaganda would be inserted into the broadcast. The first such "intrusion" was carried out on March 25, 1945, as shown in the operations order at the right.
On March 30, 1945, "Aspidistra" intruded into the Berlin and Hamburg frequencies warning that the Allies were trying to spread confusion by sending false telephone messages from occupied towns to unoccupied towns. On April 8, 1945, "Aspidistra" intruded into the Hamburg and Leipzig channels to warn of forged banknotes in circulation. On April 9, 1945, there were announcements encouraging people to evacuate to seven bomb-free zones in central and southern Germany. All these announcements were false.
The German radio network tried announcing "The enemy is broadcasting counterfeit instructions on our frequencies. Do not be misled by them. Here is an official announcement of the Reich authority." The Aspidistra station made similar announcements, to cause confusion and make the official messages ineffective.
