23:26 Google and T-Mobile push patch for Android security flawDuring the weekend, Google and T-Mobile pushed a patch fixing last week’s disclosed security flaw affecting Google’s Android. The flaw and the PoC were communicated to Google on October 20th, with the vulnerability itself made possible due to Android’s use of outdated third-party software packages.
“Users of the G1 Android phone on Friday have begun receiving [...] >>>
An IT manager was sentenced to a year and a day in prison for hacking into his former employer's computer system and opening its mail server to the public.
USA '08 People in at least seven states - six of them considered battleground states - are reporting that bugs and malfunctions with electronic voting machines are hampering their ability to cast votes in a presidential election that is expected to bring out a record number of voters.
20:42 MS08-067 worms squirming in the wildFirst came Microsoft’s emergency patch. Then the public release of reliable exploit code. Now, virus hunters are reporting two new in-the-wild worms exploiting the critical MS08-067 vulnerability.
The worms, intercepted on Chinese-language versions of Windows, are being used to install a Trojan downloader, a denial-of-service bot and a rootkit to maintain stealthy presence on infected machines.
[ [...] >>>
19:03 Heads up: Patch your Adobe Reader now(See important update below for information on patching this vulnerability).
Heads up for Windows users: There’s a critical, remotely exploitable vulnerability in Adobe Acrobat/Reader version 8.
According to an advisory from Core Security, Adobe Reader suffers from a stack buffer overflow when parsing specially crafted (invalid) PDF files. The flaw could be [...] >>>
Barack Obama is ahead not only in the polls but where it counts the most - in spam messages. However, his presidential rival John McCain can claim his own guaranteed enlarged small victory.
17:36 E-voting GlossaryIf you’re wondering what some of the acronyms around electronic voting mean, here’s a glossary of terms for you. I know I learned a couple of new terms by reading it.
Thanks to digiphile on Twitter. >>>
Dozens of amateur and professional cryptographers signed up last week for the United States' first open competition to create a secure algorithm for generating hashes - the digital fingerprints widely used in a variety of security functions.
15:19 Network Security Podcast, Episode 126This is a special Get Out and Vote episode. Rich is in Russia of all places and Martin is on the road most of today, so this episode was recorded on October 31, 2008, Halloween. And there isn’t much scarier today than Direct Recording Electronic (DRE) voting machines. That might make a good costume next [...] >>>
09:01 Will e-voting machines tilt the election?Unless you have been living under a rock for the past 24 months, you should be well aware that tomorrow millions of Americans will be going to the polls to select their representative, one-third of their senators, and the next president. In general, Americans have become wary of the election process ever since the [...] >>>
An Ohio man has admitted heading a conspiracy that netted more than $1m by using phony Universal Product Code labels to acquire store merchandise and then selling the booty on eBay.
An Ohio man has admitted heading a conspiracy that netted more than $1m by using phony Universal Product Code labels to acquire store merchandise and then selling the booty on eBay.
Hundreds of thousands of webpages belonging to businesses, government agencies, and schools have been infiltrated by scammers pushing Viagra, Tadalafil, and other drugs. The towns of Birmingham and Horwich in the UK and Princeton University in the US are among those who have been hacked.
People have been sending me this paper that "proves" that P != NP. These sorts of papers make the rounds regularly, and my advice is to not pay attention to any of them. G.J. Woeginger keeps a list of these papers -- he has 43 so far -- and points out:
The following paragraphs list many papers that try to contribute to the P-versus-NP question. Among all these papers, there is only a single paper that has appeared in a peer-reviewed journal, that has thoroughly been verified by the experts in the area, and whose correctness is accepted by the general research community: The paper by Mihalis Yannakakis. (And this paper does not settle the P-versus-NP question, but "just" shows that a certain approach to settling this question will never work out.)
Of course, there's a million-dollar prize for resolving the question -- so expect the flawed proofs to continue.
This morning, we released the latest version of the Microsoft Security Intelligence Report (SIRv5), examining industry-wide software vulnerability disclosures, Microsoft vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software.
I am one of the primary contributors to the SIRs, so naturally I think you should download it immediately and read it cover to cover ;-) However, I understand that some of you may not wish to read a 150 page technical analysis document, except as a way to fight off insomnia.
Because of that, if you go over to the main SIR page at www.microsoft.com/sir, there is also a "Key Findings" document that is only 18 pages long and provides a nice summary of the findings from each section.
For my section, on Industry and Microsoft vulnerability disclosures, I'll be posting up some brief PowerPoint screencasts over the next few days where I'll talk through my findings while showing some pretty graphs.
What these domains have in common, excluding the last two WinDefender ones, is the domain registrant, the DNS servers used, and that despite the fact that it has already been featured in several malicious doorways, meaning these are receiving traffic already, they forgot to upload the binaries on all of the active domains :
"Not Found. The requested URL /2009/download/trial/A9installer_.exe was not found on this server."
Registrant:
Vladimir Polilov
Email: gpdomains@yahoo.com
Organization: Private person
Address: ul. Bauma 13-76
City: Moskva
State: Moskovskaya oblast
ZIP: 112621
Country: RU
Phone: +7.9031609536
DNS servers used - ns1.freefastdns.com; ns2.freefastdns.com
Moreover, the following domains are also parked at the same IPs, but are currently in stand-by mode, yet they're also using the same DNS servers with the only difference in the registrant who seems to have been running a very extensive portfolio of bogus domains, potentially making hundreds of thousands in the process :
The sampled WinDefender binaries phone back to megauplinkbindinstaller .com/cfg1.php (91.203.92.99) with the entire netblock clearly a bad neighborhood. Here are some sample command and control locations :
