23:57 Article: Lavasoft and the antispyware industryIn this video, Lavasoft CEO Jason King offers a brief history of Lavasoft and its role in the antispyware industry, the growth of the company, the shift in the marketplace as well as details on the ne... >>>
Craigslist's free-wheeling red-light district is about to get a lot tamer under strict new measures announced Thursday designed to rein in prostitution and other illegal services.
With the recent release of v5 of the Security Intelligence Report, I decided to produce a couple of webcast videos where I present my findings to you directly in a brief presentation. In this first one, I go over the industry-wide trends.
22:50 Patch Tuesday heads up: Critical Windows, Office fixes comingMicrosoft is planning a small Patch Tuesday this month — just two bulletins affecting Windows and Office users.
According to the company’s advance notice mechanism, one of the two bulletins will be rated “critical” and will address flaws that could lead to remote code execution attacks. The second update, rated “important,” applies to all versions [...] >>>
Two traffic engineers for the City of Los Angeles have admitted they illegally disrupted the computer system that controls traffic lights just prior to a 2006 union action related to contract negotiations with the city.
Two traffic engineers for the City of Los Angeles have admitted they illegally disrupted the computer system that controls traffic lights just prior to a 2006 union action related to contract negotiations with the city.
20:17 Off the wire: The soft risks of social networkingSoft risks are always part of the equation of the return on investment for a product or piece of software. Soft risks are usually nebulous, incalculable costs that are not necessarily directly related... >>>
20:16 WPA Wi-Fi encryption (partially) crackedRob McMillan at IDG has the scoop on new research that shows it’s possible to partially crack the WPA (Wi-Fi Protected Access) encryption standard.
Full details of the theoretical attack is not yet known but McMillan reports that two security researchers — Erik Tews and Martin Beck — plan to discuss the issue at next week’s [...] >>>
I wanted to let you know that we just posted our Advance Notification for next weeks bulletin release which will occur on Tuesday, Nov. 11, 2008 around 10 a.m. Pacific Standard Time.
It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.
As part of our regularly scheduled bulletin release, were currently planning to release two security bulletins:
One Microsoft Security Bulletin affecting Microsoft Windows/Microsoft Office rated as Critical, and one affecting Windows rated as Important. These updates may require a restart and will be detectable using the Microsoft Baseline Security Analyzer.
As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated.
We are also planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS). For additional information, please see the Other Information section of the Advanced Notification.
As always, well be holding the November edition of the monthly security bulletin webcast on Wednesday, Nov. 12, 2008 at 11 a.m., Pacific Standard Time. We will review this months release and take your questions live on-air with answers from our panel of experts. As a friendly reminder, if you cant make the live webcast, you can listen to it on-demand as well at the same URL. In addition, well also be posting the text of the questions and answers from each months webcast. You can see a full listing of the posted questions and answers on this page.
19:40 Nessus Beta plugin for PCI complianceIf you’re already using Nessus and you need an internal scanning engine for PCI compliance, then you need to be checking out the three new PCI-DSS plugins that the folks over at Tenable have created. These are still beta and should not be treated as proof of compliance yet, but they’ll still give you a [...] >>>
Spammers have upped the ante in their bid to tap into interest created by the US presidential election this week to punt penis pills other assorted pharmaceutical tat.
16:57 Feedburner dropped 1500 subscribersIf you haven’t seen anything from me lately, it’s not me, it’s not you, it’s Feedburner. About two weeks ago my Feedburner stats dropped by a little over 1/3 of my total readership. This has happened before, but usually a day or two later they all come back. Not this time though, they’ve remained stubbornly [...] >>>
16:37 Adobe updates Flash Player 9 to fix six security holesAdobe has slapped another band-aid on its ever-present Flash Player to cover at least six documented security vulnerabilities that could expose users to a wide range of hacker attacks.
The patch, rated “critical” by Adobe, affects Flash Player 9.0.124.0 on all platforms. Adobe is recommending that users upgrade immediately to Flash Player 10.
The skinny on the [...] >>>
Fraudsters have set up a fake site featuring a backdoored version of the WordPress blogging application as part of a sophisticated malware-based attack.
16:29 Fake WordPress site distributing backdoored releaseCan you find five differences between these two sites? Wordpresz.org may indeed look like WordPress.org, but the 2.6.4 release it’s distributing is on purposely backdoored in order to steal the content of cookies from those who have installed it, potentially leading to to hijacking of their WordPress blogging platforms for malicious purposes. Not only is [...] >>>
16:00 WPA broken?I know I’m cynical, but when I start seeing headlines about this encryption technology or that wireless technology being broken, I have to wonder if it really is or if just a small portion of it was cracked. After all, it was reported a few weeks ago that Elcomsoft had broken WPA, but when George [...] >>>
14:31 DIY Phishing Pages With Command and Control InterfacesThe day when DIY phishing pages start coming with manuals is the day when consciously or subconsciously a phisher is lowering down the entry barriers into phishing for yet another time. A much more user-friendly compared to the old-fashioned -- yet effective -- rock phish directory listing, a recently released command and control interface for Rapidshare phishing campaigns aims to empower its users with easy dynamic link generation for their campaigns.
What they've managed to achieve is another trust factor since Rapidshare generates a second dynamic link upon clicking on the original one. The script not only generates a dynamically looking link, but also, actually logs in the victim into their account in order to avoid suspicion whereas it still logs all the accounting data.
Scammers also tend to be ironic every then and now. For instance, in this particular case, one of the users finds it ironic that the Rapidshare phishing page is hosted at Rapidshare itself. Is the script actually working? It appears so at least going through a misconfigured accounting data dump left by one of the phishers.
Hi, this is Christopher Budd. Weve been getting some questions from customers this week asking if weve seen any changes in the threat environment around MS08-067. We do have some information that we can share so I wanted to pass that along.
Most importantly, we continue to see strong deployments of MS08-067. Were glad that customers have moved as quickly as they have to download, test and deploy the update. That said, we continue to urge customers who havent yet deployed the update to do so.
We have seen some new pieces of malware attempting to exploit this vulnerability this week. And while so far, none of these attacks are the broad, fast-moving, self-replicating attacks people usually think of when they hear the word worm, they do underscore the importance of deploying this update if you havent already.
My colleagues over in the Microsoft Malware Protection Center (MMPC) have provided write ups on the new pieces of malware weve seen this week and have included signatures to help protect against these.
Again, none of these are broad, fast-moving, self-replicating attacks. Theyre similar to the original attacks we detected, in that they focus on loading malware onto vulnerable system. Theyre also similar in that the overall scope of these attacks is very limited. The largest of these attacks are those associated with Clort family and weve seen well below fifty attacks worldwide.
Overall the threat environment remains similar to what it was last Monday when we released Microsoft Security Advisory 958963. The publically available exploit code has resulted in limited malware attacks seeking to exploit the vulnerability. This is in-line with what Mike said we should expect last week. We expect well continue to see new pieces of malware over the coming days and weeks, and our colleagues over in the MMPC will continue to add write-ups and signatures for them.
Well continue to watch and update you of any important new developments.
Thanks
Christopher
*This posting is provided "AS IS" with no warranties, and confers no rights*
The Indian police are having trouble with SIM card cloning:
Police had no idea that one SIM card could be used simultaneously from two handsets before the detention of Nazir Ahmed for interrogation. Nazir was picked up from Morigaon after an SMS from his mobile number in the name of ISF-IM claimed responsibility for Thursday's blasts in Assam.
Nazir had a Reliance connection and an Eve handset. Each handset of this particular model has a unique International Mobile Equipment Identity (IMEI) number. Cops found that two IMEI numbers were using the same SIM. Accordingly there were two record sheets of calls and SMSes from Nazir's mobile number. The record of the SMS to the media was found in only one sheet, which forced police to believe that Nazir's SIM might have been cloned and someone else was using the duplicate card, with or without the owner's knowledge.
"We stumbled upon this technological surprise that Nazir Ahmed's SIM card was used in two handsets," Assam IG (Law and Order) Bhaskarjyoti Mahanta said.
So far, not that interesting. There are lots of vulnerabilities in technological systems, and it's generally a race between the good guys and the bad guys to see who finds them first. It's the last sentence of this article that's significant:
The experts said no one has actually done any research on SIM card cloning because the activity is illegal in the country.
If the good guys can't even participate, the bad guys will always win.
Malware purveyors have wasted no time capitalizing on Barack Obama's landslide victory in the US presidential race. Within 12 hours of his acceptance speech Tuesday night, net users were being treated to scams involving Google AdWords and prodigious volumes of spam.
00:49 Off the wire: IPv6 in LinuxThis article discusses the advantages of IPv6, which in addition to a larger address space promises to increase standby time in devices, and improve performance in routers. >>>
00:42 Off the wire: Critical vulnerability in Adobe ReaderCore Security Technologies issued an advisory disclosing a vulnerability that could affect millions of individuals and businesses using Adobes Reader PDF file viewing software. Engineers from CoreLab... >>>
