Police infected by Conflicker
by admin on Feb.03, 2010, under Uncategorized
Greater Manchester Police computers infected by Conficker virus
Greater Manchester Police disconnected from the Police National Computer since Friday
Dave Bailey
Computing, 02 Feb 2010
The Conficker virus has infected Greater Manchester Police (GMP) IT systems, necessitating their isolation from the Police National Computer (PNC) system.
PNC IT experts disconnected GMP’s system from the central database last Friday. GMP has since been asking neighbouring forces to carry out name and vehicle checks on its behalf.
Speaking to the BBC, assistant chief constable Dave Thompson said no data had been lost and that the virus was not destructive, but gave no details of whether it was a variant of the original virus.“A team of experts is now working on removing the virus, and we won’t be reconnected until we are sure there is no further threat,” said Thompson.
http://www.v3.co.uk/computing/news/2257206/greater-manchester-police
Get rid of IE6.
by admin on Feb.03, 2010, under Uncategorized
Pressure mounts to phase out Internet Explorer 6
A Downing Street petition is calling for the UK government to drop Microsoft’s Internet Explorer 6 (IE6) and move to a more modern browser.The petition says that IE6 has security flaws and uses outdated technology, creating a burden for developers.
The petition comes as the Department of Health advised the NHS to move away from the old browser.
Other government departments – and many firms – still use the software, which was first released in 2001.
“Most creative and software development companies are forced by government department clients to build websites for IE6 when most of the industry has moved on,” the petition reads.
“Upgrading would be a massive task for government, but if the public is encouraged to lead the way and the government follows, that would create the momentum needed.”
http://news.bbc.co.uk/2/hi/technology/8492862.stm
Strange SSL packets
by admin on Feb.03, 2010, under Hack Attack
http://news.zdnet.co.uk/security/0,1000000189,40018127,00.htm
Elinor Mills CNET News
Published: 02 Feb 2010 09:31 GMT
In an attempt to hide the location of its command-and-control server, the Pushdo botnet has been instructing its infected zombie computers to send fake SSL connections to major websites, a botnet expert said on Monday.
The strange traffic targeting the websites — including sites for the CIA, FBI, PayPal, Yahoo and Twitter, according to a list at the Shadow Server Foundation — was not enough to cause any outages or slowdowns, said Joe Stewart, director of malware research at SecureWorks.
Site owners “would just see weird connections that don’t seem to make sense,” he said. “They look like they’re trying to start an SSL [Secure Sockets Layer] handshake, but it comes in malformed and doesn’t ever send anything after that first handshake attempt.”
US backdoors allowed Google hack
by admin on Jan.24, 2010, under Firewall of Freedom, Hack Attack
U.S. enables Chinese hacking of Google
(CNN) — Google made headlines when it went public with the fact that Chinese hackers had penetrated some of its services, such as Gmail, in a politically motivated attempt at intelligence gathering. The news here isn’t that Chinese hackers engage in these activities or that their attempts are technically sophisticated — we knew that already — it’s that the U.S. government inadvertently aided the hackers.In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access.
http://www.cnn.com/2010/OPINION/01/23/schneier.google.hacking/index.html?hpt=T2
Keep the Internet free! China “Shut up US.”
by admin on Jan.23, 2010, under Firewall of Freedom
China to US: shut up about “so-called Internet freedom”
In the wake of Secretary of State Hillary Clinton’s major speech yesterday on Internet freedom, a speech in which she called out countries like Egypt, Uzbekistan, Vietnam, Iran, and China, most governments have yet to respond. China, however, was quick to reply after dealing with the Google issue for a week already.
Here’s what has happened in 24 turbulent hours.
Wide open. It didn’t take China long to respond to Clinton’s call to tear down the Great Firewall. China’s official news agency Xinhua summed up the government response in its headline: “China urges US to stop accusations on so-called Internet freedom.”
Why “so-called”? Because the Chinese Internet is open. Wide open.
“China urged the United States to respect facts and stop unreasonable accusations on China in the name of so-called Internet freedom,” said the article. It then quoted a Foreign Ministry spokesperson as saying, “The US side had criticized China’s policies on Internet administration, alluding that China restricts Internet freedom. We firmly oppose such words and deeds, which were against the facts and would harm the China-US relations.”
It’s constitutional. The Chinese constitution protects freedom of speech, he added—which it does, along with freedom of the press, of association, of religion, of demonstration, and freedom to criticize the government. The constitution also notes that “work is the glorious duty of every able-bodied citizen.”
http://arstechnica.com/tech-policy/news/2010/01/china-to-us-stop-accusations-on-so-called-internet-freedom.ars
TSA screener plants white powder in a suitcase
by admin on Jan.23, 2010, under User Error
TSA screener plants powder baggie in flier’s luggage
Not everyone gets the joke
By Dan Goodin • Get more from this author
Posted in Security, 22nd January 2010 18:17 GMT
A screener for the US Transportation Security Administration lost his job after pretending to plant a plastic bag of white powder in the carry-on luggage of a passenger at the Philadelphia International Airport.
Rebecca Solomon was flying to Detroit on Northwest Airlines, the same city and carrier involved in the attempted underwear bombing on Christmas, according to The Philadelphia Inquirer’s Philly.com. After passing through a detector, the unidentified TSA worker motioned the 22-year-old passenger toward him, presented the plastic baggie and asked “Where did you get it?”
After about 20 seconds, the screener smiled and admitted that it was all a joke. But supervisors aren’t laughing. A TSA spokeswoman called the behavior “highly inappropriate and unprofessional” and said the man is no longer employed with the agency.
http://www.theregister.co.uk/2010/01/22/tsa_screener_joke/
Twitter gets rid of flash updates over flaw
by admin on Jan.23, 2010, under Flawed Programs
Twitter cuts feature on site over security flaw
BOSTON (Reuters) – Twitter has temporarily disabled one of the features on its website after a security researcher warned of a programing flaw that left the login credentials of its users vulnerable to hackers.
Twitter co-founder Biz Stone said in an email that the company had temporarily cut off access to a feature that lets users display Twitter updates on their websites by using Flash technology.“Our team has disabled the Flash widget while we look into the problem,” Stone said.
Mike Bailey, a senior security analyst with Foreground Security of Orlando, Florida, said that the problem exploits a widely known vulnerability in Adobe Systems Inc’s Flash programing language.
Adobe has told programmers how to address the vulnerability, which was first discovered in 2006, Bailey added, but noted the operators of many websites have failed to respond to those warnings.
The microblogging site’s huge popularity has made it a prime target for hackers looking to spread malicious software to Twitter’s millions of users.
http://www.reuters.com/article/idUSTRE60L4AD20100122?type=technologyNews
What is the most popular password?
by admin on Jan.23, 2010, under User Error
And the most popular password is…
It is “123456,” based on the analysis of 32 million breached passwords, obtained from last month’s RockYou.com server breach, from which researchers from Imperva were able to analyze the insecure practices used by millions of users when choosing their passwords.What did their analysis conclude? Short passwords, lack of lower-capital-numeric characters mix, and trivial dictionary words, which every decent brute forcing/password recovery application can find out in a matter of minutes.
Key findings include:
* In just 110 attempts, a hacker will typically gain access to one new account on every second or a mere 17 minutes to break into 1000 accounts
* About 30% of users chose passwords whose length is equal or below six characters
* Moreover, almost 60% of users chose their passwords from a limited set of alpha-numeric characters
* Nearly 50% of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on). The most common password among Rockyou.com account owners is “123456”http://blogs.zdnet.com/security/?p=5325&tag=content;col2
RealPlayer has 11 critical vulnerabilities
by admin on Jan.23, 2010, under Flawed Programs
RealPlayer haunted by 11 critical vulnerabilities
A quick heads-up to any computer users out with RealPlayer installed: There are at least 11 critical vulnerabilities that expose Windows, Mac and Linux users to malicious hacker attacks.RealNetworks released an advisory to warn of the vulnerabilities, which could be exploited via rigged image and media files to launch remote code execution attacks.
The vulnerabilities also affect some versions of the Helix Player for Linux.
Here are the details from the RealNetworks alert:1. A heap overflow error when processing a malformed ASM Rulebook, which could be exploited to execute arbitrary code.
2. A heap overflow error when processing a malformed GIF file, which could be exploited to execute arbitrary code.
3. A buffer overflow error when processing a malformed media file, which could be exploited to execute arbitrary code.
4. A buffer overflow error when processing a malformed IVR file, which could be exploited to execute arbitrary code.
5. A heap overflow error when processing a malformed IVR file, which could be exploited to execute arbitrary code.
http://blogs.zdnet.com/security/?p=5344&tag=col1;post-5344
Tor exit nodes hacked
by admin on Jan.23, 2010, under Uncategorized
Tor software updated after hackers crack into systems
Miscreants remain anonymous
By John Leyden • Get more from this author
Posted in Enterprise Security, 22nd January 2010 13:46 GMT
Privacy-conscious users of the Tor anonymiser network have been urged to upgrade their software, following the discovery of a security breach.
Two of seven directory authorities and a metrics data server were compromised in a hack discovered earlier this month, Tor developer Roger Dingledine explains. The three servers were taken offline and refurbished following the hack.
Fresh identity keys for the two directory authorities hit by the hack were created during the refurbishment process. Users should therefore update to either Tor version 0.2.1.22 or 0.2.2.7-alpha, so that they can use the refurbished servers as conduits for sensitive traffic.Project volunteers have taken steps to harden systems and prevent a repetition of the hack, the significance of which has been downplayed. Attackers reportedly used Tor’s systems solely as a launchpad for other attacks, without realising that the same servers also hosted Tor code depositories. These were left unaffected by the breach.
“It appears the attackers didn’t realize what they broke into – just that they had found some servers with lots of bandwidth,” Dingledine explains. “The attackers set up some ssh keys and proceeded to use the three servers for launching other attacks.”
http://www.theregister.co.uk/2010/01/22/tor_security_update/
Kind of ironic that a network that provides such a great platform to lauch attacks, becomes a target for such a hack attack.
