Monthly Archive for June, 2009
A who's-who of more than three dozen high-tech and security experts from industry and academia is urging Google to beef up the privacy and security settings of its Gmail, Google Docs and Calendar online services. At issue is whether Google is doing enough to block hackers from hijacking a user's Webmail account or intercepting information from online documents. An increasing number of free, publicly available tools may make it simple for even novice hackers to launch such attacks. "Google's default settings put customers at risk unnecessarily. Google's services protect customers' usernames and passwords from interception and theft," said the experts, including luminaries from AT&T, PGP Corp. and top researchers from Berkeley, Harvard, MIT, Oxford and Purdue. "However, when a user composes email, documents, spreadsheets, presentations and calendar plans, this potentially sensitive content is transferred to Google's servers in the clear, allowing anyone with the right tools to steal that information."
Apple on Monday shipped updates to plug more than two dozen security holes in its version of Java, including a particularly dangerous flaw that Java maker Sun patched back in early December. Last month, Security Fix and others took Apple to task for taking too long to fix Java vulnerabilities. In fact, I found that Apple patches Java flaws on average about six months after Sun had shipped its own updates to fix the same vulnerabilities. At least two different researchers even released proof-of-concept exploits to shame Apple into quickly fixing an easy-to-exploit vulnerability that potential attackers had known about for six months. This Java update appears to address most of the outstanding Java vulnerabilities. From looking at the common vulnerabilities and exposures (CVE) numbers attached to each of the flaws fixed by Apple's Java rollup, it looks like this update brings Mac OS X systems to the equivalent of
The U.S. Justice Department today unsealed indictments against three Filipino residents accused of hacking into thousands of private telephone networks in the United States and abroad, and then selling access to those networks at call centers in Italy that advertised cheap international calls. The indictments correspond to a series of raids and arrests announced today in Italy, where authorities apprehended five men alleged to have been operating the call centers and using the profits to help finance terrorist groups in Southeast Asia. The U.S. government alleges that the individuals arrested in the Philippines were responsible for hacking so-called private branch exchange (PBX) systems -- computerized telephone switches and voice mail systems -- owned by more than 2,500 companies in the United States, Canada, Australia and Europe. The indictment alleges that between October 2005 and December 2008, Manila residents Mahmoud Nusier, Paul Michael Kwan and Nancy Gomez broke into PBX systems,
A prolific phishing gang known for using sophisticated and targeted e-mail attacks to siphon cash from small to mid-sized business bank accounts appears to be back in operation after more than a 5-month hiatus, security experts warn. From Feb. 2007 to Jan 2009, analysts at Sterling, Va., based security intelligence firm iDefense tracked 38 separate phishing campaigns from am Eastern European gang they simply call "Group A." iDefense believes this group was one of two responsible for a series of successful phishing attacks that spoofed the U.S. Better Business Bureau (BBB), the U.S. Department of Justice, the IRS, as well as Suntrust and payroll giant ADP. Last summer, authorities in Europe and Romania are thought to have arrested most members of a rival BBB phishing gang that iDefense called Group B. While the type of tricks that Group A employs once victims are hooked have grown more sophisticated, the initial
Adobe Systems Inc. on Tuesday released security updates to remedy at least 13 security flaws in its PDF Reader and Acrobat software. Updates are available for Mac and Windows versions of both programs. Last month, Adobe said it would begin rolling out security updates every three months, and yesterday was the first installment under that program, which is timed to coincide with Microsoft's Patch Tuesday in a bid to lighten the load on businesses that have to test these patches before deploying them. The latest update brings both Reader and Acrobat to version 9.1.2. Users can grab the latest versions via the updater built-in to the programs (from the menu, click "Help," then "Check for Updates") or from the links in the accompanying security advisory for this rollup.. Adobe said security updates for Adobe Reader on the UNIX platform will be available on June 16, 2009.
Microsoft Corp. issued a record-breaking number of software security updates today, shipping patches that plug at least 31 different security flaws in its Windows operating systems and other software. More than half of the security holes Microsoft plugged with June's patch batch earned a "critical," severity rating, meaning Redmond believes attackers could exploit the flaws to break into vulnerable systems without any help from the victims. What's more, Microsoft is warning that it expects to see publicly available reliable exploit code for most of the vulnerabilities it has issued patches for today. According to Symantec Corp., this is the largest number of vulnerabilities Microsoft has ever addressed in a single patch release (the previous record was set in Dec. 2008, when Microsoft issued 28 security updates in one go). Probably the most important of today's updates is a critical patch that addresses at least eight security holes in various versions
The Federal Trade Commission's unprecedented recent takedown against troubled Web hosting provider 3FN.net has had an immediate -- if little noticed -- impact on the level of spam sent worldwide, and the number of infected PCs doing the spamming, according to multiple sources. Experts say the drop in spam probably is not visible to most Internet users or even operators of large networks, as the decrease is within the upper ranges of daily fluctuations in spam volumes. Still, the preliminary results indicate that a large number of spam-spewing zombie PCs were being coordinated out of severs hosted at 3FN. According to botnet expert Joe Stewart, director of malware research at Atlanta based SecureWorks, 3FN was home to a large number of command-and-control servers for the Cutwail spam botnet, one of the world's largest. As of last week, Stewart said he was tracking upwards of 400,000 spam zombies infected with Cutwail
Social networking are contributing to an explosion in the number of services that help people convert long URLs into tiny Web links. URL shrinking services are especially useful on sites that place a premium on brevity -- such as Twitter, which limits tweets to 140 characters. But few online communities have made it easy for users to tell where the shortened links will take them, a reality that could be advantageous to phishers and other cyber crooks. When I first began researching this subject, I was amazed to learn how many URL shortening services are available today (at least 90). Also, the lack of a built-in or standardized approach to URL shortening services within individual social networking sites adds complexity to the problem. For example, many Twitter users shorten long Web links with bit.ly, but Twitter users are just as likely to see Tweets with links shortened by the services
Wireless phone giant T-Mobile said today it is investigating claims that hackers have broken in and stolen customer data and company proprietary information. On Saturday, June 6, someone anonymously posted to the Full Disclosure security mailing list claims that a broad range of internal T-Mobile data had been compromised and was being put up for sale to the highest bidder. "We have everything, their databases, confidental [sic] documents, scripts and programs from their servers, financial documents up to 2009. We already contacted with their competitors and they didn't show interest in buying their data - probably because the mails got to the wrong people - so now we are offering them for the highest bidder."
In an unprecedented move, the Federal Trade Commission has taken legal steps to shut down a Web hosting provider in Northern California that the agency says was directly involved in managing massive global spam operations. Sometime on Tuesday, more than 15,000 Web sites connected to San Jose, Calif., based Triple Fiber Network (3FN.net) went dark. 3FN's sites were disconnected after a Northern California district court judge approved an FTC request to have the company's upstream Internet providers stop routing traffic for the provider. In its civil complaint, the FTC names 3FN and its various monikers, including Pricewert LLC -- the business entity named on the 3fn.net Web site registration records. The FTC alleges that Pricewert/3FN operates as a "'rogue' or 'black hat' Internet service provider that recruits, knowingly hosts, and actively participates in the distribution of illegal, malicious, and harmful content," including botnet control servers, child pornography and rogue antivirus
