Computer Internet network security News

Powerpoint contained serious flaws but Microsoft has released patches to fix them. The fix is for only office suite windows version.  Microsoft reported that there were many vulnerabilities reported and all are fixing one by one. The flaws already gave room to hackers to exploit.

The patch removes the ability to convert PowerPoint 4 files, which have effectively been disused since Office 2003, Microsoft said. The fix is only for microsoft sofar, later the mac fix will be released alng with xml file format converter.

Microsoft advises to use powerpoint carefully and force the files disable which are seem to be affected. It is much better to open files of powerpoint in isolation.

Microsoft security hackers, powerpoint security, Vulnerabilities

A report from warfair stated that a special group of hackers manage to intrude the systems of 130 countries governement and private organizations. The hackers managed to get the private information. Tibettian Dalai Lama office is one of them who was victimized by hackers.

Ghost net spy network is the name of the group who were busy in hacking the systems of Asian governments offices and some others. The embassis and high commissions were the most victim of that group. The detail of the report will be available soon. This study was conducted in Canada with the the help of two cambridge university analysts.

News china hacker, hackers

Microsoft admit security flaws in internet explorer 8.00 which give room to hackers to exploit the browser. IE was just lauhed last thursday and hackers turn their guns towards it.

The good part of microsoft is that the team responded quikly in 12 hours to resolve the issue. The patches will be issued soon to rectify the loophole. 

Terri Forslof, Security Manager at security firm TippingPoint, who was present at the event, “MSRC…let me know that they had reproduced and validated [the Internet Explorer 8] vulnerability discovered by the mysterious Nils.”

Forslof won’t say what the security flaw is, but it’s bad news for Internet Explorer 8, which Microsoft has been touting as super secure. We’ll shout up if and when Microsoft rolls out a patch for Internet Explorer 8. Given its promptness identifying the flaw, fingers crossed it won’t be long.

Microsoft security, News hackers, ie 8.00 security, Microsoft security

The grid technology needs to take security measures in order to prevent them from being exploit by hackers. The new smart grid station technology is being run through applications which are expose to hackers.

IOActive, provider of application security and risk management services, said in a report that digital smart grid technologies, designed to allow for increased efficiency and reliability, are vulnerable to common cyberattacks, such as malicious code, buffer overflows and protocol tampering. 

That means products such as smart meters, which can be connected to appliances and enable two-way communication between homes and the utility companies, could provide entryways for malicious individuals — resulting in extortion attempts or even blackouts. 

“It increases the attack surface,” said Josh Pennell, IOActive’s president and CEO. “Something that used to be behind lock and key is open to the American public. You are encouraged to participate, in fact.”

But Pennell said smart grid manufacturers may not be thinking about security.

“It’s first to market wins,” he said. “They’ll deal with security later.”

Computer hacking, News grid station, hackers, smart technology

Hackers are always busy in exploiting web applications,  the IE 8.00 just has been launched and hackers already turned their guns towards IE 8.00. Recently the vulnerabilty was see and  already reproduced and validated the IE8 vulnerability in less than 12 hours by Microsoft. It is good to see that Microsoft fixed the vulnerability instantly. The new security patch will be released soon.

This will be ongoing game between hackers and IE developers in which the hackers will exploit and the security personnel in Microsoft will rectify. Actually the hackers are a big source of research and devlopment in online security. They always busy in finding loop holes to exploit to give a chance for organiztions to develop more secure applications which comply the security standards along with new features.

Computer hacking, News hackers, ie 8.00. internet explorer 8, security exploit

The spammers have managed to exploit unpatched the vulnerabilities in Firefox and IE browser on ebay site on bidding section where people go for online auctions.

The ebay has managed to block the malicious code from its site ottherwise the damages may go deep. Firefox people are on the way to develop patch while Micrososft reject any vulnerability by saying its site issue which fail to protect the site properly.

The hackers pull off  an XSS, or cross-site scripting while attack that injected forbidden javascript elements stored on third-party websites, which allowed the eBay pages to contain outside email links and other unauthorized code while still evading toolbars designed to detect fraudulent listings.

News ebay security, hackers, security patch

Both Flash and Ajax contain known potential security holes. Nevertheless, developers rely on them for building an interactive Web presence. IBM has added AppScan to its Rational tools line to in a bid to cope with new vulnerabilities.Rational AppScan can both scan and continuously monitor interactive Web applications and SOA services built as Web services to spot potential exposures.

MySpace hackers have in the past planted Ajax code in fields meant to be links, causing the code to run in an unsuspecting user’s browser when the link is clicked, a practice known as cross-site scripting. Likewise, manipulative users can submit SQL commands where a value is sought for a database process, and the database, running the command, produces unanticipated results, a vulnerability known as SQL injection. AppScan can watch for such activity and alert administrators if it’s spotted, said Scott Hebner, Rational’s VP of marketing.

More at http://www.informationweek.com/news/

Ajax security flash, hackers, myspace

Hackers have blown the whistle on banking fees – in a report banks hoped to keep buried.

The Competition Commission, the authors of the 590-page report, had originally blacked out certain sections, which banks claimed were confidential.

The commission has now opened a criminal case against Wikileaks, a website dedicated to exposing “unethical behaviour in governments or institutions”. 

The Technical Report of the Banking Enquiry, concluded in June last year, was the result of a 22-month inquiry into South African banking, particularly the big four: Absa, Standard Bank, Nedbank 

An intergovernmental task team is expected to be formed soon to look at recommendations by the Competition Commission to reform South African banks.

“This report is important as it might explain why banking fees are so extremely high,” explained Wikileaks on its website.

More at http://www.iol.co.za/

News bank security, hackers

The Financial Times has reported that the White House computer network had been hacked into several times by computer experts from China and managed to obtain email communications between government officials on key issues.

It would be fairly difficult to pinpoint exactly who is behind the attack, but the nature of the hack and the target leaves almost no doubt as to the sponsors of the attack.

The attacks took place in the recent months and was detected by the National Cyber Investigative Joint Task Force, a unit that was established only last year, in a bid to tackle the threat of Cyber security.

Although, it seems that the hackers only had access to non-classified governmental data, observers say that it could still be valuable if Chinese Intelligence expert use the “grain of sands” strategy, which tries to extract secondary data from seemingly innocuous primary data.

SCMagazine goes as far as saying that the US could be losing the Cyberspace Race, quoting one security CEO.

Still, this could be a series of tests ran by the hackers as part of a more elaborate strategy to stress the US computer defences.

News hackers, online security

Computer systems used by the Obama and McCain campaigns were reportedly hacked by an unknown “foreign entity,” according to an account of the attacks published Wednesday.

Tech experts at the Obama headquarters initially believed that the computer systems had been invaded by a computer virus. The next day, however, they were told by the FBI and Secret Service that the problem was far more serious, the magazine reported.”You have a problem way bigger than what you understand,” an agent told Obama’s team, according to Newsweek. “You have been compromised, and a serious amount of files have been loaded off your system.”

Federal agents told Obama’s aides that the McCain campaign had suffered a similar attack, which a top McCain official later confirmed to Newsweek.

Meanwhile, Newsweek also learned that the lavish shopping spree of McCain running mate Alaska Gov. Sarah Palin was more extensive than previously reported. The buying spree tainted the vice presidential nominee’s campaign image as an everyday woman sympathetic with the plight of the working class.

While McCain’s top advisers publicly supported Palin, behind the scenes they fumed at her behavior, the magazine said. Instead of buying just three suits and hiring a stylist, as instructed, she bought clothes and accessories for herself and her family at high-end stores, such as Saks Fifth Avenue and Neiman Marcus.

One McCain campaign aid estimated that Palin spent “tens of thousands” of dollars more than the reported $150,000, the magazine said. Another aide described the shopping spree as “Wasilla hillbillies looting Neiman Marcus from coast to coast.” Wasilla is the Alaskan town where Palin served as mayor before becoming governor.

News Computer hacking, hackers

XML firewalls generally protect Web services while residing in the DMZ between the hostile Internet and protected services. It is from this location they provide security policy enforcement for Web services and XML messages. To enforce security policy, the XML firewall validates message source, reads and modifies message headers, inspects the message content and validates message elements/attributes to enforce fine-grained security policies. Just as traditional firewalls protect the private IP addresses and ports from hackers, the XML firewall protects the Web service listener, XML parser and Web service application from a variety of attacks.

One such attack that traditional firewalls offer no protection against is an XML message-based denial-of-service attack. The attack involves sending extremely large messages or overflowing values of message fields. A malicious user can exhaust XML parser resources and thereby create a denial-of-service condition. It is also possible to launch SQL injection attacks against Web services by inserting SQL commands into the XML messages.

The XML firewall counters these threats by intercepting the XML messages and inspecting them before they get forwarded to the Web service applications. This is done with a high performance parsing engine that applies a message security policy, as well as heuristics that learn the characteristics of messages common to the Web service application. For example, if a Web service application receives messages no greater than 100 KB in size for a period of time and suddenly a 900 KB message is received, the XML firewall can take a variety of admin-prescribed actions, including dropping the message and alerting the admin.

xml security Computer firewall, hackers, xml security

The Federal Trade Commission urged Internet users to be on guard against e-mails that look as if they come from a financial institution that recently acquired a consumer’s bank, savings and loan, or mortgage.

“In fact, these messages may be from ‘phishers’ looking to use personal information — account numbers, passwords, Social Security numbers — to run up bills or commit other crimes in a consumer’s name,” the FTC said.

Security firm Arbor Networks details two recent malware attacks that try to trick recipients into opening an e-mail attachment. One e-mail, claiming to have been sent by the Federal Deposit Insurance Corp., warns recipients that their bank accounts were involved in fraudulent activity. The attached file, disguised as a written account of that activity, is in fact a program designed to swipe passwords from the victim’s PC.

Another e-mail making the rounds, according to Arbor senior security researcher Jose Nazario, appears to come from Wachovia, which is slated to be acquired by Wells Fargo. The message tells recipients they need to install a special security certificate into their Web browser in order to do online banking with the new institution. The attached cert in question is, of course, more malware.

Phishers also are capitalizing on the banking crisis. Phishtank.com, a community-based effort to verify and track phishing Web sites, found this recent phish, which tries to convince Citibank customers to enter their account details at a fake Citibank Web site. This cleverly worded phish promises customers concerned about keeping their assets in U.S. banks “the option to have your account moved on our servers abroad.”

Because we value you as our customer and share your concerns about your financial assets, we now offer you the option to have your account moved on our servers abroad. This will prevent any financial loss from your account in case the U.S. financial system collapses. This option is free of charge. After successfully completing the required steps, your account will be moved on our new servers located abroad. You won’t feel any negative impact of account movement and you won’t have any problems accessing your money from anywhere in the world.

No doubt, people who fall for this scam will have their funds transferred abroad: straight into bank accounts controlled by organized criminals.

I think it’s fair to assume we can expect attacks exploiting public concern over the banking sector to continue and even increase in their sophistication. Remember, not all e-mail-based phishing and malware attacks are alike: Scammers also are using very targeted techniques, addressing recipients by name and including other details that can increase the apparent authenticity of the come-ons.

Remember, never click on or open attachments in e-mails that you weren’t expecting, even if they appear to come from someone you know. Also, banks should never ask for any personal information via e-mail, and I’m not aware of a single legitimate instance of a bank asking customers to install anything on their computers.

More at Washington post

News hackers, Phishing, virus