Computer Internet network security News

An Italian security researcher has posted a proof-of-concept exploit for a zero-day vulnerability in the most current version of Apple’s QuickTime media software (7.3.1).Luigi Auriemma, noted among other things for discovering a vulnerability in the Unreal Engine in 2004, on Thursday posted details about producing a buffer overflow error in QuickTime. Buffer overflows can often be exploited by attackers to compromise the affected system.

“The bug is a buffer-overflow and the return address can be fully overwritten so a malicious attacker could use it for executing malicious code on the victim,” Auriemma said in an e-mail.

The vulnerability affects both Windows and Mac OS X versions of Apple’s QuickTime software.

In his description of the exploit, Auriemma explains that when QuickTime encounters a Real-Time Streaming Protocol link (rtsp://) link and port 554 of the server is closed, the application will switch to the HTTP protocol on port 80. The server then sends a long HTTP error message, so long that it causes the buffer to overflow. This allows the attacker to take control the affected system.

Auriemma said that Apple was not been notified of the flaw in advance of its publication.

When Apple updated QuickTime to version 7.3.1 on December 13, 2007, it fixed an RTSP buffer overflow bug (CVE-ID: CVE-2007-6166) related to the content-type/content-base header. The vulnerability Auriemma has identified relates to error message handling and remains unpatched.

Alfred Huger, VP of development at Symantec Security Response said that the exploit appears to be valid. “The proof of concept code only managed to crash the product,” he said. “But it’s a safe assumption that if you can do that you may be able to execute remote code.

“It’s very serious,” Huger added, noting that it’s one of a number of QuickTime vulnerabilities discovered in the past few months.

With the increasing popularity of Mac OS X on both computers and phones, several security researchers have observed that hackers are exploring vulnerabilities in Apple’s products with more interest.

On Wednesday, US-CERT warned about a phony iPhone upgrade. And at least one recent malware program, Trojan.DNSChanger, has the potential to affect both Windows and Mac users.

News apple, http, News, vulnerability, zero-day

US-CERT (United States Computer Emergency Readiness Team) published its warning on Wednesday, the day after Gleg chief technology officer Evgeny Legerov announced the exploit code in a posting to the Daily Dave security discussion list.

The flaw affects the latest version 11 of RealPlayer running on Windows XP, service pack 2, according to Gleg. A Flash demonstration of the vulnerability has been posted to the Gleg Web site, but the company has not released its attack code or any technical details of the flaw.

Legerov discovered the flaw, called a stack overflow bug, during an audit of the RealPlayer source code, he said via e-mail.

Gleg sells “penetration testing” software that can be used by security professionals to find holes in computer networks. The RealPlayer flaw was added to Gleg’s VulnDisco SA software on Dec. 16, which means that subscribers have had access to the code for more than two weeks. VulnDisco SA is sold as an add-on to Immunity’s Canvas penetration testing platform.

There have been no reports of the code being released to the general public so far. US-CERT has not been able to study the exploit code and confirm that it works, said Art Manion, vulnerability analysis team leader at US-CERT.

Real is working to confirm whether the exploit code actually works, a company spokesman said Wednesday.

US-CERT is doing the same thing, Manion said. In the meantime, RealPlayer users should be cautious. “If one wants to assume the most cautious possible stance, you don’t use it,” Manion said.

News media, News, real-player, Windows security

Microsoft is warning customers about a zero-day flaw in the process of how Windows looks up other computers on the Internet.

The vulnerability is a variation of one patched in 1999, and attackers could exploit it to access sensitive data and redirect users to Web sites rigged with malware. It is not considered as big a threat as more recent zero-day flaws, however.

Tim Rains of the Microsoft Security Response Center communications team said in an email late Monday that the software giant is investigating new public reports of a vulnerability in how Windows resolves hostnames that do not include a fully-qualified domain name (FQDN). He said the specific technology affected is Windows’ Web Proxy Auto-Discovery (WPAD) program.

The problem affects Microsoft Windows 2000 Advanced Server, Windows 2000 Datacenter Server; Windows 2000 Professional; Windows 2000 Server; Windows Server 2003 Datacenter Edition; Windows Server 2003 Enterprise Edition; Windows Server 2003 Standard Edition; Windows Server 2003 Web Edition; Windows Vista; Windows XP Home Edition; Windows XP Professional; Internet Explorer 6 and Internet Explorer 7.

This is mainly a problem for corporate users outside the U.S, though Microsoft warned that attackers could exploit it to silently redirect users to malware-laden Web sites. Though the flaw was patched years ago, researcher Beau Butler recently discovered it in more recent versions of Windows.

“Microsoft has not received any information to indicate customer impact at this time,” Rains said. “Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process.”

Microsoft Security Advisory 945713 suggests users mitigate the threat by creating a WPAD.DAT proxy auto configuration file on a host-named WPAD to direct Web browsers to the organization’s proxy; disabling the automatic detection settings in Internet Explorer; disabling DNS devolution; and configuring a domain suffix search list.

Microsoft security, News Microsoft security, Microsoft-security, News, security-news, vulnerability, xp, zero-day-flaw

Online shoppers might have a credit card number stolen while buying Christmas gifts today and not learn about it until Easter, an industry authority on computer virus prevention said.

“They’re waiting for you to enter your credit card number,” said David Perry, global director of education for Trend Micro. “Then they’re collected up and sold. They steal them by the thousands and resell them in batches on secret sites.”

At least 25 percent of Web sites are infected (with problems),” he said, “and one-third of computers are affected.

Today, though, 58.5 percent of consumers shop online because of the convenience, according to the National Retail Federation.

Barbie Potts of Hixson said she has bought the majority of Christmas gifts in person but has bought “a few things,” she can’t get in Chattanooga online. She said to her knowledge she has never had any of her information pirated.

“I don’t (worry about it),” she said. “Nothing ever happened. I probably should worry.”

Mr. Perry represents Trend Micro, a computer antivirus software company in Cupertino, Calif., but he wants to save people from joining the list of what he said is approaching 100 billion cyber crimes annually.

The most important thing for people to do, he said, is to make your computer free of malware, short for malicious software. Malware is a program or file, such as a virus, worm or a Trojan horse, that is designed specifically to damage or disrupt a system.

Read full story at Timesfreepress.com 

News Computer hacking, Computer-security, credit-card, fraud, News, spaming

Trend Micro Incorporated (TSE: 4704), a leader in network antivirus and content security software and services, today announced that Trend Micro Mobile Security (TMMS) 3.0 is available for the Symbian/UIQ 3.0 operating system, which includes Sony Ericsson P1 devices. New users can directly download a trial version of TMMS 3.0, protecting them from hackers, intrusions and malicious codes that are an ever-increasing threat to mobile devices using unsecured wireless networks. The solution also protects against data leaks through firewall and intrusion detection technologies.

Mobile devices are rapidly outnumbering PCs, becoming faster, more powerful and convenient for a mobile workforce that needs access to company-specific information through various wireless networks such as Wi-Fi. Trend Micro Mobile Security 3.0 offers mobile devices the same type of protection needed for PCs — antivirus, firewalls and anti-spyware. At the same time, it protects business-critical data stored on these devices if they are lost or stolen.

“We are delighted that Sony Ericsson P1 users now have the option to protect themselves with Trend Micro Mobile Security 3.0,” said Per Alksten, senior application manager at Sony Ericsson. “We hope this added convenience will encourage our customers to equip themselves with a comprehensive and effective mobile security solution.”

“Trend Micro strives to be one step ahead of the bad guys,” said Todd Thiemann, marketing director for Trend Micro’s incubation group. “Smartphone usage and convenience are expanding quickly. Even though the mobile threats we’ve encountered so far have been containable, our goal is to ‘future-proof’ our customers with the best security solutions we can deliver.”

Trend Micro Mobile Security 3.0 is designed for maximum ease-of-use, providing users with a simple interface for maximum security with minimal impact on the user and device. Trend Micro Mobile Security 3.0 supports devices using Symbian OS 9.1/UIQ 3.0 which includes the Sony Ericsson P1, W960 and M600. Trend Micro Mobile Security 3.0 for Windows Mobile™ 5.0/6.0 has been available since late November 2006 while Trend Micro Mobile Security 3.0 for Symbian/S60 3^rd Edition has been shipping since April 2007.

Pricing and Availability for North America

Trend Micro Mobile Security 3.0 for Symbian/UIQ 3.0 is available immediately with pricing beginning at $34.95 per device. Trend Micro Mobile Security 3.0 for Windows Mobile and Trend Micro Mobile Security 3.0 for Symbian/S60 3^rd Edition are also available immediately with pricing beginning at $34.95 per device. For more information and a complete list of supported devices, visit www.trendmicro.com/mobilesecurity.

News Antivirus, content-security, News, sony-ericson, trend-micro

Microsoft warned companies on Monday that a flaw in the way Windows searches for Web proxies could allow an attacker the ability to reroute traffic through a malicious server.

The security issues occur when a Windows computer attempts to find a proxy server using Microsoft’s Web Proxy Automatic Discovery (WPAD) technology and the organization’s domain name starts at the third level or deeper, such as somecompany.co.jp, the software giant stated in an advisory. The WPAD search first attempts to find the server using the fully-qualified domain name (FQDN), and if it doesn’t find the server will try the next higher level of the domain name. For example, a search for a proxy server in somecompany.co.jp will look for servername.somecompany.co.jp and then move on to servername.co.jp, which could be a malicious server outside the company’s network.

“At this time, we are not aware of attacks attempting to use the reported vulnerability, but we will continue to track this issue,” Tim Rains, a spokesman for the Microsoft Security Response Center, said on the teams’ blog. “The advisory contains several mitigations that customers can use to help protect themselves from attackers.”

Successfully exploiting the vulnerability would reroute a Windows computer’s Web traffic through the malicious proxy server, allowing man-in-the-middle attacks and eavesdropping.

Microsoft has had to deal with a handful of vulnerabilities in recent months caused by the Windows software that handles domain names. In April, the software giant closed a buffer overflow in the remote procedure call functionality of its Domain Name Server for Windows 2000 and Windows 2003. The company is also one of the browser makers searching for a solution to the issue of DNS rebinding, which could be used by an attacker to gain access to resources on a Web surfer’s network.

Microsoft security, News domain, malicious, Microsoft-security, News, proxy

A cyber attack reported last week by one of the federal government’s nuclear weapons laboratories may have originated in China, according to a confidential memorandum distributed Wednesday to public and private security officials by the Department of Homeland Security.

Security researchers said the memorandum, which was obtained by The New York Times from an executive at a private company, included a list of Web and Internet addresses that were linked to locations in China. However, they noted that such links did not prove that the Chinese government or Chinese citizens were involved in the attacks. In the past, intruders have compromised computers in China and then used them to disguise their true location.

Officials at the lab, Oak Ridge National Laboratory in Tennessee, said the attacks did not compromise classified information, though they acknowledged that they were still working to understand the full extent of the intrusion.

The Department of Homeland Security distributed the confidential warning to computer security officials on Wednesday after what it described as a set of “sophisticated attempts” to compromise computers used by the private sector and the government.

Government computer security officials said the warning, which was issued by the United States Computer Emergency Response Team, known as US-CERT, was related to an October attack that was also disclosed last week by officials at the Oak Ridge laboratory.

According to a letter to employees written by the laboratory’s director, Thom Mason, an unknown group of attackers sent targeted e-mail messages to roughly 1,100 employees as part of the ruse.

“At this point, we have determined that the thieves made approximately 1,100 attempts to steal data with a very sophisticated strategy that involved sending staff a total of seven ‘phishing’ e-mails, all of which at first glance appeared legitimate,” he wrote in an e-mail message sent to employees on Monday. “At present we believe that about 11 staff opened the attachments, which enabled the hackers to infiltrate the system and remove data.”

In a statement posted on the laboratory’s Web site, the agency stated: “The original e-mail and first potential corruption occurred on October 29, 2007. We have reason to believe that data was stolen from a database used for visitors to the Laboratory.”

The laboratory said the attackers were able to gain access to a database containing personal information about visitors to the laboratory going back to 1990.

The US-CERT advisory, which was not made public, stated: “The level of sophistication and the scope of these cyber security incidents indicate that they are coordinated and targeted at private sector systems.”

The US-CERT memo referred to the use of e-mail messages that fool employees into clicking on documents that then permit attackers to plant programs in their computers. These programs are then able to copy and forward specific data — like passwords — to remote locations.

Despite improvements in computer security, phishing attacks are still a big problem. In the case of the Oak Ridge intrusion, the e-mail messages were made to seem authentic. One described a scientific conference and another referred to a Federal Trade Commission complaint.

Computer security researchers cautioned that despite the US-CERT description of the attacks as sophisticated, such threats are frequently undertaken by amateur computer hackers.

Classified federal computer networks are not supposed to be connected physically to the open Internet. Even so, sensitive data like employee e-mail databases can easily be compromised once access is gained to computers inside federal agencies.

News Computer-security, cyber-attack, data, News, stolen-data

Hackers have penetrated an upper layer of data at the Oak Ridge National Laboratory (ORNL), a multiprogram science and technology lab managed for the U.S. Department of Energy by UT-Battelle.

Scientists and engineers at ORNL work to increase the availability of clean and abundant energy, restore and protect the environment, and contribute to national security Webroot AntiSpyware 30-Day Free Trial. Click here., in addition to isotope production.

ORNL Director Thom Mason sent a memo to the 3,800 staff members at the facility noting the nature of the attack.

“The Laboratory has been the target of a sophisticated cyber attack that now appears to be part of a coordinated attempt to gain access to computer networks at numerous laboratories and other institutions across the country,” Mason noted. “Our cyber security staff has been working nights and weekends to understand the nature of this attack.”
Security On, Hackers In

“Our review to date has shown that while every security system See the HP Proliant DL380 G5 Server with Systems Insight Manager – Click here. at ORNL was in place and in compliance, the hackers potentially succeeded in gaining access to one of the Laboratory’s non-classified databases that contained personal information of visitors to the Laboratory between 1990 and 2004,” Mason explained. “At this point we have determined that the thieves made approximately 1,100 attempts to steal data with a very sophisticated strategy that involved sending staff a total of seven ‘phishing’ e-mails, all of which at first glance appeared legitimate.”

One of the fake e-mails notified employees of a scientific conference, while another pretended to notify employees of a complaint on behalf of the Federal Trade Commission Latest News about Federal Trade Commission.

“In each case, the employee was instructed to open an attachment for further information,” Mason noted. “At present we believe that about 11 staff opened the attachments, which enabled the hackers to infiltrate the system and remove data.”
Hacker Goals Not Revealed

Mason did not reveal what the hacker Latest News about hacker or hackers may have been after, whether it might have been simple identity information or deeper access to ORNL data.

“Reconstructing this event is a very tedious and time consuming effort that likely will take weeks, if not longer, to complete. In the meantime we will be attempting to notify by letter all persons who potentially had stolen personal information such as name, date of birth, and social security number,” Mason explained. “Meanwhile, because of the sensitive nature of this event, the laboratory will be unable for some period to discuss further details until we better understand the full nature of this attack.”
Social Engineering at Work

“I think there’s a little bit of discrepancy in the way people use the term ‘phishing,’” Craig Schmugar, threat research manager for McAfee Latest News about McAfee Avert Labs, told TechNewsWorld.

“Generally, phishing is considered more of the pure social engineering — soliciting people to go to some place and willingly hand over their information,” he explained. “This situation was more of a case social engineering wrapped in an e-mail E-Mail Marketing Software – Free Trial. Click Here. message that would get people to run an attachment. And once it was run, malicious code is installed on a machine, and that code goes out and effectively extracts information or gives remote attackers a gateway into an organization so they can steal what they want.”

Overall, Schmugar says more targeted and personalized attacks are on the rise — and they’re becoming more sophisticated.
Fishing for Better Bait

Schmugar noted that some social engineering attacks start small to get initial information that can then be used to create additional, more legitimate-looking social engineering attacks — in a sense, a hacker can phish for better bait. With better bait, hackers can go after bigger and better fish.

“The hacking side is easier to defend against. You can put software defenses in place and lock down people’s machines, but what’s really hard to defend is the social engineering — because that’s attacking people and their gullibility,” Schmugar noted. “I’ve heard quotes from hackers saying it’s much easier to get into someplace than reverse engineering software to find a crack in it,” he added.
Breaking Into Corporations

“We’re finding that social engineering tactics are still a very successful means of getting into corporations,” Mike Haro, a senior security analyst for Sophos Latest News about Sophos, told TechNewsWorld. “The trend is consistently high, but I wouldn’t say it’s any higher that it was this quarter or last year. But it’s definitely a means from which targeted attacks take place.”

The ORNL has posted a page at for employees and visitors that will keep them up-to-date with the investigation and potential identity theft issues.

News Computer hacking, hackers, News, News, ornl

In 2005 i read about hackers hacked the t-mobile customer information database.  I am curious to know what precaustions has been taken by the company. T-mobile is a wireless giant operating in USA. Hacker able to get into the system and steal the important data of clients. The social security numbers, phone numbers and other personal information is among the stolen data. T-mobile also possess celebrities particulars too. Twenty-one year-old Nicolas Jacobsen was quietly charged with the intrusions 2004 October, after a Secret Service informant helped investigators link him to sensitive agency documents that were circulating in underground IRC chat rooms. The informant also produced evidence that Jacobsen was behind an offer to provide T-Mobile customers’ personal information to identity thieves through an Internet bulletin board, according to court records.

Jacobsen could access information on any of the Bellevue, Washington-based company’s 16.3 million customers, including many customers’ Social Security numbers and dates of birth, according to government filings in the case. He could also obtain voicemail PINs, and the passwords providing customers with Web access to their T-Mobile e-mail accounts. He did not have access to credit card numbers.

Precautions of t-mobile are normal as other organizations do. The following is a statement which shows their security measures.

T-Mobile uses reasonable precautions to protect the privacy of your credit card and other ordering information by utilizing a Secure Socket Layer (”SSL”) connection. Accordingly, your credit card and other ordering information, such as your name and address, is encrypted using the SSL connection and is not expected to be read in an intelligible form as it travels to T-Mobile order processing system. T-Mobile order processing systems are not connected to the Internet and are not accessible to the public.

Many Web browsers support the use of an SSL connection, but if your browser does not support the use of an SSL connection or if you prefer not to send your credit card number over the Internet,

Computer security analyses, News Computer hacking, Computer-security-analyses, hackers, News, security-news, t-mobile

SANTA CLARA, Calif., Nov. 19 /PRNewswire-FirstCall/ – McAfee, Inc. (NYSE: MFE) today announced that McAfee® VirusScan® Mobile, which is included in McAfee’s Triple Play offer, is now available for download at http://us.mcafee.com. McAfee currently offers market-leading defense for consumers’ PCs and Internet experiences, and the new mobile security component protects against threats that originate from e-mail, instant messages and multimedia downloads in various mobile devices.

Consumers who purchase McAfee Total Protection or McAfee Internet Security Suite get McAfee VirusScan Mobile at no additional charge.

“Mobile Internet use, which now involves everything from e-mail to payments and mobile security, will become of greater importance as threats evolve,” said Todd Gebhart, senior vice president and general manager, McAfee Consumer, Mobile and Small Business. “While not yet widespread, McAfee Avert® Labs has identified 450 different mobile threat variants, including viruses and spyware that can threaten devices and personal information. McAfee VirusScan® Mobile is proactive protection, providing customers with the peace of mind that comes from knowing they are protected today against the mobile threats of the future.”

McAfee VirusScan Mobile is designed from the ground up to provide mobile protection. It guards against threats and protects the device at entry points, including SMS, MMS and e-mail. It automatically scans incoming and outgoing data for malicious code and continuously monitors and analyzes mobile data and files. VirusScan Mobile also seamlessly interacts with McAfee’s Avert Labs for the latest protection updates.

Read full story at McAfee

News malicious_code, mcafee_avert_labs, mcafee_internet_security, mcafee_internet_security_suite, mcafee_virusscan, News, security_component

Trend Micro, Incorporated (TSE: 4704), a leader in network antivirus and Internet content security software, today announced a new total Web security service for PLAYSTATION®3 (hereinafter referred to as PS3™) released by Sony Computer Entertainment Inc.Trend Micro Web Security for PS3 is expected to be available on November 8, and will be free of charge until the end of April 2008*2. This service is the first globally supported Web security service for a home game system. The service provision starts on November 8 as part of PS3’s system software update version 2.00 for PS3s sold worldwide with the user interface in 16 languages*3.

Overview of “Trend Micro Web Security for PS3”
Home game systems with Web site browsing capabilities will continue to proliferate, and Web browsing via a game console is expected to become more and more popular. With the growing trend, users may also become more susceptible to malicious Web sites through the game system, or may have a chance to become the victim of cybercrime that targets monetary transactions such as shopping, banking, and securities trading through Web sites.

This service is developed as a module especially for PS3 using Trend Micro’s own Web reputation and URL filtering technology. By using this service, a wide range of PS3 users can feel safe to browse the Internet.

Function: Blocks malicious and harmful websites
Access to websites that are classified into specific categories (Adult/Sex, Alcohol/Tobacco, Crime, Cults/The Occult, Gambling, Hacking/Proxy Avoidance, Illegal Drugs, Sex Education, Violence/Hate/Racism, Weapons/Military, etc.) can be blocked simply by going to the PS3 Internet Browser menu,*4 selecting “Tool,” and then selecting “Trend Micro Web Security for PS3” from “Browser Security.” A password will be needed.

Read full story at Trend Micro 

News content_security_solutions, internet_content_security, leak_prevention, News, play-station, play-station-security, trend_micro_incorporated

Trend Micro Incorporated (TSE: 4704), a leader in network antivirus and Internet content security software and services, today announced the results of its third Internet Confidence and Safety Survey which was first conducted in August 2006 and is carried out twice a year. The study provides an overall measurement of consumers’ confidence and perceived safety of the Internet. The overall global confidence and safety score increased from a confidence index of 39.9 to an index of 40.7, due to an increase in Japanese and U.S. consumers’ confidence and perceived safety.In the U.S., respondents who view the Internet as currently being “very safe” increased from 45 percent in February 2007 to 53 percent in August 2007. Similarly, U.S. respondents who believe the Internet will be much safer in the next six months increased from 26 percent in February to 32 percent in August. The survey also found that as U.S. consumers have more confidence in the Internet, they engage in riskier behavior. Respondents who reported they bank online increased 9 percent; and 16 percent, compared to 12 percent in February, reported the use of public hotspots for Wi-Fi access.   

Read full story at Trend Micro 

Internet security, News hotspots, Internet security, internet_confidence, internet_content_security, network_antivirus, News, safety_score, security_software, trend_micro_incorporated, wi_fi_access