User passwords and product serial numbers potentially exposed
"A self-proclaimed grey-hat hacker has located a critical SQL injection vulnerability in a website belonging to security giant Symantec. The flaw can be leveraged to extract a wealth of information from the database including customer and admin login credentials, product serial numbers, and possibly credit card information.
The flaw was found by a Romanian hacker going by the online handle of Unu, according to whom an insecure parameter of a script from the pcd.symantec.com website, allows for a blind SQL injection (SQLi) attack to be performed. In such an attack, the hacker obtains read and/or write permission to the underlying database of the vulnerable website.
During a regular SQLi attack, the result of a rogue SQL query is displayed inside the browser instead of the normal web page output. Meanwhile, in a blind SQL injection, the query executes, but the website continues to display normally, making it much more difficult to extract information.
The content of the pcd.symantec.com website is written in Japanese, but from what we could determine, it serves a product called Norton PC Doctor. Accessing most of the website's sections requires authentication, and in order to exploit the blind SQLi vulnerability, the hacker had to use a few specialized tools. The Web server appears to be running Windows Server 2000 as operating system, Microsoft IIS 6.0 with ASP support and Microsoft SQL Server 2002 as database back-end.
From the screen shots released by Unu there are many potentially interesting databases, but the one he chose to look at is called 'symantecstore.' One of the tables in this database is named 'PaymentInformationInfo' and contains columns such as BillingAddress, CardExpirationMonth, CardExpirationYear, CardNumber, CardType, CcIssueCode, CustomerEmail, CustomerFirstName, CustomerLastName or SecurityIndicator.
Database listing on Symantec PC Doctor server
Enlarge picture
Unu claims that his interest is only to point out security issues and not misuse any data. Therefore, according to him, he did not attempt to extract any information from this table. Instead, he focused on another one called TB_MEMBER, which contains 70,356 records.
For demonstration purposes, he extracted 6 of these entries at random, revealing customer names and login credentials with the passwords stored in plain text; a major security oversight. The hacker also notes that passwords for the accounts in a different table called TB_EMPLOYEE are also stored in a similar insecure way.
A third table Unu chose to investigate is called TB_ORDER and contains columns such as ProductName, ProductNumber, SaleAmount and SerialNumber. There are 122,152 entries in the SerialNumber column.
This is not the first time when Unu scrutinizes the security of websites belonging to antivirus vendors. His previous targets includes Kaspersky and Bitdefender. Some months back, he even disclosed a vulnerability affecting a different Symantec website. The AV company eventually played down its impact.
At the end of his most recent disclosure, Unu mentions his previous attack against Kaspersky's US online store website. 'There was fair play, they quickly secured vulnerable parameter, and even if at first they were very angry at me, finally understood that I did not extract, I saved nothing, I did not abused in any way by those data found. My goal was, what is still, to warn. To call attention [sic.],' the hacker writes on his blog.
Note: We have alerted Symantec about the potential security breach. We will update this article when/if more information becomes available.
Update: In an e-mail to Softpedia, Symantec has confirmed the existence of a vulnerabiliy in the pcd.symantec.com. Here is the full statement we received:
'A SQL injection vulnerability has been identified at pcd.symantec.com. The Web site facilitates customer support for users of Symantec's Norton-branded products in Japan and South Korea only. This incident does not affect Symantec customers anywhere else in the world.
'This incident impacts customer support in Japan and South Korea but does not affect the safety and usage of Symantec's Norton-branded consumer products. Symantec is currently in the process of updating the Web site with appropriate security measures and will bring it back online as soon as possible. Symantec is still investigating the incident has no further details to share at this time.'"
Source Softpedia
Monday, November 23, 2009
Wednesday, November 18, 2009
10 Solid Tips to Safeguard Your Facebook Privacy
Facebook statistics show that it has 250 million active users each with an average 120 friends. More than 1 billion photos are uploaded every month by its users, over 70% of whom use applications like games and quizzes in Facebook. Unfortunately, most users don’t know the implications of entering personal information, making friends, and playing games on Facebook.1. Organize Friends in Lists
2. Customize Profile Privacy
3. Set Facebook Privacy Level of Photo Albums
4. Restrict Search Visibility
5. Control Automatic Wall Posts and News Feed Updates
6. Set Facebook Wall Privacy
7. Avoid Appearing in Advertisements
8. Protect Yourself from Friends’ Applications
9. Privacy from Your Applications
10. Quitting Facebook? Delete, Don’t Just De-Activate Your Account
This guide will show what you can (and cannot) do to safeguard your Facebook privacy.
1. Organize Friends in Lists
What do you do when your boss, mother-in-law, or a casual web acquaintance sends you a friend request on Facebook? Use Friend Lists. Friend Lists are the foundation of your Facebook privacy settings. Select Friends from the top menu, and use the Create link to create friend lists like Co-workers, Family, College Friends, etc. Your friends can’t see your lists, so you can name them whatever you like.
Tip: On your left sidebar, all your friend lists may not show up by default. Click More to see all of them, and drag and drop those you want above the separator.
2. Customize Profile Privacy
Click Settings > Privacy Settings > Profile. Select which parts of your profile will be seen by whom.
If you choose Customize in the drop down, you can be more specific. This is where the Friend Lists you created before become really useful.
Also go to the Contact Information tab and choose how you want your contact information to be shared on the Internet.
3. Set Facebook Privacy Level of Photo Albums
On the Photos tab of your profile page, click Album Privacy. Here again, you can use your Friend Lists to set the privacy for each photo album.
Note that your profile pictures go into a special album that is always visible to ALL your friends.
4. Restrict Search Visibility
Click Privacy > Search to set your visibility when someone searches Facebook for people. This is an important way to safeguard your Facebook privacy. You can also select what will be visible in the search results.
5. Control Automatic Wall Posts and News Feed Updates
Your actions in Facebook such as comments, likes, appear as highlights on ALL your friends’ home pages. You cannot use friend lists here, only turn them on or off.
Go to Privacy > News Feed and Wall and choose whether you want your boss or ex-girlfriend to know that you’re in a relationship.
6. Set Facebook Wall Privacy
Go to your profile page, click Options > Settings under the status box.
Here you can control whether your friends can post to your Wall, and who can see the posts made by your friends.
7. Avoid Appearing in Advertisements
Facebook has two types of advertisements: third-party and Facebook. Third-party advertisements are currently not allowed to use your pictures, but there is a setting to disallow it if it is allowed in the future. Go to Privacy > News Feed and Wall > Facebook Ads tab to turn this off.
The Facebook ads shown to your friends are about ‘social actions’ like becoming a fan of something. You can turn this off at the bottom of the page.
8. Protect Yourself from Friends’ Applications
Go to Privacy > Applications, and click the Settings tab and uncheck all the boxes. These settings control what information about you is visible to applications installed by your friends. By default, these are set to visible. This means that your religious, sexual, and political preferences, pictures, etc. are readily available to one of the million worldwide Facebook application developers, each time any of your friends takes a quiz, plays a game, or runs any other Facebook app. This is obviously a Facebook privacy issue.
This is the most commonly misunderstood aspect of Facebook privacy. These settings control what applications installed by your friends can see about you, even if you don’t install the application yourself.
Why is this important? Because these settings will not change anything about what you are sharing with the applications you install yourself. For that, go to the next step.
9. Privacy from Your Applications
There is no way to control what applications see about you; it is an all-or-nothing affair. Take this quiz developed by the American Civil Liberties Union to check what anonymous application developers can know about you and your friends each time you take a quiz.
The Burton Group’s Identity Blog features the Facebook Privacy Mirror, an application that you can use to find out what applications know about you and your friends. If you really want to see exactly what profile data of each of your friends is visible to application developers, Privacy Mirror shows it in detail.
The only thing you can do is to authorize only those applications you require and trust. Go to Settings > Application Settings from the top menu. Change the drop-down from Recently Used to Authorized. Here you can see all the applications you have authorized to get access to ALL your profile information. Remove the ones you no longer need.
Also check the list of applications Allowed to Post and Granted Additional Permissions to remove unwanted ones.
10. Quitting Facebook? Delete, Don’t Just De-Activate Your Account
You can easily deactivate your account in Facebook from the Settings page. But deactivation will retain all your profile information within Facebook, including pictures, friends, etc. If you want to permanently delete your Facebook account, click here to submit a deletion request. Note that:
- There is an unspecified delay between submitting your delete request and actual deletion.
- If you login to Facebook, your deletion request is automatically cancelled.
- There doesn’t seem to be any way to confirm that your request was completed.
- Even after permanent deletion, Facebook says that copies of your photos may remain on their servers for technical reasons.
Also, note that once in a while, there is news of a Facebook hack or leak that can expose your information on the Internet. It is better to be safe than sorry by avoiding using Facebook for anything that may embarrass you.
I hope this article gives you a better understanding and insight into Facebook’s privacy.
Wednesday, November 11, 2009
RBS WorldPay Hackers Indicted - After stealing over nine million dollars in a sophisticated attack - Softpedia
RBS WorldPay Hackers Indicted - After stealing over nine million dollars in a sophisticated attack - Softpedia: "The gang of fraudsters who stole $9 million after hacking into the RBS WorldPay payment processor last year have been indicted by a grand jury in Atlanta, the United States Department of Justice announces. Four hackers and six cashers were charged with various counts of wire fraud, computer fraud and aggravated identity theft.
Back in December 2008, close to the winter holidays, a major US-based payment processor called RBS WorldPay announced that its network and computer systems were breached by unknown attackers. The company, which is operated by the Royal Bank of Scotland Group, said at the time that only around 100 re-loadable payroll cards had been misused and subsequently disabled.
However, what the company failed to note is that some of the compromised cards were actually used to steal a whooping nine million dollars. Not only that, but the impressive sum was withdrawn over a 24-hour period from over 2,100 ATMs located in at least 280 different cities worldwide, making this attack one of the most organized and sophisticated of its kind ever to be instrumented.
The indictment reveals that the hackers intercepted and cracked encrypted data passing through the network, after which they artificially inflated the limits of the accounts chosen as targets. The payroll card details including PIN numbers were then distributed to people across the world, known as cashers, who manufactured copies of the cards and used them on ATMs.
These co-conspirators allegedly kept between 30 and 50 percent of the money, while the rest was sent back to Sergei Tsurikov, 25, of Tallinn, Estonia, Viktor Pleshchuk, 28, of St. Petersburg, Russia, Oleg Covelin, 28, of Chisinau, Moldova, and a yet unidentified individual known only as 'Hacker 3,' who are named as the leaders of the gang and the hackers responsible for the breach.
Four other residents of Tallin, Estonia, in the persons of Igor Grudijev, 31, Ronald Tsoi, 31, Evelin Tsoi, 20, and Mihhail Jevgenov, 33, were indicted in connection with this scheme for withdrawing cash using cloned cards. Two unnamed individuals were also arrested for playing a similar role in Hong Kong. However, given the scope of this operation, this is only the beginning of a very long list of co-conspirators.
'The charges brought against this highly sophisticated international hacking ring were possible only because of unprecedented international cooperation with our law enforcement partners,' noted Assistant Attorney General of the Criminal Division Lanny A. Breuer. FBI Atlanta Field Office Special Agent-in-Charge Greg Jones added that this success sends 'a clear message to cyber-criminals across the globe. Justice will not stop at international borders, but continue with the on-going cooperation between the FBI and other agencies.'
Tsurikov, Pleshchuk, Covelin and 'Hacker 3' were charged with conspiracy to commit wire fraud, wire fraud, conspiracy to commit computer fraud, computer fraud, access device fraud and aggravated identity theft. Each of them face a sentence of over 35 years in prison and fines up to $3.5 million dollars. Meanwhile, Grudijev, Tsois and Jevgenov, who were indicted for access device fraud, risk maximum sentences of 15 years in prison and fines of up to $250,000."
Back in December 2008, close to the winter holidays, a major US-based payment processor called RBS WorldPay announced that its network and computer systems were breached by unknown attackers. The company, which is operated by the Royal Bank of Scotland Group, said at the time that only around 100 re-loadable payroll cards had been misused and subsequently disabled.
However, what the company failed to note is that some of the compromised cards were actually used to steal a whooping nine million dollars. Not only that, but the impressive sum was withdrawn over a 24-hour period from over 2,100 ATMs located in at least 280 different cities worldwide, making this attack one of the most organized and sophisticated of its kind ever to be instrumented.
The indictment reveals that the hackers intercepted and cracked encrypted data passing through the network, after which they artificially inflated the limits of the accounts chosen as targets. The payroll card details including PIN numbers were then distributed to people across the world, known as cashers, who manufactured copies of the cards and used them on ATMs.
These co-conspirators allegedly kept between 30 and 50 percent of the money, while the rest was sent back to Sergei Tsurikov, 25, of Tallinn, Estonia, Viktor Pleshchuk, 28, of St. Petersburg, Russia, Oleg Covelin, 28, of Chisinau, Moldova, and a yet unidentified individual known only as 'Hacker 3,' who are named as the leaders of the gang and the hackers responsible for the breach.
Four other residents of Tallin, Estonia, in the persons of Igor Grudijev, 31, Ronald Tsoi, 31, Evelin Tsoi, 20, and Mihhail Jevgenov, 33, were indicted in connection with this scheme for withdrawing cash using cloned cards. Two unnamed individuals were also arrested for playing a similar role in Hong Kong. However, given the scope of this operation, this is only the beginning of a very long list of co-conspirators.
'The charges brought against this highly sophisticated international hacking ring were possible only because of unprecedented international cooperation with our law enforcement partners,' noted Assistant Attorney General of the Criminal Division Lanny A. Breuer. FBI Atlanta Field Office Special Agent-in-Charge Greg Jones added that this success sends 'a clear message to cyber-criminals across the globe. Justice will not stop at international borders, but continue with the on-going cooperation between the FBI and other agencies.'
Tsurikov, Pleshchuk, Covelin and 'Hacker 3' were charged with conspiracy to commit wire fraud, wire fraud, conspiracy to commit computer fraud, computer fraud, access device fraud and aggravated identity theft. Each of them face a sentence of over 35 years in prison and fines up to $3.5 million dollars. Meanwhile, Grudijev, Tsois and Jevgenov, who were indicted for access device fraud, risk maximum sentences of 15 years in prison and fines of up to $250,000."
NASA - 2012: Beginning of the End or Why the World Won't End?
Nasa Comment on 2012: Beginning of the End or Why the World Won't End?:
Remember the Y2K scare? It came and went without much of a whimper because of adequate planning and analysis of the situation. Impressive movie special effects aside, Dec. 21, 2012, won't be the end of the world as we know. It will, however, be another winter solstice.
Much like Y2K, 2012 has been analyzed and the science of the end of the Earth thoroughly studied. Contrary to some of the common beliefs out there, the science behind the end of the world quickly unravels when pinned down to the 2012 timeline. Below, NASA Scientists answer several questions that we're frequently asked regarding 2012.
Question (Q): Are there any threats to the Earth in 2012? Many Internet websites say the world will end in December 2012.
Answer (A): Nothing bad will happen to the Earth in 2012. Our planet has been getting along just fine for more than 4 billion years, and credible scientists worldwide know of no threat associated with 2012.
Q: What is the origin of the prediction that the world will end in 2012?
A: The story started with claims that Nibiru, a supposed planet discovered by the Sumerians, is headed toward Earth. This catastrophe was initially predicted for May 2003, but when nothing happened the doomsday date was moved forward to December 2012. Then these two fables were linked to the end of one of the cycles in the ancient Mayan calendar at the winter solstice in 2012 -- hence the predicted doomsday date of December 21, 2012.
Q: Does the Mayan calendar end in December 2012?
A: Just as the calendar you have on your kitchen wall does not cease to exist after December 31, the Mayan calendar does not cease to exist on December 21, 2012. This date is the end of the Mayan long-count period but then -- just as your calendar begins again on January 1 -- another long-count period begins for the Mayan calendar.
Q: Could a phenomena occur where planets align in a way that impacts Earth?
A: There are no planetary alignments in the next few decades, Earth will not cross the galactic plane in 2012, and even if these alignments were to occur, their effects on the Earth would be negligible. Each December the Earth and sun align with the approximate center of the Milky Way Galaxy but that is an annual event of no consequence.
Q: Is there a planet or brown dwarf called Nibiru or Planet X or Eris that is approaching the Earth and threatening our planet with widespread destruction?
A: Nibiru and other stories about wayward planets are an Internet hoax. There is no factual basis for these claims. If Nibiru or Planet X were real and headed for an encounter with the Earth in 2012, astronomers would have been tracking it for at least the past decade, and it would be visible by now to the naked eye. Obviously, it does not exist. Eris is real, but it is a dwarf planet similar to Pluto that will remain in the outer solar system; the closest it can come to Earth is about 4 billion miles.
Q: What is the polar shift theory? Is it true that the earth’s crust does a 180-degree rotation around the core in a matter of days if not hours?
A: A reversal in the rotation of Earth is impossible. There are slow movements of the continents (for example Antarctica was near the equator hundreds of millions of years ago), but that is irrelevant to claims of reversal of the rotational poles. However, many of the disaster websites pull a bait-and-shift to fool people. They claim a relationship between the rotation and the magnetic polarity of Earth, which does change irregularly, with a magnetic reversal taking place every 400,000 years on average. As far as we know, such a magnetic reversal doesn’t cause any harm to life on Earth. A magnetic reversal is very unlikely to happen in the next few millennia, anyway.
Q: Is the Earth in danger of being hit by a meteor in 2012?
A: The Earth has always been subject to impacts by comets and asteroids, although big hits are very rare. The last big impact was 65 million years ago, and that led to the extinction of the dinosaurs. Today NASA astronomers are carrying out a survey called the Spaceguard Survey to find any large near-Earth asteroids long before they hit. We have already determined that there are no threatening asteroids as large as the one that killed the dinosaurs. All this work is done openly with the discoveries posted every day on the NASA NEO Program Office website, so you can see for yourself that nothing is predicted to hit in 2012.
Q: How do NASA scientists feel about claims of pending doomsday?
A: For any claims of disaster or dramatic changes in 2012, where is the science? Where is the evidence? There is none, and for all the fictional assertions, whether they are made in books, movies, documentaries or over the Internet, we cannot change that simple fact. There is no credible evidence for any of the assertions made in support of unusual events taking place in December 2012.
Q: Is there a danger from giant solar storms predicted for 2012?
A: Solar activity has a regular cycle, with peaks approximately every 11 years. Near these activity peaks, solar flares can cause some interruption of satellite communications, although engineers are learning how to build electronics that are protected against most solar storms. But there is no special risk associated with 2012. The next solar maximum will occur in the 2012-2014 time frame and is predicted to be an average solar cycle, no different than previous cycles throughout history."
Remember the Y2K scare? It came and went without much of a whimper because of adequate planning and analysis of the situation. Impressive movie special effects aside, Dec. 21, 2012, won't be the end of the world as we know. It will, however, be another winter solstice.
Much like Y2K, 2012 has been analyzed and the science of the end of the Earth thoroughly studied. Contrary to some of the common beliefs out there, the science behind the end of the world quickly unravels when pinned down to the 2012 timeline. Below, NASA Scientists answer several questions that we're frequently asked regarding 2012.
Question (Q): Are there any threats to the Earth in 2012? Many Internet websites say the world will end in December 2012.
Answer (A): Nothing bad will happen to the Earth in 2012. Our planet has been getting along just fine for more than 4 billion years, and credible scientists worldwide know of no threat associated with 2012.
Q: What is the origin of the prediction that the world will end in 2012?
A: The story started with claims that Nibiru, a supposed planet discovered by the Sumerians, is headed toward Earth. This catastrophe was initially predicted for May 2003, but when nothing happened the doomsday date was moved forward to December 2012. Then these two fables were linked to the end of one of the cycles in the ancient Mayan calendar at the winter solstice in 2012 -- hence the predicted doomsday date of December 21, 2012.
Q: Does the Mayan calendar end in December 2012?
A: Just as the calendar you have on your kitchen wall does not cease to exist after December 31, the Mayan calendar does not cease to exist on December 21, 2012. This date is the end of the Mayan long-count period but then -- just as your calendar begins again on January 1 -- another long-count period begins for the Mayan calendar.
Q: Could a phenomena occur where planets align in a way that impacts Earth?
A: There are no planetary alignments in the next few decades, Earth will not cross the galactic plane in 2012, and even if these alignments were to occur, their effects on the Earth would be negligible. Each December the Earth and sun align with the approximate center of the Milky Way Galaxy but that is an annual event of no consequence.
Q: Is there a planet or brown dwarf called Nibiru or Planet X or Eris that is approaching the Earth and threatening our planet with widespread destruction?
A: Nibiru and other stories about wayward planets are an Internet hoax. There is no factual basis for these claims. If Nibiru or Planet X were real and headed for an encounter with the Earth in 2012, astronomers would have been tracking it for at least the past decade, and it would be visible by now to the naked eye. Obviously, it does not exist. Eris is real, but it is a dwarf planet similar to Pluto that will remain in the outer solar system; the closest it can come to Earth is about 4 billion miles.
Q: What is the polar shift theory? Is it true that the earth’s crust does a 180-degree rotation around the core in a matter of days if not hours?
A: A reversal in the rotation of Earth is impossible. There are slow movements of the continents (for example Antarctica was near the equator hundreds of millions of years ago), but that is irrelevant to claims of reversal of the rotational poles. However, many of the disaster websites pull a bait-and-shift to fool people. They claim a relationship between the rotation and the magnetic polarity of Earth, which does change irregularly, with a magnetic reversal taking place every 400,000 years on average. As far as we know, such a magnetic reversal doesn’t cause any harm to life on Earth. A magnetic reversal is very unlikely to happen in the next few millennia, anyway.
Q: Is the Earth in danger of being hit by a meteor in 2012?
A: The Earth has always been subject to impacts by comets and asteroids, although big hits are very rare. The last big impact was 65 million years ago, and that led to the extinction of the dinosaurs. Today NASA astronomers are carrying out a survey called the Spaceguard Survey to find any large near-Earth asteroids long before they hit. We have already determined that there are no threatening asteroids as large as the one that killed the dinosaurs. All this work is done openly with the discoveries posted every day on the NASA NEO Program Office website, so you can see for yourself that nothing is predicted to hit in 2012.
Q: How do NASA scientists feel about claims of pending doomsday?
A: For any claims of disaster or dramatic changes in 2012, where is the science? Where is the evidence? There is none, and for all the fictional assertions, whether they are made in books, movies, documentaries or over the Internet, we cannot change that simple fact. There is no credible evidence for any of the assertions made in support of unusual events taking place in December 2012.
Q: Is there a danger from giant solar storms predicted for 2012?
A: Solar activity has a regular cycle, with peaks approximately every 11 years. Near these activity peaks, solar flares can cause some interruption of satellite communications, although engineers are learning how to build electronics that are protected against most solar storms. But there is no special risk associated with 2012. The next solar maximum will occur in the 2012-2014 time frame and is predicted to be an average solar cycle, no different than previous cycles throughout history."
Tuesday, November 10, 2009
Koobface Infiltrates Google Reader - Botnet hosted using Google Reader shared pages - Softpedia
Koobface Infiltrates Google Reader - Botnet hosted using Google Reader shared pages - Softpedia: "Security experts at TrendMicro have discovered at least 1,300 public Google Reader pages infected with a new Koobface type of attack. Hackers have employed Google Reader accounts to host links redirecting users to a Koobface infected page.
Attackers employed Google Reader's possibility to share links and messages between users to host an image resembling a Flash video. Whenever the user tried to view the video, they were redirected to a cloned YouTube page containing a video. As in previous attacks, the user was soon prompted with an alert that invited them to upgrade their Flash player. Hidden was the fact that instead of the updated software, the user was downloading the doomed Koobface downloader component that would that take over the victim's computer.
Google was soon to react to these findings, taking all the necessary steps into blocking the infected URLs. Unlike previous attacks that used MySpace, Facebook and Twitter, this one seems not to have made the same type of impact, maybe thanks to Google's quick reaction and the fact that its users are a slight more Web-educated than all the social network users in the past.
The Mountain View-based company has recently found itself in the sights of many black hat attacks because of its bigger and bigger array of services that seems to provide more and more useful tools for hackers.
Previous incidents involved the Google App Engine and Google Groups service used as a botnet control and command center, the Google Apps service used as an illegal file sharing tracker, Picasa's email spam or attacks under the form of malware hosted inside video codec projects on Google Code.
The attacks come after Google introduced many services for safe Internet browsing, including the infamous blacklisting service Google Safe Browsing. This form of Koobface is still dangerous because its creators are now relying on Google's own reputation of a safe heaven for online users and attacking completely unsuspecting victims."
Attackers employed Google Reader's possibility to share links and messages between users to host an image resembling a Flash video. Whenever the user tried to view the video, they were redirected to a cloned YouTube page containing a video. As in previous attacks, the user was soon prompted with an alert that invited them to upgrade their Flash player. Hidden was the fact that instead of the updated software, the user was downloading the doomed Koobface downloader component that would that take over the victim's computer.
Google was soon to react to these findings, taking all the necessary steps into blocking the infected URLs. Unlike previous attacks that used MySpace, Facebook and Twitter, this one seems not to have made the same type of impact, maybe thanks to Google's quick reaction and the fact that its users are a slight more Web-educated than all the social network users in the past.
The Mountain View-based company has recently found itself in the sights of many black hat attacks because of its bigger and bigger array of services that seems to provide more and more useful tools for hackers.
Previous incidents involved the Google App Engine and Google Groups service used as a botnet control and command center, the Google Apps service used as an illegal file sharing tracker, Picasa's email spam or attacks under the form of malware hosted inside video codec projects on Google Code.
The attacks come after Google introduced many services for safe Internet browsing, including the infamous blacklisting service Google Safe Browsing. This form of Koobface is still dangerous because its creators are now relying on Google's own reputation of a safe heaven for online users and attacking completely unsuspecting victims."
Monday, November 9, 2009
James Cameron’s ‘Avatar’ Cost $500M, May Flop - Analysts wonder whether one of the most expensive movies ever stands a chance at the box-office - Softpedia
James Cameron’s ‘Avatar’ Cost $500M, May Flop - Analysts wonder whether one of the most expensive movies ever stands a chance at the box-office - Softpedia: "This December, James Cameron and fantasy-film fans will be treated to what is deemed one of the most ambitious and potentially successful projects of almost two decades: Cameron’s “Avatar.” However, boasting an estimated budget of about $500 million and almost no star power, while neither a story with which audiences are familiar, analysts can’t help but wonder about the odds of it being a hit at the box-office.
According to the New York Times, if all this is handled well, then “Avatar” stands to make a profit and all the backers, sponsors and movie partners that invested heavily in it, as well as the cast and production crew actually get to make an extra buck aside from the fix salary they cashed in. However, in an industry that is seeing declining sales and shifting tendencies, it’s becoming harder and harder to predict whether a film has what it takes to sell at the box-office.
20th Century Fox, for one, as well as Cameron himself seem convinced that “Avatar” can turn a profit. What this means is that it has all the necessary ingredients to cover the $500-million budget it required to make – and then some. 3D theaters will hopefully cover some of that number of tickets the film needs to sell (with theaters being able to charge extra), DVD sales and merchandise will eventually work together to make a profit – and keep everybody involved happy, the NY Times piece says.
Cameron has already taken the extra steps to ensure things work out well. “In a further hedge, Mr. Cameron would give up part of his own participation in the film’s returns if production costs exceed a specified level, according to those who were briefed on the film. If final production costs exceeded $300 million, for instance, Mr. Cameron would effectively defer much of his payout until the studio and others were compensated, despite his years of labor on the movie.” the aforementioned publication informs.
However, it could very well be that it’s too soon to tell. There are also too many players involved, and too many unknowns in the equation for analysts to be able to make an accurate estimation. “At what point the various partners in ‘Avatar’ would see profit from the film depends on what share of revenue each receives as the movie reaches theaters, then home video and other media around the world. If domestic ticket sales reach $250 million – a level broken in the last year by five films, including ‘Star Trek’ and ‘The Hangover’ – Fox and its allies would appear to be headed into the black.” the NY Times further says."
Source: http://news.softpedia.com/news/James-Cameron-s-Avatar-Cost-500M-May-Flop-126503.shtml
According to the New York Times, if all this is handled well, then “Avatar” stands to make a profit and all the backers, sponsors and movie partners that invested heavily in it, as well as the cast and production crew actually get to make an extra buck aside from the fix salary they cashed in. However, in an industry that is seeing declining sales and shifting tendencies, it’s becoming harder and harder to predict whether a film has what it takes to sell at the box-office.
20th Century Fox, for one, as well as Cameron himself seem convinced that “Avatar” can turn a profit. What this means is that it has all the necessary ingredients to cover the $500-million budget it required to make – and then some. 3D theaters will hopefully cover some of that number of tickets the film needs to sell (with theaters being able to charge extra), DVD sales and merchandise will eventually work together to make a profit – and keep everybody involved happy, the NY Times piece says.
Cameron has already taken the extra steps to ensure things work out well. “In a further hedge, Mr. Cameron would give up part of his own participation in the film’s returns if production costs exceed a specified level, according to those who were briefed on the film. If final production costs exceeded $300 million, for instance, Mr. Cameron would effectively defer much of his payout until the studio and others were compensated, despite his years of labor on the movie.” the aforementioned publication informs.
However, it could very well be that it’s too soon to tell. There are also too many players involved, and too many unknowns in the equation for analysts to be able to make an accurate estimation. “At what point the various partners in ‘Avatar’ would see profit from the film depends on what share of revenue each receives as the movie reaches theaters, then home video and other media around the world. If domestic ticket sales reach $250 million – a level broken in the last year by five films, including ‘Star Trek’ and ‘The Hangover’ – Fox and its allies would appear to be headed into the black.” the NY Times further says."
Source: http://news.softpedia.com/news/James-Cameron-s-Avatar-Cost-500M-May-Flop-126503.shtml
Major Security Hole Discovered on Facebook and MySpace - The oversight allowed account hijacking and theft of user data - Softpedia
Major Security Hole Discovered on Facebook and MySpace - The oversight allowed account hijacking and theft of user data - Softpedia: "A Web developer has documented a proof-of-concept attack that could have been used to hijack accounts and steal private information on Facebook and MySpace. The attack leveraged a serious security oversight in XML configuration files used to define the cross-domain access policy for Flash applications.
The discovery was made while 24-years-old Dutch Web developer Yvo Schaap tried to find a workaround to a problem he was having with one of his Facebook applications. “I found a solution to one of my function limitations. Surprisingly, when looked into more carefully my solution allowed full access and control to the Facebook user account that accessed my application,” he notes on his blog.
As the programmer goes on to explain, this is not actually a bug, but an insecure configuration issue in crossdomain.xml. This file can be used to tell a Flash application, loaded from a URL and executed locally on the client, if it is able to access a file served from its domain. For example, if the owner of domain A wants to let an application from domain B access its files, it can specify domain B in the crossdomain.xml on its server.
While the crossdomain.xml on facebook.com whitelisted only other domains and sub-domains associated with Facebooks, the similar file on connect.facebook.com contained an <allow-access-from domain=”*” /> directive. This meant that any Flash application, hosted on any domain, was allowed to access data on the connect.facebook.com sub-domain.
“This wouldn't be a big deal if the subdomain only hosts images, but unfortunately this domain hosts the whole Facebook property, including a facebook user session,” Mr. Schaap notes. The web developer goes on to point out that if a user has auto-login enabled and is served with the URL to a specially-crafted flash file, an attacker could obtain full control of their account.
MySpace also suffered from a similar crossdomain.xml misconfiguration, though not as obvious as in Facebook's case. In particular, the crossdomain.xml on myspace.com granted access to a farm.sproutbuilder.com sub-domain. Sprout Builder is a web application building platform, which amongst other types of media, allows its clients to upload and incorporate .swf (Flash) files into their projects. As it turns out, these files are hosted on farm.sproutbuilder.com, thus opening the opportunity to create MySpace self-propagating social networking worm.
Yvo Schaap contacted both companies in advance of making this public and they moved swiftly to address the security problems. However, if two of the biggest social networking platforms left such gaping security holes opened, it is reasonable to assume that many smaller websites also have them."
Source: http://news.softpedia.com/news/Major-Security-Hole-Discovered-on-Facebook-and-MySpace-126327.shtml
The discovery was made while 24-years-old Dutch Web developer Yvo Schaap tried to find a workaround to a problem he was having with one of his Facebook applications. “I found a solution to one of my function limitations. Surprisingly, when looked into more carefully my solution allowed full access and control to the Facebook user account that accessed my application,” he notes on his blog.
As the programmer goes on to explain, this is not actually a bug, but an insecure configuration issue in crossdomain.xml. This file can be used to tell a Flash application, loaded from a URL and executed locally on the client, if it is able to access a file served from its domain. For example, if the owner of domain A wants to let an application from domain B access its files, it can specify domain B in the crossdomain.xml on its server.
While the crossdomain.xml on facebook.com whitelisted only other domains and sub-domains associated with Facebooks, the similar file on connect.facebook.com contained an <allow-access-from domain=”*” /> directive. This meant that any Flash application, hosted on any domain, was allowed to access data on the connect.facebook.com sub-domain.
“This wouldn't be a big deal if the subdomain only hosts images, but unfortunately this domain hosts the whole Facebook property, including a facebook user session,” Mr. Schaap notes. The web developer goes on to point out that if a user has auto-login enabled and is served with the URL to a specially-crafted flash file, an attacker could obtain full control of their account.
MySpace also suffered from a similar crossdomain.xml misconfiguration, though not as obvious as in Facebook's case. In particular, the crossdomain.xml on myspace.com granted access to a farm.sproutbuilder.com sub-domain. Sprout Builder is a web application building platform, which amongst other types of media, allows its clients to upload and incorporate .swf (Flash) files into their projects. As it turns out, these files are hosted on farm.sproutbuilder.com, thus opening the opportunity to create MySpace self-propagating social networking worm.
Yvo Schaap contacted both companies in advance of making this public and they moved swiftly to address the security problems. However, if two of the biggest social networking platforms left such gaping security holes opened, it is reasonable to assume that many smaller websites also have them."
Source: http://news.softpedia.com/news/Major-Security-Hole-Discovered-on-Facebook-and-MySpace-126327.shtml
Computer Trojan Helped Expose Secret Syrian Nuclear Reactor - Which was subsequently bombed by Israel in September 2007 - Softpedia
Computer Trojan Helped Expose Secret Syrian Nuclear Reactor - Which was subsequently bombed by Israel in September 2007 - Softpedia: "The use of a computer Trojan played a critical role in gathering intelligence regarding a now-destroyed secret nuclear reactor in Syria. The information-gathering program was planted by Mossad operatives on the laptop of a Syrian official while he was staying in London.
Journalists from the German publication Der Spiegel have recently published an article describing the events that led and followed Israel's bombing of the Syrian nuclear reactor at Al Kibar. According to them, Israel had reason to believe that Syria might be planning to launch a secret nuclear program even since 2002, but information was scarce at the time.
Their suspicions intensified in 2004 after United States' National Security Agency (NSA) informed them of an unusually high number of calls between Pyongyang, the capital of North Korea, and a region in the Syrian desert situated close to the Euphrates river. This place was called Al Kibar.
Then, in late 2006, Mossad operatives succeeded in obtaining more concrete evidence. Apparently, this was achieved by installing a professional trojan on the computer of a senior Syrian government official. The clandestine program was planted on his laptop left in a Kensington hotel room during a trip to London.
The trojan stole secret documents and images depicting the Al Kibar reactor in various stages of construction. It also captured photos of Chon Chibu, a leading North Korean nuclear scientist, together with Ibrahim Othman, the director of the Syrian Atomic Energy Commission. This intelligence gathering effort eventually led to 'Operation Orchard,' the bombing by Israeli fighter jets of the Al Kibar complex in September 2007.
There is no mention as to whether the information on this laptop was encrypted or not, but generally with such sensitive information, it is. However, it doesn't matter as this is a perfect example of a so-called 'Evil Made' attack, a situation where the attacker can install a boot-level malware on an unattended device, which is then returned to the owner for use.
'People who encrypt their hard drives, or partitions on their hard drives, have to realize that the encryption gives them less protection than they probably believe,' warns cryptography guru Bruce Schneier. 'It protects against someone confiscating or stealing their computer and then trying to get at the data. It does not protect against an attacker who has access to your computer over a period of time during which you use it, too,' he explains."
Source: http://news.softpedia.com/news/Computer-Trojan-Helped-Expose-Secret-Syrian-Nuclear-Reactor-126423.shtml
Journalists from the German publication Der Spiegel have recently published an article describing the events that led and followed Israel's bombing of the Syrian nuclear reactor at Al Kibar. According to them, Israel had reason to believe that Syria might be planning to launch a secret nuclear program even since 2002, but information was scarce at the time.
Their suspicions intensified in 2004 after United States' National Security Agency (NSA) informed them of an unusually high number of calls between Pyongyang, the capital of North Korea, and a region in the Syrian desert situated close to the Euphrates river. This place was called Al Kibar.
Then, in late 2006, Mossad operatives succeeded in obtaining more concrete evidence. Apparently, this was achieved by installing a professional trojan on the computer of a senior Syrian government official. The clandestine program was planted on his laptop left in a Kensington hotel room during a trip to London.
The trojan stole secret documents and images depicting the Al Kibar reactor in various stages of construction. It also captured photos of Chon Chibu, a leading North Korean nuclear scientist, together with Ibrahim Othman, the director of the Syrian Atomic Energy Commission. This intelligence gathering effort eventually led to 'Operation Orchard,' the bombing by Israeli fighter jets of the Al Kibar complex in September 2007.
There is no mention as to whether the information on this laptop was encrypted or not, but generally with such sensitive information, it is. However, it doesn't matter as this is a perfect example of a so-called 'Evil Made' attack, a situation where the attacker can install a boot-level malware on an unattended device, which is then returned to the owner for use.
'People who encrypt their hard drives, or partitions on their hard drives, have to realize that the encryption gives them less protection than they probably believe,' warns cryptography guru Bruce Schneier. 'It protects against someone confiscating or stealing their computer and then trying to get at the data. It does not protect against an attacker who has access to your computer over a period of time during which you use it, too,' he explains."
Source: http://news.softpedia.com/news/Computer-Trojan-Helped-Expose-Secret-Syrian-Nuclear-Reactor-126423.shtml
Two Men Accused of Hacking Their Former Employer's Computers - Failure to suspend credentials at fault again - Softpedia
Two Men Accused of Hacking Their Former Employer's Computers - Failure to suspend credentials at fault again - Softpedia: "Two former employees of an engine parts distributor have been indicted for accessing the company's computer systems repeatedly without authorization after they quit. According to the prosecutors, the men used still active credentials to access sensitive information for almost two years.
Scott R. Burgess, 45 of Jasper, Indiana, and Walter D. Puckett, 39 of Williamstown, Kentucky, were indicted on November 4 for computer intrusion, the United States Attorney's Office for the Southern District of Indiana announces. The pair used to work for Jasper-based Stens Corporation, a distributor of replacement parts for small engine outdoor power equipment.
After quitting their jobs at Stens in late 2004 and early 2005, respectively, Burgess and Puckett went on to work for a rival company. The authorities claim that until September 2006, the two illegally accessed private information stored on computers belonging to Stens Corporation on twelve separate occasions.
The intrusions allegedly had personal and commercial gain motivation and were instrumented through the use of old login credentials. It is also mentioned that Stens' IT staff noticed unusual behavior and disabled several passwords, however the perpetrators switched to using others.
According to Assistant U.S. Attorney Todd S. Shellenbarger, Burgess and Puckett face a maximum sentence of five years in prison and a fine of $250,000 each. The Federal Bureau of Investigation and the Indiana State Police have collaborated in the investigation.
Failure to disable the login credentials of dismissed individuals is a popular attack vector for data breach incidents. Security experts have warned that the risk of disgruntled employees hacking their way back in is even greater now due to the harsh economic environment.
Back in September, we reported that a former IT consultant pleaded guilty to accusations of damaging a critical system used to monitor underwater oil pipelines for leaks, because an oil-extraction company refused to offer him permanent employment. In August, a computer specialist was arrested and indicted for hacking into the network of a charity he used to work for and deleting donor records."
Source: http://news.softpedia.com/news/Two-Men-Accused-of-Hacking-Their-Former-Employer-s-Computers-126361.shtml
Scott R. Burgess, 45 of Jasper, Indiana, and Walter D. Puckett, 39 of Williamstown, Kentucky, were indicted on November 4 for computer intrusion, the United States Attorney's Office for the Southern District of Indiana announces. The pair used to work for Jasper-based Stens Corporation, a distributor of replacement parts for small engine outdoor power equipment.
After quitting their jobs at Stens in late 2004 and early 2005, respectively, Burgess and Puckett went on to work for a rival company. The authorities claim that until September 2006, the two illegally accessed private information stored on computers belonging to Stens Corporation on twelve separate occasions.
The intrusions allegedly had personal and commercial gain motivation and were instrumented through the use of old login credentials. It is also mentioned that Stens' IT staff noticed unusual behavior and disabled several passwords, however the perpetrators switched to using others.
According to Assistant U.S. Attorney Todd S. Shellenbarger, Burgess and Puckett face a maximum sentence of five years in prison and a fine of $250,000 each. The Federal Bureau of Investigation and the Indiana State Police have collaborated in the investigation.
Failure to disable the login credentials of dismissed individuals is a popular attack vector for data breach incidents. Security experts have warned that the risk of disgruntled employees hacking their way back in is even greater now due to the harsh economic environment.
Back in September, we reported that a former IT consultant pleaded guilty to accusations of damaging a critical system used to monitor underwater oil pipelines for leaks, because an oil-extraction company refused to offer him permanent employment. In August, a computer specialist was arrested and indicted for hacking into the network of a charity he used to work for and deleting donor records."
Source: http://news.softpedia.com/news/Two-Men-Accused-of-Hacking-Their-Former-Employer-s-Computers-126361.shtml
Subscribe to:
Posts (Atom)