Planet Security

http://www.theregister.co.uk/2010/03/11/neville_jones_on_cyber_war/

Infection still spreading

An Estonian virus writer has been jailed for two and a half years for creating a Windows worm family that launched denial of service attacks on the websites of a local insurance firm and ISP.…

Related Posts

1. Chip Bok: Killer Whales
2. Chip Bok: Death Panel
3. XKCD: Wood Chip Hoax
4. Clear® Registered Traveler Customer Apology Letter
5. Giant Chip Fabricator INTEL CORP Falls Victim To Hack

News, via ComputerWorld Robert McMillan of the United States Federal Deposit Insurance Corporation’s assertion of evidence leading the agency to guesstimate on-line banking fraud has led to over $120,000,000 in costs to small businesses who have fallen victim to scams, hacks, cracks and cons. More information, inclusive of linkage to the original post appears after the jump.

From ComputerWorlds’ Robert McMillan: “FDIC: Hackers took more than $120M in three months“

“Ongoing computer scams targeting small businesses cost U.S. companies $25 million in the third quarter of 2009, according to the U.S. Federal Deposit Insurance Corporation. Online banking fraud involving the electronic transfer of funds has been on the rise since 2007 and rose to over $120 million in the third quarter of 2009, according to estimates presented Friday at the RSA Conference in San Francisco, by David Nelson, an examination specialist with the FDIC. The FDIC receives a variety of confidential reports from financial institutions, which allow it to generate the estimates, Nelson said…”

Related Posts

1. DHS Recruiting Ethical Hackers
2. Measurable Drop In Nefarious UCE Activity After Atrivo Demise
3. Network Solutions Drops The Ball
4. FBI Opens Anti-Fraud Hurricane Gustav Hotline
5. The Night McColo Came Down

In this month’s Prism Microsystems newsletter I take a look at the differences between financial fraud and IT network and systems anomaly detection.

Have you ever been in a store with an important purchase, rolled up to the cash register and handed over your card only to have it denied? You scramble to think why: “Has my identity been stolen?” “Is there something wrong with the purchase approval network?” “Did I forget to pay my bill?” While all of the above are possible explanations – there’s a very common one you may not think of immediately: anomaly detection. Specifically, if the purchase you have in your hand doesn’t match up with your buying history, your bank might think it’s fraud and refuse the transaction. Even small changes in buying habits can trigger an alert. For example, credit card holders traveling outside the US for the first time may find their card declined in Paris on a European vacation. Buyers that rarely charge items over a couple of hundred dollars in value could find their first large ticket item (like a couch or a piece of jewelry) purchase blocked, at least temporarily.

'Computers. Clicking, typing. Email. I could go on'

Tory peer and shadow security minister Baroness Pauline Neville Jones has set out her party's thoughts on cyber war and defence. Unfortunately once the waffle is stripped away there's pretty much nothing there.…

Your pet's name is Poochie? You're pwned

Guessing the answer to common password reset questions is far easier than previously thought, according to a new study by computer science researchers.…

It's good to dream:

IARPA's five-year plan aims to design experiments that can measure trust with high certainty -- a tricky proposition for a psychological study. Developing such experimental protocols could prove very useful for assessing levels of trust within one-on-one talks, or even during group interactions.

A second part of the IARPA proposal might involve using new types of sensors and software to gauge human facial, language or body signals that might help predict trustworthiness. Perhaps facial recognition technology that could deduce emotions or facial tics might help, not to mention better lie detectors.

IARPA is the Intelligence Advanced Research Projects Activity, the U.S. intelligence community's answer to DARPA.

This week in Security Levity, I want to talk about 'web reputation' and how it's used to protect users from malicious Web sites, or sites with malicious content for some other reason.

read more

Through the magic of my forgetting to schedule posts, it appears that I missed a couple news posts. My bad.

Have a good day everyone!

cheers,
Dave

Click here to subscribe to Liquidmatrix Security Digest!.

And now, the news…

1. The Beginning of the End of Data Retention | EFF
2. Thrivent Financial Suffers Breach Of Security | Life and Health Insurance
3. Staying in a Hotel? Watch Your Credit Cards | Credit Card Guide
4. All-American ‘Jihad Jane’ arrested in terror plot | The Gazette
5. Cryptome: PayPal a ‘liar, cheat and a thug’ | The Register
6. Nose scanning techniques could sniff out criminals | BBC (WTF?)
7. Man charged over bid to damage US security database | Reuters
8. Russian hacker scams free flights and flowers | The Moscow News
9. Police detain 23 PKK hackers in 13 provinces | Hurriyet Daily News
10. VA investigating security breach of veterans’ medical data | Next Gov
11. Breach hits hundreds of employees | Brown Daily Herald

Tags: News, Daily Links, Security Blog, Information Security, Security News

On 11/03/10 At 11:20 AM

'Will be around for a long time'

Retro gaming fans are being targeted in a new con designed to infect computers with a Trojan linked to scareware scams.…

Now go away

PayPal has finally made good on its pledge to restore Cryptome's account many hours after the firm's head of global communications told Register readers it had already done so.…

• So you want to work for yourself? - Security Operations by Visible Risk - Visible Risk - Enterprise Information Security and Intelligence Operations

I realize the openssl s_client tool tries to be upper-layer protocol agnostic, but doesn’t everything that uses SSL do commonName checking (HTTP, SMTP, IMAP, FTP, POP, XMPP)? Shouldn’t this be something openssl s_client does by default, maybe with an option to turn it off for less common situations?

Here it doesn’t complain about connecting to “outflux.net” when the cert has a CN for “www.outflux.net”:

echo QUIT | openssl s_client -CApath /etc/ssl/certs \
  -connect outflux.net:443 2>/dev/null | egrep "subject=|Verify"

subject=/CN=www.outflux.net
    Verify return code: 0 (ok)

‘Computers. Clicking, typing. Email. I could go on’
Tory peer and shadow security minister Baroness Pauline Neville Jones has set out her party’s thoughts on cyber war and defence. Unfortunately once the waffle is stripped away there’s pretty much nothing there.…
Offloading malware protection to the cloud

Read more…

The Microsoft Malware Protection Center reported earlier this week a sighting of a malicious PDF file exploiting CVE-2010-0188. Adobe released 9.2.1 and 8.2.1 in February.

Users can pull down the 'help' menu and click on 'check for updates' to ensure that they're running the latest version.

One lesson learned here is don't skip deploying a patch just because no exploits are out for it. it will leave you scrambling later.

Adobe's next scheduled Reader and Acrobat update is due April 13.

If you’re near Manhattan this weekend, stop in to Eyebeam for their MIXER event Friday and Saturday nights (Mar 13 and 14) from 9PM to 2AM.  NYC Resistor will be one of the presenting artists with our “Color Commentary Teletype” a restored 1930’s era Model 15 serial printer, along with a sentiment analysis chart recorder!  MIXER is a huge party, with music, art, and performances.  It’s going to be awesome!

Check out the details at Eyebeam!  Now!

MIXER:Olympiad

Just a quickie today, circle patterns done in canvas. Source after the break as usual.

JPLT.Class.create("JPLT.Circles", JPLT.Object,
	function() {
		this.width = 800;
		this.height = 600;
		this.minWidth = -this.width/8;
		this.maxWidth = this.width+this.width/8;
		this.minHeight = -this.height/8;
		this.maxHeight = this.height+this.height/8;
 
		this.direction = [ {x:5, y:5}, {x:-5, y:5}, {x:5, y:-5}, {x:-5, y:-5} ];
		this.position = [ 
			{x:Math.random()*this.width, y:Math.random()*this.height},
			{x:Math.random()*this.width, y:Math.random()*this.height},
			{x:Math.random()*this.width, y:Math.random()*this.height},
			{x:Math.random()*this.width, y:Math.random()*this.height}
		];
 
		this.createElement();
		this.run();
	},
 
	{
		createElement: function() {
			var body = document.documentElement || document.body;
 
			var element = document.createElement("canvas");
			element.width = this.width;
			element.height = this.height;
			element.style.position = "absolute";
			element.style.top = window.innerHeight/2 - this.height/2;
			element.style.left = window.innerWidth/2 - this.width/2;
			body.appendChild(element);
			this.element = element;
		},
 
		context: function() {
			return this.element.getContext("2d");
		},
 
		run: function() {
			if (!this.timer) {
				this.timer = window.setInterval(this.delegate(this.paint), this.delay);	
			}
		},
 
		stop: function() {
			window.clearInterval(this.timer);			
			this.timer = null;
		},
 
		clear: function() {
			var ctx = this.context();
			ctx.clearRect(0,0,this.width,this.height);
		},
 
		paint: function(i) {
 
			try {
				this.clear();
 
				for (var i=0; i<4; i++) {
					var ctx = this.context();
					var pos = this.position[i];
					var dir = this.direction[i];
 
					pos.x += dir.x;
					if (pos.x > this.maxWidth || pos.x < this.minWidth) {
						dir.x = -dir.x;
					}
 
					pos.y += dir.y;
					if (pos.y > this.maxHeight || pos.y < this.minHeight) {
						dir.y = -dir.y;
					}
 
					ctx.save();
					ctx.strokeStyle = "rgba(0,0,0,0.3)";
					ctx.lineWidth = 25;
					ctx.translate(pos.x, pos.y);
 
					for (var r=5; r<this.width; r+=50) {
						ctx.beginPath();
						ctx.arc(0,0,r,0,Math.PI*2,true);
						ctx.stroke();
					}
 
					ctx.restore();
				}
			}
			catch (e) {
				this.stop();
				throw(e);
			}
		}
	}
);

On Tuesday, as seems to be the custom, Microsoft released patches and announced a new zero day in Internet Explorer. MSKB 981374 is a remote code execution in IE6 and IE7. Who know that being on IE5 could ever be a good thing.

The KB says Microsoft released details to venders in their Microsoft Active Protections Program (MAPP) and Microsoft Security Response Alliance (MSRA) programs in order to provide protection to customers.

Within one hour Zscaler had protection in place for its customers. Zscaler offers web security company in a SaaS model. I would see them competing with Scansafe, Purewire and MessageLabs as well as any company trying to get you to put security appliances on your network for web security (bluecoat). Strangely, I didn't get email from any of those venders bragging they are protecting their customers against this zero day. If they were protecting their customers would there be any reason not to use it for PR? Its not like they are making a Oracle Unbreakable (or was that Apple Unbreakable) claim.

‘Will be around for a long time’
Retro gaming fans are being targeted in a new con designed to infect computers with a Trojan linked to scareware scams.…
The power of collaboration within unified communications

Read more…

Sometimes you find yet another reason why people should be made to pass an intelligence test before they’re permitted to engage in social media.

Just saying.

(Thanks to attrition.org for pointing that one out)

How stupid is this? Last week Robert Maley was the CISO for the Commonwealth of Pennsylvania giving a presentation at the RSA conference. He was speaking about a hacking incident at PennDOT from last year.

This week? He’s on the pavement. It would appear that someone in PA overreacted.

From Patriot News/Penn Live:

Danielle Klinger, a spokeswoman for the state Department of Transportation, said the agency is not aware of any hacking or breach that occurred involving scheduling system for its driving test. However, she said that a few weeks ago, “we did discover an anomaly and we have actually turned that over to [the state police] for further investigation. We’re not sure what that anomaly is, but it is being investigated. Unfortunately, I can’t provide any more details on it.”

Maybe Maley didn’t have leave to speak publicly about this incident in question. Which is something that PennDOT appears to have developed an Ostrich complex over. Some myopic nitwit thought it merited removing Maley from his post? They claim however that his talk had nothing to do with his dismissal. I’m not sure I believe that. Timing seems rather odd.

So, what of the alleged hacking incident?

Maley is reported to have said the hacker was later found to be someone with a driving school in Philadelphia who exploited a vulnerability in PennDOT’s system to schedule more driving tests than there were allotted slots.

This situation seems muddy at best. For more on this story read the article at Penn Live from this morning.

Article Link

(Image used under CC from Olivander)