Planet Security

SecurityFocus Vulns: Vuln: Debian rccp Insecure Temporary File Creation Vulnerability

Wed, 24 Sep 2008 00:00:00 +0000

Debian rccp Insecure Temporary File Creation Vulnerability

SecurityFocus Vulns: Vuln: Debian rancid-util 'getipacctg' Insecure Temporary File Creation Vulnerability

Wed, 24 Sep 2008 00:00:00 +0000

Debian rancid-util 'getipacctg' Insecure Temporary File Creation Vulnerability

SecurityFocus Vulns: Vuln: Radiance Insecure Temporary File Creation Vulnerabilities

Wed, 24 Sep 2008 00:00:00 +0000

Radiance Insecure Temporary File Creation Vulnerabilities

Financial Cryptography: The Mess: looking for someone to blame?

Mon, 08 Sep 2008 12:54:36 +0000

A slightly smaller problem than this weekend's systemic risk and the US Treasury is the continuing weakness of the security of the US retail banking sector: They are a staple of consumer-complaint hotlines and Web sites: anguished tales about money stolen electronically from bank accounts, about unhelpful bank tellers and, finally, about unreimbursed losses. But surely customers of the elite private banking operation at JPMorgan Chase, serving only the bank’s wealthiest clients, are safe from such problems, right? Wrong, says Guy Wyser-Pratte, an activist investor on Wall Street for more than 40 years who uses his hedge fund’s war chest of roughly $500 million to wage takeover fights and proxy battles in the United States and Europe. In May, Mr. Wyser-Pratte learned that someone had siphoned nearly $300,000 from his personal account at the private bank through many small electronic transfers over a 15-month period. Then he was told by the bank that he could stop the theft only by closing his account and opening a new one — an enormous hassle, he said. And finally, JPMorgan Chase told him that the bank would cover only $50,000 of his losses. Just like the other scandals, we watched this one arise, and now it is here. Warnings fell on deaf ears, so we can only wonder what is the systemic cause here of this mess. In the case of phishing, it is relatively clear. The developers believe the PKI book. The PKI people believe in the efficacy of digital signatures to prove stuff. The cryptographers believe in the perfection of mathematics, and the security world believes in the completeness of their own learning. They are all wrong, but only at the large level of generalisations, not at the detailed level of particular claims. Any one of the claims, _in isolation_ can be shown to be true. But, generalising these brittle claims to be solid building blocks is a completely different question. Few of the claims are strong enough to partake in a general model without severe support; the general model of secure browsing is the best evidence of how it is secure in name only. How then is it built? By accident or by design, a series of claims meet together in a holy ring of righteous architecture. Each of the proponents claim loudly that their part is strong, but the ring has no strength. Eventually, one of the claims in the links is broken. For phishing, the browsers never did have the potential to show authenticity; not only did they not have the security strength to do it (c.f., Skype), they didn't even do it in practice (recall the lost padlock?), and their recent efforts to show authenticity (c.f. colour debate) reveal how far they are from understanding even the goal, let alone the implementation. Once that link was broken, and money was made, all the others revealed their weaknesses, as crooks systematically worked to breach the lot. If we look at the wider financial collapse, now underscored by the nationalisation of the worlds biggest financiers of mortgages ($ 5.3 trillion.... or is it $ 5.4 ?), we see the same pattern. The bankers believed in their product. The originators believed in their origination, the securitizers believed in their free market and accurate price, and the holders believed in the assets. The CDO, the subprime, the other 100 special names, each was a contract. Each was clear in and of itself. But, when placed end-to-end, in a line, with a bunch of other agreements, the claims that were good in isolation were not strong enough to participate in the super-claim made of the overall edifice. The financial system was built like a bridge; each piece rested on the previous one. And then, the clever architects bent the bridge around ... and around again, until the first piece met the last. The elegant keystone of finance was to finally lift up the first one to rest on the last. Thus, the banks themselves invested their capital in their own product. This weekend, the US Treasury joined in to make the ring stronger. The cunning masters of the financial universe carefully lifted up the fan-fred paper and rested them on the T-bills, which as we know are the expressions of the US economy's ability to generate taxes. These willing taxpayers are proud to place themselves and their mortgaged homes in the ring of power. Beautiful, elegant, and hugely profitable. Just, somewhat, slightly against the laws of gravity. The problem with this -- both the financial markets and the Internet security markets -- is that there is no-one to blame . Each is constructed in ring of claims, which eventually return to rely on themselves. So when you read about who is to blame, be quick to be skeptical: Long before the mortgage crisis began rocking Main Street and Wall Street, a top FBI official made a chilling, if little-noticed, prediction: The booming mortgage business, fueled by low interest rates and soaring home values, was starting to attract shady operators and billions in losses were possible. "It has the potential to be an epidemic," Chris Swecker, the FBI official in charge of criminal investigations, told reporters in September 2004. But, he added reassuringly, the FBI was on the case. "We think we can prevent a problem that could have as much impact as the S&L crisis," he said. Today, the damage from the global mortgage meltdown has more than matched that of the savings-and-loan bailouts of the 1980s and early 1990s. By some estimates, it has made that costly debacle look like chump change. But it's also clear that the FBI failed to avert a problem it had accurately forecast Forget it. My experience of the mutual funds mess -- one what was *not* cleaned up despite public pronouncements to the contrary -- and other messes such as the digital gold story indicates that the FBI has zero chance of understanding the mortgage mess, let alone cleaning it up. Sure, there is fraud going on, but don't expect the FBI to understand the nature of it....

The Register - Security: Facebook app shows botnet risk

Mon, 08 Sep 2008 12:24:48 +0000

You have one zombie request

Social networking users can easily be tricked into becoming unsuspecting drones in zombie networks, according to new research.…

Schneier on Security: BT, Phorm, and Me

Mon, 08 Sep 2008 12:23:54 +0000

Over the past year I have gotten many requests, both public and private, to comment on the BT and Phorm incident.

I was not involved with BT and Phorm, then or now. Everything I know about Phorm and BT's relationship with Phorm came from the same news articles you read. I have not gotten involved as an employee of BT. But anything I say is -- by definition -- said by a BT executive. That's not good.

So I'm sorry that I can't write about Phorm. But -- honestly -- lots of others have been giving their views on the issue.

F-Secure - News from the Lab: Inside-Out Improvements

Mon, 08 Sep 2008 11:17:26 +0000

Our 2009 consumer products were official launched last Wednesday and there are a number of technological enhancements within.

The lab has been busy working with core improvements inside our scanning engines for several months now, and we are very satisfied to see it yielding results so soon.

We scored very well in AV-Test.org's latest results. More importantly, we're improving on our own already good results.

2009's scanning engines detect more, and do it faster.

From AV-Test.org:

"Outside" improvements have been implemented as well.

Our marketing team did some research for the 2009 packaging and developed a better box.

Dr. Tuula Pohjola of the Helsinki University of Technology was approached to perform a life cycle assessment (LCA). Keep an eye on the pressroom for the full details, coming soon.

For now, the basic details are as such — on-demand digital production techniques, local raw materials, plant-based inks, and it's easily recycled. Very nice.

It looks very nice too, as seen in this photo with two of our Helsinki office employees, Weronika and Niina.

You can find more pictures (of the boxes) from our marketing pages.

On 08/09/08 At 11:49 AM

sunbeltblog: The Atrivo/Intercage saga continues

noreply@blogger.com (Sunbelt Software Blog) — Mon, 08 Sep 2008 10:08:57 +0000

More breaking news from Brian Krebs at the Washington Post. This is getting really interesting…

Update, Sunday, Sept. 7, 8:02 p.m.: I spoke today with Randy Epstein, president of WVFiber and co-founder of Host.net, which acquired WVFiber just six weeks ago. Epstein said after reading reports from Security Fix, Hostexploit.com, Spamhaus.org and others about cyber crime activities at Atrivo, WVFiber has decided to drop Atrivo as a customer. WVFiber plans to stop providing upstream connectivity to Atrivo by Wednesday or Thursday at the latest, Epstein said. That would leave Atrivo with just a single upstream provider -- Bandcon.

Update, Sunday, Sept. 7, 9:15 p.m.: nLayer Communications, a company that owns a significant slice of the Internet addresses used by Atrivo/Intercage, is demanding that Atrivo vacate the space and return the addresses by Sept 30.

"Atrivo/Intercage has not been a direct customer of nLayer Communications since December 2007, but they still have some legacy reallocations from our IP space," wrote nLayer co-founder Richard A. Steenbergen, in an e-mail to Security Fix. "Since they are no longer a customer, we require that they return our non-portable IP space, and have given them a deadline of September 30th to do so. If the IP space is not returned by that point, we will follow standard procedure to reclaim it, including null routing the space, and sending cease and desist letters to any network who still transits it without our permission."

According to Steenbergen, Atrivo/Intercage must return roughly 7,400 IP addresses.

Link here.

Alex Eckelberry
(Thanks, Ferg)

SANS Diary: VoIP Attacks: Reverse Vhising, SEO and Phone Number Authentication, (Mon, Sep 8th)

Mon, 08 Sep 2008 10:01:48 +0000

At the end of last month we talked about some Vhising enhancements, or how attackers record voice sn ...(more)...

Darknet Hackers: onesixtyone 0.3.2 - An Efficient SNMP Scanner

Mon, 08 Sep 2008 09:55:45 +0000

The SNMP protocol is a stateless, datagram oriented protocol. An SNMP scanner is a program that sends SNMP requests to multiple IP addresses, trying different community strings and waiting for a reply. Unfortunately SNMP servers don’t respond to requests with invalid community strings and the underlying UDP protocol does not reliably report...

Read the full post at darknet.org.uk

Roer.Com Information Security Blog: Guus Leeuw jr. at ITPassion guest posting

Mon, 08 Sep 2008 08:47:02 +0000

Tomorrow, you will be reading about creative security and why creativity is needed in backups. Guest author Guus Leeuw jr. at ITPassion will be posting his views on backups & encryption.

Stay tuned!

backup, encryption, security

Jon Udell: 21st century Yankee ingenuity

Mon, 08 Sep 2008 05:22:01 +0000

Serendipity brought me a copy of this article on Jock Gill’s vision of small-scale grass farming operations. He thinks they’ll be able to produce biomass fuel, in a sustainable and decentralized way, for local production of heat and power. We had a long talk about this, and related themes, which will appear in two upcoming episodes of my Innovators show. Meanwhile, this paragraph from the article keeps echoing in my head:

He said a high school student in Morrisville has completed a successful prototype of a green wood chip combustion unit that can produce 50,000 BTUs of heat per hour. Gill said the student is confident his system could also burn dry grass tablets.

Good old Yankee ingenuity, in other words, hasn’t yet run its course. As we reconfigure our energy systems, that latent talent will flourish again.

Securosis: Tumbleweed Acquired

Mon, 08 Sep 2008 05:13:56 +0000

Sopra Group, through its Axway subsidiary, has acquired Tumbleweed Communications for $143 million. The press release is here.

With Tumbleweed’s offerings for email security, secure file transport, and certificate validation, there were just not enough tools in that chest to build a compelling story- either for messaging security or secure transaction processing. And it provides just one more example of why Rothman is right on target. Given that Tumbleweed’s stock price has been flat for the entirety of this decade, this is probably both a welcome change of scenery from the stockholders’ perspective, and a sign of new vision on how best to utilize these technology elements. There are lots of fine email/content security products out there having a very difficult time of expanding their revenue and market share. Without some of the other pieces that most of their competitors have, I am frankly impressed that Tumbleweed has made it this far. Dropping this product line into the Axway suite makes sense, as it will add value to most of their solutions, from retail to healthcare- so this looks like a positive outcome.

-Adrian

CIO News Alerts: Critical Vulnerability Patched in Google's Chrome

Mon, 08 Sep 2008 04:00:00 +0000

A Vietnamese security company has found a critical vulnerability in Google's new browser Chrome, but Google has already released patch for that problem and at least one more.

CIO News Alerts: IT Can Help Beat Taliban in Afghanistan

Mon, 08 Sep 2008 04:00:00 +0000

In one of the final scenes of the movie, "Charlie Wilson's War," the story of America's part in Afghanistan's victory over the Soviet Union, Congressman Wilson is shown asking for more funding to rebuild Afghanistan, a request that is denied.

CIO News Alerts: Group to Release Uniform Metrics to Measure IT Security

Mon, 08 Sep 2008 04:00:00 +0000

The Center for Information Security (CIS) is set to release guidelines for how enterprises can measure the state of their organization's security and launch a service for companies to compare their performance with their peers.

ItoolBox Networking and Infrastructure: Lancelot is my new knight in shiny menu.

Mon, 08 Sep 2008 02:54:18 +0000

In the days of old when graphics were bold and menu's were point and clicky. Lancelot came and it was a big gain because menu's are now just sticky. Sorry KDE3 peoples but this big fella is just for KDE4. It is a new replacement for the standard K menu and I find it to be a lot easier to navigate and has more features. You can find out more information on the Lancelot home page here

Wes Felter's Hack the Planet Weblog

Mon, 08 Sep 2008 02:40:47 +0000

Newton copy and paste. Now that's just mean. It's like the software equivalent of a spoiler.

Wes Felter's Hack the Planet Weblog

Mon, 08 Sep 2008 02:40:47 +0000

I watch a movie and I think "That's a helicopter shot, no it's a truck shot. Was there a cut there?" I think I've seen too many DVD behind the scenes clips.

Wes Felter's Hack the Planet Weblog

Mon, 08 Sep 2008 02:02:17 +0000

I'm going to be in San Jose this week. The Hayes Mansion looks like a nice escape from the sprawl.

Wes Felter's Hack the Planet Weblog

Mon, 08 Sep 2008 02:02:17 +0000

I see a kid on a bicycle and I think "That's a helicopter shot, no it's a truck shot. Was there a cut there?" I think I've seen too many DVD behind the scenes clips.

Hack in the box: Silicon valley stars to send DNA into space

Mon, 08 Sep 2008 01:35:28 +0000

As if it wasn't enough that nerds control the world, now they want to conquer space, with Silicon Valley ‘celebs’ lining up to send their digitised DNA off to the final frontier. Under a programme called ‘Operation Immortality’ by NCsoft, Digg founder Kevin Rose, tech blogger Robert Scoble and techy venture capitalist Tim Draper will all soon send their DNA into orbit to join that of some of Earth's better athletes, musicians and thinkers. The blogger DNA will be personally delivered to the International Space Station (ISS) by game designer Richard Garriott, who is flying out there on Oct. 12 as a private citizen. “My hope is that aliens get a hold of my DNA so my clones can spread entrepreneurship to galaxies throughout the universe,” said Draper.

Hack in the box: 5 reasons to upgrade from Windows Vista to Linux

Mon, 08 Sep 2008 01:32:00 +0000

Windows Vista has been out for almost two years now but it still suffers from stability and compatibility issues, let alone an insatiable desire for beefier hardware. You don't have to live with it; here are five reasons why Linux makes a better choice for your computer. One of the many differences between a computer and an appliance is that your computer’s system software can be easily updated. New features can be added. By contrast a whitegoods maker can’t easily add new features to their microwaves or washing machines once they’ve been constructed and sold. This is a realistic thing: even the simplest appliance can have programming flaws, or gain from improved logic or more user options. Most all readers will no doubt have upgraded the operating system on their own computer at some point, whether from Windows ’95 to Windows ’98 or Windows XP to Windows Vista or some other step.

Hack in the box: Spore hits Planet Earth

Mon, 08 Sep 2008 01:30:58 +0000

Spore, the eagerly-awaited computer game five years in the making allowing people to play God by re-creating the universe, hits stores worldwide this week. The latest brainchild of game legend Will Wright, maker of the world's top-selling computer game The Sims, Spore is being released in Europe and Asia on Friday ahead of its September 7 debut in the United States, with some pre-ordered versions available here late last week. "We are hoping to build a community as big as that of the Sims," Wright said during a Paris stopover this week ahead of the launch of the game by Electronic Arts. "You are given this God-like power," Wright told AFP in a recent interview in California. "You can create ecosystems, biospheres ... We try to make it real science."

Hack in the box: Internet Traffic Growth Slows

Mon, 08 Sep 2008 01:30:10 +0000

Despite prognostications that the Internet is about to collapse from the weight of traffic growth -- especially video -- international Internet traffic grew 53 percent between mid-2007 and mid-2008, down from 61 percent the preceding year, according to a market research firm. For the second consecutive year, total international Internet capacity grew faster than total Internet traffic, leading to lower utilization levels on many Internet backbones, according to market tracker TeleGeography. Between 2007 and 2008, average traffic utilization levels decreased from 31 percent to 29 percent, while peak utilization fell from 44 percent to 43 percent, the firm found. The aggregate trend toward lower utilization of capacity belies "significant" regional differences, according to TeleGeography. While utilization on international links to Europe and Asia fell in 2008, they rose in the United States, Canada and Latin American, where traffic growth outpaced the deployment of new Internet bandwidth, the firm asserts.

Hack in the box: Buzz is missing from Android launch

Mon, 08 Sep 2008 01:29:22 +0000

Thanks to its new web browser, Chrome, Google’s ambition to rival Microsoft as a producer of the software “platforms” on which internet applications run has been very much in the news this week. However, an earlier and equally prominent attempt to do much the same thing on mobile phones – its Android software – looks set for a bumpy ride when the first handsets hit the market this year. Failure to win a big following for Android might not hamper Google’s broader business goals in the mobile industry, but it suggests that the company’s software initiatives – including Chrome – are not always guaranteed a big following, according to industry analysts.

Hack in the box: Scientists get death threats over Large Hadron Collider

Mon, 08 Sep 2008 01:28:25 +0000

The Large Hadron Collider is just a few days from being switched on, but the scientists in charge of the 17-mile long super collider are already getting impassioned pleas to stop their work, some of the scientists have even received death threats. According to a Telegraph UK article, CERN, the organization that is in charge of the LHC, has been inundated with emails and calls from concerned citizens, part-time scientists and others. James Gillies, CERN’s public relations spokesperson, says many of the people want to delay or stop next week’s test, but there’s no chance of that happening. On September 10th, scientists at the LHC will fire the first proton beams down the super collider. These proton beams will have a modest 450 GeV or less than one-tenth of the collider’s full strength and no collisions are expected because the beams will only be fired one way through the tunnel. Eventually CERN hopes the LHC help scientists discover the elusive Higgs-Boson particle by smashing together proton beams with 5-7 TeV worth of energy.

Hack in the box: isoHunt Sues the CRIA to Legalize BitTorrent Sites

Mon, 08 Sep 2008 01:27:29 +0000

Following Demonoid and QuebecTorrent, the Canadian Recording Industry Association (CRIA) has threatened isoHunt with legal action. However, isoHunt has decided to launch a preemptive strike, as it turns the tables and sues the CRIA instead. The CRIA is known for taking on BitTorrent sites. In the past year they have threatened Demonoid and other BitTorrent sites, and taken legal action against QuebecTorrent. Now, they have set their sights on isoHunt, one of the largest BitTorrent sites on the Internet, but this might just backfire. In May 2008, isoHunt received a Cease and Desist letter from the CRIA, in which they demanded that isoHunt founder Gary Fung should take the site offline. If Fung didn’t comply, the CRIA said it would pursue legal action, and demand $20,000 for each sound recording the site has infringed.

Hack in the box: Vietnamese security firm spots Chrome 'SaveAs' flaw

Mon, 08 Sep 2008 01:26:35 +0000

Another security vulnerability in Google's new Chrome browser has been identified. Vietnamese security company Bach Khoa Internet Security (BKIS) has found a flaw in Google Chrome 0.2.149.27 and posted details on its Web site. The company says the problem is a critical buffer-overflow vulnerability that could allow a hacker to perform a remote attack and take complete control of the affected system. "The vulnerability is caused due to a boundary error when handling the 'SaveAs' function," BKIS explains on its Web site. "On saving a malicious page with an overly long title (title tag in HTML), the program causes a stack-based overflow and makes it possible for attackers to execute arbitrary code on users' systems." To successfully exploit this vulnerability, an attacker would have to convince someone to visit a malicious page and then attempt to save the page.

Hack in the box: Apple admit Briton DID invent iPod, but he's still not getting any money

Mon, 08 Sep 2008 01:25:23 +0000

Apple has finally admitted that a British man who left school at 15 is the inventor behind the iPod. Kane Kramer, 52, came up with the technology that drives the digital music player nearly 30 years ago but has still not seen a penny from his invention. And the father of three is so hard up he had to sell his home last year and move his family to rented accommodation. Now documents filed by Apple in a court case show the US firm acknowledges him as the father of the iPod. The computer giant even flew Mr Kramer to its Californian headquarters to give evidence in its defence during a legal wrangle with another firm, Burst.com, which claimed it held patents to technology in the iPod and deserved a cut of Apple’s £89billion profits. Two years ago, Mr Kramer told this newspaper how he had invented the device in 1979 – when he was just 23.

Hack in the box: Is Rock Phish cybergang set for a comeback?

Mon, 08 Sep 2008 01:21:38 +0000

Do cybergangs work on evil "product upgrades" to improve their crimeware and attack methods? That's what RSA, the security division of EMC, claims is happening with the Rock Phish gang, described as an East European cybercrime group responsible for creating botnets used in phishing attacks to steal personal information. "Rock Phish is making an investment in their own infrastructure by upgrading their botnet," says Sean Brady, product marketing manager at RSA. RSA, whose FraudAction Research Lab has posted a blog item on the topic, says the end result could be a surge in phishing attacks in the near future.

Hack in the box: Marissa Mayer talks about Google at 10 -- and 20

Mon, 08 Sep 2008 01:18:17 +0000

She is not nearly as famous as celebrity founders Larry Page and Sergey Brin. But, in many ways, Marissa Mayer has become the public face of Google, which was incorporated 10 years ago today. The Internet giant's first female engineer, Mayer is vice president of search products and user experience, directing the efforts of thousands of engineers and driving forward some of Google's most important initiatives including books, news and health. She has been there almost since the beginning. So we asked Mayer to reflect on Google's first decade, to talk about whether the company is cutting back on some of its famous employee perks and where she sees Google 10 years from now. Here's what she had to say.

Hack in the box: Sexologists Can Infer A Woman's History of Orgasms By The Way She Walks

Mon, 08 Sep 2008 01:14:52 +0000

A new study found that trained sexologists could infer a woman's history of vaginal orgasm by observing the way she walks. The study is published in The Journal of Sexual Medicine. Led by Stuart Brody of the University of the West of Scotland in collaboration with colleagues in Belgium, the study involved 16 female Belgian university students. Subjects completed a questionnaire on their sexual behavior and were then videotaped from a distance while walking in a public place. The videotapes were rated by two professors of sexology and two research assistants trained in the functional-sexological approach to sexology, who were not aware of the women's orgasmic history. The results showed that the appropriately trained sexologists were able to correctly infer vaginal orgasm through watching the way the women walked over 80 percent of the time. Further analysis revealed that the sum of stride length and vertebral rotation was greater for the vaginally orgasmic women. "This could reflect the free, unblocked energetic flow from the legs through the pelvis to the spine," the authors note.

Hack in the box: Family Racks Up $19,370 Cell Phone Bill

Mon, 08 Sep 2008 01:12:56 +0000

A Portland family racked up nearly $20,000 on their AT&T bill, local station KPTV reported. The Terry family said they wished they would have received some kind of warning before receiving their 200-page bill in the mail for $19,370. In July, their son headed north to Vancouver, Canada, and used a laptop with an AirCard to send photos and e-mails back home. The bill showed he used the service 21 times, but because he was out of the country, the activity added up to thousands of dollars in charges. The AirCard allows users to connect to e-mail, the Internet and business applications while traveling, according to AT&T's Web site. On the Terry family's bill, they were charged international fees for the service. The Terry family said they asked an AT&T employee about the service before their son left the country. They said they were told nothing about international fees.

Hack in the box: Google-focused satellite enters orbit

Mon, 08 Sep 2008 01:12:13 +0000

The GeoEye-1 satellite that launched into orbit Saturday is on a mission from Google. Well, not just Google. The GeoEye-1 is part of the NextView program of the U.S. National Geospatial-Intelligence Agency, a dot-mil organization that, odd as it may seem, wants access to commercial satellite imagery to support its national security mission. GeoEye, the company, won its $500 million NextView contract four years ago. Google's rocket-borne logo But the search titan does have the exclusive rights among online mapping sites to the GeoEye-1 images, which it will use in its Google Earth and Google Maps offerings. It even got its corporate logo emblazoned on the launch rocket, right below Boeing's.

Hack in the box: Companies warm up to social networks

Mon, 08 Sep 2008 01:04:49 +0000

At Serena Software, water-cooler talk has been replaced by Facebook chatter. Nearly everyone in the company, headquartered in Redwood City, Calif., uses the social-network site to hang out with fellow workers, access internal communications, or even challenge the Sydney branch to a movie quiz. That includes the CEO. In a bid to create a sense of community within a worldwide company of 850 employees – many of them physically dispersed and acquired through a series of mergers – Serena's management created a "Facebook Friday" last November. An afternoon training session by Facebook experts – namely teenage sons and daughters – sparked ubiquitous social-network interaction inside the corporation. So much so, that Serena uses Facebook as its de-facto Intranet. The company also uses social networks to recruit new hires and market its Web 2.0 tools. Employees can even peer into the CEO's home life as a race-car driver. It's a radical policy for a firm that, just a year ago, had banned the use of Instant Messenger.

Hack in the box: 4 IT students held as suspected hackers

Mon, 08 Sep 2008 01:04:06 +0000

The Rapid Action Battalion (Rab) arrested four students of a private technology institute in the city's Mirpur in connection with hacking its website after around 24 hours of the incident on Friday. The youths, who are all fourth semester students of computer science at SAIC Institute and Technology Management, said they hacked the website of the elite crime-busting force for adventure. The arrestees are Abu Musa Mirza Kamruzzaman Shahee, son of sub-inspector of police Mubashwer Ali Mirza of Chicksha village under Fenchuganj upazila in Sunamganj, Syed Mohammad Istiaq, son of Syed Nowsher Ali of Ranabijoypur village of K Ali Dargah in Bagerhat, Mohammad Zayedul Hossain, son of Zakir Hossain of Prindertek under Palash upazila in Narsingdi, and Mohammad Taohidul Islam, son of Rafiqul Islam of Purba Kaleswar village under Joydevpur upazila in Gazipur.

Hack in the box: A tale of sex and spyware in South Korea

Mon, 08 Sep 2008 01:03:24 +0000

According to Sophos it seems that cyber-tension between North and South Korea is increasing of late. Not least thanks to allegations from the South that officers of the military command and control centre have been targeted by the North in a spyware attack on the orders of the infamous electronic warfare division. It is being speculated that the bog standard malicious email attachment style attack hit various military contacts on the Won Jeong Hwa hitlist. Miss Won, 35, is apparently facing trial for treason after her defection Northwards three years ago. It is said the she did a Mata-Hari and seduced army officers during a tour of South Korean military bases. Pretending to just be lecturing about the evil of Kim II Sung, she faces charges of actually spying and sleeping her way to military secrets all the time.

sunbeltblog: How to make notepad.exe a malicious file

noreply@blogger.com (Sunbelt Software Blog) — Mon, 08 Sep 2008 00:47:31 +0000

As is well known, malware authors routinely use packers (aka “protectors) to disguise their files (as well as decrease their file size).

A number of AV products simply blacklist anything that’s packed, thus not having to bother with emulating the executable and finding out what’s really inside. (Like many AV companies, we do this for some obvious malware packers ourselves, but it has to be done with an extensive in-house whitelist to verify that you’re not going to get false positives.)

Just as a curious experiment, I recently packed notepad.exe into a variety of packer formats and submitted them to VirusTotal. (I’m not the first to do this exercise, either — a similar exercise was by shown by VirusBuster at CARO in May.)

This is a miniscule sample, but it allows you to see the various levels of aggressiveness on detecting packers by AV engines. It also shows why some engines have incredibly high detection rates on VirusTotal.

Notepad.exe packed with MEW (packing with FSG will likely show similar results as well).
Notepad.exe packed with UPX (UPX is the most common packer, used for many legitimate applications — it’s a very dangerous packer to blacklist, since false positives will be through the roof.)

Notepad.exe packed with PEspin
Notepad.exe packed with PECompact

In the end, blacklisting packers is going to be old news, because malware authors have changed and are now doing all kinds of exotic custom packing –– and in many cases, not packing at all.

Alex Eckelberry

infosecurity.us: The Analyzer Redux…

Mon, 08 Sep 2008 00:31:48 +0000

CyberCrime & Doing TIme’s Gary Warner speculates on the apparent return of Ehud Tennenbaum, aka The Analyzer.

[1] CTV Video

[2] Haaretz

[3] Wired’s ThreatLevel

hackaday: 3D mineral printer

Mon, 08 Sep 2008 00:11:52 +0000

The last few days many people have been talking about the USC’s contour printer. It’s a device that prints concrete outlines with the hopes of eventually printing entire houses. Caterpillar has decided to back the initiative.

It reminded us of a project we came across at Maker Faire. [Leif Ames], [Matthew Bowman], [Marides Athanasiadis], and [Terrell Edwards] built a 3D Mineral Printer as their senior engineering design project at UC Santa Cruz. The printer works by first laying down a layer of dry concrete powder. It then selectively wets the powder where it wants a solid form. The reaction doesn’t require air to dry, so the next layer can be applied immediately. The printer only creates contours and the team imagines this being used to create temporary casting molds. The build envelop is nearly a cubic meter. When we talked to them, they were experimenting with many different types of material mixes. A video of the first test is after the break.

ItoolBox Networking and Infrastructure: Project Staffing Plan Template

Mon, 08 Sep 2008 00:05:20 +0000

A template for documenting staffing plans on a project...

infosecurity.us: Best Practice

Mon, 08 Sep 2008 00:04:33 +0000

via Emergent Chaos

Network World on Security: Software watchdog working on enterprise security metrics