Millions of printers open to devastating hack attack

         Could a hacker from half-way around the planet control your printer and give it instructions so frantic that it could eventually catch fire? Or use a hijacked printer as a copy machine for criminals, making it easy to commit identity theft or even take control of entire networks that would otherwise be secure?

          It’s not only possible, but likely, say researchers at Columbia University, who claim they’ve discovered a new class of computer security flaws that could impact millions of businesses, consumers, and even government agencies.

           The researchers, who have working quietly for months in an electronics lab under a series of government and industry grants, described the flaw in a private briefing for federal agencies two weeks ago. They told Hewlett-Packard about it last week.

            HP said Monday that it is still reviewing details of the vulnerability, and is unable to confirm or deny many of the researchers’ claims, but generally disputes the researchers’ characterization of the flaw as widespread. Keith Moore, chief technologist for HP’s printer division, said the firm “takes this very seriously,” but his initial research suggests the likelihood that the vulnerability can be exploited in the real world is low in most cases.

           “Until we verify the security issue, it is difficult to comment,” he said, adding that the firm cannot say yet what printer models are impacted. But the Columbia researchers say the security vulnerability is so fundamental that it may impact tens of millions of printers and other hardware that use hard-to-update “firmware” that’s flawed.

Read More

New Facebook Worm installing Zeus Bot in your Computer

          Today another new attack on Facebook users with Zeus Bot comes in action. The researchers of Danish security firm CSIS, has spotted a worm spreading within the Facebook platform. A new worm has popped up on Facebook, using apparently stolen user credentials to log in to victims' accounts and then send out malicious links to their friends. The worm also downloads and installs a variety of malware on users' machines, including a variant of the Zeus bot.

          If followed, the link takes the potential victim to a page where he or she are offered what appears to be a screensaver for download. Unfortunately, it is not a JPG file, but an executable (b.exe). Once run, it drops a cocktail of malicious files onto the system, including ZeuS, a popular Trojan spyware capable of stealing user information from infected systems. The worm is also found to have anti-VM capabilities, making it useless to execute and test in a virtual environment, such as Oracle VM VirtualBox and VMWare.

          Zeus is a common tool in the arsenal of many attackers these days, and is used in a wide variety of attacks and campaigns now. It used to be somewhat less common, but the appearance of cracked versions of the Zeus code has made it somewhat easier for lower-level attackers to get their hands on the malware. Zeus has a range of capabilities, and specializes in stealing sensitive user data such as banking credendtials, from infected machines.

          "The worm carries a cocktail of malware onto your machine, including a Zbot/ZeuS variant which is a serious threat and stealing sensitive information from the infected machine," warn the researchers.The worm is hosted on a variety of domains, so the link in the malicious message may vary. Other servers are used to collect the data sent by the aforementioned malware and to serve additional malicious software.

           This type of thing is very rare to just send to your email without you requesting it so I would advise anyone who thinks that you may have seen an email like this to delete it and mark it as spam right away.

Read More

More than 100 Pakistani Government Sites Under Malware attack

          Website Malware : A newer form of malware is what can be found attacking websites today. In the old days malware was mostly in the form of computer viruses. In today's age of globalization, malware starts to target websites and mobile devices. 

          Almost 100's of Pakistan Government sites are under attack by Godzilla Malware, Which is Created and implemented by an Indian Hacker. Hacker named "Godzilla" publish a list of all Freezed sites list here ,including Peshawar Electric Supply Company website (www.pesco.gov.pk), Ministry of Information and Broadcasting - Government of Pakistan website (www.infopak.gov.pk), Pakistan Navy website (www.paknavy.gov.pk) and Many more.

          Hacker said, "The malware is freezing the sever and if the server is changed then banner of malware hits the live ip.."

           Today malware is much more sinister. It is backed up by an industry which some estimate at $2 billion a year. It is all about making money.

Read More

France: Discovered the biggest Facebook phishing

          Attacker has stolen more then 5000 usernames and passwords, using the fake domain to scam the victims. We suggest to all victims to change there passwords immediately!

Note: Please Don’t Try to login on this website.

Fake Facebook website: http://www.frfacebook.fr/

          If you suspect that you may have exposed your personal information to an unauthorized individual, you should:

1. Change all of your passwords that were exposed.
2. Contact the institution that was being masqueraded. (www.facebook.com)
3. Tell them that your personal information has been exposed.
4. Ask them to cancel any accounts affected.
5. If the information provided can be used to access other institutions, contact them as well. For example, if your credit card number was exposed, contact your credit card company as well.

Next time be more cerful when someone send you suspicious website!

Read More

Cyber threats appearing where even savvy users don’t expect

          An EC cyber security expert believes cyber attackers are getting more sophisticated, in ways that even savvy web users may not expect.


          Doctor Stephan Lechner, director general of the Institute for the Protection and Security of the Citizen, Joint Research Centre, European Commission, in a lecture to the Cyber Security Summit says that he believes Cybersecurity has finally 'gone political'. By that he means the problem has enough understanding in the mainstream for it to become political capital.

          This is a good thing as Cyber security systems around the world will be getting more attention, both in the public and private sector, but it also means that cyber criminals have had to become more devious to deliver their cyber-payloads. One of the examples he believes is becoming more widespread is the 'no-use app', basically something that is downloaded from an app store - it doesn't appear to do anything and the customer simply deletes it and moves on - without even realising it has just dropped its payload. Too many consumers assume that smartphones are immune to viruses, he says.

          He compares the drivers of malware, viruses and cyber threats as following Moore's law - every 18 months the threats double. The newest threat he has picked up on has come through loopholes in finger print readers and even smartphone barcode readers have lead visitors into trouble. The biggest problem is education. Dr Lechner believes that online safety should be taught at the sometime as computer literacy itself - even if that means teaching 5 year olds about cyber safety.

          "The five year olds in the classrooms now, are your future 14 year old hackers. It should be mandatory for children to learn cyber security as they learn how to use ICT," he said. He even goes so far as to believe that technology teachers need to be kept up to speed in this space as well, as often students are more tech savvy than their teachers.

          He also believes that web savvy consumers have become too confident for their own good, often clicking 'OK' in pop up boxes that may look like part of the operating system without even thinking. Ironically, as technology gets more simplified on the surface (and more complicated in the back end), security awareness amongst users falls.

Read More

Reason to be careful if 'PayPal' says you have changed your email address

Have you received a notification claiming that your PayPal email address has changed?

Messages like the following have been spammed out to internet users:

Attached to the email is an HTML form (Personal Profile Form - PayPal-.htm), that requests you enter your personal information.

          Of course, the email is not really from PayPal (who would never send you an HTML form via email anyway), and any information you enter will soon be in the hands of phishing cybercriminals.
PayPal is one of the most phished brands on the internet, as unlike traditional banks it has a truly global presence increasing the chances of a scammer successfully hooking a victim when they spam out their attacks en masse.

          To its credit, PayPal offers advice about phishing on its website, and has even created a "Can you spot phishing?" challenge to help educate its users about the dangers. The PayPal website asks that if you receive a spoof email to forward it to their security team.

          Make sure that you take care when receive unsolicited emails, seemingly from PayPal. It could be that in your haste to fix a security problem you are handing your credentials over to a criminal.

Read More

Sudan Airways mailbox database leaked

          Sudan Airways mailbox database Hacked By Sudan Cyber Army - SD. Alsa7r and Leaked on Pastebin. The Targeted domains are sudanair.com  & omyalphaserver.com . This Include more than 100's of Usernames, Emails, Passwords. Sudan Cyber Army in past hack lots of Sudan Government Sites.

Read More

Spam attack hits Facebook's own Help Center

          The community forum on Facebook's Help Center has become overrun by spammers, making the self-help support community effectively useless.

 

          The spam messages, which at the time of writing are claiming to offer ways to watch live streaming video of American football games, appear to have been posted by bogus or compromised Facebook accounts. Clicking on the links typically takes you to a webpage which asks you to hand over your email address, claiming that you will be sent a program that will allow you to watch live streaming video of football games. The potentials for abuse or malicious attack are obvious - and we would recommend that no users click on the links.

          The alarm was first raised about the spam attack by the unofficial Facebook privacy and security blog. Hours later, new spam messages are still appearing on the Facebook Help Center. Could it be that the spammers are taking advantage of the Thanksgiving holiday weekend, when Facebook's security team may be more lightly staffed than normal?

           Certainly it's embarrassing for the social networking website to have one of its own pages hit so significantly by spammers, when it has recently been lauding its achievements in the fight against Facebook spam. With approximately 800 million users on Facebook, spammers will continue to seek out holes in the site's armour and try to trick the unwary into clicking on their links. To have the best chance of success, Facebook needs 24 x 7 protection, every single day of the year, and to raise awareness of the risks amongst its userbase.

Read More

Largest DDOS attack hit Chinese company

          A week-long DDoS attack that launched a flood of traffic at an Asian e-commerce company in early November was the biggest such incident so far this year, according to Prolexic, a company that defends websites against such attacks. The distributed denial-of-service attack consisted of four consecutive waves launched from multiple botnets between Nov. 5 and Nov. 12, 2011.

          The attack on the unnamed organisation and its DNS provider happened between 5 and 12 November and reached 45Gbit/s at peak, equivalent to 69 million packets or 15,000 connections per second, way above the level that can be easily stemmed using standalone appliances, the company claimed. This attack was three times larger in packets per second volume than the biggest attack Prolexic has mitigated previously, which also occurred in 2011.

          Prolexic technicians identified a randomised attack consisting of the largest volume of GET, SYN, ICMP, UDP and DNS floods launched in a single attack campaign this year. They identified that the attack was coming from botnets in multiple worldwide locations.In addition, unlike typical DDoS attacks that are coordinated from one geographic source, this attack was coordinated globally.

Read More

Exposing 25 Facebook phishing websites

          Geeks at Security Web-Center Found 25 Facebook and list them. Sometimes spammers create fake pages that look like the Facebook login page. When you enter your email and password on one of these pages, the spammer records your information and keeps it. This is called phishing. The fake sites, like the one below, use a similar URL to Facebook.com in an attempt to steal people's login information.

          The people behind these websites, then use the information to access victims' accounts and send messages to their friends, further propagating the illegitimate sites. In some instances, the phishers make money by exploiting the personal information they've obtained.

List of Fake Sites Collected by Security Web-Center:

http://www.sanagustinturismo.co/Facebook/

http://www.facebook.pcriot.com/login.php

http://deadlyplayerx.binhoster.com/Facebook/securelogin.php

http://facelook.shop.co/login.php

http://sigininto.horizon-host.com/facbook/facebook.php

http://custom-facebook.info/facebook.htm

http://www.profile.co.gp/facebook

http://s6.mywibes.com/facebook.htm

http://www.fjtech.us/

http://myoneid.site90.com/

http://facedook.co.gp/wwwfacebookcomprofilephpid100001548737188.htm

http://faceebook-com.bugs3.com/login/Secured_Re-login/index1.html

http://facebooook.axfree.com/

http://combatarms.free.fr/

http://sweed.web44.net/

http://thekshitij.in/facebook/index1.html

http://addgames.awardspace.biz/

http://www.profile.co.gp/facebook/

http://www.sjscheat.com/Hosting%20blogger/facebook

http://h1.ripway.com/denal/

http://1337r00t.13.ohost.de/r00tw00tkn00wn/

http://faacebok.zapto.org/

http://h4ck3rgadungan.adfoo.info/index1.html

http://www.2498.b.hostable.me/

Note: Please Don't Try to login on above listed websites.

           Recently, Facebook phishing emails are threatening to delete users’ Facebook accounts unless the victims pass along their account details within 24 hours, as Posted by NakedSecurity. 

A typical phishing scam reads like this:

LAST WARNING : Your account is reported to have violated the policies that are considered annoying or insulting Facebook users. Until we system will disable your account within 24 hours if you do not do the reconfirmation.

Please confirm your account below:

[Link Removed]

Thanks.

The Facebook Team

Copyright facebook © 2011 Inc. All rights reserved.

          The emails are entirely bogus. They are not coming from Facebook. Social media venues would not request financial information, nor would they request login details.The scams are, in fact, designed to steal credit card numbers and social media accounts.  When someone has been phished, their account will often start automatically sending messages or links to a large number of their friends. These messages or links are often advertisements telling friends to check out videos or products. If your Facebook account is automatically sending out spammy messages or links, secure it here.

         Make sure that when you access the site, you always log in from a legitimate facebook.com domain. A good rule of thumb is if a URL ends in facebook.com, it is owned by Facebook. For example, "en-gb.facebook.com" ends in facebook.com and is therefore safe and legitimate.

Read More

Filipino police arrest 4 for AT&T hacking

          Hackers linked to a group responsible for 2008 terrorist attack in Mumbai, India. The FBI and Philippines police have arrested four people for allegedly hacking into AT&T's phone systems.

          The operation was carried out last week following a complaint from AT&T, after the telecom major incurred losses worth nearly $2 million due to the cyber scam, according to the Philippines police. The investigators said the hackers worked for a group that helped finance a terrorist attack in Mumbai, India in 2008, which claimed 166 lives.

          The hackers were said to be working on commission for a terrorist group linked to Muhammad Zamir a Pakistani. Following Zamir's arrest in 2007, the group had been taken over by a Saudi national. According to FBI spokeswoman Jenny Shearer, hackers targeted customers of AT&T, not the carrier itself.

Read More

UK banks stress test defences against cyber attack

          Traffic infrastructure disruption during the London 2012 Olympics also examined. UK banks have taken part in an exercise designed to test their defences against a possible cyber attack. The tests also examined how financial institutions would cope if there was a major disruption to the transport infrastructure during the London 2012 Olympic Games.

           In total 87 banks, including Barclays, HSBC, Lloyds, and Royal Bank of Scotland, took part in the test. The mock cyber attack was designed to test how well telecommunications and Internet services would stand up in the face of a massive online attack. The scenarios played out included what would happen if an attack took cash machines out of service.

          "We have designed a scenario that will test the ability of participants to respond to a concerted cyber attack on the financial sector," said the FSA in a statement. "Thus, there is a strong focus upon dependencies on telecommunications and the internet as well as managing the return to business as usual." Sian John, UK Security Strategist at Symantec, said that the exercise was very encouraging, as it shows financial institutions are putting security at the top of the agenda.

          "Often you see security being considered at the last minute rather than being engineered into projects and infrastructures from day one so it's very encouraging to see an important sector like this taking part in preventative measures," she said. "Threats are becoming increasingly targeted and focused on accessing information that can be used for malicious gain or sold on via underground markets," she added. "An exercise like this will demonstrate exactly how robust their systems are and where the vulnerabilities lie. It may mean they need to reconsider back up sites for example or rethink security altogether - whatever the results it's a nice illustration that financial institutions are proactively looking to manage risk."

          An Exercise Report will be published early next year discussing the results of the test, alongside a Post Exercise Conference, the FSA said. London 2012 Gerry Pennell recently said it would be very difficult to launch a successful cyber attack on the Games themselves, due to the way his team had built the tech infrastructure. "We will be using a content distribution network to push data out, which means our dependency on a central host architecture is much lower. What that means is that it is very hard to launch a distributed denial of service attack (DDoS), simply because our front-end is so dispersed," he said.

          "We designed our approach to information security into our architecture from the beginning," Pennell continued. "We keep mission-critical Games systems, such as anything to do with distributing results, quite insulated from other components of the network, particularly anything web-facing, thus making it extremely hard for an external attack to succeed."

Read More

Scammers target Xbox live users

          Phishers have been able to trick some gamers into disclosing personal details. Some Microsoft Xbox Live users have been targeted by scammers in a phishing attack.

         Though Microsoft sources denied that Xbox Live had been hacked, phishers have been able to trick some gamers into disclosing personal details like addresses, emails and credit card information. Denying any breach to the security of the users of Xbox Live service, Microsoft said, "In this case, a number of Xbox Live members appear to have recently been victim of malicious 'phishing' scams."

         Microsoft has warned people against opening unsolicited e-mails because the messages may contain spyware or malware that can compromise their personal information. Microsoft said it has been working closely with Xbox Live users to investigate and resolve any unauthorised changes to their accounts resulting from phishing scams.

Read More

132 councils lost personal data

          At least 35 councils admitted to losing private information about children. Personal data has been lost by 132 UK local councils since 2008, according to a report published by Big Brother Watch (BBW).
There were a total of 1,035 incidents of data loss between August 2008 and August 2011, with only 55 reported to the Information Commissioner's Office (ICO), the report added.

          At least 35 councils admitted to losing private information about children. At least 244 laptops, 98 memory sticks and 93 mobile devices were lost. Big Brother Watch, commenting on the losses, said this highlighted a "shockingly lax attitude" to protecting confidential information by some councils.

          "This research highlights a shockingly lax attitude to protecting confidential information across nearly a third of councils," said Big Brother Watch director Nick Pickles. Despite having access to increasing amounts of data and being responsible for even more services, local authorities are simply not able to say our personal information is safe with them."

          Despite the huge number of incidents, only nine people lost their jobs. "The fact that only a tiny fraction of staff have been dismissed brings into question how seriously managers take protecting the privacy of their service users and local residents," added Pickles. Buckinghamshire and Kent were the worst offenders with a total of 72 incidents each. Essex was third on 62, with Northamptonshire in the fourth position with 46.

Read More

Security Flaws in Android 4.0 (ICS)

          Facial reorganization to unlock can easily be bypassed with simple photo trick in Android 4.0 (Ice Cream Sandwich). Recently a blogger named "soyacincau" demonstrated about he vulnerability and showed how easily any one can bypass the facial reorganization. He took a photo of himself using another phone and held it up to the front facing camera on the Samsung Galaxy Nexus, the first smartphone to run Android 4.0, which was then unlocked. In ocotober a developer of CyanogenMod also concluded the same thing. 

          Later A Google spokesperson told that the feature is considered to be experimental and offers little security. According to the news site, the user interface for the Face Unlock feature also warns users that it is less secure than using a pattern, PIN or password, even going as far as saying "Someone who looks similar to you could unlock your phone". It is unclear if Google will add "Or a photograph of you" to the warning.

Read More

Maharashtra Highway Police website hacked

          Not only International Law Enforcement and Police Under Hacker's attack, Even our Local Police websites and Database also become of Victim of breaches mostly once a day. A hacker With name "powerin10" take responsibility to hack Maharashtra Highway Police website.  Hacker is member of Bangladesh Cyber Army.

Read More

Wikileaks Founder, Julian Assange Hires Pirate Bay Lawyer

          Wikileaks Founder Julian Assange has fired his lawyer in favour of one with experience in batting for The Pirate Bay, according to a Swedish news report. Julian Assange has ditched his Swedish legal counsel and lined up a new defence team in readiness for a likely return to the country to face allegations of sexual molestation and rape against two women.

          Assange has filed a petition with the Stockholm District Court, says the newspaper, and communicated his desire to change his representation to attorneys Per Samuelson and Thomas Olsson. Olsson is reviewing the case already, but has little to say on the motives behind Assange's decision. "He'll have to explain his motivation behind changing defenders," he told The Local. Samuelson previously represented financier Carl Lundström, one of the four defendants in the 2009 Pirate Bay trial, all of whom were found guilty.

Read More

Hackers' attempt to target AT&T revealed

          The persons involved appeared to have used "auto script" technology. Telecom operator AT&T has reached out to its wireless customers to inform them that the company was recently a target of an "organised" hacking attempt to collect online information.

          However, AT&T spokesman Mark Siegel said that no accounts were breached. It was reported that the persons involved appeared to have used "auto script" technology to identify whether AT&T telephone numbers were linked to online AT&T accounts.

          The company is carrying out investigations to determine the source of the attack and also the intent. Earlier in 2010, hackers managed to breach AT&T website and managed to collect more than 1,00,000 email addresses belonging to Apple iPad 3G users. Two men, who were charged with the attack, revealed that their goal was to expose security flaws.

Read More

Hackers destroyed a pump used by a US water utility

          Hackers destroyed a pump used by a US water utility after gaining unauthorized access to the industrial control system it used to operate its machinery. Five computer screenshots posted early

1. http://i41.tinypic.com/ip0aa0.png
2. http://i42.tinypic.com/eun021.png
3. http://i42.tinypic.com/1znptuu.png
4. http://i41.tinypic.com/2m6o0au.png
5. http://i40.tinypic.com/k386ep.png

           Friday purport to show the user interface used to monitor and control equipment at the Water and Sewer Department for the City of South Houston, Texas. ''This is arguably the first case where we have had a hack of critical infrastructure from outside the United States that caused damage,'' a managing partner at Applied Control Solutions, Joseph Weiss, said.

          The network breach was exposed after cyber intruders burned out a pump. ''No one realised the hackers were in there until they started turning on and off the pump,'' he said. It said hackers apparently broke into a software company's database and retrieved usernames and passwords of various control systems that run water plant computer equipment.Using that data, they were able to hack into the Illinois plant.

          The U.S. Department of Homeland Security and the Federal Bureau of Investigation are examining the matter, said DHS spokesman Peter Boogaard. "At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety," he said, declining to elaborate further. An FBI spokesman in Illinois did not return phone calls seeking comment.

Read More

International Association of Chiefs of Police Investigators Owned by Anonymous Hackers

          The Antisec wing of Anonymous has come out with another document release in its ongoing assault on law enforcement. A Special Agent Supervisor of the CA Department of Justice is the latest victim of Anonymous who claims that their operations against the FBI succeeded once again after managing to hack two of his Gmail accounts.

         Anonymous hackers broke into two of Bacalagan's gmail accounts, his text message logs and his Google Voice voicemails, then dumped the whole thing on to a website and The Pirate Bay. Baclagan was a special agent supervisor at the Department of Justice specializing in cybercrime, and his emails contain thousands of correspondences from the private listserv of the International Association of Computer Investigative Specialists, spanning 2005 to 2011. So, any black hat hackers looking for tips on how to avoid being busted might want to scour the archive, which provides essentially an encyclopedia of computer forensics tips and tricks.

          “We are confident these gifts will bring smiles to the faces of our black hat brothers and sisters (especially those who have been targeted by these scurvy dogs) while also making a mockery of 'security professionals' who whore their 'skills' to law enforcement to protect tyrannical corporativism and the status quo we aim to destroy,” a video statement claims.

          “The information in these emails will prove essential to those who want to protect themselves from the techniques and procedures cyber crime investigators use to build cases. If you have ever been busted for computer crimes, you should check to see if your case is being discussed here,” Anonymous adds.

Read More

Cyber-attack suspected at Illinois water facility

          The attack apparently caused the Scada system to be turned on and off. US Federal officials are investigating into a report that a suspected cyber-attack managed to remotely shut down a utility's water pump in central Illinois on November 8, it was reported. Joe Weiss, a well known cyber security expert, revealed about this in a blog posting on Thursday.

          According to certain reports, the company's database was compromised with hackers retrieving the supervisory control and Supervisory Control and Data Acquisition (Scada) software. The attack apparently caused the Scada system to be turned on and off which led to the burn out of the water pump.

          However, Homeland security spokesman Peter Boogaard said that it was not yet officially confirmed that the incident was the result of a cyber-attack. Boogard added, "At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety."

          Scada systems are highly specialised computer systems that control critical infrastructure, including water treatment facilities, chemicals plants and nuclear reactors to gas pipelines, dams and switches on train lines. Earlier In 2007, researchers at the US government's Idaho National Laboratories identified a vulnerability in the electricity grid said to have triggered by a suspected cyber-attack.

Read More

62% of children faced negative experiences online: Norton Report

         The report surveyed 19,636 online users. The latest edition of the Norton Online Family Report from Symantec reveals some hitherto secret aspects of children's behaviour online. Conducted between February and March 2011 by StrategyOne, it surveyed 19,636 online users of whom 12,704 were adults, 4,553 children aged 8-17 and 2,379 teachers of students aged 8-17.

          Around 62% of kids across the world said they faced a negative experience while online, with reporting a serious negative experience, such as receiving inappropriate pictures from strangers, being bullied or becoming a victim of cybercrime.

          This year's report also identifies the new issue of "cyberbaiting," a phenomenon where kids badmouth their teachers and then capture on their cell phones their distressed reactions. It also shows a high number of kids shopping online with their parents' credit cards.

          Petten, a youthologist and author of "Radical Parenting, said, "Kids are developing their online identity at an earlier age than ever before and they need parents, teachers and other role models to help them figure out where to go, what to say, how to act and perhaps most importantly, how not to act."

Read More

Top 25 worst passwords revealed: Is yours on the list?

          "Password" is, depressingly, the most popular password. SplashData, a password management company from the US, has revealed its list of the top 25 worst passwords of 2011. The list is made up of the most commonly-used passwords, which, of course, make them an easy target for hackers. What's more, given that a significant number of people use the same password for multiple sites, there is a lot of potential here for disaster.

          The list was compiled from stolen passwords posted online by hackers, the company said. "Password" is the most commonly-used password, so is considered by SplashData to be the worst around, followed by "123456" and, along similar lines, "12345678". Morgan Slain, CEO of SplashData, said passwords like this are an open invitation for hackers. "Hackers can easily break into many accounts just by repeatedly trying common passwords. Even though people are encouraged to select secure, strong passwords, many people continue to choose weak, easy-to-guess ones, placing themselves at risk from fraud and identity theft."

           Other popular passwords include ones taken from strings of letters or numbers that are next to each other on a keyboard, such as "qwerty" and the numerical passwords listed above. There are a few common names and words in there as well, including "michael", "ashley", "football", "monkey" and baseball". A lot of people also take their password inspiration from the hugely successful sci-fi TV series The X-Files, with "trustno1" appearing at number nine on the list. That is the password alien-obsessed FBI agent Fox Mulder uses for his computer on the show.

           To help people improve the strength of their passwords, SplashData has released some hints and tips:
1. Vary different types of characters in your passwords; include numbers, letters and special characters when possible.
2. Choose passwords of eight characters or more. Separate short words with spaces or underscores.
3. Don't use the same password and username combination for multiple websites. Use an online password manager to keep track of your different accounts.

            The full list of the worst passwords of 2011 is:
1. password      2. 123456     3. 12345678      4. qwerty     5. abc123      6. monkey     7. 1234567          8. letmein          9. trustno1    10. dragon         11. baseball  12. 111111   13. iloveyou   14. master
15. sunshine     16. ashley      17. bailey        18. passw0rd  19. shadow   20. 123123   21. 654321
22. superman   23. qazwsx    24. michael       25. football

Read More

Patches Released for BIND Denial-of-service Vulnerability

          There's a new vulnerability in the popular BIND name server software that is causing various versions of the application to crash unexpectedly after logging a certain kind of error. The Internet Systems Consortium (ISC), an organization that maintains several software products critical for Internet infrastructure, has released a patch for an actively exploited denial-of-service vulnerability in the widely used BIND DNS server.

          The internet Systems Consortium (ISC) have described the problem as follows:

An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure...

Affected servers crashed after logging an error in query.c with the following message: "INSIST(! dns_rdataset_isassociated(sigrdataset))

More details are available in their advisory.

          As of this posting, ISC had not revealed the underlying problem, but said the patches would prevent the servers from crashing. The flaw affects BIND 9.4-ESV, 9.6-ESV, 9.7.x, and 9.8.x. The patch basically ensures that the cache doesn't return the anomalous data and prevents the server from crashing. ISC officials had not responded to media inquiries as of this posting, and it was unclear whether the flaw was just wreaking mayhem on the servers, or if an actual exploit was causing it.

          Security intelligence firm Rapid7 said the first attack was discovered at The National Weather Service, with the following 89 discoveries of the attack on US universities."Bind 9 is the most widely used DNS server on the internet today… Gone unchecked, this attack could potentially affect nearly the entire internet," said Matt Barrett, senior solutions architect at Rapid7. A temporary patch has already been released.

Read More

Worlds first windows 8 Bootkit to be released at MalCon

          It is amazing how fast security measures are bypassed by hackers. it seems Windows 8 is now Malconed! Peter Kleissner has created the world's first Windows 8 Bootkit which is planned to be released in India at the International Malware Conference MalCon.

          An independent programmer and security analyst, peter was working for an anti-virus company from 2008 to 2009 and was speaker at the Black Hat and Hacking at Random technical security conferences. While his main operating fields are Windows security and analysis of new malware, his recent Important projects include the development of the Stoned Bootkit, a research project to subvert the Windows security model.

A bootkit is built upon the following broad parts:

• Infector
• Bootkit
• Drivers
• Plugins (the payload)

          And as put by peter, those parts are easy to split up in a criminal organization: Teams A-D are writing on the different parts. If you are doing it right, Team D (the payload writers) need no internal knowledge of the bootkit! Peter's research website: http://www.stoned-vienna.com/

          As per the MalCon website, peter's travel is still not confirmed citing VISA issues, however, there are chances that the presentation may be done over the video or a speaker may step in on behalf of peter and release it at MalCon.

Read More

Cryptocard acquires IP from stricken GrIDsure

          Authentication vendor now gunning for SMB space. Cryptocard has acquired the patents and IP of troubled tokenless authentication firm GrIDsure, the company has announced. Cryptocard, also playing in the authentication space, did not reveal how much it has paid for GrIDsure's patents and IP. It says the deal will enable it to push its technology towards the SMB space, an area it is not currently particularly strong in.
The portfolio is has acquired from GrIDsure will be integrated with Cryptocard existing BlackShield SaaS platform and enable it to offer customers token or tokenless authentication via the cloud or on-premise, the company said.

          "We made the decision to acquire GrIDsure's pattern authentication IP to build out our already robust token and tokenless offering and to give our customers the widest possible choice," said Neil Hollister, CEO of Cryptocard. "Tokenless technology is incredibly cost-effective and easy to use and is a growing market. By delivering it on Cryptocard's BlackShield Cloud platform, the cost of service delivery is minimal and builds on our vision to make strong authentication universally available to organisations globally, regardless of size," he added.

          It was reported earlier this month that GrIDsure was in talks with a potential buyer after one of its investors had pulled out. It was also suggest that liquidation proceedings had begun.

Read More

Massive data theft in Norwegian companies

          Oil and gas and defence industries were the targets. Data has been reportedly stolen from Norway's oil and gas and defence industries in what is considered to be one of the largest cyber espionage cases hitting this Scandinavian country.

          It was reported on Thursday that industrial secrets from companies were stolen and "sent out digitally from the country," according to the Norwegian National Security Authority, NSN. However, it did not disclose the names of companies or institutions that were targeted. At least 10 different cyber attacks were discovered in the past year, but the agency feels that the number may have been much higher because other victims might not have yet realised that their computers have been targeted.

          NSN spokesperson Kjetil Berg Veire said that it appeared that more than one person is said to have been involved in the attack. Also, the attacks have occurred more often" when companies were negotiating large contracts," he said. This case seems significant as Norway's oil and gas industry is ranked the third largest in the world, where 2.8 million barrels are produced each day.

          A year ago the Nobel Institute in this country had also been a target, after a Chinese activist Liu Xiabo was awarded the 2010 Nobel Peace Prize.

Read More

Half of SMBs don't consider themselves targets of cyberattacks: Symantec

          It contradicts the evidence provided by Symantec.cloud that revealed 40% of all targeted attacks were on SMBs in 2010 compared to 28% on large enterprises. According to a Symantec survey, half of the small and medium businesses (SMBs) feel that they are not in danger from cyberattacks, despite knowing the dangers of these attacks.

          This is in contrast to data from Symantec.cloud that said since the beginning of 2010, 40% of all targeted attacks have been directed at companies with fewer than 500 employees, compared to only 28% directed at large enterprises. According to the 2011 SMB Threat Awareness Poll, more than half of SMBs are familiar with many different security threats to the business, including targeted attacks, keystroke logging, and the risks that come with using smartphones for company business.

          More than half (54%) stated that malware would cause a loss of productivity, and 36% recognised that hackers could gain access to proprietary information, while 46% stated that a targeted attack would cause a revenue loss and 20% said it would drive customers away. Symantec Corp Worldwide Marketing for SMB and .Cloud, Steve Cullen said their research shows that SMBs are quite vulnerable to cyberattacks, and it's more important than ever for them to take steps to keep their information safe

          "Even with tight budgets and limited resources, simple changes such as education and best practices can significantly strengthen an SMB's security approach to cyberattacks," Cullen said. The survey found that many SMBs are failing to take basic precautions to protect their information as they don't themselves as targets of cyberattacks. A shocking 63% do not secure machines used for online banking and 9% do not take any additional precautions for online banking, while more than half (61%) do not use antivirus on all desktops and 47% do not use security on mail servers/services.

          In order to keep sensitive corporate information safe, Symantec has recommended SMBs to develop Internet security guidelines and educate employees about Internet safety, security and the latest threats; asses their security status; and advised them to be proactive and develop a security plan.

Read More

US issues warning to perpetrators of cyber attacks

          Pentagon says US cyber attackers “would be taking a grave risk” The US has said that it would retaliate with military force, if necessary, against a cyber attack. The Pentagon stated this in a 12-page report made public on Tuesday. The report added, "When warranted, we will respond to hostile attacks in cyberspace as we would to any other threat to our country."

          It adds, "We reserve the right to use all necessary means - diplomatic, informational, military and economic - to defend our nation, our allies, our partners and our interests." According to the report, hostile acts could include "significant cyber attacks directed against the US economy, government or military" The Pentagon states that perpetrators of cyber attack against the US "would be taking a grave risk."

          If a defense-based deterrence fails to stop a hostile act, the Pentagon "maintains, and is further developing, the ability to respond militarily in cyberspace and in other domains." The latest report also categorically reiterated that the US will "exhaust all options prior to using force whenever we can" when responding to a hostile act in cyberspace. In May, the White House's international cyberstrategy declared that the United States reserves the right to use all necessary means - diplomatic, informational, military and economic - to defend the nation against hostile acts in cyberspace.

          Attacks on US computer networks have reportedly become more frequent and were costing US companies an estimated $1 trillion in lost intellectual property, competitiveness and damage.

Read More

Bogus Bank of America Google Plus page attacks their reputation

          As the Occupy Wall Street movement continues, hackers have turned to attacking some of the financial institutions protesters feel are responsible for their situation. The web page representing Bank of America on the Google Plus service gives the appearance that it was hacked. It does not appear this page was actually controlled by Bank of America (BoA), rather it seems to have been created by the attackers by tricking Google into giving them a business page under BoA's name.

          The attackers have put quite a bit of effort into painting BoA in a bad light. They have posted at least 10 articles which say things like: "Living under a tarp? I am too. My TARP is much bigger, however, and billions of dollars more expensive."

          The shenanigans appear to have started on November 8th, right after Google launched the official service for businesses to use the social network. We have not seen a lot of abuse on the Google Plus service to date, but I am sure this incident is just the tip of the iceberg. Google may have a real names only policy, but apparently their verification process leaves something to be desired.

          Creative Commons photo of Bank of Foreclosed courtesy of scad_lo's Flickr photostream'.

Update: Google have removed the bogus page and handed it over to Bank of America. They have also included a "verified" check mark similar to what Twitter uses. Strangely not all business pages have this verified mark, including BoA's competitor Citibank USA.

Read More

Facebook scare: 2 lakh accounts hacked in Bangalore

          The recent Facebook hack has reportedly claimed over 2 lakh victims in Bangalore. According to a news report in Mid Day, some two lakh Facebook users in Bangalore had their accounts hacked and weblinks to their morphed pornographic pictures sent as feeds to friends and family.

          Quoting social networking analysts, the report says that more than 2 lakh Bangalore Facebook accounts were hacked. The cybercrime department too is reported to have received calls and complaints regarding the mass hacking. According to the report, there are around 50 posts on Facebook stating that the users are quitting the social networking site forever after being embarrassed before friends and family.

          Incidentally, according to a Bloomberg report, Facebook claimed that it has identified those responsible for the deluge of hardcore porn and violent images in some users' newsfeeds, and said it is working with its legal team "to ensure appropriate consequences follow." The social networking company made the statement after porn, pictures of extreme violence and faked photos of celebrities such as Justin Bieber in sexual situations had overrun the profiles of some Facebook users.

          Facebook said that it has "drastically limited the damage caused" by a spam attack that took advantage of a browser vulnerability. "Protecting the people who use Facebook from spam and malicious content is a top priority for us," Palo Alto, California-based Facebook said in a statement.

Read More

FreeFloat FTP Server - Buffer Overflow Vulnerability

 

          Ashfaq Ansari Reported FreeFloat FTP Server - Buffer Overflow Vulnerability. In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This is a special case of violation of memory safety.Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program operates.This may result in erratic program behavior, including memory access errors, incorrect results, a crash, or a breach of system security.

This Exploit helps to gain remote access on FreeFloat FTP using FEAT command.

Read More

UCLA psychology department database hacked

          Hackers take responsibility for the release of information from the psychology department’s database which included the names, home addresses and dates of birth of 26 applicants to the university. The attacker also published some information that helped him access the database. He highlighted the open ports and the versions of the services he relied on to hack the site.

          This is not the first time that the department database has been dumped on Pastebin. In July 2011, another hacker posted psychology department faculty’s phone number, first and last name, e-mail address, street address, and UCLA ID number. Webmasters from UCLA IT are still investigating the hacking, but Bollens said it is likely the result of a SQL injection, which makes programs give more information than intended for release.

        The psychology department’s outdated database may have made it more susceptible to the SQL injection, where the hacker puts in a code that the program doesn’t recognize. That can cause the program to give up information that the programmer did not intend to release. SQL injections are responsible for more than 90 percent of hacks.

Read More

Sky News Twitter account Hacked

           Hackers yesterday accessed the Twitter account for Sky News business desk and posted a tweet claiming that James Murdoch had been arrested by London police. It has also lately been used by hacker groups to simply raise their profile and make the public aware of their existence.

           Soon re-twitted by many followers, the fake news created quite a stir.The false tweet was erased within minutes, but not before other Twitter users had shared it across the network. Sky News is likely to find out soon whether the hack was executed by an insider - possibly as a joke - or by hackers.

Read More

Duqu computer virus Detected by Iran civil defense organization

          The virus is called W32.Duqu, or just Duqu create fear after the opening Pandora’s Box of Stuxnet. The head of Iran's civil defense organization told the official IRNA news agency that computers at all main sites at risk were being checked and that Iran had developed software to combat the virus.

          First, Duqu is not deigned to harm industrial automation. The software basically attacks windows systems. Instead of sabotaging industrial control, Duqu has been general remote access capabilities. Duqu has a key logger and can save passwords etc.. The malware uses HTTP and HTTPS to communicate to a command and control (C&C) server at 206.183.111.97, which was hosted in India, the IP is inactive as of October 18th. Duqu infiltrates systems directly it is not a worm like Stuxnet and needs to be placed directly, e.g. through infected mails.

"We are in the initial phase of fighting the Duqu virus. The final report which says which organizations the virus has spread to and what its impacts are has not been completed yet. All the organizations and centers that could be susceptible to being contaminated are being controlled.

So far Duqu was found on less than 10 computers from European companies, which are developing industrial control software, according to a Symantec-Analyst. The software is programmed to remove itself automatically after 36 days. The complete set up: Invades target (not wormlike), spies out passwords, and removes itself – hopefully without being detected – seems like Duqu actually prepares an attack. This is also assumed by F-secure, “it’s possible we'll eventually see a new attack targeting PLC systems, based on the information gathered by Duqu.”

Read More

South Korea launches initiative to block spam

          It requires ISPs to block the default SMTP port, Port 25. The South Korean authorities are asking all its internet service providers (ISPs) to block all e-mail sent from anything but "official" e-mail servers in a bid to block spam.

         The plan rolled out for this initiative is known as "Block 25". As per this, an ISP blocks the default Simple Mail Transport Protocol (SMTP) port, Port 25, from sending e-mail messages, which will force the users to use their ISP's mail servers. This, it is hoped, would stop spam. To be enforced next month, the analysts are not sure if this plan would effectively do that as they feel that spammers could use alternate ports.
James Blessing, a council member of the UK's Internet Service Providers' Association, says, "Many corporate mail servers run authenticated access through port 25."

          He added, "If you want to connect to that you won't be able to if you block port 25. You'll stop people working from home."

Read More

W3C plans privacy tools to warn users of unauthorised tracking

          W3C to help users control how their personal data is managed. Internet users will start receiving warnings if websites do not respect their privacy, thanks to new tools being developed by the World Wide Web Consortium (W3C), the organisations responsible for setting standards on the web.

          W3C in its first draft for the new set of standards has published two documents, the Tracking Preference Expression and the Tracking Compliance and Scope Specification, in a bid to help users control how their personal data is managed. Matthias Schunter from IBM who chairs the W3C group, said, "Users have the feeling they are being tracked and some users have privacy concerns and would like to solve them."
Schunter added that the biggest problem in the current scenario is that different browser makers currently employ incompatible privacy settings.

          The W3C group is trying to strike the balance between protecting users' privacy and providing them with personalised online experiences.

Read More

Ambulance service disrupted by computer virus infection

          The St John Ambulance service in New Zealand fell victim to a computer virus infection last week, according to media reports, which disabled its automated response systems across the country. The service, which provides 90% of the emergency and non-emergency ambulance cover for the New Zealand population, was struck by a malware attack on Wednesday forcing staff to allocate ambulances manually according to Alan Goudge, communications operations manager for the St John Ambulance service:

"Anti-virus software protected the systems but as a result of the virus it impacted on some of the systems services, mainly those related to paging and radio. Back-up systems immediately took over when it was detected and the workload was managed manually."

           No details appear to have been made available about which precise piece of malware infected the ambulance service's systems, or how it entered the network, but in all likelihood the attack was not targeted specifically at the organisation but simply included it amongst its victims. It's far from the first time that a medical service has grappled with malware infections.

          For instance, the Mytob worm hit a number of London hospitals in 2008, and in 2005 the Northwest Hospital and Medical Center in north Seattle was hit in attack which shut down computers in the facility's intensive care unit and prevented doctors' pagers from working properly.

          In that latter case, nurses were said to have run charts down hallways rather than transferring them electronically, computers in the facility's intensive care unit were shut down and doctors' pagers were prevented from working properly. A 21-year-old man was ultimately sentenced to three years in prison and fined a quarter of a million dollars in connection with the case.

          The fact is that malware often doesn't discriminate between who its victims might be. Whether you're running a computer in your spare bedroom, or operating critical systems in a medical environment, your PC may still be at risk. Anyone who still thinks that virus-writing is "mostly harmless" and only really impacts the foolish who don't have backups, should consider what the possible consequences of taking down the systems of an ambulance emergency service might mean.

Read More

Facebook WON'T donate 45 cents per share for beaten boy's surgery. It's a hoax!

           Almost 200,000 Facebook users have been duped into sharing and reposting a message about a 14 year old boy who was allegedly beaten badly by his stepfather after protecting his little sister from being raped. The message, which comes attached to an image of a young boy's injured torso, claims that Facebook will donate 45 cents for the cost of life-saving surgery, every time that a user reposts or shares the message.

          A 14 years old boy got beaten half dead by his stepfather.He only tried to protect his little sister from being raped.Now he's struggling for his life,but doctors say he won't make it without a surgery.His mother doesn't have money to pay it.Facebook donates 45cents for every sharing or reposting.Please help.

           At the time of writing, over 181,000 people have reposted or shared the photo and accompanying message on Facebook. Every few seconds we can see more Facebook users passing it onto their friends.
Of course, the claim that Facebook is donating money is nonsense. Facebook is doing nothing of the sort - and if it were donating money to a young boy's surgery they surely would not base it upon the number of times a message or photo was shared.

          You'll notice that the message includes no information supporting the story, no link to an official Facebook blog announcing the initiative, no details on where in the world the boy might be, or links to news stories that corroborate the claim. There's not even a date when the incident is claimed to have taken place, which means that a hoax chain letter like this can have a life of its own and continue to spread many years after its first appearance.

          Facebook is a breeding ground for rumours, hoaxes and chain letters because users find it so easy to forward bogus alerts and poorly-researched warnings on to all of their friends at the click of a mouse.
If a friend of yours shares a message with you like this on Facebook, remind them about the importance of not spreading chain letters and suggest that they inform all of their friends that they were mistaken (maybe they could link to this article if anybody needs convincing?).

Read More