Report: Countries prepping for cyberwar

"Major countries and nation-states are engaged in a "Cyber Cold War," amassing cyberweapons, conducting espionage, and testing networks in preparation for using the Internet to conduct war, according to a new report to be released on Tuesday by McAfee.

In particular, countries gearing up for cyberoffensives are the U.S., Israel, Russia, China, and France, the says the report, compiled by former White House Homeland Security adviser Paul Kurtz and based on interviews with more than 20 experts in international relations, national security and Internet security.

"We don't believe we've seen cases of cyberwarfare," said Dmitri Alperovitch, vice president of threat research at McAfee. "Nations have been reluctant to use those capabilities because of the likelihood that [a big cyberattack] could do harm to their own country. The world is so interconnected these days."

Threats of cyberwarfare have been hyped for decades. There have been unauthorized penetrations into government systems since the early ARPANET days and it has long been known that the U.S. critical infrastructure is vulnerable."

Read the full story at CNET by Elinor Mills

Fake antivirus attacks PCs with ransom demand

The Fake antivirus phenomenon has taken an unpleasant turn with the discovery of a Windows program that not only cons users into buying an unnecessary license but appears to lock files and applications on the victim's PC.

According to security company Panda Security, rogueware program Total Security 2009 starts out in conventional fashion with the 'discovery' of a non-existent malware infection for which it demands an unusually ambitious $79.95 (£50), and even has the cheek to ask a further $19.95 for 'premium' technical support.

Read the full story by John E. Dunn , TechWorld

Sneaky Microsoft plug-in puts Firefox users at risk

"Computerworld - An add-on that Microsoft silently slipped into Mozilla's Firefox last February leaves the browser open to attack, Microsoft's security engineers acknowledged earlier this week.

One of the 13 security bulletins Microsoft released Tuesday affects not only Internet Explorer (IE), but also Firefox, thanks to a Microsoft-made plug-in pushed to Firefox users eight months ago in an update delivered via Windows Update.

"While the vulnerability is in an IE component, there is an attack vector for Firefox users as well," admitted Microsoft engineers in a post to the company's Security Research & Defense blog on Tuesday. "The reason is that .NET Framework 3.5 SP1 installs a 'Windows Presentation Foundation' plug-in in Firefox."

The Microsoft engineers described the possible threat as a "browse-and-get-owned" situation that only requires attackers to lure Firefox users to a rigged Web site."

Read the full story by Gregg Keizer

First look: Microsoft Security Essentials impresses

"Microsoft's new antimalware solution, Microsoft Security Essentials, is now available for Windows XP, Windows Vista, and Windows 7. Ars puts MSE through its paces and finds an unobtrusive app with a clean interface that protected us in the dark corners of the Internet.

After a short three-month beta program, Microsoft is officially releasing Microsoft Security Essentials (MSE), its free, real-time consumer antimalware solution for fighting viruses, spyware, rootkits, and Trojans. MSE is yet another layer of defense the company is offering to help its customers fight the threats that plague Windows PCs.

Microsoft Security Essentials is available for Windows XP 32-bit (8.61MB), Windows Vista/7 32-bit (4.28MB), and Windows Vista/7 64-bit (4.71MB). The final build number is 1.0.1611.0. Microsoft warns that MSE should not be installed alongside any other antimalware application. Indeed, MSE's installer disables Windows Defender completely, which makes sense as it is a sort of superset to Windows Defender. It builds upon Windows Defender by offering both real-time protection and on-demand scanning for all types of malware."

Continue Reading

Russian Hackers pay 43 cents per hijacked Mac

Computerworld - "A network of Russian malware writers and spammers paid hackers 43 cents for each Mac machine they infected with bogus video software, a sign that Macs have become attack targets, a security researcher said yesterday.

One example, which has since gone offline, was Mac-codec.com, said Samosseiko. "Just a few months ago it was offering [43 cents] for each install and offered various promo materials in the form of Mac OS 'video players,'" he said."

Continue Reading

MacForensicsLab Inc. Releases Free Tool for Investigating Crimes Against Children

MacForensicsLab Field Agent is the first and only freely available (to law enforcement) tri-platform tool designed specifically to help combat Crimes Against Children. It offers investigators a powerful yet easy to use tool with a skin tone analyzer that makes finding images of child pornography fast and easy.

The ability to quickly and effectively identify files of interest based on the percentage of skin tone contained therein makes MFL-FA an invaluable tool for law enforcement. In fact, MFL-FA was specifically designed to fill the technological gap that sexual predators have exploited for years; the lack of a fast and accurate way to identify images of evidentiary value amidst the seemingly insurmountable volume of data. Therefore, MFL-FA is perfectly suited for any Internet Crimes Against Children (ICAC) Task Force, probation and customs officers and/or any officers dealing with sexual predators. MFL-FA is the answer for all those seeking to gain the advantage over sexual predators who use technology in furtherance of their criminal acts.

Law enforcement only

To order your copy of this freeware tool please click on the "buy now" button at the bottom of this page. There is no charge whatsoever for this software but we do require the name of your agency, and some way to contact you.

You will be provided a serial number for MacForensicsLab Field Agent for Windows, Mac OS X, and Linux via email. It is therefore important to ensure your email address is input correctly.

Designed for non-technical personnel, Field Agent can be run in three easy steps; there is no rebooting, troubleshooting or complex interfaces. Utilizing the computer's USB port, it can run natively on Mac OS X, Microsoft Windows, and Linux to search suspect drives and devices. By quickly providing images relevant to an investigator's interests (typically under 2 minutes), MacForensicsLab Field Agent is an invaluable tool to all law enforcement. Field Agent has the ability to export files of interest or generate an HTML report with thumbnails, path and date information of any or all files.

Typical deployment of MFL-FA is less than two minutes per machine, making it an invaluable tool for locating data of interest and increasing officer safety. Further, MFL-FA has the ability to export files of interest or generate an HTML report with thumbnails, path and date information of any or all files.

MacForensicsLab Inc. makes Field Agent freely available to all law enforcement. To acquire a serial number for MacForensicsLab Field Agent, please submit the request form (purchase order, for a zero cost purchase, no credit cards or payment required) using a law enforcement email address. Field Agent contains just a small subset of the features available in MacForensicsLab. If you like Field Agent, checkout MacForensicsLab for the most powerful cross-platform digital forensic suite available.

How to use MacForensicsLab Field Agent

Cyberattacks hit U.S. and South Korean Web sites

SEOUL, South Korea--Cyberattacks that have crippled the Web sites of several major American and South Korean government agencies since the July 4th holiday weekend appear to have been launched by a hostile group or government, South Korea's main government spy agency said on Wednesday.

Although the National Intelligence Service did not identify whom they believed responsible, the South Korean news agency Yonhap reported that the spy agency had implicated North Korea or pro-North Korea groups.

A spokesman at the intelligence agency said it could not confirm the Yonhap report, which said that the spy agency briefed lawmakers about their suspicions on Wednesday. The opposition Democratic Party accused the spy agency of spreading unsubstantiated rumors to whip up support for a new antiterrorism bill that would give it more power.

Read the full story in The New York Times by Choe Sang-Hun.

New worm can infect home modem/routers

"A new botnet, “psyb0t” is the first known to be capable of directly infecting home routers and cable/DSL modems.

The malware contains the shellcode for over 30 different Linksys models, 10 Netgear models, and a variety of other cable and DSL modems (15 different shellcodes).

A list of 6000 usernames and 13,000 passwords were also included, to be used for brute force entry to Telnet and SSH logins which are open to the LAN and sometimes even the public WAN side of the routers. Generally, routers do not lock a user out after a number of incorrect password attempts, making brute force attacks possible."

Read the full article here

Cautionary tales from the social-networking universe

“There are so many people on social-networking sites that it is becoming profitable for bad guys to go there,” David Perry, global director of education at software security firm Trend Micro, recently told Agence France-Presse (AFP). “Bad guys can see all the things you post. You may be revealing personal information that is extremely valuable.”

Now Facebook has made revealing personal information even easier. This past week, it announced that users can change their privacy settings so everyone can see their profile. The company was actually responding to a request from many users who wanted the ability to share their information with even more people."

Continue Reading

Credit card processors finally get clue, will ban WEP

Companies that accept major credit cards will be barred from using WEP for their WiFi security, but not until mid-2010. The rule is part of new security standards defined and released this week by the Payment Card Industry Security Standards Council, which is made up of companies like Visa, MasterCard, American Express, and Discover. The sad thing is that WEP—which can be cracked in as little as two minutes—is still widely used in the old and decrepit point-of-sale systems used by many retailers; the new rules should help move along the long-overdue adoption of tighter security in credit card processing.

WEP's hackability has been widely known since 2001, and has been blamed for the largest incident of consumer data theft in history. TJX, parent company of discount retailers T.J. Maxx and Marshalls, disclosed last year that hackers had stolen data covering over 45 million credit and debit cards over an 18-month period. In addition to pilfering over 45 million—and possibly as many as 200 million—credit card and debit card numbers, the hackers were also able to obtain other personal data from over 450,000 customers. This included driver's license numbers and Social Security numbers.

read more | digg story

Microsoft device helps police pluck evidence from cyberscene

Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that may have been used in crimes. The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a USB "thumb drive" that was quietly distributed to a handful of law-enforcement agencies last June. Microsoft General Counsel Brad Smith described its use to the 350 law-enforcement experts attending a company conference Monday.

read more | digg story