Security Hero Rotating Header Image

March, 2009:

3980

3980

Win32/Adware.Antivirus2008, Win32/Adware.Antivirus360, Win32/Adware.BHO.NCX, Win32/Adware.Coolezweb, Win32/Adware.MSAntispyware2009 (3), Win32/Adware.Virtumonde (9), Win32/Adware.WinPCDefender, Win32/Agent.NFZ (3), Win32/Agent.QOY (3), Win32/Agent.WPI (2), Win32/AutoRun.ABH, Win32/AutoRun.FakeAlert.AF, Win32/AutoRun.FlyStudio.FB, Win32/AutoRun.FlyStudio.FC, Win32/AutoRun.KS, Win32/Bagle.QX (2), Win32/BHO.LXU (2), Win32/Delf.JZ, Win32/Dialer.NEW (2), Win32/Hexzone.P, Win32/Injector.MG, Win32/Kryptik.LU, Win32/Olmarik.FT (6), Win32/PSW.Agent.LQD (2), Win32/PSW.LdPinch.NKO, Win32/PSW.OnLineGames.NMP, Win32/PSW.OnLineGames.NMY, Win32/PSW.Papras (2), Win32/Redosdru.AA (2), Win32/Rustock (2), Win32/Spy.Agent.NMF, Win32/Spy.Zbot.IB, Win32/Spy.Zbot.JF, Win32/Spy.Zbot.NJ, Win32/Spy.Zbot.NN, Win32/Spy.Zbot.NO, Win32/TrojanClicker.Agent.NEB, Win32/TrojanDownloader.Agent.OYT, Win32/TrojanDownloader.Agent.OYU, Win32/TrojanDownloader.Banload.OOQ, Win32/TrojanDownloader.Banload.OOR, Win32/TrojanDownloader.Banload.OOS, Win32/TrojanDownloader.Banload.OOT, Win32/TrojanDownloader.Delf.ORQ, Win32/TrojanDownloader.FakeAlert.AAX, Win32/TrojanDownloader.FakeAlert.ZI, Win32/TrojanDownloader.Small.OHD, Win32/TrojanDownloader.Zlob.CZG, Win32/TrojanDownloader.Zlob.CZK, Win32/VB.OAG, Win32/VB.OAH (4)

URL: http://www.eset.com/joomla/index.php?option=com_content&task=view&id=5907&Itemid=26

Introducing RMBSS – quotRisk Metrics Budgetary Scoring Systemquot

Introducing RMBSS – quotRisk Metrics Budgetary Scoring Systemquot

Posted by J. Oquendo on Mar 31

Infiltrated Research Group is proud to introduce RMBSS "Risk Metrics
Budgetary Scoring System". A synergy of best practices frameworks
that synchronizes industry known security frameworks for more
thorough Risk Assessments and Analysis. The concept was born out
of the need for…

URL: http://seclists.org/fulldisclosure/2009/Mar/0464.html

0004 ESX Service Console updates for openssl, bind, and vim

VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim

Posted by VMware Security team on Mar 31

————————————————————————
                   VMware Security Advisory

Advisory ID: VMSA-2009-0004
Synopsis: ESX Service Console updates…

URL: http://seclists.org/fulldisclosure/2009/Mar/0463.html

Credit card data inadequately protected

Retailers: Credit card data inadequately protected

The self-regulatory system credit card companies have created to protect consumer data sacrifices some consumer protections for the sake of conveniencing the credit card companies and their financial institution partners, retail representatives told Congress Tuesday.

In light of recent data breaches that have compromised consumer information, such as the potentially massive 2008 Heartland Payment Systems breach, some congressmen are questioning whether the Payment Card Industry Data Security Standards, created and regulated by credit card companies, are sufficiently protecting information.

Source – Cnet

Related – Forbes: Visa, MasterCard In Security Hot Seat

Reddit It | Digg This | Add to del.icio.us

URL: http://www.pogowasright.org/article.php?story=20090331215927983

Computer rage can relieve stress

Computer rage can relieve stress

Swearing and shouting at a computer has become a common way for people to relieve stress and express anger, research has revealed.

The study by the University of Bolton found that computer rage is now an everyday expression of anger but it could sometimes be beneficial.

Dr John Charlton from the University told Web User: “In our study of 126 participants we found that the majority of people became angry three or four times each month, but more than 10 per cent reported anger occurring 10 times or more.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=30722

FBI Nabs Robbers With Google Map, Spycam Mashup

FBI Nabs Robbers With Google Map, Spycam Mashup

G-Men these days have to focus more on stopping terrorists than nabbing old-school bank robbers. So FBI agents in Arkansas are enlisting the online public’s help in catching the thieves. And it appears to be working. Four bank robberies have been solved in the past six months, thanks in part to tips collected from BanditTrackerArkansas.com, Little Rock special agent Steven Burroughs tells the Arkansas Democrat-Gazette. In all, 10 suspected robbers featured on the site are now behind bars.

Noel Andrew Jackson, who held up the Arvest bank in Springdale, was pretty easy to spot: 6’5″, 242 pounds, covered in tattoos X including one of a toothy mouth, beneath his adam’s apple. The guy in the goatee and the seaman’s cap who robbed the bank inside the Little Rock Kroger’s supermarket was a little more inconspicuous. But he was caught, too. (Maybe it had something to do with the site’s notice that “the robber fled in a white pickup truck bearing California tag 6DOP40.”)

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=30721

Intel Launches Enterprise –Class Xeon Processor 5500 series

Intel Launches Enterprise VClass Xeon Processor 5500 series

Intel introduced 17 enterprise-class processors, led by the Intel Xeon processor 5500 series. Designed for addressing the increasing computing needs of many industries, the new enterprise-class chips can automatically adjust to specified energy usage levels, and speed data center transactions and customer database queries, said R.Ravichandran, Director — Sales, Intel — South Asia, at the launch.

The Intel Xeon processor 5500 series, previously codenamed “Nehalem-EP,” offers several technologies to improve system speed and versatility. Technologies such as Intel Turbo Boost Technology, Intel Hyper-Threading Technology, integrated power gates, and Next-Generation Intel Virtualization Technology (VT) improved through extended page tables, allow the system to adapt to a broad range of workloads. The processor is designed to work with Intel’s upcoming 32 nm products as well. “We are not talking about performance for the sake of it. We have managed to put in a lot of intelligence and other capabilities to this new platform,” added Ravichandran.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=30720

SAS to Construct USD70 million Cloud Computing Facility

SAS to Construct USD70 million Cloud Computing Facility

SAS announced that the company intends to construct a 38,000-square-foot cloud computing facility to provide the additional data-handling capacity needed to expand SAS’ OnDemand offerings and hosted solutions. As the need for hosted solutions grows, new research and development jobs will be generated at SAS’ Cary, N.C., world headquarters, where the majority of R&D employees (more than 1,400) are located.

“This project is proof that, despite the down economy, SAS continues to grow and innovate,” said Jim Goodnight, CEO of SAS. “The growing demand by our customers for hosted solutions has given us this opportunity to invest even further in North Carolina and the Cary community.”

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=30719

April Fool’s Day computer virus could cause internet chaos today

April Fool’s Day computer virus could cause internet chaos today

A virus that experts believe has wormed its way into millions of computers could choose today to attack. The Conficker virus, which is thought to have infected up to 15million computers since last autumn, has so far lurked harmlessly – but it is said to be programmed to change the way it operates today.

No one knows what it will do – with some suspecting it is simply an April Fool’s joke. But there are fears the virus, which infects machines through the internet and via memory sticks, will be used to steal bank details, send spam emails or crash a major website by overloading it by redirecting all affected computers to it.

Conficker, which is also known as Downadup or Kido, is a ‘worm’ virus that exploits a gap in Microsoft Windows software. Parliament, the Ministry of Defence and several NHS trusts have been infected, as well as home computers.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=30718

GoGrid hit with DDoS attack, affects half its customers

GoGrid hit with DDoS attack, affects half its customers

Hosting company GoGrid suffered a denial of service attack Monday afternoon, which affected approximately half of its thousands upon thousands of customers, said its co-founder on Tuesday. The DDoS attack hit Monday afternoon, slowing customers’ Web sites, to creating latency issues, to making their Web sites inaccessible, said David Hecht, GoGrid co-founder.

Although GoGrid was able to stabilize the situation by late Monday afternoon and most its customers were back online, the company faced a decision whether to stay on course with a scheduled maintenance later that night, or reschedule for another date. The maintenance, which required GoGrid to take its portal down and troubleshoot support queries over the phone, was designed to expand its capacity, and deploy minor bug fixes and add additional improvements to the service

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=30717

Internet Explorer 8.1 Eagle Eyes Leaked

Internet Explorer 8.1 Eagle Eyes Leaked

Smashing Magazine tries to be at the forefront of new and exciting developments in the wide world of the web. You might have heard that we met with the IE 8 Chief Strategist in the past, so it should come as no surprise that we like to keep up with the latest events in the web browser industry.

Even with the successful recent release of Internet Explorer 8, in some underground circles there is already talk going around about the next version of Internet Explorer: IE 8.1, codenamed Eagle Eyes. Loaded with exclusive features such as a new JavaScript engine, support of WebSlices and full web standards support (CSS 3), IE 8.1 is speculated to debut in this summer.

In this article, we take a closer look at the new features of Internet Explorer 8.1, compare it with other browsers and share with you our first-hand experience with the browser. Overall the browser is faster, more flexible, more stable and also more secure and performs already much better than a recently released IE 8. One word sums up our experience with IE 8.1: Eagle Eyes is the browser that Internet Explorer should have brought on the market a long time ago – and now its finally here.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=30716

Is Twitter’s breakneck growth causing a backlash?

Is Twitter’s breakneck growth causing a backlash?

David Bill isn’t annoyed when Twitter gets so bogged down with traffic that he can’t post a message.

That’s because in the moment when frustration would hit, he’s greeted on the popular Web site by a cartoonish image he loves: a giant whale being lifted out of an ocean by a small flock of tweeting birds. The icon — which Twitter users call it the “fail whale” because the creature appears only when the site has failed to load — has gained a cult following as the social media site grows at breakneck pace.

The conversational Web site, which lets users post 140-character microblogs, saw a 1,374 percent jump in unique visitors between February 2008 and February this year, up to 7 million from only 475,000, according to Nielsen NetView.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=30715

Wired’s guide to iPhone piracy

Wireds guide to iPhone piracy

For iPhone owners who get sticker shock from a 99-cent application, Wired.coms Brian X. Chen has posted a round-up that points readers to a variety of websites where users can download thousands of apps for free.

According to Chen, Apples (AAPL) iTunes App Store is becoming an increasingly juicy target for software pirates. He cites an estimate by the research firm Medialets that 20% of the stores titles have already been pirated. There are dozens of apps, according to Medialets, that have pirated-to-paid ratios as high as a 100-to-1.

What Chen doesnt tell readers is that following the links he provides will lead them into a world of BitTorrent downloads and underground websites that offer easy access to the software but not necessarily to the codes needed to authorize their use.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=30714

Manila court asked to stop e-passport

Manila court asked to stop e-passport

Militant group Anakpawis asked the Manila Regional Trial Court (RTC) to block the Department of Foreign Affairs (DFA) from pushing through with the electronic passport for alleged irregularities and anomalous transactions in the bidding process of the project.

In a 19-page petition penned by Anakpawis secretary-general Cherry Clemente and spokesperson Joel Maglunsod, the group on Monday questioned the DFA and the Bangko Sentral ng Pilipinas (BSP) on the P859.7 million e-passport project, a supposedly build-operate-transfer (BOT) project which became a government-funded undertaking that was awarded to a French company (Francois Charles Oberthur Fiduciare.)

In asking for a mandamus and prohibition with application of a temporary restraining order (TRO) before the RTC in Manila, Clemente and Maglunsod also sought that the respondents publicly disclose the terms and conditions of the contract for the e-passport project, including the evaluation report, recommendation, legal and expert opinion, minutes of meeting, terms of reference, and other documents needed to support their claim.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=30713

Fraud in Canadian firms mostly an ‘inside job’

Fraud in Canadian firms mostly an ‘inside job’

Who is the most likely suspect for fraud in Canadian organizations?

A typical fraudster is a male between the ages of 30 and 49, employed at the company for three to five years, and not likely in management, according to KPMG LLP, the Canadian affiliate of global consulting firm, KPMG International.

KPMG LLP’s “Profile of a Canadian Fraudster” is based on a survey of senior execs across Canada at organizations that reported cases of fraud.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=30712