News

Quote

The company plans to announce tomorrow that it's expanding its Xfinity Home Security service. Last year the company began testing the service in Houston. Now it's adding six more cities. Additional cities that will get the new service include parts of Philadelphia; Portland, Ore.; Jacksonville, Fla.; Sarasota/Naples, Fla.; Chattanooga, Tenn.; and Nashville.

The Xfinity Home Security service offers traditional home security features, such as police and fire alarm protection with 24-hour monitoring. It also offers some home automation functions, such as the ability to adjust thermostats and lights remotely. And when people are not home, they can also watch live video streams from wireless cameras that are positioned in and around their home.

The technology behind the system is slightly different from traditional home security systems from companies, such as ADT. The Comcast Xfinity Home Security system works over a broadband connection rather than a phone connection. And as a result it's able to offer the video service and remote management. The company uses cellular networks as a back up to the broadband connectivity to ensure uptime.

Quote

The volume of attacks that target the Android mobile operating system has increased by 400% since the summer of 2010. Also in that timeframe, one in 20 enterprise mobile devices has gone missing.

Those two findings come from the "Mobile Malicious Threats" report released Tuesday by Juniper Networks, which sells networking hardware and security products.

While significant, the four-fold increase in malware targeting Android isn't unexpected. "You don't have to be extraordinarily smart to write mobile malware these days because most devices don't have any security tools to stop the malware," said Dan Hoffman, chief mobile security evangelist at Juniper Networks, in a telephone interview.

Quote

Sony has announced the PlayStation Network has begun restoration today. The PSN will be restored in a series of phases with phase one restoring access to the PSN, online gaming for the PS3 and PSP, access to Netflix, Hulu, MLB.com and PlayStation Home. The remaining features, such as the ability to make purchases from the PSN Store will return soon.

Quote

As a wholly owned subsidiary of Intel, McAfee will become part of the company's Software and Services Group, run by senior vice president Renee James. McAfee president Dave DeWalt will report directly to James.

McAfee will continue to offer its own branded line of security products and maintain its own customers. The two companies said they're prepping the "first fruits" of their partnership to hit the market later this year.

The need for greater security across a greater array of devices was the driving force behind Intel's bid to pick up McAfee.

Pointing to the growing number of connected devices, from PCs to mobile phones to TVs to medical devices, the two companies have said that today's approach to security isn't enough. And with the mounting threat of cyberattacks, a new security framework that combines hardware, software, and services is needed.

Quote

Upon execution the ransomware will change the Desktop’s wallpaper to the “Warning! Piracy detected!” background.
...
It will then make sure the warnings appear every time the end user restarts PCs. In between, it will lock down the end user’s Desktop, featuring the “Copyright violation: copyrighted content detected” window

lsb_release -a

uname -r

Quote

Details follow:

Mathias Krause discovered that the Linux kernel did not correctly handle missing ELF interpreters. A local attacker could exploit this to cause the system to crash, leading to a denial of service. (CVE-2010-0307)

Marcelo Tosatti discovered that the Linux kernel's hardware virtualization did not correctly handle reading the /dev/port special device. A local attacker in a guest operating system could issue a specific read that would cause the host system to crash, leading to a denial of service. (CVE-2010-0309)

Sebastian Krahmer discovered that the Linux kernel did not correctly handle netlink connector messages. A local attacker could exploit this to consume kernel memory, leading to a denial of service. (CVE-2010-0410)

Ramon de Carvalho Valle discovered that the Linux kernel did not correctly validate certain memory migration calls. A local attacker could exploit this to read arbitrary kernel memory or cause a system crash, leading to a denial of service. (CVE-2010-0415)

Jermome Marchand and Mikael Pettersson discovered that the Linux kernel did not correctly handle certain futex operations. A local attacker could exploit this to cause a system crash, leading to a denial of service. (CVE-2010-0622, CVE-2010-0623)

Quote

Security Update 2007-009 (10.5.1) is recommended for all users and improves the security of the following components:

Core Foundation
CUPS
Flash Player Plug-in
Launch Services
perl
python
Quick Look
ruby
Safari
Samba
Shockwave Plug-in
Spin Tracer

Quote

Unless a school using the tool has firewalls on the borders of its network designed to block unsolicited Internet traffic -- and a great many universities do not -- that Web server is going to be visible and accessible by anyone with a Web browser. But wait, you say: Wouldn't someone need to know the domain name or Internet address of the Web server that's running the toolkit? Yes. However, anyone familiar enough with the file-naming convention used by the toolkit could use Google to search for the server. But surely there are ways a network administrator might keep this information from being available to the entire Web, right? Yes. The toolkit allows an administrator to require a username and password for access to the Web server. The problem is that the person responsible for running the toolkit is never prompted to create a username and password. What's more, while Apache includes a feature that can record when an outsider views the site, that logging is turned off by default in the MPAA's University Toolkit.

Quote

Case in point: A hacker's diversion of traffic from a California county government Web site to a porn purveyor spiraled into IT chaos yesterday after a countermeasure applied from Washington essentially "deleted the ca.gov domain." Order was restored only after seven hours of frenzied coast-to-coast communications and a "forced propagation" of ca.gov network systems, according to Jim Hanacek, public information officer for the California Department of Technology Services. "We don't for sure have the whole picture, but as we understand it, there was some event at the Transportation Authority of Marin Country where their site got hacked," Hanacek told me this afternoon. Traffic was being redirected from that site to one featuring pornography.

Quote

A computer program was used to access the employers' section of the website using stolen log-in credentials. Symantec said the log-ins were used to harvest user names, e-mail addresses, home addresses and phone numbers, which were uploaded to a remote web server. The stolen data could be used to send phishing and spam e-mails. "This remote server held over 1.6 million entries with personal information belonging to several hundred thousands of candidates, mainly based in the US, who had posted their resumes to the Monster.com website," reported Symantec.

Quote

Safari's security model prevents JavaScript in remote web pages from modifying pages outside of their domain. A race condition in page updating combined with HTTP redirection may allow JavaScript from one page to modify a redirected page. This could allow cookies and pages to be read or arbitrarily modified. This update addresses the issue by correcting access control to window properties. Credit to Lawrence Lai, Stan Switzer, and Ed Rowe of Adobe Systems, Inc. for reporting this issue.

Quote

According to the Chinese Internet Security Response Team (CISRT), users of Norton Antivirus, Norton Internet Security 2007 and Norton 360 who installed an antivirus signature update released by Symantec on May 17 could not reboot their PCs. The update reportedly mistook two Windows system files--"netapi32.dll" and "lsasrv.dll"--as the Backdoor.Haxdoo Trojan horse. The two files were subsequently quarantined. CISRT said the flawed Symantec update only affects users of the Simplified Chinese version of Windows XP Service Pack 2 that have been patched with a particular Microsoft software fix available since November 2006. CISRT noted that this issue has been "huge." According to CCTV.com, which is part of China's largest national TV network, the problem has affected millions of PCs and was not completely resolved as of Wednesday.

Quote

DHS has maintained that the Real ID concept is not a national identification database. While it's true that the system is not a single database per se, this is a semantic dodge; according to the DHS document, Real ID will be a collaborative data-interchange environment built from a series of interlinking systems operated and administered by the states. In other words, to the Department of Homeland Security, it's not a single database because it's not a single system. But the functionality of a single database remains intact under the guise of a federated data-interchange environment. The DHS document notes the "primary benefit of Real ID is to improve the security and lessen the vulnerability of federal buildings, nuclear facilities, and aircraft to terrorist attack." We know now that vulnerable cockpit doors were the primary security weakness contributing to 9/11, and reinforcing them was a long-overdue protective measure to prevent hijackings. But this still raises an interesting question: Are there really so many members of the American public just "dropping by" to visit a nuclear facility that it's become a primary reason for creating a national identification system? Are such visitors actually admitted?

Quote

The number of Web sites engineered to exploit the problem has jumped considerably since the vulnerability was publicly disclosed by Microsoft on March 29. It will likely continue to rise until patches are applied across corporate and consumer PCs, said Ross Paul, senior product manager for Websense.

Quote

Microsoft says you have to buy Vista because it makes you much safer online than XP, or any of its previous operating systems. Do you believe that?
Thompson: Consumers should not be confused. Vista is not a security solution. Vista is an operating system, and Vista provides some very important advances from Microsoft's perspective and for the industry's point of view on building a more stable, more reliable, more secure operating platform, but people still need the efficacy that comes with the products that Symantec and others in the industry build, and so we should not be confused by the marketing rhetoric with what Vista is. It's a hopefully much better product than XP or any of its predecessors, but it's not a security solution.

Quote

"Krstic's system, known as the BitFrost platform, has only one user prompt (turning on the camera) and imposes limits on every program's powers. Under BitFrost, every program runs in its own virtual machine with a limited set of permissions. Thus a picture viewer can't access the web, so even if a hacker comes up with an exploit that lets him control the program, he couldn't use it to grab all the photos on the laptop and upload them to the internet. Programs downloaded to the computer can't "request a set of permissions that let (them) do bad things," Krstic said, unless that software has been certified by a trusted authority, which will be either One Laptop Per Child or one of the countries signed onto the project. Users can, however, manually assign more power to a particular program through the security control panel. While the idea of limiting permissions program by program dates back as far as 1959, according to Krstic, it's not been adopted widely because it puts the burden on application writers to deal with security. Other Linux/Unix-based systems -- including Apple's Mac OS -- run programs with authority limited to a local user, but that's not enough, said Krstic, because the program can still delete user files, even if it can't touch the underlying system files. Krstic's no fan of Microsoft's security, either -- despite Vista's imposition of limited permissions on programs, and its isolation of Internet Explorer in a virtual sandbox. "Vista's sandboxing is trying to impale sandboxing on something broken," Krstic said. Still, Krstic admits there's a drawback to his system: It limits interactions between applications."

Quote

Due to recent attacks on the SHA-1 hash function specified in FIPS 180-2 , Secure Hash Standard, NIST is initiating an effort to develop one or more additional hash algorithms through a public competition, similar to the development process for the Advanced Encryption Standard (AES). Two workshops (see menu at left) have been held to assess the status of the NIST-approved hash functions, to discuss possible near- and long-term options, and to discuss hash function research in preparation for launching such a competition. In addition, NIST has published its policy on the use of the current hash functions, and has proposed a tentative timeline for the competition.

Quote

That promise turned out to be untrue, according to a report published Friday by DHS' privacy office. The commercial data "made its way directly to TSA, contrary to the express statements in the fall privacy notices about the Secure Flight program," the report says. The report, and a second one critiquing a government database called Matrix, was released on the last business day before Christmas, a tactic that federal agencies and publicly traded companies sometimes use to avoid drawing attention to critical findings. Neither report appears on the DHS.gov or TSA.gov home pages, or even on the home page of the DHS privacy office, but rather was linked to from a subpage on the DHS privacy site.

Quote

We here offer an alternative to this update dilemma, starting immediately: version 3 of our script collection Offline Update requires only a few steps to reel in a current service pack at any time, combining all released Windows updates at the time of download. The download script acquires the complete update library for selected operating systems from Microsoft's servers and uses them to created ISO images for CDs or DVDs as desired. These in turn can be used to update as many PCs as you wish.

Quote

A security advisory from the Redmond, Wash., company said the flaw can be exploited if a user simply opens a rigged Word document. Affected software versions include Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac and Microsoft Word 2004 v. X for Mac. The Microsoft Works 2004, 2005 and 2006 suites are also affected because they include Microsoft Word.

Quote

RCSR attacks are also actively targeting Microsoft Internet Explorer, however a flaw in Firefox makes the attack much more likely to succeed. The Password Manager component of FireFox can be exploited to send a username and password combination to an attacker's computer without the user's knowledge. Users of both Firefox and Internet Explorer need to be aware that their information can be stolen in this way when visiting blog and forum websites at trusted addresses.

Quote

Three postings were made Tuesday evening to an e-mail list that sends out postings to the Google Video blog. "Some of these posts may have contained a virus called W32/Kapser.A@mm--a mass-mailing worm," Google said in a note on its Web site apologizing for the incident.

Quote

The vulnerability lies in the way the open-source browser handles JavaScript code. Viewing a rigged Web page will cause the browser to exit, a representative for Mozilla, the publisher of the software, said Wednesday. Contrary to claims on security mailing lists, the bug cannot be exploited to run arbitrary code on a PC running Firefox 2, the representative said. This flaw in the JavaScript Range object is different from the denial-of-service vulnerability in Firefox 2 that was confirmed by Mozilla last week. That bug is related to a more serious security hole, which was fixed in earlier versions of Firefox, the organization has said.

Quote

The company said that a small number of video iPods made after Sept. 12 included the RavMonE virus. It said it has seen fewer than 25 reports of the problem, which it said does not affect other models of the media player, nor does it affect Macs. The Cupertino, Calif.-based company apologized on its Web site for the problem, but also used the opportunity to jab at Microsoft, its operating system rival. "As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it," Apple said on its site.

Quote

The scope of the attacks has prompted the Bureau of Industry and Security (BIS), which manages US technology exports for both commercial and military use, to overhaul its computer systems and security defences. Information housed on the department's systems includes sensitive commercial and economic data on US exporters as well as data involving law enforcement records. "BIS discovered a targeted effort to gain access to BIS user accounts," Commerce Department spokesperson Richard Mills said. "They took a series of immediate action steps to ensure that no BIS data is compromised. We have no evidence that any BIS data has been lost or compromised," Mills said.