Here is a roundup of some of the top security stories on the net.
Amero sentencing pushed back to mid-May The scheduled sentencing for Julie Amero, the former Connecticut middle school teacher found guilty of exposing her students to internet pornography pop-ups, was pushed back again today – this time to May 18. These guys must be trying to regroup or something to keep from looking stupid when they get back into court.
The real security threats facing businesses Video of Mark Sunner, chief security analyst at MessageLabs, discussing some of the security problems businesses will have to deal with, like Next-generation bots, new scales of Trojans and the interweaving of social engineering.
Hackers tailor malware to individual businesses Video of F-Secure’s Hypponen talking about how high-profile businesses now face an evolution of traditional malware attacks as hackers write malicious code designed specifically to break through their defences, with antivirus unable to spot such intrusions.
Infosecurity: Convergence of spam and viruses detected in new attack Hackers have launched an attack that combines spam and viruses in a new global campaign, according to the latest report from MessageLabs.
Kaspersky: Mac and Linux viruses to rise “significantly” According to security expert Eugene Kaspersky, we are at the brink of seeing a significant rise in malware attacks on Mac and Linux platforms. So, are hackers ready to target a broad range of platforms or is this merely hyperbole from a security firm that wants to sell products?
Beware Of Google AdWords Account Hacks via Computer Exploit It appears that some external program gained access to his computer. The program then logged into his AdWords account, set up several ads that redirected to “places like orbitz.com and business.com” and also tried to install “activex remote desktop program” on those computers through the redirects (to infect other computers). Then it blocked access for that computer to login into AdWords by setting the local host files to 127.0.0.1 adwords.google.com (which means if someone on that computer tries accessing adwords.google.com, they get a not found). This prevents this computer from logging into Google AdWords to see if changed have been made to the account.
‘Evil twin’ Wi-Fi access points proliferate That’s the term for a Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up by a hacker to eavesdrop on wireless communications among Internet surfers. Unfortunately, experts say there is little consumers can do to protect themselves, but enterprises may be in better shape.
5 Cheap But Effective Tips To Improve Security Periodically check for rogue wireless access points, plus four other simple, yet inexpensive, improvements you can implement to boost the security of your enterprise.
Web threats to surpass e-mail pests By next year, Internet users can expect more cyberattacks to originate from the Web than via e-mail, security firm Trend Micro predicts.
Some more of the notable, and not so notable, news running about today.
Hack Attack: Control multiple computers with a single keyboard and mouse This is one great post, and something I will definitely be trying out at work and at home.
Cracking open the Microsoft Zune Portable media players are all the rage. View this gallery for an inside look at Microsoft’s new Zune. From the device’s packaging to its software and the device itself, here’s what you get (and how it works) when you buy a Zune.
Cracking open the Linksys WRT54G wireless router The Linksys WRT54G Wireless Router is one of the most common 802.11g devices deployed, a favorite of everyone from Linux fans to Windows users. Take a look inside what powers this ubiquitous device.
Wi-fi? Why worry? While the heating effects of high exposures to electromagnetic radiation can be damaging, the power levels of wireless connections are much lower than the microwave ovens and mobile phones which share the frequency range, and treating them in the same way is the worst sort of scaremongering.
An Open Letter to Apple from a Lifelong Gamer Mac convert asks Apple to make some good games.
Microsoft, Trying to Avoid a European Fine, Defends Demand for Royalties Microsoft, seeking to avoid another multimillion-dollar fine in its antitrust battle with the European Commission, filed documents with competition officials yesterday defending its demand to be paid royalties for releasing some software code to competitors.
9 ways ColdFusion 8 will rule web development Ben Forta and Adobe are getting into full swing with ColdFusion 8 Scorpio Pre-Release tour. Last night Ben gave us in Seattle a taste of things to come. Here is why it will kick the tar balls out of everything else on the market.
Intel cuts server and desktop CPU prices Intel has published price cuts of up to 40% for is 3000-sequence uni-processor server CPUs and updated its desktop CPU lineup with lower prices and new products.
WIRED journo won’t do email interviews–ironic A WIRED journalist pinged me for some comments on Michael Arrington and his A-list blogger status. I told the journalist to send me the questions by email and he refused. He said Dave Winer did the same thing.
Calacanis Won’t Do Phone Interview Jason McCabe Calacanis is complaining about a Wired reporter who wants to do an interview with him, but refuses to do it via email. He says it’s “ironic” that a magazine covering the digital age refuses to use email for its interviews.
Or, did you configure that router or just plug it in?
This is available in PDF format, here. Symantec has a video on this page Drive-By Pharming: How Clicking on a Link Can Cost You Dearly, and some more info.
For background info, the DNS system, or domain name system, is what allows us to just type in www.bank.com in our browser to display that webpage. Each website has at least one ip address, sometimes more, sometimes shared, that we connect to, the DNS system is like a big phone book that our computer checks to find out where to go. When you type in www.bank.com, your computer checks several spots to see how to get to the website, the DNS servers have all of the domain names mapped to ip addresses, so when you type in www.bank.com it checks DNS and the DNS says go to this ip address. If a hacker changed your DNS server to one of theirs, then they can tell your computer where to go. So, when you typed in www.bank.com, it would tell it to check a different ip address, one that was hosting the hackers version of the website, where they could record all of your info as you type it in. Now they have your info and can do whatever you can do in your bank account because they have your userid and password. They only thing that could possibly give it away, is when it tries to log you in, you don’t actually login, they could setup some re-direct to the real bank, where you could login, but this could cause problems to, as your computer thinks www.bank.com is on a different ip address and would end up sending you back to the hackers site, causing even more confusion on your end. But, there are probably workarounds to that as well, such as depositing a hosts file on your computer, etc.
The easiest work around is to change the password on your wireless router, in most cases it is pretty simple and definitely worth the time to keep this from happening to you. Instead of detailing each individual router, here are some links to information on some of the different routers and how to change the default password.
D-Link When clicking this link, it will ask you where you are, US, Canada, etc, pick your country and then come back to this link and click it again and it will then take you straight to the page.
As you can see, it is pretty simple to change it, and to login to most routers, you would connect to http://192.168.0.1 I say most because I have seen a couple that used a different default ip address, the one that comes to mind is one of Microsoft’s. You can probably find the spot to change the password very easily, use the links above if you have trouble locating it.
I will try to post these malicious sites here as we, the security researchers and other security sites find them, and as always, lets be careful out there.
An exploit involving a wireless driver created by Broadcom Corp. that is built into millions of new laptops created by HP, Dell, Gateway and other computer makers as well as some devices made by Linksys and Zonet, has been released, it is for a specific version, but the writer says it could easily be modified to different versions from different manufacturers. The flaw could be used to take complete control of any vulnerable machine that is within a few hundred feet. This flaw is active on most of these machines because of the background checking it does for wireless networks, so even if it is not connected to a wireless network, it is vulnerable.
A security researcher has released a set of instructions for exploiting a security flaw in the wireless Internet devices built into millions of new laptops from HP, Dell, Gateway and other computer makers. An attacker could use the flaw to take complete control over any vulnerable machine located within a few hundred feet, so be forewarned that reading the rest of this post could make you awfully leery of that guy sitting in the corner booth at Starbucks gleefully clacking away on his laptop.
According to the latest addition to the Month of Kernel Bugs project, the vulnerability resides in a flawed device driver from Broadcom Corp. that is bundled with many different laptops and built in to some devices made by Linksys and Zonet. The flaw is exploitable on vulnerable Windows machines whether or not the machine is connected to a wireless network. In fact, it is the wireless card’s background scan for available wireless networks that apparently triggers the flaw. Source: Exploit Targets Widely Deployed Wireless Flaw from SecurityFix via Faill.com
Here is a quote from the original post and a link to it.
The Broadcom BCMWL5.SYS wireless device driver is vulnerable to a stack-based buffer overflow that can lead to arbitrary kernel-mode code execution. This particular vulnerability is caused by improper handling of 802.11 probe responses containing a long SSID field. The BCMWL5.SYS driver is bundled with new PCs from HP, Dell, Gateway, eMachines, and other computer manufacturers. Broadcom has released a fixed driver to their partners, which are in turn providing updates for the affected products. Linksys, Zonet, and other wireless card manufactures also provide devices that ship with this driver. Source: Broadcom Wireless Driver Probe Response SSID Overflow
This could be a SERIOUS problem in the future, some organizations use Dell exclusively for their laptops, if they don’t come up with an easy way to update these laptops to the latest driver, lots of people could be exploited. I can see a whole new crop of botnets springing from Internet cafes, and places that allow free wireless internet access. Someone setting outside with a better antenna could seriously take advantage of some organizations, this could get ugly. Ask your resellers about it now, not later, and get them working on an easy solution for you.
Update: George OU, who writes Real World IT blog at zdnet, has some more information and a fix posted using an updated Linksys driver. The exploit no longer functions with this driver, but they have only tested it on a couple devices, while it should on work on most, I would think, there is always a chance something could go wrong.
Yes this is an UGLY solution but it’s all we have at this point. Broadcom should have provided certified drivers to Microsoft for inclusion in Windows Update but they didn’t. But even then, Microsoft device driver updates are never pushed out as automatic critical updates and we all know that if it isn’t automatic and seamless it probably won’t get done. This is something Microsoft needs to address with the PC industry in general because driver exploits are becoming very common and very dangerous. Source: Real World IT
Security researcher HD Moore has released code that shows how attackers can exploit an unpatched flaw present in some Apple wireless drivers. Moore said he tested this on a 1.0Ghz PowerBook running Mac OS X 10.4.8 with the latest updates, and while Apple released updates to fix three other problems with these wireless drivers, this flaw is still unpatched.
“With all the hype and buzz about the now infamous Apple wireless device driver bugs (brought to attention at Black Hat, by Johnny Cache and David Maynor, covered up and FUD’ed by others), hopefully this will bring some light (better said, proof) about the existence of such flaws in the Airport device drivers,” said LMH (the alias of the hacker who runs the Kernelfun blog) — referring to an Apple wireless driver issue covered by Security Fix earlier this year (the links in the quote are his). Source: Security Fix
To see the exploit code and the release, click here Apple Airport 802.11 Probe Response Kernel Memory Corruption,
The Apple Airport driver provided with Orinoco-based Airport cards (1999-2003 PowerBooks, iMacs) is vulnerable to a remote memory corruption flaw. When the driver is placed into active scanning mode, a malformed probe response frame can be used to corrupt internal kernel structures, leading to arbitrary code execution. This vulnerability is triggered when a probe response frame is received that does not contain valid information element (IE) fields after the fixed-length header. The data following the fixed-length header is copied over internal kernel structures, resulting in memory operations being performed on attacker-controlled pointer values.
A spokesman from Apple had this to say,
We were recently made aware of this security issue in our first generation AirPort card, which has not shipped since October 2003. This issue affects a small percentage of previous generation AirPort enabled Macs and does not affect currently shipping or AirPort Extreme enabled Macs. We are currently investigating the issue.” Source: Security Fix
Fun, fun, fun.
There have been rumors about Google launching a free nationwide wireless service, and according to some web pages that were recently found, they are. Speculation about a forthcoming Google WiFi service has been rife since August following an article in Business 2.0 magazine, but the company has refused to discussed its plans.
WiFi internet access is an increasingly popular technology that is used to provide high-speed wireless Internet access in homes, business and public spaces like airports, train stations and coffee shops, mostly aimed at travelers and people not close to their home conneections. Google launched a sponsored WiFi “hotspot” in San Francisco’s Union Square district in April with a start-up called Feeva.
Now, according to an article on realtechnews.com, they are launching secure access for their VPN for wireless connections. According to Google, “One of our engineers recognized that secure WiFi was virtually non-existent at most locations. As a result, he used his 20% project time to begin an initiative to offer users more secure WiFi access. Google Secure Access is the result of this endeavor.”
Digg.com has loads of comments on this one.
So, apparently they are going to offer wireless internet access, hopefully they will be able to cover more than the large metropolitan areas.
update Google, the online search leader, confirmed on Tuesday it has begun a limited test of a free wireless Internet service, called Google WiFi. Google spokesman Nate Tyler said the current test is limited to two public sites near the company’s Mountain View, Calif., headquarters–a pizza parlor and a gym–located in the heart of Silicon Valley. “Google WiFi is a community outreach program to offer free wireless access in areas near our headquarters,” Tyler said. more here at news.com.
This step-by-step article describes how to enable Windows XP automatic wireless network configuration. Windows XP makes it easy to set up your computer for wireless networking on any 802.11b standard wireless network.
Wireless networking is integrated into Windows XP and can be set up quickly with the Windows XP automatic networking Setup. All you need is a 802.11b wireless adapter installed on the mobile device, and an operating 802.11b standard wireless network.
Click here for more.