Security

Symantec appoints cybersecurity advisor

By Terence Huynh on March 30th, 2010 No Comments

Symantec has announced that it will appoint Adam Palmer to become the Lead Cybersecurity Advisor for its Norton department, where he will be the public face of preventing cybercrime via education, empowerment and by reinforcing online rights with the assistance of law enforcement and other key organisations.

“Adam Palmer is a proven leader in the fight against cybercriminals and a powerful addition to our team,” Janice Chafflin, the President of Symantec’s Consumer Business Unit, said in a statement. “Adam will work directly with our product teams, law enforcement and others in the industry to arm consumers with the truth about cybercrime and help make the Internet a safer place.”

Palmer was a former cybercrime prosecutor and the legal director for the National Centre for Missing and Exploited Children (NCMEC), and joins after finishing his time from the .org Top Level Domain Registry where he introduced a cybersecurity program.

Symantec calls Chinese city world’s hacker hub

By Terence Huynh on March 29th, 2010 No Comments

China isn’t getting any good news within the technology sector, especially when Google just pulled Google.cn from the country and moved it to Hong Kong. Now, Symantec has identified a city in China to be the world’s capital of cyber-espionage, after identifying and tracing 12 billion e-mails that were “target attacks” coming from China – a higher number than what Symantec initially thought.

Researchers found that 21.3% percent that were traced back to China came from the city of Shaoxing, along with identifying that they were, according to the Times, “experts in Asian defence policy and human rights activists, strongly suggesting state involvement”. In all, China counted for 28.2 percent of all global attacks, followed by Romania with 21.1 percent and the United States with 13.8 percent.

Also found in the report that, despite not being common like .XLS (Excel spreadsheets) and .DOC filetypes, encrypted .RAR files were the most dangerous. While only contributing only 0.32 percent of all malicious files in March, it is compromised about 97 percent of the time when it is an email attachment. .XLS, .DOC, .ZIP and .PDF files counted for 50 percent of all attached emails that contained a malicious threat.

Govt Freelancer claimed to wrote Google attack code

By Terence Huynh on February 23rd, 2010 No Comments

Analysts from the United States government have said that they have found the programmer who wrote the code that was used to hack into Google’s servers last year, according to the Financial Times. According to the newspaper, the man is a security consultant in his 30s and posted sections of the code to a hacking forum.

The creator is known to be a freelancer, but while he did not launch the attack it is claimed that Chinese officials had “special access” to the program. The analysts did not go into how did they know about his whereabouts.

This comes after a report that the online attacks came from two educational institutions in China, the Shanghai Jaiotong University and the Lanxiang vocational school. Both schools have denied the reports, and the claims on the latter institution have been mocked within China.

Titstorm continues to cause havoc on Govt Websites

By Terence Huynh on February 11th, 2010 No Comments

Websites for the Parliament of Australia and the homepage of the government are still feeling the effects of Operation Titstorm, as it continues throughout the day. Both sites, at the time of writing, are still down as a group linked with Anonymous – an internet group that is famous of starting a campaign against the Church of Scientology.

Other government websites taken down include ACMA, and the website for the Defence Signals Directorate intelligence agency. We are also hearing reports that the Minister for the Department of Broadband, Communications and the Digital Economy’s website – Senator Stephen Conroy – has also been taken down.

The attacks are using the common technique of DDoS (Distributed Denial of Service) attacks to jam web traffic.

Anonymous is currently attacking the Australian Government after their plans of internet filtering.

Australian Govt attacked by Anonymous over Internet filter

By Terence Huynh on February 10th, 2010 3 Comments

The Parliament of Australia’s website has been taken down as part of an international operation against the proposed mandatory filtering plan that Kevin Rudd and Senator Stephen Conroy wish to implement. As of the time of writing, the site remains down.

People connected to the group Anonymous, known for starting a war against the Church of Scientology, launched an attack against the Parliament’s website as part of “Operation: Titstorm” – a combination of fax spam, denial of service attacks and prank phone calls.

This comes after the Australian Classification Board gave a pornographic film a refused classification rating – effectively banning it from sale in Australia – because of the film featuring female masturbation, according to Hungry Beast.

Read More »

Chinese Newspaper: Uncensored Internet “attempt to impose” values

By Terence Huynh on January 23rd, 2010 No Comments

A Chinese Newspaper has written a critical editorial about Secretary of State Hillary Clinton about her speech about the freedom to access information on the Internet. The newspaper, the Global Times, labelled her speech as a “disguised attempt to impose its values on other cultures in the name of democracy”.

“The online freedom of unrestricted access is, thus, only one-way traffic, contrary to the spirit of democracy and calculated to strengthen a monopoly,” the newspaper wrote in its editorial.

“The online freedom of unrestricted access is, thus, only one-way traffic, contrary to the spirit of democracy and calculated to strengthen a monopoly. These facts about the difficulties of developing nations, though understood by politicians like Clinton, are not communicated to the people of Western countries. Instead, those politicians publicise and pursue their claims purely from a Western standpoint.”

Read More »

Anon Facebook employee reveals security issues, staff abuses

By Terence Huynh on January 12th, 2010 No Comments

Facebook LogoFacebook currently is the most popular social networking tool, but many don’t realise that it hosts a lot of personal data – from birthdays to embarrassing pictures from your friend’s 21st birthday party. This, of course, means that many don’t realise the how dangerous it can be by posting that much personal information.

In a recent interview to The Rumpus, an anonymous employee of the social network reveals how Facebook staff can access your profile, even as far as typing your user ID and typing a master password comprising of “upper and lower case, symbols [and] numbers” that would spell out Chuck Norris.

Read More »

Android bug in Motorola Droid lets you bypass locking system

By Terence Huynh on January 11th, 2010 No Comments

A bug in the Android OS version 2.0.1 can allow unauthorised access to your phone, bypassing the locking mechanism on the Motorola Droid (or Milestone in Europe and Australia), with a simple phone call to the device.

The Android OS has a unique way of locking the device. Instead of a PIN, you have an 3×3 grid of circles and you create a pattern of 4 to 9 circles. According to The Assurer, which broke the news of the leak, this results in 3,024 to 362,880 different combinations. It sounds secure, and it is – unless you have an incoming calls.

Unlike other devices, the Motorola Droid has a back button when you are asked to put in your pattern combination, and pressing that takes the user back to the Home screen without being asked for the pattern, allowing full access to applications and data. However, it will proceed to ask you to type in the pattern when the call ends.

This is, basically, the easiest way to steal someone’s personal data from the phone, and another person, if technically capable to do so, can access your e-mail messages and financial information, like your credit cards and e-statements from banks.

It is unknown if the Nexus One has this similar flaw, and it has not been tested since it uses Android OS version 2.1.

Google has acknowledge the problem and is looking on a fix. A spokeswoman told Techcrunch’s Jason Kincaid, “We are aware of the issue and we’re working to deliver a fix to Motorola Droids shortly.”

Go Card error leaves two people sacked as investigation starts

By Terence Huynh on January 11th, 2010 No Comments

Two call centre operators have been given the sack as an investigation gets under way on why a commuter’s Go card, Queensland government’s paperless ticketing system for its public transport network, was stripped of funds and the money transferred to another account belonging to a different commute. The commuter that was affected was Nick Smith, who works as a cameraman for Channel Nine.

This incident has now raised questions on how secure the system is, which contains information of linked bank accounts and credit card details.

While acting Queensland Premier Paul Lucas has said that security protocols were not followed, he tried to ease concerns.

“People have raised a number of concerns about how the Go Card was rolled out in the last week or so and I’ve got to say we have to do better with that and Translink has got to make sure that it is doing everything in its power to make sure that people get appropriate and proper levels of service,” he told the ABC.

The Go Card, like the myki card system implemented in Victoria, has been marred in controversy, including forcing commuters to pay higher fares because of the lack of availability – upping the fares by 40 percent for those who don’t have a Go card, and 20 percent for those who have. As well, there were a lack of places to actually get the card, with only 34 of the 144 train stations around Queensland sell the Go card.

For me, however, it does raise questions on the security of the myki system.

Obama selects Schmidt to take up cybersecurity coordinator

By Terence Huynh on December 22nd, 2009 No Comments

NEWS IN BRIEF: President Barack Obama has chosen Howard Schmidt to take up the role as the national cybersecurity coordinator, according to an “administration official” talking to the Washington Post. The role will coordinate cybersecurity policy across the federal government – including the military agencies.

Schmidt, who is the president of the not-for-profit consortium Information Security Forum and was a cyber-adviser to the former Bush administration, will report to the national security advisor. Schmidt was also the chief security officer at Microsoft and the chief information security officer at auction site eBay.

The position is said to be announced on Wednesday (Tuesday in Washington DC), and does not require the Senate to confirm his role.

Twitter hacked by “cyber army” from Iran

By Terence Huynh on December 18th, 2009 No Comments

Reports are coming in that Twitter had been hacked with a message from a supposed group called the “Iranian Cyber Army”, with Twitter admitting that their DNS records were compromised – allowing the group to deface the site with the following message:

IRANIAN CYBER ARMY

THIS SITE HAS BEEN HACKED BY IRANIAN CYBER ARMY

iRANIAN.CYBER.ARMY@GMAIL.COM

U.S.A. Think They Controlling And Managing Internet By Their Access, But THey (sic) Don’t, We Control And Manage Internet By Our Power, So Do Not Try To Stimulation Iranian People To ….

NOW WHICH COUNTRY IN EMBARGO LIST? IRAN? USA?

WE PUSH THEM IN EMBARGO LIST

Take Care.

TechCrunch is also reporting that the same defacement appears on another site, Mowjcamp.com. The attack looks like to be similar to the Twitter defacement, where its DNS records were compromised. A quick search on Google appears to show the website is affiliated with the anti-government protestors after the elections in June.

This appears to be a common link with Twitter and Mowjcamp.com being taken down – as Twitter was instrumental in the coverage of the Iranian protests, with news outlets like CNN and MSNBC using the microblogging site to report on the protests.

Mowjcamp.com has now redirected themselves to another domain and have asked users to use the IP address directly or the other domain; while Twitter remains up.

Microsoft add-on leaves Firefox users exposed to critical hole

By Terence Huynh on October 17th, 2009 No Comments

A Microsoft add-on that was installed silently into Mozilla Firefox last February has now made Firefox, deemed to be one of the safer alternatives for Windows computers, open to an attack. The security hole also leaves Internet Explorer open to the same attack.

The threat, according to its Security Research and Defence blog, is a “browse-and-get-owned” attack, with a user being lured to open a malicious website and exploits the XAML Browser Application component in the Windows Presentation Foundation.

Read More »

Conficker infects Oxford University

By Terence Huynh on October 3rd, 2009 No Comments

Thought Conficker was dead and buried? Well, you were wrong, as the communal PCs used by the students who attend the Oxford Brookes University were found to be infected with the malware on Thursday, leaving a difficult job to IT support to clean out the virus.

“There has been a sustained and significant virus attack on the Brookes network. We are presently working to counteract it but this may result in unpredictable disruption to network services,” the University said in a statement to all faculty and staff.

“A version of the Conficker virus was involved. Servers and desktop PCs have been affected, including the pooled computer room PCs which were shutdown yesterday evening (1st October) until this morning.”

The university has advised that all staff members should check their PCs for the virus, and if it has been infected, then you should log out immediately, switch off the computer and contact IT support.

Brookes joins a long list of UK institutions that have been infected with the virus, joining Manchester City Council, the Houses of Parliament and the Ministry of Defence. However, it also serves as another reminder that it is still active and continues to infect more and more computers. However, while a botnet has not been established yet, figures from the Conficker Working Group reveal that there could be as many as six million computers infected.

You can find more information on Conficker in our guide to the virus.

ALERT: WordPress blogs under attack, Users asked to upgrade to 2.8.4

By Terence Huynh on September 6th, 2009 No Comments

SECURITY BRIEF: Users using an older version of WordPress (that is, before the current version 2.8.4) have been asked to upgrade immediately to the latest version in order to avoid an ongoing attack to users self-hosting their own blog and could lock you out of your account.

While blogs hosted on WordPress.com are not affected as they are upgraded as a new version comes out, the vulnerability is said to be growing by the hour. WordPress is used by governments, huge corporations and other known niche blogs (i.e. Mashable, TechCrunch) all over the world.

The attack, according to Lorelle on WordPress, is exploiting a known security hole in previous versions in the blogging software, allowing the attacker to have administrator access to your account and could get into the database via the pretty permalinks.

There are two clues that your WordPress site has been attacked.

There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”

The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize.

All users are advised to UPGRADE to the latest version, and those who have already been affected, the only fix is to export all of your posts, uninstall and reinstall WordPress and then re-import all your posts. Because it goes all the way to the database level, it is advised that you use a new database as importing the database would also bring your new blog install affected by the code.

WordPress will also release any new updates immediately with further security improvements if the attackers find a new security hole to exploit.

Snow Leopard’s malware protection scans only for two trojan infections

By Terence Huynh on August 29th, 2009 No Comments

Xprotectlists

Remember when Apple confirmed the much-hyped malware protection in Snow Leopard; well, it turns out that its nothing more than a XProtect.plist file that contains five file signatures for only two, and the most popular, trojans out there infecting Macs – OSX.RSPlug and OSX.Iservice.

Both threats, described as very low threats by Symantec, are usually attached as payloads on shady installs of the latest iWork and Adobe CS4 software found in Bit Torrent sites, installing themselves after a user enter their administrator credentials.