Roer.com

Security  vendor Trusteer's latest product will allow banks to remotely investigate their customers' computers if it is suspected the PC has been hacked. The service, called Flashlight, is designed to enable banks' security experts to quickly identify what types of malicious software programs customers are encountering in order to build better defenses, said Mickey Boodaei, Trusteer's CEO.

Now if a bank wants to see if a customer's computer is infected, the computer usually has to be either physically taken to a lab or the hard disk has to be copied, he said. Flashlight detects malicious software programs on the computer and can send a report along with a copy of the suspicious program, Boodaei said.

"If they find a new piece of malware they haven't seen before on their customer's computer, this malware comes to us, we reverse engineer it and find out about its capabilities," Boodaei said.

The scenario under which Flashlight would be used is if a customer calls a bank to check on a possible fraud. The fraud investigation team would ask the person to install Flashlight, which can detect if the browser has been previously tampered with. The customer would be asked to send a log report, which can then be analyzed while the customer is on the phone, Boodaei said.

Flashlight can also send other data, such as details of a PC's operating system, version number of applications and whether antivirus software was up-to-date at the time of the infection.

Read more.

img: images.clipartof.com

The newest version of Zeus, a do-it-yourself crimeware kit responsible for millions of dollars in losses by consumers and businesses, comes with anti-piracy provisions similar to those used by Microsoft's Windows, a researcher said today. And that's a good thing.

Like Windows, Zeus 1.3 ties itself to a specific computer using a key code based in part on the machine's hardware configuration, said Kevin Stevens, a security researcher with Atlanta-based SecureWorks, and a co-author of a report on Zeus published last week. "It's just like a Windows license," said Stevens as he explained how the key code is generated.

After launching the Zeus Builder kit -- which sells for between $3,000 and $4,000 in its most basic configuration -- the software generates a hardware ID based on the PC's components as well as other factors, including the operating system's version number, said Stevens. That ID is then forwarded by the criminal customer to the seller of the program, who in turn cranks out a product activation code necessary to begin using the toolkit.

There is one major difference between the product activation practiced by Microsoft and what's used by Zeus, however. Although Microsoft will allow both minor and major changes to the hardware -- the latter may require a phone call to convince a support representative to issue another activation code -- there's no such protection for Zeus buyers. Even a small modification to the PC's hardware can prevent Zeus Builder from running. "You could request another [activation] code from the person who sold it to you, but there's no guarantee you would get one. The seller could say, 'I already have your money, pay for another.'"

The copy protection technology was added for obvious reasons, the same ones Microsoft cites when it explains why it regularly updates Windows Activation Technologies (WAT), better known by its earlier name of Windows Genuine Advantage (WGA). "This was definitely done to keep people from pirating the software," said Stevens, who noted that the previous versions of Zeus had been widely copied, tweaked and sold by others. "There have been a lot of Zeus [kits] hacked up."

Read the article.

img: www.viruslist.com

Microsoft confirmed today that a security update for its Excel spreadsheet had turned English text in an important Windows tool into Chinese.

The admission was the second in the past two days from Microsoft's Office team of a gaffe involving a recent security update.

Friday's announcement involved the seven-patch update Microsoft shipped on Tuesday for Excel. "We have received reports from some of our Excel 2003 and Excel 2002 customers that after installing update KB978471 or KB978474, they are seeing non-English text in the 'Add or Remove Programs' tool (Win[dows] XP) or the 'Programs and Features' --> 'Installed Updates' view (Vista, Win[dows] 7)," Microsoft said in an entry published early today on the "Office Sustained Engineering" blog.

The two updates Microsoft referenced, KB978471 and KB978474, were the patch collections for Excel 2002 and Excel 2003, respectively.

According to Microsoft, the patches are displayed in "Add or Remove Programs" in simplified Chinese rather than the intended English. "If English text ... is a requirement, there is a two-part workaround available," said Microsoft as it told users to first uninstall Tuesday's Excel update, then download and install a revamped version.

Read the article.

img: http://s17.photobucket.com/home/The_Wizard_of_OZ

US losses to online crime almost doubled during 2009, reveals a report.

Losses totalled $560m (£371m) in 2009, up from $265m (£176m) in 2008, showed the annual report by the Internet Crime Complaint Center (IC3). Complaints about online fraud grew 22% during 2009 and the IC3 received more than 336,655 reports of high-tech crime incidents from victims.

The most popular scams involved requests for advanced fees and non-delivery of merchandise.

Non-delivery accounted for almost 20% of all complaints with ID theft being the subject of 14.1% of the total crimes reported. "Internet crime is evolving in ways we couldn't have imagined just five years ago," said Donald Brackman, director of the National White Collar Crime Center which helped draw up the report.

One scam that proved popular in 2009 involved people receiving an e-mail from the "Ishmael Ghost Islamic Group". The sender claims he has been told to assassinate the recipient and their family. Only by giving a donation to a UK group that helps Islamic expatriates will the death threat be lifted.

While the average loss from online fraud during 2009 was $575 the total jumped significantly because some victims lost enormous sums to criminals, said the report. About 1% of the crimes reported involved losses of more than $100,000.

More than half of those falling victim, 55%, were aged 40 or older.

Read the article.

img: iso.org

Google is changing the way it handles the unique identifier that accompanies each installation of its Chrome browser.

As noticed by H-Online, a Google white paper (pdf) says the company will now delete the unique ID after the browser updates itself for the first time.

Google has confirmed with The Reg that the change will be made with the upcoming Chrome 4.1. A 4.1 beta was released earlier this month.

Google's white paper says the token will now be used solely to verify a successful install. "In order to measure the success rate of Google Chrome downloads and installations, a randomly-generated token is included with Google Chrome's installer," it reads. "This token is sent to Google during the installation process to confirm the success of that particular installation."

As it stands, Google lays down the unique identifier in the Chrome installation folder, but it says this is not linked to personal data and that it is merely used to check for updates and report crashes back to the company. It is reassigned each time the browser is updated.

With Chrome 4.1 it will still appear on the user's machine, but it will then be deleted after the initial update. "It's about time," reads a blog post from Mozilla director of community development Asa Dotzler. But he questions why the identifier is laid down in the first place. "But why ship it at all. Is it really that important to track individual users through their first automatic (and silent) update?" he asks.

Read more.

img: www.chrome-os-blog.com

The vast majority of consumer anti-virus products are still failing to block the Operation Aurora exploits used in the high profile attack against Google and other blue-chip firms last December, according to independent tests.

NSS Labs evaluated the effectiveness of seven popular consumer endpoint security products to see which blocked variants of the Operation Aurora attack. The security testing firm reckoned that most, if not all, of the products would block the exploit and malicious code payloads associated with an ultra-high profile attack that has been a mainstay of talk in the information security biz for the last six weeks.

However, only security software from McAfee out of all the seven tested products "correctly thwarted multiple exploits and payloads, demonstrating vulnerability-based protection", NSS discovered to its surprise. Other tested security suites - AVG Internet Security, ESET Smart Security 4, Kaspersky Internet Security, Norton Internet Security 2010, Sophos Endpoint Protection for Enterprise and Trend Micro Internet Security 2010 - all failed.

Read the article.

img: www.411-spyware.com

Twitter is going to launch a new platform that would allow the sites we visit everyday to interact with us without us accessing Twitter. The new framework @anywhere would be launched soon.

"When we designed Twitter, we took a different approach—we didn’t require a relationship model like that of a social network. Keeping things open meant you could browse our site to read tweets from friends, celebrities, companies, media outlets, fictional characters, and more. You could follow any account and be followed by any account. As a result, companies started interacting with customers, celebrities connected with fans, governments became more transparent, and people started discovering and sharing information in a new, participatory manner.

We’ve developed a new set of frameworks for adding this Twitter experience anywhere on the web. Soon, sites many of us visit every day will be able to recreate these open, engaging interactions providing a new layer of value for visitors without sending them to Twitter.com. Our open technology platform is well known and Twitter APIs are already widely implemented but this is a different approach because we’ve created something incredibly simple. Rather than implementing APIs, site owners need only drop in a few lines of javascript. This new set of frameworks is called @anywhere."

Read more.

img: twitter.com

US regulators have unveiled the nation's first plan to give every American super-fast broadband by 2020.

The Federal Communications Commission (FCC), which will now submit the plan to Congress, said broadband was the "greatest infrastructure challenge". It estimates that one-third of Americans, about 100 million people, are without broadband at home.

The FCC's goal is to provide speeds of 100 megabits per second (Mbps), compared to an average 4Mbps now. "Broadband for every American is not too ambitious a plan and it is absolutely necessary," former FCC chairman Reed Hundt told BBC News.

"The consequences of not succeeding are heartbreaking. Every nation needs a common medium to gather around and to have the internet as a common medium where a third are left out is unacceptable."

Read more.

img: bildirgec.org

Legislation to tackle internet piracy, including bans for illegal file-sharers, has been passed by the Lords.

The Digital Economy Bill is now expected to be rushed through the Commons before the general election. Peers had earlier rejected a bid by ministers to include wide-ranging powers over future online piracy law. But despite criticism, the government said it was still committed to giving courts the power to block websites which are infringing copyright.

The bill, put forward by Business Secretary Lord Mandelson, has been welcomed by the music industry because it includes plans to suspend the internet accounts of people who persistently download material illegally. But firms such as British Telecom, Google and Facebook say that would be unfair and illegal file-sharers should be fined instead of cut off. Earlier this month, peers defeated the government when they rejected a clause giving ministers the power to change laws on online copyright in future without the need for further legislation.

Read the article.

img: steadyoffload.com

Well for quite some time I’ve been thinking about whether to attend the conference. As per the website the advantages of attending the conference are:

• Establish and Develop a strong partnership program
• Exchange information on innovative Cloud Technologies
• Hear what leading Cloud Computing Providers have to say
• How can Cloud Computing benefit your business, from a small start up to a leading brand
• Meet and network with End users, IT professionals, Leading IT providers and vendors
• What are the risks of entering ‘The Cloud’
• Leverage competitive advantage from our other conference stream: Social Media World Forum, Social TV, Mobile Social Media & Enterprise
• Listen and get an insight to future of Cloud

I am quite interested in the “risks” and “perspective of users” about the cloud computing industry and its future. After attending SFDC’s CloudForce2 event in London I was quite impressed with their product but the security issues about the cloud industry were sadly not addressed to by anyone. I hope that I might get to meet some people from security who know what and why (fingers crossed) they are switching to the cloud industry.

The congress has an impressive line-up of professionals from various domains, I believe the event might be a fruitful one. Here is part of the list of the speakers as per the site:

• Jason Hart, Senior Vice President, CRYPTOCard
• Scott Dobson, Managing Director, Cloud Distribution Ltd
• Kenneth Verlage, CIO, DHL Express
• Adrian Steel, Head of Infrastructure Management, Royal Mail

I am looking forward to attend the cloudcomputing congress Europe event on the 15th & 16th of March at Olympia, London. The highlights of show include:

• 2 days of free workshops and exhibitions over 15th/16th March, 1 day Cloud Conference on 16th March

• Building partnerships in the Cloud ecosystem: Free exhibition and workshops designed to build partnerships between systems integrators, application providers, OEM partners, distributors, and service providers.

• Designed for the CIO and IT manager the Cloud Computing Congress event & conference examines SaaS, PaaS, software the technical challenges, and how to the applications outlined in Enterprise Social Media can be controlled and managed in the Cloud?

• A practical guide on cloud computing for your business - how your business can benefit, the value proposition, and the impact on the IT function  Building and managing applications in the cloud - how to manage and control applications and resources in the cloud environment?

• Learn from key cloud computing deployments - their successes and failures

Read further.

Today, you may read a background story about Kai Roer, and how he uses personal branding over at the Personal Branding Blog at the JCI Baltic Conference 2010.

The story is here: http://www.jci.ee/bc2010/personalbrandprofile-kai-roer?c_tpl=1062

Cabinet minister Ed Miliband was left embarrassed after apparently sending saucy messages to thousands of people on social networking site Twitter. Mr Miliband's unusually personal message, which was delivered to around 7,000 of his followers at breakfast time yesterday, boasted: 'hhey, i've been having better sex and longer with this here'.

The 'tweet', which appeared alongside a picture of a smiling Mr Miliband, was followed by a link to another website. Followers are friends and other subscribers who have signed up to receive any messages sent by a certain user. The Energy Secretary later admitted that he had become prey to an internet sex scam sweeping Westminster. In a genuine tweet, he wrote: 'Oh dear, it seems like I have fallen victim to Twitter's latest "phishing scam".' Mr Miliband was not the only person at Westminster to be targeted by internet hijackers. Harriet Harman, leader of the Commons, also revealed that a tweet had been sent from her account without her knowledge to a surprised Alan Duncan, Tory prisons spokesman.

Read more.

Whitehall IT chiefs have been warned by the intelligence agency GCHQ that security problems with cloud computing could foil their plans to use the technology to slash the cost of public services. The assessment forms part of the first report of the Cyber Security Operations Centre (CSOC), seen by The Register.

The new internet intelligence gathering unit, located at GCHQ's "concrete doughnut" in Cheltenham, will begin operations next month. "Cloud computing could form an important part of government cost-cutting exercises, but cloud computing hosts are likely to want to site their storage where it is cheapest for them to do so, which may mean that sensitive information or intellectual property is physically stored in another country, potentially one which might have an interest in using the information for its own purposes," CSOC says.

The report was prepared for the Cabinet Office, which sets overall government IT strategy. CIO John Suffolk recently promoted cloud computing technology and use of private providers as ways to cut costs. "You can't have hundreds of data centres and tens or even hundreds of networks. You have to ask 'Do we need to do all this ourselves?'," he said.

"I just don't think it's a suitable model for the next ten years."

However, CSOC sounds a more sceptical tone. It explains that while for some users cloud computing will bring security benefits, because malware protection will be managed by the service provider, the risks could be great.

Read the article.

(img: kavistechnology.com)

TO the horror of Latvia's political establishment, a mysterious group of computer hackers is threatening to expose the incomes of top officials after stealing millions of government tax records.

The group, calling itself the People's Army of the Fourth Awakening, claimed to have downloaded more than 7.5 million documents, including VAT receipts and income tax returns from the State Revenue Service after exploiting a security loophole on its website.

One hacker used the name Neo, in apparent tribute to the hero of The Matrix films, in which a vast system for enslaving humanity is exposed. "The purpose of the group is to unmask those who gutted the country," Neo told the Latvian television current affairs program Kas Notiek Latvija in an interview posted on its website. Neo has been hailed as a digital Robin Hood by disgruntled Latvians after posting details from the documents on the internet to contrast the earnings of top officials with cuts experienced by other workers. Latvia's economy shrank by almost a fifth last year and is the weakest in the EU.

The government slashed state salaries by up to 50 per cent and raised taxes in return for an EU-led bailout that saved the country from bankruptcy as revenues slumped and unemployment jumped to 23 per cent. Neo published the salaries of Latvian police chiefs and urged rank-and-file officers to "analyse the data and determine whether the salary reform is fair".

Read the article.

(img:voidspace.org.uk)

Cryptographers have broken the proprietary encryption used to prevent eavesdropping on more than 800 million cordless phones worldwide, demonstrating once again the risks of relying on obscure technologies to remain secure.

The attack is the first to crack the cipher at the heart of the DECT, or Digital Enhanced Cordless Telecommunications, standard, which encrypts radio signals as they travel between cordless phones in homes and businesses and corresponding base stations. A previous hack, by contrast, merely exploited weaknesses in the way the algorithm was implemented.

The fatal flaw in the DECT Standard Cipher is its insufficient amount of "pre-ciphering," which is the encryption equivalent of shaking a cup of dice to make sure they generate unpredictable results. Because the algorithm discards only the first 40 or 80 bits during the encryption process, it's possible to deduce the secret key after collecting and analyzing enough of the protected conversation.

"This standard, as with everything else we have broken, has been designed some 20 years ago, and it is proprietary encryption," said Karsten Nohl, one of the cryptographers who helped devise the attack. "It relied on the fact that the encryption was unknown and hence could not be broken. This is a case where something that has some potential for being strong is broken by just this one design decision that in any public review would have been spotted immediately."

Nohl, 28, is the same University of Virginia microscope-wielding reverse engineer to crack the encryption in the world's most widely used smartcard. In December, he struck again after devising a practical attack for eavesdropping on cellphone calls.

He and fellow researchers Erik Tews of the Darmstadt University of Technology and Ralf-Philipp Weinmann of the University of Luxembourg, plan to present their findings Monday at the 2010 Fast Software Encryption workshop in Korea.

Like several of Nohl's previous hacks, it began with nitric acid and an electron optical microscope. After dissolving away the epoxy on the silicon chip and then shaving down and magnifying the section dedicated to the DECT encryption, he was able to glean key insights into the underlying algorithm. He then compared the findings against details selectively laid out in a patent and exposed during a debug process.

The results of all three probe methods revealed the fatally insufficient amount of pre-ciphering in the DECT Standard Cipher.

Read the article.

(img: hypnocrites.blogspot.com)

Microsoft has warned Windows users to be on their guard against a piece of rogue antivirus software passing itself off as Microsoft Security Essentials. Security essentials 2010 is a piece of software Microsoft said installs a fake virus scanner on your machine and]monitors and blocks processes it doesn't like. The software will also block access to websites of antivirus and malware companies and flag up a warning message. You can see the list of blocked sites here.

Security essentials 2010 blocks access by downloading a Win32/Alureon component and another Layered Service Provider component, Microsoft's David Wood wrote on the company's Malware Protection Center blog. "This LSP monitors the TCP traffic sent by various Web browsers that the user might have installed, and blocks any traffic to certain domains," Wood said.

Adding insult to injury, Security essentials 2010 charges you to scan and remove files on your machine, claiming the version you will have initially downloaded is just a trial edition. Microsoft's Security Essentials is available without charge to PC users running a genuine copy of Windows.

Read the article.

Claims made of a major vulnerability in the Microsoft Windows operating system have been refuted.

Jan Fry, head of PCI at ProCheckUp Labs, claimed that the findings by 2X Software, revealed exclusively by SC Magazine yesterday, were a 'little sensationalist'. Yesterday, 2X Software said that with a simple piece of code, an operating system from Windows 7/Server 2008 versions to Windows 2000/Server 2003 could be crashed with malicious applications installed.

However Fry refuted this, saying that the claims indicate that code needs to be run for the vulnerability to be exploited, so an attacker cannot just send some malicious traffic to a Microsoft server and crash it. Fry said: "First scenario, someone is emailed a malicious application. They run it once and their machine crashes. This person is particularly stupid, so after rebooting, they run the executable again and once again the machine crashes. By now, even a potato would see the correlation and would stop running the executable.

Read the article.

(img:www.maximumpc.com)

Microsoft Corp. today withdrew its demand that Cryptome.org yank the "Microsoft Global Criminal Spy Guide" document from its site and said it had never intended for the whistleblower's domain to be knocked off the Web. "In this case, we did not ask that this site be taken down, only that Microsoft copyrighted content be removed," said a Microsoft spokeswoman in an e-mailed statement early today. "We are requesting to have the site restored and are no longer seeking the document's removal."

The document, a 17-page guide that Microsoft prepared to show law enforcement how to obtain information about users of its online services -- including Windows Live Hotmail, the Xbox Live gaming network and the Windows Live SkyDrive storage service -- was published by John Young, who runs Cryptome.org, on Feb. 20.

Earlier this week, Microsoft demanded that Young remove the document from his site, citing the Digital Millennium Copyright Act (DMCA). When Young refused, his Internet provider shut down the site, and Network Solutions LLC, the registrar of Young's domain, put a "legal lock" on the domain name. That last move prevented him from transferring the URL to another Internet service provider.

Originally, Young had been told he had until today to remove the document from his site or face the consequences. Instead, his ISP pulled the plug and Network Solutions locked the domain name a day early, forcing him to scramble Wednesday to find a temporary home for his site.

Today, Network Solutions unlocked the domain and restored the site. Cryptome.org returned to the Web shortly before 3 p.m. Eastern time.

Read the article.

(img: about.com)