Spyware, viruses, & security forum: NEWS - September 20, 2012

Security firm Sophos has been had to issue an embarrassing apology after the company's antivirus program suddenly started classifying every and any software update - including the company's own - as 'Shh/Updater-B' malware.

The issue became apparent on Wednesday morning when the firm's support forums were deluged with reports from customers that the software was generating large numbers of false positives for legitimate programs including Java, Adobe Reader, Microsoft and Google. [Screenshot]

"I've just started seeing this reported from all of my workstations; scads of emails. The Sophos tech support number is giving a 'fast busy' signal, as everyone calls to ask wtf?," wrote one annoyed admin.

"We had roughly 40% "infection" rate here in about a ten minute span of time... a few hundred machines...," added another.

The company's support forum reports eventually ran to several dozen pages of comments on the same theme: large numbers of malware reports with no easy way to stop them coming.

False positives hit all antivirus programs from time to time but in this case it appears that because the program was also quarantining its own remote update many users were unable to rectify the problem.

Continued : http://news.techworld.com/security/3382507/sophos-antivirus-glitch-causes-false-positive-chaos/

From Sophos: Shh/Updater-B false positive by Sophos anti-virus products

Ryan Naraine @ the Kaspersky Lab Weblog:

As part of my job monitoring security threats and trends for Kaspersky Lab's global research team, I'm exposed to a healthy dose of paranoia from white hat researchers who find it trivial to hack into modern operating systems and platforms.

After a few days of hanging out in the hallways with exploit writers, I find myself clutching my laptop to my chest a little tighter and constantly peeking at my mobile phone to make sure nothing out of the ordinary is happening.

None of this paranoia is misplaced. Just pay attention to the lessons from the Pwn2Own challenges organized by the CanSecWest / EuSecWest folks (shout-out to Dragos Ruiu for putting together top-notch events) and you get a real-world understanding of why it's near impossible to keep away a motivated adversary.

This week, I had the opportunity to interview the hacking teams that used zero-day vulnerabilities and clever exploitation techniques to compromise fully patched iPhone 4S and Android 4.0.4 (Samsung S3) and the big message from these hackers was simple: Do not use your mobile device for *anything* of value, especially for work e-mail or the transfer of sensitive business documents.

For many, this is not practical advice. After all, your mobile device is seen as an extension of the computer and there is a legitimate need to access work e-mail on iPhone/iPad, Android and BlackBerry smart phones. However, whether you are a businessman, a celebrity or the average consumer, it's important to start wrapping your mind around the idea of separating work from play on mobile devices.

Continued : http://www.securelist.com/en/blog/208193841/EuSecWest_2012_That_thing_in_your_pocket

Related: Mobile Pwn2Own: iPhone 4S hacked by Dutch team

"Oracle's software update for the flaw doesn't protect all versions of the database"

A researcher tomorrow will demonstrate a proof-of-concept attack that lets outside attackers and malicious insiders surreptitiously crack passwords for Oracle databases with a basic brute-force attack.

Esteban Martinez Fayo, a researcher with AppSec Inc., will show at the Ekoparty security conference in Buenas Aires, Argentina, an attack exploiting cryptographic flaws he discovered in Oracle's database authentication protocol. It lets an attacker without any database credentials brute-force hack the password hash of any database user so he then can get to the data.

Martinez Fayo and his team first reported the bugs to Oracle in May 2010. Oracle fixed it in mid-2011 via the 11.2.0.3 patch set, issuing a new version of the protocol. "But they never fixed the current version, so the current 11.1 and 11.2 versions are still vulnerable," Martinez Fayo says, and Oracle has no plans to fix the flaws for version 11.1.

That leaves those database users at risk of what Martinez Fayo says is a fairly simple -- yet potentially devastating -- attack against the so-called stealth password cracking vulnerability. "It's pretty simple. The attacker just needs to know a valid username in the database, and the database name. That's it," he says.

Continued : http://www.darkreading.com/authentication/167901072/security/application-security/240007643/attack-easily-cracks-oracle-database-passwords.html