Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: NEWS - October 02, 2012

by: Carol~ October 2, 2012 1:55 PM PDT

Like this

0 people like this thread

Staff pick

NEWS - October 02, 2012

by Carol~ Moderator - 10/2/12 1:55 PM

Twitter Authentication Flaw Helps Crooks Take Over Popular Handles

From Bitdefenders' "Hot for Security" Blog:

If you're one of the Twitter users with an overly appealing username, please change your password to something solid before finishing this story. According to a veteran Twitter user known as @blanket, an authentication flaw in the Twitter login system makes it extremely easy for cyber-criminals to brute-force your Twitter password without any limitation.

Twitter user Daniel Dennis Jones, also known as @blanket, felt the flaw when he received a notification from Twitter that his password had been successfully changed. When he attempted to log in to the micro-blogging platform with his credentials, he found his password had been abusively changed by an unknown user. To add insult to injury, his username had also been replaced to an obscene handle.

"Twitternames that would have high value due to brevity: @hah, @captain, @craves, @abound, @grinding, [were] all cracked/stolen," Jones wrote on his Twitter wall. The series of attacks against these handles appears to have a financial motivation, as these usernames were later pitched at selling for prices between $60 and 100. "By chasing tweets I find @blanket & others are being pimped at a site called forumkorner," Jones continued.

Continued : http://www.hotforsecurity.com/blog/twitter-authentication-flaw-helps-crooks-take-over-popular-handles-3710.html

Also:
Twitter Authentication Flaw Allows Hackers to Hijack User Accounts
Twitter account hijacking exposes easy-to-exploit security flaw


Reply
Report offensive post
Email to friend

ScareWare Marketer Gets Whacked With $163 Million Judgment

by Carol~ Moderator - 10/2/12 2:03 PM

In Reply to: NEWS - October 02, 2012 by Carol~ Moderator

The Federal Trade Commission (FTC) said today that a federal court has inflicted a judgment of more than $163 million on the final defendant in its case against an operation that used "scareware" tactics in order to trick consumers into believing their computers were infected with malware, and selling them software to "fix" a non-existent problem.

In 2008, the FTC charged Kristy Ross and six other defendants with tricking more than a million Internet users into paying $39.95 or more for software to remove non-existent malware that appeared to be detected by scans.

The FTC said the operation utilized online ad networks and other popular web sites to promote "technologically sophisticated" Internet ads that displayed to consumers a "system scan" that would invariably detect a host of malicious or otherwise dangerous files and programs on consumers' computers. The bogus "scans" would then encourage consumers to buy the defendants' software for $40 to $60 to remove the said malware.

According to the FTC's original complaint, the fake security software included products such as WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus.

Continued : http://www.securityweek.com/scareware-marketer-gets-whacked-163-million-judgment

Also:
FTC wins $163 million from woman who tricked 1 million users into thinking their PCs had malware
FTC gets $163M judgment in scareware case


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Automated Toolkits Named in Massive DDoS Attacks Against U.S

by Carol~ Moderator - 10/2/12 2:53 PM

In Reply to: NEWS - October 02, 2012 by Carol~ Moderator

.. Banks

Attackers targeting major U.S. banks with distributed denial of service attacks are using a number of toolkits to automate the job. Prolexic Technologies, a security company specializing in DDoS protection services, identified one toolkit called itsoknoproblembro, a kit that attacks multiple ports and network targets.

Meanwhile, Arbor Networks told Threatpost via email that itsoknoproblembro isn't the only tool being used in these attacks, and that this isn't the first time it has seen the kit used in a large-scale DDoS attack. Experts have said the scale of these attacks is massive, unlike any seen previously.

During the past 10 days, PNC, Wells Fargo, J.P. Morgan Chase & Co, and Bank of America have been either taken offline or had intermittent outages interrupting services. A group using the name Mrt. Izz ad-Din al-Qassam Cyber Fighters has claimed responsibility for the attacks as retaliation for the portrayal of Muslims in a series of movie trailers posted to YouTube for the film "Innocence of Muslims."

Prolexic said today that it has recorded sustained floods hitting 70 Gbps and more than 30 million packets per second in some of the attacks. Expert Dmitri Alperovich of CloudStrike told Threatpost last week his company had seen some attacks reach 100 Gbps. Most observed DDoS attacks require 5-10 Gbps of traffic to take down a site.

Continued : https://threatpost.com/en_us/blogs/automated-toolkits-named-massive-ddos-attacks-against-us-banks-100212

Also:
Firm Says "itsoknoproblembro" DDoS Toolkit Was Used in Recent Debilitating Cyber Attacks
Prolexic: "itsoknoproblembro" DDOS Attacks Are Highly Sophisticated


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Tool prevents hackers from obtaining Android app source code

by Carol~ Moderator - 10/2/12 2:53 PM

In Reply to: NEWS - October 02, 2012 by Carol~ Moderator

RIIS announced HoseDex2Jar, a mobile security tool that can prevent Android decompilation by hackers on mobile devices.

Android runs applications in .dex format. Dex2Jar is the only tool available to convert Android APK's back into Java .jar files. This allows someone to decompile the .jar file using JD-GUI or JAD into readable source code. Once done, all proprietary source code and other sensitive information stored on backend databases are vulnerable.

RIIS knew if they could figure out a way to stop Dex2Jar from functioning, they could protect Android apps from being decompiled at all, thus protecting the apps from attackers. RIIS started investigating to see if Dex2Jar had any limitations they could expose. HoseDex2Jar was born.

"Developers can take steps such as using tools like ProGuard to obfuscate their code, but up until now, it has been impossible to prevent someone from decompiling an app," said Nolan.

Continued : http://www.net-security.org/secworld.php?id=13702

Also:
Mobile App Development Company Fights Off Android Malware with Obfuscation Tool
Mobile Firm Takes on Android Decompiler With New Tool
RIIS Develops Unprecedented New Mobile Security Tool to Stop Android Decompilation


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Fake Apple Discount Card Wants to Steal Your Personal Info

by Carol~ Moderator - 10/2/12 2:53 PM

In Reply to: NEWS - October 02, 2012 by Carol~ Moderator

Have you received a suspicious-looking Apple Store discount card in your email lately? It could be the latest ploy to steal your personal data, Sophos reports.

Aimed at Apple customers in Australia, the "card" claims to offer a 100 AU$ ($103) credit if you spend only 9 AU$, which is, quite obviously, too good to be true.

The text of the email contains the following bit: "Apple is rewarding its long-term customers. Your loyalty for our products made you eligible for buying an Apple Discount Card. With this only 9 AU$ Discount Card you will have 100 AU$ credit at any Australian Apple Store."

Attached to the email comes a form that asks for a lot of your personal info, including your name, address, date of birth as well as credit card details.

The entire thing does not come from Apple and is merely a scheme to obtain your personal info.

Continued : http://mashable.com/2012/10/02/fake-apple-discount-card/

Also:
Bogus Apple Store discount card offer attempts to steal users' identities
Fake Apple Store discount card leads to identity theft
Fake "Apple Reward" Emails Try to Steal Credit Card Details


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Tracking malware in the wild, Crocodile Hunter-style [VIDEO]

by Carol~ Moderator - 10/2/12 2:53 PM

In Reply to: NEWS - October 02, 2012 by Carol~ Moderator

security issues.

For instance, the humorous anarchic puppet show about spam, the mindreader who has a little help from Facebook, and Sophos's own movie about what happens when you go cycling around London, hunting for unsecured Wifi access points.

Now we have an affectionate spoof of the "Crocodile Hunter" TV shows made famous by the late Steve Irwin, with the intention of helping raise the public's understanding of web safety issues. [VIDEO]

The video, timed to coincide with National Cyber Security Awareness Month, comes from the folks at StopBadware.org and Bluehost.

Here are some quick tips:

• Keep your computers protected with up-to-date software and security patches - not just on the computers you use to browse the web, but the servers you use to host your website too. Malicious hackers are always on the lookout for computers that are not running the latest versions of software, hoping to exploit vulnerabilities.

Continued : http://nakedsecurity.sophos.com/2012/10/02/tracking-malware-in-the-wild-crocodile-hunter-style-video/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

October Is National Cyber Security Month

by Carol~ Moderator - 10/2/12 3:13 PM

In Reply to: NEWS - October 02, 2012 by Carol~ Moderator

Every October, those of us in the technology arena, and especially those of us who specialize in data security and privacy protection, promote National Cyber Security Month to family, friends, and co-workers.

If you depend on digital technology - and we all do - then you are at risk. Every day, more and more data about you finds its way online. From the most basic details of your first and last name to more comprehensive details including your address, phone number, and family member names to professional career details, you can be found online. In addition, if you bank online, your financial transactions are at risk, and if you access any medical-related vendors, then your medical records could be at risk.

The truth is, no information is guaranteed to be 100% breach-free. Therefore, you must be vigilant when it comes to knowing what information about you is online. No business or government entity is solely responsible for securing the Internet. You play the most important role in protecting your own digital life. You cannot hide your head in the sand and simply hope for the best.

Continued : http://www.infosecisland.com/blogview/22508-October-Is-National-Cyber-Security-Month.html

Related : 2012 National Cyber Security Awareness Month


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Android Devices Scream WiFi Network Names

by Carol~ Moderator - 10/2/12 3:13 PM

In Reply to: NEWS - October 02, 2012 by Carol~ Moderator

Thanks to lax mobile security practices and the amount of sensitive information stored in your pocket, mobile devices provide a rich platform for attackers to conduct reconnaissance, or the gathering of personal information used to crack into people's accounts.

Julian Bhardwaj, an intern at Sophos, writing for Naked Security, demonstrated a very cheap way to harvest some interesting bits of personal information using no more than a $23.95 wireless router off of eBay and freely available software. He simply took advantage of a default Android setting that broadcasts the names (SSIDs) of preferred wireless networks when you switch on your WiFi radio.

First, he set up a laptop in his university to capture packet data from nearby devices. Within five hours, 246 devices came into his range, and 49 percent were actively searching for - and broadcasting - the names of preferred networks. He was able to see 365 SSIDs, all containing information that a savvy attacker could use.

Continued : http://securitywatch.pcmag.com/none/303429-android-devices-scream-wifi-network-names


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close