Spyware, viruses, & security forum: NEWS - January 25, 2013

Google has released Chrome 24.0.1312.56 to the stable update channel of the open source browser. The new update closes five security holes, three of which are high severity, and fixes problems with mouse wheel scrolling.

Atte Kettunen of the Oulu University Secure Programming Group in Finland received $1000 for the discovery of a high severity use-after-free vulnerability in the font handling of the HTML5 canvas. Ted Nakamura of the Chromium development community found a Mac OS X-only crash problem with unsupported RTC sampling rates, also rated with a high severity. The last of the high-severity-rated holes, an unchecked array in Chrome's content blocking, was fixed by the Chrome Security Team. Two medium severity issues were also fixed.

The mouse wheel scrolling problem fixed in this update concerned situations where the browser would scroll one pixel per mouse wheel interaction when it was actually set to scroll one screen at a time. Install problems for multiple user setups under Windows when Chrome was installed with administrator privileges have also been remedied.

Chrome 24.0.1312.56 is available for Windows, Mac OS X and Linux, and as the Chrome Frame plugin for Microsoft's Internet Explorer browser. All versions of Chrome should update themselves automatically; on some mobile platforms the user will be prompted to perform the update. Chrome is built from the open source Chromium browser project run by Google.

http://www.h-online.com/security/news/item/Chrome-update-closes-holes-and-fixes-mouse-wheel-issues-1791381.html

Nate Anderson at Ars Technica has a good story about how investigators tracked down "Virus," the nickname allegedly used by a Romanian man accused by the U.S. Justice Department of running the Web hosting operations for a group that created and marketed the Gozi banking Trojan. Turns out, I've been sitting on some fascinating details about this hosting provider for many months without fully realizing what I had.

On Wednesday, federal prosecutors unveiled criminal charges against three men who allegedly created and distributed Gozi. Among them was Mihai Ionut Paunescu, a 28-year-old Romanian national accused of providing the gang "bulletproof hosting" services. Bullproof hosting is an Underweb term for a hosting provider that will host virtually any content, from phishing and carding sites to botnet command centers and browser exploit kits. After I read the Ars story, I took a closer look at the Paunescu complaint (PDF), and several details immediately caught my eye. [Screenshot]

Continued : http://krebsonsecurity.com/2013/01/inside-the-gozi-bulletproof-hosting-facility/

"Two men jailed for carrying out cyber attacks, including one online assault that cost payments giant PayPal at least £3.5m"

A student and a church volunteer have been jailed for carrying out cyber attacks with the hacking group Anonymous, including one online assault that cost the payments giant PayPal at least £3.5m.

Christopher Weatherhead, a Northampton University student, was sentenced to 18 months in prison on Thursday for his part in distributed denial of service (DDoS) attacks on PayPal, Visa and Mastercard in December 2010.

The 22-year-old, who used the online alias "Nerdo", was found guilty in December of playing a leading role in several cyber attacks by Anonymous.

Weatherhead was impassive as his punishment was delivered by the Southwark crown court judge, who was earlier warned that his "nerdiness" would make him a vulnerable target in prison.

Continued : http://www.guardian.co.uk/technology/2013/jan/24/anonymous-hackers-jailed-cyber-attacks

Also:
Anonymous conspirator gets 18-month jail term
2 Anonymous Hackers from the UK Sentenced to Jail for Cyberattacks on PayPal
Brit mastermind of Anonymous PayPal attack gets 18 months' porridge