blog trackingRealtime Web Statistics Blog Archives - Page 1111 of 2073 - Gregory D. Evans | Worlds No. 1 Security Consultant

Archive for the ‘Blog’ Category

07 Apr 2012

Hacker attacks EC website


Posted: Saturday, April 7, 2012 12:00 am


Hacker attacks EC website

By Leader-Telegram staff

Leader-Telegram

|
0 comments

The city of Eau Claire’s website was attacked Thursday night by computer hackers, rendering it unusable for about five hours.

Reports came in at about 6 p.m. that the website had been replaced by a screen declaring that it had been “hacked by NobOdy.” By about 11 p.m. Thursday, the website was fully restored to working order, according to the city’s information services manager John LeBrun.

Subscription Required


An online service is needed to view this article in its entirety.

You need an online service to view this article in its entirety.

Have an online subscription?


Login Now

Need an online subscription?


Subscribe

Login

Or, use your
linked account:

Choose an online service.

Current print subscribers

You must login to view the full content on this page.

Or, use your
linked account:

Thank you for reading 15 free articles on our site. You can come back at the end of your 30-day period for another 15 free articles, or you can purchase a subscription at this time and continue to enjoy valuable local news and information. If you need help, please contact our office at 715-833-9200.

You need an online service to view this article in its entirety.

Have an online subscription?


Login Now

Need an online subscription?


Subscribe

Login

Or, use your
linked account:

Choose an online service.

Current print subscribers

Posted in
Story

on

Saturday, April 7, 2012 12:00 am.

Article source: http://www.leadertelegram.com/local_news/story/article_c824ecc7-99ff-586f-b78b-132e33fd2965.html

View full post on National Cyber Security » Computer Hacking

Tags: , ,
Posted in Blog | No Comments »
07 Apr 2012

Etsy to send female programmers to summer hacker school

Etsy, the online marketplace for handmade goods, is sending women to Hacker School this summer.

Marc Hedlund, Etsy’s vice president of engineering, said that in his career he has hired hundreds of men but only dozens of women.

“Other managers I know have reported similar experiences,” Hedlund wrote in a blog post.

So Etsy is hosting the summer 2012 session of Hacker School at its New York City headquarters, and it’s offering 10 $5,000 grants to women who want to join but need financial assistance.

“Our goal is to bring 20 women to New York to participate, and we hope this will be the first of many steps to encourage more women into engineering at Etsy and across the industry,” Hedlund wrote.

Etsy’s initiative will also boost the Hacker School’s female participation. Since it launched in July 2011, it has had only one woman take part in its three-month hack sessions. A prerequisite to attend Hacker School: must love programming.

“We want people who love programming who want to be hackers, we don’t focus on people who want to make a product or become entrepreneurs,” Sonali Sridhar, one of the school’s co-founders, told Mashable. “It’s a nurturing community in that sense.”

RELATED:

The grunts are geeks at Facebook Bootcamp

Facebook’s Sheryl Sandberg has a talent for making friends

How I Made It: Marissa Mayer, Google’s champion of innovation and design

Article source: http://www.latimes.com/business/technology/la-etsy-women-programming-hackers-20120406,0,3312481.story?track=rss

View full post on National Cyber Security » Computer Hacking

Tags: , , , , , ,
Posted in Blog | No Comments »
07 Apr 2012

Girls Around Me App Is a Reminder To Be Aware What You Share

by Larry Magid

Now defunct iPhone app showed images of nearby women

As far as I can tell, the app “Girls Around Me” wasn’t violating any laws. But it was high on the creepy scale when, according to reports, women’s identity, photographs and location were being revealed to strangers, even though the women never opted into the service. Although the developer, Moscow-based I-Free, hardly deserves any awards, the app’s a good wake-up call for people to use the privacy settings of legitimate social networking and location services.

The app mashed together information people posted about themselves publicly on Foursquare and Facebook and created a map showing the location and photographs of nearby women. On its website, the company brags that the app can be used to “Browse photos of lovely local ladies and tap their thumbnail to find out more about them.” It’s offered for those “In the mood for love, or just after a one-night stand.” An image that resembles a radar screen with a silhouette of an apparently naked woman adorns the home page.

Late last month Foursquare cut off access to the app so that it can no longer collect the company’s publicly accessible data. In a statement, Foursquare said “This is a violation of our API (application programming interface).” Apple subsequently removed the app from its app store.

Foursquare is a location service typically used to share information about restaurants and other places people visit. It’s common for people to use Foursquare to “check-in” to a location and share that information with their friends. Restaurant-goers often use it to recommend specific meals; and it’s possible to use the service to let friends locate you in real time, perhaps to stop by to say hello or share a drink or a meal.

Foursquare users can connect their account to Facebook and, when they do, they are asked to specify who can see their information. When I checked, it was set to “Friends.” But you can also set it to Public, which means anyone can see it, or “only me,” which hides it from everyone but yourself. It’s also possible to link Foursquare with Twitter. Although it’s possible to limit who can see your tweets, the default setting — which very few Twitter users change — is for tweets to be public.

Take responsibility for your own privacy

The fracas behind the Girls Around Me app is a reminder that we all have a responsibility to protect our own privacy. I’m not condoning their tasteless and tacky service, but from everything I can tell, the company didn’t hack into any servers or tap into anyone’s private information. Everything it did was based on information people posted for public consumption.

Let this be yet another reminder for people to think about over-sharing. To me, it’s obvious that connecting your Foursquare account with Twitter is tantamount to broadcasting your whereabouts. I’ve done that, but I did so knowingly. But it never hurts to remind people to put thought into whether they really want to publicly share where they are and, by implication, where they’re not.

Aside from safety and privacy concerns, location can also be embarrassing, as I realized a few years ago when I went to a particular holiday party instead of another party that some people thought I “should” have gone to. Without thinking, I used Facebook to “check-in” to the party and then realized that my would-be hosts from the other party might see it. To save face, I quickly jumped in my car and drove 35 miles to put in an appearance at the other party.

I’m sure my wife will be pleased to know that I never used the Girls Around Me app when it was available, but I have used Foursquare and Facebook’s check-in features and, when you sign into Foursquare via Facebook, you have to go out of your way to change the default from Friends to Public. Facebook also lets you disclose your location from its own mobile app, but you don’t have to and, if you do, you get to decide who can see it each time you post. It’s very important that users know that the settings are “sticky,” so if you post something publicly, your next post will also be public unless you change it to a more limited audience. The same is true with Google+.

Benefits of location sharing

I have no problem with location services. I use several, including Glympse, which allows me to share my location with friends and family in real time so that they can track my movements and whereabouts as I drive, ride my bike or walk around. This can also be reassuring to family members, who can use it to make sure that loved ones — parents for instance — know where they are and when they’ll get to their destination.

Checking in with Facebook and Foursquare can be fun, as long as you’re in control of who knows where you are. It’s up to all of us to learn to use these services carefully and up to companies to employ its best practices to minimize the risk of unintended consequences.

This article first appeared in the Mercury News

Article source: http://www.safekids.com/2012/04/06/girls-around-me-app-is-a-reminder-to-be-aware-what-you-share/

View full post on National Cyber Security

Tags: , , , ,
Posted in Blog | No Comments »
07 Apr 2012

How to reinstall OS X after malware infection

The recent Flashback malware for OS X has caused a bit of a stir in the
Mac community, and while it has only affected a fraction of the OS X install base, it still has had people who have indeed found the malware on their systems writing in to CNET and on the Apple Discussion boards.

For the most part, people have been finding the malware on their systems by having an antivirus scanner or reverse firewall such as Little Snitch installed, and have either been given an alert that the malware was either found or a program file with a short name beginning with a period attempting to contact remote servers via bizarre-sounding domain names such as cuojshtbohnt.com, and gangstaparadise.rr.nu.

These clear attempts have spurred investigation into the malware and have shown that this activity is the first part of the malware attack, where the malware has broken the Java sandbox and the program is trying to download the payload that will subsequently piggyback on local applications by altering launch environment variables either within the program or in the user’s account.

So far the malware has been fairly well described, and is not viral in nature, so for any particular variant it installs to a single location and runs from there to affect the system. As a result, when a variant has been characterized, you should be able to remove it from your system by following detailed instructions. However, malware can change rapidly (as Flashback has demonstrated) and because new variants may appear that will change the attempted modes of attack, there may be those who cannot determine which variant they may have encountered and doubt their abilities to manually clear the malware from their systems.

In these situations, there are two approaches you can take. The first is to get a reputable malware scanner such as VirusBarrier, Sophos, or ClamXav, install and update it, and then have it scan the system for known variants of the malware. By doing this you can at least quarantine any malware files found.

This is a recommended approach; however, it does rely on malware definitions having been defined for the malware, which may lag behind initial findings of malware.

The second approach is to forgo attempting to manage the malware and perform an OS reinstallation. While this will ensure that you start from a clean slate, it will be a bit of a burden for some people to do, especially since you may not be able to trust Time Machine backups or system clones to be free from the malware and therefore may not be able to simply restore your system from a backup.

If you can remember an exact instance of when your system was affected by the malware, such as when you installed a recent update to Flash that might have been the malware, or when you first saw any other warning signs pertaining to the malware, then you might be able to reinstall using backup from before the problem occurred; however, in many cases you might not be able to reliably identify such instances.

If you have decided that it would be best for you to play it safe and wipe your system and start over, by following this procedure you should be able to do so while preserving your data.

  1. Sync and back up
    First ensure that your system is properly synced to your Cloud-based services (iCloud, Google, Yahoo, etc.) to ensure items like contacts and calendars are saved. You can also go to Address Book, iCal, and other programs that you regularly use, and export the calendars, contacts, and other data to save to a flash drive or other separate storage medium. Such actions will ensure you will be abel to restore some of these items without relying on sync services to manage them for you.

    In addition to syncing, be sure your system is backed up. Use Time Machine or a cloning tool to back up your files, or at the very least manually copy all the folders from your home directory to an external hard drive, and do this for every active account on the system by logging into each and performing these actions.

    When you are done backing up, unmount and detach the external hard drive you used for the backup.

  2. Format the drive
    Reboot the system to the OS X installation DVD for OS X 10.6 or earlier (hold the C key at startup with the DVD in the optical drive), or reboot with the Command-R keys held for OS X 10.7. When the OS X installer loads, select your language and then open Disk Utility (available in the Utilities menu if it’s not presented in a Tools window).

    In Disk Utility, select your boot volume and then use the Erase tab to format it to “Mac OS X Extended (journaled).” This process should be fairly quick, and when done should leave you with a blank hard disk.

  3. Reinstall OS X
    Quit Disk Utility and then open the OS X installer. Do not choose any option to restore from backup. Follow the onscreen instructions to select your newly formatted hard drive and reinstall OS X, and then wait for the installation to complete.

  4. Create a new account
    When OS X is freshly installed it will ask you whether you would like to migrate data from a backup or from another computer. Avoid doing this, and instead create a fresh user account for yourself (you can use the same account name and other information).

  5. Update the system
    When you first log into your account, go to Software Update (in the Apple menu) and update the system to the very latest version. Run Software Update several times until no more updates are available.

  6. Deactivate Java
    The latest Flashback malware threats target systems with Java vulnerabilities. While Apple stopped shipping Java with OS X Lion, prior versions of OS X do have it installed by default. Often Java is not needed for running applications in OS X, so unless you have specific need for it, then turn it off. Even if you suspect you might need Java, you might consider starting with it disabled and then only activating it based on demand.

    There are two general ways to manage Java in OS X. The first is through application-specific settings such as the preferences for
    Safari,
    Firefox, and other Web browsers, where you can locate settings to disable the Java plug-in and Java management (do not disable JavaScript). These settings will ensure speific programs do not use Java, and for the most part will be enough to prevent Java from being taken advantage of on the system; however, if you reset Safari or install a new Web browser then you may inadvertently use Java.

    To prevent inadvertent uses of Java by programs, you can open the Java Preferences utility in the /Applications/Utilities/ folder and uncheck the listed Java runtimes to disable them systemwide. If upon opening the Java preferences you get a warning about needing to install Java, then your system does not have it installed and you do not need to do anything else.

    If you do need Java installed and active on your system, then be sure to apply the latest Java software update, and consider disabling it in Web browsers.

  7. Restore your data from backup
    The next step is to copy your data back to your system from your backups. Do not use Apple’s Migration Assistant tool to do this since it will restore folders and applications that may have been altered by the malware, so instead copy the files from your Documents, Movies, Music, and other home directory folders to their respective locations within your user account.

    The current Flashback malware has affected contents of the user library, particularly the Launch Agents folder, and while you can restore the contents of the folder to your new user Library to preserve some settings and configurations, for the sake of the extra care being taken in this approach, it is best to leave that folder alone and only restore individual items out of it only as needed.

    At this point you can set up iCloud or other sync services in the system preferences, and then launch Address Book, Mail, iCal, and other programs you use to configure those programs and the accounts you use with them. If your contacts and calendars are missing, then you can re-import them from the manual backups you previously created.

    Perform steps 6 and 7 for any additional user accounts on the system by first creating the account, deactivating Java, and then restoring the account data from the backup.

  8. Reinstall applications
    The next step after restoring your accounts is to reinstall the applications you use. While your previous set of applications were backed up before you started this procedure, avoid restoring them or opening them because in one mode of infection the Flashback malware does directly alter some of these programs. Instead, use the backup as a reference for which applications you previously had and reinstall them from their installation discs, the Mac App Store, or other means by which you originally obtained them.

    When you have installed your applications, be sure to fully update them and then open and configure them according to your preferences.

    At this point your system should be back up to a usable state, and you should be able to continue your workflow as it was before reinstalling. If you find you are missing some required fonts, sounds, or other files that your applications need, then you can access them from the global /Library folder from the backup or in the /Library folder from your user account.

The final step in this process is to protect yourself from further infection. While disabling Java as mentioned above is one step, you can take additional ones to help secure your system. Install a reverse firewall such as Little Snitch to help detect and block programs from phoning home to remote servers, and consider installing an antivirus utility.

While you do not have to configure the antivirus tool to diligently scan all files on demand, you can set it up to scan common downloads folders only (such as the Desktop or the Downloads folder within your user account) and then once a week or perhaps once a month have it scan the whole system. For now, despite the latest malware news, this should be enough to ward off malware and provide you with ample protection.

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.

Article source: http://reviews.cnet.com/8301-13727_7-57410604-263/how-to-reinstall-os-x-after-malware-infection/?part=rss&subj=news&tag=title

View full post on National Cyber Security » Virus/Malware/Worms

Posted in Blog | No Comments »
07 Apr 2012

How to reinstall OS X after malware infection

The recent Flashback malware for OS X has caused a bit of a stir in the
Mac community, and while it has only affected a fraction of the OS X install base, it still has had people who have indeed found the malware on their systems writing in to CNET and on the Apple Discussion boards.

For the most part, people have been finding the malware on their systems by having an antivirus scanner or reverse firewall such as Little Snitch installed, and have either been given an alert that the malware was either found or a program file with a short name beginning with a period attempting to contact remote servers via bizarre-sounding domain names such as cuojshtbohnt.com, and gangstaparadise.rr.nu.

These clear attempts have spurred investigation into the malware and have shown that this activity is the first part of the malware attack, where the malware has broken the Java sandbox and the program is trying to download the payload that will subsequently piggyback on local applications by altering launch environment variables either within the program or in the user’s account.

So far the malware has been fairly well described, and is not viral in nature, so for any particular variant it installs to a single location and runs from there to affect the system. As a result, when a variant has been characterized, you should be able to remove it from your system by following detailed instructions. However, malware can change rapidly (as Flashback has demonstrated) and because new variants may appear that will change the attempted modes of attack, there may be those who cannot determine which variant they may have encountered and doubt their abilities to manually clear the malware from their systems.

In these situations, there are two approaches you can take. The first is to get a reputable malware scanner such as VirusBarrier, Sophos, or ClamXav, install and update it, and then have it scan the system for known variants of the malware. By doing this you can at least quarantine any malware files found.

This is a recommended approach; however, it does rely on malware definitions having been defined for the malware, which may lag behind initial findings of malware.

The second approach is to forgo attempting to manage the malware and perform an OS reinstallation. While this will ensure that you start from a clean slate, it will be a bit of a burden for some people to do, especially since you may not be able to trust Time Machine backups or system clones to be free from the malware and therefore may not be able to simply restore your system from a backup.

If you can remember an exact instance of when your system was affected by the malware, such as when you installed a recent update to Flash that might have been the malware, or when you first saw any other warning signs pertaining to the malware, then you might be able to reinstall using backup from before the problem occurred; however, in many cases you might not be able to reliably identify such instances.

If you have decided that it would be best for you to play it safe and wipe your system and start over, by following this procedure you should be able to do so while preserving your data.

  1. Sync and back up
    First ensure that your system is properly synced to your Cloud-based services (iCloud, Google, Yahoo, etc.) to ensure items like contacts and calendars are saved. You can also go to Address Book, iCal, and other programs that you regularly use, and export the calendars, contacts, and other data to save to a flash drive or other separate storage medium. Such actions will ensure you will be abel to restore some of these items without relying on sync services to manage them for you.

    In addition to syncing, be sure your system is backed up. Use Time Machine or a cloning tool to back up your files, or at the very least manually copy all the folders from your home directory to an external hard drive, and do this for every active account on the system by logging into each and performing these actions.

    When you are done backing up, unmount and detach the external hard drive you used for the backup.

  2. Format the drive
    Reboot the system to the OS X installation DVD for OS X 10.6 or earlier (hold the C key at startup with the DVD in the optical drive), or reboot with the Command-R keys held for OS X 10.7. When the OS X installer loads, select your language and then open Disk Utility (available in the Utilities menu if it’s not presented in a Tools window).

    In Disk Utility, select your boot volume and then use the Erase tab to format it to “Mac OS X Extended (journaled).” This process should be fairly quick, and when done should leave you with a blank hard disk.

  3. Reinstall OS X
    Quit Disk Utility and then open the OS X installer. Do not choose any option to restore from backup. Follow the onscreen instructions to select your newly formatted hard drive and reinstall OS X, and then wait for the installation to complete.

  4. Create a new account
    When OS X is freshly installed it will ask you whether you would like to migrate data from a backup or from another computer. Avoid doing this, and instead create a fresh user account for yourself (you can use the same account name and other information).

  5. Update the system
    When you first log into your account, go to Software Update (in the Apple menu) and update the system to the very latest version. Run Software Update several times until no more updates are available.

  6. Deactivate Java
    The latest Flashback malware threats target systems with Java vulnerabilities. While Apple stopped shipping Java with OS X Lion, prior versions of OS X do have it installed by default. Often Java is not needed for running applications in OS X, so unless you have specific need for it, then turn it off. Even if you suspect you might need Java, you might consider starting with it disabled and then only activating it based on demand.

    There are two general ways to manage Java in OS X. The first is through application-specific settings such as the preferences for
    Safari,
    Firefox, and other Web browsers, where you can locate settings to disable the Java plug-in and Java management (do not disable JavaScript). These settings will ensure speific programs do not use Java, and for the most part will be enough to prevent Java from being taken advantage of on the system; however, if you reset Safari or install a new Web browser then you may inadvertently use Java.

    To prevent inadvertent uses of Java by programs, you can open the Java Preferences utility in the /Applications/Utilities/ folder and uncheck the listed Java runtimes to disable them systemwide. If upon opening the Java preferences you get a warning about needing to install Java, then your system does not have it installed and you do not need to do anything else.

    If you do need Java installed and active on your system, then be sure to apply the latest Java software update, and consider disabling it in Web browsers.

  7. Restore your data from backup
    The next step is to copy your data back to your system from your backups. Do not use Apple’s Migration Assistant tool to do this since it will restore folders and applications that may have been altered by the malware, so instead copy the files from your Documents, Movies, Music, and other home directory folders to their respective locations within your user account.

    The current Flashback malware has affected contents of the user library, particularly the Launch Agents folder, and while you can restore the contents of the folder to your new user Library to preserve some settings and configurations, for the sake of the extra care being taken in this approach, it is best to leave that folder alone and only restore individual items out of it only as needed.

    At this point you can set up iCloud or other sync services in the system preferences, and then launch Address Book, Mail, iCal, and other programs you use to configure those programs and the accounts you use with them. If your contacts and calendars are missing, then you can re-import them from the manual backups you previously created.

    Perform steps 6 and 7 for any additional user accounts on the system by first creating the account, deactivating Java, and then restoring the account data from the backup.

  8. Reinstall applications
    The next step after restoring your accounts is to reinstall the applications you use. While your previous set of applications were backed up before you started this procedure, avoid restoring them or opening them because in one mode of infection the Flashback malware does directly alter some of these programs. Instead, use the backup as a reference for which applications you previously had and reinstall them from their installation discs, the Mac App Store, or other means by which you originally obtained them.

    When you have installed your applications, be sure to fully update them and then open and configure them according to your preferences.

    At this point your system should be back up to a usable state, and you should be able to continue your workflow as it was before reinstalling. If you find you are missing some required fonts, sounds, or other files that your applications need, then you can access them from the global /Library folder from the backup or in the /Library folder from your user account.

The final step in this process is to protect yourself from further infection. While disabling Java as mentioned above is one step, you can take additional ones to help secure your system. Install a reverse firewall such as Little Snitch to help detect and block programs from phoning home to remote servers, and consider installing an antivirus utility.

While you do not have to configure the antivirus tool to diligently scan all files on demand, you can set it up to scan common downloads folders only (such as the Desktop or the Downloads folder within your user account) and then once a week or perhaps once a month have it scan the whole system. For now, despite the latest malware news, this should be enough to ward off malware and provide you with ample protection.

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.

Article source: http://reviews.cnet.com/8301-13727_7-57410604-263/how-to-reinstall-os-x-after-malware-infection/?part=rss&subj=news&tag=title

View full post on National Cyber Security » Virus/Malware/Worms

Tags: , , ,
Posted in Blog | No Comments »
07 Apr 2012

Flashback the largest Mac malware threat yet, experts say



(Credit:
Intego)

Unless you’ve been living under a rock for the past week, you’ve probably heard about Flashback, a piece of malware targeting users of Apple’s
Mac OS X that’s now estimated to be quietly running on more than 600,000 machines around the world.

That number, which came from Russian antivirus company Dr. Web earlier this week, was confirmed today by security firm Kaspersky. More than 98 percent of the affected computers were running Mac OS X, the firm said.

That’s certainly a big number, but how does it stack up to past threats?

“It’s the biggest, by far,” Mikko Hypponen, chief research officer at antivirus and computer security firm F-Secure, told CNET in an e-mail. “I’m afraid the malware-free times of Mac users are behind us permanently.”

Separately, Catalin Cosoi, chief security researcher for antivirus-software maker Bitdefender, said the infection was likely the largest for the Mac so far this decade, but that there’s no precise way to measure how many Mac OS computers have been compromised.

“600,000 represents around 12 percent of the Mac OS computers sold in Q4 2011,” Cosoi said, “which means that if we count the number of Mac OS devices sold in the past three years, we can estimate that less than 1 percent of the Mac OS computers are possibly infected. On the other hand, if we look at the actual numbers and not at the percentages, the numbers look pretty scary.”

Why now?
The consensus among security researchers is that a threat this size has been long overdue for the Mac, in no small part because of the platform’s growing popularity.

Apple has outpaced the growth of the PC industry for 23 straight quarters, according to data from IDC. While the company’s iOS devices, like the
iPhone and
iPad, have not surprisingly seen much faster growth and overall sales in recent years, Apple also broke a Mac sales record in its last quarter, selling more than 5 million computers — all of which were, of course, running the company’s proprietary operating system.

That kind of growth, which as of February put Apple’s installed base of Mac OS X users at 63 million, has not gone unnoticed by attackers, according to security researchers.

“As more people buy and use Macs, we’ll see more malware,” Charlie Miller, a principal research consultant for Accuvant Labs, told CNET by telephone. “Part of it too is that it’s a Java vulnerability, and the actual exploit is OS independent, so (malware writers) didn’t have to know how to write an OS X exploit.”

In this particular instance, the weak point that malware writers were targeting was Java, a technology Apple hasn’t included out of the box on its computers since 2010, but that it supports with its own releases. The runtime is used from anything from enterprise applications to popular 3D games like Minecraft. In November 2010, when announcing plans for the OpenJDK project, Apple said it would continue to maintain these versions through Lion, but that Java SE 7 and beyond would be handled and distributed by Oracle.

Java or no, Paul Ferguson, a senior threat researcher at Trend Micro, suggested that HTML5 — a Web standard in progress that Apple, Microsoft, and other browser makers are helping to build — holds the same type of threat for future attacks.

“Wait until HTML5 becomes more ubiquitous for similar types of threat vulnerabilities, and you can have a botnet that runs in your browser,” Ferguson cautioned. “The more ubiquitous these platforms are, it won’t matter if it’s a mobile device or a computer. It it’s running Java or any other cross-platform technology, the threat is there.”

Not the first mainstream threat to the Mac
Malware programs are designed to harvest user information that can be sold to third parties, or used for fraudulent activities. Infected machines can also be used as botnets, which can be rented for use in distributed denial of service attacks. Flashback is the latest in a series of attacks against Mac users through malware — though it turns out not to be so new.

“Flashback’s come back around a few times now,” said Steve Bono, principal security analyst for Independent Security Evaluators. “It’s possible that these computers have been infected since the beginning — sometime last fall. These things go unpatched, and once a vulnerability is known, it can take months to make the patch.”

That’s exactly what happened with Flashback. While earlier versions that relied on a piece of software meant to look like Adobe’s Flash installer were squashed as part of security updates, this latest variant went through Java instead. Oracle updated Java to patch the vulnerability the attackers were going through in February, though Apple took longer to patch the version it maintains and delivers to users through its software update tool.


MacDefender, last year’s big malware scare, pretended to be an antivirus program.

(Credit:
Intego)

Prior to Flashback, the malware of interest was a piece of software called MacDefender, which also went by the name of Mac Security and Mac Protector. The fake antivirus program preyed on users by pretending to be a legitimate antivirus program that would find things on a computer then get rid of them in return for users acquiring a full license to the software. As it turned out, the viruses it was pretending to find were actually coming from MacDefender itself.

“The fake antivirus epidemic from last year was the real turning point,” Roel Schouwenberg, a senior researcher at Kaspersky Labs, told CNET. “With all the media attention, malware authors realized they could make money off Macs.”

Schouwenberg noted that besides the initial wave from Flashback, and the Mac Defender infections, there was an attack from malware that actually changed your Mac’s DNS settings.

Apple’s response to the MacDefender issue was to first issue a way for users to identify the malware when coming across it on the Web, then to release a series of updates to its own built-in malware scanner in OS X called XProtect, all in order to protect users from accidentally installing it. Those tools were also able to remove it from machines on which it had already been installed.

Patching the future
One aspect of Apple’s internal culture that frustrates security experts is that the company’s stance on fixing vulnerabilities has been inconsistent. Experts note that while Apple’s mobile iOS platform has been patched in a timely manner, and there are even some at the company who “beat the security drum” (according to Schoewenberg), Flashback is an example of the process not working.

“Flashback was patched by Adobe for all major platforms back in February, but Apple only patched it this week,” Schoewenberg said. “Waiting two months is not acceptable, and we see OS X threats evolving.”

Apple’s Gatekeeper technology coming in the next version of OS X promises to tighten down OS security.

(Credit:
Apple)

Apple, which declined to comment on the Flashback malware, announced plans to tighten up security in the next major version of Mac OS X, due for release this summer, with a feature called Gatekeeper. The new protection tool offers to keep users safe by requiring that developers register with Apple to have their applications signed and verified by Apple. Users can then choose whether they want to keep their computers from installing software that hasn’t been signed by a registered developer.

“The approach they’re taking is two-pronged: Gatekeeper to make you download stuff that has at least some checking for malicious code, and antivirus [XProtect] baked into the OS for when you happen to get hit,” Miller said. “On the grand scheme, they have the right ideas, they just haven’t been keeping up on things like they should.”

Article source: http://news.cnet.com/8301-1009_3-57410702-83/flashback-the-largest-mac-malware-threat-yet-experts-say/?part=rss&subj=software&tag=title

View full post on National Cyber Security » Virus/Malware/Worms

Tags: , , , ,
Posted in Blog | No Comments »
07 Apr 2012

#Ebook Deal/Day: Supercharged JavaScript Graphics

Thank you for visiting

Our site is temporarily unavailable due to routine maintenance. We apologize for any inconvenience.

Please try us again, we will be back shortly.

Article source: http://feedproxy.google.com/~r/oreilly/news/~3/DKnm0faHKdY/0636920013044.do

View full post on National Cyber Security

Tags: , , , ,
Posted in Blog | No Comments »
07 Apr 2012

Kaspersky Confirms Widespread Mac Infections Via Flashback Trojan

Security firm Kaspersky Lab today weighed in on the Flashback Trojan controversy, confirming that the flaw likely infected more than half a million Macs.

In a blog post, Kaspersky Lab expert Igor Soumenkov said the firm analyzed the latest variant of the botnet – dubbed Flashfake – to try and nail down where the infected computers resided and how many were affected.

“We reverse engineered the first domain generation algorithm and used the current date, 06.04.2012, to generate and register a domain name, ‘krymbrjasnof.com,’” Soumenkov wrote. “After domain registration, we were able to log requests from the bots. Since every request from the bot contains its unique hardware UUID, we were able to calculate the number of active bots.”

Kaspersky’s analysis saw more than 600,000 unique bots connect to its servers in less than 24 hours, using a total of 620,000 external IP addresses. More than 50 percent came from the United States.

That’s in line with Wednesday data from anti-virus firm Doctor Web, which said that about 550,000 Macs were likely infected by the Java flaw, known as the Flashback Trojan.

Approximately 300,917 of the active bots were located in the U.S., followed by 94,625 in Canada, 47,109 in the U.K., and 41,600 in Australia, Kaspersky said. A smaller number of devices in France, Italy, Mexico, Spain, Germany, and Japan were also affected.

Soumenkov said Kaspersky could not confirm or deny that all the bots were running Mac OS X, but the firm was able to get a “rough estimation” using passive OS fingerprinting techniques.

“More than 98 percent of incoming network packets were most likely sent from Mac OS X hosts,” he wrote. “Although this technique is based on heuristics and can’t be completely trusted, it can be used for making order-of-magnitude estimates. So, it is very likely that most of the machines running the Flashfake bot are Macs.”

Yesterday, Apple issued a second update to address this issue, though it did not appear to be too in depth.

Security experts are suggesting that Mac users, particularly those on older versions of OS X, update their software as soon as possible. For the technically inclined, F-Secure also has instructions on how to locate a Flashback infection.

For more from Chloe, follow her on Twitter @ChloeAlbanesius.

For the top stories in tech, follow us on Twitter at @PCMag.

Article source: http://www.pcmag.com/article2/0,2817,2402715,00.asp?kc=PCRSS05079TX1K0000992

View full post on National Cyber Security

Tags: , , , , ,
Posted in Blog | No Comments »
07 Apr 2012

Frederick man charged in fraud scheme: Former military police officer allegedly made more than $9,000 in purchases

A Frederick man faces charges of operating a fraud scheme in which police said he stole credit card numbers and used them to make more than $9,000 in purchases online and at a Frederick department store

View full post on credit card fraud – Yahoo! News Search Results

View full post on National Cyber Security

Tags: , , , , , , , , , , , , ,
Posted in Blog | No Comments »
07 Apr 2012

Credit card data breach effects reach Iowa

Credit unions and banks in Iowa are reissuing customer credit and debit cards, and reporting increased fraudulent card use.

View full post on credit card fraud – Yahoo! News Search Results

View full post on National Cyber Security

Tags: , , , , , ,
Posted in Blog | No Comments »
Page 1,111 of 2,073« First...1,0801,0901,100«1,1091,1101,1111,1121,113»1,1201,1301,140...Last »

Get The New Book By Gregory Evans

Everyone Is Talking About!

Are You Hacker Proof?
$15.95

Find Out More, Click Here!