Month: November 2010

Security researchers have demonstrated how it might be possible to place backdoor rootkit software on a network card. Guillaume Delugré, a reverse engineer at French security firm Sogeti ESEC, was able to develop proof-of-concept code after studying the firmware from Broadcom Ethernet NetExtreme PCI Ethernet cards. He used publicly available documentations and open source tools to develop a firmware debugger. He also reverse-engineered the format of the EEPROM where firmware code is stored, as well as the bootstrap process of the device. Using the knowledge gained from this process, Delugré was able to develop custom firmware code and flash the … Continue reading Network card rootkit offers extra stealth

Research In Motion denied reports in Indian media that it had received information from an Indian government official questioned by police Monday during an investigation into the leaking of information to telecommunications companies. Ravi Inder Singh, a senior official in the country’s Ministry of Home Affairs, was taken in for questioning on Monday, Delhi police sources said. Special Commissioner of Police P.N. Aggarwal said on Tuesday that Singh had not been arrested, and investigations were still going on in the case. He declined to comment on the line of investigation. RIM is currently in difficult negotiations with the Indian government, … Continue reading RIM denies reports that Indian official snooped for it

Trend Micro researchers recently discovered attacks on the social networking site Multiply. The cybercriminals behind the said attack created new Multiply user accounts then sent malicious personal messages to other site users. The personal message contains a greeting with the target?s Multiply user name and a video that the recipient is supposed to watch. Clicking the play button redirects users to the malicious URL http://yourtube.{BLOCKED}loring.com/video2/video.php?q=1289224873. The page then asks the recipient to download a codec to view the video. These sorts of attacks have been occurring for some time. Users should avoid downloading new codecs to watch videos posted online, … Continue reading Malicious Video Spreads via Multiply;Cross-Border Korean Shelling Leads to FAKEAV

A computer hacker who accessed personal data and photos from his mother’s front room in a major e-mail scam has been jailed.  Father-of-five Matthew Anderson, 33, of Drummuir, Moray, who was part of an international gang, was caught after a Scotland Yard investigation. He sent millions of worldwide e-mails which released a virus when opened, allowing remote control of computers.  Anderson was jailed for 18 months at Southwark Crown Court. He admitted the Computer Misuse Act crime.  He was able to access private images, wills and confidential medical reports and CVs. http://www.bbc.co.uk/news/uk-scotland-north-east-orkney-shetland-11818671  via Sophos.

Mozilla has fixed a bug in the way that its Bugzilla Web site and others handled certain errors, which could have been exploited to execute a man-in-the-middle attack against an unsuspecting user. The bug was related to the way that the sites responded to certain requests from client machines when the clients specify an incorrect HTTP host header. The Bugzilla site holds a wild card SSL certificate that also is valid on Mozilla.org, and as a result when the sites respond to the request with the incorrect header, clients can be redirected to a non-HTTPS site for an error message. … Continue reading Mozilla Fixes Site Error-Handling Bug

Introducing Anonymizer Nevercookie™, a FREE Firefox plugin that protects against the Evercookie API. The plugin extends Firefox’s private browsing mode by preventing Evercookies from identifying and tracking users. Evercookie is a new, more persistent cookie form that enables the storage of cookie data in a number of different locations, such as Flash cookies and various locations of HTML5 storage. This allows websites to track user behavior even when users have enabled private browsing. Because an Evercookie stores data in locations outside of where standard cookies are stored, an Evercookie can rebuild itself unless users go through a number of steps … Continue reading Anonymizer Labs Develops ‘Anonymizer Nevercookie’ to Contend With the Evercookie Threat

Google’s new "Instant Previews" search tool is skewing traffic stats for sites using Google Analytics, creating page views before pages are actually viewed. Rolled out across Google’s search engine earlier this month, Instant Previews lets searchers, yes, preview sites before they visit them. Users click on a small icon that appears beside a search result, and this launches an image of the site in question on the right-hand-side of Google’s results page. As Google pointed out when "Instant Previews" was launched, Google is – in some cases – fetching these previews in real time. Soon after the tool’s launch, webmasters … Continue reading Google ‘Instant Previews’ hit Google Analytics with fake traffic

Electronic Communications Privacy Act violation alleged A Texas man has fired a legal broadside against Gmail in a federal lawsuit that claims the Google service violates the Electronic Communications Privacy Act of 1986. Keith Dunbar of Bowie County, Texas, claims that emails he sent from a non-Gmail service to Gmail users were scanned by Google algorithms without his consent. The algorithms are designed to serve Gmail users targeted ads based on the content of messages they receive. “No consent from non-Gmail account holders is given prior to Google using the content of non-Gmail account holders for the purpose of delivering … Continue reading Google sued for scanning emails of non-Gmail users

A Trojan that pulls a sly performance of now-you-see-me-now-you-don’t disguises itself on an infected system as the Adobe Updater, a real program that’s installed alongside such mainstay applications as the Adobe Reader. This method of hiding in plain sight means the downloader, Trojan-Downloader-Karagany, may remain active on an infected system for an extended period of time, reinfecting PCs even after the more obvious payloads have been cleared up. During the initial infection, subtlety is this Karagany’s strong suit. When executed, it pulls an act I find slightly more interesting than the conventional file copies itself from one place to another, … Continue reading Karagany Isn’t a Doctor, but Plays One on Your PC

Security software manufacturer BitDefender today released some statistics gleaned from Safego, a Facebook application that it offers to users of the social-network to keep an eye on their vulnerability to malware. The big finding: 20 percent of Facebook users are exposed to malicious posts in their "news feeds" of friends’ activity, generally defined as posts that, when clicked on, result in "the user’s account being hijacked and in malware being automatically posted on the walls of the respective user’s friends." The numbers were derived from Safego’s analysis of news feed items viewed by the 14,000 Facebook users who have installed … Continue reading Study: Fifth of Facebook users exposed to malware‎