31 Ekim 2011 Pazartesi
Trojan:Android/GinMaster.A
How to make a great Halloween costume with two iPad 2s (and some fake blood) (Digital Trends)
indir nod32 nod32 güncel key nod32 guncel key eset nod32 guncel key
Spyware:Android/Flexispy.K
Malicious QR Codes Pushing Android Malware
According to Wikipedia QR code is a type of matrix barcode (or two-dimensional code) first designed for the automotive industry. QR codes are becoming more and more popular today and are used in banners, magazines, transport and badges in order to provide quick and easy access to particular information. A QR code has a pretty big capacity (compared to a simple barcode) and is able to store 7089 numeric characters or 4296 alphanumeric characters; and it is more than enough to store text or URL.
But about the malicious QR codes? Yes, you scan a QR code with the help of your smartphone and it redirects you to a URL with a malicious file (APK or JAR). Such QR codes exist and are gaining in popularity.
Today people who use smartphones often look for new software for their devices with the help of desktop PCs. If a user finds something interesting he or she must retype the application URL in the smartphone browser for downloading it. It’s not very convenient so that’s why such websites have QR codes which can be easily scanned.
It is known that today a lot of mobile malware (especially SMS Trojans) is spread via sinister websites where all software is malicious. And cybercriminals have started to use malicious QR codes for users’ ‘convenience’. Here is an example of such a website:
Part of the website with malicious QR code
esed nod32 download nod32 serialleri esed nod32 indir nod32 serial
Major Windows 7 gotcha you should know about that may block you from upgrading
OK, so anyone who knows me expects that I stay up on the bleeding edge when it comes to dev tools and operating systems. Yes, I have been using Windows 7 for almost a year now and have been loving it. However, I never ran it on my production dev environment as I felt I did not what to disrupt our software development workflow until Windows 7 was in final release. With it out to RTM now, I felt it was as good as time as any to migrate, especially since we recently released our latest build of our own product and have a bit of time to do this.
So last week I deployed Windows 7 to both of my production dev systems, as well as the primary QA lab workstations. It was the worst thing I could ever have done, halting all major development and test authoring in our office due to a MAJOR gotcha Microsoft failed to let us know about during the beta and RC.
Ready for this....
You cannot run Virtual PC 7 (beta) in Windows 7 WITHOUT hardware virtualization. OK, I can live with that, since the new XP mode (which is an excellent feature) may very well need it. That didn't concern me. It was my fall back that failed to work that blew my mind...
You cannot run Virtual PC 2007 in Windows 7, as they have a hard block preventing it from being installed on Windows 7 due to compatibility issues. So the same machine that I have been using for development using Vista for a few years has now become a glorified browsing brick. I cannot do any of my kernel mode and system level development or debugging as I am not ALLOWED to install Virtual PC 2007 on the same hardware that worked before. *sigh*
What surprised me is that Ben, the Virtual PC Guy at Microsoft blogged that it was possible to run Virtual PC on Windows 7, and in his own words:
While all the integration aspects of Virtual Machine Additions work (mouse integration, shared folders, etc...) there is no performance tuning for Windows 7 at this stage - so for best performance you should use a system with hardware vitalization support.
That sounds to me like it will still work without hardware virtualization. Seems that is not the case.
Since Windows 7 is already to RTM, if this is a block due to Windows, it isn't going to be fixed anytime soon. So hopefully they can do something in the Virtual PC side of the equation, or they are going to disappoint a lot of unknowing developers.
This just became a MAJOR blocking issue for many dev shops that are using Virtual PC for isolated testing.
If this concerns you, then I recommend you download Intel's Processor Identification Utility so you can check to see if your dev environment is capable of running hardware virtualization.
Failing to do so might get you stuck like I did, now having me decide if I want to degrade back to Windows Vista just to get work done. There goes another day to prep my main systems again. *sigh*
UPDATE: Fellow MVP Bill Grant has provided me a solution to my delimma. It appears the issue is because Virtual PC 7 (beta), a built in component for Windows 7 when installed, is causing the blocking issue. By going into "Turn Windows features on or off" and removing Virtual PC support (and effectively removing XP mode support), Virtual PC 2007 can then be installed on machines that do not have hardware virtualization support.
This isn't the most optimal behaviour, but acceptable. Since without VT support in my CPU I can't use XP mode anyways, removing it does not limit WIndows 7 from functioning. I have reported to Microsoft on this odd behaviour since:
- Virtual PC 7 and XP Mode simply shouldn't be installing if my CPU isn't supported
- When the Customer Experience dialog pops up there is an option to "Check for Solutions Online". This is a PERFECT time where they could explain to uninstall Virtual PC 7 and XP mode support built into Windows 7 so Virtual PC 2007 will not block. Right now it reports that no solution is available.
So if you do NOT have VT support in your CPU, please uninstall Virtual PC 7 support if you installed it. VPC 2007 will then properly install for you.
full nod32 download est nod32 serial 64 bit nod32 esed nod32 4
Trojan:Android/YZHCSMS.A
nod32 key esed nod32 download nod32 serialleri esed nod32 indir
Worm:W32/Todon.I
Are "Offerwalls" siphoning your personal information?
A relatively new development in app advertising has a concerning feature. It leeches much of the same information that many Android Trojans also steal. Through an app promotion campaign, a new feature called “offerwalls” are used by Pay Per Install (PPI) services to promise further adoption and revenue for app developers. But what is the real danger? It is found in the way these services uniquely identify users and the information they collect.
What is Pay Per Install?
Pay Per install within the Android App world, is a service offered by specialized advertisers to app developers with the intention of further exposing their apps to a larger audience. Many services exist, such as Tapjoy and Everbadge, which, in the latter case, promises to increase app revenue by “50-400%”. These sites use a particular method of tracking users. App developers need to enable this tracking somehow. In most cases, an SDK (software development kit) must be installed. Tracking code is added to the developer’s application, and that code is supplied by the PPI site.
nod32 key esed nod32 download nod32 serialleri esed nod32 indir
6 Deadly Enterprise Security Mistakes
Sometimes it's the unknown or overlooked little mistakes that leave an organization wide open to attack: a missing hash mark in a server configuration, a long-forgotten PBX user account, or an embedded Web server in an office printer.
With compliance pressures, increasingly cagey malware, and the fear of being the next front-page data breach victim, it's no wonder that enterprises might not notice potential problems with their lower-profile devices, or make subtle configuration mistakes.
Even so, ignorance is no excuse when the bad guys hone in on an inconspicuous weakness, like a few older, rarely used desktops that haven't been updated with the latest patches. It takes only one weak link for an attacker to gain a foothold into an organization and steal valuable data, or set up shop for long-term cyberespionage. Spooked yet? Take a look at some subtle but potentially dangerous mistakes enterprises make that could come back to haunt you.
Spam and YouTube: a long-term relationship
We recently noticed a mass mailing among the general flow of spam that at first glance looked just like the usual “forum” junk mail that appears on forums and bulletin boards, and which are sent as email notifications to users of those forums.
Coding Tip: Why you should always use well known SIDs over usernames for security groups
So have you ever tried to restrict access to your applications in a way so that you can maintain least privilege?
I do. All the time. And recently it blew up in my face, and I want to share my experience so others can learn from my failure.
Let me show you a faulty line of code:
if( principal.IsInRole( "Administrators" ) )
Seems rather harmless doesn't it? Can you spot the defect? Come on... its sitting right in the subject of this post.
Checking to see if the current user is in the "Administrators" group is a good idea. And using WindowsPrincipal is an appropriate way to do it. But you have to remember that not EVERYONE speaks English. In our particular case, we found a customer installed our product using English, but had a user with a French language pack. Guess what... the above code didn't work for them. Why? Because the local administrators group is actually "Administrateurs".
The fix is rather trivial:
SecurityIdentifier sid = new SecurityIdentifier( WellKnownSidType.BuiltinAdministratorsSid, null );
if (principal.IsInRole(sid))
By using the well known SID for the Administrators group, we ensure the check regardless of the name or language used.
Lesson learned the hard way for me. We have an entire new class of defect we are auditing for, which we have found in several places in our code. it always fails securely, NOT letting them do anything, but that's not the point. It is still a defect. Other accounts we weren't considering were "Network Service" (its an ugly name on a German target) and "Guest". Just to name a few.
Hope you can learn from my mistake on that one. That's a silly but common error you may or may not be considering in your own code.
esed nod32 key esed nod32 keys est nod32 key esed nod32 serial
Trojan-Spy:W32/Zbot.PUA
güncel key nod32 full nod32 esed nod32 keyleri esed nod32 key
Trojan:W32/AntiAV
esed nod32 download nod32 serialleri esed nod32 indir nod32 serial
30 Ekim 2011 Pazar
Large Scale Hacks: U.S. satellites infiltrated for 12 minutes (Yahoo! News)
nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler
YouTube mounts TV challenge with original programming (Reuters)
Rootkit:W32/Zxshell.B
Patch Tuesday October 2011
Microsoft customers have an urgent and heavy dose of patching to do today. Internet Explorer may have only one update assigned to it, but the MS11-081 cumulative update fixes eight different vulnerabilities. And these vulnerabilities impact all lines of Windows, including Windows 7 x64 all the way up through Windows Server 2008 x64 Service Pack 2.
The nice thing about it, is that on the consumer side, Microsoft has developed their update utility to handle most of the decision making for you. On the corporate side, sys admins all handle the updates their own way, which may require important compatibility and quality testing efforts.
In addition to the eight critical vulnerabilities being fixed in Internet Explorer, both consumer and corporate customers urgently need to patch Silverlight with MS11-078, which may or may not be installed on your system. Silverlight is Microsoft's interactive media web browser plug-in (along with the Novell/Mono efforts), enabling developers to code up Silverlight applications in any .NET language (C#, etc). In other words, it's competition for Adobe's Flash, only without the same adoption rate at this point. Anyway, both IE and Silverlight are two software clients that are heavily used, and reliable exploitation will lead to remote code execution across the wide variety of Windows versions. It would be surprising to not see related exploits added to packs and widely used in attack attempts over the coming months. On the server side, if a IIS server processes ASP.NET pages and a malicious attacker uploads a ASP.NET page and then executes the page, the attackers' code could be executed on the server. Please patch immediately.
Of the eight security bulletins, two are rated critical and six important, addressing 23 vulnerabilities across Internet Explorer, .NET Framework & Silverlight, Microsoft Windows, Microsoft Forefront UAG, and Microsoft Host Integration Server. MS11-077 patches a couple of interesting bugs in the core Windows drivers that expose exploitable vulnerabilities across all the supported Windows versions from Windows XP SP3 to Windows Server 2008 x64 SP2, including a use-after-free in win32k.sys leading to EoP and a font library file BoF leading to RCE.
indir nod32 nod32 güncel key nod32 guncel key eset nod32 guncel key
Microsoft plays down threat of zero-day flaws
News in brief: Redmond says only a small number of attacks are exploits of zero-day flaws...
(silicon.com - Security)
esed nod32 indir nod32 serial nod32 güncel keyleri nod32 keyleri güncel
Trojan-Downloader:OSX/Flashback.B
Application:W32/Keygen
nod32 full indir nod32 full download full nod32 download est nod32 serial
Forget Facebook -- Google Could Change Television (ContributorNetwork)
Facebook Tests Security Features
Facebook is testing security features that boost password protection for third-party applications and make it easier to reactivate accounts hijacked by hackers.
Facebook unveiled App Passwords and Trusted Friends Wednesday, saying they would be testing the features over the ?coming weeks.? The announcement is the latest effort by Facebook to improve safety on the site, which is a favorite target of cyber-criminals looking to dupe the social network?s 800 million users worldwide. Trusted Friends is like giving a bosom buddy the key to your house in case you get locked out. A user selects three to five friends that Facebook will send a secret code to pass along, if the account holder can?t get into the site. This sometimes happens when a hacker hijacks someone?s Facebook account and changes the password.
App Passwords provides a higher level of security for logging in to third-party applications. A growing number of Web applications allow people to log in using their Facebook credentials. As an alternative, a unique password can be generated by going to Account Settings, then the Security tab and finally to the App Passwords section. Entering an e-mail address and the Facebook-generated password should get a person into the app. The password doesn?t have to be remembered, because Facebook can generate it anytime.
New attack tool targets Web servers using secure connections
esed nod32 antivirus nod32 turkce nod32 full indir nod32 full download
Microsoft plays down threat of zero-day flaws
News in brief: Redmond says only a small number of attacks are exploits of zero-day flaws...
(silicon.com - Security)
nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri
29 Ekim 2011 Cumartesi
Trojan-Downloader:OSX/Flashback.A
nod32 serialleri esed nod32 indir nod32 serial nod32 güncel keyleri
Rootkit:W32/Zxshell.B
full nod32 download est nod32 serial 64 bit nod32 esed nod32 4
Backdoor:W32/Knockex.A
nod32 key esed nod32 download nod32 serialleri esed nod32 indir
Facebook Tests Security Features
Facebook is testing security features that boost password protection for third-party applications and make it easier to reactivate accounts hijacked by hackers.
Facebook unveiled App Passwords and Trusted Friends Wednesday, saying they would be testing the features over the ?coming weeks.? The announcement is the latest effort by Facebook to improve safety on the site, which is a favorite target of cyber-criminals looking to dupe the social network?s 800 million users worldwide. Trusted Friends is like giving a bosom buddy the key to your house in case you get locked out. A user selects three to five friends that Facebook will send a secret code to pass along, if the account holder can?t get into the site. This sometimes happens when a hacker hijacks someone?s Facebook account and changes the password.
App Passwords provides a higher level of security for logging in to third-party applications. A growing number of Web applications allow people to log in using their Facebook credentials. As an alternative, a unique password can be generated by going to Account Settings, then the Security tab and finally to the App Passwords section. Entering an e-mail address and the Facebook-generated password should get a person into the app. The password doesn?t have to be remembered, because Facebook can generate it anytime.
Trojan:Android/GinMaster.A
nod32 guncel keyler nod32 guncel key güncel key nod32 full nod32
Solera research director spots a hybrid spear phishing attack
Andrew Brandt, The newly-installed director of threat research with Solera Networks, has been analyzing what appears to be a hybrid spear phishing attack against a colleague and revealed the effort that goes into making these targeted attack emails look genuine.
According to Brandt, the message addressed to Alan Hall, Solera's head of marketing, claimed it was an order confirmation from a (real) online retailer named Yesasia.com, and contained his full name as well as his Solera Networks email address in the body of the message.
The order confirmation claimed that Alan had just completed the purchase of two products: a Logitech QuickCam Ultra Vision webcam and a 1TB external hard drive from Freecom with a price tag of $483.47. ?For more information, the email claimed, you could follow a link ? now dead ? that looked like it pointed to an invoice hosted on Yesasia?s server?, he said in his latest security posting, adding that it turned out to be a classic fake shipping confirmation scam.
nod32 serial nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri
Using TS RemoteApp as an attack vector
So in today's session at SMBNation that I spoke at, I showed how to use TS RemoteApp with TS Gateway on SBS2008 to deliver remote applications through Remote Web Workplace. It is one of the most cool features in the Windows Server 2008 operating system. But we have to remember what its doing.
Part of the conversation we had was on the difference between local desktop display in TS RemoteApp vs just having a full desktop to the Terminal Server. One issue that came up was that as a RemoteApp, you can't run other applications.
Well, that is not actually true. If you think that, then a TS RemoteApp has the ability to be an attack vector for you. What do I mean? Well below is a screen shot of what happens if you hit CTRL-ALT-ENTER with the cursor focused on the RemoteApp window (in this case MS Paint running remotely):
At this point, you can run Task Manager.... then hit File->Run and run something else. In my case, I showed a few people afterwards how to start cmd and start exploring the network. Now, you will only have the privileges of the user account logged in as, but it is still something you have to be careful about. If you think a RemoteApp bundle prevents access to other application sor the network... you are wrong.
So is this bad? No. Is it really an attack vector? No. You just need to understand that when allowing ANY type of Terminal Services based access, you have to restrict the policies and access accordingly. No matter if its local or remote. Running a TS RemoteApp bundle of Office will display on the local desktop, but is STILL running on the Terminal Server. So it will be browsing the network the Terminal Server is connected to as the local net. It will also browse your own drives mapped via tsclient. So you have to remember that.
Hope thats useful. A TS RemoteApp bundle does NOT mean you won't have access to the TS desktop when displaying remotely on your personal desktop. And that's not a bad thing. TS Remote App is a convenient way to extend the workspace to your local machine, anywhere in the world. No pun intended. That's its power... and the benefit. Great remote productivity enhancement in Windows Server 2008. Use it. (Safely of course)
esed nod32 keyleri esed nod32 key esed nod32 keys est nod32 key
Fake AV business alive and kicking
Since June 2011 we have seen a substantial decrease in the number of fake antivirus programs. Right now we are observing 10 000 daily attempts to infect users with Trojan-FakeAV; back in June the figures were 50-60,000.
TDL4 botnet may be available for rent
ESET's senior research fellow David Harley says that, while his team of researchers have been tracking the TDL4 botnet for some time, they have noticed a new phase in its evolution.
These changes, he noted, may signal that either the team developing the malware has changed or that the developers have started selling a bootkit builder to other cybercriminal groups on a rental basis.
The dropper for the botnet, he asserted, sends copious tracing information to the command-and-control server during the installation of the rootkit onto the system. In the event of any error, he said, it sends a comprehensive error message that gives the malware developers enough information to determine the cause of the fault. All of this, wrote Harley in his latest security posting, suggests that this bot is still under development.
esed nod32 keys est nod32 key esed nod32 serial esed nod32 antivirus
Backdoor:WinCE/PhoneCreeper.A
nod32 guncel key güncel key nod32 full nod32 esed nod32 keyleri
Critical TCP/IP Worm Hole Dings Windows Vista
Malicious QR Codes Pushing Android Malware
According to Wikipedia QR code is a type of matrix barcode (or two-dimensional code) first designed for the automotive industry. QR codes are becoming more and more popular today and are used in banners, magazines, transport and badges in order to provide quick and easy access to particular information. A QR code has a pretty big capacity (compared to a simple barcode) and is able to store 7089 numeric characters or 4296 alphanumeric characters; and it is more than enough to store text or URL.
But about the malicious QR codes? Yes, you scan a QR code with the help of your smartphone and it redirects you to a URL with a malicious file (APK or JAR). Such QR codes exist and are gaining in popularity.
Today people who use smartphones often look for new software for their devices with the help of desktop PCs. If a user finds something interesting he or she must retype the application URL in the smartphone browser for downloading it. It’s not very convenient so that’s why such websites have QR codes which can be easily scanned.
It is known that today a lot of mobile malware (especially SMS Trojans) is spread via sinister websites where all software is malicious. And cybercriminals have started to use malicious QR codes for users’ ‘convenience’. Here is an example of such a website:
Part of the website with malicious QR code
nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler nod32 guncel key
Worm:W32/Downaduprun.A
esed nod32 keys est nod32 key esed nod32 serial esed nod32 antivirus
NSA helping Wall Street fight hackers
nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler
28 Ekim 2011 Cuma
Data-stealing Duqu Trojan could be the next Stuxnet worm
News in brief: Symantec warns of Stuxnet-style Duqu Trojan...
(silicon.com - Security)
nod32 güncel key nod32 guncel key eset nod32 guncel key eset nod32 güncel key
The SSL Sky is Falling?
With headlines like "New cyber threat compromises financial information - Experts say new threat could affect millions of sites", you would think that the trust model of the internet is finally crumbled.
Following an hour long Friday evening wait for the demo, the Ekoparty demo for the SSL hack was staged. And it was interesting that the attack succeeded in cracking the SSL confidentiality model as implemented by the Mozilla Firefox browser when communicating with paypal.com web servers over https. At the same time, it seemed to be an impractical exploit targeting a weakness that was fixed three months ago in Chromium source code.
Also of note, is the fact that the attack has been well known for almost 10 years, it's just that there hasn't been a practical exploit implementing the attack. And that they refined their blockwise attack model far better than previous chosen-plaintext attack models, making it more effective than prior attacks.
So there seems to be another good security reason to use Google's Chrome browser, for those of you highly sensitive to security issues. Also interesting were some of the tricks they used to make it work. While they couldn't get it to work in pure javascript or flash, they implemented the exploit in a Java applet and attacked the stream between Firefox and https://paypal.com. The "tricks" they used to bypass "Same Origin Policy" with Java were surprising, and they came up with the entire stolen session cookie with which to log in to paypal.com as the victim over http in under three minutes. While I am sure that the other browser vendors will update their CBC encryption routines to better randomize their IV and overcome this attack as suggested almost ten years ago, one could use Chrome and maintain secure communications in regards to this exploit. To me, this exploit is a low risk one because of its impracticality. Whether they properly disclosed their work to all browser vendors, giving developers plenty of time prior to disclosure remains a question to me, but they did contact at least the Chrome team. Interesting research and impressive effort implementing a difficult to work concept certainly. These guys know crypto and communications technologies. But the sky has not fallen. Yet.
For related technical information, and thoughts from relevant developers and researchers, please check out my "Related Links" list to the right side of the post text. I try to be thorough in my selection.
UPDATE(9/26): Microsoft advises that they are investigating the matter for their Internet Explorer browser customers, stating that the issue is low risk anyways, "Considering the attack scenario, this vulnerability is not considered high risk to customers". Perhaps they were one of the browser vendors that were not contacted about the vulnerability.
Oracle Out of Cycle Apache Patch - CVE-2011-3192
Webmasters, mainly corporate sysadmin and dev teams, need to pay attention to today's Oracle CPU, impacting Oracle Fusion Middleware, Oracle Application Server, and Oracle Enterprise Manager. This stuff is commonly deployed in the enterprise. Sysadmins should be aware that CVE-2011-3192 is only known to enable DoS attacks: "The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086."
The issue is an urgent one, "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Security Alert fixes as soon as possible". Normally this wouldn't be all that interesting, but the bug has existed for a long time and was being exploited in at least late summer. It is surprising to see that an Apache bug being publicly exploited and reported on mid-August, patched by the Apache group in mid-August, receives a delayed patch delivery from Oracle in mid September. Also interesting is that this problem is partly rooted in a protocol design issue going back to 2007. Now-Google Security engineer Mike Zalewski posted to Bugtraq with a "cheesy Apache/IIS DoS vuln question" about the problem back then.
Customers are provided with a link to "My Oracle Support Note 1357871.1" where "Patches and relevant information for protection against this vulnerability can be found..." Coincidentally, the Weblogic host serving resources at that URL returns an Apache error at this time: "Failure of server APACHE bridge: No backend server available..." Nonetheless, knowing that hacktivists are heavily in the news for site takedowns and simple perl scripts are publicly available targeting this vulnerability, admins are urged to spend another day patching ASAP.
Copyright bill revives Internet 'death penalty'
The Mystery of Duqu: Part One
First of all, we feel it necessary to clarify some of the confusion surrounding the files and their names related to this incident. To get a full understanding of the situation you only need to know that we’re talking about just two malicious programs here (at a minimum) - the main module and a keylogger. All that has been mentioned in last 24 hours about connections between Duqu and Stuxnet is related mostly to the first one - the main module.
The main module consists of three components:
- a driver that injects a DLL into system processes;
- a DLL that has an additional module and works with the C&C; and
- a configuration file.
The module is very similar to Stuxnet - both in structure and in behavior. However, the name Duqu has almost no connection with it. This name is based on the names of the files that are related to a completely different malicious spy-program!
This second malicious program, which is basically a keylogger (but is also able to collect other types of information) was discovered on the system of one of the victims together with the main module described above. Because of this fact, plus the main module’s ability to download other components, it was assumed that the main module and the keylogger were somehow related to each other. While working in a system, the keylogger stores collected data in files with names like ~DQx.tmp. So the name of the main module - Duqu - was given based on these files.
But actually, the code of the Trojan-Spy in part proves the connection between it and the main module, and it was probably downloaded by the main module sometime earlier. But as per its functionality, it is an independent malicious application able to work without the main module. At the same time, the main module is able to work without the Trojan-Spy. However, the connection between the keylogger and Stuxnet is not so obvious, and that’s why it’s possible - at a stretch - to perhaps call it a grandchild of Stuxnet, but certainly not its child :)
9 astounding Halloween costumes (Yahoo! News)
Greetings from my first visit to Virus Bulletin
Hello, David Jacoby here checking in from sunny Barcelona where I'm attending the annual Virus Bulletin conference.
I'm sitting here reviewing all the presentations from yesterday, and it just hit me, this is actually my first time at this conference. Previously I have only attended security conferences in the style of Black Hat, Defcon, HITB and others. The content is very different, and also the presentation styles. To be honest, I had no idea what to expect, but so far it's been really refreshing and educational.
It's been a blast to meet meet fellow researchers from the same industry and just to get a face to the people behind the e-mail addresses. If you are at Virus Bulletin and reading this, do not hesitate to find me!
So, it's currently day two, and so far so good. Yesterday I saw about eight presentations, mostly in the technical track, but today I'm mostly visiting the corporate tracks. I think its a good mixture to get information from both tracks. The only problem with two tracks is choosing which one you want to attend.
Backdoor:W32/Zxshell.A
Worm:W32/Downaduprun.A
Data-stealing Duqu Trojan could be the next Stuxnet worm
News in brief: Symantec warns of Stuxnet-style Duqu Trojan...
(silicon.com - Security)
Trojan:Android/AutoSPSubscribe.A
nod32 güncel key nod32 guncel key eset nod32 guncel key eset nod32 güncel key
Come have Coffee and Code in Vancouver with me and Microsoft tomorrow
So John Bristowe, Developer Evangelist for Microsoft Canada will be hosting a Coffee and Code event in Vancouver tomorrow from 9 to 2 at Wicked Cafe. Come join him and fellow Microsoft peers Rodney Buike and Damir Bersinic as they sit and share their knowledge over a cup of joe.
I will be there too, and will be available if anyone wants to talk about secure coding, threat modeling with the SDL TM or if you want to talk about integrating AuthAnvil strong authentication into your own applications or architectures
I do hope to see some of you there. And if I don't... I will be seeing you at #energizeIT right?
What: Coffee and Code in Vancouver
When: April 8th, 2009 from 9am - 2pm
Where: Wicked Cafe - 861 Hornby Street (Vancouver)
full nod32 esed nod32 keyleri esed nod32 key esed nod32 keys
Uncle Sam slaps San Francisco radio pirate with $10k fine
The world of online music is evolving at a global breakneck pace. Millions of people are Pandoring, Turntabling, and Spotifying away. They're sharing their music choices on their mobiles via Facebook, Twitter, and Last.fm. Users, developers, and entrepreneurs are redefining the very nature of broadcasting for the foreseeable future.
But over at the Federal Communications Commission's Enforcement Bureau, it's as if this revolution isn't even happening. In the spirit of Javert, the obsessed police inspector in Les Mis�rables, the law must be enforced. And the law doesn't focus on reigning in the waves of deep packet inspection that ISPs still deploy throughout the United States. It's about fining unlicensed radio stations like the one run by Dan "Monkey Man" Roberts called "Pirate Cat," a radio cafe operation that ran a "broadcast station without a license issued by the FCC on 87.9 MHz in San Francisco, California," according to the agency's Forfeiture Order.
The fine is $10,000, but that money may never show up at the US Treasury, according to pirate radio enforcement expert John Anderson speaking to Jennifer Waits, who follows the ongoing Pirate Cat drama over at the Radio Survivor blog. The agency's overall forfeiture collection rate "is pretty abysmal," Anderson explained. The last time the Commission even bothered to check its success rate, it clocked in at about 25 percent. And after five years of stalking a "recalcitrant pirate" who won't pay up, the FCC has to file a civil lawsuit for judgment.
esed nod32 serial esed nod32 antivirus nod32 turkce nod32 full indir
27 Ekim 2011 Perşembe
Nasdaq hackers spied on company directors, report says
nod32 guncel keyler nod32 guncel key güncel key nod32 full nod32
London 2012: Why the Olympics CIO is preparing for the worst
Interview: Gerry Pennell on online attacks, apps, contactless payments and the games' tech legacy...
nod32 guncel keyler nod32 guncel key güncel key nod32 full nod32
Beware the Digital Disruptors: They're Coming for Your Industry (Mashable)
Growing up in the '70s, I was the world’s biggest fan of The Bionic Man. Every Sunday night at 7 p.m. you could find me glued to our Trinitron TV to watch Steve Austin battle every villain from Bionic Sasquatch to the evil Dr. Dolenz. The appeal of the show was simple: Amplified by technology, the Bionic Man is better, stronger, and faster than his enemies.
Coldplay keeps 'Mylo Xyloto' off streaming plans (AP)
nod32 full indir nod32 full download full nod32 download est nod32 serial
Chrome Bug No Security Threat, Argues Google
Google's Chrome contains a critical vulnerability that under certain circumstances allows attackers to plant malware on a Windows PC, a security company said last week.
According to Slovenia-based Acros Security, Google would not categorize the bug as a vulnerability, and instead called it a "strange behavior that [they] should consider changing."
The vulnerability, said Mitja Kolsek, Acros' CEO, is one of a string in Windows programs that relies on an attack strategy variously dubbed "DLL load hijacking," "binary planting" and "file planting." The attack jumped into public view in August 2010 when HD Moore, the creator of the Metasploit penetration hacking toolkit and chief security officer at Rapid7, found dozens of vulnerable Windows applications. Moore's report was followed by others, including several from Kolsek and Acros.
nod32 guncel key eset nod32 guncel key eset nod32 güncel key indir com nod32
Copyright bill revives Internet 'death penalty'
Chrome Bug No Security Threat, Argues Google
Google's Chrome contains a critical vulnerability that under certain circumstances allows attackers to plant malware on a Windows PC, a security company said last week.
According to Slovenia-based Acros Security, Google would not categorize the bug as a vulnerability, and instead called it a "strange behavior that [they] should consider changing."
The vulnerability, said Mitja Kolsek, Acros' CEO, is one of a string in Windows programs that relies on an attack strategy variously dubbed "DLL load hijacking," "binary planting" and "file planting." The attack jumped into public view in August 2010 when HD Moore, the creator of the Metasploit penetration hacking toolkit and chief security officer at Rapid7, found dozens of vulnerable Windows applications. Moore's report was followed by others, including several from Kolsek and Acros.
EFF, ACLU file lawsuits over Patriot Act data collection
Two civil liberties groups have filed lawsuits asking the U.S. Department of Justice to detail its collection of electronic data and other information under the 10-year-old counterterrorism law, the USA Patriot Act.
The lawsuits, from the Electronic Frontier Foundation and the American Civil Liberties Union, seek to have the DOJ and its U.S. Federal Bureau of Investigation branch turn over all information related to information requests allowed under Section 215 of the Patriot Act. Section 215 allows the FBI to ask for a court order to obtain "any tangible things," including books, records, papers, and documents, related to a terrorism investigation.
The groups filed two lawsuits Wednesday: The EFF sued the DOJ in California, while the ACLU sued the DOJ in New York. Section 215 allows for "seemingly limitless" requests for data by the FBI, including, potentially, Internet browsing patterns and other digital data, the EFF said in a press release. In June, the EFF filed a Freedom of Information Act (FIOA) request targeting the data-collection program, but the DOJ has declined to turn over information, the group said in its complaint.
nod32 guncel key eset nod32 guncel key eset nod32 güncel key indir com nod32
Want more secrets? We need cash, WikiLeaks says
Reforming the DisGrace Period
nod32 guncel key eset nod32 guncel key eset nod32 güncel key indir com nod32
Social engineering: My career as a professional bank robber
Jim Stickley got his first computer at age 12, and he was chatting with other computer "nerds" on bulletin board sites by the time he was 16. A wannabe hacker, Stickley said his first foray into playing the system was with free codes -- codes that would exclude his phone and computer time from racking up charges that would incur the wrath of his parents.
"I started learning the phone systems early. I ended up getting my hands on a lot of old PacBell manuals and I figured out how systems work," said Stickley, now the CTO of TraceSecurity, a security consultancy based in both Louisiana and California. As an adult, Stickley channeled his computer and hacking passions into a legitimate career in network security, but soon realized that hardware and software were only part of the security equation.
"When I was spending time testing the network for companies, I would see all these people come and go. You'd see the water delivery guy, or someone else, just come and wander around," he recalled. "It dawned on me I could probably just walk in and steal all the data that they were paying me to secure on the network." So when Stickley founded Trace Security, he decided to place an emphasis on securing the network and testing the security of the people around it, too. It was a tough sell when the company first launched.
est nod32 key esed nod32 serial esed nod32 antivirus nod32 turkce
FTC official: Do not count on Do Not Track just yet
nod32 güncel key nod32 guncel key eset nod32 guncel key eset nod32 güncel key
26 Ekim 2011 Çarşamba
Uncle Sam slaps San Francisco radio pirate with $10k fine
The world of online music is evolving at a global breakneck pace. Millions of people are Pandoring, Turntabling, and Spotifying away. They're sharing their music choices on their mobiles via Facebook, Twitter, and Last.fm. Users, developers, and entrepreneurs are redefining the very nature of broadcasting for the foreseeable future.
But over at the Federal Communications Commission's Enforcement Bureau, it's as if this revolution isn't even happening. In the spirit of Javert, the obsessed police inspector in Les Mis�rables, the law must be enforced. And the law doesn't focus on reigning in the waves of deep packet inspection that ISPs still deploy throughout the United States. It's about fining unlicensed radio stations like the one run by Dan "Monkey Man" Roberts called "Pirate Cat," a radio cafe operation that ran a "broadcast station without a license issued by the FCC on 87.9 MHz in San Francisco, California," according to the agency's Forfeiture Order.
The fine is $10,000, but that money may never show up at the US Treasury, according to pirate radio enforcement expert John Anderson speaking to Jennifer Waits, who follows the ongoing Pirate Cat drama over at the Radio Survivor blog. The agency's overall forfeiture collection rate "is pretty abysmal," Anderson explained. The last time the Commission even bothered to check its success rate, it clocked in at about 25 percent. And after five years of stalking a "recalcitrant pirate" who won't pay up, the FCC has to file a civil lawsuit for judgment.
More Bad Drivers on the Information Superhighway
esed nod32 keys est nod32 key esed nod32 serial esed nod32 antivirus
Trojan:Android/YZHCSMS.A
full nod32 download est nod32 serial 64 bit nod32 esed nod32 4
Packed:W32/PeCan.A
Code Testing Tools Could Be Acquisition Targets in '08
nod32 full download full nod32 download est nod32 serial 64 bit nod32
Monitoring-Tool:Android/SimChecker.A
est nod32 key esed nod32 serial esed nod32 antivirus nod32 turkce
Lookout stops segregating tablets
nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler
BYO security: Three ways to tighten iPad and smartphone access without choking innovation
It's hard to stop staff using their own iPhones and tablets, so make the most of it...
nod32 full indir nod32 full download full nod32 download est nod32 serial
Malicious QR Codes Pushing Android Malware
According to Wikipedia QR code is a type of matrix barcode (or two-dimensional code) first designed for the automotive industry. QR codes are becoming more and more popular today and are used in banners, magazines, transport and badges in order to provide quick and easy access to particular information. A QR code has a pretty big capacity (compared to a simple barcode) and is able to store 7089 numeric characters or 4296 alphanumeric characters; and it is more than enough to store text or URL.
But about the malicious QR codes? Yes, you scan a QR code with the help of your smartphone and it redirects you to a URL with a malicious file (APK or JAR). Such QR codes exist and are gaining in popularity.
Today people who use smartphones often look for new software for their devices with the help of desktop PCs. If a user finds something interesting he or she must retype the application URL in the smartphone browser for downloading it. It’s not very convenient so that’s why such websites have QR codes which can be easily scanned.
It is known that today a lot of mobile malware (especially SMS Trojans) is spread via sinister websites where all software is malicious. And cybercriminals have started to use malicious QR codes for users’ ‘convenience’. Here is an example of such a website:
Part of the website with malicious QR code
esed nod32 antivirus nod32 turkce nod32 full indir nod32 full download
Phishing at the Top Level
Trojan:Android/BaseBridge.A
nod32 guncel key eset nod32 guncel key eset nod32 güncel key indir com nod32
In naming female CEO, IBM passes gender milestone (AP)
güncel key nod32 full nod32 esed nod32 keyleri esed nod32 key
Trojan:Android/BaseBridge.A
25 Ekim 2011 Salı
Phishing at the Top Level
esed nod32 keys est nod32 key esed nod32 serial esed nod32 antivirus
RunAs Radio podcasts you might want to listen to
Hey guys. I noticed Twitter is a buzz with a few podcast interviews I did on RunAs Radio lately. I thought I will post the links for those of you who don't follow such tweets.
There were two interviews I did last month:
The first interview was discussion on free tools available for network monitoring and diagnostics. The second was some in depth discussion on using DirectAccess with Windows 7 and Windows Server 2008 R2. I do hope you find both interviews fun and useful.
Enjoy!
est nod32 key esed nod32 serial esed nod32 antivirus nod32 turkce
Cain video ad blows smoke in unorthodox campaign (Reuters)
Packed:W32/PeCan.A
Trojan-Spy:W32/Zbot.PUA
indir nod32 nod32 güncel key nod32 guncel key eset nod32 guncel key
London 2012: Why the Olympics CIO is preparing for the worst
Interview: Gerry Pennell on online attacks, apps, contactless payments and the games' tech legacy...
nod32 key esed nod32 download nod32 serialleri esed nod32 indir
Spam and YouTube: a long-term relationship
We recently noticed a mass mailing among the general flow of spam that at first glance looked just like the usual “forum” junk mail that appears on forums and bulletin boards, and which are sent as email notifications to users of those forums.
Netflix shares tank amid backlash and defections (AP)
esed nod32 serial esed nod32 antivirus nod32 turkce nod32 full indir
Police data leaked as cop confab kicks off
Trojan:Android/BaseBridge.A
full nod32 esed nod32 keyleri esed nod32 key esed nod32 keys
FTC official: Do not count on Do Not Track just yet