31 Ekim 2012 Çarşamba

Full Analysis of Flame's Command & Control servers

Our previous analysis of the Flame malware, the advanced cyber-espionage tool that's linked to the Stuxnet operation, was initially published at the end of May 2012 and revealed a large scale campaign targeting several countries in the Middle East.

The Flame malware, including all of its components, was very large and our ongoing investigation revealed more and more details since that time. The news about this threat peaked on 4th June 2012, when Microsoft released an out-of-band patch to block three fraudulent digital certificates used by Flame. On the same day, we confirmed the existence of this in Flame and published our technical analysis of this sophisticated attack. This new side of Flame was so advanced that only the world's top cryptographers could be able to implement it. Since then, skeptical jokes about Flame have disappeared.

Later in June, we definitively confirmed that Flame developers communicated with the Stuxnet development team, which was another convincing fact that Flame was developed with nation-state backing.

We also published our analysis of the Flame command-and-Control (C&C) servers based on external observations and publicly available information. That helped our understanding of where the C&C servers were located and how they were registered.

With this blog post, we are releasing new information that was collected during forensic analysis of the Flame C&C servers. This investigation was done in partnership with Symantec, ITU-IMPACT and CERT-Bund/BSI.

nod32 guncel keyler nod32 guncel key güncel key nod32

The Current Web-Delivered Java 0day

The Java 0day activity that we have been monitoring and preventing for almost the past week has been irresponsibly reported on other blogs, with early posts publicly linking to known sites serving the 0day. In itself, the race to publish on this 0day that will be assigned CVE-2012-4681 (a problem with processing access control within "protection domains"), has been irresponsible. Would you encourage folks to walk down a mugger's dark alley with no protection or would you work to communicate the muggers' whereabouts to the right folks and work on lighting the alley or giving better directions? Would you provide muggers with some new weapons that they haven't considered? The efforts this time around seem misplaced.

Anyway, initial sites hosting the exploit were unique and spreading known APT related toolset components, including a Poison Ivy variant. Here is a somewhat unexpected heat map of early, related PIvy detections.

And here is a heat map of early detections for related web pages and javascript delivering the Java exploit:

All the related malware that I have seen to this point targeted Windows systems. The exploits are effective against Java 7 and since the initial targeted attacks, news and the samples spread throughout the broader security community and the exploits made their way to metasploit developers, who added PoC to the open source framework. In turn, the Blackhole authors added the exploit to their COTS. So the attacks are widespread at this point. The first victim regions to be hit with the Blackhole stuff were the US, the Russian Federation, Belarus, Germany, the Ukraine and Moldova. But, in relation to the other exploits included in the pack, victims are getting hit only a fair number of times with the 0day. Internet Explorer users are being hit the most, followed by Firefox, Chrome, and Opera, and then a variety of other applications that handle URLs within their documents and eventually pass the malicious .jar on to a Java client, like Adobe Reader.

We are using a variety of detections and techniques to identify the malicious sites, the web pages involved, the exploit code, and the backdoor payloads delivered by these sites. Even though this particular Java 0day is getting hyped, other older exploits in the Blackhole exploit pack continue to get hit on victim systems with higher volume. So our community is protected from the Blackhole sites themselves, the Blackhole webpages serving the Blackhole Java 0day, compromised sites redirecting to the Blackhole sites, the more prevalent older Blackhole exploits and their delivery pages, and the trojans being delivered by these Blackhole sites. In addition to all that, Kaspersky "Advanced Exploit Prevention" adds another runtime/behavioral layer of protection against the 0day itself with with "Exploit.Java.Generic". This addition is the most interesting to myself - exploit pack authors have been focused on improving their Java exploit server-side polymorphism, and this AEP feature defeats those efforts. So, our user community will see access denied altogether for current Blackhole sites, individual Blackhole web pages detected with variations on "Trojan-Downloader.JS.Agent", the backdoors detected with "Trojan.Win32.Generic" and others (i.e., 61A3CE517FD8736AA32CAF9081F808B4, DEC9676E97AE998C75A58A02F33A66EA, 175EFFD7546CBC156E59DC42B7B9F969, 0C72DF76E96FA3C2A227F3FE4A9579F3), and the 0day Java exploit code detected with "HEUR:Exploit.Java.Agent.gen" (i.e. E441CF993D0242187898C192B207DC25, 70C555D2C6A09D208F52ACCC4787A4E2, E646B73C29310C01A097AA0330E24E7B, 353FD052F2211168DDC4586CB3A93D9F, 32A80AAE1E134AFB3D5C651948DCCC7D) among others, along with the runtime AEP prevention. So while you may see a few links to Virustotal with the inevitable complaining that a scanner is missing a specific chunk of altered code along with innaccurate claims that "AV is dead!" or "AV can't detect it", you should take them for the grain of salt that they are. The real story about client side mass exploitation is more complex than those claims. Some researchers call the various points in a delivery vector a kill chain, and Kaspersky products are killing it.

Follow me on Twitter

At the same time, Oracle needs to step it up and deliver an OOB patch, which historically they have failed to do. Maybe this event will provide even more pressure to step up their security update delivery process. They have been snapping up some good security research talent and beginning to reach out, which is a start. A very late start.

UPDATE (2012.08.30): Oracle patches CVE-2012-4681 and two other client side RCE vulnerabilities. It is probably a better idea for Windows users to go to their control panel, find the Java applet, and use the Java update software to manually get the latest JRE 7 and 6 releases - the default delay for the Java Update package to check is currently one week for the Java 7 installer.

nod32 güncel key nod32 guncel key eset nod32 guncel key eset nod32 güncel key

Announcing Elevation of Privilege: The Threat Modeling Game

I have had the pleasure over the past few months to spend some time playing with an early rendition of " Elevation of Privilege: The Threat Modeling Game". According to Adam, "Elevation of Privilege is the easiest way to get started threat modeling".  I couldn't agree more. If you have a team that is new to the whole process of threat modeling, you will want to check it out. If you are at RSA this week, drop by the Microsoft booth and pick the game up for free. If you aren't, you can download it here.

EoP is a card game for 3-6 players. The deck contains 74 playing cards in 6 suits: one suit for each of the STRIDE threats (Spoofing, Tampering, Repudiation, Information disclosure, Denial of Service and Elevation of Privilege). Each card has a more specific threat on it.  You can see a short video on how to play and some more information about the game by checking our Adam's post here. In the end, it is a game that makes it possible to have more fun when thinking about threats. And that's a good thing.

Even more impressive is that they have released the game under Creative Commons Attribution license which gives you freedom to share, adapt and remix the game. So you if you feel you can improve up this, step up and let everyone know!!   

Congratulations to the SDL team at Microsoft for creating an innovative way to approach the concept of threat modeling.

est nod32 serial 64 bit nod32 esed nod32 4 nod32

Thoughts on Lessons from Our Cyber Past: The First Cyber Cops

nod32 keyleri nod32 keyler nod32 key esed nod32 download

Microsoft SDL bans mempcy()... next it will be zeros!!!!

So recently Microsoft banned memcpy() from their SDL process, which got several of us talking about perf hits and the likes when using the replacement memcpy_s, especially since it has SAL mapped to it. For those that don't know, SAL is the "Standard Annotation Language" that allows programmers to explicitly state the contracts between params that are implicit in C/C++ code. I have to admit its sometimes hard to read SAL annotations, but it works extremely well to be able to help compilers know when things won't play nice. It is great for static code analysis of args in functions, which is why it works so sweet for things like memcpy_s()... as it will enforce checks for length between buffers.

Anyways, during the discussion Michael Howard said something that had me fall off my chair laughing. And I just had to share it with everyone, because I think it would make a great tshirt in the midst of this debate:

Oh, I'm thinking of banning zero's next - so we can no longer have DIV/0 bugs! Waddya think?

OK.. so its a Friday and that is funny to only a few of us. Still great fun though.

Have a great long weekend! (For you Canadian folks that is)

nod32 guncel key eset nod32 guncel key eset nod32 güncel key

Exploit:Java/CVE-2012-4681.H

Exploit:Java/CVE-2012-4681.H identifies malicious Java Archive (JAR) files that exploit a known vulnerability.

eset nod32 guncel key eset nod32 güncel key indir com nod32 nod32 keyleri

Is Network Solutions Snatching Domain Names?

Numerous individuals have discovered that when they search for a domain name at Network Solutions, the domain register is automatically registering the name for Network Solutions.

nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler

Android 4.2 adds multi-user support for tablets

http://asset1.cbsistatic.com/cnwk.1d/i/tim/2012/09/12/Google-Android-Jelly-Bean_610x329.jpg

Google has announced Android 4.2, described as "a new flavor of Jelly Bean", which adds a number of new features to Android 4.1 but is essentially the same OS. One long awaited addition is multi-user support for tablets; users will get their own apps and data but apps are shared locally so only one user has to download or update an application. An application will appear as a fresh instance when another user installs it. When a user switches to another account, if there is a task to be completed, such as a download or a sync, the app is allowed to run in the background.

est nod32 serial 64 bit nod32 esed nod32 4 nod32

Hidden details about the last Skype spread malware

Many things have been told already about the latest Skype malware spread via instant messages. However I just wanted to add something not mentioned yet. The first thing is about when the attack was launched first. According to Google Short URL service it first surfaced on Oct 6th :

nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri

FBI uses Facebook to nab NY terrorist suspect

An FBI source communicated with Quazi Mohammad Rezwanul Ahsan Nafis on the site. Nafis was arrested trying to bomb the New York Federal Reserve.

est nod32 serial 64 bit nod32 esed nod32 4 nod32

Apple's iPad mini packs full-sized punch but screen inferior: reviews

Customers gather outside an Apple store before the release of iPhone 5 in MunichSAN FRANCISCO (Reuters) - Apple Inc's entry in the accelerating mobile tablet race squeezes about 35 percent more viewing space onto a lighter package than rival devices from Google or Amazon.com Inc, but it sports inferior resolution and a lofty price tag, two influential reviewers wrote on Tuesday. The iPad mini, which starts at $329 versus the $199 for Google's Nexus 7 and Amazon's Kindle Fire HD, is easy to hold with one hand, eliminating a drawback of the 10-inch iPad, Wall Street Journal columnist Walt Mossberg wrote in one of the first major reviews of a gadget introduced last week. ...


nod32 full download full nod32 download est nod32 serial 64 bit nod32

Supreme Court seeks a way around 'perpetual copyright' on foreign goods

http://cdn.arstechnica.net/wp-content/uploads/2012/10/Supreme.court_.1-640x428.jpeg

If the Supreme Court is looking for a middle ground in Wiley v. Kirtsaeng, it's going to be hard to find. That copyright case, argued this morning, could have a big impact on resale markets around the country.

est nod32 serial 64 bit nod32 esed nod32 4 nod32

Hurricane Takes Down Big Websites

Hurricane Takes Down Big WebsitesFlooding at a Data Center in Manhattan Caused Websites to be Taken Offline.


güncel key nod32 full nod32 esed nod32 keyleri

Is the iPad Mini Worth Buying?

Apple has unveiled a new member of the family: the iPad Mini. This device is a clear response to the market pressure the cheaper Amazon Kindle Fire HD and the Nexus 7 have placed on the existing iPad. So how does this scaled down version of the iPad compare with its newly refreshed big brother [...]

nod32 güncel key nod32 guncel key eset nod32 guncel key eset nod32 güncel key

Backdoor:W32/Binanen.A

A dropper Trojan that contains malicious or potentially unwanted software, which it 'drops' and installs on the affected system.

full nod32 download est nod32 serial 64 bit nod32 esed nod32 4

Personal info stolen from South Carolina taxpayers

Slipshod security at #16;the state Department of Revenue leads to a massive security breach: 3.6 million Social Security Numbers stolen by a criminal, plus thousands of valid credit card numbers.

güncel key nod32 full nod32 esed nod32 keyleri esed nod32 key

Backdoor:OSX/Olyx.B

Backdoor:OSX/Olyx.B connects to a remote server to receive further instructions, without the knowledge or permission from the user.

esed nod32 download nod32 serialleri esed nod32 indir

Trojan:W32/Ransomcrypt

Trojan:W32/Ransomcrypt is ransomware that encrypts files on the affected computer and demands payment in order to provide a password decrypting the affected files.

eset nod32 güncel key indir com nod32 nod32 keyleri nod32 keyler

Apple in safe hands with bigger role for Ive: analysts

Jonathan Ive, senior vice president of industrial design at Apple Inc poses with his with his KBE award after an investiture ceremony at Buckingham Palace in London(Reuters) - The exit of Apple Inc's longtime mobile software products chief may be a surprise, but a band of able executives led by Tim Cook and a bigger role for design boss Jonathan Ive meant the company was in good hands, analysts said on Tuesday. Ive, Apple's celebrated industrial design chief will now look into both hardware and software designs, following the departure of Scott Forstall after years of friction with other top executives. ...


esed nod32 serial esed nod32 antivirus nod32 turkce nod32 full indir

Backdoor:OSX/MacKontrol.A

Backdoor:OSX/MacKontrol.A connects to a remote server to receive further instructions, without the knowledge or permission from the user.

nod32 keyler nod32 key esed nod32 download nod32 serialleri

30 Ekim 2012 Salı

Thoughts on Lessons from Our Cyber Past: The First Cyber Cops

nod32 keyler nod32 key esed nod32 download

Storm knocks down some web sites, but most stay online

SAN FRANCISCO (Reuters) - Despite outages at a few well-known web sites and ripple effects that occasionally slowed communications around the country, the Internet came through the massive storm that swamped New York and New Jersey with relatively minor problems. Built for resiliency and buttressed by the adoption of cloud computing, the Internet functioned largely as it was supposed to, industry experts said, routing around major disruptions in one of its central network locations, New York City. ...

esed nod32 indir nod32 serial nod32 güncel keyleri nod32 keyleri güncel

To Be Hacked or Not To Be Hacked?

nod32 full download full nod32 download est nod32 serial 64 bit nod32

Some Android apps leak personal data, researchers find

The researchers found that eight percent of the applications they analyzed have code that is vulnerable to attack.

nod32 serialleri esed nod32 indir nod32 serial nod32 güncel keyleri

Bejtlich Interviewed on This Week in Defense News

est nod32 key esed nod32 serial esed nod32 antivirus

RunAs Radio podcasts you might want to listen to

Hey guys. I noticed Twitter is a buzz with a few podcast interviews I did on RunAs Radio lately. I thought I will post the links for those of you who don't follow such tweets.

There were two interviews I did last month:

The first interview was discussion on free tools available for network monitoring and diagnostics. The second was some in depth discussion on using DirectAccess with Windows 7 and Windows Server 2008 R2. I do hope you find both interviews fun and useful.

Enjoy!

nod32 turkce nod32 full indir nod32 full download full nod32 download

China blocks NY Times over story on leader's 'hidden fortune'

A New York Times report detailed the family wealth of Prime Minister Wen Jiabao, and the Chinese government was not amused.

nod32 key esed nod32 download nod32 serialleri esed nod32 indir

Trojan-Dropper:OSX/Revir.A

Trojan-Dropper:OSX/Revir.A drops a downloader component that downloads a backdoor program onto the system, while camouflaging its activity by opening a PDF file to distract the user.

full nod32 esed nod32 keyleri esed nod32 key esed nod32 keys

Monitoring-Tool:Android/SimChecker.A

Monitoring-Tool:Android/SimChecker.A collects geolocation and other device information, and sends out this information via SMS messages and e-mails.

nod32 guncel key güncel key nod32 full nod32

Washington National Guard: Model for Cyber Defense?

eset nod32 guncel key eset nod32 güncel key indir com nod32 nod32 keyleri

Foxconn goes to court over severely injured worker

The company has tried to move the worker, but his father says his current state makes travel nearly impossible.

est nod32 serial 64 bit nod32 esed nod32 4 nod32

Exploit:W32/CVE-2010-0188.B

Exploit:W32/CVE-2010-0188.B identifies malicious PDF files downloaded by the Blackhole exploit kit that exploit a known vulnerability.

nod32 serial nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri

Backdoor:W32/Knockex.A

A remote administration utility that bypasses normal security mechanisms to secretly control a program, computer or network.

indir nod32 nod32 güncel key nod32 guncel key

KSN: An Analysis of Web Browsers

Today, cybercriminals are quick to exploit vulnerabilities in Adobe Reader, Flash and Java to infect users’ computers. There is a simple reason for this popularity: exploits of vulnerabilities found in these products can infect computers regardless of which operating systems and browsers are used on the attacked machines. We assumed that the threats posed to users were unaffected by their choice of browser and undertook a little research to test this assumption.

Picture courtesy of the PCMAG website

full nod32 esed nod32 keyleri esed nod32 key esed nod32 keys

EuSecWest 2012: That thing in your pocket

AMSTERDAM -- As part of my job monitoring security threats and trends for Kaspersky Lab's global research team, I'm exposed to a healthy dose of paranoia from white hat researchers who find it trivial to hack into modern operating systems and platforms.

After a few days of hanging out in the hallways with exploit writers, I find myself clutching my laptop to my chest a little tighter and constantly peeking at my mobile phone to make sure nothing out of the ordinary is happening.

None of this paranoia is misplaced. Just pay attention to the lessons from the Pwn2Own challenges organized by the CanSecWest/EuSecWest folks (shout-out to Dragos Ruiu for putting together top-notch events) and you get a real-world understanding of why it's near impossible to keep away a motivated adversary.

This week, I had the opportunity to interview the hacking teams that used zero-day vulnerabilities and clever exploitation techniques to compromise fully patched iPhone 4S and Android 4.0.4 (Samsung S3) and the big message from these hackers was simple: Do not use your mobile device for *anything* of value, especially for work e-mail or the transfer of sensitive business documents.

For many, this is not practical advice. After all, your mobile device is seen as an extension of the computer and there is a legitimate need to access work e-mail on iPhone/iPad, Android and BlackBerry smart phones. However, whether you are a businessman, a celebrity or the average consumer, it's important to start wrapping your mind around the idea of separating work from play on mobile devices.

nod32 keyleri nod32 keyler nod32 key esed nod32 download

The safe way to 'write down' your passwords

http://asset2.cbsistatic.com/cnwk.1d/i/tim/2012/10/29/10_25_12_Word_passwords1.jpg

Following my post earlier this month on "Ten simple, common-sense security tips," reader John B. asked whether it was safe to store his passwords in a Word DOC file and then copy and paste them into sign-in screens to thwart keystroke loggers. John just has to remember to type in one password: the one he uses to encrypt and password-protect his Word password document.

Tags: 

esed nod32 serial esed nod32 antivirus nod32 turkce nod32 full indir

Rootkit:W32/ZAccess

Rootkit:W32/ZAccess constantly displays advertisements on the infected machine and may silently contact remote servers to retrieve additional advertising information.

indir nod32 nod32 güncel key nod32 guncel key

SAP aims to be the Apple of enterprise mobility

http://en.wikipedia.org/wiki/SAP_AG

A home improvement retail chain can use an app running on an iPad to help design a customer's home, check inventory for the products, give a cost estimate to the customer, and take orders.

full nod32 esed nod32 keyleri esed nod32 key esed nod32 keys

Review of Super Scratch Programming Adventure! Posted

indir com nod32 nod32 keyleri nod32 keyler nod32 key

29 Ekim 2012 Pazartesi

How to Kill Teams Through "Stack Ranking"

full nod32 esed nod32 keyleri esed nod32 key esed nod32 keys

Is Network Solutions Snatching Domain Names?

Numerous individuals have discovered that when they search for a domain name at Network Solutions, the domain register is automatically registering the name for Network Solutions.

esed nod32 keyleri esed nod32 key esed nod32 keys

South Carolina governor seeks to calm taxpayers after security breach

South Carolina Governor Haley addresses the second session of the Republican National Convention in TampaCHARLESTON, South Carolina (Reuters) - South Carolina Governor Nikki Haley sought on Monday to temper the anger and frustration of state taxpayers left wondering if their personal information was compromised by recent cyber attacks on computers belonging to the Department of Revenue. Some residents also questioned whether state officials took too long to disclose that as many as 3.6 million Social Security numbers and 387,000 credit and debit card numbers may have been exposed to a foreign hacker in the security breach. ...


indir com nod32 nod32 keyleri nod32 keyler nod32 key

Anonymous: Anti-surveillance protest tomorrow

The hacktivist group says a worldwide anti-surveillance protest will take a stand against what the ACLU has called "the surveillance-industrial complex."

esed nod32 keyleri esed nod32 key esed nod32 keys est nod32 key

Anonymous hacks police private emails

http://i.telegraph.co.uk/multimedia/archive/02084/anonymous_2084952b.jpg

�Members of hacking group Anonymous retrieved the personal email details of private and serving officers from a website, and emailed them directly.

In a message addressed to ?members of our U.K. police and armed forces?, they told officers and servicemen to ?stand with us? in an upcoming campaign.

The security breach, which happened in a third-party web forum rather than official police computers, is being investigated by the Metropolitan Police Central e-Crime unit. A spokesman insisted no Met Police systems had been compromised and confirmed inquiries were ongoing.

esed nod32 4 nod32 esed nod32 indir nod32

Understanding Responsible Disclosure of Threat Intelligence

nod32 güncel key nod32 guncel key eset nod32 guncel key

Is Network Solutions Snatching Domain Names?

Numerous individuals have discovered that when they search for a domain name at Network Solutions, the domain register is automatically registering the name for Network Solutions.

indir nod32 nod32 güncel key nod32 guncel key eset nod32 guncel key

Trojan:W32/Ransomcrypt

Trojan:W32/Ransomcrypt is ransomware that encrypts files on the affected computer and demands payment in order to provide a password decrypting the affected files.

eset nod32 guncel key eset nod32 güncel key indir com nod32 nod32 keyleri

PayPal cutting jobs as part of major reorganization

SAN FRANCISCO (Reuters) - PayPal is cutting about 325 jobs as part of a major reorganization by its new president, David Marcus, designed to regain an innovative edge and head off rising competition. PayPal, the online payment pioneer owned by eBay Inc, said on Monday the full-time jobs would be eliminated as it combines nine product-development groups into one. The company is also cutting about 120 contractors. EBay will take a $15 million pretax restructuring charge in the fourth quarter related to the job reductions. ...

nod32 keyleri nod32 keyler nod32 key esed nod32 download

Not Just Clowns, But Criminals

nod32 guncel key eset nod32 guncel key eset nod32 güncel key

Code Testing Tools Could Be Acquisition Targets in '08

Interest in building security into the development process could make code testing products into inviting buyout targets.

esed nod32 key esed nod32 keys est nod32 key esed nod32 serial

Verizon to sell Nokia phone

Verizon Wireless, the largest cellphone carrier in the U.S., says it will sell a Nokia phone for the first time in years, lending support to the embattled Finnish company's turnaround effort.

esed nod32 serial esed nod32 antivirus nod32 turkce nod32 full indir

Come have Coffee and Code in Vancouver with me and Microsoft tomorrow

So John Bristowe, Developer Evangelist for Microsoft Canada will be hosting a Coffee and Code event in Vancouver tomorrow from 9 to 2 at Wicked Cafe. Come join him and fellow Microsoft peers Rodney Buike and Damir Bersinic as they sit and share their knowledge over a cup of joe.

I will be there too, and will be available if anyone wants to talk about secure coding, threat modeling with the SDL TM or if you want to talk about integrating AuthAnvil strong authentication into your own applications or architectures

I do hope to see some of you there. And if I don't... I will be seeing you at #energizeIT right?

What: Coffee and Code in Vancouver
When: April 8th, 2009 from 9am - 2pm
Where: Wicked Cafe - 861 Hornby Street (Vancouver)

nod32 full indir nod32 full download full nod32 download est nod32 serial

One Supreme Court ruling may stop you from reselling just about anything

http://cdn.arstechnica.net/wp-content/uploads/2012/10/book-first-sale.jpg

On Monday, the US Supreme Court will hear arguments in a case that pits a major textbook publisher against Supap Kirtsaeng, a student-entrepreneur who built a small business importing and selling textbooks.

indir com nod32 nod32 keyleri nod32 keyler

The Yacht Steve Jobs Designed With Philippe Starck Has Finally Been Unveiled

http://cultofmac.cultofmaccom.netdna-cdn.com/wp-content/uploads/2012/10/Steve_Jobs_yacht_back.jpg

Around this time last year, it was revealed that Steve Jobs had been designing his very own luxury yacht before his death. Jobs had been collaborating with renowned French designer Philippe Starck on the project.

After six years of design and construction, Steve Jobs?s yacht has finally been finished at a shipyard in North Holland. The beautiful ship is called ?Venus,? and Job?s widow, Laurene Powell Jobs, was there for the launch with Jobs?s three children.

full nod32 esed nod32 keyleri esed nod32 key esed nod32 keys

Spam one step ahead of iPhone 5 release

Apple fans are eagerly awaiting the arrival of iPhone 5 which is due out today. Each unveiling of an iDevice is accompanied by a global buzz of excitement which usually attracts the attention of spammers: every new iPad or iPhone inevitably becomes the bait in numerous fake lotteries and other fraudulent emails.

However, customers are not only interested in Apple’s devices but also their accessories. This year’s first registered mass mailing dedicated to the new iPhone came from a Chinese company that has decided to fill this niche.

The advertiser, having first apologized for any inconvenience that may be caused by the email, offers users the chance to buy a case for the new iPhone 5 which has not even been officially presented.

Considering the sort of promises that usually appear in spam, one can only wonder why the sender didn’t offer an actual iPhone 5 or, better still, an iPhone 6 (or whatever it’ll be called in 2013? iPhone 5v?).

nod32 guncel keyler nod32 guncel key güncel key nod32 full nod32

Celebrate National Cat Day With MashCats

Celebrate National Cat Day With MashCats1. Griffy


esed nod32 keys est nod32 key esed nod32 serial esed nod32 antivirus

Poll: Scant demand for Microsoft's Windows 8

Microsoft bills Windows 8 as a "re-imagining" of the personal computer market's dominant operating system, but the company still has a lot of work to do before the makeover captures the imagination of most consumers, based on the results of a recent poll by The Associated Press and GfK.

güncel key nod32 full nod32 esed nod32 keyleri

Is Twittering safe?

So Susan has been on my case about Twitter for some time now. In a recent round table we were recording she "beat me up" about it, and tonight on IM we had a good discussion about the REAL vs PERCEIVED risks in Twitter.

Susan's biggest complaint is that security minded individuals shouldn't be blindly recommending the use of Twitter without educating the user on 'safe-twittering'. I would say that same logic exists for setting up web pages, blogs and the use of social networking sites like Facebook.

She stepped that up a bit tonight when she blogged her discomfort in the fact the RSA Conference was recommending Twitter as well.

So in an effort to stop spreading the FUD about Twitter insecurity, I wanted to share some of my thoughts through a quick set of safe twittering rules.

@DanaEpp's 5 Rules of Safer Twittering


  • Never share information in a tweet that you wouldn't share with the world. You can never expect to take it back once it's on the Internet. Even though you can delete a tweet, 3rd party clients may still have it archived. If you feel you want to share private thoughts through Twitter, consider using a "Private Account" and limited it to only people you trust and want to share with. Of course, remember nothing prevents your friends from sharing your tweets with the world. So never share private information on Twitter. Ever. it's just easier that way.
  • There is no assurance that a Twitter account is the person you believe it is. Deal with it. Anyone can register an account if it doesn't already exist. As a real world example, for some time @cnnbrk was NOT an official CNN account, even though most of the Twitter world thought it was. It wasn't until recently that CNN bought the account from James Cox (the account holder) for an undisclosed amount of money. Another example is the fact that one of Susan's Twitter accounts was actually created by a fellow SBS MVP, and not actually her. :-)
  • Never click on links in a tweet, unless you trust the URL. If unsure, don't click! The worms that were used to attack Twitter came from people getting users to go to profile pages etc that they had control over for some interesting script attacks. With only 140 chars, its common to "shorten" the URL. Which means you might be clicking on a link blind. That's fine. But only trust shortened URLs that can be previewed BEFORE you go to it. As an example, my recommendation is to use something like TinyURL. However, here is the trick. When you create a TinyURL, use the preview mode. As an example, if you want to send someone to my blog you can use http://tinyurl.com/silverstr to go directly. However, if you use http://preview.tinyurl.com/silverstr it will stop at TinyURL.com and let the user SEE the link before they actually get to it. That is much safer. If using TweetDeck, select TinyURL as the provider, and when it creates the shortened url, simply add "preview." in front of "tinyurl.com".
  • Use a 3rd party Twitter client instead of using the Twitter.com website directly. I am a fan of TweetDeck and Twitterfon, but there are tons of different clients out there. Why? It is the lesser of two security evils as it relates to web based attacks in Twitter. Most clients have ways to reduce or turn off linking, prevents the script attacks in profile viewing and generally is just an easier environment to stay protected in. Are these clients free of attack? Of course not. But its another layer of defense. Of course... you need to have trust in your client. But that's a story for another day ;-)
  • You never know who is following you. Remember that. As you use Twitter more and more, you never know who might be watching. I recently had someone who has been trying to get an interview with me who follows me on Twitter, knew where I was having coffee one day because of a tweet I wrote (and it's geotag) and ended up coming down to confront me with his resume. Which was inappropriate in my books. But my own fault. I wasn't too concerned.. but it definitely gave me pause when considering my daughter uses Twitter and could be as easily found. Nothing like the potential of being stalked. GeoTagging makes it way to easy to find you. Remember that.

Look, Twitter is addictive. Simple. Short. Fast. A great way to see the thoughts of others you might care about. Ultimately though... like any other Internet based technology it has the potential to be abused... and put you at risk. No different than websites or blogs.

So be careful. Follow these rules and enjoy the conversation!

nod32 guncel key güncel key nod32 full nod32 esed nod32 keyleri

28 Ekim 2012 Pazar

Trojan:W32/Murofet.A

This trojan attempts to download a file (presumably malicious) from a randomly generated domain.

nod32 key esed nod32 download nod32 serialleri esed nod32 indir

Top 3 Reasons Why You Need to Attend the Mashable Media Summit

Top 3 Reasons Why You Need to Attend the Mashable Media SummitThe Mashable Media Summit is a rare and unique opportunity to be in the company of leaders from all areas of the industry. In less than one week, you'll hear from new media companies like Facebook, Tumblr and Reddit, as well as more traditional staples in media including The New York Times, Hearst and NPR. You'll hear the full story from every angle this Nov. 2 at the TimesCenter in New York City.


esed nod32 keys est nod32 key esed nod32 serial esed nod32 antivirus

Israeli Agents Steal Korean Tech for Chinese Customer

nod32 key esed nod32 download nod32 serialleri

Trojan:W32/Reveton

Trojan:W32/Reveton is a Ransomware application. It fraudulently claims to be from a legitimate law enforcement authority and prevents users from accessing their infected machine, demanding that a 'fine' must be paid to restore normal access.

indir com nod32 nod32 keyleri nod32 keyler nod32 key

Backdoor:OSX/Tsunami.A

Backdoor:OSX/Tsunami.A is a distributed denial-of-service (DDoS) flooder that is also capable of downloading files and executing shell commands in an infected system.

nod32 guncel key eset nod32 guncel key eset nod32 güncel key indir com nod32

Exploit:Java/CVE-2012-4681.H

Exploit:Java/CVE-2012-4681.H identifies malicious Java Archive (JAR) files that exploit a known vulnerability.

nod32 guncel key güncel key nod32 full nod32 esed nod32 keyleri

Encryption Is Not the Answer to Security Problems

nod32 serialleri esed nod32 indir nod32 serial

Cyberthieves steal $400,000 from Bank of America

The account -- now frozen -- is used to pay city government workers in Burlington, Wash., via direct deposit.

full nod32 download est nod32 serial 64 bit nod32 esed nod32 4

Coding Tip: Why you should always use well known SIDs over usernames for security groups

So have you ever tried to restrict access to your applications in a way so that you can maintain least privilege?

I do. All the time. And recently it blew up in my face, and I want to share my experience so others can learn from my failure.

Let me show you a faulty line of code:


if( principal.IsInRole( "Administrators" ) )

Seems rather harmless doesn't it? Can you spot the defect? Come on... its sitting right in the subject of this post.

Checking to see if the current user is in the "Administrators" group is a good idea. And using WindowsPrincipal is an appropriate way to do it. But you have to remember that not EVERYONE speaks English. In our particular case, we found a customer installed our product using English, but had a user with a French language pack. Guess what... the above code didn't work for them. Why? Because the local administrators group is actually "Administrateurs".

The fix is rather trivial:


SecurityIdentifier sid = new SecurityIdentifier( WellKnownSidType.BuiltinAdministratorsSid, null );
if (principal.IsInRole(sid))

By using the well known SID for the Administrators group, we ensure the check regardless of the name or language used.

Lesson learned the hard way for me. We have an entire new class of defect we are auditing for, which we have found in several places in our code. it always fails securely, NOT letting them do anything, but that's not the point. It is still a defect. Other accounts we weren't considering were "Network Service" (its an ugly name on a German target) and "Guest". Just to name a few.

Hope you can learn from my mistake on that one. That's a silly but common error you may or may not be considering in your own code.

esed nod32 key esed nod32 keys est nod32 key esed nod32 serial

Exploit:Java/Majava.A

Exploit:Java/Majava.A is a Generic Detection that identifies Java exploits.

nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler

Backdoor:W32/Knockex.A

A remote administration utility that bypasses normal security mechanisms to secretly control a program, computer or network.

nod32 serialleri esed nod32 indir nod32 serial

More Bad Drivers on the Information Superhighway

Opinion: In order to prevent bad device drivers from making the system unstable, Microsoft artificially limits the amount of memory available to Windows.

esed nod32 keys est nod32 key esed nod32 serial esed nod32 antivirus

Microsoft SDL bans mempcy()... next it will be zeros!!!!

So recently Microsoft banned memcpy() from their SDL process, which got several of us talking about perf hits and the likes when using the replacement memcpy_s, especially since it has SAL mapped to it. For those that don't know, SAL is the "Standard Annotation Language" that allows programmers to explicitly state the contracts between params that are implicit in C/C++ code. I have to admit its sometimes hard to read SAL annotations, but it works extremely well to be able to help compilers know when things won't play nice. It is great for static code analysis of args in functions, which is why it works so sweet for things like memcpy_s()... as it will enforce checks for length between buffers.

Anyways, during the discussion Michael Howard said something that had me fall off my chair laughing. And I just had to share it with everyone, because I think it would make a great tshirt in the midst of this debate:

Oh, I'm thinking of banning zero's next - so we can no longer have DIV/0 bugs! Waddya think?

OK.. so its a Friday and that is funny to only a few of us. Still great fun though.

Have a great long weekend! (For you Canadian folks that is)

indir nod32 nod32 güncel key nod32 guncel key eset nod32 guncel key

Rootkit:W32/ZAccess

Rootkit:W32/ZAccess constantly displays advertisements on the infected machine and may silently contact remote servers to retrieve additionaly advertising information.

indir com nod32 nod32 keyleri nod32 keyler nod32 key

Citi fires analyst, pays fine over Facebook leak

The young Citigroup analyst was researching Facebook before it went public. He dropped an email to two of his buddies at a popular technology blog, leaking them information about Citigroup's research that was supposed to be private.

esed nod32 download nod32 serialleri esed nod32 indir

Trojan:W32/Murofet.A

This trojan attempts to download a file (presumably malicious) from a randomly generated domain.

esed nod32 4 nod32 esed nod32 indir nod32

BoteAR: a �social botnet�? What are we talking about?

In information security, talk about botnets equals talk about malicious actions that materialize through criminal action. In essence, we think there is always a hostile attitude on the part of those who administer them. Please correct me colleagues, refute this if I'm wrong, but I think conceptually you agree with me.

BoteAR (developed in Argentina) adopts the concept of "social networks" although it seems, as yet, not fully materialized. It offers a conventional and manageable botnet via HTTP but uses the model of crimeware-as-a-service. Moreover, the author seems to adopt (maybe unknowingly) the business model of affiliate systems originating in Eastern Europe which are used to spread malware i.e. infect and get revenue for each node you infect.

So far nothing unusual, unfortunately we witness this kind of tactic every day. The striking thing about BoteAR though is that it tries to shield itself under a wrapper of security in an attempt to "fraternize" with its community.

nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler

A Sneak Peek at This Year's Exciting Media Summit

A Sneak Peek at This Year's Exciting Media SummitWith less than one week until the Mashable Media Summit, tickets are selling out fast. Now's your chance to purchase your ticket to learn about the hottest trends from the biggest leaders in media.


full nod32 esed nod32 keyleri esed nod32 key esed nod32 keys

Top Comments on Mashable This Week

Top Comments on Mashable This WeekApple Surprises With iPad 4


nod32 guncel keyler nod32 guncel key güncel key nod32

27 Ekim 2012 Cumartesi

Israeli Agents Steal Korean Tech for Chinese Customer

esed nod32 indir nod32 nod32 güncel key nod32 guncel key

BoteAR: a �social botnet�? What are we talking about?

In information security, talk about botnets equals talk about malicious actions that materialize through criminal action. In essence, we think there is always a hostile attitude on the part of those who administer them. Please correct me colleagues, refute this if I'm wrong, but I think conceptually you agree with me.

BoteAR (developed in Argentina) adopts the concept of "social networks" although it seems, as yet, not fully materialized. It offers a conventional and manageable botnet via HTTP but uses the model of crimeware-as-a-service. Moreover, the author seems to adopt (maybe unknowingly) the business model of affiliate systems originating in Eastern Europe which are used to spread malware i.e. infect and get revenue for each node you infect.

So far nothing unusual, unfortunately we witness this kind of tactic every day. The striking thing about BoteAR though is that it tries to shield itself under a wrapper of security in an attempt to "fraternize" with its community.

nod32 keyler nod32 key esed nod32 download nod32 serialleri

Citi fined $2 million over Facebook IPO, fires two analysts

File photo of people walking by a Citibank branch in New YorkBOSTON/SAN FRANCISCO (Reuters) - Citigroup fired its top Internet analyst, Mark Mahaney, and paid a $2 million fine to a Massachusetts regulator to settle charges that the bank improperly disclosed research on Facebook IPO and information on other tech companies. It was the first formal charge involving an underwriter's disclosure of sensitive financial information ahead of the social media company's $16 billion initial public offering in May. ...


nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler nod32 guncel key

Spyware:Android/Flexispy.K

Spyware:Android/Flexispy.K is a commercially available monitoring program.

esed nod32 antivirus nod32 turkce nod32 full indir

Reflecting on our Windows 7 birthday party

So this week my buddy Charlie and I threw a Windows 7 party for the IT pro community in Vancouver, BC at the Microsoft office.

The office could only handle 80 people, and we simply had to turn people away. Sorry to those who weren't allowed to come. Many people came early, and hung out in the hallway even before they were allowed in.

With almost a 100 people in that hallway just out of the elevator, that hall was WARM. I felt bad for some of the people as you could tell they were overheating. But we weren't ready to let them in as we set up the rooms with different Windows 7 systems.

When we did open the doors it was a mad rush for everyone to get in where it was cooler and they could grab a cold one and cool down. Thankfully everyone was patient and polite. Thanks to everyone for that!

Once they got in, there were several different rooms that they could go hang out in. In one room, Charlie had brought a HP Media Touchsmart so people could experience the new multi touch functionality of Windows 7. Kerry Brown, a fellow MVP with experience in Windows shell, stayed in the room teaching people all the new shell features like Libraries, Jump Lists etc, and I am told schooled some admins on the nitty gritty of Power Shell. Good job Kerry! Thanks for helping out!!!

It was interesting as everytime I looked in that room, people were surrounded around the device playing with the TouchPack games and with Virtual Earth. It was interesting to hear my buddy Alan comment that his experience on his iPhone with multitouch, especially with Google Earth, was far superior to what he was seeing there. Maybe that is something Microsoft can take away from that. Of course, big difference on a 24 inch monitor and a small iPhone screen. But the point is well taken.

We had the biggest crowds when we did demos in the main presentation room. When I was presenting on DirectAccess security I had my good friend Roger Benes (a Microsoft FTE) demonstrate how Microsoft used DirectAccess themselves. Using the Microsoft guest wireless he connected seamlessly to Microsoft's corpnet, which allowed us to demonstrate the policy control and easy of use of the technology. I am told a lot of people enjoyed that session, with several taking that experience back to their own office to discuss deployment. Thats always good to hear.

Charlie impressed the crowd showing how to migrate from Windows XP and Vista to Windows 7. He demonstrated Windows Easy Transfer and Anytime Upgrades and took the time to explain the gotchas in the experience. He even had me demonstrate XP mode on my laptop so people could see how they could maintain application compatibility with a legacy Windows XP virtualized on Windows 7.

Of course, I had a lot of fun hanging out in the far back room. I got to demonstrate some of the security stuff built into Windows 7 like BitLocker, AppLocker and BitLocker to Go. I was even asked about Parental Controls which I couldn't show on my laptop since its domain joined, but was able to show on a demo box Roger had brought for people to play with.

Some of the more interesting things I helped facilitate was asking my buddy Alan to bring his Macbook in. He is a great photographer who works with Linux and OSX a fair bit, on top of using Windows. Actually, all the photos you see in this post were taken by him. Thanks for sharing them Alan!

Anyways, I convinced him to let us use his Macbook to install Windows 7. He reluctantly agreed, as you can see from the picture below when he was looking at the Snow Leopard and Windows 7 media together. :-)

We had a fair number of people crowd around his Macbook as he went through the process of installing Bootcamp and deploying Windows 7. Interestingly enough, it flawlessly converted that Apple hardware into a powerful Windows 7 system in about 20 minutes.

Charlie and I were REALLY busy. We had presented on different sessions in different rooms throughout the night. Actually, I very rarely even saw him except for a few times when he called me in to help out with a demo. Sorry we couldn't party more together Charlie. And my apologies to those that were looking forward to our traditional "Frick and Frack" show where we banter back and forth.

Many of you may not know that outside of computers, I am an avid indie filmmaker. Actually, that is giving me too much credit. I am an amateur cinematographer at best, who had high hopes that I would get a chance to film everyone's impressions throughout the party. Unfortunately, I was so busy presenting, I had almost NO TIME to get any film recorded. *sigh* Alan did get a snap of a rare moment when I actually caught someone on film.

Of course I can't complain too much. I had a great time getting to show all the neat features in Windows 7, and answering the tonnes of questions that people had.

Of course, when the night finally wound down, it was nice to close out the party and watch the Vancouver skyline change. When we were done, we had the opportunity to hang with our IT friends in Vancouver and bring in the birth of Windows 7.

I have several people I would like to thank for making the evening possible. Charlie and I couldn't have done it without the support of people like Graham from VanTUG, Jas from VanSBS and Roger from Microsoft. Speaking of Microsoft, I have to give a shout out to Sim, Sasha and Ljupco in the MVP team who helped us get through all the red tape to throw the party at Microsoft's office. And many thanks to Brent, Alan and Kerry for helping us out throughout the event. My thanks to all of you.

I hope everyone had a good time. And if anything, Charlie and I hope you learned something that will help you deploy and use Windows 7 in your organizations. Happy birthday Windows 7. Welcome to a new world without walls!

P.S. All the pictures you see here were taken by Alan and used with his permission. You can check out some of his other amazing work at bailwardphotography.com.

nod32 guncel key eset nod32 guncel key eset nod32 güncel key indir com nod32