The Conficker worm has been generating the big security headlines, but what The New York Times calls a "vast electronic spying operation" reveals an ongoing, very sophisticated cyberespionage campaign that may well represent an even more important threat than Conficker - especially to the Dalai Lama's Tibetan freedom movement.
Researchers at the University of Toronto Munk Center's Citizen Lab summarize GhostNet thus:
Documented evidence of a cyber espionage network— GhostNet—infecting at least 1,295 computers in 103 countries, of which close to 30% can be considered as high-value diplomatic, political, economic, and military targets.
Documented evidence of GhostNet penetration of computer systems containing sensitive and secret information at the private offces of the Dalai Lama and other Tibetan targets.
Documentation and reverse engineering of the modus operandi of the GhostNet system—including vectors, targeting, delivery mechanisms, data retrieval and control systems—reveals a covert, diffcult-to-detect and elaborate cyber-espionage system capable of taking full control of affected systems.
To find out more about how GhostNet works, join us after the jump.
April Fools' Day might be all fun and games for some, but if you manage to fall prey to the Conficker worm, it's no laughing matter. As reported earlier this month by our very own Mark Soper, the third version of Conficker (Conficker.c) is set to wreak havoc tomorrow, April 1st. Here's what you need to know.
What is Conficker?
Conficker is one of the nastiest computer worms in recent history to go on the warpath against Windows-based PCs. First surfacing in October, 2008, Conficker targets Windows 2000, XP, Vista, Server 2003, Server 2008, Server 2008 R2 Beta, and even Windows 7. To date, Conficker has infected over 9 million PCs, shut down French and British military assests, and prompted a $250,000 reward from Microsoft for information leading to the arrest and conviction of the worm's creators.
What Does it Do?
The first two versions of Conficker -- variants A and B -- exploit a vulnerability in the Server Service on Windows-based PCs to take advantage of an already-infected source computer. Once infected, the worm goes to work exploiting the network hole, cracking administrator passwords, prevents access to security websites and services for automatic updates, disables backup services, erases recently saved documents, and among other things, also leaves you vulnerable to other infected machines.
What Happens Tomorrow?
One of the scariest things about Conficker, including Conficker.c, is that its full potential isn't known. Come tomorrow, those infected might be prompted to buy fake sofware products, or it could start monitoring your keystrokes to lift sensitive information like banking passwords. Files could end up deleted, or it might transform your computer into a zombie PC while staying under the radar. Whatever it ends up doing, it won't be good, and you need to take proper precautions right now.
Join us after the jump to find out how to avoid infection, or what you can do if it's already too late. **Now with April 1st Update!**
According to Google, if you’ve got valuable documents out on their Google Docs suite of applications, you shouldn’t worry your pretty little head off. According to them, the alleged issues are smoke and mirrors.
In an official blog post by Jonathan Rochelle, Google Docs’ Product Manager, he explains, “At Google, we treat the privacy and integrity of our users' data with the highest priority. We quickly investigated, and we believe that these concerns do not pose a significant security risk to our users. If you want the details, read on...”
The blog post continues to meticulously break down and debunk the issues that the analyst, Ade Barkah, had brought to their attention.
Though, Google did admit that earlier this month a glitch in Docs caused some user documents to be exposed to those without proper permissions. The problem occurred amongst users that had previously shared documents, but reportedly affected less than 0.05 percent of the documents.
Microsoft's latest browser, Internet Explorer 8, has gotten mixed reviews from MaximumPC.com readers (see comments here and here), but one question that's hard for any individual user to answer about any browser is "how secure is it?"
To find out, Microsoft asked NSS Labs to pit IE8 RC1 against its predecessor, IE7, as well as the following third-party browsers: Firefox 3.0.7, Safari 3.2, Chrome 1.0.154, and Opera 9.64. The objective: find out which browser did the best job at handling so-called social-engineering malware sites - the ones that try to con you into downloading malware disguised as something else ("Adobe Flash update," anyone?).
ComputerWorldreports that IE8 did the best job of fending off attacks from 492 malware-distributing websites, blocking 69% of attacks (details here [PDF link]). If you're not using IE8, join us after the jump to learn how your favorite browser fared.
It was a year ago that security researcher Charlie Miller walked away with $10,000 for hacking into a MacBook Air with Safari in just two minutes during the annual Pwn2Own competition, and earlier this month Miller predicted Safari would be the first to fall at this year's event. Miller made good on that promise this week by using a prepared exploit to gain full control of the device in about 10 seconds.
"It's not easy, but this worked with one click [from the Safari browser]", Miller said.
Miller had discovered the exploit last year, which allows a remote attacker to take over a machine if a user clicks on a malicious URL. Details of the exploit, which Miller isn't allowed to divulge, will be shared with Apple from contest sponsor TippingPoint so that Apple can develop a patch.
On the same day, a 25-year-old computer science student at the University of Oldenburg in Germany demonstrated exploits in IE8, Safari, and Firefox, earning him a cool $15,000 ($5,000 per exploit), along with getting to keep the Sony Vaio P series notebook he used (Miller pocketed $5,000 and a MacBook Air).
While three major browsers succumbed to hacking attempts on day one, no mobile exploits have yet been successful. Mobile exploits carry the biggest reward for contest participants, with TippingPoint offering $10,000 for each successful exploit in the major smartphones.
Just when you might have thought it was safe to start using USB flash drives at work again, the third, and by all accounts, most fiendish version of the Conficker worm that's infected millions of PCs already is set to attack on April 1st, Ars Technicareports. Conficker.C's designed to hide itself even more thoroughly than its older siblings, using tricks such as:
Inserting itself into as many as five Windows-related folders such as System, Movie Maker, Internet Explorer, and others (under a random name, of course)
Creating access control entries and locking the file(s)
Registers dummy services using a "one (name) from column A, one from column B, and two from column C" method
To find out what happens when Conficker.C strikes, join us after the jump.
The beauty of a Live CD is that it gives you a chance to access your computer or a batch of alternate applications without actually having to load up your operating system. You only need to pop the CD into your optical drive and boot it up from your BIOS -- this self-contained environment runs independent of anything that's located on your drive partitions, even though you can still perform a variety of tasks that manipulate the data on your drives.
For example, you can test our new Linux distributions using a Live CD, saving you the time and hassle of blanking an entire partition just to see if it's the right distribution for you. You can also manipulate the partitions of your drives using a Live CD, expanding and creating volumes to create alternate locations for new operating systems, files, or whatever it is you'd use a separate volume for. Live CDs are great for troubleshooting your system (or saving your data) when your primary operating system won't boot, and they can also be used to break through Windows installations that you've lost the password for.
All that functionality... and you don't even have to install a single program on your machine! Click the link to check out some of the best Live CDs that you should have sitting on your desk.
If you haven’t done so already, make sure your Adobe reader has checked for, and downloaded the latest updates. Adobe has finally released a patch for the zero day scripting vulnerability in its PDF software. The patch for version 9 hit the net a bit earlier than expected, but not a moment too soon to combat this now critically exploited weakness which has been in the wild now since December 2008. The patches for Version 7 & 8 are still planned for March 18th and users of this version would be advised to either upgrade to 9.1 or consider Foxit Reader.
The news was posted by Adobe blogger David Lenoe. "Today, we posted the Adobe Reader 9.1 and Acrobat 9.1 update, which resolves the recent JBIG2 security issue (CVE-2009-0658), including the 'no-click' variant of the vulnerability." "We encourage all Adobe Reader users to download and install the free Adobe Reader 9.1."
For those that haven’t been following the details of the exploit, the vulnerability is a result of an array indexing error in the processing of JBIG2 streams. Hackers have found a way to corrupt arbitrary memory using the PDF format and take control of compromised systems. The lesson learned here if we didn’t know it already, don’t take candy, or PDF’s from strangers.
Password. Letmein. Asdf. Blahblah. Monkey. 1234. These are just some of the most commonly used passwords being used around the web, but even worse than using a boneheaded password is using the same one for every registered website. Nothing new, right?
Apparently it is, at least for one-third of respondents who participated in an online survey conducted by security outfit Sophos. According to Sophos, only 19 percent of respondents said they never use the same password for multiple websites. Almost half admitted to using a few different passwords, and 33 percent fessed up to using the same password all the time.
To state the obvious, using a single password for multiple websites makes it easy for hackers to wreak more havoc should the password become compromised. But obvious as basic security may seem, it's not being practiced by many. Recent examples include high profile Twitter account hijackings, including the ones belonging to President Barack Obama, Britney Spears, and Fox News, and the discovery that the population at large continues to use unimaginative passwords, such as selecting their first name.
Today, Microsoft released a trio of security bulletins covering all currently-supported Windows versions. Users of Windows 2000 SP4 through Windows Vista SP1 (as well as Windows Server 2003 and 2008) need to install the update for the critical Windows kernel vulnerability noted in Security Bulletin MS-09-006. The other two bulletins (MS09-007 and MS09-008) solve important vulnerabilities in SChannel (007) and DNS/WINS Server (008); these bulletins apply to Windows 2000 SP4 through Windows XP and Server 2003 only.
Other updates to look for include the usual updates to the Malicious Software Removal Tool and the Windows Mail junk email filter. If you're on Automatic Updates, follow instructions to reboot if needed after installation. If you prefer to be in charge, don't forget to download and install these as soon as possible.