So, what is it about Windows 7's UAC that makes it vulnerable? As Zhen puts it:
Windows is a platform that welcomes third-party code with open arms. A handful of these Microsoft-signed applications can also execute third-party code for various legitimate purposes. Since there is an inherent trust on everything Microsoft-signed, by design, the chain of trust inadvertently flows onto other third-party code as well. A phenomenon I’ve started calling “piggybacking”.
To demonstrate, one of the many Microsoft-signed applications that can be taken advantage of is “RUNDLL32.exe”. With a simple “proxy” executable that does nothing more than launch an elevated instance of "RUNDLL32 pointing to a malicious payload DLL, the code inside that DLL now inherits the administrative privileges from its parent process "RUNDLL32" without ever prompting for UAC or turning it off.
It sounds serious, but before you jump to conclusions, join us after the jump for Microsoft's response and a workaround.
When it comes to PC security, you already know the drill: Don't download unknown attachments, avoid clicking on suspicious links, log directly into your online accounts rather than follow a hyperlink, and so forth. These methods work well when dealing with virtual threats, but what happens when miscreants start meshing their malware tricks into the real world?
That's exactly what's going on in North Dakota, where some hybrid car owners have fell victim to fake parking citations left on the windshield. The citations read "PARKING VIOLATION. This vehicle is in violation of standard parking regulations. To view pictures with information about your parking preferences, go to ______," where the blank is filled in with a malicious website. Those who go the website are instructed to download a toolbar to view photos of the ticketed car, but it instead installs a Trojan along with a bogus security alert instructing victims to install a fake antivirus scanner.
On January 31, you may have thought the entire internet had fallen prey to what would have ranked as the fastest spreading worm in the history of the web. That's because for about an hour on Saturday morning, all Google search results were flagged with a warning saying "This site may harm your computer," including Google.com. Clicking a marked site would bring up yet another warning.
So what exactly happened? Well, it wasn't a worm, and the internet wasn't under attack (no more than usual, anyway). Instead, Google said it ultimately boiled down to human error.
"Unfortunately (and here's the human error), the URL of '/' was mistakenly checked in as a value to the file and '/' expands to all URLs," Google explained on its blog. "Fortunately, our on-call site reliability team found the problem quickly and reverted the file. Since we push these updates in a staggered and rolling fashion, the errors began appearing between 6:27 a.m. and 6:40 a.m. and began disappearing between 7:10 and 7:25 a.m., so the duration of the problem for any particular user was approximately 40 minutes."
Google initially said it gets its list of malicious URLs from StopBadware.org, which StopBadware.org said isn't true. After several updates, Google's final statement says it "works with a non-profit called StopBadware.org to come up with criteria for maintaining this list," but that fault untimately fell on Google.
Hard drive encryption sounds like an intimating concept, mostly because it is. The thought of taking your precious files, then using a mathematical formula to convert them into random noise before scattering them back across your disk is a hard sell. The harsh reality is, mobile computing is on the rise, and so is laptop theft. Depending on who you ask, anywhere from 500,000 to over 1,000,000 laptops are lost or stolen in the US each year. In some cases, the data on the hard drive is often more valuable than the machine itself.
To determine if disk encryption is something you should be considering, simply ask yourself if your PC contains anything you wouldn’t want posted publically on the internet. If the answer to this is yes (and I assume for most of us it is) then encryption is worth considering.
The good news is, you no longer need to be a member of the CIA to lock down your machine with government level encryption.In fact, one of the most highly regarded and powerful encryption tools available is both free, and open source (our favorite combination!) True Crypt allows you to protect either all your data, or only what you choose. You can mask your boot drive and sensitive documents, while leaving your games or other non generic data in the clear. While no encryption process is without risk, True Crypt is designed to put your mind at ease, and takes no chances with your data. The process can be reversed at any time even without being able to boot into windows.
So if your ready to get started click the jump to learn step by step how to protect your data.
With the New England Patriots having been unceremoniously knocked out of playoff contention in unprecedented fashion with an 11-5 record, most of you are probably so disgusted that you won't even bother to watch the Super Bowl. But for the rest of you, and particularly those of you planning to attend and watch the Cardinals finish off their storybook playoff run with one final (and one very shocking) victory over the Pittsburgh Steelers (that's right, I'm calling the Cardinals on this one) in person, Microsoft will be helping to keep you safe during the ensuing pandemonium.
NFL security VP Milton Ahlerich said earlier that Raymond James Stadium in Tampa will be "one of the safest locations you can possibly be" during the Super Bowl, which shows how confident he is in Microsoft's Surface. Security will be using Surface to coordinate security forces, giving them a display of a Microsoft Virtual Earth map of the entire region, along with the ability to quickly zoom and display a 3D image of the city with realtime resource tracking.
"We’re thrilled to be a part of the Super Bowl activities and supporting our long term customers here in Tampa," said Robert Wolf, President and CEO of E•SPONDER. "Our goal remains to provide the region’s first responders with easy-to-use, real-time collaboration tools to help protect the fans attending events throughout Super Bowl week and the game itself."
Google's rap sheet when it comes to goofy exploits gives us pause to wonder if the company might be spending too much time concentrating on Cloud computing and not enough on security fundamentals. Back in July of last year, a SecurTeam blog exposed a Google Calendar flaw which made it possible to expose any Gmail user's real name with minimal effort. More recently, an exploit in Gmail allowing hackers to redirect your email was discovered. Now someone has stumbled onto an interesting vulnerability in Google's Chrome browser.
When you visit a site with an http password protected directory -- or try logging into your router, such as 192.168.1.1 for Linksys owners -- an Authentication Required pop-up appears asking for your for your login credentials. Your password should look something like ••••••••, but according to NeoBlog user tekmosis, if you let Chrome save your credentials to auto-fill the form, the next time you log in, copying and pasting the hidden password into a plain text application will reveal the actual ASCII characters.
We put tekmosis' discovered exploit to the test and as it turns out, you don't even need to have Chrome save anything. We tried logging into our router, typed our password, and it was immediately revealed when we copied/pasted it into Notepad.
While it might take a little work on the part of a hacker to take advantage of this vulnerability, it's one that should never have existed in the first place. You could make an argument that all exploits should never have existed, but this one just seems like a particularly glaring oversight.
It issued the warning on its website, in what appears to be a less-frequented section, and opted against directly contacting the users. The company began its statement by downplaying the security breach: “as is the case with many companies that maintain large databases of information, Monster is the target of illegal attempts to access and extract information from its database.”
It claims to have taken the necessary “corrective steps” immediately after discovering the security breach. It has asked users to reset their passwords on their own, though they will eventually be forced to make the change. The company says that the exposed data includes user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data. Resumes and sensitive data is said to be safe.
Monster.com has also advised users that they need to be more vigilant and watch out for specious emails claiming to be from the company.
Google's Android OS was supposed to pave the way for an iPhone killer, but instead of decimating the iPhone, Android-users are instead finding their contacts being wiped out. The culprit isn't Android itself, but an Android application called MemoryUp users claim is responsible for erasing their contacts, installing adware, and even freezing their phone.
"Doesn’t work at all erased my phone numbers and froze my phone," one user complained. "Do not download. Destroyed my memory card/system delete. Then my email was spammed. TMobile can’t stop you from downloading this! So don’t!," added another user.
The app, created by Peter Liu, claims to keep Android smartphones running faster and efficiently by monitoring system use and freeing up resources when needed. But some users contend the program is nothing more than a scam. Buyer beware.
It looks as though the United States will not only get its first Chief Technology Officer (CTO), but according to the Agenda for Homeland Security, the Obama administration also plans to hire a new national cyber advisor. The report, which was released on Wednesday, lists several goals for combating terrorism, including ways to protect information networks.
Chief among the goals of protecting information networks is to "declare the cyber infrastructure a strategic asset and establish the position of national cyber advisor who will report directly to the president and will be responsible for coordinating federal agency efforts and development of national cyber policy."
Other related goals listed in the report include initiating a safe computing R&D effort, protect the IT infrastructure, prevent corporate cyber-espionage, develop a cyber crime strategy to minimize the opportunities for criminal profit, and mandate standards for securing personal data and require companies to disclose personal information data breaches.
Remember Microsoft's rare out-of-band security update from last October, MS08-067? Microsoft warned us then that Windows XP, Windows Server 2003, and Windows 2000 SP4 were especially vulnerable to being attacked. Windows Update probably took care of patching your home computer. However, companies and individuals that were slow to patch their fleets of PCs with KB958644 could find their computers now infected by a nasty worm called Conficker, Downadup or Kido.
How big a deal is Conficker/Downadup? According to F-Secure, the number of infected machines went from 2.4 million to 8.9 million in just four days as of last Friday. Panda Security now estimates that as many as one in every 16 PCs may be infected. F-Secure wraps up its analysis by saying "The situation with Downadup is not getting better. It's getting worse." Panda compares the outbreak with the legendary Kournikova (2001) and Blaster (2003) outbreaks.
How does Conficker/Downandup spread, and what can you do about it? Join us after the jump to learn more.