Subscribe For Free Updates!

We'll not spam mate! We promise.

Jul 27, 2007

iPhone, Apple PCs vulnerable to hackers: consultant

The iPhone and Apple Inc.'s desktop computers may be vulnerable to hackers due to a flaw in their Web browser, according to a security firm, which said it found a way to hack into the iPhone.

Baltimore-based Independent Security Evaluators, which tests its clients' computer security by hacking it, said on Monday that three employees found a way to take control of iPhones through a Wi-Fi link or by tricking users into going to a Web site.

Charles Miller, principal security analyst at the firm, said a security weakness allows someone to take control of Apple's Safari Web browser and see other applications on the device at the same time, which could potentially make users of Macintosh desktop computers vulnerable to attacks.

"The same problem actually exists on Apple's desktops," said Miller. But he added that while his firm had identified the risk for both desktops and phones, it had written only the code necessary to hack into the iPhone.

The security consultants, who took about a week and a half to work out the move, said they were able to take control of an iPhone and make calls or send text messages, as well as access e-mails, voice-mail, address books and call and Web browsing history.

Miller said his company gave details about the hack and a potential security patch to Apple, but did not publicly release the details.

"We're looking into the report submitted by (Integrated Security Evaluators) and we always welcome feedback on how to improve our security," Apple spokeswoman Lynn Fox said.

Miller said Apple could have avoided the risk by eliminating links between the browser and other applications.

"It turns out that on the iPhone there are probably some basic things they could have done that would have made it better," said Miller.

The claim comes more than three weeks after Apple and AT&T Inc. (T.N: Quote, Profile, Research) started selling Apple's first cell phone, which includes a music and video player as well as a Web browser.

As many as 700,000 iPhones were sold on the first weekend after the June 29 launch, according to analyst estimates.

Days after launch, a well-known hacker Jon Johansen, claimed to have overcome restrictions on the iPhone, allowing highly technical users to bypass AT&T's network to use the phone's Internet and music features.

While cell phones have not historically been as vulnerable to attack as desktop computers, some experts worry that phones take on greater risks as they add more computer-like features.

Miller said he had not looked into security on other mobile phones to see how they compare to the iPhone, but said the more complex a system is, the greater the likelihood is that it will have problems.

source: reuters.com

Jul 26, 2007

New Sophos Security Threat Report Reveals Record Number of Web-Borne Attacks During 2007

Sophos Reveals Sharp Rise in Web Threats, and Uncovers Latest Trends in Viruses, Spyware and Spam

Sophos, a world leader in IT security and control, has published new research on the first six months of cybercrime in 2007. The Sophos Security Threat Report examines existing and emerging security trends and has identified a sharp increase in the number of web threats, as well as the countries and server types hosting the most infected sites.

The first half of 2007 has seen a significant increase in threats spread via the web, which has surpassed email as the preferred method of attack for financially motivated cybercriminals. In June alone, Sophos’s global network of monitoring stations uncovered a record number of infected web pages - approximately 29,700 - each day. In contrast, earlier in 2007, only as few as 5,000 malicious pages per day were detected.

Sophos blocks access to millions of web pages to protect customers from malware and inappropriate content. Taking a snapshot of just one million of those web pages, experts found that 28.8 percent were hosting malware. An additional 28 percent were blocked due to the adult nature of their content, most commonly because they were pornography or gambling sites. Pages created by spammers accounted for 19.4 percent and 4.3 percent were classed as illegal sites, including phishing sites or those peddling pirated software. Of the websites containing malicious code, just one in five had been designed specifically for malicious activity, with the remaining 80 percent made up of legitimate sites that have fallen victim to hackers.

APACHE IS THE MOST COMPROMISED SERVER

By compromising a single file on a web server, cybercriminals can easily and quickly cross-contaminate a huge number of websites, as the infected file may form part of a plethora of unrelated pages, all of which are published from the same server.

The breakdown of the world’s top server types affected by web threats in the first six months of 2007 reads as follows:
1. Apache 51.0%
2. Microsoft IIS 6 34.0%
3. Microsoft IIS 5 9.0%
5. nginx 3.0%

Other 3.0%

The fact that more than half of all infected web pages were hosted on Apache servers demonstrates that infection is not simply a Windows problem. Earlier this year, during a global ObfJS attack, in which legitimate sites were compromised so that they could serve up a malicious code, 98 percent of affected servers were running Apache - many of which were hosted on UNIX rather than Windows platforms.

“Website infections have increased significantly in the past six months. The number of infected sites has grown more than five times since January,” said Ron O’Brien, Boston-based Sophos senior security analyst. “As 80 percent of those sites are legitimate, it makes you wonder why more action is not taken to help prevent such attacks. Simple measures such as keeping up to date with security patches are one of the most effective ways to prevent infections on servers.”

TOP WEB-BASED THREATS OF 2007 - SO FAR

The top 10 list of web-based malware hosted on these infected sites during the first six months of 2007 reads as follows:
1. Mal/Iframe 49.2%
2. Troj/Fujif 7.9%
3. JS/EncIFra 7.3%
4. Troj/Psyme 8.3%
5. Troj/Decdec 6.9%
6. Troj/Ifradv 4.1%
7. Mal/ObfJS 2.5%
8. Mal/Packer 1.5%
9. VBS/Redlof 1.1%
10. Mal/FunDF 0.9%

Other 10.3%

Mal/Iframe, which works by injecting malicious code onto web pages, dominates this chart, accounting for almost half of the world’s infected URLs. Furthermore, it shows no sign of abating - in a recent potent attack, more than 10,000 web pages were infected, the majority of which were on legitimate web pages hosted by one of Italy’s largest ISPs.

MOST INFECTED WEB PAGES HOSTED IN CHINA

The top 10 list of countries hosting malware-infected web pages during the first half of 2007 reads as follows:
1. China 53.9%
2. United States 27.2%
3. Russia 4.5%
4. Germany 3.5%
5. Ukraine 1.2%
6. France 1.1%
7. Canada 0.8%
8. United Kingdom 0.7%
9= Taiwan 0.6%
9= South Korea 0.6%

Other 5.9%

China, which at the end of 2006 hosted just over a third of all malware, has now overtaken the U.S., and in the first six months of 2007 was responsible for hosting more than half of all web threats reported to Sophos. China’s dramatic rise in the chart is primarily due to widespread Mal/Iframe infections on Chinese hosted web pages. In fact, more than 80 percent of the country’s compromised web pages are infected with this malware.

HACKERS TURN TO PDFS AND REMOVABLE DRIVES TO COMMIT CYBERCRIMES

The first half of 2007 has seen cybercriminals using attachments in spam messages. To avoid detection by less sophisticated gateway filtering products, there is a growing trend for spammers to use PDF files carrying a graphical version of their marketing message, in their attempt to reach potential customers.

Hackers have also taken advantage of users who have “auto-run” enabled on their Windows PC to automatically execute malicious code as soon as an infected removable flash drive is attached to the computer. Notable examples this year were the LiarVB-A worm, which spread information about AIDS and HIV via USB keys, and the Hairy worm, which claimed that teen wizard Harry Potter was dead. However, neither threat became widespread and both could be protected against by using up-to-date anti-virus software at the desktop.

”Using attachments to spread malware has decreased in the last few years, however, because PDF attachments are so trusted, they will remain high on the list for spammers looking for the file type most likely to be opened,” said O’Brien.

EMAIL STILL A CAUSE FOR CONCERN

Email threats continue to cause concern for businesses and, although they have become eclipsed by web-based threats, the actual amount of email-borne malware has remained constant during the past year. The proportion of infected email during the first half of 2007 was 1 in 337, or 0.29 percent of all messages. More than 8,000 new versions of the Mal/HckPk threat were seen during 2007, as it was used to disguise widespread email attacks like Dref and Dorf.

More information about the latest trends in malware, spyware and spam can be found in the complete version of the latest Sophos Security Threat Report, which can be downloaded from: http://www.sophos.com/securityreport

A journalist-specific edition is available from: http://www.sophos.com/securityreportjul2007

McAfee set to launch Rootkit Detective application

Security software maker McAfee has announced that they would soon launch a new software product named Rootkit Detective.

This new product has been designed to detect and remove dangerous rootkit attacks. The company claims that this application would help end-users ward off the threats. It would also be used to provide the company information relevant information to company’s ongoing research operations.

This application would complement their existing offering SiteAdvisor which warns the users about potentially unsafe websites on the web. McAfee said that Rootkit Detective will be offered at no charge from its Web site via download.

Rootkit Detective has been designed to find hidden kernel processes and registry entries. They would be removed when the system is restarted the next time.

It would also be able to test the integrity of a PC’s kernel memory and track any modifications that might also highlight rootkit activity. They have already provided a beta version of the application which is being tested by thousands of users worldwide.

Joe Telafici, vice president of operations at McAfee Avert Labs added in a statement on this new product: “Dealing with rootkits will always be an arms race; the whole process is a game of challenge-and-response between the hackers and security community, and as the authors have advanced the complexity of their attacks, we need to continually update our own technologies to keep up. We started putting rootkit detectors into our products in 2006, and this is the next stage in advancing our detection technologies.”


Checkout: McAfee Rootkit Detective

Secunia Personal Software Inspector now available for BETA Testing

How safe is your computer from software vulnerabilities? Do you have the latest patches and upgrades for your programs? Is your browser up­to­date? How about your media player? Test the free Secunia Personal Software Inspector (PSI) BETA to find out!

“The free Secunia Personal Software Inspector is the next evolution of the Secunia Software Inspector series”, says Thomas Kristensen, CTO of Secunia. “Like the Software Inspector and the Network Software Inspector, it is designed to inspect what software you have on your computer, whether you have the latest version and security patches, and if not, how you can upgrade to the latest safe version”.


“We really felt that there was a need to make the average user aware of the dangers of leaving your applications unpatched”, says Kristensen. Most Windows users are aware of Microsoft Patch Tuesday, he adds, because it is heavily marketed and it notifies you in a user­friendly way that you need to take action.

However, Patch Tuesday only covers Microsoft products and not the very large number of equally dangerous vulnerabilities discovered in other software. Most people aren’t aware of these issues, or don’t want to spent hours every month hunting for the relevant information about security updates.

“Our idea to solve this is to make all this information available through a user­friendly interface to make it as easy as possible for people to check the security patch status of their software”, Kristensen adds.

Secunia is offering the PSI as a free tool for private individuals as part of our effort to make browsing the Internet a safer activity.

Users are invited to take part in BETA testing the Secunia Personal Software Inspector. The BETA version can be downloaded from: https://psi.secunia.com/

Both the BETA and final versions of the PSI are free. The final version will also be available from the Secunia website.

“We really want to highlight the emerging issues of private consumers not being aware of the possibility that their sensitive data can be exposed through their personal computer when applications are left unpatched”, says Kristensen. Patching applications, Kristensen adds, ensures that you are protected against currently­known software vulnerabilities and attack vectors from online criminals.

However, with the dozens of programs you have on your computer, trying to keep up with each upgrade is practically impossible. To do so would require you to spend a lot of time checking vendor websites and surfing the Internet for news on software vulnerabilities, and this just isn’t very feasible.

The PSI does all that for you, and more. With a click of the mouse, the PSI identifies the installed software on your computer, and determines which ones are secure, and which ones aren’t. It then tells you where you can download updates to turn your non­secure software to secure software, making the transition from vulnerable computer to secured system as easy as 1­2­3. And did we mention it’s free?

To ensure that your computer is thoroughly inspected for vulnerable software, you just need to follow these three simple steps: Step 1 is to download the PSI from https://psi.secunia.com and run it on your personal computer. Step 2 is to check the inspection results for applications marked as “Insecure” and “End­of­life” (meaning they are no longer supported by the vendor). Step 3 is to check the vulnerability information to see where you can download the secure software version.

The PSI detects more than 4,200 different applications and versions, ensuring that whatever software you have installed in your system is monitored by Secunia for software flaws, security patches, and updated versions.

The final version of the PSI will also be though the Secunia websites, third­party download sites, and globally present partners. Our partners, who also share our concern regarding the rising level of unpatched applications, will be capable of distributing an easy­to­use tool compared to their current alternative of advising their users/customers to manually keep all applications patched.

Security­oriented organisations that cater to consumer needs, such as ISPs and banks, can also take advantage of the PSI to better inform their subscribers and account holders about the necessity of online security.

To detect what software you have on your network, Secunia uses its File Signature technology, which is composed of carefully programmed rules used to identify installed applications, and their exact versions on Windows­based systems.

To detect if your software version is the latest non­vulnerable version available from the vendor, the Software Inspector uses Secunia Advisory Intelligence technology, which Secunia has been providing to the global IT community for over four years.

Secunia’s commercial services include vulnerability advisories and analysis, exploit code, binary analysis, and file signatures. The complete Secunia File Signature database contains more than 110,000 rules for detecting more than 4,200 unique applications and their exact versions.

To know more about the services that Secunia can provide for you and your company, please go to http://corporate.secunia.com.

Press Contact Information:

Thomas Kristensen, CTO

pr@secunia.com

Phone: +45 7020 5144

Fax: +45 7020 5145

New launching software - µTorrent mUI

µTorrent is one of the several free BitTorrent client available on the Windows platform. It became popular because of its small size and smaller memory foot print.

The software has been designed to be light on the system and has become one of the most popular torrent client on the Windows platform.

The developers of this excellent software sometime back unveiled the first public beta of µTorrent’s WebUI.

This application enables the user to control the µTorrent application running on a machine through the web interface from anywhere in the world as long as they have access to the internet.

The latest news is that a mobile based version of this web interface to control the µTorrent application is scheduled to release today.

This new project has been named µTorrent mUI and it would be released in a beta version. They developers claim that the interface would work with any mobile with an internet web browser.


Checkout: µTorrent mUI

Next Windows OS (Windows 7) to ship within the next 3 years

Market analysts must be claiming that Vista OS would become the last major OS release by Microsoft as software and applications are increasingly moving to the web making the OS not so relevant any more.

However, market sources have now said that the company is likely to unveil their next OS release within the next three years.

It took the company around seven years to launch the Vista OS as they struggled with delays in the development process.

The next Windows OS is being called Windows 7 internally and it is likely to ship in consumer and business versions, and in 32-bit and 64-bit versions.

Microsoft is also considering launching a subscription based model for this next edition though not many details are available.

However, the next major software release from the company is expected to be the Service Pack 1 of Windows Vista OS.

Firefox 2.0.0.5 release fixes bug with Internet Explorer

Mozilla developers have released an updated Firefox edition that fixes the problem with Microsoft’s Internet Explorer.

The bug could have caused malicious code to run if the browser is launched by Microsoft’s Internet Explorer.

Both Microsoft and Mozilla claimed that the problem lied with the software from the other party.

Mozilla has now taken the initiative by releasing the fix which now patches the bug.

Mozilla added in a statement that the update would be delivered automatically to the users who have not disabled this specific option.

The developers added that this latest release also fixes seven other vulnerabilities. At least two of these are considered “critical” by Mozilla

Checkout: Firefox 2.0.0.5

Jul 25, 2007

Norton AntiVirus Virus Definitions July 24, 2007

Norton AntiVirus Virus Definitions description

Norton AntiVirus Virus Definitions contains the latest free virus databases for Norton AntiVirus Virus (NAV).
Signature file updates ensure that your PC is protected from the latest viruses. It is very important to make sure that you have the latest signature on your PC.

As new threats emerge, Symantec immediately builds new Virus Definitions Updates and makes them available for download.

Supports the following versions of Symantec antivirus software:

· Norton AntiVirus 2003 Professional Edition
· Norton AntiVirus 2003 for Windows 98/Me/2000/XP Home/XP Pro
· Norton AntiVirus 2004 Professional Edition
· Norton AntiVirus 2004 for Windows 98/Me/2000/XP Home/XP Pro
·
Norton AntiVirus 2005 for Windows 98/Me/2000/XP Home/XP Pro
· Norton AntiVirus 2006 for Windows 2000/XP Home/XP Pro
· Norton AntiVirus 2007 for Windows XP Home/XP Pro/Vista
· Norton AntiVirus for Microsoft Exchange (Intel)
· Norton SystemWorks (all versions)
· Norton Utilities for Windows 95/98 (all versions)
· Symantec AntiVirus 3.0 for CacheFlow Security Gateway
· Symantec AntiVirus 3.0 for Inktomi Traffic Edge
· Symantec AntiVirus 3.0 for NetApp Filer/NetCache
· Symantec AntiVirus 8.0 Corporate Edition Client
· Symantec AntiVirus 8.1 Corporate Edition Client
· Symantec AntiVirus 9.0 Corporate Edition Client
· Symantec AntiVirus 10.0 Corporate Edition Client
· Symantec AntiVirus 10.1 Corporate Edition Client
· Symantec Mail Security for Domino v 4.0
· Symantec Mail Security for Domino v 5.0


Note: The i32 Intelligent Updater package cannot be used to update Symantec AntiVirus Corporate Edition 8.0 servers or Norton AntiVirus Corporate Edition 7.6 servers, but can be used to update Corporate Edition clients. The x86 Intelligent Updater package can be used to update Corporate Edition clients and servers.

Download from sofpedia - 17MB

Jul 20, 2007

Flash Player and Java Runtime Environment New Patch

Adobe and Sun have released patches today for several critical vulnerabilities that affect their respective Flash Player and Java Runtime Environment. Many of these vulnerabilities can be exploited to execute arbitrary code on victims' computers just by making them access a malicious URL using any application that invokes Flash Player or JRE. In English, this means that you can get hacked just by viewing a web page that contains malicious Flash or Java content.

Many of the vulnerabilities are cross-platform, and between them, they have most OS-browser combinations covered. You are vulnerable until you install the patches. Read the advisories from the vendors and grab the patches here and here.

There are no reported in-the-wild exploits yet, but we might see some soon as enough technical information required to build an exploit has been released publicly for at least a few of these vulnerabilities.

On 13/07/07 At 09:59 PM



Source : f-secure.com

Microsoft Patch July Edition

It's that time of the month once more and for July, Microsoft has released the following security bulletins: three critical, two important and one moderate updates.

MS Security Patch July 2007

These updates cover vulnerabilities for several applications, including Office Excel, Windows Active Directory, and .NET Framework for the critical updates. Most of these vulnerabilities allow remote code execution and one allows information disclosure.

For more information as well as links for the actual patches, see July's bulletin.


FBI tracked 'teen bomber' using spyware

FBI agents trying to track down an anonymous MySpace user who was threatening to blow up a school used spyware to trap him.

Fifteen year-old student Josh Glazebrook had the surveillance software sent to him by government agents after he threatened Timberline High School near Seattle.

According to an affidavit obtained by Wired News, FBI agent Norman Sanders described the software as a "computer and internet protocol address verifier".

The spyware program, which is known as CIPAV, logs the following:
  • The computer's IP address
  • The MAC address
  • The person's username
  • The last URL visited
  • A list of open ports
  • Computer programs that are running
  • The operating system
  • The internet browser and version
  • The computer's registered owner
  • The IP address of every other computer to which the PC connects for up to 60 days
"We have not seen any evidence that this practice is becoming commonplace, but there have been occasions when the crime-fighting authorities have used malware to their advantage," Cluley told vnunet.com.

"Way back in 2001 we wrote of our concerns about the FBI running a project called Magic Lantern which was designed to do just this."

Cluley explained that people supporting the use of spyware to monitor possible criminal behaviour often compared it to tapping a suspect's phone line.

"However, there is a difference between tapping a phone line and installing malicious code on a user's computer," he said.

"Malicious code on a user's computer can be copied, archived, adapted and potentially used by people who do not work for the authorities to spy on completely innocent victims."

Glazebrook pleaded guilty to felony harassment, making bomb threats and identity theft earlier this week.

Source

Jul 19, 2007

How Good Are You at Recognizing Fake Websites and Spam Emails ?

Can you tell a fake (phishing) web site from a real one ? Or can you recognize spam emails that request you to verify your eBay or Paypal account credentials.

McAfee has created a very simple quiz with screenshots of websites and emails for you to spot the fake ones from the real site. Do take this 10 question quiz and the results may actually surprise you even when you are a pro-geek - it looks deceptively easy but that's not the reality.

My result only 3 question that i wrong, how about you ? simple test and helpfull for me.

Iphone Hacking with Command

The iPhone is a multimedia and Internet-enabled quad-band GSM EDGE-supported mobile phone designed and sold by Apple Inc.

The iPhone's functions include those of a camera phone and a multimedia player. It also offers Internet services including e-mail, text messaging, web browsing, Visual Voicemail, and local Wi-Fi connectivity. User input is accomplished via a multi-touch screen with virtual keyboard and buttons. Apple has filed more than 200 patents related to the technology behind the iPhone.

but last info from Hackint0sh.org forum some clever hacker can hack this iPhone with they enable the serial debugging/shell mode on the device. Click here to see what kind command can using it.

Jul 18, 2007

Google keep their cookies at 2 years now

Search engine giant Google has said that their cookies would have a lifespan of around 2 years now.

The company said that their cookies will auto delete after two years. This would however happen only if the user does not visit their sites again in this period.

If the user visits the Google website again, the time would reset and it would have a fresh life of two years.

At this moment, the Google cookies are set to delete after 2038.

Peter Fleischer, Google’s global privacy counsel spoke on this new development: “After listening to feedback from our users and from privacy advocates, we’ve concluded that it would be a good thing for privacy to significantly shorten the lifetime of our cookies.”

Cookies are essentially tiny files stored on the user’s computer when he visits a website. This information is later used by the site to remember the stored preferences and other settings.

Jul 17, 2007

Critical security vulnerabilities found in Microsoft's software

Windows and Mac computer users must patch their systems, as Microsoft releases July 2007 security bulletins.

Sophos Antivirus vendor has advised computer users to install a number of new critical security patches from Microsoft.

As part of its monthly "Patch Tuesday" schedule Microsoft has issued six new bulletins (three of them labeled "critical") about 11 security vulnerabilities in its software.

Vulnerabilities described in the critical security bulletins include security issues with Microsoft Excel (in both Windows and Apple Mac versions), Windows Active Directory and the .Net Framework. The remaining bulletins address issues in Windows Vista's Firewall, Microsoft Office Publisher 2007 and IIS 5.1 on Windows XP Service Pack 2.


Some of the flaws in Microsoft's code could allow remote code execution, enabling a hacker to access data on a vulnerable PC or run malicious code such as a worm.
Read more about the security patches now, and protect your computers

Graham Cluley, senior technology consultant at Sophos said :
"Businesses and home users must be prepared to regularly install security patches from Microsoft, or risk having vulnerabilities on their PC exploited by hackers."

Microsoft doesn't announce critical security problems in its software for the fun of it - they're warning people of serious issues in the hope that customers will update and protect themselves before hackers can take advantage of the situation. Acting now will help defend your computers and help reduce the risk of cybercriminals running riot.

Home users of Microsoft Windows can visit update.microsoft.com to have their systems scanned for Microsoft security vulnerabilities.

Sophos suggests that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.


Source : Sophos.com

Microsoft Finishes Windows Home Server

Microsoft on Monday announced that Windows Home Server has been released to manufacturing, with systems using the new operating system expected to go on sale this fall. Home Server, code-named "Quattro," is designed for easily linking together multiple computers in a home network and sharing media.

Hewlett-Packard will be the first OEM partner to ship Home Server systems, with Fujitsu-Siemens, Gateway, Iomega, Lacie and Medion also on board. The OS likely won't be available to buy on its own, but a 120-day evaluation version will be posted for download. Microsoft is also encouraging developers to build Windows Home Server add-ins, and has launched a contest to further that effort.

Screenshots :



Macs Affected by Office Flaws

Microsoft has updated a security bulletin issued (13/7) to include the Mac version of its ubiquitous Office suite. Three Excel vulnerabilities that affect Windows also pose a risk to Office 2004 for Mac, and the company has issued a downloadable patch.

The flaws on Mac have an aggregate security rating of "Important" and involve one calculation error and two memory corruption problems that could lead to a malicious file executing arbitrary code. Users can download Office 2004 for Mac 11.3.6 to plug the security holes. Microsoft notes that version 11.3.5 must be installed first.

Source : Betanews

Windows Media DRM Cracked, Again

The cat-and-mouse game continues between Microsoft and a group of hackers intent on breaking the copy protection technology on its Windows Media files. This time, an individual has cracked the latest DRM scheme employed by Microsoft.


The back and forth began last August when a Doom9 forum user by the name of "viodentia" released a program called FairUse4WM. The application was able to strip the copyright protection from both audio and video files, removing restrictions of where and when they could be played. Windows Media files could also then be converted into other formats as well.

Read the Full story here