Archive for June, 2009

WARNING: July 1, China decides to install vulnerable (exploited)Green Dam censorware software on all PC’s across China.

Posted in IT Security on June 25, 2009 by cobra

According to recent news reports (NYT, WSJ), the Chinese government has mandated that, beginning July 1, every PC sold in China must include a censorship program called Green Dam. This software is designed to monitor Internet connections and text typed on the computer. It blocks undesirable or politically sensitive content and optionally reports it to authorities. Green Dam was developed by a company called Jin Hui and is available as a free download.

What is Green Dam:
The Green Dam software filters content by blocking URLs and website images and by monitoring text in other applications. The filtering blacklists include both political and adult content. Some of the blacklists appear to have been copied from American-made filtering software.

The Green Dam software filters content by blocking URLs and website images and by monitoring text in other applications. The filtering blacklists include both political and adult content. Some of the blacklists appear to have been copied from American-made filtering software.

Click here to read the full Analysis of the Green Dam Censorware System done by Computer Science and Engineering Division at The University of Michigan, US.

When BIOS updates become malware attacks

Posted in IT Security on June 20, 2009 by cobra

The BIOS, which is the firmware that a computer runs during boot, has become an increasingly serious concern to security professionals. Today an attacker with administrative OS privileges can perform BIOS updates, or “flash,” the Basic Input/Output System over the Internet and install modified low-level firmware. What’s worse, researchers recently demonstrated that BIOS malware can attack multiple platforms and infect motherboards of many different manufacturers. BIOS-based malware has the potential to spread not only across various operating systems, but also through many different types of hardware– and these attacks are difficult, but not impossible, to detect and prevent. an attacker with administrative OS privileges can perform BIOS updates, or “flash,” the Basic Input/Output System over the Internet and install modified low-level firmware. What’s worse, researchers recently demonstrated that BIOS malware can attack multiple platforms and infect motherboards of many different manufacturers. BIOS-based malware has the potential to spread not only across various operating systems, but also through many different types of hardware– and these attacks are difficult, but not impossible, to detect and prevent.

Click here to read more

😐

“H*Commerce: The Business of Hacking You” exposes techniques used by international cybercriminals

Posted in IT Security on June 13, 2009 by cobra

What is H*Commerce?

Once seen as a hobby for basement-dwellers and computer geeks, hacking has evolved into a full-fledged industry that preys on people’s livelihoods, turning their information into billions in profit. What once was merely a nuisance, is now actively trying to steal your personal information, severely damage your credit, or empty out your bank account. This industry is known as H*Commerce.

McAfee, the world’s largest dedicated security technology company, has created this site to expose how H*Commerce works, to get you involved in the fight to stop it, and to provide solutions for protecting yourself, your family, or your business. It’s tough to know where H*Commerce will strike, but that’s why McAfee is here. They see what you can’t.

Access www.stophcommerce.com NOW to learn and defend yourself and your business from never ending threats.

🙂


Chained Exploits: How to prevent phishing attacks from corporate spies?

Posted in IT Security on June 9, 2009 by cobra

Do you ever wonder if there’s a spy on your own computer? In this book chapter, authors Keatron Evans, Andrew Whitaker and Jack B. Voth reveal how attackers can create fake websites and phishing scams that trick employees — even your boss — into downloading malicious Trojans that monitor your computer activity. Throughout the rest of the book, the authors offer more true-life lessons learned from their penetration testing work.

Enter the link to educate yourself

http://searchsecurity.techtarget.com/generic/0,295582,sid14_gci1358679,00.html?track=NL-422&ad=707232&asrc=EM_NLT_7538536&uid=5698054#part2

or click here to open the PDF file of the chapter from the book ‘ Chained Exploits: Advanced Hacking Attacks from Start to Finish’ : http://media.techtarget.com/searchSecurity/downloads/032149881X_ch02.pdf

Take your time and read it, it’ll definitly open your eyes and show you how such activities are technically done.

😐

Google statistics reveal top 10 malware sites

Posted in IT Security on June 5, 2009 by cobra

Google has published statistics on the top 10 malware source sites from its scans over the last two months. These are sites which host malware that is delivered to users by infecting legitimate sites to re-direct their browser to one of the malware source sites. Attackers then use various exploits in Internet Explorer, Firefox and QuickTime to infect the victims system with malware. Click here to read more:

Google recommends that users choose a web browser that includes their Safe Browsing API (click here to get this API), such as Firefox or Chrome, to protect themselves from Phishing and other online attacks. Google also warns that some search results can lead to compromised sites. (Note: you need to have a google account for Safe Browsing API to work).

The Safe Browsing API is an API that enables client applications to check URLs against Google’s constantly updated blacklists of suspected phishing and malware pages.

How to find sensitive information on the endpoint device

Posted in IT Security on June 3, 2009 by cobra

There’s little question that any security manager who’s suffered through a lost laptop incident knows what aspect of the ordeal causes an organization realdamage. When a laptop goes missing, it’s not the loss of a $2,000 asset that causes heartburn; it’s the fear, uncertainty and doubt that results from not knowing whether sensitive information was stored on the missing device.

Fortunately, security professionals may take advantage of a number of sensitive information discovery tools to identify and eradicate sensitive information stored on endpoint devices. 

please enter this link for detailed explanation of this topic which explains various basic Sensitive information discovery algorithm techniques. http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1355499,00.html?track=NL-422&ad=705919&asrc=EM_NLT_7348308&uid=5698054

Scanning systems for sensitive data is a complex problem but, fortunately, there are a variety of tools and techniques available to assist in the process. Minimization, the searching and eradication of sensitive information on endpoints, is a powerful strategy in the arsenal of security administrators seeking to reduce enterprise risk.

There are a variety of open source and commercial products available to assist you in detecting these sensitive numbers on enterprise systems. One of the best tools available to use and free to download is 

Identity Finder

Click on it to go to the websites main page for download

Enjoy

😀

20,000 sites hit with drive-by attack code

Posted in IT Security on June 1, 2009 by cobra

Hackers have broken into more than 20,000 legitimate Web sites to plant malicious code to be used in drive-by malware attacks.

According to a warning fromWebsense Security Labs (click here to read more), the sites have been discovered to be injected with malicious JavaScript, obfuscated code that leads to an active exploit site. The companydiscovered that the active exploit site uses a name similar to the legitimate Google Analytics domain (google-analytics.com) which can easily fool any user trying to access websites while web browsing.

I know this might sound ridiculously scary and NOT fair, but you better be careful and dont be too casual the next time you plan to visit unknown websites.  

😐

Ciao