Articles from May 2009

Twitter’s porn name game a hit with Hackers

Calendar May 13, 2009 | Posted by Dave

Security Alert: Twitter Porn Names Scam

Aurora Dizon

May 12, 2009 5:24 am

The “Twitter porn names” game, currently Twitter’s top-trending topic (things that are twittered the most), may be a fun distraction that gives you and your friends something to tweet about. But it also has a security hole — one that is no technical snafu. It could be simple human error, but it’s also possible that this security hole is an example of truly sneaky social engineering.

The porn names game has a few variations, but the information that all of the versions elicit is the same. To find your “porn name” you are asked to take the name of your first pet, and combine it with the street you grew up on or your mother’s maiden name. Silly, sure. But look more closely: All of these are common security questions. By playing the game, you could be revealing private information that Web scoundrels could potentially use to access your online accounts and bank information.

Be wary of this and similar games that might entice you to reveal potential answers to your security questions. Be sure to pass along the information to your friends if they have unwittingly provided answers to their security questions.

If you have publicly revealed answers to your online security questions, you should delete the post, change your passwords, and update your security questions.

http://www.pcworld.com/article/164719/

Category Categories: Best Practices, Passwords | Tag Tags: , , | Comments No Comments »

Anti-Virus Sites have XSS vulnerabilties??

Calendar May 12, 2009 | Posted by Dave

XSS flaws found in sites of multiple anti-virus firms

Dirty half-dozen

By John Leyden • Get more from this author

Security researchers have revealed that the websites of no less than six anti-virus firms are vulnerable to cross-site scripting flaws, of a type that might lend themselves to phishing attacks.

Some of the firms involved have admitted problems, while others say the issues raised have either already been fixed or are erroneous.

Nemesis, a gang of programmers and security bods that work mostly in chat room software development, reckons the sites of Symantec, Kaspersky, Eset (Nod32), AVG, F-secure and Trend Micro are all vulnerable, one way or another. The group has posted screen shots to back up its claims in an advisory here.

El Reg contacted the six firms involved on Monday evening, some of who have already got back to us. We’ll add statements from the others as and when they become available.

  • Trend Micro said the flaw highlighted by Nemesis is on a part of its site which is outsourced. The firm added that the flaw was in the process of getting fixed.
  • Eset said the site with the alleged flaw, eset.co.il, was run by its Israeli distributor. “The iFrame injection has been removed from eset.co.il and today (Tuesday) the site will be deeply scanned to fix all other possible vulnerabilities,” it said in a statement.
  • Symantec said the reported vulnerability on its site was discovered and fixed last month. “Symantec was notified of a reported security vulnerability on a webpage within Symantec’s website back in April,” a spokeswoman explained. “Upon notification of the potential vulnerability, Symantec immediately conducted comprehensive testing and fixed the vulnerability. Symantec takes the security of its website very seriously and can confirm that no company or customer information was exposed.”
  • AVG said there wasn’t any problem with its site. “We’ve investigated the issue as raised by The Register, and we can report that there is no vulnerability on the AVG website. We’re always looking at potential security issues – and extra ways to keep our customers’ data secure. As an internet security company, we often find that we come under attack from the bad guys.”

Broadly speaking the cross-site scripting flaws detailed by the Nemesis make it possible to present rogue iFrames from third-party servers as if they came from the sites of security vendors a surfer might be visiting. This type of vulnerability therefore lends itself to attacks that rely on impersonation, such as phishing. XSS flaws, more generally, also pose cookie stealing and other risks.

This class of vulnerability has popped up on the website of security firms over recent months. Most notable Romanian hacking group HackersBlog exposed XSS flaws on the websites of Kaspersky, BitDefender, F-Secure and Symantec in a two month campaign before the group got bored and disbanded in late March 2009.

Other incidents of similar problems on the websites of McAfee and Symantec have cropped up since to the point where its tempting to think that the problem has become endemic.

In other security-related news, AVG released a fix for a vulnerability involving how its software processes Zip files. An advisory on the flaw, discovered by security researcher Thierry Zoller, can be found here. ®

Category Categories: Best Practices, Recent News | Tag Tags: , , , , | Comments No Comments »

The FAA was successfully attacked

Calendar May 8, 2009 | Posted by Dave

Note from Dave:  Soon I hope to start writing some more original content, until then I will continue to post hacker related news on here.  The reason I am post these articles is simple, Cyber Security is not an option.  Many businesses get it, others not so much.  If the FAA and the Pentagon can be successfully hacked,  how safe do you think you really are?  Better to understand your weaknesses and try to mitigate those vulnerabilities than to put you head back in the sand.

 

Dave

 

Hackers have broken into the air traffic control mission-support systems of the U.S. Federal Aviation Administration several times in recent years, according to an Inspector General report sent to the FAA this week.

In February, hackers compromised an FAA public-facing computer and used it to gain access to personally identifiable information, such as Social Security numbers, on 48,000 current and former FAA employees, the report said.

Last year, hackers took control of FAA critical network servers and could have shut them down, which would have seriously disrupted the agency’s mission-support network, the report said. Hackers took over FAA computers in Alaska, becoming “insiders,” according to the report dated Monday.

Then, taking advantage of interconnected networks, hackers later stole an administrator’s password in Oklahoma, installed “malicious codes” with the stolen password and compromised the FAA domain controller in the Western Pacific Region, giving them the access to more than 40,000 FAA user IDs, passwords, and other data used to control a portion of the mission-support network, the report said.

And in 2006, a virus spread to the air traffic control (ATC) systems, forcing the FAA to shut down a portion of its systems in Alaska, according to the report.

The attacks so far have primarily disrupted mission-support functions, but attacks could spread over network connections from those areas to the operational networks where real-time surveillance, communications and flight information is processed, the report warned.

“In our opinion, unless effective action is taken quickly, it is likely to be a matter of when, not if, ATC systems encounter attacks that do serious harm to ATC operations,” the report concluded.

 

An audit of the FAA’s air traffic control cybersecurity protection measures finds them lacking and says there have been several breaches by hackers and a virus.

(Credit: U.S. Department of Transportation, Office of Inspector General)

 

The breaches were possible because Web applications that support the air traffic control system operations are not properly secured to prevent unauthorized access and network intrusion-detection software is not adequately being used to monitor and detect cyberattacks, the report concluded.

The FAA’s increasing use of commercial software and Internet Protocol-based technologies as part of an effort to modernize the air traffic control systems poses a higher security risk to the systems than when they relied primarily on proprietary software, the report said.

“Now, attackers can take advantage of software vulnerabilities in commercial IP products to exploit ATC systems, which is especially worrisome at a time when the Nation is facing increased threats from sophisticated nation-state-sponsored cyber attacks,” the report said.

In general, the nation’s critical infrastructure is increasingly at risk as previously isolated and closed systems are moved to the Internet and commercial software, like Windows, is used, security experts have said.

The air traffic control system auditors said they discovered more than 760 high-risk vulnerabilities in the Web applications tested, including holes that provided “front-door access” to the systems and could allow attackers to inject malicious code onto FAA user computers. Web applications were not adequately configured and the applications with known vulnerabilities were not patched in a timely manner, auditors found.

Meanwhile, intrusion detection systems (IDS) are deployed at only 11 of hundreds of air traffic control facilities and none of the IDS sensors is installed to monitor operational systems at those sites, the report said. Cyber incidents are not effectively monitored or fixed quickly, the report concluded.

In 2008, more than 870 cyber incident alerts were issued to the organization responsible for air traffic control operations and by the end of the year 17 percent (more than 150 incidents) had not been remediated, “including critical incidents in which hackers may have taken over control” of operations computers, the report said.

The FAA is “identifying and fixing weaknesses,” FAA spokeswoman Laura Brown told The Wall Street Journal. “We are working on developing security architecture for that whole system.”

However, Brown dismissed the notion that hackers could get access to critical air traffic control operational systems.

The audit of the air traffic control systems was requested by the ranking minority members of the House Committee on Transportation and Infrastructure and its Aviation Subcommittee.

 

http://news.cnet.com/8301-1009_3-10236028-83.html

Category Categories: Recent News, compliance | Tag Tags: , , , , , , , | Comments No Comments »

FBI Probes Hacker’s $10 Million Ransom Demand for Stolen Medical Records

Calendar May 6, 2009 | Posted by Dave


The FBI is investigating a $10 million ransom demand by a hacker or hackers who say they have stolen nearly 8.3 million patient records from a Virginia government Web site that tracks prescription drug abuse, an FBI official confirmed Wednesday.

The state police in Virginia are also investigating the possible breach of confidential records.

The FBI official said the Virginia Information Technologies Agency (VITA) referred the case to the FBI last week, asking for help.

Asked whether people’s personal information is secure, the official said he couldn’t say.

“I really can’t make a declarative statement as to whether anyone’s information is in jeopardy at this point,” the official said.

Asked whether people have been notified that their information may have been breached, the official said it would be up to VITA to do that.

http://www.foxnews.com/story/0,2933,519187,00.html

Category Categories: Recent News | Tag Tags: , , , , | Comments No Comments »