Opera Won’t Disclose “Extremely Severe” Security Holes

Posted on June 23, 2010 by sophieparker

Minor point upgrades have been released by Opera?s web browser for Windows and Mac. These upgrades were so minor that they didn?t even get a press release. The 10.54 release fixes five security holes, four of the holes have not been fully disclosed by Opera. The four undisclosed holes were rated extremely, highly, moderately and less severe, but all severe none the less. And Opera just don?t seem to want to give any explanation.

Version 10.53 for the Mac had a number of stability and UI issues also. It had a tendency to not release a mouse click when selecting from a drop down box. There was also issue with pop ups grabbing the focus, and the MacBook trackpad going into overdrive. Opera 10.53 for the Mac was not it?s best effort. The Windows version seemed more stable while Mac users rolled back to 10.10 because 10.53 was bombing so often. Opera says it has fixed these "premature shutdowns" that were caused by closing a window, loading system frameworks and other things.

opera_1054_vista

Apple Sneak An OS Update

Posted on June 21, 2010 by sophieparker

Apple has been accused of adding a security update to it?s OS without informing users.

The update was released last week, and includes protection against a Trojan that could potentially allow unauthorised control of a machine. According to Graham Cluley of Sophos, The HellRTS Trojan has already been added to the Mac’s signature database.

Macs are not targeted as much by those who make malware, one theory for this is that there are simply not enough of them to make it worth while. There are plenty of Windows machines out there.

Cluley feels that Mac users often ignore security too: "And that isn’t helped when Apple issues an anti-malware security update like this by stealth, rather than informing the public what it has done. You have to wonder whether their keeping quiet about an anti-malware security update like this was for marketing reasons. ‘Shh! Don’t tell folks that we have to protect against malware on Mac OS X!’

Cluley openly admits that there is less malware out there designed to target Macs, but feels that the trend for ignorance of the potential problem could well encourage hackers to begin targeting Macs. Sophos do of course cater for both Macs and Pcs, so it?s not a huge surprise that he is trying to encourage the use of AV on Macs. But he does have a good point. Security patches are a good idea but patches plus AV is an even better one.

Apple have not made any comment on the secret patch.

French DPA Reveal Google’s Wi-Fi Snoop Has Grabbed Passwords And E-mails

Posted on June 21, 2010 by sophieparker

According to a report from the French data protection authority, it?s preliminary study has found that the data captured by Google?s street view cars includes passwords and e-mails.

the French National Commission on Computing and Liberty (CNIL) has examined part of the data that was given to them by Google. The CINL say, "It’s still too early to say what will happen as a result of this investigation. However, we can already state that [...] Google did indeed record e-mail access passwords [and] extracts of the content of email messages."

Google admitted on the 14th of May that it?s cars had indeed been collecting payload data from unsecure Wi-Fi network across the globe for 3 years. They had previously assured that only SSIDs and Mac Addresses had been collected. Which it had done so for use in it?s products that require location data, like Google Maps.

Google said that a the cars are always ?on the move" and the Wi-Fi equipment automatically changes channels five times a second, only "fragments" of data had been collected. But according to the CNIL some very personal data was captured intact.

Google handed over France?s data to the CNIL on the 4th of June, which seems to be the first hand back. Germany and Spain have also requested the captured data. If this is all new to you, you can catch up on the story in our earlier blogs here, here and here.

AT&T iPad Hacker In Drugs Bust

Posted on June 17, 2010 by sophieparker

One of the hackers behind the AT&T iPad security breach has been arrested after police searched his home, cocaine, ecstasy and LSD were found during the raid. Andrew Auernheimer or Weev, 24, was arrested on Tuesday by Arkansas County Sheriffs after a search warrant was issued by the FBI. What prompted the warrent is not yet known.

Auernheimer, who is also known as ?Escher?, is a key member of the Goatse Security grey-hat hacker group.  Auernheimer is facing four felony charges of possession of a controlled substance and one misdemeanour possession charge and  is currently being held in Washington County Detention Centre in Fayetteville, Arkansas. Goatse Security took credit for the hack of AT&T servers that exposed the email addresses and cellular ID numbers of more than 114,000 iPad owners. The FBI became involved due to the fact that the information of high-ranking government officials was exposed.

A hearing is scheduled for June 18 in Washington County Circuit Court, but no bond or court date has been set. Auernheimer had previously been arrested in March  for giving a false name to police responding to a parking complaint.

Google Privacy Probe Continues

Posted on June 14, 2010 by sophieparker

Google has received a letter from the House Committee on Energy and Commerce asking what action it?s taken over the data it collected from private Wi-Fi networks. Google said it was unable to give the committee details on how many networks it ha collected data from or how many US households were affected.

Google began mounting antennas to it?s street view cars in 2007 and by 2008 all of it?s cars had them in order to collect Wi-Fi data. the collection of data ended in May 2010 as the privacy row picked up pace.

Google said they collected the data in order to improve the accuracy of location-based services. The cars collected Wi-Fi data including MAC addresses, SSID, signal strength, data rate, channel of broadcast and encryption method, the collection of payload data was accidental. Google insist that the cars were unlikely to have captured anything more than small fragments due to the fact that the cars move at speed and the system changes channels five times a second. It also admitted that it has not analysed the data in order to determine that fact. Apparently the data has only been accessed on two occasions, once as part of the investigation and once by the engineers who wrote the code.

Google?s letter of response reaffirmed that fact that data in Ireland, Denmark and Austria has been deleted at the request of those countries. And that it has retained data from the US due to the pending legal action. Google doesn?t fell the law has been broken by accessing the open networks, but said in the letter, "We emphasize that being lawful and being the right thing to do are two different things, and that collecting payload data was a mistake for which we are profoundly sorry."

It is also currently reviewing it?s methods of data collection for all it?s services to prevent a similar situation in the future. Some 600Gb worth of data from 30 countries was collected in total by Google.

Popular Download Sites Infected With Mac Spyware

Posted on June 2, 2010 by sophieparker

Mac malware has found it?s way onto three of the most popular download sites. The spyware secretly scans chat logs and hard drives of unsuspecting Mac users.

Named OSX/OpinionSpy, it?s spread through downloads available on sites including Softpedia, Version Tracker and  believe it or not, MacUpdate. It has been discovered by Intego, who provide AV software for Macs. According to Intego the spyware isn?t contained in the downloads, but gets downloaded during the installation process. A Windows version of the same program has been around since 2008.

Once one a machine, OpinionSpy scans all attached HDD and send encrypted data to several servers. It also injects code safari, Firefox and iChat applications, which then trawls for email addresses, message headers and other data. If the original application on which it piggybacked is uninstalled it still remains active.

Intego researchers say that: "The fact that this application collects data in this manner, and that it opens a backdoor, makes it a very serious security threat. In addition, the risk of it collecting sensitive data such as user names, passwords and credit card numbers, makes this a very high-risk spyware."

Macs have long been regarded as largely unaffected by Malware and much more secure than Windows, and Apple has been happy to promote this point of view. But an alternative point of view that many white-hat hackers have, including Charlie Miller, is that the platform simply isn?t prevalent enough to make it worth while for hackers to exploit. Which I think is a plausible explanation, and one that is given by those who exploit Apple bugs on a regular basis giving it more credibility.

The apps identified by Intego as installing OpinionSpy are the MishInc FLV To Mp3 media converter and screensavers from the company 7art-screensavers. You can read more about the Spyware here.

Trojan Surprise Inside Windows Mobile Game

Posted on June 1, 2010 by sophieparker

Doctored copies of a Windows Mobile game have been loaded with a Trojan.

A demo version of 3D Anti-Terrorist Action includes a Trojan that makes premium-rate calls on a users behalf, unbeknownst to them. Making calls to numbers in the Antarctic, Dominican Republic and Somalia, victims have no idea until a whopping bill arrives on their doorstep. The calls can cost up to 6 US dollars a minute.

The Terdial-A Windows-CE Trojan was identified back in March and has recently found it?s way onto several sites that host WM apps. Gamepron.com have therefore issued a new warning with an added jibe that even legit versions of the game lack engaging game play. Screenshot of the app and email extracts can be found in a Sophos security warning, who suspect the Trojan is of Russian origin.

FIFA Warns Of World Cup Scans

Posted on June 1, 2010 by sophieparker

FIFA has has warned supporters of scams that are likely to start emerging in the run up to the world cup.

The usual FIFA lottery, prize draw or competition scams are likely. This advanced fee fraud tries to trick the unsuspecting into coughing up ?administrative fees? to secure prizes.FIFA say that: "Prize draws and competitions offering tickets to the 2010 FIFA World Cup can only be held by companies who are commercially affiliated with FIFA, such as, for example, sponsors."

Spam emails touting World Cup lottery scams are already in circulation, according to Trend Micro. Expect more as the tension builds toward the start of the tournament next month. Security firms say that the scam emails sent so far have not gone through any botnet networks, but from known Nigeria-based 419 scam-friendly IP addresses, via direct spamming. There is also some search engine manipulation  that usually goes on. Diverting users searching for World Cup related info towards scare ware portals and other types of malware.

MessageLabs has already started to block email-borne malware attacks themed on the World Cup. The blocked emails are said to originate from an IP address in Macau, China. Written in Portuguese, they are targeting fans from Brazil and Portugal. These infected emails were posing as being from one of the events soft drink sponsors. The email directs victims to download a footy-themed application, which is actually a hacking tool in disguise.

MessageLabs Intelligence senior analyst, Paul Wood, explained: ?Once downloaded and activated, the malware produces files that generate pop-up messages and in the background collects information on what other machines are on the same network, enabling the attacker further access to the compromised networks.?

Symantec has set up a  website that is dedicated to tracking scams, and warning football fans of these World Cup themed dupes. As well as offering security advise, 2010NetThreat will also feature competitions and news on the tournament.

Cisco Bug Hands Over Critical Systems

Posted on May 27, 2010 by sophieparker

Cisco have warned of a serious vulnerability in one of their remote administration devices. The device allows IT worker to remotely control a building?s ventilation, lighting, security, and energy supply systems.

Users of the Cisco Network Building Mediator products were urged by the company to patch the vulnerabilities on Wednesday. The bug allows attackers to get hold of administrative passwords as well as a number of other things. System configuration files need no authentication in order to be read, which enables outsiders to gain control of a building?s most critical systems.

An advisory by Cisco stated that: "Successful exploitation of any of these vulnerabilities could result in a malicious user taking complete control over an affected device." It also warned that the bug is present it it?s Richards-Zeta legacy products, which was the company that originally designed the system, and bought out by Cisco. Internal testing by the company revealed the bug.

Another flaw allows the access of default administrative accounts by low level employees, enabling them to take full control of the device. Other bugs allow theb escalation of privileges and the interception of data send between an administrator and Building Mediator.

The device is aimed at pushing the use of IT to automate and remotely control tasks that would normally be done manually. It captures many different formats of data and presents them in a single easy to use interface. It can save building managers allot of money, but at the same time presents new threats as it?s designed to interact with larger power grids.

Work around and common sense configs are offered in the advisory, but it warns to take care when implementing these changes, as certain ports an protocols are needed for the system to run correctly.

McAfee Buys Trust Digital

Posted on May 26, 2010 by sophieparker

McAfee have bought-out Trust Digital, a privately-held enterprise mobility management and security start-up company. The deal was announced on tuesday, but the terms have not been disclosed.

The deal will enable McAfee to widen it?s range of enterprise-targeted mobile security products available for devices such as the iPhone, Android, Web OS, Windows Mobile and Symbian. McAfee’s ePolicy Orchestrator management console will be integrated with Trust Digital?s technology to guard Smartphone devices against risks like downloading malicious applications.

The idea behind this is that McAfee?s products will make it safer to roll out Smartphone?s in an enterprise environment. It?s not yet known how many of Digital’s 40 workers McAfee will keep on.