Computer Security News
| Say What? The Week's Top Five IT Quotes Privacy concerns over Google and the CIA; HP's enterprise slate; why
online gaming might help your career and more. U.S. General Details the Impact of Cyber War At the Black Hat security conference, retired General and former CIA
director Michael Hayden explains the dangers of cyber attacks. House Introduce Spectrum Auction Bill Lawmakers introduce voluntary incentive auction act that they hope will
achieve a compromise between dueling interests. DoJ Sues Oracle Claiming Contract Fraud Oracle became the latest technology company to feel the Justice
Department's fury after it was hit with a lawsuit alleging it defrauded
the federal government on a massive software contract. Amazon Debuts New, Low Price Wi-Fi Kindle With the iPad on its heels, Amazon cuts the price of its newest e-book
reader and adds Wi-Fi support. Millions of Home Routers Insecure: Black Hat Security researcher at Black Hat conference warns that outside hackers
can gain control of a home router and use it as an entry point to take
over the LAN. Researcher Warns Most Sites Get SSL Wrong At Black Hat, security researcher presents his latest work demonstrating
the widespread misconfiguration of websites that implement SSL
protection. Report Details Hottest IT Investments Windows 7, desktop virtualization and unified computing lead the pack in
Computer Economics' report. But investment in some other well-known
technologies is stalled. Dell Offers New Security for the Midmarket New products and services are aimed at medium-sized companies that can't
afford enterprise-class security. Authorities Nab Mariposa Botnet Kit Purveyor A 23-year-old man was arrested last week in Slovenia for allegedly
creating and selling the Butterfly botnet kit used to spread the
loathsome Mariposa botnet. Citrix Soars as Symantec, Nvidia Plunge Technology earnings reports have been mixed so far this quarter. Apple Checking Into iOS 4/iPhone 3G Complaints Move comes after several weeks of complaints that iOS 4 turns the iPhone
3G into a slug. SAP Warming to Private Cloud Cloud computing may not be the centerpiece of SAP's business model -- or
even close -- but the firm is beginning to embrace the technology, at a
measured pace. Yahoo Touts Revised Web Traffic Stats Looking to set the record straight, Yahoo highlights an irregularity in
online metrics firm comScore that shortchanged its site traffic.
Meanwhile, Google snags a search deal in Japan. Security Expert Details SAP Back Door Exploit SAP's software is an indispensible part of many enterprise's IT
operations, but at the Black Hat security conference, a researcher warns
that it is all-too-vulnerable to back-door attacks. Microsoft Brings an Olive Branch to Black Hat Software heavyweight preaches a message of cooperation with the research
community at the annual Black Hat security conference, announcing
details of new collaborations. Experts Agree DNSSEC Still in Early Stages Two years after security researcher Dan Kaminsky exposed a major flaw in
the Internet's critical infrastructure, the fix is on its way, but it's
a slow process. RIM Seen Unveiling New BlackBerry Next Week Rumors emerge of an event next Tuesday where RIM could take the wraps
off of the Bold 9800, taking the form factor of the venerable BlackBerry
line in a new direction. All Eyes on Microsoft, Ballmer on Analyst Day As its annual Financial Analysts' Meeting dawns, what will Microsoft
have to tell Wall Street about its plans for growth and the prospect of
an executive shakeup? The Cloud's Possible Impact on Hosting Firms The rush to the clouds will result in an industry shakeout for all of
today's hosting companies. Apple Updates Desktop Mac Product Lines Desktops get a speeds-and-feeds boost, plus they gain notebook touchpad
technology. Most Data Breaches Perpetrated by Cyber Gangs Organized crime syndicates, many of them based or operated from outside
the U.S., are overwhelmingly to blame for coordinated cyber attacks,
according to a study by Verizon and the U.S. Secret Service. Enterprise Wi-Fi users at Risk? Although Cisco downplays the danger, researchers at the Black Hat
security conference discussed a potential security vulnerability in
Cisco 1200-series wireless access points. Dell Serves Up Security Options for SMBs Small and midsized businesses often have to make tough choices when it
comes to their IT budgets and, usually for worse, security often
suffers. Dell's trying to solve that problem. Citizens Cooling on U.S. e-Government: Survey Customer satisfaction with federal e-government efforts continues to
slip, though the losses are incremental, and researchers note the
variations by category. HP Sticks With Windows 7 for Enterprise Slates Even after shelling out $1.2 billion for Palm and its webOS, HP said it
still plans to use Microsoft's Windows 7 operating system for its line
of business-centric slates. USPTO Deals Microsoft Setback in i4i Patent Case U.S. Patent and Trademark Office upholds Canadian firm i4i's patent for
a custom XML editor, further narrowing Microsoft's options in a $290
million infringement case. Bouncer App to Ease Enterprise Whitelisting With an update to its Bouncer whitelisting application, security vendor
CoreTrace is offering enterprises a new cloud-based intelligence service
to provide real-time updates on security threats and fixes. Adobe Snags Day Software in $240M ECM Play Adobe Systems, a leader in the online document-management space, has
shelled out $240 million to acquire Day Software, a Swiss firm
specializing in Web-based ECM software. FTC Mulls Browser-Based Block for Online Ads Modeled after the "Do Not Call" registry that keeps
telemarketers from pestering consumers at all hours of the day and
night, the FTC is looking for an online equivalent to protect Internet
users' privacy and sanity. Ask to Begin Offering 'Community' Search Results Pioneering search engine expanding trials of crowd-sourced search
results, inviting users to "ask the community" in an effort to
provide direct answers to queries, rather than the standard bank of
links. Mobile Apps Are Hot, But Are They Safe? The proliferation of mobile apps for the smartphone market is big
business but security experts are warning that many of the apps are
built on third-party code that may not be properly vetted for security
risks. Cyberattacks Hit Businesses With Big Bills New study from Ponemon Institute and security vendor ArcSight details
rising cost of cyberattacks, with businesses reporting at least one
major attack a week. Intel Testing Photonics for 1 Tbps Data Speed With copper wire nearing its physical limits for data transmission
speeds, Intel's CTO announces the company's research push in photonics
to drive 1 Tbps network speeds. Cisco Warns on Enterprise Security Threats In its latest quarterly Global Threat Report, networking giant Cisco
outlines a broad-ranging list of threats to enterprise security culled
from its various security products. Sourcefire Debuts Integrated Security Tool New open source Razorback framework aims to give security professionals
a unified view of the assets across the enterprise, amassing and
correlating data from an array of points on the network. SUSE Gallery Site Showcases Linux Appliances Novell's new SUSE Gallery site features Linux appliances built with the
company's SUSE Studio Linux appliance building technology. HP Intros Rapid Data Center Assembly Method The tech giant borrows a page from Henry Ford's book by applying an
assembly line approach towards building data centers. Zbot and CVE2010-0188 I just came across a suspicious PDF file, so I decided to take a
deeper look. Once the file was unpacked, I got an xml file with TIFF
image. However, the whole thing looked very strange. The whole thing
looked very fishy, and ultimately, it turned out that the xml file
contained an exploit for I thought it was a bit odd that we hadn’t come across files like this before, so I decided to tak a look at stats for this vulnerability: CVE-2010-0188 exploit statistics 2010 The graph shows that malware exploiting CVE=2010-0188 started spreading actively at the end of June. It was pretty much a rarity until then. Maybe the virus writers needed a few months to catch up with creating exploits for the new hole in Adobe – who knows? When I took a closer look, it turned out that the PDF was mainly designed to download and launch another file, Trojan-Dropper.Win32.Zbot.cm. Which, in its turn, is mainly designed to secretly install Zbot (ZeuS) to the system and to combat antivirus software. I was able to get a final example of Zbot, but it turned out to be encrypted and obfuscated. I then got its dump and decrypted strings, which included a clear link to the banking site under attack, the bot’s http requests and some of the commands used by the botnet C&C: Part of the decrypted Zbot file This is the first example of an encrypted Zbot variant spreading via CVE-2010-0188. Clearly, the guys behind this program aren’t sitting on their hands, but working on the most up-to-date methods of delivering their malware to end users. www.securelist.com | 7/28/10 8:32 AM Google Plans for More Government Deals CEO Schmidt thinks governments are anxious to make a transition to the
cloud. SAP Profits Disappoint; SaaS Apps Coming Soon The German software giant came up a bit short of analysts' profit
estimates in its second quarter even though it did achieve solid,
double-digit growth in total software sales. Security Pros Gather For Black Hat Confab Security experts, hackers and media types are filing into Sin City this
week for the annual Black Hat USA security conference, a gathering
that's endured and generated its share of controversy in the past. FDA, FCC Push For Wireless Health Technology The government agencies are teaming up to use the latest and greatest
wireless technology to improve care and reduce healthcare costs using
electronic health records. iPhone Tops Smartphone Sector in Satisfaction According to a new survey by the Yankee Group, Apple's iPhone beat out
rival smartphones in customer satisfaction, and continues to gain market
share, though recent antenna issues raise uncertainty. Microsoft: IE8 Thwarted 1B Malware Downloads With Internet Explorer 8, Microsoft set out to build a more secure Web
browser, and 16 months into its launch, the company is touting a major
security milestone. Oracle Debuts Drug-Tracking App for Big Pharma With its new Pedigree and Serialization Manager, Oracle is pitching an
application to pharmaceutical companies that will enable them to track
the movement of drugs across the supply chain. |
