Monday, August 30, 2010

Virtual browser from Invincea could deflect web malware attacks

If you want to protect your computer when web browsing with the “canary in the coal mine” technique, there is a virtual browser from a small northern Virginia company called Invincea, with its own account of the opportunity here , as extracted from the Washington Post on June 7, 2010.

If the virtual browser encounters scareware or other malware, only the dummy browser is attacked. Presumably this would be particularly effective with SQL injection attacks.

The question remains how effective this screening is when compared to browser ratings (McAfee Site Advisor or Mozilla Web of Trust) or anti-virus company intervention (as with Webroot Sophos).

Saturday, August 21, 2010

McAfee announces its most dangerous celebrities (starting with Cameron Diaz), with respect to fake fan sites.

Internet security company McAfee has a report indicating that fake “unauthorized” fan websites based on celebrities create security hazards, particularly with proffered downloads and especially screensavers, any of which may introduce spyware. The report is at this link and his the title “CAMERON DIAZ NAMED MOST DANGEROUS CELEBRITY IN CYBERSPACE: Justin Timberlake's Ex Knocks Current Girlfriend Biel to #3 Spot; Fourth Annual Report by McAfee Reveals Searching for the Stars is Safer This Year”. McCafee has trademarked its “McAfee Most Dangerous Celebrities”.

Generally, only very well known celebrities have created these problems. But often very young celebrities generate “unauthorized” fan sites. also had a report on this here.

Some (mostly younger and tech-savvy) celebrities, like Ashton Kutcher, are very aggressive in managing their own web presence (partly because Kutcher part-owns a media studio) on social networking sites, personal blogs, and Twitter. It's probably less likely that "crooks" could impersonate them on the web and get away with it.

Friday, August 20, 2010

New York Times has major column on thwarting cyberbullying

Riva Richmond has a major report under the “Personal Tech” column of the “Business Day” Section of the The New York Times, on Thursday, Aug. 19, “Some ways to thwart an online bully,” here.

A major part of the report is an explanation of how to block someone from being able to access you on Facebook from Facebook, but the explanation includes the fact that a Facebook report and block will not affect access outside of Facebook. Cyber Bullying is listed as one of the legitimate reasons for a Facebook block, as is nudity, a fake profile, or racism or hate speech. But you can "divorce" somebody on Facebook, just like you can tell them never to call you again in real life.

The article mentions two other services, Safety Web (link) and Social Shield  (link) . These services could also help parents of kids who are doing the bullying.

Remember, bullying sometimes is a kind of retaliation. Kids who were bullied physically might be drawn into cyberbullying as a way to “fight with your fingernails”.

Thursday, August 19, 2010

Microsoft "zero-day" vulnerability could affect most third-party apps

Greg Keizer has reported, on Computerworld, a “zero-day” Microsoft vulnerability that he says he had noticed affected over 40 applications (when he was gumshoeing a shortcut problem) but now says it could be many more.

Each application would have to be patched separately, or else a patch for developers could be issued, instead of some massive update for home users which could break some applications.  Apparently the vulnerability applies to XP, Vista and 7.

The link for the story is here.

The problem was reported by Mitja Kolsek, CEO of Acros Security in Slovenia.

Users might be able to reduce vulnerability by closing some ports.

The problem has to do with the way some execution elements are linked, comparable to the “controversy” in mainframe IBM programming between dynamic and static link decks.

Saturday, August 14, 2010

Proliferation of encryption certification authorities seen as a new security hazard

Miguel Helft has an important story in the New York Times Aug. 13, “A Warning in the Weak Link in the Security of Web Sites” Browser vendors like Microsoft, Firefox and Google Chrome have the authority to appoint security certificate authorities, which have proliferated. The link for the story is here.

These companies certify that a site’s encryption is authentic, and display a closed lock icon somewhere around the browser’s tool bar.

In at least one case, a certificate authority was found to have installed spyware on some Blackberry handsets.

The story seems important also because Firefox has been promoting “universal encryption” of all web traffic.

(See International Issues blog posting today, also, for more on the problem in UAE.)

Tuesday, August 10, 2010

Cisco published top ten Malware attacks in 2Q of 2010

Lisa Phifer has an important article in “Security Planet” on “The Ten Top Malware Threats”, here, she notes that many of them are now spread through ordinary browsing of websites. The list came from Cisco for the Second Quarter of 2010, and was based on malware data files from McAfee, and Webroot (Sophos).

She notes, in place ten, "Backdoor.TDSSConf.A", which belongs to a TDSS family of “kernel-mode rootkits” which can disable antivirus programs with rootkit tactics, and can be difficult to stop after a page is actually browsed if not intercepted first by browser controls. There is also "Mal/frame-F" which uses "iframe" tags to redirect users to other websites without their knowledge.

"JS.Redirector-AT" can redirect users to other sites with porn, phishing, or scareware implants. Here the article notices that some home users may want to disable javascript execution, at least when embedded in Adobe documents.

"PSW.Win32.Infostealer.bnkb" may log keystrokes associated with online banking.

Number 1, and representing 5% of infections, is “Exploit.JS.Gumblar”, which runs an encrypted executable without user’s consent with subsequent routine browsing.

The author of the article owns Core Competence (link ) a security company with links to this and other important articles.

Monday, August 09, 2010

Microsoft vulnerability and bitmaps; more on application fingerprinting

Vupen Security has reported a vulnerability in most Microsoft systems, caused by a “buffer overflow error in the "CreateDIBPalette()" function within the kernel-mode device driver "Win32k.sys" when using the "biClrUsed" member value of a "BITMAPINFOHEADER" structure as a counter while retrieving Bitmap data from the clipboard”, as reported at this link.

An example of bitmap data may include many Wikipedia jpg images recently.

Hel-Net Security carried the story with the title “new Windows 0-day flaw allows malware installation”, here.

Patrick Thomas, at Black Hat USA, discusses the “Blind Elephant: open source web application fingerprinting engine” in a link on that file, following on a report here Aug. 1.

Sunday, August 01, 2010

Webroot reports on how digital fingerprinting could track "anonymous" virus authors

The “Threat Research Group” at Webroot reported on a technology a company called “HBGary” has developed, as reported by CEO Geg Hoglund, in identifying malware and possible sources by a “digital fingerprint” technology that more or less follows the model of classical fingerprint technology in the real world. Webroot’s blog entry is here and it contains a picture that, when linked, brings up much more detail than first showing in the blog entry. (I’m not sure why the jpg doesn’t display in full in the Webroot blog posting directly.)

The technology should help international law enforcement agencies to track down serious cyberthretas, including possibly acts of cyberwarfare, more quickly.

The FBI has a writeup on how its process to identify hacker code was working back in 2006, with an incident in Turkey regarding the Zotob virus. The link is here.  Surely the process has evolved more since then.