Wednesday, January 21, 2009

Nearly 9 Million PCs Hit By 'Downandup' Worm

Nearly 9 Million PCs Hit By 'Downandup' Worm

The network worm is a bunch of malware variants that target older Windows machines and changes itself, or is changed by its authors, to prevent signature-based detection.

By Thomas Claburn InformationWeek January 16, 2009 05:53 PM

A network worm has been spreading rapidly across the Internet over the past week, despite an emphatic warning from Microsoft (NSDQ: MSFT) last October.

In October, Microsoft took the unusual step of issuing an out-of-band Security Bulletin, MS08-067, for a vulnerability affecting its Server service.

Complete article.

Seagate Barracuda Hard Drives Plagued By Failures

Seagate Barracuda Hard Drives Plagued By Failures
The problems follow by about two months issues found with Seagate's 1.5-TB Barracuda 7200.11 drive.

By Antone Gonsalves InformationWeek January 16, 2009 08:00 PM

Seagate (NYSE: STX) Technology on Friday confirmed a firmware problem that caused some of its community forums, with failure reports of Seagate's 1-TB Barracuda 7200.11 drive. The complaints follow by about two months problems found with Seagate's 1.5-TB Barracuda 7200.11 drive, which randomly froze, according to tech site Tom's Hardware.

In an e-mailed statement, Seagate said it had "isolated a potential firmware issue" in certain products, including some Barracuda 7200.11 drives and related drive lines based on the same platform. The products had been manufactured through December and also include the Barracuda ES.2 SATA and DiamondMax 22 drives. More than two dozen drives are affected.

"In some circumstances, the data on the hard drives may become inaccessible to the user when the host system is powered on," the statement said.

To fix the problem, Seagate is offering a firmware upgrade at no charge. The company has set up a Web site listing the affected products.

Complete article.

Thursday, January 08, 2009

Obama Digs In for His BlackBerry

January 8, 2009
Obama Digs In for His BlackBerry

WASHINGTON — President-elect Barack Obama has yet to relent, but he conceded that he might be losing the battle to keep his independent lifeline to the outside world.

“I’m still clinging to my BlackBerry,” Mr. Obama said Wednesday. “They’re going to pry it out of my hands.”

Of all the fights facing Mr. Obama as he prepares for the White House, one of the most maddening for him is the prospect of losing the BlackBerry that has been attached to his belt for years. It is, he has vigorously argued, an essential link to keeping him apprised of events outside his ever-tightening cocoon.

“This is a concern, I should add, not just of Secret Service, but also lawyers,” Mr. Obama said, speaking in an interview with CNBC and The New York Times. “You know, this town’s full of lawyers. I don’t know if you’ve noticed.”

Mr. Obama shared his agitation at the prospect of losing his last form of direct communication with friends and other advisers who sent him e-mail throughout the presidential campaign. But he, like President Bush before him, is being advised for security reasons and his own legal protection to refrain from sending e-mail during his presidency.

“I don’t know that I’ll win,” Mr. Obama said. But, he added, “I’m still fighting it.”



Wednesday, January 07, 2009

NetBook Numbers for 2008 and Future Growth

NetBooks, you know, the small 8" screen, super light-weight, tiny laptops that are priced about $400-$500 bucks...

Well, it looks like in 2008 it's estimated that... "Freescale says research data indicates about 15 million netbooks, as it defines the category, were sold in 2008, and estimates that number will grow to 140 million by 2013."

Wow, that's a lot!  Anybody have one?  

From:  the nytimes.com blog from CES.

Tuesday, January 06, 2009

Need to watch HD TV on your Computer for Cheap and Portable?

Thanks, Don for the idea.
---------------------
Here's a handy, inexpensive device for OTA HD TV, Cable and DirectTV connections. Onsale for $70. I tested this one that's reviewed below from TigerDirect youtube posting. It really works great. Works just as reviewed below.

Pinnacle PCTV HD Ultimate Stick
www.youtube.com

An abbreviated Malware/Threat Dictionary

An Abbbreviated Malware/Threat Dictionary:

...from http://www.ddj.com/security/212700118

Some examples of the major threats in today's cyber world are discussed below in alphabetical order:

Authentication, Authorization, and Access.

Back door.
Botnets.
Browser hijackers.

Cookies.

Cyberextortion.
Cyberstalking.

Denial of service.
Electromagnetic pulse (EMP).
Electromagnetic radiation.

Hacking.
Identity theft.

Keystroke loggers.

Phishing.

Physical security.
Piracy.

Rootkits.

Spam.

Spyware.

Trojans.
Viruses.
Whaling.
Wireless security leaks.
Worms.

"Huge Increase" in Internet Explorer Attacks

I agree with this method.

-------------------
"Huge Increase" in Internet Explorer Attacks can be Mitigated by Configuring Windows Users to Operate without Admin Rights

Microsoft Recommendation Reflects Growing Trend in Enterprise Environments to Eliminate Admin Rights for Protection against Zero-Day Exploits

Last update: 11:55 a.m. EST Dec. 17, 2008

PORTSMOUTH, N.H., Dec 17, 2008 (BUSINESS WIRE) -- Microsoft Corp. has warned of a "huge increase" in attacks exploiting a critical vulnerability in all versions of Internet Explorer (IE). Most troubling for enterprises is that the attacks are increasingly being launched from legitimate Web sites.

"Some legitimate Web sites were maliciously modified to include the exploits," said Microsoft's Ziv Mador and Tareq Saade in a posting on Microsoft's Malware Protection Center Blog. They went on to note that, "a significant number of users have been affected."

With exploit code now publicly available, the threat will grow in the coming days and weeks. To mitigate the attack, Microsoft recommends that users be configured without administrator rights. Users whose accounts are configured to have fewer user rights on the system will have additional protections in place to prevent the installation of rootkits and key loggers, as well as other potential malicious activities.

"There is no longer any practical reason that an organization should configure its users to run with administrative rights," said John Moyer, CEO of BeyondTrust. "We have worked with hundreds of companies who were fed up with their exposure to malware and have responded by implementing the security best practice of Least Privilege in their Windows environments. By removing admin rights, these companies have experienced a drastic reduction in malware and greater protection from zero-day threats like the latest IE attack, which impacts the vast majority of IE users."

Microsoft's recommendation comes on the heels of a growing trend among organizations to remove administrator rights from users. By configuring users as standard users, malware can no longer leverage administrative privileges through various Microsoft security vulnerabilities to compromise corporate networks and data. One example of the trend in organizations to remove admin rights is the federal government's recent mandate prohibiting federal employees from logging into XP and Vista as administrators.

Complete posting.

MobiTV adds CBS to lineup

January 6, 2009 6:00 AM PST

MobiTV adds CBS to lineup

Posted by Marguerite Reardon

MobiTV said Tuesday that it has struck a content deal with network TV provider CBS (now the parent company of CNET News) to bring some of its most popular TV shows to mobile phones.

For the first time, MobiTV will be offering a CBS channel as part of its $10 a month service. MobiTV subscribers will be able to get full episodes of several CBS hits such as "CSI: Crime Scene Investigation," "Numb3rs," "CSI: NY," and "The Young and the Restless." Viewers will also be able to access video on demand news, sports and comedy clips from CBS Mobile. The shows will be available on AT&T and Sprint Nextel networks the day after CBS broadcasts them on TV.

MobiTV, which has been around for about five years, already offers more than 40 channels of daily live TV from several networks including ABC, NBC, ESPN, and Discovery Networks. It also offers made for mobile videos and video on demand clips to more than five million subscribers on over 350 mobile devices.

"The deal with CBS rounds out our primetime programming that we already offer from NBC and ABC," said Paul Scanlan, co-founder and president of MobiTV. "One of the biggest challenges for us over the years has been the availability of high value content for mobile. So every time we do a content deal like this, it's really important."

http://news.cnet.com/8301-1035_3-10132161-94.html?tag=inside

More on Twitter Hack

Twitter tries to shore up security in wake of hack attack

By Robert Westervelt, News Editor
06 Jan 2009 SearchSecurity.com

Twitter officials are trying to lock down their systems in the wake of a successful attack against at least 33 high profile accounts that were hacked through the social network's support tools.

The breach took place just days after users reported a fast spreading phishing attack that was attempting to steal passwords and other identifiable information. Among the breached high profile accounts was President elect Barack Obama, pop singer Britney Spears, media outlet Fox News and CNN anchor Rick Sanchez, Twitter wrote Monday in a blog posting.

The social network, which allows users to connect to friends and colleagues and post brief messages in real-time, has grown in popularity in recent months. Twitter has gone through a number of growing pains since it launched in 2006. At times the micro-blogging service had consistent down time as a result of system overload. Some estimate Twitter has grown to well over 3 million accounts and the popularity in corporate environments is rising.

Complete article from SearchSecurity.com.

TrendMicro Malware Blog and More Twitter Security Issues and now LinkedIn, too




TrendMicro BLOG: Good source for new malware threats and more security related issues

Samples-----

by Macky Cruz (Technical Communications)
The LinkedIn professional networking site connects more than 30 million users from across many different industries. The advantages of maintaining a list of trusted business contacts for career planning purposes is not lost on LinkedIn’s users.

The fostering of business relationships is further enhanced by features such as LinkedIn Answers and access from mobile devices.

Advanced Threats Researcher Ivan Macalintal found some bogus LinkedIn profiles which contain links to malware, using the names and images of famous personalities such as:

Beyoncé Knowles
Victoria Beckham
Christina Ricci
Kirsten Dunst
Salma Hayek
Kate Hudson
… and several others.
AND...

by Jake Soriano (Technical Communications)

Neither. Or both. It depends on whether you think it is authentic or fake.
Twitter users are facing yet another attack, this time a phishing threat. A spamming operation previously flooded users of the social networking and micro-blogging site with follower notifications which led to spammy and bogus profiles.

Cyber criminals are now exploiting Twitter’s Direct Messages function, instructing users that pictures of them were seen on another website, and the link is provided in the same message. A variation of this baiting technique informs users that the same website offers a free popular mobile phone

Obama's hacked Twitter a warning?

Obama's hacked Twitter a warning?

Posted January 6, 2009 9:12 AM

by Frank James

As one of those who felt badly for President-elect Barack Obama that he was going to be made to give up his Blackberry, I have to say that yesterday's report that his Twitter account was compromised seemed to make the point for those who worry that his use of the latest communications technology could be problematic for security as well as other reasons.

As was reported on Twitter's blog Monday morning:

This morning we discovered 33 Twitter accounts had been "hacked" including prominent Twitter-ers like Rick Sanchez and Barack Obama (who has not been Twittering since becoming the president elect due to transition issues). We immediately locked down the accounts and investigated the issue. Rick, Barack, and others are now back in control of their accounts.

I assume the Sanchez mentioned is CNN's on-air personality. It's a little odd that the posting's author mentioned Sanchez before, say, the next president of the U.S. But set that aside.

Obama is at least the second high-profile politician to have an e-mail or social networking account hacked in recent memory. Alaska Gov. Sarah Palin's Yahoo email account was hacked last year allegedly by a University of Tennessee student who also happened to be the son of a Democratic lawmaker.

Now we have the hacking of Obama's Twitter account. The security vulnerabilities in these Internet-based communications technologies are obviously fairly significant. And it appears there's no simple way to close them.

In the posting on its site, Twitter says they restored control of the accounts but it clearly sounds like the possibility remains that Obama's Twitter account could be hacked again.
Looks like the message to high-profile figures, especially nationally politicians, is Twitterer beware.

Full posting.

Data Breaches Up Almost 50 Percent, Affecting Records of 35.7 Million People

Data Breaches Up Almost 50 Percent, Affecting Records of 35.7 Million People

By Brian Krebs
Washingtonpost.com Staff Writer
Tuesday, January 6, 2009; Page D02

Businesses, governments and educational institutions reported nearly 50 percent more data breaches last year than in 2007, exposing the personal records of at least 35.7 million Americans, according to a nonprofit group that works to prevent identity fraud.

Identity Theft Resource Center of San Diego is set to announce today that some 656 breaches were reported in 2008, up from 446 in the previous year. Nearly 37 percent of the breaches occurred at businesses, while schools accounted for roughly 20 percent of the reported incidents.

The center also found that the percentage of breaches attributed to data theft from current and former employees more than doubled from 7 percent in 2007 to nearly 16 percent in 2008.
"This may be reflective of the economy, or the fact that there are more organized crime rings going after company information using insiders," said Linda Foley, the center's co-founder. "As companies become more stringent with protecting against hackers, insider theft is becoming more prevalent."

NOTE: Included later in the article... "The largest single cause of data breaches came from human error, the center found. Lost or stolen laptops and other removable electronic devices, along with the accidental exposure of consumer data -- such as the inadvertent posting of personal data online -- were named as the cause for more than 35 percent of reported incidents."

Complete article.