The former being rather smart as it’s encrypted and sent via a 3rd party network – so it’s not open to wiretapping. It’s unlikely the tracksuit wearing chavs & hoodies know that, but still – it’s keeping them safe. Posting videos/pictures of themselves on public Twitter and Facebook accounts is not so smart though and will surely lead to some arrests.

Anyway that’s not the topic here, the topic here is another politically motivated hacking attack – what we would commonly call cyberterrorism.

A Taiwanese political party suspects the Chinese government is behind a hacking attack that stole information about the party’s election activities.

Taiwan’s Democratic Progressive Party (DPP) said on Tuesday that some of the attacks had been traced to China’s Xinhua News Agency, a state-run press group. The attack operated as a phishing campaign, in which DPP staffers were sent e-mails by hackers who attempted to impersonate other party employees. The staffers were then told to open the e-mail attachments, which secretly contained viruses to monitor the computers, a DPP spokeswoman said.

The DPP alleges the attacks were routed from the Xinhua News Agency through Malaysia and Australia. The attacks were also traced to IP addresses from the Chinese mainland. The Xinhua News Agency was contacted for response, but has yet to an issue a comment.

IT security experts have said the attacks were part of a state-sponsored hacking attempt, according to the DPP. “Already many countries and security groups have said the attacks from China’s cyber army are well organized and that a state actor guides and supports them,” the DPP said in statement issued on the party’s website.

As we all know, Taiwan and China are not really the best of friends with China claiming Taiwan to be part of it and Taiwan not quite agreeing. In China they fully act like Taiwan is just another state/province in China.

This time it seems to be a state run Chinese news agency (Xinhua) attacking Taiwan’s Democratic Progressive Party (commonly know as DPP).

These are of course at this time just claims, and it’ll probably stay that way as there’s no conclusive proof in these kind of situations.

China is already in the spotlight for cyber attacks after security vendor McAfee reported a massive cyber attack that stole sensitive information from 72 companies and organizations. Although McAfee did not name the group behind the hacking attempts, security experts have pointed fingers at China because of the organizations targeted. China, however, has repeatedly denied it sponsors any kind of hacking.

A DPP spokeswoman said the phishing attacks have been an ongoing problem, but that it appears more of the recent hacking attempts have been coming from China.

Taiwan and China separated in 1949 after a civil war. While China’s ruling communist party seeks for reunification with the island, the DPP supports Taiwan becoming its own nation, putting the two at odds with one another.

The DPP said on Tuesday it also traced hacking attempts to Taiwan’s own Research, Development and Evaluation Commission and called for the commission to investigate. The commission could not be reached for immediate comment.

China have been in the spotlight fairly recently with some very widespread phishing attacks including – Targeted Phishing Attacks Carried Out On Gmail – Likely From China.

It seems like these kinds of games will be going on forever including hacktivism, cyberterrorism, defacement in the name of certain causes and all kinds of other naughty business.

With so much information on computers now it’s no surprise, I’d like to see these kind of organisations having better infosec policies though including awareness training for all staff with access to e-mail accounts and computers.

Source: Network World

The latest story is following Google+ banning numerous Anonymous members, they have spawned their own social network called Anon+/Anonplus.

As is normal with these things, it’d hard to say if it really has anything to do with Anonymous or not – the ‘official’ Anonymous Twitter and Blog accounts have not mentioned Anon+ – so make of it what you will.

The story so far is that Anonymous – or someone associated with Anonymous, or someone cynically riding on the back of Anonymous, who knows? – has set up a site that will offer some kind of social network.

According to TechSpot, the idea (and the “Alpha” Website, anonplus.com) arose when Google+ allegedly banned an unknown number of Anonymous members. The Anonplus site is couched in Anonymous’s usual grandiose phraseology – “they will know that we have arrived. There will be no oppression. There will be no more tyranny. We are the people and we are Anonymous.”

Fair enough. Anyone’s got the right to set up a social network if they want, and they have the right to claim to act on behalf of others, regardless of how accurate that claim may be. But the idea of a completely anarchic, “no tyranny, no oppression” (defined in whose terms?) social network offers some interesting self-contradictions to resolve.

I’ll grant that the world of corporate social networks is a nightmare of “tyranny and oppression” – so much so that the success of Facebook and the excitement over Google+ mystifies me.

Facebook bans a Google+ ad at the drop of a hat, but turns into a nearly-immovable object if asked to help deal with abusive commenters (who, for example, infest tribute pages to the dead). Google+ demands an understanding of 37 different privacy statements. Social networks are not just tyrannical, they’re also a “confusopoly” whose success depends on nobody being able to decode the rules they’ve promised to follow.

It’s an interesting concept though and could gain some traction amongst the tin-foil hat wearing, conspiracy theorists on the net. Those who are probably already surfing with Tor and multiple proxies.

As for the rest of us? I’d imagine we’ll be sticking with Facebook, Twitter and Google+.

There are plenty of people out there who are uncomfortable surrendering so much information to large companies like Google and to closed networks like Facebook, but maybe Anon+ is just a joke – who knows really.

Anonymous’s intervention – to me, a much more welcome intervention than the group’s inability to distinguish between targets, slapping the small and mighty with equal abandon and claiming equal credit whether they’ve defeated a flea-bite nobody or a US military operation – may or may not succeed, but it raises an interesting question.

What’s the line separating rules that are necessary for a social network to function from rules that are oppressive; and when does one become the other?

All social interactions are government by rules of some kind. They may be tight or loose, consensual or tyrannical, explicit or implicit, designed or evolved, but the rules exist, whether or not you follow them (or even acknowledge them).

If all you do is hold a conversation with someone, you will follow at least one rule – the two of you will hold the conversation in languages comprehensible to you both. The interaction won’t happen without that minimum rule.

“If we hack something, we publish it” is a rule for Anonymous – written or not. “There will be no tyranny” is a rule of interaction.

And even Anonplus.com must have, at minimum, one rule: “anybody may join”. The group itself has implied a second rule, that nobody be censored or blacked out.

Censorship provides a convenient handle on which I can hang a question about rules: censorship by whom? Sure, it’s clear that “Anonplus” won’t censor the statements or posts of its users – but what of those users who would wish to constrain, censor or silence other users?

Such people exist in every large group – whether they merely seek to shout down dissent or, since this is the Internet, if they seek to silence those they don’t like by hacking their profiles.

But it does say on the site, the network is not just intended for Anonymous members – it’s for everyone. Well everyone that supports the free Internet with no tyranny and no censorship, that seems to be the goal.

You can check out the development forum for Anon+ here:

http://anonplus.presstorm.com/

It seems like Presstorm has something to do with it, with the forum being hosted under their domain, and the announcement post here: Investigative Innovation: Anonymous and Presstorm Present – Anon+.

Source: The Register

The other is that the Sony PlayStation Network (PSN) basically got hacked, owned and raped. It’s still currently down and according to Sony is being completely rebuilt to be more secure, so far it’s been down for 4 days.

The outage of Sony’s PlayStation Network and Qriocity service, now in its fourth day, looks set to continue after the company said on Sunday that it is “rebuilding” its system to better guard against attacks.

Sony said on Saturday that the outage was caused by an “external intrusion” into the network, but has yet to detail the problem.

The PlayStation Network is used for PlayStation 3 online gaming and sales of software to consoles and the PlayStation Portable. The Qriocity service runs on the same network infrastructure and provides audio and video to Sony consumer electronics products. The latest update, while not explaining the intrusion, pointed towards it being relatively sophisticated.

“Our efforts to resolve this matter involve rebuilding our system to further strengthen our network infrastructure,” the company said in a statement. “Though this task is time-consuming, we decided it was worth the time necessary to provide the system with additional security.”

I bet there’s a lot of gaming addicts out there jonesing to get their fix, I’d imagine it’s a top priority for Sony to get this back up and running especially as they were planning to major updates. They haven’t as yet given any kind of indication as to how long it’s going to take them to fix it.

I’d estimate they should be done before the end of this week, more than 7 days down is suicide for this kind of online model.

Sony said it is “working around the clock to bring them both back online,” but didn’t say when they might return. Phone calls to the company’s Tokyo headquarters went unanswered on Sunday.

“We thank you for your patience to date and ask for a little more while we move towards completion of this project,” the statement said.

The outage has left PlayStation 3 owners unable to play online games. Networked gaming, in which gamers collaborate with others in real-time battles, challenges and quests, is very popular and typically enjoyed by millions, especially over the weekend.

I’d imagine we’ll be seeing some kinda of announcement by Sony about this fairly shortly – they can’t be leaving millions of frustrated gamers in the dark. I’d be interested to see some kind of details regarding the intrusion too.

How did they get in? How serious was it? Did they use some kind of mythical 0-day exploit?

From what we know about Sony though, I wouldn’t hold your breath on the details..

Source: Network World

We’ve reported on a couple of them like back in December when the WikiLeaks Attacks Caused Rival DDoS Retaliation. There have been a whole lot of other attack types going as usual though with SQL Injection and XSS (Cross Site Scripting) making up the to the top 3 with DDoS Attacks.

But if you haven’t worried about it before, perhaps now is the time to look into prevention/protection against denial-of-service attacks.

Driven by the hacktivism of the loose-knit Anonymous group, denial-of-service attacks surged to the top of the list of Web incidents, outpacing SQL injection and cross-site scripting, according to a survey of publicly disclosed attacks.

The ongoing survey, known as the Web Hacking Incident Database, categorized 222 incidents in 2010 and found that attackers aimed to take down the Web sites in a third of the incidents, while defacement accounted for 15 percent of attacks and stealing information was the goal in 13 percent of incidents. Unsurprisingly, the popular goal of causing downtime meant that denial-of-service attacks accounted for about a third of attack types, followed by SQL injection (21 percent) and cross-site scripting (9 percent).

In many industry reports, denial-of-service is not even on the list, but companies should worry about such brute-force tactics, says Ryan Barnett, a senior security researchers with security firm Trustwave’s SpiderLabs, who manages the WHID project. “You need to re-prioritize because Web servers are actively being targeted with denial-of-service attacks,” says Barnett.

Simple tools like Slowloris can give even the most robust web sites a big headache. Of course you also have to make sure you are secured against SQL Injection and any other kind of web attacks that can comprise your up-time or data.

According to the data different industries need to be prepared for different kinds of attacks, obviously skilled attackers will focus different ways of compromising hosts in different sectors.

Yet, different industries should also worry about different types of attacks, he says. Attackers focus on stealing money from financial firms using stolen credentials, according to the WHID data. They also tend to focus on defacing government sites and stealing credit-card numbers from retailers, using SQL injection in both cases, according to the WHID. The latter two relationships are weaker, however: While those are the most popular goals for attackers, each only accounts for a bit more than a quarter of attacks against the particular vertical. Money is the goal in two-thirds of attacks against financials.

“The outcomes and attacks and weaknesses are different, so depending on what market you are in, we have a pool of attacks that worked,” says Barnett. “So CSOs should pick out examples in their market because those are most applicable to them.”

Attackers’ focus on downtime means that corporate CSOs need to make sure that they can handle Web-specific denial-of-service attacks. Many times such attack focus on flooding the Web servers, but low-and-slow attacks are becoming more popular and require a different defense.

“Many of these organizations foolishly think that the network security gear that they have to handle the lower level DOSing floods will take care of this and it won’t,” Barnett says. “The overall amount of traffic that you have to send to take down the Web server is a lot less, and it looks legitimate.”

Downtime has gotta be one of the worst types of attack, especially for e-tailers or online vendors. Yah theft of credentials is bad, but honestly – most of the time those attacks aren’t even disclosed and no-one knows about them.

And from what I’ve seen most companies seem to think sticking a mid-range firewall in front of whatever they are doing is the be all and end all of security – it’ll protect their applications, their data, their organisation…and so on.

How misguided they are.

Source: Network World

It wasn’t that long ago (back in October 2010) when there was another Critical 0-day Vulnerability In Adobe Flash Player, Reader & Acrobat and Adobe were scrambling to fix it.

They are promising an out of band patch for this vulnerability as it’s marked as critical and has apparently been seen in the wild, but only in a few targeted attacks according to this blog post by Adobe:

Background on APSA11-01 Patch Schedule

Adobe Systems plans to release emergency patches for its Flash and Reader applications after learning a critical vulnerability is being exploited to install malware on vulnerable machines.

The out-of-cycle patches for Adobe Flash Player 10 and Acrobat and Reader versions 9, 10, and X will arrive during the week March 21, the company said on Monday. The updates will cover all versions of those programs except for Reader X for Windows, which ships with a security sandbox that blocks the exploits Adobe has observed so far.

The announcement comes after members of Adobe’s security team received reports of targeted attacks aimed “at a very small number of organizations and limited in scope” that “install persistent malware on the victim’s machine,” the company said in an advisory. The exploits wield a booby-trapped Flash file hidden inside a Microsoft Excel file attached to an email.

The attacks exploit an unspecified flaw in Flash Player for the Windows, Mac, Linux, Solaris and Android operating systems. Adobe security members are unaware of other types of attacks, such as those that plant the malicious Flash file in documents using the the PDF, or portable document format, specification.

It’s a pretty tricky attack with multiple layers, it seems like the Flash exploit itself is embedded in an Excel file attached to e-mails. It looks like corporate users of Reader X will be out of luck as there is no patch for that version. But then Adobe states as Reader X comes with a sandbox the exploit won’t actually function anyway.

The patch is slated to come out next week sometime, there are no specifics as of yet – I guess it depends how long it takes them to fix the problem reliably. They are looking to rush the patch out though rather than waiting for the next cycle.

“However, attackers have leveraged these type [sic] of Flash Player vulnerabilities in the past via .pdf files to attack the embedded authplay.dll component shipping with Adobe Reader and Acrobat v9,” Brad Arkin, Adobe’s senior director of product security and privacy, wrote. “Out of a preponderance of caution we took the decision to ship out-of-cycle updates for Adobe Reader and Acrobat v9, and Acrobat X to mitigate the risk of attackers shifting the attack from an .xls container to a .pdf container.”

The unscheduled patch won’t cover Reader X for Windows, because that recently released version of the program contains a Sandbox that isolates remotely supplied payloads from the OS’s core functions. As a result, the exploits Adobe has seen to date aren’t able to successfully execute on machines that run it. Many Reader users, particularly those in corporate settings, still run versions 10 or 9 of Reader, meaning they will remain vulnerable until the emergency patch is installed.

Excluding Reader X for Windows from the out-of-cycle release will allow Adobe engineers to publish it more quickly than it otherwise could. The fix for that version will be released on June 14, during Adobe’s next scheduled quarterly update.

The Security Bulletin from Adobe is here:

Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat

It has been assigned the CVE Number: CVE-2011-0609

Source: The Register

As we mentioned recently, the U.S. Federal Bureau of Investigation is looking into the Gawker breach, which just goes to show how serious this case is.

The improvements are pretty standard security practice, but it just shows in these days of rapid development and the focus being on features rather than security – bad things can happen.

Gawker Media’s CTO has outlined a series of security changes designed to shore up the company’s IT operations following an attack last week that compromised up to 1.4 million accounts.

The company was unprepared to respond to an attack in which user data and passwords were posted to peer-to-peer file-sharing networks, wrote Tom Plunkett in an e-mail memo to Gawker staff on Friday. The e-mail was reposted on Jim Romenesko’s blog on the Poynter journalism site. A group called Gnosis claimed responsibility for the hack, which exploited a flaw in the source code of Gawker’s Web servers.

“Our development efforts have been focused on new product while committing relatively little time to reviewing past work,” Plunkett wrote. “This is often a fatal mistake in software development and was central to this vulnerability.”

As a result, Gawker has done a security audit of the sites affected, which include Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin and Fleshbot.

Gawker is now mandating the use of SSL (Secure Sockets Layer) encryption for employees with company accounts using Google Apps. Also, if those employees have access to sensitive legal, financial or account data, two-factor authentication must be used, Plunkett wrote.

Most of the things would have been picked up if they had ever done any kind of internal ISMS audit (based perhaps on something like ISO27001) – which bans all chat applications except for Skype as that encrypts the chats.

Using things like SSL are pretty obvious and should be forced on all login pages on all web applications – with FireSheep bring that issues to the forefront recently.

I’d say the most sensible move would be considering moving away from the local database model and using something like OAuth – that would make sense.

Gawker also will not allow employees to discuss sensitive information on chat applications, including AOL’s Instant Messenger and Campfire.

For users of its websites, Plunkett wrote that Gawker wants to move away from storing information such as e-mail and passwords and use systems such as OAuth.

OAuth is an authentication protocol that allows people to use the same login information for multiple services and share data through an API (application programming interfaces). OAuth provides a token that grants access to different applications, which do not see users’ original login credentials. It is being used now by Google, Twitter and Facebook, among other services.

Gawker will also allow people to create a “disposable” account with its sites in order to leave comments. Gawker will not store e-mail addresses or passwords for those accounts. The accounts can be used as long as the person remembers a key code, Plunkett wrote.

Since the breach, Gawker has been in the process of notifying those who are affected and reminding them to change their passwords, especially if they used the same password for other Web services. Twitter saw a raft of spam soon after the Gawker breach, which illustrated that some people used the same password on both services.

It’s good to see Gawker taking some pro-active measures rather than the normal arrogance we are used to. I think the disposable token based account is a good idea too as often I want to leave a comment on some site or another but the sign-up process, e-mail validation and so on puts me off.

I hope Gawker has gotten around to notifying everyone who had an account that was compromised as sadly many people use the same password and username/e-mail combo for all their online site accounts.

Source: Network World

Just a few days ago their DNS provider (EveryDNS) pulled the plug – apparently due to pressure from the US government, and also because of the ongoing DDoS attacks against WikiLeaks which also effected them.

The latest development is that ‘Anonymous’ has joined the WikiLeaks side of the argument and start attacking those it sees as detrimental to WikiLeaks.

An anonymous, loosely affiliated group that has been responsible for a series of recent Distributed Denial of Service (DDOS) attacks against entertainment industry Web sites over copyright issues, has started attacking organizations viewed as being hostile to WikiLeaks, says a PandaLabs researcher.

The group, dubbed Anonymous, launched a DDOS attack on Monday that knocked Swiss payment transaction firm PostFinance’s Web site offline. The attack was in apparent retaliation for the firm’s freezing of an account set up by WikiLeaks founder Julian Assanage, PandaLabs threat researcher Sean-Paul Correll said.

The bank’s main Web site was unavailable for several hours but appeared to have been restored by late Monday afternoon. The attack on PostFinance was preceded by one against PayPal’s blog site over the weekend, Correll said. That attack was apparently prompted by PayPal’s decision to cut off money services to WikiLeaks last week.

The PayPal attack began at 4.00 a.m PST on Saturday and resulted in the blog being unavailable for a total of more than 8 hours, Correll said. Meanwhile, anonops.net, a site used by Anonymous to announce their attack plans, came under a massive DDOS attack earlier on Monday, apparently by those opposed to WikiLeaks. In an ironic twist, users attempting to reach the site were being redirected to PostFinance’s Website late Monday evening.

The first target I became aware of was PayPal, due to the fact they froze the WikiLeaks account and ceased processing donations for them. More info on that here:

PayPal Announces It Will No Longer Handle Wikileaks Donations

It seems there are other targets on the list such as the payment processor PostFinance who froze an account set up for Julian Assange the WikiLeaks founder.

A lengthy statement posted on the anonymous group’s Web site listed several organizations that the group claimed had stifled WikiLeaks’ effort to release the documents. “We will find and will attack those who stand against Wikileaks and we will support WikiLeaks in everything they need,” the statement said.

The group said it will offer WikiLeaks an additional site for mirroring the leaked documents. It will also create ‘counter-propaganda’ and organize DDoS attacks on “various targets related to censorship” the group claimed.

Anonymous’ campaign over copyright enforcement issues, Operation:Payback, has resulted in several DDOS attacks being launched against and knocking off sites belonging to the Recording Industry Association of America, the Motion Picture Association of America and others.

In the statement announcing support for Assange, the organizers of Anonymous declared that “Operation:Payback has come out in support of WikiLeaks and has declared war on the entities involved in censoring there information.”

The online tussle between those opposed to WikiLeaks’ campaign and those supporting it highlights how the Internet is increasingly becoming the battleground for all sorts of causes, Correll said.

“People are starting to figure out they can use technology to fight back,” he said. “They have realized they don’t have to just stand in a picket line. This has been going on for a few years, but its getting more organized.”

WikiLeaks has been having a bad time recently, as just before they lost their DNS service – they got kicked off from the Amazon platform.

All in all it seems freedom of speech really isn’t free. If you want to read more about this, there are a LOT of articles – so knock yourselves out.

Source: Network World

The latest target from the group calling themselves the Pakistani Cyber Army was the site for the Central Bureau of Investigation in India – http://cbi.nic.in/.

Almost 4 days after the defacement, the site still appears to be down.

Close to four days after the site of India’s key investigation agency, the Central Bureau of Investigation (CBI), was hacked and defaced, the web site is still inaccessible to users.

The CBI is doing a thorough security audit, and plugging all holes to prevent another hack, Vinita Thakur, a spokeswoman said on Tuesday. She didn’t say when that would be complete, and the site restored.

The web site of the CBI was hacked and defaced on Friday night. The hackers calling themselves the “Pakistani Cyber Army” left a message saying that the attack was in revenge for similar Indian attacks on Pakistani sites.

The CBI’s IT systems were not compromised by the hack, as the web site and the CBI’s computer systems are separate, Thakur said.

They say they are doing a thorough audit and they are going to plug all the holes, but in reality – we know that’s not true because it’s not possible. They both seem to be stuck in a catch 22 situation as both the Indian and Pakistani sides continue with revenge attacks for the previous defacement.

Almost immediately after this attack the Indian Cyber Army executed another hack and deface job to retaliate. And well, whatever happens after this – it’s not going to be pretty for either side.

The information that the hackers had access to was public information, she added.

The border dispute between India and Pakistan over Kashmir has often spilled online, with both sides attempting to hack each other’s web sites.

The web site of Pakistan’s Oil & Gas Regulatory Authority was hacked on Saturday by a group called “Indian Cyber Army” in retaliation for the CBI web site hack, according to media reports from Pakistan.

The web site which displayed the message “This Account has been suspended” late Saturday, has since been restored.

The Pakistani site that was attacked is back up and accessible to the public again, but as of now I’m still seeing some database access error messages in the sidebar and at the top of the page – http://www.ogra.org.pk/.

My guess would be that this is not going to stop any time soon.

Source: Network World

This is a pretty serious flaw and sadly proves Steve Jobs right for not supporting Flash on the iPhone and Ipad. A new twist is that this vulnerability extends to mobile platforms such as Android due to the full support for flash. It also effects desktop systems across the board (Windows, Mac, Linux & Solaris).

Adobe revealed a critical zero day flaw in Adobe Flash–the second in less than a week. The vulnerability extends even to Adobe Flash on the Android mobile OS, supporting at least one of the reasons laid out by Steve Jobs for not allowing Flash on the iPhone and iPad.

An Adobe spokesperson contacted me and shared that, “A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris and Android operating systems. This vulnerability also affects Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh.”

In a nutshell, the critical flaw could be exploited to crash the affected system, or may even allow an attacker to gain access and control it to execute additional malicious software. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player, but Adobe is not aware of any attacks exploiting it against Adobe Reader or Acrobat thus far.

The Adobe spokesperson explained, “Adobe is actively sharing information about this vulnerability (and vulnerabilities in general) with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available. As always, Adobe recommends that users follow security best practices by keeping their anti-malware software and definitions up to date.”

There are reports of this vulnerability being exploited in the wild, but I haven’t really seen any details of it so far. It’s an interesting point regarding smart-phones and I wonder how Android developers might look at addressing this kind of issue and safeguarding the phones in the future.

A sandbox method might be a good idea, and from what I know of Android you don’t have root privileges by default anyway. We’ll have to see if Android makes any announcements regarding this or comes out with any kind of plan for future safeguards.

Those best practices are long established among the traditional desktop computing platforms, but users running Adobe Flash on Android smartphones may be left wondering exactly which “best practices” will protect them. Smartphones have grown into palm-based portable computers–with processing power and storage space significant enough to be a worthy target–but smartphone security is not as evolved as its desktop and notebook counterparts.

As Microsoft has improved its software development processes and implemented new security controls in the Windows operating system and other applications, attackers have looked elsewhere to find the chinks in the armor. Adobe has emerged as the virtually ubiquitous low-hanging fruit–with security practices that are not as mature as Microsoft’s, and software with potentially exploitable weaknesses available on pretty much every platform out there.

The iPhone and iPad stand uniquely apart from other smartphone and tablet platforms thanks to Apple’s very public rejection of Adobe Flash for iOS. While the real reasons probably have more to do with iAd and wanting to exert tighter control over the developer community, security is also a concern that has been cited. Zero day flaws like this one, which potentially impact Android smartphones running Adobe Flash, seem to illustrate the wisdom of that choice.

You can read the security advisory from Adobe here – Security Advisory for Flash Player, the fix has not been issued as yet but they do state they are working on it so expect a flash update soon.

It’ll be interesting to see what comes of this and how fast Adobe can push a patch out.

Source: Network World

Reminds of the heydays of ILOVEYOU and Anna Kournikova.

A fast-moving email worm that began spreading on Thursday has been able to affect hundreds of thousands of computers worldwide, anti-virus provider Symantec warned.

The email arrives with the subject “Here you have.” An executable screensaver that’s disguised as a PDF document then tries to send the same message to everyone listed in the recipient’s address book. The .scr file is a variation of the W32.Imsolk.A@mm worm Symantec discovered last month.

In addition to spreading through email, it can propagate through mapped drives, autorun and instant messenger. It also has the ability to disable various security programs.

It’s slightly more advanced than the old versions though with the ability to spread through instant messaging (probably MSN Live Messenger) and also disable security programs.

Plus it’s harder to scan for as the malicious screensaver isn’t actually attached to the email but downloaded from a remote source, and from early reports – multiple remote sources.

The worm is a throwback to attacks not seen in almost a decade, when the Anna Kournikova and I Love You attacks wreaked havoc on email systems worldwide. The Here You Go worm appears to different in that the malicious payload is downloaded from a page on members.multimania.com, rather than being attached to the email. That could make efforts to eradicate the worm easier.

Then again, McAfee said multiple variants of the worm appear to be spreading, so it’s not yet clear that the malicious screensaver is hosted by a single source.

There’s more info available here:

Symantec – New Round of Email Worm, “Here you have”
McAfee – Widespread Reporting of “Here you have” Virus (aka W32/VBMania@MM)

Source: The Register