IT News for 2008-12-05

Rogue DHCP servers

Fellow researchers from Symantec posted technical details about an interesting variant of a well known DNSChanger malware. The analysis is available at http://www.symantec.com/security_response/writeup.jsp?docid=2008-120318-5914-99&tabid=1

The DNSChanger malware has been in the wild for quite some time and already drew our attention previously when authors started attacking popular ADSL modems. As the name says, the malware changed DNS server settings, typically to servers in the "popular" 85.255 network. We published several diaries about this malware, the most recent one from Andre is available at http://isc.sans.org/diary.html?storyid=5390.


Been updatin' your Flash player lately?

We received a couple of submissions from ISC readers that indicate that a new wave of rogue "Flash Player" updates is making the rounds. This latest version is pretty artfully done - the pages hosting this malware actually do contain a real flash movie that is not malicious and plays in a Youtube-like embedded frame. After the movie has been running for a couple seconds though, a pop-up opens that indicates that a "Flash Player Update is available". It all looks credibly enough like one of those usual auto-update pop-ups, but if you click OK, you get an EXE which isn't really a Flash player update of course.


2008: A year of cybercriminal innovation

With the emergence of new attack techniques and the reinvention of old ones, 2008 has been a year of cybercriminal innovation.


Spam declines, Web-based attacks rise, says MessageLabs

Spam was down 3.4% in 2008, but attacks on social networks and flaws in websites are rising, according to an annual report from Symantec's MessageLabs.


The World’s Fastest MD5 Cracker - BarsWF

BarsWF is basically an MD5 cracking tool and at the moment, is currently the fastest. Right now on nVidia 9600GT/C2D 3Ghz CUDA version does 350 M keys/sec, SSE2 version does 108 M keys/sec.


Update for SquirrelMail resolves cross-site scripting vulnerability

Using maliciously crafted HTML code in emails, it was possible to trick the HTML filter into executing JavaScript in the user's browser when opening an email


ClamAV 0.94.2 resolves buffer overflow when scanning JPGs

A recursive buffer overflow could occur when checking malformed jpegs with embedded thumbnails, effectively crashing the program


Trillian Multiple Vulnerabilities

Some vulnerabilities have been reported in Trillian, which can be exploited by malicious people to compromise a user's system.


BlackBerry Maker RIM to Make $52 Million Bid for Certicom

BlackBerry maker RIM (Research In Motion) said on Dec. 4 it plans to make a direct takeover offer to Certicom for $52 million in cash.


External Disk Storage Market Dodges Recession Effects

Researcher IDC reports that third quarter factory revenues posted solid growth of 8.8 percent year over year, totaling $4.9 billion in the quarter. Total disk storage systems market grew to $6.6 billion in revenues, up 1.1 percent from the same period a year ago.


The Good and Bad in 64-bit Vista

If you're buying a computer this holiday season, you're very likely to end up with Windows Vista. Not just any version of Vista, a 64-bit version. For most people, that's actually good news because of better memory use and potentially improved performance. But it can cause a problem with certain applications -particularly if you're buying a laptop you'll need to connect to a Cisco VPN.


Electric car seller hits brakes as UK EV sales plunge

Electric cars sales have tanked in the UK. A mere 156 EVs were sold between January and October 2008, compared to 347 in the same period in 2007 - a drop of 58 per cent. To deepen the gloom, the Nice Car Company has gone into administration.


MIT boffins crack fusion plasma snag

Boffins at MIT say they have cracked some tricky problems in the design of power stations running on nuclear fusion, though they hasten to add that many more hurdles remain before fusion energy becomes a reality.


Second Firefox 3.1 beta under starters order

A second beta release of Firefox 3.1 is on the starting blocks, with the publication of an almost ready version of the latest edition of the open source browser due in days. A third beta is expected before Mozilla ships a final version of the software next year.


Atlantis Hubble mission set for 12 May

NASA has announced that the space shuttle Atlantis's STS-125 mission to the Hubble Space Telescope will finally blast off on 12 May next year.


Microsoft preps IE 8 for the web-challenged

Internet Explorer 8 will feature a user-generated list of "compatible" web sites, after trials found many ordinary surfers and major web sites can't work with Microsoft's next browser.


SanDisk Offers Secure USB Flash Drive For Mac

Features include log-in and shutdown access to the encrypted storage area and the ability to change and manage passwords and to change contact information


Microsoft Overhauls Online Services Group

Qi Lu will report to CEO Steve Ballmer and take over after former aQuantive chief Brian McAndrews departs.


E-tailers ready for cybercrooks this season

One predictable trend in recent years has been a sharp increase in online attacks directed against retailers during the holiday shopping season.


Web attack might have guided by phishing trap

A phishing campaign in October may have given criminals the information they needed to seize control of payment processor CheckFree's Internet domain this week


RIM gets hostile over security firm

RIM's hostile bid for Canadian security firm Certicom could make the BlackBerry a safer choice for enterprise customers, particularly within the public sector, according to industry analysts.


A $100 Midget PC at the local dollar store? Not so fast

A number of prominent websites have recently reported that Coby Electronics, a company that specialized in manufacturing low-end electronic devices is preparing to launch its own line of systems. Dubbed "Midget PCs," it's been widely reported that these Linux-based portables will feature 7"-9" screens, use a Chinese "Longsoon" processor, and cost just $100. It's Nicholas Negroponte's dream of a $100 laptop made possible by Chinese technology, right


Yahoo launches iPhone-friendly Flickr with video support

Search engine giant Yahoo has formally launched an updated version of Flickr optimized for mobile phones and with special formatting friendly to the iPhone, including a newfound ability to watch streaming videos.


The Votes Are In: BlackBerry Storm Sucks

Though Verizon says the Storm is its fastest selling handset yet, the touchscreen phone is also generating more negative buzz than any BlackBerry before.


Japanese Start-up Readies Flexible, Transparent Plasma Screens

A Japanese start-up is trying to shake up the display scene with the latest version of their flexible display prototype. Shinoda Plasma's three-meter wide, 1 mm-thick plasma made some waves earlier this year, but the new panel shown at the FPD International show in Yokohama, Japan, is the almost-final version they’ll be releasing next year.


Food vs Fuel: Saltwater Crops May Be Key To Solving Earth's Land Crunch

Saltwater-loving plants could open up half a million square miles of previously unusable territory for energy crops, helping settle the heated food-versus-fuel debate, which nearly derailed biofuel progress last year.


Large Hadron Collider gears up for July restart

According to an internal report sent to the physicists working on the giant particle-smasher at the CERN laboratory near Geneva in Switzerland, the LHC should be ready to collide proton beams at the end of July next year.


Spanish Inquisition left genetic legacy in Iberia

It's not often that cultural and religious persecution makes countries more diverse, but the Spanish Inquisition might have done just that. One in five Spaniards and Portuguese has a Jewish ancestor, while a tenth of Iberians boast North African ancestors, finds new research.


Iran to Launch Animals to Space

Iran is planning to launch animals into space. According to Mohammed Ebrahimi from Iran's Aerospace Research Institute, in the near future, the Kavoshgar-3 and -4 rockets will use animals as test passengers before they attempt a human mission.


Teddy Bears Go To Space

I don't think this is what Iran has in mind about launching animals into space, but … you never know. Four teddy bears voyaged to the edge of space on Monday, December 1st via high altitude helium balloon.


Job losses may hit 30-year high

Government expected to report that November ranks as worst month for jobs in at least 30 years: 350,000 more jobs gone; unemployment rate up to 6.8%.


No comments: