The most recent articles from vnunet.com

Third wave of attacks hits South Korea

Phil Muncaster — 2009-07-11T12:17:00.000Z

Phil Muncaster, V3.co.uk, Saturday 11 July 2009 at 12:17:00

But North Korea not on the list of countries suspected of originating the attacks

As expected, South Korea suffered a third wave of attacks at the tail end of the week, as malware infected PCs were reactivated in a massive botnet that launched attacks on government banking and media sites, according to new reports.

The Washington Post said the distribued denial of service (DDOS) attacks, which struck on Thursday evening, were much more widespread than at first predicted, with around half a dozen government sites including those of parliament, the Defense Ministry and the Foreign Ministry, slowed down or temporarily stopped from working.

The MyDoom virus was once again the root cause of the attacks, turning PCs into zombie computers capable of launching a coordinated DDOS attack on any sites selected by the hackers.

Although there were no major security breaches as a result of the attacks, there could yet be a new phase which sees data on tens of thousands of PCs targeted, according to a Telegraph report.

Lee Byung-cheol of South Korean web security firm, Ahnlab is quoted as saying, "The affected computers will not be able to boot and their storage files will be disabled."

North Korea is not among the five countries listed by the Korean Communications Commission (KCC) where the attack could have originated, said the report.

The KCC said websites believed to be behind the attacks were actually hosted in Germany, Austria, Georgia, the US and South Korea, although the location of the hackers is unknown and North Koreans could still be responsible.

Microsoft slides Bing search into Hotmail

Shaun Nichols in San Francisco — 2009-07-11T02:34:00.000Z

Shaun Nichols in San Francisco, V3.co.uk, Saturday 11 July 2009 at 02:34:00

Results to be displayed within emails

Microsoft has added the ability to send Bing search results through Hotmail.

The company said in a blog posting that it would be adding the feature to its webmail service, allowing users to run a Bing search from within a Hotmail message and then add those search results.

The new feature is based on Quick Add, a Hotmail component Microsoft first unveiled in February. The Quick Add feature allows users to insert various types of web content into the body of an e-mail.

"With Hotmail's quick add feature, now enhanced with Bing, you can easily search, find, and insert content from the web straight into your e-mail messages," wrote the Hotmail development team.

"With just one click you can add restaurant reviews, movie times, images, videos, maps and more."

Microsoft hopes that the feature will further user adoption for Bing. The search engine was launched to much fanfare last month and has been able to quickly pick up ground on rival search engines Google and Yahoo.

Microsoft to plug security holes

David Neal — 2009-07-10T14:41:00.000Z

David Neal, V3.co.uk, Friday 10 July 2009 at 14:41:00

Microsoft has given advance warning of a number of security fixes

Microsoft will next week launch a number of security fixes designed to address vulnerabilities issues in ActiveX and DirectShow, among other systems.

According to Microsoft, the weaknesses have already attracted the attention of hackers and the firm is keen to fix them in its monthly patch update, set for 14 July.

Three of the issues are rated as 'critical' while the remaining three are rated as 'important'. Microsoft is urging users to fix the issues as soon as possible and has provided guidance for firms on how best to prepare themselves for the patches.

Writing on his blog, Jerry Bryant of Microsoft's security response team said, "I want to provide some clarity on two of the pending Windows updates mentioned. First, we will be addressing the issue concerning a vulnerability in DirectShow. As noted in the advisory, we are aware of limited active attacks and we have been working aggressively to get a quality update shipped to customers.

"Second, our engineering teams have been working around the clock to produce an update for the issue discussed in Security Advisory 972890 (vulnerability in the Microsoft Video ActiveX Control) and we believe that they will be able to release an update of appropriate quality for broad distribution that protects against the attacks we detailed in the advisory and in an MSRC blog post by Christopher Budd."

Bryant encouraged customers in the meantime to continue to enable the workaround for the latter vulnerability "by running the 'Microsoft Fix it' solution in the associated knowledge base article (KB972890)".

He also urged users to visit the Microsoft Security Research and Defence blog as well as the MSRC site on Tuesday for additional information.

Microsoft responds to criticism over late fix

Daniel Robinson — 2009-07-10T14:19:00.000Z

Daniel Robinson, V3.co.uk, Friday 10 July 2009 at 14:19:00

Flaw in ActiveX Control first reported in early 2008

Microsoft has come under fire for leaving a security flaw affecting Internet Explorer unpatched for over a year, but the software giant has responded by saying it had to ensure customers would not be adversely affected by any fix it issued.

Earlier this week, Microsoft issued a Security Advisory note stating it was investigating a reported vulnerability in its Microsoft Video ActiveX Control.

It later emerged that the two researchers who discovered the flaw, Ryan Smith and Alex Wheeler working at IBM Internet Security Systems, submitted an official report to Microsoft as early as spring 2008.

Microsoft said that an attacker who successfully exploited the vulnerability in question could gain the same user rights as the local user if they are using Internet Explorer, and execution may not require any action on the user's behalf, unlike many other exploits that trick the user into running them.

In a blog posting, Mike Reavey, head of Microsoft's Security Response Center (MSRC), said the company is working towards a security update, but that it decided to issue workaround details to customers when it found attackers were beginning to exploit the vulnerability.

"We were far enough in the process that we could provide information that customers can use to protect themselves in the interim while we complete the investigation and deliver a security update that you can deploy broadly with confidence," Reavey said.

Microsoft engineers have decided the best approach to protect customers is to disable the functionality targeted in the attack, as it claims there are was no known uses for these interfaces in Internet Explorer, but this approach must be taken with caution.

"When we disable or remove functionality, we have to engage in even more research and testing than usual, to ensure that we can take this step and not cause more harm than good by inadvertently 'breaking' applications," said Reavey.

While Microsoft continues to work on the issue, customers can follow instructions here to implement a workaround for the flaw.

IBM launches information masking software

Phil Muncaster — 2009-07-10T12:25:00.000Z

Phil Muncaster, V3.co.uk, Friday 10 July 2009 at 12:25:00

Magen can recognise and bock out information that might otherwise appear on the screen of unauthorised staff

IBM researchers in Israel have unveiled new screen-masking software that could help firms better comply with privacy laws and reduce the risk of information theft.

Magen (Masking Gateway for Enterprises) is able to recognise and hide sensitive information that might otherwise appear on the screens of non-authorised staff, said the firm.

It relies on optical character recognition technology to determine which onscreen fields need to be blanked out or replaced with random values filtering the information before it reaches the PC screen.

It therefore removes the need for companies to create and store copies of documents that have been modified to remove certain classified information.

“Magen’s screen masking approach eliminates the need to painstakingly tailor 'data masking' solutions to specific environments,” said Haim Nelken, manager integration technologies at IBM's Haifa research lab.

“The bottom line is faster performance, simpler database security, and reduced costs for protecting sensitive data."

When it becomes available, the software could be particularly useful in industries such as healthcare, government or insurance, said IBM.

Koobface worm resurfaces

Phil Muncaster — 2009-07-10T12:18:00.000Z

Phil Muncaster, V3.co.uk, Friday 10 July 2009 at 12:18:00

Twitter accounts suspended as bogus tweets infest the micro-blogging site

Security experts are warning of an increase in activity of the infamous Koobface worm, which has prompted micro-blogging site Twitter to suspend infected accounts.

Koobface appeared almost a year ago, targeting mainly MySpace and Facebook accounts at the time, although it has since extended itself to Bebo, Tagged, Netlog and, most recently, Twitter.

Users are tricked by social engineering tactics into clicking on a link that downloads the worm.

The worm then sends out messages to the infected users' contacts containing more malicious links, and because the messages appear to come from a trusted source, those contacts are more likely to click through.

A few hours ago, Twitter posted a status update on its site stating that it would be suspending all accounts seen to be sending bogus tweets. "If we suspend your account, we will send you an email notifying you of the suspension," read the message.

"This email also includes tips for removing the malware from your PC."

Anti-virus firm Trend Micro also warned of an increase in Koobface activity.

"As of writing, there are a couple of hundred Twitter users affected by Koobface in the past few hours, but dozens more are being infected as we speak, " wrote threat researcher Ryan Flores on the company's blog.

"We advise Twitter users to refrain from clicking URLs on tweets, especially if the tweet advertises a home video."

In addition, anti-malware vendor Kaspersky Lab said it had seen an explosion of Koobface modifications throughout the month of June. The number of variants detected jumped from 324 at the end of May this year to almost 1,000 by the end of June, according to the firm.

Conficker still dominating attack landscape

Shaun Nichols in San Francisco — 2009-07-10T02:12:00.000Z

Shaun Nichols in San Francisco, V3.co.uk, Friday 10 July 2009 at 02:12:00

Botnet accounted for two-thirds of attack traffic in Q1

The Conficker botnet was by far the largest source of online attacks on the web in the first quarter of 2009, according to web services provider Akamai.

The company's quarterly State of the Internet report found that in the first months of the year, Conficker accounted for some two-thirds of all attack traffic.

First appearing in late 2008, Conficker spread throughout the web in 2009. By March, the worm touched off a media firestorm when researchers noted that many of the infected machines were programmed to dial an instruction server on 1 April.

Though no major attack occurred, the incident earned Conficker a fair amount of notoriety among IT professionals and home computer users alike.

Of the attacks that did occur in the first quarter of the year, most were from China and the US. According to Akamai, roughly half of all internet attacks originated from one of the two countries.

Akamai also revealed its findings on broadband speeds. Much like an earlier report from analyst firm Futuresource, the company placed Japan and South Korea as the countries with the fastest broadband speed.

The company also pegged Sweden as having the fastest broadband speeds in Europe, followed by the Netherlands and Romania.

Tagged.com faces legal action for data fraud

Iain Thomson in San Francisco — 2009-07-10T02:09:00.000Z

Iain Thomson in San Francisco, V3.co.uk, Friday 10 July 2009 at 02:09:00

Social networking site accused of falsifying hits and spamming users

The New York attorney general Andrew Cuomo has announced he intends to prosecute social networking site tagged.com for an illegal plan to lure new members and artificially inflate traffic on its site.

Cuomo said that the site tricked users into providing the company with their personal email address books, which were then used to send out millions of spam messages urging the recipients to view private photos posted by friends.

“This company stole the address books and identities of millions of people. Consumers had their privacy invaded and were forced into the embarrassing position of having to apologise to all their email contacts for Tagged’s unethical – and illegal – behavior,” said Cuomo.

“This very virulent form of spam is the online equivalent of breaking into a home, stealing address books, and sending phony mail to all of an individual’s personal contacts. We would never accept this behavior in the real world, and we cannot accept it online.”

The company broke the law in that it pretended that the spam messages had come from individual members rather than from the company itself. Recipients would have to sign up for the site in order to view the photographs, which is some cases did not exist.

Tagged.com suspended its email campaign in June after complaints but by then 60 million emails had already been sent.

Cuomo is one of the most aggressive government officials when it comes to prosecuting technology companies. He has successfully brought actions against Dell, Symantec, McAfee and others and is carrying out investigations into Intel and Facebook.

Government honours veterans of Bletchley Park at last

Iain Thomson in San Francisco — 2009-07-10T01:30:00.000Z

Iain Thomson in San Francisco, V3.co.uk, Friday 10 July 2009 at 01:30:00

Surviving veterans of the code-breaking facility to receive badge of honour

The surviving workers from the Bletchley Park cryptography unit are to be honoured, nearly 70 years after the unit was formed.

The Bletchley Park code breakers, known as Station X during the Second World War, were never officially recognised for their invaluable work in deciphering German, Italian and Japanese military codes – work this is thought to have shortened the war by more than two years and saved millions of lives.

All staff were banned under the Official Secrets Act from even discussing the location of their military service until the 1970s and the site itself was nearly dismantled in the interests of secrecy. Winston Churchill called the staff "my geese that laid the golden eggs and never cackled".

Now, at long last, military and civilian workers will receive a special commemorative badge from the government in recognition of their vital war work.

“These people made an enormous contribution to the outcome of World War Two, the 20th century and freedom in the West,” said Simon Greenish, director of the Bletchley Park Trust.

“After many years of having to keep their critical wartime work top secret, it is tremendous that this contribution has finally achieved recognition.”

Heroes of Bletchley included Tommy Flowers, who built one of the world’s first programmable computers, Colossus, largely using his own funds, and Dr Alan Turing, who designed the bombe cryptanalysis machines.

Flowers received an MBE and an award of £1,000 for his work while Turing was arrested for homosexuality in 1952 and committed suicide shortly afterwards, having received no official recognition for his work in his lifetime.

Foreign secretary David Miliband said: “I am delighted that the vital and secret work of Bletchley Park in the Second World War is being recognised.

“We owe a debt of gratitude to all who served at Bletchley Park and its outstations. I am proud to acknowledge their ingenuity, skill and determination, which helped our country in its time of greatest need.”

Governments warned of further DoS attacks

David Neal — 2009-07-09T15:29:00.000Z

David Neal, V3.co.uk, Thursday 9 July 2009 at 15:29:00

Security experts track indications of second assault later today

Governments across the globe have been urged to prepare for a second denial of service (DoS) attack after an earlier incident brought down several official web sites.

Government sites in the US and South Korea were subjected to DoS attacks earlier this week, apparently originating from North Korea. Experts believe that the attacks are working to a schedule, and have warned that further incidents could occur later today.

Rik Ferguson, senior security advisor at Trend Micro, said that the attacks are being launched from an estimated 50,000 infected machines, most of which will not have been purged of the offending malware.

There is also the possibility that those responsible for the attacks used only a part of the available botnet, or that the targets have shifted.

"There are a large number of affected machines, and they will have a list of targets. They started attacking the US and then moved to South Korea. They could still shift their targets," said Ferguson.

Security vendor Symantec, meanwhile, is already monitoring an attack on the US and South Korea, and suggested that its scale and scope may widen to affect millions of computer users.

"Initially, it was reported that the attack leveraged more than 50,000 computers. The size of the botnet used for this distributed DoS attack is only a fraction of the one that is still being created by Downadup/Conficker, which was estimated at a few million machines at its peak," said the firm in a security note.

"If a system is infected, the user may not experience any performance slowdown. However, users trying to visit the impacted sites may experience significant slowdown and inability to access the sites."

All computer users are advised to shore up their own defences in the light of such attacks.

CBI baulks at ICO's proposed new powers

Phil Muncaster — 2009-07-09T15:03:00.000Z

Phil Muncaster, V3.co.uk, Thursday 9 July 2009 at 15:03:00

Potential amendment to Coroners and Justice Bill is unjustified, says CBI

The Confederation of British Industry (CBI) has criticised a proposed amendment to the Coroners and Justice Bill which would see the Information Commissioner's Office (ICO) given more intrusive powers to search private sector businesses.

The amendment, which could be approved by a Lords committee on Monday, reversed the government's previous stance of requiring the ICO to apply to the courts to secure a search warrant for any firms suspected of breaching the Data Protection Act (DPA).

"The CBI has a problem with this. If the ICO suspects a breach of the DPA it already has the ability to obtain a warrant, and if it doesn't suspect, then why should it be given spot check powers?" said Sara Draper, head of knowledge economy at the CBI.

"In the current recession, burdens like this are unwelcome, especially when there has been no consultation [over the amendment]."

Draper called for the ICO to publicly disclose why it believes its current powers to search businesses are insufficient, and to back up its assertion with hard statistics.

For its part, the ICO said the proposed new powers would be useful because in some cases where the watchdog believes there are problems, but has "no cast iron proof", obtaining a court warrant would not be appropriate.

"We want these powers to facilitate better information handling and compliance," said an ICO spokesman. "This is about all organisations taking privacy seriously and treating it as part of corporate governance."

Google Apps to become OpenID provider

Rosalie Marshall — 2009-07-09T13:39:00.000Z

Rosalie Marshall, V3.co.uk, Thursday 9 July 2009 at 13:39:00

Leaked blog posts on OpenID board reveal latest plans

Google will soon announce the extension of its OpenID federated login application programming interface (API) to Google Apps accounts used by businesses, schools and other organisations.

The move will allow web users to sign into numerous sites using their Google Apps login details.

"Google Apps can now become an identity and data hub for multiple software-as-a-service [SaaS] providers," said Eric Sachs, senior product manager for Google security, on a public OpenID board.

"The service is important not only to the individuals in those organisations who can interact with a variety of consumer web sites with a single credential, but to the organisations themselves who are increasingly reliant on multiple SaaS solutions from different vendors.

"The Google Open ID Federated Login API enables a single Google Apps login to provide secure access to services like Salesforce.com, SuccessFactors and WebEX, as well as business-to-business partners, internal applications and, of course, consumer web sites."

Sachs had intended his announcements on the public board to be seen only by board members. He expressed concerns that Google would receive negative publicity because the new OpenID support requires "extensions to the OpenID discovery process".

"There is the potential for some community members or press to assume, or at least imply in articles, some evil intent by Google to co-opt OpenID with these extensions," he said.

Sachs had drafted two blog posts that were set to go public in a couple of weeks on the Google Enterprise blog and the Google Code blog.

NCC Group launches security kitemark

Phil Muncaster — 2009-07-09T13:25:00.000Z

Phil Muncaster, V3.co.uk, Thursday 9 July 2009 at 13:25:00

365 Assured scheme could give firms a competitive advantage

Information assurance provider NCC Group today launched a new certification scheme designed to help businesses prove their commitment to security and performance.

The 365 Assured scheme consists of two levels of certification: 365secure and 365performance.

The first is designed for firms wishing to protect data, critical infrastructures and applications, while the second is targeted at organisations which have web sites that generate a large proportion of their revenue, NCC Group explained.

John Redeyoff, group commercial director at NCC Group, claimed that the certification could give firms a competitive advantage in difficult economic times.

"It is one thing to take care of IT security behind the scenes, but how can you prove to existing and potential customers how hard your company works to protect its web offering, its clients and their data on an ongoing basis?" he asked.

"Data security and reliable performance are critical factors for a business, particularly in today's difficult market conditions, as is standing out among the competition."

Redeyoff suggested that the kitemark scheme would be especially useful for suppliers in highly regulated industries that need to prove to customers that they take security seriously.

"Our independent advisor status means that we can come in to assess and advise on best practice in all areas of a business, and inspire confidence in the integrity of our results," he said.

Police probe News of the World phone tap claims

David Neal — 2009-07-09T12:42:00.000Z

David Neal, V3.co.uk, Thursday 9 July 2009 at 12:42:00

Guardian report alleges widespread use of criminal methods to get stories

Police are investigating claims of widespread telephone hacking by the News of the World, according to a report in The Guardian.

The report alleges that telephone hacking carried out by private investigators at the behest of the Sunday tabloid runs into the thousands, and includes phone lines owned by politicians and celebrities.

The Guardian broke the story when it discovered that News Group Newspapers (NGN), which owns the News of the World and The Sun, had paid out over £1m to settle legal cases relating to its journalists' sources. The Guardian accused NGN of "repeated involvement in the use of criminal methods to get stories".

The alleged incidents date back to 2006 when Clive Goodman, the News of the World royal editor, was arrested on suspicion of illegally intercepting phone calls, along with Glenn Mulcaire, a private detective.

"Scotland Yard had previously been contacted by members of the royal household who suspected their mobile phones had been hacked into," said The Guardian report. "A series of stories in the paper seemed to be based on voicemails left on their phones."

A number of other incidents have been identified since that time, and News International, parent company of NGN, has since paid out £700,000 in damages to the Professional Footballers' Association over similar allegations.

The Guardian has claimed that three cases involving the group and its use of private investigators have been settled out of court.

The News of the World's former editor, Andy Coulson, now the Conservative Party communications director, appears to have shrugged off the claims, but Metropolitan Police Commissioner Sir Paul Stephenson has apparently ordered that a senior officer "establish the facts" on the case.

At the time of writing, the following appeared on former deputy prime minister John Prescott's Twitter feed: "Whittingdale just confirmed Coulson would probably be asked to give evidence on NOTW hacking at CMS Select Committee."

The message suggests that Coulson will face scrutiny in the House of Commons as well as the police investigation.

A statement from the police is due later today.