Privacy, Security Archive

"National ICT Australia, in conjunction with Open Kernel Labs, has released new software aimed at researchers, developers and manufacturers that has the ability to protect computer hardware from failure or being attacked. The seL4 microkernel is a small operating system kernel which regulates access to a computer's hardware and is able to distinguish between trusted and untrusted software."

"Researchers at North Carolina State University have developed a method to restore a computer operating system to its former state if it is attacked. The concept involves taking a snapshot of the operating system at strategic points in time (such as system calls or interrupts), when it is functioning normally and, then, if the operating system is attacked, to erase everything that was done since the last 'good' snapshot was taken - effectively going back in time to before the operating system attack. The mechanism also allows the operating system to identify the source of the attack and isolate it, so that the operating system will no longer be vulnerable to attacks from that application. The idea of detecting attacks and resetting a system to a safe state is a well-known technique for restoring a system's normal functions after a failure, but this is the first time researchers have developed a system that also incorporates the security fault isolation component. This critical component prevents the operating system from succumbing to the same attack repeatedly."

"The Zeus malware continues to evolve, diversifying away from its target bank sites and their customers, and over to sites with user credentials that allow assets that have a financial value."

"Microsoft quietly announced this week that it has released betas of three updated security testing tools , targeting security professionals and ISVs in an attempt to encourage development of less vulnerable software."

Most people owning a PC are familiar with Microsoft's patching process - it's easy and it's there. For a lot of them, it also gives the impression that Microsoft's products are chock-full of flaws. But, according to Stefan Frei, Research Analyst Director with Secunia, it's not the vulnerabilities in Microsoft's products we should worry about, but those in third-party software. 55 percent of the end-point users have more than 66 programs from more than 22 vendors installed on their systems. Of the top 50 software used, 26 are developed by Microsoft, and the remaining 24 by 14 other vendors.

"The most active day for threat-related traffic worldwide is Tuesday, with Monday a close second, according to a report by SonicWALL. This pattern holds true for the U.S., China, India, Mexico, South Africa, Taiwan, Turkey, and several European countries. The most active time for threat-related traffic in the United States is between the hours of 10:00 a.m. and 11:00 a.m., Pacific Time. China and Taiwan top the list as the most heavily hit countries for worldwide threat-related traffic. Taiwan, New Zealand and South Africa are the countries most heavily hit with malware."

L0phtCrack is one of the most used tools by security professionals worldwide. After years of inactivity, version 6 was released in 2009 and development hasn't halted since. In a new video, L0phtCrack co-author Christien Rioux aka dildog talks about the upcoming version and introduces some of the new features.

Hacktivism and more profit-oriented malware, social engineering and malicious codes with the ability to adapt to avoid detection will be the main threats in the coming year, according to PandaLabs. There will also be an increase in the threats to Mac users, new efforts to attack 64-bit systems and zero-day exploits.

It's no secret that I'm not a particular fan of antivirus software vendors. Other than the excellent Microsoft offering, I haven't yet seen a single antivirus program that doesn't suck the life out of computers, infesting every corner, making machines slow and full of annoying pop-ups. Still, a single license key for Avast! Pro being shared 774651 times? That's a bit harsh.

Firesheep is a Firefox extension that makes it easier to steal logins and take over social media and email accounts after users log in from a WiFi hotspot or even their own unprotected network. Zscaler researchers have created, and are now offering to every consumer, a free Firefox plugin called BlackSheep, which serves as a counter-measure. BlackSheep combats Firesheep by monitoring traffic and then alerting users if Firesheep is being used on the network. BlackSheep does this by dropping ‘fake’ session ID information on the wire and then monitors traffic to see if it has been hijacked.

HD Moore is the CSO at Rapid7 and Chief Architect of Metasploit, an open-source penetration testing platform. HD founded the Metasploit Project with the goal of becoming a public resource for exploit code research and development. Rapid7 acquired Metasploit in late 2009. In this interview, HD Moore talks about the transition to Rapid7, offers details on the development and different versions of Metasploit and discusses upcoming features.

A new version of the Zeus financial malware has added sophisticated new mechanisms to commit online fraud and remain the Trojan of choice for criminals. Zeus has not only improved its business logic but also its ability to avoid detection and automatic analysis by antivirus vendors. Just like commercial application developers, the creators of Zeus run an R&D program to ensure it can avoid detection and side-step the growing number of IT security mechanisms designed to detect, block and eliminate it.

Last week, a study was published that showed how 15 popular applications in the Android Market shared location data with advertisement servers, while 10 shared unique identifiers with them, as well. Glad you're using an iPhone? Not so fast - another study, published over the weekend, shows that the iOS ain't much better in this regard.

In this video recorded at Black Hat USA 2010, Patrick Thomas, a vulnerability researcher at Qualys, discusses the open source web application fingerprinting engine BlindElephant he created. BlindElephant is a tool that helps security professionals and systems administrators identify everything running on their servers, including any web applications users may have downloaded. It doesn't check for vulnerabilities or vulnerability to a particular exploit, but rather what version of applications are running on their site. For each application that the tool will support, BlindElephant consumes a number of version directories. All files and directories are processed, and a hash is computed for each file. This hash is stored in a temporary table, along with the path and version of the application it came from. Accuracy of the tool was demonstrated by a large-scale survey on Internet-visible hosts.