WISH YOU A HAPPY AND SECURE YEAR 2009

Saturday, February 14, 2009

Quote of the day

Quote of the day

"Come to the edge."
"We can't. We're afraid."
"Come to the edge."
"We can't. We will fall!"
"Come to the edge."
And they came.
And he pushed them.
And they flew.

Guillaume Apollinaire

1880-1918

New IT Term of the day

New IT Term of the day


verification


In a biometric security system, the process of comparing a biometric sample against a single reference template of a specific user in order to confirm the identity of the person trying to gain access to a system.

NSA offering 'billions' for Skype eavesdrop solution

VALUE : NSA offering 'billions' for Skype eavesdrop solution

Business model for P2P firm at last?

By Lewis Page

12th February 2009

http://www.theregister.co.uk/2009/02/12/nsa_offers_billions_for_skype_pwnage/

Counter Terror Expo News of a possible viable business model for P2P VoIP network Skype emerged today, at the Counter Terror Expo in London. An industry source disclosed that America's supersecret National Security Agency (NSA) is offering "billions" to any firm which can offer reliable eavesdropping on Skype IM and voice traffic.

The spybiz exec, who preferred to remain anonymous, confirmed that Skype continues to be a major problem for government listening agencies, spooks and police. This was already thought to be the case, following requests from German authorities for special intercept/bugging powers to help them deal with Skype-loving malefactors. Britain's GCHQ has also stated that it has severe problems intercepting VoIP and internet communication in general.

Skype in particular is a serious problem for spooks and cops. Being P2P, the network can't be accessed by the company providing it and the authorities can't gain access by that route. The company won't disclose details of its encryption, either, and isn't required to as it is Europe based. This lack of openness prompts many security pros to rubbish Skype on "security through obscurity" grounds: but nonetheless it remains a popular choice with those who think they might find themselves under surveillance. Rumour suggests that America's NSA may be able to break Skype encryption - assuming they have access to a given call or message - but nobody else.

The NSA may be able to do that: but it seems that if so, this uses up too much of the agency's resources at present.

"They are saying to the industry, you get us into Skype and we will make you a very rich company," said the industry source, adding that the obscure encryption used by the P2Pware is believed to change frequently as part of software updates.

The spyware kingpin suggested that Skype is deliberately seeking to frustrate national listening agencies, which seems an odd thing to do - Skype has difficulties enough getting revenues out of its vast user base at any time, and a paid secure-voice system for subversives doesn't seem like a money-spinner.

But corporate parent eBay, having had to write down $1.4bn already following its $2.6bn purchase of Skype back in the bubble-2.0 days of 2005, might see an opportunity here. A billion or two from the NSA for a backdoor into Skype might make the acquisition seem like a sensible idea.

We asked the NSA for comment, particularly on the idea of simply buying a way into Skype, but hadn't yet received a response as of publication.

Korean Bank Hacked

HACK : Korean Bank Hacked

Why Was Hana Vulnerable to Hacking?

By Kim Tong-hyung

Staff Reporter

02-11-2009

http://www.koreatimes.co.kr/www/news/tech/2009/02/133_39347.html

Security loopholes at online banking sites are leaving customers' accounts vulnerable to electronic heists, experts said.

The criticism comes after a 38-year-old woman had 21 million won (about $15,000) stolen from her Hana Bank account by what the police believes was an international gang of hackers who breached her computer.

The incident serves as the most recent indication that assessing the safety of one's bank accounts online has become difficult, security officials say, with the advancement in spy software and other computer technology posing further threats.

Hackers in the most recent attack had no trouble in beating the dual protection system of public key cryptography and individual code numbering, which banks entirely rely on to protect transmissions on the Internet.

``Local banks spent heavily to increase the protection of their computer networks in the past, and the level of security for their servers and storage databases is actually impressive,'' said an official from AhnLab, a security software developer.

``The problem is that hackers usually target the computers of customers, not banks, and the level of awareness on the users' side is still quite low,'' he said.

According to investigators at Seoul's Gangnam Police Station, the hackers breached the online account of the victim, identified only as Seok, on Jan. 5, and moved money from the account three times, 7 million won at a time, despite Seok having been tipped off by Kookmin Bank earlier that day that her online bank account had been accessed by a user from a suspicious Internet protocol (IP) address based in China that had been used in another hacking attempt in August last year.

Seok immediately received a new public key and code card from the bank and changed her personal access code. However, her Hana Bank account, which used the same public key for verification, was invaded just three hours later.

``There has been no trace of the hackers attempt to use Seok's old public key to breach the Hana Bank account, and it is clear that the suspects had immediate access to her new public key, code card and personal access codes,'' said Ryu Gyeong-ha, an official from the police station's cyber crimes unit.

The police believe that the hackers installed spy software in Seok's computer, probably through e-mail, enabling them to record her personal information and passwords and capture her keystrokes through ``key-logger'' programs.

However, investigators have yet to confirm their suspicions, as Seok has thus far refused to have her computer seized and inspected, police officials said.

``The hackers didn't need to copy the new public key when they had Seok's personal information, which allowed them to log into the account legitimately. They had an eye on her every minute,'' Ryu said.

It's debatable how much of the blame should be placed on Hana Bank for its failure to protect Seok's account from hackers. The recent incident exposed the banks as being ill-prepared to protect online bank accounts, according to security consultants, and Hana Bank should be held accountable for its failure to provide better security solutions to individual users, such as improved programs to prevent key-logging.

Some question whether the hackers had successfully breached Hana Bank's security network, as the installation of spy software on Seok's computer doesn't clearly explain how the suspects got hold of the 100-plus individual code numbers on the code card issued by Kookmin Bank.

Seok claims she never saved the codes on her computer, and obtaining the vast amount of information just through key-logging programs would be difficult to pull off in such a short period of time, according to some security experts.

Hana Bank officials deny the possibility of a network breach.

``The process of the money transfer was legitimate and we have found no traces of breach attempts on our database,'' said an official from Hana Bank.

``There were no errors in typing in the IDs and passwords and there was no reason to believe that the transaction was conducted by a hacker. If banks had a system whereby they could share information regarding suspicious IP addresses, this wouldn't have happened,'' he said.

There was a similar incident in December when a hacker, also using a China-based IP address, attempted to steal 14 million won from a Citi Bank customer. However, the customer, identified as Yoo, saved his money by alerting the bank to suspend payment from his account.

The police gave up on the investigation, citing difficulties in tracking the China-based Internet user.

Cyber crime wave targets on-line bank accounts

TARGET : Cyber crime wave targets on-line bank accounts

11 February 2009

Copenhagen Post

http://www.cphpost.dk/news/crime/155-crime/44723-cyber-crime-wave-targets-on-line-bank-accounts.html

Hackers send programmes known as 'spyware' that can record the user's pin code

On-line banking is a risky business for customers who do not take appropriate security measures

Denmark is currently facing a wave of cyber attacks, but even though banks beef up their defences, they say there is little they can do when it comes to the weakest link – users themselves, reports Politiken newspaper.

The wave of attacks comes as banks report an increasing number of people using on-line services are experiencing that their accounts are being hacked and their money stolen. Last year the number of reported thefts from people's on-line accounts nearly doubled to 156. In 2007, the number was 85.

'We're as vigilant as we can be, but in reality any net bank user with a computer that isn't fully updated is at risk of being attacked,' said Birgitte Madsen of the Danish Bankers Association.

As many as 3.3 million Danes use on-line banking, and although many are aware that they should not open suspicious attachments to e-mails, new generations of computer viruses can attack without the user knowing it.

Older versions of programmes such as iTunes, Java and Acrobat can contain security holes that allow hackers to send programmes known as 'spyware' that can record the user's pin code and send it back to the hacker.

'This is a major risk, because users don't know they are susceptible,' said Peter Kruse of Csis, a computer company that works with banks to improve security. 'Banks do a lot to prevent hacking, but users need to be responsible for their own computer security.'

According to F-secure, another bank IT security provider, the latest wave of attacks stems from Russia or Ukraine. 'We shouldn't underestimate these people. They work in big foreign companies that create these programs,' channel manager Michael Dahl said.

Deputy commissioner Henning Schmidt, head of the financial crimes unit for the Copenhagen Police, said their evidence also points to the culprits originating in a Russian speaking country, but added that many hackers also use local 'mules' – a middleman who transfers the stolen money to the hacker's account.

Schmidt said preventing on-line break-ins requires users to secure their computers the same way they would their homes.

MS puts up $250K bounty for Conficker author

REWARD : MS puts up $250K bounty for Conficker author

Zombie masterminds wanted undead or alive

By John Leyden

12th February 2009

http://www.theregister.co.uk/2009/02/12/conficker_reward/

Microsoft is offering a $250,000 reward for information that leads to the arrest and conviction of the virus writers behind the infamous Conficker worm.

The bounty, announced Thursday, represents a revival of Microsoft's mothballed Anti-virus Reward Program, launched in 2003 and virtually moribund since 2004.

In 2003, Redmond put up a $250,000 reward for tips leading to the arrest and conviction of the virus writers behind the infamous SoBig and Blaster worms. It extend this offer to other examples of malware, but there's only ever been one payout.

Erstwhile college friends of German VXer Sven Jaschan, who was convicted of writing the Sasser worm, picked up a $250,000 payout for their efforts.

Conficker has infected 10 million computers, going by recent estimates, so it's no great surprise to find that Microsoft has reactivated the program. Even if it doesn't lead to any arrests, the possibility of betrayal will give the authors of the worm pause for thought before they activate the monster botnet their malware has established.

In related news, Microsoft is partnering with security researchers, the Internet Corporation for Assigned Names and Numbers (ICANN), and operators within the domain name system to disable domains used by Conficker. Infected machines are programmed to dial into a constantly varying pre-programmed range of servers every day in order to obtain instructions.

Seperately OpenDNS rolled out a Conficker tracking and blocking scheme earlier this week.

Wednesday, February 11, 2009

Quote of the day

Quote of the day

It is not necessary that whilst I live I live happily; but it is necessary that so long as I live I should live honourably.

Immanuel Kant

(1724-1804)

German philosopher

New IT Term of the day

New IT Term of the day


Vein ID System


A type of biometrics identification system that uses veins in a person's body to establish identity. Vein ID Systems use infrared light to scan the user's hand and look for a pattern of veins in order to make an identification match. Both Hitachi and Fujitsu have developed commercial Vein ID Systems.

Obama Orders 60-Day Cybersecurity Review

FIRST STEP : Obama Orders 60-Day Cybersecurity Review
by Andrea Shalal-Esa

Reuters

Mon Feb 9, 2009

http://www.reuters.com/articlePrint?articleId=USTRE5190B820090210

WASHINGTON (Reuters) - President Barack Obama on Monday ordered an immediate 60-day review of federal cyber security efforts and named Melissa Hathaway, a top U.S. intelligence official, to oversee the effort, according to a White House statement.

Hathaway, who served as a top cyber security adviser to Mitch McConnell, the former director of national intelligence, will conduct the review for the White House National Security and Homeland Security Councils.

The review, which will examine what the federal government already is doing to protect vital U.S. computer networks, underscores mounting concerns about the risks of cyber attacks, and points to a growing market for U.S. contractors.

Northrop Grumman Corp, Lockheed Martin Corp and Boeing Co, the Pentagon's biggest contractors, already are working on a variety of cyber security projects for the U.S. government, many of which are classified.

Industry executives say the sector will be one of their fastest-growing markets in coming years, and analysts say it could generate over $10 billion in contracts by 2013.

Hathaway, who had been coordinating cyber security efforts for the intelligence community, will serve as acting senior director for cyber space during the review period, according to the White House statement, which was released late on Monday.

Obama highlighted the importance of safeguarding the nation's vital computer networks against enemy attacks during his campaign, and has promised to appoint a national cyber adviser to coordinate federal agency efforts and develop a national cyber policy.

Just before he left office last month, McConnell told reporters that the Internet had introduced an unprecedented level of vulnerability. "If you get in our systems and you're trying to destroy banking records or electric power distribution or transportation, it could have a debilitating effect on the country," he said.

The Senate last month confirmed Adm. Dennis Blair to be the new director of national intelligence, replacing McConnell.

Immediately upon taking office, the Obama administration underscored the importance of protecting U.S. information networks in a posting on the White House website.

It pledged to work with industry, researchers, and citizens to "build a trustworthy and accountable cyber infrastructure that is resilient, protects America's competitive advantage, and advances our national and homeland security."

The White House also said it would initiate a drive to develop next-generation secure computers and networking for national security applications; establish tough new standards for cyber security and physical resilience; battle corporate cyber espionage and target criminal activity on the Internet.

Computer Virus Shuts Down Houston Municipal Courts

INFECTION : Computer Virus Shuts Down Houston Municipal Courts

By Bradley Olson, Melissa Vargas And Dale Lezon

HOUSTON CHRONICLE

Feb. 7, 2009

http://www.chron.com/disp/story.mpl/front/6250411.html

Houston shut down part of its municipal court operations Friday, cancelling hearings and suspending arrests for minor offenses after a computer virus infected hundreds of its machines. City officials said they expected the problems to extend at least through Monday.

Court offices will remain open to allow people to pay tickets and fines, but the dockets will have to be reset, a move that will affect thousands of cases, city officials said.

It was unclear Friday how the virus got into the system, but officials promised a thorough investigation. They could not say when they hoped to have the virus removed from the city network.

The disruption cascaded through city departments, leading police to temporarily abandon making some arrests for minor offenses. Officials also briefly disconnected the Houston Emergency Center. Although some emergency communications, such as dispatching, are routed through the center, police experienced no major disruptions, officials said.

By Friday afternoon, officials said the virus appeared to be contained to 475 of the city’s more than 16,000 computers. But the problems it caused grew so severe that city officials made an emergency purchase order for up to $25,000 to bring in Gray Hat Research, a technology security company that began trying to eradicate it through the early morning hours Friday.

“We’re working as hard as we can on it,” said Richard Lewis, the city’s information technology director. “This is a complex matter. We’re not sure what virus has attacked us. It’s going to probably be days.”

The compromise of the city networks dealt another blow to the municipal court computer system, which has been beset by problems almost as soon as it went live in April 2006.

The $10 million effort by Maximus Inc. to bring the court’s activities online was immediately troublesome to judges, clerks and prosecutors and delayed court proceedings in 2006. After threatening litigation, the city reached a $5 million settlement with Maximus and may seek another vendor.

Janis Benton, the city’s deputy director of information technology, said officials suspected the infection was a form of Conficker, the latest super virus that has breached at least 10 million computers worldwide as of late January, including the government health department in New Zealand and defense systems in France.

Conficker, also known as Downadup, infects computers via a flaw in the Microsoft Windows operating system. Microsoft issued an emergency patch back in October, and PCs that have the patch are protected from the worm.

Once on a computer, Conficker disables some of its capabilities, connects to outside servers and can download other malicious programs. It may also gather personal information and upload it to remote servers.

Because individuals and larger operations are often slow to patch their systems, Conficker has spread quickly.

Lewis said the patch almost certainly would have been installed because of protocols in place, but said he is not sure the problem is Conficker.

Hold on minor arrests

Lewis said city officials began to notice some of the effects of the virus on Wednesday and began a full-fledged effort to quarantine it on Thursday. It had the effect of severely slowing down the operations of computers, he said.

The Houston Emergency Center disconnected from the city network at 11 a.m. Friday and reconnected around 4:30 p.m., officials said. The only impact on emergency operations was that some dispatching had to be communicated by radio rather than broadcast to computer screens inside police cars. Officers had no trouble making routine license or criminal records checks in their vehicles, police and city officials said.

However, police this weekend will be using only citations for class C misdemeanors instead of arrests, since they cannot be processed. Exceptions will include public intoxication, disorderly conduct and some assaults. Class B misdemeanors and above are processed through the county jail. For the most part, officials said, the temporary hold on arrests was expected to impact only minor traffic warrants.

Mayoral spokesman Patrick Trahan said people in jail would be able to make bail, but several bondsmen contacted by the Houston Chronicle were under the impression that no one could be released until Tuesday.

Appearances postponed

A courts employee greeted people in front of the payment windows at the municipal court building at 1400 Lubbock. She turned many people away for their 4 p.m. court appearances. Some were frustrated by the inconvenience, and others were happy to put it off.

The municipal court’s assistant director, Bonita Tolbert, said the only operations being rescheduled were court appearances for 3,000 people Friday. Many who walked into the municipal court Friday afternoon were turned away for other reasons.

Christian Navarrette, an art teacher, left his job early to get down to the courthouse to pay a speeding ticket. He said he was turned away when he tried to pay the ticket, which is due by Monday.

“They told me if I pay it now, it may not post by Monday because of the computer problem,” he said. “They told that I could face more fines if I pay it today, or I can just come back to pay it Monday. I guess I’ll have to leave work early Monday, too.”

Also see -

http://www.myfoxhouston.com/dpp/news/090208_city_courts_remain_closed_monday

http://www.khou.com/news/local/stories/khou090206_mh_court_system_down.2580b43d.html

KASPERSKY HACKED : Database Exposed For Days

KASPERSKY HACKED : Database Exposed For Days

Security Co. mum on Jedi mind trick

By Dan Goodin in San Francisco

9th February 2009

http://www.theregister.co.uk/2009/02/09/kaspersky_compromise_follow_up/

Some 24 hours after a hacker claimed to hack a Kaspersky website and access a database containing proprietary customer information, the security provider issued a terse statement confirming it had experienced a security issue.

"On Saturday, February 7, 2009, a vulnerability was detected on a subsection of the usa.kaspersky.com domain when a hacker attempted an attack on the site," read the statement, which was released Sunday afternoon.

"The site was only vulnerable for a very brief period, and upon detection of the vulnerability we immediately took action to roll back the subsection of the site and the vulnerability was eliminated within 30 minutes of detection. The vulnerability wasn't critical and no data was compromised from the site."

That tells part of the story, but here's the part Kaspersky leaves out. According to an admin named Tocsixu at the site that exposed the breach, the hacker who originally discovered the vulnerability did so days earlier and only went public after getting no response from more discreet communiques with Kaspersky employees.

"I have sent emails to info@kaspersky.com, forum@kaspersky.com, and webmaster@kaspersky.com warning Kasperky [sic] about the problem but I didn't get any response," Unu, the hacker, said in an email. "After some time, still having no response from Kaspersky, I have published the article on hackersblog.org regarding the vulnerability."

Tocsixu also took issue with the characterization that the data wasn't actually compromised or that it wasn't critical.

"This vulnerability could have been critical if it were to be exploited by someone bad intended because several sensitive informations could have been extracted, like usernames, emails, passwords, codes, mysql users & passwords, etc.," Tocsixu told El Reg.

"Indeed, no data was compromised from the site because that is not Unu's (our) intention. No sensitive information from the site was stored, legit Kaspersky users can rest assured."

Kaspersky has repeatedly declined to provide details about the breach, including how long its website was vulnerable or exactly when it closed the vulnerability. It didn't respond to email requesting comment on Tocsixu's claims.

SQL injections are like Jedi mind tricks. With the wave of a hand and a discreetly placed suggestion - in this case SQL database commands buried deep inside a long URL - hackers are able to turn weak-minded websites against themselves. Often, the compromise is fairly innocuous and comes in the form of a simple site defacement. Not so with the SQL injection that visited Kaspersky.

It allowed any Jedi knight who knew the secret passphrase to trick the website into dumping entire tables in its database.

"This was a typical UNION injection attack that enables SELECT statements to be poisoned with information from foreign tables," according to one Reg reader account that was confirmed by Tocsixu.

The reader, who was able to duplicate the attack Unu laid out, continued:

"Once you find the number of columns in the initial SELECT statement (using ORDER BY injection attacks) you can basically get access to the information_schema database, find out table and column names and then you're home free. Big whoopsie for Kaspersky. This was active the entire day yesterday [Saturday]."

No doubt, it's been a tough week for Kaspersky, and it sure didn't help that many of the company's employees happened to be in Puerto Rico this weekend for a partner conference. But Kaspersky does itself no favors by being so stingy with details of this attack. And as is now clear, hackers bearing proof of the pwnage are more than willing to do the talking.

Also see-

http://www.theregister.co.uk/2009/02/08/kaspersky_compromise_report/

http://hackersblog.org/2009/02/07/usakasperskycom-hacked-full-database-acces-sql-injection/

No Blogging, Social Networking For Indian Diplomats

OVERDUE : No Blogging, Social Networking For Indian Diplomats

Devirupa Mitra,

Indo-Asian News Service

February 08, 2009

08/02/2009

http://www.hindustantimes.com/StoryPage/Print.aspx?Id=77ddb9db-2e2f-4666-b4f9-02ebeaf2254c#

Indian diplomats now cannot open a Facebook account, use external e-mail services, or write blogs, thanks to new rules and much stricter firewalls aimed at preventing cyber attacks and leakage of classified information.

Over the past eight months, the Ministry of External Affairs has been overhauling its computer network security, putting up layers of barriers against intrusions into the network, officials associated with cyber security said.

There are almost 600 computers at its headquarters at South Block, about half of which are connected to the Internet. Classified work is typically done on stand-alone computers, usually with the external drives removed.

"We have set up a unified threat management system for the ministry. This simultaneously uses eight levels of protection like firewalls and spam mail filtering," said a senior official.

"We are also requesting and encouraging more responsible behaviour from our staff when working online," the official told IANS, requesting anonymity.

A circular issued last week asked officials not to log on to social networking sites, specifically citing Facebook, Orkut and Ibibo as examples. The other prohibited practices include download of peer-to-peer music using sites like Kazaa and sharing of photos through Flickr and Picasa.

The circular also discourages using services like G-mail, Yahoo! or Hotmail for official communication. A similar circular, officials said, had been issued in the Prime Minister's Office in December.

But the matter is even more critical for the foreign office as officials posted in Indian missions abroad or on foreign tours tend to use web-based mail rather than the ministry's own mail system.

"We have had cases of senior officers using G-mail or other similar accounts abroad for official work, only to find some form of tampering when they return," the official said, adding people have been told to change their web-mail passwords if they had opened the account during foreign tours.

The missions have been told to use their official mail ID issued by the National Informatics Centre for communication. But several missions have complained that the mail home page was inaccessible due to port blocks by local Internet service providers.

They have been asked to contact their service providers to unblock the site.

"We want to secure communications with Indian missions through private networks. This may be implemented in the next few months," said an official working with the technical team in the ministry.

Apart from their offices within the country, cyber security officials are also fortifying Indian embassies abroad with the first such team visiting the Indian embassy in Beijing late last year.

In 2008, nearly 100 Internet addresses were blocked, several of them at Chengdu in China, after these were found to be the source of a swarm of attacks on the network.

"An attack could be just a simple mail, which activates a programme to leak data from that computer to another address on the net," the ministry official said, adding new intrusions were more geographically dispersed.

"We had some intrusions which were traced to Houston, but we know that Chinese hackers were behind it," the official said. "It's a daily defensive war that we are engaged in."

Not all online behaviour guidelines are the result of potential security threats - some are merely to caution officials. Like late last year, some officials got a circular advising them to stop writing blogs.

The order came after a Saudi Arabia-based official's personal website created a controversy for carrying an advertisement on writer Salman Rushdie, which was posted automatically as the site was hosted on a free server.

"Now we have mailing communities to keep in touch with each other - no blogs."

Monday, February 9, 2009

Quote of the day

Quote of the day

Good governance is not just about having systems. Good governance is all about following those systems as well.

Nick Massey,

Ex-CEO of GlaxoSmithkline Consumer Healthcare

New IT Term of the day

New IT Term of the day


User Name


A name used to gain access to a computer system. Usernames, and often passwords, are required in multi-user systems. In most such systems, users can choose their own usernames and passwords.

Usernames are also required to access some bulletin board and online services.

Parking tickets lead to malware

TECHNIQUE : Parking tickets lead to malware

5 February 2009

http://www.heise-online.co.uk/security/Parking-tickets-lead-to-malware--/news/112568

ISC.Sans.org have reported on a novel new way of distributing malware – parking tickets. The scam involved the distribution of fake parking tickets placed on car windscreens, which claimed the vehicles owner had violated parking regulations and directed victims to a website for more details on what they had done wrong.

On that website were pictures of some cars and a link to download a "Picture search toolbar" to locate the victims car. It was this link that downloaded the malware, which would ask to install a browser helper object (BHO). This would then attempt to trick the user into installing a fake anti-virus scanner. The scam seems to have operated only in Grand Forks, North Dakota, but is simple enough that it is expected to be copied around the world.

Cisco wireless flaws pose DoS risk

RISK : Cisco wireless flaws pose DoS risk

Wi-Fi kit found wanting

By John Leyden

6th February 2009

http://www.theregister.co.uk/2009/02/06/cisco_wireless_update/

Cisco is urging admins to update their wireless LAN hardware following the discovery of multiple vulnerabilities in its enterprise Wi-Fi kit.

Security flaws in Cisco Wireless LAN Controllers, Cisco Catalyst 6500 Wireless Services Modules (WiSMs), and Cisco Catalyst 3750 Integrated Wireless LAN Controllers create a mechanism for hackers to knock over vulnerable hardware.

All Cisco Wireless LAN Controllers running version 4.2 of the network giant's software are affected by a pair of denial of service flaws. A third DoS flaw affects software versions 4.1 and later.

The denial of service bugs include a flaw in the handling of Web authentication, which can cause an affected device to reload, and a separate flaw (that also affects version 4.1 of the software) that means vulnerable kit can freeze up on receipt of malformed data packets.

The same set of potential problems affects Cisco Catalyst 6500 Series/7600 Series Wireless Services Module and Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers but not the equivalent wireless modules on Cisco 2800 and 3800 series Integrated Services Routers. Cisco 2000 and 2100 Series Wireless LAN Controllers are also unaffected by the vulnerability.

The denial of service problem is not the only issue to consider. Version 4.2.173.0 of Cisco's Wireless LAN controller software is affected by a privilege escalation vulnerability. The security bug creates a means for an ordinary user to gain full administrative rights.

"Successful exploitation of the denial of service vulnerabilities may cause the affected device to hang or reload," a security advisory from Cisco explains. "Repeated exploitation could result in a sustained DoS condition. The privilege escalation vulnerability may allow an authenticated user to obtain full administrative rights on the affected system."

Cisco said it discovered the flaws via customer support cases and internal testing. There is no evidence to suggest that the flaws have been used by hackers. However, especially in the absence of a suitable workaround, patching affected systems sooner rather than later makes sense.

CISCO Advisory -

http://www.cisco.com/warp/public/707/cisco-sa-20090204-wlc.shtml

Teen accused of sex assaults in Facebook scam

ACCUSED : Teen accused of sex assaults in Facebook scam

By Carrie Antlfinger

Associated Press

Feb 5, 2009

http://news.yahoo.com/s/ap/20090205/ap_on_re_us/facebook_sex;_ylt=Aphl5WbsNbzuWmDYmSKtt2sDW7oF

MILWAUKEE – An 18-year-old male student is accused of posing as a girl on Facebook, tricking at least 31 male classmates into sending him naked photos of themselves and then blackmailing some for sex acts.

"The kind of manipulation that occurred here is really sinister in my estimation," Waukesha County District Attorney Brad Schimel said Wednesday.

The students go to New Berlin Eisenhower High School in New Berlin, which is in Waukesha County about 15 miles west of Milwaukee.

Anthony Stancl, of New Berlin, was charged Wednesday with five counts of child enticement, two counts of second-degree sexual assault of a child, two counts of third-degree sexual assault, possession of child pornography, repeated sexual assault of the same child, and making a bomb threat.

Stancl's attorney, Craig Kuhary, said Stancl plans to plead not guilty to the charges and hopes to reach a plea agreement with the district attorney

"It's too early in the case for me to make a statement, other than the fact at some point we are going to go into events that had taken place earlier that might have had some impact on what he did here," he said. He wouldn't go into specifics.

The incidents allegedly happened from spring 2007 through November, when officers questioned Stancl about a bomb threat he allegedly sent to teachers and wrote about on a school's bathroom wall. It resulted in the closing of New Berlin Eisenhower Middle and High School.

According to the criminal complaint, Stancl first contacted the students through the social networking site Facebook, pretending to be a girl named Kayla or Emily.

The boys reported that they were tricked into sending nude photos or videos of themselves, the complaint said.

Thirty-one victims were identified and interviewed and more than half said the girl with whom they thought they were communicating tried to get them to meet with a male friend to let him perform sex acts on them.

They were told that if they didn't, she would send the nude photos or movies to their friends and post them on the Internet, according to the complaint. Stancl allegedly used the excuse to get the victims to perform repeated acts, the complaint said.

Seven boys were identified in the complaint by their initials as either having to allegedly perform sex acts on Stancl or Stancl on them. The complaint said Stancl took photos with his cell phone of the encounters.

Officers found about 300 nude images of juvenile males on his computer, according to the complaint. Prosecutors said the victims were as young as 15.

A preliminary hearing for Stancl has been scheduled for Feb. 26. The maximum penalty if convicted on all charges is nearly 300 years in prison.

French fighter planes grounded by computer virus

GROUNDED : French fighter planes grounded by computer virus

by Kim Willsher

telegraph.co.uk

07 Feb 2009

http://www.telegraph.co.uk/news/worldnews/europe/france/4547649/French-fighter-planes-grounded-by-computer-virus.html

French fighter planes were unable to take off after military computers were infected by a computer virus, an intelligence magazine claims.

French fighter planes grounded by computer virus

The aircraft were unable to download their flight plans after databases were infected by a Microsoft virus they had already been warned about several months beforehand.

At one point French naval staff were also instructed not to even open their computers.

Microsoft had warned that the "Conficker" virus, transmitted through Windows, was attacking computer systems in October last year, but according to reports the French military ignored the warning and failed to install the necessary security measures.

The French newspaper Ouest France said the virus had hit the internal computer network at the French Navy.

Jérome Erulin, French navy spokesman told the paper: "It affected exchanges of information but no information was lost. It was a security problem we had already simulated. We cut the communication links that could have transmitted the virus and 99 per cent of the network is safe."

However, the French navy admitted that during the time it took to eradicate the virus, it had to return to more traditional forms of communication: telephone, fax and post.

Naval officials said the "infection"' was probably due more to negligence than a deliberate attempt to compromise French national security. It said it suspected someone at the navy had used an infected USB key.

The Sicmar Network, on which the most sensitive documents and communications are transmitted was not touched, it said. "The computer virus problem had no effect on the availability of our forces." The virus attacked the non-secured internal French navy network called Intramar and was detected on 21 January. The whole network was affected and military staff were instructed not to start their computers.

According to Liberation newspaper, two days later the chiefs of staff decided to isolate Intramar from the military's other computer systems, but certain computers at the Villacoublay air base and in the 8th Transmissions Regiment were infected. Liberation reported that on the 15 and 16 January the Navy's Rafale aircraft were "nailed to the ground" because they were unable to "download their flight plans". The aircraft were eventually activated by "another system".

Liberation also reported that Microsoft had identified the Conficker virus in the autumn of 2008 and had advised users from October last year to update their security patches. IntelligenceOnline reports that "at the heart of the (French) military, the modifications were, for the most part, not done." It was only on the 16 January "three months later" that the navy chiefs of staffs began to act.

"At that point, the chiefs of staff and the defence ministry had no idea how many computers or military information systems were vulnerable to having been contaminated by the virus," said Liberation.

The French press also reported that the only consolation for the French Navy was that it was not the only ones to have fallen victim to the virus. It said that a report in the military review Defense Tech revealed that in the first days of January 2009 the British Defence Ministry had been attacked by a hybrid of the virus that had substantially and seriously infected the computer systems of more than 24 RAF bases and 75 per cent of the Royal Navy fleet including the aircraft carrier Ark Royal.

This Day in History

Thanks for your Visit