.::: mYne-net | Information Security Blog :::.: March 2010

Wednesday, March 31, 2010

Conficker Infection

Thanks to Joe Stewart from SecureWorks for his awesome work.

Check for Infection

Introduction

Conficker, also known as Downup, Downandup, Conflicker, and Kido, is a computer worm that surfaced November 21st, 2008 with Conficker.A and targets the Microsoft Windows operating system. The worm exploits a known vulnerability (MS08-067) in the Windows Server service used by Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, and Windows 7 Beta. The latest variant (Conficker.C) will begin checking for a payload to download on March 31st, 2009. Conficker.A and Conficker.B variants continue to check for payloads each with a distinct domain generation algorithm.
Operation

The Conficker worm spreads itself primarily through a buffer overflow vulnerability in the Server Service on Windows computers. The worm uses a specially crafted RPC request to execute code on the target computer.

When executed on a computer, Conficker disables a number of system services such as Windows Automatic Update, Windows Security Center, Windows Defender and Windows Error Reporting.

It receives further instructions by connecting to a server or peer and receiving a binary update. The instructions it receives may include to propagate, gather personal information and to download and install additional malware onto the victim's computer. The worm also attaches itself to certain Windows processes such as svchost.exe, explorer.exe and services.exe.

The worm seems to implement some of the ideas presented by Fucs, Paes de Barros e Pereira at the Blackhat Briefings Europe 2007, specifically: digitally signed additional payload, use of PRNG for communication and P2P communication.
Payload

The "A" and "B" variants of Conficker will create an HTTP server and open a random port between 1024 and 10000. If the remote machine is exploited successfully, the victim will connect back to the HTTP server and download a worm copy. It will also reset System Restore points, and download files to the target computer.
Symptoms of infection

* Account lockout policies being reset automatically.
* Certain Microsoft Windows services such as Automatic Updates, BITS, Windows Defender, and Error Reporting Services are automatically disabled.
* Domain controllers respond slowly to client requests.
* System network gets unusually congested. This can be checked with network traffic chart on Windows Task Manager.
* On websites related to antivirus software, Windows system updates cannot be accessed.
* Launches a brute force attack against administrator passwords to help it spread through ADMIN$ shares, making choice of sensible passwords advisable.
* Port 445/TCP scanning (A/B)
* Multicast UPnP requests
* High-port TCP and UDP P2P Activity
* Abnormal DNS lookup activty

Impact

Experts say it is the worst infection since the SQL Slammer. Estimates of the number of computers infected range from almost 9 million PCs to 15 million computers, however a conservative minimum estimate is more like 3 million which is more than enough to cause great harm.

Another anti-virus software vendor, Panda Security, reported that of the 2 million computers analyzed through ActiveScan, around 115,000 (6%) were infected with this malware.

The potential scale of infection is large because 30 percent of Windows computers do not have the Microsoft Windows patch released in October 2008 to block this vulnerability.

The U.K. Ministry of Defence reported that some of its major systems and desktops were infected. The worm has spread across administrative offices, NavyStar/N* desktops aboard various Royal Navy warships and Royal Navy submarines, and Hospitals across the city of Sheffield reported infection of over 800 computers.

On February 1, 2009, Schools in the town of Rochdale, England were infected. The virus spread to 13 schools estimated to have infected 7,500 computers.

On February 13, the Bundeswehr reported that some hundred of their computers were infected.

On March 27, 2009, the British Director of Parliamentary ICT released a (leaked) memo stating that the House of Commons computer network has been infected with the virus and called for all people who have access the network to use caution and to not connect any unauthorized equipment to the network.
Response

On February 12, 2009, Microsoft announced the formation of a technology industry collaboration to combat the effects of Conficker. Organizations involved in this collaborative effort include Microsoft, Afilias, ICANN, Neustar, Verisign, CNNIC, Public Internet Registry, Global Domains International, Inc., M1D Global, AOL, Symantec, F-Secure, ISC, researchers from Georgia Tech, The Shadowserver Foundation, Arbor Networks and Support Intelligence.

As of February 13, 2009, Microsoft is offering a $250,000 USD reward for information leading to the arrest and conviction of the criminals behind the creation and/or distribution of Conficker.
Patching and removal

On 15 October 2008 Microsoft released a patch (MS08-067) to fix the vulnerability. Removal tools are available from Microsoft, BitDefender, ESET, Symantec, Sophos, and Kaspersky Lab, while McAfee and AVG can remove it with an on-demand scan. While Microsoft has released patches for the later Windows XP Service Packs 2 and 3 and Windows 2000 SP4 and Vista, it has not released any patch for Windows XP Service Pack 1 or earlier versions (excluding Windows 2000 SP4), as the support period for these service packs has expired. Since the virus can spread via USB drives that trigger AutoRun, disabling the AutoRun feature for external media (through modifying the Windows Registry) is recommended. However the United States Computer Emergency Readiness Team describe Microsoft's guidelines on disabling Autorun as being "not fully effective," and they provide their own guides. Microsoft has released a removal guide for the worm via the Microsoft website.

Also, on March 16, 2009, BitDefender released an updated tool to remove the already famous Downadup/Conficker worm on a new domain that has not been blocked by the malicious computer code at a website called "bdtools.net", it also comes as a separate installer dedicated to network administrators. In this way, the scanner can be dispatched throughout networks in order to remotely scan and disinfect workstations.

Refer to Wikipedia for reference URLs http://en.wikipedia.org/wiki/Conficker

Text adapted from Wikipedia: All text on this page is available under the terms of the GNU Free Documentation License

Source : http://www.confickerworkinggroup.org/wiki/

Check for infection : http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

Credit to : http://www.confickerworkinggroup.org/wiki/

Sunday, March 28, 2010

Ramai tak peka risiko jenayah siber

Oleh Suzan Ahmad
suzan@bharian.com.my
2010/03/28
Pengguna internet hari ini turut jadi mangsa peras ugut, bunuh

KECANGGIHAN teknologi bukan sekadar memudahkan urusan seharian, ia turut membawa kesan yang perlu dibayar dengan harga mahal.
Tidak ramai tahu perbandingan nisbah kebarangkalian jenayah siber kini pada tahap 1:5 berbanding jenayah pecah rumah hanya 1:30. Sememangnya membimbangkan, namun ia tidak diberikan perhatian sepatutnya atas alasan kita tidak melihat penjenayah siber. Tanpa kita sedar peningkatan mendadak jumlah pengguna ruang siber yang berinteraksi di laman sosial seperti Facebook, Friendster dan Twitter sebenarnya antara punca meningkatkan lagi risiko menjadi mangsa jenayah siber.

Mengikut statistik Symantec Norton Security Response, syarikat yang menawarkan perlindungan, penyimpanan dan pengurusan sistem penyelesaian komputer global, jenayah siber berlaku setiap 0.25 saat di seluruh dunia yang meliputi peras ugut, ancaman virus, angkara penggodam, phising, jangkitan anti-spyware dan malware.

Pengguna ruang siber kini bergantung kepada teknologi untuk membolehkan mereka berkongsi fail, foto dan muzik pada bila-bila masa daripada sebarang alat telekomunikasi.

Masalah mula timbul apabila kecenderungan pengguna mengejar kepantasan teknologi siber tidak setara dengan kesedaran untuk melindunginya daripada diceroboh penjenayah siber.
Kelemahan ini ditambah dengan jangkaan peningkatan penggunaan smartphone yang menguasai hampir separuh jualan telefon mudah alih dunia seperti Android, iPhone dan iPad pada 2013.

Hakikatnya, dalam masa empat minit saja selepas dihubungkan ke internet, sebuah komputer peribadi yang tidak berperisai akan dijangkiti virus dengan mudah.
Malah, setiap tiga saat pengguna laman siber akan hilang kata laluan, maklumat kad kredit, maklumat bank dan pelbagai maklumat lain.

Ketua Perniagaan Norton (Rantau Asia Selatan), Effendy Ibrahim, berkata pemantauan aktiviti internet yang dilakukan baru-baru ini menyerlahkan, dalam masa 24 jam selepas kejadian tsunami di Chile dan gempa bumi di Haiti, pelbagai laman web bertujuan mengutip derma dibangunkan, sedangkan laman web ini mengandungi banyak perisian palsu yang cuba memporak-perandakan dan mencuri data peribadi pengguna ruang siber.

“Insiden terbaru berlaku di Jakarta, Indonesia dan masih dalam siasatan membabitkan seorang gadis yang berkenalan dengan seorang lelaki di Facebook diajak bertemu atas alasan lelaki itu sakit tenat.

“Atas dasar simpati, gadis itu bersetuju dan pergi ke tempat yang dijanjikan. Malangnya selepas gagal memperkosanya, dia membunuh gadis itu.

“Dek ghairah dan mudahnya mendapat ramai kawan tanpa perlu bertentang mata di laman sosial, ternyata menarik pengguna ruang siber untuk terus berkomunikasi menggunakan pengantara ini sehingga terlalu selesa dan percaya untuk berkongsi maklumat peribadi, foto, video dan data,” katanya yang mengakui pengguna internet lebih ramai kawan di laman sosial berbanding di alam nyata.

Sementara itu, Ketua Perbankan Virtual Maybank, Choong Wai Hong, berkata 1,200 kes penipuan perbankan internet dikesan dalam tempoh Januari hingga Jun tahun lalu yang merangkumi 0.003 peratus daripada jumlah nilai transaksi membabitkan RM348.5 bilion, membabitkan kerugian RM1 juta.

Beliau berkata, walaupun peratusan kerugian masih rendah berbanding jenayah kewangan lain, ancaman itu tidak harus dipandang rendah.

“Kita perlu melihatnya dari perspektif lebih meluas dengan bilangan pelanggan perbankan internet semakin meningkat, oleh itu kami perlu mengimbanginya dengan menjadi lebih peka kepada segala bentuk ancaman,” katanya.

Mengikut pengalaman Maybank, katanya, 72 peratus jenayah siber yang dilapor membabitkan kecuaian pelanggan seperti mendedahkan kata laluan dan maklumat peribadi secara sedar.

Untuk mengatasinya, Maybank menjalin usaha sama dengan firma keselamatan bagi mengesan secara proaktif serta menangani kes penipuan, menjalin kerjasama rapat sesama bank, meningkatkan perkhidmatan keselamatan dan bekerjasama dengan polis, selain menganjurkan kempen kesedaran awam.

Cybersecurity, agensi di bawah Kementerian Sains, Teknologi dan Inovasi mengakui isu keselamatan yang dihadapi pengguna komputer dan internet meningkat berikutan penggunaan teknologi jalur lebar yang bertambah.

“Lebih 700 kes dilaporkan kepada Cyber999 sehingga Februari tahun ini manakala sepanjang tahun lalu mencecah 3,600 kes,” kata Ketua Pusat Bantuan Tindak Balas Kecemasan Komputer MyCert dan Cyber999, Adli Abdul Wahid.

Beliau berkata, dalam tempoh tiga bulan, MyCert mengesan 75 serangan virus melalui komputer atau e-mel. Walaupun jumlah itu mungkin kecil, impak buruknya mampu menjangkiti 1.6 juta komputer di Malaysia.

INFO
Jenayah siber

# Nisbah kebarangkalian jenayah siber kini pada tahap 1:5 berbanding jenayah pecah rumah hanya 1:30.

# Jenayah siber berlaku setiap 0.25 saat di seluruh dunia yang meliputi peras ugut, ancaman virus, angkara penggodam, phising, jangkitan anti-spyware dan malware.

# Setiap tiga saat pengguna laman siber akan hilang kata laluan, maklumat kad kredit, maklumat bank dan pelbagai maklumat lain.

# 1,200 kes penipuan perbankan internet dikesan dalam tempoh Januari hingga Jun tahun lalu yang merangkumi 0.003 peratus daripada jumlah nilai transaksi membabitkan RM348.5 bilion, membabitkan kerugian RM1 juta.

Sumber : http://www.bharian.com.my/bharian/articles/Ramaitakpekarisikojenayahsiber/Article

Kredit : http://www.bharian.com.my/

Monday, March 22, 2010

Research reveals 1 in 4 children have tried hacking

19 March 2010

A study just published claims to show that, although 78% of children knowing that hacking it is wrong, one in four of them have tried hacking into other people's Facebook accounts.

The survey, from Tufin Technologies, says that 47% of those admitting Facebook hacking guilt are girls. The study of 1000 youngsters from London and 150 from Cumbria found that, although 27% were doing so from the relatively safe confines of their bedrooms, 22% are using internet cafes and 21% are hacking from school. Interestingly, 19% of respondents to the survey also said they had used a friend's computer to hack.

The most common reason was for fun (46%); however, 21% aimed to cause disruption and a resourceful 20% thought they could generate an income from the activity. A small minority (5%) said they were switching to the dark side as a career move.

The survey, which was undertaken in conjunction with Cumbria Constabulary, found that a good third of respondents had fallen victim to hackery, having had their Facebook or email accounts broken into without authorisation.

Researchers also found that Cumbrian children with hacking habits were much younger than their city counterparts, with 78% having done so before their 13th birthday – in London 44% were under 16, with only 16% of these yet to enter their teens.

Delving into the survey results reveals that 27% of the kids who were hacking admitted they were caught. 82%, meanwhile, confessed that hacking wasn't actually that easy in practice, and a commendable 70% labelled the practice as uncool.

Stuart Hyde, deputy chief constable with Cumbria Constabulary, said that what this survey highlights is that hacking into personal online accounts, whether email or Facebook, can be child's play if users do not protect their own passwords.

"It illustrates the importance of keeping your passwords strong, secure and changing them regularly to help protect your accounts from unscrupulous people of all ages", he said.

"We live in a world where social networking, email and the internet are embedded into our every day lives from a far younger age, so early education is essential to ensure young people know the devastating consequences this activity can have", he added.

Only 53% of the children surveyed felt that hacking was illegal, which shows there is a real need to educate youngsters to the dangers, both so they are deterred from trying it and also so they know how to protect their own accounts.

Commenting on the results, Reuven Harrison, CTO of Tufin Technologies, said that one of the most worrying statistics from this survey is the staggering numbers of kids that are successful and the ages involved. "Hacking has changed a lot in the past few years from the curiosity or fun factor to now making serious money or causing havoc in the corporate environment", he said.

"Our job as IT security professionals is to stop hackers in their tracks and that means educating the kids, as the police have said, at a very young age", he added.

source of news : http://www.infosecurity-magazine.com/view/8208/research-reveals-1-in-4-children-have-tried-hacking/

credit to : www.infosecurity-magazine.com

Facebook and Twitter: weak passwords and insecure users are the cause of security issues

22 March 2010

Officials with Facebook and Twitter gave their views at the South West Interactive (SXSWi) event in Austin, Texas, earlier this month and – surprisingly – panel members were reportedly less than apologetic for the security scares that social networking portals have generated in recent months.

According to the Techradar.com newswire, Del Harvey, Twitter's director of trust and safety, said that the Twitter IT security team numbers around the 20 mark, out of an employee headcount of 160 at the Twitter offices.

Harvey explained that the Twitter is trying to get users educated about security.

"Everyone knows at least one person who says 'I use the same password on every site – but it's a really good one', or 'I use different passwords on every site – I take the first letter of the site and the last letter of the site and then I put my birth year in the middle'", he said.

Ryan McGeehan, Facebook's security manager for incident response, was apparently also in internet user blaming mode, saying that: "Awareness is a major thing for us, too. The number of individuals who use the same password across multiple sites is astounding."

"So, for instance, if some obscure web forum that you are a part of gets compromised and the database gets leaked, and the passwords are stored in clear text, then the person who stole that database decides to try all of those usernames and passwords on other sites the success rate is astounding", he said.

"It's an awareness issue; it's a security issue for any site that is dealing with usernames and passwords", he added.

Harvey and McGeehan's comments have drawn criticism from the IT security industry, most notably from Imperva, where Amichai Shulman, chief technology officer with the data security specialist, who said that internet history has shown that, if you mandate users to do something in return for a free service, they will do what you want – which is good news on the password front.

According to Shulman, social networking site operators should not tell uses what software they should have on their computers – the companies should start to take responsibility and ownership of the user security issue, and act accordingly.

Website operators, he explained, should seriously acknowledge their responsibility to these security issues rather than simply throw them back at their users.

The internet, he went on to say, is still a relatively new and exciting experience for many users and, whilst a lot of companies are making a profit from this brave new world, there is still a need for those same businesses to invest in educating their members about the need for secure passwords.

"Requiring users to set up a secure password won't detract from the numbers of users flocking to these free-to-use services, but it will dramatically boost their security", he said.

"And making the services more secure will gain the longer term trust of the membership, which will be repaid as those users tell others about their experiences," he added.

source of news : http://www.infosecurity-magazine.com/view/8213/facebook-and-twitter-weak-passwords-and-insecure-users-are-the-cause-of-security-issues/

credit to : www.infosecurity-magazine.com

Google releases web application security scanner

Posted on 22 March 2010.

Google released Skipfish, a free fully automated, active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes.

The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.

Key features:

High speed: Pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets.
Ease of use: Heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form auto completion.
Cutting-edge security logic: High quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.

The tool supports Linux, FreeBSD 7.0+, MacOS X, and Windows (Cygwin) environments.

download link : http://code.google.com/p/skipfish/downloads/list

source of news : http://www.net-security.org/secworld.php?id=9043

credit to : www.net-security.org

Thursday, March 11, 2010

79% of Twitter users are not real users of social networking

11 March 2010

Research just published claims to show that usage of Twitter, the social networking site, is taking off into the mainstream, but that large numbers of users are not using the service for the purpose it was originally designed for.

The study, from Barracuda Networks, analysed more than 19 million Twitter accounts, for their frequency and content of messages (tweets), as well as their general activity levels.

The report – which forms the bulk of Barracuda's 2009 annual study – claims to show that only 21% of Twitter users are actual true users of the social networking service.

By 'true user,' the networking security firm defines a real Twitter user as someone who has at least 10 followers, follows at least 10 people and has messaged (tweeted) at least 10 times.

Delving into the report – which is available from the firm's website – reveals that most of Twitter's registered users joined the site during what it calls the 'red carpet' era (Nov 2008 to Apr 2009) when a number of celebrities such as Stephen Fry made their interest in the services very public.

Now here's the bad news from the report – during the Twitter red carpet era, Barracuda says that misuse of Twitter soared to reach 12% of accounts in October 2009, indicating that one in eight accounts created was deemed to be malicious, suspicious or otherwise misused and subsequently suspended.

Commenting on the report, Paul Judge, the firm's chief research officer, said: "as social networking, and specifically Twitter, becomes more ingrained in everyday business, it is crucial to understand the nature of attacks happening on these sites, as well as how users and networks can be compromised."

In its security blog, Barracuda says that more users joined Twitter in 2009 following a massive influx of celebrities to the site – "and sure enough, the criminals followed the users in a forceful way causing the overall Twitter crime rate to spike."

Interestingly, the network security vendor says that only 17% of Twitter users have zero followers, which is a 40% increase in the number of users that now have 10 or more followers.

As millions of users flocked to Twitter during the Twitter Red Carpet Era, Barracuda says that so too did the criminals.

"During this time, numerous accounts were used for malicious purposes such as poisoning trending topic threads with malicious URLs (hidden by the ever-popular URL shortening services) aimed at luring Twitter users to sites carrying malware or other malicious content", said the company.

The report's Twitter crime rate is defined as the percentage of accounts created per month that are eventually suspended for malicious or suspicious activity, or otherwise misused.

Source : http://www.infosecurity-magazine.com/view/7990/79-of-twitter-users-are-not-real-users-of-social-networking/

Credit to : http://www.infosecurity-magazine.com

Smartphone apps need securing at the software development stages

11 March 2010

Smartphones could very easily become spy phones, with hackers able to eavesdrop on your conversations, researchers at Rutgers University in the US have warned.

The handsets could be hijacked using malware as they have now become as advanced as computers, say experts.

Researchers at Rutger's University have developed a proof-of-concept rootkit that can be ported to multiple smartphone operating systems such as the Apple iPhone plus Google Android, and allows hackers to remotely turn on the GPS function, as well as remote-enable the phone's microphone.

Rootkits – which has been around on PCs since the mid-1990s – are notable for masking their own existence on the computer, and can be installed via e-mails that trick users into opening attachments.

"Smartphones are essentially becoming regular computers'" said Vinod Ganapathy at Rutgers University in New Jersey. "They run the same class of operating systems as desktop and laptop computers, so they are just as vulnerable to attack."

"What we're doing today is raising a warning flag," said fellow researcher Liviu Iftode. "We're showing that people with general computer proficiency can create rootkit malware for smartphones. The next step is to work on defences", he added.

Fortunately for the many hundreds of millions of smartphone users around the world, the researchers concede it is much harder to slip rootkits into smartphones – which tend to have strict rules on non-approved code being installed.

According to Richard Kirk, European director with application vulnerability specialist Fortify Software, with the rootkit, the researchers have developed a full-blown hacker code methodology that allows all the features of a smartphone to be turned over to a hacker's control.

"And just like a compromised desktop PC, all the operations of the hacked smartphone can be used for all manner of hacking purposes, including data theft, botnet swarming, distributed denial of service attacks and even remote automated mass hacking of critical national IT systems infrastructures", he said.

Kirk added that desktop software secure code development strategies have evolved to ensure that desktop systems software cannot normally be compromised by this type of hackery.

But, he noted, smartphone code developers – owing to the relative youth of their industry – have had no similar pressures imposed on them, as smartphones have always been viewed as a less powerful computing option.

All that changes, he explained, with the evolution of rootkits for smartphones, as it means that hackers can assume control over a handset that is every bit as powerful as a computer of just a decade ago.

"As the Rutgers University scientists say – as the population of mobile devices increases, there will be an increasing interest in attacking these devices – this means there is a rising security risk from operating system-driven smartphones", said Kirk.

"With hundreds of millions of these devices in active usage and the majority of them wirelessly connected, you can see the potential scale of the problem. Code developers must wake up to this pressing security issue and adopt secure code development practices, such as regular security testing, at the earliest available opportunity", he added.

Source : http://www.infosecurity-magazine.com/view/7982/smartphone-apps-need-securing-at-the-software-development-stages/

Credit to : http://www.infosecurity-magazine.com

Wednesday, March 10, 2010

Patching the Security Update Process

Security firm aims to make installing updates as painless and invisible as possible.

By Brian Krebs

Wednesday, March 10, 2010

Recent research shows that the typical PC user needs to install a security update roughly every five days in order to safely use Microsoft Windows and all of the third-party programs that typically run on top of it. In response, a Danish computer security firm says it will soon debut a free new service that silently automates the installation of security updates for dozens of the most commonly used software products.

The five-day figure comes from information collected by Secunia, which pored over statistics from some two million users of its free Personal Software Inspector (PSI) tool, a program designed to alert users about outdated and insecure software running on their machines. Secunia found that the typical Microsoft Windows user has more than 66 programs from more than 22 different software vendors on his or her computer.

Even though the current version of the PSI software includes links to the latest updates for each outdated application, many users still find the update process too cumbersome, says Thomas Kristensen, Secunia's chief security officer.

"Most users don't want to be bothered with all these updates," Kristensen says. "Even when we provide them with the proper download links for the updates, a lot of users to say, 'No, I don't want to click on all these things.' We'd like to bring down the number of users who quit the patching process at that point."

There is ample evidence to suggest that the average user can't be bothered to install security updates in a timely fashion--unless the process is more or less automated. In a study released last summer, researchers from Google Switzerland and the Swiss Federal Institute of Technology found that browsers which included silent, automatic updates--such as Mozilla's Firefox and Google's Chrome--worked far better and faster in successfully delivering patches than did the manual installation mechanism used by the browsers from rivals like Microsoft, Opera, and Apple.

When hackers increasingly are attacking software security holes before vendors can ship patches to plug them, timely patching is more vital than ever, says Wolfgang Kandek, chief technology officer at Qualys, a computer security firm based in Redwood Shores, CA, that helps companies manage patch deployment. Kandek says Microsoft made great inroads with Windows XP Service Pack 2, which prompted users to turn on automatic updates for the operating system. But he adds that too few major third-party software makers include similar auto-update mechanisms.

"Take older versions of Adobe's software, which don't have an update component," Kandek says. "Users on these will just stay at whatever version they're using, and never update." Alan Paller, director of research for the Bethesda, MD-based SANS Institute, a computer security training group, says Microsoft considered pitching its Windows Update service to third-party software vendors as an update conduit many years ago, but ultimately abandoned the idea because of legal liability concerns.

Secunia's Kristensen says his company's tool will avoid any liability issues by downloading patches in exactly the same way for each application as a regular user would. Still, he says, not all software vendors are likely to make it easy.

"The liability issues arise if we were to start modifying the patches or putting them in our own repository of updates," Kristensen says. "One thing we can guarantee is that it won't work for 100 percent of software. We'd love it to do that, but that would require 100 percent cooperation from a lot of vendors who don't have a good history of this."

According to Paller, Secunia's chief challenge is appealing to users who don't know enough about security to know they need to deploy third-party updates. "That's why I think that a service like this--if it is going to have a decent impact--needs to be offered through the [Internet service providers]," he says. "My goal would be to say if you're going to be an ISP, you need to provide a service like this."

Secunia's patch tool likely will need some serious testing before it can be deployed on such a broad scale. Secunia has already adapted the corporate version of PSI to deploy third-party updates, but doing the same for consumer computers would be a far greater challenge, particularly in making the software work on all of the various foreign language implementations of these third-party products.

"The goal is to make this scalable and legal, and to do that we will need to--at least at first--prioritize the products we patch based on those that are most widely installed, because there is no way we will be able to do 13,000 applications at once," Kristensen says.

Secunia is aiming to have a preview version available in April for expert PC users, and a beta version for more public consumption a few months after that.

Source : http://www.technologyreview.com/communications/24713/?a=f

Credit to : www.technologyreview.com

Monday, March 8, 2010

Pengasas Facebook didakwa godam e-mel

MARK ZUCKERBERG

LONDON - Pengasas laman web perkongsian sosial Facebook di Internet, Mark Zuckerberg didakwa menggodam akaun e-mel beberapa saingannya dan wartawan, lapor akhbar Mail On Sunday semalam.

Ketua pegawai eksekutif laman perkongsian sosial yang paling berjaya di dunia itu didakwa melanggar sekurang-kurangnya dua privasi dalam satu siri artikel yang disiarkan oleh BusinessInsider.com.

Sebagai sebahagian daripada siasatan yang dilakukan selama dua tahun mengenai pengasas Facebook itu, majalah tersebut mendedahkan apa yang didakwanya sebagai satu penggodaman pada 2004.

Pada satu kejadian, majalah itu melaporkan bahawa Zuckerberg mendapati bahawa akhbar Universiti Harvard, The Crimson merancang untuk menyiarkan artikel mengenai dirinya pada 2004.

Dia dituduh menggunakan kata laluan beberapa pemberita akhbar berkenaan untuk menggodam akaun mereka.

Pada satu lagi kejadian, majalah BusinessInsider.com mendakwa Zuckerberg menggodam akaun beberapa saingannya di Universiti Harvard yang menuduhnya mencuri idea mereka bagi mewujudkan laman perkongsian sosial tersebut.

Dia kemudian didakwa cuba untuk mensabotaj rangkaian saingannya yang telah mereka wujudkan.

Majalah itu mendakwa Zuckerberg mengetahui akhbar The Crimson merancang untuk menulis satu artikel apabila dia dipanggil untuk ditemu ramah pada 2004.

Akhbar itu merancang untuk menyiasat dakwaan yang dilakukan oleh beberapa pelajar Universiti Harvard bahawa Zuckerberg telah mencuri idea rangkaian sosial mereka.

Dakwaan itu kini telah didokumenkan dan menjadi satu tuntutan undang-undang bernilai AS$65 juta (RM218 juta).

Pada 2004, Facebook yang kini mempunyai pengguna lebih 40 juta orang di seluruh dunia dan nilainya ialah berjuta-juta dolar masih dianggap merupakan satu rangkaian yang terhad kepada pelajar-pelajar Universiti Harvard yang dikenali sebagai Thefacebook.com.

Pada ketika itu, Zuckerberg terlibat dalam satu perbalahan dengan tiga lagi pelajar Universiti Harvard yang telah memintanya untuk membantu mereka mewujudkan satu laman web sosial.

Pelajar-pelajar lain Universiti Harvard itu, Cameron Winklevoss, Tyler Winklevoss, dan Divya Narendra telah menuduh Zuckerberg dengan sengaja untuk menyalahfahamkan mereka mengenai kesediaannya untuk membantu mereka mewujudkan laman web mereka, HarvardConnection.com.

Ketiga-tiga mereka telah mendekati akhbar itu, The Crimson berhubung dakwaan yang dibuat ke atas Zuckerberg.

Menurut akhbar tersebut, pemberita-pemberita The Crimson kemudiannya bercakap berhubung dakwaan ke atas Zuckerberg.

Zuckerberg dilihat cuba untuk meyakinkan akhbar berkenaan bahawa rangkaian sosial yang sedang diciptanya itu berbeza dengan HarvardConnection.com.

Pada awalnya, dia menganggap HarvardConnection.com sebagai satu laman temu janji.

Akhbar itu menarik artikel berkenaan.

Bagaimanapun, selepas beberapa dakwaan lain muncul, Zuckerberg menjadi bimbang bahawa akhbar berkenaan akan menyiarkan berita mengenainya semula.

Majalah BusinessInsider.com mendakwa, Zuckerberg kemudian memberitahu seorang rakannya bahawa dia telah menggodam akaun kakitangan akhbar The Crimson.

Zuckerberg didakwa memberitahu rakannya itu bahawa dia menggunakan TheFacebook.com untuk mencari anggota yang merupakan kakitangan akhbar The Crimson.

Dia kemudian memeriksa satu laporan mengenai kesilapan kata masuk untuk melihat jika terdapat sebarang anggota-anggota akhbar The Crimson telah menggunakan kata laluan yang tidak betul ke dalam TheFacebook.com.

Majalah itu mendakwa bahawa Zuckerberg pernah berkata bahawa dia cuba menggunakan kata laluan yang tidak betul untuk mengakses e-mel akaun anggota-anggota pelajar Universiti Harvard di Amerika Syarikat.

Dalam dua kejadian, majalah itu mendakwa, dia berjaya dan mampu untuk membaca e-mel antara kakitangan akhbar The Crimson yang membincangkan kemungkinan untuk menulis artikel berhubung tuduhan yang berlaku ke atas dirinya.

SEORANG lelaki Indonesia memeriksa laman Facebooknya di sebuah kafe Internet, Jakarta pada 17 Februari lalu.

Dengan perkataan lain, dakwa majalah itu, Zuckerberg dilihat menggunakan data masuk peribadi dari TheFacebook untuk menggodam ke dalam e-mel akaun berasingan daripada beberapa pengguna TheFacebook.

Ia bukannya kali pertama Zuckerberg melanggar privasi.

Dalam satu artikel berasingan, majalah itu menuduh bahawa Zuckerberg telah menggodam beberapa saingannya di HarvardConnection.com - iaitu pada Mei 2004, ia dinamakan semula ConnectU.

Walaupun Facebook telah popular pada musim panas 2004 dengan mencapai berjuta-juta pengguna, Zuckerberg, menurut majalah tersebut masih berasa bimbang mengenai persaingannya itu.

Kebimbangan itu menyebabkannya menggodam ke dalam laman ConnectU dan membuat beberapa perubahan bagi memperbanyakkan profil pengguna termasuk salah seorang daripada pengasasnya dan seorang rakan yang menuduhnya mencuri idea Facebook, Cameron Winklevoss.

Majalah BusinessInsider.com menuduh Zuckerberg mencipta satu akaun palsu yang dipenuhi dengan maklumat palsu Winklevoss.

Zuckerberg turut didakwa memasuki akaun beberapa pengguna ConnectU dan mengubah setting privasi yang dilihat untuk menjadikan sukar bagi orang ramai mencari rakan di rangkaian itu.

Majalah itu mendakwa, Zuckerberg menjadikan 20 akaun ConnectU tidak aktif.

Apabila Facebook didekati dengan banyak dakwaan oleh majalah BusinessInsider.com, syarikat tersebut memberitahu akhbar Mail Online di Britain: "Kita tidak akan berbahas mengenai pergelutan perbicaraan dan sumber-sumber tanpa nama yang mahu menulis semula sejarah awal Facebook atau memalukan Zuckerberg dengan beberapa tuduhan." - Agensi

Sumber capaian : http://www.kosmo.com.my

Kredit : www.kosmo.com.my

Skandal di Internet

Susunan NOOR FAZRINA KAMAL

Cara yang mudah, murah dan cepat untuk mengesan pasangan yang menipu dalam talian ialah dengan mengupah 'penyiasat dalam talian'. - Gambar hiasan

PERNAHKAH terlintas di fikiran anda bahawa pasangan anda mungkin mempunyai kekasih di Internet? Mungkin anda boleh mengabaikan saja perasaan tersebut namun lagi lama dibiarkan macam ada sesuatu yang makin tidak kena pada hubungan anda berdua.

Anda tidak mampu menafikan wujud perasaan curiga yang pasangan anda menipu tentang hubungan cintanya di Internet. Jangan ambil mudah kerana anda sebenarnya sudah berada di tahap pertama amaran bahawa teknologi ini boleh menggugat keharmonian rumah tangga anda.

Dalam tahap ini, anda mungkin mengesyaki pasangan anda namun berjaya menyedapkan hati dengan mengatakan bahawa itu hanya imaginasi sahaja. Ini kerana anda belum mempunyai bukti kukuh dan belum pun mahu mengumpul bukti tersebut.

Memasuki tahap kedua, anda sebenarnya sudah bersedia untuk menerima kebenaran. Anda mahukan fakta. Mungkin dalam tahap ini juga pasangan anda yang menipu sudah terasa gerak-gerinya diperhati dan dia mula mengurangkan tindak tanduknya di depan komputer. Anda pula sudah bersedia untuk menangkap pasangan yang curang di alam maya.

Persoalannya bagaimana anda boleh menangkap pasangan yang penuh muslihat ini? Memang bukan senang untuk mengumpul bukti, namun dengan adanya sedikit ilmu teknologi maklumat (IT) anda juga boleh menangkap pasangan yang menipu di Internet.

Anda mungkin boleh memeriksa dengan cara mencari sendiri di laman sembang yang pasangan anda gemar layari.

Mudah saja! Cara pertama layari laman web dengan kata kunci 'bagaimana menangkap pasangan yang menipu di Internet?' Dari situ anda akan menemui banyak cara untuk mengenalpasti sama ada pasangan anda sudah terlibat dengan skandal di Internet.

Ikut kaedah yang disarankan dan cuba sesuaikan dengan situasi anda. Perlu ingat segala tindakan anda haruslah berlandaskan fikiran dan bukan emosi kerana anda mahu mencegah sebelum parah dan bukannya mahu menambah kekacauan dalam rumah tangga.

Sebagai individu yang sayangkan keharmonian rumah tangga, anda perlu mengambil langkah bijak dalam membendung masalah ini. Jangan biarkan berlarutan dan ambil sikap tunggu dan lihat.

Cara pertama yang boleh dilakukan ialah dengan mengajak pasangan melakukan aktiviti bersama anda atau keluarga selepas pulang dari kerja dan kurangkan masa mengadap komputer.

Boleh jadi dengan bersama-sama menonton filem kegemaran, melayan anak-anak, atau keluar bersiar-siar anak melupakan keinginannya untuk mengadap komputer.

Awas jika terlambat kerana insan ketiga pasti akan memporak perandakan keluarga.

Upah penyiasat dalam talian

Satu lagi cara yang mudah, murah dan cepat untuk mengesan pasangan yang menipu dalam talian ialah dengan mengupah 'penyiasat dalam talian'.

Caranya ialah dengan hantarkan alamat emel pasangan anda kepada penyiasat tersebut secara pendaftaran dalam talian.

Penyiasat tersebut akan memberikan anda senarai perkhidmatan janji temu dalam talian (online dating service) yang telah didaftarkan menerusi emel pasangan anda tadi.

Jadi, anda akan tahu laman sosial manakah yang sering dikunjungi pasangan di belakang anda.

Dengan penyiasat ini, anda bukan saja boleh mengesan laman web sosial yang sering dikunjunginya malah anda juga boleh tahu siapa yang sering dihubungi pasangan dan berapa seriusnya perhubungan mereka.

Jika anda mendapati pasangan anda terlibat dalam satu hubungan yang di luar sangkaan seperti meminati kaum sejenis atau aktiviti seksual luar biasa yang bercanggah dengan pegangan moral, jangan terus melenting.

Itu lebih baik kerana anda mengetahui sendiri sisi gelap pasangan anda yang tidak didedahkan selama berpasangan dengannya. Memang rahsia si dia akan terbongkar dan fikirlah ada hikmah di sebalik semua ini.

Dan bila anda sudah bersedia untuk menangkap pasangan anda, terdapat banyak perkhidmatan penyiasat profesional dalam talian yang boleh diupah.

Namun sebelum mengambil keputusan mengupah penyiasat, ada beberapa perkara yang perlu diawasi, jangan sampai pasangan sedar anda sedang mengupah penyiasat tersebut.

Cari di Google dan periksa sama ada penyiasat tersebut telah mempunyai reputasi baik dalam penyiasatan dalam talian oleh rakan-rakannya.

Tidak semua penyiasat layak untuk melakukan penyiasatan untuk anda jadi anda juga perlu berhati-hati sebelum mengupah!

Sumber : http://www.utusan.com.my

Kredit : http://www.utusan.com.my

Zuckerberg hacked into journalists' email?

Posted on 08 March 2010.

The renowned Facebook co-founder has been accused three years ago of stealing the source code and the business plan for the social network from some Harvard colleagues and for sabotaging their efforts by delaying the development of their site so that Facebook could be the first one to see the light.

Since then, ConnectU (or HarvardConnection, as it was originally named) founders have agreed on a settlement of $65 million in exchange of dropping the charges. But, Business Insider nosed around a little, and discovered that besides purportedly stealing the idea for the site, two other charges could be laid at his door.

The first one is that back in 2004, using a string of failed login attempts on Facebook he accessed at least two email accounts belonging to journalists of the Crimson, the Harvard's student newspaper, who were at the time writing a piece about the similarities of Facebook and ConnectU.

The other one is that he hacked into ConnectU's site and set privacy settings of some users's profiles to invisible, made an uncomplimentary bogus profile for one of the founders and deactivated some 20 accounts - all in a bid to lessen the usefulness of the rival social network.

While nobody is doubting that Zuckerberg has accomplished incredible things since then, this is one thing that could definitely come back to haunt him. It is unclear if there is evidence of these actions that is hard enough to stand up in court The Business Insider investigated the story for two years, interviewed a lot of people and, apparently, got hold of damning IMs and emails, but formal charges are yet to be filed.

Source : http://www.net-security.org/secworld.php?id=8984

Credit to : www.net-security.org

Bukan semua angkara penggodam

2010/03/06

KUALA LUMPUR: Kelalaian dipercayai punca utama betapa mudahnya gambar di laman web sosial seperti Facebook atau Friendster terutama membabitkan golongan artis dan selebriti dalam keadaan tidak senonoh tersebar secara meluas di Internet sehingga menjadi penyebab mereka dikecam orang ramai.

Pengguna yang membiarkan privasi laman sosial tidak ketat dan terbuka kepada pengguna lain atau rakan siber sebenarnya meletakkan diri sebagai sasaran mudah pihak tertentu menyebarkan gambar di Internet.

Ketua Pegawai Eksekutif CyberSecurity Malaysia, Lt Kol (B) Husin Jazri, berkata ada beberapa kemungkinan yang menjadi penyebab penyebaran gambar di laman sosial berlaku dan ia tidak semestinya digodam. “Gambar yang tersebar di Internet itu juga boleh diperoleh daripada sumber lain misalnya apabila kita menghantar komputer, telefon bimbit, atau kamera digital iaitu peralatan yang mempunyai media simpanan dan kad memori untuk diperbaiki, ada kemungkinan pihak memperbaiki itu boleh membuat salinan kandungan maklumat daripada media simpanan itu,” katanya yang dihubungi semalam ketika ditanya mengenai sama ada pengedaran gambar peribadi beberapa artis tertentu secara berleluasa di Internet berpunca daripada aktiviti penggodam.

Menurutnya, CyberSecurity Malaysia pernah menerima laporan insiden pengedaran gambar peribadi di Internet menerusi Pusat Bantuan Cyber999 membabitkan insiden gambar atau maklumat individu dimuatnaikkan atau dipergunakan tanpa kebenaran.

“Insiden seperti ini merangkumi lima peratus daripada laporan insiden berbentuk gangguan yang kami terima dan sepanjang tahun lalu, Pusat Bantuan Cyber999 menerima 3,564 laporan insiden dan daripada jumlah itu 174 berbentuk gangguan. “Lima peratus daripada 174 adalah kira-kira lapan atau sembilan insiden, tetapi masih ramai yang tidak tahu mereka boleh merujuk ‘gangguan’ itu ke Pusat Bantuan Cyber999, iaitu perkhidmatan awam yang disediakan CyberSecurity Malaysia,” katanya.

Husin berkata, selain daripada gangguan seperti ‘buli’ alam siber, insiden keselamatan siber seperti pencerobohan, cubaan menggodam, kod berbahaya contohnya virus dan cecacing, penolakan perkhidmatan dan kandungan yang tidak senonoh juga boleh dirujuk ke pusat itu.

“Mangsa boleh menghantar e-mel ke cyber999@cybersecurity.my iaitu alamat e-mel Pusat Bantuan Cyber999 untuk meminta pandangan dan nasihat bagaimana mengendalikan insiden apabila gambar mereka disalahgunakan tanpa kebenaran. “Sesetengah mangsa mengesyaki gambar mereka dimuat turunkan daripada laman sosial mereka dan dimuat naik ke laman web lain contohnya blog untuk mengganggu mangsa,” katanya.

Beliau berkata, apabila CyberSecurity Malaysia menerima aduan, pihaknya akan membantu mangsa mengendalikan insiden itu contohnya menghubungi penyedia perkhidmatan blog itu supaya mengeluarkan kandungan yang dipertikaikan kerana ia melanggar terma dan syarat.

Sumber Capaian : http://www.hmetro.com.my/myMetro/articles/Bukansemuaangkarapenggodam/Article

Kredit kepada : www.hmetro.com.my

Thursday, March 4, 2010

Mengumpan mangsa yang lalai - Kosmo! Infiniti

Mengumpan mangsa yang lalai

Oleh ROSMALINA ABD. KADIR
rosmalina.kadir@kosmo.com.my

SERING kita digemparkan dengan kes-kes jenayah siber membabitkan penggodam profesional yang menceroboh laman-laman web kerajaan dan bank-bank bertaraf antarabangsa.

Perbuatan itu mengakibatkan kerugian dan kerosakan, termasuk pindahan wang bernilai jutaan ringgit. Akhirnya, kes-kes berkenaan dilupakan begitu sahaja.

Kes sedemikian seakan-akan tiada kesan jangka panjang kepada sesiapa pun, sedangkan masyarakat seharusnya berasa bimbang. Semua itu boleh bermula dengan pembabitan akaun e-mel peribadi yang sering dilihat sebagai tidak mempunyai nilai.

Jarang kita mendengar laporan mengenai kecurian maklumat peribadi disiarkan media cetak dan elektronik. Isu ini mungkin kecil tetapi kesannya kepada individu amat besar kerana kecurian maklumat peribadi yang dimanipulasi ibarat kecurian maruah yang tidak dapat dikembalikan.

"Akaun peribadi kawan saya diceroboh seseorang dan ia digunakan untuk menghantar e-mel berbentuk lucah kepada teman-teman, rakan sekerja, klien-klien dan majikan kawan saya.

"Kesannya, kawan saya dibuang kerja kerana dituduh sebagai individu tidak beretika dan memalukan organisasi tempatnya bekerja," ujar Ketua Perunding Pengurusan Perkhidmatan dan Perundingan, HeiTech Managed Services, Kavitha Muthy yang turut menerima e-mel lucah tersebut.

Menurut Kavitha, penggodam tidak semestinya di kalangan mereka yang profesional dan mempunyai pengetahuan teknikal dalam teknologi maklumat. Sesiapa sahaja boleh menjadi penggodam demi melaksanakan niat jahatnya apabila terdesak.

"Hari ini, seorang kanak-kanak juga boleh menjadi penggodam kerana ia sangat mudah dilakukan. Tambahan pula, maklumat mengenai teknik menggodam begitu mudah didapati di Internet.

KESILAPAN yang kecil boleh membawa banyak perkara buruk kepada mangsa. - Gambar hiasan

"Masyarakat juga perlu tahu, jenayah siber bukan sahaja membabitkan penggodaman komputer, tetapi ia hadir dalam banyak bentuk iaitu penipuan, pencurian identiti, spam, phishing, pencurian data, spyware, malware dan sebagainya," katanya.

Jelas Kavitha, mangsa boleh terdiri daripada individu mahupun organisasi kecil dan besar. Jejak jenayah itu pula sukar dikesan malah rumit dihentikan setelah terjadi. Ia sekali gus memberikan impak negatif jangka panjang kepada mangsa.

"Penjenayah siber sering memilih laman web yang meniti populariti seperti laman web membeli belah, perbankan, serta laman-laman lain yang sering meminta data peribadi dan maklumat kewangan dengan tujuan menipu pengguna.

"Selain itu, dengan populariti diraih laman web Facebook dan Twitter, risiko untuk berlaku kecurian maklumat peribadi, gambar-gambar dan video amat tinggi apatah lagi penggunanya dilihat amat mudah mendedahkan maklumat masing-masing," katanya.

Etika siber

"Untuk mengelakkan diri menjadi mangsa, terlebih dahulu kita perlu faham apakah jenayah siber, dan bagaimana ia mampu memperdayakan kita.

"Dalam erti kata lain, seseorang itu mesti mempunyai etika siber kerana melaluinya, kita mampu meminimumkan kesannya dengan mengajar diri sendiri dan orang lain mengenai penggunaan Internet secara selamat dan bertanggungjawab," jelas Kavitha.

PENGGUNA Internet dinasihatkan agar berwaspada atau berfikir dahulu sebelum mendedahkan maklumat peribadi di ruang maya.

Menurut Kavitha, setiap pengguna Internet mesti melaksanakan etika siber yang baik termasuk memahami risiko perlakuan tidak bertanggungjawab dan mempelajari kaedah melindungi diri sendiri dan pengguna lain daripada terjebak.

"Kita sering melihat permasalahan akibat jenayah siber yang dilakukan individu tertentu yang paling kita percayai.

"Kepercayaan hanya boleh wujud melalui perkahwinan, politik, perniagaan dan persahabatan tetapi tidak melalui Internet. Pastikan sumber yang diperolehi disiasat dan disahkan sebelum kita memberi apa-apa maklumat," tegasnya.

Selain itu katanya, pengguna juga perlu melabur untuk membeli program antivirus yang baik, mengemas kini kata laluan, belajar untuk membuat kata laluan yang selamat serta tidak mendedahkan maklumat peribadi kepada individu tidak dikenali serta meletakkan firewall.

"Pilihan perisian keselamatan terlalu banyak di pasaran tetapi itu tidak menghapuskan risiko digodam. Seperti produk-produk pengguna lain, perisian antivirus ada yang baik, sederhana dan kurang bagus.

"Pengguna mesti bijak memilih sesuatu produk daripada pelbagai penyedia program sama ada dikenali, kurang dikenali atau baru dalam pasaran mengikut keperluan masing-masing," katanya.

KAVITHA mengajak orang ramai memahami jenayah siber dan mengajar diri serta orang lain tentang penggunaan Internet yang selamat dan bertanggungjawab.

Tambahnya, program antivirus sahaja tidak cukup kerana pengguna mesti meletakkan keselamatan pada satu tahap lebih tinggi, iaitu dengan meletakkan firewall, perlindungan identiti dan sebagainya.

"Keselamatan siber bermula dari rumah dan kesedaran itu mengikut kita ke mana-mana sahaja termasuk di tempat kerja. Ia adalah tanggungjawab setiap orang yang menyentuh papan kekunci," katanya.

Laporan kes

Menurut CyberSecurity Malaysia, sebanyak 4,000 kes jenayah siber dilaporkan di Malaysia sejak dua tahun lalu.

Pada 23 Februari lalu, ZDNet Asia pula melaporkan 75 peratus responden di rantau ini mengatakan sistem mereka diceroboh penjenayah siber pada tahun 2009.

Ia didahului oleh New Zealand dengan 100 peratus responden dimengaku diceroboh, diikuti Australia (82 peratus), Jepun (76 peratus), Hong Kong (75 peratus), Singapura (66 peratus) dan Malaysia (50 peratus), berdasarkan kes yang dilaporkan.

Dalam pada itu, maklumat terkini melalui MyCert.org.my, orang ramai diminta berwaspada dengan kemungkinan penggodam memuat turun dan memasang perisian yang tidak sah kepada sistem pengguna yang menggunakan Adobe Download Manager.

Ia dilakukan dengan menipu pengguna supaya mengikut tautan tertentu atau melawat laman web 'jahat'. Majoriti perisian Adobe Acrobat dan Adobe Reader terdedah kepada risiko berkenaan.

Statistik mengenai jenayah siber serta maklumat terkini berkaitan isu keselamatan siber boleh dilihat melalui laman web MyCert.org.my.

sumber : http://www.kosmo.com.my/kosmo/content.asp?y=2010&dt=0303&pub=Kosmo&sec=Infiniti&pg=in_01.htm

Kredit : www.kosmo.com.my

Wednesday, March 3, 2010

International Cooperation Strengthens CyberSecurity's Role

March 04, 2010 13:22 PM

International Cooperation Strengthens CyberSecurity's Role

By Bashirah Bakar

KUALA LUMPUR, March 4 (Bernama) -- Issues relating to cyber security transcend national boundaries.

Therefore, tackling security issues relating to ICT even within the country calls for international cooperation, noted CyberSecurity Malaysia's Chief Executive Officer Lt Col (B) Husin Jazri.

CyberSecurity Malaysia is an agency under the Ministry of Science, Technology and Innovation entrusted with the task of managing cyber security, including safety in the Internet.

"The culture of sharing information with its counterpart overseas helps to reduce cyber security problems," noted Husin during an interview with Bernama.

Husin pointed out that CyberSecurity Malaysia has established cooperation with 71 nations including within the Asia Pacific region and the Organisation of Islamic Conference (OIC).

CyberSecurity Malaysia has been appointed as the chairman of the OIC's Computer Emergency Response Team, and the committee member for Asia-Pacific Computer Response Team.

"The international cooperation denotes one of CyberSecurity Malaysia's successes, and our role at the international stage is something to be proud off," stated Husin.

ENSURING SECURITY OF THE CYBER WORLD

CyberSecurity Malaysia exchanges information with its foreign counterparts on cyber threats and learns of their strategies in enhancing cyber security.

By adopting international best practices, for example in digital forensics with the cooperation of South Korea, CyberSecurity Malaysia has extended its network.

CyberSecurity also conforms to international standards in carrying out studies at the international stage, said Husin.

Last December, a cyber drill `Latih Amal Krisis Siber X-MAYA2' organised by CyberSecurity saw the participation of 16 nations from the Asia Pacific region.

Early this year CyberSecurity Malaysia inked a MoU with Morocco's Post, Telecommunication and New Technology Department whereby both parties agreed to cooperate in protecting the critical information infrastructure, developing cyber security cooperation framework, develop competencies, conduct training and create awareness.

According to Husin, international platforms like the European Cyber Crime Convention provides an avenue to debate on cyber crimes.

"Taking part or organising international conference, workshop or seminar is the best option for CyberSecurity Malaysia to update knowledge in current issues of the cyber world," added Husin.

For example, on Feb 8 and 9 CyberSecurity Malaysia organised the Information Security Professionals Network Forum in Kuala Lumpur with international participants.

According to Husin, professionals from United Kingdom were invited to share their knowledge on tools, trends, laws and strategies on cyber security issues with cyber professionals in Malaysia.

EXPERTISE AND CHALLENGES

CyberSecurity Malaysia acts as the technical agency conducting analysis and activities to protect the nation's cyberspace especially in terms of technology and expertise.

For example, when the authorities need the advanced technical systems to analyze digital evidence, CyberSecurity Malaysia plays a role in helping out.

CyberSecurity Malaysia also holds activities and training programmes for Critical National Infrastructure to enhance the security of IT systems in the public and private sector.

In carrying out its responsibility CyberSecurity Malaysia has to face various challenges, noted Husin.

"This includes the difficulties in collecting evidence from overseas, that is time consuming and calls for the evaluation of the host nation," he said.

According to Husin the capabilities of Malaysian enforcement agencies in prosecuting cyber crimes has improved.

"Technical assistance from CyberSecurity helps enforcement," noted Husin.

ESTABLISHING A CONDUCIVE BUSINESS ENVIRONMENT

CyberSecurity Malaysia plays a vital role in establishing a safe and conducive cyber environment to help boost economic growth.

The Implementation of the National Cyber Security Policy, for example, directly and indirectly helps to change the ICT environment to a more positive one.

"The cooperation between the public and private sector in tackling cyber issues help generate economic activities. For example the local ICT industry develops software and hardware in coming up with applications like biometric access, MyKad reader, chip and other applications," said Husin.

As an agency established by the government, CyberSecurity Malaysia is financed by the government to assist the industry in enhancing the quality of ICT products with security features.

"CyberSecurity Malaysia provides the quality seal and recognition for the security features for businesses and industry to help enhance quality and add value to products and services that they provide overseas.

"Therefore local hardware and software developers have the opportunity to sell the products overseas with their security features guaranteed," he said.

According to Husin, at present CyberSecurity Malaysia has established cooperation with 17 foreign nations in providing benefits to entrepreneurs and consumers by recognizing products of quality based on ICT.

THE RESULT OF COOPERATION

CyberSecurity Malaysia's biggest achievement according to Husin is ensuring the security and well-being of the cyber realm, that not only benefits Malaysians but also Internet users worldwide.

"Through international cooperation, Malaysia could seek strategic partners overseas in the event foreign hackers threaten the nation and vice-versa," he said.

The latest, CyberSecurity Malaysia's contribution at the international stage also covers free information at its website www.cybersafe.my . The site provides tips on how to surf the Internet safely.

According to Husin, the public could also forward complaints and receive information on the latest cyber threats at the CyberSecurity Malaysia's web site (www.cybersecurity.my) or call the Cyber999 helpline that operates 24 hours daily at cyber999@cybersecurity.my or call 1-300-88-2999.

-- BERNAMA

source : http://www.bernama.com/bernama/v5/newsindex.php?id=479624

credit to : www.bernama.com

Microsoft tries again with patch linked to Windows blue screens

Adds rootkit detection to security update, which had crippled some Windows PCs last month, so patch isn't installed on infected PCs

By Gregg Keizer | Computerworld

Microsoft said it has restarted distribution of a security update that had crippled some Windows PCs last month with reboot problems and Blue Screen of Death error screens.

The update, dubbed MS10-015, originally shipped on Feb. 9, but was pulled from Windows Updates' automatic update two days later after complaints flooded Microsoft 's support forum from users whose machines refused to restart after they had installed the patch. The affected PCs shuddered to a stop at the blue screen which indicates a serious software error and crash in Windows.

[ InfoWorld's Roger Grimes explains how to stop data leaks in an enlightening 30-minute Webcast, Data Loss Prevention, which covers the tools and techniques used by experienced security pros. ]

Within a week, Microsoft announced that only PCs infected with the "Alureon" rootkit were incapacitated by MS10-015. It denied that there was any flaw in the security update itself.

"Today Microsoft resumed the distribution of MS10-015 to Windows customers through Automatic Update," Jerry Bryant, a senior manager with the Microsoft Security Response Center (MSRC), said in an email. "The bulletin includes added detection logic for consumer and enterprise customers that searches for indications of the Alureon rootkit. If detection logic included in Automatic Update discovers abnormal conditions in certain operating system file configurations, the update will fail and customers will be presented with an error message that offers alternative support options. If this occurs, Microsoft customer support will work with impacted customers to resolve each issue."

Microsoft provided more information about the error messages , and what users seeing them should do, on its Web site.

Users who have already installed MS10-015 without problems do not have to reinstall it, Microsoft said.

The company also issued a scanning tool users can run to determine whether their PCs are infected with the rootkit before they attempt to download and install MS10-015. The tool doesn't scrub Alureon from a compromised computer, but only determines whether the system is compatible with the patch.

Microsoft has not yet delivered a promised detect-and-destroy tool that will clean infected PCs. Two weeks ago, the company said the tool would be ready in "a few weeks." It used the same timeframe today. " We anticipate that tools for both consumers and enterprise customers will be available in a few weeks," said Bryant.

In the past, Microsoft has used its Malicious Software Removal Tool (MSRT), a free program updated each Patch Tuesday, to seek out and destroy rootkits. The next scheduled refresh of the MSRT is March 9.

MS10-015 targeted a pair of 17-year-old kernel bugs in all 32-bit versions of Windows. The vulnerability went public in late January when a Google engineer published attack code.

Microsoft has caught heat over the fact that it took nearly two decades to fix the flaw. At the RSA Conference in San Francisco, Brian Snow, former technical director of the National Security Agency's Information Assurance Directorate, blasted Microsoft for its sluggish pace.

Saying that fixing vulnerabilities can be a competitive advantage for companies, Snow cited MS10-015. "Seventeen years and not yet addressed? Give me a break," said Snow.

Robert McMillan of the IDG News Service contributed to this report.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@ix.netcom.com .

Read more about security in Computerworld's Security Knowledge Center.

Computerworld is an InfoWorld affiliate.

Source : http://www.infoworld.com/d/windows/microsoft-tries-again-patch-linked-windows-blue-screens-425

Credit to : infoworld.com

Google China hackers stole source code

A Chinese national flag sways in front of Google China's headquarters in Beijing. — Reuters pic

BOSTON, March 4 — The hackers behind the attacks on Google Inc and dozens of other companies operating in China stole valuable computer source code by breaking into the personal computers of employees with privileged access, a security firm said yesterday.

The hackers targeted a small number of employees who controlled source code management systems, which handle the myriad changes that developers make as they write software, said George Kurtz, chief technology officer at anti-virus software maker McAfee Inc.

The details from McAfee show how the breach of just a single PC at a large corporation can have widespread repercussions across the broader business.

Google said in January that it had detected a cyber attack originating from China on its corporate infrastructure that resulted in the theft of its intellectual property. Google said more than 20 other companies had been infiltrated, and cited the attack, as well as Chinese Web censorship practices, as reasons for the company to consider pulling out of China.

The Chinese government has said that Google’s claim that it was attacked by hackers based in China was “groundless”.

Kurtz said yesterday that he believes that the hackers, who have not been apprehended, broke through the defences of at least 30 companies, and perhaps as many as 100.

He said the common link in several of the cases that McAfee reviewed is that the hackers used source code management software from privately held Perforce Software Inc, whose customers include Google and many other large corporations.

“It is very easy to compromise the systems,” Kurtz said.

Perforce President Christopher Seiwald said McAfee performed its analysis on a version of the Alameda, California-based company’s software that had many of its security settings disabled. Customers typically enable those settings, he said.

Kurtz said the hackers succeeded in stealing source code from several of their victims.

The attackers also had an opportunity to change the source code without the companies’ knowledge, perhaps adding functions so the hackers could later secretly spy on computers running that software, Kurtz said.

But investigators have yet to uncover any evidence that suggests that they made such changes, he said.

McAfee, the world’s No. 2 security software maker, has spent the past few months investigating the attacks. It declined to identify its clients.

Other makers of source code management programmes include International Business Machines Corp, Microsoft Corp and privately held Serena Software Inc. — Reuters

Credit to : Reuters