Teknik godam komputer mesin ATM didedah

LAS VEGAS 29 Julai - Seorang penggodam menemui kaedah memaksa mesin juruwang automatik (ATM) mengeluarkan wang dengan menggodam komputer yang berada di dalamnya.

Demonstrasi serangan itu dilakukan semalam yang disasarkan kepada mesin ATM tunggal. Namun ia mungkin dapat digunakan terhadap mesin ATM kendalian bank-bank biasa.

Penjenayah sejak dulu lagi mengetahui mesin ATM boleh diceroboh.

Terdapat pelbagai jenis serangan digunakan hari ini, menggunakan teknologi canggih hinggalah tindakan nekad seperti, memasukkan pembaca kad palsu bagi mencuri nombor kad, menyorokkan kamera kecil bagi mendapatkan nombor PIN, menutup slot yang mengeluarkan wang malah melarikan mesin ATM menggunakan lori sebelum dipecahkan kemudian.

Penggodam yang juga Pengarah Kajian Keselamatan syarikat IOActive Inc., Barnaby Jack mengambil masa selama dua tahun di apartmen Lembah Silikon miliknya yang dipenuhi mesin-mesin ATM yang dibeli secara dalam talian.

Ia adalah ATM seperti yang diletakkan di depan kedai serbaneka yang digodam dengan tujuan mencari jalan dengan mengeksploitasi kelemahan komputer di dalamnya.

Dia menunjukkan hasil ujiannya di persidangan Black Hat, satu perjumpaan tahunan yang diwujudkan dengan tujuan mendedahkan kelemahan terkini yang mengancam keselamatan komputer.

Serangannya mempunyai implikasi yang luas kerana menjejaskan pelbagai jenis ATM dan mengekploitasi kelemahan perisian serta keselamatan yang digunakan industri perbankan.

Ucapannya adalah antara yang paling dinanti-nantikan dalam persidangan ini kerana pada tahun lalu ia dibatalkan kerana bimbang ciri-ciri keselamatan belum dilaksanakan pada mesin-mesin ATM. - AP

Souce and credit : http://www.utusan.com.my/utusan/info.asp?y=2010&dt=0730&pub=Utusan_Malaysia&sec=Luar_Negara&pg=lu_07.htm

Waspada kegiatan curi e-identiti

Waspada kegiatan curi e-identiti

ORANG ramai dinasihatkan supaya tidak mudah mempercayai e-mel mengenai LHDN yang meragukan kerana ia mungkin jerat penjenayah Internet.

KUALA LUMPUR - Orang ramai diingatkan supaya sentiasa berwaspada terhadap percubaan kumpulan tertentu mencuri e-identiti (phishing) dengan mengambil kesempatan daripada langkah Lembaga Hasil Dalam Negeri (LHDN) mengembalikan lebihan bayaran cukai ketika ini.

Suruhanjaya Komunikasi dan Multimedia Malaysia (MCMC) dalam satu kenyataan semalam memberitahu, mangsa akan menerima e-mel tidak diundang (spam) kononnya daripada LHDN yang mengatakan mereka berhak mendapatkan pengembalian wang berjumlah RM700.

Mereka kemudian diminta mengklik logo sebuah bank tempatan yang disediakan di laman web palsu LHDN untuk meneruskan proses selanjutnya.

"Jika arahan ini diikuti, orang ramai tanpa disedari akan mendedahkan maklumat kewangan peribadi mereka," kata kenyataan itu yang memberi gambaran ringkas tentang modus operandi percubaan mencuri e-identiti oleh pihak tidak bertanggungjawab itu.

Sehubungan itu, MCMC mencadangkan orang ramai agar mengambil langkah-langkah pencegahan seperti menggunakan browser laman web terkini dengan penyaring e-mel phishing tersedia bina.

Selain itu, mereka juga tidak perlu mudah mempercayai e-mel yang mengumumkan kejayaan memenangi hadiah wang tunai atau pengembalian wang yang meminta maklumat perbankan di Internet.

Orang ramai juga dinasihati supaya tidak menjawab e-mel sedemikian dan menghubungi bank masing-masing jika ragu-ragu.

Sementara itu, Pegawai Perhubungan Awam LHDN, Masrun Maslim berkata, pihaknya ada menerima aduan mengenai e-mel palsu tersebut pada 21 Julai lalu dan siasatan terhadap perkara itu sedang dilakukan.

"LHDN menerima laporan mengenai aduan tersebut dari 37 cawangan LHDN di seluruh negara dan kami dapati e-mel tersebut sememangnya mempunyai unsur jenayah iaitu mencuri identiti serta maklumat akaun individu lain.

"Ini kerana LHDN tidak pernah menghantar sebarang e-mel atau pemberitahuan kepada pembayar cukai melalui e-mel. LHDN hanya menghantar surat rasmi kepada pembayar cukai berdaftar," katanya ketika dihubungi Kosmo! semalam.

Source and credit : http://www.kosmo.com.my/kosmo/content.asp?y=2010&dt=0729&pub=Kosmo&sec=Negara&pg=ne_02.htm

Dr M kicks off Asian Bloggers conference

Submitted by Najiah on Wednesday, July 28th, 2010

Shahrim Tamrin

Wednesday, July 28th, 2010 13:04:00

ENGAGING: Dr Mahathir delivering his keynote address this morning — Pic: RAZAK GHAZALI

KUALA LUMPUR: "Be responsible and always tell the truth."

That was the message to the blogging community by former Prime Minister Tun Dr Mahathir Mohamad at the Asian Bloggers and Social Media Conference 2010 this morning.

Dr Mahathir, himself a prominent blogger via his www.chedet.co.cc site, gave thought-provoking ideas on how to stay relevant by using the medium as an engagement tool to develop a relationship with the audience.

“Your blog is a powerful tool that can reach out to millions worldwide and it is important for bloggers to tell the truth,” he said in his keynote address.

Entitled “Building a Community around Your Cause by Attracting and Engaging People”, he reminded bloggers that they were an important medium in the virtual world and had the ability to bridge the community.

“Bloggers are known for their honest and sometimes fiery opinions. You must refrain and avoid saying things that are not true. Your presence can shape the opinion of your community and the world.”

He reminded bloggers to be responsible as blogs were a great advancement in freedom of speech.

“Stay true to your words and be responsible with what you say. We need to sort out the truth and I found this extremely useful when I realised that my audience appreciated my approach.”

Dr Mahathir kicked off the two-day event, which was attended by members of the blogging community, young upcoming professionals and industry leaders, including AirAsia CEO Datuk Tony Fernandes, Media Prima Berhad general manager Paul Moss, Social Media Philippines founder Rob Angeles and Cybersecurity Malaysia head Ahmad Izham Khairuddin.

Top bloggers share their experiences

THE Asian Bloggers and Social Media Conference 2010 kicked off today with a crowd of 400, comprising top bloggers and social media experts from across Asia who gathered to discuss topics such as how social media can increase an organisation’s bottom-line.

Datuk Tony Fernandes delivered a lively presentation with his personal account of building a relationship with customers entitled, “Building Your Brand Online to Increase The Bottom line of Your Organisation”.

Another prominent blogger, Ahmad Nazuwan Amran, related his experience on how he went from 10,000 visitors to his blog "BeautifulNara" per month to one million visitors by using social media and Google.

The event focuses on the advancement of social media in the world today as well as on individuals and businesses which are looking for creative ways to fully take advantage of an active blog, Twitter feed, Facebook fan page and YouTube channel.

The event is organised by My Events International, supported by the Federal Territories and Urban Wellbeing Ministry; Information, Communication and Culture Ministry; Higher Education Ministry; Cyber Security Malaysia and Multimedia Development Corporation.

The main partner for the inaugural conference is Celcom and while its supporting partners are QNet and Asia E University.

Source and credit : http://www.mmail.com.my/content/44594-dr-m-kicks-asian-bloggers-conference

Mozilla warns of malicious add-ons that send passwords to a third party and execute remote JavaScript code

Mozilla has issued a warning about a Firefox add-on that secretly sent users' stolen passwords to a remote location.

It claimed that a malicious add-on, and another add-on with a serious security vulnerability, were discovered recently on the Mozilla add-ons site. The add-on ‘Mozilla Sniffer' was uploaded on 6^th June to addons.mozilla.org. It was subsequently discovered that the add-on contained code that intercepts login data submitted to any website and sent the data to a remote location.

Upon discovery on 12^th July, the add-on was disabled and added to the blocklist, which will prompt the add-on to be uninstalled for all current users. Approximately 1,800 downloads were completed and Mozilla is currently reporting 334 active daily users.

Mozilla has said that it did not develop or review ‘Mozilla Sniffer', and the add-on was in an experimental state, and all users that installed it should have seen a warning indicating it has not been reviewed.

A further warning has also been issued about the ‘CoolPreviews' add-on, as if a user hovers the cursor over this link, the preview function executes remote JavaScript code with local chrome privileges, giving the attacking script control over the host computer.

Mozilla said that version 3.0.1 and all older versions have been disabled on addons.mozilla.org and a fixed version was uploaded and reviewed within a day of the developer being notified. It also said that proof of concept code for this vulnerability was posted, but no known malicious exploits have been reported so far.

Graham Cluley, senior technology consultant at Sophos, commented that this is not the first time that Firefox add-ons have made the security headlines, as it revealed earlier this year that the Master Filer add-on was infected by the LdPinch password-stealing Trojan.

He said: “Back then Mozilla said it would strengthen its vetting procedures, scanning all add-ons with additional anti-virus tools. Clearly that wasn't enough in this latest breach, and there is a proposal to introduce a requirement that all add-ons be code-reviewed before they are published on the site. More details on this proposal are available in a document about the new review model.

“If you're one of the potential victims, however, I would go further than just removing the add-on. Make sure you change your passwords too.”

source and credit : http://www.scmagazineuk.com/mozilla-warns-of-malicious-add-ons-that-send-passwords-to-a-third-party-and-execute-remote-javascript-code/article/175674/

Cybersecurity Malaysia Organises Computer Network And Wireless Communications Workshop

July 12, 2010 18:12 PM

Cybersecurity Malaysia Organises Computer Network And Wireless Communications Workshop

KUALA LUMPUR, July 12 (Bernama) -- CyberSecurity Malaysia is conducting a five-day Computer Network and Wireless Communications Workshop, starting today.

It is being held in collaboration with Universiti Putra Malaysia's (UPM)Department of Communication Technology and Network, Faculty of Computer Science and Information Technology, at the main lecture hall.

The workshop is themed, "Secured Wireless Network Towards Secured Nation".

It is open to students from either UPM or other institutions of higher learning, researchers from the education industry or IT personnel from corporate organisationS. Admission is free.

According to a statement by CyberSecurity Malaysia today, the workshop is being conducted by Prof. Ki Hyung Kim from the School of Information and Computer Engineering, Ajou University, Korea.

It focuses on pertinent research issues with regards to wireless communications, its security aspects and the respective support required for the efficient management of the latest national threat via cyber space management.

CyberSecurity Malaysia's Wireless Security Analysts will also conduct a series of demonstrations on wireless security vulnerability and the deployments of Wireless Security tools.

This is to enable participants to increase their knowledge in the area of wireless communications, especially from the security aspect and enhancement of ideas and strategies.

"The collaboration between CyberSecurity Malaysia and UPM will foster a stronger relationships between the industry players and the research fratenity.

"This is apart from enabling a high and comprehensive level of consultancy in security services," CyberSecurity Malaysia Chief Executive Officer, Lt. Col. (Rtd) Husin Jazri said.

He added that this will further complement the Critical National Information Infrastructure (CNII) which is highly dependent on Information Communication and Technology (ICT), the nation's pillar for social, economical, political and national security development.

-- BERNAMA

Source and credit : http://www.bernama.com/bernama/v5/newsbusiness.php?id=512883

Web safety score checklist

Posted on 08 July 2010.

Are you sure your most sensitive financial and personal information is safe when you’re banking or shopping online? The Web Safety Score checklist by SafeCentral helps answer that question.

Once consumers determine how safe or risky their Internet behaviors really are, they can follow the prescribed steps to ramp up security measures.

Are your Windows Updates set to “Automatic?” Windows Updates are free for all Windows users and can be even more vital than antivirus protection. Setting Windows Updates to Automatic ensures they are legitimate, and by keeping PCs up-to-date with the latest safety patches from Microsoft, consumers can close off dangerous holes in the Windows operating system that malware writers can use to infect computers.

Is your antivirus software installed and activated? Antivirus programs keep out malware that sneaks in through holes in an unprotected operating system, or through other downloadable applications like Flash and QuickTime. Layering antivirus protection with Windows Updates helps to plug most major security breaches.

Is your firewall turned on? Firewalls keep out network worms from the local network or Internet that can infect computers. Firewalls also have advanced features that block out other forms of malware.

Do you visit websites using HTTPS? Most people are used to visiting websites with an “HTTP” prefix. When dealing with sensitive online activities, like banking and shopping, Internet users should protect themselves by visiting the HTTPS version of the site. This helps to verify that consumers are on the website they think they’re on.

Do you verify the websites you visit? Using relatively unknown websites is much riskier than sticking to well-known names and brands. Internet users should research new sites before visiting them, just like they would any new restaurant or store in the non-virtual world.

Source & Credit : http://www.net-security.org/secworld.php?id=9550

CSM-ACE 2010

Event:	CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) 2010
Theme:	“Securing Our Digital City”
Date:	25 - 29 October 2010
Venue:	Kuala Lumpur Convention Centre, Kuala Lumpur, Malaysia

The CSM-ACE 2010 is an annual industry conference that shapes the regional information security landscape. The conference is expected to draw over 1,000 participants from around the world. CSM-ACE 2010 will bring together some of the most influential and innovative minds in business, government and academia, as well as key information security players to exchange policies and ideas on technology.

The theme of CSM-ACE 2010 is “Securing Our Digital City”.

As information and communications technology continues to push the frontiers of innovation, the relevance and dependence on technology becomes our way of life. At this juncture, we all live in Digital Cities where the community combines broadband communications infrastructure and innovative services to meet the needs of governments, businesses and the public.

“Securing Our Digital City” is a proactive initiative by CyberSecurity Malaysia to address national security concerns and to build community confidence by mitigating the multi-dimensional cyber security challenges in critical infrastructure, economic and cyber crimes.

The vision is to create a cyber-secured community that is engaged at local, state, national and international levels. This will be a holistic approach towards cyber security.

The “Securing Our Digital City” initiative will provide the “community” or digital cities with the knowledge and awareness in cyber security and best practices needed to secure our digital cities.

Build Foundation for Innovation to Drive Transformation in ICT Security

• To act as a catalyst in driving transformation through creativity and innovation for the ICT security industry.
  
  
• To create a thought-leadership platform venturing in the new cyber security frontiers.

Create Networking, Trade and Investment Opportunities

• To create a networking platform for ICT security professionals, policy makers, industry players, researchers and ICT industry buyers from around the world.
  
  
• To allow the ICT Security industry players to promote their products and services through exhibition and stimulate cross border trade and investment opportunities.

Expedite the Implementation of Securing Our Digital City Initiative

• To gather feedback from the ICT security industry on the "Securing Our Digital City" initiative.
  
  
• To provide a platform for the different key stakeholders, i.e. Government, industry players, NGOs and public, to voice their opinions on the implementation of the "Securing Our Digital City" initiative.

For more info and news please visit : http://www.csm-ace.my/

DontPhishMe 0.3.1.1 add-ons for Mozilla - By MyCERT

by MyCERT

DontPhishMe is an Anti-Phishing addon for Mozilla Firefox which utilizes the pattern matching techniques to provide the Malaysian Internet user with information and notification to protect them against online banking phishing website.

Continue to Download →

Add-on Information for DontPhishMe

Updated	July 2, 2010
Website	http://www.mycert.org.my
Works with	Firefox 2.0 - 3.7a1pre
Rating	Rated 4 out of 5 stars 1 review
Downloads	631

Share this Add-on

• Digg this! 0 diggs
• Post to Facebook 3 posts
• Add to Delicious 0 posts
• Post to MySpace 0 posts
• Share on FriendFeed 0 shares
• Post to Twitter 1 tweet
• E-mail to a Friend 0 emails

More about this add-on

DontPhishMe is an initiative of MyCERT, CyberSecurity Malaysia, to provide a security mechanism in preventing online banking phishing threat specifically for local Malaysian banks.

DontPhishMe is an addon to Firefox that alerts you if an online banking web page that you visit appears to be asking for your personal or financial information under false pretences. This type of attack, known as phishing or spoofing, is becoming more sophisticated, widespread and dangerous. That's why it's important to browse safely with DontPhishMe. DontPhishMe will automatically warn you when you encounter a page that's trying to trick you into disclosing personal information.

List of supported online banking websites :
* Maybank2u
* Cimbclicks
* Public Bank
* Bank Rakyat
* Bank Islam
* HSBC
* EON Bank
* UOB
* AMBank
* OCBC
* RHB
* Citibank
* Standard Chartered Bank
* Al Rajhi Bank
* Affin Bank

Image Gallery

Developer Comments

DontPhishMe needs your cooperation to report/inform us for any false positive or false negative results.

Changes on the original Bank's website might reflect the result of this plugin.

Kindly inform us if there is any other bank in Malaysia that provide the online banking solution which is not yet supported by DontPhishMe

Credit [contributor]
1) Shahrir (Geekzlife.net)
2) Siti Norfaizah Mohd Ismail
3) Muhammad Hafiz Tabrani
4) Hairul Anuar, MCMC

Credits [bugs report]:
1) Adli Abd Wahid
2) Ahmad Azizan Idris
3) Nur Mohammad Kamil Mohammad Alta
4) Mohamed Shah Hatta
5) Hafez Kamal

Credits [testing & review]:
1) Alip Aswalid Asri
2) Farhan Faisal Zakaria
3) Ahmad Taqiyuddin Izuddin
4) MySecurity Team

Source : https://addons.mozilla.org/en-US/firefox/addon/142878/

----------------------

From me:

Congrate to contributor this project and MyCERT team. Keep in work to protect Malaysian Internet User.

Microsoft: 10,000 PCs hit with new XP zero-day attack

July 01, 2010

The bug in Windows XP's Help and Support Center was disclosed on June 10 by a Google researcher

By Robert McMillan | IDG News Service

Share or Email

| Print | Add a comment|

112 Recommendations

Nearly a month after a Google engineer released details of a new Windows XP flaw, criminals have dramatically ramped up online attacks that leverage the bug.

Microsoft reported Wednesday that it has now logged more than 10,000 attacks. "At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged," Microsoft said in a blog posting. "Those initial exploits were targeted and fairly limited. In the past week, however, attacks have picked up."

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and Security Central newsletter, both from InfoWorld. ]

The attacks, which are being launched from malicious Web pages, are concentrated in the U.S., Russia, Portugal, Germany, and Brazil, Microsoft said.

PCs based in Russia and Portugal, in particular, are seeing a very high concentration of these attacks, Microsoft said.

According to security vendor Symantec, these attacks peaked late last week. "Symantec has seen increased activity around this vulnerability. The increased activity started around June 21 and peaked around June 26 and 27," a company spokesman said via instant message Wednesday. Attacks have leveled out since then, he added.

Criminals are using the attack code to download different malicious programs, including viruses, Trojans, and software called Obitel, which simply downloads more malware, Microsoft said.

The flaw that's exploited in all of these attacks lies in the Windows Help and Support Center software that comes with Windows XP. It was disclosed on June 10 by Google researcher Tavis Ormandy. This Help Center software also ships with Windows Server 2003, but that operating system is apparently not vulnerable to the attack, Microsoft said.

Ormandy was criticized by some in the security community for not giving Microsoft more time to patch the flaw, which he disclosed to the software vendor on June 5. He released details of the bug five days later, apparently after failing to convince Microsoft to fix the issue within 60 days.

In a security advisory released June 10, Microsoft outlines several ways to turn off the Windows Help Center Protocol (HCP).

Microsoft's next set of security updates are due July 13.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com.

Source and credit : http://www.infoworld.com/d/windows/microsoft-10000-pcs-hit-new-xp-zero-day-attack-928

Attacks on the Windows Help and Support Center Vulnerability (CVE-2010-1885)

mmpc

30 Jun 2010 1:35 PM

We've been monitoring for active attacks on the Windows Help and Support Center vulnerability (CVE-2010-1885) since the advisory was released on June 10th. At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged. Those initial exploits were targeted and fairly limited. In the past week, however, attacks have picked up and are no longer limited to specific geographies or targets, and we would like to ensure that customers are aware of this broader distribution. If you have not yet considered the countermeasures listed in the Microsoft Security Advisory (2219475), you should consider them.

As of today, over 10,000 distinct computers have reported seeing this attack at least one time. Here are some details on the attacks we're seeing.

Geolocation

• The largest targets in terms of attack volume have been the United States, Russia, Portugal, Germany, and Brazil.
• A regional saturation rate, the number of attacked computers per a population of monitored systems (counted using a unique identifier), shows a slightly different picture. In this aspect, Portugal has seen a much higher concentration of attacks - more than ten times the world-wide average per computer. Russia is second at eight times the world-wide rate.

Attack Proliferation
Starting last week, we started seeing seemingly-automated, randomly-generated html and php pages hosting this exploit. This attack methodology constitutes the bulk of attacks that have continued to flourish into this week. The following chart shows the timeline of the proliferation:

Payloads of the Exploit
At first, the attacks seemed to focus on downloading Obitel, which is malware that simply downloads other malware. However, most recently, downloads have run the gamut, varying in methodology (some direct downloads, but also some downloads involving single or double script redirects, which our products detect as TrojanDownloader:JS/Adodb.F and TrojanDownloader:JS/Adodb.G, and also varying in payload. The following list shows some of the payloads we've detected:

• Trojan:Win32/Swrort.A
• TrojanDownloader:Win32/Obitel.gen!A
• Spammer:Win32/Tedroo.AB
• Trojan:Win32/Oficla.M
• TrojanSpy:Win32/Neetro.A
• Virus:JS/Decdec.A

Protection
In addition to the mitigations listed in the advisory, customers using Microsoft Security Essentials, Microsoft Forefront Client Security, Windows Live OneCare, the Forefront Threat Management Gateway, and the Windows Live Safety Platform have had coverage for this exploit since June 10th through the following two antimalware signatures:

• Exploit:Win32/CVE-2010-1885.A
• Exploit:Win32/CVE-2010-1885.gen
  Signature builds 1.83.1561 and later contain both signatures.

Payloads are detected by the signatures mentioned above.

We’ll continue to monitor this situation and provide updates as appropriate. Special thanks goes to Lena Lin, Rodel Finones, Chengyun Chu, and Chris Stubbs for doing detailed analysis on these attacks and how these exploits are attempting to deliver malware.

- Holly Stewart, MMPC

Spurce and credit : http://blogs.technet.com/b/mmpc/archive/2010/06/30/attacks-on-the-windows-help-and-support-center-vulnerability-cve-2010-1885.aspx