2010/08/14
MESEJ teks Apple iPad turut menjadi kebimbangan daripada segi keselamatan.
MESEJ teks Apple iPad turut menjadi kebimbangan daripada segi keselamatan.
New Delhi anggap sistem mesej teks menggunakan kod ancam keselamatan
SINGAPURA: India mungkin menutup perkhidmatan mesej Google dan Skype berpusat di internet berhubung kebimbangan keselamatan, lapor akhbar Financial Times (FT), semalam, ketika New Delhi mengambil tindakan keras sama ke atas pengeluar telefon bimbit BlackBerry.
Akhbar itu memetik minit mesyuarat 12 Julai lalu antara pihak berkuasa keselamatan Kementerian Telekomunikasi dan persatuan pengendali untuk melihat bagaimana mereka dapat meminta dan mengawasi komunikasi berasaskan sistem kod.
“Ada persetujuan besar bahawa perlu ada lebih daripada satu jenis perkhidmatan yang perlu dipantau. Sesetengahnya adalah BlackBerry, Skype, Google dan sebagainya,” menurut minit jabatan.
“Ia diputuskan kali pertama ketika menangani isu BlackBerry dan kemudian perkhidmatan lain.”
Kelmarin, kerajaan India menjadi negara terbaru daripada beberapa negara yang mengugut untuk menamatkan perkhidmatan emel dan mesej berkod BlackBerry kendalian Research in Motion (RIM) jika syarikat Kanada itu tidak menangani kebimbangan daripada segi keselamatan.
India menetapkan 31 Ogos ini sebagai tarikh akhir penyelesaian isu berkenaan kepada RIM. Ia mahu capaian dalam format boleh dibaca komunikasi kod BlackBerry, atas alasan ia mungkin digunakan militan.
Militan berpusat di Pakistan menggunakan telefon bimbit dan satelit dalam serangan Mumbai 2008 yang mengorbankan 166 orang.
Tuntutan India diikuti satu perjanjian dengan Arab Saudi dan satu sumber berkata, RIM bersetuju untuk memberi pihak berkuasa kod pengguna mesej BlackBerry. Emiriah Arab bersatu (UAE), Lubnan dan Algeria turut memohon capaian itu.
Pihak berkuasa berkata, RIM mencadangkan pengesanan emel tanpa berkongsi perincian berkod, namun itu tidak mencukupi.
FT melaporkan, wakil daripada dua persatuan pengendali telekomunikasi yang hadir mengesahkan perincian pertemuan itu awal bulan ini.
“Pada mesyuarat keselamatan terakhir, mereka bercakap mengenai BlackBerry. Mereka juga membuat tuntutan terhadap Skype dan Google,” kata Rajesh Chharia, Presiden Persatuan Penyedia Perkhidmatan Internet India.
Penutupan khidmat akan menjejaskan satu juta pengguna di India daripada sejumlah 41 juta pengguna telefon pintar. India adalah satu daripada pasaran paling pesat berkembang bagi RIM. – Reuters
Sumber capaian dan kredit : http://www.bharian.com.my/bharian/articles/IndiamahututupGoogle_Skype/Article
Saturday, August 14, 2010
Tuesday, August 10, 2010
Registry hack allows Windows XP SP2 patching
Tweak tricks Microsoft's security updates into thinking SP2 is really SP3
By Gregg Keizer
August 10, 2010 06:04 AM ET
Computerworld - People still running the now-retired Windows XP Service Pack 2 (SP2) can trick the operating system into installing security updates, a researcher said Monday.
The hack requires an edit of a single key in the Windows registry, said Sean Sullivan, a security adviser with Helsinki, Finland-based antivirus vendor F-Secure, who spelled out the tweak in a blog post.
"It turns out that an SP2 system will think it's [Service Pack 3] if you edit this key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Windows,' and edit the DWORD value 'CSDVersion' from 200 to 300, [then] reboot," said Sullivan.
According to Microsoft, CSDVersion specifies the name of the most recent service pack installed on the PC.
In other words, Sullivan's hack disguises XP SP2 as SP3 when Microsoft's security updates determine whether the PC is eligible for a patch.
With the hack, Sullivan was able to force a Windows XP SP2 system to install the emergency patch Microsoft issued last week for a critical vulnerability in Windows' parsing of shortcut files.
That "out-of-band" update was officially denied to Windows XP SP2 PCs because the service pack was retired from support on July 13. By Microsoft policy, retired products no longer receive security patches.
After hacking the registry, Sullivan installed the shortcut patch -- which he had downloaded directly from Microsoft's site rather than via the Windows Update patching service -- and tested an exploit that has been used by attackers for several weeks to infect PCs.
"It did not infect the system after the patch," said Sullivan. "Cool."
The patch for the shortcut bug can be found on Microsoft's Download Center site.
Sullivan cautioned users that the registry hack is risky.
"Remember, this update is not officially tested or supported by Microsoft for SP2," Sullivan said. "Hacking the registry and applying updates is likely a very quick way to destabilize your system. You really should update to Service Pack 3 if at all possible."
Most users, in fact, steer clear of the registry, since as Sullivan pointed out, an editing error can cripple the computer. "Do so at your own risk," he added.
Sullivan admitted he had not come up with the registry tweak, but said he had remembered a similar hack touted by players of "Grand Theft Auto IV" a year and a half ago. A thread on the GTAForums.com site from December 2008 showed how the same hack could be used to fool the game into launching on a Windows XP SP2 system.
Microsoft has been pushing customers all year to upgrade from XP SP2 to SP3 -- or to move to the new Windows 7 instead -- and offers detailed instructions on how to get and install XP's third service pack on its site.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at 
@gkeizer or subscribe to Gregg's RSS feed 
. His e-mail address is gkeizer@ix.netcom.com.
Source and credit : http://www.computerworld.com/s/article/9180478/Registry_hack_allows_Windows_XP_SP2_patching?taxonomyId=125
SKMM kaji BlackBerry
RAIS (kiri) dan Hishammuddin (kanan) melawat pusat kawalan CCTV selepas majlis pelancaran Msafe di IPD Putrajaya semalam.
PUTRAJAYA – Suruhanjaya Komunikasi dan Multimedia Malaysia (SKMM) sedang menyiapkan laporan berhubung penggunaan telefon bimbit pintar BlackBerry di negara ini ekoran tindakan beberapa negara menggantung perkhidmatan telefon itu atas alasan keselamatan.
Menteri Penerangan, Komunikasi dan Kebudayaan, Datuk Seri Dr. Rais Yatim berkata, laporan itu kini dalam proses untuk dilengkapkan sebelum dikemukakan dalam satu mesyuarat minggu ini.
“Laporan itu adalah tentang dakwaan kononnya perkhidmatan BlackBerry telah digantung di beberapa negara. Kita akan umumkan hasilnya selepas mesyuarat nanti,” katanya pada sidang akhbar selepas menyempurnakan Majlis Pelancaran Malaysia Selamat (Msafe) di Ibu Pejabat Polis Daerah (IPD) Putrajaya di sini semalam.
Turut hadir pada majlis itu ialah Menteri Dalam Negeri, Datuk Seri Hishammuddin Tun Hussein.
Pada 4 Ogos lalu, pengawal selia industri telekomunikasi Arab Saudi dilapor mengarahkan perkhidmatan BlackBerry di negara itu digantung mulai Jumaat lepas kerana pengeluarnya gagal memenuhi syarat-syarat yang dikenakan pihak berkuasa negara itu.
UAE pada Ahad lalu pula mengumumkan, pihaknya akan menggantung perkhidmatan utama BlackBerry iaitu pengiriman mesej, e-mel dan pelayaran Internet mulai 11 Oktober ini disebabkan isu keselamatan.
Source and credit : http://kosmo.com.my/kosmo/content.asp?y=2010&dt=0810&pub=Kosmo&sec=Negara&pg=ne_02.htm
Thursday, August 5, 2010
Critical Agencies Told To Get ISMS Certification To Face Cyber Threat
KUALA LUMPUR, Aug 5 (Bernama) -- All critical national agencies have been urged to obtain the Information Security Management System (ISMS) certification in order to be better prepared in facing the cyber threat.
Minister in the Prime Minister's Department Datuk Seri Mohamed Nazri Aziz said the certification was to ensure that the organisations manage their own critical systems according to the appropriate procedures and level of security.
"The Cabinet had also decided that all the critical agencies get the ISMS certification within the stipulated time," he said when closing the Cyber Crisis Practical Training 2010 (X-Maya3), here Thursday.
Also present was Science, Technology and Innovation Deputy Minister Fadillah Yusof.
All organisations can obtain the ISMS certification within three years from Feb 24, 2010 from Sirim Berhad, the certification body.
Mohamed Nazri said continued monitoring and control of the nation's cyber space was necessary to ensure peace would prevail and to safeguard the country against elements that could threaten its security and sovereignty.
"More importantly, against threats to the Critical National Information Infrastructure (CNII) which must be dealt with effectively as it is the pillar of the country's social, economic and political stability and security.
"Each critical organisation must play its role and carry out its responsibility as outlined in the National Cyber Crisis Management Plan drawn up by the National Security Council.
"Without the commitment of these agencies, the effort will not at all be successful."
He said in dealing with the cyber threat, each organisation should also take into consideration the Business Continuity Plan (BCP) or Disaster Recovery Plan (DRP) so that its operations could continue even when faced with a cyber threat.
The X-Maya 3, organised by the National Security Council and CyberSecurity Malaysia, an agency under the Science, Technology and Innovation Ministry, was an annual practical training session to test the preparedness of the CNII in facing the cyber threat.
-- BERNAMA
source and credit : http://www.bernama.com/bernama/v5/newsgeneral.php?id=519254
Sunday, August 1, 2010
ATM hacked to make it spew cash
A hacker has discovered a way to force ATMs to disgorge their cash by hijacking the computers inside them.
The attacks targeted standalone ATMs.
But they could potentially be used against the ATMs operated by mainstream banks.
Criminals have long known that ATMs aren't tamperproof.
There are many types of attacks in use today, ranging from sophisticated to foolhardy: installing fake card readers to steal card numbers, hiding tiny surveillance cameras to capture PIN codes, covering the dispensing slot to intercept money and even hauling the ATMs away with trucks in hopes of cracking them open later.
Computer hacker Barnaby Jack spent two years tinkering in his Silicon Valley apartment with ATMs he bought online.
These were standalone machines, the type seen in front of convenience stores, rather than the ones in bank branches.
His goal was to find ways to take control of ATMs by exploiting weaknesses in the computers that run the machines.
Barnaby Jack demonstrates an attack on two automated teller machines
He showed off his results in Las Vegas at the Black Hat conference, an annual gathering devoted to exposing the latest computer-security vulnerabilities.
Jack found that the physical keys that came with his machines were the same for all ATMs of that type made by that manufacturer.
He figured this out by ordering three ATMs from different manufacturers for a few thousand dollars each.
Then he compared the keys he got to pictures of other keys, found on the Internet.
He used his key to unlock a compartment in the ATM that had standard USB slots.
He then inserted a program he had written into one of them, commanding the ATM to dump its vaults.
Jack also hacked into ATMs by exploiting weaknesses in the way ATM makers communicate with the machines over the Internet.
Jack said the problem is that outsiders are permitted to bypass the need for a password.
The remote style of attack is more dangerous because an attacker doesn't need to open up the ATMs.
It allows an attacker to gain full control of the ATMs. - AP
Published August 1 2010
Source and credit : http://www.dailychilli.com/news/5410-atm-hacked-to-make-it-spew-cash
Subscribe to:
Posts (Atom)