Enterprise Security Today

Beware: Malware Attacks Facebook, B-Ball & Gossip Sites

Fri, 19 Mar 2010 13:55:29 -0500

Cybercriminals have been busy this week running scams that target Facebook users, college basketball fans, and celebrity gossip watchers. Security experts are warning about recent attacks with nasty payloads.

One widespread attack was a common ploy security researchers call the Facebook Password Reset Scam. The cybercriminals send an e-mail addressed to "user of Facebook" that reads, "Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in the attached document."

McAfee reports that this scam is global. The attachment is malware with downloaders, password-stealing Trojans, fake antivirus software, or bots. The scam ranked six on McAfee's Global Virus Map Top 10, and accounted for as much as 10 percent of the infected e-mail that its software-as-a-service unit is witnessing.

"As we had previously discussed in our 2010 Threat Predictions, social-networking sites will continue to be a favorite social-engineering lure for cybercriminals to distribute malware," said David Marcus, research labs manager at McAfee. "Make sure you are protected and educated."

March Virus Madness

At a time when college basketball fans are going wild, cybercriminals are actively pursuing opportunities for scams. Basketball fans go online to fill out bracket selections, and when they do, hackers are also playing their own game of spamdexing, i.e. manipulating search results to promote sites, according to James Duldulao, a security researcher at McAfee. In this case, he explained, cybercriminals are spamdexing malware-infected sites.

This week, the top results for terms like "ncaa bracket" and "march madness predictions" were poisoned. McAfee reports that five out of the first 10 hot searches on Google Trends are being promoted by a network of legitimate sites that were hacked to serve malware. One site had an embedded Flash file that downloads malware from another site and installs it without user interaction.

"Who would have thought...

Hacker Wreaks Wireless Havoc on Vehicles

Fri, 19 Mar 2010 08:45:10 -0500

A man fired from a Texas auto dealership used an Internet service to remotely disable ignitions and set off car horns of more than 100 vehicles sold at his old workplace, police said Wednesday.

Austin police arrested Omar Ramos-Lopez, 20, on Wednesday, charging him with felony breach of computer security.

Ramos-Lopez used a former colleague's password to deactivate starters and set off car horns, police said. Several car owners said they had to call tow trucks and were left stranded at work or home.

"He caused these customers, now victims, to miss work," Austin police spokeswoman Veneza Aguinaga said. "They didn't get paid. They had to get tow trucks. They didn't know what was going on with their vehicles."

Ramos-Lopez was in the Travis County Jail on Wednesday with bond set at $3,000. The Associated Press could not find a working phone number for his family.

The Texas Auto Center dealership in Austin installs GPS devices that can prevent cars from starting. The system is used to repossess cars when buyers are overdue on payments, said Jeremy Norton, a controller at the dealership where Ramos-Lopez worked. Car horns can be activated when repo agents go to collect vehicles and believe the owners are hiding them.

"We are taking extra measures to make sure this never happens again," Norton said.

Starting in mid-February, dealership employees noticed unusual changes to their business records. Someone was going into the system and changing customers' names, such as having dead rapper Tupac Shakur buying a 2009 vehicle, Norton said.

Soon, customers began calling saying their cars wouldn't start, or that their horns were going off incessantly, forcing them to disengage the battery. Norton said the dealership originally thought the cars had mechanical problems.

Then employees noticed someone had ordered $130,000 in parts and equipment from the company that makes the GPS devices.

Police said they...

Is Your Boss Spying on You at Work?

Thu, 18 Mar 2010 10:06:28 -0500

Almost every worker has done it: gotten in a little Facebook updating, personal e-mailing, YouTube watching and friend calling while on the clock.

Such indiscretions often went undetected by company management everywhere but the most secure and highly proprietary companies or governmental agencies. Not anymore.

Firms have become sharp-eyed, keenly eared watchdogs as they try to squeeze every penny's worth of their employees' salaries and to ensure they have the most professional and lawsuit-proof workplaces.

Managers use technological advances to capture workers' computer keystrokes, monitor the Web sites they frequent, even track their whereabouts through GPS-enabled cell phones. Some companies have gone as far as using webcams and minuscule video cameras to secretly record employees' movements.

"There are two trends driving the increase in monitoring," says Lewis Maltby, author of the workplace rights book Can They Do That? "One is financial pressure. Everyone is trying to get leaner and meaner, and monitoring is one way to do it. The other reason is that it's easier than ever. It used to be difficult and expensive to monitor employees, and now, it's easy and cheap."

Employers no longer have to hire a pricey private investigator to install a complicated video system or computer-use tracking devices. Now, they can easily buy machine-monitoring software and tiny worker-tracking cameras at a local electronics store or through Internet retailers.

Monitoring has expanded beyond expected, highly regulated industries such as pharmaceuticals and financial services. Employees at radio stations, ad agencies, media outlets, sports leagues, even thinly staffed mom-and-pop workplaces are tracked.

Smarsh, one of many firms that offers technology to monitor, archive and search employee communications on e-mail, IM, Twitter and text-messaging, services about 10,000 U.S. workplaces.

"Employees should assume that they are going to be watched," says CEO Stephen Marsh.

Keeping an Eye Out

Two-thirds of employers monitor workers' Internet use, according to an American Management...

Core Security Finds Vulnerability In Microsoft Virtualization

Wed, 17 Mar 2010 09:45:39 -0500

BOSTON, MA � Mar. 16, 2010 -- Core Security Technologies, provider of the CORE IMPACT family of comprehensive enterprise security testing solutions, today issued an advisory disclosing a vulnerability that could affect large numbers of organizations and consumers using Microsoft's Virtual PC virtualization software and leave them open to potential attack.

Microsoft's Virtual PC hypervisor is an element of the company's Windows Virtual PC package, which allows users to run multiple Windows environments on a single computer. The hypervisor is a key component of Windows 7 XP Mode, a feature in Microsoft's latest desktop operating system aimed at easing the migration path into the new OS for users and enterprises that need to run legacy Windows XP applications on its native OS.

A Core Security Exploit Writer working with CoreLabs, the research arm of Core Security Technologies, found that affected versions of Virtual PC hypervisor contain a vulnerability that may allow attackers to bypass several security mechanisms of the Windows operating system to compromise vulnerable virtualized systems. The issue may also transform a certain type of common software bug into exploitable vulnerabilities.

Affected versions of the product include: Microsoft Virtual PC 2007, Virtual PC 2007 SP1, Windows Virtual PC and Microsoft Virtual Server 2005. On Windows 7 the XP Mode feature is affected by the vulnerability.

Microsoft Hyper-V technology is not affected by this problem.

The issue was reported to Microsoft in August of 2009. The vendor indicated that it plans to solve the problem in future updates to the vulnerable products.

We recommend affected users to run all mission critical Windows applications on native iron or use virtualization technologies that aren't affected by this bug. Windows operating systems and applications that must run virtualized using Virtual PC technologies should be kept at the highest patch level possible and monitored to detect exploitation attempts.

"Virtualization is an...

VideoIQ Offers iCST Streaming Cameras and Encoders

Wed, 17 Mar 2010 09:58:39 -0500

VideoIQ, the leader in video surveillance innovation, today introduced iCST streaming cameras and encoders. iCST streaming cameras and encoders are designed for use in environments with central storage and 3rd party video management systems. All feature VideoIQ's award winning video analytics for the most accurate real-time threat detection.

"VideoIQ is a Milestone Solutions Partner whose offerings are integrated with our XProtect open platform IP video management software," said Eric Fullerton, CSMO at Milestone Systems. "When it comes to getting the most out of video surveillance, intelligence from such advanced analytics can make a significant difference, and HD megapixel technology expands the capabilities vastly."

VideoIQ iCST streaming cameras and encoders build upon the success of VideoIQ's iCVR cameras and encoders, which have achieved rapid market adoption and industry award recognition. With VideoIQ's embedded, adaptive analytics, iCST cameras and encoders automatically calibrate in minutes, delivering superior real-time threat detection while reducing installation time, resources, complexity and cost.

"VideoIQ is an OnSSI partner whose products are integrated with our Ocularis PSIM and Video Management Solutions," said Jeff Knapp, Vice President of Marketing at OnSSI. "OnSSI is always interested in adding value to our end-users and the new VideoIQ line of iCST cameras and encoders deliver comprehensive analytics to our joint customers out of the box."

Features of the VideoIQ iCST cameras and encoders include:

� The most advanced video analytics in the industry: iCST camera and encoder real-time threat detection relies on VideoIQ's award winning adaptive analytics. Uniquely distinguishing people, vehicles and boats from other objects, animals and scene movement, VideoIQ's adaptive analytics deliver the most accurate threat detection on the market. The cameras and encoders issue alarms only when there is a viable threat, saving time and money by enabling security personnel to focus only on events...

Law Enforcement Fights Crime on Facebook

Wed, 17 Mar 2010 07:05:33 -0500

The Feds are on Facebook. And MySpace, LinkedIn and Twitter, too. U.S. law enforcement agents are following the rest of the Internet world into popular social-networking services, going undercover with false online profiles to communicate with suspects and gather private information, according to an internal Justice Department document that offers a tantalizing glimpse of issues related to privacy and crime-fighting.

Think you know who's behind that "friend" request? Think again. Your new "friend" just might be the FBI.

The document, obtained in a Freedom of Information Act lawsuit, makes clear that U.S. agents are already logging on surreptitiously to exchange messages with suspects, identify a target's friends or relatives and browse private information such as postings, personal photographs and video clips.

Among other purposes: Investigators can check suspects' alibis by comparing stories told to police with tweets sent at the same time about their whereabouts. Online photos from a suspicious spending spree -- people posing with jewelry, guns or fancy cars -- can link suspects or their friends to robberies or burglaries.

The Electronic Frontier Foundation, a San Francisco-based civil liberties group, obtained the Justice Department document when it sued the agency and five others in federal court. The 33-page document underscores the importance of social networking sites to U.S. authorities. The foundation said it would publish the document on its Web site on Tuesday.

With agents going undercover, state and local police coordinate their online activities with the Secret Service, FBI and other federal agencies in a strategy known as "deconfliction" to keep out of each other's way.

"You could really mess up someone's investigation because you're investigating the same person and maybe doing things that are counterproductive to what another agency is doing," said Detective Frank Dannahey of the Rocky Hill, Conn., Police Department, a veteran of dozens of undercover cases.

A decade ago, agents...

SunGard Expands Backup and Recovery Portfolio

Tue, 16 Mar 2010 09:30:22 -0500

SunGard Availability Services' new Secure2Disk backup and recovery solution, powered by EMC Data Domain deduplication storage systems, provides organizations with on-site operational restart capabilities and rapid, off-site recovery that seamlessly integrates with a customer's existing backup software.

Expanding SunGard's portfolio of backup and recovery solutions, Secure2Disk powered by Data Domain helps organizations improve business recovery time. The service supports production operations with onsite backup that provides quick retrieval of recently updated files, e-mails and other documents accidentally deleted or damaged. The SunGard service also helps speed up remote recovery by storing backup data at a secure SunGard recovery center, where it is available for restoration.

The SunGard offering includes Data Domain deduplication storage systems to help improve backup and recovery processes, and simplify local file restores. Data Domain technology deduplicates and compresses data (on average by a factor of 20:1) to minimize the replication bandwidth required in transferring it to a SunGard facility, as well as the storage required for maintaining data at both the local and the secondary site.

Data Domain systems integrate with major backup applications and most archiving solutions. Since it leverages an existing media server and backup application, Secure2Disk powered by Data Domain can co-exist with a customer's current tape architecture to help achieve faster recoveries without interrupting tape archives needed to meet regulatory requirements.

The Secure2Disk solution provides Data Domain systems at both a customer site and SunGard recovery center. The solution helps enable automatic transfer of backup data to a secure SunGard site, with no customer IT staff intervention required. By replicating backup data to a SunGard site, there are no backup tapes to be shipped which can delay disaster recovery operations or testing. This approach also helps enhance security because there is no physical media at risk during transit to a recovery site.

In addition, customers can take...

Dubious Honor Bestowed on Federal CIOs

Tue, 16 Mar 2010 07:09:39 -0500

As the Justice Department hunts for the latest batch of missing federal e-mails, the officials who oversee spending of $71 billion a year for information technology got a big raspberry Friday for a 14-year-long failure to ensure that government e-mails are preserved.

For all the spending it oversees, the Federal Chief Information Officers Council is virtually unknown to the general public. Now it has "won" this year's Rosemary Award for the worst open government performance.

The Rosemary is bestowed by the National Security Archive, a private group that publishes declassifed government information and files lawsuits and many Freedom of Information Act requests for federal records. The award is named for former President Richard M. Nixon's secretary Rose Mary Woods, known for re-enacting her claim to have accidentally erased 18 1/2 minutes of a White House tape recording when she stretched to answer a phone.

Comprised of the chief information officials from 28 departments and agencies, the council was established by President Bill Clinton in 1996 and written into law by Congress in 2002. It describes itself as the "principle interagency forum for improving practices in the design, modernization, use, operation, sharing, and performance of federal government information resources."

The archive, however, said neither the council's founding documents, its 2007-2009 strategic plan, its transition memo for the Obama administration, nor its current Web site even mention the challenge of managing e-mail records.

"The CIO Council has a bad case of attention deficit disorder when it comes to the e-mail disaster in the federal government," said archive director Tom Blanton, author of a book on an e-mail lawsuit against the Reagan, Bush and Clinton administrations. "We hope this year's Rosemary Award will serve as a wake up call to the government officials who have the power, the money and the responsibility to save the e-mail sent in...

Coverity Offers Software Safety Audits

Mon, 15 Mar 2010 09:34:26 -0500

SAN FRANCISCO, LONDON � March 15, 2010 �- Coverity, Inc., the software integrity market leader, today announced that it will provide software integrity audits to qualified Global 2000 companies with safety-critical software concerns. The Coverity Software Integrity Audit can expose software defects that could change the behavior, freeze the operation or impair the performance of safety-critical devices or products. Coverity will also extend this offer to select suppliers to participating Global 2000 companies to help expose software integrity supply chain problems in third-party components, devices and products. Program details can be found at www.coverity.com.

The Coverity Software Integrity Audit can help Global 2000 executives answer two critical questions:

� "Are there safety-critical software defects in my supplier's products?"

"Software complexity is creating an entirely new class of business risk for Global 2000 companies with safety-critical products across their entire software supply chain," said Seth Hallem, Coverity CEO. "Now companies are accountable for both the software shipping in their products and the software from their third-party providers. Coverity is providing this offer to help Global 2000 companies who have safety concerns get the visibility they need to assess whether they are shipping safe software to their customers."

The result of the Coverity Software Integrity Audit will provide executives and development teams with critical software integrity information such as:

� The potential impact those software defects can have on the behavior, operation or performance of their products; and

� The overall Coverity Integrity Rating of their audited product or code base, comparing their software integrity against industry averages.

Why Software Complexity Creates Business Risk

Coverity has deep history in mitigating the risk of software defects with consumers and in business. Since 2003, Coverity has helped more than 750 commercial...

Chinese Minister Insists Google Abide By the Law

Mon, 15 Mar 2010 07:07:34 -0500

China's top Internet regulator insisted Friday that Google must obey its laws or "pay the consequences," giving no sign of a possible compromise in their dispute over censorship and hacking.

"If you want to do something that disobeys Chinese law and regulations, you are unfriendly, you are irresponsible and you will have to pay the consequences," Li Yizhong, the minister of Industry and Information Technology, said on the sidelines of China's annual legislature.

Li gave no details of Beijing's talks with Google Inc. over the search engine's January announcement that it planned to stop complying with Chinese Internet censorship rules and might close its China-based site.

"Whether they leave or not is up to them," Li said. "But if they leave, China's Internet market is still going to develop."

China has the world's most populous Internet market, with 384 million people online. Google has about 35 percent of the Chinese search market, compared with about 60 percent for local rival Baidu Inc. Chinese users of Google and even some of China's state-controlled media have warned that the loss of a major competitor could slow the industry's development.

Beijing encourages Internet use for education and business but tries to block access to material deemed subversive or pornographic, including Web sites abroad run by human rights and pro-democracy activists.

Li insisted the government needs to censor Internet content to protect the rights of the country and its people.

"If there is information that harms stability or the people, of course we will have to block it," he said.

Responding to Google's complaints of China-based hacking against its e-mail service and several dozen major companies, Li said the government opposes hacking.

Google CEO Eric Schmidt said Wednesday that the company is in active negotiations with Beijing and expects some resolution in the dispute soon.

Speaking at a conference in the United Arab Emirates,...