Peaches

Downadup Worm Eats into 1 of Every 16 PCs Gregg Keizer, Computerworld Wednesday, January 21, 2009 2:59 PM PST The computer worm responsible for the biggest attack in years has infected at least 1 out of every 16 PCs worldwide, a security company said Wednesday, and may have managed to compromise as many as nearly 1 in 3. According to Panda Security, almost 6% of the Windows systems scanned with its antivirus technology were found to be infected with "Downadup," a worm that began aggressive attacks just over a week ago. Panda was one of the first security firms to ring the alarm ov

Legitimate Sites Carry Increasing Portion Of Malware Seventy percent of the Web's top 100 sites hosted malicious content in second half of 2008, Websense lab study says Jan 21, 2009 | 04:18 PM By Tim Wilson DarkReading If you're wondering where most malware comes from, check the "favorites" list in your Web browser. According to Websense Security Labs' newly published "State of Internet Security" report for the second half of 2008, 77 percent of Websites that carry malicious code are legitimate sites that have been compromised. This figure rose by almost 3 percent over the fir

New OS X research warns of stealthier Mac attacks In-memory code injection covers tracks By Dan Goodin in San Francisco 21st January 2009 00:40 GMT A computer security researcher has discovered a new way to inject hostile code directly into the memory of machines running Apple's OS X operating system, a technique that makes it significantly harder for investigators to detect Mac attacks using today's forensics practices. The technique, which Italian researcher Vincenzo Iozzo plans to detail at the Black Hat security conference in Washington next month, makes it possible to carry

Disabling Windows Autorun - there's a right way and a wrong way By Dan Goodin in San Francisco • 22nd January 2009 01:24 GMT After some confusion about exactly how Windows users can protect themselves against a prolific computer worm called Downadup, Microsoft security watchers are once again reiterating the steps for disabling the Autorun feature. Downadup has managed to infect an estimated 9 million machines at last count using multiple attack vectors. Two of those vectors are USB flash drives and mapped network drives, which are booby-trapped with files that compromise machin

20 January 2009, 16:06 MD5 attack on Microsoft's Authenticode A security expert has managed to transfer the digital signature of one Windows program to another, without invalidating the signature. Didier Stevens, who presented the attack in his blog, exploited the fact that Microsoft's Authenticode code signing standard accepts the vulnerable MD5 hash algorithm. Stevens used this to generate two programs which have identical code signatures, but behave differently. Similar collision attacks on MD5 have already caused considerable commotion. The most prominent example is probably th

Not hard to figure that out ... on the hips!! There's a saying and it goes like this ... "once on the lips, forever on the hips".

"Frozen cache" method to thwart cold boot attacks Jan 20 2009 "ACME Security has described a way to neutralise cold boot attacks. Such attacks exploit the fact that data in the DRAM are not immediately lost when power is removed, but remain there for a period that may last from a few seconds to a minute, or even longer if cooling is in use. This makes it possible for a hacker to discover decryption keys, such as those used in Vista's Bitlocker, dm-crypt in Linux, Apple's FileVault, or the open-source TrueCrypt. The suggested remedy to ward off such cold boot attacks is to move the ke

20 January 2009, 10:04 Sophos releases details of a vulnerability in anti-virus products Sophos has released details of a vulnerability in Sophos Anti-Virus, which, they say, has already been closed in current versions. The vulnerability made it possible to send large GPIO messages, resulting in the remote management system (RMS) triggering a restart. The cause was a bug in a third-party component. Affected versions of Sophos include Sophos Anti-Virus for Windows 2000/XP/2003/Vista 7.6.0, Sophos Anti-Virus for Windows 95/98/NT 4.7.16, Sophos Anti-Virus for Mac OS X and 4.9.15 Sophos

20 January 2009, 13:10 Malware spread through fake 'Barak Obama resigns' websites "According to a press release from PandaLabs and originally noted on the companies blog, over 40 websites are exploiting Barack Obama's presidential inauguration. The sites are spoof web pages that appear to be from Obama's official campaign, reporting that Obama has resigned as President of the United States. These sites claim that the decision was "motivated by the President-elect's inability to save America from the global economic downturn." One of the headlines used was "Barack Obama has refused

Seagate Barracuda Hard Drives Plagues by Failures ... The problems follow by about two months issues found with Seagate's 1.5-TB Barracuda 7200.11 drive. By Antone Gonsalves InformationWeek Seagate (NYSE: STX) Technology on Friday confirmed a firmware problem that caused some of its hard drives to fail. Customers have been flooding tech forums, including Seagate's own community forums, with failure reports of Seagate's 1-TB Barracuda 7200.11 drive. The complaints follow by about two months problems found with Seagate's 1.5-TB Barracuda 7200.11 drive, which randomly froze, accordi

Security boffins attempt to freeze out cold boot crypto attack Cache from chaos By John Leyden 19th January 2009 15:12 GMT Security researchers have developed prototype countermeasures to defend against the recently developed cold boot crypto attack. Cold boot is a technique for snatching cryptographic keys from memory, creating a means to circumvent disk encryption. A targeted machine that's been left hibernating would be turned off and quickly rebooted using an external hard drive, loaded with customised software, in order to extract encryption keys stored in memory. The techni

I would think ones best bet would be to avoid getting infected - be careful what you click on but seeings you live in christchurch, you would have no worries since it is highly unlikely you will plan on going to this event.

F-Secure now claims nine million Conficker infections Jan 19, 2009 F-Secure now claims that nine million Windows PCs are infected with the Conficker worm. In response to those who doubt its high figures, F-Secure has revealed its counting method in its blog. This says F-Secure has been tracking a variant of the worm, has registered some of the 250 domains it creates each day, and is logging the connections made to them in order to note all the unique IP addresses. F-Secure further says that, when contacting its domains, the worm states the number of other systems successfully infecte

Now this is just a joke ... ... Retired people Working people frequently ask retired people what they do to make their days interesting. Thought you might like to see what happened to me last week. I went to the store the other day. I was only in there for about 5 minutes. When I came out there was a city cop writing out a parking ticket. I went up to him and said, "Come on, buddy, how about giving a senior a break?" He ignored me and continued writing the ticket. I called him a *&%$$#. He glared at me and started writing another ticket for having worn tires. So I called him a piece

Yep, that's what she did ... she got off paying for a speeding ticket ...

An older lady gets pulled over for speeding ... Older Woman: Is there a problem, Officer? Officer: Ma'am, you were speeding . Older Woman: Oh, I see. O fficer: Can I see your license please? Older Woman: I'd give it to you but I don't have one. Officer: Don't have one? Older Woman: Lost it, 4 years ago for drunk driving. Officer: I see... Can I see your vehicle registration papers please . Older Woman: I can't do that. Officer: Why not? Older Woman: I stole this car. Officer: Stole it? Older Woman: Yes, and I killed and hacked up the owner. Officer: You what? Older Woman

Symantec is giving Google Docs a run for its money, announcing the impending launch of its own online workspace tool GoEverywhere. GoEverywhere, set to be launched in beta at the end of January, is a managed online workspace that allows users to access and store their frequently-used online Web applications from anywhere in the world. The online tool also provides a growing selection of free, popular Web-based word processing, slide-making, instant messaging and spreadsheet applications, along with access to Web-based e-mail. Read ChannelWeb Article - http://www.crn.com/security/2129

New Botnets Replace Vanquished Pests Computerworld (US) staff, Computerworld Although the shutdown of a California Web hosting company eradicated several prominent botnets last year, others have stepped up to fill the gaps, a security researcher says. Gone from the landscape, said Joe Stewart, director of research at Atlanta-based SecureWorks Inc., are "Srizbi" and "Storm," the botnets Stewart ranked as No. 1 and No. 5, respectively, in an April 2008 botnet census. Srizbi, and to a lesser degree "Rustock," were crippled two months ago when McColo Corp., a company that has long been

Jan18 Fake Obama News Sites Abound by Jake Soriano (Technical Communications) img {max-width:650px;width: expression(this.width > 650 ? 650: true);border-style:none; } Earlier this week, we blogged about the range of Web threats that would take advantage of Barack Obama’s inauguration on the 20th. We mentioned fake news as a possible social engineering ploy and cybercriminals did not disappoint. They were a little early in fact: Trend Micro Advanced Threats Researcher Paul Ferguson discovered bogus websites with headlines like Barack Obama has refused to be a president an

No-IP Dynamic Update Client for Linux Remote Buffer Overflow Vulnerability Bugtraq ID: 32344 Class: Boundary Condition Error CVE: CVE-2008-5297 Remote: Yes Local: No Published: Nov 18 2008 12:00AM Updated: Jan 18 2009 10:42PM Credit: xenomuta Vulnerable: No-IP Dynamic Update Client 2.1.7 No-IP Dynamic Update Client 0 Full details here: http://www.securityfocus.com/bid/32344

When you're hospitalized, it pays to be nice to your nurse, even when you're feeling miserable. A bossy businessman learned the hard way after ordering his nurses around as if they were his employees. But the head nurse stood up to him. One morning she entered his room and announced, "I have to take your temperature." After complaining for several minutes, he finally settled down, crossed his arms and opened his mouth. "No, I'm sorry, the nurse stated, "but for this reading, I can't use an oral thermometer." This started another round of complaining, but eventually he rolled over and b

Russian Firm Offers Wi-Fi Encryption Cracker John E. Dunn, Techworld.com Friday, January 16, 2009 2:55 PM PST The Russian security company that caused a stir some months by talking up its cracking tool for recovering Wi-Fi encryption keys, has started selling its software to all-comers in a specially packaged product. Normally, running a tool to do this on a conventional Intel Core 2 Duo desktop PC would take months to brute force even a single 8-character WPA/WPA2-PSK password, of which there are trillions of possible alpha-numeric combinations at that bit length. Elcomsoft claims

Superantispyware pre-release ... You MUST uninstall any previous version before installing this version. SUPERAntiSpyware Professional users, your existing registration code works with the pre-release. http://www.superantispyware.com/prerelease.html

Jan16 2009 Don’t be Fooled by Obama Inauguration Scams Barack Obama’s campaign and eventual election to the United States presidency proved an excellent opportunity for cybercriminals in their malicious operations. News about the president-elect was a popular, and most of the time effective, social engineering technique used to trick unknowing Web users into downloading and installing malicious files in their PCs. Web threats that feature Obama-related baits may have died down after what has been a historic election, however users could expect more of them before and

Jan16, 2009 Security Policy for Dummies - how to avoid WORM_DOWNAD infection "Quite a few Security Websites and Media outlets have reported on the current wave of WORM_DOWNAD.AD detections over the last few weeks. And last weekend seemed to be a busy time for the worm infecting a considerable number of machines. Whats noteworthy about this particular beastie is not only the scale of the infections (some estimates put it at over 8 million infected machines), but also the propagation techniques - a 3 pronged attack designed to exploit weak Company Security Policys. Firstly