Warning: Creating default object from empty value in /home/ict-forward/www-apps/wp-svn/wp-includes/ms-load.php on line 138
May « 2010 « The FORWARD project blog

Archive for May, 2010

Danger in the Internet Cafe? New Computer Security Threat for Wireless Networks: Typhoid Adware

Saturday, May 22nd, 2010

Typhoid Adware is a software which resembles the healthy carrier of typhoid called  Typhoid Mary. This kind of threat works to the full potential on computer networks and specifically on wireless networks. Actually, the internet cafes and other similar public places where the customers can access internet wirelessly without any data encrpytion, are the most convenient places for being infected Adware software. Typhoid Adware comes from another’s person computer and convinces other laptops to communicate with it and not the legitimate access point. Then the Typhoid adware automatically inserts advertisements in videos and web pages on the other computers.

John Aycock who co-authored a paper with assistant professor Mea Wang and students Daniel Medeiros Nunes de Castro and Eric Lin have come up with solutions which support computers with security defences against threats of various Adwares like the Typhoid Adware.

Click here for more information.

Spy on BitTorrent users in real-time

Friday, May 21st, 2010

In a paper presented at the Usenix Workshop on Large-Scale Exploits and Emergent Threats researchers devised a way to monitor BitTorrent users. By monitoring the users they accomplished to create a list of ip-addresses of individuals and track the content they are sending and receiving.

In that paper the researchers demonstrated the technique to continuously spy on BitTorrent users for 103 days. They collected 148 million IP addresses and identified 2 billion copies of downloads, many of them copyrighted.

From this research most important is that identified the IP addresses where much of the content originated. This means that the individuals that creating the torrent files are few. Therefore, the question is why the anti-piracy groups try to stop millions of downloaders instead of a few content providers.

Social networks give users’ data to advertisers

Friday, May 21st, 2010

Across the web, its common for advertisers like Google Inc.’s DoubleClick and Yahoo Inc.’s Right Media, to receive the address of the page from which a user clicked on an advertisement. They receive nothing more than an incomprehensible string of letters and numbers that can’t be used to retrieve users’ information.

However, with social networking sites, those addresses include data which advertisers can use to look up individual profiles and discover users’ personal information and interests, contrary to their privacy policy and their promises they don’t share such information without consent.

After Wall Street Journal’s questions, Facebook and MySpace moved to make changes to stop the handover.

“If you are looking at your profile page and you click on an advertisement, you are telling that advertiser who you are”, an assistant professor at Harvard Business School said.

See the graphic about Internet sites that share information that could be tied to individual profiles.

Source: The Wall Street Journal

Windows 7 hole…

Thursday, May 20th, 2010

A vulnerability has been discovered in  64-bit Windows 7 , in graphics display component that could be exploited to crash the system or potentially take control of the computer by running code remotely.The vulnerability is  in the Canonical Display Driver (cdd.dll) which could allow code execution(Microsoft isn’t aware of this ,cause vulnerable code execution is unlikely due to memory randomization)  caused due to an error while drawing in kernel space by using the cdd.dll . This can be exploited to dereference invalid memory in a write operation and corrupt kernel memory.When the Windows Aero theme is installed, does not perform the expected data parsing after user-mode data is copied to kernel mode, which allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a crafted image file.

http://news.cnet.com/8301-27080_3-20005420-245.html?tag=mncol;title

http://www.microsoft.com/technet/security/advisory/2028859.mspx

http://secunia.com/advisories/39577

Mozilla extends plug-in detection page to all major browsers

Tuesday, May 18th, 2010

The Mozilla Firefox development team has recently came with the idea of warning Firefox users about outdated, insecure or buggy plug-in. It was first implemented for Adobe flash plug in. It was created as a What’s New page and integrated in recent Firefox updates.

The scripts on the page check for installed plugins and compare the version of the installed plugin with the latest version that is offered officially by the developer of the plugin. Some supported plug-ins (among others) are Apple Quicktime, Shockwave Flash, Adobe Acrobat, Java, RealPlayer and Windows Media Player plugins. Furthermore the Mozila Firefox development team now extends the page to support all the popular browsers.

(more…)

IE 8 XSS filter used for XSS attacks!

Tuesday, May 18th, 2010

The XSS filter that was the developed from Microsoft and added to the last IE version to prevent XSS attacks can be used for the very exact opposite reason! The cross-site scripting (XSS) filter can be abused by attackers to launch cross-site scripting attacks (XSS) on websites and web pages that would otherwise be immune to this threat.

The IE8 filter works by scanning outbound requests for strings that may be malicious. When such a string is detected, IE8 will dynamically generate a regular expression matching the outbound string. The browser then looks for the same pattern in responses from the server. If a match is made anywhere in the server’s response, the browser assumes that a reflected XSS attack is being conducted and the browser will automatically alter the response so that the XSS attack will be unsuccessful.

(more…)

Apple Safari highly critical vulnerability

Tuesday, May 18th, 2010

A high critical zero day vulnerability for Apple’s web browser, Safari, was discovered by Krystian Kloskowski and Vin Lisciandro and published last week by Secunia.

The security issue affects current version of Safari (v. 4.0.5) for Microsoft Windows (confirmed) and probably for Mac. Earlier versions of Safari might also be vulnerable. Successful exploitation of the issue leads to remote code execution or exposure of victim’s private data. Secunia has released advisory SA39670, which explains that the flaw exists because of ‘a use-after-free error when handling pop-up boxes created from a child window’ which can result in a function call using an invalid pointer. It is also stated that it ‘can be exploited to execute arbitrary code when a user visits a specially crafted web page’. Another issue mentioned is that Safari includes HTTP basic authentication credentials in an HTTP request if a web page that requires HTTP basic authentication redirects to a different domain (e.g. via a “Location” header).

(more…)

Google Street View cars stealed information from WiFi Networks

Monday, May 17th, 2010

Google announced 3 days ago it had accidentally picked up on Wi-Fi data while taking photos for Google Maps’ Street View feature.

It used the cars to capture videos through the panoramic cameras and on the move it caught the SSIDs and MAC addresses that identified networks and devices. It didn’t know that as it was taking pictures, the camera system collected ‘useful’ data from Local WiFi Networks. This information which are collected are used to improve the location based services.

(more…)

New version of YAHOO IM worm aims a blow at Skype

Saturday, May 15th, 2010

According to the security firm Bkis, this worm has delevoped a more efficient way of persuading people follow the steps that lead to the trap and achieving its goals. The main means of spreading are Yahoo Instant Messanger and Skype, so the first indirect contact with the malware is done via a message that is selected from a various set of messages which is followed by a link.

An example of that kind of messages is shown below.

(more…)

Critical vulnerability in Windows Outlook Express, Windows Mail and Windows Live Mail

Friday, May 14th, 2010

A recent critical vulnerability has been identified in Windows Outlook Express, Windows Mail and Windows Live Mail. This security issue can allow remote code execution if the users visits a malicious e-mail server. The attacker can gain the same privileges of the computer as the user has.The security update addresses the vulnerability by correctly validating e-mail server responses.Patches have been released.

source:

http://www.theregister.co.uk/2010/05/12/may_patch_tuesday/

http://www.microsoft.com/technet/security/Bulletin/MS10-030.mspx