Adobe’s popular PDF viewer, Adobe Reader, always attracts large amount of hackers who try to exploit its vulnerabilities. Some reports found that Adobe Reader is at the top list for having the most exploits for web-based attacks. Now, the company wants to “turning to sandboxing technology designed to isolate code from other parts of the computer.” A “protected mode” will be added to the Adobe Reader for Windows which will be enabled by default and release later this year. Because of minor attack against Macintosh system, there is no plan to implement this feature to Mac OS yet.

Several changes will be made due to sandbox mechanism. The PDF processing will be confined, such as executing JavaScript, parsing JPEG image etc. Application running in the Adobe Reader will not be able to communicate with the operating system any more. “This is an additional layer of defense that will help protect users in case they encounter a malicious or corrupted PDF.” said Brad Arkin, the director of product security and privacy of Adobe. The new feature could limit the number of exploits, but not all of them. Some attacks like phishing and weak cryptography still exist.

Some experts believe that Sandbox can not prevent code execution vulnerability, but it makes attacks much hard to success. With Sandbox, the attackers need to find vulnerability in both programs, Reader and Sandbox.

In that paper the researchers demonstrated the technique to continuously spy on BitTorrent users for 103 days. They collected 148 million IP addresses and identified 2 billion copies of downloads, many of them copyrighted.

From this research most important is that identified the IP addresses where much of the content originated. This means that the individuals that creating the torrent files are few. Therefore, the question is why the anti-piracy groups try to stop millions of downloaders instead of a few content providers.

However, with social networking sites, those addresses include data which advertisers can use to look up individual profiles and discover users’ personal information and interests, contrary to their privacy policy and their promises they don’t share such information without consent.

After Wall Street Journal’s questions, Facebook and MySpace moved to make changes to stop the handover.

“If you are looking at your profile page and you click on an advertisement, you are telling that advertiser who you are”, an assistant professor at Harvard Business School said.

See the graphic about Internet sites that share information that could be tied to individual profiles.

Source: The Wall Street Journal

It used the cars to capture videos through the panoramic cameras and on the move it caught the SSIDs and MAC addresses that identified networks and devices. It didn’t know that as it was taking pictures, the camera system collected ‘useful’ data from Local WiFi Networks. This information which are collected are used to improve the location based services.

Google thought that the software collected onlyn harmless and useless data but few days ago the said in the blog they open( http://googleblog.blogspot.com/2010/05/wifi-data-collection-update.html ) that there was an additional code in the software that this code was implemented in 2006 by an engineer who was working on an experimental Wi-Fi project and  wrote a piece of code that sampled all categories of publicly broadcast Wi-Fi data.

This opened thousand of questions about the privacy of Street View data.

Google insisted in a statement that it hadn’t intended to collect the data or had any knowledge that it existed until now.

As we can see no one is secure in our days. If you have a WiFi Network at home you can being hacked from everyone if you use none or weak secutiry(WEP keys). Try to use WPA-2 protocol which until now is unbreakable.

Recourses:

1) http://www.wired.com/threatlevel/2010/05/google-street-view-cams/

2)  http://www.theregister.co.uk/2010/05/14/google_street_view_cars_were_collecting_payload_data_from_wifi_networks/

3) http://arstechnica.com/tech-policy/news/2010/05/google-says-wifi-data-collection-was-a-mistake.ars

The computer recovery though couldn’t be automated and personal attention to each computer from a technician appeared to be the only way to fix the problem.  McAfee claims that the update only hit 0.5 percent of its customer’s computers, including Intel Company.  Barry McPherson, executive vice president of support and customer service at McAfee in an attempt to apologize for all the inconvenience caused said: “First off, I want to apologize on behalf of McAfee and say that we’re extremely sorry for any impact the faulty signature update file may have caused you and your organizations.”

After McAfee’s gaff, not only did they apologize, but they took serious measures in order that no similar mistakes happen in the future. For that matter, they started implementing additional QA protocols for any releases that directly impact critical system files and they plan to add capabilities to its cloud-based Artemis system that will provide an additional level of protection against false positives. As if all that wasn’t enough hackers all over the world took advantage of the situation and tricked people into visiting websites that had information about fixing the bug, which actually were highly malicious.

Sources:

http://news.yahoo.com/s/nf/20100423/bs_nf/72944;_ylt=AntUUuCU19dBKoJSDTBVg2KDzdAF;_ylu=X3oDMTJiZmdvdjQwBGFzc2V0A25mLzIwMTAwNDIzLzcyOTQ0BHBvcwMxBHNlYwN5bl9wYWdpbmF0ZV9zdW1tYXJ5X2xpc3QEc2xrA21jYWZlZTM5c3NodQ–

http://siblog.mcafee.com/support/mcafee-response-on-current-false-positive-issue/

First the iPhone jailbreaker MuscleNerd used a port of “Spirit” jailbreak by Comex which exploits a bug found in iPhone OS 3.1.3 and now on iPad/iPhone OS 3.2. He gained root access on the iPad which this showed that the iPad can been easily jailbreak.

After 4-5 days, GeoHot revealed some pictures in his twitter showing verbose mode running on his iPad.Verbose mode shows everything that iPad is doing on bootup. After doing this he posted a new picture where he managed to install blackra1n and Cydia to iPad.

Jailbreak methods are rising exponentially and as we can see Apple doesn’t care to patch the “holes” of the OS. Also and iphone OS 4.0 in less than a week has been jailbreak which this shows that the “holes” are still open. iPad will have multitasking earlier than Steve Jobs would want to after all..

Resources:

1) http://news.cnet.com/8301-17938_105-10472184-1.html

2) http://www.engadget.com/2010/04/04/ipad-spirit-jailbreak-demonstrated-by-musclenerd-now-it-reall/

3) http://www.pmptoday.com/2010/04/04/ipad-spirit-jailbreak-video-demo-released/

4) http://www.iphonedownloadblog.com/2010/04/09/ipad-jailbreak-blackra1n/

By analyzing the IP addresses of active SPAM mail servers show that US was the 1st, distributed 36% of global malware followed by china 17.8% and Romania at 16.5%. A main reason for making US first in malware is that most web based e-mail servers are hosted in US (e.g Gmail, Yahoo).  Analyzing the actual IP addresses found in the e-mail’s headers revealed China as the country of origin. “When considering the true location of the sender rather than the location of the email server, fewer attacks are actually sent from North America than it would at first seem.”

More about Symantec’s research can be found here

The security hole had led the German government to issue a warning about Firefox 3.6.It warned that the Firefox vulnerability, confirmed by Firefox makers, could allow hackers to run malicious programs on users’ computers.Germany’s official cyber-security response team – BurgerCERT – had recommended that users stop using Firefox until the tested fix was released.

The original Firefox vulnerability was confirmed by maker Mozilla last week on its security blog.It was only the 3.6 version that was affected due to the addition of WOFF fonts.

An integer overflow bug exists in the processing of the newly added in 3.6 version WOFF fonts. This can be exploited to cause a heap-based buffer overflow and execute arbitrary code via a web page embedding a WOFF font with an overly large “origLen” field.

The vulnerability lies within the WOFF decoder that contains an integer overflow in a font decompression routine. An attacker could use this vulnerability to crash a victim’s browser and execute arbitrary code on his/her system.

References : http://blogs.zdnet.com

Gonzalez has been sentenced to 20 years in prison. He managed to steal more than 1 million dollars. However is impossible to measure the exact amount of stolen money per person. After his sentence expired he will be supervised for not using for 3 years the Internet and the use of any electronic device will be monitored. The court tried to send a message through this trial to the young people not to attempt doing things like Gonzalez did.

You can find more information here.

In the first day the attackers will try to exploit one of the below web-browsers:

Second day will be:

Third and last day:

Also except of web-browsers this year the attackers have the chance to exploit one of the four mobile-devices:

Although last year noone have managed to exploit a mobile device, this year the expectations are high that the iPhone will go down. For every successful exploit the winner will keep the device and take $15,000.

Aaron Portnoy,security researcher at TippingPoint and Pwn2Own said: “”With all the recent research on mobile phone security being presented worldwide, these devices are quickly becoming a ripe target,First to fall: the iPhone”.

Miller, the winner of 2008 and 2009 contest which he managed to exploit Safari web browser, this year will stick on Safari to win again the contest. However, Miller said “in real life the iPhone is harder because you can’t just execute a shell. You have to write your return-oriented payload to do all your dirty work, which can be a pain.” We will expect from Miller this year to break the Iphone through Mobile Safari.

Happy exploiting
References:

http://arstechnica.com/security/

http://blogs.zdnet.com/security/?p=5709&tag=content;col1

http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010

http://blogs.zdnet.com/hardware/?p=7367