Slashdot Mirror

http://www.eweek.com/security/...
http://www.itworld.com/article...
http://www.itworld.com/article...
http://www.itworld.com/article...
http://www.majorgeeks.com/news...
http://www.majorgeeks.com/news...
http://www.net-security.org/se...
http://www.networkworld.com/co...
http://www.networkworld.com/ne...
http://www.networkworld.com/ne...
http://www.networkworld.com/ne...
http://www.networkworld.com/ne...
http://it.slashdot.org/story/1...
http://www.theregister.co.uk/2...
http://it.slashdot.org/story/1...

APK

P.S.=> So much for your faith in routers alone stupid (225 in total, 15 posts with 15 items each)... apk

On Linux, you install software from a trusted package repository.

Yeah, http://www.net-security.org/se...

"Limitations to this type of attack are obvious: attackers must be skilled enough to create a backdoored flash image, and find a way to deliver it to the device - either by "updating" an already deployed device, or by getting their hands on it before it's installed." ref

http://www.eweek.com/article2/...
http://www.eweek.com/article2/...
http://www.eweek.com/article2/...
http://www.eweek.com/security/...
http://www.itworld.com/article...
http://www.itworld.com/article...
http://www.itworld.com/article...
http://www.majorgeeks.com/news...
http://www.majorgeeks.com/news...
http://www.net-security.org/se...
http://www.networkworld.com/co...
http://www.networkworld.com/ne...
http://www.networkworld.com/ne..." ADD_DATE="1314658631" LAST_VISITED="0">Cisco routers caused major outage in Japan report - Network World
http://www.networkworld.com/ne...
http://www.networkworld.com/ne...

APK

P.S.=> So much for your faith in routers alone stupid (225 in total, 15 posts with 15 items each)... apk

New Malware Enlists Linux-Based Security Cameras For DDoS Botnet http://slashdot.org/submission...

XOR DDoS botnet launching attacks from compromised Linux machines http://www.net-security.org/se...

New Linux rootkit leverages GPUs for stealth http://www.itworld.com/article...

Unnoticed For Years, Malware Turned Linux Servers Into Spamming Machines http://linux.slashdot.org/stor...

New Linux Rootkit Emerges http://linux.slashdot.org/stor...

Linux servers turned into bots by IPTables http://news.techworld.com/secu...

---

* Want more? "Ask & YE SHALL RECEIVE"... & I've got truckloads of these as "evidences thereof".

APK

P.S.=> Top that off w/ what gaygirlie noted - routers using *NIX in them get suckered too... it's possible, on EVERYTHING - Windows & MS have 1 THING GOING FOR THEM - decades of experience in it vs. other OS'...

E.G. - Witness ANDROID (yes, it's a Linux variant using a Linux core & a STUPID java variant front-end largely), & for years around here the "std. FUD mantra" was "Linux = invulnerable" & Apple tried it too (We don't get viruses), well, time tells ANOTHER story:

You get used more? YOU GET TAKEN ADVANTAGE OF MORE (you now represent sufficient "ROI" to make the code to do it once you get more users)... apk

Since Slashdot is useless, I'll post a summary.

http://www.net-security.org/im...

Stolen chip with malicious chip soldered on top. No idea why you need a second stolen card for the body as shown in the image.

Malicious chip MITMs the POS PIN challenge and says it's all good. Malicious chip in this case is a "FUNcard" chip. Basically a generic system you can buy for your laundromat, arcade, carnival, whatever.

This was done in France in 2011. EMVCo claims they've fixed this or made it harder. They won't say how. No one believes them.

Interesting that we seem to be overlooking the 'rest of the story':
That the United, Anthem, and OPM breaches are ALL blamed on the same actors.
So we now have a cool name ('Black Vine') to supplant "Chinese State Sponsored Hackers".
I suppose that will make it easier to report without offending our good friend China, right?

"The update apparently will not solve the well-known vulnerabilities in the keyless ignition feature, which reportedly allow thieves to easily unlock the cars with the help of a hardware device that can be bought online .. it's generally believed that the industry is still far from creating a reliable system that can't be hacked and abuse" ref Is it really impossible to design a keyless ignition system that can't be compromises, or is it the case that the car manufacturers are not allowed to design such. The doors to your house can be picked with the right system, so as to allow the locksmith back in if you lose the keys.

So, let's see; the car unlocks when it receives the coded transponder signal of sufficient power; the transponder generating that signal is somewhere in the neighborhood of the car, like inside the house the car is parked outside, but just too far to trigger the unlocking..... Yeah, foolproof security, absolutely. How could you possibly beat that system.

"The update apparently will not solve the well-known vulnerabilities in the keyless ignition feature, which reportedly allow thieves to easily unlock the cars with the help of a hardware device that can be bought online .. it's generally believed that the industry is still far from creating a reliable system that can't be hacked and abuse" ref

Is it really impossible to design a keyless ignition system that can't be compromises, or is it the case that the car manufacturers are not allowed to design such. The doors to your house can be picked with the right system, so as to allow the locksmith back in if you lose the keys.

Way more then just the website.
More info on http://www.net-security.org/se...
Not only the website, but "26,000 systems were found to be infected: email and share point servers, as well as the technical staff's workstations."
Belgacom is the largest telecom operator and is also the largest ISP. I would guess almost all political individuals would at least use their phone system, but most likely also their internet.

In many cases, XP vulnerabilities are minimal. Don't use Internet Explorer. Every user should have limited rights. Users should be trained not to open files that haven't been arranged in advance. Use a software firewall that monitors outgoing traffic.

Most writers for technical publications have limited technical knowledge. What is not said in the article linked by Slashdot is that computers that run software firewalls that monitor outgoing traffic are far more protected.

Quoting from the article: "For this attack scenario to be successful, the user must be convinced to open the specially crafted file containing the malicious OLE object. All Microsoft Office file types as well as many other third-party file types could contain a malicious OLE object."

Another quote: "A successful exploitation could lead to the attacker gaining same user rights as the current user, and if that means administrative user rights, the attacker can install programs; access, modify, or delete data; or create new accounts with full user rights."

This article explains some of the issues: Microsoft Windows XP "end of life": Conflict of interest.

0.0.0.0 microblo5.mooo.com
0.0.0.0 mooo.com
0.0.0.0 microyours.ignorelist.com
0.0.0.0 ignorelist.com
0.0.0.0 micronames.jumpingcrab.com
0.0.0.0 jumpingcrab.com
0.0.0.0 microchisk.mooo.com
0.0.0.0 microalba.serveftp.com
0.0.0.0 serveftp.com
0.0.0.0 officerevision.com
0.0.0.0 tradeinf.com
0.0.0.0 42world.net
0.0.0.0 academyhouse.us
0.0.0.0 adobeplugs.net
0.0.0.0 amanity50.biz
0.0.0.0 autocashhh.hostmefree.org
0.0.0.0 hostmefree.org
0.0.0.0 autochecker.myftp.biz
0.0.0.0 myftp.biz
0.0.0.0 autoshop.hostmefree.org
0.0.0.0 autoupdatfreeee.coolwwweb.com
0.0.0.0 coolwwweb.com
0.0.0.0 checkingvirusscan.com
0.0.0.0 dailyissue.net
0.0.0.0 dailypatch-rnr2008.net
0.0.0.0 fenraw.northgeremy.info
0.0.0.0 northgeremy.info
0.0.0.0 generalemountina.com
0.0.0.0 goathoney.biz
0.0.0.0 jpnspts.biz
0.0.0.0 jpqueen.biz
0.0.0.0 mechanicalcomfort.net
0.0.0.0 micromacs.org
0.0.0.0 ncnbroadcasting.reportinside.net
0.0.0.0 reportinside.net
0.0.0.0 neao.biz
0.0.0.0 private.neao.biz
0.0.0.0 reportinside.netself-makeups.com
0.0.0.0 self-makingups.com
0.0.0.0 sourcecodecenter.org
0.0.0.0 supportforum.org
0.0.0.0 updatewifis.dyndns-wiki.com
0.0.0.0 dyndns-wiki.com
0.0.0.0 begatrendstone.com
0.0.0.0 autozone.000space.com
0.0.0.0 000space.com
0.0.0.0 genuinsman.phpnet.us
0.0.0.0 phpnet.us
0.0.0.0 auto2116.phpnet.us

* Those entries added to your hosts file will blockout domains/hosts this malware uses, included are sinkholed domains/C&C etc. (which *may* only be 'sinkholed' @ the DNS level in the USA only, as was the case with other malwares, courtesy of the FBI for US folks only - NOT overseas...)

SOURCE ARTICLE = http://www.net-security.org/se... & source of domains/hosts to cutoff via hosts is on that page as THIS .pdf -> http://25zbkz3k00wn2tp5092n6di...

APK

P.S.=> For even MORE comprehensive coverage & protection vs. such threats? Use my free APK Hosts File Engine 9.0++ 32/64-bit -> http://start64.com/index.php?o... (for more SPEED, SECURITY, RELIABILITY, & even ANONYMITY online)... apk

0.0.0.0 microblo5.mooo.com
0.0.0.0 mooo.com
0.0.0.0 microyours.ignorelist.com
0.0.0.0 ignorelist.com
0.0.0.0 micronames.jumpingcrab.com
0.0.0.0 jumpingcrab.com
0.0.0.0 microchisk.mooo.com
0.0.0.0 microalba.serveftp.com
0.0.0.0 serveftp.com
0.0.0.0 officerevision.com
0.0.0.0 tradeinf.com
0.0.0.0 42world.net
0.0.0.0 academyhouse.us
0.0.0.0 adobeplugs.net
0.0.0.0 amanity50.biz
0.0.0.0 autocashhh.hostmefree.org
0.0.0.0 hostmefree.org
0.0.0.0 autochecker.myftp.biz
0.0.0.0 myftp.biz
0.0.0.0 autoshop.hostmefree.org
0.0.0.0 autoupdatfreeee.coolwwweb.com
0.0.0.0 coolwwweb.com
0.0.0.0 checkingvirusscan.com
0.0.0.0 dailyissue.net
0.0.0.0 dailypatch-rnr2008.net
0.0.0.0 fenraw.northgeremy.info
0.0.0.0 northgeremy.info
0.0.0.0 generalemountina.com
0.0.0.0 goathoney.biz
0.0.0.0 jpnspts.biz
0.0.0.0 jpqueen.biz
0.0.0.0 mechanicalcomfort.net
0.0.0.0 micromacs.org
0.0.0.0 ncnbroadcasting.reportinside.net
0.0.0.0 reportinside.net
0.0.0.0 neao.biz
0.0.0.0 private.neao.biz
0.0.0.0 reportinside.netself-makeups.com
0.0.0.0 self-makingups.com
0.0.0.0 sourcecodecenter.org
0.0.0.0 supportforum.org
0.0.0.0 updatewifis.dyndns-wiki.com

* Those entries added to your hosts file will blockout domains/hosts this malware uses, included are sinkholed domains/C&C etc. (which *may* only be 'sinkholed' @ the DNS level in the USA only, as was the case with other malwares, courtesy of the FBI for US folks only - NOT overseas...)

SOURCE ARTICLE = http://www.net-security.org/se... & source of domains/hosts to cutoff via hosts is on that page as THIS .pdf -> http://25zbkz3k00wn2tp5092n6di...

APK

P.S.=> For even MORE comprehensive coverage & protection vs. such threats? Use my free APK Hosts File Engine 9.0++ 32/64-bit -> http://start64.com/index.php?o... (for more SPEED, SECURITY, RELIABILITY, & even ANONYMITY online)... apk

What are you finding unclear about this graphic?

http://www.net-security.org/im...

“On the C&C server we detected there was no information as to which specific malware program was used in this campaign. However, many existing Zeus variations (Citadel, SpyEye, IceIX, etc.) – have that necessary capability. We believe the malware used in this campaign could be a Zeus flavor using sophisticated web injects on the victims” ref

What?! :-)

You mean proven "hardware backdoor" Samsung?

I don't know about Cook & Ives shuck and jive, since the passing of Jobs... But I'm pretty sure the iOS crypto flaws are lower risk than ANYTHING those gangsters make at Samsung. I won't let them land an icebox in my house!

Did you actually drill down into the details? It IS a backdoor, but It IS NOT a hardware back door.

It is an IPC protocol between the baseband processor and the application processor. The baseband processor can make IPC request for the application processor to modify its FLASH file system. It is a generic service. I am guessing (as are the people who found the backdoor) it was used for development/debugging and got left behind. Stupid oversight for sure. There is nothing sneaky about it at all, and the backdoor has no special privileges beyond libc-bog-std file system calls. The rest of the IPC command table reads about like you'd expect for a protocol between the app processor and the baseband.

All this shows is that Samsung is just as stupid about security as everyone else.

What?! :-)

You mean proven "hardware backdoor" Samsung?

I don't know about Cook & Ives shuck and jive, since the passing of Jobs... But I'm pretty sure the iOS crypto flaws are lower risk than ANYTHING those gangsters make at Samsung. I won't let them land an icebox in my house!

In a prelude to the more recent gross attacks on democracy, the US and UK have both been consistently shitting on whistleblowers for many decades.

Snowden's method will probably only work if your leak will make you famous. For everyone else, anonymity would be advised.

The author of Spyblog has been documenting the progress of the UK's seemingly-inexorable descent into a Stasi police state for about 10 years.

In 2006, he started posting tips on whistleblowing. This has since evolved into a more comprehensive website.

http://ht4w.co.uk/

The NSA subverted American communications deliberately, and have introduced vulnerabilities into encryption via NIST. AES may or may not have been broken or subverted, but yes they are that stupid:

https://www.net-security.org/secworld.php?id=15531

Given that one of their other mandates is not to lie to congress, to abide by the rulings of the FISA court, and not to spy on Americans (all of which they have breached), I think you can assume that they don't care what their legal restrictions are and do not respect them.

Who is forcing? My iPhone 5 is still working just fine on iOS 6. I upgraded the iPad Mini and it's working just fine, but I'm not ready to mess with the phone, got too much stuff on there to just run out and upgrade to the latest and greatest before it's been properly tested by 200 million beta testers [businessinsider.com].

I'll wait for 7.1, then wait two weeks after that.

I admire Android users fearlessness though, to run an OS that freely gives complete control over everything to any app or website. I have no idea how Android users sleep at night, knowing their Android phone can be remotely wiped and reset to factory settings simply by visiting a website.

Do you really trust Apple, Microsoft, or Google to put your privacy, security, or freedom before their bottom line?
I for one cannot *wait* to get a FoxOS phone. Presumably my communications will be encrypted by default, and I expect better performance on account of not being spied on/tracked/marketed to all the time.

actually, it's more than that: they can show that the drives are his _and_ that the drives contain illegal material. In other words, he's already been incriminated, and ordering him to give up the keys isn't considered to be "incriminating himself" anymore.

Isn't it funny, though, that he's still not charged of anything? TFA:

Jeffrey Feldman, a software developer at Rockwell Automation, has still not been charged with any crime

I think they said there is a modified httpd although. It should be enough to raise suspicion.

https://www.net-security.org/secworld.php?id=14836

is this for cpanel or apache?

TFA

"We still don’t know for sure how this malicious software was deployed on the web servers," the researchers admit. "We believe the infection vector is not unique. It cannot be attributed solely to installations of cPanel because only a fraction of the infected servers are using this management software. One thing is clear, this malware does not propagate by itself and it does not exploit a vulnerability in a specific software."

Don't bother viewing the original presentation. The whole shit depends on the user NOT using any form of wireless encryption. Unless I missed something seriously god damned important. ( possible, but not, I hope, too likely. Go lose 60 minutes of YOUR life if you want to be sure. Alcohol may have slightly impaired my abilities. Fuck me if it has. ) While there is a valid scenario, it is really a bullshit article, IMO. http://www.net-security.org/secworld.php?id=14651 and http://www.youtube.com/watch?feature=player_embedded&v=u7RjJNLnWF8\ Photog uses it out of the box, solo. Yup, plausible. Stupid photog, non-important shoot. EndUsers are idiots. No damage. ( well, you know.. ) Photog uses it out of the box, solo. Yup, plausible. Editor uses photos and cares not for source accuracy. EndUsers are idiots. No damage. ( well, you know.. ) Photog uses it out of the box, solo. Yup, plausible. Editor looks at photos and says "WTF" No damage. ( well, you know.. ) Photog uses it out of the box with assistant. "Hey John, Why TF are no photos showing up on our laptop?" Assistant resets connection to camera, calls cops, and/or security, and/or whatever, when it happens over and over. Or better yet, turns off wireless and uses the Spare CF cards that EVERY FRIGGIN PHOTOG CARRIES NEXT TO HIS BALLS to take pics. Uses them to take pics and sends those to his publisher. ( Looking at all of them BEFORE he sends them, if he is fucking 10% clueful. ) Oh yeah, the PUBLISHER LOOKS AT THE PHOTOS ALSO - BEFORE USING THEM. Need I go on? Attack mitigated... FFS Sure, there are scenarios here where this could be a problem. Are any of those scenarios useful if your name is not Ethan Hunt? What is the range of this attack, and the probability of success? I'll shut up now.... Posting anon cause i am a serious asshole. Fuck you all.

http://www.net-security.org/software.php?id=259

(via the submission queue, posting anon because I already moderated a post)

http://www.net-security.org/secworld.php?id=14247

I see a lot of posts saying, "I don't need java applets. None of the web sites I visit use java applets. We should use this an an opportunity to let java applets die. Die, applets, die die!"

There are a lot of problems with this simplistic response.

One problem is that a lot of people are using java applets to do things that are important to them. Applets are widely used in the medical industry. I teach physics for a living, and there are several educational applets, written by other people, that I use to demonstrate ideas about thermodynamics. (Warning, car analogy coming up.) Just because you don't drive a Honda Fit, that doesn't mean it's OK to tell every owner of a Honda Fit that they aren't allowed to drive it anymore.

The other problem is that you have to consider the alternatives.

Javascript is in many ways a nice little language. However, it's a disaster because of the lack of a standardized DOM, and it simply doesn't have the necessary facilities to do all the things that a java applet can do.

Flash is essentially proprietary, has been designed in a chaotic way, and is a frequent vector for malware, comparable to java applets and adobe reader.

Silverlight is only viable on Windows.

Java applets, warts and all, have some important advantages because of the design of java. Java was designed to be extremely portable. Java (unlike flash and javascript) was intended from the start to be a good general-purpose programming language. Java and java applets were vastly overhyped back in the 90's, but java applets are in fact an important and useful web technology that some people need and want. The problem seems to be that an important and useful web technology has fallen under the control of a corporation that is irresponsible about security.

While Java applets are very rare

Let's keep that in mind for the rest of this discussion. Java is in no way, shape, or form a necessity for the vast majority of users. It is, however, a huge risk.

How is anyone supposed to ever use it if web browsers start disabling it for every 0-day vulnerability that pops up.

First, Java has been available for web use since 1994. It's nearly 20 years old. It's not like it hasn't had a chance to take hold. There are plenty of reasons people choose not to use it. It's been an option for several projects I've been involved in, and we've never chosen it. Second, that "every 0-day vulnerability" part.. well, that's part of the problem with it. It has a lot of vulnerabilities, and a lot of them take a while to get fixed. So to answer your question, if browsers keep rightfully disabling a vulnerable POS software then people will not use it. Hopefully it will just go away.

It's not like Firefox and Safari don't also have 0-day vulnerabilities

Actually, it sort of is like that. Mozilla is pretty good about fixing bugs. If you don't believe me, here's their list of vulnerabilities. Go ahead and find the section on that page which lists the unfixed vulnerabilities. Here is the vulnerability page for Firefox 18 on Secunia. Take a look at the stats on the right side to see how many vulnerabilities it is currently affected by, as well as the percentage of unpatched. Here is the same Secunia page for Java JRE 1.7, go ahead and compare that to Firefox 18.

IMO there should be a small grace period of 1-2 weeks

Java has had a grace period of 19 years. Under Oracle, it's been around 6 years. This shit keeps happening. There is a pattern here. There is a reason why Java is the #1 infection vector for Windows machines. The browsers are just trying to protect their users. Blocking the #1 infection vector is a pretty decent way to do that. If they also blocked the Acrobat plugin then that would be another step in the right direction.

US CERT has the right idea:

Due to the number and severity of this and prior Java vulnerabilities , it is recommended that Java be disabled temporarily in web browsers as described in the "Solution" section of the US-CERT Alert and in the Oracle Technical Note "Setting the Security Level of the Java Client."

(emphasis mine)

And they're perfectly secure.

Ahahahah! Oh man, you must be great in parties!

http://news.softpedia.com/news/JPMorgan-Chase-Bank-Server-Hacked-Tiffany-Employee-Details-Exposed-294557.shtml
http://www.computerworld.com/s/article/9116933/Report_World_Bank_servers_breached_repeatedly
http://www.theregister.co.uk/2010/01/12/bank_server_breached/
http://www.bbc.com/news/technology-13711528
http://www.networkworld.com/news/2012/062612-operation-high-roller-260478.html
http://www.computerworld.com/s/article/9033999/Bank_of_India_site_hacked_serves_up_22_exploits
http://www.net-security.org/news.php?id=3181

And this was just with a 5m search.

This will be abused. Life is too short to list how and why. Let's just say that people will be knocked off (up?) for expressing something "offensive". Feel free to define that as you wish. The authorities and fanbois will.

Well the current situation is definitely abused... Now the question of course is what kind of a solution is used to treat the problem, but personally I'd like to be notified if I had a contagious desease that I did not know about and could be harmful for me too.

Here's how one ISP handled it: http://www.net-security.org/article.php?id=1703

You're right, the Java programming language is not a security threat to computers in general. The Java Runtime Environment, and its various browser implementations, however, is definitely a threat. Just like PDF documents are not a threat, but Acrobat Reader is definitely a threat. See here for proof (spoiler: Java was the #1 infection vector, at 37%; Acrobat #2 at 32%).

"No operating system is 'unassailable'. " - by Anonymous Coward on Wednesday June 06, @09:32AM (#40231439)

See subject & I absolutely am (for now @ least vs. this particular threat, via 4 methods (patch by MS, custom hosts file blocking of "flame"'s C&C servers that are known, & security hardening my system + the OS I use)):

PROOF? Ok!

http://www.net-security.org/malware_news.php?id=2138

Flame's massive C&C infrastructure revealed - Posted on 05.06.2012:

PERTINENT QUOTE/EXCERPT:

---

"It's interesting to mention that these machines mostly run Windows XP and Windows 7 32 bit, but none of them run Windows 7 64 bit, which seems impervious against this and most other malware."

---

* Especially when "security-hardened" as I have done for Windows NT-based systems since the early 1990's:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&qs=ns&form=QBLH

RESULTS OF SUCH SYSTEM SECURITY HARDENING BY TESTIMONIAL OVER 1 YEAR BY A USER OF MY GUIDES FOR SECURITY:

To "immunize" a Windows system, I effectively use the principles in "layered security" possibles!

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

I.E./E.G.-> I have done so since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text

& from as far back as 1997 -> http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml which Neowin above picked up on & rated very highly.

That has evolved more currently, into the MOST viewed & highly rated one there is for years now since 2008 online in the 1st URL link above...

Which has well over 500,000++ views online (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:

---

1.) An Essential Guide
2.) 5-5 star rated
3.) A "sticky-pinned" thread
4.) Most viewed in the category it's in (usually security)
5.) Got me PAID by winning a contest @ PCPitStop (quite unexpectedly - I was only posting it for the good of all, & yes, "the Lord works in mysterious ways", it even got me PAID -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/ (see January 2008))

---

Across 15-20 or so sites I posted it on back in 2008... & here is the IMPORTANT part, in some sample testimonials to the "layered security" methodology efficacy:

---

SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"So you were not protected (granted nobody was) while they were online" - by Anonymous Coward on Wednesday June 06, @05:26AM (#40230157)

I was & AM, always protected - evidently you didn't read my 1st post & evidence of that much, simply by using Windows 7 64-bit (here it is again):

http://www.net-security.org/malware_news.php?id=2138

Flame's massive C&C infrastructure revealed - Posted on 05.06.2012:

PERTINENT QUOTE/EXCERPT:

---

"It's interesting to mention that these machines mostly run Windows XP and Windows 7 32 bit, but none of them run Windows 7 64 bit, which seems impervious against this and most other malware."

---

I also SECURITY-HARDEN by Operating Systems, so that is another measure of defense here also (per "industry 'best practices'" via CIS Tool & more - there's no real way INTO my machines because of it, you can see my guide & see why, I posted links to it from BING in my init. post)...

"You mean the servers active for the past 4 years changing name more than 80 (known !) times (+ all the unknown ones) ?" - by Anonymous Coward on Wednesday June 06, @05:26AM (#40230157)

Apparently you're also NOT aware that malware makers/botnet herders etc. RECYCLE host-domain names eventually (e.g. -> the RBN (Russian Business Network) was NOTORIOUS for it)...

(So, placing those into a custom hosts file is just "long-term protection" vs. that happening too...)

* There you go...

APK

P.S.=>

"This sarcasm was brought to you by the AAA" - by Anonymous Coward on Wednesday June 06, @05:26AM (#40230157)

Well, then I corrected you & your sarcasm? Well, then THAT makes you a troll (which I suspected from the outset here in your initial response also but I kept it civil)... NOW??

Well - You have to "eat your own words" now... how do they taste, flavored with the bitter taste of SELF-defeat & your foot in your mouth?? So much for YOUR 'sarcasm', eh??? LOL!

... apk your sarcasm? Well, then THAT makes you a troll (which I suspected from the outset here in your initial response also but I kept it civil)... NOW??

Well -

See subject-line, & this -> http://www.net-security.org/malware_news.php?id=2138

Flame's massive C&C infrastructure revealed - Posted on 05.06.2012:

PERTINENT QUOTE/EXCERPT:

---

"It's interesting to mention that these machines mostly run Windows XP and Windows 7 32 bit, but none of them run Windows 7 64 bit, which seems impervious against this and most other malware."

---

* Especially when "security-hardened" as I have done for Windows NT-based systems since the early 1990's:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&qs=ns&form=QBLH

(I can't be harmed by this bogus puny machination the malware making weasels make... no way, no how, not possible!)

APK

P.S.=> It's part of why I use it... apk

That seems like less harm then depriving the rightful owners of the code access, the american taxpayer.

Simply out of curiosity:

of what possible use is internal accounting software designed for enterprises on the scale of the US government to the average American taxpayer?

The software in question keeps track of money exchanged between US government agencies and, according to the authorities, its development cost nearly $10 millions.

Programmer pleads guilty to US govt software source code theft

He said to the FBI that he did so that the code would be available to him in the event of losing his job, and to use it for his private business, which is teaching computer programming.

If one can get to the command line you can execute "perl vurus.pl" and use the path to find the interpreter. That works wherever perl is installed as advised by most Perl packages.

I suspect that an office mono culture never develops, we go back to the situation in the 1980s when there was genuine diversity of productivity applications.

Monocultures in software are an effect of the necissesity of training or knowledge of software. A company can not reasonably expect a new employee to know a piece of esoteric office software that is only known by 5% of the people qualified for the job. Therefore the company would have to train the person on the the company's software and most new employees will waste time getting familiar with the local office suite. It is much simpler much more cost effective for a company to ask for experience with a standard software suite. Already Open Office is used on 22% of desktops. It is easy to see that Open Office will me the predominant office suite if Linux gains popularity.

Diversity is only possible if people choose divers options. Standardization is desirable to most people. They want to be able to go from job to job and not have to worry about what software they will be using to do basic things like writing a document. Even if multiple options are available most people will choose the popular one. Diversity is only possible if people choose divers options. Why does Open Office have so much market penetration? Where Microsoft office is the standard for office suites Open office is the standard for free office suites.

If one can get to the command line you can execute "perl vurus.pl" and use the path to find the interpreter. That works wherever perl is installed as advised by most Perl packages.

As for would they do it, both Microsoft and OSX have found nagging and easy one click to work well to get people to update. No reason not to follow their example.

Here is a quote from this article written in June 2011;

In the previous month alone, four of the Top 10 computer malware programs had been targeting Java security holes for which Oracle had been offering an update since March 2010. There's also been an increase in malware that installs adware or tries to lure users to install bogus antivirus programs.

Security vulnerabilities were still be exploited over a year after a patch came out. Many desktop users are loath to update anything as they fear breaking their installation. I do not see that Linux desktop users will be any different. If Linux gains business share there will be many more non-technical users which will be very different from today's geeky users.

As any OS penetration it will gain more and more of the issues the Windows has and will have very similar security issues.

As of 2010, Adobe Reader was kicking Preview's ass on security. No, that's not a joke. Nor is it fanboyism; I don't use either one. It's just a plain and simple fact. The probable reason? Adobe, like Microsoft, has had many years of being a high-profile target, and has put a lot of effort into finding and fixing security bugs. Apple, quite frankly, has not.

http://net-security.org/secworld.php?id=9725
Watch the second video, and jump ahead to 8:57 (almost the end) if you want a simple comparison.

For the lazy, here's the basic facts: Preview had from the same set of 1400 PDFs downloaded from the web, run through a mutational fuzzer to produce 2.8 million test files. Preview had 7 times as many unique crashes as Adobe Reader, and at least 3 times (more realistically, probably 10 times; at worst, 20 times) as many exploitable bugs.

When a guy like Charlie Miller (very well-respected security researcher) can find 7 security bugs in Apple's code for each one he finds in Adobe's (using the exact same test cases), Apple has a serious security problem.

I find Facebook's concern for privacy ironic considering this...
Although it should be against the law for businesses to pry into our personal lives, including our financial history, Facebook is the wrong company to lead the charge.

"But its just not true, the link just tells you exactly which settings on a stock android installation to connect to a L2TP/IPSEC VPN, the link I gave is just for an encrypted VPN provider that supports Android." - by mSparks43 (757109) on Tuesday January 03, @05:31PM (#38578524) Homepage

See subject, & remember: BUILT INTO ANDROID ITSELF (as far as IPSec) is the key apparently to be aware of & take up with them here in regards to the statement in my 'p.s.' quoted from them!

Did you catch that video about securing smartphones, & when the presenter asked the crowd (of security guys/hacker-crackers mixed) HOW MANY HAD SMARTPHONES, & most did not? The reason WHY is most of us are waiting for the time they MATURE MORE on the SECURITY FRONT is why - I won't, because of THAT alone to be blunt about it.

APK

P.S.=> http://www.net-security.org/article.php?id=1662&p=1

PERTINENT QUOTE/EXCERPT:

"Integrated IPsec client lacking with Android"

---

... apk

If security issues of ANY kind happened on ANDROID? It's an ANDROID (thus, a Linux problem) problem.

* The links I posted all thru here (90 of them roughly) ALL happened on ANDROID, & they were all security issues...

(No denying that, though you're in denial over it & the problems? Serious - if they involved money, & they do in the MILLIONS?? It's serious!).

This also indicates my MAIN POINT:

That is that once Linux gets a share of market that's large, it WILL be attacked, & all the FUD spread about on /. for years of "Linux = Secure" was only security-by-obscurity hiding it/keeping it safe on PC desktops (where Linux only commands a 1.19% share of market, thus, not enough "ROI" in targetting it there by malware makers/hacker-crackers).

APK

P.S.=> You misunderstood the article's point also on VPN, it wasn't VPN, but an IPSec solution integrated into ANDROID (it lacks it & for business, other VPN solutions aren't as "solid" for security -> http://www.net-security.org/article.php?id=1662&p=1 )... apk

1st - NOT VPN, but an INTEGRATED IPSEC SOLUTION!

Again:

---

http://www.net-security.org/article.php?id=1662&p=1

PERTINENT QUOTE/EXCERPT:

"Integrated IPsec client lacking with Android"

---

&

2nd - That looks like a website to me, not an app for ANDROID built into its kernel (like most true IPSEC setups are).

* No, I don't own an ANDROID phone (nor any smartphone, just a NOKIA mobile simple one)... why? You MAY want to listen this mp3 soundbite from today's article here:

http://it.slashdot.org/story/12/01/03/0610227/chaos-communication-congress-releases-talks

& specifically, this MP3 from that article (about mobile phone security):

http://ftp.ccc.de/congress/28C3/mp3-audio-only/28c3-4736-en-defending_mobile_phones.mp3

APK

P.S.=> This is the "why" of WHY I don't use a "smartphone"... they're a bit "TOO SMART" for their own good & until they ARE more secure? I'll hold off, & continue to do so... apk

See how many devs there (hacker/cracker/security types actually) actually do (the minority) ->

APK

Securing Android for the enterprise:

http://www.net-security.org/article.php?id=1662&p=1

PERTINENT QUOTE/EXCERPT:

"Integrated IPsec client lacking with Android

Android, however, brings some risk with it. For instance, one of the challenges enterprises face is securing communication between the mobile devices and the company network. VPNs are a tried-and-tested remote access technology designed to resolve this exact issue. Androidâ(TM)s VPN client, starting with version 1.6 (called âoeDonutâ), is based on the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP). It also supports L2TP with IPsec pre-shared keys and VPN connections via IPsec VPN, on the basis of certificates and an optional L2TP-"secret" mode.

And while many companies use IPsec for secure remote access to their networks, no integrated IPsec VPN client is available on Android - not even in the current version. Apple has already fixed this shortcoming in iOS, in part, because it wanted make the iPhone attractive for businesses. Since its third iteration, the iPhone has featured an integrated IPsec client that works with common VPN gateways.

Access to smartphone firmware necessary

The Android operating system doesnâ(TM)t just lack an integrated IPsec VPN client; it also makes installing and configuring third-party VPN software quite complicated.

IPsec VPN clients have to be integrated into the kernel of each device, and the client software has to be installed specifically for a memory area. This means that the firmware of each Android smartphone or tablet has to be modified accordingly.

IPsec VPN providers have to ask each vendor of Android systems, like HTC, Samsung or Sony Ericsson, for access to the system software of the devices. Considering how time-consuming and financially burdensome this process is, many vendors, justly, frown upon it. Vendors are particularly not fond of disclosing the details of their Android implementations to third parties.

Alternatives: PPTP and L2TP via IPsec

Until a âoerealâ IPsec VPN client is available, Android users can use their devicesâ(TM) integrated VPN clients based on PPTP or L2TP, which is deployed over IPsec. A âoerealâ IPsec VPN connection, however, is more secure because it encrypts data prior to authentication.

NCP tested this on smartphones with Android 2.2 and found that with L2TP over IPsec, data is sometimes transmitted unencrypted due to the lack of implementation.

The system interrupts transmission only after some time (about 180 seconds). In fact, we found that if the wrong pre-shared key is used, the IPsec VPN connection will not be configured properly. When L2TP is deployed over IPsec, certificates are used to carry out secure authentication. For this reason, the appropriate certificate has to be installed on the Android device. On top of this, a man-in-the-middle attack can lead to an L2TP transmission without encryption.

The standard Android client, however, does not function with all VPN servers and gateways. Sometimes even accessing the same VPN fails if Android smartphones of certain vendors are used. Developer and support forums have plenty of threads written by frustrated Android users looking for professional solutions to access company networks.

In fact, on one forum, a member complained that he successfully set up a connection to the corporate VPN from a Samsung Galaxy S via L2TP/IPsecâ"but he failed to do so with a Sony Ericsson Xperia smartphone and a different Android smartphone from Samsung. In each case, the configuration settings were the same, yet it was unfathomable as to why connection setup failed.

Even the IT department of a renowned German university has, in its intranet manual, called out Android for its poor VPN access, citing "the Android versions of the mobile

Any conspiracy theory about stuxxnet has to explain this fact : http://www.net-security.org/secworld.php?id=10596

An Israelian general claims to have worked on Stuxxnet.

The greatest myth of Stuxnet is that the perpetrators who created it are still a mystery. A retiring Israeli general admitted on _video_ and bragged about the fact that Stuxnet was developed as a joint U.S.-Israeli project to attack Iran's nuclear facilities.

http://www.net-security.org/secworld.php?id=10596

He's full of it.

I did it.

The greatest myth of Stuxnet is that the perpetrators who created it are still a mystery. A retiring Israeli general admitted on _video_ and bragged about the fact that Stuxnet was developed as a joint U.S.-Israeli project to attack Iran's nuclear facilities.

http://www.net-security.org/secworld.php?id=10596

To reconsider ur statement on Windows http://yro.slashdot.org/comments.pl?sid=2514010&cid=37985420 and http://yro.slashdot.org/comments.pl?sid=2514010&cid=37986120 because very recent history has shown Linux to be quite poor on the security front in practice.

Now - You note history: Did you know that as far back as Windows NT 3.x that Windows achieved the "Orange Book" C-2 security rating?

* Windows NT-based OS's HAVE been built with that in mind (witness ACL's which Linux only gained an analog of in MAC, via SeLinux which the NSA produced as an addon/bolt on for std. Linux mind you, clearly copying a good idea from Windows no less).

APK

P.S.=> The problem out there is two-fold, imo @ least:

1.) For everything & anything the coders or designers can think of, the hacker/cracker types will "unthink" & work-around (eventually that won't be the case & the cracks WILL get 'sealed' but takes time) - I've said this since my 1st security presentation back in 1984 @ LeMoyne College in fact, & it's held true ever since

2.) The end user, & programs they use that are insecure... in fact, want to know what's causing the MOST hassles on Windows (2 widely used programs), read here:

JAVA, & Adobe Products MOSTLY (99.8% in fact), per this:

http://net-security.org/malware_news.php?id=1863

& this:

http://www.net-security.org/secworld.php?id=11759

You MAY find those links, QUITE "enlightening" actually...

... apk

To reconsider ur statement on Windows http://yro.slashdot.org/comments.pl?sid=2514010&cid=37985420 and http://yro.slashdot.org/comments.pl?sid=2514010&cid=37986120 because very recent history has shown Linux to be quite poor on the security front in practice.

Now - You note history: Did you know that as far back as Windows NT 3.x that Windows achieved the "Orange Book" C-2 security rating?

* Windows NT-based OS's HAVE been built with that in mind (witness ACL's which Linux only gained an analog of in MAC, via SeLinux which the NSA produced as an addon/bolt on for std. Linux mind you, clearly copying a good idea from Windows no less).

APK

P.S.=> The problem out there is two-fold, imo @ least:

1.) For everything & anything the coders or designers can think of, the hacker/cracker types will "unthink" & work-around (eventually that won't be the case & the cracks WILL get 'sealed' but takes time) - I've said this since my 1st security presentation back in 1984 @ LeMoyne College in fact, & it's held true ever since

2.) The end user, & programs they use that are insecure... in fact, want to know what's causing the MOST hassles on Windows (2 widely used programs), read here:

JAVA, & Adobe Products MOSTLY (99.8% in fact), per this:

http://net-security.org/malware_news.php?id=1863

& this:

http://www.net-security.org/secworld.php?id=11759

You MAY find those links, QUITE "enlightening" actually...

... apk

"I have been contacted by Entrust who say that two of the certificates issued by the Malaysian DigiCert Sdn. Bhd. were used to sign malware used in a spear phishing attack against another Asian certificate authority," reports Sophos' Chester Wisniewski.

Linux, in its KERNEL ONLY mind you, has 4x++ the unpatched security vulnerabilities Windows 7/Server 2008 have, AND UNPATCHED REMOTE ONES no less in Linux also (which Windows is also a complete "distro" with all of its parts, not just a kernel only - add on the other parts of Linux that come in a distro, you will get more)!

In fact, Linux's kernel ALONE has 4x the # of unpatched bugs the ENTIRE SUITE/ARRAY OF WHAT MICROSOFT GIVES YOU TO DO BUSINESS & DEVELOPMENT WITH!

This data's ALL from a respected source (secunia.com) for known security vulnerabilities unpatched:

---

Vulnerability Report: Microsoft Windows 7: (11/27/2011)

http://secunia.com/advisories/product/27467/?task=advisories

Unpatched 6% (5 of 85 Secunia advisories)

OR

Vulnerability Report: Microsoft Windows Server 2008: (11/27/2011)

http://secunia.com/advisories/product/18255/?task=advisories

Unpatched 3% (4 of 153 Secunia advisories)

* Nicest part here is, that the few unpatched vulns ALL have valid easy work arounds, or don't apply to workstations, or can be secured for (by turning off services you don't need, especially on desktops/workstations or by securing them down rights-wise)... can Linux say the same?

Doubt it!

PLUS, what REALLY causes malware outbreaks in Windows?? JAVA, & Adobe Products MOSTLY (99.8% in fact), per this:

http://net-security.org/malware_news.php?id=1863

& this:

http://www.net-security.org/secworld.php?id=11759

---

FACT - THAT'S 4x++ LESS UNPATCHED SECURITY VULNERABILITIES ON MS NEAR ENTIRE ARRAY OF WHAT THEY GIVE YOU FOR BUSINESS & DEVELOPMENT - see my p.s. below in fact on that note

(& I know that LAMP can't say the same & tosses on even MORE errors into the mix for Linux)

, THAN IS PRESENT ON THE LINUX 2.6x KERNEL ALONE!

NOW- Toss on the rest of what goes into a Linux distro OR the "LAMP" stack, also (Linux, Apache, MySQL, PHP)?

?

That # goes "up, Up, UP & AWAY...", bigime & even moreso, "increasing that lead, that Linux has", lol, in more unpatched known security bugs present that is (a dubious honor/win, lol, to say the least).

So, that "all said & aside"?

Compare a "*NIX/Open SORES" OS in Linux's "latest/greatest"?:

---

Vulnerability Report: Linux Kernel 2.6.x (11/27/2011)

http://secunia.com/advisories/product/2719/?task=advisories

Unpatched 6% (18 of 281 Secunia advisories)

---

AND YES, there are 3 remotely vulnerable unpatched security problem outstanding in Linux there too, unpatched (despite all the "Open 'SORES' eyes" out there to fix it (yea, "right", not!))

* Additionally/again - so it "sinks in":

That's also more than the ENTIRE GAMUT of what MS gives folks to do business & build tools for it as well has & LAMP certainly cannot show less errors in unpatched security vulnerablities than 5 total from MS...

In fact? LAMP is the favored attack for phishers & spammers:

http://www.theregister.co.uk/2011/06/10/domains_lamped/

---

PERTINENT QUOTE:

"Phishers compromise LAMP-based websites for days at a time and hit the same victims over and over again, according to an Anti-Phishing Working Group survey.

Sites built on Linux, Apache, MySQL and PHP are the favoured targets of phishing attackers,"

---

Vulnerability Report: MySQL 5.x (11/27/2011):