When Comcast customers tried to access the Comcast.net site in May 2008, they were redirected to an unknown web page which displayed a message identifying the hackers as the Kryogeniks gang. At that time about five million people connected to the site each day, according to the United States Department of Justice.

Instead of users getting the normal Comcast.net home page, the message on the page greeted customers with the message as follows:

“KRYOGENIKS Defiant and EBB RoXed COMCAST sHouTz to VIRUS Warlock elul21 coll1er seven”.

Immediately after Comcast was able to address the hack, the registrar came back to say that they did not know how the hackers managed to get the passwords necessary to switch the DNS servers and redirect the site.

The indictment has shed some light on how this hack was accomplished. It has been revealed that one of the defendants, Christopher Allen Lewis, made two phone calls to get the information that he and his friends used to access Comcast’s DNS information.

The filing claims that one of the defendants, Michael Paul Nebel, allegedly logged onto a specific Comcast email account that allowed him to communicate with Comcast’s DNS registrar. Lewis was then able to sign onto Comcast’s account at the registrar and point the Comcast.net site to the page he and the others created.

During the attack, one of the defendants, Lewis, called a Comcast employee at his home and asked if the company’s domains were working properly as the indictment alleges.

Comcast claims it lost US$128,578 during to the attacks.

James Robert Black Jr. is the third defendant named in the indictment. The men are charged with one count each of conspiracy to intentionally damage a protected computer system. The charges have been filed in the US District Court for the Eastern District of Pennsylvania.

If convicted they will face a five-year prison sentence and each be fined $250,000. It is time that hackers face the music. Hopefully the harsh punishment in this case will be a wake-up call to other hackers out there.

A comprehensive Verizon report released by ICSA Labs in the beginning of this week, summarizes 20 years of testing anti-virus and firewall products and their ability to detect and remove malware. The report concludes that more than 80 per cent of security products fail to perform certification as intended on the initial attempt under a widely-used industry kite-mark scheme. Only 4 percent of products tested at ICSA attain certification in the first testing cycle. Not to mention, the certification could be lost if periodic re-testing reveals the products are not able to keep up.

Surprisingly, the sad statistics are a reality. ICSA Labs states that most products need two or more cycles of testing to attain certification. 82 percent of products resubmitted for testing finally get certification. ICSA also noted that certified products are still required to go through benchmarks periodically for maintaining their continuous certification. George Japak, managing director of ICSA and one of the report’s authors, says that it took half a year just to make the oldest data absolutely accessible for data retaining. He added that a huge number of analysts and experts worked on the report, which provides serious perception of the development of the computer security industry.

ICSA Labs Product Assurance Report noted that 78 percent of product initial test failures throughout the first course of tests across seven product categories are because of an inadequate performance of core product functionality. The products include anti-virus, network firewall, Web application firewall, network IPS, IPSec VPN, SSL VPN and custom testing. Anti-virus products often weren’t able to defend malware infection at the first try while firewalls or IPS (intrusion prevention) products couldn’t make the grade in freezing attack traffic.

The next most common violation covers logging, which is especially important for enterprise customers. Incomplete or inaccurate logging of who did what and when accounted for 58 per cent of primary failures. Logging is often thought to be a nuisance and undervalued particularly when it comes to firewalls. Surprisingly, the third most common violation involves security flaws in the product’s inherent security problems. For instance, a web-based control console might be prone to cross-platform scripting. These problems also add vulnerabilities that compromise the confidentiality or integrity of the system, and random behavior that influences product availability.

The study also determined a few issues with security products which involve poor product documentation and problems covering patching, if a product accepts security updates properly. Nearly every network firewall or web application firewall investigated suffered at least from one logging problem. Just under half of security products had difficulties with their own security and were able to be used to invade the exact system they were thought to be securing.

The Windows 7 SMB flaw was misreported as a ‘zero day exploit’ and later acknowledged as a security advisory. After users notified of this particular threat, Microsoft delivered a Security Advisory, which offers the necessary details about the scope and nature of a possible assault, and actions that can immediately be taken by users to assure the protection of their affected systems.

Reportedly, the SMB bug can be exploited by cyber criminals to remotely crash any computer running Windows 7 or Windows Server 2008 R2 but not result in any other type of damages. Microsoft has already certified that a functional exploit code has been made available for the disclosed vulnerability. However, currently they are not aware of any active attacks of this bug using the published exploit code in the wild. In the recently-released advisory, Microsoft has clarified that the outlined flaw is rather restricted in its possible effect; it can neither be used by the hacker to gain control of vulnerable systems nor to install malicious software.

The advisory rebukes the researcher, Laurent Gaffié, for revealing the vulnerability with exploit code before Microsoft had an opportunity to fix it. Microsoft also says that this vulnerability isn’t related to MS09-050, a ‘Vulnerability in SMBv2 Could Allow Remote Code Execution’, which is another flaw in Windows 7 issued by a researcher and patched in October. Microsoft says it does not yet know of any attacks against the flaw, but it has seen public and detailed exploit code that would result in a system to stop functioning or become not trustworthy. A patch for this is not yet available.

Microsoft is composing a security update which will fix this issue. Still, the earliest users can expect to see that update is possibly on Microsoft’s Patch Tuesday for December, which isn’t until December 8th. Meanwhile, there are some workarounds or extra steps users could perform to protect their computer systems against exploitation of this vulnerability. Users should block the primary SMB-protocol-specific TCP ports, that is, 139 and 445 at the standard firewall. The recommended action would help defend any exploits from outside of the network, it would also disable the ability to use certain functions and services through the firewall, such as Group Policy, Net Logon, and Computer Browser. Presently, the bug is only able to freeze the system, and after that, a manual restart is needed. Luckly, it does not enable the ability to run commands or install malware.

These functions and services should not be allowed across the firewall anyway. A VPN connection should be needed to give a safe, encrypted tunnel to access internal services and resources across the firewall. If a user uses a VPN connection, these functions would not be affected if the ports at the firewall are blocked. As this workaround would defend some exploits, Microsoft also granted that the bug can be exploited by hackers, not only by sending a malicious attack packet from another computer on the network but also by creating a malicious Web page and enticing users to click on a link to a shared file. Browsing the site could urge an affected system to make an SMB connection to an attacker-controlled server, which would crash the computer system. That method can be used to exploit the SMB flaw from any type of Web browser, not just Microsoft’s Internet Explorer. The only recommendation for users is not to click on unidentified links in e-mails or instant messages, which is the normal recommendation for avoiding any type of computer parasite.

It would almost be impossible to perceive a major cyber attack becoming a reality but in fact, it could happen according to security vendor McAfee.

Cyber warfare sounds really scary, however, this may be the truth someday. The computer security company McAfee made a conclusion on its analysis of recent net-based attacks on the very idea of a cyber war. The security firm informs and alerts computer users about a likely IT war! In the report McAfee said that there is little disagreement that there are growing numbers of cyber attacks over the Internet that more closely resemble explicitly political conflict than crime.

According to 2009 Virtual Criminology Report, the US, Russia, France, Israel and China are not only making ready their cyber-defenses but also they’re making ready cyber-offenses to organize their own attacks. McAfee continued by saying that they have also seen evidence that nations around the world are uplifting their capabilities in cyber-space, in what some have pointed out to as a cyber arms race. While definitions of what comprises cyber war are not distributed, it was clear that many nations were preparing for a future in which conflict was partly carried on through the net.

A short while ago, the UK government announced plans for creating a central Office of Cyber Security (OCS) to handle the increasing level of online attacks. The report said that the OCS would have a role in coordinating offensive capabilities and, in extreme cases, would have the ability to mount a cyber attack in response to invasions on UK networks. The report also claimed that a cyberattack against government networks and critical infrastructures can lead to physical damage and even death. Dave DeWalt, chief executive at McAfee added that today the weapons are not nuclear, but virtual, and every person must be in-the-know of these threats.

Next, the report mentioned that in most developed countries, critical infrastructure is connected to the Internet and do not have proper security functions. This fact makes them a huge target for cyberwarfare. Therefore, installations are left to be affected. The report set up on contributions by more than 20 international relations experts, needs a public debate on cyberwarfare on how to control this new model of conflict. It was added in the report that without insight into the government’s cyber-defence strategy, the private sector cannot be proactive and take suitable precaution, the report said.

McAfee declared that they hope this screen of secrecy around cyberwarfare needs to be risen. In addition, important questions, such as where to draw the line between cyber-espionage and cyber-war should be discussed. The report concluded that the consent of some nations to examine their cyber powers on others may indicate the beginning of a cyber cold war. If a major cyber conflict between nation states were to occur, the private sector could get caught in the crossfire.

It was notified on the Internet that Google’s much-anticipated operating system, Chrome OS, is going to come for download even this week! Is it rumors or is it truth? We’ll see.

What we could do is only to wait. When Google reported its early version of new OS last fall, the company said they would open source the code for Chrome OS ‘later this year’. Google also told that netbooks running Chrome OS wouldn’t be accessible for end users until the second half of 2010.

Four months have passed from Google’s disclosure that it is getting into the PC operating system game which would put them in a direct paths against Microsoft and Apple. Michael Arrington from TechCrunch says that a version of the Chrome OS will come with a limited collection of hardware drivers ‘within a week’. TechCrunch also said that Google has PC manufacturers working on hardware driver support, and mentions that at first, the software may only run on a limited set of PCs. This is the second rumor saying an early release of Chrome OS was forthcoming.

At that time, Google also said that the Chrome OS code would be ‘open sourced’ later this year. So the supposed Google’s Chrome OS release would clash with the original timeline. According to PC World, open source code is not the same as a ready-for-prime-time product. Google’s OS hardware partners on the project involve Acer, Adobe, ASUS, Freescale, Hewlett-Packard, Lenovo, Qualcomm, Texas Instruments, and Toshiba. Although it’s still not clear what PCs are going to be supported when the OS is maybe made available this week. TechCrunch speculates that the first public version of the OS would run on EEE PC netbooks.

What’s going to happen this week is that Google would make good on its promise and release the Chrome OS source code to developers. However, that doesn’t certainly imply the average person could download these files and get the OS up and running. Source code is just a collection of text files intended for software developers to tinker with. To get the source code to work as a computer program, a user needs a compiler that brings all the source code together and turns it into something a user’s computer can, in fact, start up.

On a netbook, Chrome OS may be satisfying for offering mobile functionality. On a desktop, Chrome OS may turn a PC into a glorified terminal, dependent on the Internet for almost everything the user does on it. Google has said earlier Chrome is intended to be lightweight and get users connected to cloud applications quickly. The company pretends to think that cloud apps will become prevalent and will not need a very powerful PC to run them. Therefore, Google is building a very lightweight browser that is Chrome, to run up on what amounts to an inserted operating system that is Chrome OS, running on netbooks to be issued in 2010.

Google Chrome OS represents a new computing model and may even change users’ perception of operating systems and security. Its importance depend upon how widely and quickly cloud applications get to the center stage, what trade-offs customers are ready to make, and most essentially, what Chrome OS actually proves out to be. Google’s Chrome operating system could mark a turning point in the computer world. Still, there are many questions left. Rumors are the OS will be issued to developers this week. Most likely that will answer some questions but probably they will raise even more.

If Google will only release source code and not actual builds of the Chrome OS, getting it to work would probably make it unavailable for most users. It is good to know that Google has already released a developer build that users can just download and install the easy way. Developers may soon get a new Google’s Chrome OS, while other users may have to wait for a while.

The first security update, released on Monday, refers to Mac OS X Leopard and Snow Leopard. The second update, issued on Wednesday, goes to a new version of Safari Web browser, available for Mac, PC, and iPhone operating systems. The newest update deals with a lot of security threats, such as remote code execution, system crashing and information disclosure bugs, Apple explained in its advisory. Both the Mac OS X and Windows versions of Safari need to be updated to version 4.0.4.

The freshly released Safari 4.0.4 stops up what seems to be like moderate-to-severe security issues. Differently from rivals Internet Explorer, Firefox, and Chrome, Apple doesn’t rate the severity of its security flaws. Malicious XML, FTP and ColorSync profiles embedded in images and in the WebKit engine, the open-source foundation of Safari, could be created to crash or exploit Windows and Mac versions of Safari on the opened Web sites.

Using shortcut menu options within a maliciously crafted Web site could have led to unsuspected network security threats, such as local information disclosure and arbitrary code execution, when other maliciously written websites are visited. Only Windows versions of Safari are prone to the embedded image color profile deceit, while an exploit that could enable email to distantly access audio and video content when loading a remote image impacts Macs only.

Of the seven flaws that Safari 4.0.4 blocks, six affect the little-used Windows version of the browser, six influence Mac OS X 10.4, aka Tiger, however, only three apply to Mac OS X 10.5 and 10.6, Leopard and Snow Leopard, respectively. Although in contrast to the operating system security update released on Monday, which didn’t provide patches for Mac OS X 10.4, Wednesday’s upgrade involves users, who run Safari on that 2005 operating system. Apple traditionally stops deliver security updates for its oldest still-supported OS several months after the issue of a new edition, but evidently will further support Safari on Tiger.

Safari 4.0.4 for Windows or Mac can be downloaded from Apple’s website. Active users of the Safari browser can get the new version by running Software Update on the Mac or the bundled Apple Software Update on Windows. Safari 4.0.4 also enhances JavaScript performance. If SunSpider JavaScript Benchmark is run, Safari 4.0.4 is 1.08 times as fast version 4.0.3 overall, with considerable growths in many tests. The final and most important thing to note is that Safari 4.0.4 does not damage ClickToFlash. The last security update Safari received was in mid-August, when Apple fixed six security issues, four of them critical.

A new version of the notorious Koobface (W32/Koobface) worm does this automatically.

Koobface is a computer worm that is programmed to propagate through social network sites like Facebook, Twitter and MySpace. The new version that inspired this security article has some new fuctionality, and automatically performs actions like:

• Setting up accounts on Facebook.
• These accounts have characteristics that seem legitimate, like date of birth, favorite books or pictures.
• The accounts’ details vary for every account that is set up.
• Confirming that an email address from Gmail is correct (used to be able to activate the Facebook account).
• Joining random Facebook groups.
• Adding other Facebook users as friends.
• Posting messages to the new friends’ Facebook walls.

With all this functionality it naturally makes it harder to determine that it is an automatic malware impersonating a human, and not a real person.

The new Koobface variant is yet another example of the fact that malware is getting increasingly sophisticated. Typical malware usually sends out malicious emails using email addresses found on the infected computer.

The email recipient trusts emails sent from a known person, but the Koobface worm will often produce somewhat bizarre side effects, like an email with content in another language.

Another technique used by Koobface is not attempting to impersonate a real person, but to rather create a fictitious person. The strange thing is attempts to investigate the sender will result in finding information that seems to some almost legitimate.

Malware writers are clearly making it a priority to refine the art of creating variations for identity production. If one looks at it from the malicious persons’ point of view, it is smart to be in the forefront among those using this technique; before the common users get better equipped to distinguish between communicating with a real person and a computer generated one.

Be weary of this and expect to see more examples of malware using variants of this technique in the future.

It was revealed that a trick worm is spreading over jailbroken’ iPhones in Australia. Additionally, at the end of last month, a proof-of-concept (PoC) application was issued that allows a hacker to distantly activate a BlackBerry microphone and listen in on surrounding conversations and sounds. There haven’t been such widespread and active attacks on mobile devices for a long while, but now, it is expected that they are going to grow rapidly.

In return to the rising danger of smartphone malware, researchers at Georgia Tech are planning to study mobile device security and finally plan to discover a method to distantly fix affected devices. They have gotten a $450,000 NSF grant to improve security of iPhones, BlackBerries and other smartphones and the wireless networks on which they are running. The researchers are focusing on the ways wireless service providers such as AT&T and Verizon can detect malware on devices and clean up the devices before they do more harm.

The Georgia Tech’s researchers are looking back on those events with mobile devices in that they indicate that malware creators have mainly forgot about cellphones that were specialty devices. However, attackers have already got their sight on smartphones based on more general computer operating systems. The researchers say that a big problem is that, smartphones usually aren’t implemented with antivirus software and other such computer security programs.

According to Jonathon Giffin, an assistant professor at Georgia Tech’s School of Computer Science, researchers are going to create a cellular network test bed on campus to try out its remote repair methods. They would enable service providers to clean malicious code off on a vulnerable device with little or no relationship with the end user. The remote repair technique might be the same as remote wipe technologies that are used currently to clear all the data off a mobile device that has gone missing. Such methods might require disable some of the phone’s functionality temporarily, like the ability to download apps.

For all the reasons mentioned above, the researchers have taken the carriers for their target in a striving to break down on mobile device security. Patrick Traynor, assistant professor at Georgia Tech’s School of Computer Science has talked to a lot of major carriers about the project and said that there is a sense of excitement all around. He added that they need to elaborate solutions today so they are ready when these widespread attacks appear. The researcher concluded that one of the signs of their design is to use the network itself to discover attacks.

If a password is easy to remember for the owner, sadly it would be easy to guess for an attacker as well.

If a password is more complex, that is when it includes a mix of uppercase and lowercase letters and digits, it would undoubtedly be harder for a hacker to crack it. Password requirements for users differ in various sites but in most cases ’secret/prompt questions’ are involved. Have you ever thought about strength of such type of passwords?

Users may often be asked a variety of simple ‘prompt questions’ such as ‘Where were you born?’, ‘What is your mother’s maiden name?’ or ‘What street did you grow up on?’ for ID verification before a password reminder is sent out. After all, it emerges that answers to these questions are not so secure because it may not be so hard for other people to predict them. So, what could be done to make the passwords stronger? At first, for answers to be more complicated for hackers to guess, the questions should be made to be difficult in the first place.

Computer scientists at Rutgers University in the United States have announced a system to enhance ’security/prompt-question’ online security when online shoppers forget passwords. Scientists state they are six months away from writing code that would protect passwords from being identified. According to assistant professor of computer science in the Rutgers School of Arts and Sciences Danfeng Yao, it is well-known that security questions are not very safe and easily predictable. Yao is a leader of a team of scientists who are developing an ‘activity-based personal questions’ approach to security questions. Websites could ask a user, ‘When was the last time you sent an e-mail?’ or ‘What did you do yesterday at noon?’ Dynamic questions would be much harder for attackers to suspect.

Once a computer scientist said she gave students in her lab some questions associated with network activities, physical activities and opinion questions, and then asked them to ‘attack’ each other. Security experts say that ’security questions’ serve a real security threat and need to be renewed with questions that continually change according to a user’s digital history. That’s because this information would be harder to gain and it is less widely available. Traditional ’security questions’ are fixed and long-lived and do not usually change, so a user’s answers may be collected or presumed by people around the user.

A 1990 study discovered that people were able to predict email password of someone else 17 percent of the time. Spouses were able to guess the password 33 percent of the time. Another problem is that people are likely to forget their passwords and have to revert to answering a ’secret question’, which is also often easy to guess. Yao tells memory has not been an issue when ‘activity-based’ questions were tried on her students. Yao also says they are presently developing a prototype system which is expected to be finished and available by May 2010. She concludes that the system includes both server-side and client-side components, so they need to accomplish a considerable amount of testing on both security and memorability before they offer their result to the market.

On Tuesday, software giant Microsoft released six security bulletins repairing upwards of 15 vulnerabilities within Windows and MS Office. The bulletins include a critical patch for holes in the Windows, Windows Server and Microsoft Office components that could enable a hacker to take control of a vulnerable computer. Three of the bulletins are rated ‘critical’ and another three are rated ‘important’.

For one of the critical bulletins, affecting the Kernel-Mode Drivers, Microsoft recommends take as a priority is the most important patch, MS09-065. The Windows kernel vulnerability could be used to create a Web page or MS Office document with a malicious Embedded OpenType (EOT) font produced to exploit the remote code on systems that visit the page and view the EOT font. The patch is labeled ‘critical’ for Windows 2000, XP and Server 2003, and ‘important’ for Vista and Server 2008. Proof-of-concept code already is publicly available to start drive-by attacks. Microsoft states that consistent exploit code is expected.

The two other critical patches fix flaws in Web Services on Application Programming Interface (WSDAPI) and in License Logging Server. Two bulletins repair vulnerabilities in the way that Windows Vista and Windows Server 2008 search for connected devices such as cameras and printers that could be used by attackers to install malicious software programs. These particular vulnerabilities set a risk of remote code execution if a user opens a malicious Excel or Word file.

By using the vulnerability in WSDAPI, a malicious packet sent across the network could produce the flaw, but the attacker would have to be on the same local subnet, and then most likely only if the affected system is not protected by a firewall. With the help of the flaw in License Logging Server, a vulnerable system could be corrupted by a malicious network message, but differently from the WSDAPI vulnerability, an attack against this flaw wouldn’t have to be initiated from the same local subnet.

Software affected by the patches involve: Windows 2000, XP, Server 2003, Vista, Server 2008, Office XP, Office 2003, 2007 Microsoft Office System, Office 2004 for Mac, and Office 2008 for Mac. For now, Windows 7 and Windows Server 2008 R2 are not affected by these vulnerabilities. Therefore, users can stay calm at least for a while. Updates are available through Automatic Updates or through the Windows Update Website.