How your cold explains network intrusion

July 2, 2008 – 6:02 AM

With the cold an flu season most definitely upon us, there is much that the common cold can show us about network intrusion and what can happen once a single compromise has taken place.

As you sniffle and blink your way through this article, think of how your computer responds to malware or directed attack. If the system is healthy and well protected, much as a healthy person is protected by their immune system, then an attack has a much reduced chance of succeeding (and you have a much reduced chance of getting a cold). You and your system can happily perform at pretty much your full levels of performance.

This will hold true up to a point. If you constantly leave yourself exposed to conditions that encourage development of a cold, and if you constantly leave your systems exposed to risk of compromise, then sooner or later you will have a cold and a compromised system. Active defenses will help keep you and your systems from getting sick and they are valid measures to delay or completely avoid the onset of a cold/compromise.

If your computer system is not as well protected, it is like a person with a weakened immune system – both are more likely to contract infection when faced with the same risks that a healthy system and person will not succumb to.

Source:
http://www.networkworld.com/news/2008/070108-how-your-cold-explains-network.html?fsrc=rss-security

Five critical patches for Firefox 2

July 2, 2008 – 6:00 AM

The Mozilla team has fixed a total of twelve security problems in its new version 2.0.0.15 of Firefox. Five are classed as critical, i.e. could allow the injection of external code. The development team has not yet revealed the details behind each patch – the links to the specific bug descriptions currently lead nowhere.

The Mozilla team is recommending all users to switch to Firefox version 3, but will continue to release security and stability updates for the still widely-used predecessor version until mid-December 2008. Heise’s browser statistics for the first two days of July show that although Firefox 2 still has a 25 per cent share, it has already been overtaken by Firefox 3 with a 32 per cent share.

Source:
http://www.heise-online.co.uk/news/Five-critical-patches-for-Firefox-2–/111036

Trojan lurks, waiting to steal admin passwords

July 2, 2008 – 5:56 AM

Writers of a password-stealing Trojan horse program have found that a little patience can lead to a lot of infections.

They have managed to infect hundreds of thousands of computers, including more than 14,000 within one unnamed global hotel chain, by waiting for system administrators to log onto infected PCs and then using a Microsoft administration tool to spread their malicious software throughout the network.

The criminals behind the Coreflood Trojan are using the software to steal banking and brokerage account usernames and passwords. They’ve amassed a 50GB database of this information from the machines they’ve infected, according to Joe Stewart, director of malware research with security vendor SecureWorks.

“They’ve been able to spread throughout entire enterprises,” he said. “That’s something you rarely see these days.”

Since Microsoft shipped its Windows XP Service Pack 2 software with its locked-down security features, hackers have had a hard time finding ways to spread malicious software throughout corporate networks. Widespread worm or virus outbreaks soon dropped off after the software’s August 2004 release.

But the Coreflood hackers have been successful, due in part to a Microsoft program called PsExec, which was written to help system administrators run legitimate software on computers across their networks.

Source:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9105878&source=rss_topic17

PINs stolen from Citibank ATMs

July 1, 2008 – 7:48 PM

We all worry about keeping our online passwords safe from prying eyes. But now our faith in ATM PIN codes is being shaken.

Three people face charges in federal court in New York for allegedly breaking into Citibank’s ATM network inside 7-Eleven stores and stealing PIN codes, according to court filings reported on by The Associated Press on Tuesday.

The alleged thieves made off with about $2 million between October 2007 until March of this year. Officials believe they remotely broke into the back-end computers that approve cash withdrawals and grabbed the PINs as they were being transmitted from the ATMs to the transaction processing computers, which increasingly use Windows, the report says.

Source:
http://news.cnet.com/8301-10784_3-9982500-7.html?part=rss&subj=news&tag=2547-1009_3-0-20

SSDs save battery power, right? Wrong!

July 1, 2008 – 2:01 PM

If you just shelled out some pretty pennies for the a high-speed, low-power SSD, Tom’s Hardware may have stumbled onto some findings that won’t sit well. According to a rigorous benchmarking session, they discovered that not only do the drives not save you battery power… they eat more of it. How is this possible you ask? Well mechanical drives only hit peak drainage when the actuator has to move the heads, whereas SSDs use full power whenever they’re in use, so the end result is actually a diminished efficiency. What that means is that the hype over “green” drives may be just that: pure hype. On the other hand, you’re still getting a drive with no moving parts, which at least makes your data more secure, if not more eco-friendly.

Source:
http://www.engadget.com/2008/07/01/ssds-save-battery-power-right-wrong/