Gmail as a spam engine

This is not good. Researchers from INSERT found a vulnerability in the Gmail engine that could allow spammers to forward mail through Google, thereby bypassing blacklists and being accepted by whitelists. It works by using the same forwarding features that allow users, myself included, to forward their email through Gmail. The worst part of this is that it also bypasses Gmails 500 recipient limit for any email, though that part should be easy to fix. I hope.

INSERT has been courteous enough to omit a fair amount of the details of the vulnerability, but I think there’s enough general information in the notification that spammers will be able to figure it out soon if Google doesn’t act even faster than the bad guys. Given Google’s track record and the sneaking suspicion that Google was given advance warning of the vulnerability, I’m hoping Gmail can be made secure fairly quickly.

I’ll be interested to see what we hear on this over the next couple of weeks on the Full Disclosure/No Disclosure argument. Did INSERT give Google some warning or did they post this as soon as it was written up? How did Google react? Did Google take the Micorosoft stance of quietly taking the research and fixing the hole before anyone notices? Or did they take the Apple/Cisco approach and threaten to sue INSERT into non-existance? I’m hoping for the former.

Just goes to show you, even the best built, least offensive features in software can be subverted if you put enough brain power into solving the problem.

Source: Network Security Blog

Posted in Internet, Privacy, Security | No Comments

Hackers Find a New Place to Hide Rootkits

Security researchers have developed a new type of malicious rootkit software that hides itself in an obscure part of a computer’s microprocessor, hidden from current antivirus products.

Called a System Management Mode (SMM) rootkit, the software runs in a protected part of a computer’s memory that can be locked and rendered invisible to the operating system, but which can give attackers a picture of what’s happening in a computer’s memory.

The SMM rootkit comes with keylogging and communications software and could be used to steal sensitive information from a victim’s computer. It was built by Shawn Embleton and Sherri Sparks, who run an Oviedo, Florida, security company called Clear Hat Consulting.

The proof-of-concept software will be demonstrated publicly for the first time at the Black Hat security conference in Las Vegas this August.

The rootkits used by cyber crooks today are sneaky programs designed to cover up their tracks while they run in order to avoid detection. Rootkits hit the mainstream in late 2005 when Sony BMG Music used rootkit techniques to hide its copy protection software. The music company was ultimately forced to recall millions of CDs amid the ensuing scandal.

In recent years, however, researchers have been looking at ways to run rootkits outside of the operating system, where they are much harder to detect. For example, two years ago researcher Joanna Rutkowska introduced a rootkit called Blue Pill, which used AMD’s chip-level virtualization technology to hide itself. She said the technology could eventually be used to create “100 percent undetectable malware.”

Read the rest of the story…

Posted in Hardware, Internet, Privacy, Security | No Comments

Microsoft To Release Office 2007 SP1 Via Automatic Update In June

Microsoft plans to release Office 2007 Service Pack 1 via the company’s automatic update service starting June 16.The advanced announcement is a result of the software maker’s promise to give at least a 30-day notice before making Office service packs available through Microsoft Update, which is a part of Windows Vista and Windows XP, the company said in its Office Sustained Engineering blog.

Microsoft released Office 2007 SP1 five months ago as a download on the company’s Web site. Over that time, Microsoft claims to have had 10s of millions of downloads and “a very good reaction” from customers.

Microsoft said the automatic update would be rolled out gradually to ensure that the service’s infrastructure can handle distribution of the software. “Think of the 16th as the earliest possible start of distribution and that no sooner than that date will SP1 start to become available to customers’ systems via this channel,” the company said.

The strategy of rolling out service packs in phases give the market plenty of time to evaluate the software and gives Microsoft time to address specific customer concerns, the company said. Microsoft used the same strategy with service pack 3 for Office 2003.

Among the new technologies in Office 2007 is a controversial new document format called Office Open XML, which was approved last month as an open standard by the International Organization for Standardization.

The ISO’s action sparked an outcry from critics who claimed Microsoft stuffed local voting committees with supporters of OOXML, an allegation the company denies. The ISO said 75% of its member nations voted to approve OOXML as a standard, 14% voted against the format while the rest abstained, the ISO said.

Read the rest of the story…

Posted in Software, Windows | No Comments

Phishing Campaign Targets Tax Rebate Checks

The Internet Crime Complaint Center (IC3) on Thursday issued a warning about a phishing campaign designed to steal personal information from consumers using the promise of a tax rebate check as bait.IC3 is jointly run by the Federal Bureau of Investigation, the National White Collar Crime Center, and the Bureau of Justice Assistance.

The phishing messages claim that the fasted way to receive one’s economic stimulus tax rebate is through direct deposit. They include a Web link to an online submission form designed to steal submitted information from those fooled into believing that providing personal data will hasten the arrival of their tax rebate.

The IC3 includes a sample phishing message that purports to be from the Internal Revenue Service. It warns recipients that failure to submit information by May 10th may delay the promised funds.

In fact, the IRS is sending economic stimulus payments out to about 130 million U.S. households this month, ranging from $300 to $1, 200. But it’s not sending anyone e-mail offering to hasten delivery through direct deposit of the funds.

“Consumers are advised that the IRS does not initiate taxpayer communications via e-mail,” IC3 warns. “In addition, the IRS does not request detailed personal information via e-mail or ask taxpayers for the PIN numbers, passwords, or similar secret access information for their credit card, bank, or other financial accounts.”

Furthermore, IC3 advises against opening e-mail from unknown senders or clicking on links in such messages.

According to the Anti-Phishing Working Group, 29,284 unique phishing reports were submitted to the organization in January, an increase of more than 3,600 from the previous month.

Read the rest of the story…

Posted in General BS, Privacy, Security | No Comments

Windows Vista More Vulnerable To Malware Than Windows 2000

Microsoft’s Vista operating system is more susceptible to malware than Windows 2000, and though it’s 37% more secure than Windows XP, it’s still too vulnerable.That’s the contention of security vendor PC Tools, which has a financial interest in the vulnerability of Microsoft’s software.

“Ironically, the new operating system has been hailed by Microsoft as the most secure version of Windows to date,” said Simon Clausen, CEO of PC Tools Software in a statement. “However, recent research conducted with statistics from over 1.4 million computers within the ThreatFire community has shown that Windows Vista is more susceptible to malware than the eight year old Windows 2000 operating system, and only 37% more secure than Windows XP.”According to statistics gathered from users of PC Tools’ ThreatFire security service, Vista let 639 threats per thousand computers through, compared to 586 for Windows 2000, 478 for Windows 2003, and 1,021 for Windows XP.

ThreatFire is an anti-malware system that tries to block malicious software based on its behavior rather than by signature matching.

Given an infection rate of 639 per 1,000 PCs, almost 64% of Vista users should have compromised machines.

Michael Greene, VP of product strategy for PC Tools Software, said that the malware identified had “gotten to the desktop and to the point of doing something bad.” He said that he didn’t have the ThreatFire data immediately accessible but said that presumably some of the monitored machines also had third-party anti-virus software that missed the malware.

That tendency, the inability of signature-based anti-virus systems to keep up with auto-generated malware variants, is the reason PC Tools developed ThreatFire, Greene explained.

Read the rest of the story…

Posted in Internet, Privacy, Security, Windows | No Comments