Wireless Security Gets Boost From New Round of Products

Wireless security vendors used last week’s conference here to showcase both the problems and solutions in controlling access to wireless voice and data.

AirTight Networks launched SpectraGuard Online, touted as wireless security’s first manifestation of the software-as-a-service (SaaS) model that more vendors — and a few cyber criminals — are using. 

In addition, Alcatel-Lucent added partners to its OmniAccess 3500 “ecosystem” for safeguarding laptops wirelessly. And RSA Labs showcased an innovative wireless authentication scheme to keep mobile handsets secure.

Just how bad is the problem of wireless insecurity? Vendor AirDefense made a welcome change-up to the tired tradeshow stunt of identifying local, low-flying vulnerabilities. Instead, AirDefense surveyed the wireless security of more than 1,000 Bay Area entities, and assigned grades for four industry categories.

The highest grade, a “B-” went to the transportation sector; retailers earned a “C+”; finance got a “C-” and government brought up the rear with a “D”.

The biggest problem was poorly protected wireless access points (APs); of the 4,606 APs detected, about 22 percent lacked good security, AirDefense said. “In government, an alarming 72 percent of APs and in finance 67 percent of APs were unencrypted or using WEP,” which has proven to be easily hacked, according to the vendor.

Read the rest of this story…

Posted in Hardware, Internet, Networking, Security | No Comments

‘Pro-Tibet’ Rootkit Attacks Windows PCs

A cartoon that ridicules the efforts of a Chinese gymnast at the Olympic games is the latest ploy used by cyber-criminals to infect Windows PCs, according to McAfee Avert labs.

While the movie files, which show the cartoon followed by images supporting a free Tibet, are playing, a keystroke logging tool, hidden by a rootkit, is installed onto the user’s PC.

McAfee Researcher, Patrick Comiotto, said: “This is a pro-Tibet Rootkit. What looks like a simple Flash movie actually silently drops a number of files onto your PC and then hides those files.”

This is second Olympics-related virus in seven days. The ‘Fribet’ Trojan horse was placed on hacked websites and subsequently loaded onto the PCs through a Windows vulnerability.

Dave Marcus, security research and communications manager at McAfee Avert Labs, said: “Cybercrooks are increasingly taking advantage of the high general interest in the Olympic Games to trick people into giving up personal information or to load malware onto their PCs. If you want to watch the Olympic Games it is better not to do it by opening a file that appears to be a movie that comes in e-mail.”

Source: PC World

Posted in Internet, Privacy, Security | No Comments

Hacker releases working GDI-bug attack code

Security researchers on Monday spotted malicious code that triggers a critical vulnerability in the Chinese version of Windows 2000, and warned users of other editions to expect attacks.

Symantec confirmed that the proof-of-concept code publicly posted to the milw0rm.com site earlier in the day successfully attacks Chinese editions of Windows 2000 Service Pack 4 (SP4) by exploiting one of the two critical bugs in Windows GDI, or graphics device interface, that Microsoft patched last week.

But while the attack code works on Chinese versions of Windows, it doesn’t when pitched against other editions. Rather than allow hackers to execute additional code — malware to hijack the PC, for instance — the exploit simply crashes Explorer, the Windows file manager, on non-Chinese versions of the OS.

“This exploit will not successfully allow for remote code execution against English systems [but it] can successfully trigger a crash on English versions of Microsoft Windows,” Symantec wrote in an analysis for customers of its DeepSight threat notification service.

The news followed reports by Symantec last Thursday that it had captured an exploit. Analysis then, however, determined that the attack — made up of multiple EMF (Enhanced Metafile) images disguised as .jpg files — wasn’t crafted properly and wouldn’t actually trigger the vulnerability.

Read the rest of this story…

Posted in Coding, Internet, Security, Windows | No Comments

Crack Rar, 7z, and zip files with RarCrack in Ubuntu Linux

Ever run into the problem where you created a password protected zip/rar file and you forgot the password or accidentally deleted it? Or just dont know the password at all? Well I have come across a nice solution for cracking zip/rar files. Its called rarcrack, If you forget your password for compressed archive (rar, 7z, zip), this program is the solution.

This program uses bruteforce algorithm to find correct password. You can specify which characters will be used in password generations.

Source: Ubuntu Unleashed

Posted in Internet, Linux, Privacy, Software, Windows | 1 Comment

Do a Cloud Scan for Malware and Try for a Prize

Is your PC infected with malware? Panda Security says it is, and they’re putting their money where their mouth is. Submit to their free online scan and be found totally malware-free, and your company could bring in a cool $7,500. Or, if you’re a consumer and you clear the scan, you might win an iPod nano.

Sound too good to be true? I took the challenge and, unfortunately, I brought home no iPod trophy. Happily nothing serious was located, but the scan did locate more than 100 tracking cookies I thought I had already deleted. (There are two scan options: one takes a few minutes, the other a few hours.) The bigger point, though, is that “malware” can have a fairly broad definition.

Ryan Sherstobitoff, who serves as Panda Security’s chief corporate evangelist, told us that the free scan offering, ActiveScan 2.0, came about after the company noticed the extent to which consumers and small businesses were infected with malware major and minor.

Alarming Research

The company did what Sherstobitoff calls “alarming research” on 1.5 million PCs. “We found that 23 percent had active malware even though they had paid money to be protected against these types of threats” to well-known antivirus vendors. “According to our data, it’s quite likely that someone’s going to be infected with something that’s currently undetected by current software.”

Read the rest of this story…

Posted in Internet, Privacy, Security, Software | No Comments