I can’t copy and paste anything but it explains how the latest intel “Security” addons aren’t secure at all….they make it trivially easy for your system to be hardware rooted..making it impossible for you to regain control of your system.
Intel Small Business Advantage is a security nightmare | SemiAccurate.
…………….. let’s look closely at the facts around the Flashback Trojan causing all this consternation, and clear up what it is versus what it is not, and put the results of the incident in perspective.
Yes it’s true that some 600,000 Macs are confirmed to have been infected. The claim, first made by Dr. Web, an outfit I had never heard of, has since been corroborated by Kaspersky Labs, whose research and analysis capabilities are well-respected. More than half of the compromised machines are in the U.S., 95,000 in Canada, 47,000 in the U.K., and 41,000 in Australia.
The trojan targets a vulnerability in software that is not even an Apple product: Java. You’ll recall that Java is add-on software created by Sun Microsystems and now the property of the software giant Oracle. Rather common, it is no longer shipped as a default add-on to Apple’s Mac OS X beginning in 2011, when Apple first shipped Lion.
Through this hole in Java, certain Web sites are serving up malicious Java applets. Once inserted on the machine, the software then prompts the user to enter the password they use to run the machine. It attempts to trick the user by appearing as an update to Adobe’s Flash video and animation software.
If the user doesn’t fall for the trick, it tries something else. Here again it checks to see if there are any Microsoft Office applications on the machine, or Skype. If there are, it deletes itself.
Then it does something interesting. It scans the contents of the Mac’s hard drive to determine if certain applications are present, and if they are, it deletes itself. Among those applications are security tools such as Little Snitch, a networking security tool, or Packet Peeper, another security tool. It also deletes itself if it sees the user has installed XCode Mac developers tools, and any kind of anti-virus software.
Presuming it finds none of them, it proceeds to contact a command-and-control server for the purpose of downloading and installing more malware. That malware is being used to commandeer the Macs and generate Web traffic to boost revenue for some pay-per-click ads on Web sites, making money for someone who’s behind the scheme. Nothing surprising there.
Apple has issued a fix to Mac OS X that closes the hole in Java, and you can protect yourself by running Software Update from within your machine’s System Preferences. Today would be a good day to do that if you haven’t already. Once you’ve done this you’re no longer vulnerable to the attack.
If you’re among the 600,000 already compromised you can turn to third parties to help you remove it. F-Secure has some instructions here for determining if your machine is affected. If you’re comfortable running some commands in the Mac’s terminal program, there are also some good instructions here at ArsTechnica.
So what does all this say about the state of security on the Mac? Nothing that wasn’t true already. No system is perfectly secure, and this, along with MacDefender, amounts to exactly the second security incident worth mentioning to hit the Mac in about a year. The number of machines affected is less than 1 percent of the 63 million Macs currently in use around the world.
The conventional wisdom has often held that Macs are targeted by malware less often than Windows machines because of their relatively small market share. This still has some merit, but the fact is that Windows is also where the vulnerabilities are. Historically, Mac OS X has been substantially less vulnerable to this sort of thing than Windows.
Does that let Apple off the hook entirely? No, though to its credit, Apple had a fix ready within a week of learning of this vulnerability. That’s not exactly a pokey response, especially when the problem lies not directly within Apple’s software, but in Oracle’s.
via What’s This? A Mac Virus? No Actually It’s a Weakness in Java. – Arik Hesseldahl – News – AllThingsD.
Let’s get one thing straight. The media, as usual, is not only blowing this out of proportion but also not keying on the right part of the problem. This is not a Mac issue but a java problem. Java had and exploit(java itself has become an exploit…much like activex..but worse) that apple didn’t patch as quickly as oracle(the developer of java). Keep in mind that OSX Lion does not contain java so only folks who forever whatever reason can’t or won’t run the latest Lion release were the only ones vulnerable. Frankly I banished java from my network a looooong time ago…as the amount of websites that require it for proper operation aren’t enough to even bother with. How to NOT get infected? uninstall Java..never install it in the first place.
Security vs convenience. They are inversely proportionate. Current smartphones.. especially Iphones are very porous. Easy solution..everything runs over wpa2 and ssl or both. this requires work though and folks are adverse to this. In short you are going to have to manage your smartphone just like you manage your computers. Smartphones are a bigger problem for your data than modern computers are as smartphones have not caught up to the security levels of pc/servers yet.
As a security professional who gets paid to hack into high-value networks, Mark Wuergler often gets a boost when his targets use smartphones, especially when the device happens to be an iPhone that regularly connects to Wi-Fi networks.
That’s because the iPhone is the only smartphone he knows of that transmits to anyone within range the unique identifiers of the past three wireless access points the user has logged into. He can then use off-the-shelf hardware to passively retrieve the routers’ MAC (media access control) addresses and look them up in databases such as Google Location Services and the Wireless Geographic Logging Engine. By allowing him to pinpoint the precise location of the wireless network, iPhones give him a quick leg-up when performing reconnaissance on prospective marks.
“This is interesting on a security level because I’ll know where you work, I’ll know where you live, and know where you frequent,” Wuergler, who is a Senior Security Researcher for Miami-based Immunity Inc., told Ars. “If the last access point you connected to was your home, for example, I’ll know right where to go to get to you later or get to your data. If I’m an attacker that wants to break into your company, this becomes a disclosure that an attacker isn’t going to pass up.”
The exposure of MAC addresses extends not only to iPhones, but to all Apple devices with Wi-Fi capabilities, he said. It means that whenever the wireless features are enabled and not connected to a network—for instance, during a brief encounter at a Starbucks—they broadcast the unique identifiers, and it’s trivial for anyone nearby to record them. Wuergler speculates the behavior is a feature designed to automate configuration for networks users regularly access.
snip…..
In many respects, Stalker is a dramatic example of the risks posed by today’s smartphone, which was designed with speed and utility as its chief selling points.
“It’s widening all of the attack vectors that I can use against you,” Wuergler said. “All of the conveniences that are being extended to you are also being extended to an attacker, just making it easier for identity thieves and corporate attackers.”
He said the best advice for people concerned about smartphone security is to limit the kinds of personal information they entrust to their devices. Users can also benefit by turning off their device’s Wi-Fi as much as possible.
“I do use my phone on wireless networks, but I don’t store a lot of personal data on my phone,” he said. “If you put your personal data on there, you don’t even need to be connected to a wireless network for me to be able to break into your phone.”
via Loose-lipped iPhones top the list of smartphones exploited by hacker.
This means AVG if out of my recommended products until they change this policy. If you want honest anti-malware protection contact ECC for my recommendations. if you are a current client and using AVg or avast contact ECC before you contact this vendor.
A call to the support number listed on Avast’s site put me through to a technician named Kishore Chinni; I told Mr. Chinni that I had just installed a copy of Avast, but that I couldn’t be certain it was updating correctly. He asked for a phone number and an email address, and then said the first thing he needed to do was take remote control over my system. He directed me to use Internet Explorer to visit a Web site that requested permission to install two ActiveX add-ons. Those add-ons installed a remote control client called Bogmar Support.
Chinni asked if I had previously installed any antivirus software, and I said I wasn’t sure (I hadn’t). He then fired up the Windows Registry Editor (regedit), poked around some entries, and then opened up the Windows System Configuration Utility (msconfig) and the Windows Event Viewer. Chinni somberly read aloud a few of the entries in the event viewer marked with yellow exclamation points, saying they were signs that my computer could have a problem. He then switched over to the “services” panel of the system configuration tool and noted that the “manufacturer” listing next to avast! antivirus read “unknown.”
“When it says unknown like that, these are warnings that there could be an infection running on the computer,” Chinni explained. He proceeded to install an iYogi “tune up” tool called PCDiagnostics, which tool about 60 seconds to complete a scan of my system. The results showed that my brand new installation of Windows had earned a 73% score, and that it had to detected 17 registry errors and a problem with Windows Update (this was unlikely, as I had already enabled Windows Update and Automatic Updates before I made the support call, and had installed all available security patches). Chinni explained that the “antispyware” warning generated by the PCDiagnostics scan was an indication that a previously installed security software program had not been cleanly removed and was probably causing problems with my computer.
He said another technician could help me with these problems if I wanted. When I inquired whether it would be free, Chinni told me that the company sells support packages for one- to three-year durations, and that the starting price for a support package was $169.99…..
Unfortunately, Avast is not the only security and antivirus firm that has outsourced its support to this company. iYogi also is the support service for AVG, probably Avast’s closest competitor.
Update your machines now. If you are running a server with rdp exposed first firewall it off the internet then use another actual secure vpn to get to that server and update. I would then never allow rdp direct access to the net again.
Microsoft has plugged a critical hole in all supported versions of Windows that allows attackers to hit high-value computers with self-replicating attacks that install malicious code with no user interaction required.The vulnerability in the Remote Desktop Protocol is of particular concern to system administrators in government and corporate settings because they often use the feature to remotely trouble-shoot e-mail servers, point-of-sale terminals and other machines when they experience problems. RDP is also the default way to manage Windows machines that connect to Amazons EC2 and other cloud services. That means potentially millions of endpoints are at risk of being hit by a powerful computer worm that spreads exponentially, similarly to the way exploits known as Nimda and Code Red did in 2001.”This type of vulnerability is where no user intervention or user action is required and an attacker can just send some specially crafted packets or requests, and because of which he or she can take complete control of the target machine,” Amol Sarwate, director of Qualys vulnerability research lab, said in an interview. While RPD is not enabled by default, he said the number of machines that have it turned on is a “big concern” because it is so widely used in large organizations and business settings.The bug affects Windows XP and all versions of Windows released since, including the developer preview of Windows 8. It was privately reported by Luigi Auriemma, an Italian security researcher who frequently focuses on vulnerabilities in industrial control systems and SCADA, or supervisory control and data acquisition, systems used to control dams, gasoline refineries, and power plants. Microsoft said theres no indication the vulnerability is being used in the public to attack Windows users at the moment, but the company predicts that could change.”Due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days,” Suha Can and Jonathan Ness, of Microsoft Security Response Center Engineering, wrote in an advisory published Tuesday.
via Critical Windows bug could make worm meat of millions of high-value machines.
This should be interesting. Windows 8 will come with a know remote ability for ms to reach into your computers. Phones have had it for a while..now it’s time for desktops.
With the rollout of the Windows 8 operating system expected later this year, millions of desktop and laptop PCs will get kill switches for the first time. Microsoft (MSFT) hasn’t spoken publicly about its reasons for including this capability in Windows 8 beyond a cryptic warning that it might be compelled to use it for legal or security reasons. The feature was publicized in a widely cited Computerworld article in December when Microsoft posted the terms of use for its new application store, a feature in Windows 8 that will allow users to download software from a Microsoft-controlled portal. Windows smartphones, like those of its competitors, have included kill switches for several years, though software deletion “is a last resort, and it’s uncommon,” says Todd Biggs, director of product management for Windows Phone Marketplace.
Microsoft declined to answer questions about the kill switch in Windows 8 other than to say it will only be able to remove or change applications downloaded through the new app store. Any software loaded from a flash drive, DVD, or directly from the Web will remain outside Microsoft’s control. Still, the kill switch is a tool that could help Microsoft prevent mass malware infections. “For most users, the ability to remotely remove apps is a good thing,” says Charlie Miller, a researcher with the security company Accuvant.
The history of kill switches on smartphones and e-readers suggests they’re double-edged swords for the companies that wield them. In 2009, Amazon reached into users’ Kindles to delete e-book copies of George Orwell’s 1984 and Animal Farm that had been sold by a publisher without the necessary rights. The ensuing backlash caused Amazon Chief Executive Officer Jeff Bezos to call the move “stupid, thoughtless, and painfully out of line with our principles.”
This all depends on if they get the patchwaork dns server order extended. If they do then your infected pc will work fine. I hope they do not then these mahcines will cease to work and the infection will become obvious.
If your PC starts acting weird or totally goes offline on or after March 8th(for folks who keep their computers off) Please contact ECC for assistance.
Half of Fortune 500s, US Govt. Still Infected with DNSChanger Trojan — Krebs on Security.
There is another bill called ACTA which has been worked on behind closed doors and is set to assault everyone even more than SOPA. I have said SOPA was a misdirection and it was. Whether ACTA is the real beast or another deception remains to be seen. This bill needs to be fought harder on a global level than SOPA was. Considering how critical the internet is to the world in terms of business ACTA is even more dangerous than SOPA.
With the online community seemingly victorious in defeating the SOPA/PIPA bills in the US, you might think a collective sigh of relief would be in order.Attention on the SOPA fight is now quickly turning to another highly controversial attempt to protect intellectual property, which could allow for significantly greater powers to monitor web users. And the EU could be set to sign up despite strong opposition.The secretive Anti-Counterfeiting Trade Agreement ACTA might not be new, but it is shaping up to be the next target for protests by a galvanised online community. In fact, the ACTA treaty has been drawing condemnation from all manner of groups intent on protecting their rights, since it was leaked that the US, EU and various nations would negotiate treaty content.Australia, Canada, Japan, Republic of Korea, Morocco, New Zealand, Singapore, and the US have all signed up to ACTA, while the EU and others have indicated a commitment to do so at a later stage.There has been an air of secrecy about whats actually going into the bill. At first, it was thought that negotiations were mostly about physical goods. However, a series of leaks highlighted intentions to cover “internet distribution and information technology”, according to the Electronic Frontier Foundation.Under rules being put forward by the treaty, ISPs would be actively encouraged to monitor web users to make sure that IP infringement was not taking place. For the average web user it would be a catastrophic blow to freedom online.What is particularly is that it undermines the democratic debate of existing IP monitoring bodies such as the World Intellectual Property Organisation and the World Trade Organisation.Aside from a lack of transparency, controversy has also surrounded the relatively small group of countries involved in the ongoing talks, with many developing nations left out of discussions. This means that wealthy countries looking to push a hard line on IP laws will be able to decide which rules they want in place with little opportunity for change at a later date. Even in the nations in talks there is little inclusion by “civil society”, as the EFF puts it.
via Secret ACTA bill shakes the web – Online communities ready themselves for another fight | TechEye.
Once again Microsoft engages in anti-competitive and blatantly monopolistic behavior. Note this happens right after they are freed of the DOJ anti-trust oversight. If you are going to buy any kind of mobile device make sure it does NOT run windows or you won’t every be able to run anything but windows in it.
With Windows 8 coming out later this year, there has already been controversy about whether computers that ship with Windows 8 will have the ability to run Linux, either as a replacement for Windows or in a dual-boot setup. As weve reported, a process called UEFI secure booting prevents the booting of operating systems not signed by a trusted Certificate Authority—and hardware makers must enable the secure boot technology to qualify for a Designed for Windows 8 logo.This would make it difficult, but not impossible, for Linux operating systems to be installed on Windows 8 computers. Hardware manufacturers can still give users the option of disabling secure boot and running any operating system they wish. However, it now appears that flexibility will only be available to Windows 8 systems running on Intel chips, and not ARM ones.A Computerworld blog post points to a recent Microsoft document laying out the Windows 8 hardware certification requirements for client and server systems. This document mandates flexibility on Intel systems: “On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup,” Microsoft writes on page 116 of the document. But the opposite is true for ARM systems running Windows 8. “On an ARM system, it is forbidden to enable Custom Mode. … Disabling Secure MUST NOT be possible on ARM systems,” Microsoft states.This may still leave open the possibility that makers of Linux distributions can provide a signed version of the operating system, so that it can be installed alongside Windows 8 on ARM systems. But the prohibition on disabling secure boot does place another obstacle in the way. Weve reached out to Microsoft to see if the company has any further comment.
via Microsoft mandating Secure Boot on ARM, making Linux installs difficult.
