Computer Security Articles

In case you missed it — and you very well might have considering what time this ball got rolling — Sony has officially flipped the switch on the PlayStation Network, restoring service in a limited capacity as a gradually filling map of the United States. charted the progress of the rollout through the night. The map is now fully green, which means firmware update version 3.61 is now available for download to all U.S. users. In addition to online gameplay, the update brings back video rental playback, Music Unlimited on Qriocity, Netflix/Hulu access, Friends Lists, chat, Trophy comparison and PlayStation Home.

The update is a zippy download and installation as of 9:30 a.m. eastern time today, taking no more than 10 minutes to load into your console and do its thing. We’ll see if that changes as more of the country wakes up and tries to bring PS3s back online. In order to complete the update installation, you’ll need to change your password. Not that you wouldn’t want to, since… you know… your private information was compromised and stuff. That said, the real safeguards built into 3.61 are presumably under the hood, since even the most complex password won’t do you a lick of good if all of your info is stolen from the network servers again.

Sony no doubt wants to put this whole unfortunate affair behind it, but there will very likely need to be an extended healing period before consumer confidence can be restored. “Welcome Back” promotions and the like are all well and good, but only time is going to make this mess go away. Look at Microsoft and the whole “Red Ring of Death” circus; slightly different situation but with a similar reach. Both companies made mistakes before stepping up and doing what needed to be done; like Microsoft, Sony’s got a large enough user base that a return to business as usual is a certainty, even if it does take some time.

After all, that new Call of Duty: Black Ops map pack is going to come to PSN at SOME point.

Sony has published a new blog entry, confirming that credit card details which could have been stolen in the recent hack of the PlayStation Network were encrypted.

Sony reassured users of the PlayStation Network that “all credit card information stored in our systems is encrypted”, but underlined that it cannot rule out the possibility that the credit card data was stolen.

The fact that encryption was being used on the credit card data is to be welcomed – as it reduces the chances of stolen information being used for fraud.

However, there still remains the question about just how strong the encryption is that Sony used on the credit card data.

Sony has once again missed an opportunity to reassure its customers. They should have said in the first announcement of the data loss that the credit card data was encrypted, and they should – in this latest communication – have provided details of the nature of the encryption that was used.

No-one outside of Sony knows how feasible it would be to decrypt the credit card information if it had been accessed by the hackers.

Maybe they’ll post more information tomorrow. If I were a user of the PlayStation Network I` wouldn’t be enjoying waiting for the answers..

Meanwhile, don’t forget that we do know that the personal information of the PlayStation Network’s customers was not encrypted – which means that hackers may have accessed your name, address, email address, birthday, password, and so on.

“The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.”

Not sophisticated enough it seems.

Learn more on the PlayStation Network’s blog.

And don’t forget, you are strongly recommended to change your passwords elsewhere on the net, if you were using your PlayStation Network password on other sites.

After discovering an external intrusion, the persons in charge took the worldwide network and the Qriocity services offline on April 20th 2011. Since then, none of the games can be played online anymore, some offline games can’t even be played offline due to the lack of network functionality, not to talk about the possibility to view movies online.

But, apart from the non-existence of the well-reputed online services, there is a more critical problem than the lack of leisure time entertainment: The compromise of around 77 million consumer data records! This is an enormous amount of data!
An article in the PlayStationR Knowledge Center states that it seems that the following PlayStation Network/Qriocity account holder data has been compromised:

• name
• address (city, state, zip)
• country
• email address
• birth date
• PlayStationR Network/Qriocity password
• PlayStationR Network/Qriocity login
• handle/PSN online ID

Other profile data may also have been obtained, including

• purchase history
• billing address (city, state, zip)

If an account holder has authorized a sub-account for a dependent, the same data with respect to that dependent may have been obtained.
If an account holder provided credit card data through PlayStationR Network or Qriocity, it is possible that the

• credit card number (excluding security code)
• expiration date

may also have been obtained.

What does it mean for me?
Whoever stole the data did it on purpose and cyber criminals mostly are after some money. Selling the complete user data (maybe even including credit card information) can bring a lot of money in the underground forums and boards. To give you an example of the current prices for data collections, we collected some examples:

Furthermore, the user data compromised is most likely to be genuine and valid – This means, that e.g. spammers could launch sophisticated and dedicated spam actions to obtain even more data or to lure the victims into various traps.
If you have a Sony PlayStationR account, you should be aware of the fact that your data might be used in further scam attacks.

What can I do?
The problem is that end-users are defenseless against such a kind of attack against a vendor! There is no possibility for them to intervene. This highlights the importance of user awareness and sensibility for his/her own personal data. The more information is provided online, the more information can possibly be used against you.

The advices we can give with regard to such a kind of user accounts are the following:

• As soon as the network is online again, change your passwords!
• In case you are using the same user name on other platforms, change the passwords for these platforms as well!
• Only enter as much information into online accounts as is mandatory! Leave out all extra information not necessarily required to set up an account.
• Check your credit card account statements for irregularities and immediately contact your credit card company in case you identify something unusual. The chances are very high that the bank’s insurance covers the costs resulting from this kind of fraud.
• Use a dedicated credit card for internet transactions only!

Update 27/04/2011 15:30 GMT

A Spanish user tweet shows he has been charged in his card, his bank has called him after a suspicious charge to Netflix has been done (Netflix is not available in Spain):

He has called Sony customer service and has explained it all in his blog (in Spanish, English and French.)

************

When we talk about identity theft, compromised data, etc. all of us are used to think automatically in personal computers. In fact most of the advices are like this: “don’t log into your mail or any other services through computers you don’t trust.” And that’s ok, but when we use some other device, such as the Playstation 3, at home, we usually don’t think that the information will be compromised. And that has turned out to be the case, for all Playstation 3 users plus anyone with data in the PlayStation Network (PSN).

This is the official statement published by Sony, where you can read what data has been stolen:

- Name
- Address (city, state, zip)
- Country
- Email address
- Birthdate
- PlayStation Network/Qriocity password and login, and handle/PSN online ID.

Sony also warns that it is also possible that other profile data could have been stolen, such as purchase history and billing address, and the PlayStation Network/Qriocity password security answers.
They don?t rule out that credit card data has been compromised too (credit card number + expiration date).
This is one of the major data breach ever, with more than 70 million people potentially affected.

Finally, as we all are lazy bastards please run and change the password in case you were sharing the same one in any other place.

Q: What is PSN?
A: It’s the Sony PlayStation Network, an online gaming network.

Q: What devices can access it?
A: Sony PlayStation 3 (PS3) Sony PlayStation Portable (PSP). You can also use your PSN login on the Sony discussion forums.

Q: If I have a Playstation 3, do I also have a PSN account?
A: Not necessarily. PS3s and PSPs work fine without an Internet connection. However, the majority of users do use the online access feature and thus have created an account.

Q: Why does a gaming network have credit card information?
A: PSN is also a media delivery network. Users buy games, movies and music from there with their credit cards.

Q: How long has PSN been down?
A: Since 20th of April, 2011.

Q: What was stolen?
A: Sony believes that the stolen information includes name, address, e-mail address, birth date, password, and handle of all PSN users. They also believe credit card numbers may have been stolen, but not their security (CVV) codes.

Q: How many accounts were stolen?
A: Up to 77 million. Which would make this one of the biggest data breaches ever.

Q: What should end users do?
A: If you have used the same username/e-mail address with the same password in some other service, change the password now. When PSN comes back online, change your password there as well.

Q: What should end users do regarding their credit cards?
A: They should follow their credit card bills careful for any signs of fraudulent purchases. If you see any signs of fraud, report it to your credit card issuer.

Q: What kind of credit cards do you recommend for online use?
A: In general, credit cards are safer than alternatives, as long as you carefully follow your bills. We especially like systems such as the one provided by Bank of America, where you can generate temporary credit card numbers for online use. Citibank and Discover offer the same or similar technology.

Q: Who hacked PSN?
A: We don’t know.

Q: Was it “Anonymous”?
A: Anonymous has recently launched several attacks against Sony to protest Sony’s tactics (which include suing homebrew developers, harassing AIBO hackers, shutting down emulator companies, shipping rootkits, et cetera). However, Anonymous has announced they are not behind this breach.



Q: What’s the connection to Rebug?
A: Rebug is a custom firmware for PS3 that enables access to lots of features that are otherwise unreachable. In particular, recent versions made it possible for a normal PS3 to look like a developer unit. In some cases, this could be used to steal content from PSN shops for free. While the Rebug hack could be used to steal credentials and credit cards numbers from the PS3 unit it’s running on, there’s no obvious way it could be used to steal information on a larger scale. Rebug developers do not believe it was connected to the breach in any way.

Q: So, this could never happen on the gaming networks of XBOX and Wii, right?
A: We wouldn’t bet on that.

Here’s a link to Sony’s: official Q&A.

Not one to let Epsilon or Oak Ridge National Laboratories hog the media spotlight, Sony, a seasoned expert at security blunders such as the famous Sony rootkit, has taken the spotlight for one of the biggest security breaches of all time. Hackers were able to access Sony’s network and according to Sony http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/ the information compromised includes “name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained.”

Given the number of users who use the same password for multiple sites, I would expect there to be a ton of accounts compromised. This will go far beyond PlayStation, email and social networking accounts are likely to be compromised and even bank accounts as well.

If you have a Sony PlayStation Network/Qriocity account you need to assume that all of the data mentioned is in the hands of the bad guys. If you use the same security questions and answers at other web sites, you need to change the answers. Take a look at http://blog.eset.com/2009/05/04/honesty-is-not-the-best-policy-for-password-resets for pointers. If you use the same password on other sites that you used on the Sony site, you need to change those passwords. Of course you will need to change your Sony password when the PlayStation Network site comes back online.

Sony has additional recommendations at http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/. One of the recommendations that bears merit is for US residents to have the major credit reporting agencies place fraud alerts on their files. Sony warns that this may make it difficult for criminals to open credit in your name, but it also may make it a bit more of a hassle for you to open new lines of credit.

I am struck by the contrast between this incident where Sony is warning people that there is a problem and the Sony rootkit fiasco where Thomas Hesse, President, Sony BMG Global Digital Business, said “Most people, I think, don’t even know what a Rootkit is, so why should they care about it?” Perhaps Sony knows that most people do know what identity theft and fraud are.

If you are a security expert looking for a job, I would keep my eyes on the Sony website as clearly they have significant need for experts who understand defense in depth. Knowledge of encryption and multi-factor authentication systems will probably be desired as well.

Randy Abrams
Director of Technical Education
Cyber Threat Analysis Center
ESET North America

I have been skimming the glut of news stories covering the PlayStation hack following Sony’s statement yesterday.

The issues that keeps coming back to me are these:

1. Sony, like any company who keeps customer account details, is responsible for keeping this sensitive data safe.

So the question is, How could these details, potentially including credit card details, of a whopping 70 million users not be encrypted? It baffles the mind.

Perhaps the data was indeed encrypted, but if it was, how come Sony haven’t stated this?

Let’s say I accidentally leave my front door ajar, leave the house for a few days, and return to find that I was robbed. People will say I am a bit of an dodo brain, but I will still get sympathy from friends and family and we will all blame the thief.

But, if I convince all my friends and family to trust me with their prized possessions, pile their valuables on my coffee table, and then leave the front door open, I doubt they will be very supportive when I meekly approach them saying, “whoopsie – someone took em. These things happen, right?”

So it is no wonder that so many people are annoyed. They have a right to be.

2. What the F*** happened at PSN?

Having read Sony’s statement, they thank their “valued” customers for patience/goodwill/understanding (annoying in itself since I doubt many feel patient, generous or understanding). They also tell you to be wary of scams, which is all well and good.

But they don’t tell us what happened.

I really REALLY want Sony to stand up and explain how the company screwed up, how the bad guys got into their system, why the data wasn’t properly stored: a clear and concise explanation and, where appropriate, a straight-up apology for their oversights/misplaced bets/mistakes/etc

(Shall we place a bet on whether an APT was responsible? – sorry, couldn’t help it…)

It won’t get your data back, but at least we’ll all have some idea of how this happened. And it might do wonders to repair the trust issues it is bound to face with its stakeholders. More importantly, it will help other companies learn from Sony’s mistakes.

True, it can take some time to sort through all the bits and bobs before you provide a detailed explanation. But Sony set a rather slooooooow pace by waiting a week between its first announcement and yesterday’s statement.

So what can you do?

Read advice on your next steps, including changing your passwords and credit cards, from fellow Naked Security writer Graham Cluley.

Affected users have also been invited to get in touch directly with Sony if you have any questions.

Why not ask for a public explanation and apology? Feel free to share the response with Naked Security.

Users of Sony’s PlayStation Network are at risk of identity theft after hackers broke into the system, and accessed the personal information of videogame players.

The implications of the hack, which resulted in the service being offline since last week, are only now becoming clear as Sony has confirmed that the hackers, who broke into the system between April 17th and April 19th, were able to access the personal data of online gamers.

In a blog post, Sony warns that hackers have been able to access a variety of personal information belonging to users including:

* Name
* Address (city, state, zip code)
* Country
* Email address
* Date of birth
* PlayStation Network/Qriocity password and login
* Handle/PSN online ID

In addition, Sony warns that profile information – such as your history of past purchases and billing address, as well as the “secret answers” you may have given Sony for password security may also have been obtained.

As if that wasn’t bad enough, Sony admits that it cannot rule out the possibility that credit card information may also have been compromised:

While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

The fact that credit card details, used on the network to buy games, movies and music, may also have been stolen is obviously very worrying, and affected users would be wise to keep a keen eye on their credit card statements for unexpected transactions. Questions clearly have to be asked as to whether Sony was ignorant of PCI data security standards and storing this and other personal data in an unencrypted format.

So how could hackers exploit the information stolen from the Sony PlayStation Network?

1. Break into your other online accounts. We know that many people use the same password on multiple websites. So if your password was stolen from the Sony PlayStation Network, it could then be used to unlock many other online accounts – and potentially cause a bigger problem for you.

So you should always use unique passwords.

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

Oh, and you better be sure that you have changed your “secret answers” too.

2. Email you phishing scams or malware attacks. If they stole your email address from Sony, they can now email you. And it wouldn’t be difficult for the cybercriminals to create an email which pretended to be a legitimate organisation (perhaps Sony themselves?) to steal more information or carried a Trojan horse designed to infect your computer. The fact that they know your name and snail-mail address could make the email even more convincing.

3. Hit you in the wallet. If your credit card details have been exposed by the Sony PlayStation Network hack then you could find fraudsters begin to make purchases from your account – if you notice that money is missing, you’ll have to go through the rigmarole of claiming the money back from your credit card company.

This security breach is not just a public relations disaster for Sony, it’s a very real danger for its many users.

If you’re a user of Sony’s PlayStation Network now isn’t the time to sit back on your sofa and do nothing. You need to act now to minimise the chances that your identity and bank account becomes a casualty following this hack.

That means, changing your passwords, auditing your other accounts, and considering whether you should keep a closer eye on those credit card statements or simply telling your bank that as far as you’re concerned the card is now compromised.

More information can be found in Sony’s blog post.

Implicated in malware distribution, botnet C&Cs and spam, the network range 62.122.72.0/21 (62.122.72.0 - 62.122.79.255) is currently quite active in evil activities (you can find examples here and here and the SiteVet report here).

There aren’t many sites in this block, and they are almost all either in 62.122.73.0/24 and 62.122.75.0/24 (but blocking the /21 is safer).. but the vast majority of sites are rated deep red at MyWOT (a full list of sites and ratings can be downloaded here).

Who owns the block? The RIPE WHOIS details are:

inetnum:         62.122.72.0 – 62.122.79.255
netname:         RELNET-NET
descr:           “Leksim” Ltd.
country:         EU
remarks:         trouble: spam/scam/abuse issues send *ONLY* to: abuse@rel-net.eu
org:             ORG-TA388-RIPE
admin-c:         JT384-RIPE
tech-c:          BS594-RIPE
tech-c:          MR10655-RIPE
status:          ASSIGNED PI
mnt-by:          RELNET
mnt-by:          RIPE-NCC-END-MNT
mnt-lower:       RIPE-NCC-END-MNT
mnt-routes:      RELNET
mnt-domains:     RELNET
source:          RIPE # Filtered
mnt-routes:      ROOT-MNT

organisation:    ORG-TA388-RIPE
org-name:        “Leksim” Ltd.
org-type:        OTHER
address:         Stationsplein 30, 2910 MJ Capelle aan den IJssel,  The Netherlands
phone:           +31 10 2391391
fax-no:          +31 10 2391392
admin-c:         JT384-RIPE
tech-c:          BS594-RIPE
mnt-ref:         RELNET
mnt-by:          RELNET
source:          RIPE # Filtered

person:          Justin Thomson
address:         Stationsplein 30
address:         2910 MJ Capelle aan den IJssel
address:         THE NETHERLANDS
abuse-mailbox:   abuse@rel-net.eu
mnt-by:          RELNET
phone:           +31 10 2391391
nic-hdl:         JT384-RIPE
source:          RIPE # Filtered

person:          Bernd Spiess
address:         Gabelsberger Strasse 15
address:         9021 Klagenfurt
address:         AUSTRIA
mnt-by:          RELNET
phone:           +43 46 3223501
nic-hdl:         BS594-RIPE
source:          RIPE # Filtered

person:          Marcel Russo
address:         31, z.a. am Bann
address:         L-3375 Leudelange
address:         LUXEMBURG
mnt-by:          RELNET
phone:           + 352 2551301
nic-hdl:         MR10655-RIPE
source:          RIPE # Filtered

But is this “Leksim Ltd” or Relnet? Relnet’s contact details (for rel-net.eu, relnet.eu, relnet.hu) are very different:

domain:        relnet.hu
registrant:    Relnet Technologia Ltd.
registrant:    Relnet Technologia Kft.
    
tech-c:    David Andras
address:   Veso 7
address:   1133 Budapest
address:   HU
phone:     06-70-452-4603
fax-no:    06-1-350-1355
e-mail:    hostmaster@relnet.hu
hun-id:    2000466058
If you Google the first three names you get some very telling results.

Blocking the /21 is probably the best idea. I can identify the following domains in this block in case you want to block by domain name, or for more detail download the CSV version.

abussgf.com
adnologi.com
apicurl.com
asherhiftn.com
banner-count.com
belliali.com
best-figure.com
biznage.com
blank-record.com
cahodofo.com
chethole.com
clckil.com
clckli.com
cr0zybaner.com
cr0zybanner.com
croozybannir.com
crozybannir.com
data-saver.org
denizab.com
dhfodminmont.com
eleophy.com
fathone.com
fr0udsafetycheck0n.com
goodse.org
gredigns.com
gulderpoin.com
ineloitond.com
kicksho.com
krasivoe-telo.com
lineacount.info
lineweather.com
livesecpayment.com
livesecsuite.com
live-sec-suite.com
live-security-suite.com
liveslicense.com
livespayment.com
livessupport.com
lkckclckli1i.com
lsspayment.com
lsssupport.com
luffer.info
majusef.com
maketh.info
minteddi.com
mizaterp.com
monitor-info.com
mypersonalhttp.com
nonepersonal.com
nuensmidts.com
onlinedietolog.net
osago-msk.com
perleme.com
pinokolder.com
sileeber.com
spy-soft.org
tangoing.info
telemarker.ru
thestopbadware.com
thyrogl.com
tinnily.info
uatwdminmont.com
umogultvon.com
unmarine.info
virtepgulm.com
vkontacte.org
vkontakle.net
warwork.info
w-opay.com
w-optim.com
wovens.info
yafraudcheckonline.com
yledmanager.com
zblvdminmont.com
zumugolter.com

The Sony PlayStation Network, used by millions of online videogame players around the world, has been offline since Wednesday 20th April.

You can still play games offline, but if you want to connect your PlayStation to play online games, stream movies, or go shopping you’re out of luck.

According to Sony, who have been updating their blog with developments regarding the outage, the company decided to bring the network down after an “external intrusion”.

The company clearly isn’t planning to bring the network back until it is confident that its infrastructure is secure – and although inconvenienced, game players should be grateful that Sony appears to want to make sure it’s done the job properly and that any vulnerabilities are fixed.

Precisely how much longer those game players will have to wait, and whether their trigger-happy fingers and patience will be able to bear it, remains to be seen.

Patrick Seybold, Sony’s Senior Director of Corporate Communications, says:

"Our efforts to resolve this matter involve re-building our system to further strengthen our network infrastructure. Though this task is time-consuming, we decided it was worth the time necessary to provide the system with additional security.."

“Unfortunately, I don’t have an update or timeframe to share at this point in time. As we previously noted, this is a time intensive process and we’re working to get them back online quickly.”

Although Sony is doing a good job on its blog of reassuring players that they are working on securing and bringing back the network, they do not seem to have addressed the issue of whether any personal information (such as credit card details) might have been compromised by whoever attacked the PlayStation network.

The spectre of data loss is a worrying one - let's hope that nothing so sensitive has been lost, and that Sony will be able to share good news that may reassure its customers soon.

One area of interest that I have is network visualization. What I’m referring to is being able to visually see the traffic flows and patterns to determine anomolies or events of interest. We have so much information with our networks today, that it is difficult to process all of it. The trend seems to be getting worse and reverting back to my good ole Army days of Do more with less. With the economic times we live it, it always seems that security is one area that takes a hit. So, we have to work smarter and network visualization is one area that Ithink has great potential, but seems to be very under developed.
I haven’t explored what’s out there in a couple of years. What was out there that I experimented with it were tools such as:

Time-based Network Traffic Visualizer (TNV)
NVisionIP
Spinning Cube of Potential Doom
VisFlowConnect
FlowTag
InetVis

However, these tools had a long ways to go before they could really be effective on a large scale. Some were java based and SLOW (others were just slow) when processing any significant amount of data. However, what they did do, was pretty impressive for being able to visually make sense of a pcap file or your netflow data. They work great for looking at small chunks of traffic and helping immediately see anomolies. If this could just be channeled into a near real-time scenario for monitoring networks, that would be fantastic.
I did some quick google searches and didn’t turn up any thing new in this arena. If anyone has any experience with network visualization or knows of any tools or workbeing done, please let us know.

(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.

DrWeb — Doctor Web presents a new Dr.Web product line for corporate customers — Dr.Web Enterprise Security Suite. The new product line incorporates Dr.Web software products which support centralized administration of protection for all hosts in a corporate network. Licensing terms have undergone significant changes to reflect the main idea of Dr.Web Enterprise Security Suite – provide an opportunity to establish centrally-managed anti-virus protection for all hosts in a corporate network with one Dr.Web solution.

The Dr.Web product line is improved constantly as Doctor Web in its strive to provide the highest usability and user-friendliness releases new products and adds new features to anti-viruses users are already familiar with . By releasing its top Dr.Web 6.0 business product in September 2010, Doctor Web united numerous software Dr.Web products into five commercial Dr.Web products. The merging of software products into commercial ones makes it easier for customers to choose a solution they need. Search through the multitude of products is no longer necessary – decide what you need to protect and Dr.Web will get you a solution.

You’ve got something that needs protection? We’ve got Dr.Web!

Dr.Web Enterprise Security Suite incorporates all Dr.Web products for corporate customers. Dr.Web Enterprise Security Suite includes the following commercial Dr.Web products:

Dr.Web Desktop Security Suite — protection of personal computers, embedded system clients and terminal and virtual server clients,Dr.Web Server Security Suite — protection for file and application servers (including terminal and virtual servers),Dr.Web Mail Security Suite — protection for mail servers,Dr.Web Gateway Security Suite — protection for gateways, Dr.Web Mobile Security Suite — protection for mobile devices.

New licensing provides flexible license configuration enabling a user to select only components he needs. A customer can choose between any software products included into the commercial Dr.Web product. Pricing is also transparent since the customer can see what he pays for and he pays only for the software he intends to use.

One basic Anti-virus license is available for all products except for Dr.Web Desktop Security Suite which can also be purchased under the Comprehensive protection license (it includes anti-virus, anti-spam, HTTP-monitor, office control and firewall). The Anti-virus license for Dr.Web Desktop Security Suite now also covers the firewall. Each commercial Dr.Web product incorporates its own set of additional components. The anti-spam, for example, is available with three products: Dr.Web Mail Security Suite, Dr.Web Gateway Security Suite and Dr.Web Mobile Security Suite and it is provided free of charge with the suite for mobile devices; yet SMTP proxy is only available with Dr.Web Mail Security Suite.

The Control Center is licensed free of charge for all Dr.Web Enterprise Security Suite products. The following anti-viruses can be managed by means of the Control Center:

Dr.Web for Windows, Linux and Mac OS X desktops and laptops;Dr.Web for Windows server, Mac OS X Server and Novell NetWare;Dr.Web for Unix mail servers, Microsoft Exchange, IBM Lotus and Kerio mail servers;Dr.Web for Internet gateways Kerio;Dr.Web for mobile devices running Windows Mobile.

Dr.Web Mobile Security Suite is only available with other products. Customers purchasing Dr.Web Desktop Security Suite get the suite for handhelds free of charge along with Dr.Web CureNet! (if the license covers the Control Center) and Dr.Web CureIt! (without the Control Center).

You can find more detailed information about licensing of Dr.Web Enterprise Security Suite here.

Another innovation concerns Dr.Web key files. Now a single key file is generated for the solution selected by a customer. The file can be used with Dr.Web software products for protection of a certain type of objects under all platforms supported by the commercial Dr.Web product. If you change your platform from Unix to Windows while the license is valid, you won’t need to change the key but simply download a distribution file of a required program free of charge from www.drweb.com and install it.

Products fro business are available as Dr.Web Enterprise Security Suite and as separate commercial products.

The changes aim at meeting contemporary requirements of the market and also to simply choosing and using our products. Dr.Web is reliable and also is easy.

Buy from partners | Buy online

View the original article at DrWeb Blog

At the Chaos Computer Club Congress in Berlin, Germany on Monday, researchers from the University of Regensburg delivered a new warning about the Tor anonymizer network, a system aimed at hiding details of a computer user’s online activity from spying eyes.

The attack doesn’t quite make a surfer’s activity an open book, but offers the ability for someone on the same local network—a Wi-Fi network provider, or an ISP working at law enforcement (or a regime’s) request, for example—to gain a potentially good idea of sites an anonymous surfer is viewing.

Read the comments on this post

Full story: Security

24% of the clicks generated by a massive wave of invitations to view a Facebook status that caused a young girl to be expelled from school came from mobile platforms.

Full story: MalwareCity Blog

If a little salt makes food taste better, then a lot must make it taste great, right? This logic is often applied in the digital domain, too. (My pet peeve is that TV shows and DVDs keep getting darker and darker.) In a similar vein, networks used to buffer a little data, but these buffers have been getting larger and larger and are now getting so big they are actually reducing performance. Long-time technology pundit Bob Cringely even deemed the issue worthy of three of his ten predictions for the new year.

Networks need buffers to function well. Think of a network as a road system where everyone drives at the maximum speed. When the road gets full, there are only two choices: crash into other cars, or get off the road and wait until things get better. The former isn’t as disastrous on a network as it would be in real life: losing packets in the middle of a communication session isn’t a big deal. (Losing them at the beginning or the end of a session can lead to some user-visible delays.) But making a packet wait for a short time is usually better than “dropping” it and having to wait for a retransmission.

Read the comments on this post

Full story: Security

CSA DISCLAIMER: This video taken from YouTube. As well as any other video found on this site is not hosted here, it just embedded, and it taken randomly by our system from video hosting services like YouTube, Metacafe, and others. Therefore, we are not responsible for any copyright violations, video materials, hacking or cracking activities, or any other. If you have any legal issues, please contact the appropriate host site.

Sometimes you run into something security-related in the computer industry that’s so stupid it’s hard to believe. Here we go again:

Many routers and other network devices use default or hard-coded SSL keys that can be recovered from the device’s firmware. An attacker could then use the keys to listen in on HTTPS traffic to the administration interface of the device. The database has over 2,000 device keys from vendors including Cisco, Linksys, D-Link and Netgear.

So a group has started a project called littleblackbox that contains a database of devices and their private keys.

Strictly speaking, this isn’t a vulnerability; it’s poor implementation. I’d also venture to say that the impact is not all that great, as typically it only allows sniffing of traffic inside the network. If the attacker is already in control of a PC inside the network you’ve already got a big problem and he will have a high rate of success in controlling the network device simply by using default usernames and passwords. There are many databases of these, such as this one.

– on Security Watch

Following a four-month beta program, Microsoft Security Essentials (MSE) 2.0 has been released. The new version significantly revamps the heuristic scanning engine, adds Windows Firewall integration as well as network traffic inspection. The update unquestionably makes MSE, which has already become very popular due to its quiet but effective ways, even more of a must-have for Windows users.

MSE has always been very good at finding and removing malware, but it has relied mainly on antimalware definitions. The improved heuristic engine makes it even better at detecting threats; at the same time, we expect the number of false positives to slightly increase as well. The new Windows Firewall integration is a minor improvement: it lets you tweak Microsoft’s firewall from inside MSE.

The network inspection feature does exactly what its name implies: inspect traffic as you browse. It uses the Windows Filtering Platform in Windows Vista and Windows 7; Windows XP users won’t be able to benefit from this feature. The Windows Filtering Platform allows programs to plug themselves into the networking subsystem and monitor any network traffic, even whatever is allowed through the firewall. MSE also now integrates with Internet Explorer to better protect against Web-based threats by preventing malicious scripts from running. Version 1.0 only detected such scripts when they were written to IE’s cache, by which point it could be too late.

MSE is free for home users and free for small businesses with 10 PCs or fewer. For larger enterprises, there’s the Forefront suite. Forefront uses the same core anti-malware engine as MSE, and so it’s not surprising that Forefront Endpoint Protection 2010 has also hit the RTM milestone at the same time, though it won’t be available to volume licensing customers until January 1, 2011.

On the other hand, MSE 2.0 is available now from the Microsoft Download Center. If you already have MSE installed, it should have automatically updated by now, and yes, it probably required a restart.

Read the comments on this post

– on Security

Asociatia Family Network Connections / FAMILY-NETWORK is a Romanian network, and their AS49253 netblock seems to have suddenly turned evil.

The SiteVet report for this AS shows a sudden increase in recent weeks, with over 1500 sites that may be malicious included in the 95.64.110.0/23 block. Most of these evil sites are on just one host, 95.64.110.100. There may be some legitimate sites here, – on Dynamoo’s Blog

Informex on AS20564 (193.178.172.0/24) is a Ukranian operation implicated in a lot of bad things including banking trojans.

SiteVet.com fingers this as the 27th worst network on the net,  and links it to various malware domains and Zeus servers. There are a couple of hundred domains in this block, all worth blocking.. either by the whole IP address range or use this CSV file with MyWOT rankings, – on Dynamoo’s Blog

A June 2010 hacking incident that compromised a network at the Federal Reserve Bank of Cleveland happened on a test system and not the bank’s production servers.

Source: Computerworld Security News

There is some commotion in The Netherlands. Telecom/ISP provider UPC is providing its customers with the Thomson TWG870U router, a Docsis 3.0 router. On the tweakers.net forum (dutch langauge), a user discovered that the router, which is also providing Wireless Access, has a second hidden wireless network. Problem here is that:

It is enabled by default when Wireless Access is enabled
You can not turn it off, unless you switch off all Wireless Access
The SSID, although not transmitted, is “UPC_MultiMedia” and is present in all routers of this type.
This SSID can not be changed
The WPA encryptionkey can easily be obtained and is the same within all routers
The WPA encryptionkey can not be altered
Although you can not get to the modem control pages or to other computers in the network, you can reach internet.

The purpose of this hidden network is, accoriding to UPC, to offer “new possibilities” in the future, without going into these “new possibilities”. The hidden network has been activated by accident when new firmware was rolled out. UPC is working on a “quick” fix which will be released tomorrow or in the weekend. This “quick” fix will deactivate the hidden network. Hopefully this fix will not raise other problems, which usually happens with “quick” fixes.
Needless to say is that with this information, you are open to the world. Not only can everyone use your router as a public access point, everyone can use your account to perform all kinds of cybercrime related actions.
Norman advises all users of the Thomson TWG870U router to disable the Wireless Access completely until the firmware that fixed this obvious security hole (or “new possibilities” feature) has been released.
Hmmm… I wonder if “Multiple SSID: yes” on page 4 of the technical specifications of this router would have given it away…
 

Source: Norman’s security blog

Internet Security, CSU/DSU’s and Network Layers (c) 1996 ACCAD

A simple, yet very effective “change your background” invitation infests social network accounts with adware.

Source: MalwareCity Blog