[+] Wayc0de's Blog[+]

Assalamu'alaikum Wr Wb

sudah lama saya tidak membikin postingan di blog ini, akhirnya hari ini ada niat buat ngisi lagi

CEKIDOT !!!

=============================================================

Anti-Spam

1. ASSP

Replaces: Barracuda Spam and Virus Firewall, SpamHero, Abaca Email Protection Gateway

The self-proclaimed "absolute best SPAM fighting weapon that the world has ever known," ASSP sits on your SMTP servers to stop spam and scan for viruses. Features include browser-based setup, support for most SMTP servers, automatic whitelists, early sender verification, Bayesian filters and more. Operating System: OS Independent.

2. MailScanner

Replaces: Barracuda Spam and Virus Firewall, SpamHero, Abaca Email Protection Gateway

Downloaded more than 1.3 million times by users in 225 countries, MailScanner is a free e-mail security package for mail servers. It incorporates SpamAssassin, ClamAV and a number of other tools to block spam and malware. Operating System: OS Independent.

3. SpamAssasin

Replaces: Barracuda Spam and Virus Firewall, SpamHero, Abaca Email Protection Gateway

"The powerful #1 open-source spam filter," SpamAssassin uses header and text analysis, Bayesian filtering, DNS blocklists, collaborative filtering databases and other techniques to block spam. The project is managed by the Apache Foundation, and it's been incorporated into a number of other open source and commercial products. Operating System: primarily Linux and OS X, although Windows versions are available.

4. SpamBayes

Replaces: Barracuda Spam and Virus Firewall, SpamHero, Abaca Email Protection Gateway

As you might guess from the name, this project offers a group of Bayesian filters for blocking spam. The site includes versions for Outlook, Outlook Express, Windows Live Mail, IncrediMail, Thunderbird, Gmail, Yahoo Mail and others. Operating System: OS Independent.

Anti-Spyware

5. Nixory
Replaces: SpyBot Search and Destroy, AdAware

Nixory removes and block malicious tracking cookies (aka, spyware) from your system. It supports Mozilla Firefox, Internet Explorer and Google Chrome, and it won't slow your system while you surf. Operating System: OS Independent.

Anti-Virus/Anti-Malware

6. ClamAV

Replaces Avast! Linux Edition, VirusScan Enterprise for Linux

This tremendously popular anti-virus engine has been incorporated into numerous security products and calls itself "the de facto standard for mail gateway scanning." The open source version runs on UNIX or Linux mail servers, but the website also offers a version called Immunetfor individual Windows PCs. Operating System: Linux.

7. ClamTK

Replaces Avast! Linux Edition, VirusScan Enterprise for Linux

ClamTK makes ClamAV a little bit easier to use by providing a graphical interface for the anti-virus engine. Like the original, this one runs on Linux and scans on demand. Operating System: Linux.

8. ClamWin Free AntiVirus

Replaces Kaspersky Anti-Virus, McAfee AntiVirus Plus, Norton Anti-Virus

Based on ClamAV, ClamWin protects more than 600,000 PCs from viruses and malware. Note that unlike most commercial anti-virus packages, ClamWin does not offer an on-access real-time scanner; in order to scan incoming files, you'll need to save them and then run a scan manually before opening or running the files. Operating System: Windows.

9. P3Scan

Replaces Avast! Linux Edition, VirusScan Enterprise for Linux

With P3Scan, you can set up a transparent proxy server that provides anti-virus and anti-spam protection. Operating System: Linux.

Backup

10. Amanda

Replaces: Simpana Backup and Recovery , NetVault, HP StorageWorks EBS

Protecting more than 500,000 systems worldwide, Amanda lays claim to the title "most popular open source backup and recovery software in the world." In addition to the community version, it's also available in a supported enterprise edition or as an appliance. Operating System: Windows, Linux, OS X.

11. Areca Backup

Replaces: NovaBackup

Aiming for a balance between simplicity and versatility, Areca offers an easy graphical interface with many options for creating and interacting with archived files. Key features include compression, encryption, delta backup support, archive merges and more. Operating System: Windows, Linux.

12. Bacula

Replaces: Simpana Backup and Recovery , NetVault, HP StorageWorks EBS

Designed for enterprise users, Bacula backs up multiple systems across a network. Commercial support and services for the popular product are available through Bacula Systems. Operating System: Windows, Linux, OS X.

13. CloneZilla

Replaces: Norton Ghost

Created as an alternative to Ghost, Clonezilla can clone single or multiple systems very quickly. It comes in two versions: Clonezilla Live for individual systems and Clonezilla SE for massive networks. Operating System: Windows, Linux, OS X.

14. PartiMage

Replaces: Norton Ghost, NovaBackup, McAfee Online Backup, Carbonite.com

Partimage can create a complete image of your system, which is useful if you need to recover from a full system crash or if you want to configure multiple systems with exactly the same software. It can also create a recovery partition on your drive. Operating System: Linux.

15. Redo

Replaces: Norton Ghost, NovaBackup, McAfee Online Backup, Carbonite.com

Calling itself the "easiest, most complete disaster recovery solution available," Redo offers backup, restore and bare-metal recovery capabilities. Even in the most severe emergencies where you must completely replace a drive, Redo claims it can get you back up and running with all of your programs and files in just 10 minutes. Operating System: Linux.

Browsers

16. Chromium

Replaces: Microsoft Internet Explorer

The open source version of Google Chrome, Chromium tends to be faster and more secure than competing browsers. Key security features include sandboxing, automatic updates, SafeBrowsing and more. Operating System: Windows, Linux, OS X.

17. Dooble

Replaces: Microsoft Internet Explorer

Dooble's developers have created this newer browser with an eye on safety and ease of use. Unlike most other browsers, it automatically encrypts all traffic for greater privacy and security. Operating System: Windows, Linux, OS X.

18. Tor

Replaces: Microsoft Internet Explorer

Tor protects your identity by providing anonymity while you browse the Web. It's used by journalists, activists, whistle-blowers and others concerned that someone might be snooping on their online activities. Operating System: Windows, Linux, OS X.

Browser Add-Ons

19. Web Of Trust

Replaces: McAfee SiteAdvisor Plus

Downloaded more than 33 million times, this popular add-on for Firefox, Internet Explorer, Chrome, Safari or Opera lets users know when they've strayed into websites that are questionable or insecure. It utilizes user ratings to identify sites that perpetuate scams, collect personal information or include unsuitable content, and it ranks them with a green-yellow-red classification system. Operating System: Windows, Linux, OS X.

20. Password Maker

Replaces Kaspersky Password Manager, Roboform

Using the same password all the time puts you at risk, but many people do it anyways because it's so difficult to remember a lot of different passwords. This browser add-on offers a better solution for the problem by creating unique passwords for each site you visit and storing them in an encrypted file that you access with a single master password. Operating System: Windows, Linux, OS X.

Data Removal

21. BleachBit

Replaces Easy System Cleaner

This helpful utility cleans up your system to protect your privacy and improve performance. It frees up disk space by cleaning junk from more than 90 applications, erasing temporary files, deleting cache and browsing history, and "shredding" unwanted files. Operating System: Windows, Linux.

22. Eraser

Replaces BCWipe Enterprise

Like BleachBit, Eraser "shreds" deleted files so that they cannot be recovered. It helps protect sensitive information by rewriting over deleted files several times with random data. Operating System: Windows

23. Wipe

Replaces BCWipe Enterprise

Wipe offers the same functionality as Eraser, but it's for Linux instead of Windows. The site also offers a wealth of information for those interested in learning more about how file "shredding" works. Operating System: Linux.

24. Darik's Boot And Nuke

Replaces Kill Disk, BCWipe Total WipeOut

While Eraser and Wipe delete single files, DBAN securely deletes entire disks. It's very helpful when donating or disposing of an old system. Operating System: OS Independent.

Data Loss Prevention

25. OpenDLP

Replaces RSA Data Loss Prevention Suite, CheckPoint DLP Software Blade, Symantec Data Loss Prevention Product Family

OpenDLP is a "agent- and agentless-based, centrally-managed, massively distributable data loss prevention tool." It allows security or compliance managers to scan thousands of systems simultaneously via agents or perform agentless data discovery against a MySQL or Microsoft SQL server. Operating System: Windows.

26. MyDLP

Replaces RSA Data Loss Prevention Suite, CheckPoint DLP Software Blade, Symantec Data Loss Prevention Product Family

MyDLP can block credit card numbers, social security numbers, or sensitive files from being transmitted via e-mail, printers, the Web or removable devices. In addition to the free community version, it also comes in a paid enterprise version. Operating System: Windows, Linux, VMware.

Encryption

27. AxCrypt

Replaces McAfee Anti-Theft, CryptoForge

With nearly 2.5 million registered users, AxCrypt claims to be the "leading open source file encryption software for Windows." It integrates with Windows Explorer—to use it, you simply right-click to encrypt a file or double-click to decrypt. Operating System: Windows.

28. Gnu Privacy Guard

Replaces PGP Universal Gateway Email Encryption

This Gnu project is a command-line implementation of the popular OpenPGP encryption standard. It supports ElGamal, DSA, RSA, AES, 3DES, Blowfish, Twofish, CAST5, MD5, SHA-1, RIPE-MD-160 and TIGER encryption algorithms. Operating System: Linux.

29. GPG Tools

Replaces PGP Universal Gateway Email Encryption

Mac users can download this version of GPG for a more user-friendly way to encrypt e-mail and files. The website includes quite a bit of help and tutorials for new users, which make it even easier to get started using the app. Operating System: OS X.

30. GPG 4 Win

Replaces Cypherus

And this version offers GPG for Windows users, complete with a GUI. It installs quickly and easily, and it protects both files at rest and mail messages. Operating System: Windows.

31. PeaZip

Replaces WinZip

While it's really a compression utility not an encryption tool, PeaZip also offers strong encryption capabilities, which is why we included it in this section of the list. It also includes two-factor authentication capabilities and secure deletion. Operating System: Windows, Linux.

32. Crypt

Replaces McAfee Anti-Theft, CryptoForge

At just 44KB, Crypt is one of the lightest weight encryption utilities available. And because it can encrypt 3MB worth of data in just 0.7 seconds, it's also one of the fastest. However, it doesn't have a GUI, so you'll need to be comfortable with the command line in order to use it. Operating System: Windows.

33. NeoCrypt

Replaces McAfee Anti-Theft, CryptoForge

NeoCrypt supports multiple encryption algorithms, including AES, DES, Triple-DES, IDEA, RC4, RC5, CAST-128, BlowFish, SkipJack. It runs from an easy-to-use GUI, and it also integrates with the Windows Shell so that you can encrypt and decrypt files right from Windows Explorer. Operating System: Windows.

34. LUKS/CyrptSetup

Replaces PGP Whole Disk Encryption

Short for "Linux Unified Key Setup," LUKS calls itself "the standard for Linux hard disk encryption." While many of the other apps on our list encrypt files one by one, LUKS encrypts your entire drive. Operating System: Linux.

35. FreeOTFE

Replaces PGP Whole Disk Encryption

Like LUKS, this app encrypts an entire drive. With it you can create and encrypt virtual disks on your hard drive. It's also highly portable and can run from a thumb drive. Operating System: Windows.

36. TrueCrypt

Replaces PGP Whole Disk Encryption

One of the most popular open source disk encryption options, TrueCrypt boasts more than 22 million downloads. Thanks to parallelization and pipelining technology, it offers fast reads and writes 0f encrypted information. Operating System: Windows.

Secure File Transfer

37. WinSCP

Replaces CuteFTP, FTP Commander

Extremely popular, the award-winning WinSCP includes an SFTP client, SCP client, FTPS client and FTP client. It offers two different interfaces and also includes an integrated text editor. Operating System: Windows.

38. FileZilla

Replaces CuteFTP, FTP Commander

While WinSCP offers only a client version, FileZilla offers both a client version and a version that allows you to set up your own FTP server. It supports FTP, FTPS and SSH transfer protocol. Operating System: Windows, Linux, OS X.

Forensics

39. Odessa

Replaces EnCase Forensics, X-ways Forensics, AccessData Forensic Toolkit

The Open Digital Evidence Search and Seizure Architecture, aka "ODESSA," offers several different tools that for examining and reporting on digital evidence. This is an older project, but still valuable. Operating System: Windows, Linux, OS X.

40. The Sleuth Kit/AutoPsy Browser

Replaces EnCase Forensics, X-ways Forensics, AccessData Forensic Toolkit

These two apps work together: The Sleuth Kit offers command line tools for conducting digital investigations, and Autopsy Browser offers a browser-based GUI for accessing those tools. The project also now includes a Hadoop framework for large-scale data analysis. Operating System: Windows, Linux, OS X.

Gateway/Unified Threat Management Appliances

41. Endian Firewall Community

Replaces: Check Point Security Gateways, SonicWall, Symantec Web Gateway

Endian Firewall Community can turn any PC (including pretty old ones) into a gateway security appliance complete with a firewall, application-level proxies with antivirus support, virus and spam-filtering for email, Web content and a VPN. Supported versions of the software and hardware appliances are also available on the site. Operating System: Linux.

42. Untangle Lite

Replaces: Check Point Security Gateways, SonicWall, Symantec Web Gateway

Similar to Endian, Untangle Lite also helps users create their own gateway security appliances. In addition, Untangle offers commercial products, and you can download each of the individual apps included in Untangle Lite (firewall, intrusion prevention, attack blocker, etc.) separately. Operating System: Linux.

43. ClearOS

Replaces: Check Point Security Gateways, SonicWall, Symantec Web Gateway

ClearOS combines gateway security functionality with the capabilities of a small business server. It offers networking, groupware, a mail server, a Web server and more. Paid support and hardware are also available. Operating System: Linux.

Intrusion Detection

44. Open Source Tripwire

Replaces Tripwire

Standard Tripwire is now a closed source project, but the community has continued developing the open source version released in 2000. It monitors the content of files and alerts network managers when those files have changed, alerting them to possible intrusions. Operating System: Windows, Linux.

45. OSSEC

Replaces Corero IPS, < ahref="http://www.hpenterprisesecurity.com/products/hp-tippingpoint-network-security/">HP Tipping Point IPS, Sophos HIPS

In addition to file integrity checking, OSSEC also performs log analysis, policy monitoring, rootkit detection and real-time alerting to help prevent and detect intrusions into your network. It's downloaded more than 5,000 times per month and has won numerous awards. Operating System: Windows, Linux.

46. AFICK

Replaces Tripwire

AFICK, short for "Another File Integrity Checker," offers similar functionality as Tripwire. It's portable, fast and runs from a GUI or the command line. Operating System: Windows, Linux.

47. Snort

Replaces Corero IPS, < ahref="http://www.hpenterprisesecurity.com/products/hp-tippingpoint-network-security/">HP Tipping Point IPS, Sophos HIPS

With millions of downloads and more than 400,000 registered users, Snort claims to be "the most widely deployed IDS/IPS technology worldwide." Operating System: Windows, Linux OS X.

Network Firewalls

48. IPCop

Replaces Barricuda NG Firewall, Check Point Appliances

Like most of the other apps on our Firewall list, IPCop turns a PC into a Linux-based firewall to protect your network. This one is designed for home or SOHO users, and it boasts an easy-to-use Web interface. Operating System: Linux.

49. Devil-Linux

Replaces Barricuda NG Firewall, Check Point Appliances

Although it was originally designed to offer firewall and router functionality, Devil-Linux can also operate as a server for many applications, including mail hosting. Created by IT administrators for IT administrators, it boasts top-notch security and excellent customization capabilities. Operating System: Linux.

50. Turtle FireWall

Replaces Barricuda NG Firewall, Check Point Appliances

Designed to be simple and fast, Turtle allows network managers to configure it via a Web interface or by modifying XML files. The website also includes some good introductory information on the nature of firewalls. Operating System: Linux.

51. ShoreWall

Replaces Barricuda NG Firewall, Check Point Appliances

Shorewall doesn't claim to be the easiest Linux firewall to use, but it does claim to be "the most flexible and powerful." You can use it on a system functioning as a dedicated firewall, as a multi-function gateway/router/server or as a standalone GNU/Linux PC. Operating System: Linux.

Network Firewalls (continued from previous page)

52. Vuurmuur

Replaces Barricuda NG Firewall, Check Point Appliances

Vuurmuur is designed to be both simple and powerful. In addition to standard firewall capabilities, it also supports traffic shaping and offers advanced monitoring capabilities. Operating System: Linux.

53. M0n0wall

Replaces Barricuda NG Firewall

Although it was designed for embedded PCs and appliance, m0n0wall can also run on a standalone PC running FreeBSD. It requires less than 12MB of space and boots in less than 25 seconds. Operating System: FreeBSD.

54. pfSense

Replaces Barricuda NG Firewall, Check Point Appliances

This m0n0wall fork is also based on BSD, but is designed for regular computers, not embedded hardware. It's been downloaded more than 1 million times and currently runs on more than 100,000 networks, including large corporations and universities as well as small home networks. Operating System: FreeBSD.

55. Vyatta

Replaces Cisco products

The "core" Vyatta software allows users to make their own firewalls/networking appliances and routers. The company also offers paid software and hardware. Operating System: Linux.

Network Monitoring

56. Wireshark

Replaces: OmniPeek, CommView

Calling itself the "world's foremost network protocol analyzer," Wireshark makes it easy to capture and analyze network traffic. Commercial products and services related to the software are available through Riverbed Technology. Operating System: Windows, Linux, OS X.

57. TcpDump/Libpcap

Replaces: OmniPeek, CommView,

Tcpdump is a command line packet analyzer, and libpcap is a C/C++ library for network traffic capture. Working together, the two provide a good network monitoring solution, but, lacking a GUI, they are not particularly user-friendly. Operating System: Linux.

58. WinDump

Replaces: OmniPeek, CommView

Managed by Riverbed Technology (which also owns Wireshark), WinDump ports tcpdump to the Windows platform. This site also includes the WinPcap library and drivers for traffic capture. Operating System: Windows.

Password Crackers

59. OphCrack

Replaces Access Data Password Recovery Toolkit, Passware

From time to time, everyone needs to recover a lost or unknown password. This password cracker uses the rainbow tables method to recover unknown passwords, and it also includes a brute force module for simple passwords. Operating System: Windows.

60. Access Data Password Recovery, Passware

John the Ripper is particularly good at cracking weak passwords, but in order to use it, you'll need a list of commonly used passwords. You can buy password lists or a pro version of the software from the same site. Operating System: Windows, Linux, OS X.

Password Management

61. KeePass Password Safe

Replaces Kaspersky Password Manager

This popular password manager stores all of your passwords in an encrypted database. You'll only need to remember one master password, while this easy-to-use, lightweight app helps protect you from identity thieves. Operating System: Windows.

62. KeePassX

Replaces Kaspersky Password Manager

If you use OS X or Linux, try this fork of KeePass. Plus, it adds a few features not in the original and runs on Windows as well. Operating System: Windows, Linux, OS X.

63. Password Safe

Replaces Kaspersky Password Manager

Downloaded more than 1 million times, Password Safe is another popular open source option for protecting your passwords. Like KeePass, it's lightweight and stores your encrypted passwords in a database so that you only need to recall one master password. Operating System: Windows.

User Authentication

64. WIKID

Replaces Entrust IdentityGuard, Vasco Digipass, RSA's SecurID

WiKID boasts "two-factor authentication without the hassle factor." In addition to the free community version, it also comes in a supported enterprise version which also adds additional functionality. Operating System: OS Independent.

Web Filtering

65. DansGuardian

Replaces McAfee Family Protection

NetNanny, CyberPatrol

This award-winning content filter uses phrase matching, PICS filtering, URL filtering and other methods to block objectionable content. Note that this software does not run on individual PCs; it runs on an OS X or Linux server to protect the rest of your network. Operating System: Linux, OS X.

=============================================================

mungkin sekian dulu dari ane, semoga bermanfaat bagi kita semua

wassalamu'alaikum wr wb

Sumber Read More...

The mobile version of the Firefox extension includes protection for cross-site scripting attacks and clickjacking

The developer of the widely used Firefox extension NoScript has released a version for the Android and Maemo operating systems.

NoScript is a security tool that can be used to block the execution of JavaScript, Java, Flash, and plugins by websites that are viewed as being potentially malicious. Many Web-based attacks on computers are initiated by JavaScript.

[ Learn how to manage iPads, iPhones, Androids, BlackBerrys, and other mobile devices in InfoWorld's 20-page Mobile Management Deep Dive PDF special report. | Keep up on key mobile developments and insights via Twitter and with the Mobile Edge blog and Mobilize newsletter.

NoScript's developer, Giorgio Maone, wrote on his blog on Saturday that porting the application for Firefox on Android and Maemo was not easy, as it was a full rewrite of the extension, and "there's still a lot of work ahead."

The mobile version, called NoScript 3.0a8, includes protection against cross-site scripting attacks, in which a script drawn from another website is allowed to run that shouldn't. Cross-site scripting can allow an attacker to steal information or potentially cause other malicious code to run.

It also can block "clickjacking," another kind of attack where a user is tricked into clicking on certain parts of a Web page with hidden buttons that perform malicious actions. Those hidden buttons are delivered by an invisible iframe, which is a window that brings other content into the target website.

In 2008, researchers Robert Hansen and Jeremiah Grossman discovered a clickjacking attack involving Adobe Systems' Flash application that could give remote access to a victim's Web camera and microphone.

There are around 1,000 pieces of malware circulating for mobile devices, which pales in comparison to malware built for Windows desktop operating systems. But security analysts predict that mobile phones will increasingly be attacked for the sensitive data stored on the devices.

The NoScript mobile version shares many of the same functions as the desktop one. For example, users can built an "easy blacklist," where they select untrusted sites on which JavaScript and plugins should be blocked. Another option is the "classic whitelist," where sites that are trusted are added to a list that NoScript doesn't block.

Maone wrote that NoScript does not require the browser to be restarted after updates are installed, which "means that hot fixes for new security threats can be deployed in a more effective, timely, and convenient way." Read More...

Summary: Sony says “a large amount of unauthorized sign-in attempts” at its PlayStation Network has led to the hijacking of valid sign-in IDs and passwords.

Sony has confirmed another security breach at its popular PlayStation Network and warned that about 93,000 user accounts have been compromised.

The latest breach follows a massive hack in April 2011 that led to the theft of names, addresses and possibly credit card data belonging to 77 million user accounts.

The latest hack, flagged by Sony as “a large amount of unauthorized sign-in attempts,” led to the hijacking of valid sign-in IDs and passwords.

From Sony’s statement:

Less than one tenth of one percent of our PSN, SEN and SOE consumers may have been affected. There were approximately 93,000 accounts (PSN/SEN: approximately 60,000 accounts; SOE:

approximately 33,000) where the attempts succeeded in verifying those accounts’ valid sign-in IDs and passwords, and we have temporarily locked these accounts. As a preventative measure, we will be sending email notifications to these account holders and will be requiring secure password resets or informing consumers of password reset procedures.

The company said credit card numbers associated with these accounts are not at risk as a result of these unauthorized attempts.

“Only a small fraction of these 93,000 accounts showed additional activity prior to being locked. We are continuing to investigate the extent of unauthorized activity on any of these accounts,” Sony added.

Read More...

Summary: Malicious hackers exploit vulnerabilities in phpmyadmin to gain access to WineHQ’s database. Usernames and passwords were stolen.

Add WineHQ to the list of open-source projects struggling to contain a serious security breach.

WineHQ, which manages software that’s used to run Windows applications on Linux, BSD, Solaris and Mac OS X, confirmed the breach and warned that the intruders were able to hijack usernames and passwords.

“What we know at this point that someone was able to obtain unauthorized access to the phpmyadmin utility. We do not exactly how they obtained access; it was either by compromising an admins credentials, or by exploiting an unpatched vulnerability in phpmyadmin,” according to Jeremy White of Codeweavers, a company that sells a supported version of Wine.

White said the company had “reluctantly provided access to phpmyadmin to the appdb developers” which offered a prime target for hackers.

[ 'Kill tool' released for unpatched Apache server vulnerability ]

This 'malvertisement' scam does not require any user action, making it much more dangerous

Antivirus vendor Trend Micro has recently detected a drive-by download attack on Facebook that used malicious advertisements to infect users with malware.

"We encountered an infection chain, wherein the user is led from a page within Facebook to a couple of ad sites, and then finally to a page that hosts exploits," the company's security researchers warned Tuesday. "When we traced the connection between the ad sites and Facebook, we found that the ad providers were affiliated with a certain Facebook application. We checked on the said app, and found that it is indeed, ad-supported."

[ The Web browser is your portal to the world -- as well as the conduit that lets in many security threats. InfoWorld's expert contributors show you how to secure your Web browsers in this "Web Browser Security Deep Dive" PDF guide. ]

"Malvertising" attacks are usually the result of lax background screening practices on behalf of advertising networks or ad sale teams. Attackers usually impersonate legitimate advertisers in order to get their ads approved and later swap them with malicious code.

A lot of popular websites and big ad networks have fallen victim to such attacks over the years. Facebook also dealt with this form of abuse in the past, but in those cases the ads were used to display fake security alerts that led to scareware.

However, malvertisements that bundle drive-by download exploits for vulnerabilities in popular browser plug-ins, or even the browser itself, are much more dangerous since they don't require any user interaction.

In this case, users were directed to a page that loaded Java and ActiveX exploits, but while the attacked ActiveX vulnerability was patched in 2006, the Java ones were more recent, dating from 2010.

Facebook is usually plagued by other types of attacks. Trend Micro's research identified the three most common threats on Facebook: "likejacking," where users are tricked into posting a status update for a page they didn't actually intend to give a "like" to, rogue applications, and spam campaigns.

Unfortunately, the design of Facebook's platform, where thousands of third-party app developers can work with whichever advertisers they wish, favors malvertising. There's not much Facebook can do about it, so the task of fending off such attacks ultimately falls with the users.

Statistics collected this year by security companies from live drive-by download toolkit installations show that Java exploits have the highest success rate, exceeding those of PDF or Flash exploits.

This is mainly because users do a poor job of updating the software, a lot of them not even knowing what Java is or that it's installed on their systems. In fact, since there's little Java content on the Web anymore, some security experts recommend that users should disable the plug-in from their browser if they don't remember ever using it.

Keeping all software programs up to date, especially those that are accessible from the Web, is critically important for staying secure on the Internet. So is using an antivirus program capable of scanning Web traffic and detecting exploits.

Power users can resort to more advanced methods of protection such as the NoScript Firefox extension, which thanks to its opt-in approach to third-party scripts, blocks the majority of drive-by downloads, including those executed through malvertising.

Read More...

NSS Labs’ announced today that their penetration-testing site, Exploithub, will be offering bounties to researchers for developing exploits for12 high-value vulnerabilities.

Exploithub is putting up $4,400 for working exploits against what the company describes as a “dirty dozen” of client-side vulnerabilities. And, in what may be a first in the vulnerability research field, the company is offering the authors the chance to earn residual payments for subsequent use of the vulnerabilities.

Launched in October of 2010, Exploithub is described as an "iTunes for exploits" - an easy to use market for penetration testers and IT staff to obtain high quality exploits to use against software they are evaluating.

But every iTunes needs its music, so NSS has opted to put money on the table to attract talented vulnerability researchers and prime the pump. NSS has identified 12 known vulnerabilities by their Common Vulnerabitiles and Exposures (CVE) numbers. They are: CVE-2011-1256, CVE-2011-1266, CVE-2011-1261, CVE-2011-1262, CVE-2011-1963, CVE-2011-1964, CVE-2011-0094, CVE-2011-0038, CVE-2011-0035, CVE-2010-3346, CVE-2011-2110, and CVE-2011-0628. Each exploit will be worth somewhere between $100 and $500. Ten of the eligible vulnerabilities are in Microsoft's Internet Explorer browser, with the remaining two being in Adobe Flash.

Submitted bounty candidates must be client-side remote exploits resulting in code execution, PoC and denial of service does not count, and the exploits under the bounty program cannot currently be available in the Metasploit framework community or other exploit toolkits. The first participant to submit a working exploit wins.

“Client-side exploits are the weapons of choice for modern attacks, including spear phishing and so-called APTs. Security professionals need to catch up,” said Rick Moy, NSS Labs CEO in a statement. “This program is designed to accelerate the development of testing tools, as well as help researchers do well by doing good.” Read More...

Summary: The new Google Chrome version 14.0.835.202 also contains Adobe Flash Player 11, a software update that includes several security and privacy goodies.

Google has shipped another Chrome browser update with fixes for several “high-risk” security vulnerabilities that expose Windows, Mac OS X and Linux users to malicious hacker attacks.

The new Google Chrome version 14.0.835.202 also contains Adobe Flash Player 11, a software update that includes several security and privacy goodies.

As part of its bug bounty program, Google spent about $10,000 to buy the rights to the vulnerability information from security researchers.

Details on the vulnerabilities:

[$1000] High CVE-2011-2876: Use-after-free in text line box handling. Credit to miaubiz.
[$1000] High CVE-2011-2877: Stale font in SVG text handling. Credit to miaubiz.
[$2000] High CVE-2011-2878: Inappropriate cross-origin access to the window prototype. Credit to Sergey Glazunov.
[96150] High CVE-2011-2879: Lifetime and threading issues in audio node handling. Credit to Google Chrome Security Team (Inferno).
[$4500] High CVE-2011-2880: Use-after-free in the v8 bindings. Credit to Sergey Glazunov.
[$1500] High CVE-2011-2881: Memory corruption with v8 hidden objects. Credit to Sergey Glazunov.
[98089] Critical CVE-2011-3873: Memory corruption in shader translator. Credit to Zhenyao Mo of the Chromium development community.

This latest Chrome patch is being delivered via the browser’s silent update mechanism.

Read More...

17.29

McAfee ScriptScan could cause stability or security problems and is responsible for browser crashes, according to Mozilla

It's the last thing McAfee would want users to hear about one of its products, but the Firefox browser is advising users to disable McAfee's ScriptScan software, saying that it could cause "stability or security problems."

SriptScan ships with McAfee's VirusScan antivirus program. It's designed to keep Web surfers safe by scanning for any malicious scripting code that might be running in the browser. But according to Mozilla it has an unintended side-effect: It can cause Firefox to crash... a lot.

[ Get your websites up to speed with HTML5 today using the techniques in InfoWorld's HTML5 Deep Dive PDF how-to report. | Learn how to secure your Web browsers in InfoWorld's "Web Browser Security Deep Dive" PDF guide. ]

In a note posted to its website, Mozilla said that the add-on "causes a high volume of crashes," and is "strongly encouraging" users to disable the software. The warning applies to all users of version 14.4.0 and below of the plugin, Mozilla said.

The Firefox browser started popping up warning messages Monday, advising that users disable the software
In McAfee user forums, there is a smattering of complaints about the Firefox problem.

The problem affects Firefox 7 users, according to Francie Coulter, a McAfee spokeswoman. "McAfee has identified the cause and is working actively with the Firefox team to resolve this issue and expects to roll out an update shortly," she said in an email message.

Read More...

When Microsoft unveiled the Developer Preview of Windows 8 two weeks ago one of the items to get the most attention was it's included unmanaged anti-virus solution.

I was interested in what capabilities it might have and how it would present itself to users who stumble across something malicious.

Naturally I installed it on a virtual machine and to a spare disk on a full workstation in my lab. What to test first?
If there is one thing guaranteed to be safe and still be an effective test it would be EICAR.

According to the EICAR website the EICAR test file allows someone to safely trigger a "virus incident in order to test their corporate procedures, or of showing others in the organisation what they would see if they were hit by a virus."
That's perfect. I need a detection, but I prefer not to handle live malware. Safely testing live malware samples is scary dangerous.

There are some very thorough testing organizations that can evaluate protection much more effectively than most home grown testing operations.
That is why we always use EICAR, as every (or so I thought!) anti-virus and security product will detect EICAR to allow for safe testing.

I first tried to download the EICAR test file from eicar.org using Internet Explorer 10. IE informed me that this was a malicious download and would not allow me to save it. Pass!
I then opened notepad and pasted in the 68 magical bytes, chose Save As and named it EICAR.COM. It showed up in my explorer window with no complaints.

I then tried to click the file and it vanished!? No warning, no messages logged in Event Viewer (that I could find). Fail! EICAR should always cause an alert...
So I tried another test and inserted a USB memory stick with EICAR.COM preloaded onto it. When I tried to copy the file from the USB stick to the Documents folder it did so without complaint.

If I tried to run EICAR.COM it gives an error, which is expected as EICAR is a DOS program and cannot execute on Windows 8, but I *should* get a virus warning, shouldn't I?

Windows 8 accessing EICAR without detection

Windows 8 accessing EICAR without detection

I was very confused and began to wonder whether Windows 8 really had anti-virus at this point.

I took one of my virtual machines into our lab to test it against a few samples to see what would happen.

All of the samples were between six and twelve months old, so nothing bleeding edge here. I tested Mac, Linux and Windows malware to see if it had cross-platform capabilities as well.

Windows 8 anti-virus detection

The result? It captured about 50% of the malware samples I threw at it. Clearly there is a lot of work to be done with regard to detection.

It did successfully pick up quite a few fake anti-virus samples for Mac and Windows, as well as some copies of Linux/RST-B.

It also recorded some events under the Windows Defender category in Event Viewer for the detections it alerted me to.

Windows Defender event log on Windows 8

This is an early preview and I am sure many improvements are planned. It's good to see Microsoft is detecting malicious software for the three major platforms.
Microsoft does need to fix the detection of EICAR. The way things work currently will only encourage people to take unnecessary risks with real malware samples for testing.

If you are testing Windows 8 on a live network, I would recommend you install a third-party anti-virus program as well. While Windows Defender caught some samples, it isn't ready for prime time yet.

Have an opinion on Windows 8? Why not answer our poll to see where you fit in with other Naked Security readers?

Read More...

One of the most effective techniques anti-spam products have to block spam messages from reaching your inbox is reputation filtering.

Yes, to a degree, anti-spam solutions may still look for v1@gr@ and Mrs. Gaddafi offering you $40 million, but the biggest bang for your buck comes from reputation.
What do you do if you are a spammer? Figure out a way to get a legitimate mail provider to deliver your messages for you...
Picasa Web Albums spam

Here is an example. You can see I have received six emails, all from "Picasa Web Albums" offering me some very spammy subjects. How do they do this? They are simply creating bogus accounts on Google Picasa, uploading a photo of their product, then "sharing" this photo with a personalized spammy message.

Even worse is the abuse of Yahoo! Groups. It has been standard practice for many years that mailing lists require you to confirm you want to subscribe.
Yahoo! Groups seems to have a mechanism built for the convenience of spammers, the ability to add anyone to a group without their permission. Here is an example invitation from a spammer:

Yahoo! Groups spam invitation

Upon receiving something like this you might think you could safely ignore it and not be subscribed. Instead when you read the fine print it explains you are already subscribed to this group and you have to opt-out to not receive messages.
Every time the spammer wants to reach you he can now depend on Yahoo! to send his message, digitally sign it with DKIM, have valid SPF records and successfully evade reputation-based spam filters.

Yahoo! Groups spam messages

I'm not sure what Yahoo! or Google were thinking when they created systems that allow people to arbitrarily use their email systems to spam people, without any confirmation that the recipient is interested in communicating with the sender.
You can opt-out of receiving these messages, but you shouldn't have to. To test this I clicked the link Yahoo! says will allow me to prevent future spams. I clicked it and got to a page that read:

"Sorry, that link has expired. We do this to prevent abuse."

Huh? I am the victim and you are preventing me from opting out of your ill thought policy? I tried again on a newer spam and was successful in opting out.

Yahoo! Groups opt-out page

Oddly they make me confirm my decision not to let them spam me, very strange workflow here. I expect that Google and Yahoo! should seek our permission before allowing third parties to abuse their systems for sending spam.

Read More...

The recent rise of mobile computing has further signaled the need for users to have a good reliable mobile browsers, such as Opera Mini, installed into their smartphones or any mobile device. We believe that is for this reason that cybercriminals are currently using Opera Mobile as a disguise for mobile malware.

We encountered a website that seems to have been designed to be viewed on a mobile device. The site, which is in Russian, appears to look like the Opera site. It immediately informs visitors that they need to upgrade their version of Opera Mini. Below are screenshots of OperaMini.jar when installed in a mobile phone.
Below is a screenshot of the said site:

All of the links in website lead to the download of the malicious file OperaMini.jar, which is now detected as J2ME_FAKEBROWS.A.

When executed into the device, it checks if the mobile phone uses certain service centers and then proceeds to sending text messages to premium numbers. It affects the mobile devices that support MIDlets — a Java program for embedded devices, specifically the Java 2 Micro Edition (J2ME).

We’ve blocked access to the malicious site, and we are currently monitoring for any more malicious activity that J2ME_FAKEBROWS.A may exhibit.

Users may refer to our Threat Encyclopedia page on mobile malware for tips on how to keep their mobile device protected.

Also, users should check the Opera’s official website, http://opera.com or http://operamini.com if they want to install the said browser into their device. Read More...

IBM's X-Force security research team says mobile application markets are a haven for malware, and expects double the mobile exploits this year

Look for double the mobile exploits this year vs. 2010 and particularly watch out for mobile applications that are really malware, says IBM's X-Force security research team.

Those are two warnings from the "X-Force 2011 Mid-Year Trend and Risk Report," which says that mobile application markets are a haven for malware.

[ Stay ahead of advances in mobile technology with InfoWorld's Mobile Edge blog and Mobilize newsletter. ]

Exploits of mobile operating systems will go from 18 in 2009 to about 35 by the end of 2011, the report says, as the number of vulnerabilities will go from about 65 to more than 180 over the same period.

MOBILE THREAT
"The first half of 2011 saw an increased level of malware activity targeting the latest generation of smart devices, as attackers are finally warming to the opportunities these devices represent," the new report says.

The report uses Android devices as an example, and notes that since the operating system is open, many developers write applications to it. Some of these apps are malicious, so users should be careful which ones they choose and where they get them from. "One of the most popular and effective ways to distribute Android malware is through application markets. Besides Google's own official market, there are many unofficial third-party markets," the report says.

Another problem with mobile devices, particularly phones, is that users are at the mercy of their phone manufacturer to patch known operating system vulnerabilities. Known vulnerabilities may go unpatched, not because patches don't exist, but because they aren't provided by individual phone makers. "Many mobile phone vendors don't push out security updates for their devices," the report says.

Network defenders face a growing threat from weaknesses in software. These weaknesses are assessed via Common Vulnerability Scoring System (CVSS), with those scoring 10 out of 10 deemed critical. The percentage of critical vulnerabilities has jumped in the first halfof 2011 vs all of 2010 from 1 percent to 3 percent.

That's still a small percentage, but it is triple last year. And the actual number of critical vulnerabilities so far this year is already larger than last, the report says. "Almost every one of these critical vulnerabilities is a serious remote code execution issue impacting an important enterprise class software product," the according to the report.

Vulnerabilities are getting more concentrated among fewer vendors, the study finds. In 2009, the 10 software companies with the most reported vulnerabilities accounted for a quarter of all the vulnerabilities reported. This year so far, that number has jumped to a third (34 percent). IBM X-Force didn't name the top 10. "The bottom line is that enterprise IT staff are spending just as much, if not more time installing patches this year as they have in the past," the report says.The report does point out some bright spots:

* Web application vulnerabilities dropped from 49 percent of all disclosures to 37 percent, the first decline in five years.* Vulnerabilities ranked high and critical are at a four-year low.* Spam and traditional phishing are declining. Read More...

Some in IT keep looking for another reason to say no to the world of consumerized IT; mobile DLP is their latest attempt to regain control

In 2010, scaredy-cat IT and security folks wrung their hands over users bringing in their own smartphones and tablets. In early 2011, they wrung their hands over how to control the applications on those devices. Now they're wringing their hands over data leakage from those devices, prompting security vendors to offer mobile DLP (data loss prevention) tools. Zenprise is the first, but you can bet more will follow. (Have you heard of any iPad- or iPhone-related data breaches? I didn't think so.)

I have to give these folks credit: They're persistent in finding ways to say no to modern technology and the realities of today's "consumerized IT," or at least to look for new ways to bind it up in hopes maybe it'll strangle to death. (Good luck with that.) Of course, it's the iPad that seems to stoke these folks' fears the most -- ironically, because it can connect to business systems and actually work with much business data, so people want and use it.

[ Apple has much to learn about securing Mac OS X -- and Microsoft could teach it how. Luckily, iOS security is much, much better. | Compare the security and management capabilities of iOS, Android, WebOS, Windows Phone 7, and more in InfoWorld's Mobile Management Deep Dive PDF report. ]

Let's be clear: There is data to protect, and I don't believe "anything goes" is the the right policy. And there is some technology worth considering to do so, as I describe later. But I see another agenda behind much of these claims over security concerns. I notice, for example, that companies citing fears over sensitive data emailed to an iPad or of users having unapproved apps on an Android tablet don't have the same concern over data emailed to computers or over the fact that they happily let employees work after hours from home computers full of personal apps. There's a double standard that reeks of a hidden agenda to block the shift to employee-driven technology or to assert new levels of self-justified control in a perverse land grab for relevance or job security.

A good test of whether a security policy is legitimate is if it is applied equally to all endpoints. These days, many endpoints are in use, and we will not go back to the day of employees all working at a corporate office on corporate PCs unconnected to the Internet and locked out from the rest of the world. It's 2011, not 1981. A second good test is whether its cost (in money, lost flexibility, lost opportunity, and time) is worth whatever is being secured.

The fact is, the iPad and all the other mobile devices that have enjoyed so much uptake by individuals and enlightened businesses bring tremendous benefit. More work can be done in more places, improving customer satisfaction and the company's bottom line. Employees can use the tools and devices that fit their personal style, reflecting and honoring what they bring to the table -- they are not robots, after all. And they can use a mix of personal and business tools, which helps the business because now they work more and across additional hours of the day. Additionally, this compensates the employee by letting them reclaim some of that time for their personal lives.

Proposing one problem, but addressing another

Back to this third wave of fear over data on iPads: This week, Zenprise announced an iPad app and related server software that lets iPad users access SharePoint files on their tablets, with the permissions and restrictions honored on the iPad. That's great -- Microsoft's approach to SharePoint has been to restrict it to Windows PCs and Windows Phone 7 smartphones, which only encourages employees to copy the files to cloud storage, email them, and otherwise work outside of SharePoint when they're using an iPad, Android tablet, Mac, or a home PC. This tool addresses some of the security risk created by Microsoft's lock-in strategy for SharePoint. (Zenprise plans a version for Android next year. It started with iPads because they are so widely used in business.)

But Zenprise's pitch didn't start so constructively. It first took the fearmongering route, using an example of the increasingly common practice of boards of directors using iPads to work with the sensitive documents in board meetings rather than going with paper copies. In this regard, corporate boards aren't alone: I learned during a work trip earlier this year that several counties in Florida now give their boards of supervisors iPads to review legislative and regulatory proposals, as they are easier to set up and use than computers.

The Zenprise pitch was that a DLP tool would keep such sensitive documents secure -- except it wouldn't. If the data were emailed, as I was informed, once the data left the organization to its legitimate, DLP-approved recipients, those files could be abused as desired on an iPad, a computer, or any other device with email access. Plus, in Zenprise's case, its DLP is limited to files accessed directly from SharePoint, so it wouldn't address an emailed document. For any documents accessed directly from SharePoint that the user had permission to edit locally, that local copy is not managed by SharePoint or the Zenprise app (it's now in another app, for editing), so it's now free for abuse. The tool does not address the example problem.

The other scary scenario in the pitch was the notion that IT set the data security policies. That's a mistake. Document access policies are a legal and business decision, not one that IT should make. IT should provide the tools to implement the policies and to monitor their compliance, but if IT has to decide what to protect -- or even if someone has to go to IT to protect a document, rather than do it directly -- something is seriously wrong with your technology management.

I don't mean to pick on Zenprise. The folks there try to balance the demands of their customers (for a security vendor, that means the most paranoid ones) with the realities of the users who ultimately deploy their customers' tools. But when a nuanced vendor like Zenprise goes down the fearmongering path, you can only imagine what the more old-school firms will say when they decide to join in.

A better approach to securing corporate data on the iPad

What's changed in business in the last decade (it started with working at home, not with iPads) is that information has to flow to be useful, because different people who may not even be in your organization need to create, refine, and act on it. That means it goes through multiple endpoints and a variety of tools. The old-fashioned approach was to standardize everything on a common platform and toolset, with the common security layer across it all -- the classic model for IT control. But that doesn't work when the world is heterogeneous and by definition not standardized. That's what it is today in most places, and traditional IT control doesn't fit that new world.

Within a SharePoint context, letting iPad users participate within the same rules as Windows users is a good thing. But at the end of the day, it's a partial solution attacking the wrong problem. And let's be honest, Zenprise is not offering a DLP tool but a mobile SharePoint client. That's a good thing for many companies in the here and now that use SharePoint, but it only works in the SharePoint context. If anything, the "consumerization of IT" phenomenon should teach IT that point solutions are insufficient in a heterogeneous context.

So, if you were to use the Zenprise SharePoint client, you couldn't stop there. You might also want to deploy a remote access tool that has the iPad user work with the data virtually so that sensitive information never leaves the managed server -- not just SharePoint servers -- in the first place. That approach of course requires expensive, management-heavy, and bandwidth-intensive desktop virtualization.

Of course, there's a simpler twist on that approach: Using services like Accellion and Box.net that let you set up access-managed shared folders, where documents are restricted to a managed workspace on the mobile device. The problem with these services is that they restrict the users to basic reading and commenting; an employee who wants to work on a proposal or presentation is either prevented from doing so or moves the files to another app, breaking the management control over that file. But that could change: both companies, as well as GoodReader and six others are looking to implement MobileIron's content management API in their apps; not yet in beta, this technology would let IT set policies for content via an MDM tool that the apps would enforce.

A better approach for many companies than all of these would be to extend traditional DLP to mobile devices. DLP works by funneling data traffic to a server that analyzes the content and applies its rules to it (usually just flagging suspect transmissions, but sometimes acting on them, such as to block the transmission).

That way, you're handling all apps and communications, regardless of the
endpoint device, through a universal filter at the data center, where this effort should happen anyhow. In fact, the endpoint device isn't involved, so you don't need to worry about if an app or OS gives you the visibility you need; all you need to do at the endpoint is ensure that its communication is routed through the DLP server. I suspect we'll see DLP tools get extended just that way to handle the new generation of mobile devices -- I sure hope so.

But over the longer term, DLP itself suffers from being an island. It can handle data sent over communications channels, but there are other means to get data from devices, such as local file copying. Ultimately, what we need is digital rights management that works across apps and platforms -- a universal standard that carries the DLP rules with the data itself. Until it exists (if it ever does, considering how proprietary the tech industry has become again, though MobileIron's effort could be a jumpstart), IT is stuck with old approaches that don't fit the new world in which IT still has to provide security.

No easy answers for legitimate IT security needs

Even IT and security leaders who aren't looking to enrich security vendors by asking for more tools that won't really work have a problem: How to secure all the data (and just the data) that needs to be protected while supporting the shift to employee-provided technology and its accompanying flexibility. However, there's no good answer -- yet.

Flexibility and control are a hard combination to get. But users will accept that goal and work with you on it. Remember, not all problems are solved with technology; people are good tools, too. You can start by not trying to recapture mainframe-era IT control, but instead figuring out what data really needs to be protected. From there, you can manage, monitor, and log access to the data so that it's available to those you trust. If it leaks, you might also know who's broken that trust.

If you try to use security to block the flexibility that consumerized IT is really all about, you'll drive your users underground (which increases your security risk), waste lots of money on tools that don't work as you want, and get in the way of your business's ability to work well, setting a path to failure and, ultimately, oblivion. Read More...

[+] Wayc0de's Blog[+]

-=WELCOME IN MY BLOG=-

[+] Wayc0de's Blog[+]

23/09/12

65 Open Source Replacements for Security Software

18/10/11

NoScript security tool released for Android, Maemo

13/10/11

Sony PlayStation Network hacked again; 93,000 accounts compromised

WineHQ database hacked, passwords stolen

[ 'Kill tool' released for unpatched Apache server vulnerability ]

Patch Internet Explorer Now

12/10/11

Apple slaps another security band-aid on iTunes

Microsoft Patches 22 Security Holes, 12 Highly Exploitable, in October

06/10/11

Drive-by download attack on Facebook used malicious ads

This 'malvertisement' scam does not require any user action, making it much more dangerous

ExploitHub Offering Bounties - And Residuals - for Exploits

05/10/11

Google shells out $10,000 to fix 10 high-risk Chrome browser flaws

Mozilla advises Firefox users to disable McAfee plugin

McAfee ScriptScan could cause stability or security problems and is responsible for browser crashes, according to Mozilla

02/10/11

Windows 8 anti-virus has a long way to go

Google's Picasa and Yahoo! Groups used to spread spam

Mobile Malware Found Disguised as Opera Mini

Mobile devices are fast-growing target of malware

IBM's X-Force security research team says mobile application markets are a haven for malware, and expects double the mobile exploits this year

The next frontier in fearing the iPad

Some in IT keep looking for another reason to say no to the world of consumerized IT; mobile DLP is their latest attempt to regain control

Frekuensi

My Forums

About Me

My YM

My Partner