12/21/2005

iTunes and QuickTime flaw detailed

Filed under: — Aviran Mordo

Don’t open media files from sources you don’t trust–it may lead to your computer being hacked, a security researcher has warned.

Tom Ferris, an independent security researcher, has provided more details on a security flaw in Apple Computer’s popular iTunes and QuickTime software that could put systems running Windows and Mac OS X at risk of attack. He first disclosed the flaw in early December.

An attacker could commandeer a vulnerable computer by tricking a user into opening a malicious “.mov” media file, the Mission Viejo, Calif.-based bug hunter said in an advisory posted on his Security-Protocols.com Web site late Tuesday.

“The vulnerability allows an attacker to cause the program to crash and could allow the execution of arbitrary code,” Ferris said. “The flaw exists in all current and earlier versions of iTunes and QuickTime.”

Security-monitoring company Secunia rates the issue “moderately critical”, while the French Security Incident Response Team, a research outfit, tags it “critical.”

Source: News.com

Texas expands lawsuit against Sony BMG

Filed under: — Aviran Mordo

Texas Attorney General Greg Abbott expanded his lawsuit against Sony BMG Music Entertainment on Wednesday, alleging that a second form of anti-piracy technology used by the label violates the state’s spyware and deceptive trade practices laws.

Abbott sued Sony BMG in November, saying the world’s second-largest music label surreptitiously included spyware on millions of CDs through technology known as XCP. That technology, included on 52 Sony BMG titles, could leave computers vulnerable to hackers, he said.

The new allegations involve an unrelated CD copy-protection technology known as MediaMax, which was loaded on 27 Sony BMG titles, including Alicia Keys’ “Unplugged” and Cassidy’s “I’m a Hustla.”

“We keep discovering additional methods Sony used to deceive Texas consumers who thought they were simply buying music,” Abbott said in a statement.

BMG officials said in a statement that they are working with Abbott’s office and believe they can prove they have responded appropriately to his concerns.

Abbott said MediaMax violates Texas law because some versions secretly install files when the CD is inserted into a computer, before the consumer has a chance to accept or decline a license agreement. The files can lead to the security breach.

Source: AP

Cracking Passwords Not A “Circumvention” Under DMCA

Filed under: — Aviran Mordo

The recent case of Egilman v. Keller & Heckman LLP addressed a close question arising under a provision of the Digital Millennium Copyright Act (”DMCA”) found at 17 U.S.C. § 1201. The issue was whether accessing a computer system through the unauthorized use of a valid username and password constitutes an unlawful circumvention of a technological measure. The court held that such conduct is not “circumvention,” and thus not a violation of the DMCA.

Plaintiff Egilman maintained a website that was only available to visitors who entered a correct username and password. He had employed such measures so that only certain people (e.g., his students) would have access. Egilman alleged that, without authorization, the defendants obtained the correct username and password combination, and subsequently gained “improper and illegal” access to the site. He filed suit in federal court asserting, among other things, that the use of the unauthorized username and password was an illegal circumvention of a technological measure, in violation of 17 U.S.C. § 1201.

One defendant moved to dismiss for failure to state a claim, and the others moved for judgment on the pleadings. The court granted the motions.

An essential fact that drove the court’s holding was that the username and password which the defendants allegedly used were the actual username and password which the plaintiff had chosen to protect his website from unauthorized access. For this reason, the defendants were alleged to have merely “used” the technological measure put in place by the plaintiff, and not to have “circumvented” the measure.

Source: internetcases.com

Apple Is The Fastest Growing Site On The Internet

Filed under: — Aviran Mordo

Apple is the fastest growing site on the internet, with traffic up 57 per cent since last November, thanks to the popularity of its iTunes music service.

According to the latest figures from Nielsen/NetRatings, Google and Amazon also saw significant year-over-year increases, growing 29 percent and 16 percent respectively.
Click Here

MapQuest - which provides free maps, driving directions and traffic reports - had the fourth biggest growth, followed by online media site Real Networks and online auction site eBay. Yahoo, Microsoft, AOL and MSN rounded out the top ten.

Source: The Register

Teen Pleads Guilty After Blog Confession

Filed under: — Aviran Mordo

An 18-year-old passenger who caused a fatal crash by pulling on the steering wheel pleaded guilty to DUI manslaughter after prosecutors discovered a confession on his online blog.

Blake Ranking wrote “I did it” on his blurty.com journal three days after the October 2004 crash that caused a friend’s death and left another seriously injured. He had previously told investigators he remembered nothing of the crash and little of its aftermath.

Blake was sitting in the back seat as he and then-17-year-old friends Jason Coker and Nicole Robinette left a party when he pulled the steering wheel as a prank, causing the car to somersault off the road.

His blood alcohol content after the crash measured 0.185, more than double the legal limit.

Robinette, who was driving and had no traces of drugs or alcohol in her system, was seriously injured. Coker lay in a coma at Orlando Regional Medical Center until he died Jan. 11.

“It was me who caused it. I turned the wheel. I turned the wheel that sent us off the road, into the concrete drain …” Ranking wrote in the blog. “How can I be fine when everyone else is so messed up?”

Ranking later retracted his words, deleting them from the blog and penning an explanation.

Still, the confession forced him to lead guilty Monday to manslaughter charges. He could have gotten 15 years in prison, but defense lawyer John Spivey and Assistant State Attorney Julie Greenberg recommended five years in prison, 10 years of probation and a permanent license suspension.

Source: AP

Cross Site Scripting Discovered in Google

Filed under: — Aviran Mordo

Yair Amit posted a message early this morning to The Web Security Mailing List outlining a Cross Site Scripting flaw in Google that allows an attacker to carry out Phishing Attacks.

Update
Google has fixed the security flaw that had opened the door to phishing scams, account hijacks and other attacks, security researchers said Wednesday.

Source: Slashdot

Rootkit Install Bittorrent Without You Knowing

Filed under: — Aviran Mordo

The first Rootkit in Instant Messaging land was discovered, and upon more investigation, was traced back to a group operating out of the Middle-East, using the Rootkits to power their Globe-spanning Botnet. Information was passed to the FBI and other Federal Authorities, and the group behind this attack were monitored.

As the investigations into the Middle-East based rootkit group continued, we discovered that they were auto-installing what appeared to be a “tampered with” version of BitTorrent onto infected end-user’s PCs. MD5 signatures did not match up to valid versions of BitTorrent, though as BitTorrent is open source and there are numerous clients out there, it is impossible to say if every version has been looked at.

What we do know, is that on a number of infected machines, they downloaded .AVI files of movies onto the compromised boxes. The slightly odd collection of films were various Disney cartoons and the Mr Bean movie. No more films were installed onto PCs after this - however the technique (and, we must assume) the tampered-with versions of BitTorrent are still at large.

We have not seen this kind of attack initiated before - and for now, you would need to have been infected with the lockx.exe rootkit for the group to channel these movie files (and install the BitTorrent client) onto the PC. Nonetheless, it is clear that this tactic could be employed for far more devious means, and (no doubt) more and more hacking groups will try to manipulate this technology for their own ends in 2006. The potential for trouble with groups such as the RIAA where (what they will see as) pirated material is stored on the compromised PC is clear - will they be interested in whether or not the individual had been hacked at the outset?

Source: spywareguide

Highly Critical Vulnerability In McAfee SecurityCenter

Filed under: — Aviran Mordo

Peter Vreugdenhil has reported a vulnerability in McAfee SecurityCenter, which potentially can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error in restricting the browser domain in which the “mcinsctl.dll” ActiveX control can be instantiated. The control contains the “MCINSTALL.McLog” object that can be used to write to a log file. This can be exploited to create or append to arbitrary files, potentially allowing arbitrary code execution by creating files in the user’s startup folder.

Successful exploitation requires that the user is e.g. tricked into visiting a malicious website.

The vulnerability has been reported in “mcinsctl.dll” version 4.0.0.83 that is included with McAfee VirusScan. Other products that contain the vulnerability ActiveX control may also be affected.

Security website Secunia rates this vulnerability as Highly critical and been reportedly fixed via automatic update.

Seagate to buy storage rival Maxtor

Filed under: — Aviran Mordo

Seagate Technology, the digital storage giant, reached a deal Tuesday to acquire a rival, Maxtor, for $1.9 billion in stock, according to executives involved in the transaction.

The deal, which was approved by the boards of both companies, is expected to be announced as early as Wednesday, the executives said.

Seagate’s acquisition comes as the market for digital storage is booming. Corporations and individuals are saving vast numbers of files that are ever increasing in size, especially with the rising number of audio and video files.

Source: News.com

U.S. Patent Office Sides with RIM

Filed under: — Aviran Mordo

The U.S. Patent and Trademark Office has indicated that it will formally and finally reject the patents at the heart of a lawsuit in which NTP Inc. is suing BlackBerry maker Research in Motion Ltd. for patent infringement.

But while such a ruling would be good news for RIM and its customers, industry experts say that it will likely take several months before such a ruling would be final.

The USPTO last week rejected two of five patents at the center of the legal battle that threatens to shutter the BlackBerry e-mail service in the United States.

While the rulings were “non-final actions,” meaning NTP can appeal them, the office made a point of indicating that it aims to reject them eventually.

Source: eWeek

AOL And Google To Making Their IM Interoperable.

Filed under: — Aviran Mordo

A significant instant messaging project between Google Inc. and America Online is now underway.

Google and AOL plan to let their respective instant messaging features communicate. This way, someone using Google Talk could chat with an AIM user, and vice versa.

The integration pact was announced Tuesday as part of a larger deal.

As previously reported, Google now owns a 5 percent stake of AOL, and has also extended an important advertising relationship with AOL for another five years.

The new IM partnership takes on significance because of who AOL did not partner with, namely Yahoo Inc. or Microsoft’s MSN, the two other top IM makers.

The apparent underlying message is that the three sides still don’t yet see eye-to-eye on the complex business and technological arrangements necessary for integration.

Source: eWeek

Santa IM worm hits AOL, MSN and Yahoo

Filed under: — Aviran Mordo

A Santa Claus worm is attempting to trick America Online, Microsoft MSN and Yahoo instant-messaging users into clicking on a file that delivers unwanted software to a victim’s computer.

The IM.GiftCom.All worm attempts to dupe IM users into thinking an acquaintance has sent them a link to a harmless Santa Claus file, according to a security advisory issued Tuesday by IMlogic.

People who click on the file will see an image of Santa, but what they are less likely to notice is a so-called rootkit being installed onto their system. A rootkit is a tool designed to go undetected by the security software used to lock down control of a computer after an initial hack. The malicious attacker can then distribute messages to the user’s IM contacts, using a similar technique to lure the unsuspecting acquaintance to click on the link.

Source: News.com

Powered by WordPress