12/11/2007

Trojans Get Agile with Web 2.0 Tricks

Filed under: — Aviran Mordo

Security researchers have spotted Trojans that are using RSS feeds to communicate instead of their traditional method of “phoning home” to get marching orders from command-and-control centers that security researchers have learned to track down and blacklist.

Yuval Ben-Itzhak, chief technology officer for Finjan, told eWEEK that the security firm recently detected three separate Trojans using blogs of limited popularity to receive orders from botnet herders or to feed stolen information back to identity thieves.

The lure of using legitimate sites such as blogs or social networking sites is that attackers can hide behind the legitimacy of Web 2.0 brands such as Google or Yahoo, Ben-Itzhak said.

“[An attacker] can use legitimate sites, sites no one will block, as a shield, so no one will identify where his [command-and-control] servers are and where he’s located, and [the attacker] can use [Web 2.0 sites] as an intermediator between Trojans and the IP address where he’s collecting data,” he said.

This new type of Trojan—Trojan 2.0, as Finjan is calling it—is in an embryonic stage now, as Finjan has only spotted it in use at blogs of limited visibility. (Ben-Itzhak declined to name the blogs where the new Trojans are operating, lest Finjan give the false impression that blogs or social networking sites are somehow to blame.)

But even though Trojan 2.0 is just beginning to sprout up, Finjan is predicting that it’s poised to be the standard Trojan blueprint for 2008, given the scalability, redundancy and brand-name camouflage free Web-based services provide.

Apple ups iPhone purchase limit to five

Filed under: — Aviran Mordo

After putting a two-unit limit on purchases of the iPhone back in October, the company has quietly raised the limit back to five.

iPhone Atlas spotted the move on Friday, and Wired also confirmed on Monday that Apple is still not taking cash for the iPhone. At the time the limit was announced, Apple said it wanted to ensure there would be enough supply in hand for the holiday shopping season, which is well under way.

So, either they’ve ramped up production, which would make sense following the European launches, or demand has waned. I don’t see anything that indicates that interest in the iPhone has fallen off, especially at the $399 price, but we’ll know for sure in January following either Macworld or Apple’s earning announcement.

Boeing announces ‘Laser Gunship’ completion

Filed under: — Aviran Mordo

Airliners’n'deathware behemoth Boeing announced yesterday that it had fitted a high-energy laser cannon aboard a C-130 Hercules military cargo plane, creating a “Laser Gunship”. The company expects to commence blasting “mission representative” test targets next year, firing deadly energy bolts from a “rotating turret that extends through the aircraft’s belly”.
Another blow struck for democracy

This flying-raygun project is called the Advanced Tactical Laser (ATL), as distinct from Boeing’s other aerial beam cannon effort - the jumbo-jet mounted Airborne Laser (ABL). The 747 laser is intended to fry enemy nuclear missiles lifting from their silos, and needs immense range and power - hence the requirement for a massive carrying aircraft.

The ATL Hercules blaster-weapon is seen more as a raygun for every day, zapping things or people during more routine battles as opposed to saving the USA from atomic destruction. This should let it operate closer to its targets, reducing the weight of the system and thus the size of aeroplane required to carry it.

“The installation of the high-energy laser shows that the ATL program continues to make tremendous progress toward… a speed-of-light, precision engagement capability that will dramatically reduce collateral damage,” said Boeing exec Scott Fancher.

“Next year, we will fire the laser at ground targets, demonstrating the military utility of this transformational directed energy weapon.”

Media player users beware: more vulns ahead

Filed under: — Aviran Mordo

Security researchers are warning that popular media players offered by Microsoft and AOL are vulnerable to attacks that can completely compromise a user’s PC.

Attack code has already been released for the bug, which has been confirmed in a codec used by older versions of Windows Media Player, made by Microsoft, and in AOL’s Winamp. A Symantec researcher has warned that users of other players may also be at risk because the vulnerability itself resides in a commonly used MP4 codec produced by a company called 3ivx Technologies.

“The exploit works by supplying victims with a maliciously formed MP4 file,” Raymond Ball wrote for Symantec’s DeepSight Threat Management System. “When a victim unknowingly clicks a link that appears safe, the MP4 content is delivered, causing the exploit to run.”

Media player users beware: more vulns ahead

Filed under: — Aviran Mordo

Security researchers are warning that popular media players offered by Microsoft and AOL are vulnerable to attacks that can completely compromise a user’s PC.

Attack code has already been released for the bug, which has been confirmed in a codec used by older versions of Windows Media Player, made by Microsoft, and in AOL’s Winamp. A Symantec researcher has warned that users of other players may also be at risk because the vulnerability itself resides in a commonly used MP4 codec produced by a company called 3ivx Technologies.

“The exploit works by supplying victims with a maliciously formed MP4 file,” Raymond Ball wrote for Symantec’s DeepSight Threat Management System. “When a victim unknowingly clicks a link that appears safe, the MP4 content is delivered, causing the exploit to run.”

Vudu to Offer HD Movies Online

Filed under: — Aviran Mordo

In a major shift in movie distribution, a high-definition version of the hit “The Bourne Ultimatum” will be released through Vudu Inc.’s online service Tuesday - the same day the DVD comes out.

It is the first of many HD movies Vudu plans to deliver online at the same time DVDs become available.

Owners of Vudu’s set-top box, which costs $399, use a high-speed Internet connection to watch the movies they rent and to download the ones they buy.

Movies usually are released in staggered windows in different formats - DVD, online through Xbox Live and other companies, or on demand on cable.

But Hollywood studios are experimenting more with digital distribution, and a few have agreed to work with Vudu to sell HD movies, though the selection remains limited.

Some in the industry worry that competition between the two high-definition formats - Blu-ray and HD DVD - is holding back production in high definition as consumers debate which format to use. For consumers who download movies with Vudu, that choice is not an issue, however.

Ask.com to Unveil New Privacy Control

Filed under: — Aviran Mordo

Hoping to establish itself as the Internet’s least intrusive search engine, Ask.com is empowering people to prevent their search requests from being deposited in data banks.

The new privacy control, called “AskEraser,” is scheduled to be unveiled Tuesday. When it’s turned on, the safeguard purges a user’s search requests from Ask.com’s computers within a few hours.

Industry leader Google Inc. stores personal information for 18 months, as does Microsoft Corp.’s search engine. Yahoo Inc. and Time Warner Inc.’s AOL retain search requests for 13 months.

The feature follows through on a pledge that Oakland-based Ask.com made five months ago as it tried to seize the high ground in an escalating debate about how long search engines and other Web sites should hold on to personal information about their users.

Powered by WordPress