Friday, May 28, 2010
Monday, May 24, 2010
Rogue Facebook apps launch 'beach babes' attack
Another attack using rogue Facebook applications hit users' PCs Saturday in a virtual repeat of last weekend's massive assault, security researchers said.
Like the earlier attack, today's scam uses a sex-oriented video as bait, said Patrik Runald, a Australian researcher who works for Websense Security.
The scam is spread through Facebook messages touting "Distracting Beach Babes" videos that include a link to the malicious applications, Runald wrote on his company's blog early Saturday. Users who click on the link are asked to allow the application to access their profiles, and let it send messages to friends and post it on their walls. Once approved, the application instructs users to download an updated version of FLV Player, a popular free Windows media player, to view the video.
This new attack is almost identical to the one that generated several hundred thousand malicious software reports to antivirus vendor AVG Technologies a week ago.
On Saturday, Graham Cluley, a senior technology consultant at U.K.-based security firm Sophos, put the number of attacked Facebook users in "the thousands."
Neither Runald or Cluley could confirm the nature of the malware that masquerades as FLV Player, but both suspected that because of the similarity to last week's attack, it was most likely the result of the notorious Hotbar adware , a toolbar that inserts itself into Internet Explorer and displays pop-up ads and links.
"I'm beginning to wonder if the cybercriminals deliberately launch these campaigns on the weekends, imagining that anti-virus researchers and Facebook's own security team might be snoozing," said Cluley on the Sophos blog Saturday .
Facebook did not reply to a request for comment Saturday, and its security page had no mention of the latest attacks.
According to Runald, Websense has identified at least 100 different malicious applications used in the two weekend attacks.
Facebook users have used the service to warn others of the ongoing attacks. "Hey guys whatever you do DO NOT click on the post that appears on your wall -- doing so will result in all of your Facebook friends being sent the virus," one such message said.
Runald and Cluley spelled out in their blog posts how users who installed the rogue Facebook software, but who did not take the final step and fall for the fake FLV Player download, can remove the bogus program from their application settings page.
Searches conducted on Facebook at 4:30 p.m. ET for the malicious application that Ronald identified came up empty, implying that Facebook had removed it from the site.
Microsoft smacks patch-blocking rootkit second time
For the second month in a row, Microsoft has tried to eradicate a mutating rootkit that has blocked some Windows users from installing security updates.
According to the Microsoft Malware Prevention Center (MMPC), this month's Malicious Software Removal Tool (MSRT) has scrubbed the Alureon rootkit from over 360,000 Windows PCs since its May 11 release. That represented 18.2% of all MSRT detections for the month, more than double the 8.3% the rootkit accounted for in April.
The free MSRT is updated each month as part of Microsoft's monthly Patch Tuesday, and pushed to users via the same Windows Update mechanism used to serve up security fixes.
April's edition of MSRT, which was released April 13, also included Alureon sniffing skills. Last month, MSRT removed the rootkit from more than 260,000 Windows systems.
Although the Alureon rootkit is no malware newcomer -- antivirus company Symantec identified it in October 2008 -- it first made news last February when Microsoft confirmed that the rootkit caused infected PCs to crash when users applied a patch the company issued that month.
As the number of crash reports grew, Microsoft stopped automatically serving the MS10-015 update. It reissued the update only after it had added a Alureon detector that made sure infected Windows machines would not receive the patch.
Microsoft used the Alureon detection again in April when it shipped another Windows kernel patch in the MS10-021 update.
Until Alureon is removed, infected systems cannot apply the MS10-015 and MS10-021 updates.
While it's not uncommon for MSRT to remove a specific piece of malware from machines for several months running, it is unusual when the number of cleaned systems climbs after Microsoft adds detection for that threat.
Engineers at MMPC said the 37% increase in Alureon detections in was due to new variants of the rootkit. "There were several changes to the design of the rootkit to avoid detection and cleaning, revealing that the rootkit is still under active development and distribution," said Vishal Kapoor and Joe Johnson of the MMPC in an entry on the team's blog last Friday.
May's edition of MSRT spotted more copies of Alureon.H than any other variant, Microsoft said. Alureon.H accounted for 43% of all versions of the rootkit.
Kapoor and Johnson also spilled more bad news. "One of the notable changes was to infect arbitrary system drivers instead of only the hooked miniport driver," they said. "This can have negative side effects on the machine depending on the chosen driver."
Some PC keyboards have gone south after an Alureon infection, they said, while other Windows XP machines must be reactivated because the rootkit's dirty work has tricked Microsoft's product activation software into thinking that the user has swapped out one or more PC parts.
Almost two-thirds (65%) of the PCs infected with Alureon this month were running Windows XP Service Pack 3 (SP3), with the No. 2 spot taken by Windows XP SP2 (14%). Only 3.5% of the rootkit-infected PCs were running Windows 7, said Microsoft.
The latest version of the MSRT can be downloaded from Microsoft's site.
Wednesday, May 19, 2010
Skype worm no cause for panic, says expert
Security research firm Bkis earlier this month warned of a vicious virus targeting both Skype and Yahoo! Messenger. BKIS said in a blog post the attack involved inserting malicious URLs into chat windows with sophisticated social engineering hooks.
Also see Social Engineering: The Basics
Each time, the messages sent have different contents, noted Bkis researchers. Examples include "Does my new hair style look good? bad? perfect?" "My printer is about to be thrown through a window if this pic wont come our right. You see anything wrong with it?" The message contains a link to a web page that appears to lead to a JPEG or image file.
"The users are more easily tricked into clicking the link by these messages, because users tend to think that "their friend(s)" are asking for advice," Bkis said in its posting. "If a user clicks the link, his browser will immediately load to a website with Rapidshare-like interface, and a .zip file will be available for download."
The W32.Skyhoo.Worm, as it was named by Bkis, automatically exits if the victim's computer is not installed with Skype or Yahoo! Messenger and automatically sends messages with different contents containing malicious URLs to user names in the Skype/Yahoo! Messenger friend list of the user. Michael Gough, owner of the web site skypetips.com, and author of 'Skype Me! From Single User to Small Enterprise and Beyond ,' spoke to CSO earlier this year about Skype's benefits and challenges in the business environment (See Skype security: Is the popular VOIP service safe for business?).
Gough said while this virus is targeting Skype, it's really social engineering and awareness that need to be considered.
"If I can get you to install anything I own the system and the applications, it does not matter which app," said Gough. "The fact this is taking advantage of Skype is secondary or almost moot. Skype has APIs and functionality that allows this to be used. If Skype wants to change the code to prevent this from happening they may break or disable functionality they actually wanted to provide."
In other words, according to Gough, don't knock Skype for this attack. Instead focus on awareness among users if you are using Skype in the workplace and give them a warning about social engineering rather than worrying about the application's security.
"This is actually just another social engineering attack," Gough told CSO. "The user has to be fooled into downloading and installing a piece of malware. So really it is not attacking Skype, it is trying, in many cases successfully to fool a user to provide access and then use an application, in this case Skype to proliferate more social engineering."
Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.
USB worm named biggest PC threat
A worm that is spreading via USB flash drives has been named the biggest security threat to PC users by McAfee.
According to the security vendor's Threats Report: First Quarter 2010, an AutoRun-related infection was also the world's third biggest PC threat during the first three months of the year, while the rest of top five biggest PC threats were made up of password-stealing Trojans.
The report revealed that spam rates have remained steady.
However, there has been an increase in diploma spam, or spam that offers forged qualifications, in China, South Korea and Vietnam.
McAfee also said malware and spam in Thailand, Romania, the Philippines, India, Indonesia, Colombia, Chile and Brazil had surged.
The security vendor said this was down to the significant growth of web use in these countries coupled with a lack of security awareness.
"Our latest threat report verifies that trends in malware and spam continue to grow at our predicted rates," said Mike Gallagher, senior vice president and chief technology officer of Global Threat Intelligence for McAfee.
"Previously emerging trends, such as AutoRun malware, are now at the forefront."
The security vendor said attackers continue to use major news stories to ensure web users are directed to malicious web links, while the US continues to host 98 percent of these poisoned links.
Creating a library of FLOSS Manuals
The work by FLOSS Manuals  to develop gather and develop "free manuals for free software" continues apace, but some continue to wonder just why documentation for open source software has been so relatively rare.
I read a few posts about this over the last few days, but no one touched on what I think has got to be a big piece of the puzzle.
When's the last time you read a user manual?
Occasionally, I'll look at a manual briefly when I'm setting up hardware or electronics, to get the basic layout. But the last time I read a user manual for software? Pfft.
And I'd imagine many people who actively use open source are far more technically adept than I am, and have even less need than I do for the instructions on how to use Firefox, OpenOffice, Audacity or GIMP.
To be sure, there are plenty of other reasons for the lack of solid documentation, such as developers who are proprietary  (ah, irony) about creating the "official" documentation of their program or, simply, the time and resources involved  in putting together a comprehensive, understandable user manual.
The thing is, most people are not very technically adept. Even the simplest program needs a user manual to enable the average person to figure out how to use it. For open source to become the default software rather than a free (or less expensive) alternative, "regular people" need to be able to use it.
The manuals developed so far on FLOSS Manuals seem rather comprehensive and are the result of teamwork. While there's a bookstore on the site where you can buy professionally bound and printed copies of the manuals, you can also simply print them out as a PDF file or refer to them online.
People are encouraged  to edit the manuals, to print them out and to share them, as one might expect with an open source project. And they're not telling people how to work the software, they're telling people how to work the Internet freely  (i.e., bypass Internet censors) in spots where there isn't the same sort of online freedom as in the United States and much of Europe.
In the nearly two years since FLOSS Manuals started, it's developed into a pretty handy library.
Useful enough that even I might take advantage of it sometime.
New clue to anti-matter mystery
by Paul Rincon Science
The team observed collisions in the Tevatron accelerator
A US-based physics experiment has found a clue as to why the world around us is composed of normal matter and not its shadowy opposite: anti-matter.
Anti-matter is rare today; it can be produced in "atom smashers", in nuclear reactions or by cosmic rays.
But physicists think the Big Bang should have produced equal amounts of matter and its opposite.
New results from the DZero exeriment at Fermilab in Illinois provide a clue to what happened to all the anti-matter.
Many of us felt goose bumps when we saw the resultStefan Soldner-Rembold DZero co-spokesperson
This is regarded by many researchers as one of the biggest mysteries in cosmology.
The data even offer hints of new physics beyond what can be explained by current theories.
For each basic particle of matter, there exists an anti-particle with the same mass but the opposite electric charge.
For example, the negatively charged electron has a positively charged anti-particle called the positron.
But when a particle and its anti-particle collide, they are "annihilated" in a flash of energy, yielding new particles and anti-particles.
Similar processes occurring at the beginning of the Universe should have left us with equal amounts of matter and anti-matter.
Yet, paradoxically, today we live in a Universe made up overwhelmingly of matter.Unexplained result
Researchers working on the DZero experiment observed collisions of protons and anti-protons in Fermilab's Tevatron particle accelerator.
They found that these collisions produced pairs of matter particles slightly more often than they yielded anti-matter particles.
The results show a 1% difference in the production of pairs of muon (matter) particles and pairs of anti-muons (anti-matter particles) in these high-energy collisions.
"Many of us felt goose bumps when we saw the result," said Stefan Soldner-Rembold, one of the spokespeople for DZero.
"We knew we were seeing something beyond what we have seen before and beyond what current theories can explain."
The dominance of matter in the Universe is possible only if there are differences in the behaviour of particles and anti-particles.
Physicists had already seen such differences - known as called "CP violation". But these known differences are much too small to explain why the Universe appears to prefer matter over anti-matter.
Indeed, these previous observations were fully consistent with the current theory, known as the Standard Model. This is the framework drawn up in the 1970s to explain the interactions of sub-atomic particles.
Researchers say the new findings, submitted for publication in the journal Physical Review D, show much more significant "asymmetry" of matter and anti-matter - beyond what can be explained by the Standard Model.
If the results are confirmed by other experiments, such as the Collider Detector (CDF) at Fermilab, the effect seen by the DZero team could move researchers along in their efforts to understand the dominance of matter in today's Universe.
The data presage results expected from another experiment, called LHCb, which is based at the Large Hadron Collider near Geneva.
LHCb was specifically designed to shed light on this central question in particle physics.
Commenting on the latest findings, Dr Tara Shears, a particle physicist at the University of Liverpool who works on LHCb and CDF, said: "It's not yet at the stage of a discovery or an explanation, but it is a very tantalising hint of what might be."
Dr Shears, who is not a member of the DZero team, added: "It certainly means that LHCb will be eager to look for the same effect, to confirm whether it exists and if it does, to make a more precise measurement."
Tuesday, May 18, 2010
Systems Engineers Have Bright Future
by: Don E. Sear
Systems engineers, from engineering students to experienced professionals, are expected to have strong salaries and real opportunities for career growth. They also have the weight of academia and major technology vendor IBM behind them.
You may not have noticed, but systems engineering is a promising career choice. In 2009, it was rated No. 1 out of the Top 50 careers in terms of salary and growth prospects over the next 10 years by CNNMoney.com and Payscale.com.
Right now in May 2010, the average wage for a systems engineer is just under $90,000, according to data compiled by Indeed.com. While average salaries for the field are down a bit from where they had been, there is little shortage of jobs in the field.
"Pay can easily hit six figures for top performers, and there's ample opportunity for advancement. But many systems engineers say they most enjoy the creative aspects of the job and seeing projects come to life."
Thursday, May 13, 2010
To Download Flyer - Click Here!
**Annual Charity Jet Fly**
Radio Controlled Model Jets @ Grosse IIe AIRPORT
All proceeds donated to: Naval Air Station Grosse IIE Fund & The Leukemia & Lymphoma Society
Date August 13 -15 2010
Fri./Sat Flying Time 9:30AM - 5:00 PM
Sunday Flying Time 9:30AM - 2:00 PM
General Admission $10.00 Per Carload
All are Welcome!!
(Excludes pilots flying or participating in the event)
Event Hosted By:
Flying Pilgrims R/C Club * Detroit Aero Modelers * The Midwest R/C Society
Last Years Promo video!!
By now, we’re familiar with the bloodless stats: Nearly 6,000 deaths each year attributable to distracted driving, including texting, according to the National Highway Traffic Safety Administration. But let’s face it: Are people really paying attention? How many “tut-tut” the latest horrible accident, then quickly return to distracted texting and talking (often in the name of business productivity)? Lots.
Corporations without mobile cell phone and text messaging policies are playing a dangerous game of chicken. Increasingly, courts are awarding big settlements in such cases. A South Carolina judge, for example, recently awarded $5 million to the families of two bicyclists killed by a driver talking on a cell phone. The driver was in a company car, so her employer’s insurance was liable. Lawyers are jumping all over these kinds of cases; expect more. No surprise that smart companies such as Chrysler are implementing corporate policies banning texting while driving.
Whether you’ve got a formal policy or not, a host of new hardware and software can help remove the temptation, for you or family members, especially text-crazy teen drivers. Low-cost apps are available for iPods (this summer), BlackBerrys, Windows and Android phones. Here is a sampling of cell-phone blockers worth checking out. Most block all texting or calling once activated by the user or by vehicle movement:
On the topic, you or your kids may want to check out new videos by AT&T on corporate texting responsibility.
A few weeks ago, I posted an item about mushrooms and plants that can remove pollutants and contaminants from soil, in a process called bioremediation. The topic has garnered significant attention since the April 20 Deepwater Horizon drilling rig explosion.
< href="file:///C:%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml" rel="File-List"> As the oil slick creeps toward the Gulf Coast, BP, the federal government and environmental groups are scrambling to protect the fragile coastal ecosystem.
The rig was drilling 130 miles southeast of New Orleans, and the resulting spill is pumping some 210,000 gallons of oil per day into the Gulf of Mexico.
British Petroleum, owner of the well, is using numerous methods to attempt to contain the spill and reduce the harm it causes to the Gulf Coast. These include:
- Controlled burns of dense oil pockets.
- Booms (portable barriers) that physically block the oil from flowing past. Hundreds of thousands of feet of boom are currently being used offshore in the Gulf, aimed at protecting the shorelines of Port Sulphur and Venice, La.; Pascagoula and Biloxi, Miss.; Mobile, Ala.; and Pensacola, Fla.
- Chemical dispersants that break the oil spills down into miniscule droplets, which are more easily consumed by naturally occurring microbes in the ocean.
Bioremediation of oil spills is more complicated at sea than it is on land, and it’s also more complicated because the spill has not yet been contained. There are human-engineered microbes that can digest the oil toxins, but experts agree that natural microbes do a better job. The next step, then, is to accelerate these microbes’ growth and digestive capacity by adding sulfate or nitrate fertilizers to the water.
"Nature has already evolved microbes better at consuming hydrocarbons than anything we could grow, and when you go out in the ocean and dump some new organisms on a spill, it already is colonized with those better, natural microbes," says microbiologist Ronald Atlas in an interview with USA Today. "What we are really doing is adding fertilizers to these locations to speed the natural process." Experts estimate that, when fertilized, the oil-digesting microbes can work three to five times more quickly, yielding measurable results in a year or so.
Sounds straightforward, doesn’t it? Unfortunately, introducing nitrate-based nutrients into the ocean disrupts the ecological balance and can cause other problems down the road.
"The concentration of chemicals used to clean up sites contaminated by oil spills can cause environmental nightmares of their own," says Terry Hazen, a microbial ecologist in Berkeley Lab's Earth Sciences Division, in a Science Daily report.
According to Hazen, who has studied the long-term effects of the Amoco Cadiz spill of 1978 and the Exxon Valdez spill of 1989, untreated areas of coastline recover naturally within a few years, but chemically treated areas sustain more long-term damage.
What does he suggest? "From a cleanup standpoint, right now we should be using sorbents to take up as much of the oil as possible," Hazen says. "Then we need to gauge how quickly and completely this oil can be degraded without human intervention."
Sorbents have been used in smaller-scale spills, such as the November 2007 Cosco Busan spill in the San Francisco Bay. Some groups reuse natural fibers—human and animal hair, wool, fur, feathers—to create highly absorbent booms and mats that soak up oil effectively. One environmental group called Matter of Trust collects hair clippings from salons for this purpose.
To bring the discussion back to mushrooms, volunteers in San Francisco used hair mats from Matter of Trust to soak up oil from the bay, and then used colonies of oyster mushrooms to absorb the oil from the mats. The mushrooms take about 12 weeks to absorb the oil, breaking the hair mats down into nontoxic, compostable material.
It’s going to take a lot of hair to absorb the millions of gallons drifting toward the Gulf Coast, but should the oil reach shore, BP employees, government agencies and volunteers will have to use every tool at their disposal to remediate the contamination.
Wednesday, May 12, 2010
Twitter wipes out followers to kill bug
For all the Twitterers who were fretting about where their followers went earlier today, fear not. They're back.
Twitter engineers have corrected a bug that was messing with users' followers on Monday. To fix the problem, Twitter engineers had to reset users' followers/following numbers to zero for a while around midday, according to Twitter's Status update. .
The microblogging site seemed to be back on its feet again a little after 2 p.m. EDT.
"We identified and resolved a bug that permitted a user to 'force' other users to follow them," the social networking site said. "We're now working to rollback all abuse of the bug that took place."
The company also noted that the bug did not many any private updates available to all.
The problem started with a bug that enabled members to add followers to their accounts simply by tweeting "accept" followed by the "@" sign and someone's Twitter logon.
The company has not said how many users' accounts were affected by the bug.
The problem caused the blogosphere to light up this morning with tweets about the problem. By 2:30 p.m. EDT, five of the site's top 10 trending topics were about today's bug.
Dan Olds, an analyst with The Gabriel Consulting Group, said the swift reaction to Twitter's trouble wasn't surprising.
"What we really see with social networking is that for any given tool, whether it's Twitter, Facebook or any other site, there is a hard core of very active users who care a lot about any problems, changes, or interruptions," said Olds. "These people are very vocal and opinionated -- passionate, in other words."
On Twitter, users definitely were having their say.
"Screw stock market crash. Twitter followers crash = more scary!" tweeted @dalmaer today.
And @PierreSherrill was looking for the silver lining, writing, "Thinking about unfollowing people and blaming it on the Twitter bug!"
Sharon Gaudin covers the Internet and Web 2.0, emerging technologies, and desktop and laptop chips for Computerworld . Follow Sharon on Twitter at @sgaudin , or subscribe to Sharon's RSS feed . Her e-mail address is email@example.com .
Monday, May 10, 2010
Wayne Hicks posted the following topic
Grant Recipient - National BDPA ($5,000)
I'm pleased to report that 14 BDPA chapters will benefit from this $5,000 grant.The following chapters rec'd funds from this grant to purchase books for their SITES program:
3. Baton Rouge
4. Boston Metrowest
5. Central Illinois
11. Great Columbia
13. St. Louis
Is your chapter on this list?
Anyhow, I'm glad that the fundraising efforts of BETF are helping BDPA on a local and national level! This is an example of how BDPA and BETF can work together seamlessly for the betterment of our membership and donors. Do you have thoughts on other ways that we can work together?
Wednesday, May 05, 2010
By Darryl K. Taft
Microsoft is getting involved with another big-time open-source project, having agreed to support the popular Joomla content management system.
In a blog post April 28, Josh Holmes, a user experience architect evangelist at Microsoft, said Microsoft has signed a contributor agreement to work with the Joomla PHP-based open-source CMS. And one of the big takeaways from the agreement is that it further establishes Microsoft's willingness to put support behind efforts governed by the GNU GPL (General Public License).
This is not the first time Microsoft has thrown its weight behind GPL-backed code. In July 2009, the company announced that it had "released 20,000 lines of device driver code to the Linux community. The code, which includes three Linux device drivers, has been submitted to the Linux kernel community for inclusion in the Linux tree."
In an interview on the Microsoft PressPass site, Tom Hanrahan, director of Microsoft's Open Source Technology Center, said:
And a year prior to that, in July 2008, Microsoft announced that for the first time the company would be submitting a patch to a GPL2-based project, ADOdb. ADOdb is a PHP project that is a data access layer that many PHP applications use.
Of Microsoft's Joomla news, Holmes said, "Obviously it means that Microsoft employees can contribute to Joomla. That's exciting all by itself as Joomla is the second-largest PHP application in the world. In fact, that's already happened in conjunction with the signing, as Ruslan Yakushev and Don Raman have already contributed code to add WinCache support to Joomla."
On the Joomla Community Portal site, Sam Moffatt noted that Microsoft code is in the Joomla 1.6 trunk, adding:
Microsoft has its own open-source CMS project under development, the Orchard project. Indeed, Microsoft has several hundred open-source and community source projects hosted on its CodePlex site. Holmes said there are more than 400 open-source projects that Microsoft is participating in.
Tuesday, May 04, 2010
U.S. Treasury Web sites hacked, serving malware
Three Web sites belonging to the U.S. Department of the Treasury have been hacked to attack visitors with malicious software, security vendor AVG says.
AVG researcher Roger Thompson discovered the issue Monday on three Web domains associated with the home page of the U.S. Bureau of Engraving and Printing. As of late Monday, all three Web sites were still actively serving malicious software and the Bureau of Engraving and Printing Web site should be avoided until it's clear that they've been cleaned up, Thompson said in an interview via instant message.
Although the Treasury Department could not be reached for comment, IT staff there appear to be aware of the problem. On Tuesday morning, all three sites had apparently been taken offline and were returning a "page not found" error.
According to Thompson, hackers had added a small snippet of virtually undetectable iframe HTML code that redirected visitors to a Web site in the Ukraine that then launched a variety of Web-based attacks based on a commercially available attack-kit called the Eleonore Exploit pack.
The Ukrainian Web site was associated with similar attacks in the past. Those attacks targeted a handful of known software bugs, including flaws in Adobe's Reader software.
The Bureau of Engraving and Printing provides information on U.S. currency -- how to identify counterfeit bills for example -- and just two weeks ago had used its Web site to promote the newly redesigned US$100 bill.
It's not clear how hackers managed to install their malicious code on the Treasury Department's Web sites.