Information Security

Firefox will get the button "do not track" for those who need anonymity

w1zard — Wed, 16 Mar 2011 02:06:28 GMT

Mozilla community once again announced his vision of the anonymity of users on the web. It is possible that in early 2011, Firefox will click "no trace". Anyway, so says Gary Kovacs, executive director of Mozilla Corporation. He also claims that absolutely agree with the statements of many users need to keep the "traces" the web is under control.

Currently, the Mozilla community is also concerned about the methods of online advertising agencies and networks that hook or by crook trying to get any information about the user, in order to provide the most appropriate advertising interests of most users. Clearly, as a result of these actions the company gain more clients, but generally speaking, such methods are already on the verge of a little more and all this can be called theft of information.

Worst of all, the user can not control their own "footprints" on the Internet - the concept of "anonymity of the Internet" is becoming more elusive.

It is interesting that Microsoft has already added the feature of anonymity in a new version of its browser, so that now, if you wish, you can hide their actions in a web of overly curious scripts that are installed on different sites of advertisers.

Google Inc. in general believed that before you create something like a button "do not track, you must define your list of allowed actions that can execute a script that tracks user activity on the web.

Kovacs believes that such clarification may be delayed for a long time, so it's easier to provide the function of anonymity for users who need it. In general, Google can be understood - after all, the company owns the largest content network, which is also able to "follow" the user in order to provide the most relevant information in the ad units.

Head of Mozilla Corp. nevertheless believes that providing a better or worse information to the user, especially when it comes to advertising, there should be a consequence of tracking user actions on the web.

By the way, Kovacs made an interesting statement. The fact that the Mozilla team did not think Chrome is completely open the browser. "It is unlikely that Google will work to the detriment of their interests and, for example, does no longer track users on a network. Chrome is primarily designed to achieve specific business goals, "- says Gary Kovacs.

Via Yahoo

Paper spammers have mastered the database

w1zard — Wed, 16 Mar 2011 02:06:04 GMT

What then, dear habrazhitel, if earlier, you could find all sorts of throwing, working with faceless passers-by in the subway or train station, then more recently they have mastered computers, electronic databases, the color printing industry and other benefits to the computer Mailing name paper as spam and put in your personal mailbox in the entrance designed color brochures and promotional material personally for you (and your parents), indicating all the details, names and other things to ingratiate themselves . What to expect from a well-equipped spammers-throwing? How do they earn and how to protect themselves from them? Consider the following example. (Photo by gently traffic)

So, we got another letter. This is not the first letter of this year. Open it and see.

Envelope Front

Envelope rear

We see a real address and name of the recipient, but noticed immediately that all postage stamps printed on paper hard copy, ie, without traditional postal impressions.

The first piece

The first piece of the reverse side

The second piece

Inside, we see self-addressed envelope, forms, receipts for mail order and catalog.

The third piece

The fourth piece

The fourth piece of the reverse side

The fifth leaf

The essence of the divorce. You are invited to send an advance payment for the goods from a catalog. And for your purchase you promise to participate in the action. A special committee organizers, without a lottery drawing will select the winner, ostensibly on the postmark, but the contraption that all prices are 3-5 times higher than the market. At this time, sent New Year's catalog, but may send a book or any other, with the same trick.

The sixth leaf

The sixth piece of the reverse side

All the prizes: a TV, and 1 million rubles 50tys under the terms of this promotion, will also distribute the one-same "commission".

The seventh leaf

If you need items from the catalog, then just look at the next store or the market. In an extreme case, compare the prices in shops, but in any case, do not try to send an advance payment in postal money orders, because even if we assume that you will receive these goods (which is also not true) then prices will be repeated, and the imaginary lottery . Be vigilant, though I'm sure that most of habrazhiteley not will buy these rods, so warn their unsuspecting relatives. These Christmas "gifts" can turn to them in the best case, loss of money. And remember, if you have one answer, or to somehow show their attention, the number of such proposals and actions in your mailbox will increase many times. Good luck.

P.S. The main problem in fighting these spammers is that they do not violate the law. And that means just the methods of prevention and persuasion (as in this article) may deal with them. Please take care of their loved ones by purchasing them for gifts and warned of a spammer.

P.P.S. My wife sent them money and cheated. Sorry for the parents of our habrozhiteley, it's designed for them is kidalovo. I sincerely hoped to instill in habrozhiteley desire to help his parents. Remind me about the gifts for them, I would warn that everything, even the address and name, used to ingratiate themselves. I can not understand those who hate me for wanting to help

Approved the transaction on the absorption of mcafee corporation intel

w1zard — Wed, 16 Mar 2011 02:05:40 GMT

Yet this summer - more precisely, in August, it became known that Intel wants to buy anti-virus company McAfee. The transaction value is quite high - $ 7.68 billion. Antimonopolschiki U.S. immediately drew attention to this deal, and began to check its validity, as happens in such cases. By the way, this deal is the largest in the history of Intel.

Corporation has agreed to buy MacAfee to expand its influence in the rapidly growing market segment of network security applications. Today it became known that the Fair Trade Commission has approved the transaction, so it will be completed shortly. However, there is another problem - the European Antimonopolschiki, but often the Europeans waiting for the decision of American colleagues, and then make a similar decision.

Analysts believe that the special problems in treating the transaction by the European legislator should not be so very soon MacAfee actually pass under the top of Intel. Naturally, after the completion of the transaction immediately Intel will integrate infrastructure MacAfee in their own structure. It seems not to be held and a couple of months, as we hear about any new product in a new Intel line of business.

It is also worth noting that Intel does not always have warm relations with the antitrust authorities the U.S. or Europe. Last year, for example, the corporation was fined $ 1.45 billion for the actions which violated EU antitrust laws.

Now Intel representatives did not comment on the situation, responding that dealing with the EU continues.

Via CNET

Bruce Schneier wrote a book about the brain

w1zard — Wed, 16 Mar 2011 02:05:16 GMT

Famous cryptologist, bestselling author of cryptology, the developer of ciphers Blowfish and Twofish, became interested in human psychology. Bruce Schneier believes that to create good computer security systems need to study the brain of homo sapiens, very carefully - the neocortex and amygdala.

Next week, Bruce Schneier will speak at the RSA conference and talk about their latest research and thinking on the connection between psychology and computer security. Report promises to be quite interesting.

Cryptography guru himself explains that the purpose of his speech will not at all practical methods of cryptography or security of computer data, namely, the arguments about how people think and how they feel about the computer (and not just computer) security. It really is a serious psychological problem worthy of medical investigation.

"A lot of time in RSA we are trying to understand why people do not protect their computers, why they behave so irrationally. This can be explained only by psychology - says Schneier. - If the computer security industry wants to create commercial products, then we need to understand our consumers. "

43-year-old cryptologist has long been studying the psychology of users. At the RSA Conference, he will tell only the main conclusions arrived at, and the complete results of this research will be published as a book (as we know, Bruce Schneier is a very popular writer).

The new book will be devoted entirely to the human brain. Bruce Schneier says that security - is both a reality and sensation. If reality is based on the probability of risk, a sense of security depends on the psychological reactions to risk, as well as countermeasures to address threats to security. Very often, our perception of risk does not coincide with reality, and the neuroscience (brain science) should help explain this phenomenon.

Perception of reality the brain is often contrary to any logic. This also applies to risk assessment. For example, many ordinary people more afraid to fly on an airplane than driving a car, although the statistics are much safer aircraft. Similar absurdities can occur in the human brain when thinking about computer security.

In the human brain there are two systems that evaluate the risks: it is the neocortex (Analytical Processing) and amygdala (emotions). The problem is that the neocortex can not "contradict" the amygdaloid body, which is the older part of the brain. That is why people often make decisions in the field of computer security, based on emotion - and nothing can do about it.

Smokers undermine information security

w1zard — Wed, 16 Mar 2011 02:04:53 GMT

Where the smoker - there and open the door. Total ban on smoking in offices, forcing dependence on nicotine geek to run into the street. Back door is left open for them. According to British specialists, social hackers can use this "hole".

British consulting firm NTA Monitor, which specializes in IT-security, conducted an experiment. During this experience, a hacker could easily enter the corporate building through a back door, which left specifically for smokers. Inside the building the attacker using social engineering techniques entered the meeting room. Full-time employees of the company held it there and left alone.

To penetrate into the building did not need a hacker to pass. He simply waited for smokers smoke break is over, and then went through the same door. A few minutes later he was able to connect my laptop to the corporate VoIP-network - directly from the meeting room. Fortunately, the company data network has been separated from VoIP-network, so that unauthorized access brought a few problems. In most other companies attacker for several minutes would copy all the necessary data and calmly left the building.

Roy Hill (Roy Hills), technical director of NTA Monitor pun: "There were times when the company left the" back door "(backdoor) open in the sense of computer security. Now they are literally leaving it open for smokers. " This is particularly dangerous due to the fact that hackers are increasingly using social engineering techniques to infiltrate corporate networks.

Specialist stresses that the "hole" in computer security has arisen because of new legislation in the U.S. and some European countries, which forbids to create smoking areas in office buildings. In July, the law goes into effect throughout the UK.

When the internet people will answer for their actions?

w1zard — Wed, 16 Mar 2011 02:04:29 GMT

This question is currently anyone who has the resources on the Internet that host their own writings (original content).
The same question I started asking myself since the beginning of 2006, when the network began to emerge clones of my work.

The first clone was the menu (which I did for the first version of the portfolio) at the site of one of DJ-I, which is the most insolent manner stole all the menus, do not even bother to change (flashers will understand me), no color masks, no algorithm, no even bugs. In the future, the incident was resolved quite peacefully - by adding my copyright and link to the site.

Next, there were several similar clones of works from my blog, but, frankly, did not want to understand, because attendance of those resources has been a little crazy, and the forces on the proceedings was not - summer is back!

2007 has presented absolutely stunning (to me) a surprise.

March 3. About six o'clock in the evening.
The ICQ knocked on a citizen Nikita. With the move suggested that I change the design of my work, "Radio." And, at that time it had already been published on his website! No copyrights were not, but it was completely ripped as he roller, and a piece of my explanation to him. After my warning, it was removed. But not for long.

March 3. Somewhere, seven in the evening.
Again, knocked all the same, Nikita, but this time asked me to change the design for the money (boy, is already well ...). But after named the sum immediately declined (Sanchez word, the sum of trumpery - 50u.e.). Further, offered to pay "advertising" (that's thank you!). I have stopped responding. Well the truth, what's the use to continue to bicker. Said "No" means "No".

March 4. Morning.
I decided just to ask how Mr. Nikita kept his word. Went to his website. Opa! My job back in place, but this time there is my copyright (on the right, a little of this, mixed with the ad unit). At my formal letter of request to remove my work from this site, yet to be received no response. You have it.

But let's not just about sad. In July 2006, my colleague, Maria Pleshkova, won (although it converged on the world, but the money she paid for) a trial with one magazine that without her permission granted in the room one of her photos. Here's what she says herself:

yesterday finally completed my litigation with one publisher, which is wrongfully issued without the consent of my picture. The process was long, but the Court was pleased, satisfied the claim in a decent amount, even moral damages awarded. Who intresno, write, share documents and answering questions, publisher name just shut up.

06.07.2006 11:38:27 | http://club.foto.ru/forum/view_topic.php ...

Especially for those who have "someone itching, Dmitri Ryabykh on its website ( link at the end of page) describes the 3 most common myth, which falsely guided by theft:

Myth number 1. Published in the online material can be used in any way, because it is designed for easy access.

Similarly, you can freely get access to radio or television, take a book from the library, etc. Internet has not changed anything in the principles of publishing, it is only a simplified copy of published materials.

Myth № 2. To use the materials on a commercial basis no permissions are required, we do not benefit from the.

First, of course, you will benefit, albeit indirectly. Someone has attracted the attention of published materials, someone creates a way advertising platform for future income generation, someone pursuing other goals, but in all cases, a publication that you used, help achieve these goals. Secondly, the publication of illegally using, you deal damage to its author. And then it does not matter whether it turned damage to your profits.

Myth number 3. The Internet is nothing impossible to prove, your violation go unpunished.

To prove in court the illegal copying of information from the Internet site is not much harder than working with printed sources. Another thing is that in most cases do not do this because of the complexity of procedures of trials and a small amount of damage. But one should never forget about other ways to protect the authors, not connected with the courts. Damage that your reputation will suffer, and perhaps not only the reputation, can be repeatedly cut off benefits to illegal publications.

To be continued ...

Links:
Copyright.ru
Dmitry Ryabykh
Sergey Stepanov
Legal Advice Online. Copyright

Links for comparisons:
http://metoart.ru/blog/2006/11/23/radio_ ... - the original.
Http://www.videozvuk.com/index.php?categ ...

If the case of publishing the work will be removed, here is a screenshot

Error in the recursive processing in the css ie 6/7/8 (cve20103971)

w1zard — Wed, 16 Mar 2011 02:04:05 GMT

Not so long ago, or rather the beginning of December was the disclosure of a bug in the recursive processing of CSS in different versions of IE. Presented PoC could just drop a browser, but to survive from it of something more meaningful unable to start this week, while in Metasploit does not appear to exploit full exploitation of this vulnerability.

PoC originally looked like:

< link href = "css.css" rel = "stylesheet" type = "text / css" />

* {
color: red;
}
@ import url ("css.css");
@ import url ("css.css");
@ import url ("css.css");
@ import url ("css.css");

error is damaged memory in the parser of HTML pages (mshtml.dll) in the processing of pages containing recursive include CSS object CStyleSheet:: Notify removed and later this memory area can be used to transfer control to arbitrary code.

Mshtml! CSharedStyleSheet:: Notify:
3ced63a5 8bff mov edi, edi
3ced63a7 55 push ebp
3ced63a8 8bec mov ebp, esp
3ced63aa 51 push ecx
3ced63ab 56 push esi
3ced63ac 8bb1d0000000 mov esi, dword ptr [ecx +0 D0h]; esi = 0x14 
3ced63b2 57 push edi
3ced63b3 8bb9d8000000 mov edi, dword ptr [ecx +0 D8h]; pointer to array of CStyleSheet objects 
3ced63b9 33c0 xor eax, eax
3ced63bb c1ee02 shr esi, 2; esi = 0x5

In principle, this vulnerability is nothing particularly interesting, but here is the realization of its operation from ryabyat of Metasploit is really worthy of attention. It is interesting that in addition to the standard heap-spray, used machinery ROP (return oriented programming) through. NET, which is not typical enough. A more accurate to use the features of the downloads mscorie.dll. NET Framework 2.0, which was compiled without the flag and always gets loaded on the same base address (0h63f00000). This omission on the part of developers can use techniques ROP to call system functions from the shellcode.

Example stack pivot gadget for ROP:
mscorie! _chkstk +0 X1b:
63f0575b 94 xchg eax, esp
63f0575c 8b00 mov eax, dword ptr [eax]
63f0575e 890424 mov dword ptr [esp], eax
63f05761 c3 ret

Microsoft has released Security Advisory 2,488,013 yesterday on the subject and the vulnerability seems to be closed in the following pack updates. While citizens from MS recommend the use of EMET (The Enhanced Mitigation Experience Toolkit) to counter bypass ASLR through the above described ROP vector.



Ddosattack against the Rutaceae dnsserver was advertising action
w1zard — Wed, 16 Mar 2011 02:03:41 GMT
Attack on Rutaceae DNS-servers, recorded in early February, possibly the kind of advertising action. "Advertisers" demonstrated its potential in the organization of large-scale attacks using botnets. This version put forth in a special document, the representatives of ICANN - the organization for the purpose of domain names, website Darkreading.com.

With what version of the advertising campaign looks very interesting, agrees CEO of OpenDNS DNS-service and EveryDNS Ulevich David (David Ulevitch): «ICANN representatives have suggested that this could be someone trying to demonstrate the power of his boat networks and the ability to use their custom. This is not about attacking the test in preparation for global action against themselves DNS-servers, and a way to demonstrate the potential of bot-nets to those who can use this potential against less protected targets. " According to Ulevich, a new similar attack is possible, but it is unlikely to destabilize the operation of servers.

The February attack on Rutaceae DNS-servers to prove how effective method of protection is the use of technology anycast. This technology involves the location of IP-addresses of DNS-servers simultaneously on multiple physical (hardware) servers and DNS-request is sent via the anycast-address, delivered to a server near you. Five DNS-servers that are not yet using anycast, will be transferred to it in the near future, said representatives of ICANN.

A document that ICANN has made for an audience with no special technical skills, also draws attention to the attack power, expressed in numbers. Flow of traffic directed at some Rutaceae servers reached 1 Gbit / s, equivalent to 13 thousand emails per second or 1.5 million emails in 2 minutes. The attack began around 7 am and lasted for 2,5 hours. The second wave of DDOS-attacks began three and a half hours and lasted for 5 hours. ICANN report confirms earlier estimates that the attack affected the ordinary Internet users "limited." The document also confirmed previous hypotheses concerning the possible area of ??origin of the attack - she was one of the countries of the East Asian region. However, there is no conclusive evidence that the botnet was located in the territory of the Republic of Korea.

According to ICANN, the attack could be carried from the territory of several countries. However, given the fact that the IP-addresses from which were requests to the DNS-servers that could be imitated, say it is definitely not. It is possible that the source of the attack could be a so-called zombie computers in any other part of the world.

The greatest burden fell on the DNS-server G, located in Ohio and administered by the Department of Defense, as well as on the server I, located in California and administered by ICANN. These two servers were the only six-attacked, not using anycast. According to representatives of ICANN, incomplete implementation of anycast technology was a conscious decision Rutaceae operators. "There were fears that the representation of several different servers as a single point of entry could pose a security risk" - the document says. Under the plan operators, you must first was to conduct tests on multiple servers, and then address the shortcomings.

To counter future attacks by ICANN last year recommended the DNS-operators to confirm the IP-addresses of the sources of requests and receive requests only from trusted resources (such as their own clients). ICANN has recognized that the recommendations were met with "mixed success".

Source: http://www.viruslist.com/ru/news?id=2073 ...
Original Source: http://www.darkreading.com/document.asp? ...


Caroline Paint Painted and forgot about wifi and cellular networks
w1zard — Wed, 16 Mar 2011 02:03:17 GMT
The company EM-SEC Technologies of North Carolina issued a press release, which said on successful tests of the material, developed its technology division. EM-SEC 2060, was named as the originator, is a special paint that is being deposited on the walls of rooms or buildings, screens it from the electromagnetic radiation of wireless communication: cellular or, for example, Wi-Fi.

A key component coating EM-SEC 2060, which in appearance and properties differs little from the usual vodoemulsionki - a complex polymer formula and manufacturing technique which, for obvious reasons, is a commercial secret.

Coverage is intended primarily for information security-critical parts (SCIF) private companies and public (including military) structures. Methods of industrial espionage, not to mention the spying "real" long can intercept information, even from cable networks, and so the theft of data from channels Wi-Fi and does become a kind of urban legend, horror stories for IT-Schnick. And if the home network will be sufficient staffing to use encryption, the research labs, server rooms and business talks will be not too much to protect against leaks physically.

Development of EM-SEC has been tested in several highly respected institutions: Sandia Labs, the Center for freeboard ship (Naval Surface Warfare Center) and even the National Security Agency (NSA), which keeps the rest of U.S. electronic front. As a result, coverage has been approved as an effective remedy by SCIF. It is not excluded that the EM-SEC now receives orders from government agencies of America, which in recent years have increasingly related scandals of the loss of valuable personal and business information.

Possible and civilian use: paint a wall paint lecture halls or cinemas, you can get rid of the ringing phone nevovremya.

In addition to paint, the company produces fiber used to make bags and cases for electronic devices such as PDAs and laptops. These accessories are designed to protect computers from entering the road.


Hacking gadgets at the conference shmoocon
w1zard — Wed, 16 Mar 2011 02:02:53 GMT
ShmooCon hacker conference this year were pleased with an arsenal of unusual devices that could be operated directly by visitors. That there is only a device Silica-based Nokia N800 - it automatically scans the surrounding Windows-computers via WiFi, reveals a vulnerable PC and allows you to take screenshots from any of them in a couple of mouse clicks (and not just screenshots).



Gadgets Silica sold for $ 3600 and fly like hot cakes, according to the developers of the company's Immunity. The price includes the base unit Nokia N800, and pre-configured set of programs, updated for the year ahead and two-hour course on using the device.

"Wireless hacker" can be very useful WiFi signal amplifier from the company WarDrivingWorld.com, with which you can connect to the hotspot as much for three miles. Package worth $ 325 includes a 100-millivattnuyu card 802.11 b / g, 500 millivattny amplifier and antenna 9 dBi.



Among the exhibits you could find a device that protects the owner of a wireless network from such attacks. The photo shows the world's first portable WiFi-firewall AirTight ($ 795) with a sensor to detect WiFi-attacks and automatic intrusion prevention.



Six manufacturers of network firewalls, including NitroSecurity, Vernier Networks and Network Chemistry, provided their products to test for hackers. The photo shows all of these devices: they connect to, it took dozens of cables. 



Via News.com