Archive for the ‘PC & Web Security’ Category
Porn Sites Closer to xxx Web Addresses
It may soon be easier to block Internet porn: The agency that controls domain names said Friday it will consider adding .xxx to the list of suffixes people and companies can pick when establishing their identities online.
The California-based nonprofit agency, ICANN, effectively paved the way for a digital red light district to take its place alongside suffixes such as .com and .org, finally ending a decade-long battle over what some consider formal acknowledgment of pornography’s prominent place on the Internet.
While the move may help parents stop their children from seeing some seedy sites, it wouldn’t force porn peddlers to use the new .xxx address — and skeptics argue that few adult-only sites will give up their existing .com addresses.
Still, it’s seen as a symbolic step in the opening up of Internet domain names and suffixes, coming on the same day the agency said it would start accepting Chinese script for domain names.
The decision is primarily a victory for U.S. company ICM Registry LLC, which has applied repeatedly to be able to register and manage the .xxx suffix.
The Internet names agency has rejected its application three times since 2000, partly under pressure from Christian groups and governments unhappy with the spread of online porn, said ICM’s chief executive, Stuart Lawley. He pitches the suffix, in part, as protection for parents, arguing it will make it easy for Web blocking software to filter out “.xxx” sites, marking them clearly as porn.
“People who want to find it know where it is, and people who don’t see it or want to keep it away from their kids can use mechanisms to do so,” he said.
ICANN’s board, at a meeting Friday in Brussels, said it had not treated the company’s application fairly three years ago when it reversed an earlier decision recognizing .xxx as the representative of the porn industry. ICANN is now promising to move swiftly with standard checks on Lawley’s company.
Peter Dengate Thrush, the chairman of ICANN’s board, said the Friday decision “does not mean the .xxx application has been approved … It means that we are returning to negotiations with the applicant.” He estimates that it could take a year for full approval, far longer than the few months ICM says it would take.
He shrugged off criticisms that ICANN was creating a new platform for Internet porn.
“We’re not in the content business, and that’s up to national governments and lawmakers and people who are qualified to make judgments,” he said.
He also warned that .xxx might not necessarily be a success — and that some new Internet suffixes have failed to attract many signups. Some note that most porn sites would likely keep their existing “.com” names, to allow their businesses to be found more easily.
Protection Tips for the Upcoming FIFA World Cup Themed Cybercrime Malware Campaigns
With just four days until the FIFA World Cup begins, cybercriminals have already started showing their interest in taking advantage of the event, by launching targeted malicious PDFs/malware serving campaigns, blackhat SEO and fraudulent propositions, followed by lottery winning notifications/letters of claim themed scams.
Considering that, these threats and exploitation tactics are prone to intensify throughout the entire event, let’s review some of the most commonly used attack vectors, and discuss the risk mitigation strategies for each and every one of them.
The threats and the fraudulent schemes
The following list doesn’t aims to achieve conclusiveness, instead it would discuss the most prevalent threats based on the historical “performance” of malicious attackers, and scammers in general.
• Targeted malware attacks serving client-side exploits -The combination of a recently announced zero day flaw affecting Adobe’s most popular products, and the global proportions of the FIFA World Cup, clearly offer a malicious attacker the opportunity to capitalize on the event.
• 419/Lottery Scams – According to the 2009’s IC3 Internet Crime Report, advance fee fraud represented 9.8% of all complaints. The percentage is naturally much higher due to the unknown number of people that didn’t report the fraud.
• Blackhat SEO (Search Engine Optimization) campaigns serving scareware – Blackhat SEO, involves the process of on purposely hijacking trending buzz story across the web, in order to capitalize on the hijacked traffic by serving client-side exploits, or most commonly scareware. There’s a common misunderstanding regarding blackhat SEO campaigns these days, with a large number of users thinking that a cybercriminal is manually monitoring these trending topics in order to hijack them.
• Spamvertised fraudulent offers, phishing attempts – According to the 2009’s IC3 Internet Crime Report, non-delivery of merchandise and/or payment represented 11.9% of all the complaints.
Hacker Finds a Way to Exploit PDF Files without a Vulnerability
A security researcher has managed to create a proof-of-concept PDF file that executes an embedded executable without exploiting any security vulnerabilities.
The PDF hack, when combined with clever social engineering techniques, could potentially allow code execution attacks if a user simply opens a rigged PDF file.
Here’s the skinny from researcher Didier Stevens.
I use a launch action triggered by the opening of my PoC PDF. With Adobe Reader, the user gets a warning asking for approval to launch the action, but I can (partially) control the message displayed by the dialog. Foxit Reader displays no warning at all, the action gets executed without user interaction.
Although PDF viewers like Adobe Reader and Foxit Reader doesn’t allow embedded executables (like binaries and scripts) to be extracted and executed, Stevens discovered another way to launch a command (/Launch /Action), and ultimately run an executable he embedded using a special technique.
Stevens said Adobe’s PDF Reader will block the file from automatically opening but he warned that an attacker could use social engineering tricks to get users to allow the file to be opened.
With Foxit Reader, there is no warning whatsoever:
Stevens has not released the proof-of-concept file. The issue has been reported to Adobe’s security response team.
With Adobe Reader, the only thing preventing execution is a warning. Disabling JavaScript will not prevent this (I don’t use JavaScript in my PoC PDF), and patching Adobe Reader isn’t possible (I’m not exploiting a vulnerability, just being creative with the PDF language specs).
Stevens tested his research on Adobe Reader 9.3.1 (Windows XP SP3 and Windows 7).
iPad Users on Windows Targeted with Malware
Scammers are distributing e-mails designed to trick iPad owners into downloading software that they think is an iTunes update, but which turns out to be malware that opens a back door on the computer, researchers warned on Monday.
The e-mails have a subject line that says “iPad Software Update” and offer a link to a Web page that looks like a legitimate iTunes download page, according to BitDefender. Instead, the link installs malware identified as Backdoor.Bifrose.AADY, according to the BitDefender blog.
The malware injects itself in to the “explorer.exe” process and opens up a back door that attackers can use to take control of the system whenever they want, the post said. It also attempts to read the keys and serial numbers of the various software programs installed on the computer and logs passwords to the victim’s ICQ, Messenger, and POP3 mail accounts, and protected storage, BitDefender said.
The Best Malware Program to Run for Viruses
Use an anti-virus program for removing viruses. Malwarebytes supplements anti-virus programs, it isn’t designed to remove all viruses.
Some free ones (for home use only):
http://free.avg.com
http://www.avast.com
you may want to add malwarebytes (www.malwarebytes.org) and spybot to the list. I use Ultimate boot cd for Windows (ubcd4win) its a Bartpe based cd/usb os that allows you to clean up windows systems as well as alot of other grat utilities.
http://www.ubcd4win.com/