Archive for September, 2010

NASA plans to fly a spacecraft directly into the sun – SmartPlanet

September 10, 2010

smartplanet.com / Smart Technology / Thinking Tech

NASA plans to fly a spacecraft directly into the sun

By Dan Nosowitz | Sep 8, 2010 | 30 Comments

Solar Probe Plus is a project that astronauts, scientists, meteorologists, and astronomers have been dreaming of for a half-century. It’s an extraordinary proposal, venturing eight times farther than any previous spacecraft. It will certainly cost more than one billion dollars, and requires engineering and technology that’s never been seen before.

All this for a one-way trip to the sun.

Solar Probe Plus is the name of a project in which an unmanned (obviously), lightweight probe will travel through the sun’s corona, which is essentially the sun’s outer atmosphere. It seeks to answer some of space’s most puzzling questions–why is the corona almost 200 times hotter than the sun’s actual surface? How does the sun create the solar wind, a stream of charged particles that engulfs the solar system in a vast bubble called the heliosphere?

These are basic questions about our own solar system that have so far been unanswerable due to budgetary and technical limitations–but not anymore.

One of the most obvious problems is the immense heat the probe must be able to withstand. That the probe must tolerate heat at 2,600 degrees Fahrenheit is bad enough, but NASA won’t even be able to use the same methods used for probes returning to Earth. In those probes, the outer heat shields “ablate,” or boil away harmlessly–but when the whole point is to carefully conduct particle detection and other measurement, you can’t have part of a dissolved shield mucking up the findings.

But NASA scientists are confident that they’ll be able to create a suitable probe by 2018, the prospective launch date. Solar Probe Plus will arrive at Venus eight weeks after liftoff, conduct 24 orbits of increasing size, and end up about four million miles from the sun–inside Mercury’s orbit, eight times closer to the sun than any previous mission.

Though much of the motivation for Solar Probe Plus is research, there actually are a few legitimate practical reasons to undertake such a mission. Says Discovery:

Solar storms and magnetic disturbances from the sun can disrupt satellites and radio transmission, as well as take out power grids on Earth.

“Right now, predicting space weather is kind of like trying to predict hurricanes without knowing the acceleration effects of the oceans. Without that, you really can’t understand them at all,” Dantzler said.

NASA is expected to make final decisions on the probe’s instruments and sensors this month.

64-bit rootkit spreading | bit

September 9, 2010

64-bit rootkit spreading

Published on 31st August 2010 by Gareth Halfacree

64-bit rootkit spreading

The latest build of the Alureon rootkit is able to infect 64-bit Windows builds – the first to do so.

A particularly virulent rootkit targeting Windows machines – known as Alureon – is back, and this time it comes in a 64-bit edition.

With more and more systems coming with 64-bit builds of Windows pre-installed in order to take advantage of 4GB – or more – of RAM, it was only a matter of time before crackers starting coding malware to accommodate the shifting target landscape – and it looks like that day is here.

According to Help Net Security this latest build of Alureon is the first rootkit in the wild with the ability to successfully infect and hide itself in 64-bit Windows builds.

Running the 64-bit version of Windows has traditionally offered some protection from rootkits and other malware packages, as the differing memory locations mean that a 32-bit rootkit attempting a buffer overflow exploit may find that it overwrites the wrong part of memory and fails to execute – or, in the best case scenario, fails to overflow at all. Sadly, it looks like that small measure of protection is rapidly vanishing.

Despite protections built into the latest versions of Windows – including Kernel Mode Code Signing, which prevents unsigned – and therefore unauthorised – code from accessing kernel memory and Kernel Patch Protection – the latest Alureon build continues to infect systems world-wide, by installing a modified Master Boot Record and immediately causing Windows to restart. When the MBR is loaded, the rootkit can load its kernel module without the protections kicking in.

It looks like the authors are still finding their feet in the world of 64-bit infections, however; PrevX researcher Marco Giuliani claims that the current version found in the wild appears to be a “beta build,” as its infection attempts “didn’t always fully work” in internal testing.

Are you surprised that it has taken the ne’er-do-wells this long to develop rootkits for 64-bit Windows, or just saddened that yet more of Microsoft’s well-meaning protection systems have been rendered useless? Share your thoughts over in the forums.

Previous Article

Share This News Story

25 Comments

Discuss in the forums Reply

fingerbob69 31st August 2010, 09:57 Quote

Thanks for the warning …but how do I best protect myself?

Gareth Halfacree 31st August 2010, 10:02 Quote

Quote:
Originally Posted by fingerbob69
Thanks for the warning …but how do I best protect myself?

Well, I moved to Linux – but I appreciate that’s not always an option. 😉

Best things to do:
1) Don’t download dodgy copies of software.
B) Keep your system up-to-date
iii) Run a decent anti-virus and anti-spyware scanner
IV) Refrain from clicking links that you know you shouldn’t

They don’t offer complete protection, but that should see you a lot safer than most.

leveller 31st August 2010, 10:06 Quote

Gareth, do all current antiV pick up root kits? Going back a couple of years there was only a downloadable detector from MS’s website.

Neoki 31st August 2010, 10:15 Quote

Leveller,

All decent AV/IS products will contain Anti-Rootkit modules.

Joey9801 31st August 2010, 12:08 Quote

Hurrah for opensuse 🙂

Unknownsock 31st August 2010, 12:29 Quote

The question being is, why do people write stuff like this?

No seriously, I’d love to meet the guy who killed my computer a while back..

mrbens 31st August 2010, 12:43 Quote

Quote:
of 4GB – or more – of RAM

What’s with all the hyphens (-) all over this news article?!

Hyphens are to join two words, commas are to break up sentences. 🙂

LooseNeutral 31st August 2010, 13:32 Quote

More bad news. I’ve had to wear out some ears and rear parts about viruses and the like to friends who just won’t, or perhaps can’t understand. Or, more often don’t care that they spread this crap around like a friggin plague! A lot of my Mac friends don’t get it either. “Hello, sure your machine is fine but your a CARRIER! What’s that… Windows won’t work anymore and you don’t know what to do? I can’t imagine WHY!” I wonder if this will take down a Mac running Boot Camp or the like? So, any idea where they found this wild thing roaming about and why the great protectors (Antivirus devs) haven’t raised the red flags yet? SShh! Not so loud 😦

borandi 31st August 2010, 13:57 Quote

Quote:
Originally Posted by mrbens

Quote:
of 4GB – or more – of RAM

What’s with all the hyphens (-) all over this news article?!

Hyphens are to join two words, commas are to break up sentences. 🙂

They’re dashes. Dashes are used like commas but often to form a differential clause opposite in context or character to the first. In this case though, commas would be more appropriate 🙂

Gareth Halfacree 31st August 2010, 14:16 Quote

Quote:
Originally Posted by mrbens
What’s with all the hyphens (-) all over this news article?! Hyphens are to join two words, commas are to break up sentences. 🙂

I know, I know, I should be using an Em-dash for asides – but the last time I tried that, it broke non-UTF-8 browsers. :p

bogie170 31st August 2010, 15:56 Quote

So whats the best Alureon Rootkit finder to see if you have been infected?

greigaitken 31st August 2010, 16:13 Quote

Microsoft totally missing a great cash cow here. New OS overy six months so once malware developed for it – just buy the new OS. They wont even have to worry about making pointless incapable secuirity anymore

RichCreedy 31st August 2010, 17:59 Quote

will you buy a new os every 6 months i dont think so

Bakes 31st August 2010, 18:11 Quote

Quote:
Originally Posted by greigaitken
Microsoft totally missing a great cash cow here. New OS overy six months so once malware developed for it – just buy the new OS. They wont even have to worry about making pointless incapable secuirity anymore

That’s a great idea! I mean, what with the having to rewrite the entirety of Windows every six months, I think you’re on to something here!

Seriously though, security is a journey, not a destination, and if Microsoft’s 64bit security principles have been useful in preventing rootkits since Vista (beta builds of Vista were available 4 years ago) that’s a massive success in my book. Think of all the computers that haven’t been rootkitted due to running 64bit Windows.

veato 31st August 2010, 20:45 Quote

Got it yesterday. Along with the other crap it brought down too! The other stuff went easily but this nasty bugger hung around. Even when every piece of AV I had couldnt find it anymore I was still getting stuff like URL redirtections. Had to perform a full format last night!

Boogle 31st August 2010, 21:33 Quote

Quote:
Originally Posted by LooseNeutral
More bad news. I’ve had to wear out some ears and rear parts about viruses and the like to friends who just won’t, or perhaps can’t understand. Or, more often don’t care that they spread this crap around like a friggin plague! A lot of my Mac friends don’t get it either. “Hello, sure your machine is fine but your a CARRIER! What’s that… Windows won’t work anymore and you don’t know what to do? I can’t imagine WHY!” I wonder if this will take down a Mac running Boot Camp or the like? So, any idea where they found this wild thing roaming about and why the great protectors (Antivirus devs) haven’t raised the red flags yet? SShh! Not so loud 😦

Aaaarghhh stop bringing back the memories! 😥

thehippoz 31st August 2010, 22:19 Quote

Quote:
Originally Posted by Unknownsock
The question being is, why do people write stuff like this?

No seriously, I’d love to meet the guy who killed my computer a while back..

he’d just root you again after you beat him up 😀

skybarge 31st August 2010, 22:49 Quote

Quote:
Originally Posted by thehippoz

Quote:
Originally Posted by Unknownsock
The question being is, why do people write stuff like this?

No seriously, I’d love to meet the guy who killed my computer a while back..

he’d just root you again after you beat him up 😀

Plus you’d get in trouble for beating up a 10 year old script kiddie most prob 🙂 or someone with advanced autism

Pookeyhead 31st August 2010, 22:54 Quote

If you need to check for this beasty being present….

Quote:
If you did not have proactive detection in place, you can (currently) manually check to see if the bootkit is installed. As a side effect of the bootkit, the Disk Management pane of the Computer Management console will fail to show the system drive altogether:

It will also fail to show up in the command line using diskpart:

Lifted from MS Malware Protection Centre.

Keyword there being CURRENTLY. As soon as this is known to the developers of this crap, then that will probably be “fixed”.

LooseNeutral 1st September 2010, 00:19 Quote

Quote:
Originally Posted by Pookeyhead
If you need to check for this beasty being present….

Lifted from MS Malware Protection Centre.

Keyword there being CURRENTLY. As soon as this is known to the developers of this crap, then that will probably be “fixed”.

Much Appreciated! Thanks;)

azrael- 1st September 2010, 06:53 Quote

Well, one way around this would be using GPT instead of MBR. The good thing: Windows 7 x64 supports (booting from) it. The bad thing: AFAIR you’d need a motherboard with (U)EFI support as well. The really bad thing: Once (U)EFI takes over from BIOS (if it’ll ever happen) it’s going to be soooo much easier to write even more nasty malware/root kits.

Taniniver 1st September 2010, 07:45 Quote

Quote:
Originally Posted by azrael-
Once (U)EFI takes over from BIOS (if it’ll ever happen)

I think we will start to see it more and more soon, since we are reaching the hard drive size limitation imposed by the BIOS – you can’t boot from a drive bigger than 2 TB (approx) without UEFI.

fingerbob69 1st September 2010, 10:36 Quote

I think we will start to see it more and more soon, since we are reaching the hard drive size limitation imposed by the BIOS – you can’t boot from a drive bigger than 2 TB (approx) without UEFI.

Surely the answer to that (assuming you want to perpetuate BIOS) is that all computers come with atleast to drives: a small boot drive with enough spare space to allow for service packs, security updates etc and a larger storage drive for everything else.

In fact why not sell windows pre loaded onto an ssd that you can then just swop out with each new os upgrade or of course if the os becomes fataly infected?

HourBeforeDawn 2nd September 2010, 18:32 Quote

the latest version of TDSKiller should take care of this if you get infected.

LooseNeutral 3rd September 2010, 04:14 Quote

Quote:
Originally Posted by HourBeforeDawn
the latest version of TDSKiller should take care of this if you get infected.

Again, Thanks fellas! I don’t suppose a system under warranty would cover this crap 😕 :(Sounds like a plus for the mfg’s 😡 Hmmm NAH, ‘nother crazy conspiracy theory!?

Discuss in the forums

Posted via email from lamont price (at) posterous.com

Hackers exploit new PDF zero-day bug, warns Adobe – Computerworld

September 9, 2010

Computerworld – Adobe today warned users that attacks have begun exploiting an unpatched bug in its popular Reader and Acrobat PDF viewing and creation software.

The company issued an advisory on short notice today, saying that it had learned of in-the-wild attacks only on Tuesday.

“A critical vulnerability exists in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh,” Adobe’s warning read. This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system.

“Adobe is in the process of evaluating the schedule for an update to resolve this vulnerability,” the advisory added.

Other than to say that “at this point, [attacks] appear to be limited,” Adobe offered little information on the bug today.

But Mila Parkour, the independent security researcher who reported the bug to Adobe on Tuesday, had plenty in a post to her Contagio Malware Dump blog.

Parkour uncovered a malicious e-mail message with a rogue PDF attachment that urged recipients to open the document. “Want to improve your score? In these golf tips, David Leadbetter shows you some important principles,” the message read.

Leadbetter, a well-known golf coach and author on the game, operates more than two dozen golf academies in 13 countries, and claims the title of “master of the art of teaching the golf swing.”

Symantec pegged the threat with a score of 8.5 out of possible 10, while Danish vulnerability tracker Secunia rated the vulnerability as “Extremely critical,” its highest-possible threat level.

According to a Symantec, the bug is in Reader’s and Acrobat’s parsing of PDF files that contain malformed TIFF image files. Specifically, said the company in an alert to customers, “the issue occurs due to a heap-memory corruption issue in ‘cooltype.dll.'”

CoolType is an Adobe font-rendering technology, similar to Microsoft‘s ClearType.

Adobe did not spell out a timetable for patching the Reader/Acrobat zero-day vulnerability, nor did it offer users any ad hoc defensive measures they could employ until a fix is ready.

The next regularly-scheduled patch date for Reader and Acrobat is Oct. 13, but Adobe has been known to issue so-called “out-of-band” emergency updates when active attacks spike.

An Adobe spokeswoman hinted that the latter could easily occur. “With exploit code publicly available, [the current limited-only attack] could change,” she said, talking about the exploit that Parkour has posted online.

Parkour has not released the exploit publicly, however, but has password-protected the malicious PDF she discovered, and will release it only to people who e-mail her.

Symantec urged Reader and Acrobat users not to open PDFs from untrusted or unknown senders.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at Twitter

@gkeizer or subscribe to Gregg’s RSS feed Keizer RSS

. His e-mail address is gkeizer@ix.netcom.com.

Read more about Security in Computerworld’s Security Topic Center.

Affiliate Marketing? What has been will be again, what has been done will be done again; there is nothing new under the sun. Ecclt. 1:9

September 8, 2010

Canada unveils new speed bump: optical illusion of a child | The Upshot Yahoo! News – Yahoo! News

September 8, 2010

Social Engineering — Hacking by Asking

September 3, 2010

“Hi, this is Robert Downs from Dell support — I got redirected to this number by accident by the guy I called, is this Guy?”

“Hi Robert — I’m the receptionist, Donna, I could redirect you to Guy — do you know his extension?”

“Well he said he was pretty busy but I just need a few generic questions to close out this help ticket so I can go home — do you think you can help?”
“Uh, I don’t know…”

“Please? Its after 7 here and I really got to go home.  Its just a second”

“Um.  Ok, sure.”

What operating system do you use?

>>>XP

What web browsers do you have on your PC?

>>Firefox 2.0 and IE6

Do you use outlook?

>>No, we use a webmail

When was the last time you updated?

>>The IT team does updates every Tuesday night.

What version of Acrobat Reader do you have?

>>7

What’s your antivirus/endpoint security brand?

>>Mcafee endpoint security.


It might not look like it at first, but Mr. “Downs” from “Dell technical support” is a hacker who just obtained enough reconnosence to compromise users and servers inside the target company — an act that costs US companies an average of $6,751,451 per data breach incident according to a Ponemon Research study.

Now, if I walked up to you on the street and asked you those questions out of the blue, you’d likely be either annoyed or (hopefully) suspicious.  However, if I called your secretary at her desk and told her I was from Dell solving a problem and I want to get off quickly because I’m a working stiff with a family too — that might be a different story.  She might tell me she’s on windows, and that the IT team pushes updates every Tuesday, and that she uses webmail and Internet explorer 6.  Maybe she’ll even give out her email for me to send her so that I can close out the ticket with a link that takes her to another website for analysis or exploitation through a hole I found in Dell’s website (Cross Site Scripting attacks in vulnerable websites make this attack method very easy to do).  Hackers that can con people into giving information or help them gain unauthorized access are known as social engineers this term is also used for con artists).

A good hacker knows that a good hack involves three things:

  1. Vulnerability
  2. Exploitation
  3. Maintenance of access
Talking to that secretary gave us a lot of information — the antivirus vendor and version of Internet Explorer being the most important among other things.  This tells us what the system is vulnerable to — in this case IE6 vulnerabilities.  Knowing the antivirus lets us know what vulnerabilities will be detected or stopped unless they are re-written or modified.  With very little work we can probably find a way to circumvent any signatures based antivirus for a payload and a working exploit on a system with a profile similar to that described by the secretary.  Now we have both a vulnerability and a method with which we will exploit it.  Finally, the secretary informed us that patches to systems are done on Tuesdays — so we can have up to a week after successful exploitation to develop a system to maintain access either through reverse shells or an autonomous setup, which should be easy to do once we are in and get the lay of the network.  It’s very easy to find and package exploits with the wide availability of large databases of viruses and exploits (I regularly check several exploit databases to stay on top of trends).

It seems like a lot of information in a seemingly innocuous less-than-5-minute conversation.  Now consider the fact that I also got her to expect an email with a link — with that I can collect information like IP addresses, computer names, MAC addresses, perhaps the last few websites the receptionist has gone to, the exact web browser version, and more.  It’s easy to see where this information begins to take a sinister turn into a goldmine of potentially exploitable information.

People such as the once-infamous Kevin Mitnick have long used these con-artist techniques to gain unauthorized access to computer systems.  In fact, most of what Mr. Mitnick did to gain unauthorized access to computer systems was social engineering, not hacking.  He knew what to say and how to say it and who to say it to by doing his homework on how his targeted industries and businesses operate. Most of his techniques and how he used them to exploit his targets are explained in detail in his book The Art of Deception, which goes over in-depth on teqniques to prevent and close human security breaches. Hackers use social engineering so much that this year at Defcon 18 hackers competed in a game in which they researched and called companies to get information from them that could be used later to compromise their security.  Every single one of the companies that were involved in the game failed to adequately protect themselves from the hackers-turned-conmen (10 companies, 80 hackers, 3 failed calls), and several hackers were even able to score extra points by convincing personnel to visit websites under their control. [link to defcon 18 game]

Train your personnel in how to spot people who are going in the extra mile to get information about your company to do real damage to it (not drive by browser exploits and page-jacking).  It isn’t enough to have endpoint protection or antivirus systems in place.  People need to be coached on what information to give out and what to keep, especially people with access to sensitive information or that handle many calls every day.  Go through this process with your employees frequently — perhaps place a flyer on company phones reminding them not to give out information on the computer systems or bring it up at company meetings or as part of the new-hire routine training (new hires are the favorite targets of any social engineer.  They’re eager to help and do not yet know the rules).

Also, regularly shred important documents with good shredders or shredding services, and securely destroy hard drive data (DOD mandates a 7-pass write-over wipe to prevent re-reading), and make sure that you aren’t encouraging a workplace environment where it is not OK to question management for the correct credentials when employees are being told to perform sensitive operations like changing passwords.  Let your employees know that rules apply to everyone and they will know to stick with them every time — even if it means asking the “new boss from the Cleveland office” who’s forgotten his recovery question for more information to confirm his identity.  It’s important to be proactive and prevent your company from losing face before an incident happens, even if you’re small.
Share and Enjoy:

Related posts:

  1. What if you could show key Social Media/Web2.0 sites in one graphic?
  2. Social Media and Web2.0 for National Security Planners
  3. Social Media and the National Security Professional
  4. Good and Evil in the Future of Cyberspace
  5. Computer Security: a change to the net assessment

Tags: ,

This entry was posted on August 28, 2010 at 12:40 pm and is filed under CTO, Cyber Security. You can follow any responses to this entry through the RSS 2.0 feed.

Epic gatekeeper fail.