There has recently been a rash of hacking incidents, where companies have been penetrated by hackers from China. The Fed.Gov is formally bitching to the Red Chinese*:
This seems like big news, although it's being kept (sort of) quiet. There is quite a vibrant black hat scene in the PRC, and a strong feeling that it is tolerated so long as non-Chinese targets are victimized. Nearly three dozen US tech companies were hit, including Google and Adobe, and software technology/trade secrets stolen.The United States will issue a formal diplomatic note to China expressing concern about cyber attacks that hit Google and dozens of other companies, and that researchers say originated in that country.
"We will be issuing a formal demarche to the Chinese government in Beijing on this issue in the coming days, probably early next week," US State Department spokesman P.J. Crowley told reporters Friday. "It will express our concern for this incident and request information from China as to an explanation of how it happened and what they plan to do about it."
* I only call them "Red Chinese" to annoy the bien pensants.
---------------------------------------------------
Day Zero attack against Internet Explorer circulating in the wild
Sitemeter tells me that most of you have moved off IE6, but if you haven't now's the time. It seems that the Google hack came via this exploit:
The recent hack attack on Google, Adobe and other companies occurred through exploitation of a zero-day vulnerability that affects many versions of Internet Explorer, according to Microsoft and a security researcher with a leading anti-virus firm.While people are only talking about IE6 right now, there's a chance (maybe a good chance) that other versions are vulnerable. Microsoft has some recommendations on how IE users can protect themselves:
Protected Mode in IE 7 on Windows Vista and later significantly reduces the ability of an attacker to impact data on a user’s machine. Customers should also enable Data Execution Prevention (DEP) which helps mitigate online attacks. DEP is enabled by default in IE 8 but must be manually enabled in prior versions.Note that they are not just talking about IE6, which suggests that other versions are vulnerable. IE users should also consider moving to Firefox. I'm cautiously optimistic about IE8's security, but Firefox has a much quicker response time to getting security updates distributed.
Customers can also set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting in these zones or configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone. You can find details on implementing these settings in the advisory.
UPDATE 16 January 2010 10:34: IE versions 6, 7, and 8 are vulnerable. The code is now public, so if you use Internet Explorer this is really bad juju. Get over to Microsoft's blog for workaround instructions. Seriously.
---------------------------------------------------
Chinese search engine hacked by Iran?
China's top search engine Baidu was hacked on Tuesday in what state media said was an attack by a pro-Iranian government group that replaced the usual home page with an Iranian flag.When the music stops, we'll see who didn't pwn anyone ....
---------------------------------------------------
Adobe releases fix for Vulnerability-From-Hell
Yes, I know I should have told y'all a couple days ago. This has been exploited for a month:
Likely all y'all are vulnerable, so get a move on. Security goodness downloadable from Adobe.However, security experts said a patch for a zero-day vulnerability in Adobe Reader and Acrobat that Adobe Systems released on Tuesday was even more important than the Microsoft bulletin. The hole was discovered in mid-December and is being exploited by attacks in the wild to deliver Trojan horse programs that install backdoor access on computers.
"Unlike most months, what the bulletin administrators should look at first is the Adobe patch when it is released later today," said Jason Miller, data and security team leader at Shavlik Technologies. "This bulletin will patch vulnerabilities that are currently in the wild affecting users."
---------------------------------------------------
Google Android phone app is actually Banking malware
Yeah, I know - who uses Android. But if you do, be careful of those apps:
Let me just say once again that banking from your cell phone is a terrible, horrible, no good, very bad idea.Hidden among the barcode readers, music players and games in the marketplace for Android software may be apps that could steal your online banking credentials or infect your phone.
Google removed about 1 percent of the apps posted to the Android Market last year, according to a 2009 filing Google made to the FTC (.pdf). While most of those apps were removed because of user complaints about adult content or copyright violations, two apps attempted to gain access to users’ financial information, according to InformationWeek.
Thanks, Ted. I be downloading the Adobe right now.
ReplyDelete