Category: News

“Few product testers currently document their test samples or methodology,” the companies said in a statement. “Many use very small sample sets in their testing environments. As a result, there is no distinguishable benchmark for comparison.” The software makers are part of a larger organization, called the Anti-Spyware Coalition, which is working to standardize industry terms and technology for battling spyware.

Next on the group’s agenda: Defining threat-naming conventions, intelligence-sharing best practices, and emergency information distribution guidelines. The group says it will use definitions already created by the Anti-Spyware Coalition.

http://www.zdnetindia.com/zdnet2005/mediaturf/top_728x90_1.html

The topic of whether self-propagating code can have a good use has cropped up occasionally among researchers in the security community. In 1994, a paper written by antivirus researcher Vesselin Bontchev concluded that ‘good’ viruses are possible, but the safeguards and limitations on the programs would mean that the resulting code would not resemble what most people considered a virus. Later attempts at creating ‘good’ worms have failed, however, mainly because the writers have not adopted many of the safeguards outlined in the Bontchev paper. The Welchia worm–a variant of the MSBlast, or Blaster, worm–had apparently been created to fix the vulnerability exploited by the MSBlast worm, but had serious programming errors that caused the program to scan so aggressively for new hosts, it effectively shut down many corporate networks.

Immunity’s research is the latest attempt to create a more rigorously conceived framework for creating worms that could spread across specific networks to find and report vulnerabilities. The research essentially offers two advances, a strategy for the controlled propagation of worms and a framework in which reliable worms could be created quickly, Aitel said. The nematode worms would have to get permission to spread by querying a central server for a specific digital token, which Aitel dubbed a nematoken, before spreading to a particular machine.

http://www.securityfocus.com/news/11373?ref=rss

The database company should have fixed the issue in the latest critical patch update (CPU), but failed to do so, he said, adding that he believes the flaw is more significant than a privilege escalation issue fixed in less than three months by Oracle in the latest update.

After hearing about the conference presentation, Oracle slammed the researcher for releasing information about the vulnerability, saying that doing so puts its customers in danger. “We are always disappointed when researchers feel the need to publish details of vulnerabilities before a fix is available,” Duncan Harris, senior director of security assurance for Oracle, said in an interview with SecurityFocus.

At the Black Hat Security Briefings in Las Vegas last summer, networking giant Cisco and network protection firm Internet Security Systems filed suit against a security researcher for disclosing methods to run code on Cisco’s networking hardware.

On Wednesday, he posted a workaround for the vulnerability on SecurityFocus’ BugTraq mailing list. However, Oracle said that it studied the workaround proposed by Litchfield and found it inadequate. Other security professionals have also taken Oracle to task for its troubles in effectively handling security researcher and vulnerability disclosure.

http://www.securityfocus.com/news/11371?ref=rss

• Phishing scams’ increasing sophistication makes them tougher to spot; 70% of recipients say they initially thought the e-mails might be legitimate.

• 74% of consumers now use the Internet for transactions deemed sensitive, such as purchases and banking — and these are exactly the types of transactions that interest identity thieves who send out phishing e-mails.

• In January 2004, there were only 198 Web sites specifically created for phishing. By September 2005, there were more than 5,200.

http://www.bankinfosecurity.com/articles.php?art_id=114&PHPSESSID=dc6f96a8b3806f79be541fd18aa9c5a7

“With increased security protection on most systems and stiffer penalties, we are seeing organized, committed, and tenacious profiteers enter this space. This means that attacks will be more targeted and potentially damaging.”

The recent guilty plea by a 20-year-old California man for compromising hundreds of thousands of computers to create a botnet and then selling access to those computers underscores the shift in cybercrime towards more profitable activity.

http://www.securityfocus.com/brief/116

The first legitimate bot, called Eggdrop, was written in 1993 by Robey Pointer and had a feature that allowed more control over IRC networks. As legislation emerged cracking down on spammers, those who ran botnets started pursuing more clandestine ways to continue their operations. Rather than deter hardcore spammers, it merely drove them further underground, said Mark Sunner, chief technical officer for MessageLabs.

Increasingly, botnet administrators have customised IRC commands, and many well-known commands that allowed for the remote querying of machines have been disabled, Hogan said.

Over a year ago, two viruses – Netsky and Bagle – battled it out, uninstalling and replacing each other on users’ computers. Law enforcement authorities have become more adept at putting together task forces to track down botnet admins.

They have countered by sticking to smaller groups of around 20,000 machines that are less likely to be detected as quickly, Sunner said.

http://www.techworld.com/security/news/index.cfm?NewsID=5205