SEO & SEC GURU……………


Rogers accused of hijacking other web pages

Posted in google sec,sec guru by crickinfo on December 20, 2007

In a week when Canadian internet activists are up in arms over the government’s proposed copyright reform bill, Rogers Communications Inc. is also drawing fire for what critics are calling the company’s violation of net neutrality principles.

Los Angeles-based technology consultant and internet activist Lauren Weinstein wrote on his blog Saturday that Rogers had spliced into and “hijacked” customers’ web traffic. He included a screen capture showing content from the company inserted onto Google’s home page.

The screen grab, forwarded to Weinstein by a “concerned customer,” shows a branded Rogers-Yahoo customer service message at the top of the Google page warning the customer that they are near their download limit.

Weinstein said the warning was evidence that internet service providers are spying on customers and modifying how they are using their service.

“What the blazes is all that ISP-related verbiage taking up the top third of the page? Why would Google ever give an ISP permission to muddy up Google’s public face that way?” he wrote. “Google didn’t give this ISP any such permission. The ISP simply decided to modify Google on their own.”

Rogers spokeswoman Taanta Gupta on Monday confirmed to Wired News that the company is experimenting with the technique as a customer notification system.

In a week when Canadian internet activists are up in arms over the government’s proposed copyright reform bill, Rogers Communications Inc. is also drawing fire for what critics are calling the company’s violation of net neutrality principles.

Los Angeles-based technology consultant and internet activist Lauren Weinstein wrote on his blog Saturday that Rogers had spliced into and “hijacked” customers’ web traffic. He included a screen capture showing content from the company inserted onto Google’s home page.

The screen grab, forwarded to Weinstein by a “concerned customer,” shows a branded Rogers-Yahoo customer service message at the top of the Google page warning the customer that they are near their download limit.

Weinstein said the warning was evidence that internet service providers are spying on customers and modifying how they are using their service.

“What the blazes is all that ISP-related verbiage taking up the top third of the page? Why would Google ever give an ISP permission to muddy up Google’s public face that way?” he wrote. “Google didn’t give this ISP any such permission. The ISP simply decided to modify Google on their own.”

Rogers spokeswoman Taanta Gupta on Monday confirmed to Wired News that the company is experimenting with the technique as a customer notification system. 

“We’re trying different things, and we’ll test customer response,” she told Wired, which called the incident “Exhibit A” in the need for net neutrality legislation.

Internet chat groups were abuzz with angry customers on Tuesday. One user posted on the Net Neutrality Squad board that Rogers was running afoul of the Telecommunications Act, which states that “a Canadian carrier shall not control the content or influence the meaning or purpose of telecommunications carried by it for the public.”

This screen shot shows a Rogers notice addressed to a customer on the Google home page, an approach the company says it is testing.This screen shot shows a Rogers notice addressed to a customer on the Google home page, an approach the company says it is testing.

Forrester lays out 10 reasons why IT shouldn’t support the iPhone

Posted in thech news by crickinfo on December 20, 2007

December 14, 2007 (CIO) — The Apple iPhone took the consumer mobile space by storm when it was released in June and quickly became one of the most popular smart phones available. Since then, business users who’ve purchased the device for their personal use have been asking their corporate IT departments to support it.

Whether the iPhone proves to be a valuable business tool or a nonissue for CIOs remains to be seen, but a new report from Forrester Research Inc. suggests that the iPhone may never get a chance to succeed in business. Forrester laid out 10 reasons IT departments should refuse to support the devices — at least for now.

1. The iPhone Doesn’t Allow Data to be Encrypted

There’s currently no way for enterprises to secure sensitive data on iPhones through file or disk encryption, according to Forrester. There’s also no way for IT to enforce password policies, since the decision to use a password — and when to change it — is up to the user.

2. The iPhone Does Not Natively Support “Push” Corporate E-mail or Wireless Calendar Syncing

Push e-mail that is delivered to handhelds upon receipt in a user’s mailbox is an essential feature for a business device because of the productivity such a feature enables, Forrester said. If users need to physically retrieve messages — instead of having those messages pushed directly to them — they won’t get them as quickly as possible, and they’ll waste time in the process. The iPhone can sync with Microsoft Exchange and Lotus Notes over IMAP and SMTP, Forrester said, but IT infrastructure must be tweaked accordingly or a separate gateway product must be purchased — and even then mail is delivered only every 15 minutes. (more…)

Network coding: Networking’s next revolution?

Posted in network guru by crickinfo on December 20, 2007

Some of high tech’s biggest names — Microsoft Corp., Hewlett-Packard Co. and Intel Corp. among them — are starting to embrace a technology called network coding in an effort to boost throughput, scalability and efficiency of everything from content distribution to wireless networks.

Network coding, largely shrouded in university and vendor labs since it was proposed seven years ago by a handful of researchers, is essentially an algorithm that proponents say can potentially more than double network throughput while also improving reliability and resistance to attacks. According to network coding’s most ardent supporters, the technology could spark networking’s next revolution, while others said network coding is more likely to quietly infiltrate network architectures based on existing routing schemes.

Network coding works by separating messages into smaller bits of “evidence” that can then be deduced by the destination node without transmitting, retransmitting or replicating the entire message. It enables this evidence to traverse multiple paths to and from intermediary nodes that then send it on to the endstation. It does not require additional capacity or routes — it simply mixes evidence of messages into bit streams already supported by an existing network infrastructure.

“It’s like eavesdropping. You listen to what’s going on around you, you form an opinion and then you improve the overall throughput and capacity by actually remembering and using the information you have,” said Sumeet Sandhu, principal investigator for cooperative wireless communication at Intel Research.

Network coding could work its way into any number of products from routers to wireless systems or take the form of entirely new devices dubbed network coders. Intel sees the potential for the technology to extend the range of wireless base stations. Microsoft is already trialing network coding to make its content distribution system more efficient (read “Microsoft’s network coding plan”).

Other big network players, such as Cisco Systems Inc., are keeping their plans hush hush for now and declined to say more than this, through a spokesman: “We are investigating network coding as the theory helps distinguish a variety of different types of traffic, then prioritizes them to help increase the capacity of the network. Right now, we do not offer any specific network coding products.”

Decoding network coding

To give you a better feel for what network coding is all about, here’s a further technical explanation.

Network coding manipulates the data inside the packet itself through what’s called a “bitwise exclusive or” (xor) operation to combine the information with that of another packet. A bitwise xor takes two bit patterns and performs the logical operation on each pair of corresponding bits, assigning a number “1” if the two bits are different and “0” if they are the same.

These 1s and 0s are the codes, or evidence, by which an endstation or any node with the intelligence to do so can deduce the message received from the sender. In this manner, network coding effectively allows destination nodes to receive multiple messages without an increase in the number of packets it receives or in overall network capacity.

“You’re using the algebraic nature of the data in order to give yourself more freedom with what you can do with the packets,” said Muriel Medard, an associate professor in the electrical engineering and computer science department at MIT, and a leading researcher in the field of network coding. “You can do things within the network that allow you to use it more efficiently or in different ways.”

Proponents like Medard said network coding is particularly beneficial in shared router infrastructures — such as the Internet — peer-to-peer content distribution and wireless mesh networks. In an article describing the concept, Medard and other researchers stated that network coding has the potential to dramatically speed up and improve the reliability of all manner of communications systems and may well spark the next revolution in the field.

How a network operator implements network coding depends on what the operator is looking to accomplish, Medard said. It differs from Multiprotocol Label Switching traffic engineering — another, widely implemented method for increasing network capacity and efficiency — in that MPLS does not change the data within a packet; it adds an appendage, or label, to the packet (“MPLS explained”).

“You’re not just working on whatever fields of a packet you’ve selected to work on. (more…)

Windows Vista SP1 Includes More Than 300 Hot Fixes

Posted in sec guru by crickinfo on December 20, 2007

Microsoft has released a detailed roster of the contents of its forthcoming service pack for Windows Vista, and the list includes more than 300 hot fixes covering everything from data protection to video performance.

The list, recently posted on Microsoft’s Web site, can be downloaded as a 47-page document that the company says is not exhaustive. Microsoft plans to add more fixes and patches to Windows Vista SP1 before a final version is released to the public early next year.

For now, Vista users can entertain themselves by poring over the hundreds of updates that Microsoft says will be part of SP1.

Among them: a fix for a problem in which optical disks turn blank after being formatted with Vista’s Live File System; a patch for a glitch that generates an error message when large files are copied from one Vista-based computer to another over a network; and an update designed to improve Vista’s speed when its operating on a computer linked to a virtual private network.

Other updates are meant to improve Internet Explorer’s streaming video performance and prevent data loss in USB devices connected to Vista PCs. There’s also a fix that adds a Venezuelan time zone.

Microsoft said some of the fixes detailed in the list are already available to the public as individual downloads, while others will only be released as part of the final version of Vista SP1.

Unfortunately for some Vista users — especially those running custom business apps — the service pack will not fix some application compatibility problems that affect the current version of Vista.

The Vista SP1 lengthy documentation runs counter to earlier statements by Microsoft officials that the company was not planning to release a “big bang” service pack for the operating system, which debuted in January.

Microsoft marketing VP Michael Sievert told InformationWeek in March that Vista was “high quality right out of the gate” and that the company would likely dribble out small updates as required via its Windows Update service.

Since then, however, users have apparently reported enough problems with Vista to force a change in Microsoft’s thinking.

Is Google your next hosted-security partner?

Posted in google sec,sec guru by crickinfo on December 20, 2007

Far from being a major player in IT security today, Google has ambitious designs on becoming a big name in the burgeoning hosted security market, begging the question: Will your organization ever be ready to let the world’s largest information retrieval company safeguard your crown jewels?

To hear Google talk of its plans for a multifaceted filtering system geared toward locking down data, you might have to answer this question sooner than you think.

At the center of Google’s security push are talent and technology brought on board in this year’s acquisitions of message filtering specialist Postini and browser-based security software maker GreenBorder Technologies. According to Google officials, the company is confident that these pieces lay the necessary foundation on which to build significant IT security and compliance automation capabilities.

In fact, Google company officials claim it is now as committed to creating tools to help end-users defend their data as it is to helping them search for information online.

But providing consumer-grade protection is one thing. Whether Google can successfully navigate the sophisticated security issues businesses face online is another. And the stakes could be significant, as a more security-minded Google Apps hosted productivity suite could give Microsoft a run for its Office desktop app money.

Postini’s security platform

Shrugging off doubts about Google’s ability to rise to the business-worthy security challenge, Scott Petry, founder and CTO of Postini, which Google acquired in July, said the search giant’s security footprint has only just begun to take shape.

“When Google bought Postini, and in fact when Postini built its underlying architecture, it was not all about keeping spam from reaching peoples’ in-boxes,” Petry said. “They didn’t buy bits on a server; what they bought, and what we built, was a platform for creating a range of different services around protecting content and monitoring usage patterns.”

As evidence, Petry pointed to Google’s recent integration of Postini’s e-mail content policy management system into Google Apps Premier Edition, the first of a slew of online services Google plans to launch to help businesses and consumers safeguard their data.

Added to the release were data analysis tools for identifying credit card and Social Security numbers in e-mail messages, as well as policy enforcement options such as encryption. Google also added protection against zero-day attacks, and expanded message archiving features.

Additional security and compliance services already under development at Google will build on those capabilities, Petry said.

“We feel that we can build a broader umbrella by recognizing spam and malware before it reaches the network on one end, and by helping people monitor the outward flow of information on the other,” Petry said. “We want to provide a stronger level of control for security over all types of content.”

Should IT professionals assume consumers and small businesses will be the only beneficiaries of Google’s security push, Petry points out that many of the e-mail and content management features added in the latest revision were designed specifically for large businesses.

Hooking the enterprise on hosted security

Chief among the obstacles Google faces in making a security services push deep into the enterprise is the fact that many larger organizations are reluctant to buy into the hosted security model. Petry, however, remains undeterred, citing Circuit City, Merrill Lynch, Mitsubishi Motors, and the National Hockey League as examples of existing Postini customers. And with major security vendors such as Symantec making SaaS (Software-as-a-Serivce) plays, the security services model shows signs of catching on. (more…)

DNS Attack Could Signal Phishing 2.0

Posted in sec guru by crickinfo on December 20, 2007

Researchers uncovered an attack targeting ‘open-recursive’ DNS servers that controls where phishing victims go on the Internet.
Robert McMillan, IDG News Service

Researchers at Google and the Georgia Institute of Technology are studying a virtually undetectable form of attack that quietly controls where victims go on the Internet.

The study, set to be published in February, takes a close look at “open recursive” DNS servers, which are used to tell computers how to find each other on the Internet by translating domain names like google.com into numerical Internet Protocol addresses. Criminals are using these servers in combination with new attack techniques to develop a new generation of phishing attacks.

The researchers estimate that there are 17 million open-recursive DNS servers on the Internet, the vast majority of which give accurate information. Unlike other DNS servers, open-recursive systems will answer all DNS lookup requests from any computer on the Internet, a feature that makes them particularly useful for hackers.

The Georgia Tech and Google researchers estimate that as many as 0.4 percent, or 68,000, open-recursive DNS servers are behaving maliciously, returning false answers to DNS queries. They also estimate that another two percent of them provide questionable results. Collectively, these servers are beginning to form a “second secret authority” for DNS that is undermining the trustworthiness of the Internet, the researchers warned.

“This is a crime with few witnesses,” said David Dagon, a researcher at Georgia Tech who co-authored the paper. “These hosts are like carnival barkers. No matter what you ask them, they’ll happily direct you to the red light store, or to a Web server that does nothing more than spray your eyeballs with ads.”

Attacks on the DNS system are not new, and online criminals have been changing DNS settings in victim’s computers for at least four years now, Dagon said. But only recently have the bad guys lined up the technology and expertise to reliably launch this particular type of attack in a more widespread way. While the first such attacks used computer viruses to make these changes, lately attackers have been relying on Web-based malware.

Here’s how an attack would work. A victim would visit a Web site or open a malicious attachment that would exploit a bug in his computer’s software. Attackers would then change just one file in the Windows registry settings, telling the PC to go to the criminal’s server for all DNS information. If the initial exploit code was not stopped by antivirus software, the attack would give attackers virtually undetectable control over the computer.

Once they’d changed the Windows settings, the criminals could take victims to the correct Web sites most of the time, but then suddenly redirect them to phishing sites whenever they wanted — during an online banking session, for example. Because the attack is happening at the DNS level, anti-phishing software would not flag the phoney sites.

Or an attacker could simply take complete control over the victim’s Internet experience, Dagon said. “If you look up the address of a Christian Science Reading Room site, they’ll point you to skin exotica,” he said. “If you ask where Google.com is located, they’ll point you to a machine in China selling luggage.”

“It’s really the ultimate back door,” said Chris Rouland, chief technology officer with IBM’s Internet Security Systems division. “All the stuff we’ve deployed in the enterprise, it’s not going to look for this.”

Rouland expects to see more of these DNS attacks launched from Web 2.0 sites in the coming months, because they make it very easy for people to “mash up” Web pages from many different sources — some of whom may be untrustworthy “This is truly the next generation of phishing,” he said.

Preliminary findings by Dagon’s team shows that the Web is an important vector for these attacks. Using Google’s network of Web crawlers, researchers uncovered more than 2,100 Web pages that used exploit code to change the Windows registry of visitors.

The team’s paper, entitled Corrupted DNS Resolution Paths, is set to be published at the Network and Distributed System Security Symposium (NDSS) in San Diego. It is co-authored by Chris Lee and Wenke Lee, of Georgia Tech and Niels Provos, a senior engineer with Google.

Last year Dagon and Wenke Lee, founded a startup called Damballa Inc., which is developing ways to protect against these types of attacks.

Damballa, which bills itself as an anti-botnet appliance vendor, can identify compromised machines by tracking whether or not they are communicating with DNS servers that are known to be malicious.

Google ads hijacked, security experts say

Posted in sec guru by crickinfo on December 20, 2007

FRANKFURT — Advertisements placed by Google in Web pages are being hijacked by so-called trojan software that replaces the intended text with ads from a different provider, Romanian antivirus company BitDefender says.

The trojan redirects queries meant to be sent to Google servers to a rogue server, which displays ads from a third party instead of ads from Google, BitDefender said in a statement.

Google said on Wednesday: “We have cancelled customer accounts that display ads redirecting users to malicious sites or that advertise a product violating our software principles.”

“We actively work to detect and remove sites that serve malware in both our ad network and in our search results. We have manual and automated processes in place to detect and enforce these policies.”

The trojan, named after the mythic Trojan Horse because of its ability to enter computer systems undetected, attacks Google’s AdSense service, which targets advertisements to match Web page content.

“This is a serious situation that damages users and Webmasters alike,” said BitDefender virus analyst Attila Balazs.

“Users are affected because the advertisements and/or the linked sites may contain malicious code,” he said. “Webmasters are affected because the trojan takes away viewers and thus a possible money source from their Websites.”

BitDefender on its Web site (www.bitdefender.com) describes the trojan, which it identifies as Trojan.Qhost.WU, as spreading at a “low” level and causing “medium” damage.

Orkut worm demonstrates vulnerability of service

Posted in sec guru by crickinfo on December 20, 2007
Google’s Orkut site appears to have been hit by a relatively harmless worm but one that demonstrates the continuing vulnerability of Web applications.

Google’s Orkut social networking site appeared to have been hit by a relatively harmless worm, but one that demonstrated the continuing vulnerability of Web applications.

Some Orkut users received an e-mail telling them they had been sent a new scrapbook entry — a type of Orkut message — on their profile from another Orkut user.

They only had to view their profile to become infected by the worm, which added them to an Orkut group, “Infectados pelo Vi­rus do Orkut,” wrote the blogger Kee Hinckley on his site TechnoSocial.

The name of the group, in Portuguese, roughly translates to “infected by the Orkut virus.” Orkut is popular in Brazil, as well as India, but has not caught on as well outside those countries compared to MySpace and Facebook.

The description of the group reveals that the worm was designed to show Orkut could be dangerous to users even if they do not click on malicious links, Hinckley wrote. The worm apparently did not try to steal any personal data.

The worm was also noted by Orkut Plus, a site that offers Orkut security tips, and discussed in Google’s Orkut help group.

At one time the infected group was adding new members at a rate of 100 per minute, and had reached a few hundred thousand members, according to various postings, but the problem appears now to be fixed, Hinckley wrote.

Orkut’s scrapbook feature allows people post messages that contain HTML code, but it may lack a filter to strip out malicious JavaScript, Hinckley wrote.

“It does not appear at first glance that the worm does anything more dangerous than pass itself on to one or more of your friends,” he wrote. “I think it unlikely that it would be able to steal your password, although it could potentially access other private information.”

Servers hacked to boost Google ranking

Posted in sec guru by crickinfo on December 20, 2007

AN Australian web hosting company’s servers have been hacked, with attackers embedding malicious code to generate “link farms” on its customers’ websites.

Link farming is the process of exchanging reciprocal links with websites in order to increase search engine optimisation, according to internet encyclopedia Webopedia

Melbourne-based MD Web Hosting confirmed that over the past two weeks it’s been the victim of hacking attacks from IP addresses that originated from Russia and Turkey.

“Obviously some companies buy the services of these Russians to find vulnerable websites,” Tom Najda, MD Web Hosting business services manager, said.

“These link farms were linking back to pharmaceutical websites which are obviously looking to boost their Google ranking,” he said.

Attackers were able to gain access to around five servers which didn’t have the correct security profiles. The problem was compounded by the fact that the company’s IP blocking and firewalls were not up to scratch, Mr Najda said.

He said the problem only affected between five to ten per cent of its 20,000 customers, and the issue was resolved earlier this week.

Your identity is worth $21 on the Net

Posted in sec guru by crickinfo on December 20, 2007

Personal information, including credit card numbers, sold openly: report

Vito Pilieci, CanWest News Service

Published: Wednesday, December 05

All of your personal banking and credit card information, your birthdate and your social security data are worth about $21 on the Internet, according to a study released today.

And much of that data may have been stolen from government offices, says the report by computer security firm Symantec Corp.

Symantec says thousands of Internet chatrooms and websites openly sell credit card and personal information for the purpose of identity theft — and are doing plenty of business.

Many of the sites can be found using the Internet Relay Chat program that is similar to MSN Messenger or AOL’s Instant Messenger software. Simply search for “#cc” and hundreds of websites will pop up.

“I have valid CC (credit card) and bank loggins (sic),” bragged one person asking to be contacted by interested parties.

“Anyone interested in buying operative USA, UK & Canada CC with billing info and CVV (a credit card security number): harvesting–tomyahoo.ca.

“Reasonable prices,” said another.

Symantec, the company responsible for the popular Norton Anti-Virus program, says it monitors many of these Internet properties to better understand the identity-theft issue.

The findings are part of a 120-page semi-annual report on online security issues and threats. The report focuses on problems that emerged during the last six months of 2006.

“Bad guys have a tendency to want to brag a bit,” said Dean Turner, executive editor of the report.

“All of the information we gather is in public Internet Relay Chat servers. … They are filled with lots and lots of people.”

An individual’s credit card information, by itself, will sell for $1 to $6 US in any of these chat rooms, Turner said. An entire identity can be bought for as little as $18 US ($21 Cdn).

What could be even more disturbing is where the personal information comes from. According to Symantec, governments were responsible for as much as 25 per cent of all leaked information .

The second- and third-biggest contributors to data loss are the health-care industry (20 per cent) and educational institutions (14 per cent), Symantec says.

And most of the information isn’t going to hackers who break into government computer systems. About 54 per cent of all data lost is just being carried out the door. Hacking accounts for only 13 per cent.

“The major cause is theft or loss … stealing hard drives out of machines,” Turner said.

With new methods of data storage, it’s easy to walk into a government building and steal information, he said. Thumb drives and MP3 players are capable of copying files, while computer terminals in unsecured locations can be pried open by a thief who steals the hard drive and all of the information on it.

In 2003, he said, four computers containing confidential personal information on more than 120,000 citizens were stolen from the Canada Revenue Agency.

In January, a doctor at Toronto’s Hospital for Sick Children lost a laptop containing the personal data of more than 2,900 patients. The incident prompted Ontario’s privacy commissioner, Ann Cavoukian, to require encryption of all personal data before it is moved from an office setting.

“It is certainly something to be alarmed about,” Turner said.

What’s worse is that the amount of data loss may be even higher. Turner said governments, health-care facilities and educational institutions are required by law to report data breaches as soon as they occur. The private sector isn’t bound by such rules.

In its report, Symantec urges governments and private businesses to require mandatory encryption of sensitive data. That way, even if the information is stolen, thieves won’t be able to access it.

While there are no statistics on identity fraud, credit card fraud accounts for more than $300 million in losses every year, according to recent statistics from Visa Canada.

Symantec’s report uses information it collected between July 1 and Dec. 31, 2006, from its offices in more than 180 countries and from some of the 120 million users of its security products.