September, 2010

New means through which the Stuxnet worm, which is able to infect industrial facilities and take over their control systems, spreads have been identified. According to Symantec analysts, Stuxnet is able to reinfect previously disinfected Windows systems that are running Siemens STEP 7 industrial automation software by writing itself into the project folders created by the development environment for STEP 7 programmable logic controllers. The worm modifies certain files and saves infected DLLs, some of them encrypted.

Through a mechanism comparable to that exposed by the Windows DLL search path vulnerability disclosed in August, when a STEP 7 project with a dormant infection is opened the library is loaded. This DLL then decrypts and launches the actual Stuxnet library. The result is reinfection. Forwarding of project folders can also lead to infection.

The Unique Identification Authority of India has long emphasized that the focus of the Aadhaar number is on giving the poor and marginalized in India their first clear, easily verifiable, mobile identity.

Ranjna Sadashiv Sonwane, a tribal woman from Tembhali village in Nandurbar, in the western state of Maharashtra, became the first recipient of the Aadhaar number under the Unique identification project. Ranjna received the Aadhaar (the UID brand) letter from Prime Minister Dr. Manmohan Singh on Thursday, the day he launched the initiative nationally.

Ranjna’s letter marks the point where the Aadhaar initiative transforms from a technology concept to an on the ground reality. Ranjna had enrolled with her five-year old son Hitesh, who was the second person to receive the Aadhaar letter. For Hitesh, Aadhaar will be his first proof of identity.

A major new malware spam campaign mimicking invites sent via business networking site LinkedIn.com leverages user trust and a kitchen sink of browser exploits in a bid to install the password-stealing ZeuS Trojan.

The spam campaign began Monday morning, according to security experts at networking giant Cisco Systems, and for a while the fake LinkedIn invitations accounted for as much as 24 percent of all spam. Recipients who click links in the message are taken to a Web page that reads, “Please Waiting, 4 seconds,” and then sent on to Google.com.

On the way to Google, however, the victim’s browser is silently passed through a site equipped with what appears to be the SEO Exploit Pack, a commercial crimeware kit that tries to exploit more than a dozen browser vulnerabilities in an attempt to install ZeuS.

This is a very nice proof of concept of how an attacker may use the network to get access to USB devices on your computer, and even gain full access to Smart Card technology like the Swiss Post ID.

USB Smartcard (SuisseID) Takeover from Max Moser on Vimeo.

Manchester, 7^th September 2010 - An electrotechnology firm that has won numerous infrastructure projects throughout the South Pacific over its 73-year history has deployed 3ami Monitoring and Audit System (3ami MAS) to safeguard its intellectual property against theft. McKay, a rapidly growing firm whose clients include BAE and New Zealand’s Royal Navy, uses 3ami MAS to prevent employees from downloading confidential company files onto personal USB mass storage devices and removing those files from the premises without authorisation.

A Nigerian man has been sentenced to 12 years in prison for sending out fraudulent e-mails offering victims big bucks in exchange for moving cash to the United States.

Okpako Mike Diamreyan, 31, was sentenced to 151 months of prison Wednesday by United States District Judge Janet Hall in Bridgeport, Connecticut.

Diamreyan made more than US$1.3 million in a scam that suckered 67 victims between 2004 to 2009, prosecutors said. This type of fraud, called an advance-fee scam, was the number-one type of Internet fraud in 2009, according to the U.S. Federal Bureau of Investigation. Last year, advance-fee fraud accounted for nearly 17 percent of the Internet fraud logged by the FBI.

Google is spending US$8.5 million to settle a class-action lawsuit filed over the rollout of its Google Buzz social-networking service.

The proposed settlement was filed Friday in federal court in San Jose, California. The money will cover attorney fees and also be used to fund groups focused on Internet privacy, according to court filings.

If approved by a judge, the settlement will close a chapter on the ill-fated February launch of Google's alternative to Facebook. Buzz worried users because it made the names of users' Gmail contacts public, often without their knowledge. Google quickly addressed the issue but was soon hit with class-action lawsuits, which were eventually consolidated into this case.