Dragan on Security

A fake “FBI Windows” virus is spreading online that may affect your PC with well-known Sober virus.

It comes in a mail that claims to come from either the Federal Bureau of Investigation (FBI), the Central Intelligence Agency (CIA) or German police agency BKA and that warns users they have been detected visiting illegal sites, reports the online edition of BBC News.

The subject line of the message also claims that “You visit illegal websites” or “Your IP was logged”.

If the user opens the questionnaire attached to the message, the virus becomes active and infects PC. FBI has denied having sent such mails. The US investigating agency said it does not engage in the practice of sending unsolicited e-mails to the public in this manner.

Anti-virus firms have claimed they caught millions of copies of the malicious programme, suggesting a lot of people have fallen for the fake warning.

Symantec increased threat level to 3 on November 22, 2005. Symantec article about W32.Sober.X@mm virus is here.

There were “Twofish has been broken” rumors. These rumors have been based on the analysis by Shiho Moriai and Yiqun Lisa Yin, who published their results in Japan in 2000. Here is paper. Bruce Schneier’s answer is here.

CNET News.com is reporting that a critical vulnerability has been found in some versions of Apple’s popular iTunes that could allow attackers to remotely take over a user’s computer, according to a warning issued by eEye Digital Security, a security research firm. The latest iTunes flaw affects all operating systems from Windows XP to Mac OS X, according to the advisory. The discovery of this latest flaw comes days after Apple issued its iTunes 6 for Windows security update.

Read more here.

Interesting initiative: Code of conduct and whitelist of spyware-free apps. Source: vnunet.com.

A handful of internet firms have joined together to reduce the spread of adware and spyware which is distributed by ‘piggybacking’ on legitimate downloads.

The companies, including Yahoo, AOL and Verizon, have agreed to establish industry standards for monitoring and enforcing good behaviour on websites which offer downloadable software.

A new code of practice, maintained by independent online body TRUSTe, will ensure that sites offering downloads state clearly whether the software contains adware or trackware.

All co-operating sites will be required to inform the user of the types of advertising that will be displayed, and whether any personal information will be tracked and collected.

Sites will also have to warn users of any changes to PC settings, and users will need to opt in before the download can begin. Publishers must offer an easy uninstall procedure with clear instructions.

The participating companies are due to publish a ‘white list’ of certified applications. TRUSTe said that the programme will launch in beta form early next year.

NSA has interesting site for kids’ games in area of cryptology. It says:

Hi Kids!
Welcome to the NSA/CSS Kids’ page.
We’re the CryptoKids and we love cryptology.

What’s cryptology? Cryptology is making and breaking codes. It’s so cool. We make codes so we can send secret messages to our friends. And we try to figure out what other people are writing about by breaking their codes. It’s a lot of fun.

Visit it here.

Source: ACM TechNews.
The Department of Defense’s (DoD) Global Information Grid (GIG), a common, high-speed grid used by all federal agencies and international organizations to share sensitive information, requires use of encryption technology at high speeds in order to avoid filling up bandwidth with wasted processes. The DOD’s GIG Bandwidth Expansion (GIG-BE) program, scheduled for release later this year, will provide military bases in the United States with at least 100 times more bandwidth and military bases overseas with about 138 times more bandwidth, according to DoD’s Defense Information Systems Agency CTO David Mihelcic. The DoD is utilizing SafeNet’s SafeEnterprise SONET/SDH encryption technology and its SafeEnterprise security management center software to ensure data security while on the GIG. SafeNet’s Chris Fedde says the encryption technology allows speeds of 155 Mbps to 10 Gbps in order to accomplish secure encryption without filling up bandwidth. Elliptic curve cryptography (ECC), a public key cryptosystem adopted by the National Security Agency to protect critical information, will replace legacy encryption systems due to increased functionality and decreased bandwidth utilization. ECC reduces the required bandwidth, memory, and power required to receive and translate encrypted information, so users can use the technology on cell phones, PDAs, and smart cards. Certicom’s Mitch Blaser says ECC is becoming so widely accepted that most federal agencies will not consider products that do not come with standard ECC security protocols. Another potentially valuable technology is hardware-based full disc encryption for notebook PCs. Users of the technology will ensure data on their notebooks is not susceptible to attack when the device is lost or stolen, and disposing of the machine simply involves deleting the encryption key.

Read more here.

Last week I attended to International IPSI–2005 conference at Venice, Italy. You can see Conference Schedule here.
I presented there my paper titled “Protecting wireless computer networks by using intrusion detection agents”. This is part of my work on WIDS (Wireless Intrusion Detection System).
Download paper presentation here or send me an e-mail for full paper.
Book of Abstracts is here.

Interesting article on InternetNews site about Sony’s secretive digital rights management protections says:

The Electronic Frontier Foundation (EFF) is currently investigating Sony’s anti-piracy tactics in order to determine whether the organization will file a class-action lawsuit in the coming weeks against the music giant, said Jason Schultz, a staff attorney at the EFF.

A privacy organization in Italy, the Electronic Frontiers Italy (ALCEI), on Friday filed papers with authorities claiming Sony BMG was responsible for “illicit actions” in Italy and seeks penal denunciation against the company for secretly inserting software into consumer computers.

Microsoft has renamed its Windows Antispyware product to “Windows Defender”, Microsoft bloggers revealed late Friday. At the same time, Microsoft also officially acknowledged what company watchers deduced earlier this year: That it will bundle its antispyware offering into Windows Vista, and will incorporate its Strider rootkit detection technology into Windows Defender.

Read more here and here.

Another new kind of WiFi usage has been introduced at Massachusetts Institute of Technology. Article in Seattle Post-Intelligencer says:

MIT’s newly upgraded wireless network - extended this month to cover the entire school - doesn’t merely get you online in study halls, stairwells or any other spot on the 9.4 million square foot campus. It also provides information on exactly how many people are logged on at any given location at any given time.

It even reveals a user’s identity if the individual has opted to make that data public.

MIT researchers did this by developing electronic maps that track across campus, day and night, the devices people use to connect to the network, whether they’re laptops, wireless PDAs or even Wi-Fi equipped cell phones.

The maps were unveiled this week at the MIT Museum, where they are projected onto large Plexiglas rectangles that hang from the ceiling. They are also available online to network users, the data time-stamped and saved for up to 12 hours.

Technology gives good possibilities, but privacy is a serious concern in this case.

Read full article here.