di Paolo Attivissimo

Sono passate solo un paio di settimane dall’annuncio del primo worm per iPhone, una burla sostanzialmente innocua che faceva comparire Rick Astley come sfondo del telefonino, ed è già arrivato il primo worm ostile che sfrutta la medesima tecnica per replicarsi e infettare il cellulare di Apple.

Il provider olandese XS4ALL ha infatti scoperto che alcuni suoi clienti dotati di iPhone sono infettati da un programma che tenta attivamente di intrufolarsi negli iPhone altrui, saccheggiando i loro archivi di SMS alla ricerca di messaggini usati per autenticare le transazioni bancarie.

L’attacco funziona soltanto sugli iPhone che sono stati sbloccati dagli utenti usando i vari sistemi di jailbreaking disponibili in Rete per potervi installare software (in particolare SSH) senza dover passare dalle autorizzazioni (e dalle casse) di Apple, e soltanto se l’utente è stato così malaccorto da non cambiare la password di root standard del telefonino.

Le vittime si trovano il cellulare comandato da ordini che arrivano dalla Lituania: il worm provvede inoltre a cambiare la password di root dell’iPhone, in modo che il legittimo proprietario non possa riprenderne facilmente il controllo, e assegna un identificativo unico a ciascun iPhone infetto.

Il rimedio consigliato, in caso d’infezione, è un reset del telefonino usando l’apposita funzione di iTunes, che naturalmente annulla anche lo sblocco effettuato intenzionalmente dall’utente. Maggiori dettagli sul worm sono disponibili presso Sophos.com e F-secure.

E intanto, ironia della sorte, il creatore del primo worm per iPhone, il ventunenne Ashley Towns, trova impiego: è stato assunto da una società australiana che sviluppa software per il cellulare con il logo della mela morsicata.

Fonte: http://attivissimo.blogspot.com

It was a perfect autumn day for a tennis match.  We were playing the last league match of the season and had already locked up first place.  Our opponents today had been eliminated earlier and were playing only for pride.  One of my mottos is: “Watch out for those guys playing only for pride”.  As we approached the court we knew we were in for a tough match. 

We took positions on the court to begin warm-ups.  I was relaxed and focused and ready to play my very best tennis.  As I was returning my opponent’s first forehand shot I heard this obscene noise piercing the afternoon’s solitude: “twaaaaaang”!  I had no idea where the annoying sound was coming from but it had to be awfully close.  Finally after a few more shuddering “twaaaaaangs” I determined that it was coming from my partner of all people.  Low and behold, he was playing without a dampener!  I don’t think it even fazed him but it was sending vibrations up and down my spine similar to hearing chalk screech on a blackboard, but much worse.  I knew that I couldn’t continue playing under such extreme circumstances.  I had to put a stop to this immediately or I would be spending the next 30 days in the local sanitarium. 

I asked him, “Did you lose your dampener”?  “I never use one” he replied, much to my shock and dismay.  I told him that if he relished any desire whatsoever to win this match that he was going to have to use one today.  He reluctantly agreed and I pulled out a nice assortment of miscellaneous little devices that I had accumulated over the years.  After much contemplation and study he chose a little green tennis ball shaped dampener and stuck it right above the bottom string.  I didn’t have the heart to tell him that rules dictated that he put it “below” the bottom string.  I wonder how in the world that rule ever came about. 

Well, we resumed warm-ups and were almost ready to start the match when I heard that awful sound again, “twaaaaaang”!  The ear saving little tennis ball dampener had come out of his strings.  We searched the immediate area of the court for the elusive little device but it was nowhere to be found.  I was guessing it was in the next county based on how my partner struck the ball but that’s a story for another day.  By the time we were ready to begin the match he had gone through 6 dampeners.  I only had 2 left and was on the verge of panicking. 

I was desperate as I searched through my Pro Supex Elite 9 Pack Bag (black and red, of course).  Finally, when I thought there was no way to avoid forfeiting the match, I found a pack of worms, the Forten Worm 2 Pack to be specific.  I was saved!  Now we were ready to play the match! 

The worm saved the day and fate smiled upon us as we pulled out a close three setter.  The little worm remained in his strings without a single escape and I was able to focus on the sweet sounds of topspin shots leaving the racket as opposed to the obnoxious “twaaaaaang”!  Immediately after the match I contacted The Tennis Depot and ordered a dozen packs of “Forten Worm 2 Packs”.  I was never going to suffer through this crisis ever again!  Now I was well insured and you can bet that there is plenty of room in my Pro Supex Elite 9 Pack Bag to store plenty of worms, rackets and all of the other paraphernalia that sound freaks like me need to accessorize with. 

Incidentally, these handy little dampeners can help prevent tennis elbow or least lessen the severity of the pain.  It’s a great idea to keep a few packs in your tennis bag if you are half as mentally fragile as I am.  Also, they would make a great Christmas gift for those tennis friends that you feel obligated to get something for but don’t want to spend a fortune on.                                                                                                                                            And, take it from me, you can’t have too many of them in your tennis  bag!      

iPhone Malware has been getting an awful lot of coverage lately, hasn’t it? I’m sorry to add to it, but sophos.com reports that the author of the Ikee iPhone worm has (somewhat predictably) earned himself a nice new job for his troubles.

Ashley Towns is twenty one years of age, Australian, sports a fair bit of lip-and-nose-metalware and is also the latest employee of mogeneration, a company that specializes in iPhone application development.

The Ikee worm was widely reported as the world’s first iPhone worm. It affected only iPhones that had been jailbroken, replacing their wallpaper with an image of 80s pop sensation Rick Astley and the headline text “Ikee is never going to give you up.” (Whether that makes it malicious or not depends entirely on your opinion of that coiffed crooner.)

While Ikee didn’t do anything too nasty, an understanding of the precise security weakness the worm exploited was shared quickly on the Internet via widespread reporting in the tech press. Only a matter of days later, the Duh worm (also known as Ikee.B) was found in the Netherlands. Researchers discovered the Duh worm was based largely on Ikee, exploiting the same weak-password method; however this variant of Ikee was much more sinister, acquiring iPhone owners’ online banking information.

Of course, Towns’ can’t be held responsible for the Duh worm, but would Ikee.B have existed if not for Ikee? Didn’t Towns open the door for opportunistic malware authors looking for a way to take advantage of less diligent iPhone jailbreakers? Furthermore, is it appropriate he has been rewarded for his actions?

It’s that age-old argument; should malware authors be punished with heavy fines and jail sentences, or should they be gainfully employed by security companies, where their mad programming skillz can be used to benefit society?

The 21-year-old Australian hacker who wrote the first iPhone worm lands a job developing software for the phones…. From BBC News. Full story

This site may contain information about: mobile contract. The blog is also related to: cheap phones.

Blizzard: Warcraft 4? Ci stiamo pensando
La software house californiana non dimentica la serie di RTS che l’ha resa definitivamente famosa, ma prima bisogna completare i lavori su Starcraft II.

Nuovo worm via Facebook, attenzione a dove si clicca
La diffusione a macchia d’olio di Facebook ha fatto di questo social network un vivaio molto prolifico per molti malintenzionati.

Google Chrome OS: cos’è e cosa non è
La presentazione di un’anteprima di Chrome OS presso il quartier generale di Google, a Mountain View, ha permesso di liberare il campo da alcune informazioni che circolavano sulla stampa nelle scorse settimane.

Il 2012 vedrà la nascita del successore di Windows 7?
Due slide, mostrate da Microsoft nel corso dell’annuale “Professional Developers Conference” (PDC) di Los Angeles, hanno stuzzicato la curiosità dei presenti.

Il Padrino dello spam finisce in galera
Ha guadagnato milioni con le sue truffe a base di ingegneria sociale, titoli azionari gonfiati e posta spazzatura. Pagherà con gli interessi in una prigione federale USA.

The 21-year-old hacker who wrote the first iPhone worm lands a job developing software for the phones…. From BBC News. Full story

This site may contain information about: cheap mobile phones. The blog is also related to: pay monthly mobile phones.

wired.com
A second iPhone worm is in the wild, and unlike the jokey Australian worm authored by hacker prankster Ikee two weeks ago, this one is dangerous.

Unlike Ikee’s hack, which merely rick-rolled owners of infected iPhones, the new Dutch variant targets customers of the bank ING. When triggered, the worm redirects users visiting the banking site to an address in Lithuania which shows a fake login screen for ING online banking. It is essentially a phishing attack run on compromised iPhones.

The panic that will inevitably spread from this story is unjustified. First, if you are a regular iPhone customer you are safe, even if you are in the Netherlands. This is because, like the Ikee hack before it, the new worm will only work on a jailbroken, or hacked iPhone. Further, you will have to explicitly install SSH remote access, and then you will have to leave the root password at its default, which is alpine.

More…

A second worm which infects modified iPhones has been discovered by security company F-Secure…. From BBC News. Full story

This site may contain information about: mobile phones offers. The blog is also related to: contract phone.

Early Tuesday morning, the reggae world lost one it’s most charismatic and exciting selectors: Kevin “Squingy” Bennett of “Bass Odyssey”

Squingy has been battling an undisclosed terminal sickness for the past year or so and unfortunately, he succumb to his illness in a Tampa, Florida hospital yesterday morning.

He will be sorely missed by his family, friends, fans and fellow soundsmen…

I will be dedicating the remainder of my 2009 parties as an MC to “Squingy”, including “One Remarkable Year” on Friday November 27th @ Woo Lounge, “Rhyme & Wine” on Friday December 4th @ Premium Rhythm Bar and “The Triple Threat” on Saturday December 19th @ Tota Lounge.

If you have never seen or heard Mr. Bennett “talk de tings dem”, then I suggest you do your research asap, as he was one of the most incredible and vibrant selectors of all time.

R.I.P. Squingy…

El gusano que aprovecha una vulnerabilidad en el sistema operativo Microsoft Windows persiste encabezando el ranking de los códigos malicioso más propagados, a más de doce meses de su aparición.

Conficker lleva ya once meses consecutivos entre los tres primeros puestos del ranking de propagación de amenazas de ESET, a pesar de que ha pasado más de un año de su aparición, según informa la compañía de seguridad informática ESET.

A fines de noviembre del año pasado, el gusano dio inicio a su propagación, aprovechando la vulnerabilidad en uno de los servicios del sistema operativo Microsoft Windows, que afecta a las versiones Windows 2000, Windows XP, Windows 2003, Windows Vista y Windows Server 2008. Microsoft había alertado a sus usuarios sobre la misma el 23 de octubre de 2008 en su boletín de seguridad MS08-067, poniendo también a disposición el parche para solucionar la cuestión.

El Laboratorio de ESET para Latinoamérica alertó de la amenaza en su Blog, donde también está disponible la dirección de descarga de la actualización de Microsoft para los usuarios que aún no la han descargado:
http://blogs.eset-la.com/laboratorio/2008/11/29/gusano-conficker-parchee-inmediatamente/

La misma vulnerabilidad había sido explotada en primer lugar por Win32/Gimmiv, un gusano diseñado principalmente para robar información, tal como nombres de usuario y contraseñas de MSN Messenger, Outlook Express e Internet Explorer, así como también cookies almacenadas en el sistema. A pesar de su rápida aparición, Gimmiv se propagó principalmente en Asia y no obtuvo altos índices de infección ni perduró en el tiempo, como sí ocurrió con el caso de Conficker.

“Conficker logró infectar a millones de equipos en todo el mundo en apenas pocos días, incluyendo a la Marina Francesa. El hecho de que Microsoft pusiera una recompensa, que finalizando el año 2009 aún no ha sido cobrada por nadie dado que los responsables aún no han sido encontrados, corrobora la gravedad y masividad de la amenaza”, aseguró Cristian Borghello, Director de Educación de ESET para Latinoamérica.

El gusano lleva todo lo que va del 2009 integrando el top 3 de códigos maliciosos con mayor índice de propagación de acuerdo al ranking de amenazas destacadas de ESET y la propagación del malware en América Latina aumenta en relación al resto del mundo.

Para más información acerca de la historia de Conficker, puede leer un artículo preparado por los expertos de ESET Latinoamérica titulado Conficker en números: http://www.eset-la.com/centro-amenazas/2241-conficker-numeros

Fuente: http://www.noticiasdeinformatica.info/noticias/24-seguridad-informca/859-conficker-cumple-un-ano-entre-las-amenazas-informaticas-de-mayor-propagacion

“Want To C Something Hot…Click da Button, Baby!”

Brotha Tech’s suggestion is that you NOT click da button………Baby

The Lowdown:

The folks over at AVG: Antivirus and Security Software have uncovered a Facebook worm that infects your Facebook page (and prolly your computer) and is waiting to infect all others who click on the curvy sista in the sexy undergarments that is now lamented on your FB page.

By clicking the pic you noticed on a friend’s page, it takes you to another site with a larger view of the temptress. If you roll the dice and “click da button, baby” it will take you to an adult site. After a couple more clicks, Instantly you realize that’s not where you want to be and browse back to you FB page, the image is now pasted on your wall working it’s magic, and just waiting for others to follow suit.

Here is video from AVG showing how the worm works.

Be safe out there on these social networking sites folks!

"Ikee is never gonna give you up"

It was only a matter of time before it happened again. Another worm has found its way into iPhones.

Luckily for us, it’s based in the Netherlands at the moment and is busy trying to get hold of bank details, apparently, as it attacks those using their phones for internet banking.

It’s only affecting jail-broken phones (mobiles that have been modified to accept non-Apple software – tut-tut) and have SSH (secure shell) installed and haven’t changed the password.

The worm was discovered by security company F-Secure, and research director Mikko Hypponen told the BBC:

“It’s the second iPhone worm ever and the first that’s clearly malicious – there’s a clear financial motive behind it.”

Still, it could be worse. You could be getting a picture of Rick Astley imprinted on your iPhone. Wait – wasn’t that the last worm…?

Very good instructions including a step by step of how to inoculate yourself if you are testing Jailbreaking for educational reasons.  Click here to read.

Tue, November 24, 2009 — IDG News Service — Some Facebook users have been infected with a worm after clicking on an image of a scantily clad woman, which then redirects the victims to a pornography site, according to security researchers.

The worm posts an image on a victim’s Facebook Wall with a photo of a woman in a bikini and the message “click ‘da button, baby.” Wall posts are viewable by a Facebook user’s friends.

If a friend clicks on the image and is logged into Facebook, the image is then is posted to their own Wall. Their Web browser will then open a Web page with a larger version of the same image. A further click on “da button” redirects the friend to a pornography site, according to Roger Thompson chief research officer for antivirus vendor AVG Technologies. Thompson posted a video of the attack on his blog. [read: CIO]

Last week the news about yet another non-belligerent iPhone worm did the rounds and people responded by saying things like “How silly jailbreaker’s are for not changing their SSH root passwords,” and “It’s only a matter of time until a worm appears that’s not so friendly…” OK, yes, geeky people said those things. Normals will likely never know that jailbreaking is something you can do to a phone.

Well, the predictions of gloom have proven true. Over the last few days, and reported by The Mac Observer, a new worm has been identified. This one, (so-far limited to iPhone owners in the Netherlands), takes advantage of the exact same SSH-exploit as the previous worm. Once on a user’s iPhone, it circumvents Mobile Safari’s anti-phishing technology to present a spoof of a popular banking website. Users are tricked into handing over their online banking authentication details. The worm spreads from iPhone to iPhone, but is limited to jailbroken handsets connected to the same Wi-Fi network.

Apple has weighed-in with its own sage wisdom and advice on the matter. Speaking to The Loop’s Jim Dalrymple, Apple spokesperson Natalie Harrison said:

The worm affects only a very specific set of iPhone users who have jail broken their iPhones and hacked it with unauthorized software. As we’ve said before, the vast majority of customers do not jailbreak their iPhones, and for good reason. These hacks not only violate the warranty, they will also cause the iPhone to become unstable and not work reliably.

If you live in the Netherlands and have jailbroken your iPhone and installed SSH, you need to change the default password to protect yourself from this particular exploit. Just don’t think you’ll be safe — Apple might keep the iPhone platform locked-down tight, but you can’t argue against the obvious security advantages of doing so. To date, there have been four confirmed worms “in the wild” on jailbroken iPhones. How many confirmed worms have appeared in the wild that affect non-jailbroken iPhones? There you have it.

The Real Question Is…

But the real question, as I see it, is this; who jailbreaks any more? I mean, really… who? Why? The single biggest reason people originally went to the trouble of jailbreaking their iPhones was due to frustration at the lack of native apps. (Back in the early days of iPhone ownership, and before the app store existed, only Apple’s own home-grown apps were locally installed on the device. Every third-party apps ran inside Mobile Safari and, therefore, required access to the Internet.) I did a lot of travel back then, usually by air and train, so I didn’t always have a reliable Internet connection; this rendered most of my web apps useless. That annoyed me, and I very nearly did the whole jailbreaking thing just so I could install applications locally that would work irrespective of an active Internet connection. (Ultimately I wussed-out, too afraid I’d permanently mess-up my precious — and expensive — iPhone.)

But that was then, and times have changed.. What other compelling reasons were there to void Apple’s iPhone warranty? MMS, video recording, exchange server support, multitasking and Copy & Paste were the “most missed” features. Today we have more apps than you can shake an iPhone at. We have MMS and video recording, exchange support and copy & paste.

The only thing missing is “true” multitasking, but for the vast majority of iPhone owners (for whom multitasking is another way of saying “I want instant messaging!”), Apple’s Push Notification Service does a decent job of balancing productive multitasking with preserving battery life.

So… why jailbreak? Is it a form of protest against Apple’s broken application approval process? Is it because you absolutely must replace the default icons with something far less classy? Perhaps you can’t live without tethering? Tell us in the comments the (few) remaining reasons for jailbreaking an iPhone.

Just please don’t say it’s for geek cred… I might cry!

Yesterday, I stumble upon an article in CNet. “Another iPhone worm, but this one is serious“, that is the title. Initially I did not really care about because I know I won’t be affected. I believe only jailbroken iPhone will be affected

In case you have jailbroken your phone and worried about it. My friend Son Tung knows a way to prevent it, by changing the root password. Try the steps in this blog http://justanotheriphoneblog.com/wordpress/iphone-tips/how-to-change-the-iphones-root-password

I personally never try it, so I won’t be able to share my experience. But if you worry about the worm, it is worth to try …..

The scantily dressed woman has nothing else to show you.

The Facebook staff has been hard at work to squash a new worm propagating on the social networking platform with the help of unwary users. Using the image of a female model in lingerie as lure, the nuisance spread from wall to wall through a Web exploitation technique known as clickjacking.

This most recent attack doesn’t appear to have had a malicious component and was most likely a proof of concept. The rogue Facebook posts featured the picture of an attractive female model looking over her shoulder and an accompanying message reading “Wanna C Somthin’ HOT!?? Click Da’ Button, Baby!” Choosing to comply with the instruction while being logged into Facebook did nothing more than re-post the message without authorization on your own wall, thus propagating it further.

The trick was so well crafted and intriguing that it even managed to trick some security professionals. “The worm’s landing page is brilliant — alluring yet mysterious, and very clean, just like we techies like it. […] As a personal lesson, I have to admit mea culpa. I saw the worm being posted from a friend’s page and didn’t believe it to be dangerous because the lure is pretty cool,” Gadi Evron, a reputed security consultant and former Israeli CERT manager, writes for Dark Reading.

After analyzing the worm, Nick FitzGerald, emerging threats researcher at antivirus vendor AVG, concluded that the attack technique used was cross-site request forgery (CSRF). “A sequence of iframes on the exploit page call a sequence of other pages and scripts, eventually resulting in a form submission to Facebook ‘as if’ the victim had submitted a URL for a wall post and clicked on the ‘Share’ button to confirm the post,” he explains.

However, the Facebook staff disagrees with the CSRF assessment and says that a technique known as clickjacking, or in technical lingo, user interface redressing, is the culprit. Clickjacking is a term referring to an entire class of attacks that affect all browsers and involve overlapping hidden buttons onto visible ones. Therefore, when a user attempts to click the legit button in order to perform an apparently harmless action, their mouse click is hijacked and used to trigger an unintended one.

“This problem isn’t specific to Facebook, but we’re always working to improve our systems and are building additional protections against this type of behavior. We’ve blocked the URL associated with this site, and we’re cleaning up the relatively few cases where it was posted,” a Facebook spokesperson commented for The Register.

Clickjacking is a growing concern amongst the infosec community and browser vendors have yet to completely address it. The technique is actually exploiting an architectural flaw at the core of the Web; therefore, it is difficult to mitigate without breaking other legit functionality.

This doesn’t mean that users are completely exposed. For example, Firefox users can protect themselves against most of these attacks by installing a popular security extension called NoScript.

With Internet Explorer 8, Microsoft also introduced a directive called X-FRAME-OPTIONS that web developers can declare on their websites in order to counter clickjacking abuse. Unfortunately, this means that IE8 users have to rely on website owners to protect them, which is not very practical.

Source: Softpedia.com

Çin hükümetinden dünyaya virüs uyarısı.

Çin yeni tespit edilen tehlikeli bir virüsle ilgili olarak uyarı yayınladı. İnternet üzerinden çok çabuk yayılacağı tahmin edilen virüsün tüm dünyadaki bilgisayar kullanıcılarını tehdit ettiği açıklandı.

In a week when both Facebook and iPhone have been infiltrated by yet another viral worm, one would think we would all be on a bit of a downer. In actuality, these bugs and hickups seem to draw us digital geeks closer together.

When the Internet entered out homes, it was a scary world, full of spam, hackers and new online threats. Today, it has become a world of collaboration, sharing and a vehicle for conversations to take place.

What always astounds me is others willingness to offer help and support in the digital world. Ask a question on Twitter and you will be overwhelmed with answers, ask for advice on LinkedIn and you will be inundated with support, ask what your friends are having for lunch on Facebook and you will find out about the best restaurants in your area.

The digital sphere is no longer associated with fear but with collabaration and honesty.

If you’ve been infected by one of the latest attacks, tell us about it. You’ll find a community at your fingertips ready to help you tweet your sorrows away.