From: rakesh@sysman.in
To: rakesh@sysman.in
Subject: [CCCNews] CCCNews Newsletter - dated 2010 February 05
Date: Fri, 5 Feb 2010 19:39:01 +0530
February 05 , 2010
Editor - Rakesh Goyal (rakesh@sysman.in)
In today's Edition - (This is a news-letter and not a SPAM)
COOP : India, Ghana To Join Hands To Fight Cyber Crimes
MATRIX : How Wi-Fi attackers are poisoning Web browsers
TEAM-UP : Google team up with NSA in cyberattack probe
STEAL : Hackers Steal Millions in Carbon Credits
IT Term of the day
Quote of the day
* Direct Circulation in 4 Google groups (control-computer-crimes@googlegroups.com and IT-Sec-NSE@googlegroups.com) and 2 more groups
--
You received this message because you are subscribed to the Google Groups "control-computer-crimes" group.
To post to this group, send email to control-computer-crimes@googlegroups.com.
To unsubscribe from this group, send email to control-computer-crimes+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/control-computer-crimes?hl=en.
--Forwarded Message Attachment--
IT and Related Security News Update from
Centre for Research and Prevention of Computer Crimes, India
Courtesy - Sysman Computers Private Limited, Mumbai (www.sysman.in)
February 05, 2010
Today�s edition ��
COOP : India, Ghana To Join Hands To Fight Cyber Crimes
MATRIX : How Wi-Fi attackers are poisoning Web browsers
TEAM-UP : Google team up with NSA in cyberattack probe
STEAL : Hackers Steal Millions in Carbon Credits
(Click on heading above to jump to related item. Click on �Top� to be back here)
COOP : India, Ghana To Join Hands To Fight Cyber Crimes
Nilanjana Bhowmick
AHN India Correspondent
February 4, 2010
http://www.allheadlinenews.com/articles/7017724154
New Delhi, India (AHN) - India has sought Ghana's help in fighting cyber crime in order to prevent innocent people from being duped by lucrative job offers.
The interior minister of Ghana, Cletus Avoka assured his government's willingness to extend cooperation in the matter to India's overseas Indian affairs minister Vayalar Ravi who was in the West African country Ghana as part of his tour of African countries from Jan. 29 to Feb. 6.
Ravi expressed his satisfaction to Avoka over the prompt action taken by Ghana in addressing the security concerns of the Indian community living in Ghana.
During his Ghana visit, Ravi also held a meeting with John Evans Atta Mills, president of Ghana and discussed various bilateral issues between the two countries.
Ravi also attended an event organized by the Indian Association of Ghana where he elaborated on the measures that the Indian government was taking in order to strengthen the cultural and economic bond between India and its diaspora around the world.
MATRIX : How Wi-Fi attackers are poisoning Web browsers
By Ellen Messmer
Network World
February 3, 2010
Public Wi-Fi networks such as those in coffee shops and airports present a bigger security threat than ever to computer users because attackers can intercede over wireless to "poison" users' browser caches in order to present fake Web pages or even steal data at a later time.That's� according to security researcher Mike Kershaw, developer of the Kismet wireless network detector and intrusion-detection system, who spoke at the Black Hat conference.
He said it's simple for an attacker over an 802.11 wireless network to take control of a Web browser cache by hijacking a common JavaScript file, for example.
"Once you've left Starbucks, you're owned. I own your cache-control header," he said. "You're still loading the cache JavaScript when you go back to work.
"Open networks have no client protection," said Kershaw, who also uses the handle Dragorn. "Nothing stops us from spoofing the [wireless access point] and talking directly to the client," the user's Wi-Fi-enabled device.
Knowledge gained from researchers over the past year, he said, is showing that browser-cache poisoning over Wi-Fi can be kept in a persistent state unless the user knows how to effectively empty the cache.
"Once the cache is poisoned, it's going to stay there," Kershaw said. This means that an attacker can intercede to "poison the URL" of the victim so that he will see a fake Web page when they try to visit a specific Web site or try to insert a "shim" that could "ship your internal pages off to a remote server once you're in a VPN."
The few defenses Kershaw suggested were continuously manually clearing the cache, or using private-browser mode. "Who knows how to clear the browser cache in an iPhone?" he asked.
Kershaw acknowledged he doesn�t know how widely attacks based on poisoning the browser cache via 802.11 actually are. But the potential for trouble is so evident he said he'd advise corporate security professionals to try to "forbid users from taking laptops onto open networks," though he admitted, "Your users may lynch you." He said some vendors, including Verizon, are looking at solving this problem with a custom client that is tied to specific operating systems.
TEAM-UP : Google team up with NSA in cyberattack probe
Reuters
04 Feb 2010
http://news.yahoo.com/s/nm/20100204/wr_nm/us_google_cybersecurity
WASHINGTON (Reuters) � Internet search firm Google is finalizing a deal that would let the National Security Agency help it investigate a corporate espionage attack that may have originated in China, the Washington Post reported on Thursday.
The aim of the investigation is to better defend Google, the world's largest Internet search company, and its users from future attacks, the Post said, citing anonymous sources with knowledge of the arrangement.
The sources said Google's alliance with the NSA -- the intelligence agency is the world's most powerful electronic surveillance organization -- would be aimed at letting them share critical information without violating Google's policies or laws that protect the privacy of online communications.
"NSA is not able to comment on specific relationships we may or may not have with U.S. companies," the agency said in a statement.
As a general matter, "NSA works with a broad range of commercial partners and research associates" on security solutions for the Defense Department and other customers and on "cutting-edge technologies that will secure the information systems of tomorrow," the statement said.
Under the arrangement, the NSA would not be viewing user searches or e-mail accounts, the Washington Post said. Google also would not be sharing proprietary data with the NSA, the newspaper's sources said.
Google took the unusual step on January 12 of announcing that it had been hit by sophisticated cyberattacks in mid-December and that it was reviewing its business operations in China.
The Silicon Valley-based firm said the cyberattacks targeted Gmail accounts of Chinese human rights activists and an investigation found at least 20 other large companies had been targeted by cyberattacks.
China responded several days later with a defense of its state control of the Internet. A top official said online pornography, fraud and rumors were a menace and that Internet media must help "guide public opinion" in China.
U.S. Director of National Intelligence Dennis Blair said on Tuesday the cyberattacks against Google were a wake-up call.
A partnership between the Internet search giant and the NSA touches on the sensitive issue of how to balance individual privacy and national security online.
Google approached the NSA in the aftermath of the attacks, but reaching an agreement has taken weeks because of the sensitive nature of information-sharing between the two sides, the Post quoted its sources as saying.
The focus of the cooperative venture would not be to determine who was behind the attacks, the newspaper added, citing its sources. That would be nearly impossible.
Instead the aim is to build a better defense of Google's networks, or what technicians call "information assurances," the newspaper quoted the sources as saying.
STEAL : Hackers Steal Millions in Carbon Credits
By Kim Zetter
February 3, 2010��
http://www.wired.com/threatlevel/2010/02/hackers-steal-carbon-credits/
Credit card numbers are so passe. Today�s hackers know the real powerhouse data to steal is emission certificates.
That�s exactly what hackers went after last week when they obtained unauthorized access to online accounts where companies maintain their carbon credits, according to the German newspaper Der Spiegel.
The hackers launched a targeted phishing attack against employees of numerous companies in Europe, New Zealand and Japan, which appeared to come from the German Emissions Trading Authority. The workers were told that their companies needed to re-register their accounts with the Authority, where carbon credits and transactions are recorded.
When workers entered their credentials into a bogus web page linked in the e-mail, the hackers were able to hi-jack the credentials to access the companies� Trading Authority accounts and transfer their carbon credits to two other accounts controlled by the hackers.
Under environmental cap-and-trade laws, there�s a limit to the greenhouse gases companies can emit. Companies that exceed this limit can purchase so-called carbon credits from entities that produce fewer greenhouse emissions than the limit provides them.
The scheme has produced a robust market for the trade of credits. More than 8 million tons of CO2 emissions worth $130 billion were traded in Europe last year.
According to the BBC, it�s estimated the hackers stole 250,000 carbon credit permits from six companies worth more than $4 million. At least seven out of 2,000 German firms that were targeted in the phishing scam fell for it. One of these unidentified firms reportedly lost $2.1 million in credits in the fraud.
The credits were resold for an undisclosed sum. The buyers, who likely believed the transactions were legitimate, haven�t been named.
The German Emissions Trading Authority has suspended access to its databases for a week while an investigation is underway.
The fraud is the latest example of hacks aimed at gaming environment controls. A year ago, hackers penetrated the Brazilian government�s quota data for Brazilian rain forest products � allowing the illegal poaching of more than 1.7 million cubic feet of timber.
New IT Term of the day
social networking site
Abbreviated as SNS a social networking site is the phrase used to describe any Web site that enables users to create public profiles within that Web site and form relationships with other users of the same Web site who access their profile. Social networking sites can be used to describe community-based Web sites, online discussions forums, chatrooms and other social spaces online.
There is only one duty, only one safe course, and that is to try to be right.
Winston Churchill
Note -
- As a member of this group, you get useful information to protect yourself and your IT assets and processes from various Computer and Related Crimes.
- If you think that your other friends/colleagues/acquaintances/relatives/foes/enemies also needs this information, forward the mail to them and request them to send their e-mail addresses and names to us with subject as "Subscribe".
- If you or someone has become victim of Computer Crimes or has any query on prevention, you are welcome to write to us.
- If you are not interested in it and would like to unsubscribe - send a reply mail with subject as "Unsubscribe".
- Disclaimer - We have taken due care to research and present these news-items to you. Though we've spent a great deal of time researching these matters, some details may be wrong. If you use any of these items, you are using at your risk and cost. You are required to verify and validate before any usage. Most of these need expert help / assistance to use / implement. For any error or loss or liability due to what-so-ever reason, CRPCC and/or Sysman Computers (P) Ltd. and/or any associated person / entity will not be responsible.
Hotmail: Powerful Free email with security by Microsoft. Get it now.
No comments:
Post a Comment