Fast-flux DNS becoming more popular in botnets

Botnet operators are increasingly using fast-flux domains to mask their identity and avoid disruption, according to a recent online study. The fast-flux technique cycles the mappings of domain names to  infected hosts’ IP addresses. From January to May 2008, Jose Nazario of Arbor Networks and Thorsten Holz of the University of Mannheim tracked more than 900 fast-flux domain names. They found that the associated botnets had lifetimes varying from less than a day to months and were used for phishing, malware, and selling pharmaceuticals. “Our data shows that most fast-flux domains are dormant for more than one month before their use,” Nazario and Holz said, “meaning that proactively identifying future fast-flux domains has the potential to disrupt the online fraud and crime that is hosted in these networks.” (CNET)

Fraud, violations plague H-1B visa program

A government assessment found significant problems, including forged documents and shell companies,  in the H-1B visa program, according to  US Senator Chuck Grassley (R-Iowa). In a random sample of 246 H-1B employees, US Citizenship and Immigration Services found that one in five visas were affected by  fraud or “technical violations.” “This report validates the major flaws in the H-1B visa program," Grassley said in a statement. "It's unacceptable that these fraudulent activities are slipping through the cracks when there is so much legitimate demand for H-1B visas." (Computerworld)

Clickjacking a critical issue in Adobe Flash Player

Adobe issued a critical security advisory Tuesday warning of potential “clickjacking” in its Flash Player and offered a workaround, a month after two researchers initially disclosed the problem. Through the Flash Player, attackers could gain access to computers’ microphones or cameras after unsuspecting users click on hidden links or dialog boxes. Until Adobe addresses the problem in the next version of the player (a patch is expected by the end of October in Flash 10), it recommends that users prevent attacks by selecting “always deny” in the player’s settings manager. In his blog, researcher Robert Hansen explains that clickjacking is a new type of attack and includes several variants. “Some of it requires cross domain access, some doesn’t,” he said in the blog. “Some overlays entire pages over a page, some uses iframes to get you to click on one spot. Some require JavaScript, some don’t. Some variants use CSRF to preload data in forms, some don’t.” (Computerworld, BetaNews)

RealDVD remains in legal limbo

RealDVD will remain unavailable for purchase for at least a month after a judge declined to lift a restraining order on sales of the DVD copying software. RealNetworks introduced the program last week, but on Friday, the Motion Picture Association of America convinced US District Judge Marilyn Patel to block sales of the program until the lawsuit is settled. RealDVD lets users rip copy-protected DVDs to their hard drives by also copying the protections. RealNetworks says the program is legal and prevents piracy by adding its own DRM to the movies, which are then playable only in the ReadDVD player. (CNET)

AMD spins off manufacturing division

Advanced Micro Devices split its operations Tuesday with the announcement that it’s spinning off its manufacturing division into a new entity, The Foundry Company. The new company will be backed by the Advanced Technology Investment Company of Abu Dhabi, and plans to open a new fabrication facility in Saratoga County, N.Y., as well as upgrade its former AMD plant in Dresden, Germany. The move enables AMD to concentrate on chip design, such as its Fusion technology, which combines a CPU and GPU onto one processor. (The Associated Press)

Tool allows man-in-the-middle attacks on secure connections

A new open source hacking tool can automate man-in-the-middle attacks on banking, e-mail, and social networking sites that mix cleartext http with https. Security expert Jay Beale demonstrated his tool at the SecTor conference in Toronto this week, showing how The Middler can clone users’ sessions, passing https traffic through unmodified while injecting JavaScript into the cleartext traffic to obtain or change information. “Many companies misunderstand that encrypting only the application’s password form leaves their users very vulnerable to man-in-the-middle attacks,” Beale said in his presentation. (Dark Readings)

Mifare Classic smart card open to attacks

According to two research papers published Monday, attackers can easily crack the Mifare Classic access card, a popular RFID smart card used to restrict access at government facilities and military installations, with a few simple tools. The Register reports that Mifare Classic’s proprietary encryption scheme has a weakness that lets crackers guess its key with an RFID reader, a modest-strength PC, and roughly 10 minutes. (The Register)
 

Data mining not an effective counterterrorism tool

Data mining isn’t an effective tool for counterterrorism, and government programs that use such methods should provide extra oversight to prevent invasions of privacy and “false positives,” the National Research Council said in a report sponsored partly by the US Department of Homeland Security. The research organization concluded that data mining can be useful for tracking specific subjects, but automated techniques that look for unusual patterns would yield lots of erroneous data. (CNET)

Microsoft thinks big for business intelligence

Microsoft plans to upgrade its SQL Server 2008 with technology for the large data warehousing market and provide “managed self-service analysis” that will be easier to use. The company made the announcement at its second annual Business Intelligence Conference in Seattle on Monday, unveiling its plans to integrate recently acquired DATAllegro. SQL Server will now be able to handle data spanning hundreds of terabytes and thousands of concurrent users. Microsoft also wants to “democratize” business intelligence for the average worker. “If you know how to use Word and Excel, then you’ll be able to use our BI — that’s our commitment to customers,” said Stephen Elop, president of the Microsoft Business Division. (Computerworld).

Wi-Fi growth expected to reach one billion

Wi-Fi chips will be installed in one billion consumer electronic CE devices by 2012, according to a study by high-tech market research firm, InStat. Digital televisions are expected to account for most of the growth in the Wi-Fi market, the result of a 26 percent annual growth rate. “The sheer volume of digital TV shipments will make it a strong market, despite a relatively low Wi-Fi attach rate,” InStat analyst Victoria Fodale said.
The report also predicts that cellular handsets will surpass mobile PCs as the primary Wi-Fi devices by 2011. (Cnet)

Showing 3,731 - 3,740 of 4,562 results.
Items per Page 10
of 457