Security News

Fully automated network works through complex calculations to determine veterans' tuition payments and housing allowances under the 2008 GI bill.

Officials believe giving cyber specialists access to information about real-world network attacks could lead to better solutions to protecting computers.

A Federal Communications Commission report released on Thursday examining Internet access subscriptions found less than half of U.S. subscribers currently get broadband service that meets or exceeds speed targets set by the commission in its national broadband plan.

The national intelligence office is developing a site that would pair job applicants with suitable federal vacancies.

HR specialists say incompatible systems and limited online tools make it difficult to match qualified candidates with jobs.

A weekly roundup of comments from Nextgov.com. All comments are presented in their original, unedited form.

Former National Science Foundation executive says technical issues and the enormity of the task make securing the Internet and networks 'the most difficult challenge' for researchers.

Administrators didn't review employees' rights to access files, enforce stringent password requirements, or block users from logging on after several failed attempts.

Push to secure data and systems creates multibillion-dollar market for contractors.

“According to the FBI, cybercriminals steal millions from small and midsize companies,” said ... general manager of Trend Micro Consumer and Small Business. ...

Cyber crooks stole just shy of $1 million from a satellite campus of The University of Virginia last week, KrebsOnSecurity.com has learned.

The attackers stole the money from The University of Virginia’s College at Wise, a 4-year public liberal arts college located in the town of Wise in southwestern Virginia.

Kathy Still, director of news and media relations at UVA Wise, declined to offer specifics on the theft, saying only that the school was investigating a hacking incident.

“All I can say now is we have a possible computer hacking situation under investigation,” Still said. “I can also tell you that as far as we can tell, no student data has been compromised.”

According to several sources familiar with the case, thieves stole the funds after compromising a computer belonging to the university’s comptroller. The attackers used a computer virus to steal the online banking credentials for the University’s accounts at BB&T Bank, and initiated a single fraudulent wire transfer in the amount of $996,000 to the Agricultural Bank of China. BB&T declined to comment for this story.

Sources said the FBI is investigating and has possession of the hard drive from the controller’s PC. A spokeswoman at FBI headquarters in Washington, D.C. said that as a matter of policy the FBI does not confirm or deny the existence of investigations.

The attack on UVA Wise is the latest in a string of online bank heists targeting businesses, schools, towns and nonprofits. Last week, cyber thieves stole more than $600,000 from the Catholic Diocese of Des Moines, Iowa.

Recommended reading:

Target: Small Businesses

Charting the Carnage from Ebanking Fraud

eBanking Guidance for Banks and Businesses

Avoid Windows Malware: Bank on a Live CD

Microsoft has released a point-and-click tool to help protect Windows users from a broad category of security threats that stem from a mix of insecure default behaviors in Windows and poorly written third-party applications.

My explanation of the reason that this is a big deal may seem a bit geeky and esoteric, but it’s a good idea for people to have a basic understanding of the threat because a number of examples of how to exploit the situation have already been posted online. Readers who’d prefer to skip the diagnosis and go straight to the treatment can click here.

DLL Hijacking

Windows relies heavily on powerful chunks of computer code called “dynamic link libraries” or DLLs. Each of these DLLs performs a specific set of commonly-used functions, and they are designed so that Windows can share these functions with other third-party programs that may want to invoke them for their own purposes. Many third-party apps will load these DLLs or bring their own when they first start up and often while they’re already running.

Typically, DLLs are stored in key places, such as the Windows System (or System32) directory, or in the directory from which the application was loaded. Ideally, applications will let Windows know where to find the DLLs they need, but many do not.

The potential for trouble starts when an application requests a specific DLL that doesn’t exist on the system. At that point, Windows sets off searching for it — looking in the above-mentioned key places first. But eventually, if Windows doesn’t find the DLL there or in a couple of other places, it will look in the user’s current directory, which could be the Windows Desktop, a removable device such as a USB key, or a folder shared on a local or remote network.

And while an attacker may not have permission to write files to the Windows system or program directories, he may be able to supply his own malicious DLL from a local or remote file directory, according to the U.S. Computer Emergency Readiness Team.

Several months ago, experts from a Slovenian security firm warned that hundreds of third-party applications were vulnerable to remote attacks that could trick those apps into loading and running malicious DLLs. According to the Exploit Database — which has been tracking confirmed reports of applications that are vulnerable to this attack — vulnerable apps include Windows Live Mail, Windows Movie Maker, Microsoft Office Powerpoint 2007, Skype, Opera, Medialplayer Classic and uTorrent, to name just a few.

The FixIt Tool

Roughly one week ago, Microsoft released a workaround tool to help users and system administrators blunt the threat from all of this by blocking insecure DLLs from loading from remote and local file sharing locations. But the tool wasn’t exactly made for home users: After you installed and rebooted, you still had to manually set a key in the Windows registry, an operation that can cause serious problems for Windows if done imprecisely.

On Tuesday, Microsoft simplified things a tiny bit, by releasing one of its “FixIt” tools to make that registry fix so users don’t have to monkey around in there. Trouble is, you still need to have installed the initial workaround tool before you can install this point-and-click FixIt tool.

It’s tough to gauge whether DLL hijacking poses the same threat to home users that it does to users on larger enterprise networks. Microsoft maintains that this class of vulnerability does not enable a “driveby” or “browse-and-get-owned” zero-click attack, but the attack scenarios Redmond describes where a Windows user could get owned by this attack probably would work against a majority of average Windows users.

And while it may take some time for developers of vulnerable third-party apps to fix their code, Microsoft’s interim fix does add a measure of protection. If you’d like to take advantage of that protection, visit this link, scroll down to the Update Information tab, and click the package that matches your version of Windows. Install the fix and reboot Windows. Then visit this link, and click the FixIt icon in the center of the page and follow the installation prompts.

Further reading:

An excellent writeup on this from SANS Internet Storm Center incident handler Bojan Zdrnja.

A discussion thread about this on DSL Reports’ security forum.

A competition for $35 million in grants would fund initiatives to help 9,000 contractors facing unemployment to find work in aviation and aerospace, clean technology, homeland security, IT and life sciences.

The initiatives could lead to almost a third of the public creating digital files to store their medical information.

A new version will include an application to correct the erroneous tax exclusions, which cost the government $90 million in 2008.

Poor design, lack of interaction and a paucity of pertinent information keep elected officials from enriching democracy, a report concludes.

Information Technology Industry Council President and Chief Executive Officer Dean Garfield issued a progress report on Tuesday about his group's efforts to find some middle ground among stakeholders battling over network neutrality, saying there has been "significant progress" while declining to provide any details.

The Transportation Security Administration appears to be taking a wait-and-see approach to the renewed effort.

Airports in Barcelona and Madrid in Spain have installed self-service kiosks available for use by holders of Spanish citizen ID cards or European Community electronic passports, according to a Pro Security Zone article.

The kiosks, which are expected to relieve long lines for those traveling into the country, require a positive scan of both a cardholder’s face and fingerprint.

Read the full article at SecureIDNews…

HID Global introduced a new line of direct-to-card FARGO printer/encoders. The new product line is made up of three models designed to meet the needs of small organizations to global enterprises. This is the first new line of printers introduced since HID purchased Fargo.

The line consists of the DTC1000 entry-level printer for small organizations; the professional-level DTC4000 printer for small- to medium-size organizations with more security and scalability requirements; and the advanced, DTC4500 professional printer for large corporations and government organizations with high-volume needs, says Ryan Park, senior product marketing manager for secure issuance at HID.

Read the full article at SecureIDNews…