Thursday, July 28, 2011

SECURITY - Cybercrime, Attacker Arrested

"British Police Make Arrest in Net Attacks" by SOMINI SENGUPTA, New York Times 7/27/2011


The British police announced the arrest on Wednesday of a 19-year-old man who they said was the spokesman of the online vigilante group Lulz Security, which has claimed responsibility for a string of attacks on the Web sites of government agencies and private corporations.

In a statement, the police said the man used the online alias Topiary and had been picked up during a raid on a residence in the Shetland Islands, the rugged archipelago off the northeastern coast of Scotland. The police said they were also questioning a 17-year-old but had not arrested him.

On Twitter, Topiary described himself as a “simple prankster turned swank garden hedge.” His missives were often facetious, suggesting the handiwork of someone who relished playful language.

Lulz Security, the offshoot of a larger and more amorphous hacker group called Anonymous, has said it was responsible for attacks on the sites of PBS, the Senate, the Arizona Department of Public Safety and a company associated with the F.B.I.

Friday, July 15, 2011

LINUX - Opinion, Mint vs Ubuntu

"Is Linux Mint a Better Choice than Ubuntu?" by Matt Hartley, Datamation 7/12/2011


Could the rapidly growing, user-friendly Linux distro attract converts away from the mighty Ubuntu?

For many advanced Linux enthusiasts reading this, I doubt that any recent changes to the Ubuntu desktop swayed you very much. Most of you already have had plenty of time to select alternative distros -- from Fedora to Arch Linux -- should you decide you want to.

Each distribution has its own set of advantages and differences. But for those people who cannot bear to part with some features that are considered to be unique to Ubuntu, Linux Mint might be a viable option to look into.

Linux Mint is perfect for new users

I've used Linux Mint GNOME edition off and on for a few years now. I have mostly used it in testing, as I'm really not the target audience for this distribution. Yet I continue to be impressed with how simple and user-friendly this desktop is. In addition, there are other factors that I think give Linux Mint a huge edge over Ubuntu for the casual user.

When running the Linux Mint software updating tool, you'll find things are numbered from 1 to 5. Packages numbered with a 1 are from Linux Mint developers while those packages with a "2" or higher come from Ubuntu or a third-party.

This numbering system all but guarantees that you won't hose a system with a bad set of updates from a rogue repository you added and forgotten about.

The next big thing with Linux Mint is how concisely the menu layout is presented. Unlike the old Gnome menus or even Unity, everything in Linux Mint is tightly laid out to make the entire experience as logical as possible. This menu setup makes migrating from another operating system much less overwhelming for newer users. For "old hat users" such as myself, I enjoy finding everything within reach. And if it's not visible, the provided search box takes care of anything that's missing.

Another huge push in the right direction for newcomers would have to be the introduction screen that appears on the first boot. Documentation, support, and so forth is presented right away. From there, items that I think should have been provided by Ubuntu out of the box are a given with Linux Mint.

Gufw (Easy to use Ubuntu Firewall) is installed and ready to go. There is a Mintbackup utility that not only offers the same functionality as SimpleBackup on Ubuntu, but it even backs up your application titles. This means you can take this list to another PC, run the program and install the same software list as before. That’s always been possible via the command line, and now it's nice to see this functionality provided for newer users with a friendly GUI.

Without any doubt, the biggest reason for me to love Linux Mint is that I can install software by name from the control panel -- with greater speed than I could have with apt-get.

Plus I can avoid all the package managers and directly type in the application's name, which presents me with the option to install it. Best of all, it's done very quickly and without the bloat of the software center. It's almost like being able to run the terminal without needing to know how. I love it!

It feels like Ubuntu

One of the biggest reasons I still rely on Ubuntu is because of the huge number of software packages available for it. If there's software for Linux, then there's an Ubuntu package somewhere for that application title.

Luckily, these same applications also work well for Linux Mint as it offers a release based on Ubuntu. This means that should Ubuntu's direction force me to drop it completely I can stick with the same applications.

Below is my laptop's Linux Mint-10 Desktop.

(click for better view)

NOTE: The calendar shown is Rainlendar which has Windows and Linux versions. Rainlendar Lite is freeware, Rainlendar Pro (allows calendar network sharing and MS Outlook sync) is shareware license-fee.

What I run on both my WinXP Pro desktop and Mint laptop is Rainlendar Lite.

SECURITY - Department of Defense 'Cyber Command'

"Is the U.S. Prepared for Battle in Cyberspace?"
PBS Newshour 7/14/2011

"Pentagon Gears Up for the Digital Battlefield"
PBS Newshour 7/14/2011

Monday, July 11, 2011

MALWARE - Rootkit Threat to NTFS Loader

I'm posting this because of the high danger of this type of malware.

"New Rootkit Infects NTFS Loader" by Lucian Constantin, Softedia 7/6/2011

Security researchers from Kaspersky Lab have identified a new piece of malware which writes malicious code to the NTFS boot loader.

The threat which Kaspersky detects as Cidox, features two rootkit drivers, one for 32-bit versions of Windows and one for 64-bit ones.

As part of its infection routine Cidox determines the version of the operating system and copies the relevant driver to the empty sectors at the beginning of the drive.

It only infects NTFS partitions and determines the active one by looking at the MBR code. It then proceeds to replace the Extended NTFS IPL (Initial Program Loader) code. The original one is encrypted and saved at the end.

This is part of a special technique that leverages Windows kernel features to load the malicious driver into the system.

The driver has the purpose of hooking into several processes including svchost.exe, iexplore.exe, firefox.exe, opera.exe and chrome.exe via a special DLL.

"This library modifies any browser output, substituting it with its own. As a result, the user sees a browser window displaying an offer to renew the browser due to some malicious programs allegedly detected on the system," Kaspersky's Vyacheslav Zakorzhevsky explains.

This threat is effectively a form of scareware, as the user is asked to pay for the browser renewal by sending an SMS message to a premium rate number.

In order to appear more convincing, there are custom pages for each browser borrowing design elements from other official ones displayed by their developers.

This is one of the most sophisticated scareware threats currently in the wild, but at the moment it only appears to target Russian-speaking users.

It seems that malware authors are increasingly using advanced techniques. One of the most dangerous threats at the moment, the TDL4 rootkit, infects the MBR (master boot record) in order to hide itself.

NOTE: Although I could NOT find the exact references to "Trojan-Dropper.Win32.Cidox" stated in the Zakorzhevsky article, Microsoft Malware Protection Center had the following references:

Note the Softedia article says "new" but I found references to NTFS Loader threats, at several virus sites, back in 2009.