VeriSign has announced an immediate transition to the SHA-1 algorithm on new RapidSSL brand certificates. Additionally, VeriSign is offering free re-issuance of RapidSSL Certificates on the SHA-1 algorithm to replace those created with MD5. The transition to the SHA-1 algorithm came within a few hours of the public unveiling of an MD5 flaw presented by researchers during the 2008 Chaos Communication Congress (CCC) in Berlin, rendering the MD5 flaw ineffective for all new RapidSSL Certificates.

During the Berlin event, researchers presented findings that highlighted an MD5 collision attack using substantial computing power to create a false SSL Certificate using the RapidSSL certificate brand. The attack was a potential method to create a new, false certificate from scratch and required the issuance of new certificates, meaning existing certificates were not targets for this attack.

VeriSign has been phasing out the MD5 hashing algorithm for years. Until the MD5 exploit was made public, VeriSign had planned to discontinue the use of MD5 in customers' certificates by the end of January, 2009. VeriSign has since discontinued using MD5 when issuing RapidSSL Certificates and has confirmed that all other SSL Certificates that VeriSign issues are not vulnerable to this MD5 attack. VeriSign will continue on its path to discontinue MD5 in all end entity certificates by the end of January, 2009.

Back to Top

K7 Computing has created a solution to the internet worm “Downadup” (also known as Conficker) which exploits the Microsoft Windows Server Service. This vulnerability could allow remote code execution, which may result in easy exploitation of the Windows computers by the attacker without authentication. To counter this latest security threat K7 Antivirus Experts have developed “K7Downadup Remover Tool” - a solution that neutralizes this family of threats.

On analysing this worm, K7 Virus Experts have found that the worm may hook the system start up and would be present in the Windows Registry in several random names such as boot, center, config, driver, installer, image, universal etc. Also, the worm is smart enough to attempt to abort any security protection by searching for process strings including Symantec, ESET, Kaspersky, K7 and many more. Although all K7 Antivirus users are protected from infection by the latest updates, previously infected and unprotected machines may need to clean up their computers first, to neutralize this security threat. Users should also patch their Windows Operating system with Patch MS08-067.

K7 Computing is now providing a simple tool to aid removal for infected users. The “K7DownadupRemover” tool is a console application that scans and removes Worm.Win32.Downadup malware files and associated registry entries from an infected machine. It also uses a generic & heuristic method to identify the presence of this malware and even quarantines this in a minimal time, to protect the users’ PC from further infection.

Back to Top

Kaspersky Lab has detected a new malicious program capable of controlling a user’s mobile phone account. Kaspersky Lab experts detected a new malicious program for Symbian that targets customers of an Indonesian mobile phone operator. The Trojan is written in Python, a script language. It sends SMS messages to a short number with instructions to transfer part of the money in the user’s account to another account, which belongs to the cybercriminals.

There are five known variants of Trojan-SMS.Python.Flocker, from .ab to.af. The amounts transferred range from $0.45 to $0.90. Thus, if the cybercriminals behind the Trojan manage to infect a large number of phones, the amount transferred to their mobile phone account as a result could be quite substantial.

Back to Top

Cyberoam has announced the Q4 2008 email threat trend report, prepared in collaboration with its partner Commtouch. The main highlight of the report was a huge drop in global spam in November to its lowest levels at 59%, from an average of 90+% earlier, due to the shutdown of McColo, one of the largest and most notorious spam-friendly web hosting service provider. This decline, bringing spam levels to a third of the normal volumes, was marked by three weeks of significantly lower spam activity, and finally, a slow increase.

Another significant story was the global financial crisis which has become an important pretext for spammers trying to lure unsuspecting email recipients with fake job offers, instant loans and cash advances. Also, in the mean time, people received a flood of US election-related spam and malware, the attackers’ motive being to steal personal information through phishing links or to install malicious software in visitors’ computers.

Back to Top

IT security and control firm Sophos is calling on Twitter to enforce the use of strong passwords by its members following the recent publication of details on how a hacker managed to gain access to Twitter's internal systems earlier.

According to reports, the teenage hacker, who uses the online handle GMZ, claims he gained entry to the micro-blogging site's administrative control panel by using a dictionary password guesser at a Twitter staffer's account. Unfortunately for Twitter and its hacked users, the staff member had chosen the dictionary word “happiness”. GMZ claims that he did not use other hacked accounts himself, but posted a message on a hacking forum offering access to any Twitter account by request.

“What lessons can be learnt from this incident? Firstly, you should never use an easy-to-guess password to secure your online website accounts. Using a dictionary word like “happiness” shows a complete lack of knowledge about how to use computers safely," explained Graham Cluley, senior technology consultant at Sophos. “Twitter could help avoid this problem by insisting that passwords are not known dictionary words, or forcing the use of numbers and other characters—such as underlines, exclamation marks and percentages - in users' chosen passwords.”

"Secondly, Twitter and other websites should be able to tell when hackers are trying to brute-force their way past a password. GMZ says he ran his automatic password guessing program overnight before it finally broke its way in. There's no reason why Twitter couldn't, say, notice that someone has entered the wrong password three times in a row, and then insist they wait 15 minutes before trying to log in again," continued Cluley.

Back to Top

IBM announced a set of actions to bolster its security solutions that can help clients save costs while navigating the "perfect storm" of security threats created by a global economic slowdown, unprecedented cybercriminal activity, and costly and complex legacy security infrastructures.

The actions by IBM's Internet Security Systems (ISS) division were prompted after IBM X-Force, an elite team of security experts, detected two startling developments. First, they identified a 30 percent increase in network- and Web-based security events over the last 120 days, with the total number rising from 1.8 billion to more than 2.5 billion worldwide per day, according to data pulled from its managed security services client base of approximately 3700 clients worldwide. Second, IBM detected a 40 percent increase within the last 120 days in its clients' access of IBM virtual security operations centers.

IBM's managed security services clients—businesses and governments around the world—can use the virtual operations centers (VSOCs) to monitor and verify network- and Web-based attacks. A significant portion of the increase came from clients that had not previously logged in to the security operations centers in more than six months.

Back to Top

Sophos has published its report on the latest trends in spam, and revealed the top twelve spam-relaying countries for the final quarter of 2008. The investigation reveals that, five years after Bill Gates predicted spam would be eradicated, it remains a major problem for computer users as spammers veer away from traditional techniques and get creative—with no end in sight.

On 24 January 2004 at the World Economic Forum in Davos, Switzerland, Bill Gates declared that spam would be ‘a thing of the past’ within two years. However, with the prophecy’s five year anniversary approaching, experts at SophosLabs have revealed that the latest figures for Q4 2008 indicate that spam is still causing problems for computer users and assuming more guises than ever before. Furthermore, more spam is malicious and often designed to infect users’ computers via sophisticated malware attachments or a link to malicious or infected websites, in order to steal sensitive information.

Back to Top

Organizations continue the migration toward the use of electronic documents to replace traditional paper-based material. To help authenticate and verify the legitimacy of these documents, Entrust, Inc., is partnering with Adobe to offer specialized digital certificates in support of Adobe's Certified Document Services (CDS) program.

Accessible and affordable, Entrust Certificates for Adobe CDS enable organizations to digitally sign Adobe PDF files with confidence. Recipients will be able to take advantage of visual trust indicators to verify who published the document and confirm whether it has been altered. Entrust Certificates for Adobe CDS work seamlessly with both Adobe Reader and Adobe Acrobat (version 6.0 or later) on the desktop and Adobe LiveCycle Digital Signatures ES on the server.

Developed by Adobe, Certified Document Services is the first broad implementation of document validation technology based on public key infrastructure (PKI). While digital signatures have been successfully used for numerous security applications in specialized environments, CDS uses Adobe's cross-platform clients to automatically validate digital signatures.

Back to Top

Kaspersky Lab announces the release of a technical prototype of Kaspersky Anti-Virus for Windows 7. The prototype is based on the new antivirus engine which provides complex antivirus protection from all types of Internet threats. The new technical prototype of Kaspersky Anti-Virus is designed to secure computers running under Windows 7. The beta test version of Microsoft Windows 7 operating system was released at the beginning of January 2009. Kaspersky Lab simultaneously released its technical prototype providing greater efficiency and complex antivirus protection for the new operating system.

At the heart of the new technical prototype is Kaspersky Lab’s new antivirus engine which is even more effective at detecting malicious programs than its predecessor. The new engine dramatically increases system scanning speed thanks to improved processing of objects and optimized use of system resources, particularly on dual- and quad-core processor platforms. The unique product architecture ensures high productivity and one of the lowest uses of system resources in the industry. The prototype is fully compatible with 32-bit and 64-bit versions of the operating system. Both inexperienced and advanced users will find the solution to be user-friendly and easy to install and configure.

Back to Top

IBM has announced an expansion of its Tivoli Netcool Technology Program, continuing proactive efforts to help communications service providers and enterprise customers lower implementation costs and speed time to market by providing software which manages their network infrastructure and software applications. With more than 30 network equipment vendors and ISVs currently in the program, IBM has plans to double the number of participants in 2009.

IBM Tivoli Netcool products interoperate with more than 1,000 network elements, management systems and software applications. Launched last year, the Tivoli Netcool Technology Program has set a precedent in the Operations Support Systems (OSS) market by providing a framework for the initial development and ongoing maintenance of such off-the-shelf integrations by IBM. Unlike competitors, which pass the cumbersome integration work on to the customer or business partner, IBM does the legwork, building software modules to connect vendor solutions with IBM software.

As part of the Tivoli Netcool Technology Program, IBM develops the software modules with partner vendors’ cooperation—which includes technical information and assistance, roadmap visibility and joint testing where practical. The program offers a different approach since the modules are IBM-developed, and the relationship with vendor partners is focused on interoperability. Juniper Networks and Tektronix are among the 30-plus technology vendors who have joined the program.

Back to Top

During the December 2008 Chaos Communication Congress in Berlin, Germany, researchers presented a demonstration on how to forge apparently-authentic digital credentials—notably SSL digital certificates—by taking advantage of a loophole in the use of the MD5 cryptographic hash function, an older 128-bit function that is still supported by today's Web browsers.

Entrust Certificate Services customers can be assured that all Entrust SSL certificates are based on SHA-1—a hash algorithm developed by the National Institute for Standards and Technology (NIST)—and are not susceptible to this security concern. As a technology leader, Entrust is proactive in its approach to evolving security practices and is very involved in the formulation of new standards, including collaboration with such organizations as the CA/Browser Forum.

Back to Top

F-Secure Corporation is issuing an alert about new versions of the "Downadup" worm. This worm infects Windows workstations and servers, causing various problems. Since New Year, F-Secure has received several reports of corporate networks getting infected with variants of this worm. F-Secure is working closely with affected companies as well as with various CERT organizations to fight this worm outbreak. Downadup (also known as Conficker) is large family of network worms. They are unusually difficult to remove, especially in case of an internal infection inside a corporate network.

Downadup uses several different methods to spread. These include using the recently patched vulnerability in Windows Server Service, guessing network passwords and infecting USB sticks. As an end result, once the malware gains access to the inside of a corporate network, it can be unusually hard to eradicate fully. Typical problems generated by the worm include locking network users out of their accounts. This happens because the worm tries to guess (or brute-force) network passwords, tripping the automatic lock-out of a user who has too many password failures.

Once this worm infects a machine, it protects itself very aggressively. It does this by setting itself to restart very early in the boot-up process of the computer and by setting Access Rights to the files and registry keys of the worm so that the user can't remove or change them.

Back to Top

Check Point Software Technologies Ltd has announced that Check Point ZoneAlarm ForceField provides unique protection against a recently discovered engineered attack that utilizes forged Secure Sockets Layer (SSL) certificates. This type of attack could be used to impersonate any secure Web site on the Internet including banking and e-commerce sites.

First revealed on Dec. 30, 2008, the attack leverages a weakness in the MD5 algorithm, which is used to sign SSL certificates that tie authentic corporate identities to corresponding Web site addresses and public encryption keys. Researchers were able to devise a way to manipulate an official Certificate Authority (CA) and launch an attack that would forge a rogue CA that then becomes trusted by all common browsers. Mixing this type of attack with DNS poisoning, a hacker could forge the certificate signature and end users would believe they are on secure Web sites (indicated by the padlock at the bottom of the screen), when in fact they may be on a fake or pharming site.

Built to fight the emerging classes of browser-based attacks, ZoneAlarm ForceField includes additional security layers that augment its virtualization capability including heuristic anti-phishing, site rating, and keylogger jamming among other features. ForceField also includes an optional "Privacy Mode" that erases all personal information from the local PC after a Web browsing session to further protect consumer privacy.

Back to Top

Aladdin Knowledge Systems has announced the availability of Aladdin HASP SRM SaaS Pass. Utilizing Aladdin’s award-winning HASP SRM solution, SaaS Pass allows on-demand software providers to maximize their revenue by preventing users from sharing their username and password with unauthorized individuals. SaaS Pass allows login access to software-on-demand only from specific, pre-activated machines—ensuring the highest level of secure and controlled access to the hosted application and sensitive end-user data.

The SaaS Pass solution is based on a small client application installed on the end-user’s PC that communicates over the Internet with the service provider’s Web application. The client application, which was pre-activated for the specific PC (using a HASP SRM software key), collects and passes the user name and password to the Web application for validation. To ensure the highest level of security, the user’s password and a server-generated, time-stamp validation string, are encrypted using the HASP SRM AES 128-bit encryption engine, before they are sent to service provider’s Web application. Integrating SaaS Pass requires minimum changes to the service provider’s Web application, and supports any existing username database.

Back to Top

Back to Top

Back to Top

IBM has introduced LotusLive, a cloud-based portfolio of social networking and collaboration services designed for business. LotusLive will extend customers' current investments and link to everyday business services. LotusLive.com is now the place to find all of Lotus' cloud solutions including email, collaboration and Web conferencing services.

LotusLive is designed to help companies work smarter by making it easy for them to connect and work together—with an emphasis on simplicity and ease of use. LotusLive's online services give businesses of all sizes access to Lotus' rich collaboration tools without requiring an up-front investment in IT support resources or infrastructure.

Back to Top

Doctor Web has launched beta-testing of Dr.Web anti-virus for MAC OS X run on Macintosh machines featuring Intel processors. Dr.Web anti-virus for Mac OS X provides a user with a range of useful features. Dr.Web scanner ensures a prompt anti-virus check of a system and connected removable data storage devices. If a threat is detected, you will receive a warning from Dr.Web and will be able to choose a desired action (cure / remove / quarantine). You may also decide to use a default action specified for a certain type of malware. Dr.Web for MAC OS X also allows specifying the maximum size of a quarantine directory and creating exceptions lists for files and folders that should not be checked. The License Manager provides a simple license management mechanism for downloading demo and license key files, viewing license information and renewing.

Back to Top

Quest Software has provided the SQL Server market with advanced, high-performance backup compression and encryption via LiteSpeed for SQL Server. Now Quest brings this same high-quality, cost-cutting backup and recovery technology to the Oracle platform with the launch of LiteSpeed Engine for Oracle.

The strain of today’s current market conditions combined with increasingly high-volume, diverse database environments underscores the need for quickly realized cost savings and optimal use of IT resources. LiteSpeed Engine for Oracle offers database administrators (DBAs) an advanced tool that cuts storage costs, reduces backup and restore times and delivers a solid return-on-investment. Oracle DBAs charged with handling secure backup and recovery strategies on a lean budget can realize 70 to 90 percent compression with LiteSpeed while maintaining complete control over the backup and recovery process.

LiteSpeed Engine for Oracle is tailored to the needs of Oracle and cross-platform DBAs, integrating seamlessly into Oracle’s Recovery Manager (RMAN) and export backup strategies. Other benefits of LiteSpeed’s low-impact compression technology include: Backup size reduction of up to 90 percent; Backup and restore times reduced by up to 50 percent; four different levels of encryption; direct integration with Tivoli Storage Manager; support for Oracle’s Media Manager architecture.

Back to Top

Current research shows 73 percent of U.S. consumers don’t know where to go to find information on using digital devices and services. A new Web site launched today taps into that void to help consumers fully enjoy their digital lifestyle and protect their personal information as they buy, surf, communicate and travel.

The site www.JustAskGemalto.com is a place where people can go for expert advice on topics such as Internet security, online payment, password management, credit card fraud, cell phone usage, identity theft and more. Until now, no one site has gathered all these different topics in one place. As the use of our digital information spreads, we as individuals have a role in safeguarding it more than ever.

On www.JustAskGemalto.com consumers can read about how to better enjoy the conveniences of the digital world and take actions to safeguard their identity and personal and financial information. The Web site’s Q&A formatted content is organized along six themes: Buying, Surfing, Traveling, Communicating, Working and Personal Data. Written in plain speak, it introduces terms people need to know, explains the benefits as well as risks and offers advice on how to protect oneself.

Back to Top

SafeNet has proclaimed that its Luna SA hardware security module (HSM) is the first HSM to work with Microsoft SQL Server 2008 for greater application security and performance by offloading select management functionality. Microsoft SQL Server 2008 is a relational database management system that provides organizations with a highly secure data platform for storing and managing sensitive data. Integration of SafeNet’s Luna SA HSM with SQL Server 2008 will enable customers to store the server’s master cryptographic keys—the foundation of any robust security solution—within the hardware solution and not the software.

SafeNet’s Luna SA resolves this risk of exposure and challenge by keeping the keys away from the data. The Luna SA is a network-attached HSM for applications where security and performance are the priority. HSMs are physical devices that keep business critical cryptographic keys at the highest security level. The Luna SA can be leveraged by many servers, offering the ability to securely partition and share the HSM resource and extend the data platform environment in a cost-effective manner. The Luna SA, together with the Luna PCI, offers customers of Microsoft SQL Server 2008 two flexible encryption options for their deployment scenarios.

In addition to the Luna SA, SafeNet is also enabling its Luna PCI HSM to work with SQL Server 2008. The Luna PCI is a high-security cryptographic PCI accelerator card that is embedded directly into the database server for added security and provides accelerated cryptographic performance and CPU offload.

Back to Top

Gemalto announces that its Ezio Pocket Reader is the first fully certified reader made available to the market for MasterCard Advanced Authentication for Chip. The Advanced Authentication for Chip specification allows two-factor authentication on any EMV card already in use, whether or not it has been personalized according to the MasterCard Chip Authentication Program (CAP). It also supports financial institutions in markets where off-line PIN is not used to verify online customers’ identity. Therefore, the Advanced Authentication for Chip-certified Gemalto reader makes it easier for banks to deploy strong authentication to their entire base of online customers, as they no longer need to make any changes to their legacy cards. It also enables millions of new banking customers to benefit from increased security for online transactions, by making it accessible in every environment.

Toni Merschen, Group Head Chip at MasterCard, said, “We are pleased to see a leading vendor such as Gemalto delivering solutions to the market that are certified to our global and interoperable standards. Advanced Authentication for Chip is all about allowing Banks to cost-effectively secure remote channels for their customers, which is particularly relevant as they enter more prudent times.“

Back to Top