CyberSec.eu

MasterCard has announced that it will be rolling out new credit and debit cards with integrated display screens, in an attempt to further prevent bank fraud.  The cards, developed by NagraID Security, resemble their regular counterparts, but – when an integrated button is pressed – display a one-time passcode that can be used to authorize online and phone transactions.

*** The bad things you don’t know about such proxies ***
Unfortunately the other site of the coin looks much worse:

• You don’t know who run these proxies
• You don’t know if these proxies are secure and clean from any malware and drive-bys
• You don’t know the intentions of the persons who runs these proxies (maybe they have mean ill?)

But you have must be aware of one fact: Those proxies aren’t anonymous! Web Proxy scripts like Glype&Co have a free configurable option wheter the administrator of the (glype-) proxy wants to log the requests which are passing his proxy or not. And you can be sure that the most Glype administrators will do.

Enterprises can easily scan for infections and remove them. The Aurora inoculation shot is digitally signed by HBGary, Inc., and utilizes existing Windows management API’s to identify infected machines. No files are copies over the network, the scan and optional removal is completely remote. WMI must be enabled in your Enterprise for inoculation shot to work. Command line instructions are as follows:

To scan a single machine:
InoculateAurora.exe -scan 192.168.0.1
InoculateAurora.exe -scan MYBOXNAME

To scan multiple machines:
InoculateAurora.exe -range 192.168.0.1 192.168.0.254

To automatically attempt a clean operation:
InoculateAurora.exe -range 192.168.0.1 192.168.0.254 -clean

To scan a list of machines in a .txt file:
InoculateAurora.exe -list targets.txt

There are indications that the system crashes and the dreaded blue screen of death (BSoD) that many Microsoft Windows users reported suffering after installing this week’s batch of security updates may be caused at least in part by malware infestations on the affected machines.

Patrick W. Barnes, a systems administrator at Cat-man-du, a technology services firm in Amarillo, Texas, said at least three different customers came into his shop with the same blue screen of death after installing Tuesday’s patches on their systems. Barnes said that on closer inspection, he found that each had been previously infected with a rootkit, a set of tools sometimes installed by malware that are designed to hide the presence of the infection on the host system.

Unless you have been living under a rock for the past few days, you probably have heard about some big changes Google has made regarding an attack on its infrastructure. Here is what we know:

• First, the Who and What: Google detected a coordinated attempt by Chinese entities to compromise the accounts of Chinese dissidents. David Drummond, Google’s chief counsel, said, “A primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists.” According to George Kurtz at McAfee, the attacks were part of a large-scale, well-organized operation called Aurora. As a result, Google has stopped censoring its search results in China, and has considered pulling out of the country entirely.
• Second, the How: as this story has played out, a second wave of stories emerged about the attack vectors. Microsoft has released a bulletin stating that a zero-day exploit in Internet Explorer 6 and higher was the attack vector. McAfee’s George Kurtz confirms that IE 7 and 8 vulnerabilities were used. iDefense speculated that PDF-phishing may have been a vector too. But it has not been shown definitively to be an attack vector yet.
• Third, the attacks were not just about dissidents. The attacks appeared to be part of a coordinated campaign that targeted the intellectual property of a wide swath of the US industrial base, including Dow Chemical, Symantec, Yahoo!, Northrop Grumman, and Juniper Networks.