You’d think you could just pop off a few bricks to break into a Lego safe, but you’d be wrong.

Check Point software, developer of the popular ZoneAlarm suite of security software, is celebrating fifteen years in business by offering ZoneAlarm Pro as a free download through Wednesday evening.

The professional version of ZoneAlarm features a firewall, security checking for the operating system, anti-spyware features, and identity theft protection. The company’s standard free firewall, ZoneAlarm basic, contains only basic inbound and outbound network traffic protection.

Today’s malware, both spyware and viruses, are more infectious and resistant than ever. Where a single utility like AdAware may have once done the job, today’s virulent malware requires an arsenal to eliminate. That’s why we recommend Hitman Pro as our download of the day.

Hitman Pro shines for condensing eight powerful malware-removal applications under a single convenient interface. While eight programs sounds like a lot, believe that it may not be enough to deal with some of the day’s nastiest malware. Therefore we recommend that you add it to your repertoire as the first line of defense in cleaning infections, and make use of our trained malware removal experts to do the rest.

A 10th-grader at Shenendehowa Central School in Clifton Park, NY was charged on Thursday with with computer trespass, unlawful possession of personal identification information, and identity theft for allegedly accessing poorly-secured district bus driver records with malicious intent.

New York state trooper Maureen Tuffey describes the act as intentional. “He deceitfully used someone else’s name and password so he would not get caught and was looking to profit from his criminal act,” she said.

(more…)

Microsoft has recently released an emergency patch for Security Bulletin MS08-067 which outlines a vector that leaves NT-derived operating systems vulnerable to attack.

Published on Thursday, MS08-067 outlines a flaw in the Windows Server service which would allow malformed RPC requests to execute remote code without notice. Under the terms of the bulletin, Microsoft describes that computers with WAN-facing ports are particularly susceptible. As such, the deeply-entrenched Windows XP is likely to bear the brunt of future attacks.

Microsoft’s decision to release a patch off of its monthly schedule, a move undertaken only four prior times, demonstrates the severity of the flaw. While the vector has not yet been broadly exploited, the newly-discovered Gimmiv.A trojan demonstrates its potential for abuse.

Users of Windows 2000, Windows XP, Windows Vista and their derivatives are advised to immediately download the security update for their respective operating system. The operating systems in the bulletin’s affected software table link directly to the relevant fix. Additionally, users with the Windows automatic update service enabled have already begun to receive the appropriate patch.

Microsoft announced this morning that an emergency patch for a major security vulnerability will be released in early November. The vulnerability article, entitled “Vulnerability in Server Service Could Allow Remote Code Execution” is listed as “Microsoft Security Bulletin MS08-067 – Critical“.  The patch will be delivered during a non-routine cycle, which indicates the seriousness of the vulnerability.

The vulnerability is a remote exploit through the Windows Server service, and is such that a worm similar to the “Blaster” worm a few years back could theoretically exploit it, meaning a computer could become infected through no fault or interaction of the user. The patch is slated for Windows XP, Server 2003, and Windows 2000. There will be a version for Vista and Server 2008 as well, although those operating systems are less vulnerable to the exploit.

Since 2004, 41 partners from 12 European countries have been aiding the University of Bristol in being the first to commercialize quantum cryptography. The cryptographic devices which are capable of interfacing with traditional networking equipment are now running on six Siemens Austria-provided fiber nodes between 6km and 82km in length.

Dubbed — and rightly so — an unbreakable cryptosystem, quantum cryptography has long been the Holy Grail of encryption as attempts to break the system unavoidably leaves signs of tampering behind. According to the Heisenberg Uncertainty Principle, the observation of atomic motion fundamentally alters the characteristics of an atomic state which makes it incredibly easy to identify and reject data that has been tampered with.

The world’s first quantum encrypted network will be discussed and demonstrated tomorrow (10 October) at 8:00 UTC via the SECOQC site.

In light of the insecurities that have plagued Windows XP, Microsoft was prompted to reveal the User Accounts Control (UAC) feature with Windows Vista. By providing alerts when potentially-risky operations were taken or done on the system, the user would be alerted to the dangers. Unfortunately, UAC did so much prompting that most users simply ignored the box or grew downright indignant with it. In response to user irritations, Microsoft has said that UAC will be returning with Windows 7 but improved based on user feedback.

In the E7 blog which covers the development of Windows 7, Microsoft covered UAC in astonishing detail. In addition to metrics related to the regularity of UAC popups, their triggers, and types, Microsoft pledged an improved UAC experience, saying:

Based on what we’ve learned from our data and feedback we need to address several key issues in Windows 7:

• Reduce unnecessary or duplicated prompts in Windows and the ecosystem, such that critical prompts can be more easily identified.
• Enable our customers to be more confident that they are in control of their systems.
• Make prompts informative such that people can make more confident choices.
• Provide better and more obvious control over the mechanism.

All of which is to say that Microsoft is listening and, while not preparing to ditch the feature, hopes its next iteration won’t be the most hated popup on the planet.

Techware Labs discusses Bluetooth security.

The controversy over internet privacy has swept into public consciousness in the past few years as lawsuits hinging on identity discovery have become more prevalent than ever. Lawsuits regarding piracy, malware, internet harassment and even libel have depended upon identifying anonymous defendants. One subcommittee of the United Nations — known as Q6/17 — is working on a so-called IP Traceback mechanism designed to rapidly uncover the source of digital communications.

Organized by the ITU, an agency of the UN, the Q6/17 group received its first submission from China. China’s record of internally-censoring the internet has historically relied upon their ability to suppress individuals subversive to the regime.  Documents obtained by CNET News reveals the nature of China’s proposal which hoped to guarantee that the originator of digital information could be found. “The IP traceback mechanism is required to be adapted to various network environments, such as different addressing (IPv4 and IPv6), different access methods (wire and wireless) and different access technologies (ADSL, cable, Ethernet),” it reads. The document adds: “To ensure traceability, essential information of the originator should be logged.”

(more…)

Phoronix tests Intel Atom processor disc encryption.

The SilverStone Treasure TS01 RFID enclosure requires you to have an RFID key near it if you want to access the data.

Researchers from the University of Michigan have developed “CloudAV,” a next-generation anti-virus technology. CloudAV seeks to improve PC resource utilization and virus detection rates by shifting the burden of virus analysis into the computing “cloud.”

Jon Oberheide and Evan Cooke, working under the guidance of Professor Farnam Jahanian, tout the cloud’s significant advantages over traditional client-side anti-virus:

• The cloud aggregates the detection results of many anti-virus engines; a feat that would be improbable, if not impossible, on a client system.
• The cloud offers enough resources to provide virtual behavioral analysis.
• The client buys reduced disk and CPU usage at the cost of increased network utilization.
• The burden of application maintenance is completely removed from the client side.

The engine currently consists of detection routines and signatures from Avast, AVG, BitDefender, ClamAV, F-Prot, F-Secure, Kaspersky, McAfee, Symantec, and Trend Micro. Analysis reveals (PDF) that the combined signature databases of these varied anti-virus applications yields a 91% detection rate.

While the technology sounds similar to centralized anti-virus, such as Symantec Corporate, it is quite different. Today’s corporate anti-virus products centrally manage user policies while leaving the burden of scanning and detection on the client end. Under this model, a significant processor and memory footprint is incurred.

Behavioral analysis is one of the more exciting aspects of this technology, according to the developers. Cooke and Oberheide explained that “behavioral analysis allows us to open a file in an emulated environment and trace the execution of a file through a system.” The cloud has enough resources to execute a potentially infected file in a virtual sandbox to determine its impact. This is a significant advance in anti-virus technology that would be impractical to run on a desktop, much less a smartphone.

Other new functionality includes the caching of files in the cloud so that detection isn’t a constant resource drain. Once a file signature is cached, it does not need to be reanalyzed. In effect, a single user that may be running Microsoft PowerPoint would submit the signature data for that version of PowerPoint to all PowerPoint users in the cloud. Because a single computer can contribute all the necessary information, deployments that have a swath of similarly-configured computers would benefit from reduced network overhead.

While the technology is being used in a production environment on the University of Michigan campus, there are no plans to commercialize the product. Agents have been developed for Windows, Linux, BSD, Nokia Maemo, and sendmail. Cooke and Oberheide envision implementations of these clients for ISP, campus and corporate deployments.

We were concerned about privacy in the cloud; specifically, we wondered whether or not we would want our ISP to scan sensitive files for us. They envisioned a hybrid system with a lightweight detection engine on the client side for files somehow tagged as private. Meanwhile the CloudAV technology would remain for system files, executables, and other non-sensitive information.

You can find more information on their website, including links to white papers about the technology.

Neowin is reporting that Mark Dowd (IBM ISS) and Alexander Sotirov (VMware) demonstrated a way to bypass all of Windows Vista’s memory protection safeguards using a web browser. The kicker? It isn’t a vulnerability, per se, but rather exploiting how the entire system is set up. Neowin continues:

According to Dino Dai Zovi, a popular security researcher, “the genius of this is that it’s completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That’s completely game over.”

After news that the DNS flaw is much worse than initially thought, it appears the annual Black Hat conference is having a very productive session.

Security researcher and author Kris Kaspersky recently asserted that flaws in the instruction set of the Intel Core 2 (and derivatives) makes them susceptible to devastating platform-agnostic exploits.

Kaspersky posits that a remote attack via JavaScript or TCP/IP could yield multiple opportunities to damage or cripple any x86 operating system. Infoworld goes on to quote that some of the errata are dangerous enough to permit a hacker to wrest full control of the OS. Other exploits could trigger system crashes, damaged data and restarts.

In the world of CPU architecture, errors in the design of a chip are not uncommon. Most errors, or errata as they are known, are often fixed through subsequent BIOS releases. To wit, Intel’s February release of their errata manual (PDF) describes over 80 different flaws in the design of Netburst and Core 2-based processors.

While Kaspersky plays his cards close to his chest, we are destined to wait for the October Hack In The Box event until we can observe the exploit first-hand. The researcher plans to demonstrate his findings and publicly release the exploit code at the symposium.