Farewell Fair Zune

It's been reported that literally every 30GB Zune media player out there have all failed just after midnight last night. Even though it was a day early it is being dubbed the Z2K9 crisis. A user named Michael gave this tip to Gizmodo magazine:
"Apparently, around 2:00 AM today, the Zune models either reset, or were already off. Upon when turning on, the thing loads up and... freezes with a full loading bar (as pictured above). I thought my brother was the only one with it, but then it happened to my Zune. Then I checked out the forums and it seems everyone with a 30GB HDD model has had this happen to them"
There haven't been any official reports from Microsoft as of yet, and no obvious pointers on their website as to where to go for answers. The forums themselves however, are packed with confused portable media starved 30 Gig Zune owners begging for an email from Microsoft.
On a curious sidenote, the 30 GB Zune is suddenly no longer listed as available for sale on their web page, I guess that only makes sense since they don't work. So, I guess for Microsoft it's like this:
Step 1: Pull faulty product
Step 2: Retain radio silence until someone figures something out or it fixes itself
Step 3: ?????
Step 4: Profit

Microsoft Releases Another Hurried Patch

Thanks to the quick and wide exploitation of a flaw in Internet Explorer 7, Microsoft rushes to release a patch. This is the second month in a row that Microsoft had to release a patch that was outside of it's normal monthly "Patch Tuesday" routine. Not all exploits are quite so popular, hence the rush by the Gates' crew. The exploit itself is a flaw in the data binding function of IE7 which can lead to remote code execution as noted in Microsoft's Security Advisory 961051. Several different exploitations of this flaw popped up on the internet lately including an online games info stealing operation that was aimed at Chinese victims. The attack utilized hidden Javascript to redirect visitors to an eventual behind the scenes download. Another attack used SQL injection to infect thousands of sites. After infection these sites began serving up a worm via hidden iframe to all who visited in an attempt to assemble bots for the attackers.
This patch is supossed to be available today, and I would suggest getting it as soon as possible if you're a regular IE7 user, if you're not Microsoft says you may be alright until their next regular updates package is released, but I would suggest getting it anyway just to be safe.

Google Notebook Exploited

Today we are seeing a huge influx of spam emails that are using Google Notebook as a means to deliver spam content to millions. The Notebooks are provided by a free service that allows users to paste information into them while browsing the web. Users can choose to make that notebook public so that they may be viewed by anyone and thus the huge gaping flaw. Spammers are filling notebooks with their spam content and spamming links to these notebooks out to millions. The Google Notebooks are being used to deliver advertisments for Pornography and Prescription drugs.This is the latest example of free services being abused and used to aid spammers in their ultimate goal, to reach as many inboxes as possible. This technique is helpful to spammers as it makes URL filtering much less effective since the link being sent is to google.com. The fact that this domain is so recognizable and trusted by most would also increase the likelyhood that someone would click the link.
A message received would look like this:



The link takes you to a Google Notebook such as the following:

In addition we have also been seeing another one of Google's free services being exploited to deliver spam. Today we are seeing a huge push of messages containing links to docs.google.com. This is another service that is available to anyone and again users can publicly share documents with seemingly no oversight. Spammers are also using this space to host their spam content and using a delivery vector identical to the messages from above.

Here is an example:

Link in the above message takes you here:

SonicWall Drops the Ball

According to several reports around the interwebs, and many angry subscribers, a glitch in a license server for SonicWall's firewall and email security products malfunctioned causing users' license keys to be reset, which in turn made all of these licenses to appear to be invalid and opened the flood gates for the once protected users of SonicWall products. Essentially the SonicWall products were deemed useless against attacks against networks and email-borne attacks such as viruses from early Tuesday morning to late yesterday afternoon once the server was repaired and users all had to resynchronize their products with them.
As you can imagine many users were angry, and many of them turned to SonicWall's forums to express themselves, such as these posts:

"I'll say it to whoever I need to say it to. This is unacceptable, We are a 100 million dollar 'technology' defense contractor with serious security considerations, and I can't just have SPAM and VIRUSES pouring into my network for half a day." - Rhouseholder

"Say goodbye to one customer -- I will not be renewing," wrote another user, called "Pcicanada." "My systems spent most of the day completely exposed."

SonicWall's staff explained that an outage caused the inital issue, the "malfunction" part was that there was supossed to be protection in place to prevent any sort of subscription issues in the event of an outage. The actual notice to subscribers that went out after the issue was repaired looked like this:

"You are receiving this mail because our monitoring systems indicate that your SonicWall product(s) may have been affected. This may have caused the product license key to be reset, and in some cases may have affected the products' operation," the notice said. "The issue has been corrected and all servers and licensing functions have been restored."

If you were running a SonicWall product and were as of yet unaware of this issue, it may be a good time to start scanning your network.

New Windows Worm Reaches Half a Million Machines

A recent report states that the new Windows worm dubbed Conficker has now infected over 500,000 PC’s worldwide and is still growing. It is said to be spreading mostly over corporate networks with its highest concentration in the United States. Conficker targets an exploit in the RPC functions of the Server service of unpatched Windows machines. Machines that are infected have yet to apply the security update [MS08-067] that was released by Microsoft in late October.
Conficker "opens a random port between port 1024 and 10000 and acts like a web server." Once infected, the computer "will download a copy of the worm via HTTP using the random port opened by the worm. It is also interesting to note that the worm patches the vulnerable API in memory so the machine will not be vulnerable anymore. It is not that the malware authors care so much about the computer as they want to make sure that it won't be infected by other malware" Microsoft said.
This is a perfect example of why we are facing unprecedented levels of Malware infection lately. We have seen the formation of a Botnet that [by number of machines] rivals some of the largest in existence and this happened in a matter of weeks. This type of infection happening so quickly is not a surprise considering the number of unpatched computers that are out there.
Recent statistics released by Secunia a “vulnerability intelligence provider” states that less than 2% of all Windows PC’s are fully patched. This leaves an astounding 98% of these machines that had at least one installed application that is vulnerable to a known security flaw. The data was taken from 20,000 users of the free software inspector. These numbers would indicate that PC’s are ripe for the picking for malware authors.
Here are the particulars from Secunia:

· No insecure programs: 1.91% of Windows machines
· 1-5 insecure programs: 30.27% of PCs
· 6-10 insecure programs: 25.07% of PCs
· 11+ insecure programs: 45.76% of PCs

One way to avoid this happening is to keep up with the most recent Windows updates. You can also protect yourself by updating any software for which there is a new version available that corrects one or more security flaws.

SMS Phishing

Maybe you've noticed by now, but around every corner is someone trying get something for free. This is especially true in the digital world. Internet crime is everywhere, from pharmaceutical sites, to malware that logs your keystrokes, to 419 scams, to money mule services. One online scam that is rampant is the old phishing scam. Phishing, if you don't know by now is when cyber-criminals pose as a credible institution in an attempt to trick you into divulging your sensitive information, such as your banking credentials, or social security number. Phishers oftentimes take this information and sell it in bulk to other thieves as opposed to using it right away, by doing this they still make their money and it helps blur the trail for the authorities, which are still highly inefficient when it comes to cybercrime.
Phishing comes in many forms, the most prevalent is the fake email from what appears to be a bank (and sometimes they even guess right, and it appears to be from your bank). Sometimes, in the case of spear phishing, which is more of a targeted phishing attack, they'll even call you on the phone pretending to be your bank, and other times they'll resort to SMS phishing and send a text to your phone. Here is an example of a SMS phishing attempt our CTO received yesterday. The text read "You need to verify your MAX FCU account (unusual activity), cal 888xxxxxxx". I would hope people would know by now that texting is not an official communication channel for any financial institution. Here's what could be heard on the other end of that toll free number...

It is often very hard to catch these criminals, so the best thing you can do is protect yourself, and prevent yourself from being a victim. NEVER give out your information over the phone, or in an email. Your bank will NEVER ask you to do so. When you are banking online make sure you have a secure connection (look for https: in the address bar, and the little lock at the bottom left of your browser, or in your address bar), and go directly to your bank's website, never follow a link to log-in, especially out of an email. Be safe.

Florida Agency for Workforce Innovation Loses 250,000+ SSNs

Do you live in florida, or have you lived in Florida in the past 6 years? Have you ever participated in the Florida Jobs One-Stop Program? If so, it is very likely that your Social Security Number, and possibly your tax information has been stolen.
It would seem that the Florida Agency for Workforce Innovation (AWI, or Florida Jobs) has lost employment information and more than a quarter million social security numbers by posting them online last month, including the social security numbers of at least fifty children. All information that had been gathered by the agency had been stored in Excel files on an offline server for the better part of six years. During the course of developing a new website, the server that contained all of the sensitive information was brought online, and exposed to the world as the server had no password protection, no encryption, and no firewall, so anyone with a computer could get on and take or leave whatever they'd like.
According to the National ID Watch website, "This is by far the largest breach we have documented at National ID Watch," explained Aaron Titus, Privacy Director for the Liberty Coalition. "Online breaches are among the most severe, because once information is placed online, you throw it to the Internet winds and it's impossible to get back. There's no way to tell if someone in China or New York has a copy, or how long they plan to keep it."
If you have ever participated in the Florida Jobs One-Stop Program since 2002 you are encouraged to visit National ID Watch to get your Identity Exposure Report and find out if you were affected. Be aware though, that this site uses a name based search, so if you have a common name, it's likely you'll get a result. The site does give good information on what to do next if your name does match one in the affected list.

Cyber Monday

Today is considered to be "Cyber Monday". It's the Monday immediately following Thanksgiving, and "Black Friday", which is supposed to be the busiest shopping day of the year as retailers offer ridiculous sales in order to entice shoppers to come out and get their Christmas shopping done. Cyber Monday is slated as the busiest online shopping day of the year where according to Robert Williams, CEO of Conversive, a customer-service software company for online merchants, "...consumers are expected to spend $821 million this year, up 12% from 2007". Forrester Research predicts "Monday may be the biggest day in a $44 billion online holiday shopping season".
There is a cause for concern though, the more people that are turning to online shopping, the more scams and tricks that will be out there waiting for them. Especially in our current recession, and shaky at best economy, people are likely going to be drawn in by deals that are too good to be true where the cyber criminals will be waiting for them.
Make sure you protect yourself and your computer by making sure that all of your software is up to date. Make sure to remove any extra erroneous applications you may have on your computer to avoid other possibilities for exploitation. Only use online companies that you know and trust, and that use proper web security. If you don't know of the company, make sure you give yourself plenty of time to research them before you hand over your account info. Monitor your accounts, and be smart, don't let laziness override your own protection.