Article 43

 

Privacy And Rights

Friday, October 06, 2006

Thousands Of Government Computers May Be Infected By Bots

By Thomas Claburn
Information Week
October 5, 2006

InformationWeek has learned TREND MICRO is researching how PCs, including computers in defense agencies, are infected with software that can be used to mine confidential data, send spam, or launch denial-of-service attacks. But government IT managers challenge those findings, and Trend Micro is backing down on some.

Thousands of government computers may be under the control of cybercriminals. Software botsmalicious code that turns PCs and servers into remotely controlled “zombies” - have dug into the computers of federal and state agencies, security experts say. Once infected, those computers can be used to distribute spam, launch denial of service attacks, and even direct sensitive information into the wrong hands.

Security vendor Trend Micro, which has been studying the phenomenon and is pushing a service to detect bots, reports finding a bot infestation in government computers. Its list of bot-bitten organizations includes the Department of Defense, the Navy Network Information Center, the Pittsburgh Supercomputing Center, Argonne National Laboratory, and the Navy Regional Data Automation Center. At the state level, its list includes the Alabama Supercomputer Network, Arkansas Department of Information Systems, Iowa Communications Network, and Connecticut’s Department of IT.

Trend Micro planned to disclose its findings this week - ostensibly in the interests of public awareness. But as InformationWeek followed up with organizations cited by Trend Micro, some of the vendor’s conclusions were called into question, owing in part to the complexity of tracking these zombie computers. One national laboratory, for example, was initially identified as having compromised machines, but the lab disputed those findings and subsequent analysis by Trend Micro revealed that the spam in question doesn’t appear to have come from computers that were hosted at the lab. Trend Micro has since postponed its announcement and is double-checking the 60 terabytes of data it used to trace spam to bot-infected computers.

At the time this article was filed, Trend Micro said that data pointing to the presence of bots at the Pittsburgh Supercomputing Center and the Navy Network Information Center remained uncertain.

Trend Micro attempts to identify compromised machines by analyzing spam samples received from customers of its filtering service. It’s tricky work, because bot creators employ techniques for covering their tracks. “You have no idea how complex this is,” says Dave Rand, Trend Micro’s CTO. After initially claiming that “tens of thousands” of government computers had bots within them, Rand this week downgraded the tally to 7,000.

That doesn’t mean bots aren’t a problem - they most certainly are for government agencies and businesses alike. Trend Micro estimates there are 70 million subverted computers worldwide and that 8 million to 9 million are used to send spam in a given month. In general, about 60% of zombies are used to send spam and 40% for more destructive means, including phishing, pharming, click fraud, distributing adware or malware, denial of service attacks, surreptitious data theft, and temporarily storing illegal, malicious or stolen files.

While most everyone agrees that the attacks are getting larger, more frequent, and more sophisticated, not everyone sees evidence that bots are a growing problem among government computers. Network security specialist Prolexic says there’s been an increase in the size of distributed denial of service attacks from 3.5 gigabits per second last year to over 10 Gbps in 2006, yet a data sample from the company’s clients doesn’t show evidence of those attacks originating from government Internet addresses. That finding is based on about 40 DDoS attacks monitored by Prolexic in the first seven months of 2006.

After being contacted by InformationWeek, Prolexic operations VP Matt Wilson did a quick search of the company’s computer logs for evidence of bot attacks originating from government computers. “I didn’t see anything that would have indicated mass bot infections within any government agencies or networks,” he says. “That is not to say that they do not exist, simply that they aren’t being used to attack our customer base.”

It’s small comfort, however, because if government systems are being hijacked, it could be for more devious purposes. “Something like that would be much more valuable for targeted mining of things like passwords, e-mail addresses, mapping out government networks,” Wilson says.

Data maintained by e-mail security vendor IronPort confirms the presence of spam-sending bots on government networks. IronPort reports a 40% increase in spam volume since February across government and business accounts. Craig Sprosts, a senior product manager at IronPort, notes that the percentage of spam coming from government accounts is minor - 1% to 2% of the overall problem compared to what is originating from ISPs and other compromised networks.

Security vendor MX Logic also confirms the presence of compromised computers at government addresses. “We are seeing some botnet spam from government networks but the volume appears to be fairly low,” says Sam Masiello, director of threat management for MX Logic. “I’m not surprised that the numbers are low, but there is obviously some vulnerability.” “Fairly low” in this case means that less than 1% of the spam messages received over the past week by the company’s Threat Center on behalf of over 10,000 organizations around the world came from U.S. government IP addresses.

In fact, this is consistent with what Trend Micro is reporting: The US government and contractor sector represents approximately 0.035% of the total number of hosts sending spam worldwide.

Not Immune

Bots land on computers in many ways, including operating system or application vulnerabilities, dictionary attacks that guess passwords, a pre-existing backdoor created by a prior computer virus, and malicious files downloaded via e-mail, IM, or peer-to-peer applications. Bots are frequently installed as a result of human errorחopening a malicious file or visiting an unsafe Web site, for example. Once installed, bots may be able to update themselves or install other malicious software. They’re typically controlled though commands received from an Internet Relay Chat server, and any compromised PC can be turned into an IRC server that can then be used to coordinate a bot network.

Increasingly, bots are using encrypted or covert channels of communication rather than IRC, which can easily be blocked, and they come with keylogging and screen capture capabilities, says Masiello.

A spokesman for the Department of Defense declined to address specific security concerns, including bots, but he acknowledged that the DoD’s computer systems are attacked daily. “The DoD aggressively responds to deter all intrusions,” says Major Patrick Ryder via e-mail. “We’re not immune, but we have a layered defense in place.” Among the steps it takes: intrusion detection software, firewalls, and increased awareness training of personnel.

Mike Skwarek, cyber security program manager and deputy CIO at Argonne National Labs, had not seen the Trend Micro findings nor talked to the security vendor early this week as this story was being researched. But based on the description of Trend Micro’s findingsthat spam received from the vendor’s customers points to Argonne as one source of the problemחSkwarek doesn’t believe the assertions and points to spoofing as a possible explanation. “You can forge where e-mails are coming from. It’s quite easy,” he says.

Once or twice a week, Argonne gets complaints about being a source of spam. Usually, however, its own analysis of the evidence will show that the lab wasn’t actually at faultthat a suspect PC was turned off at the time, for instance. If an Argonne PC gets infected by a bot, all e-mail is blocked from the infected PC. “We have an early warning, and that’s effective,” Skwarek says. Argonne has had two viruses in the past year and a half that may have been related to a bot infection, but those viruses were quickly detected and removed. “We do a good job on the desktop fighting this,” Skwarek says.

While it may be tempting to discount the warnings of security vendors as self servingחbot fever means more business for Trend Microthere’s unanimity about the growing risk of cybercrime. In its list of the top 10 computer security developments to watch for in 2007, released last week, the SANS Institute warns that targeted attacks will become more prevalent, particularly against government agencies. “Targeted cyber attacks by nation states against U.S. government systems over the past three years have been enormously successful, demonstrating the failure of federal cyber security activities,” SANS director of research Alan Paller says in an e-mail. “Other antagonistic nations and terrorist groups, aware of the vulnerabilities, will radically expand the number of attacks.”

Network security vendor Arbor Networks last month reported that DDoS attacks and botnets are the most significant security threat facing ISPs. Arbor contends that bot command and control networks are harder to infiltrate and that today’s bots are more powerful than their ancestors, as well as more difficult to find and remove.

Scott Chasin, CTO of MX Logic, concurs: “Botnets are the most dangerous enemy that the Internet has faced up until now.

Larry Greenemeier and Marianne Kolbasuk McGee contributed to this article.

SOURCE

Posted by Elvis on 10/06/06 •
Section Privacy And Rights
View (0) comment(s) or add a new one
Printable viewLink to this article
Home

Tuesday, September 12, 2006

A Contract Only Microsoft Can Break

By Ed Foster
ED FOSTER’S GRIPELINE
Sep 04, 2006

What kind of contract includes a provision that one of the parties has the right to violate the contract with impunity? Well, the Windows XP EULA for one, as an interesting analysis of Microsoft’s legalese points out.

Several readers have justifiably praised LinuxAdvocate.org’s WINDOWS XP EULA IN PLAIN ENGLISH page in which each section of the current Windows XP Home EULA is printed side-by-side with a clear explanation of what it means. Given the fact that most of us have “agreed” to it or a very similar Microsoft EULA, the LinuxAdvocate’s analysis is definitely worth reading. But the plain English description of one section in particular caught my eye.

The XP EULA’s section on limitation of damages reads:

17. EXCLUSION OF INCIDENTAL, CONSEQUENTIAL AND CERTAIN OTHER DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL MICROSOFT OR ITS SUPPLIERS BE LIABLE FOR ANY SPECIAL, INCIDENTAL, PUNITIVE, INDIRECT, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS OR CONFIDENTIAL OR OTHER INFORMATION, FOR BUSINESS INTERRUPTION, FOR PERSONAL INJURY, FOR LOSS OF PRIVACY, FOR FAILURE TO MEET ANY DUTY INCLUDING OF GOOD FAITH OR OF REASONABLE CARE, FOR NEGLIGENCE, AND FOR ANY OTHER PECUNIARY OR OTHER LOSS WHATSOEVER) ARISING OUT OF OR IN ANY WAY RELATED TO THE USE OF OR INABILITY TO USE THE SOFTWARE, THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT OR OTHER SERVICES, INFORMATON, SOFTWARE, AND RELATED CONTENT THROUGH THE SOFTWARE OR OTHERWISE ARISING OUT OF THE USE OF THE SOFTWARE, OR OTHERWISE UNDER OR IN CONNECTION WITH ANY PROVISION OF THIS EULA, EVEN IN THE EVENT OF THE FAULT, TORT (INCLUDING NEGLIGENCE), MISREPRESENTATION, STRICT LIABILITY, BREACH OF CONTRACT OR BREACH OF WARRANTY OF MICROSOFT OR ANY SUPPLIER, AND EVEN IF MICROSOFT OR ANY SUPPLIER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

In plain English, what this paragraph means of course is that Microsoft isn’t responsible for any damages caused by their software. But because the list of things the company is not responsible for includes breach of contract, LinuxAdvocate’s article points out that this also means “Microsoft is not liable even if they break the terms of this agreement.” I must have read this damage limitation paragraph half a dozen times, since it’s common to many of Microsoft’s EULAs, but that little irony had escaped me.

A quick look at EULAs from other software publishers shows that some do disclaim damages for their own breach of the license agreement and some don’t. Now, considering how one-sided software EULAs usually are, you might wonder what terms are in any of them that the software publisher could violate. But in the case of the Windows XP EULA, Microsoft promises not to collect personally identifiable information in the product activation process and not to share user information it collects with third parties. Could that be why Microsoft’s lawyers decided it would be a good idea to be able to breach their own license agreements?

The real point here though is just how absurd it is talk about software EULAs as if they were real contracts. An agreement that one side can go back on at any time is no agreement at all. That is the real plain English message of the Windows XP EULA - if only a few more judges would get it.

SOURCE

WINDOWS PRIVACY FLEW OUT THE WINDOW
CORPORATE GREED AND MICROSOFT
AN END RUN AROUND COPYRIGHT LAWS

READ MORE...
Posted by Elvis on 09/12/06 •
Section Privacy And Rights • Section Microsoft And Windows
View (1) comment(s) or add a new one
Printable viewLink to this article
Home

Tuesday, August 29, 2006

Kiss AOL Privacy Goodbye

Consumer advocates criticize AOL’s free Active Virus Shield antivirus software licensing agreement.
By Robert McMillan, IDG News Service
August 17, 2006

Just days after posting details of searches made by hundreds of thousands of subscribers, AOL is in hot water again with consumer advocates. This time the issue is with the company’s Active Virus Shield anti-virus software, released last week.

At issue is the software’s licensing agreement, which authorizes AOL to gather and share data on how the software is being used and permits AOL and its affiliates to send e-mail to users. “If you go through the installation, just as any normal user would, there is not the slightest hint of any advertising functionality or data gathering of any kind,” said Eric Howes, director of malware research at anti-spyware vendor Sunbelt Software.

ACTIVE VIRUS SHIELD uses Kaspersky Lab’s well-regarded anti-virus software, and comes with an optional security toolbar that blocks pop-up ads and manages passwords. The software is available for free to anyone who wishes to download it.

Concerns

Although security experts, including Howes, say that Active Virus Shield does not behave in a malicious fashion or serve up unwanted ads, some are concerned that the product’s end user license agreement (EULA) would allow AOL to send spam or serve up adware at some point in the future. “If it actually does any of the things stated in the EULA, we would actually flag it as spyware,” said Christina Olson, a project manager with STOPBADWARE.ORG.

The Active Virus Shield agreement gives AOL much broader rights to collect information and then to share that information with third parties than typical EULAs, observers said.

A prohibition against blocking ads also caught Olson’s attention. “If you have any ad-blocking software up, you’re basically violating their EULA, which is ridiculous,” she said.

AOL in the News Recently

AOL’s licensing problems come at a sensitive time for the company. Earlier this month the Internet service provider weathered a public relations disaster after an AOL researcher inadvertently EXPOSED DATA on about 19 million Web searches performed by 658,000 users.

After being contacted by IDG News, AOL said it now plans to alter the licensing agreement. “We are updating the EULA to address any concerns,” said Andrew Weinstein, a company spokesman. “We are reserving the right solely to send periodic marketing e-mails that users will have the choice to opt out of.”

Adding to AOL’s troubles is the fact Active Virus Shield’s security toolbar is based on a product with a questionable reputation. An earlier version of this software, known as the Softomate toolbar, is flagged as adware by Kaspersky’s own anti-virus products.

“We don’t use the earlier code because it was used by a malware provider,” Weinstein said. “That’s why Kaspersky looks for it.”

Similar to Sony Rootkit Issue?

While AOL’s toolbar is not considered to be adware, observers say that AOL, which prides itself as a fierce opponent of adware and spyware, could have based its own toolbar on a better product. “I don’t understand how a legitimate company like AOL provides software that can be classified as rogue,” said Aviv Raff, a security researcher based in Israel.

After examining AOL’s toolbar, Raff discovered a flaw in the software that would allow hackers to change the toolbar’s configuration options. While the flaw does not in itself present a security risk, it could be used in combination with other types of malicious software to do things like pop up bogus search results, he said.

“The problem is similar to the Sony rootkit issue,” Raff said referring to Sony BMG Music Entertainment’s NOTORIOUS COPY PROTECTION SOFTWARE, which was found to be the source of security issues late last year. “A big company chose an external company’s software and rebranded it as their own, later to discover it might be bad after all,” he said.

Erik Larkin of PC World contributed to this story.

SOURCE

THE PLOT TO HIJACK YOUR COMPUTER
WINDOWS PRIVACY FLEW OUT THE WINDOW
CORPORATE GREED AND MICROSOFT

Posted by Elvis on 08/29/06 •
Section Privacy And Rights
View (0) comment(s) or add a new one
Printable viewLink to this article
Home

Wednesday, August 16, 2006

An End Run Round Copyright Laws?

By Stephen Shankland
CNET News.com
Published on ZDNet News August 15, 2006

What Linux has done for operating systems, the Internet should do for content, a prominent lawyer and activist urged Tuesday.

Lawrence Lessig railed against prevailing copyright laws and urged use of his alternative creation, the CREATIVE COMMONS license, speaking to attendees of the LinuxWorld Conference and Expo here. The license permits content such as music, video, photos or text to be reused and augmented by others in the same way that the open-source and free software movement permits programs to be copied and modified.

Stanford Law School professor Lessig noted that Department of Justice lawyers attacking Microsoft for its Windows monopoly fixated on IBM’s vanquished rival, OS/2. But Linux showed that decentralized, nonproprietary operating systems were viable, he said.

“The fight for free culture is harder than the fight for free software. There were no laws against free software, but there are laws that essentially block free culture,” Lessig said.

In Lessig’s view of the world, lawyers, lobbyists and politicians are building a world of “read only” cultural content. It’s “culture that, like potato chips, is to be consumed, not created,” he said. In contrast, the Internet is fostering “read-write\” content that is collaboratively produced and remixed by groups of people exchanging information.

“Copyright presumptively conflicts with the read-writeInternet. Every single use requires regulation permission to be granted presumptively,” Lessig said.

The Creative Commons license is essentially an end run around that copyright law, and Lessig boasted of its success in the last four years: As of June, 140 million content items on the Internet link back to the license, and Google and Yahoo search engines can filter for content using the license.

Lessig showed a variety of videos that mix animations or news footage with music to illustrate how copyrighted material can be combined to produce political commentary or humor. Such remixing will happen whether or not there’s a legal framework for it, but Lessig argued in favor of building one that doesn’t label the activity as piracy.

“You must ask whether the values built into our society--to ignore the rule of law--are the values we want to raise our children to understand,” he said.

Free networks
Linux has demonstrated that it’s possible to build operating systems and software that lets customers bypass Microsoft’s control. The Creative Commons, Lessig hopes, will do the same in letting people exchange content without reliance on entrenched media powers.

At a lower level, the technology that routes data across the Internet, TCP/IP, is an open protocol. But the physical networks used by TCI/IP give industry players another point to control the flow of information, Lessig said.

Lessig argued that networks need not be closed and proprietary, however, because wireless networks provide a way to bypass the “last mile” of networks that today link customers to networking companies.

“Everyone is focused on the only possible way to build broadband infrastructure, to turn over the soul of the Internet to Comcast and AT&T. I wonder if we’re not missing something,” he said. “There’s an explosion of municipal and ad-hoc wireless networks. The people building them will have no incentive to control how people use the network. As you see these miniclouds exploding above cities, the last-mile problem is solved.”

Networking companies have lobbied aggressively against government-funded wireless networks, arguing that it competes with private-sector services. But people need to look carefully at what the role of governments in supplying infrastructure before labeling supporters of publicly funded wireless networks as Communists, Lessig said.

Nobody complains that there aren’t private companies competing to build streetlights to supply photons when it’s dark, Lessig said. “We have this weird disconnect between what we take for granted about local infrastructure services,” he said.

SOURCE

Posted by Elvis on 08/16/06 •
Section Privacy And Rights
View (0) comment(s) or add a new one
Printable viewLink to this article
Home

Tuesday, August 01, 2006

Corporate Greed and Microsoft

Windows Genuine Advantage and why you should be annoyed.
Computerworld
July 30, 2006

Just when it looks like Microsoft might be coming around, at least somewhat, on the boondoggle that is User Account Control in its upcomig Windows Vista operating system, the company loses all rationality and releases several consecutive betas of Windows Genuine Advantage (WGA) to millions of unsuspecting Windows XP users. Moreover, it has done so via its high-priority security Automatic Updates, Windows Update and Microsoft Update online-updating channels.

WGA is a beta anti-piracy program from Microsoft that’s designed to keep it from losing money on stolen product keys and counterfeit copies of Windows and Office. In typical Big Corporation lie-through-your-teeth-marketing style, Microsoft has named its anti-piracy push to sound as if there were something good about it for customers, when in fact, the only advantage is for Microsoft. For some small percentage of legitimate Windows customers, WGA is going to be a royal pain in the behind, with the potential to make some people very frustrated and angry with Microsoft. And for many other people already teetering on the fence about whether Microsoft is a good company to deal with, it may tip them away once and for all. If you doubt that at all, go search Google for “WGA.”

Bloggers, newsletter authors and computer publications have already reported a good deal about WGA. Unfortunately, the negative impact WGA may have on “man in the street” Windows users hasn’t permeated into the mainstream press. It wouldn’t be difficult for The New York Times, The Washington Post, CNN or Consumer Reports to find average people who’ve been told their legitimate Windows XP or Office 2003 software is a “counterfeit copy.” Because that’s what WGA does. It’s a small sliver of code that watches your computer and tries to determine whether your copy of Windows is legit. If WGA determines your software doesn’t have the proper credentials, it may offer you any of several options for paying up. In other words, WGA sets itself up as Big Brother, watching your PC for possible use of invalid or stolen product keys.

Microsoft has given out only vague information, published in a blog, about the existence of false positives—those times when WGA wrongly accuses Windows customers of having an illegitimate copy of Microsoft software. At least 80% of the pirated or counterfeit software WGA finds involves the use of stolen or repeat use of one-time product keys, where Microsoft has a genuine beef. Has Microsoft (or any software development company) ever written perfect code? Of course not. So there are false positives; We just don’t know how many.

What makes that doubly difficult to sort out—and this is the part that makes it hard for the press to report on WGA—is that not all of the apparent false positives are actually false positives. You may have paid for your copy of Windows, but it may actually be a counterfeit copy. You may have recently brought your PC in for repair, and the repair shop may have used its copy of Windows XP to reinstall Windows on your system as part of the repair process. You may have purchased a used PC sold with Windows XP or Office only to find that you weren’t sold a legitimate license. In some cases, that may even happen with new PCs.

This brings me to the aspect of WGA that I feel is the largest mistake. MICROSOFT IS GOING AFTER IT’S OWN CUSTOMERS—NOT THE SERIOUS BAD GUYS—WITH THIS SOFTWARE. I’m sure it believes it must do this to get the counterfeiters, the repair shops that use the same XP CD and product key repeatedly, the system builders who sell the same license over and over, and the smaller enterprises that, while they have purchased machines that are properly licensed, are using a single Windows image and product key (not acquired through volume licensing) for all their new PCs. But there has to be a better way than alienating hundreds of thousands, perhaps millions, of Microsoft software users who have no idea that they’re somehow violating Microsoft’s product licensing rules. The potential is huge for bad publicity, ill will and a feeling that using Windows is an open invitation to let Microsoft decide whether you need to pay a second time for Windows or Office. Microsoft is apparently more interested in squeezing every last penny out of its existing installed base than it is in preserving customer satisfaction or developing a better mousetrap.

The actual numbers of false positives don’t matter. It’s about the perception. It’s glaringly obvious that Microsoft cares not a whit about individual Windows users. Its only focus is largest volume-licensing customers and OEM PC makers. Since it’s all about Microsoft recouping money, it’s hard not to look at this as corporate greed at the expense of unsuspecting corporate customers and end users. I am personally disgusted by WGA. I’d be willing to bet that at least half the people working at Microsoft feel the same way. They can’t say it; I can.

SOURCE

WINDOWS PRIVACY FLEW OUT THE WINDOW
WILL MICROSOFT SHUT OFF ALL OUR COMPUTERS

Posted by Elvis on 08/01/06 •
Section Privacy And Rights • Section Microsoft And Windows
View (0) comment(s) or add a new one
Printable viewLink to this article
Home
Page 67 of 69 pages « First  <  65 66 67 68 69 >

Statistics

Total page hits 9030680
Page rendered in 1.3008 seconds
40 queries executed
Debug mode is off
Total Entries: 3147
Total Comments: 337
Most Recent Entry: 12/31/2018 07:07 am
Most Recent Comment on: 01/02/2016 09:13 pm
Total Logged in members: 0
Total guests: 11
Total anonymous users: 0
The most visitors ever was 114 on 10/26/2017 04:23 am


Email Us

Home

Members:
Login | Register
Resumes | Members

In memory of the layed off workers of AT&T

Today's Diversion

When we reduce our own liberties to stop terrorism, the terrorists have already won. - Reverius

Search


Advanced Search

Sections

Calendar

January 2019
S M T W T F S
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    

Must Read

Most recent entries

RSS Feeds

Today's News

ARS Technica

External Links

Elvis Picks

BLS Pages

Favorites

All Posts

Archives

RSS


Creative Commons License


Support Bloggers' Rights