STE WILLIAMS

Pranksters managed to hack a TV emergency alert system in Montana on Monday to broadcast an on-air audio warning about the supposed start of a zombie apocalypse.

Viewers of Great Falls, Montana, television station KRTC watching a Jerry Springer-style show (specifically the Teen Cheaters Take Lie Detectors segment of The Steve Wilkos Show) had their ears assaulted by an on-air warning that “bodies of the dead are rising from their graves and attacking the living”. The video of two teenagers squaring up to each other was not interrupted but audio of their argument was replaced by the following brief, but chilling, message. The alert also featured a scrolling warning at the top of the screen naming various Montana counties as targets for the spoof announcement of doom.

Civil authorities in your area have reported that the bodies of the dead are rising from their graves and attacking the living. Follow the messages onscreen that will be updated as information becomes available. Do not attempt to approach or apprehend these bodies as they are considered extremely dangerous.

A slightly longer statement along the same lines was broadcast by another KRTC channel, interrupting a commercial break at the end of a weather report, as recorded by a YouTube clip here. Viewers of this clip were instructed to tune into 920AM on their battery-powered radio if electricity supplies became interrupted.

KRTV quickly repudiated the statement and launched an investigation into the incidents, which it blames on as yet unidentified hackers.

“Someone apparently hacked into the Emergency Alert System and announced on KRTV and the CW that there was an emergency in several Montana counties. This message did not originate from KRTV, and there is no emergency,” the CBS affiliate station said in a short statement on the incident.

“Our engineers are investigating to determine what happened and if it affected other media outlets.”

A brief video clip featuring the warning is embedded in a story by local paper The Great Falls Tribune about the incident, which it reports “prompted quite a few confused phone calls [to police on] Monday afternoon”. Local police have yet to be called in to investigate the incident, the paper adds

“We had four calls checking to see if it was true. And then I thought, ‘Wait. What if?’” Lt. Shane Sorensen with the Great Falls Police Department told the paper. “We can report in the city, there have been no sightings of dead bodies rising from the ground.”

US Motorway signs have been hacked to warn of “zombies ahead” and similar incidents before but the epic KRTV hack takes this to another level. El Reg‘s security desk has considered that it might be an elaborate promo for the current movie Warm Bodies or for the premiere of the second half of the third season of The Walking Dead, which arrived on US TV screens on Sunday. The zombie show drew a series best of 12.3 million US viewers at the weekend. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/02/12/spoof_zombie_apocalypse_warning/

The National Audit Office (NAO) has published a report announcing that the UK doesn’t have enough skilled workers to protect it against online attacks and asking Blighty’s schoolkids to step into the breach.

The number of cyber security professionals in the UK has not increased in line with internet growth, according to the NAO, which blames the skills gap on a lack of promotion of science and technology subjects at school.

The report recommends that schools step up technology and cyber security lessons, in the hope of creating a new generation of IT specialists. But the report says that even if this happens the lack of experts may leave Britain vulnerable to cyber attacks for up to 20 years.

Amyas Morse, head of the NAO, said that “the threat to cyber security is persistent and continually evolving. Business, government and the public must constantly be alert to the level of risk if they are to succeed in detecting and resisting the threat of cyber attack.”

Two years ago, the National Cyber Security Programme allocated £650m over five years to boost the UK’s cyber-security defences, after deciding that cyber threats posed a tier-one threat on a par with international terrorism to the UK’s security. The central power in controlling that budget has become GCHQ, although the police and other agencies have also benefited.

Last year the government announced that it would be putting £8m towards the development of security skills at universities in order to shore up the battle against cybercrime.

Ross Parsell, director of cyber security at defence technology firm Thales, agreed that the government agency should look to schools to provide its future web defence force.

“To tempt talented people into a career in cyber security, the government needs to get them while they’re young,” Parsell said. “Last month’s announcement that the government is to make Computer Science a core subject being taught in British schools is a step in the right direction.

“The challenge now is to ensure that the dots are joined up between policies like this at national level and the curriculum being delivered at our schools, colleges and universities,” Parsell added.

The NAO identified six key challenges faced by the government in implementing its cyber security strategy. These included the need to “influence industry to protect and promote itself and UK plc”; to address the UK’s current and future ICT and cyber security skills gap; to increase awareness so that people are not the weakest link; to tackle cyber crime and enforce the law; to get government to be more agile and joined-up; and to demonstrate value for money.

Its report – published on Tuesday – is designed to set the scene for future political debate about the UK’s Cyber Security Strategy by groups like MPs on the Committee of Public Accounts.

IT security firms nearly all single out the skills shortage as the most important issue covered in the NAO’s UK cyber security strategy: Landscape review report.

Jarno Limnell, director of cyber security for firewall firm Stonesoft, praised the NAO’s analysis and blasted the EU’s new ceybersecurity directive for “throwing money” at the problem.

“The UK NAO report is a breath of fresh air, especially in light of last week’s misguided proposal by the European Union which suggested that cyber threats can be solved by creating more statutes, directives and restrictions,” Limnell said. “Correctly, the NOA doesn’t just recommend throwing money at the problem. The right approach should be based on a strategic and technical understanding of the risk. This is the only way that the appropriate levels of defensive and offensive cyber security measures can be implemented and the relevant expertise acquired or nurtured. This leads to both cost efficiencies and better national security defences against cyber attacks.”

Thurstan Johnston, sales engineer at security tools firm Faronics, said that organisations need to think beyond relying on traditional security tools (antivirus, firewall and intrusion prevention) as well as worrying about recruitment.

“There is no question that a shortage of skilled professionals is extremely detrimental to our cyber defence effort and it is something the government seriously needs to address…

“However, there is not just a skills gap to consider, but also a huge awareness gap that needs to be filled. Many organisations still believe that they are sufficiently protected with just a good security package, which not only indicates blazing ignorance, but also a lazy approach to combating cyber crime that could have expensive consequences.” ®

Bootnote

“The cost of cyber crime to the UK is currently estimated to be between £18 billion and £27 billion,” according to widely diverging estimates about the cost of cyber crime cited by the NAO. It also quotes figures of 44 million cyber attacks against the UK in 2011, again without quoting sources. Do port scans count? Because if they do I could probably get somewhere near that figure just from events on a personal ZoneAlarm log over a month or so alone.

Yes, we exaggerate – but only a bit.

Cyberthreat estimates are a notorious inexact science, as we’ve noted more than a few times, and stats in government reports on cyber-security are best ignored. If health policy were based on a similar unscientific methodology then we might end up prescribing everyone in the UK sugar pills to combat winter flu, after taking evidence from homeopaths, assuming that group shouted the loudest in medical discussions.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/02/12/uk_cyber_skills_shortage/

If at first you don’t succeed, and all that… Oracle now says the emergency Java Critical Patch Update it rushed out the door on February 1 didn’t fix all of the issues it had originally intended to address, and that a revised patch including fixes for the remaining flaws will ship on February 19.

February 19 had been the original date for the February patch, but Oracle opted to push it out on an accelerated schedule after discovering that exploits for some of the vulnerabilities it addressed were operating in the wild.

“As a result of the accelerated release of the Critical Patch Update, Oracle did not include a small number of fixes initially intended for inclusion in the February 2013 Critical Patch Update for Java SE,” Oracle’s Eric Maurice wrote in a blog post on Friday. “Oracle is therefore planning to release an updated version of the February 2013 Critical Patch Update on the initially scheduled date.”

Oracle has been struggling to re-establish the credibility of its Java security patching process – particularly where the Java browser plugin is concerned – ever since August 2012, when news first emerged that Java flaws were being actively exploited by malicious websites.

At the time, researcher Adam Gowdiak of Polish startup Security Explorations said he had alerted Oracle to the vulnerabilities months earlier, but that rather than releasing patches for them, the database giant had been dragging its feet.

Under pressure from mounting public outcry, Oracle eventually issued an out-of-band emergency patch for those first-reported flaws. But mere days after it did so, still more vulnerabilities were discovered in the same code.

Since then, Oracle and hackers have played a continuous game of Whac-a-Mole as more and more flaws have popped up, with most security experts advising users simply to disable the Java plugin altogether, rather than wait for Oracle to get its security house in order.

In this latest episode, Oracle says its revised February 2013 Critical Patch Update does not alter the major fixes that were released on February 1, but will merely include the other fixes that weren’t yet included in the bundle when it was released ahead of its original schedule.

Oracle did not say which fixes were next on the agenda or how critical they were, but said that it would issue a revised Critical Patch Update Advisory including all the relevant information at this location, also on February 19.

Following that release, and assuming no new crises crop up in the meantime, the next Java Critical Patch Update is due to arrive on June 18, 2013. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/02/12/oracle_february_java_fix_redux/

Japanese cops have cuffed a suspect in a high-profile cyber threat and computer hacking case that had police examining a cat for clues at one stage of the investigation. Police said a memory stick found on a cat’s collar led them to make the arrest.

However, a whopping four innocent people, including an anime director, have already been mistakenly arrested for the incidents to which the current suspect has been linked. The man denies any wrongdoing, and was reported by English-language Japanese newspaper Yomiuri Shimbun as protesting, “That’s not true at all” during his arrest.

Yusuke Katayama, 30, from Tokyo, was nabbed on Sunday over alleged involvement in a trolling operation that involved posting threats to online message boards through hijacked computers. One of the messages threatened mass murder at a comic book convention while another warned of supposed plans to assault a school and kindergarten attended by Emperor Akihito’s grandchildren.

Four other people whose computers were hijacked were arrested between July and September last year before forensic examinations of their respective computers cleared all four of any wrongdoing. The Japan Daily reports that this proved hugely embarrassing for Japan’s National Police Agency, which was forced to admit it had obtained “confessions” from innocent parties.

Katayama is suspected of sending a message to reporters on 5 January claiming responsibility for the threats, which the missive had claimed were motivated by a desire to expose police incompetence. The email asked recipients to solve a puzzle stored in a memory card embedded in the collar of a stray cat, living on a small island called Enoshima.

Police duly discovered the memory card, which appeared to contain the source code for a computer virus and text that apparently described the perpetrator’s motives. According to Yomiuri Shimbun the text read: “I found myself involved in a crime in the past. Even though I was innocent, it forced me to completely change my way of life.” The report shows the suspect being led away by police.

Police claimed that CCTV footage showed Katayama approaching the cat and reportedly taking its picture the day before led to the arrest of the 30-year-old, UPI reports. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/02/11/japan_online_threat_arrest/

IT security biz Bit9’s private digital certificates were copied by hackers and used to cryptographically sign malware to infect the company’s customers.

The software-whitelisting firm’s certificates were swiped when its core systems were hacked last week. The intruders then signed malicious code and distributed it to the company’s corporate clients.

A number of Bit9’s customers were subsequently infected by the malware because the software was – thanks to the purloined certificates – regarded as safe by networks guarded by Bit9’s technology.

Bit9 confessed to the breach in a blog post on Friday, blaming the incident of an “operational oversight” and human error that exposed its core systems to attack, rather than any shortcomings with the security services it sells.

Due to an operational oversight within Bit9, we failed to install our own product on a handful of computers within our network. As a result, a malicious third party was able to illegally gain temporary access to one of our digital code-signing certificates that they then used to illegitimately sign malware.

Bit9 said that its subsequent investigation discovered that three of its customers were affected by the illegitimately signed malware. It’s continuing to monitor the situation. In the meantime its has revoked the compromised certificate and patched up its previously insecure systems.

Bit9’s technology is used by parts of the US government and 30 fortune 100 firms, among others, according to investigative journalist turned security blogger Brian Krebs, who broke news on the Bit9 breach.

Its technology is used to mark known good applications as safe to run, rather than keep track of known bad applications and trying to block them.

It’s unclear whether it was Bit9 or its customers who first realised that something was wrong. But it would be ironic indeed if the Bit9-endorsed malware was first picked up by the antivirus scanners Bit9 regularly decries as useless in guarding against the latest generation of advanced, targeted hacking attack.

Bit9 admitted it had been hit by an advanced attack hours after posting a blog post titled “It’s the Same Old Song: Antivirus Can’t Stop Advanced Threats”.

“This incident is a classic example of why relying on one technology to protect your network can be so risky,” notes security consultant Brian Honan.

Honan says the attack aimed to exploit the confidence its client placed in Bit9 in much the same way that the attack against RSA Security was used in attempts to infiltrate the remote access systems of RSA SecurID two-factor authentication customers two years ago. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/02/11/bit9_hack/

‘Let anyone be administrator’ bug in VMware snapped shut

• 
• 
• 

Party’s over, back to be being a normal Windows user for you

By John Leyden • Get more from this author

Posted in Security, 11th February 2013 15:44 GMT

Free whitepaper – AccelOps’ Unified Infrastructure Management Examined

VMware has published a security update for its virtualisation software including its ESX, Workstation, Fusion and View products.

A range of applications made by the EMC-owned vendor should therefore be patched to squash a privilege-escalation vulnerability in the VMCI.SYS driver. The flaw affects host machines running Microsoft Windows and guests running the Redmond operating system.

A malicious local user can, thanks to the bug, manipulate and exploit memory allocations using the Virtual Machine Communication Interface (VMCI). As a consequence an attacker can carry out actions that would normally be restricted to a system administrator, such as configuring the host environment or manipulating guest systems on the machine.

VMware’s security advisory has more on the issue in some depth here. The virtualisation firm credits Derek Soeder of Cylance and Kostya Kortchinsky of Microsoft for independently reporting the security bug. ®

Free whitepaper – AccelOps’ Unified Infrastructure Management Examined

• Send corrections
• 1 commentPost a comment

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/02/11/vmware_update/

A men’s issues website has cried foul after it was apparently classified as a “hate” site by Symantec.

Surfers visiting A Voice for Men (AVoiceForMen.com) were confronted by a message stating that it is a “known hate site” blocking from going any further by web-filtering technology in Symantec. A Voice for Men angrily denounced the move, which it ascribed to settings built into Symantec’s Norton Internet Security software.

Paul Elam, publisher of A Voice for Men, fumed in an open letter to Symantec’s senior management: “Your customers are given no supporting information or rationale for such a listing, and no immediate option to override the warning and proceed according to their own will; just the simple invective of being painted as a hate organisation.”

We contacted Symantec on Wednesday to find out what was going on but by Monday afternoon the best a spokesperson could offer was an uninformative holding statement rather than any clear idea of whether the apparent blacklisting was deliberate, mistaken or accidental.

We’re investigating the situation and have no information to provide.

Symantec provides a couple of ways to filter websites for consumers. Symantec’s Norton Internet Security uses something called SafeWeb, which blocks malware-contaminated websites. This tool doesn’t bundle censorware (URL blocking) functionality to block categories of sites such as hate groups, guns, drugs etc. There is also Norton DNS, which is simply a DNS setting you have to make to your PC or router – similar to OpenDNS. “This does allow you to filter extra content, although there are very few options available tweak it,” explained Simon Edwards, technical director at Dennis Technology Labs, an experienced antivirus tester and chairman of the Anti-Malware Testing Standards Organization.

Edwards visited AVoiceForMen.com using Norton Internet Security, with SafeWeb enabled, on Friday at lunchtime and nothing was blocked, confirming what can be found online simply by making a query to Symantec’s database that AVoiceForMen.com currently has a clean bill of health.

Edwards then set up Norton DNS but that did not block the site either, and said: “[L]ooks like Symantec has updated its records”.

The screenshot posted by avoiceformen.com makes it clear that it was Symantec’s DNS system that was labelling its site as a “hate group”, rather than the Norton Internet Security product blamed by the group.

Nonetheless the confusion is understandable and what’s far more difficult is to fathom why Symantec can’t account for how its technology classifies a named site, despite complaints from the party concerned, combined with two days of nagging from El Reg‘s security desk.

Brother beyond

The men’s rights movement, of which A Voice for Men is a part, is a reaction against social changes brought about by feminism. The group bills itself as “masculine counter-theory in the age of misandry”.

The movement rejects criticism that it a reactionary force seeking to restore centuries of patriarchy.

All of this is clearly not agreeable fodder for many women but to label the site as a “hate site” seems a little over the top.

The Symantec block on A Voice for Men was brought to El Reg‘s attention by MRALondon.org, the UK branch of A Voice for Men. MRALondon.org’s site is not labelled as contentious by Symantec’s technology but if anything it seems even more upset about the issue than its parent organisation.

Arch Desai of MRALondon.org said: “A Voice for Men is not a hate site and, in any case, it is not the job of Norton Symantec to be telling their customers which sites are and are not morally acceptable.”

Another MRALondon.org representative said it was not aware of any other service that blocks AVoiceForMen.com. For example, “OpenDNS FamilyShield” does not block AVoiceForMen.com.

“A Voice for Men and its UK branch campaign against prejudice,” explained Desai. “Our membership includes both men and women, and also includes gay men and members from all races.

“Being non-white myself, I was an anti-racist campaigner in the 1970s and ’80s. I am, therefore, well-placed to recognise how routine and fashionable it is for men to be belittled and denigrated en masse as non-whites once were. Prejudice is prejudice, no matter what bigotry cultural fashion promotes. Once it used to be fashionable to condemn non-whites, and now it’s fashionable to condemn males. This is why A Voice for Men and MRA London exist,” he added. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/02/11/mens_rights_site_blacklist/

Defence contractor Raytheon has developed a tool that can mine social media to track predict individuals’ behaviour, according to The Guardian.

A global “Big Sinister Defence Company Develops ‘Google For Spies’ That Your Government May Already Have Bought “ story is therefore unfurling as you read this piece.

The key “features” of Raytheon’s tool, developed in co-operation with the US government and delicately titled Rapid Information Overlay Technology (RIOT), are said to be an ability to sift through social media and figure out who your friends are and the places you frequent. With that data in hand, The Guardian feels “monitoring and control” of you, I, and everyone we collectively hold dear is eminently possible. It’s implied, despite Raytheon saying it’s had no buyers, that such software is likely to end up in the hands of a repressive State, or a shadowy agency inside a more open state. Australia’s Sydney Morning Herald has piled in with a story on the same theme.

All of which sounds just terrifying, except for the fact similar software can be had from other sources that are far less scary than a “defence contractor.”

IBM, for example, happily sells “social media analytics” software that can “Capture consumer data from social media to understand attitudes, opinions, trends and manage online reputation” and even “Predict customer behavior”.

SAS’ offering in the same category is capable of “continuously monitoring online and social conversation data to identify important topics” and “continuously captures and retains more than two years of online conversation history”. SAS even offers to host its solution, meaning all that data about you is stored by a third-party company you’ve never heard of (and isn’t even open to the scrutiny afforded to listed companies).

Customer service software outfit Genesys sells “Social engagement” software that “Automates the process of (social) listening to your customers” and “Extends business rules and service level strategies to the growing volume of social media-based customer interactions.”

A quick mention that Big Data is being advanced to do all of the above, and much more to more data, is also surely worth inserting at this point.

And then there are Google, Twitter, Facebook and others whose entire business is built on figuring out who you spend time with and where you spend (or intend to spend) that time, so they can sell that information to advertisers. And hand it over to the government, when asked, which seems to be happening rather more regularly if the social networks’ own reports on the matter suggest.

We’re not suggesting any of the software mentioned above was designed as instruments of state surveillance, but it is surely worth pointing out that Raytheon is far from alone in having developed software capable of tracking numerous data sources and of operating it without individuals’ knowledge. That the company has done so in collaboration with the US government should not surprise, either: show The Reg a software company uninterested in adapting their wares for government and/or military applications and we’ll show you a software company begging for a shareholder lawsuit and/or swift and replacement of its top executives.

As for the spatial aspect of the allegations, the fact that social media leaves a trail of breadcrumbs is hardly news, as sites like pleaserobme.com pointed out as early as 2010. And let’s not even try to draw a line between a new-wave marketing tool like Geofeedia (today spruiking itself as offering real-time maps showing Tweets around the Grammies and as capable of letting one “monitor events to gather sentiment data”), mashups from clever startups that map check-ins and sinister surveillance-ware.

Far clearer is the fact that you, dear reader, are the product for any free online product. Also crystal clear is that by using such services data about you will be consumed by a large and diverse audience. The scariest thing of all may be how few of those that use such services care or even realise the reality of the situation. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/02/11/raytheon_riot_privacy_hyepgasm/

A hacker put personal photos of George H W Bush online this week after reportedly breaking into the former US president’s family email accounts.

One of the leaked snaps shows the 88-year-old Republican recovering from a serious illness in a hospital bed in December last year. His relatives’ emails and contact details were also disclosed by the hacker as well as a personal note from President Barack Obama.

Other swiped photos show his son George W Bush, also a former US president, posing next to a cardboard cutout of himself with a moustache and an amusing beret. More seriously, the leaked material includes a confidential list of home addresses, mobile numbers and emails addresses for dozens of Bush family members, including both ex-presidents, their siblings and their children. The information is dated October 2012.

A Bush family spokesman said the breach is being probed by the authorities. “We do not comment on matters under criminal investigation,” Jim McGrath told the Houston Chronicle.

The Smoking Gun website reports that the Bush family’s email accounts were raided by a hacker who uses the handle Guccifer.

At least six separate inboxes were reportedly compromised, one being the AOL account of Bush Snr’s daughter Dorothy Bush Koch. The other hacked accounts belong to George H. W.’s brother-in-law, sister-in-law and friends such as CBS sportscaster Jim Nantz. The photos – watermarked by Guccifer – and emails dating from 2009 to 2012 were uploaded to the internet on Thursday.

Guccifer claimed that “the Feds” began investigating him a “long time ago” and that he had hacked into “hundreds of accounts” over an extended period.

The motive for the attack and how it was carried out are unclear.

George H W Bush served as the CIA’s director before becoming a one-term president between 1989 and 1993, and was famous for the promise: “Read my lips, no new taxes”.

The Bush email scandal comes after former Republican vice-presidential candidate Sarah Palin’s Yahoo! webmail account was broken into during the 2008 US presidential campaign. More recently police were called in last month to investigate a claimed assault on ex-presidential candidate Mitt Romney’s Hotmail and Dropbox accounts. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/02/08/bush_family_email_hack/

Microsoft has lined up a bumper Patch Tuesday this month to snap shut a backbreaking 57 security vulnerabilities in its products.

Five of the 12 software updates addressing the gaping holes will tackle critical flaws that allow miscreants to execute code remotely on vulnerable systems.

In all, the soon-to-be-patched vulnerabilities exist in the Windows operating system, Internet Explorer web browser, Microsoft Server Software, Microsoft Office and the .NET framework.

The Redmond giant normally bundles together fixes for Internet Explorer bugs into a single monthly update, but February’s Patch Tuesday release will feature two bulletins both addressing critical IE vulnerabilities. All versions of IE from 6 to 10, including the ARM port running on Windows RT on the Surface tablet, will need patching.

A third critical update addresses a flaw in Windows XP, 2003 and Vista but not later versions of Microsoft’s PC operating system. The fourth critical update covers Microsoft Exchange, which uses the vulnerable Outside In software library from Oracle. The fifth critical vulnerability only affects Windows XP.

The remaining seven bulletins are all rated as important and mostly allow logged-in users to elevate their privileges, with the exception of a Sharepoint-related update that is susceptible to code-injection attacks.

More details, as usual, will follow next week once the patches are published. Microsoft’s pre-release alert is here. Further commentary by Qualys can be found here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/02/08/ms_feb_patch_tuesday_pre_alert/