Security

The H-Online: The Debian developers have pointed out, in an announcement on the debian-announce mailing list, that – three years after it was released –Debian GNU/Linux 5.0 (Lenny) has reached its “End of Life”. Debian GNU/Linux 5.0 was originally released in February 2009 and on 6 February 2012, the developers stopped providing security updates for that version of the distribution. Users have now had a year to update their systems to Lenny’s successor, Squeeze, which was released on 6 February 2011. The Debian developers recommend that any installations that are still using Debian 5.0 should be updated to version 6 of the distribution immediately. The Debian community recently released version 6.0.4 of Debian Squeeze which includes all the updates that have been released for Squeeze since its release.

Mashable: Lonely hearts seeking love this Valentine’s Day, be wary. Online dating fraud rose by 150% percent in 2011 as scammers and hucksters turned up the false charm and predatory trolling. That’s according to data shared with Mashable by fraud protection agency Iovation, which works with several major Internet dating services. Iovation reached that number by employing patented technology that analyzes hardware and software, rather than mine for personal information, says Molly O’Hearn, vice president of operations. ...

SophosLabs: Can hackers really cause as much bloodshed as 353 Imperial Japanese Navy fighters, bombers and torpedo planes launched from six aircraft carriers? Can hackers really kill 2,402 U.S. citizens, leave 1,282 wounded, lose 65 of their own attackers in the process, and plunge the United States into a World War? Heaven only knows. Maybe they can. The lack of security around Supervisory Control And Data Acquisition (SCADA) systems is scary. ...

The H-Online: Hackers operating under the name Swagg Security have said they were responsible for breaching the security of Chinese electronics manufacturer Foxconn. In a posting on Pastebin, the group took credit for penetrating the systems, noting that “Foxconn did have an appropriate firewall, but fortunately to our intent, we were able to bypass it almost flawlessly”. The posting pointed to a 6.5 MB torrent on The Pirate Bay which contained what appears to be CSV file dumps of database tables and other text files. The files included lists of what look like customer names, accounts and plain text passwords though many of those passwords are “foxconn” or “foxconn2”. ...

Symantec Connect: Television channels across the world are set to be at the 14th International Exhibition and Forum, World Content Show, held Feb 7- 9, 2012, in Russia. The exhibition showcases the latest technologies and trends in the TV and telecommunication industry. This techno-fair will be attended in large numbers by leading media businesses, and spammers don’t want to miss the opportunity to circulate spam around the event. In a bid to catch the reader’s attention, one such spam email reveals some appealing facts about the event, such as Interactive Elements, Prize Drawings, Performance of Popular Leader/Star, and Colorful Musical Concerts. ...

Mashable: Syrian President Bashar al-Assad has been under fire from world leaders to step down this week. He’s also under fire from hacktivist group Anonymous, who leaked hundreds of his office’s emails on Monday. While Anonymous is infamous for its hacking know-how, it doesn’t take a genius computer programmer to guess one of the passwords commonly used by Assad’s office accounts: 12345. The string of consecutive numbers is the second-weakest password according to a 2011 study. ...

SophosLabs: Symantec has confirmed that a file made available on the internet for anyone to download, does contain the source code for an old version of its pcAnywhere product. For a short while last month, before releasing a patch, Symantec advised customers to disable their pcAnywhere installations because of concern that hackers could exploit vulnerabilities. In addition, the firm says that in January someone claiming to be the hacker responsible for the data theft tried to extort $50,000 from the firm in exchange for not releasing Symantec’s stolen source code. ...

Sunbelt: With the U.S. currently in tax season, online criminals have, once again, sought to take advantage of this. Robert Stetson, one of Sunbelt’s malware researchers, spotted a phishing email posing as Intuit Inc., a company that “develops financial and tax preparation software”. They developed Quicken and TurboTax. Below is a screenshot of the said email: Email details are as follows: Subject: Please verify your tax information ASAP. Message body: Good afternoon, ...

H-Online: Researchers at Ruhr-Universität Bochum in Germany have announced that they have cracked the A5-GMR-1 and A5-GMR-2 encryption algorithms used in satellite phones. Satellite phones are mainly used in areas with insufficient mobile network coverage and in the maritime sector. The researchers obtained the proprietary, and previously undocumented, algorithms by reverse engineering phone firmware updates. Ideally this, in itself, should not compromise the security of the transmitted data. Data security should not depend on the secrecy of the encryption methods, it should only depend on the non-disclosure of the secret key that is being used. ...

v3.co.uk: The uniform infrastructure and predictable behaviors are making corporate retail and restaurant chains the choice targets for cybercriminals. A report from security firm Trustwave found that attackers favor companies with chains of outlets, such as those commonly found in the food and retail industries, when launching targeted attacks. The attackers like the uniform IT infrastructure that large chains deploy at individual sites, Nicholas Percoco, head of the Trustwave’s SpiderLabs team, told V3. ...