Date: Wed, 3 Nov 2010 19:18:20 +0530
Subject: [CCCNews] CCCNews Newsletter - dated 2010 November 03
November 03, 2010
Editor - Rakesh Goyal (email@example.com)
In today's Edition - (This is a news-letter and not a SPAM)
AT LAST : Google Pays to Hackers for Finding Web Security Flaws
OUTAGE : London Stock Exchange tight-lipped on network outage
INSIDER : Disgruntled IT head sentenced for hacking website
ECONOMICS : Botnet suspect raked in $140,000 a month
IT Term of the day
Quote of the day
* Direct Circulation in 4 Google groups (firstname.lastname@example.org and IT-Sec-NSE@googlegroups.com) and 2 more groups
You received this message because you are subscribed to the Google Groups "control-computer-crimes" group.
To post to this group, send email to email@example.com.
To unsubscribe from this group, send email to firstname.lastname@example.org.
For more options, visit this group at http://groups.google.com/group/control-computer-crimes?hl=en.
--Forwarded Message Attachment--
Centre for Research and Prevention of Computer Crimes, India
Courtesy - Sysman Computers Private Limited, Mumbai (www.sysman.in)
November 03, 2010
Today�s edition �
(Click on heading above to jump to related item. Click on �Top� to be back here)
By Jared Newman,
Nov 3, 2010
Google Pays Cash to Hackers for Web App Security FlawsWanted by Google: Bounty-hunting hackers who can find security vulnerabilities in popular Web apps.
For security researchers who find flaws in Internet services like Gmail, Blogger and YouTube, Google will reward $500 or more per bug. Vulnerabilities that are "severe or unusually clever" pay up to $3,133.70. Optionally, benevolent hackers can also donate their rewards to charity, in which case Google will match the winnings at its discretion.
Bug-hunting researchers will also be credited on Google's security page.
To keep Web services running smoothly, Google is excluding bugs caused by denial of service attacks and search optimization tricks. Technologies recently acquired by Google are also off-limits.
This isn't the first time Google has opened up security research to the masses with cash rewards. In January, the company announced a bounty program for Chromium, the open-source project behind Google's Chrome Web browser, following the lead of Mozilla's Firefox bounty program.
The move to Web apps, however, is an important and logical step for Google. The company is putting a lot of faith in Web apps as the future of computing, as evidenced by the upcoming Chrome OS. If users are going to store more and more sensitive information into online services, those services need to be secure.
In the future, Google may expand the program to client applications such as Android, Picasa and Google desktop. Let's hope that happens soon; analysis firm Coverity recently found 88 high-risk defects in the Android kernel.
Turquoise trading venue suffers two hour downtime as repairs take place
By Leo King
02 November 2010
The London Stock Exchange has declined to publicly explain a two-hour IT problem experienced this morning on its network.
The exchange began to investigate a �network-related problem� on its Turquoise dark pool, or anonymous trading venue, at 8.25am, which it fixed by 10.30am. The problem meant traders could not use the market.
The news comes a day after the exchange delayed switching on the system on its main cash market, apparently for another two weeks, following testing. The system is billed as the fastest trading technology in the world, but is already facing fresh challenges from other major markets around the world.
The LSE runs a customised version of Linux for its matching engine, developed in a C++ environment and running through Cisco and Juniper switches.
It declined to say whether today�s issue was a problem with the network hardware or software, the Millennium Exchange Linux trading system, or whether it was the result of human error such as incorrect connection or order code entry. A report would be provided to traders, it said, �in due course�.
On its live service web portal, the LSE told traders it had halted the integrated and midpoint order books while it fixed the problem, asking them to �disconnect all applications�. Some early morning trades had to be reordered.
After Turquoise launched in early October on the new system, it experienced an outage for around one hour. Analysts said that for a high-profile launch, the problem was significant but had been rectified quickly.
The LSE�s previous Microsoft .Net -based trading system on its cash markets, called TradElect, experienced a day-long outage in 2007 as the result of networking problems.
November 01, 2010
A former IT head in Virginia, upset about being fired, was sentenced Friday to two years and three months in prison for hacking into his former employer's website and deleting approximately 1,000 files.
Darnell Albert-El, 53, of Richmond, Va., pleaded guilty in June to one count of intentionally damaging a protected computer without authorization, according to a news release issued Friday by the U.S. Department of Justice.
Albert-El was fired in June 2008 from his position as IT director of Transmarx, a Richmond, Va.-based company. While working at Transmarx, he had administrator-level access to the company's computer network and website, which was hosted on a server located in Georgia.
On July 25, 2008, Albert-El used his computer and administrator credentials to access the server hosting Transmarx's website. He then deleted 1,000 files from the Transmarx website, causing more than $6,000 in losses to his former employer.
A spokesperson for Transmarx could not be reached for comment.
When pleading guilty, Albert-El said he intentionally caused the damage because he was angry about being fired, according to prosecutors.
In addition to his 27-month prison term, Albert-El was ordered to pay $6,700 in restitution to his former employer.
October 29, 2010
IDG News Service
By all measures, Georg Avanesov was very good at his job -- until he was arrested earlier this week.
Just 27 years old, he had amassed a tidy fortune, allegedly running an efficient clandestine network of hacked computers around the world.
Those computers were infected with Bredolab, a piece of malicious software responsible for sending spam, conducting attacks on websites and enabling other cybercriminals to steal money from online bank accounts.
Avanesov allegedly rented and sold part of his botnet, a common business model for those who run the networks. Other cybercriminals can rent the hacked machines for a specific time for their own purposes, such as sending a spam run or mining the PCs for personal details and files, among other nefarious actions.
Dutch prosecutors believe that Avanesov made up to �100,000 ($139,000) a month from renting and selling his botnet just for spam, said Wim De Bruin, spokesman for the Public Prosecution Service in Rotterdam. Avanesov was able to sell parts of the botnet off "because it was very easy for him to extend the botnet again," by infecting more PCs, he said.
Avanesov may have netted more money, in other ways.
"We don't have more financial information about what he did," De Bruin said. "Our investigation was focused on dismantling the network then getting a hold of our main suspect, but this criminal investigation hasn't stopped yet. We hope to get a better picture of the money and his business relationships."
As a result, Avanesov may have made millions in a career spanning more than a decade, according to a source close to law enforcement. He vacationed in the Seychelles with an attractive girlfriend and reportedly even had a side hobby as a DJ, the source said.
But Avanesov is now being held by Armenian authorities after a sting operation earlier this week by Dutch police and computer security experts with help from Russian authorities. He was arrested earlier this week after taking a late flight on Monday night from Moscow to Yerevan, Armenia's capital.
The bust wasn't supposed to happen that way, however, according to the source. Avanesov nearly got away.
Dutch authorities tried to lure Avanesov to Schipol airport near Amsterdam, where police there planned to follow him and wait until he took control of the Bredolab botnet, bust down the door and arrest him on computer hacking charges. He was expected to be on a flight into Schipol but never arrived.
"They [the police] were waiting for him, but he didn't come," according to the source.
In the meantime, the people in control of Bredolab had took noticed something strange was happening with their botnet. Around 2 p.m. CET on Monday, the Dutch High Tech Crime Team began taking over command-and-control servers used to issue instructions to the 29 million infected computers with help from the Dutch Forensic Institute, the Dutch computer emergency response team Govcert, and the security vendor Fox IT.
Bredolab used 143 servers that were part of a network run by LeaseWeb, one of the largest hosting providers in Europe. LeaseWeb had known of the problem since August and cooperated with the investigation.
As Bredolab was shut down, a denial-of-service attack -- which involved bombarding servers with meaningless traffic to shut them down -- was launched against the infrastructure used by the Dutch authorities. Some 225,000 computers were used in the attack, which actually slowed Internet service down in the Netherlands for a short time but was repelled within a couple of hours.
It isn't easy to track down people who run botnets, as they use sophisticated methods to keep from being identified. Botnet controllers -- also known as "herders" -- take up 20 measures to ensure their anonymity, said Ronald Prins, who helped with the takedown. But if one step is left out, it means investigators can grasp a thread. The trail led to Avanesov.
Armenia is detaining Avanesov, said Sona Truzyan, press secretary for the Prosecutor General's Office, on Friday. The Netherlands has 40 days to file an extradition request, she said. De Bruin said his office is working on the request.
A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.
There are several types of firewall techniques:
Packet filter: Looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.
Application gateway: Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose a performance degradation.
Circuit-level gateway: Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.
Proxy server: Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.
In practice, many firewalls use two or more of these techniques in concert. A firewall is considered a first line of defense in protecting private information. For greater security, data can be encrypted.
Vote: The instrument and symbol of a free man's power to make a fool of himself and a wreck of his country.
- As a member of this group, you get useful information to protect yourself and your IT assets and processes from various Computer and Related Crimes.
- If you think that your other friends/colleagues/acquaintances/relatives/foes/enemies also needs this information, forward the mail to them and request them to send their e-mail addresses and names to us with subject as "Subscribe".
- If you or someone has become victim of Computer Crimes or has any query on prevention, you are welcome to write to us.
- If you are not interested in it and would like to unsubscribe - send a reply mail with subject as "Unsubscribe".
- Disclaimer - We have taken due care to research and present these news-items to you. Though we've spent a great deal of time researching these matters, some details may be wrong. If you use any of these items, you are using at your risk and cost. You are required to verify and validate before any usage. Most of these need expert help / assistance to use / implement. For any error or loss or liability due to what-so-ever reason, CRPCC and/or Sysman Computers (P) Ltd. and/or any associated person / entity will not be responsible.