Author: nathan

There's a new variant of the Imuler malware for Apple / Mac computers that apparently doesn't like Wireshark.  Not really big news but it is worth noting and is a good reminder that just having a Mac doesn't make you immune from viruses, malware, etc. Additional Information Imuler.a - http://www.f-secure.com/v-descs/backdoor_osx_imuler_a.shtml Imuler.b - http://www.f-secure.com/weblog/archives/00002432.html

I have received *several* emails since news of the GoDaddy attack yesterday from vendors trying to use fear to sell products or services.  One of the biggest tools that they have used is claiming that a 'hacker' hacked GoDaddy and took the site down.  The story that I have seen in each of these stories was that an 'evil hacker' broke into GoDaddy's servers and 'did bad things'.  Immediately following is typically some product or service that the vendor has that can protect potential victims from the same fate.  Every one of these email warnings that I have seen to date has been snake oil, nothing more.  It's important to understand what most likely happened and learn a lesson from that. What we know so far is: Yesterday, at approximately…

What's up with the GoDaddy outage?  It's still early on in the game to say for sure but, at this point, it seems as though the group Anonymous has taken the GoDaddy site and services offline.  I have not seen any indication at this point that there was a breach or exposure of user data, but that's not to say that we won't hear of that later on.  Some other sites that have fallen to Anonymous include The Pirate Bay, Sony and others.  This email is kindof thrown together (and I apologize for that), but it seemed important to get the information out there sooner rather than later. How does it affect me and what are my options?  That will depend heavily on what GoDaddy services you use.  I've made…

If you are hosting your website and / or email with GoDaddy, you are most likely experiencing issues right now.  According to this article from CBS News (not really a tech news source, but they seem to have nailed this), Anonymous is taking responsibility for taking the site down.

According to this article from F-Secure, there's a new version of the Zeus crimeware that's making the rounds that's evolved yet again, possibly from the source code for version 2.0.8.9 was leaked.  According to the article (and the threat report that it notes as it's source), this new iteration of the Zeus code makes extensive use of a peer-to-peer network to further complicate tracking down and eliminate. Article is available here. Threat report is available here.

We've spoken many, many times about botnets and the many uses cyber criminals have for them and try to make the discussions as realistic as possible but it's always good to hear an instance where it's happening in 'real life'.  According to this article at the BBC, that's exactly what happened with Joshua Schichtel of Phoenix, Arizona.  Schichtel was convicted of renting his botnet of 72,000 computers for $1,500 to an unnamed buyer.  There's additional information in the article.  Suffice it to say, just because you don't 'do your banking online', that doesn't mean that your computer isn't a target.  Update.  Have good antivirus.  Update.  Don't do stupid things.  Update.  Then, update. "In a brief statement about the case, the US Department of Justice said Schichtel pleaded guilty to one count of…

September will be a relatively light month overall but the Java vulnerability in Java 7 update 7 has really caused some waves. Microsoft On the Microsoft side, the September Patch Tuesday will be mercifully light, especially after the last two months.  There are two bulletins, one affecting the MS Developer Tools and one affecting Windows Server.  Additional details are available from Microsoft here. Adobe The latest updates from Adobe, as of right now, were released on 31 August.  Additional details are available from Adobe here. Java The big news this month has got to be Java.  We noted in late August that a vulnerability Java 7 update 6 was found and then confirmed that it was being *actively* exploited in the wild.  Oracle has posted Java 7 update 7 but there have been some…

My fondness of the Android Operating System is nothing new (note, I do not *dislike* iOS [the Apple one or ios, the Cisco one], I just prefer Android and like the ability to do develoment 'stuff' directly on my phone and share it if I want) and my journey to the Samsung Galaxy SIII is familar to pretty much anyone that's watched our Facebook page for the last year or so (since the Galaxy SIII was announced).  Anyway, the next 'big thing' was just announced, albiet kindof vaguely.  According to this article, Jelly Bean (the latest version of Google's Android Operating System) is coming to the Galaxy SIII and Note 10.1 'very soon'.  There's a list of new features on the What's New page for Android (and there are some…

Yup, well before a patch is available, Blackhole now has an update to exploit the newly discovered JRE vulnerability.  Details are available over at the F-Secure website here.

At some point yesterday, one of the Cyber Tech Cafe mail server IP Addresses was blacklisted and a large number of emails were rejected by receiving servers.  We have isolated the problem (we believe, more on this below) and have contacted the various blacklists to get de-listed but some email is still being rejected.  We expect that this will continue through the evening and, for some providers, through mid-day tomorrow.  We will continue monitoring this and will post when the issue has been resolved.  In the interim, we will try to keep everyone up-to-date on their tickets via phone and all updates are also posted to the Customer Service Center at http://helpdesk.cybertechcafe.net .   The problem appears to have been a routing glitch that allowed traffic from one of our…