Knowledge's Blog

Last week’s cyber attacks, that targeted Google and several other large U.S. companies, has certainly gotten Microsoft’s attention. The attack was orchestrated, in part, through a zero-day flaw in Internet Explorer (IE). The flaw seems to be obscure, and restricted to IE 6 and IE 7, but that hasn’t stopped Microsoft from releasing an out-of-cycle patch for IE.

Microsoft has acknowledgde the flaw, and says the “vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.”

Microsoft, in an announcement posted today, says the confusion surrounding this particular attack has compelled Microsoft to act now. Microsoft’s primary advice: upgrade to IE 8, which is not affected by this flaw. If you don’t plan to upgrade, then updates for earlier versions will be made available, with specific timing of the updates to be announced tomorrow. In the meantime, Microsoft suggests using the workarounds and mitigations provided in Security Advisory 979352.

Facebook is susceptible to certain types of attacks that could allow someone to hijack an account while a user is interacting with another Web site, a security researcher warned on Monday.

Reseacher Nitesh Dhanjani also said a design flaw in Facebook is granting third-party apps permission to access user profile data without express approval from users.

Facebook used to display a pop-up window warning users when they added any third-party app that doing so would authorize the app to get access to user profile information. This allowed users to change their mind before adding the app. The company has changed its policy and now some apps can choose to use a new implicit authorization feature that does not warn Facebook users that a third-party app is trying to request their data, Dhanjani said.

“This allows Facebook to gain increased adoption of third-party apps, which can translate to revenue,” he said, adding that any warning would deter some users from adding new apps.

“The only information apps can access without first showing the ‘Allow’ screen is publicly available information (the limited set of info that includes name, profile picture, gender, networks, friend list, and pages) and information set to be visible to everyone on the Internet,” Facebook spokesman Simon Axten said.

In separate but related research, Dhanjani and Israeli security researcher Shlomi Narkolayev said attackers could use clickjacking attacks to hijack Facebook accounts by tricking users into clicking on sites hiding malicious code. A Web site that looks like an e-commerce site or that shows videos could hide a Facebook log-in page behind it so that when a user clicks on the site to play a video, for instance, the user’s account is opened instead behind the scenes, without the user realizing it. Click here to read more.. »

A critical zero-day flaw in Internet Explorer was exploited as part of the attack on Google and other companies, according to both Microsoft and McAfee.

The flaw allows for a Web-based attack against IE 6 SP 1 on Windows 2000, along with IE 7 and 8 on XP, Server 2003, Vista, Server 2008, Windows 7 and Windows Server 2008 R2. According to Microsoft’s security advisory, the company has only seen active attacks against IE 6 so far.

Those attacks were part of the campaign against Google, Adobe and other major companies that sought to break into the Gmail accounts of Chinese human rights activists. In response, Google has threatened to stop censoring search results on its Google.cn site, or to shut it down entirely.

The invalid pointer reference flaw allows for remote code execution, according to Microsoft, which means that viewing a malicious Web site could allow an attacker to execute any command on a vulerable computer. Typically that would mean installing a Trojan or other malicious software. According to the bulletin, IE’s Protected Mode on Vista and later versions of Windows mitigates the threat, which could also be leveraged by a banner ad.

Setting IE’s Internet zone security to high will protect against the threat, according to Microsoft, as of course would using an alternate Web browser. Redmond says it may release an out-of-band patch for this threat outside of the normal monthly patch cyle.

Also, while antivirus maker McAfee warns that “there very well may be other attack vectors that are not known to us at this time,” the company says that its investigations into the attacks “have not shown a vulnerability in Adobe Reader being a factor in these attacks.” According to McAfee’s analysis, the malware that hit the IE flaw opens a back door on victim PCs, which allowed the attackers to take complete control. (Note: the link provided by McAfee for its post is not currently responding.)

SAN FRANCISCO – China’s government gave little indication Thursday that it’s willing to loosen its control over Internet search results, pushing Google Inc. closer to the brink of closing up shop and leaving the country.

In the government’s first official statement since Google issued its ultimatum two days earlier, a Chinese official endorsed the country’s current rules governing Internet content.

“China’s Internet is open,” said Jiang Yu, a foreign ministry spokeswoman. “China welcomes international Internet enterprises to conduct business in China according to law.”

Google is still hoping that it can persuade the Chinese government to agree to changes that would enable its China-based search engine to show uncensored search results. “We are optimists,” Google spokesman Scott Rubin said.

If a compromise isn’t worked out within the next few weeks, the company intends to shut down its search engine at Google.cn and pull out of China completely. Rubin said Google hasn’t set a deadline for breaking the impasse.

Google has been in touch with the Chinese government to alert officials about its plans, but Rubin didn’t know whether the two sides have scheduled additional meetings yet. Click here to read more.. »

Security firm McAfee said today that the recent China-based attack on Google and other companies was the result of a new security hole in Internet Explorer. McAfee says the vulnerability is not publicly known, but they have informed Microsoft and expects them to take action soon. So a Microsoft product could be the indirect cause of Google pulling out of China. This must be Microsoft’s favorite software vulnerability ever.

McAfee’s George Kurtz wrote on the companies official blog, “These attacks will look like they come from a trusted source, leading the target to fall for the trap and clicking a link or file. That’s when the exploitation takes place, using the vulnerability in Microsoft’s Internet Explorer.” Kurtz was also careful to point out that they have only confirmed that Internet Explorer was a vector of attack; there could have been others.

Further, McAfee says they have cleared Adobe Reader of involvement in the attacks. This comes after several reports implicated the oft exploited software suite.

A not-so-merry holiday gift for Amazon.com: hackers say they’ve successfully cracked copyright protections on the company’s Kindle e-reader, making it possible to export e-books to other devices.

One hack reportedly resulted from a Kindle DRM challenge issued on Israeli forum Hacking.org. On that site, an Israeli hacker known as Labba claims to have created a tool that lets e-books stored on the Kindle be transferred as PDF files.

A U.S. hacker who goes by the name “i♥cabbages,” meanwhile, created a program called Unswindle that promises to convert books stored in the Kindle for PC application into a different file format.

The free Kindle for PC app lets book buyers read their books right from their PCs without having to buy a Kindle reader. Unswindle has to be used in conjunction with MobiDeDRM, a program by another hacker named “darkreverser.”

Posters on i♥cabbages’ blog give Unswindle mixed reviews, ranging from “works like a charm” and “worked flawlessly” to descriptions of various errors.

Unswindle’s creator originally detailed the tool on December 17, and posted two updates on the program Tuesday. One noted that Amazon has demonstrated that “it (unlike Adobe Systems) takes its digital rights management, or DRM, seriously: it has already pushed out a new version of K4PC, which breaks this particular script.”

In a second update, the hacker notes that “the K4PC update may not actually have been targeted at Unswindle, as Amazon seems to have done nothing in particular to make the basic approach more difficult. In any case, I’ve updated Unswindle to handle the 20091222 version of the executable. We’ll see if Amazon throws out another new build in short order.”

CNET has contacted Amazon for comment and will update this post as soon as we hear back.

The Amazon hacks are, of course, just the latest DRM hacks. In 2005, a group of hackers that included a 17-year-old and a man noted for cracking the anticopying protections on DVDs released PyMusique, a program that essentially stripped DRM from iTunes’ songs.

Each time Apple tried to plug the hole that the software exploited, the hackers would find another.

The geek masses are anxiously awaiting the unveiling of the next wonder gadget at the Consumer Electronics Show in Las Vegas later this week. What’s more, Apple is expected to drop the tablet bomb in San Francisco this month.

But overlooked and lurking behind this gadget envy is an important regulatory decision -– one expected in weeks on whether to authorize an iPhone jailbreak.

Apple said sanctioning an iPhone operating system hack would gut its business model. That plan has given way to more than 2 billion app sales, in addition to an expected and much-rumored iPhone-like tablet.

“This would severely limit our ability to continue what we are doing as well as innovate for the future,” Greg Joswiak, an Apple marketing czar, recently told regulators considering the jailbreaking proposal before the U.S. Copyright Office.

At stake for Apple is the very closed business model the Cupertino, California-based electronics concern has enjoyed since 2007, when the iPhone debuted.

The proposal, brought by the Electronic Frontier Foundation, would pave the way for third-party apps on the iPhone — hence turning the iPhone into a blank slate to run whatever its owner wishes. That would be a huge financial blow, as Apple earns 30 percent for every App sold from its proprietary iTunes store, Joswiak said. Click here to read more.. »

Hackers briefly blocked access to the popular Internet messaging service Twitter, steering traffic to another Web site where a group reportedly calling itself the “Iranian Cyber Army” claimed responsibility.

Users trying to reach Twitter early Friday were redirected to a Web page that CNN reported had a picture of a green flag and a message that said, “This site has been hacked by the Iranian Cyber Army.”

There was no evidence the hackers are actually linked to Iran. Web sites like Twitter and Facebook helped bring attention to the Iranian opposition during the country’s crackdown after its June elections, with users posting minute-by-minute updates and amateur video.

Twitter later Friday posted a message on its blog that said its Domain Name Systems‘ records “were temporarily compromised but have now been fixed.” The site says it will update with more details “once we’ve investigated more fully.”

BOSTON – A computer hacker who was a force behind one of the largest cases of credit card theft in U.S. history says he has a developmental disorder and is asking for a reduced sentence.

Albert Gonzalez, of Miami, admitted invading the computer systems of such retailers as TJX Cos., BJ’s Wholesale Club and Sports Authority. Federal authorities say tens of millions of credit and debit card numbers were stolen.

His lawyers have submitted a report from a psychiatrist who concluded his behavior was consistent with Asperger’s syndrome. That’s a form of autism.

Gonzalez was scheduled to be sentenced Monday. The hearing has been postponed indefinitely so prosecutors can consider the psychiatrist report.

His lawyers are asking for a sentence at the lower end of the 15 to 25 years in his plea agreement.