Tag Archives: security

Hackers prank Tupac hoax on PBS website

Business news from the Ascentive team

PBS officials say hackers have cracked the network’s website and posted a fake story claiming dead rapper Tupac Shakur was alive in New Zealand. LulzSec, the hacker group that claimed responsibility for the prank, are said to have acted in response to a recent “Frontline” investigative news program focusing on the whistleblower site WikiLeaks. PBS confirmed Monday that the website had been hacked. The phony story had been taken down as of Monday morning. It had been posted on the site of the “PBS NewsHour” program, which is produced by WETA-TV in Arlington, Va.

Anne Bentley, PBS’ vice president of corporate communications, said in an email that erroneous information posted on the website has been corrected. The hackers also posted login information for two internal PBS sites: one that media use to access the PBS pressroom and an internal communications website for stations, she said. She said all affected parties were being notified.

David Fanning, executive producer of “Frontline,” said he was learning of the hacking early Monday, nearly a week after the program aired its “WikiSecrets” documentary about the leak of U.S. diplomatic cables to the WikiLeaks website. The documentary, produced by WGBH-TV in Boston, generated criticism and debate on the program’s website in recent days from those sympathetic to WikiLeaks founder Julian Assange and from those who thought the program was fair, Fanning said. “Frontline” producers hear impassioned responses all the time, Fanning said. Having a group attack the PBS website over a news program was unusual but “probably not unexpected,” he said. “From our point of view, we just see it as a disappointing and irresponsible act, especially since we have been very open to publishing criticism of the film … and the film included other points of view. This kind of action is irresponsible and chilling.”

A group calling itself LulzSec (aka The Lulz Boat on Twitter) claimed responsibility and posted links to other hacks, including a video apparently taunting the network. Taunting messages were also posted on the group’s Twitter page targeting the PBS program “Frontline.” One message said the group recently saw the “WikiSecrets” show and was “less than impressed.”

PBS ombudsman Michael Getler wrote about the “WikiSecrets” documentary in his weekly column Thursday, saying it had generated only a handful of complaints, though he had expected more mail from viewers. “This may be a good thing for Frontline if it suggests that most viewers found the program to be in keeping with Frontline’s reputation for fair yet tough reporting,” Getler wrote. Getler raised some questions about the reporting in the program but said he found the questioning by interviewer Martin Smith to be “tough but proper.”


Cyber Security Bill Forbids ‘Internet Kill Switch,’ Senators say

The sudden trend to shut off internet access in response to civilian unrest and opposition protests, which has recently emerged among Middle Eastern governments, will not extend to the United States. That is the aim of new legislation proposed by Senators Joseph Lieberman and Susan Collins, which will prohibit the idea of an “internet kill switch” in the U.S. government.

The Cyber Security and Internet Freedom Act of 2011 comes in response to recent government discussion about power over the internet. After governments in Egypt and Libya disconnected the internet in their respective countries, and cyber security officials continue to warn about growing threats facing government networks, some high-ranking military and political officials had weighed the option of providing the federal government the power to cut off internet access. This bill appears to be the first sign of action in the debate and is vehemently opposed to the measure.

“While the United States must ensure the security of our nation and its critical infrastructure, it must do so in a manner that does not deprive Americans of the ability to lawfully read or express their views,” Collins, a Maine Republican, said in a statement delivered on the floor. “Neither the president nor any other federal official should have the authority to ‘shut down’ the internet.”

Senator Lieberman stressed that point even further, explaining that the bill was proposed quickly as part of an effort to dispell any rumors or misconceptions about the approach the federal government should take toward cyber security.

“We want to clear the air once and for all. As someone said recently, the term ‘kill switch’ has become the ‘death panels’ of the cyber security debate. There is no so-called ‘kill switch’ in our legislation because the very notion is antithetical to our goal of providing precise and targeted authorities to the president,” Lieberman said.

The debate has been ongoing for weeks, apparently set off by the measures taken in Egpyt. Earlier this month, Gregory Nojeim of the Center for Democracy and Technology, a watchdog organization, testified before the House Armed Services Subcommittee about the dangers of shutting off U.S. internet access. Congressman Mac Thornberry, a Republican from Texas, favored the option to shut off internet access and compared it to the military power required in the face of a weapons strike. Nojeim, however, maintained that unforeseen effects could make a situation worse, as the internet is also the main medium of modern communication.

Collins, in promoting the Cyber Security and Internet Freedom Act of 2011, appears to have heard Nojeim’s call to protect free speech, even on the internet.

“Freedom of speech is a fundamental right that must be protected, and his ban was clearly designed to limit criticisms of his government. Our cyber security legislation is intended to protect the United States from external cyber attacks,” Collins said.


New cyber crime techniques discovered

Cyber criminals are becoming even more elusive with their techniques, using new methods that pose threats some PC security standards have yet to address.

Security firm Stonesoft recently discovered “advanced evasion techniques,” or AETs, that cyber criminals use to get around firewalls or other protective measures. These methods are particularly dangerous to businesses, as they exploit certain enterprise software and applications to gain access to sensitive, protected data.

However, the firm stressed that these methods could spread to other cyber criminals and organizations that may apply them to more dangerous systems, including the Stuxnet and Zeus malware that have threatened national security and stolen millions of dollars.

“We have reason to believe that we have seen just the tip of the iceberg,” said Juha Kivikoski, chief operating officer at Stonesoft. “The dynamic and undetectable nature of these advanced evasion techniques has the potential to directly affect the network security landscape.”

Many current security standards do not address the format of AETs, leaving their systems vulnerable to advanced malware attacks.

“Field tests and experimental data show many of the existing network security solutions fail to detect AETs and thus fail to block the attack inside,” Stonesoft’s report said. “With only a select few products available to provide protection, organizations may be challenged to protect their systems quickly.”

However, the finding does pose a significant contribution to future web security solutions, as anti-malware software developers can apply their upcoming products to address these recently discovered cyber crime formats.

“The industry is facing a non-stop race against this type of advanced threats and we believe only dynamic solutions can address this vulnerability,” Kivikoski said.

The discovery signifies a similar breakthrough to prior malware systems. While new developments will not eliminate the threat of AETs in the wild, they will safeguard individual systems against infiltration. In the past, security developers have addressed successful, complex cyber crime methods and generated solutions to keep these threats out of protected computers. For example, the Conficker worm was discovered in 2008 as particularly successful malware that spread itself throughout devices connected in a similar network. Although a recent study found Conficker remains the most commonly found worm in the wild, most anti-malware software solutions safeguard computers from the threat associated with it, which generally target unprotected computers.

Security experts advise updating anti-malware software as new developments are released, in an effort to keep pace with the methods and techniques cyber criminals come up with.


Finally Fast Software a Virus? A Case of Mistaken Identity

Ascentive LLC, the company behind the popular TV commercial, FinallyFast.com, pushes forward after a technical snafu caused incorrect warnings to appear when installing its popular PC performance software.

Customers may have been advised that installed programs, including the Ascentive Performance Center, contained viruses or other hazardous files. This is a fairly common occurrence that is referred to as a “false positive” in the security industry. In April 2010, McAfee mislabeled a harmless file within Windows XP, causing computers worldwide to shut down repeatedly. A file used in Ascentive software was similarly misidentified.

“We like to keep our customers informed about our products and the safety of their computers,” said Adam Schran, CEO. “Our customers and web site visitors can rest assured that despite another false positive from McAfee, our software in fact contains no viruses or anything harmful whatsoever.” When the mistake was brought to their attention, security software vendors that were labeling the files incorrectly promptly white listed Ascentive software.

Ascentive’s stance is that the lines of communication are always open in the event that consumers have questions about its software. In an effort to enhance accessibility, Ascentive has expanded opportunities to get in touch. In addition to phone, email, and live chat, representatives can now be reached via social media outlets such as Twitter.com/Ascentive and Facebook.com/Ascentive.

About Ascentive Software

Ascentive LLC, founded in 1998, develops easy-to-use software for consumers and businesses that solve every day PC problems including maintenance, optimization, and security. Ascentive products have been used by over 1,000,000 people and are now available in seven languages. With several patents awarded and more pending, Ascentive offers the following software products: PC SpeedScan Pro, SpyWare Striker Pro, ActiveSpeed, BeAware, PC Scan & Sweep, RAMrocket, WinRocket, Greenlight Guardian and Mac Scan & Sweep.

For more information on Ascentive please visit www.ascentive.com.


Kneber botnet is a threat to government computers, software

The Kneber botnet, a global malware strain infecting more than 75,000 computers worldwide, is a potential threat to government networks and software, according NetWitness, the web security company that discovered the program, as reported by GovInfoSecurity.com.

Only a small portion of the computers infected during the initial discovery were property of the government, but the rate at which Knever can spread worries NetWitness and other security providers.

“One of the things that we determined as we were researching this is some of the recent spear phishing attacks towards .gov email addresses were involving the Zeus Trojan as well,” Alex Cox, principal analyst at NetWitness, told the GovSecurityInfo.com. “And when we did some malware analysis on those particular Trojans, what we found was that the commanding control servers and structures were the same as the ones that were result of this log data.”

Government web security has come into question in recent weeks. President Barack Obama spoke of the need to modernize federal IT during his State of the Union Address in January, and plans to release details of the White House’s web security plan during the ongoing RSA Conference.