IT Security blog

Cisco has released an emergency security bulletin, which warned of the vulnerability of the corporate system of content delivery Cisco Content Delivery System.

It is reported that the application Internet Streamer, a member of the system is vulnerable to Web attacks, which could allow an attacker to remotely attack a target system.

In the case of a successful attack, a hacker can gain access to restricted administrative components, such as password files, system logs and other data. This information is potentially open up access to a broader future attacks and theft of large-scale information.

Cisco recommends that network administrators to update the software as soon as possible.

In Safari vulnerability has been discovered, which can give hackers access to personal user data. The vulnerability reported in his blog CTO of WhiteHat Security Jeremiah Grossman.

Using a simple code that criminals can get hold of information that is stored in the memory module AutoComplete (AutoFill). This module stores the data that the user enters into various web forms – for example, the string search engine.

In addition, the module settings, there is the item “Use information from the Address Book. By default, this feature is enabled, so the criminals can learn the names and email addresses of people with whom the user is rewritten.

In the potential dangers are Safari users versions 4 and 5. It is possible that the vulnerability lies in the engine WebKit, which is used in Safari. If so, are in danger and users of older versions of the browser Chrome, which work on the same engine.

Apple had no immediate comment on the information.

Microsoft has announced that the final version of the first service pack for the operating system Windows 7 will be released no later than the second quarter of 2011.

As part of an integrated set of Service Pack 1 (SP1) will include mostly bug fixes and patches for vulnerabilities identified since the announcement of the platform in October last year. Service pack, in particular, will contain all the patches available now through the update service corporations, and future updates.

Microsoft also plans to include in SP1 several changes designed to meet the wishes of consumers and partners. Final release of Windows 7 SP1 is scheduled for the first half of next year.

Police in Italy announced the arrest of 12 members of the alleged gang of hackers, specialized in creating copies of credit cards.

The detentions took place in Rome and other cities in Italy, but the criminals have collaborated with colleagues from Russia and Ukraine. They made the deal on purchase credit card through secret chats on the network, and then spend money from the accounts of victims of luxuries.

It is noted that the criminals used the method of phishing, when the user is directed to a fake site where it is invited to enter their personal data.

One of the participants of the international conference Black Hat 2010, on issues of information security, is going to share with the audience curious results of the study. Greg Hoglund, CEO of HBGary, believes that he developed techniques allow organizations to successfully identify the authors of malicious software, to distinguish random attacks from well-planned cyber-intrusions, and to think of a more effective protection strategy.

According to experts, careful analysis of the virus code can detect signs of an environment in which developed malicious applications. Information about the instruments used functions unique fingerprint and helps professionals to identify the code written by a hacker or a specific group of attackers.

The ongoing study conducted by Greg Hoglund opening an executable file in one of the most common viruses and found items Back Orifice 2000, fragments of the software for remote administration Ultra VNC, as well as parts of the code corresponding to the standard Microsoft Programming Guide 2002. Despite the fact that each of these programs has undergone mild modifications found “fingerprints” can be considered sufficiently distinct.

“You are unlikely to be able to prevent the penetration of cyber-intruders to your network, – said Greg Hoglund. – But the threat can be identified at an early stage and try to avoid serious damage. For example, malicious software application designed to steal credit card numbers, may be regarded by corporate IT-specialists as less dangerous than the “trojan” encroaching on the intellectual property of the company.

In total, Hoglund and his colleagues examined samples of half of malicious code and made sure that the number of used software “framework” is behind this number in the hundreds and even thousands of times.

As part of the report by Greg Hoglund, scheduled for next week, also will announce a tool called Fingerprint, intended for analysis and detection of similar elements in different samples of malicious software. This product will allow potential victims of cybercrime to identify the author of malicious code and unravel his intentions.

Specialists of the Department of Information Technology of the Nizhny Novgorod Institute of Educational Development (Niro) in Nizhny Novgorod Oblast government website published an opinion which questioned the effectiveness and feasibility of using open source software in schools.

The disadvantages of open source software experts carried:

* The difficulty in installing and configuring OS

* The need for assistance of technical experts

* Problems with connection PFC

* Incorrect number of programs under Linux

* Lack of methodological support

* Recommended textbooks and curricula do not correlate with the interface on Linux

* The problem with opening Microsoft Office documents

* The need for teachers

Microsoft has released a new beta version of the Free Software Security Essentials, designed to protect against malicious programs. The new version has a more compact anti-virus and anti-spyware module to protect against network attacks.

As for the network subsystem of the product, it has two parts. Now Microsoft Security Essentials integrates with Internet Explorer for better protection against network attacks. Also, was retained and classic protection module. Speaking about the new module, it should be noted that it allows you to block malicious programs even during their initial contact with the system, whereas previously detected piece of code claimed it was only possible during scanning browser cache. Sometimes this method of detection is too late, as the malicious code to the point it could steal the data.

For users of Windows Vista and Windows 7, Security Essentials allows you to protect your computer and from the known system and application exploits. This feature does not work in Windows XP, because it relies on a subsystem of Windows Filtering Platform, which in XP simply does not, it appeared from Vista. This feature allows you to protect the system at a level higher than the Windows Firewall.

Dell has warned some users blade server PowerEdge R410 that its motherboard may contain embedded malicious software.

According to the published forum Dell Technical Support information, a small batch of motherboards PowerEdge R410, sent the company’s clients, contained some malicious code embedded in the firmware for server management. According to the Officer Support Dell, it is only the mainboard, sent to replace the old (for example, are out of order). According to Dell, payment, delivered in the new servers do not contain malware.

At Dell acknowledged that he learned about the problem only after receiving complaints from the users servers. The forum Dell says that several users contacted the technical service company with a request to remove the malware from northern ON.

In a statement the company said that this problem could affect a large number of users, in addition to today there is no data to suggest that as a result of the data were stolen from the servers or clients had suffered other damage.

The exact nature of the set is not disclosed, but Dell said that the code only affects the operating system Windows, as for other operating systems such as Linux, it does not work. Now Dell is engaged in warning customers and offers a free virus removal in case of detection.

A working prototype of the Russian government search engine on the Internet should appear this year. The cost of the project until 2012 will amount to 3.3 billion rubles., Of which only 300 million – private money. Such conclusions can be drawn from data presentation Minkomsvyazi “Creating a Russian search engine. This presentation came to the journalists’ Gazety.ru.

Representative Minkomsvyazi on condition of anonymity, said the publication, that the presentation of “classified Minkomsvyazi” was first shown at the closed Board of the Ministry in March, and then it was shown at the meeting of the committee to modernize the economy under the president on May 13.

According to the presidential administration head Igor Shchegolev Minkomsvyazi only mentioned at the meeting about the possibility of establishing a national search engine, and a detailed presentation was provided to the administration later. Presidential aide Arkady Dvorkovich confirmed that the idea of creating a search engine Shchegolev resounded at the commission meeting on May 13, but the presentation itself Dvorkovich not seen.

As follows from the presentation, development of the concept search engine, as well as launching the network “working prototype” should be held before the end of 2010. This part of the budget – 200 million rubles.

During the 2011 plan to spend 1 billion rubles for “industrial debugging, semantics, innovation. In the year 2012 (presentation covers the period until this year, but some parameters of the forecast given before 2018) 1.8 billion will go to the “scaling and Equipment.

All this – the budget money. Authors are invited to provide their presentations to the federal target program “Electronic Russia”, and since 2011 – long-term target program “Information Society”.

The remaining $ 300 million in funding for the search engine should invest venture capital (2 sub-150 million each), follows from the presentation. On the basis of the venture should be developed “advanced software development” – a visual and personalized search, “Artificial Intelligence in the analysis of requests. Financing of the responsibility of the JSC “Rosinfocominvest, venture fund created under Minkomsvyazi, and the head of the board of directors which is Shchyogolev.

Rationale for public search engine is reduced to the ability to control access to information (search page starting at 50% of users, but 10 years later, your search page will be the main entry point to information, says the presentation).

Search – Information window of Russia “, – explains Minkomsvyazi the national importance of the project. When search queries are invited prune dangerous information – “extremism, drugs, pornography – and include sites that reflect the state and municipal information.

The winner of “Innovation Contest Tony Stark”, organized by the American branch of Audi, was the graduate student at the Massachusetts Institute of Technology (MIT) Nathan Linder, who created a desk lamp to access the Internet.

The inventor claims that his device LuminAR will access the Internet from anywhere.

In LuminAR built miniature pico-projector, perfect camera and advanced management system that communicates with the computer via a wireless interface, which allows to achieve a high level of interactivity. All systems, except for the mounting and actuators that manipulate the position and direction lamps fit into a fairly small unit, which is attached to the “top” tube.

The projector projects the image on the surface (eg, table), and the camera follows the movements of the hands of the user. As a result, any flat surface can be both a display and touchscreen, and keyboard