Earlier this month, Symantec released patches for its PCAnywhere program, saying the patches would protect its users from hackers who have gotten control of PCAnywhere source codes. These were critical patches for Windows versions of PCAnywhere. With these patches, Symantec also admitted that some of its source code was stolen back in 2006, and it was being contacted by the Lords of Dharmaraja (a hacker group) over these stolen codes.

Symantec PCAnywhere 12.5 is the world’s leading remote access software solution. It lets you manage computers efficiently, resolve helpdesk issues quickly, and connect to remote devices simply and securely.

While the patches released by Symantec fixed known vulnerabilities, there could still be some unknown vulnerabilities, which were unpatched.

Symantec claims that the Anonymous interacted with the FBI in its negotiations, but it is unclear whom they really contacted. Some speculate it is Symantec, and they are using the FBI story as a cover up. On the other hand, the hackers have released 1.27 GB of data this Monday, and claim that there is more.

An interesting part of the conversation between Symantec and hackers reads,

We cannot pay you $50,000 at once for the reasons we discussed previously.  We can pay you $2,500 per month for the first three months.  In exchange, you will make a public statement on behalf of your group that you lied about the hack (as you previously stated).   Once that’s done, we will pay the rest of the $50,000 to your account and you can take it all out at once.  That should solve your problem. Obviously you still have our code so if we don’t follow through you still have the upper hand.

When Symantec tried to play the hacker Yama Tough, who claims to have the code, he got impatient and released the code online on 6 February. After analyzing the leaked code, Symantec has declared that it is a five-year-old code and its patches are enough to keep users safe. However, these source code leaks are unacceptable from a company that deals in security.

The list of email conversations can be found on this paste from PasteBin.

Last September, Microsoft and the Kaspersky Labs claimed a big win on the Kelihos botnet, when they took control of the infected computers. Kelihos was sending 4 billion spam messages a day, and it covers all kinds of spam including pharmaceuticals and stocks. Researchers devised an interesting mechanism to direct all the infected computers to communicate with a “sinkhole” or a computer they controlled. In spite of these stringent measures, Kelihos has started showing its face again, and very soon, its owners might regain control.

Not only has Kelihos started showing back on the radar, it is using new encryption techniques to hide its communications. A researcher at Kaspersky has also noted that two different RSA keys are being used; indicating that there might be two different groups controlling Kelihos.

Although researchers can install updates or clean up the infected computers, it is against the law in many geographical regions. A few days ago, Microsoft named Andrey N. Sabelnikov, a Russian citizen, guilty of running Kelihos. However, Russia does not allow extradition of its citizen, and he cannot be brought to a trial. Kaspersky Securelist investigated into the matter, revealing some interesting facts, like

Our investigation revealed that the new version appeared as early as September 28, right after Microsoft and Kaspersky Lab announced the neutralization of the original Hlux/Kelihos botnet.

Clearly, shutting down the Kelihos botnet will be a big challenge, and it will be interesting to see how far Microsoft and Kaspersky go in this case.

Many smartphone offerings in the market today feature easy-to-use interfaces, user-friendly applications, minimal required setup and seemingly limitless customization. However, this ease of use can lull smartphone users into a complacent and even ignorant attitude about their smartphone’s security and safety. Most applications downloaded by users for their smartphones range from games to novelty programs to productivity suites. Few consider that many of these applications can actually be malicious software and even fewer download one of the many readily-available mobile antivirus applications, leaving their smartphones insecure.

Malicious software can be bundled into almost any “disguise” mobile application (especially games and single-purposes “novelty” apps). While application distributors such as the Android Market have extensive measures in place to prevent the distribution of these programs, some malicious applications are nonetheless downloaded by smartphone users. Most of these rogue pieces of software cause no discernible problems with the smartphone, but beneath their often benevolent exteriors, they are compromising security. Some more benign smartphone viruses might simply spy on your location via the phone’s GPS capabilities and on your keyword usage, for the purpose of distributing audience-targeted spam emails or text messages. Others can compromise a smartphone’s security in more sinister ways, gathering and reporting email contents, credit card information, and call statistics. However some others destroy important information.

However, there is a better way to protect your smartphones. Besides downloading only credible and tested apps, a mobile antivirus program can also serve to highly reduce your risk of a security breach by malicious mobile software. Most antivirus apps will present a wide array of features. Perhaps most important and most common is a scan feature which reads and checks all files on the smartphone’s operating system against a database of known malicious software. Once viruses and other unwanted programs are detected, the antivirus application facilitates their deletion and removal, often “quarantining” them to prevent accidental activation or damage as they are removed. Other mobile antivirus application features might include a “real-time protection” module which actively monitors file downloads and stops unauthorized operations, options to remotely “wipe” the device in case of physical theft, and a browser module which checks email and internet links against a database of known malicious sites.

Some popular mobile antivirus programs include AVG Antivirus for Android, Webroot Security and Antivirus (Andriod Market), and VirusBarrier iOS (the App Store).

==== About the Author =====

Sapna Rawat is an SEO for taaza.com, which is a muti-dimensional Indian portal operating in verticals like Education, travel, News, Classifieds, Jobs and finance.

The scourges that are the United States’ two gagging Acts – the Stop Online Privacy Act (SOPA) and the PROTECT IP Act (PIPA) – are experiencing grave turmoil as large sections of the widely used Internet are blacking out for one day in protest against their draconian nature. The ongoing protest against the Bills intensified as Wikipedia, a veritable behemoth on the Internet, joined in the protest as we mentioned earlier. Following close on its heels is the giant community link aggregation website Reddit as well as the website of indie game maker Mojang, the creators of Minecraft. Many other gaming company heads joined together to stand against the draconian law’s enactment.

If passed, the Bills will allow any legal entity that claims copyright infringement on a site to take it down completely, instead of the offending article. For example, if Techie Buzz published an article containing a copyrighted image from a leading record label’s website, our blog will be taken down immediately, without trial. This is even if we give the due credit where it is due.

In short, this is a gagging order for much of the Internet in the name of protecting intellectual property rights. Moreover, the website that is the intended target of this – torrent aggregator The Pirate Bay – is immune to the United States’ laws since it does not fall under America’s jurisdiction.

If allowed to pass, SOPA/PIPA will destroy the beautiful and open Internet completely and irreversibly. In a few minutes Reddit will black out in protest. If you reside in the USA, send a letter to your local representative against passing these Bills. Do your part for retaining the Free Internet!

Symantec has now retracted its previous statement that the security breach which led to the leak of source codes of their older security products happened at a third part server, reports Reuters.

In a statement made to Reuters, spokesperson of Symantec, Cris Paden confirmed that the data breach occurred at the networks of Symantec in 2006.

“We really had to dig way back to find out that this was actually part of a source code theft. We are still investigating exactly how it was stolen”, he said.

Previously, it was assumed that the breach had occurred at a server of Indian Government. He also revealed that source code of Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere were also obtained by the hackers. Symantec in their earlier statement had said that the source code of Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2 were the ones that leaked.

A few days ago, ‘Yama Tough’ who is acting as the spokesman of the hacking group Lords of Dharmaraja (who took the responsibility of breaching) tweeted that they will be releasing the code of pcAnywhere to the black hat community so that they can exploit its users using zero day vulnerabilities. They had also threatened of releasing the source code of Norton to the public, but backed out at the last moment tweeting,

We’ve decided not to release code to the public until we get full of it =) 1st we’ll own evrthn we can by 0din’ the sym code & pour mayhem

Paden has acknowledged that pcAnywhere users are indeed facing ‘a slightly increased security risk’ and said,

Symantec is currently in the process of reaching out to our pcAnywhere customers to make them aware of the situation and to provide remediation steps to maintain the protection of their devices and information.

Symantec is still reiterating that the code leaked is old and there isn’t a huge risk for its customers provided that they are using the latest versions. But as long as they didn’t write the source codes of their latest products from scratch, there are chances that at least part of the leaked source code is still used. The leak however will be a great advantage for competing security product vendors to understand the working of the Symantec products and use it to improve their own products.

Zappos, an online retailer run by Amazon has suffered a security breach and has confirmed that its customer information was accessed.

In an email sent to its customers, CEO of Zappos, Tony Hsieh said,

We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on Zappos.com, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).

Fortunately for its users, Tony has confirmed that the database containing the credit card information and shipping addresses was not breached. A similar kind of breach had occurred at CoveritLive, a few days ago. Like the breach at Zappos, while the hackers could access the username and/or password of CoveritLive users, luckily, they failed to get their hands on the financial data.

As a result of the breach, Zoppos has temporarily blocked international users and has cancelled telephone support. They are urging its users to contact them by email, in case they have any questions.

Zappos is now enforcing a password reset for all of its users. They are also working along with the law enforcement agencies on the investigation of the hacking incident. So if you have an account on Zappos, it is recommended that you change the password as soon as possible. Also, if you have the same password associated with any other online accounts, it would be wise to change that as well.

Huffington Post’s 1.5 million twitter followers were baffled for a minute to see a bunch of racist and homophobic tweets being posted today afternoon, until they realized that the publication’s account was compromised.

Apparently, the hacking was done by a person who calls himself ‘cloverfdch’. The offensive tweets have been taken down and things are back to normal now. Officials at Huffington Post haven’t yet reacted on the hacking incident.

UPDATE: Huffington Post has now posted a tweet acknowledging the hacking.

Coincidentally, the twitter and foursquare accounts of the actor Ashton Kutcher was also hacked at around the same time. His account has also been restored now. In Ashton’s case, it appears that the hacker accidentally revealed his own location by using his Foursquare account. Ashton has even posted a picture of the foursquare map with the hacker’s location on twitter.

It is not immediately clear whether their accounts were hacked by the same person.

Today morning, I woke up to see the following email from Cover It Live.

CoveritLive recently discovered that certain proprietary data files were accessed without authorization starting on or about January 7, 2012. We have not yet determined if, or to what extent, CoveritLive account information (i.e., user names, email addresses and/or passwords) was accessed. We do know, however, that no financial account information has been compromised.

…

We take this matter very seriously and will continue to work to ensure that all appropriate measures are taken to protect your personal information from unauthorized access. We also would like to take this moment to remind you of a couple of tips that should always be followed:

· Do not open emails from senders you do not know. Be especially cautious of “phishing” emails, where the sender tries to trick the recipient into disclosing confidential or personal information.

· Do not share personal or sensitive information via email. Legitimate companies will not attempt to collect personal information outside of a secure website.

We regret any inconvenience that this password change process may cause you. Please do not hesitate to contact us at passwords@coveritlive.com if you have any questions.

Sincerely,

CoveritLive Team

CoveritLive, as you might know, is a tool used primarily for live blogging. Many popular websites and blogs such as ESPN, USA Today and ZDNet use CoveritLive for live blogging.

According to the email sent to its customers, CoveritLive user’s passwords are encrypted and there is no evidence yet that they have been retrieved. The email also states that no financial data has been stolen, which is a major relief for its customers.

As of now, we don’t know exactly what kind of data was stolen. The company has started an investigation and hopefully more details will be released soon.

In the meantime, if you have a CoveritLive account, I strongly suggest that you change the password immediately. In fact, from today (January 14) onwards, CoveritLive will be enforcing a password reset for all of its users. So when you login to CoveritLive next time, you’ll be asked to change the password.

If you have been using the same password for any other accounts, it is a good idea to change that as well.

Today, Symantec confirmed that source codes of two of its old enterprise products were obtained by hackers.

The hack is assumed to be the work of an Indian group who call themselves ‘Lords of Dharmaraja’. Interestingly, the security breach did not take place directly at Symantec’s servers. Instead, the source code was obtained (along with other confidential documents) by hacking into an Indian Military server.

The group posted some details regarding the source code on Pastebin (which was taken down after the news spread) and has warned that they will be releasing the source code, once they overcome the blockade put forth by Indian and US agencies.

A hacker called ‘Yama Tough’ emailed the source file to the folks at InfoSec Island who in turn forwarded it to Symantec for verification. Yama Tough has also posted some screenshots of a confidential document about Cellular Surveillance.

Symantec, after verifying the file, posted the following response in their Facebook wall.

Symantec can confirm that a segment of its source code used in two of our older enterprise products has been accessed, one of which has been discontinued. The code involved is four and five years old. This does not affect Symantec’s Norton products for our consumer customers. Symantec’s own network was not breached, but rather that of a third party entity. We are still gathering information on the details and are not in a position to provide specifics on the third party involved. Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions. Furthermore, there are no indications that customer information has been impacted or exposed at this time. However, Symantec is working to develop remediation process to ensure long-term protection for our customers’ information. We will communicate that process once the steps have been finalized. Given the early stages of the investigation, we have no further details to disclose at this time but will provide updates as we confirm additional facts.

Although the leaked source code is of older products, what its repercussions are going to be for Symantec is yet to be seen.

If you thought the site you were browsing was secure simply due to the little s  at the end of HTTP, you may want to re-evaluate.

Security researchers at ACROS  have posted details concerning a vulnerability in versions 14 and 15 of Google’s Chrome browser. The issue comes from an inconsistency that Chrome has when following and rendering redirections to other web pages. This means that an attacker can redirect a visitor to a page that looks identical to a legitimate page, with a real looking HTTPS URL, when infact they are not on the expected page. This can lead to theft of credentials, credit cards and other personal information.

The crux of the issue comes down to Chrome being very quick to update the address bar, even before any of the page content has actually loaded. This allows the researchers to change the destination without it being reflected to the address bar. Most users will “confirm” they are on the correct page simply by reading the address page and matching it with what they are looking at, especially when the majority only visit a handful of specific websites.

While the newest releases of Chrome (16, beta and above) have had this issue resolved, Google’s browser holds a relatively large marketshare of approximately 20% world wide. That’s more than 70 million. If over 75% of those users have updated version, one can speculate that roughly 1.7 million users are susceptible to this attack. With Google’s auto-update mechanism, it’s highly unlikely that there are so many old installations.

At Techie-Buzz alone, more than 1 million of the 3.5+ million visitors use Chrome. Google Chrome has been growing at a very rapid rate, pushing Microsoft’s Internet Explorer and Mozilla’s Firefox lower and lower. Chances are, you’re using Chrome because it’s fast, so if you want to stay as safe as possible, keep Chrome updated and take a look at some of the popular security/privacy extensions.