Hacking and Anonymous surfing

Attackers took to Twitter on Monday to spread malware via links pointing to what they claimed was an update to the popular microblogging client TweetDeck.
A number of updates were sent from hacked Twitter accounts urging users to download a file called “tweetdeck-08302010-update.exe.”

The tweets began with phrases, such as “Hurry up for tweetdeck update!” or “Download TweetDeck udate ASAP!,” and included a URL beginning with http://alturl.com/.

The links, however, did not lead to a legitimate TweetDeck update, but instead brought users to a trojan, Graham Cluley, senior security researcher at Sophos, wrote in a blog post Tuesday. Some of the malicious tweets referenced the U.K.’s national Bank Holiday, which occured on Monday. The tweets read, “Critical tweetdeck update Bank Holiday” and “Update TweetDeck! Bank Holiday.”

A botnet responsible for a significant amount of spam has been crippled but may reconstitute itself in a matter of weeks, according to vendor M86 Security.

The Pushdo or Cutwail network of hacked computers ranked in the top five or so botnets for spam, responsible for as much as 10 percent of all spam, said Ed Rowley, product manager for M86 Security. The spam often advertises fake software, so-called designer goods and questionable pharmaceutical products.

But security analysts with the computer security company LastLine took action last week, contacting ISPs that were hosting the command-and-control infrastructure for the botnet. About 30 servers at eight hosting providers were found to be supporting Pushdo. LastLine contacted the ISPs, and about 20 of the servers were taken offline, according to itsblog. Some ISPs, however, were unresponsive.

Russian police are reportedly investigating a criminal gang that installed malicious “ransomware” programs on thousands of PCs and then forced victims to send SMS messages in order to unlock their PCs.

The scam has been ongoing and may have made Russian criminals millions of dollars, according to reports by Russian news agencies. Russian police seized computer equipment and detained a Russian “crime family” in connection with the crime, the ITAR-TASS News Agency reported Tuesday.

Russian-language reports say that 10 people are expected to be charged and that tens of thousands of Russian-language victims were hit by the scam, which also affected users in Ukraine, Belarus and Moldova.

The cloud lifts Tuesday on Novell’s Cloud Security Service, which is software designed so that hosting and cloud-service providers can offer authentication, authorization, provisioning and de-provisioning services to their enterprise customers.

The Novell Cloud Security Service software is intended to be used inside a provider’s data infrastructure to enable the equivalent of a single-sign-on function to multiple software-as-a-service (SaaS) options that enterprise customers want to use so they can easily provision and de-provision employees. To make the Novell Cloud Security Service work, the enterprise would need to install a server software component, said to be less than 100MB, on their own premises, to communicate back to the hosting provider.

That on-premises component becomes the central point for enabling control over password-based authentication, and the provisioning of SaaS services and the immediate de-provisioning of them when it’s determined an employee’s use of SaaS should be terminated. Novell has been at work on the cloud-security project, which makes use of open protocols such as SAML, for over a year.

A survey of 278 IT managers found that spending on storage systems is expected to remain flat through next year because of the soft economy and new technologies that allow IT administrators to do more with what they already have.

The survey, conducted by research firm TheInfoPro in June, also asked IT managers which vendors they were most likely to stop doing business with. Hewlett-Packard, Oracle and Sun Microsystems, which was acquired by Oracle in 2009, took the top spots.

For the second year, results showed Oracle struggling, TheInfoPro said in a statement. Asked how difficult it would be to switch vendors, 21% of the IT managers surveyed said it would be hard to replace Oracle, while 43% said it would be easy, and 35% said it would be “somewhat difficult.” Meanwhile, 36% said it would be hard to switch from IBM, while 41% said it would be somewhat difficult and 23% said it would be easy. As for HP, 41% said it would be hard to switch, 26% said it would be easy, and 33% said it would be somewhat difficult.

Twitter has completed its move to OAuth for authentication for all third-party applications.

OAuth allows people to use applications without them storing their passwords. In the past, Twitter officials explained in a blog post, developers have been able to choose between basic authentication and OAuth to enable Twitter applications to access user accounts. Both methods require the user’s permission; but with basic authentication, users must provide their password and username for the application to access Twitter and the program has to store and send the data over the Internet each time the application is used.

“With OAuth, you still individually approve each application before using it, and you can revoke access at any time,” according to Twitter. “To see which applications you have authorized or to revoke access, just go to the Connections section under Settings.”

Verizon Business is tapping into the popularity of VMware technology with a cloud computing service designed to let customers easily move workloads between their own infrastructure and Verizon’s cloud.

With the new service, in trials now and due for general availability early next year, enterprises that use VMware will be able to shift workloads out to Verizon’s CaaS (Computing as a Service) infrastructure and back again, the companies said. This could help organizations ease their way into cloud computing or take advantage of greater computing resources when necessary.

Verizon introduced its first CaaS offering in June 2009. That service requires enterprises to commit to sending certain workloads to Verizon’s cloud, because it’s not as easy to move them over or get them back as with the new service, AT&T spokeswoman Janet Brumfield said. The earlier service will remain available.

We need it soon. The supply of Internet Protocol version 4 (IPv4) addresses is dwindling, spurring interest in the transition to IPv6, with its exponentially larger address space. Since the IPv6 standard was established in 1999, operating systems and network equipment have steadily added support, says John Curran, president and CEO of the American Registry for Internet Numbers. But the transition got started so early that it has since faded into the background.

It’s no cause for panic. “As we got into the mid-2000s, people started thinking, ‘Maybe we don’t need it, maybe this is a false alarm,’” says Curran. But addresses are running out faster than ever, consumed by things like smartphones. Even if your organization has all the IPv4 addresses it needs, it will soon have to coexist with a many more IPv6 users elsewhere.

It’s not sexy. The main virtue of IPv6 is its 128-bit address space, compared with 32 bits for IPv4. Unfortunately, those aren’t the kind of numbers that get CEOs and CFOs excited. Outside of the U.S. Department of Defense, which is attracted to the encryption in IPv6, most CIOs will have a hard time making a business case for the switch. “When everybody’s forced to do it, that’s when the rubber is going to hit the road,” says Frank Troy, an IPv6 consultant.

Is Apple readying an updated iPhone 4 with a new antenna, one without the much-publicized signal attenuation problem of the current model? A recent report by Mexican tech news site Canal MX, first uncovered (well, in English) by MacRumors, suggests a hardware fix for the iPhone 4′s well-known shortcoming could arrive by the end of September.

In the August 25 report, Marco Quatorze, Director of Value Added Services for Mexican wireless carrier Telcel, discusses the iPhone 4 antenna issue. As of September 30, he says, iPhone 4 handsets sold by Telcel will not suffer from the antenna-related reception glitch. However, the Canal MX report doesn’t specify how Apple might fix the problem.

Telcel customers who buy an iPhone 4 before September 30 will get the original model. As a result, they’ll also need a protective case or bumper to minimize the problem of dropped calls and poor signal strength. When a user touches a spot on the iPhone 4′s lower left side–the so-called “death grip”–the cell signal degrades dramatically.

Facebook chief executive Mark Zuckerberg says a lawsuit by a man who claims to own a huge chunk of the popular social networking website is seeking to uncover needless details about his private life.

Zuckerberg is fighting a civil lawsuit filed by Paul Ceglia, an upstate New York resident who claims an 84 per cent stake in the privately-held company, believed to be worth several billion dollars.

Ceglia, an owner of a wood pellet fuel company who lives in Wellsville, New York, is trying to return the case to a New York state court, after Zuckerberg moved it to federal court. “They filed this remand motion to harass defendants under the pretext of obtaining jurisdictional discovery into Zuckerberg’s private life,” lawyers for Zuckerberg said in a filing this week in the federal court in Buffalo, New York.