ILL_Natured_gr’s team Weblog

ILL_Natured_gr’s team Weblog at WordPress

Archive for September 28th, 2007

Jesus’ Image in my hardwood sample

Posted by ILL Natured_gr on September 28, 2007

Advertisements

Posted in Bizarre, Religion, Videos | Tagged: , , , | 1 Comment »

Nine die in Myanmar protest crackdown

Posted by ILL Natured_gr on September 28, 2007

Nine die in Myanmar protest crackdown

By Aung Hla Tun

YANGON (Reuters) – Troops cleared protesters from the streets of central Yangon on Thursday, giving them 10 minutes to leave or be shot before chasing them through the city, firing into crowds and beating people.

State television admitted nine people were killed in actions which stung an outraged Association of South East Asian Nations, one of the few international groupings which has isolated Myanmar as a member, into expressing its “revulsion”.

Far fewer demonstrators took to the streets as the junta clamped down and soldiers raided monasteries in the middle of the night, rounding up hundreds of the monks who had been leading protests.

As international concern mounted, U.S. President George W. Bush called on all countries with influence over Myanmar to tell the junta to stop using force. He met with China’s foreign minister to press the point.

“Every civilized nation has a responsibility to stand up for people suffering under a brutal military regime like the one that has ruled Burma for so long,” he said in a statement.

China, which neighbors Myanmar and is one of the military-ruled country’s few allies, is a key trading partner and arms supplier to Myanmar and is seen as the linchpin for any international effort to defuse the situation.

One of the dead was a Japanese photographer, shot when soldiers cleared the area near Sule Pagoda — a focus of the protests — as loudspeakers blared out warnings, ominous reminders of the crushing of a 1988 uprising in which more than 3,000 people were killed.

In another area of Yangon, soldiers opened fire into crowds after a military truck drove into protesters, onlookers said. Three people were killed on the spot.

The Association of Southeast Asian Nations (ASEAN), in an unusually blunt statement, demanded member Myanmar stop using violence and voiced “revulsion” at the killings.

At Yangon’s Sule Pagoda, 200 soldiers marched toward the crowd and riot police clattered their shields with wooden batons. “It’s a terrifying noise,” one witness said.

The army moved in after 1,000 chanting protesters hurled stones and water bottles at troops, prompting a police charge in which shots were fired.

The crackdown in the country of 56 million people began on Wednesday when soldiers and police fired tear gas, clubbed protesters and arrested up to 200 monks in an attempt to quash the uprising.

MONASTERY RAIDS

Sporadic marches against fuel price hikes have swelled over the past month into mass demonstrations against 45 years of military rule in the former Burma. It is the worst unrest to hit the poor and isolated nation since the rebellion by students and monks in 1988.

Troops dispersing crowds on Thursday chased fleeing people, beating anybody they could catch, witnesses said.

Another Buddhist monk — adding to the five reported killed Wednesday — was killed during the midnight raids on monasteries, witnesses said.

Monks were kicked and beaten as soldiers rounded them up and shoved them onto trucks.

“Doors of the monasteries were broken, things were ransacked and taken away,” a witness said. “It’s like a living hell seeing the monasteries raided and the monks treated cruelly.”

After darkness fell and curfew hour loomed, sporadic bursts of rifle fire echoed over Yangon, a city of 5 million.

The junta told diplomats summoned to its new jungle capital, Naypyidaw, “the government was committed to showing restraint in its response to the provocations,” one of those present said.

In a sign the junta may be hearing the international outcry over its clampdown, Myanmar’s rulers later in the day agreed to receive a U.N. envoy to discuss the crisis.

The United States announced sanctions against senior junta figures and sought to rally broad international condemnation.

Bush asked Chinese Foreign Minister Yang Jiechi “to help bring a peaceful transition to democracy in Burma,” the White House said.

China has said it is “extremely concerned” about the situation and has urged all parties to “maintain restraint,” but has not given any sign it is willing to go further in pressuring the Myanmar government.

Bush thanked China for helping to win Myanmar’s consent to a visit by U.N. envoy Ibrahim Gambari, White House spokesman Gordon Johndroe told reporters.

ASEAN ministers, meeting on the sidelines of the U.N. General Assembly, “expressed their revulsion to Myanmar Foreign Minister Nyan Win over reports that the demonstrations in Myanmar are being suppressed by violent force.”

All members except Myanmar issued the statement. The 10-member diplomatic and trade group holds as a core principle non-interference in one another’s internal affairs.

ASEAN made no mention of punitive measures against the military government that has ruled Myanmar since 1962.

Source : Reuters.com

IT’S ABOUT TIME FOR THE UNITED NATIONS TO TAKE SOME ACTION!

Posted in News, Opinion, Politics | Tagged: , , , | Leave a Comment »

Gmail’s Zero-Day Flaw Allows Attackers to Steal Messages

Posted by ILL Natured_gr on September 28, 2007

Gmail’s Zero-Day Flaw Allows Attackers to Steal Messages
Gmail can be easily hacked, allowing any past–and future e-mail messages–to be forwarded to the attacker’s own in-box, a vulnerability researcher said Tuesday.

Gregg Keizer, Computerworld
Wednesday, September 26, 2007 4:00 PM PDT

Accounts on Google Inc.’s Gmail can be easily hacked, allowing any past — and future e-mail messages — to be forwarded to the attacker’s own in-box, a vulnerability researcher said Tuesday.

Dubbed a “cross-site request forgery” (CSRF), the Gmail bug was disclosed Tuesday by Petko Petkov, a U.K.-based Web vulnerability penetration tester who has made a name for himself of late. In the past two weeks, Petkov has publicly posted information about critical, zero-day bugs in Apple Inc.’s QuickTime, Microsoft Corp.’s Windows Media Player and Adobe Systems Inc.’s Portable Document Format (PDF).

According to Petkov, who declined to release details about the vulnerability, attackers can use Gmail’s filtering feature to exploit the bug. An attack, he said, would start with a victim visiting a malicious Web site while also still logged into his Gmail account. The malicious site would then perform what Petkov called a “multipart/form-date POST” — an HTML command that can be used to upload files — to one of the Gmail application programming interfaces, then inject a rogue filter into the user’s filter list.

Petkov posted a series of screenshots on the Gnucitizen.org site that illustrated one possible attack. “In the example, the attacker writes a filter, which simply looks for e-mails with attachments and forwards them to an e-mail of their choice,” Petkov said. “This filter will automatically transfer all e-mails matching the rule.

“Keep in mind that future e-mails will be forwarded as well. The attack will remain present for as long as the victim has the filter within their filter list, even if the initial vulnerability, which was the cause of the injection, is fixed by Google,” he added.

Google did not immediately reply to questions about whether it had confirmed the vulnerability, and if so, when it would patch the problem.

At least one user commenting on Petkov’s posting, however, claimed that a Firefox extension could block exploits of the Gmail bug. Giorgio Maone, the creator of the popular NoScript add-on, said that his extension blocks CSRF attacks from untrusted sites, which a malicious page likely would be. (NoScript blocks JavaScript, Java, other scripting and executable content from running from untrusted sites; Firefox users can download it from the Mozilla add-on site.)

As he did last week when he disclosed a major bug in Adobe’s pervasive PDF file format, Petkov again defended his decision to post information about the Gmail flaw without first reporting the vulnerability to Google. The reasoning, however, was oblique: “Let’s say that it is just one of my social experiments.”

Jeremy Grossman, the chief technology officer at San Jose-based WhiteHat Security Inc., said that the Gmail flaw is “especially scary.” In an entry to his blog, Grossman explained further: “Web mail accounts are in many ways more valuable than a banking account because they maintain access to many other online accounts (blog, banking, shopping, etc.). [Attacks exploiting this vulnerability would be] simple, silent and extremely clever.”

Petkov added his own two cents on the bug’s implications. “In an age where all the data is in the cloud, it makes no sense for the attackers to go after your box,” he said. “It is a lot simpler to install one of these persistent backdoor/spyware filters. Game over! They don’t own your box, but they have you, which is a lot better.”

Source : pcworld.com

Posted in Internet, PC Security | Tagged: , , , | Leave a Comment »

Five of the Dirtiest Malware Tricks

Posted by ILL Natured_gr on September 28, 2007

Five of the Dirtiest Malware Tricks
From disguising applets to look like part of Windows to co-opting security tools, Web crooks use a variety of methods to bypass your system’s safeguards.

Erik Larkin
PC World
Thursday, September 27, 2007; 12:19 AM

If the crooks behind viruses, Trojan horses, and other malicious software were as stupid as they are scummy, we’d have a lot less to worry about. But as protective measures get better at stopping the obvious attacks, online creeps respond with underhanded moves to invade your PC. Here are five of their dirtiest tricks, all based on Trojan horses.

Don’t mind me–I’m only here to break your PC: It’s like sending in a different scout each time to open the gate for the rest of the invaders. The “Glieder Trojan” and many others use a multistage infection process whose first step is a tiny program that the crooks can change constantly so your antivirus watchdog is less likely to recognize it. Once it gets in, the downloader tries to disable your security before pulling down the real payload, which could be a data stealer or anything else the attacker wants.

Locked and encrypted Web sites? No problem: Web sites can and should use secure socket layer (SSL) to encrypt and protect sensitive data such as bank account log-ins. (When a lock icon appears in the address bar, that indicates the site is using SSL.) But the “Gozi Trojan” and its ilk evade SSL protections by making Windows think they’re part of the process, so your data leaves IE and goes through Gozi before it’s encrypted and sent out on the network. Instead of spying on your keyboard, which many security programs watch for, these apps roll into the OS as fake layered-service providers (LSPs).

The SpamThru, SpyAgent, and Jowspry Threats

Malware that scans your PC for malware: An extra antivirus scan can only be a good thing, right? Not when it just gets rid of rivals to the “SpamThru Trojan.” This nasty introduced a pirated, pared-down version of Kaspersky AntiVirus (which Kaspersky has since shut down) to delete other malware so it could have the victim PC to itself to use as a spam sender. If the PC had a real antivirus app, SpamThru would attempt to block its updates, preventing it from identifying new threats.

Equal-opportunity encryption: Encrypting sensitive data and protecting it with a password helps shield it from prying eyes. But the “SpyAgent Trojan” enters the encryption game, too. When installed on a Windows PC with the Encrypting File System (which is included in Windows 2000, XP Pro, 2003 Server, and 2005 Media Center), SpyAgent establishes its own administrator-level user account and uses this account to encrypt its files. You–or your antivirus software–would have to guess the account’s random password to decrypt and scan the malicious files to confirm they weren’t supposed to be there.

Hi, firewall. I’m Windows Update. Honest: Firewalls protect computers and networks from bad guys’ efforts to go in or out. So the “Jowspry Trojan” masquerades as something known and approved–Windows Update. The crafty malware makes its connections look like the Background Intelligent Transfer Service used by Windows Update, and unsuspecting firewalls let it download more attack programs to your PC.

To pull off these sneaky ploys, malware first has to get on your PC. If you keep Windows and other programs up-to-date, avoid opening attachments or clicking links in unsolicited e-mail, and use a good antivirus program, you won’t give the crooks a chance to put their Trojan horses to work.

Descriptions based on research and analysis from Peter Gutmann at the University of Auckland, Craig Schmugar and Aditya Kapoor at McAfee’s Avert Labs, and Joe Stewart at SecureWorks.

For an inside look at the way Internet attackers buy and sell their insidious tools, read “An Inside Look at Internet Attackers’ Black Markets.” To ensure that you’ve closed critical software holes, read “Close the Holes Targeted by the MPack Attack Kit.”

Source : Washingtonpost.com

Posted in Internet, PC Security | Tagged: , , , | Leave a Comment »