A new antivirus update from Kaspersky disables Internet connectivity, forcing the company to push out a fix and a workaround.
Windows XP users who run certain Kaspersky antivirus software may find themselves offline after downloading a new update.
Released yesterday, the update causes Windows XP computers to lose their connection to the Internet.
IT administrators who use Kaspersky Endpoint Security at their organizations chimed into the Kaspersky forum yesterday and today complaining of connectivity problems. One person who manages around 12,000 computers with KES installed noted a slew of calls to the help desk from users knocked offline.
Some IT admins said they were able to restore Internet access by shutting down the monitoring of certain ports or disabling the product's Web Anti-Virus component. But those were deemed temporary solutions at best.
Kaspersky did eventually acknowledge the problem, announcing a fix to the buggy update and offering a resolution. Kaspersky's response was posted by one of the forum users:
We apologize for the inconvenience. It does appear that there was a hiccup with an update pushed out causing Windows XP machines to lose Internet connectivity. An update was just released that should address the issue, what I will need you to do is:
To get XP users Internet connectivity (temporarily), please disable the Web AV component of your protection policy for your managed computers. After doing so;
In Security Center (or Admin Kit):
1) Go to the Repositories section >> (Right click) Updates >> All Tasks >> Clear updates repository.
2) Go to the Repositories section >> (Right click) Updates >> Download Updates
After taking this step, please run your group update task for Managed Computers. After the update has been pushed to your workstations, please re-enable your Web AV component in your protection policy. This should resolve the issue.
Some of the commenters were in the process of following Kaspersky's steps but noted delays in updating the repository. Several also had harsh words for Kaspersky for not addressing the problem more effectively.
"I just wanted to thank the good folks at Kaspersky for insuring that my hospital has either crippled or no AntiVirus," one commenter said. "The workaround of disabling A/V is outright stupid."
Another criticized Kaspersky's failure to respond to the many complaints on the forum.
"I can't believe that Kaspersky is not responding to any of these forums," the commenter said. "That is horrible. One more reason why we will be switching to a different antivirus vendor after the contract is done."
In a statement sent to CNET, Kaspersky confirmed the problem, noted the affected products, and described the lengthy steps to fix the issue.
Kaspersky Lab has fixed the issue that was causing the Web Anti-Virus component in some products to block Internet access. The error was caused by a database update that was released on Monday, February 4th, at 11:52 a.m., EST.
The problem was limited to x86 systems with the following Kaspersky Lab products installed:
- Kaspersky Anti-Virus for Windows Workstations 6.0.4 MP4
- Kaspersky Endpoint Security 8 for Windows
- Kaspersky Endpoint Security 10 for Windows
- Kaspersky Internet Security 2012 and 2013
- Kaspersky Pure 2.0
When these errors were reported, Kaspersky Lab identified an immediate workaround and recommended that customers experiencing problems disable their Web Anti-Virus or roll back the update to a previous version of the database. At 5:31 p.m. the same day, the problem was fixed by a database update being uploaded to public servers.
Customers need to perform a database update to resolve the issue. If an affected machine updates from the Administration Kit/Security Center console, then these updates will be downloaded automatically. If a machine updates directly from our servers, then the initial workaround step of disabling the Web Anti-Virus component should be applied first. Internet connectivity will then be restored and the customer will be able to download the most recent database update. The Web Anti-Virus component should be re-enabled after downloading the database update.
Kaspersky Lab would like to apologize for any inconvenience caused by this database update error. Actions have been taken to prevent such incidents from occurring in the future.
Source: http://cnet.co/XMoZnw
Clarity Web Hosting specializes in Windows and Linux hosting solutions for customers who demand high availability and secure solutions for mission-critical applications.
Share it
Tuesday, February 5, 2013
Federal Reserve confirms its Web site was hacked | Security & Privacy
Days after Anonymous claimed to have stolen and published private information from more than 4,000 bank executives, the Fed says its system was attacked.
The wave of high-level cyberattacks continues as the Federal Reserve confirmed that one of its internal Web sites was hacked into today, according to Reuters.
"The Federal Reserve system is aware that information was obtained by exploiting a temporary vulnerability in a website vendor product," a Fed spokeswoman told Reuters. "Exposure was fixed shortly after discovery and is no longer an issue. This incident did not affect critical operations of the Federal Reserve system."
Apparently the hackers accessed data associated with specific individuals, according to Reuters.
This attack comes on the heels of the hacking group Anonymous claiming on Sunday to have published login and private information from more than 4,000 U.S. bank executive accounts. The group may have gotten this data from the Federal Reserve's computers.
It's unclear if the two breaches are connected. Government officials did not say which of its Web sites were hacked. However, according to Reuters, it was most likely an internal contact database for banks to use during natural disasters.
The cyberattack on the Federal Reserve comes after a slew of continuous hacks in the U.S. The Department of Energy confirmed yesterday that its internal system was breached and employee data was stolen; and last week, hackers hit several U.S. media outlets.
The head of Homeland Security Janet Napolitano announced in January that she believes a wave of cyberattacks on U.S. infrastructure is a serious possibility. Dubbing such an event a "cyber 9/11," Napolitano warned that cyberterrorists could take down the nation's power grid, water infrastructure, transportation systems, and financial networks.
In its December report, security company McAfee said that attacks on U.S. financial institutions are only going to increase in the year to come. The firm said that this isn't only a possibility; it's a "credible threat." Anonymous has also promised to increase its activity in 2013. In a statement issued at the beginning of the year, the group said that it has no plans to fade away in the year to come.
Source: http://cnet.co/WtimJ4
The wave of high-level cyberattacks continues as the Federal Reserve confirmed that one of its internal Web sites was hacked into today, according to Reuters.
"The Federal Reserve system is aware that information was obtained by exploiting a temporary vulnerability in a website vendor product," a Fed spokeswoman told Reuters. "Exposure was fixed shortly after discovery and is no longer an issue. This incident did not affect critical operations of the Federal Reserve system."
Apparently the hackers accessed data associated with specific individuals, according to Reuters.
This attack comes on the heels of the hacking group Anonymous claiming on Sunday to have published login and private information from more than 4,000 U.S. bank executive accounts. The group may have gotten this data from the Federal Reserve's computers.
It's unclear if the two breaches are connected. Government officials did not say which of its Web sites were hacked. However, according to Reuters, it was most likely an internal contact database for banks to use during natural disasters.
The cyberattack on the Federal Reserve comes after a slew of continuous hacks in the U.S. The Department of Energy confirmed yesterday that its internal system was breached and employee data was stolen; and last week, hackers hit several U.S. media outlets.
The head of Homeland Security Janet Napolitano announced in January that she believes a wave of cyberattacks on U.S. infrastructure is a serious possibility. Dubbing such an event a "cyber 9/11," Napolitano warned that cyberterrorists could take down the nation's power grid, water infrastructure, transportation systems, and financial networks.
In its December report, security company McAfee said that attacks on U.S. financial institutions are only going to increase in the year to come. The firm said that this isn't only a possibility; it's a "credible threat." Anonymous has also promised to increase its activity in 2013. In a statement issued at the beginning of the year, the group said that it has no plans to fade away in the year to come.
Source: http://cnet.co/WtimJ4
Friday, January 25, 2013
Secret backdoors found in firewall, VPN gear from Barracuda Networks
The undocumented accounts may have been around for a decade
A variety of firewall, VPN, and spam filtering gear sold by Barracuda Networks contains undocumented backdoor accounts that allow people to remotely log in and access sensitive information, researchers with an Austrian security firm have warned.
The SSH, or secure shell, backdoor is hardcoded into "multiple Barracuda Networks products" and can be used to gain shell access to vulnerable appliances, according to an advisory published Thursday by SEC Consult Vulnerability Lab.
"This functionality is entirely undocumented and can only be disabled via a hidden 'expert options' dialog," the advisory states. The boxes are configured to listen for SSH connections to the backdoor accounts and will accept the username "product" with a "very weak" password to log in and gain access to the device's MySQL database. While the backdoors can be accessed by only a small range of IP addresses, many of them belong to entities other than Barracuda.
"The public ranges include servers run by Barracuda Networks Inc. but also servers from other, unaffiliated entities—all of whom can access SSH on all affected Barracuda Networks appliances exposed to the Internet," the advisory explained.
Barracuda issued several of its own security advisories on Wednesday here. "Our research has confirmed that an attacker with specific internal knowledge of the Barracuda appliances may be able to remotely log in to a non-privileged account on the appliance from a small set of IP addresses," one advisory with a risk rating of "medium" stated. "The vulnerabilities are the result of the default firewall configuration and default user accounts on the unit."
A timestamp and version relevant for the code that enables the backdoor bears a date from 2003, suggesting it may have existed in the Barracuda appliances for a decade. Advisories from SEC Consult and Barracuda also reference a serious authentication bypass bug. In an age of sophisticated advanced persistent threats, administrations who oversee any of this gear should update as soon as possible.
Source: http://ars.to/Y13y2T
Don't upload your important passwords to GitHub
The same goes for private SSH keys and other sensitive credentials.
It's akin to warning someone not to brush her teeth with a brick or to dry her hair with a blow torch, but based on numerous links circulating on Twitter Thursday morning, it bears saying: don't post sensitive account credentials to GitHub, or any other code repository.
On Thursday morning, the microblogging site was awash with messages linking to passwords and private cryptographic keys that are publicly accessible. Searches like this, this, and this turned up dozens of accounts that appeared to be exposing credentials that should never be made public. (Just minutes before Ars published this post, the searches stopped working, most likely as a result of GitHub admins who were trying to save users from their own carelessness. Many of the same GitHub accounts could still be located using Google, however.) Assuming they're still being used to log in to valid accounts, their exposure compromises the entire security that users attempted to establish when they generated the keys in the first place.
Ars won't be calling out individual accounts, although one GitHub offender appeared to reveal a password for an account on Chromium.org, the repository that stores the source code for Google's open-source browser. An eagle-eyed security researcher reported finding "an ssh password to a production server of a major, MAJOR website in China." Another tweet showed what appeared to be a sensitive GitHub authentication token used by a prominent front end developer for Bitly. In the wrong hands, a valid token could help miscreants redirect millions of people to malicious sites.
And it's not just GitHub users who appear to be loose-lipped, at least judging from links such as this one.
The practice of stashing sensitive log-in credentials in publicly accessible code repositories isn't exactly new, so it's unclear why it's only now receiving so much attention. It has touched off a major debate about whether GitHub bears any responsibility, with some arguing the fault lies solely with users and others saying GitHub has a duty to prevent misuse of its site.
Whatever view prevails, the tweets should come as a stern rebuke and a graphic demonstration that the practice is an extreme faux pas. Transgressors should reset or regenerate any compromised passwords or keys and purge the old ones right away. As in now.
Source: http://ars.to/10UNpl5
Cisco to sell Linksys to Belkin, will exit home networking market
After 10 years of owning Linksys, Cisco will get rid of home router business.
Belkin has struck a deal to buy Linksys from Cisco, bringing Cisco's 10-year dalliance with the consumer networking market closer to an end.
Cisco's Linksys division sells routers and wireless access points to consumers, which is in line with Cisco's overall focus on networking gear but diverges from the company's core focus on selling to big businesses rather than home users. Cisco has been gradually stepping out of the consumer business—for example, by killing off the Flip camera line and Umi home videoconferencing.
Cisco recently engaged Barclays to help sell off the home networking division. Belkin's purchase of Linksys is expected to close in March 2013, but the companies did not reveal the purchase price. Cisco bought Linksys in 2003 for $500 million.
Existing customers don't have to worry about whether their Linksys products will continue to be supported, Belkin said in its announcement. "Belkin intends to maintain the Linksys brand and will offer support for Linksys products as part of this transaction," Belkin said. "All valid warranties will be honored by Belkin for current and future Linksys products. After the transaction closes, Belkin will account for approximately 30 percent of the US retail home and small business networking market."
Belkin's existing business includes wireless and wired networking products as well as an assortment of device cases, mobile accessories, cables, and audio and video products.
Cisco's stewardship of Linksys annoyed some users (including me) last year when certain routers were automatically linked to a cloud-based management service that was less functional than the traditional, local router management interface. (Cisco backpedaled after an uproar.)
Belkin said it will expand Linksys's market presence, hinting that Linksys products will somehow be linked to or sold alongside Belkin's WeMo home automation platform. Besides home users, Belkin wants to use Linksys to target service providers and small businesses.
While no purchase price was announced today, Bloomberg reported last month that Linksys is "likely to fetch much less than the $500 million Cisco paid for it in 2003 because it is a mature consumer business with low margins."
Although Cisco is selling Linksys to Belkin, it will maintain some ties to the business as part of a cross-marketing deal. "Belkin and Cisco intend to develop a strategic relationship on a variety of initiatives including retail distribution, strategic marketing and products for the service provider market," Belkin's announcement said. "Having access to Cisco’s specialized software solutions across all of Belkin’s product lines will bring a more seamless user experience for customers."
Source: http://ars.to/14f9Ter
Three charged in Gozi Trojan bank raids
NASA computers among 1 million machines infected by malware used to steal from bank accounts.
United States prosecutors accused three people of creating and distributing a virulent malware which has infected more than a million computers around the world including those operated by the U.S. National Aeronautic Space Administration.
Nikita Kuzmin, 25, or Russia, Deniss Colovski, 27, of Latvia and Mihaj Ionut Paunescu, 28 of Romania, were behind a long-running scam which involved the creation and distribution of the so-called Gozi Trojan that helped cyber criminals siphon millions of dollars from bank accounts from the U.S., Europe and other countries, according to an indictment unsealed on Wednesday.
Alleged mastermind Kuzmin, was arrested in the U.S. back in November 2010 and pled guilty to a number of computer hacking and fraud charges in 2011. Calovski is alleged to have helped in programing Gozi. He was arrested in Latvia in November 2012. Paunescu, is alleged to have provided the hosting service that enabled Kuzmin and other cyber criminals to distribute Gozi and other malware. He was arrested in Romania in December 2012.
U.S. prosecutors are seeking the extradition of Paunescu and Calovski.
Source: http://bit.ly/V9ZfzK
United States prosecutors accused three people of creating and distributing a virulent malware which has infected more than a million computers around the world including those operated by the U.S. National Aeronautic Space Administration.
Nikita Kuzmin, 25, or Russia, Deniss Colovski, 27, of Latvia and Mihaj Ionut Paunescu, 28 of Romania, were behind a long-running scam which involved the creation and distribution of the so-called Gozi Trojan that helped cyber criminals siphon millions of dollars from bank accounts from the U.S., Europe and other countries, according to an indictment unsealed on Wednesday.
Alleged mastermind Kuzmin, was arrested in the U.S. back in November 2010 and pled guilty to a number of computer hacking and fraud charges in 2011. Calovski is alleged to have helped in programing Gozi. He was arrested in Latvia in November 2012. Paunescu, is alleged to have provided the hosting service that enabled Kuzmin and other cyber criminals to distribute Gozi and other malware. He was arrested in Romania in December 2012.
U.S. prosecutors are seeking the extradition of Paunescu and Calovski.
Source: http://bit.ly/V9ZfzK
Tuesday, January 15, 2013
You know flash is king when disk giant Seagate grows its SSD line
Plus: Might elbow its way into PCIe server flash card market.
Seagate is going to expand its solid state drive (SSD) line this year using co-developed Samsung controller technology and introducing its first multi-level cell drive.
Seagate and Samsung have a flash chip supply and controller partnership. Stifel Nicolaus analyst Aaron Rakers has talked to Seagate execs and gleaned that:
Seagate ... will have a refreshed line-up of SATA and SAS solid state drives, based on the co-development work with Samsung on controller technology, in 2013. Additionally, our conversations suggested that the company also plans to launch its first MLC-based PCIe SSDs in 2013.
Seagate currently ships its fast single level cell (SLC) Pulsar XT and Pulsar.2 MLC SSDs. Its recent flash activity includes investing in controller company DensBits, whose technology makes slow, shorter-life TLC (3-bits per cell) flash work for longer.
Just over a year ago, Seagate bought Samsung's disk drive business as part of its reaction to Western Digital buying Hitachi GST and leap-frogging Seagate into the disk drive market revenue leadership. Both Seagate and Western Digital appear to realise that the performance data access market is moving away from fast spinning hard drives into a high-end pure-flash market and a mid-range/low-end hybrid solid state hard drive (SSHD) market. Flash is where the strongest growth prospects are - for both Seagate and WD. Of course, just last year, Seagate was singing a different tune.
A move into the PCIe flash card for servers space from Seagate would be logical. We note Samsung has invested in PCIe server flash card market leader Fusion-io, which will make its relationship with Seagate interesting. The PCIe flash card product space is pretty crowded and the entry of Seagate would not be welcomed by other suppliers.
Source: http://www.theregister.co.uk/2013/01/14/seagate_samsung_pcie/
Subscribe to:
Posts (Atom)