MasterCard has announced that it will be rolling out new credit and debit cards with integrated display screens, in an attempt to further prevent bank fraud.  The cards, developed by NagraID Security, resemble their regular counterparts, but – when an integrated button is pressed – display a one-time passcode that can be used to authorize online and phone transactions.

Here are all the details.

*** The bad things you don’t know about such proxies ***
Unfortunately the other site of the coin looks much worse:

• You don’t know who run these proxies
• You don’t know if these proxies are secure and clean from any malware and drive-bys
• You don’t know the intentions of the persons who runs these proxies (maybe they have mean ill?)

But you have must be aware of one fact: Those proxies aren’t anonymous! Web Proxy scripts like Glype&Co have a free configurable option wheter the administrator of the (glype-) proxy wants to log the requests which are passing his proxy or not. And you can be sure that the most Glype administrators will do.

Go have a read here.

Enterprises can easily scan for infections and remove them. The Aurora inoculation shot is digitally signed by HBGary, Inc., and utilizes existing Windows management API’s to identify infected machines. No files are copies over the network, the scan and optional removal is completely remote. WMI must be enabled in your Enterprise for inoculation shot to work. Command line instructions are as follows:

To scan a single machine:
InoculateAurora.exe -scan 192.168.0.1
InoculateAurora.exe -scan MYBOXNAME

To scan multiple machines:
InoculateAurora.exe -range 192.168.0.1 192.168.0.254

To automatically attempt a clean operation:
InoculateAurora.exe -range 192.168.0.1 192.168.0.254 -clean

To scan a list of machines in a .txt file:
InoculateAurora.exe -list targets.txt

What are you waiting for? Go get it here.

There are indications that the system crashes and the dreaded blue screen of death (BSoD) that many Microsoft Windows users reported suffering after installing this week’s batch of security updates may be caused at least in part by malware infestations on the affected machines.

Patrick W. Barnes, a systems administrator at Cat-man-du, a technology services firm in Amarillo, Texas, said at least three different customers came into his shop with the same blue screen of death after installing Tuesday’s patches on their systems. Barnes said that on closer inspection, he found that each had been previously infected with a rootkit, a set of tools sometimes installed by malware that are designed to hide the presence of the infection on the host system.

For all of Brian Krebs’ good article on this matter, check here.

Unless you have been living under a rock for the past few days, you probably have heard about some big changes Google has made regarding an attack on its infrastructure. Here is what we know:

• First, the Who and What: Google detected a coordinated attempt by Chinese entities to compromise the accounts of Chinese dissidents. David Drummond, Google’s chief counsel, said, “A primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists.” According to George Kurtz at McAfee, the attacks were part of a large-scale, well-organized operation called Aurora. As a result, Google has stopped censoring its search results in China, and has considered pulling out of the country entirely.
• Second, the How: as this story has played out, a second wave of stories emerged about the attack vectors. Microsoft has released a bulletin stating that a zero-day exploit in Internet Explorer 6 and higher was the attack vector. McAfee’s George Kurtz confirms that IE 7 and 8 vulnerabilities were used. iDefense speculated that PDF-phishing may have been a vector too. But it has not been shown definitively to be an attack vector yet.
• Third, the attacks were not just about dissidents. The attacks appeared to be part of a coordinated campaign that targeted the intellectual property of a wide swath of the US industrial base, including Dow Chemical, Symantec, Yahoo!, Northrop Grumman, and Juniper Networks.

Fourth, many affected parties are collaborating on the investigation and post-mortem analysis. Google, Adobe, Microsoft, McAfee, and others are all sharing information about the attack. No doubt the FBI and agencies are in the mix, too.

You can read the entire article here.

An e-mail exchange with Kay Kinton, a spokesperson for Amazon, on the subject of Amazon and its recent run-in with the Zeus botnet controller, raised two very interesting and valid points. First, there is a fine balance that must be maintained by providers – cloud or traditional hosting – regarding the privacy of applications and data deployed by customers and monitoring/security. Second, Kay points out that it’s easier in the EC2 environment, at least, to disable botnets once they are discovered.

The second point is one that appears on the surface to be true but I’m not entirely convinced. A cloud provider has complete control over its environment (even if you don’t, making this somewhat of a double-edged sword) and thus they can act immediately to terminate the offending application. True. But in any environment in which you have physical or management network access to an offending application/system it should be easy to terminate an offending application. Perhaps more important about this point is that a cloud computing provider can prevent the launch of another offending application, but again – I’m not sure it’s any easier or more difficult in a cloud computing environment than it would be in a traditional hosting or data center environment.

Now the first point is a bit more subtle and definitely deserves some attention as it potentially pits one customer’s privacy against one (or more) other customers’ security and raises some interesting questions regarding how deeply in the sand such a line should be drawn in a cloud computing environment.

The entire article is here

Once a hapless attachment-clicker has opened the infected payload, such as the latest “xmas2.exe” or an infected website, code is injected into the victim’s system processes and then connects to the cloud to download it’s configuration (config.bin).

Read all the gory details here.

When you go into security consulting engagements with a new business
unit you usually face a few questions from the developers and business
owners. “What is it exactly that you’re going to tell us?”

We always answer this the same way: “Things that will surprise you.”

Most developers have read a lot about security these days – they
understand SQL Injection, Cross Site Scripting, access control, not to
use their own cryptographics, and all sorts of other security truisms.

What they can’t possibly understand is how a hacker’s mind works, and
what they’re likely to find. Even security specialists who have only
worked defence often have never really seen a hacker go.

Largely I think this is because there’s a difference between someone
playing cards with chips and someone with their house and life on the
line. People say penetration testing is a model of an attacker. But how
do you model obsession?

- -dave

I totally agree. We can use the same tools, adopt the same techniques, but the mind of an intruder may be so completely alien to any defender that the yawning gulf of difference in mindsets that separates us prevents comprehension and hinders our efforts to combat them.